/**
 * Process one time login
 *
 * @since  1.0.0
 *
 * @return void
 */
function otl_authenticate_one_time_login()
{
    // No need to run if not a singular query for the one time login
    if (!is_single()) {
        return;
    }
    // No need to run if not a onetimelogin post
    global $post;
    if ('onetimelogin' !== $post->post_type) {
        return;
    }
    $user_id = get_post_meta(get_the_ID(), 'otl_user', true);
    $valid_user = get_userdata($user_id) ? true : false;
    $login_uses = get_post_meta(get_the_ID(), 'otl_times_used', true);
    // If the one time login is unused and the user is valid, log in
    if ('0' === $login_uses && $valid_user) {
        // Log in
        wp_clear_auth_cookie();
        wp_set_current_user($user_id);
        wp_set_auth_cookie($user_id);
        // Update some meta for logging and to prevent multiple uses
        update_post_meta(get_the_ID(), 'otl_times_used', '1');
        update_post_meta(get_the_ID(), 'otl_datetime_used', current_time('mysql'));
        // Redirect to wp-admin
        wp_safe_redirect(user_admin_url());
        exit;
    } else {
        wp_redirect(home_url());
        exit;
    }
    return;
}
Example #2
0
function cps_ban_check()
{
    if (!is_user_logged_in()) {
        return;
    }
    global $current_user;
    if (is_multisite()) {
        if (empty($current_user->roles)) {
            load_template(dirname(__FILE__) . '/wp_ban_cps_ms_alert.php');
        }
        foreach ($current_user->roles as $role) {
            if ($role == 'banned') {
                load_template(dirname(__FILE__) . '/wp_ban_cps_ms_alert.php');
            }
        }
    } else {
        foreach ($current_user->roles as $role) {
            if ($role == 'banned') {
                wp_clear_auth_cookie();
                do_action('wp_logout');
                wp_redirect(home_url());
                exit;
            }
        }
    }
}
Example #3
0
 function synlogout($get, $post)
 {
     !API_SYNLOGOUT && exit(API_RETURN_FORBIDDEN);
     header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
     wp_clear_auth_cookie();
     exit(API_RETURN_SUCCEED);
 }
Example #4
0
 /**
  * Redirects to homepage if awaymode is active
  *
  **/
 function awaycheck()
 {
     global $bwps;
     if ($bwps->checkaway()) {
         wp_redirect(get_option('siteurl'));
         wp_clear_auth_cookie();
     }
 }
 public function logout(StatTracker $app)
 {
     wp_clear_auth_cookie();
     $app['session']->set("agent", null);
     session_destroy();
     $response = new stdClass();
     $response->status = "logged_out";
     $this->logger->info(sprintf("%s logged out", $agent->name));
     return $response;
 }
 function logout_idle_user()
 {
     if (is_user_logged_in()) {
         do_action('uil_before_logout', get_current_user_id());
     }
     delete_user_meta(get_current_user_id(), 'last_active_time');
     wp_clear_auth_cookie();
     do_action('uil_after_logout');
     die('true');
 }
Example #7
0
 /**
  * Execute away mode functionality
  *
  * @return void
  */
 public function run_active_check()
 {
     global $itsec_logger;
     //execute lockout if applicable
     if (self::is_active()) {
         $itsec_logger->log_event('away_mode', 5, array(__('A host was prevented from accessing the dashboard due to away-mode restrictions being in effect', 'better-wp-security')), ITSEC_Lib::get_ip(), '', '', '', '');
         wp_redirect(get_option('siteurl'));
         wp_clear_auth_cookie();
         die;
     }
 }
Example #8
0
 /**
  * Login existing WP user.
  *
  * @param $wp_user
  */
 public function login($wp_user)
 {
     // Login procedure.
     wp_clear_auth_cookie();
     wp_set_current_user($wp_user->ID);
     wp_set_auth_cookie($wp_user->ID);
     // Hook for changing WP user metadata from Gigya's user.
     do_action('gigya_after_social_login', $this->gigya_user, $wp_user);
     // Do others login Implementations.
     do_action('wp_login', $wp_user->data->user_login, $wp_user);
 }
Example #9
0
function login($login, $password)
{
    wp_clear_auth_cookie();
    $creds = array();
    $creds['user_login'] = $login;
    $creds['user_password'] = $password;
    $creds['remember'] = false;
    $user = wp_signon($creds, false);
    if (is_wp_error($user)) {
        die("Invalid user name or password");
    }
}
Example #10
0
 /**
  * Login existing WP user.
  *
  * @param $wp_user
  */
 public function login($wp_user)
 {
     // Login procedure.
     wp_clear_auth_cookie();
     wp_set_current_user($wp_user->ID);
     wp_set_auth_cookie($wp_user->ID);
     _gigya_add_to_wp_user_meta($this->gigya_account['profile'], $wp_user->ID);
     // Hook for changing WP user metadata from Gigya's user.
     do_action('gigya_after_raas_login', $this->gigya_account, $wp_user);
     // Do other login Implementations.
     do_action('wp_login', $wp_user->data->user_login, $wp_user);
 }
Example #11
0
 static function log_user($user_id)
 {
     $user = get_user_by('id', $user_id);
     // Redirect URL //
     if (!is_wp_error($user)) {
         wp_clear_auth_cookie();
         wp_set_current_user($user->ID);
         wp_set_auth_cookie($user->ID);
         return TRUE;
     }
     return FALSE;
 }
 public function user_login()
 {
     $response = array('redirect' => false, 'request' => $_POST);
     //Check for empty fields
     if (empty($_POST['email']) || empty($_POST['pwd'])) {
         //create new error object and add errors to it.
