/**
* Return whether or not the current logged in user is being remembered in the form of a persistent browser
* cookie (ie. they checked the 'Remember Me' check box when they logged in). This is used to persist the
* 'remember me' value when the user switches to another user.
*
* @return bool Whether the current user is being 'remembered' or not.
*/
function remember()
{
$current_user = wp_get_current_user();
$current = wp_parse_auth_cookie('', 'logged_in');
$cookie_life = apply_filters('auth_cookie_expiration', 172800, $current_user->ID, false);
return $current['expiration'] - time() > $cookie_life;
}
function wppb_autologin_after_password_changed()
{
if (isset($_POST['action']) && $_POST['action'] == 'edit_profile') {
if (isset($_POST['passw1']) && !empty($_POST['passw1']) && !empty($_POST['form_name'])) {
/* all the error checking filters are defined in each field file so we need them here */
if (file_exists(WPPB_PLUGIN_DIR . '/front-end/default-fields/default-fields.php')) {
require_once WPPB_PLUGIN_DIR . '/front-end/default-fields/default-fields.php';
}
if (file_exists(WPPB_PLUGIN_DIR . '/front-end/extra-fields/extra-fields.php')) {
require_once WPPB_PLUGIN_DIR . '/front-end/extra-fields/extra-fields.php';
}
/* we get the form_name through $_POST so we can apply correctly the filter so we generate the correct fields in the current form */
$form_fields = apply_filters('wppb_change_form_fields', get_option('wppb_manage_fields'), array('form_type' => 'edit_profile', 'form_fields' => array(), 'form_name' => $_POST['form_name'], 'role' => '', 'ID' => Profile_Builder_Form_Creator::wppb_get_form_id_from_form_name($_POST['form_name'], 'edit_profile')));
if (!empty($form_fields)) {
/* check for errors in the form through the filters */
$output_field_errors = array();
foreach ($form_fields as $field) {
$error_for_field = apply_filters('wppb_check_form_field_' . Wordpress_Creation_Kit_PB::wck_generate_slug($field['field']), '', $field, $_POST, 'edit_profile');
if (!empty($error_for_field)) {
$output_field_errors[$field['id']] = '<span class="wppb-form-error">' . $error_for_field . '</span>';
}
}
/* if we have no errors change the password */
if (empty($output_field_errors)) {
$user_id = get_current_user_id();
if (!is_multisite() && current_user_can('edit_users') || is_multisite() && current_user_can('manage_network')) {
if (isset($_GET['edit_user']) && !empty($_GET['edit_user'])) {
$user_id = $_GET['edit_user'];
}
}
if (!isset($_GET['edit_user'])) {
wp_clear_auth_cookie();
/* set the new password for the user */
wp_set_password($_POST['passw1'], $user_id);
// Here we calculate the expiration length of the current auth cookie and compare it to the default expiration.
// If it's greater than this, then we know the user checked 'Remember Me' when they logged in.
$logged_in_cookie = wp_parse_auth_cookie('', 'logged_in');
/** This filter is documented in wp-includes/pluggable.php */
$default_cookie_life = apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, false);
$remember = $logged_in_cookie['expiration'] - time() > $default_cookie_life;
wp_set_auth_cookie($user_id, $remember);
} else {
wp_set_password($_POST['passw1'], $user_id);
}
}
}
}
}
}
/**
* Return whether or not the current logged in user is being remembered in the form of a persistent browser cookie
* (ie. they checked the 'Remember Me' check box when they logged in). This is used to persist the 'remember me'
* value when the user switches to another user.
*
* @return bool Whether the current user is being 'remembered' or not.
*/
public static function remember()
{
$current = wp_parse_auth_cookie('', 'logged_in');
$cookie_life = apply_filters('auth_cookie_expiration', 172800, get_current_user_id(), false);
