protected function verify_nonce() { $nonce = $this->request->query('_wpnonce'); if (!Social::wp39_verify_nonce($nonce, $this->request->action())) { Social::log('NONCE Failure', array(), null, true); wp_die('Oops, please try again.'); } }
/** * Handles the authorized response. * * @return void */ public function action_authorized() { // User ID on the request? Must be set before nonce comparison $user_id = stripslashes($this->request->query('user_id')); if ($user_id !== null) { wp_set_current_user($user_id); } $nonce = stripslashes($this->request->post('id')); $salt = stripslashes($this->request->query('salt')); if (Social::wp39_verify_nonce($nonce, $this->auth_nonce_key($salt)) === false) { Social::log('Failed to verify authentication nonce.'); echo json_encode(array('result' => 'error', 'message' => 'Invalid nonce')); exit; } Social::log('Authorizing with nonce :nonce.', array('nonce' => $nonce)); $response = stripslashes_deep($this->request->post('response')); $account = (object) array('keys' => (object) $response['keys'], 'user' => (object) $response['user']); $account->user = $this->social->kses($account->user); $class = 'Social_Service_' . $response['service'] . '_Account'; $account = new $class($account); $service = $this->social->service($response['service'])->account($account); $is_personal = false; $is_admin = $this->request->query('is_admin'); if ($is_admin == 'true') { $user_id = get_current_user_id(); $personal = $this->request->query('personal'); if ($personal === 'true') { $is_personal = true; $account->personal(true); } else { $account->universal(true); } $use_pages = $this->request->query('use_pages'); if ($use_pages == 'true') { $account->use_pages($is_personal, true); } } else { $user_id = $service->create_user($account, $nonce); $account->personal(true); $is_personal = true; // Store avatar update_user_meta($user_id, 'social_avatar', $account->avatar()); update_user_meta($user_id, 'show_admin_bar_front', 'false'); } if ($user_id !== false) { Social::log('Saving account #:id.', array('id' => $account->id())); $service->save($is_personal); // Remove the service from the errors? $deauthed = get_option('social_deauthed'); if (isset($deauthed[$response['service']][$account->id()])) { unset($deauthed[$response['service']][$account->id()]); update_option('social_deauthed', $deauthed); // Remove from the global broadcast content as well. $this->social->remove_from_default_accounts($response['service'], $account->id()); } // 2.0 Upgrade if ($response['service'] == 'facebook') { delete_user_meta(get_current_user_id(), 'social_2.0_upgrade'); } echo json_encode(array('result' => 'success', 'message' => 'User created')); } else { echo json_encode(array('result' => 'error', 'message' => 'Failed to create user')); } exit; }