function mt_getpost($params) { // ($postid, $user, $pass) $xpostid = $params->getParam(0); $xuser = $params->getParam(1); $xpass = $params->getParam(2); $post_ID = $xpostid->scalarval(); $username = $xuser->scalarval(); $password = $xpass->scalarval(); // Check login if (user_pass_ok(addslashes($username), $password)) { $postdata = get_postdata($post_ID); if ($postdata['Date'] != '') { // why were we converting to GMT here? spec doesn't call for that. //$post_date = mysql2date('U', $postdata['Date']); //$post_date = gmdate('Ymd', $post_date).'T'.gmdate('H:i:s', $post_date); $post_date = strtotime($postdata['Date']); $post_date = date('Ymd', $post_date) . 'T' . date('H:i:s', $post_date); $catids = wp_get_post_cats('1', $post_ID); logIO('O', 'Category No:' . count($catids)); foreach ($catids as $catid) { $catname = get_cat_name($catid); logIO('O', 'Category:' . $catname); $catnameenc = new xmlrpcval(mb_conv($catname, 'UTF-8', $GLOBALS['blog_charset'])); $catlist[] = $catnameenc; } $post = get_extended($postdata['Content']); $allow_comments = 'open' == $postdata['comment_status'] ? 1 : 0; $allow_pings = 'open' == $postdata['ping_status'] ? 1 : 0; $resp = array('link' => new xmlrpcval(post_permalink($post_ID)), 'title' => new xmlrpcval(mb_conv($postdata['Title'], 'UTF-8', $GLOBALS['blog_charset'])), 'description' => new xmlrpcval(mb_conv($post['main'], 'UTF-8', $GLOBALS['blog_charset'])), 'dateCreated' => new xmlrpcval($post_date, 'dateTime.iso8601'), 'userid' => new xmlrpcval($postdata['Author_ID']), 'postid' => new xmlrpcval($postdata['ID']), 'content' => new xmlrpcval(mb_conv($postdata['Content'], 'UTF-8', $GLOBALS['blog_charset'])), 'permalink' => new xmlrpcval(post_permalink($post_ID)), 'categories' => new xmlrpcval($catlist, 'array'), 'mt_keywords' => new xmlrpcval("{$catids[0]}"), 'mt_excerpt' => new xmlrpcval(mb_conv($postdata['Excerpt'], 'UTF-8', $GLOBALS['blog_charset'])), 'mt_allow_comments' => new xmlrpcval($allow_comments, 'int'), 'mt_allow_pings' => new xmlrpcval($allow_pings, 'int'), 'mt_convert_breaks' => new xmlrpcval('true'), 'mt_text_more' => new xmlrpcval(mb_conv($post['extended'], 'UTF-8', $GLOBALS['blog_charset']))); $resp = new xmlrpcval($resp, 'struct'); return new xmlrpcresp($resp); } else { return new xmlrpcresp(0, $GLOBALS['xmlrpcerruser'] + 3, "No such post #{$post_ID}"); } } else { return new xmlrpcresp(0, $GLOBALS['xmlrpcerruser'] + 3, 'Wrong username/password combination ' . $username . ' / ' . starify($password)); } }
function user_login($username, $password) { $res_arr = array(); if (empty($username) || empty($password)) { $res_arr['errormsg'] = 'Required field is missing'; return $res_arr; //return $errors; } $user_id = username_exists($username); $user = user_pass_ok($username, $password); if (!empty($user_id)) { $user_data = get_userdata($user_id); if ($user == 1) { $res_arr['Id'] = $user_id; $res_arr['username'] = $username; return $res_arr; } else { $res_arr['errormsg'] = 'Invalid password'; return $res_arr; } } else { $res_arr['errormsg'] = 'Invalid username'; return $res_arr; } }
public function check_current_pass($user_login, $user_password) { if (!user_pass_ok($user_login, $user_password)) { return json_encode(false); } return json_encode(true); }
function login_pass_ok($user_login, $user_pass) { if (!user_pass_ok($user_login, $user_pass)) { $this->error = new IXR_Error(403, 'Bad login/pass combination.'); return false; } return true; }
function loginCheck($args) { $username = $args[0]; $password = $args[1]; if (!user_pass_ok($username, $password)) { //an error occurred, the username and password supplied were not valid return false; } // no errors occurred, the U&P are good, return true return true; }
private function _verify_admin() { global $json_api; extract($_REQUEST); if (!current_user_can('administrator')) { if (isset($u) and isset($p)) { if (!user_pass_ok($u, $p)) { $json_api->error(__("Your username or password was incorrect.")); } } else { $json_api->error(__("You must either provide the 'u' and 'p' parameters or login as an administrator.")); } } }
function jobman_login() { global $wp_query, $jobman_login_failed; $username = $wp_query->query_vars['jobman_username']; $password = $wp_query->query_vars['jobman_password']; if (user_pass_ok($username, $password)) { $creds = array('user_login' => $username, 'user_password' => $password, 'remember' => true); wp_signon($creds); wp_redirect(jobman_current_url()); exit; } else { $jobman_login_failed = true; } }
function wuw_init() { if (isset($_POST['whatsupwordpressusername']) && isset($_POST['whatsupwordpresspassword'])) { $post_user = sanitize_user(trim($_POST['whatsupwordpressusername'])); $post_pass = trim($_POST['whatsupwordpresspassword']); $results = ''; if (user_pass_ok($post_user, $post_pass)) { $user_data = get_userdatabylogin($post_user); set_current_user($user_data->ID); if (current_user_can('whats_up_wordpress')) { if (!function_exists('get_preferred_from_update_core')) { require_once ABSPATH . 'wp-admin/includes/update.php'; } $cur = get_preferred_from_update_core(); $upgrade = isset($cur->response) && $cur->response === 'upgrade' ? 1 : 0; if (!function_exists('get_plugins')) { require_once ABSPATH . 