Example #1
0
/**
 * Check for valid user via login form or stored cookie. Returns true or an error message
 *
 */
function yourls_is_valid_user()
{
    // Allow plugins to short-circuit the whole function
    $pre = yourls_apply_filter('shunt_is_valid_user', null);
    if (null !== $pre) {
        return $pre;
    }
    // $unfiltered_valid : are credentials valid? Boolean value. It's "unfiltered" to allow plugins to eventually filter it.
    $unfiltered_valid = false;
    // Logout request
    if (isset($_GET['action']) && $_GET['action'] == 'logout') {
        yourls_do_action('logout');
        yourls_store_cookie(null);
        return yourls__('Logged out successfully');
    }
    // Check cookies or login request. Login form has precedence.
    yourls_do_action('pre_login');
    // Determine auth method and check credentials
    if (yourls_is_API() && isset($_REQUEST['timestamp']) && !empty($_REQUEST['timestamp']) && isset($_REQUEST['signature']) && !empty($_REQUEST['signature'])) {
        yourls_do_action('pre_login_signature_timestamp');
        $unfiltered_valid = yourls_check_signature_timestamp();
    } elseif (yourls_is_API() && !isset($_REQUEST['timestamp']) && isset($_REQUEST['signature']) && !empty($_REQUEST['signature'])) {
        yourls_do_action('pre_login_signature');
        $unfiltered_valid = yourls_check_signature();
    } elseif (isset($_REQUEST['username']) && isset($_REQUEST['password']) && !empty($_REQUEST['username']) && !empty($_REQUEST['password'])) {
        yourls_do_action('pre_login_username_password');
        $unfiltered_valid = yourls_check_username_password();
    } elseif (!yourls_is_API() && isset($_COOKIE[yourls_cookie_name()])) {
        yourls_do_action('pre_login_cookie');
        $unfiltered_valid = yourls_check_auth_cookie();
    }
    // Regardless of validity, allow plugins to filter the boolean and have final word
    $valid = yourls_apply_filter('is_valid_user', $unfiltered_valid);
    // Login for the win!
    if ($valid) {
        yourls_do_action('login');
        // (Re)store encrypted cookie if needed
        if (!yourls_is_API()) {
            yourls_store_cookie(YOURLS_USER);
            // Login form : redirect to requested URL to avoid re-submitting the login form on page reload
            if (isset($_REQUEST['username']) && isset($_REQUEST['password']) && isset($_SERVER['REQUEST_URI'])) {
                $url = $_SERVER['REQUEST_URI'];
                yourls_redirect($url);
            }
        }
        // Login successful
        return true;
    }
    // Login failed
    yourls_do_action('login_failed');
    if (isset($_REQUEST['username']) || isset($_REQUEST['password'])) {
        return yourls__('Invalid username or password');
    } else {
        return yourls__('Please log in');
    }
}
Example #2
0
/**
 * Check for valid user. Returns true or an error message
 *
 */
function yourls_is_valid_user()
{
    static $valid = false;
    if ($valid) {
        return true;
    }
    $unfiltered_valid = false;
    // Logout request
    if (isset($_GET['action']) && $_GET['action'] == 'logout') {
        yourls_do_action('logout');
        yourls_store_cookie(null);
        return yourls__('Logged out successfully');
    }
    // Check cookies or login request. Login form has precedence.
    global $yourls_user_passwords;
    yourls_do_action('pre_login');
    // Determine auth method and check credentials
    if (yourls_is_API() && isset($_REQUEST['timestamp']) && !empty($_REQUEST['timestamp']) && isset($_REQUEST['signature']) && !empty($_REQUEST['signature'])) {
        yourls_do_action('pre_login_signature_timestamp');
        $unfiltered_valid = yourls_check_signature_timestamp();
    } elseif (yourls_is_API() && !isset($_REQUEST['timestamp']) && isset($_REQUEST['signature']) && !empty($_REQUEST['signature'])) {
        yourls_do_action('pre_login_signature');
        $unfiltered_valid = yourls_check_signature();
    } elseif (isset($_REQUEST['username']) && isset($_REQUEST['password']) && !empty($_REQUEST['username']) && !empty($_REQUEST['password'])) {
        yourls_do_action('pre_login_username_password');
        $unfiltered_valid = yourls_check_username_password();
    } elseif (!yourls_is_API() && isset($_COOKIE['yourls_username']) && isset($_COOKIE['yourls_password'])) {
        yourls_do_action('pre_login_cookie');
        $unfiltered_valid = yourls_check_auth_cookie();
    }
    $valid = yourls_apply_filter('is_valid_user', $unfiltered_valid);
    // Login for the win!
    if ($valid) {
        yourls_do_action('login');
        // (Re)store encrypted cookie if needed and tell it's ok
        if (!yourls_is_API() && $unfiltered_valid) {
            yourls_store_cookie(YOURLS_USER);
        }
        return true;
    }
    // Login failed
    yourls_do_action('login_failed');
    if (isset($_REQUEST['username']) || isset($_REQUEST['password'])) {
        return yourls__('Invalid username or password');
    } else {
        return yourls__('Please log in');
    }
}
Example #3
0
function yourls_is_valid_user()
{
    static $valid = false;
    if ($valid) {
        return true;
    }
    // Logout request
    if (isset($_GET['mode']) && $_GET['mode'] == 'logout') {
        yourls_store_cookie(null);
        return 'Logged out successfully';
    }
    // Check cookies or login request. Login form has precedence.
    global $yourls_user_passwords;
    // In the future maybe I'll implement nonces like in WP. Will be something like
    // ?nonce=fn(login,pwd,action)
    // Determine auth method and check credentials
    if (yourls_is_API() && isset($_REQUEST['timestamp']) && !empty($_REQUEST['timestamp']) && isset($_REQUEST['signature']) && !empty($_REQUEST['signature'])) {
        $valid = yourls_check_signature_timestamp();
    } elseif (yourls_is_API() && !isset($_REQUEST['timestamp']) && isset($_REQUEST['signature']) && !empty($_REQUEST['signature'])) {
        $valid = yourls_check_signature();
    } elseif (isset($_REQUEST['username']) && isset($_REQUEST['password']) && !empty($_REQUEST['username']) && !empty($_REQUEST['password'])) {
        $valid = yourls_check_username_password();
    } elseif (!yourls_is_API() && isset($_COOKIE['yourls_username']) && isset($_COOKIE['yourls_password'])) {
        $valid = yourls_check_auth_cookie();
    }
    // Login for the win!
    if ($valid) {
        // (Re)store encrypted cookie and tell it's ok
        if (!yourls_is_API()) {
            // No need to store a cookie when used in API mode.
            yourls_store_cookie(YOURLS_USER);
        }
        return true;
    }
    // Login failed
    if (isset($_REQUEST['username']) || isset($_REQUEST['password'])) {
        return 'Invalid username or password';
    } else {
        return 'Please log in';
    }
}