# Here we calculate the expiration length of the current auth cookie and compare it to the default expiration.
# If it's greater than this, then we know the user checked 'Remember Me' when they logged in.
return $current['expiration'] - time() > $cookie_life;
}
function wp_validate_auth_cookie($cookie = '', $scheme = 'auth')
{
//here starts the part that is new -- get cookie value from request, model taken from media.php
global $photoq;
if (is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) {
$_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
} elseif (empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) {
$_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie'];
}
//here ends the part that is new -- the rest is copy paste from pluggable.php
//this is for wordpress 2.7 or 2.7.1
if (get_bloginfo('version') === '2.7' || get_bloginfo('version') === '2.7.1') {
if (!($cookie_elements = wp_parse_auth_cookie($cookie, $scheme))) {
do_action('auth_cookie_malformed', $cookie, $scheme);
return false;
}
extract($cookie_elements, EXTR_OVERWRITE);
$expired = $expiration;
// Allow a grace period for POST and AJAX requests
if (defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD']) {
$expired += 3600;
}
// Quick check to see if an honest cookie has expired
if ($expired < time()) {
do_action('auth_cookie_expired', $cookie_elements);
return false;
}
$key = wp_hash($username . '|' . $expiration, $scheme);
$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
if ($hmac != $hash) {
do_action('auth_cookie_bad_hash', $cookie_elements);
return false;
}
$user = get_userdatabylogin($username);
if (!$user) {
do_action('auth_cookie_bad_username', $cookie_elements);
return false;
}
do_action('auth_cookie_valid', $cookie_elements, $user);
return $user->ID;
} else {
// this replaces the above in wp 2.8
if (!($cookie_elements = wp_parse_auth_cookie($cookie, $scheme))) {
do_action('auth_cookie_malformed', $cookie, $scheme);
return false;
}
extract($cookie_elements, EXTR_OVERWRITE);
$expired = $expiration;
// Allow a grace period for POST and AJAX requests
if (defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD']) {
$expired += 3600;
}
// Quick check to see if an honest cookie has expired
if ($expired < time()) {
do_action('auth_cookie_expired', $cookie_elements);
return false;
}
$user = get_userdatabylogin($username);
if (!$user) {
do_action('auth_cookie_bad_username', $cookie_elements);
return false;
}
$pass_frag = substr($user->user_pass, 8, 4);
$key = wp_hash($username . $pass_frag . '|' . $expiration, $scheme);
$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
if ($hmac != $hash) {
do_action('auth_cookie_bad_hash', $cookie_elements);
return false;
}
do_action('auth_cookie_valid', $cookie_elements, $user);
return $user->ID;
}
}
/**
* Returns the current user ID.
* This function can be called before the init action hook.
*
* Much of this logic is taken from wp-includes/pluggable.php
*
* @since 1.0.0
* @internal
* @return int|false
*/
public static function get_user_id()
{
static $User_id = false;
if ($User_id) {
// We already found the user-id, no need to do it again.
return $User_id;
}
if (defined('DOING_CRON') && DOING_CRON) {
// A cron request has no user credentials...
return 0;
}
$cookie = wp_parse_auth_cookie();
if (!$cookie) {
// Missing, expired or corrupt cookie.
return 0;
}
$scheme = $cookie['scheme'];
$username = $cookie['username'];
$hmac = $cookie['hmac'];
$token = $cookie['token'];
$expiration = $cookie['expiration'];
$user = get_user_by('login', $username);
if (!$user) {
// Invalid username.
return 0;
}
$pass_frag = substr($user->user_pass, 8, 4);
$key = wp_hash($username . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme);
$algo = function_exists('hash') ? 'sha256' : 'sha1';
$hash = hash_hmac($algo, $username . '|' . $expiration . '|' . $token, $key);
if (!hash_equals($hash, $hmac)) {
// Forged/expired cookie value.
return 0;
}
// Remember the user-ID so we don't have to validate everything again.
$User_id = $user->ID;
return $User_id;
}
/**
* Validates authentication cookie.
*
* The checks include making sure that the authentication cookie is set and
* pulling in the contents (if $cookie is not used).
*
* Makes sure the cookie is not expired. Verifies the hash in cookie is what is
* should be and compares the two.
*
* @since 2.5.0
*
* @param string $cookie Optional. If used, will validate contents instead of cookie's
* @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
* @return bool|int False if invalid cookie, User ID if valid.
*/
function wp_validate_auth_cookie($cookie = '', $scheme = '') {
if ( ! $cookie_elements = wp_parse_auth_cookie($cookie, $scheme) ) {
/**
* Fires if an authentication cookie is malformed.
*
* @since 2.7.0
*
* @param string $cookie Malformed auth cookie.
* @param string $scheme Authentication scheme. Values include 'auth', 'secure_auth',
* or 'logged_in'.
*/
do_action( 'auth_cookie_malformed', $cookie, $scheme );
return false;
}
extract($cookie_elements, EXTR_OVERWRITE);
$expired = $expiration;
// Allow a grace period for POST and AJAX requests
if ( defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD'] )
$expired += HOUR_IN_SECONDS;
// Quick check to see if an honest cookie has expired
if ( $expired < time() ) {
/**
* Fires once an authentication cookie has expired.
*
* @since 2.7.0
*
* @param array $cookie_elements An array of data for the authentication cookie.
