/**
* Verify that frame nonce exists, and if so, validate the nonce by calling WP.com.
*
* @since 4.4.0
*
* @return bool
*/
public function is_frame_nonce_valid()
{
if (empty($_GET['frame-nonce'])) {
return false;
}
Jetpack::load_xml_rpc_client();
$xml = new Jetpack_IXR_Client();
$xml->query('jetpack.verifyFrameNonce', sanitize_key($_GET['frame-nonce']));
if ($xml->isError()) {
return false;
}
return (bool) $xml->getResponse();
}
public function reindex_status()
{
$response = array('status' => 'ERROR');
// Assume reindexing is done if it was not triggered in the first place
if (false === Jetpack_Options::get_option('sync_bulk_reindexing')) {
return array('status' => 'DONE');
}
Jetpack::load_xml_rpc_client();
$client = new Jetpack_IXR_Client(array('user_id' => JETPACK_MASTER_USER));
$client->query('jetpack.reindexStatus');
if (!$client->isError()) {
$response = $client->getResponse();
if ('DONE' == $response['status']) {
Jetpack_Options::delete_option('sync_bulk_reindexing');
}
}
return $response;
}
public function monitor_get_last_downtime()
{
// if ( $last_down = get_transient( 'monitor_last_downtime' ) ) {
// return $last_down;
// }
Jetpack::load_xml_rpc_client();
$xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
$xml->query('jetpack.monitor.getLastDowntime');
if ($xml->isError()) {
return new WP_Error('monitor-downtime', $xml->getErrorMessage());
}
set_transient('monitor_last_downtime', $xml->getResponse(), 10 * MINUTE_IN_SECONDS);
return $xml->getResponse();
}
function subscribe_to_news()
{
if (!$this->current_user_is_connection_owner()) {
exit;
}
Jetpack::load_xml_rpc_client();
$xml = new Jetpack_IXR_Client(array('user_id' => JETPACK_MASTER_USER));
$xml->query('jetpack.subscribeToNews');
if ($xml->isError()) {
printf('%s: %s', $xml->getErrorCode(), $xml->getErrorMessage());
} else {
print_r($xml->getResponse());
}
exit;
}
public static function get_cloud_site_options($option_names)
{
$option_names = array_filter((array) $option_names, 'is_string');
Jetpack::load_xml_rpc_client();
$xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
$xml->query('jetpack.fetchSiteOptions', $option_names);
if ($xml->isError()) {
return array_flip($option_names);
}
$cloud_site_options = $xml->getResponse();
// If we want to intentionally jumble the results to test it ...
if (isset($_GET['spoof_identity_crisis'])) {
foreach ($cloud_site_options as $key => $value) {
$cloud_site_options[$key] = wp_generate_password();
}
}
return $cloud_site_options;
}
/**
* Backend function to abstract the xmlrpc function calls to wpcom.
*
* @param $endpoint
* @param $error_message
*/
function __process_ajax_proxy_request($endpoint, $error_message)
{
if (!current_user_can('edit_posts')) {
wp_send_json_error($error_message);
}
if (empty($_REQUEST['pbe_nonce']) || !wp_verify_nonce($_REQUEST['pbe_nonce'], $endpoint)) {
wp_send_json_error($error_message);
}
Jetpack::load_xml_rpc_client();
$xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
$xml->query($endpoint);
if ($xml->isError()) {
wp_send_json_error($error_message);
}
$response = $xml->getResponse();
if (empty($response)) {
wp_send_json_error($error_message);
}
wp_send_json_success($response);
}
/**
* The function that actually handles the login!
*/
function handle_login()
{
$wpcom_nonce = sanitize_key($_GET['sso_nonce']);
$wpcom_user_id = (int) $_GET['user_id'];
$result = sanitize_key($_GET['result']);
Jetpack::load_xml_rpc_client();
$xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
$xml->query('jetpack.sso.validateResult', $wpcom_nonce, $wpcom_user_id);
if ($xml->isError()) {
wp_die(sprintf('%s: %s', $xml->getErrorCode(), $xml->getErrorMessage()));
}
$user_data = $xml->getResponse();
if (empty($user_data)) {
wp_die(__('Error, invalid response data.', 'jetpack'));
}
$user_data = (object) $user_data;
$user = null;
/**
* Fires before Jetpack's SSO modifies the log in form.
