/**
  * Verify that frame nonce exists, and if so, validate the nonce by calling WP.com.
  *
  * @since 4.4.0
  *
  * @return bool
  */
 public function is_frame_nonce_valid()
 {
     if (empty($_GET['frame-nonce'])) {
         return false;
     }
     Jetpack::load_xml_rpc_client();
     $xml = new Jetpack_IXR_Client();
     $xml->query('jetpack.verifyFrameNonce', sanitize_key($_GET['frame-nonce']));
     if ($xml->isError()) {
         return false;
     }
     return (bool) $xml->getResponse();
 }
 public function reindex_status()
 {
     $response = array('status' => 'ERROR');
     // Assume reindexing is done if it was not triggered in the first place
     if (false === Jetpack_Options::get_option('sync_bulk_reindexing')) {
         return array('status' => 'DONE');
     }
     Jetpack::load_xml_rpc_client();
     $client = new Jetpack_IXR_Client(array('user_id' => JETPACK_MASTER_USER));
     $client->query('jetpack.reindexStatus');
     if (!$client->isError()) {
         $response = $client->getResponse();
         if ('DONE' == $response['status']) {
             Jetpack_Options::delete_option('sync_bulk_reindexing');
         }
     }
     return $response;
 }
Esempio n. 3
0
 public function monitor_get_last_downtime()
 {
     //		if ( $last_down = get_transient( 'monitor_last_downtime' ) ) {
     //			return $last_down;
     //		}
     Jetpack::load_xml_rpc_client();
     $xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
     $xml->query('jetpack.monitor.getLastDowntime');
     if ($xml->isError()) {
         return new WP_Error('monitor-downtime', $xml->getErrorMessage());
     }
     set_transient('monitor_last_downtime', $xml->getResponse(), 10 * MINUTE_IN_SECONDS);
     return $xml->getResponse();
 }
Esempio n. 4
0
 function subscribe_to_news()
 {
     if (!$this->current_user_is_connection_owner()) {
         exit;
     }
     Jetpack::load_xml_rpc_client();
     $xml = new Jetpack_IXR_Client(array('user_id' => JETPACK_MASTER_USER));
     $xml->query('jetpack.subscribeToNews');
     if ($xml->isError()) {
         printf('%s: %s', $xml->getErrorCode(), $xml->getErrorMessage());
     } else {
         print_r($xml->getResponse());
     }
     exit;
 }
Esempio n. 5
0
 public static function get_cloud_site_options($option_names)
 {
     $option_names = array_filter((array) $option_names, 'is_string');
     Jetpack::load_xml_rpc_client();
     $xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
     $xml->query('jetpack.fetchSiteOptions', $option_names);
     if ($xml->isError()) {
         return array_flip($option_names);
     }
     $cloud_site_options = $xml->getResponse();
     // If we want to intentionally jumble the results to test it ...
     if (isset($_GET['spoof_identity_crisis'])) {
         foreach ($cloud_site_options as $key => $value) {
             $cloud_site_options[$key] = wp_generate_password();
         }
     }
     return $cloud_site_options;
 }
 /**
  * Backend function to abstract the xmlrpc function calls to wpcom.
  *
  * @param $endpoint
  * @param $error_message
  */
 function __process_ajax_proxy_request($endpoint, $error_message)
 {
     if (!current_user_can('edit_posts')) {
         wp_send_json_error($error_message);
     }
     if (empty($_REQUEST['pbe_nonce']) || !wp_verify_nonce($_REQUEST['pbe_nonce'], $endpoint)) {
         wp_send_json_error($error_message);
     }
     Jetpack::load_xml_rpc_client();
     $xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
     $xml->query($endpoint);
     if ($xml->isError()) {
         wp_send_json_error($error_message);
     }
     $response = $xml->getResponse();
     if (empty($response)) {
         wp_send_json_error($error_message);
     }
     wp_send_json_success($response);
 }
Esempio n. 7
0
 /**
  * The function that actually handles the login!
  */
 function handle_login()
 {
     $wpcom_nonce = sanitize_key($_GET['sso_nonce']);
     $wpcom_user_id = (int) $_GET['user_id'];
     $result = sanitize_key($_GET['result']);
     Jetpack::load_xml_rpc_client();
     $xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
     $xml->query('jetpack.sso.validateResult', $wpcom_nonce, $wpcom_user_id);
     if ($xml->isError()) {
         wp_die(sprintf('%s: %s', $xml->getErrorCode(), $xml->getErrorMessage()));
     }
     $user_data = $xml->getResponse();
     if (empty($user_data)) {
         wp_die(__('Error, invalid response data.', 'jetpack'));
     }
     $user_data = (object) $user_data;
     $user = null;
     /**
      * Fires before Jetpack's SSO modifies the log in form.