*/
do_action( 'auth_cookie_expired', $cookie_elements );
return false;
}
$user = get_user_by('login', $username);
if ( ! $user ) {
/**
* Fires if a bad username is entered in the user authentication process.
*
* @since 2.7.0
*
* @param array $cookie_elements An array of data for the authentication cookie.
*/
do_action( 'auth_cookie_bad_username', $cookie_elements );
return false;
}
$pass_frag = substr($user->user_pass, 8, 4);
$key = wp_hash($username . $pass_frag . '|' . $expiration, $scheme);
$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
if ( ! hash_equals( $hash, $hmac ) ) {
/**
* Fires if a bad authentication cookie hash is encountered.
*
* @since 2.7.0
*
* @param array $cookie_elements An array of data for the authentication cookie.
*/
do_action( 'auth_cookie_bad_hash', $cookie_elements );
return false;
}
if ( $expiration < time() ) // AJAX/POST grace period set above
$GLOBALS['login_grace_period'] = 1;
/**
* Fires once an authentication cookie has been validated.
*
* @since 2.7.0
*
* @param array $cookie_elements An array of data for the authentication cookie.
* @param WP_User $user User object.
*/
do_action( 'auth_cookie_valid', $cookie_elements, $user );
return $user->ID;
}
function lls_update_session_last_activity()
{
if (!is_user_logged_in()) {
return;
}
// get the login cookie from browser
$logged_in_cookie = $_COOKIE[LOGGED_IN_COOKIE];
// check for valid auth cookie
if (!($cookie_element = wp_parse_auth_cookie($logged_in_cookie))) {
return;
}
// get the current session
$manager = WP_Session_Tokens::get_instance(get_current_user_id());
$current_session = $manager->get($cookie_element['token']);
if ($current_session['expiration'] <= time() || $current_session['last_activity'] + 5 * MINUTE_IN_SECONDS > time()) {
return;
}
$current_session['last_activity'] = time();
$manager->update($cookie_element['token'], $current_session);
}
/**
* Validates authentication cookie.
*
* The checks include making sure that the authentication cookie is set and
* pulling in the contents (if $cookie is not used).
*
* Makes sure the cookie is not expired. Verifies the hash in cookie is what is
* should be and compares the two.
*
* @since 2.5.0
*
* @param string $cookie Optional. If used, will validate contents instead of cookie's
* @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
* @return bool|int False if invalid cookie, User ID if valid.
*/
function wp_validate_auth_cookie($cookie = '', $scheme = '')
{
if (!($cookie_elements = wp_parse_auth_cookie($cookie, $scheme))) {
/**
* Fires if an authentication cookie is malformed.
*
* @since 2.7.0
*
* @param string $cookie Malformed auth cookie.
* @param string $scheme Authentication scheme. Values include 'auth', 'secure_auth',
* or 'logged_in'.
*/
do_action('auth_cookie_malformed', $cookie, $scheme);
return false;
}
$scheme = $cookie_elements['scheme'];
$username = $cookie_elements['username'];
$hmac = $cookie_elements['hmac'];
$token = $cookie_elements['token'];
$expired = $expiration = $cookie_elements['expiration'];
// Allow a grace period for POST and AJAX requests
if (defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD']) {
$expired += HOUR_IN_SECONDS;
}
// Quick check to see if an honest cookie has expired
if ($expired < time()) {
/**
* Fires once an authentication cookie has expired.
*
* @since 2.7.0
*
* @param array $cookie_elements An array of data for the authentication cookie.
*/
do_action('auth_cookie_expired', $cookie_elements);
return false;
}
$user = get_user_by('login', $username);
if (!$user) {
/**
* Fires if a bad username is entered in the user authentication process.
*
* @since 2.7.0
*
* @param array $cookie_elements An array of data for the authentication cookie.
*/
do_action('auth_cookie_bad_username', $cookie_elements);
return false;
}
$pass_frag = substr($user->user_pass, 8, 4);
$key = wp_hash($username . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme);
// If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
$algo = function_exists('hash') ? 'sha256' : 'sha1';
$hash = hash_hmac($algo, $username . '|' . $expiration . '|' . $token, $key);
if (!hash_equals($hash, $hmac)) {
/**
* Fires if a bad authentication cookie hash is encountered.
*
* @since 2.7.0
*
* @param array $cookie_elements An array of data for the authentication cookie.
*/
do_action('auth_cookie_bad_hash', $cookie_elements);
return false;
}
$manager = WP_Session_Tokens::get_instance($user->ID);
if (!$manager->verify($token)) {
do_action('auth_cookie_bad_session_token', $cookie_elements);
return false;
}
// AJAX/POST grace period set above
if ($expiration < time()) {
$GLOBALS['login_grace_period'] = 1;
}
/**
* Fires once an authentication cookie has been validated.