         $error = new WP_Error();
         if (empty($email)) {
             //No email
             $error->add('empty_username', __('<strong>ERROR</strong>: Email field is empty.'));
         } else {
             if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
                 //Invalid Email
                 $error->add('invalid_username', __('<strong>ERROR</strong>: Email is invalid.'));
             }
         }
         if (empty($meta['password'])) {
             //No password
             $error->add('empty_password', __('<strong>ERROR</strong>: Password field is empty.'));
         }
         $response['errors'] = $error;
     }
     if (empty($response['errors'])) {
         $email = $_POST['email'];
         $meta['password'] = $_POST['pwd'];
         //Check if user exists in WordPress database
         $user = get_user_by('email', $email);
         //bad email
         if (!$user) {
             $error = new WP_Error();
             $error->add('invalid', __('<strong>ERROR</strong>: Either the email or password you entered is invalid.'));
             $response['errors'] = $error;
         } else {
             //check password
             if (!wp_check_password($meta['password'], $user->user_pass, $user->ID)) {
                 //bad password
                 $error = new WP_Error();
                 $error->add('invalid', __('<strong>ERROR</strong>: Either the email or password you entered is invalid.'));
                 $response['errors'] = $error;
             } else {
                 wp_clear_auth_cookie();
                 wp_set_current_user($user->ID);
                 wp_set_auth_cookie($user->ID);
                 $response['redirect'] = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : home_url();
                 $response['user'] = $user;
             }
         }
     }
     echo json_encode($response);
     exit;
 }
Example #13
0
function pc_wp_user_login($user_login, $user)
{
    global $wpdb;
    global $pc_wp_user;
    // do not execute if is a pvtcontent login
    if (!isset($GLOBALS['pc_wps_standard_login'])) {
        $user_data = $pc_wp_user->wp_user_is_linked($user->ID);
        if ($user_data) {
            // PC-FILTER - custom login control for custom checks - passes false and user id - return message to abort login otherwise false
            $custom_check = apply_filters('pc_login_custom_check', false, $user_data->id);
            // check status
            if ((int) $user_data->status !== 1 || $custom_check !== false) {
                // Clear cookies -> log user out
                wp_clear_auth_cookie();
                $error_param = $custom_check !== false ? $custom_check : $user_data->status;
                // redirect adding disabling parameter - for pc_wp_user_login_message() function
                $login_url = site_url('wp-login.php', 'login');
                $login_url = add_query_arg('pc_disabled', $error_param, $login_url);
                wp_redirect($login_url);
                exit;
            } else {
                include_once PC_DIR . '/functions.php';
                //// login in pvtContent
                // setup user session, cookie and global
                $_SESSION['pc_user_id'] = $user_data->id;
                $GLOBALS['pc_user_id'] = $user_data->id;
                // set cookie
                $cookie_time = isset($_POST['rememberme']) ? 3600 * 24 * 30 * 6 : 3600 * 6;
                // 6 month or 6 hours
                setcookie('pc_user', $user_data->id . '|||' . $user_data->psw, time() + $cookie_time, '/');
                // update last login date
                $wpdb->update(PC_USERS_TABLE, array('last_access' => current_time('mysql')), array('id' => $user_data->id));
                //// redirect after login
                // check for custom categories redirects
                $custom_cat_redirect = pc_user_cats_login_redirect($user_data->categories);
                if ($custom_cat_redirect) {
                    $redirect_url = $custom_cat_redirect;
                } else {
                    if (get_option('pg_logged_user_redirect')) {
                        $redirect_url = pc_man_redirects('pg_logged_user_redirect');
                    } else {
                        $redirect_url = site_url();
                    }
                }
                wp_redirect($redirect_url);
                exit;
            }
        }
    }
}
function wppb_autologin_after_password_changed()
{
    if (isset($_POST['action']) && $_POST['action'] == 'edit_profile') {
        if (isset($_POST['passw1']) && !empty($_POST['passw1']) && !empty($_POST['form_name'])) {
            /* all the error checking filters are defined in each field file so we need them here */
            if (file_exists(WPPB_PLUGIN_DIR . '/front-end/default-fields/default-fields.php')) {
                require_once WPPB_PLUGIN_DIR . '/front-end/default-fields/default-fields.php';
            }
            if (file_exists(WPPB_PLUGIN_DIR . '/front-end/extra-fields/extra-fields.php')) {
                require_once WPPB_PLUGIN_DIR . '/front-end/extra-fields/extra-fields.php';
            }
            /* we get the form_name through $_POST so we can apply correctly the filter so we generate the correct fields in the current form  */
            $form_fields = apply_filters('wppb_change_form_fields', get_option('wppb_manage_fields'), array('form_type' => 'edit_profile', 'form_fields' => array(), 'form_name' => $_POST['form_name'], 'role' => '', 'ID' => Profile_Builder_Form_Creator::wppb_get_form_id_from_form_name($_POST['form_name'], 'edit_profile')));
            if (!empty($form_fields)) {
                /* check for errors in the form through the filters */
                $output_field_errors = array();
                foreach ($form_fields as $field) {
                    $error_for_field = apply_filters('wppb_check_form_field_' . Wordpress_Creation_Kit_PB::wck_generate_slug($field['field']), '', $field, $_POST, 'edit_profile');
                    if (!empty($error_for_field)) {
                        $output_field_errors[$field['id']] = '<span class="wppb-form-error">' . $error_for_field . '</span>';
                    }
                }
                /* if we have no errors change the password */
                if (empty($output_field_errors)) {
                    $user_id = get_current_user_id();
                    if (!is_multisite() && current_user_can('edit_users') || is_multisite() && current_user_can('manage_network')) {
                        if (isset($_GET['edit_user']) && !empty($_GET['edit_user'])) {
                            $user_id = $_GET['edit_user'];
                        }
                    }
                    if (!isset($_GET['edit_user'])) {
                        wp_clear_auth_cookie();
                        /* set the new password for the user */
                        wp_set_password($_POST['passw1'], $user_id);
                        // Here we calculate the expiration length of the current auth cookie and compare it to the default expiration.
