/** * Auto-login users on confirmation page, using a login token, or as a result of a social media login */ public function doAutoLogin($userId = "", $redirectUrl = "") { if (!is_user_logged_in()) { if (empty($userId) || empty($redirectUrl)) { $userId = 0; $crntUrl = MM_Utils::constructPageUrl(); $isConfirmationPage = MM_CorePageEngine::isConfirmationPageByUrl($crntUrl); if ($isConfirmationPage) { // validate transaction key $userId = 0; if (isset($_REQUEST[MM_Session::$KEY_TRANSACTION_KEY])) { $transRef = MM_TransactionKey::getTransactionByKey($_REQUEST[MM_Session::$KEY_TRANSACTION_KEY]); $userId = $transRef->isValid() ? $transRef->getUserId() : 0; $redirectUrl = MM_Utils::constructPageUrl(); } // invalid transaction key if ($userId == 0) { $url = MM_CorePageEngine::getUrl(MM_CorePageType::$ERROR, MM_Error::$ACCESS_DENIED); wp_redirect($url); exit; } } else { if (isset($_REQUEST[MM_Session::$PARAM_LOGIN_TOKEN])) { $loginToken = MM_LoginToken::getLoginTokenByToken($_REQUEST[MM_Session::$PARAM_LOGIN_TOKEN]); $userId = $loginToken->isValid() ? $loginToken->getUserId() : 0; $redirectUrl = preg_replace("/" . MM_Session::$PARAM_LOGIN_TOKEN . "=[^&]*/", "", MM_Utils::constructPageUrl()); } } } if ($userId > 0) { $user = new MM_User($userId); if ($user->isValid() && ($user->getStatus() == MM_Status::$ACTIVE || $user->getStatus() == MM_Status::$PENDING_CANCELLATION || $user->getStatus() == MM_Status::$PAUSED || $user->getStatus() == MM_Status::$OVERDUE)) { MM_ActivityLog::log($user, MM_ActivityLog::$EVENT_TYPE_LOGIN); wp_set_auth_cookie($userId, true, MM_Utils::isSSL()); wp_set_current_user($userId); wp_redirect($redirectUrl); exit; } } } }