      *
      * @module sso
      *
      * @since 2.6.0
      *
      * @param object $user_data User login information.
      */
     do_action('jetpack_sso_pre_handle_login', $user_data);
     /**
      * Is it required to have 2-step authentication enabled on WordPress.com to use SSO?
      *
      * @module sso
      *
      * @since 2.8.0
      *
      * @param bool get_option( 'jetpack_sso_require_two_step' ) Does SSO require 2-step authentication?
      */
     $require_two_step = apply_filters('jetpack_sso_require_two_step', get_option('jetpack_sso_require_two_step'));
     if ($require_two_step && 0 == (int) $user_data->two_step_enabled) {
         $this->user_data = $user_data;
         /** This filter is documented in core/src/wp-includes/pluggable.php */
         do_action('wp_login_failed', $user_data->login);
         add_action('login_message', array($this, 'error_msg_enable_two_step'));
         return;
     }
     if (isset($_GET['state']) && 0 < strpos($_GET['state'], '|')) {
         list($state, $nonce) = explode('|', $_GET['state']);
         if (wp_verify_nonce($nonce, $state)) {
             if ('sso-link-user' == $state) {
                 $user = wp_get_current_user();
                 update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
                 add_filter('login_redirect', array(__CLASS__, 'profile_page_url'));
             }
         } else {
             wp_nonce_ays();
         }
     }
     if (empty($user)) {
         $user = $this->get_user_by_wpcom_id($user_data->ID);
     }
     // If we don't have one by wpcom_user_id, try by the email?
     if (empty($user) && self::match_by_email()) {
         $user = get_user_by('email', $user_data->email);
         if ($user) {
             update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
         }
     }
     // If we've still got nothing, create the user.
     if (empty($user) && (get_option('users_can_register') || self::new_user_override())) {
         // If not matching by email we still need to verify the email does not exist
         // or this blows up
         /**
          * If match_by_email is true, we know the email doesn't exist, as it would have
          * been found in the first pass.  If get_user_by( 'email' ) doesn't find the
          * user, then we know that email is unused, so it's safe to add.
          */
         if (self::match_by_email() || !get_user_by('email', $user_data->email)) {
             $username = $user_data->login;
             if (username_exists($username)) {
                 $username = $user_data->login . '_' . $user_data->ID;
             }
             $tries = 0;
             while (username_exists($username)) {
                 $username = $user_data->login . '_' . $user_data->ID . '_' . mt_rand();
                 if ($tries++ >= 5) {
                     wp_die(__("Error: Couldn't create suitable username.", 'jetpack'));
                 }
             }
             $password = wp_generate_password(20);
             $user_id = wp_create_user($username, $password, $user_data->email);
             $user = get_userdata($user_id);
             $user->display_name = $user_data->display_name;
             $user->first_name = $user_data->first_name;
             $user->last_name = $user_data->last_name;
             $user->url = $user_data->url;
             $user->description = $user_data->description;
             wp_update_user($user);
             update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
         } else {
             $this->user_data = $user_data;
             // do_action( 'wp_login_failed', $user_data->login );
             add_action('login_message', array($this, 'error_msg_email_already_exists'));
             return;
         }
     }
     /**
      * Fires after we got login information from WordPress.com.
      *
      * @module sso
      *
      * @since 2.6.0
      *
      * @param array $user WordPress.com User information.
      * @param object $user_data User Login information.
      */
     do_action('jetpack_sso_handle_login', $user, $user_data);
     if ($user) {
         // Cache the user's details, so we can present it back to them on their user screen.
         update_user_meta($user->ID, 'wpcom_user_data', $user_data);
         $remember = false;
         if (!empty($_COOKIE['jetpack_sso_remember_me'])) {
             $remember = true;
             // And then purge it
             setcookie('jetpack_sso_remember_me', ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN);
         }
         /**
          * Filter the remember me value.
          *
          * @module sso
          *
          * @since 2.8.0
          *
          * @param bool $remember Is the remember me option checked?