*
* @since 2.7.0
*
* @param array $cookie_elements An array of data for the authentication cookie.
* @param WP_User $user User object.
*/
do_action('auth_cookie_valid', $cookie_elements, $user);
return $user->ID;
}
/**
* Validates authentication cookie.
*
* The checks include making sure that the authentication cookie is set and
* pulling in the contents (if $cookie is not used).
*
* Makes sure the cookie is not expired. Verifies the hash in cookie is what is
* should be and compares the two.
*
* @since 2.5
*
* @param string $cookie Optional. If used, will validate contents instead of cookie's
* @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
* @return bool|int False if invalid cookie, User ID if valid.
*/
function wp_validate_auth_cookie($cookie = '', $scheme = '')
{
if (!($cookie_elements = wp_parse_auth_cookie($cookie, $scheme))) {
do_action('auth_cookie_malformed', $cookie, $scheme);
return false;
}
extract($cookie_elements, EXTR_OVERWRITE);
$expired = $expiration;
// Allow a grace period for POST and AJAX requests
if (defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD']) {
$expired += HOUR_IN_SECONDS;
}
// Quick check to see if an honest cookie has expired
if ($expired < time()) {
do_action('auth_cookie_expired', $cookie_elements);
return false;
}
$user = get_user_by('login', $username);
if (!$user) {
do_action('auth_cookie_bad_username', $cookie_elements);
return false;
}
$pass_frag = substr($user->user_pass, 8, 4);
$key = wp_hash($username . $pass_frag . '|' . $expiration, $scheme);
$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
if (!hash_equals($hash, $hmac)) {
do_action('auth_cookie_bad_hash', $cookie_elements);
return false;
}
if ($expiration < time()) {
// AJAX/POST grace period set above
$GLOBALS['login_grace_period'] = 1;
}
do_action('auth_cookie_valid', $cookie_elements, $user);
return $user->ID;
}
private static function _isUserRemembered($user)
{
$logged_in_cookie = wp_parse_auth_cookie('', 'logged_in');
$default_cookie_life = apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, RublonHelper::getUserId($user), false);
$remember = $logged_in_cookie['expiration'] - time() > $default_cookie_life;
return $remember;
}
/** 4.0 and higher version - NOTE: I need a better way to do this.
* Sets the authentication cookies based on user ID.
*
* The $remember parameter increases the time that the cookie will be kept. The
* default the cookie is kept without remembering is two days. When $remember is
* set, the cookies will be kept for 14 days or two weeks.
*
* @since 2.5.0
*
* @param int $user_id User ID
* @param bool $remember Whether to remember the user
* @param mixed $secure Whether the admin cookies should only be sent over HTTPS.
* Default is_ssl().
*/
function wp_set_auth_cookie($user_id, $remember = false, $secure = '')
{
if ($remember) {
/**
* Filter the duration of the authentication cookie expiration period.
*
* @since 2.8.0
*
* @param int $length Duration of the expiration period in seconds.
* @param int $user_id User ID.
* @param bool $remember Whether to remember the user login. Default false.
*/
$expiration = time() + apply_filters('auth_cookie_expiration', 14 * DAY_IN_SECONDS, $user_id, $remember);
/*
* Ensure the browser will continue to send the cookie after the expiration time is reached.
* Needed for the login grace period in wp_validate_auth_cookie().
*/
$expire = $expiration + 12 * HOUR_IN_SECONDS;
} else {
/** This filter is documented in wp-includes/pluggable.php */
$expiration = time() + apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember);
$expire = 0;
}
$expire = apply_filters('auth_cookie_expire_time', $expire, $user_id, $remember, $expiration);
if ('' === $secure) {
$secure = is_ssl();
}
// Frontend cookie is secure when the auth cookie is secure and the site's home URL is forced HTTPS.
$secure_logged_in_cookie = $secure && 'https' === parse_url(get_option('home'), PHP_URL_SCHEME);
/**
* Filter whether the connection is secure.
*
* @since 3.1.0
*
* @param bool $secure Whether the connection is secure.
* @param int $user_id User ID.
*/
$secure = apply_filters('secure_auth_cookie', $secure, $user_id);
/**
* Filter whether to use a secure cookie when logged-in.
*
* @since 3.1.0
*
* @param bool $secure_logged_in_cookie Whether to use a secure cookie when logged-in.
* @param int $user_id User ID.
