function wpga_get_last_access($key) { global $current_user; $log = wpga_get_app_passwords_log(); $last = array(); if (empty($log)) { return false; } foreach ($log as $date => $entry) { if ($key === $entry['key']) { array_push($last, $entry); } } if (empty($last)) { return false; } $count = count($last) - 1; return $last[$count]; }
/** * Check for app password. * * If the user has created one or more apps passwords, * we check if the given password is a registered one. * * @since 1.1.0 */ public function checkAppPassword($user, $username, $password) { if (!is_wp_error($user)) { return $user; } $user_data = get_user_by('login', $username); if (!is_object($user_data)) { return; } if ($this->has_app_passwords($user_data->ID)) { $passwords = wpga_get_app_passwords($user_data->ID); $hash = md5($password); $key = wpga_make_unique_key($hash); if (array_key_exists($key, $passwords)) { /* App password is correct. */ if (wp_check_password(trim($password), $passwords[$key]['hash'])) { $log = $new = wpga_get_app_passwords_log($user_data->ID); $count = count($new); $last = null; /* Delete the oldest entry if the limit is reached */ if ($count === $this->log_max) { foreach ($new as $date => $data) { $last = $date; } unset($new[$date]); } $time = strtotime('now'); $entry = array('key' => $key, 'last_used' => $time, 'ip' => $_SERVER['REMOTE_ADDR'], 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'method' => ''); /* Update the password use count */ $passwords[$key]['count'] = intval($passwords[$key]['count']) + 1; update_user_meta($user_data->ID, 'wpga_apps_passwords', $passwords); /* Save the log entry */ $new[$time] = $entry; update_user_meta($user_data->ID, 'wpga_apps_passwords_log', $new); return new WP_User($user_data->ID); } else { return new WP_Error('wrong_app_password', __('The application password you provided is invalid.', 'wpga')); } } else { return new WP_Error('no_totp', __('Please provide your one time password.', 'wpga')); } } else { return $user; } }
<?php $passwords = wpga_get_app_passwords(); $log = wpga_get_app_passwords_log(); $alt = 'class="alternate"'; ?> <div class="wrap"> <div class="icon32" id="icon-options-general"></div> <h2><?php _e('Authenticator Applications Passwords', 'wpga'); ?> </h2> <p><?php _e('Apps passwords allow you to grant access to your WordPress administrative functions to applications that can\'t provide a one time password. This is useful if you use the WordPress mobile app for instance.', 'wpga'); ?> </p> <div id="poststuff"> <div id="post-body" class="metabox-holder columns-2"> <!-- main content --> <div id="post-body-content"> <div class="meta-box-sortables ui-sortable"> <div class="postbox"> <table id="wpga-passwords-list" class="widefat"> <thead> <tr> <th class="row-title"><?php _e('Description', 'wpga'); ?> </th> <th><?php