*
* @module sso
*
* @since 2.6.0
*
* @param object $user_data User login information.
*/
do_action('jetpack_sso_pre_handle_login', $user_data);
/**
* Is it required to have 2-step authentication enabled on WordPress.com to use SSO?
*
* @module sso
*
* @since 2.8.0
*
* @param bool get_option( 'jetpack_sso_require_two_step' ) Does SSO require 2-step authentication?
*/
$require_two_step = apply_filters('jetpack_sso_require_two_step', get_option('jetpack_sso_require_two_step'));
if ($require_two_step && 0 == (int) $user_data->two_step_enabled) {
$this->user_data = $user_data;
/** This filter is documented in core/src/wp-includes/pluggable.php */
do_action('wp_login_failed', $user_data->login);
add_action('login_message', array($this, 'error_msg_enable_two_step'));
return;
}
if (isset($_GET['state']) && 0 < strpos($_GET['state'], '|')) {
list($state, $nonce) = explode('|', $_GET['state']);
if (wp_verify_nonce($nonce, $state)) {
if ('sso-link-user' == $state) {
$user = wp_get_current_user();
update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
add_filter('login_redirect', array(__CLASS__, 'profile_page_url'));
}
} else {
wp_nonce_ays();
}
}
if (empty($user)) {
$user = $this->get_user_by_wpcom_id($user_data->ID);
}
// If we don't have one by wpcom_user_id, try by the email?
if (empty($user) && self::match_by_email()) {
$user = get_user_by('email', $user_data->email);
if ($user) {
update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
}
}
// If we've still got nothing, create the user.
if (empty($user) && (get_option('users_can_register') || self::new_user_override())) {
// If not matching by email we still need to verify the email does not exist
// or this blows up
/**
* If match_by_email is true, we know the email doesn't exist, as it would have
* been found in the first pass. If get_user_by( 'email' ) doesn't find the
* user, then we know that email is unused, so it's safe to add.
*/
if (self::match_by_email() || !get_user_by('email', $user_data->email)) {
$username = $user_data->login;
if (username_exists($username)) {
$username = $user_data->login . '_' . $user_data->ID;
}
$tries = 0;
while (username_exists($username)) {
$username = $user_data->login . '_' . $user_data->ID . '_' . mt_rand();
if ($tries++ >= 5) {
wp_die(__("Error: Couldn't create suitable username.", 'jetpack'));
}
}
$password = wp_generate_password(20);
$user_id = wp_create_user($username, $password, $user_data->email);
$user = get_userdata($user_id);
$user->display_name = $user_data->display_name;
$user->first_name = $user_data->first_name;
$user->last_name = $user_data->last_name;
$user->url = $user_data->url;
$user->description = $user_data->description;
wp_update_user($user);
update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
} else {
$this->user_data = $user_data;
// do_action( 'wp_login_failed', $user_data->login );
add_action('login_message', array($this, 'error_msg_email_already_exists'));
return;
}
}
/**
* Fires after we got login information from WordPress.com.
*
* @module sso
*
* @since 2.6.0
*
* @param array $user WordPress.com User information.
* @param object $user_data User Login information.
*/
do_action('jetpack_sso_handle_login', $user, $user_data);
if ($user) {
// Cache the user's details, so we can present it back to them on their user screen.
update_user_meta($user->ID, 'wpcom_user_data', $user_data);
$remember = false;
if (!empty($_COOKIE['jetpack_sso_remember_me'])) {
$remember = true;
// And then purge it
setcookie('jetpack_sso_remember_me', ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN);
}
/**
* Filter the remember me value.
*
* @module sso
*
* @since 2.8.0
*
* @param bool $remember Is the remember me option checked?