'wp-admin/includes/plugin.php'; } $all_plugins = get_plugins(); $active_plugins = 0; foreach ((array) $all_plugins as $plugin_file => $plugin_data) { if (is_plugin_active($plugin_file)) { $active_plugins++; } } $update_plugins = get_transient('update_plugins'); $update_count = 0; if (!empty($update_plugins->response)) { $update_count = count($update_plugins->response); } $num_posts = wp_count_posts('post', 'readable'); $num_comm = wp_count_comments(); header('Content-Type: application/json'); exit(json_encode(array('site_name' => (string) get_option('blogname'), 'site_url' => (string) site_url(), 'site_admin_url' => (string) admin_url(), 'wordpress_version' => (string) $GLOBALS['wp_version'], 'core_update_available' => (int) $upgrade, 'active_plugins' => (int) $active_plugins, 'updatable_plugins' => (int) $update_count, 'total_posts' => (int) array_sum((array) $num_posts) - $num_posts->trash, 'total_posts_categories' => (int) wp_count_terms('category', 'ignore_empty=true'), 'published_posts' => (int) $num_posts->publish, 'draft_posts' => (int) $num_posts->draft, 'pending_posts' => (int) $num_posts->pending, 'scheduled_posts' => (int) $num_posts->future, 'trashed_posts' => (int) $num_posts->trash, 'total_comments' => (int) $num_comm->total_comments, 'approved_comments' => (int) $num_comm->approved, 'pending_comments' => (int) $num_comm->moderated, 'spam_comments' => (int) $num_comm->spam, 'trashed_comments' => (int) $num_comm->trash))); } } } }
function emw_intercept_login($username) { global $sitepress_settings; if (user_pass_ok($username, $_POST['pwd'])) { wp_set_auth_cookie(get_profile('ID', $username), $_POST['rememberme'], is_ssl()); $domains = $sitepress_settings['language_domains']; if ($domains) { $time = floor(time() / 10); $_languages = icl_get_languages('skip_missing=0'); foreach ($_languages as $l) { $languages[] = $l; } $next_domain = $domains[$languages[1]['language_code']]; $parts = parse_url($next_domain); $options['nonce'] = md5($parts['scheme'] . '://' . $parts['host'] . "-{$username}-{$time}"); $options['redirect'] = $_REQUEST['redirect_to']; $options['remember'] = $_POST['rememberme']; $options['language_number'] = 1; update_option('emw_login', $options); wp_redirect($next_domain . "?emw-login&user={$username}&nonce={$options['nonce']}"); die; } } }
function mt_getpost($params) { // ($postid, $user, $pass) global $xmlrpcerruser; $xpostid = $params->getParam(0); $xuser = $params->getParam(1); $xpass = $params->getParam(2); $post_ID = $xpostid->scalarval(); $username = $xuser->scalarval(); $password = $xpass->scalarval(); // Check login if (user_pass_ok($username, $password)) { $postdata = get_postdata($post_ID); if ($postdata["Date"] != "") { // why were we converting to GMT here? spec doesn't call for that. //$post_date = mysql2date("U", $postdata["Date"]); //$post_date = gmdate("Ymd", $post_date)."T".gmdate("H:i:s", $post_date); $post_date = strtotime($postdata['Date']); $post_date = date("Ymd", $post_date) . "T" . date("H:i:s", $post_date); $catids = wp_get_post_cats('1', $post_ID); logIO("O", "CateGory No:" . count($catids)); foreach ($catids as $catid) { $catname = get_cat_name($catid); logIO("O", "CateGory:" . $catname); $catnameenc = new xmlrpcval(mb_conv($catname, "UTF-8", "auto")); $catlist[] = $catnameenc; } $post = get_extended($postdata['Content']); $allow_comments = 'open' == $postdata['comment_status'] ? 1 : 0; $allow_pings = 'open' == $postdata['ping_status'] ? 1 : 0; $resp = array('link' => new xmlrpcval(post_permalink($post_ID)), 'title' => new xmlrpcval(mb_conv($postdata["Title"], "UTF-8", "auto")), 'description' => new xmlrpcval(mb_conv($post['main'], "UTF-8", "auto")), 'dateCreated' => new xmlrpcval($post_date, 'dateTime.iso8601'), 'userid' => new xmlrpcval($postdata["Author_ID"]), 'postid' => new xmlrpcval($postdata["ID"]), 'content' => new xmlrpcval(mb_conv($postdata["Content"], "UTF-8", "auto")), 'permalink' => new xmlrpcval(post_permalink($post_ID)), 'categories' => new xmlrpcval($catlist, 'array'), 'mt_keywords' => new xmlrpcval("{$catids[0]}"), 'mt_excerpt' => new xmlrpcval(mb_conv($postdata['Excerpt'], "UTF-8", "auto")), 'mt_allow_comments' => new xmlrpcval($allow_comments, 'int'), 'mt_allow_pings' => new xmlrpcval($allow_pings, 'int'), 'mt_convert_breaks' => new xmlrpcval('true'), 'mt_text_more' => new xmlrpcval(mb_conv($post['extended'], "UTF-8", "auto"))); $resp = new xmlrpcval($resp, 'struct'); return new xmlrpcresp($resp); } else { return new xmlrpcresp(0, $xmlrpcerruser + 3, "No such post #{$post_ID}"); } } else { return new xmlrpcresp(0, $xmlrpcerruser + 3, 'Wrong username/password combination ' . $username . ' / ' . starify($password)); } }
public function remotesignin() { $result = 0; // fail by default // add multiple locations here in the future $location = 1; $this->load->model("members/membermodel"); $member = $this->membermodel->authMacAddr($this->input->post('mac')); if ($member) { // the macaddress was found belonging to a user $result = $this->membermodel->checkin($location, SignInMethod::WIFI) ? 1 : 0; error_log("check result" . $result, 0); if (!$result) { $result = 4; echo $result; return $result; } else { $result = 1; echo $result; return $result; } } else { //do we have a username and password $username = $this->input->post("u"); // test if the username we have is the dummy username // we use a dummy username in the transparent authentication if ($username == "mactest") { // the mac wasn't recognized and we don't have a real userid // fail back to radius $result = 2; echo $result; return $result; } // now we assume we have a real username if (!user_pass_ok($this->input->post('u'), $this->input->post('p'))) { // user authentication with password failed. error_log("Invalid user login:"******"issue adding mac address during checkin"); } $result = $member->id; // success error_log("signin checkin success!", 0); $result = 1; echo $result; return $result; } else { // for some reason we could not checkin the user error_log("signin checkin failure!", 0); $result = 4; echo $result; return $result; } error_log("checkin success!", 0); // if we made it this far we have checked in and all good. Give users access to WIFI $result = 1; } }