* @param bool $secure Whether the connection is secure.
*/
$secure_logged_in_cookie = apply_filters('secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure);
if ($secure) {
$auth_cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
$manager = WP_Session_Tokens::get_instance($user_id);
$current_cookie = wp_parse_auth_cookie('', 'logged_in');
if (!$current_cookie || !isset($current_cookie['token'])) {
$token = $manager->create($expiration);
} else {
$token = $current_cookie['token'];
$sess = $manager->get($token);
$sess['expiration'] = $expiration;
$manager->update($token, $sess);
}
$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme, $token);
$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in', $token);
/**
* Fires immediately before the authentication cookie is set.
*
* @since 2.5.0
*
* @param string $auth_cookie Authentication cookie.
* @param int $expire Login grace period in seconds. Default 43,200 seconds, or 12 hours.
* @param int $expiration Duration in seconds the authentication cookie should be valid.
* Default 1,209,600 seconds, or 14 days.
* @param int $user_id User ID.
* @param string $scheme Authentication scheme. Values include 'auth', 'secure_auth', or 'logged_in'.
*/
do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
/**
* Fires immediately before the secure authentication cookie is set.
*
* @since 2.6.0
*
* @param string $logged_in_cookie The logged-in cookie.
* @param int $expire Login grace period in seconds. Default 43,200 seconds, or 12 hours.
* @param int $expiration Duration in seconds the authentication cookie should be valid.
* Default 1,209,600 seconds, or 14 days.
* @param int $user_id User ID.
* @param string $scheme Authentication scheme. Default 'logged_in'.
*/
do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
if (COOKIEPATH != SITECOOKIEPATH) {
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
}
}
/**
* Calculates the user ID and Session Token to be used when calculating the Cache Key
* @return string
*/
function get_user_session()
{
if (!is_user_logged_in()) {
return '';
}
/**
* @see wp_get_session_token()
*/
$cookie = wp_parse_auth_cookie('', 'logged_in');
$token = !empty($cookie['token']) ? $cookie['token'] : '';
return get_current_user_id() . '_' . $token;
}
function wp_validate_auth_cookie($cookie = '', $scheme = '')
{
if (OPENSSO_ENABLED) {
// Quick hack to get round the fact that '+' often gets decoded to ' '
$ssotoken = str_replace(' ', '+', $_COOKIE[OPENSSO_COOKIE_NAME]);
// Is there an SSO token?
if (empty($ssotoken)) {
return false;
}
// Is the token valid?
switch (opensso_is_token_valid($ssotoken)) {
case 0:
// Session expired
return false;
case -1:
// Error validating token
do_action('auth_cookie_malformed', $cookie, $scheme);
return false;
}
$username = opensso_get_name($ssotoken);
} else {
if (!($cookie_elements = wp_parse_auth_cookie($cookie, $scheme))) {
do_action('auth_cookie_malformed', $cookie, $scheme);
return false;
}
extract($cookie_elements, EXTR_OVERWRITE);
$expired = $expiration;
// Allow a grace period for POST and AJAX requests
if (defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD']) {
$expired += 3600;
}
// Quick check to see if an honest cookie has expired
if ($expired < time()) {
do_action('auth_cookie_expired', $cookie_elements);
return false;
}
}
$user = get_userdatabylogin($username);
if (!$user) {
do_action('auth_cookie_bad_username', $cookie_elements);
return false;
}
if (!OPENSSO_ENABLED) {
$pass_frag = substr($user->user_pass, 8, 4);
$key = wp_hash($username . $pass_frag . '|' . $expiration, $scheme);
$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
if ($hmac != $hash) {
do_action('auth_cookie_bad_hash', $cookie_elements);
return false;
}
}
do_action('auth_cookie_valid', $cookie_elements, $user);
return $user->ID;
}
/**
* Return whether or not the current logged in user is being remembered in the form of a persistent browser cookie
* (ie. they checked the 'Remember Me' check box when they logged in). This is used to persist the 'remember me'
* value when the user switches to another user.
*
* @return bool Whether the current user is being 'remembered' or not.
*/
public static function remember()
{
/**
* Filter the duration of the authentication cookie expiration period.
*
* This matches the WordPress core filter in `wp_set_auth_cookie()`.
*
* @since 0.2.2
*
* @param int $length Duration of the expiration period in seconds.
* @param int $user_id User ID.
* @param bool $remember Whether to remember the user login. Default false.