*/
$remember = apply_filters('jetpack_remember_login', $remember);
wp_set_auth_cookie($user->ID, $remember);
/** This filter is documented in core/src/wp-includes/user.php */
do_action('wp_login', $user->user_login, $user);
$_request_redirect_to = isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '';
$redirect_to = user_can($user, 'edit_posts') ? admin_url() : self::profile_page_url();
// If we have a saved redirect to request in a cookie
if (!empty($_COOKIE['jetpack_sso_redirect_to'])) {
// Set that as the requested redirect to
$redirect_to = $_request_redirect_to = esc_url_raw($_COOKIE['jetpack_sso_redirect_to']);
// And then purge it
setcookie('jetpack_sso_redirect_to', ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN);
}
wp_safe_redirect(apply_filters('login_redirect', $redirect_to, $_request_redirect_to, $user));
exit;
}
$this->user_data = $user_data;
/** This filter is documented in core/src/wp-includes/pluggable.php */
do_action('wp_login_failed', $user_data->login);
add_action('login_message', array($this, 'cant_find_user'));
}
/**
* Request an api key from wordpress.com
*
* @return bool | string
*/
public function get_protect_key()
{
$protect_blog_id = Jetpack_Protect_Module::get_main_blog_jetpack_id();
// If we can't find the the blog id, that means we are on multisite, and the main site never connected
// the protect api key is linked to the main blog id - instruct the user to connect their main blog
if (!$protect_blog_id) {
$this->api_key_error = __('Your main blog is not connected to WordPress.com. Please connect to get an API key.', 'jetpack');
return false;
}
$request = array('jetpack_blog_id' => $protect_blog_id, 'bruteprotect_api_key' => get_site_option('bruteprotect_api_key'), 'multisite' => '0');
// Send the number of blogs on the network if we are on multisite
if (is_multisite()) {
$request['multisite'] = get_blog_count();
if (!$request['multisite']) {
global $wpdb;
$request['multisite'] = $wpdb->get_var("SELECT COUNT(blog_id) as c FROM {$wpdb->blogs} WHERE spam = '0' AND deleted = '0' and archived = '0'");
}
}
// Request the key
Jetpack::load_xml_rpc_client();
$xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
$xml->query('jetpack.protect.requestKey', $request);
// Hmm, can't talk to wordpress.com
if ($xml->isError()) {
$code = $xml->getErrorCode();
$message = $xml->getErrorMessage();
$this->api_key_error = sprintf(__('Error connecting to WordPress.com. Code: %1$s, %2$s', 'jetpack'), $code, $message);
return false;
}
$response = $xml->getResponse();
// Hmm. Can't talk to the protect servers ( api.bruteprotect.com )
if (!isset($response['data'])) {
$this->api_key_error = __('No reply from Jetpack servers', 'jetpack');
return false;
}
// There was an issue generating the key
if (empty($response['success'])) {
$this->api_key_error = $response['data'];
return false;
}
// Key generation successful!
$active_plugins = Jetpack::get_active_plugins();
// We only want to deactivate BruteProtect if we successfully get a key
if (in_array('bruteprotect/bruteprotect.php', $active_plugins)) {
Jetpack_Client_Server::deactivate_plugin('bruteprotect/bruteprotect.php', 'BruteProtect');
}
$key = $response['data'];
update_site_option('jetpack_protect_key', $key);
return $key;
}
/**
* Remote Query
*
* Performs a remote XML-RPC query using Jetpack's IXR Client. And also
* appends some useful stuff about this setup to the query.
*
* @return the Jetpack_IXR_Client object after querying.
*/
function query($method, $args = null)
{
$options = $this->get_options();
Jetpack::load_xml_rpc_client();
$xml = new Jetpack_IXR_Client(array('user_id' => JETPACK_MASTER_USER));
$params = array('args' => $args, 'video_blog_id' => $options['blog_id'], 'caps' => array());
// Let Jetpack know about our local caps.
foreach (array('read_videos', 'edit_videos', 'delete_videos', 'upload_videos') as $cap) {
if ($this->can($cap)) {
$params['caps'][] = $cap;
}
}
$xml->query($method, $params);
if ($xml->isError()) {
return new WP_Error('xml_rpc_error', 'An XML-RPC error has occurred.');
}
$response = $xml->getResponse();
// If there's any metadata with the response, save it for future use.
