//Tag the user with our meta so we can recognize them next time, without resorting to email hashes update_user_meta($user_login_id, $jfb_uid_meta_name, $fb_uid); $jfb_log .= "nxt: Updated usermeta ({$jfb_uid_meta_name})\n"; //Also store the user's facebook avatar(s), in case the user wants to use them later if ($fbuser['pic_square']) { update_user_meta($user_login_id, 'facebook_avatar_thumb', $fbuser['pic_square']); update_user_meta($user_login_id, 'facebook_avatar_full', $fbuser['pic_big']); $jfb_log .= "nxt: Updated avatars (" . $fbuser['pic_square'] . ")\n"; } else { update_user_meta($user_login_id, 'facebook_avatar_thumb', ''); update_user_meta($user_login_id, 'facebook_avatar_full', ''); $jfb_log .= "FB: User does not have a profile picture; clearing cached avatar (if present).\n"; } //Log them in $rememberme = apply_filters('nxtfb_rememberme', isset($_POST['rememberme']) && $_POST['rememberme']); nxt_set_auth_cookie($user_login_id, $rememberme); //Run a custom action. You can use this to modify a logging-in user however you like, //i.e. add them to a "Recent FB Visitors" log, assign a role if they're friends with you on Facebook, etc. do_action('nxtfb_login', array('nxt_ID' => $user_login_id, 'FB_ID' => $fb_uid, 'facebook' => $facebook)); do_action('nxt_login', $user_login_name); //Email logs if requested $jfb_log .= "Login complete (rememberme=" . ($rememberme ? "yes" : "no") . ")\n"; $jfb_log .= " nxt User : {$user_login_name} (" . admin_url("user-edit.php?user_id={$user_login_id}") . ")\n"; $jfb_log .= " FB User : "******" (" . $fbuser["profile_url"] . ")\n"; $jfb_log .= " Redirect: " . $redirectTo . "\n"; j_mail("FB Login: "******" -> " . get_bloginfo('name')); //Redirect the user back to where they were $delay_redirect = get_option($opt_jfb_delay_redir); if (!isset($delay_redirect) || !$delay_redirect) { header("Location: " . $redirectTo); exit;
function remote_login_js() { global $current_blog, $current_user, $nxtdb; if (0 == get_site_option('dm_remote_login')) { return false; } $nxtdb->dmtablelogins = $nxtdb->base_prefix . 'domain_mapping_logins'; $hash = get_dm_hash(); if (false == isset($_SERVER['HTTPS'])) { $_SERVER['HTTPS'] = 'Off'; } $protocol = 'on' == strtolower($_SERVER['HTTPS']) ? 'https://' : 'http://'; if ($_GET['dm'] == $hash) { if ($_GET['action'] == 'load') { if (!is_user_logged_in()) { exit; } $key = md5(time() . mt_rand()); $nxtdb->query($nxtdb->prepare("INSERT INTO {$nxtdb->dmtablelogins} ( `id`, `user_id`, `blog_id`, `t` ) VALUES( %s, %d, %d, NOW() )", $key, $current_user->ID, $_GET['blogid'])); $url = add_query_arg(array('action' => 'login', 'dm' => $hash, 'k' => $key, 't' => mt_rand()), $_GET['back']); echo "window.location = '{$url}'"; exit; } elseif ($_GET['action'] == 'login') { if ($details = $nxtdb->get_row($nxtdb->prepare("SELECT * FROM {$nxtdb->dmtablelogins} WHERE id = %s AND blog_id = %d", $_GET['k'], $nxtdb->blogid))) { if ($details->blog_id == $nxtdb->blogid) { $nxtdb->query($nxtdb->prepare("DELETE FROM {$nxtdb->dmtablelogins} WHERE id = %s", $_GET['k'])); $nxtdb->query($nxtdb->prepare("DELETE FROM {$nxtdb->dmtablelogins} WHERE t < %d", time() - 120)); // remote logins survive for only 2 minutes if not used. nxt_set_auth_cookie($details->user_id); nxt_redirect(remove_query_arg(array('dm', 'action', 'k', 't', $protocol . $current_blog->domain . $_SERVER['REQUEST_URI']))); exit; } else { nxt_die(__("Incorrect or out of date login key", 'nxtclass-mu-domain-mapping')); } } else { nxt_die(__("Unknown login key", 'nxtclass-mu-domain-mapping')); } } elseif ($_GET['action'] == 'logout') { if ($details = $nxtdb->get_row($nxtdb->prepare("SELECT * FROM {$nxtdb->dmtablelogins} WHERE id = %d AND blog_id = %d", $_GET['k'], $_GET['blogid']))) { $nxtdb->query($nxtdb->prepare("DELETE FROM {$nxtdb->dmtablelogins} WHERE id = %s", $_GET['k'])); $blog = get_blog_details($_GET['blogid']); nxt_clear_auth_cookie(); nxt_redirect(trailingslashit($blog->siteurl) . "nxt-login.php?loggedout=true"); exit; } else { nxt_die(__("Unknown logout key", 'nxtclass-mu-domain-mapping')); } } } }