function wp_mail_receive() { global $img_target; require_once wp_base() . '/wp-includes/class-pop3.php'; timer_start(); $use_cache = 1; $time_difference = get_settings('time_difference'); error_reporting(2037); $GLOBALS['wp_pop3'] = new POP3(); if (!$GLOBALS['wp_pop3']->connect(get_settings('mailserver_url'), get_settings('mailserver_port'))) { echo "Ooops {$GLOBALS['wp_pop3']}->ERROR <br />\n"; return; } $mail_count = $GLOBALS['wp_pop3']->login(get_settings('mailserver_login'), get_settings('mailserver_pass')); if ($mail_count == false) { if (!$GLOBALS['wp_pop3']->FP) { echo "Oooops Login Failed: {$wp_pop3->ERROR}<br />\n"; } else { echo "No Message<br />\n"; $GLOBALS['wp_pop3']->quit(); } return; } // ONLY USE THIS IF YOUR PHP VERSION SUPPORTS IT! register_shutdown_function('wp_mail_quit'); for ($mail_num = 1; $mail_num <= $mail_count; $mail_num++) { $MsgOne = $GLOBALS['wp_pop3']->get($mail_num); if (!$MsgOne || gettype($MsgOne) != 'array') { echo "oops, {$GLOBALS['wp_pop3']}->ERROR<br />\n"; $GLOBALS['wp_pop3']->quit(); return; } $content = ''; $content_type = ''; $boundary = ''; $alt_boundary = ''; $emb_boundary = ''; $dmonths = array('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'); $mailMsg = ''; while (list($lineNum, $line) = each($MsgOne)) { $mailMsg .= $line; } $mailParts = parse_msg($mailMsg); if (!empty($mailParts['header']['date'])) { $ddate = trim($mailParts['header']['date'][0]); if (strpos($ddate, ',')) { $ddate = trim(substr($ddate, strpos($ddate, ',') + 1, strlen($ddate))); } $ddate_U = strtotime($ddate) + $time_difference * 3600; $post_date = date('Y-m-d H:i:s', $ddate_U); } if (!empty($mailParts['header']['subject'])) { $subject = trim($mailParts['header']['subject'][0]); if (function_exists('mb_decode_mimeheader')) { $subject1 = mb_decode_mimeheader($subject); if ($subject1 != $subject) { $sub_charset = mb_internal_encoding(); } else { $sub_charset = "auto"; } $subject = $subject1; } if (get_settings('use_phoneemail')) { $subject = explode(get_settings('phoneemail_separator'), $subject); $subject = trim($subject[0]); } } if (!ereg(get_settings('subjectprefix'), $subject)) { continue; } $charset = ""; $ncharset = preg_match("/\\s?charset=\"?([A-Za-z0-9\\-]*)\"?/i", $content, $matches); if ($ncharset) { $charset = $matches[1]; } $ddate_today = time() + $time_difference * 3600; $ddate_difference_days = ($ddate_today - $ddate_U) / 86400; if ($ddate_difference_days > 14) { echo "Too old<br />\n"; continue; } if (preg_match('/' . get_settings('subjectprefix') . '/', $subject)) { $userpassstring = ''; echo "<div style=\"border: 1px dashed #999; padding: 10px; margin: 10px;\">\n"; echo "<p><b>{$mail_num}</b></p><p><b>Subject: </b>{$subject}</p>\n"; $subject = trim(str_replace(get_settings('subjectprefix'), '', $subject)); $attaches = array(); if ($mailParts['type'] == 'multipart') { if ($mailParts['subtype'] == 'mixed') { for ($i = 1; $i < count($mailParts['body']); $i++) { $attaches[] = array('type' => 'mix', 'body' => $mailParts['body'][$i]); } if (!is_array($mailParts['body'][0]['body'])) { $content = $mailParts['body'][0]['body']; $charset = $mailParts['body'][0]['charset']; $encoding = $mailParts['body'][0]['encodings']; $content = convert_content($content, $charest, $encoding); } else { $mailParts = $mailParts['body'][0]; } } if ($mailParts['type'] == 'multipart' && $mailParts['subtype'] == 'related') { if ($mailParts['body'][0]['type'] == 'multipart' && $mailParts['body'][0]['subtype'] == 'alternative') { $content = $mailParts['body'][0]['body'][1]['body']; $charset = $mailParts['body'][0]['body'][1]['charset']; $encoding = $mailParts['body'][0]['body'][1]['encodings']; $content = convert_content($content, $charest, $encoding); } else { $content = $mailParts['body'][0]['body']; $charset = $mailParts['body'][0]['charset']; $encoding = $mailParts['body'][0]['encodings']; $content = convert_content($content, $charest, $encoding); } $content = preg_replace('/(\\<.*?\\>)/es', 'str_replace(array("\\n","\\r"), array(" ", " "), "\\1")', $content); $content = preg_replace('/\\<head\\>.*\\<\\/head\\>/is', '', $content); $content = preg_replace('/(\\<body\\s*[^\\>]*\\>)\\s*\\<br\\s*\\/*\\>\\s*/is', '\\1', $content); $content = strip_tags($content, '<img><p><br><i><b><u><em><strong><strike><font><span><div><dl><dt><dd><ol><ul><li>,<table><tr><td><category><title>'); $content = preg_replace('!(</div>|</p>)([^\\r\\n])!i', "\\1\n\\2", $content); for ($i = 1; $i < count($mailParts['body']); $i++) { $attaches[] = array('type' => 'relate', 'body' => $mailParts['body'][$i], 'id' => preg_replace('/<(.