          */
         $remember = apply_filters('jetpack_remember_login', $remember);
         wp_set_auth_cookie($user->ID, $remember);
         /** This filter is documented in core/src/wp-includes/user.php */
         do_action('wp_login', $user->user_login, $user);
         $_request_redirect_to = isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '';
         $redirect_to = user_can($user, 'edit_posts') ? admin_url() : self::profile_page_url();
         // If we have a saved redirect to request in a cookie
         if (!empty($_COOKIE['jetpack_sso_redirect_to'])) {
             // Set that as the requested redirect to
             $redirect_to = $_request_redirect_to = esc_url_raw($_COOKIE['jetpack_sso_redirect_to']);
             // And then purge it
             setcookie('jetpack_sso_redirect_to', ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN);
         }
         wp_safe_redirect(apply_filters('login_redirect', $redirect_to, $_request_redirect_to, $user));
         exit;
     }
     $this->user_data = $user_data;
     /** This filter is documented in core/src/wp-includes/pluggable.php */
     do_action('wp_login_failed', $user_data->login);
     add_action('login_message', array($this, 'cant_find_user'));
 }
Esempio n. 8
0
 /**
  * Request an api key from wordpress.com
  *
  * @return bool | string
  */
 public function get_protect_key()
 {
     $protect_blog_id = Jetpack_Protect_Module::get_main_blog_jetpack_id();
     // If we can't find the the blog id, that means we are on multisite, and the main site never connected
     // the protect api key is linked to the main blog id - instruct the user to connect their main blog
     if (!$protect_blog_id) {
         $this->api_key_error = __('Your main blog is not connected to WordPress.com. Please connect to get an API key.', 'jetpack');
         return false;
     }
     $request = array('jetpack_blog_id' => $protect_blog_id, 'bruteprotect_api_key' => get_site_option('bruteprotect_api_key'), 'multisite' => '0');
     // Send the number of blogs on the network if we are on multisite
     if (is_multisite()) {
         $request['multisite'] = get_blog_count();
         if (!$request['multisite']) {
             global $wpdb;
             $request['multisite'] = $wpdb->get_var("SELECT COUNT(blog_id) as c FROM {$wpdb->blogs} WHERE spam = '0' AND deleted = '0' and archived = '0'");
         }
     }
     // Request the key
     Jetpack::load_xml_rpc_client();
     $xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
     $xml->query('jetpack.protect.requestKey', $request);
     // Hmm, can't talk to wordpress.com
     if ($xml->isError()) {
         $code = $xml->getErrorCode();
         $message = $xml->getErrorMessage();
         $this->api_key_error = sprintf(__('Error connecting to WordPress.com. Code: %1$s, %2$s', 'jetpack'), $code, $message);
         return false;
     }
     $response = $xml->getResponse();
     // Hmm. Can't talk to the protect servers ( api.bruteprotect.com )
     if (!isset($response['data'])) {
         $this->api_key_error = __('No reply from Jetpack servers', 'jetpack');
         return false;
     }
     // There was an issue generating the key
     if (empty($response['success'])) {
         $this->api_key_error = $response['data'];
         return false;
     }
     // Key generation successful!
     $active_plugins = Jetpack::get_active_plugins();
     // We only want to deactivate BruteProtect if we successfully get a key
     if (in_array('bruteprotect/bruteprotect.php', $active_plugins)) {
         Jetpack_Client_Server::deactivate_plugin('bruteprotect/bruteprotect.php', 'BruteProtect');
     }
     $key = $response['data'];
     update_site_option('jetpack_protect_key', $key);
     return $key;
 }
Esempio n. 9
0
 /**
  * Remote Query
  *
  * Performs a remote XML-RPC query using Jetpack's IXR Client. And also
  * appends some useful stuff about this setup to the query.
  *
  * @return the Jetpack_IXR_Client object after querying.
  */
 function query($method, $args = null)
 {
     $options = $this->get_options();
     Jetpack::load_xml_rpc_client();
     $xml = new Jetpack_IXR_Client(array('user_id' => JETPACK_MASTER_USER));
     $params = array('args' => $args, 'video_blog_id' => $options['blog_id'], 'caps' => array());
     // Let Jetpack know about our local caps.
     foreach (array('read_videos', 'edit_videos', 'delete_videos', 'upload_videos') as $cap) {
         if ($this->can($cap)) {
             $params['caps'][] = $cap;
         }
     }
     $xml->query($method, $params);
     if ($xml->isError()) {
         return new WP_Error('xml_rpc_error', 'An XML-RPC error has occurred.');
     }
     $response = $xml->getResponse();
     // If there's any metadata with the response, save it for future use.