if (is_array($response) && isset($response['meta'])) {
$options = $this->get_options();
if ($response['meta'] !== $options['meta']) {
$options['meta'] = array_merge($options['meta'], $response['meta']);
$this->update_options($options);
}
}
if (is_array($response) && isset($response['result'])) {
return $response['result'];
}
return $response;
}
function handle_login()
{
$wpcom_nonce = sanitize_key($_GET['sso_nonce']);
$wpcom_user_id = (int) $_GET['user_id'];
$result = sanitize_key($_GET['result']);
Jetpack::load_xml_rpc_client();
$xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
$xml->query('jetpack.sso.validateResult', $wpcom_nonce, $wpcom_user_id);
if ($xml->isError()) {
wp_die(sprintf('%s: %s', $xml->getErrorCode(), $xml->getErrorMessage()));
}
$user_data = $xml->getResponse();
if (empty($user_data)) {
wp_die(__('Error, invalid response data.', 'jetpack'));
}
$user_data = (object) $user_data;
$user = null;
do_action('jetpack_sso_pre_handle_login', $user_data);
if (isset($_GET['state']) && 0 < strpos($_GET['state'], '|')) {
list($state, $nonce) = explode('|', $_GET['state']);
if (wp_verify_nonce($nonce, $state)) {
if ('sso-link-user' == $state) {
$user = wp_get_current_user();
update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
add_filter('login_redirect', array(__CLASS__, 'profile_page_url'));
}
} else {
wp_nonce_ays();
}
}
if (empty($user)) {
$user = $this->get_user_by_wpcom_id($user_data->ID);
}
// If we don't have one by wpcom_user_id, try by the email?
if (empty($user) && self::match_by_email()) {
$user = get_user_by('email', $user_data->email);
if ($user) {
update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
}
}
// If we've still got nothing, create the user.
if (empty($user) && (get_option('users_can_register') || self::new_user_override())) {
$username = $user_data->login;
if (username_exists($username)) {
$username = $user_data->login . '_' . $user_data->ID;
}
$tries = 0;
while (username_exists($username)) {
$username = $user_data->login . '_' . $user_data->ID . '_' . mt_rand();
if ($tries++ >= 5) {
wp_die(__("Error: Couldn't create suitable username.", 'jetpack'));
}
}
$password = wp_generate_password(20);
$user_id = wp_create_user($username, $password, $user_data->email);
$user = get_userdata($user_id);
$user->display_name = $user_data->display_name;
$user->first_name = $user_data->first_name;
$user->last_name = $user_data->last_name;
$user->url = $user_data->url;
$user->description = $user_data->description;
wp_update_user($user);
update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
}
do_action('jetpack_sso_handle_login', $user, $user_data);
if ($user) {
// Cache the user's details, so we can present it back to them on their user screen.
update_user_meta($user->ID, 'wpcom_user_data', $user_data);
wp_set_auth_cookie($user->ID);
$_request_redirect_to = isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '';
$redirect_to = user_can($user, 'edit_posts') ? admin_url() : self::profile_page_url();
wp_safe_redirect(apply_filters('login_redirect', $redirect_to, $_request_redirect_to, $user));
exit;
}
$this->user_data = $user_data;
add_action('login_message', array($this, 'cant_find_user'));
}
public function monitor_get_last_downtime()
{
Jetpack::load_xml_rpc_client();
$xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
$xml->query('jetpack.monitor.getLastDowntime');
if ($xml->isError()) {
return new WP_Error('monitor-downtime', $xml->getErrorMessage());
}
return $xml->getResponse();
}
/**
* Backend function to abstract the xmlrpc function calls to wpcom.