                        // If it's greater than this, then we know the user checked 'Remember Me' when they logged in.
                        $logged_in_cookie = wp_parse_auth_cookie('', 'logged_in');
                        /** This filter is documented in wp-includes/pluggable.php */
                        $default_cookie_life = apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, false);
                        $remember = $logged_in_cookie['expiration'] - time() > $default_cookie_life;
                        wp_set_auth_cookie($user_id, $remember);
                    } else {
                        wp_set_password($_POST['passw1'], $user_id);
                    }
                }
            }
        }
    }
}
 /**
  * Clear the authentication cookies.
  *
  * @param array|string $cookie The current authentication cookie.
  */
 public static function purge_browser_cookie($cookie)
 {
     // Remove the action to prevent recursion with some plugins (notably s2member)
     remove_action(current_action(), array(__CLASS__, __FUNCTION__));
     /*
      * Sometimes the cookie is empty because WordPress uses multiple types of auth cookies.
      * When one of the cookies is empty, we don't want to purge the cookies because other
      * cookies may have us legitimately logged in *and* empty cookies (e.g., unset) aren't
      * doing the cache-busting that prompts us to want to purge.
      */
     if (empty($cookie)) {
         return;
     }
     wp_clear_auth_cookie();
 }
Example #16
0
function ihc_do_logout($current_url)
{
    $url = get_option('ihc_general_logout_redirect');
    if ($url && $url != -1) {
        $link = get_permalink($url);
    } else {
        //redirect to same page
        global $wp;
        $link = remove_query_arg('ihcaction', $current_url);
    }
    wp_clear_auth_cookie();
    do_action('wp_logout');
    nocache_headers();
    wp_redirect($link);
    exit;
}
Example #17
0
 function admin_init()
 {
     global $current_user;
     $reset_wp = isset($_POST['reset_wp']) && $_POST['reset_wp'] == 'true' ? true : false;
     $reset_wp_confirm = isset($_POST['reset_wp_confirm']) && $_POST['reset_wp_confirm'] == 'reset-wp' ? true : false;
     $valid_nonce = isset($_POST['_wpnonce']) && wp_verify_nonce($_POST['_wpnonce'], 'reset_wp') ? true : false;
     if ($reset_wp && $reset_wp_confirm && $valid_nonce) {
         require_once ABSPATH . '/wp-admin/includes/upgrade.php';
         $blogname = get_option('blogname');
         $admin_email = get_option('admin_email');
         $blog_public = get_option('blog_public');
         if ($current_user->user_login != 'admin') {
             $user = get_user_by('login', 'admin');
         }
         if (empty($user->user_level) || $user->user_level < 10) {
             $user = $current_user;
         }
         global $wpdb;
         $prefix = str_replace('_', '\\_', $wpdb->prefix);
         $tables = $wpdb->get_col("SHOW TABLES LIKE '{$prefix}%'");
         foreach ($tables as $table) {
             $wpdb->query("DROP TABLE {$table}");
         }
         $result = wp_install($blogname, $user->user_login, $user->user_email, $blog_public);
         extract($result, EXTR_SKIP);
         $query = $wpdb->prepare("UPDATE {$wpdb->users} SET user_pass = '******', user_activation_key = '' WHERE ID =  '" . $user_id . "' ");
         $wpdb->query($query);
         $get_user_meta = function_exists('get_user_meta') ? 'get_user_meta' : 'get_usermeta';
         $update_user_meta = function_exists('update_user_meta') ? 'update_user_meta' : 'update_usermeta';
         if ($get_user_meta($user_id, 'default_password_nag')) {
             $update_user_meta($user_id, 'default_password_nag', false);
         }
         if ($get_user_meta($user_id, $wpdb->prefix . 'default_password_nag')) {
             $update_user_meta($user_id, $wpdb->prefix . 'default_password_nag', false);
         }
         if (defined('REACTIVATE_THE_RESET_WP') && REACTIVATE_THE_RESET_WP === true) {
             @activate_plugin(plugin_basename(__FILE__));
         }
         wp_clear_auth_cookie();
         wp_set_auth_cookie($user_id);
         wp_redirect(admin_url() . "?reset-wp=reset-wp");
         exit;
     }
     if (array_key_exists('reset-wp', $_GET) && stristr($_SERVER['HTTP_REFERER'], 'reset-wp')) {
         add_action('admin_notices', array(&$this, 'admin_notices_successfully_reset'));
     }
 }