*)>/', '$1', $mailParts['body'][$i]['header']['content-id'][0])); } } if ($mailParts['type'] == 'multipart' && $mailParts['subtype'] == 'alternative') { if ($mailParts['body'][1]['type'] == 'multipart' && $mailParts['body'][1]['subtype'] == 'related') { $content = $mailParts['body'][1]['body'][0]['body']; $charset = $mailParts['body'][1]['body'][0]['charset']; $encoding = $mailParts['body'][1]['body'][0]['encodings']; $content = convert_content($content, $charest, $encoding); for ($i = 1; $i < count($mailParts['body'][1]['body']); $i++) { $attaches[] = array('type' => 'relate', 'body' => $mailParts['body'][1]['body'][$i], 'id' => preg_replace('/<(.*)>/', '$1', $mailParts['body'][1]['body'][$i]['header']['content-id'][0])); } } else { $content = $mailParts['body'][1]['body']; $charset = $mailParts['body'][1]['charset']; $encoding = $mailParts['body'][1]['encodings']; $content = convert_content($content, $charest, $encoding); } $content = preg_replace('/(\\<[^\\>]*\\>)/es', 'str_replace(array("\\n","\\r"), array(" ", " "), "\\1")', $content); $content = preg_replace('/\\<head\\>.*\\<\\/head\\>/is', '', $content); $content = preg_replace('/(\\<body\\s*[^\\>]*\\>)\\s*\\<br\\s*\\/*\\>\\s*/is', '\\1', $content); $content = strip_tags($content, '<img><p><br><i><b><u><em><strong><strike><font><span><div><dl><dt><dd><ol><ul><li>,<table><tr><td><category><title>'); $content = preg_replace('!(</div>|</p>)([^\\r\\n])!i', "\\1\n\\2", $content); } } else { $content = $mailParts['body']; $charset = $mailParts['charset']; $encoding = $mailParts['encodings']; $content = convert_content($content, $charest, $encoding); } $content = trim($content); echo "<p><b>Content-type:</b> {$content_type}, <b>boundary:</b> {$boundary}</p>\n"; echo "<p><b>alt_boundary:</b> {$alt_boundary}, <b>emb_boundary:</b> {$emb_boundary}</p>\n"; echo "<p><b>charset:</b>{$charset}, <b>BLOG charset:</b>" . $GLOBALS['blog_charset'] . "</p>\n"; // echo "<p><b>Raw content:</b><br /><pre>".$content.'</pre></p>'; if ($charset == "" || trim(strtoupper($charset)) == "ISO-2022-JP") { $charset = "JIS"; } if (trim(strtoupper($charset)) == "SHIFT_JIS") { $charset = "SJIS"; } $btpos = strpos($content, get_settings('bodyterminator')); if ($btpos) { $content = substr($content, 0, $btpos); } $content = trim($content); $blah = explode("\n", preg_replace("/^[\n\r\\s]*/", "", strip_tags($content))); $firstline = preg_replace("/[\n\r]/", "", $blah[0]); $secondline = $blah[1]; if (get_settings('use_phoneemail')) { echo "<p><b>Use Phone Mail:</b> Yes</p>\n"; $btpos = strpos($firstline, get_settings('phoneemail_separator')); if ($btpos) { $userpassstring = trim(substr($firstline, 0, $btpos)); $content = trim(substr($content, $btpos + strlen(get_settings('phoneemail_separator')), strlen($content))); $btpos = strpos($content, get_settings('phoneemail_separator')); if ($btpos) { $userpassstring = trim(substr($content, 0, $btpos)); $content = trim(substr($content, $btpos + strlen(get_settings('phoneemail_separator')), strlen($content))); } } $contentfirstline = $blah[1]; } else { echo "<p><b>Use Phone Mail:</b> No</p>\n"; $userpassstring = strip_tags($firstline); $contentfirstline = ''; } $flat = 999.0; $flon = 999.0; $secondlineParts = explode(':', strip_tags($secondline)); if (strncmp($secondlineParts[0], "POS", 3) == 0) { echo "Found POS:<br />\n"; // echo "Second parts is:".$secondlineParts[1]; // the second line is the postion listing line $secLineParts = explode(',', $secondlineParts[1]); $flatStr = $secLineParts[0]; $flonStr = $secLineParts[1]; // echo "String are ".$flatStr.$flonStr; $flat = floatval($secLineParts[0]); $flon = floatval($secLineParts[1]); // echo "values are ".$flat." and ".$flon; // ok remove that position... we should not have it in the final output $content = str_replace($secondline, '', $content); } $blah = explode(':', $userpassstring); $user_login = trim($blah[0]); $user_pass = $blah[1]; $content = $contentfirstline . str_replace($firstline, '', $content); $content = trim($content); // Please uncomment following line, only if you want to check user and password. // echo "<p><b>Login:</b> $user_login, <b>Pass:</b> $user_pass</p>"; echo "<p><b>Login:</b> {$user_login}, <b>Pass:</b> *********</p>"; if (!user_pass_ok($user_login, $user_pass)) { echo "<p><b>Error: Wrong Login.</b></p></div>\n"; continue; } $userdata = get_userdatabylogin($user_login); $user_level = $userdata->user_level; $post_author = $userdata->ID; if ($user_level > 0) { $post_title = xmlrpc_getposttitle($content); if ($post_title == '') { $post_title = $subject; } echo "Subject : " . mb_conv($post_title, $GLOBALS['blog_charset'], $sub_charset) . " <br />\n"; $post_category = get_settings('default_category'); if (preg_match('/<category>(.+?)<\\/category>/is', $content, $matchcat)) { $post_category = xmlrpc_getpostcategory($content); $content = xmlrpc_removepostdata($content); } if (empty($post_category)) { $post_category = get_settings('default_post_category'); } echo "Category : {$post_category} <br />\n"; $post_category = explode(',', $post_category); if (!get_settings('emailtestonly')) { $content = preg_replace('|\\n([^\\n])|', " \$1", trim($content)); $content_before = ""; $content_after = ""; for ($i = 0; $i < count($attaches); $i++) { $create_thumbs = $attaches[$i]['type'] == 'mix' ? 