*
* @param $endpoint
* @param $error_message
*/
function __process_ajax_proxy_request($endpoint, $error_message)
{
if (!current_user_can('edit_posts')) {
wp_send_json_error($error_message);
}
if (empty($_REQUEST['pbe_nonce']) || !wp_verify_nonce($_REQUEST['pbe_nonce'], $endpoint)) {
wp_send_json_error($error_message);
}
Jetpack::load_xml_rpc_client();
$xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
$xml->query($endpoint);
if ($xml->isError()) {
wp_send_json_error($error_message);
}
$response = $xml->getResponse();
if (empty($response)) {
wp_send_json_error($error_message);
}
wp_send_json_success($response);
// Will be used only in Jetpack_Core_Json_Api_Endpoints::get_remote_value.
update_option('post_by_email_address', $response);
}
function register_via_jetpack()
{
if (!class_exists('Jetpack')) {
return false;
}
Jetpack::load_xml_rpc_client();
$xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
$xml->query('vaultpress.registerSite');
if (!$xml->isError()) {
return $xml->getResponse();
}
return new WP_Error($xml->getErrorCode(), $xml->getErrorMessage());
}
function options_save_tumblr()
{
// Nonce check
check_admin_referer('save_tumblr_blog_' . $_REQUEST['connection']);
$id = $_POST['connection'];
$options = array('tumblr_base_hostname' => $_POST['selected_id']);
Jetpack::load_xml_rpc_client();
$xml = new Jetpack_IXR_Client();
$xml->query('jetpack.setPublicizeOptions', $id, $options);
if (!$xml->isError()) {
$response = $xml->getResponse();
Jetpack::update_option('publicize_connections', $response);
}
$this->globalization();
}
/**
* Calls WPCOM through authenticated request to create, regenerate or delete the Post by Email address.
* @todo: When all settings are updated to use endpoints, move this to the Post by Email module and replace __process_ajax_proxy_request.
*
* @since 4.1.0
*
* @param string $endpoint Process to call on WPCOM to create, regenerate or delete the Post by Email address.
* @param string $error Error message to return.
*
* @return array
*/
private static function _process_post_by_email($endpoint, $error)
{
if (!current_user_can('edit_posts')) {
return array('message' => $error);
}
Jetpack::load_xml_rpc_client();
$xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
$xml->query($endpoint);
if ($xml->isError()) {
return array('message' => $error);
}
$response = $xml->getResponse();
if (empty($response)) {
return array('message' => $error);
}
// Used only in Jetpack_Core_Json_Api_Endpoints::get_remote_value.
update_option('post_by_email_address', $response);
return $response;
}
function fetch_subscriber_count()
{
$subs_count = get_transient('wpcom_subscribers_total');
if (FALSE === $subs_count || 'failed' == $subs_count['status']) {
Jetpack::load_xml_rpc_client();
$xml = new Jetpack_IXR_Client(array('user_id' => JETPACK_MASTER_USER));
$xml->query('jetpack.fetchSubscriberCount');
if ($xml->isError()) {
// if we get an error from .com, set the status to failed so that we will try again next time the data is requested
$subs_count = array('status' => 'failed', 'code' => $xml->getErrorCode(), 'message' => $xml->getErrorMessage(), 'value' => isset($subs_count['value']) ? $subs_count['value'] : 0);
} else {
$subs_count = array('status' => 'success', 'value' => $xml->getResponse());
}
set_transient('wpcom_subscribers_total', $subs_count, 3600);
// try to cache the result for at least 1 hour
}
return $subs_count;
}
function handle_login()
{
$wpcom_nonce = sanitize_key($_GET['sso_nonce']);
$wpcom_user_id = (int) $_GET['user_id'];
$result = sanitize_key($_GET['result']);
Jetpack::load_xml_rpc_client();
$xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
$xml->query('jetpack.sso.validateResult', $wpcom_nonce, $wpcom_user_id);
if ($xml->isError()) {
wp_die(sprintf('%s: %s', $xml->getErrorCode(), $xml->getErrorMessage()));
}
$user_data = $xml->getResponse();
if (empty($user_data)) {
wp_die(__('Error, invalid response data.', 'jetpack'));
}
$user_data = (object) $user_data;
$user = null;
do_action('jetpack_sso_pre_handle_login', $user_data);
// Check to see if having two step enable on wpcom is a requirement to login here
$require_two_step = apply_filters('jetpack_sso_require_two_step', get_option('jetpack_sso_require_two_step'));
if ($require_two_step && 0 == (int) $user_data->two_step_enabled) {
$this->user_data = $user_data;
do_action('wp_login_failed', $user_data->login);
add_action('login_message', array($this, 'error_msg_enable_two_step'));
return;
}
if (isset($_GET['state']) && 0 < strpos($_GET['state'], '|')) {
list($state, $nonce) = explode('|', $_GET['state']);
if (wp_verify_nonce($nonce, $state)) {
if ('sso-link-user' == $state) {
$user = wp_get_current_user();
update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
add_filter('login_redirect', array(__CLASS__, 'profile_page_url'));
}
} else {
wp_nonce_ays();
}
}
if (empty($user)) {
$user = $this->get_user_by_wpcom_id($user_data->ID);
}
// If we don't have one by wpcom_user_id, try by the email?
