/**
* Plugin Name: JSON Basic Authentication
* Description: Basic Authentication handler for the JSON API, used for development and debugging purposes
* Author: WordPress API Team
* Author URI: https://github.com/WP-API
* Version: 0.1
* Plugin URI: https://github.com/WP-API/Basic-Auth
*/
function json_basic_auth_handler($user)
{
global $wp_json_basic_auth_error;
$wp_json_basic_auth_error = null;
// Don't authenticate twice
if (!empty($user)) {
return $user;
}
// Check that we're trying to authenticate
if (!isset($_SERVER['PHP_AUTH_USER'])) {
return $user;
}
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
/**
* In multi-site, wp_authenticate_spam_check filter is run on authentication. This filter calls
* get_currentuserinfo which in turn calls the determine_current_user filter. This leads to infinite
* recursion and a stack overflow unless the current function is removed from the determine_current_user
* filter during authentication.
*/
remove_filter('determine_current_user', 'json_basic_auth_handler', 20);
$user = wp_authenticate($username, $password);
add_filter('determine_current_user', 'json_basic_auth_handler', 20);
if (is_wp_error($user)) {
$wp_json_basic_auth_error = $user;
return null;
}
$wp_json_basic_auth_error = true;
return $user->ID;
}
public function generate_auth_cookie($args)
{
/**
* @var $nonce
* @var $username
* @var $password
*
*/
extract($args);
if (!wp_verify_nonce($nonce, 'auth_gmapp')) {
return array('error' => array('code' => 'nononce', 'message' => "Something goes wrong (nonce error)... try again."));
}
if (!$username) {
return array('error' => array('code' => 'nologin', 'message' => "You must include a 'username' var in your request."));
}
if (!$password) {
return array('error' => array('code' => 'nopassword', 'message' => "You must include a 'password' var in your request."));
}
$user = wp_authenticate($username, $password);
if (is_wp_error($user)) {
remove_action('wp_login_failed', $username);
return array('error' => array('code' => 'passerror', 'message' => "Invalid username and/or password."));
}
$expiration = time() + apply_filters('auth_cookie_expiration', 1209600, $user->ID, true);
$cookie = wp_generate_auth_cookie($user->ID, $expiration, 'logged_in');
preg_match('|src="(.+?)"|', get_avatar($user->ID, 32), $avatar);
if (!isset($avatar[1])) {
$avatar[1] = '';
}
return array("cookie" => $cookie, "user" => array("id" => $user->ID, "username" => $user->user_login, "nicename" => $user->user_nicename, "email" => $user->user_email, "url" => $user->user_url, "registered" => $user->user_registered, "displayname" => $user->display_name, "firstname" => $user->user_firstname, "lastname" => $user->last_name, "nickname" => $user->nickname, "description" => $user->user_description, "capabilities" => $user->wp_capabilities, "avatar" => $avatar[1]));
}
/**
* Plugin Name: JSON Basic Authentication
* Description: Basic Authentication handler for the JSON API, used for development and debugging purposes
* Author: WordPress API Team
* Author URI: https://github.com/WP-API
* Version: 0.1
* Plugin URI: https://github.com/WP-API/Basic-Auth
*/
function json_basic_auth_handler($request)
{
global $wp_json_basic_auth_error;
$wp_json_basic_auth_error = null;
// Check that we're trying to authenticate
if (!isset($_SERVER['PHP_AUTH_USER'])) {
return $request;
}
$username = $_SERVER['PHP_AUTH_USER'];
$is_email = strpos($username, '@');
if ($is_email) {
$ud = get_user_by_email($username);
$username = $ud->user_login;
}
$password = $_SERVER['PHP_AUTH_PW'];
$user = wp_authenticate($username, $password);
if ($user) {
wp_set_current_user($user->ID, $user->user_login);
wp_set_auth_cookie($user->ID);
do_action('wp_login', $user->user_login);
}
/**
* In multi-site, wp_authenticate_spam_check filter is run on authentication. This filter calls
* get_currentuserinfo which in turn calls the determine_current_user filter. This leads to infinite
* recursion and a stack overflow unless the current function is removed from the determine_current_user
* filter during authentication.