1 : 0; list($file_name, $is_img, $orig_name) = wp_getattach($attaches[$i]['body'], "user-" . trim($post_author), $create_thumbs); if ($file_name) { if ($attaches[$i]['type'] == 'relate') { $content = preg_replace("/cid:" . preg_quote($attaches[$i]['id']) . "/", get_settings('fileupload_url') . '/' . $file_name, $content); } else { if (isset($img_target) && $img_target) { $img_target = ' target="' . $img_target . '"'; } else { $img_target = ''; } if ($is_img) { if (file_exists(get_settings('fileupload_realpath') . "/thumb-" . $file_name)) { $content_before .= "<a href=\"" . get_settings('fileupload_url') . '/' . rawurlencode($file_name) . "\"" . $img_target . "><img style=\"float: left;\" hspace=\"6\" src=\"" . get_settings('fileupload_url') . '/thumb-' . rawurlencode($file_name) . "\" alt=\"" . $orig_name . "\" title=\"" . $orig_name . "\" /></a>"; } else { $content_before .= "<a href=\"" . get_settings('fileupload_url') . '/' . rawurlencode($file_name) . "\"" . $img_target . "><img style=\"float: left;\" hspace=\"6\" src=\"" . get_settings('fileupload_url') . '/' . rawurlencode($file_name) . "\" alt=\"" . $orig_name . "\" title=\"" . $orig_name . "\" /></a>"; } } else { $content_after .= "<a href=\"" . wp_siteurl() . "/wp-download.php?from=" . rawurlencode($file_name) . "&fname=" . urlencode($orig_name) . "\"" . $img_target . "><img style=\"float: left;\" hspace=\"6\" src=\"" . wp_siteurl() . "/wp-images/file.gif\" alt=\"" . $orig_name . "\" title=\"" . $orig_name . "\" />" . $orig_name . "</a>"; } } } } $content = $content_before . $content . "<br clear=\"left\" />" . $content_after; $postHandler =& wp_handler('Post'); $postObject =& $postHandler->create(); $postObject->setVar('post_content', $content, true); $postObject->setVar('post_title', trim(mb_conv($post_title, $GLOBALS['blog_charset'], $sub_charset)), true); $postObject->setVar('post_date', $post_date, true); $postObject->setVar('post_author', $post_author, true); $postObject->setVar('post_category', $post_category[0], true); $postObject->setVar('post_name', sanitize_title($post_title), true); if ($flat < 500) { $postObject->setVar('post_lat', $flat, true); $postObject->setVar('post_lon', $flon, true); } $postObject->setVar('post_status', get_settings('default_post_status'), true); $postObject->setVar('ping_status', get_settings('default_ping_status'), true); $postObject->setVar('comment_status', get_settings('default_comment_status'), true); if (!$postHandler->insert($postObject, true)) { echo "<b>Error: Insert New Post</b><br />"; } $post_ID = $postObject->getVar('ID'); echo "Post ID = {$post_ID}<br />\n"; $postObject->assignCategories($post_category, true); do_action('publish_post', $post_ID); do_action('publish_phone', $post_ID); if ($flat < 500) { pingGeoUrl($post_ID); } $blog_ID = 1; pingWeblogs($blog_ID); pingback($content, $post_ID); } echo "\n<p><b>Posted title:</b> {$post_title}<br />\n"; echo "<b>Posted content:</b><br /><pre>" . $content . "</pre></p>\n"; if (!$GLOBALS['wp_pop3']->delete($mail_num)) { echo "<p>Oops " . $GLOBALS['wp_pop3']->ERROR . "</p></div>\n"; $GLOBALS['wp_pop3']->reset(); return; } else { echo "<p>Mission complete, message <strong>{$mail_num}</strong> deleted.</p>\n"; } } else { echo "<p><strong>Level 0 users can\\'t post.</strong></p>\n"; } echo "</div>\n"; } } $GLOBALS['wp_pop3']->quit(); timer_stop($GLOBALS['wp_mail_debug']); return; }
/** * @see IdentityProvider_Driver::is_correct_password. */ public function is_correct_password($user, $password) { return user_pass_ok($user->name, $password); }
break; } } } else { // single part $strbody = imap_fetchbody($mbox, $index, 1); } // process body $a_body = split(chr(13), $strbody, 2); $a_authentication = split(':', $a_body[0]); $content = $a_body[1]; $user_login = trim($a_authentication[0]); $user_pass = @trim($a_authentication[1]); echo_message('•<b>' . T_('Authenticating User') . ":</b> {$user_login} "); // authenticate user if (!user_pass_ok($user_login, $user_pass)) { echo_message('[ ' . T_('Fail') . ' ]<br />', 'orange'); echo_message('• ' . T_('Wrong login or password.') . ' ' . T_('First line of text in email must be in the format "username:password"') . '<br />', 'orange'); continue; } else { echo_message('[ ' . T_('Pass') . ' ]<br />', 'green'); } $subject = trim(str_replace($Settings->get('eblog_subject_prefix'), '', $subject)); // remove content after terminator $eblog_terminator = $Settings->get('eblog_body_terminator'); if (!empty($eblog_terminator)) { $os_terminator = strpos($content, $Settings->get($eblog_terminator)); if ($os_terminator) { $content = substr($content, 0, $os_terminator); } }
function wp_mail_receive() { global $wpdb, $wp_pop3, $img_target; require_once wp_base() . '/wp-includes/class-pop3.php'; timer_start(); $use_cache = 1; $time_difference = get_settings('time_difference'); // Get Server Time Zone // If Server Time Zone is not collect, Please comment out following line; $server_timezone = date("O"); // echo "Server TimeZone is ".date('O')."<br />"; // If Server Time Zone is not collect, Please uncomment following line and set collect timezone value; // $server_timezone = "+0900"; //This is a sample value for JST+0900 $server_timezone = $server_timezone / 100; $weblog_timezone = $server_timezone + $time_difference; error_reporting(2037); $wp_pop3 = new POP3(); if (!$wp_pop3->connect(get_settings('mailserver_url'), get_settings('mailserver_port'))) { echo "Ooops {$wp_pop3->ERROR} <br />\n"; return; } $Count = $wp_pop3->login(get_settings('mailserver_login'), get_settings('mailserver_pass')); if ($Count == false) { if (!