     if (is_array($response) && isset($response['meta'])) {
         $options = $this->get_options();
         if ($response['meta'] !== $options['meta']) {
             $options['meta'] = array_merge($options['meta'], $response['meta']);
             $this->update_options($options);
         }
     }
     if (is_array($response) && isset($response['result'])) {
         return $response['result'];
     }
     return $response;
 }
Esempio n. 10
0
 function handle_login()
 {
     $wpcom_nonce = sanitize_key($_GET['sso_nonce']);
     $wpcom_user_id = (int) $_GET['user_id'];
     $result = sanitize_key($_GET['result']);
     Jetpack::load_xml_rpc_client();
     $xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
     $xml->query('jetpack.sso.validateResult', $wpcom_nonce, $wpcom_user_id);
     if ($xml->isError()) {
         wp_die(sprintf('%s: %s', $xml->getErrorCode(), $xml->getErrorMessage()));
     }
     $user_data = $xml->getResponse();
     if (empty($user_data)) {
         wp_die(__('Error, invalid response data.', 'jetpack'));
     }
     $user_data = (object) $user_data;
     $user = null;
     do_action('jetpack_sso_pre_handle_login', $user_data);
     if (isset($_GET['state']) && 0 < strpos($_GET['state'], '|')) {
         list($state, $nonce) = explode('|', $_GET['state']);
         if (wp_verify_nonce($nonce, $state)) {
             if ('sso-link-user' == $state) {
                 $user = wp_get_current_user();
                 update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
                 add_filter('login_redirect', array(__CLASS__, 'profile_page_url'));
             }
         } else {
             wp_nonce_ays();
         }
     }
     if (empty($user)) {
         $user = $this->get_user_by_wpcom_id($user_data->ID);
     }
     // If we don't have one by wpcom_user_id, try by the email?
     if (empty($user) && self::match_by_email()) {
         $user = get_user_by('email', $user_data->email);
         if ($user) {
             update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
         }
     }
     // If we've still got nothing, create the user.
     if (empty($user) && (get_option('users_can_register') || self::new_user_override())) {
         $username = $user_data->login;
         if (username_exists($username)) {
             $username = $user_data->login . '_' . $user_data->ID;
         }
         $tries = 0;
         while (username_exists($username)) {
             $username = $user_data->login . '_' . $user_data->ID . '_' . mt_rand();
             if ($tries++ >= 5) {
                 wp_die(__("Error: Couldn't create suitable username.", 'jetpack'));
             }
         }
         $password = wp_generate_password(20);
         $user_id = wp_create_user($username, $password, $user_data->email);
         $user = get_userdata($user_id);
         $user->display_name = $user_data->display_name;
         $user->first_name = $user_data->first_name;
         $user->last_name = $user_data->last_name;
         $user->url = $user_data->url;
         $user->description = $user_data->description;
         wp_update_user($user);
         update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
     }
     do_action('jetpack_sso_handle_login', $user, $user_data);
     if ($user) {
         // Cache the user's details, so we can present it back to them on their user screen.
         update_user_meta($user->ID, 'wpcom_user_data', $user_data);
         wp_set_auth_cookie($user->ID);
         $_request_redirect_to = isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '';
         $redirect_to = user_can($user, 'edit_posts') ? admin_url() : self::profile_page_url();
         wp_safe_redirect(apply_filters('login_redirect', $redirect_to, $_request_redirect_to, $user));
         exit;
     }
     $this->user_data = $user_data;
     add_action('login_message', array($this, 'cant_find_user'));
 }
Esempio n. 11
0
 public function monitor_get_last_downtime()
 {
     Jetpack::load_xml_rpc_client();
     $xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
     $xml->query('jetpack.monitor.getLastDowntime');
     if ($xml->isError()) {
         return new WP_Error('monitor-downtime', $xml->getErrorMessage());
     }
     return $xml->getResponse();
 }
Esempio n. 12
0
 /**
  * Backend function to abstract the xmlrpc function calls to wpcom.