*/
$cookie_life = apply_filters('auth_cookie_expiration', 172800, get_current_user_id(), false);
$current = wp_parse_auth_cookie('', 'logged_in');
# Here we calculate the expiration length of the current auth cookie and compare it to the default expiration.
# If it's greater than this, then we know the user checked 'Remember Me' when they logged in.
return $current['expiration'] - time() > $cookie_life;
}
}
}
if (empty($_COOKIE[$cookie_name])) {
return false;
}
$cookie = $_COOKIE[$cookie_name];
}
$cookie_elements = explode('|', $cookie);
if (count($cookie_elements) != 3) {
return false;
}
list($username, $expiration, $hmac) = $cookie_elements;
return compact('username', 'expiration', 'hmac', 'scheme');
}
}
if ($cookie_elements = wp_parse_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in')) {
extract($cookie_elements, EXTR_OVERWRITE);
$expired = $expiration;
// Allow a grace period for POST and AJAX requests
if (defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD']) {
$expired += HOUR_IN_SECONDS;
}
// Quick check to see if an honest cookie has expired
if ($expired >= time()) {
$CI_USER = get_user_by('login', $username);
}
}
$ci_path = get_option('wp_igniter_ci_path');
$cwd = getcwd();
$errmsg = '';
// always force CodeIgniter to load it's default controller,
/**
* Validates authentication cookie.
*
* The checks include making sure that the authentication cookie is set and
* pulling in the contents (if $cookie is not used).
*
* Makes sure the cookie is not expired. Verifies the hash in cookie is what is
* should be and compares the two.
*
* @since 2.5
*
* @param string $cookie Optional. If used, will validate contents instead of cookie's
* @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
* @return bool|int False if invalid cookie, User ID if valid.
*/
function wp_validate_auth_cookie($cookie = '', $scheme = '')
{
if (!($cookie_elements = wp_parse_auth_cookie($cookie, $scheme))) {
do_action('auth_cookie_malformed', $cookie, $scheme);
return false;
}
extract($cookie_elements, EXTR_OVERWRITE);
$expired = $expiration;
// Allow a grace period for POST and AJAX requests
if (defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD']) {
$expired += 3600;
}
// Quick check to see if an honest cookie has expired
if ($expired < time()) {
do_action('auth_cookie_expired', $cookie_elements);
return false;
}
$key = wp_hash($username . '|' . $expiration, $scheme);
$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
if ($hmac != $hash) {
do_action('auth_cookie_bad_hash', $cookie_elements);
return false;
}
$user = get_userdatabylogin($username);
if (!$user) {
do_action('auth_cookie_bad_username', $cookie_elements);
return false;
}
do_action('auth_cookie_valid', $cookie_elements, $user);
return $user->ID;
}
/**
* Run the plugin!
* Check current user, load nessesary data and register all used hooks
*
* @since 0.1
* @access private
* @return void
*/
private function run()
{
// Not needed, the delete_user actions already remove all metadata
//add_action( 'remove_user_from_blog', array( $this->store, 'delete_user_meta' ) );
//add_action( 'wpmu_delete_user', array( $this->store, 'delete_user_meta' ) );
//add_action( 'wp_delete_user', array( $this->store, 'delete_user_meta' ) );
if (is_user_logged_in()) {
$this->store->set_nonce('view-admin-as');
// Get the current user
$this->store->set_curUser(wp_get_current_user());
// Get the current user session
if (function_exists('wp_get_session_token')) {
// WP 4.0+
$this->store->set_curUserSession((string) wp_get_session_token());
} else {
$cookie = wp_parse_auth_cookie('', 'logged_in');
if (!empty($cookie['token'])) {
$this->store->set_curUserSession((string) $cookie['token']);
} else {
// Fallback. This disables the use of multiple views in different sessions
$this->store->set_curUserSession($this->store->get_curUser()->ID);
}
}
/**
* Validate if the current user has access to the functionalities
*
* @since 0.1 Check if the current user had administrator rights (is_super_admin)
* Disable plugin functions for nedwork admin pages
* @since 1.4 Make sure we have a session for the current user
* @since 1.5.1 If a user has the correct capability (view_admin_as + edit_users) this plugin is also enabled, use with care
* Note that in network installations the non-admin user also needs the manage_network_users capability (of not the edit_users will return false)
* @since 1.5.3 Enable on network pages for superior admins
*/
if ((is_super_admin($this->store->get_curUser()->ID) || current_user_can('view_admin_as') && current_user_can('edit_users')) && (!is_network_admin() || VAA_API::is_superior_admin($this->store->get_curUser()->ID)) && $this->store->get_curUserSession() != '') {
$this->enable = true;
}
// Get database settings
$this->store->set_optionData(get_option($this->store->get_optionKey()));
// Get database settings of the current user
$this->store->set_userMeta(get_user_meta($this->store->get_curUser()->ID, $this->store->get_userMetaKey(), true));
$this->load_modules();
// Check if a database update is needed
VAA_View_Admin_As_Update::get_instance($this)->maybe_db_update();
if ($this->is_enabled()) {
// Fix some compatibility issues, more to come!