$wp_pop3->FP) { echo "Oooops Login Failed: {$wp_pop3->ERROR}<br />\n"; } else { echo "No Message<br />\n"; $wp_pop3->quit(); } return; } // ONLY USE THIS IF YOUR PHP VERSION SUPPORTS IT! register_shutdown_function('wp_mail_quit'); for ($iCount = 1; $iCount <= $Count; $iCount++) { $MsgOne = $wp_pop3->get($iCount); if (!$MsgOne || gettype($MsgOne) != 'array') { echo "oops, {$wp_pop3->ERROR}<br />\n"; $wp_pop3->quit(); return; } $content = ''; $content_type = ''; $boundary = ''; $att_boundary = ''; $hatt_boundary = ''; $bodysignal = 0; $dmonths = array('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'); while (list($lineNum, $line) = each($MsgOne)) { if (strlen($line) < 3) { $bodysignal = 1; } if ($bodysignal) { $content .= $line; } else { if (preg_match('/^Content-Type:\\s+(.*?)\\;/i', $line, $match)) { $content_type = $match[1]; $content_type = strtolower($match[1]); } if ($content_type == 'multipart/mixed' && preg_match('/boundary=(?:")?([^;"\\s\\n]*?)(?:")?\\s*(?:$|;)/', $line, $match) && $att_boundary == '') { $att_boundary = trim($match[1]); } if ($content_type == 'multipart/alternative' && preg_match('/boundary=(?:")?([^;"\\s\\n]*?)(?:")?\\s*(?:$|;)/', $line, $match) && $boundary == '') { $boundary = trim($match[1]); } if ($content_type == 'multipart/related' && preg_match('/boundary=(?:")?([^;"\\s\\n]*?)(?:")?\\s*(?:$|;)/', $line, $match) && $hatt_boundary == '') { $hatt_boundary = trim($match[1]); } if (preg_match('/Subject: /', $line)) { $subject = trim($line); $subject = substr($subject, 9, strlen($subject) - 9); if (function_exists('mb_decode_mimeheader')) { $subject1 = mb_decode_mimeheader($subject); if ($subject != $subject) { $sub_charset = mb_internal_encoding(); } else { $sub_charset = "auto"; } $subject = $subject1; } if (get_settings('use_phoneemail')) { $subject = explode(get_settings('phoneemail_separator'), $subject); $subject = trim($subject[0]); } } if (preg_match('/Date: /', $line)) { // of the form '20 Mar 2002 20:32:37' $ddate = trim($line); $ddate = str_replace('Date: ', '', $ddate); if (strpos($ddate, ',')) { $ddate = trim(substr($ddate, strpos($ddate, ',') + 1, strlen($ddate))); } $date_arr = explode(' ', $ddate); $date_time = explode(':', $date_arr[3]); $ddate_H = $date_time[0]; $ddate_i = $date_time[1]; $ddate_s = $date_time[2]; $ddate_m = $date_arr[1]; $ddate_d = $date_arr[0]; $ddate_Y = $date_arr[2]; $mail_timezone = trim(ereg_replace("\\([^)]*\\)", "", $date_arr[4])) / 100; // echo "Email TimeZone is {$date_arr[4]}<br />"; $mail_time_difference = $weblog_timezone - $mail_timezone; for ($i = 0; $i < 12; $i++) { if ($ddate_m == $dmonths[$i]) { $ddate_m = $i + 1; } } $ddate_U = mktime($ddate_H, $ddate_i, $ddate_s, $ddate_m, $ddate_d, $ddate_Y); $ddate_U = $ddate_U + $mai_time_difference * 3600; $post_date = date('Y-m-d H:i:s', $ddate_U); } } } if (!ereg(get_settings('subjectprefix'), $subject)) { continue; } $charset = ""; $ncharset = preg_match("/\\s?charset=\"?([A-Za-z0-9\\-]*)\"?/i", $content, $matches); if ($ncharset) { $charset = $matches[1]; } $ddate_today = time() + $time_difference * 3600; $ddate_difference_days = ($ddate_today - $ddate_U) / 86400; if ($ddate_difference_days > 14) { echo "Too old<br />\n"; continue; } if (preg_match('/' . get_settings('subjectprefix') . '/', $subject)) { $userpassstring = ''; echo "<div style=\"border: 1px dashed #999; padding: 10px; margin: 10px;\">\n"; echo "<p><b>{$iCount}</b></p><p><b>Subject: </b>{$subject}</p>\n"; $subject = trim(str_replace(get_settings('subjectprefix'), '', $subject)); $attachment = false; if ($att_boundary) { $contents = explode('--' . $att_boundary, $content); $content = $contents[1]; $ncharset = preg_match("/\\s?charset=\"?([A-Za-z0-9\\-]*)\"?/i", $content, $matches); if ($ncharset) { $charset = $matches[1]; } $content = explode("\r\n\r\n", $content, 2); $content = $content[1]; } if ($hatt_boundary) { $contents = explode('--' . $hatt_boundary, $content); $content = $contents[1]; if (preg_match('/Content-Type: multipart\\/alternative\\;\\s*boundary\\=(?:")?([^";\\s\\n]*?)(?:")?\\s*(?:;|\\n|$)"/i', $content, $matches)) { $boundary = trim($matches[1]); $content = explode('--' . $boundary, $content); $content = $content[2]; } $ncharset = preg_match("/charset=\"?([^\"]*)\"?/i", $content, $matches); if ($ncharset) { $charset = $matches[1]; } $content = explode('Content-Transfer-Encoding: quoted-printable', $content); $content = strip_tags($content[1], '<img><p><br><i><b><u><em><strong><strike><font><span><div><dl><dt><dd><ol><ul><li>,<table><tr><td>'); } else { if ($boundary) { $content = explode('--' . $boundary, $content); $content = $content[2]; if (preg_match('/Content-Type: multipart\\/related\\;\\s*boundary=(?:")?([^";\\s\\n]*?)(?:")?\\s*(?:;|\\n|$)/i', $content, $matches)) { $hatt_boundary = trim($matches[1]); $contents = explode('--' . $hatt_boundary, $content); $content = $contents[1]; } $ncharset = preg_match("/charset=\"?([^\"]*)\"?/i", $content, $matches); if ($ncharset) { $charset = $matches[1]; } $content = explode('Content-Transfer-Encoding: quoted-printable', $content); $content = strip_tags($content[1], '<img><p><br><i><b><u><em><strong><strike><font><span><div><dl><dt><dd><ol><ul><li>,<table><tr><td>'); } } $content = trim($content); echo "<p><b>Content-type:</b> {$content_type}, <b>boundary:</b> {$boundary}</p>\n"; echo "<p><b>att_boundary:</b> {$att_boundary}, <b>hatt_boundary:</b> {$hatt_boundary}</p>\n"; echo "<p><b>charset:</b>{$charset}, <b>BLOG charset:</b>" . $GLOBALS['blog_charset'] . "</p>\n"; // echo "<p><b>Raw content:</b><br /><pre>".