function wpga_get_last_access($key)
{
global $current_user;
$log = wpga_get_app_passwords_log();
$last = array();
if (empty($log)) {
return false;
}
foreach ($log as $date => $entry) {
if ($key === $entry['key']) {
array_push($last, $entry);
}
}
if (empty($last)) {
return false;
}
$count = count($last) - 1;
return $last[$count];
}
/**
* Check for app password.
*
* If the user has created one or more apps passwords,
* we check if the given password is a registered one.
*
* @since 1.1.0
*/
public function checkAppPassword($user, $username, $password)
{
if (!is_wp_error($user)) {
return $user;
}
$user_data = get_user_by('login', $username);
if (!is_object($user_data)) {
return;
}
if ($this->has_app_passwords($user_data->ID)) {
$passwords = wpga_get_app_passwords($user_data->ID);
$hash = md5($password);
$key = wpga_make_unique_key($hash);
if (array_key_exists($key, $passwords)) {
/* App password is correct. */
if (wp_check_password(trim($password), $passwords[$key]['hash'])) {
$log = $new = wpga_get_app_passwords_log($user_data->ID);
$count = count($new);
$last = null;
/* Delete the oldest entry if the limit is reached */
if ($count === $this->log_max) {
foreach ($new as $date => $data) {
$last = $date;
}
unset($new[$date]);
}
$time = strtotime('now');
$entry = array('key' => $key, 'last_used' => $time, 'ip' => $_SERVER['REMOTE_ADDR'], 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'method' => '');
/* Update the password use count */
$passwords[$key]['count'] = intval($passwords[$key]['count']) + 1;
update_user_meta($user_data->ID, 'wpga_apps_passwords', $passwords);
/* Save the log entry */
$new[$time] = $entry;
update_user_meta($user_data->ID, 'wpga_apps_passwords_log', $new);
return new WP_User($user_data->ID);
} else {
return new WP_Error('wrong_app_password', __('The application password you provided is invalid.', 'wpga'));
}
} else {
return new WP_Error('no_totp', __('Please provide your one time password.', 'wpga'));
}
} else {
return $user;
}
}
<?php
$passwords = wpga_get_app_passwords();
$log = wpga_get_app_passwords_log();
$alt = 'class="alternate"';
?>
<div class="wrap">
<div class="icon32" id="icon-options-general"></div>
<h2><?php
_e('Authenticator Applications Passwords', 'wpga');
?>
</h2>
<p><?php
_e('Apps passwords allow you to grant access to your WordPress administrative functions to applications that can\'t provide a one time password. This is useful if you use the WordPress mobile app for instance.', 'wpga');
?>
</p>
<div id="poststuff">
<div id="post-body" class="metabox-holder columns-2">
<!-- main content -->
<div id="post-body-content">
<div class="meta-box-sortables ui-sortable">
<div class="postbox">
<table id="wpga-passwords-list" class="widefat">
<thead>
<tr>
<th class="row-title"><?php
_e('Description', 'wpga');
?>
</th>
<th><?php