VAA_View_Admin_As_Compat::get_instance($this)->init();
$this->store->store_caps();
$this->store->store_roles();
$this->store->store_users();
$this->view->init();
$this->load_ui();
// Dúh..
add_action('admin_enqueue_scripts', array($this, 'enqueue_scripts'));
add_action('wp_enqueue_scripts', array($this, 'enqueue_scripts'));
add_filter('wp_die_handler', array($this, 'die_handler'));
/**
* Init is finished. Hook is used for other classes related to View Admin As
* @since 1.5
* @param object $this VAA_View_Admin_As
*/
do_action('vaa_view_admin_as_init', $this);
} else {
// Extra security check for non-admins who did something naughty or we're demoted to a lesser role
// If they have settings etc. we'll keep them in case they get promoted again
add_action('wp_login', array($this, 'reset_all_views'), 10, 2);
}
}
}
public function user_lang_by_authcookie()
{
$username = '';
if (function_exists('wp_parse_auth_cookie')) {
$cookie_data = wp_parse_auth_cookie();
$username = isset($cookie_data['username']) ? $cookie_data['username'] : null;
}
$user_obj = new WP_User(null, $username);
$user_id = isset($user_obj->ID) ? $user_obj->ID : 0;
$user_lang = $this->get_user_admin_language($user_id);
$user_lang = $user_lang ? $user_lang : $this->get_current_language();
return $user_lang;
}
*/
// Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
// We then have to validate the cookie manually. NOTE: WordPress functions, like
// get_current_user_id() and the like are NOT available in this file.
if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
$_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
elseif ( empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
$_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie'];
if ( empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie']) )
$_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie'];
header('Content-Type: text/plain; charset=' . get_option('blog_charset'));
if (wp_validate_auth_cookie()) {
$results = wp_parse_auth_cookie();
$logged_in = FALSE;
if (isset($results['username']) && isset($results['expiration'])) {
if (time() < floatval($results['expiration'])) {
if (($userdata = get_userdatabylogin($results['username'])))
$logged_in = $userdata->ID;
}
}
if (!$logged_in) die("Login failure. -1");
else if (!user_can($logged_in, 'NextGEN Upload images')) {
die('You do not have permission to upload files. -2');
}
}
//check for nggallery
/**
* Retrieve the current session token from the logged_in cookie.
*
* @since 4.0.0
*
* @return string Token.
*/
function wp_get_session_token()
{
$cookie = wp_parse_auth_cookie('', 'logged_in');
return !empty($cookie['token']) ? $cookie['token'] : '';
}
/**
* custom user login form, output by [user_register] shortcode
*
* @param bool $use_default_links
* @param string $html
*/
function mgm_user_login_form($use_default_links = true)
{
//fb logins i.e. facebook connect errors
global $fb_errors;
// hide from logged in user
if (is_user_logged_in()) {
// not logout call to self
if (mgm_get_var('action', '', true) != 'logout') {
return __('You are already logged in!', 'mgm');
}
}
// check auto login
if ($html = mgm_try_auto_login()) {
return $html;
}
// init errors
$fb_errors = $errors = null;
// system
$system_obj = mgm_get_class('system');
// process hooked logins i.e. facebook connect
do_action('mgm_user_login_pre_process');
// check security before processing form
if (isset($_POST['log'])) {
if (!wp_verify_nonce(mgm_post_var('_mgmnonce_user_login'), 'user_login')) {
mgm_security_error('user_login');
}
}
// issue #1203
if (empty($fb_errors)) {
$errors = mgm_process_user_login();
} else {
$errors = $fb_errors;
}
// action
$form_action = mgm_get_custom_url('login');
// init
$user_login = $user_pwd = $html = '';
//check logged in cookie:
$rememberme = !empty($_POST['rememberme']);
$interim_login = isset($_REQUEST['interim-login']);
// login
if (isset($_POST['log'])) {
$user_login = esc_attr(stripslashes($_POST['log']));
// issue# 525
} elseif ($cookie_userid = wp_validate_auth_cookie('', 'logged_in')) {
//check a valid logged cookie exists
// cookie
$arr_loggedin_cookie = wp_parse_auth_cookie('', 'logged_in');
// get mgm_member
$member = mgm_get_member($cookie_userid);
// mark checked
$rememberme = true;
// get login from cookie
$user_login = esc_attr(stripslashes($arr_loggedin_cookie['username']));
// password from member object
// issue#: 672
$user_pwd = mgm_decrypt_password($member->user_password, $cookie_userid);
}
// redirect
$redirect_to = isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '';
// start html
$html = '';
// set error !
