function remote_login_js() { global $current_blog, $current_user, $nxtdb; if (0 == get_site_option('dm_remote_login')) { return false; } $nxtdb->dmtablelogins = $nxtdb->base_prefix . 'domain_mapping_logins'; $hash = get_dm_hash(); if (false == isset($_SERVER['HTTPS'])) { $_SERVER['HTTPS'] = 'Off'; } $protocol = 'on' == strtolower($_SERVER['HTTPS']) ? 'https://' : 'http://'; if ($_GET['dm'] == $hash) { if ($_GET['action'] == 'load') { if (!is_user_logged_in()) { exit; } $key = md5(time() . mt_rand()); $nxtdb->query($nxtdb->prepare("INSERT INTO {$nxtdb->dmtablelogins} ( `id`, `user_id`, `blog_id`, `t` ) VALUES( %s, %d, %d, NOW() )", $key, $current_user->ID, $_GET['blogid'])); $url = add_query_arg(array('action' => 'login', 'dm' => $hash, 'k' => $key, 't' => mt_rand()), $_GET['back']); echo "window.location = '{$url}'"; exit; } elseif ($_GET['action'] == 'login') { if ($details = $nxtdb->get_row($nxtdb->prepare("SELECT * FROM {$nxtdb->dmtablelogins} WHERE id = %s AND blog_id = %d", $_GET['k'], $nxtdb->blogid))) { if ($details->blog_id == $nxtdb->blogid) { $nxtdb->query($nxtdb->prepare("DELETE FROM {$nxtdb->dmtablelogins} WHERE id = %s", $_GET['k'])); $nxtdb->query($nxtdb->prepare("DELETE FROM {$nxtdb->dmtablelogins} WHERE t < %d", time() - 120)); // remote logins survive for only 2 minutes if not used. nxt_set_auth_cookie($details->user_id); nxt_redirect(remove_query_arg(array('dm', 'action', 'k', 't', $protocol . $current_blog->domain . $_SERVER['REQUEST_URI']))); exit; } else { nxt_die(__("Incorrect or out of date login key", 'nxtclass-mu-domain-mapping')); } } else { nxt_die(__("Unknown login key", 'nxtclass-mu-domain-mapping')); } } elseif ($_GET['action'] == 'logout') { if ($details = $nxtdb->get_row($nxtdb->prepare("SELECT * FROM {$nxtdb->dmtablelogins} WHERE id = %d AND blog_id = %d", $_GET['k'], $_GET['blogid']))) { $nxtdb->query($nxtdb->prepare("DELETE FROM {$nxtdb->dmtablelogins} WHERE id = %s", $_GET['k'])); $blog = get_blog_details($_GET['blogid']); nxt_clear_auth_cookie(); nxt_redirect(trailingslashit($blog->siteurl) . "nxt-login.php?loggedout=true"); exit; } else { nxt_die(__("Unknown logout key", 'nxtclass-mu-domain-mapping')); } } } }
/** * Log the current user out. * * @since 2.5.0 */ function nxt_logout() { nxt_clear_auth_cookie(); do_action('nxt_logout'); }
/** * Clears the authentication cookie, logging the user out. This function is deprecated. * * @since 1.5 * @deprecated 2.5 * @deprecated Use nxt_clear_auth_cookie() * @see nxt_clear_auth_cookie() */ function nxt_clearcookie() { _deprecated_function(__FUNCTION__, '2.5', 'nxt_clear_auth_cookie()'); nxt_clear_auth_cookie(); }
/** * Update an user in the database. * * It is possible to update a user's password by specifying the 'user_pass' * value in the $userdata parameter array. * * If $userdata does not contain an 'ID' key, then a new user will be created * and the new user's ID will be returned. * * If current user's password is being updated, then the cookies will be * cleared. * * @since 2.0.0 * @see nxt_insert_user() For what fields can be set in $userdata * @uses nxt_insert_user() Used to update existing user or add new one if user doesn't exist already * * @param array $userdata An array of user data. * @return int The updated user's ID. */ function nxt_update_user($userdata) { $ID = (int) $userdata['ID']; // First, get all of the original fields $user_obj = get_userdata($ID); $user = get_object_vars($user_obj->data); // Add additional custom fields foreach (_get_additional_user_keys($user_obj) as $key) { $user[$key] = get_user_meta($ID, $key, true); } // Escape data pulled from DB. $user = add_magic_quotes($user); // If password is changing, hash it now. if (!empty($userdata['user_pass'])) { $plaintext_pass = $userdata['user_pass']; $userdata['user_pass'] = nxt_hash_password($userdata['user_pass']); } nxt_cache_delete($user['user_email'], 'useremail'); // Merge old and new fields with new fields overwriting old ones. $userdata = array_merge($user, $userdata); $user_id = nxt_insert_user($userdata); // Update the cookies if the password changed. $current_user = nxt_get_current_user(); if ($current_user->ID == $ID) { if (isset($plaintext_pass)) { nxt_clear_auth_cookie(); nxt_set_auth_cookie($ID); } } return $user_id; }