Example #18
0
 public function load_session_id()
 {
     global $user, $auth, $phpbb_container, $phpbb_extension_manager;
     $user->session_begin();
     $auth->acl($user->data);
     if (!\wpphpbbu\User::is_user_logged_in()) {
         $userid = \wpphpbbu\User::get_userid();
         // Get user ID
         // $user->setup(false,false);
         if ($userid > 0) {
             wp_clear_auth_cookie();
             $wpuser = wp_set_current_user($userid);
             // Set the current user
             wp_set_auth_cookie($userid, true, false);
         }
     }
     // Return current user session id
     return $user->session_id;
 }
function login()
{
    global $secken, $wpdb;
    if (!empty($_GET['redirect_to']) && $_GET['redirect_to'] === 'yangcong_login' && isset($_POST['uuid'])) {
        $info = $secken->getResult($_POST['uuid']);
        if (!empty($info['uid'])) {
            $author_id = $wpdb->get_var("SELECT user_id FROM {$wpdb->usermeta} WHERE meta_key = 'yangcong_uid' AND meta_value ='{$info['uid']}'");
            if (is_numeric($author_id)) {
                wp_clear_auth_cookie();
                wp_set_auth_cookie($author_id, true, is_ssl());
                wp_set_current_user($author_id);
                message(__('登录成功', 'yangcong'), 1, isset($_POST['redirect_to']) ? $_POST['redirect_to'] : null);
            } else {
                message(__('登录失败', 'yangcong'));
            }
        } else {
            message($secken->getMessage());
        }
    }
}
Example #20
0
 public static function request()
 {
     $nonce = isset($_REQUEST['nonce']) ? $_REQUEST['nonce'] : '';
     if ($nonce && wp_verify_nonce($nonce, 'gatekeeper')) {
         if (is_user_logged_in()) {
             wp_logout();
         }
         $id = (int) $_REQUEST['id'];
         if ($id) {
             $token = $_REQUEST['token'];
             $user_token = get_user_meta($id, 'login_token', true);
             if ($user_token == $token) {
                 wp_clear_auth_cookie();
                 wp_set_current_user($id);
                 wp_set_auth_cookie($id);
                 delete_user_meta($id, 'login_token');
             }
         }
     }
     wp_redirect('/');
     exit(0);
 }
Example #21
0
 public static function ajax()
 {
     $result = [];
     $nonce = isset($_REQUEST['nonce']) ? $_REQUEST['nonce'] : '';
     if ($nonce && wp_verify_nonce($nonce, 'gatekeeper')) {
         if (is_user_logged_in()) {
             wp_logout();
         }
         $user = \get_user_by('email', $_REQUEST['email']);
         if (!$user) {
             $user = \get_user_by('login', $_REQUEST['email']);
         }
         if (!$user) {
             $result['status'] = 'error';
             $result['message'] = __('Sorry! Given credentials are not correct.', 'gatekeeper');
         } else {
             $creds = [];
             $creds['user_login'] = $user->user_login;
             $creds['user_password'] = $_REQUEST['password'];
             $creds['remember'] = isset($_REQUEST['remember']) ? $_REQUEST['remember'] : false;
             $user = wp_signon($creds, false);
             if (is_wp_error($user)) {
                 $result['status'] = 'error';
                 $result['message'] = __('Sorry! Given credentials are not correct.', 'gatekeeper');
             } else {
                 wp_clear_auth_cookie();
                 wp_set_current_user($user->ID);
                 wp_set_auth_cookie($user->ID);
                 $result['status'] = 'success';
                 $result['message'] = __('Welcome! We will now start redirecting you...', 'gatekeeper');
             }
         }
     } else {
         $result['status'] = 'error';
         $result['message'] = __("Security error! Try reload the page and try again! (nonce={$nonce})", 'gatekeeper');
     }
     echo json_encode($result);
     exit(0);
 }
Example #22
0
/**
 * Update a user in the database.
 *
 * It is possible to update a user's password by specifying the 'user_pass'
 * value in the $userdata parameter array.
 *
 * If current user's password is being updated, then the cookies will be
 * cleared.
 *
 * @since 2.0.0
 *
 * @see wp_insert_user() For what fields can be set in $userdata.
 *
 * @param mixed $userdata An array of user data or a user object of type stdClass or WP_User.
 * @return int|WP_Error The updated user's ID or a WP_Error object if the user could not be updated.