if (isset($errors) && is_object($errors)) {
// get error
if ($error_html = mgm_set_errors($errors, true)) {
$html .= $error_html;
}
}
// check
if (bool_from_yn($system_obj->get_setting('enable_email_as_username'))) {
$email_username_label = __('Email', 'mgm');
} else {
$email_username_label = __('Username', 'mgm');
}
// start form
$html .= '<form class="mgm_form" name="loginform" id="loginform" action="' . $form_action . '" method="post">
<div>
<label>' . $email_username_label . '<br />
<input type="text" name="log" id="user_login" class="input" value="' . esc_attr($user_login) . '" size="40" tabindex="10" /></label>
</div>
<div>
<label>' . __('Password', 'mgm') . '<br />
<input type="password" name="pwd" id="user_pass" class="input" value="' . esc_attr($user_pwd) . '" size="40" tabindex="20" /></label>
</div>';
//Issue #782
$html .= mgm_get_captcha_field('mgm_login_field');
// login form, fetch as return
// do_action('login_form');
// custom
$html .= apply_filters('mgm_login_form', $html);
// forget
$html .= '<div class="forgetmenot">
<label>
<input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90" ' . checked($rememberme, true, false) . ' /> ' . __('Remember Me', 'mgm') . '
</label>
</div>';
// buttons
$buttons = array(sprintf('<input class="button mgm-login-button" type="submit" name="wp-submit" id="wp-submit" value="%s" tabindex="100" />', __('Log In', 'mgm')));
// apply filters
$buttons_s = implode(apply_filters('mgm_login_form_buttons_sep', ' '), apply_filters('mgm_login_form_buttons', $buttons));
// append
$html .= sprintf('<div class="login-page-buttons">%s</div>', $buttons_s);
if ($system_obj->get_setting('disable_testcookie') == 'N') {
// hiddens
$html .= '<input type="hidden" name="testcookie" value="1" /> ';
}
// intrim
if ($interim_login) {
$html .= '<input type="hidden" name="interim-login" value="1" />';
} else {
$html .= '<input type="hidden" name="redirect_to" value="' . esc_attr($redirect_to) . '" />';
}
// nonce
$html .= wp_nonce_field('user_login', '_mgmnonce_user_login', true, false);
// end form
$html .= '</form>';
// after links
$links = array();
// interim_login
if (!$interim_login) {
// check mail will not have any
if (!isset($_GET['checkemail']) || isset($_GET['checkemail']) && !in_array($_GET['checkemail'], array('confirm', 'newpass'))) {
// register
if (get_option('users_can_register')) {
$links[] = sprintf('<a class="mgm-register-link" href="%s">%s</a>', mgm_get_custom_url('register'), __('Register', 'mgm'));
}
// lostpassword
$links[] = sprintf('<a class="mgm-lostpassword-link" href="%s" title="%s">%s</a>', mgm_get_custom_url('lostpassword'), __('Password Lost and Found', 'mgm'), __('Lost your password?', 'mgm'));
}
}
// apply filters
$links_s = implode(apply_filters('mgm_login_form_after_links_sep', ' | '), apply_filters('mgm_login_form_after_links', $links));
// appaend
$html .= sprintf('<div class="login-page-links">%s</div>', $links_s);
// scripts & styles --------------------
// focus
$focus = $user_login || $interim_login ? 'user_pass' : 'user_login';
// script
$script = 'function wp_attempt_focus(){setTimeout( function(){ try{ d = document.getElementById("' . $focus . '"); d.focus();} catch(e){}}, 200);}';
// focus
if (@(!$error)) {
$script .= 'wp_attempt_focus();';
}
// script
$script = sprintf('<script type="text/javascript">%s</script>', apply_filters('mgm_login_form_inline_script', $script));
// scripts
$html .= apply_filters('mgm_login_form_scripts', $script);
// style
$style = '.login-page-links, .login-page-buttons{margin-top:10px; clear:both}';
// style
$style = sprintf('<style type="text/css">%s</style>', apply_filters('mgm_login_form_inline_style', $style));
// style
$html .= apply_filters('mgm_login_form_styles', $style);
// apply filters and return
return apply_filters('mgm_login_form_html', $html);
}