*/
if (is_wp_error($user)) {
$wp_json_basic_auth_error = $user;
return null;
}
$wp_json_basic_auth_error = true;
return null;
}
public function generate_auth_cookie()
{
global $json_api;
if (!$json_api->query->username) {
$json_api->error("You must include a 'username' var in your request.");
}
if (!$json_api->query->password) {
$json_api->error("You must include a 'password' var in your request.");
}
if ($json_api->query->seconds) {
$seconds = (int) $json_api->query->seconds;
} else {
$seconds = 1209600;
}
//14 days
$user = wp_authenticate($json_api->query->username, $json_api->query->password);
if (is_wp_error($user)) {
$json_api->error("Invalid username and/or password.", 'error', '401');
remove_action('wp_login_failed', $json_api->query->username);
}
$expiration = time() + apply_filters('auth_cookie_expiration', $seconds, $user->ID, true);
$cookie = wp_generate_auth_cookie($user->ID, $expiration, 'logged_in');
preg_match('|src="(.+?)"|', get_avatar($user->ID, 32), $avatar);
return array("cookie" => $cookie, "cookie_name" => LOGGED_IN_COOKIE, "user" => array("id" => $user->ID, "username" => $user->user_login, "nicename" => $user->user_nicename, "email" => $user->user_email, "url" => $user->user_url, "registered" => $user->user_registered, "displayname" => $user->display_name, "firstname" => $user->user_firstname, "lastname" => $user->last_name, "nickname" => $user->nickname, "description" => $user->user_description, "capabilities" => $user->wp_capabilities, "avatar" => $avatar[1]));
}
/**
* Handle login submissions. Authenticate using AuthService.
* @return
*/
public function authenticateAction()
{
$form = $this->getForm();
$urlRedirect = false;
$redirect = 'home';
$params = array();
$request = $this->getRequest();
if ($request->isPost()) {
$form->setData($request->getPost());
if ($form->isValid()) {
/* Handle Authentication */
$username = $request->getPost('Username');
$password = $request->getPost('Password');
$WP_User = wp_authenticate($username, $password);
if (is_wp_error($WP_User)) {
$redirect = 'login';
$this->flashmessenger()->addErrorMessage("Invalid User Credentials");
} else {
wp_set_auth_cookie($WP_User->ID);
$this->flashmessenger()->addSuccessMessage("Login Successful");
}
} else {
/* Form error messages */
foreach ($form->getMessages() as $message) {
$this->flashmessenger()->addErrorMessage(implode(",", $message));
}
}
}
return $this->redirect()->toRoute($redirect);
}
function user_pass_ok($user_login,$user_pass) {
$user = wp_authenticate($user_login, $user_pass);
if ( is_wp_error($user) )
return false;
return true;
}
function simple_http_authentication()
{
if (is_wp_error(wp_authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']))) {
header('WWW-Authenticate: Basic realm="' . wp_title('-', false) . '"');
header('HTTP/1.0 401 Unauthorized');
echo __('You need to authenticate with a registered user on WordPress.', 'simple-http-authentication');
exit;
}
}
protected function authenticate($username, $password)
{
$user = wp_authenticate($username, $password);
if (!$user || is_wp_error($user)) {
return null;
} else {
return $user->ID;
}
}
public function token()
{
if (!($grant_type = $this->http->get('grant_type'))) {
status_header(401);
wp_send_json_error('The grant type was not specified in the request');
}
$types = array('client_credentials', 'password');
if (in_array($grant_type, $types)) {
if (!($client_id = $this->http->get('client_id'))) {
status_header(401);
wp_send_json_error('Missing parameter: client_id');
}
if (!($client_secret = $this->http->get('client_secret'))) {
status_header(401);
wp_send_json_error('Missing parameter: client_secret');
}
if (in_array($grant_type, array('password'))) {
if (!($username = $this->http->get('username'))) {
status_header(401);
wp_send_json_error('Missing parameter: username');
}
if (!($password = $this->http->get('password'))) {
status_header(401);
wp_send_json_error('Missing parameter: password');
}
}
if (is_array($this->settings['username'])) {
foreach ($this->settings['username'] as $property) {
if ($user = get_user_by($property, $username)) {
break;
}
}
} else {
$user = get_user_by($this->settings['username'], $username);
}
$is_authenticated = wp_authenticate($user->user_login, $password);
if (!is_wp_error($is_authenticated)) {
$token = wp_generate_password(40, false, false);
$tokens = get_user_meta($user->ID, 'access_token', false);
if (count($tokens) >= 5) {
delete_user_meta($user->ID, 'access_token', reset($tokens));
}
add_user_meta($user->ID, 'access_token', $token);
status_header(200);