 */
function wp_update_user($userdata)
{
    if ($userdata instanceof stdClass) {
        $userdata = get_object_vars($userdata);
    } elseif ($userdata instanceof WP_User) {
        $userdata = $userdata->to_array();
    }
    $ID = isset($userdata['ID']) ? (int) $userdata['ID'] : 0;
    if (!$ID) {
        return new WP_Error('invalid_user_id', __('Invalid user ID.'));
    }
    // First, get all of the original fields
    $user_obj = get_userdata($ID);
    if (!$user_obj) {
        return new WP_Error('invalid_user_id', __('Invalid user ID.'));
    }
    $user = $user_obj->to_array();
    // Add additional custom fields
    foreach (_get_additional_user_keys($user_obj) as $key) {
        $user[$key] = get_user_meta($ID, $key, true);
    }
    // Escape data pulled from DB.
    $user = add_magic_quotes($user);
    if (!empty($userdata['user_pass']) && $userdata['user_pass'] !== $user_obj->user_pass) {
        // If password is changing, hash it now
        $plaintext_pass = $userdata['user_pass'];
        $userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
        /**
         * Filter whether to send the password change email.
         *
         * @since 4.3.0
         *
         * @see wp_insert_user() For `$user` and `$userdata` fields.
         *
         * @param bool  $send     Whether to send the email.
         * @param array $user     The original user array.
         * @param array $userdata The updated user array.
         *
         */
        $send_password_change_email = apply_filters('send_password_change_email', true, $user, $userdata);
    }
    if (isset($userdata['user_email']) && $user['user_email'] !== $userdata['user_email']) {
        /**
         * Filter whether to send the email change email.
         *
         * @since 4.3.0
         *
         * @see wp_insert_user() For `$user` and `$userdata` fields.
         *
         * @param bool  $send     Whether to send the email.
         * @param array $user     The original user array.
         * @param array $userdata The updated user array.
         *
         */
        $send_email_change_email = apply_filters('send_email_change_email', true, $user, $userdata);
    }
    wp_cache_delete($user['user_email'], 'useremail');
    // Merge old and new fields with new fields overwriting old ones.
    $userdata = array_merge($user, $userdata);
    $user_id = wp_insert_user($userdata);
    if (!is_wp_error($user_id)) {
        $blog_name = wp_specialchars_decode(get_option('blogname'));
        if (!empty($send_password_change_email)) {
            /* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */
            $pass_change_text = __('Hi ###USERNAME###,

This notice confirms that your password was changed on ###SITENAME###.

If you did not change your password, please contact the Site Administrator at
###ADMIN_EMAIL###

This email has been sent to ###EMAIL###

Regards,
All at ###SITENAME###
###SITEURL###');
            $pass_change_email = array('to' => $user['user_email'], 'subject' => __('[%s] Notice of Password Change'), 'message' => $pass_change_text, 'headers' => '');
            /**
             * Filter the contents of the email sent when the user's password is changed.
             *
             * @since 4.3.0
             *
             * @param array $pass_change_email {
             *            Used to build wp_mail().
             *            @type string $to      The intended recipients. Add emails in a comma separated string.
             *            @type string $subject The subject of the email.
             *            @type string $message The content of the email.
             *                The following strings have a special meaning and will get replaced dynamically:
             *                - ###USERNAME###    The current user's username.
             *                - ###ADMIN_EMAIL### The admin email in case this was unexpected.
             *                - ###EMAIL###       The old email.
             *                - ###SITENAME###    The name of the site.
             *                - ###SITEURL###     The URL to the site.
             *            @type string $headers Headers. Add headers in a newline (\r\n) separated string.
             *        }
             * @param array $user     The original user array.
             * @param array $userdata The updated user array.
             *
             */
            $pass_change_email = apply_filters('password_change_email', $pass_change_email, $user, $userdata);
            $pass_change_email['message'] = str_replace('###USERNAME###', $user['user_login'], $pass_change_email['message']);
            $pass_change_email['message'] = str_replace('###ADMIN_EMAIL###', get_option('admin_email'), $pass_change_email['message']);
            $pass_change_email['message'] = str_replace('###EMAIL###', $user['user_email'], $pass_change_email['message']);
            $pass_change_email['message'] = str_replace('###SITENAME###', get_option('blogname'), $pass_change_email['message']);
            $pass_change_email['message'] = str_replace('###SITEURL###', home_url(), $pass_change_email['message']);
            wp_mail($pass_change_email['to'], sprintf($pass_change_email['subject'], $blog_name), $pass_change_email['message'], $pass_change_email['headers']);
        }
        if (!empty($send_email_change_email)) {
            /* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */
            $email_change_text = __('Hi ###USERNAME###,

This notice confirms that your email was changed on ###SITENAME###.

If you did not change your email, please contact the Site Administrator at
###ADMIN_EMAIL###

This email has been sent to ###EMAIL###

Regards,
All at ###SITENAME###
###SITEURL###');
            $email_change_email = array('to' => $user['user_email'], 'subject' => __('[%s] Notice of Email Change'), 'message' => $email_change_text, 'headers' => '');
            /**
             * Filter the contents of the email sent when the user's email is changed.
             *
             * @since 4.3.0
             *
             * @param array $email_change_email {
             *            Used to build wp_mail().
             *            @type string $to      The intended recipients.
             *            @type string $subject The subject of the email.
             *            @type string $message The content of the email.
             *                The following strings have a special meaning and will get replaced dynamically:
             *                - ###USERNAME###    The current user's username.