  *
  * @param $endpoint
  * @param $error_message
  */
 function __process_ajax_proxy_request($endpoint, $error_message)
 {
     if (!current_user_can('edit_posts')) {
         wp_send_json_error($error_message);
     }
     if (empty($_REQUEST['pbe_nonce']) || !wp_verify_nonce($_REQUEST['pbe_nonce'], $endpoint)) {
         wp_send_json_error($error_message);
     }
     Jetpack::load_xml_rpc_client();
     $xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
     $xml->query($endpoint);
     if ($xml->isError()) {
         wp_send_json_error($error_message);
     }
     $response = $xml->getResponse();
     if (empty($response)) {
         wp_send_json_error($error_message);
     }
     wp_send_json_success($response);
     // Will be used only in Jetpack_Core_Json_Api_Endpoints::get_remote_value.
     update_option('post_by_email_address', $response);
 }
Esempio n. 13
0
 function register_via_jetpack()
 {
     if (!class_exists('Jetpack')) {
         return false;
     }
     Jetpack::load_xml_rpc_client();
     $xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
     $xml->query('vaultpress.registerSite');
     if (!$xml->isError()) {
         return $xml->getResponse();
     }
     return new WP_Error($xml->getErrorCode(), $xml->getErrorMessage());
 }
 function options_save_tumblr()
 {
     // Nonce check
     check_admin_referer('save_tumblr_blog_' . $_REQUEST['connection']);
     $id = $_POST['connection'];
     $options = array('tumblr_base_hostname' => $_POST['selected_id']);
     Jetpack::load_xml_rpc_client();
     $xml = new Jetpack_IXR_Client();
     $xml->query('jetpack.setPublicizeOptions', $id, $options);
     if (!$xml->isError()) {
         $response = $xml->getResponse();
         Jetpack::update_option('publicize_connections', $response);
     }
     $this->globalization();
 }
 /**
  * Calls WPCOM through authenticated request to create, regenerate or delete the Post by Email address.
  * @todo: When all settings are updated to use endpoints, move this to the Post by Email module and replace __process_ajax_proxy_request.
  *
  * @since 4.1.0
  *
  * @param string $endpoint Process to call on WPCOM to create, regenerate or delete the Post by Email address.
  * @param string $error	   Error message to return.
  *
  * @return array
  */
 private static function _process_post_by_email($endpoint, $error)
 {
     if (!current_user_can('edit_posts')) {
         return array('message' => $error);
     }
     Jetpack::load_xml_rpc_client();
     $xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
     $xml->query($endpoint);
     if ($xml->isError()) {
         return array('message' => $error);
     }
     $response = $xml->getResponse();
     if (empty($response)) {
         return array('message' => $error);
     }
     // Used only in Jetpack_Core_Json_Api_Endpoints::get_remote_value.
     update_option('post_by_email_address', $response);
     return $response;
 }
Esempio n. 16
0
 function fetch_subscriber_count()
 {
     $subs_count = get_transient('wpcom_subscribers_total');
     if (FALSE === $subs_count || 'failed' == $subs_count['status']) {
         Jetpack::load_xml_rpc_client();
         $xml = new Jetpack_IXR_Client(array('user_id' => JETPACK_MASTER_USER));
         $xml->query('jetpack.fetchSubscriberCount');
         if ($xml->isError()) {
             // if we get an error from .com, set the status to failed so that we will try again next time the data is requested
             $subs_count = array('status' => 'failed', 'code' => $xml->getErrorCode(), 'message' => $xml->getErrorMessage(), 'value' => isset($subs_count['value']) ? $subs_count['value'] : 0);
         } else {
             $subs_count = array('status' => 'success', 'value' => $xml->getResponse());
         }
         set_transient('wpcom_subscribers_total', $subs_count, 3600);
         // try to cache the result for at least 1 hour
     }
     return $subs_count;
 }
Esempio n. 17
0
 function handle_login()
 {
     $wpcom_nonce = sanitize_key($_GET['sso_nonce']);
     $wpcom_user_id = (int) $_GET['user_id'];
     $result = sanitize_key($_GET['result']);
     Jetpack::load_xml_rpc_client();
     $xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
     $xml->query('jetpack.sso.validateResult', $wpcom_nonce, $wpcom_user_id);
     if ($xml->isError()) {
         wp_die(sprintf('%s: %s', $xml->getErrorCode(), $xml->getErrorMessage()));
     }
     $user_data = $xml->getResponse();
     if (empty($user_data)) {
         wp_die(__('Error, invalid response data.', 'jetpack'));
     }
     $user_data = (object) $user_data;
     $user = null;
     do_action('jetpack_sso_pre_handle_login', $user_data);
     // Check to see if having two step enable on wpcom is a requirement to login here
     $require_two_step = apply_filters('jetpack_sso_require_two_step', get_option('jetpack_sso_require_two_step'));
     if ($require_two_step && 0 == (int) $user_data->two_step_enabled) {
         $this->user_data = $user_data;
         do_action('wp_login_failed', $user_data->login);
         add_action('login_message', array($this, 'error_msg_enable_two_step'));
         return;
     }
     if (isset($_GET['state']) && 0 < strpos($_GET['state'], '|')) {
         list($state, $nonce) = explode('|', $_GET['state']);
         if (wp_verify_nonce($nonce, $state)) {
             if ('sso-link-user' == $state) {
                 $user = wp_get_current_user();
                 update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
                 add_filter('login_redirect', array(__CLASS__, 'profile_page_url'));
             }
         } else {
             wp_nonce_ays();
         }
     }
     if (empty($user)) {
         $user = $this->get_user_by_wpcom_id($user_data->ID);
     }
     // If we don't have one by wpcom_user_id, try by the email?