wp_send_json_success(array('access_token' => $token, 'expires_in' => 3600, 'token_type' => 'Bearer', 'scope' => 'basic', 'refresh_token' => null));
} else {
status_header(401);
wp_send_json_error($is_authenticated->get_error_message());
}
} else {
status_header(401);
wp_send_json_error('Unsupported grant type: ' . $grant_type);
}
}
function check_xmlrpc($username, $password)
{
if (!get_option('enable_xmlrpc')) {
return new IXR_Error(405, sprintf(__('XML-RPC services are disabled on this blog. An admin user can enable them at %s'), admin_url('options-writing.php')));
}
$user = wp_authenticate($username, $password);
if (is_wp_error($user)) {
return new IXR_Error(403, __('Bad login/pass combination.'));
}
return true;
}
/**
* @ticket 23494
*/
function test_password_trimming()
{
$another_user = $this->factory->user->create(array('user_login' => 'password-triming-tests'));
$passwords_to_test = array('a password with no trailing or leading spaces', 'a password with trailing spaces ', ' a password with leading spaces', ' a password with trailing and leading spaces ');
foreach ($passwords_to_test as $password_to_test) {
wp_set_password($password_to_test, $another_user);
$authed_user = wp_authenticate('password-triming-tests', $password_to_test);
$this->assertInstanceOf('WP_User', $authed_user);
$this->assertEquals($another_user, $authed_user->ID);
}
}
/**
* Login a user
* @param $username
* @param $password
* @return bool|WP_Error|WP_User
*/
function _login($username, $password, $blog_id = 1)
{
$retval = FALSE;
if (!is_a($user_obj = wp_authenticate($username, $password), 'WP_Error')) {
wp_set_current_user($user_obj->ID);
$retval = $user_obj;
if (is_multisite()) {
switch_to_blog($blog_id);
}
}
return $retval;
}
/**
* Plugin Name: JSON Basic Authentication
* Description: Basic Authentication handler for the JSON API, used for development and debugging purposes
* Author: WordPress API Team
* Author URI: https://github.com/WP-API
* Version: 0.1
* Plugin URI: https://github.com/WP-API/Basic-Auth
*/
function json_basic_auth_handler($user)
{
global $wp_json_basic_auth_error;
$wp_json_basic_auth_error = null;
// Don't authenticate twice
if (!empty($user)) {
return $user;
}
//account for issue where some servers remove the PHP auth headers
//so instead look for auth info in a custom environment variable set by rewrite rules
//probably in .htaccess
if (!isset($_SERVER['PHP_AUTH_USER'])) {
if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
$header = $_SERVER['HTTP_AUTHORIZATION'];
} elseif (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
$header = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
} else {
$header = null;
}
if (!empty($header)) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($header, 6)));
}
}
// Check that we're trying to authenticate
if (!isset($_SERVER['PHP_AUTH_USER'])) {
return $user;
}
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
/**
* In multi-site, wp_authenticate_spam_check filter is run on authentication. This filter calls
* get_currentuserinfo which in turn calls the determine_current_user filter. This leads to infinite
* recursion and a stack overflow unless the current function is removed from the determine_current_user
* filter during authentication.
*/
remove_filter('determine_current_user', 'json_basic_auth_handler', 20);
remove_filter('authenticate', 'wp_authenticate_spam_check', 99);
$user = wp_authenticate($username, $password);
add_filter('determine_current_user', 'json_basic_auth_handler', 20);
add_filter('authenticate', 'wp_authenticate_spam_check', 99);
if (is_wp_error($user)) {
$wp_json_basic_auth_error = $user;
return null;
}
$wp_json_basic_auth_error = true;
//if we found a user, remove regular cookie filters because
//they're just going to overwrite what we've found
if ($user->ID) {
remove_filter('determine_current_user', 'wp_validate_auth_cookie');
remove_filter('determine_current_user', 'wp_validate_logged_in_cookie', 20);
}
return $user->ID;
}
function test_ignore_password_change()
{
$this->make_user_by_role('author');
$new_pass = '******';
$new_data = array('password' => $new_pass);
$result = $this->myxmlrpcserver->wp_editProfile(array(1, 'author', 'author', $new_data));
$this->assertNotInstanceOf('IXR_Error', $result);
$this->assertTrue($result);
$auth_old = wp_authenticate('author', 'author');
$auth_new = wp_authenticate('author', $new_pass);
$this->assertInstanceOf('WP_User', $auth_old);
$this->assertWPError($auth_new);
}
/**
* Authenticate requests for SatisPress packages using HTTP Basic Authentication.