if (empty($user) && self::match_by_email()) {
$user = get_user_by('email', $user_data->email);
if ($user) {
update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
}
}
// If we've still got nothing, create the user.
if (empty($user) && (get_option('users_can_register') || self::new_user_override())) {
// If not matching by email we still need to verify the email does not exist
// or this blows up
if (!self::match_by_email() && !get_user_by('email', $user_data->email)) {
$username = $user_data->login;
if (username_exists($username)) {
$username = $user_data->login . '_' . $user_data->ID;
}
$tries = 0;
while (username_exists($username)) {
$username = $user_data->login . '_' . $user_data->ID . '_' . mt_rand();
if ($tries++ >= 5) {
wp_die(__("Error: Couldn't create suitable username.", 'jetpack'));
}
}
$password = wp_generate_password(20);
$user_id = wp_create_user($username, $password, $user_data->email);
$user = get_userdata($user_id);
$user->display_name = $user_data->display_name;
$user->first_name = $user_data->first_name;
$user->last_name = $user_data->last_name;
$user->url = $user_data->url;
$user->description = $user_data->description;
wp_update_user($user);
update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
}
}
do_action('jetpack_sso_handle_login', $user, $user_data);
if ($user) {
// Cache the user's details, so we can present it back to them on their user screen.
update_user_meta($user->ID, 'wpcom_user_data', $user_data);
// Set remember me value
$remember = apply_filters('jetpack_remember_login', false);
wp_set_auth_cookie($user->ID, $remember);
// Run the WP core login action
do_action('wp_login', $user->user_login, $user);
$_request_redirect_to = isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '';
$redirect_to = user_can($user, 'edit_posts') ? admin_url() : self::profile_page_url();
// If we have a saved redirect to request in a cookie
if (!empty($_COOKIE['jetpack_sso_redirect_to'])) {
// Set that as the requested redirect to
$redirect_to = $_request_redirect_to = esc_url_raw($_COOKIE['jetpack_sso_redirect_to']);
// And then purge it
setcookie('jetpack_sso_redirect_to', ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN);
}
wp_safe_redirect(apply_filters('login_redirect', $redirect_to, $_request_redirect_to, $user));
exit;
}
$this->user_data = $user_data;
do_action('wp_login_failed', $user_data->login);
add_action('login_message', array($this, 'cant_find_user'));
}
function delete_post_by_email_address()
{
Jetpack::load_xml_rpc_client();
$xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
$xml->query('jetpack.deletePostByEmailAddress');
if ($xml->isError()) {
echo json_encode(array('response' => 'error', 'message' => __('Unable to disable your Post By Email address. Please try again later.', 'jetpack')));
die;
}
$response = $xml->getResponse();
if (empty($response)) {
echo json_encode(array('response' => 'error', 'message' => __('Unable to disable your Post By Email address. Please try again later.', 'jetpack')));
die;
}
echo $response;
die;
}
public function deactivate_monitor()
{
Jetpack::load_xml_rpc_client();
$xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
$xml->query('jetpack.monitor.deactivate');
if ($xml->isError()) {
wp_die(sprintf('%s: %s', $xml->getErrorCode(), $xml->getErrorMessage()));
}
return true;
}
/**
* Pings the WordPress.com Mirror Site for the specified options.