     if (empty($user) && self::match_by_email()) {
         $user = get_user_by('email', $user_data->email);
         if ($user) {
             update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
         }
     }
     // If we've still got nothing, create the user.
     if (empty($user) && (get_option('users_can_register') || self::new_user_override())) {
         // If not matching by email we still need to verify the email does not exist
         // or this blows up
         if (!self::match_by_email() && !get_user_by('email', $user_data->email)) {
             $username = $user_data->login;
             if (username_exists($username)) {
                 $username = $user_data->login . '_' . $user_data->ID;
             }
             $tries = 0;
             while (username_exists($username)) {
                 $username = $user_data->login . '_' . $user_data->ID . '_' . mt_rand();
                 if ($tries++ >= 5) {
                     wp_die(__("Error: Couldn't create suitable username.", 'jetpack'));
                 }
             }
             $password = wp_generate_password(20);
             $user_id = wp_create_user($username, $password, $user_data->email);
             $user = get_userdata($user_id);
             $user->display_name = $user_data->display_name;
             $user->first_name = $user_data->first_name;
             $user->last_name = $user_data->last_name;
             $user->url = $user_data->url;
             $user->description = $user_data->description;
             wp_update_user($user);
             update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
         }
     }
     do_action('jetpack_sso_handle_login', $user, $user_data);
     if ($user) {
         // Cache the user's details, so we can present it back to them on their user screen.
         update_user_meta($user->ID, 'wpcom_user_data', $user_data);
         // Set remember me value
         $remember = apply_filters('jetpack_remember_login', false);
         wp_set_auth_cookie($user->ID, $remember);
         // Run the WP core login action
         do_action('wp_login', $user->user_login, $user);
         $_request_redirect_to = isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '';
         $redirect_to = user_can($user, 'edit_posts') ? admin_url() : self::profile_page_url();
         // If we have a saved redirect to request in a cookie
         if (!empty($_COOKIE['jetpack_sso_redirect_to'])) {
             // Set that as the requested redirect to
             $redirect_to = $_request_redirect_to = esc_url_raw($_COOKIE['jetpack_sso_redirect_to']);
             // And then purge it
             setcookie('jetpack_sso_redirect_to', ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN);
         }
         wp_safe_redirect(apply_filters('login_redirect', $redirect_to, $_request_redirect_to, $user));
         exit;
     }
     $this->user_data = $user_data;
     do_action('wp_login_failed', $user_data->login);
     add_action('login_message', array($this, 'cant_find_user'));
 }
Esempio n. 18
0
 function delete_post_by_email_address()
 {
     Jetpack::load_xml_rpc_client();
     $xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
     $xml->query('jetpack.deletePostByEmailAddress');
     if ($xml->isError()) {
         echo json_encode(array('response' => 'error', 'message' => __('Unable to disable your Post By Email address. Please try again later.', 'jetpack')));
         die;
     }
     $response = $xml->getResponse();
     if (empty($response)) {
         echo json_encode(array('response' => 'error', 'message' => __('Unable to disable your Post By Email address. Please try again later.', 'jetpack')));
         die;
     }
     echo $response;
     die;
 }
Esempio n. 19
0
 public function deactivate_monitor()
 {
     Jetpack::load_xml_rpc_client();
     $xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
     $xml->query('jetpack.monitor.deactivate');
     if ($xml->isError()) {
         wp_die(sprintf('%s: %s', $xml->getErrorCode(), $xml->getErrorMessage()));
     }
     return true;
 }
Esempio n. 20
0
 /**
  * Pings the WordPress.com Mirror Site for the specified options.