*
* @since 0.2.0
*/
public function authorize_package_request()
{
$user = is_user_logged_in() ? wp_get_current_user() : false;
if (!$user && isset($_SERVER['PHP_AUTH_USER'])) {
$user = wp_authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
}
$user = apply_filters('satispress_pre_basic_authentication', $user);
// Request credentials if the user isn't logged in yet.
if (!$user || is_wp_error($user)) {
header('WWW-Authenticate: Basic realm="SatisPress"');
header('HTTP/1.0 401 Unauthorized');
exit;
}
}
/**
* Log user in.
*
* @since 2.8
*
* @param string $username User's username.
* @param string $password User's password.
* @return mixed WP_User object if authentication passed, false otherwise
*/
function login($username, $password)
{
if (!get_option('enable_xmlrpc')) {
$this->error = new IXR_Error(405, sprintf(__('XML-RPC services are disabled on this blog. An admin user can enable them at %s'), admin_url('options-writing.php')));
return false;
}
$user = wp_authenticate($username, $password);
if (is_wp_error($user)) {
$this->error = new IXR_Error(403, __('Bad login/pass combination.'));
return false;
}
set_current_user($user->ID);
return $user;
}
function login_ajax_request()
{
$username = isset($_POST['username']) ? $_POST['username'] : null;
$password = isset($_POST['password']) ? $_POST['password'] : null;
$object = wp_authenticate($username, $password);
if (!$object instanceof WP_User) {
$json = json_encode(false);
} else {
wp_signon(array('user_login' => $username, 'user_password' => $password));
unset($object->data->user_pass);
$json = json_encode($object->data);
}
header("Content-type: application/json", true);
die($json);
}
function as_secure_cookie($secure_cookie, $credentials)
{
global $use_ssl;
if (empty($credentials) || $use_ssl === false) {
as_log("Credentials empty or use_ssl is false");
return $secure_cookie;
} elseif ($use_ssl) {
as_log("Verifying user and setting HTTP auth cookie");
$user = wp_authenticate($credentials['user_login'], $credentials['user_password']);
//
// set the non-secure cookies and let WP set the secure cookie
//
wp_set_auth_cookie($user->ID, $credentials['remember'], false);
return true;
}
}
public function process($ip, &$stats = array(), &$options = array(), &$post = array())
{
$sname = $this->getSname();
if (!class_exists('GoogleAuthenticator') && strpos($sname, 'wp-login.php') !== false && function_exists('wp_authenticate')) {
$log = $post['author'];
$pwd = $post['pwd'];
if (empty($log) || empty($pwd)) {
return false;
}
$user = @wp_authenticate($log, $pwd);
if (!is_wp_error($user)) {
// user login is good
return 'authenticated user login';
}
return false;
}
return false;
}
public function isValid(array $values)
{
$valid = parent::isValid($values);
if (!$valid) {
return false;
}
$credentials = $values;
$user = wp_authenticate($credentials['user_login'], $credentials['user_password']);
if (is_wp_error($user)) {
if ($user->get_error_codes() == array('empty_username', 'empty_password')) {
$user = new WP_Error('', '');
}
return $user;
}
wp_set_auth_cookie($user->ID, $credentials['remember'], $secure_cookie);
do_action('wp_login', $credentials['user_login']);
return $user;
}
/**
* Checks the user login information
*
* This webservice checks the sent user login information and can return either
* true/false or the user basic information to the calling application
*
* @package WiziappWordpressPlugin
* @subpackage AppWebServices
* @author comobix.com plugins@comobix.com
*
* @param boolean $only_validate a flag indicating if the function should return a full response or just true/false
* @return boolean|array if $only_validate the function will return true/false but if not,
* the websrvice will return the user information: (id, name, package, next_billing, direction)
* along with the usual information
*
* @todo Calculate the next billing date according to the membership plugin
* @todo Get this from the user/blog
*/
function wiziapp_check_login($only_validate = FALSE)
{
@header('Content-Type: application/json');
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
$deviceToken = $_REQUEST['device_token'];
$appToken = $_SERVER['HTTP_APPLICATION'];