/** * Login user with specified identity URL. This will find the NXTClass user account connected to this * OpenID and set it as the current user. Only call this function AFTER you've verified the identity URL. * * @param string $identity userID or OpenID to set as current user * @param boolean $remember should we set the "remember me" cookie * @return void */ function openid_set_current_user($identity, $remember = true) { if (is_numeric($identity)) { $user_id = $identity; } else { $user_id = get_user_by_openid($identity); } if (!$user_id) { return; } $user = set_current_user($user_id); nxt_set_auth_cookie($user->ID, $remember); do_action('nxt_login', $user->user_login); }
/** * Sets a cookie for a user who just logged in. This function is deprecated. * * @since 1.5 * @deprecated 2.5 * @deprecated Use nxt_set_auth_cookie() * @see nxt_set_auth_cookie() * * @param string $username The user's username * @param string $password Optional. The user's password * @param bool $already_md5 Optional. Whether the password has already been through MD5 * @param string $home Optional. Will be used instead of COOKIEPATH if set * @param string $siteurl Optional. Will be used instead of SITECOOKIEPATH if set * @param bool $remember Optional. Remember that the user is logged in */ function nxt_setcookie($username, $password = '', $already_md5 = false, $home = '', $siteurl = '', $remember = false) { _deprecated_function(__FUNCTION__, '2.5', 'nxt_set_auth_cookie()'); $user = get_user_by('login', $username); nxt_set_auth_cookie($user->ID, $remember); }
/** * Update an user in the database. * * It is possible to update a user's password by specifying the 'user_pass' * value in the $userdata parameter array. * * If $userdata does not contain an 'ID' key, then a new user will be created * and the new user's ID will be returned. * * If current user's password is being updated, then the cookies will be * cleared. * * @since 2.0.0 * @see nxt_insert_user() For what fields can be set in $userdata * @uses nxt_insert_user() Used to update existing user or add new one if user doesn't exist already * * @param array $userdata An array of user data. * @return int The updated user's ID. */ function nxt_update_user($userdata) { $ID = (int) $userdata['ID']; // First, get all of the original fields $user_obj = get_userdata($ID); $user = get_object_vars($user_obj->data); // Add additional custom fields foreach (_get_additional_user_keys($user_obj) as $key) { $user[$key] = get_user_meta($ID, $key, true); } // Escape data pulled from DB. $user = add_magic_quotes($user); // If password is changing, hash it now. if (!empty($userdata['user_pass'])) { $plaintext_pass = $userdata['user_pass']; $userdata['user_pass'] = nxt_hash_password($userdata['user_pass']); } nxt_cache_delete($user['user_email'], 'useremail'); // Merge old and new fields with new fields overwriting old ones. $userdata = array_merge($user, $userdata); $user_id = nxt_insert_user($userdata); // Update the cookies if the password changed. $current_user = nxt_get_current_user(); if ($current_user->ID == $ID) { if (isset($plaintext_pass)) { nxt_clear_auth_cookie(); nxt_set_auth_cookie($ID); } } return $user_id; }