  *
  * @param string|array $option_names The option names to request from the WordPress.com Mirror Site
  *
  * @return array An associative array of the option values as stored in the WordPress.com Mirror Site
  */
 public static function get_cloud_site_options($option_names)
 {
     $option_names = array_filter((array) $option_names, 'is_string');
     Jetpack::load_xml_rpc_client();
     $xml = new Jetpack_IXR_Client(array('user_id' => JETPACK_MASTER_USER));
     $xml->query('jetpack.fetchSiteOptions', $option_names);
     if ($xml->isError()) {
         return array_flip($option_names);
     }
     $cloud_site_options = $xml->getResponse();
     return $cloud_site_options;
 }
Esempio n. 21
0
 /**
  * The function that actually handles the login!
  */
 function handle_login()
 {
     $wpcom_nonce = sanitize_key($_GET['sso_nonce']);
     $wpcom_user_id = (int) $_GET['user_id'];
     Jetpack::load_xml_rpc_client();
     $xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
     $xml->query('jetpack.sso.validateResult', $wpcom_nonce, $wpcom_user_id);
     if ($xml->isError()) {
         $error_message = sanitize_text_field(sprintf('%s: %s', $xml->getErrorCode(), $xml->getErrorMessage()));
         JetpackTracking::record_user_event('sso_login_failed', array('error_message' => $error_message));
         wp_die($error_message);
     }
     $user_data = $xml->getResponse();
     if (empty($user_data)) {
         JetpackTracking::record_user_event('sso_login_failed', array('error_message' => 'invalid_response_data'));
         wp_die(__('Error, invalid response data.', 'jetpack'));
     }
     $user_data = (object) $user_data;
     $user = null;
     /**
      * Fires before Jetpack's SSO modifies the log in form.
      *
      * @module sso
      *
      * @since 2.6.0
      *
      * @param object $user_data WordPress.com User information.
      */
     do_action('jetpack_sso_pre_handle_login', $user_data);
     if (Jetpack_SSO_Helpers::is_two_step_required() && 0 === (int) $user_data->two_step_enabled) {
         $this->user_data = $user_data;
         JetpackTracking::record_user_event('sso_login_failed', array('error_message' => 'error_msg_enable_two_step'));
         /** This filter is documented in core/src/wp-includes/pluggable.php */
         do_action('wp_login_failed', $user_data->login);
         add_filter('login_message', array($this, 'error_msg_enable_two_step'));
         return;
     }
     $user_found_with = '';
     if (empty($user) && isset($user_data->external_user_id)) {
         $user_found_with = 'external_user_id';
         $user = get_user_by('id', intval($user_data->external_user_id));
         if ($user) {
             update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
         }
     }
     // If we don't have one by wpcom_user_id, try by the email?
     if (empty($user) && Jetpack_SSO_Helpers::match_by_email()) {
         $user_found_with = 'match_by_email';
         $user = get_user_by('email', $user_data->email);
         if ($user) {
             update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
         }
     }
     // If we've still got nothing, create the user.
     if (empty($user) && (get_option('users_can_register') || Jetpack_SSO_Helpers::new_user_override())) {
         // If not matching by email we still need to verify the email does not exist
         // or this blows up
         /**
          * If match_by_email is true, we know the email doesn't exist, as it would have
          * been found in the first pass.  If get_user_by( 'email' ) doesn't find the
          * user, then we know that email is unused, so it's safe to add.
          */
         if (Jetpack_SSO_Helpers::match_by_email() || !get_user_by('email', $user_data->email)) {
             $username = $user_data->login;
             if (username_exists($username)) {
                 $username = $user_data->login . '_' . $user_data->ID;
             }
             $tries = 0;
             while (username_exists($username)) {
                 $username = $user_data->login . '_' . $user_data->ID . '_' . mt_rand();
                 if ($tries++ >= 5) {
                     JetpackTracking::record_user_event('sso_login_failed', array('error_message' => 'could_not_create_username'));
                     wp_die(__("Error: Couldn't create suitable username.", 'jetpack'));
                 }
             }
             $user_found_with = Jetpack_SSO_Helpers::new_user_override() ? 'user_created_new_user_override' : 'user_created_users_can_register';
             $password = wp_generate_password(20);
             $user_id = wp_create_user($username, $password, $user_data->email);
             $user = get_userdata($user_id);
             $user->display_name = $user_data->display_name;
             $user->first_name = $user_data->first_name;
             $user->last_name = $user_data->last_name;
             $user->url = $user_data->url;
             $user->description = $user_data->description;
             wp_update_user($user);
             update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
         } else {
             JetpackTracking::record_user_event('sso_login_failed', array('error_message' => 'error_msg_email_already_exists'));
             $this->user_data = $user_data;
             add_action('login_message', array($this, 'error_msg_email_already_exists'));
             return;
         }
     }
     /**
      * Fires after we got login information from WordPress.com.