$udid = $_SERVER['HTTP_UDID'];
// if the request doesn't contain all that we need - leave
if (!empty($username) && !empty($password) && !empty($appToken) && !empty($udid)) {
$user = wp_authenticate($username, $password);
if (is_wp_error($user)) {
$status = FALSE;
} else {
/*
* Notify the global admin of the CMS user id that is connected
* to the device token
*/
if (!empty($deviceToken)) {
$params = array('device_token' => $deviceToken);
$headers = array('udid' => $udid);
$response = wiziapp_http_request($params, '/push/user/' . $user->ID, $method = 'POST', $headers);
// Mark the user so we will know he has a device token
update_usermeta($user->ID, 'wiziapp_got_valid_mobile_token', $deviceToken);
}
$status = TRUE;
}
if ($only_validate) {
return $status ? $user : FALSE;
} else {
// id, name, package, next_billing
$result = array();
if ($status) {
$result = array("id" => $user->ID, "name" => $user->display_name, "package" => $user->user_level, "next_billing" => null, "direction" => "LTR");
}
$header = array('action' => 'login', 'status' => $status, 'code' => $status ? 200 : 4004, 'message' => $status ? '' : __('Incorrect username or password', 'wiziapp'));
echo json_encode(array_merge(array('header' => $header), $result));
exit;
}
} else {
$GLOBALS['WiziappLog']->write('error', "Something in the request was missing: !empty({$username}) && !empty({$deviceToken}) && !empty({$appToken}) && !empty({$udid})", "remote");
}
}
/**
* Authenticate user with remember capability.
*
* The credentials is an array that has 'user_login', 'user_password', and
* 'remember' indices. If the credentials is not given, then the log in form
* will be assumed and used if set.
*
* The various authentication cookies will be set by this function and will be
* set for a longer period depending on if the 'remember' credential is set to
* true.
*
* @since 2.5.0
*
* @param array $credentials Optional. User info in order to sign on.
* @param bool $secure_cookie Optional. Whether to use secure cookie.
* @return object Either WP_Error on failure, or WP_User on success.
*/
function wp_signon( $credentials = '', $secure_cookie = '' ) {
if ( empty($credentials) ) {
if ( ! empty($_POST['log']) )
$credentials['user_login'] = $_POST['log'];
if ( ! empty($_POST['pwd']) )
$credentials['user_password'] = $_POST['pwd'];
if ( ! empty($_POST['rememberme']) )
$credentials['remember'] = $_POST['rememberme'];
}
if ( !empty($credentials['remember']) )
$credentials['remember'] = true;
else
$credentials['remember'] = false;
// TODO do we deprecate the wp_authentication action?
do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password']));
if ( '' === $secure_cookie )
$secure_cookie = is_ssl();
$secure_cookie = apply_filters('secure_signon_cookie', $secure_cookie, $credentials);
global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie
$auth_secure_cookie = $secure_cookie;
add_filter('authenticate', 'wp_authenticate_cookie', 30, 3);
$user = wp_authenticate($credentials['user_login'], $credentials['user_password']);
if ( is_wp_error($user) ) {
if ( $user->get_error_codes() == array('empty_username', 'empty_password') ) {
$user = new WP_Error('', '');
}
return $user;
}
wp_set_auth_cookie($user->ID, $credentials['remember'], $secure_cookie);
do_action('wp_login', $user->user_login, $user);
return $user;
}
/**
* authenticate user against deprecated user_login if login fails and send a message with the new user_login
*
* @ince 0.0.1
* @access public
* @static
* @use_filter authenticate
* @return void
*/
public static function authenticate($user, $username, $password)
{
if (is_wp_error($user) && !empty($username) && !empty($password)) {
$deprecated_login = $username;
global $wpdb;
$sql = $wpdb->prepare("\n\t\t\t\tselect user_login from {$wpdb->users} where ID in (\n\t\t\t\t\tselect user_id from {$wpdb->usermeta} where\n\t\t\t\t\t\tmeta_key = 'deprecated_login'\n\t\t\t\t\t\tand meta_value = %s\n\t\t\t\t)\n\n\t\t\t", $deprecated_login);
$username = $wpdb->get_var($sql);
if (!empty($username)) {
$user = wp_authenticate($username, $password);
if (!is_wp_error($user)) {
//notify user about changed username