             *                - ###ADMIN_EMAIL### The admin email in case this was unexpected.
             *                - ###EMAIL###       The old email.
             *                - ###SITENAME###    The name of the site.
             *                - ###SITEURL###     The URL to the site.
             *            @type string $headers Headers.
             *        }
             * @param array $user The original user array.
             * @param array $userdata The updated user array.
             */
            $email_change_email = apply_filters('email_change_email', $email_change_email, $user, $userdata);
            $email_change_email['message'] = str_replace('###USERNAME###', $user['user_login'], $email_change_email['message']);
            $email_change_email['message'] = str_replace('###ADMIN_EMAIL###', get_option('admin_email'), $email_change_email['message']);
            $email_change_email['message'] = str_replace('###EMAIL###', $user['user_email'], $email_change_email['message']);
            $email_change_email['message'] = str_replace('###SITENAME###', get_option('blogname'), $email_change_email['message']);
            $email_change_email['message'] = str_replace('###SITEURL###', home_url(), $email_change_email['message']);
            wp_mail($email_change_email['to'], sprintf($email_change_email['subject'], $blog_name), $email_change_email['message'], $email_change_email['headers']);
        }
    }
    // Update the cookies if the password changed.
    $current_user = wp_get_current_user();
    if ($current_user->ID == $ID) {
        if (isset($plaintext_pass)) {
            wp_clear_auth_cookie();
            // Here we calculate the expiration length of the current auth cookie and compare it to the default expiration.
            // If it's greater than this, then we know the user checked 'Remember Me' when they logged in.
            $logged_in_cookie = wp_parse_auth_cookie('', 'logged_in');
            /** This filter is documented in wp-includes/pluggable.php */
            $default_cookie_life = apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $ID, false);
            $remember = $logged_in_cookie['expiration'] - time() > $default_cookie_life;
            wp_set_auth_cookie($ID, $remember);
        }
    }
    return $user_id;
}
Example #23
0
function cerber_stop_cookies($cookie_elements)
{
    if (cerber_check_groove()) {
        return;
    }
    // keep already logged in users
    if (!cerber_is_allowed(cerber_get_ip())) {
        wp_clear_auth_cookie();
    }
}
Example #24
0
            } elseif (strpos($redirect_to, 'about.php?updated')) {
                $errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to see what&#8217;s new.'), 'message');
            }
        }
        /**
         * Filter the login page errors.
         *
         * @since 3.6.0
         *
         * @param object $errors      WP Error object.
         * @param string $redirect_to Redirect destination URL.
         */
        $errors = apply_filters('wp_login_errors', $errors, $redirect_to);
        // Clear any stale cookies.
        if ($reauth) {
            wp_clear_auth_cookie();
        }
        login_header(__('Log In'), '', $errors);
        if (isset($_POST['log'])) {
            $user_login = '******' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ? esc_attr(wp_unslash($_POST['log'])) : '';
        }
        $rememberme = !empty($_POST['rememberme']);
        if (!empty($errors->errors)) {
            $aria_describedby_error = ' aria-describedby="login_error"';
        } else {
            $aria_describedby_error = '';
        }
        ?>

<form name="loginform" id="loginform" action="<?php 
        echo esc_url(wp_login_url());
 /**
  * Proccesses the request
  *
  * Callback for "template_redirect" hook in template-loader.php
  *
  * @since 6.3
  * @access public
  */
 public function template_redirect()
 {
     $this->request_action = isset($_REQUEST['action']) ? sanitize_key($_REQUEST['action']) : '';
     if (!$this->request_action && self::is_tml_page()) {
         $this->request_action = self::get_page_action(get_the_id());
     }
     $this->request_instance = isset($_REQUEST['instance']) ? sanitize_key($_REQUEST['instance']) : 0;
     do_action_ref_array('tml_request', array(&$this));
     // allow plugins to override the default actions, and to add extra actions if they want
     do_action('login_form_' . $this->request_action);
     if (has_action('tml_request_' . $this->request_action)) {
         do_action_ref_array('tml_request_' . $this->request_action, array(&$this));
     } else {
         $http_post = 'POST' == $_SERVER['REQUEST_METHOD'];
         switch ($this->request_action) {
             case 'postpass':
                 if (!array_key_exists('post_password', $_POST)) {
                     wp_safe_redirect(wp_get_referer());
                     exit;
                 }
                 require_once ABSPATH . 'wp-includes/class-phpass.php';
                 $hasher = new PasswordHash(8, true);
                 $expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS);
                 if ($referer) {
                     $secure = 'https' === parse_url($referer, PHP_URL_SCHEME);
                 } else {
                     $secure = false;
                 }
                 setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure);
                 wp_safe_redirect(wp_get_referer());
                 exit;
                 break;
             case 'logout':
                 check_admin_referer('log-out');
                 $user = wp_get_current_user();
                 wp_logout();
                 if (!empty($_REQUEST['redirect_to'])) {
                     $redirect_to = $requested_redirect_to = $_REQUEST['redirect_to'];
                 } else {
                     $redirect_to = site_url('wp-login.php?loggedout=true');
                     $requested_redirect_to = '';
                 }
                 $redirect_to = apply_filters('logout_redirect', $redirect_to, $requested_redirect_to, $user);
                 wp_safe_redirect($redirect_to);
                 exit;
                 break;
             case 'lostpassword':
             case 'retrievepassword':
                 if ($http_post) {
                     $this->errors = self::retrieve_password();
                     if (!is_wp_error($this->errors)) {
                         $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : site_url('wp-login.php?checkemail=confirm');
                         wp_safe_redirect($redirect_to);
                         exit;
                     }
                 }