*
* @param string|array $option_names The option names to request from the WordPress.com Mirror Site
*
* @return array An associative array of the option values as stored in the WordPress.com Mirror Site
*/
public static function get_cloud_site_options($option_names)
{
$option_names = array_filter((array) $option_names, 'is_string');
Jetpack::load_xml_rpc_client();
$xml = new Jetpack_IXR_Client(array('user_id' => JETPACK_MASTER_USER));
$xml->query('jetpack.fetchSiteOptions', $option_names);
if ($xml->isError()) {
return array_flip($option_names);
}
$cloud_site_options = $xml->getResponse();
return $cloud_site_options;
}
/**
* The function that actually handles the login!
*/
function handle_login()
{
$wpcom_nonce = sanitize_key($_GET['sso_nonce']);
$wpcom_user_id = (int) $_GET['user_id'];
Jetpack::load_xml_rpc_client();
$xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
$xml->query('jetpack.sso.validateResult', $wpcom_nonce, $wpcom_user_id);
if ($xml->isError()) {
$error_message = sanitize_text_field(sprintf('%s: %s', $xml->getErrorCode(), $xml->getErrorMessage()));
JetpackTracking::record_user_event('sso_login_failed', array('error_message' => $error_message));
wp_die($error_message);
}
$user_data = $xml->getResponse();
if (empty($user_data)) {
JetpackTracking::record_user_event('sso_login_failed', array('error_message' => 'invalid_response_data'));
wp_die(__('Error, invalid response data.', 'jetpack'));
}
$user_data = (object) $user_data;
$user = null;
/**
* Fires before Jetpack's SSO modifies the log in form.
*
* @module sso
*
* @since 2.6.0
*
* @param object $user_data WordPress.com User information.
*/
do_action('jetpack_sso_pre_handle_login', $user_data);
if (Jetpack_SSO_Helpers::is_two_step_required() && 0 === (int) $user_data->two_step_enabled) {
$this->user_data = $user_data;
JetpackTracking::record_user_event('sso_login_failed', array('error_message' => 'error_msg_enable_two_step'));
/** This filter is documented in core/src/wp-includes/pluggable.php */
do_action('wp_login_failed', $user_data->login);
add_filter('login_message', array($this, 'error_msg_enable_two_step'));
return;
}
$user_found_with = '';
if (empty($user) && isset($user_data->external_user_id)) {
$user_found_with = 'external_user_id';
$user = get_user_by('id', intval($user_data->external_user_id));
if ($user) {
update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
}
}
// If we don't have one by wpcom_user_id, try by the email?
if (empty($user) && Jetpack_SSO_Helpers::match_by_email()) {
$user_found_with = 'match_by_email';
$user = get_user_by('email', $user_data->email);
if ($user) {
update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
}
}
// If we've still got nothing, create the user.
if (empty($user) && (get_option('users_can_register') || Jetpack_SSO_Helpers::new_user_override())) {
// If not matching by email we still need to verify the email does not exist
// or this blows up
/**
* If match_by_email is true, we know the email doesn't exist, as it would have
* been found in the first pass. If get_user_by( 'email' ) doesn't find the
* user, then we know that email is unused, so it's safe to add.
*/
if (Jetpack_SSO_Helpers::match_by_email() || !get_user_by('email', $user_data->email)) {
$username = $user_data->login;
if (username_exists($username)) {
$username = $user_data->login . '_' . $user_data->ID;
}
$tries = 0;
while (username_exists($username)) {
$username = $user_data->login . '_' . $user_data->ID . '_' . mt_rand();
if ($tries++ >= 5) {
JetpackTracking::record_user_event('sso_login_failed', array('error_message' => 'could_not_create_username'));
wp_die(__("Error: Couldn't create suitable username.", 'jetpack'));
}
}
$user_found_with = Jetpack_SSO_Helpers::new_user_override() ? 'user_created_new_user_override' : 'user_created_users_can_register';
$password = wp_generate_password(20);
$user_id = wp_create_user($username, $password, $user_data->email);
$user = get_userdata($user_id);
$user->display_name = $user_data->display_name;
$user->first_name = $user_data->first_name;
$user->last_name = $user_data->last_name;
$user->url = $user_data->url;
$user->description = $user_data->description;
wp_update_user($user);
update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
} else {
JetpackTracking::record_user_event('sso_login_failed', array('error_message' => 'error_msg_email_already_exists'));
$this->user_data = $user_data;
add_action('login_message', array($this, 'error_msg_email_already_exists'));
return;
}
}
/**
* Fires after we got login information from WordPress.com.