$message = "Hallo " . $deprecated_login . ",<br><br>" . "Diese Nachricht erhalten Sie, weil sie sich mit dem Benutzername '{$deprecated_login}' " . "im Netzwerk von rpi-virtuell/reliwerk angemeldet haben." . "<br>" . "Aus technischen Gründen (der Benutzername enthält Punkte, Sonderzeichen oder Leerzeichen) " . "musste dieser geändert werden und heißt nun '<b>" . $username . "</b>' " . "Bitte verwenden Sie zur Anmeldung nur noch den geänderten Benutzernamen.<br><br>" . "Vielen Dank für dein Verständnis! <br><br>" . "Dein Technik Team für <a href='http://about.rpi-virtuell.de'>rpi-virtuell</a>";
if ($user->user_email) {
$bool = wp_mail($user->user_email, '[rpi-virtuell.de login] Dein Benutzername wurde geändert.', $message);
}
}
}
}
return $user;
}
public function basic_auth()
{
nocache_headers();
if (is_user_logged_in()) {
return;
}
$usr = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : '';
$pwd = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : '';
if (empty($usr) && empty($pwd) && isset($_SERVER['HTTP_AUTHORIZATION']) && $_SERVER['HTTP_AUTHORIZATION']) {
list($type, $auth) = explode(' ', $_SERVER['HTTP_AUTHORIZATION']);
if (strtolower($type) === 'basic') {
list($usr, $pwd) = explode(':', base64_decode($auth));
}
}
if (!is_wp_error(wp_authenticate($usr, $pwd))) {
return;
}
header('WWW-Authenticate: Basic realm="Please Enter Your Password"');
header('HTTP/1.1 401 Unauthorized');
echo 'Authorization Required';
die;
}
public function Validate($username, $password)
{
Log::Debug('Attempting to authenticate user against WordPress. User=%s', $username);
$user = wp_authenticate($username, $password);
if (is_wp_error($user)) {
Log::Error('WordPress authentication error: %s', $user->get_error_message());
return false;
}
if ($user->exists()) {
Log::Debug('WordPress authentication successful. User=%s', $username);
$this->user = $user;
$this->password = $password;
return true;
} else {
Log::Debug('WordPress authentication failed. User=%s', $username);
if ($this->options->RetryAgainstDatabase()) {
Log::Debug('WordPress authentication retrying against database');
return $this->authToDecorate->Validate($username, $password);
}
}
return false;
}
/**
* Ausführung der XMLRPC-Anfrage
*
* @since 1.1.0
* @change 1.2.5
*
* @param array $args Array mit Parametern (Zugangsdaten)
* @return string String mit Ergebnissen
*/
public static function xmlrpc_callback($args)
{
/* Keine Zugangsdaten? */
if (empty($args[0]) or empty($args[1])) {
return '{"error": "Empty login data"}';
}
/* Nutzer einloggen */
$user = wp_authenticate($args[0], $args[1]);
/* Falsche Zugangsdaten */
if (!$user or is_wp_error($user)) {
return '{"error": "Incorrect login"}';
}
/* Berechtigung prüfen */
if (!user_can($user, 'edit_dashboard')) {
return '{"error": "User can check failed"}';
}
/* Leer? */
if (!($data = Statify_Dashboard::get_stats())) {
return '{"error": "No data"}';
}
return json_encode($data['visits']);
}
public function generate_auth_cookie()
{
global $json_api;
$nonce_id = $json_api->get_nonce_id('auth', 'generate_auth_cookie');
if (!wp_verify_nonce($json_api->query->nonce, $nonce_id)) {
$json_api->error("Your 'nonce' value was incorrect. Use the 'get_nonce' API method.");
}
if (!$json_api->query->username) {
$json_api->error("You must include a 'username' var in your request.");
}
if (!$json_api->query->password) {
$json_api->error("You must include a 'password' var in your request.");
}
$user = wp_authenticate($json_api->query->username, $json_api->query->password);
if (is_wp_error($user)) {
$json_api->error("Invalid username and/or password.", 'error', '401');
remove_action('wp_login_failed', $json_api->query->username);
}
$expiration = time() + apply_filters('auth_cookie_expiration', 1209600, $user->ID, true);
$cookie = wp_generate_auth_cookie($user->ID, $expiration, 'logged_in');
return array("cookie" => $cookie, "user" => array("id" => $user->ID, "username" => $user->user_login, "nicename" => $user->user_nicename, "email" => $user->user_email, "url" => $user->user_url, "registered" => $user->user_registered, "displayname" => $user->display_name, "firstname" => $user->user_firstname, "lastname" => $user->last_name, "nickname" => $user->nickname, "description" => $user->user_description, "capabilities" => $user->wp_capabilities));