                 if (isset($_REQUEST['error'])) {
                     if ('invalidkey' == $_REQUEST['error']) {
                         $this->errors->add('invalidkey', __('Your password reset link appears to be invalid. Please request a new link below.', 'theme-my-login'));
                     } elseif ('expiredkey' == $_REQUEST['error']) {
                         $this->errors->add('expiredkey', __('Your password reset link has expired. Please request a new link below.', 'theme-my-login'));
                     }
                 }
                 do_action('lost_password');
                 break;
             case 'resetpass':
             case 'rp':
                 // Dirty hack for now
                 global $rp_login, $rp_key;
                 list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI']));
                 $rp_cookie = 'wp-resetpass-' . COOKIEHASH;
                 if (isset($_GET['key'])) {
                     $value = sprintf('%s:%s', wp_unslash($_GET['login']), wp_unslash($_GET['key']));
                     setcookie($rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
                     wp_safe_redirect(remove_query_arg(array('key', 'login')));
                     exit;
                 }
                 if (isset($_COOKIE[$rp_cookie]) && 0 < strpos($_COOKIE[$rp_cookie], ':')) {
                     list($rp_login, $rp_key) = explode(':', wp_unslash($_COOKIE[$rp_cookie]), 2);
                     $user = check_password_reset_key($rp_key, $rp_login);
                     if (isset($_POST['pass1']) && !hash_equals($rp_key, $_POST['rp_key'])) {
                         $user = false;
                     }
                 } else {
                     $user = false;
                 }
                 if (!$user || is_wp_error($user)) {
                     setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
                     if ($user && $user->get_error_code() === 'expired_key') {
                         wp_redirect(site_url('wp-login.php?action=lostpassword&error=expiredkey'));
                     } else {
                         wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey'));
                     }
                     exit;
                 }
                 if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
                     $this->errors->add('password_reset_mismatch', __('The passwords do not match.', 'theme-my-login'));
                 }
                 do_action('validate_password_reset', $this->errors, $user);
                 if (!$this->errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) {
                     reset_password($user, $_POST['pass1']);
                     setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
                     $redirect_to = site_url('wp-login.php?resetpass=complete');
                     wp_safe_redirect($redirect_to);
                     exit;
                 }
                 wp_enqueue_script('utils');
                 wp_enqueue_script('user-profile');
                 break;
             case 'register':
                 if (!get_option('users_can_register')) {
                     $redirect_to = site_url('wp-login.php?registration=disabled');
                     wp_redirect($redirect_to);
                     exit;
                 }
                 $user_login = '';
                 $user_email = '';
                 if ($http_post) {
                     if ('email' == $this->get_option('login_type')) {
                         $user_login = isset($_POST['user_email']) ? $_POST['user_email'] : '';
                     } else {
                         $user_login = isset($_POST['user_login']) ? $_POST['user_login'] : '';
                     }
                     $user_email = isset($_POST['user_email']) ? $_POST['user_email'] : '';
                     $this->errors = register_new_user($user_login, $user_email);
                     if (!is_wp_error($this->errors)) {
                         $redirect_to = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : site_url('wp-login.php?checkemail=registered');
                         wp_safe_redirect($redirect_to);
                         exit;
                     }
                 }
                 break;
             case 'login':
             default:
                 $secure_cookie = '';
                 $interim_login = isset($_REQUEST['interim-login']);
                 // If the user wants ssl but the session is not ssl, force a secure cookie.
                 if (!empty($_POST['log']) && !force_ssl_admin()) {
                     $user_name = sanitize_user($_POST['log']);
                     if ($user = get_user_by('login', $user_name)) {
                         if (get_user_option('use_ssl', $user->ID)) {
                             $secure_cookie = true;
                             force_ssl_admin(true);
                         }
                     }
                 }
                 if (!empty($_REQUEST['redirect_to'])) {
                     $redirect_to = $_REQUEST['redirect_to'];
                     // Redirect to https if user wants ssl
                     if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
                         $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
                     }
                 } else {
                     $redirect_to = admin_url();
                 }
                 $reauth = empty($_REQUEST['reauth']) ? false : true;
                 if ($http_post && isset($_POST['log'])) {
                     $user = wp_signon('', $secure_cookie);
                     $redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
                     if (!is_wp_error($user) && !$reauth) {
                         if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) {
                             // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
                             if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) {
                                 $redirect_to = user_admin_url();
                             } elseif (is_multisite() && !$user->has_cap('read')) {
                                 $redirect_to = get_dashboard_url($user->ID);
                             } elseif (!$user->has_cap('edit_posts')) {
                                 $redirect_to = $user->has_cap('read') ? admin_url('profile.php') : home_url();
                             }
                         }
                         wp_safe_redirect($redirect_to);
                         exit;
                     }
                     $this->errors = $user;
                 }
                 // Clear errors if loggedout is set.