*
* @module sso
*
* @since 2.6.0
*
* @param array $user Local User information.
* @param object $user_data WordPress.com User Login information.
*/
do_action('jetpack_sso_handle_login', $user, $user_data);
if ($user) {
// Cache the user's details, so we can present it back to them on their user screen
update_user_meta($user->ID, 'wpcom_user_data', $user_data);
$remember = false;
if (!empty($_COOKIE['jetpack_sso_remember_me'])) {
$remember = true;
// And then purge it
setcookie('jetpack_sso_remember_me', ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN);
}
/**
* Filter the remember me value.
*
* @module sso
*
* @since 2.8.0
*
* @param bool $remember Is the remember me option checked?
*/
$remember = apply_filters('jetpack_remember_login', $remember);
wp_set_auth_cookie($user->ID, $remember);
/** This filter is documented in core/src/wp-includes/user.php */
do_action('wp_login', $user->user_login, $user);
wp_set_current_user($user->ID);
$_request_redirect_to = isset($_REQUEST['redirect_to']) ? esc_url_raw($_REQUEST['redirect_to']) : '';
$redirect_to = user_can($user, 'edit_posts') ? admin_url() : self::profile_page_url();
// If we have a saved redirect to request in a cookie
if (!empty($_COOKIE['jetpack_sso_redirect_to'])) {
// Set that as the requested redirect to
$redirect_to = $_request_redirect_to = esc_url_raw($_COOKIE['jetpack_sso_redirect_to']);
// And then purge it
setcookie('jetpack_sso_redirect_to', ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN);
}
$is_user_connected = Jetpack::is_user_connected($user->ID);
JetpackTracking::record_user_event('sso_user_logged_in', array('user_found_with' => $user_found_with, 'user_connected' => (bool) $is_user_connected, 'user_role' => Jetpack::translate_current_user_to_role()));
if (!$is_user_connected) {
$calypso_env = !empty($_GET['calypso_env']) ? sanitize_key($_GET['calypso_env']) : '';
wp_safe_redirect(add_query_arg(array('redirect_to' => $redirect_to, 'request_redirect_to' => $_request_redirect_to, 'calypso_env' => $calypso_env, 'jetpack-sso-auth-redirect' => '1'), admin_url()));
exit;
}
wp_safe_redirect(apply_filters('login_redirect', $redirect_to, $_request_redirect_to, $user));
exit;
}
add_filter('jetpack_sso_default_to_sso_login', '__return_false');
JetpackTracking::record_user_event('sso_login_failed', array('error_message' => 'cant_find_user'));
$this->user_data = $user_data;
/** This filter is documented in core/src/wp-includes/pluggable.php */
do_action('wp_login_failed', $user_data->login);
add_filter('login_message', array($this, 'cant_find_user'));
}
public function jetpack_disconnect()
{
if (empty($_GET['disconnect']) || 'gplus' != $_GET['disconnect']) {
return;
}
global $current_user;
// security check - did we actually want to disconnect?
$nonce = $_GET['_wpnonce'];
if (!wp_verify_nonce($nonce, 'disconnect-gplus')) {
return;
}
$connections = get_option('gplus_authors', array());
Jetpack::load_xml_rpc_client();
$xml = new Jetpack_IXR_Client();
$xml->query('jetpack.disconnectGooglePlus', $connections[$current_user->ID]['id']);
if (!$xml->isError()) {
unset($connections[$current_user->ID]);
update_option('gplus_authors', $connections);
} else {
// @todo error
}
}
function subscribe_to_news()
{
$this->load_xml_rpc_client();
$xml = new Jetpack_IXR_Client(array('user_id' => $GLOBALS['current_user']->ID));
$xml->query('jetpack.subscribeToNews');
if ($xml->isError()) {
printf('%s: %s', $xml->getErrorCode(), $xml->getErrorMessage());
} else {
print_r($xml->getResponse());
}
exit;
}