}
public function authenticate()
{
nocache_headers();
if ($is_allowed = $this->isAllowed()) {
return true;
}
$username = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : '';
$password = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : '';
if (empty($username) && empty($password) && $this->http->header('Authorization')) {
list($type, $auth) = explode(' ', $this->http->header('Authorization'));
if (strtolower($type) === 'basic') {
list($username, $password) = explode(':', base64_decode($auth));
}
}
$user = get_user_by($this->settings['username'], $username);
$is_authenticated = wp_authenticate($user->user_login, $password);
if (!is_wp_error($is_authenticated)) {
return true;
}
header('WWW-Authenticate: Basic realm="Please Enter Your Password"');
wp_die('You need to enter a Username and a Password if you want to see this website.', 'Authorization Required', array('response' => 401));
}
/**
* Plugin Name: JSON Basic Authentication
* Description: Basic Authentication handler for the JSON API, used for development and debugging purposes
* Author: WordPress API Team
* Author URI: https://github.com/WP-API
* Version: 0.1
* Plugin URI: https://github.com/WP-API/Basic-Auth
*/
function json_basic_auth_handler($user)
{
global $wp_json_basic_auth_error;
$wp_json_basic_auth_error = null;
// Don't authenticate twice
if (!empty($user)) {
return $user;
}
/**
* Custom addition from https://github.com/WP-API/Basic-Auth/issues/21 to support MAMP-style local servers
* The following allows Basic Auth support when PHP is running as any form of CGI
* In order for this to work one needs to add : "SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1" to the .htaccess
*/
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));
}
// Check that we're trying to authenticate
if (!isset($_SERVER['PHP_AUTH_USER'])) {
return $user;
}
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
/**
* In multi-site, wp_authenticate_spam_check filter is run on authentication. This filter calls
* get_currentuserinfo which in turn calls the determine_current_user filter. This leads to infinite
* recursion and a stack overflow unless the current function is removed from the determine_current_user
* filter during authentication.
*/
remove_filter('determine_current_user', 'json_basic_auth_handler', 20);
$user = wp_authenticate($username, $password);
add_filter('determine_current_user', 'json_basic_auth_handler', 20);
if (is_wp_error($user)) {
$wp_json_basic_auth_error = $user;
return null;
}
$wp_json_basic_auth_error = true;
return $user->ID;
}
/**
* Sign the contract.
*
* @since 1.3
* @param
* @return
*/
function mdjm_sign_event_contract_action($data)
{
// Check the password is correct
$user = wp_get_current_user();
$password_confirmation = wp_authenticate($user->user_login, $data['mdjm_verify_password']);
$data['mdjm_accept_terms'] = !empty($data['mdjm_accept_terms']) ? $data['mdjm_accept_terms'] : false;
$data['mdjm_confirm_client'] = !empty($data['mdjm_confirm_client']) ? $data['mdjm_confirm_client'] : false;
if (is_wp_error($password_confirmation)) {
$message = 'password_error';
} elseif (!wp_verify_nonce($data['mdjm_nonce'], 'sign_contract')) {
$message = 'nonce_fail';
} else {
// Setup the signed contract details
$posted = array();
foreach ($data as $key => $value) {
if ($key != 'mdjm_nonce' && $key != 'mdjm_action' && $key != 'mdjm_redirect' && $key != 'mdjm_submit_sign_contract') {
// All fields are required
if (empty($value)) {
wp_redirect(add_query_arg(array('event_id' => $data['event_id'], 'mdjm_message' => 'contract_data_missing'), mdjm_get_formatted_url(mdjm_get_option('contracts_page'))));
die;
} elseif (is_string($value) || is_int($value)) {
$posted[$key] = strip_tags(addslashes($value));
} elseif (is_array($value)) {
$posted[$key] = array_map('absint', $value);
}
}
}
if (mdjm_sign_event_contract($data['event_id'], $posted)) {
$message = 'contract_signed';
} else {
$message = 'contract_not_signed';
}
}
wp_redirect(add_query_arg(array('event_id' => $data['event_id'], 'mdjm_message' => $message), mdjm_get_formatted_url(mdjm_get_option('contracts_page'))));
die;
}