                 if (!empty($_GET['loggedout']) || $reauth) {
                     $this->errors = new WP_Error();
                 }
                 // Some parts of this script use the main login form to display a message
                 if (isset($_GET['loggedout']) && true == $_GET['loggedout']) {
                     $this->errors->add('loggedout', __('You are now logged out.', 'theme-my-login'), 'message');
                 } elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
                     $this->errors->add('registerdisabled', __('User registration is currently not allowed.', 'theme-my-login'));
                 } elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
                     $this->errors->add('confirm', __('Check your e-mail for the confirmation link.', 'theme-my-login'), 'message');
                 } elseif (isset($_GET['resetpass']) && 'complete' == $_GET['resetpass']) {
                     $this->errors->add('password_reset', __('Your password has been reset.', 'theme-my-login'), 'message');
                 } elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
                     $this->errors->add('registered', __('Registration complete. Please check your e-mail.', 'theme-my-login'), 'message');
                 } elseif ($interim_login) {
                     $this->errors->add('expired', __('Your session has expired. Please log-in again.', 'theme-my-login'), 'message');
                 } elseif (strpos($redirect_to, 'about.php?updated')) {
                     $this->errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.', 'theme-my-login'), 'message');
                 } elseif ($reauth) {
                     $this->errors->add('reauth', __('Please log in to continue.', 'theme-my-login'), 'message');
                 }
                 // Clear any stale cookies.
                 if ($reauth) {
                     wp_clear_auth_cookie();
                 }
                 break;
         }
         // end switch
     }
     // endif has_filter()
 }
Example #26
0
 /**
  * Log the current user out.
  *
  * @since 2.5.0
  */
 function wp_logout()
 {
     wp_destroy_current_session();
     wp_clear_auth_cookie();
     /**
      * Fires after a user is logged-out.
      *
      * @since 1.5.0
      */
     do_action('wp_logout');
 }
 /**
  * Lets the module know that this is a reauthorization
  *
  * @since 4.1
  *
  * @return void
  */
 public function auth_cookie_expired()
 {
     $this->auth_cookie_expired = true;
     wp_clear_auth_cookie();
 }
Example #28
0
/**
 * Update an user in the database.
 *
 * It is possible to update a user's password by specifying the 'user_pass'
 * value in the $userdata parameter array.
 *
 * If $userdata does not contain an 'ID' key, then a new user will be created
 * and the new user's ID will be returned.
 *
 * If current user's password is being updated, then the cookies will be
 * cleared.
 *
 * @since 2.0.0
 * @see wp_insert_user() For what fields can be set in $userdata
 * @uses wp_insert_user() Used to update existing user or add new one if user doesn't exist already
 *
 * @param array $userdata An array of user data.
 * @return int The updated user's ID.
 */
function wp_update_user($userdata)
{
    $ID = (int) $userdata['ID'];
    // First, get all of the original fields
    $user_obj = get_userdata($ID);
    $user = get_object_vars($user_obj->data);
    // Add additional custom fields
    foreach (_get_additional_user_keys($user_obj) as $key) {
        $user[$key] = get_user_meta($ID, $key, true);
    }
    // Escape data pulled from DB.
    $user = add_magic_quotes($user);
    // If password is changing, hash it now.
    if (!empty($userdata['user_pass'])) {
        $plaintext_pass = $userdata['user_pass'];
        $userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
    }
    wp_cache_delete($user['user_email'], 'useremail');
    // Merge old and new fields with new fields overwriting old ones.
    $userdata = array_merge($user, $userdata);
    $user_id = wp_insert_user($userdata);
    // Update the cookies if the password changed.
    $current_user = wp_get_current_user();
    if ($current_user->ID == $ID) {
        if (isset($plaintext_pass)) {
            wp_clear_auth_cookie();
            wp_set_auth_cookie($ID);
        }
    }
    return $user_id;
}
 function wp_logout()
 {
     if (OPENAM_REST_ENABLED and OPENAM_LOGOUT_TOO) {
         $tokenId = $_COOKIE[OPENAM_COOKIE_NAME];
         if (!empty($tokenId) and is_user_logged_in()) {
             do_action('wp_logout');
             $headers = array(OPENAM_COOKIE_NAME => $tokenId, 'Content-Type' => 'application/json');
             $url = OPENAM_BASE_URL . OPENAM_SESSION_URI . "?_action=logout";
             $response = wp_remote_post($url, array('headers' => $headers, 'sslverify' => false));
             openam_debug("wp_logout: RAW RESPONSE LOGOUT: " . print_r($response, TRUE));
             $expiration_date = time() - 60;
             setcookie(OPENAM_COOKIE_NAME, '', $expiration_date, '/', DOMAIN);
         }
     }
     wp_clear_auth_cookie();
     do_action('wp_logout');
 }
Example #30
0
 /**
  * Clears the authentication cookie, logging the user out.
  *
  * @since 1.5
  * @deprecated Use wp_clear_auth_cookie()
  * @see wp_clear_auth_cookie()
  */
 function wp_clearcookie()
 {
     _deprecated_function(__FUNCTION__, '2.5', 'wp_clear_auth_cookie()');
     wp_clear_auth_cookie();
 }