public function isValidAPIUser($params) { if ($this->the_user) { return true; } if (!isset($params['arguments'])) { $this->result->addError(__('Missing `arguments` key', 'woocommerce_json_api'), JSONAPI_EXPECTED_ARGUMENT); return false; } $by_token = true; if (!isset($params['arguments']['token'])) { if (isset($params['arguments']['username']) && isset($params['arguments']['password'])) { $by_token = false; } else { $this->result->addError(__('Missing `token` in `arguments`', 'woocommerce_json_api'), JSONAPI_EXPECTED_ARGUMENT); return false; } } API\Base::setBlogId($GLOBALS['blog_id']); $key = $this->getPluginPrefix() . '_settings'; if (!$by_token) { JSONAPIHelpers::debug("Authentication by username {$params['arguments']['username']}"); $user = wp_authenticate_username_password(null, $params['arguments']['username'], $params['arguments']['password']); if (is_a($user, 'WP_Error')) { foreach ($user->get_error_messages() as $msg) { $this->result->addError($msg, JSONAPI_INTERNAL_ERROR); } return false; } $meta = maybe_unserialize(get_user_meta($user->ID, $key, true)); $this->result->setToken($meta['token']); $this->logUserIn($user); return true; } JSONAPIHelpers::debug("Authentication by Token"); $args = array('blog_id' => $GLOBALS['blog_id'], 'meta_key' => $key); $users = get_users($args); foreach ($users as $user) { $meta = maybe_unserialize(get_user_meta($user->ID, $key, true)); if (isset($meta['token']) && $params['arguments']['token'] == $meta['token']) { if (!isset($meta['can_' . $params['proc']]) || !isset($meta['can_access_the_api'])) { $this->result->addError(__('Permissions for this user have not been set', 'woocommerce_json_api'), JSONAPI_PERMSNOTSET); return false; } if ($meta['can_access_the_api'] == 'no') { $this->result->addError(__('You have been banned.', 'woocommerce_json_api'), JSONAPI_PERMSINSUFF); return false; } if ($meta['can_' . $params['proc']] == 'no') { $this->result->addError(__('You do not have sufficient permissions.', 'woocommerce_json_api'), JSONAPI_PERMSINSUFF); return false; } $this->logUserIn($user); $this->result->setToken($meta['token']); return true; } } return false; }
function __fixPHPNSGlobalStupidity() { global $wpdb, $post, $user_ID, $post_ID; \WCAPI\Base::setAdapter($wpdb); }