      *
      * @module sso
      *
      * @since 2.6.0
      *
      * @param array  $user      Local User information.
      * @param object $user_data WordPress.com User Login information.
      */
     do_action('jetpack_sso_handle_login', $user, $user_data);
     if ($user) {
         // Cache the user's details, so we can present it back to them on their user screen
         update_user_meta($user->ID, 'wpcom_user_data', $user_data);
         $remember = false;
         if (!empty($_COOKIE['jetpack_sso_remember_me'])) {
             $remember = true;
             // And then purge it
             setcookie('jetpack_sso_remember_me', ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN);
         }
         /**
          * Filter the remember me value.
          *
          * @module sso
          *
          * @since 2.8.0
          *
          * @param bool $remember Is the remember me option checked?
          */
         $remember = apply_filters('jetpack_remember_login', $remember);
         wp_set_auth_cookie($user->ID, $remember);
         /** This filter is documented in core/src/wp-includes/user.php */
         do_action('wp_login', $user->user_login, $user);
         wp_set_current_user($user->ID);
         $_request_redirect_to = isset($_REQUEST['redirect_to']) ? esc_url_raw($_REQUEST['redirect_to']) : '';
         $redirect_to = user_can($user, 'edit_posts') ? admin_url() : self::profile_page_url();
         // If we have a saved redirect to request in a cookie
         if (!empty($_COOKIE['jetpack_sso_redirect_to'])) {
             // Set that as the requested redirect to
             $redirect_to = $_request_redirect_to = esc_url_raw($_COOKIE['jetpack_sso_redirect_to']);
             // And then purge it
             setcookie('jetpack_sso_redirect_to', ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN);
         }
         $is_user_connected = Jetpack::is_user_connected($user->ID);
         JetpackTracking::record_user_event('sso_user_logged_in', array('user_found_with' => $user_found_with, 'user_connected' => (bool) $is_user_connected, 'user_role' => Jetpack::translate_current_user_to_role()));
         if (!$is_user_connected) {
             $calypso_env = !empty($_GET['calypso_env']) ? sanitize_key($_GET['calypso_env']) : '';
             wp_safe_redirect(add_query_arg(array('redirect_to' => $redirect_to, 'request_redirect_to' => $_request_redirect_to, 'calypso_env' => $calypso_env, 'jetpack-sso-auth-redirect' => '1'), admin_url()));
             exit;
         }
         wp_safe_redirect(apply_filters('login_redirect', $redirect_to, $_request_redirect_to, $user));
         exit;
     }
     add_filter('jetpack_sso_default_to_sso_login', '__return_false');
     JetpackTracking::record_user_event('sso_login_failed', array('error_message' => 'cant_find_user'));
     $this->user_data = $user_data;
     /** This filter is documented in core/src/wp-includes/pluggable.php */
     do_action('wp_login_failed', $user_data->login);
     add_filter('login_message', array($this, 'cant_find_user'));
 }
Esempio n. 22
0
 public function jetpack_disconnect()
 {
     if (empty($_GET['disconnect']) || 'gplus' != $_GET['disconnect']) {
         return;
     }
     global $current_user;
     // security check - did we actually want to disconnect?
     $nonce = $_GET['_wpnonce'];
     if (!wp_verify_nonce($nonce, 'disconnect-gplus')) {
         return;
     }
     $connections = get_option('gplus_authors', array());
     Jetpack::load_xml_rpc_client();
     $xml = new Jetpack_IXR_Client();
     $xml->query('jetpack.disconnectGooglePlus', $connections[$current_user->ID]['id']);
     if (!$xml->isError()) {
         unset($connections[$current_user->ID]);
         update_option('gplus_authors', $connections);
     } else {
         // @todo error
     }
 }
Esempio n. 23
0
 function subscribe_to_news()
 {
     $this->load_xml_rpc_client();
     $xml = new Jetpack_IXR_Client(array('user_id' => $GLOBALS['current_user']->ID));
     $xml->query('jetpack.subscribeToNews');
     if ($xml->isError()) {
         printf('%s: %s', $xml->getErrorCode(), $xml->getErrorMessage());
     } else {
         print_r($xml->getResponse());
     }
     exit;
 }