$content.'</pre></p>'; if ($charset == "" || trim(strtoupper($charset)) == "ISO-2022-JP") { $charset = "JIS"; } if (trim(strtoupper($charset)) == "SHIFT_JIS") { $charset = "SJIS"; } $btpos = strpos($content, get_settings('bodyterminator')); if ($btpos) { $content = substr($content, 0, $btpos); } $content = trim($content); $blah = explode("\n", preg_replace("/^[\n\r\\s]*/", "", strip_tags($content))); $firstline = preg_replace("/[\n\r]/", "", $blah[0]); $secondline = $blah[1]; if (get_settings('use_phoneemail')) { echo "<p><b>Use Phone Mail:</b> Yes</p>\n"; $btpos = strpos($firstline, get_settings('phoneemail_separator')); if ($btpos) { $userpassstring = trim(substr($firstline, 0, $btpos)); $content = trim(substr($content, $btpos + strlen(get_settings('phoneemail_separator')), strlen($content))); $btpos = strpos($content, get_settings('phoneemail_separator')); if ($btpos) { $userpassstring = trim(substr($content, 0, $btpos)); $content = trim(substr($content, $btpos + strlen(get_settings('phoneemail_separator')), strlen($content))); } } $contentfirstline = $blah[1]; } else { echo "<p><b>Use Phone Mail:</b> No</p>\n"; $userpassstring = strip_tags($firstline); $contentfirstline = ''; } $flat = 999.0; $flon = 999.0; $secondlineParts = explode(':', strip_tags($secondline)); if (strncmp($secondlineParts[0], "POS", 3) == 0) { echo "Found POS:<br>\n"; // echo "Second parts is:".$secondlineParts[1]; // the second line is the postion listing line $secLineParts = explode(',', $secondlineParts[1]); $flatStr = $secLineParts[0]; $flonStr = $secLineParts[1]; // echo "String are ".$flatStr.$flonStr; $flat = floatval($secLineParts[0]); $flon = floatval($secLineParts[1]); // echo "values are ".$flat." and ".$flon; // ok remove that position... we should not have it in the final output $content = str_replace($secondline, '', $content); } $blah = explode(':', $userpassstring); $user_login = $blah[0]; $user_pass = $blah[1]; $user_login = mb_conv(trim($user_login), $GLOBALS['blog_charset'], $charset); $content = $contentfirstline . str_replace($firstline, '', $content); $content = trim($content); // Please uncomment following line, only if you want to check user and password. // echo "<p><b>Login:</b> $user_login, <b>Pass:</b> $user_pass</p>"; echo "<p><b>Login:</b> {$user_login}, <b>Pass:</b> *********</p>"; if (!user_pass_ok($user_login, $user_pass)) { echo "<p><b>Wrong Login.</b></p></div>\n"; continue; } $userdata = get_userdatabylogin($user_login); $user_level = $userdata->user_level; $post_author = $userdata->ID; if ($user_level > 0) { $post_title = xmlrpc_getposttitle($content); if ($post_title == '') { $post_title = $subject; } $post_category = get_settings('default_category'); if (preg_match('/<category>(.+?)<\\/category>/is', $content, $matchcat)) { $post_category = xmlrpc_getpostcategory($content); } if ($post_category == '') { $post_category = get_settings('default_post_category'); } echo "Subject : " . mb_conv($subject, $GLOBALS['blog_charset'], $sub_charset) . " <br />\n"; echo "Category : {$post_category} <br />\n"; if (!get_settings('emailtestonly')) { // Attaching Image Files Save if ($att_boundary != "") { $attachment = wp_getattach($contents[2], "user-" . trim($post_author), 1); } if ($boundary != "" && $hatt_boundary != "") { for ($i = 2; $i < count($contents); $i++) { $hattachment = wp_getattach($contents[$i], "user-" . trim($post_author), 0); if ($hattachment) { if (preg_match("/Content-Id: \\<([^\\>]*)>/i", $contents[$i], $matches)) { $content = preg_replace("/(cid:" . preg_quote($matches[1]) . ")/", wp_siteurl() . "/attach/" . $hattachment, $content); } } } } if ($boundary != "") { $content = preg_replace("/\\=[\r\n]/", "", $content); $content = preg_replace("/[\r\n]/", " ", $content); } $content = preg_replace("|\n([^\n])|", " \$1", $content); $content = preg_replace("/\\=([0-9a-fA-F]{2,2})/e", "pack('c',base_convert('\\1',16,10))", $content); $content = addslashes(mb_conv(trim($content), $GLOBALS['blog_charset'], $charset)); $post_title = addslashes(trim(mb_conv($post_title, $GLOBALS['blog_charset'], $sub_charset))); // If we find an attachment, add it to the post if ($attachment) { if (isset($img_target) && $img_target) { $img_target = ' target="' . $img_target . '"'; } else { $img_target = ''; } if (file_exists("../attach/thumb-" . $attachment)) { $content = "<a href=\"" . wp_siteurl() . "/attach/" . $attachment . "\"" . $img_target . "><img style=\"float: left;\" hspace=\"6\" src = \"" . wp_siteurl() . "/attach/thumb-" . $attachment . "\" alt=\"moblog\" ></a>" . $content . "<br clear=\"left\" />"; } else { $content = "<a href=\"" . wp_siteurl() . "/attach/" . $attachment . "\"" . $img_target . "><img style=\"float: left;\" hspace=\"6\" src = \"" . wp_siteurl() . "/attach/" . $attachment . "\" alt=\"moblog\" ></a>" . $content . "<br clear=\"left\" />"; } } $post_name = sanitize_title($post_title); if ($flat > 500) { $sql = "INSERT INTO " . wp_table('posts') . " (post_author, post_date, post_content, post_title, post_category) VALUES ({$post_author}, '{$post_date}', '{$content}', '{$post_title}', {$post_category})"; } else { $sql = "INSERT INTO " . wp_table('posts') . " (post_author, post_date, post_content, post_title, post_category, post_lat, post_lon) VALUES ({$post_author}, '{$post_date}', '{$content}', '{$post_title}', {$post_category}, {$flat}, {$flon})"; } $result = $wpdb->query($sql); $post_ID = $wpdb->insert_id; // update blank postname if ($post_name == "") { $post_name = "post-" . $post_ID; $wpdb->query("UPDATE " . wp_table('posts') . " SET post_name='{$post_name}' WHERE ID = {$post_ID}"); } echo "Post ID = {$post_ID}<br />\n"; if (isset($sleep_after_edit) && $sleep_after_edit > 0) { sleep($sleep_after_edit); } $blog_ID = 1; if ($flat < 500) { pingGeoUrl($post_ID); } // Double check it's not there already $exists = $wpdb->get_row("SELECT * FROM " . wp_table('post2cat') . " WHERE post_id = {$post_ID} AND category_id = {$post_category}"); if (!$exists && $result) { $wpdb->query("\n\t\t\t\t\t\tINSERT INTO " . wp_table('post2cat') . "\n\t\t\t\t\t\t(post_id, category_id)\n\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t({$post_ID}, {$post_category})\n\t\t\t\t\t\t"); } do_action('publish_post', $post_ID); do_action('publish_phone', $post_ID); pingWeblogs($blog_ID); pingBlogs($blog_ID); pingback($content, $post_ID); } echo "\n<p><b>Posted title:</b> {$post_title}<br />\n"; echo "<b>Posted content:</b><br /><pre>" . $content . "</pre></p>\n"; if (!$wp_pop3->delete($iCount)) { echo "<p>Oops " . $wp_pop3->ERROR . "</p></div>\n"; $wp_pop3->reset(); return; } else { echo "<p>Mission complete, message <strong>{$iCount}</strong> deleted.</p>\n"; } } else { echo "<p><strong>Level 0 users can\\'t post.</strong></p>\n"; } echo "</div>\n"; } } $wp_pop3->quit(); timer_stop($output_debugging_info); return; }
/** * Gets the full Pretty Link URL from a link id * * @return bool (false if failure) | string containing the pretty link url */ function prli_xmlrpc_get_pretty_link_url($args) { $username = $args[0]; $password = $args[1]; if (!get_option('enable_xmlrpc')) { return new IXR_Error(401, __('Sorry, XML-RPC Not enabled for this website', 'pretty-link')); } if (!user_pass_ok($username, $password)) { return new IXR_Error(401, __('Sorry, Login failed', 'pretty-link')); } // make sure user is an admin $userdata = get_userdatabylogin($username); if (!isset($userdata->user_level) or (int) $userdata->user_level < 8) { return new IXR_Error(401, __('Sorry, you must be an administrator to access this resource', 'pretty-link')); } if (!isset($args[2])) { return new IXR_Error(401, __('Sorry, you must provide an id to lookup', 'pretty-link')); } $id = $args[2]; if ($url = prli_get_pretty_link_url($id)) { return $url; } else { return new IXR_Error(401, __('There was an error fetching your Pretty Link URL', 'pretty-link')); } }
/** * createKey function. * * @access public * @param mixed $username * @param mixed $password * @return string key */ function createKey($username, $password) { $temp = md5($username . $password); if (user_pass_ok($username, $password)) { $u = get_userdatabylogin($username); $user = new WP_User($u->ID); if ($this->getUserAccess($user)) { $this->updateKeys($temp); } } else { return -1; } if ($this->verifyKey($temp)) { return $temp; } return -1; }
/** * Checks Header Authorization for Remote File Downloads. * * @package s2Member\Files * @since 110926 * * @attaches-to ``add_filter("ws_plugin__s2member_check_file_download_access_user");`` * * @param obj $user Expects a WP_User object passed in by the Filter. * @return obj A `WP_User` object, possibly obtained through Header Authorization. */ public static function check_file_remote_authorization($user = FALSE) { foreach (array_keys(get_defined_vars()) as $__v) { $__refs[$__v] =& ${$__v}; } do_action("ws_plugin__s2member_before_check_file_remote_authorization", get_defined_vars()); unset($__refs, $__v); $_g = c_ws_plugin__s2member_utils_strings::trim_deep(stripslashes_deep(!empty($_GET) ? $_GET : array())); if (!is_object($user) && isset($_g["s2member_file_remote"]) && filter_var($_g["s2member_file_remote"], FILTER_VALIDATE_BOOLEAN)) { do_action("ws_plugin__s2member_during_check_file_remote_authorization_before", get_defined_vars()); if ((empty($_SERVER["PHP_AUTH_USER"]) || $_SERVER["PHP_AUTH_USER"] === "NOUSER") && !empty($_SERVER["HTTP_AUTHORIZATION"])) { $auth = trim(preg_replace("/^.+?\\s+/", "", $_SERVER["HTTP_AUTHORIZATION"])); $auth = explode(":", base64_decode($auth), 2); if (!empty($auth[0])) { $_SERVER["PHP_AUTH_USER"] = $auth[0]; } if (!empty($auth[1])) { $_SERVER["PHP_AUTH_PW"] = $auth[1]; } } if (empty($_SERVER["PHP_AUTH_USER"]) || empty($_SERVER["PHP_AUTH_PW"]) || !user_pass_ok($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) { header('WWW-Authenticate: Basic realm="' . c_ws_plugin__s2member_utils_strings::esc_dq(strip_tags(_x("Members Only", "s2member-front", "s2member"))) . '"'); status_header(401); header("Content-Type: text/html; charset=UTF-8"); while (@ob_end_clean()) { } // Clean any existing output buffers. exit(_x('<strong>401:</strong> Sorry, access denied.', "s2member-front", "s2member")); } else { if (is_object($_user = new WP_User($_SERVER["PHP_AUTH_USER"])) && !empty($_user->ID)) { $user = $_user; } } do_action("ws_plugin__s2member_during_check_file_remote_authorization_after", get_defined_vars()); } return apply_filters("ws_plugin__s2member_check_file_remote_authorization", $user, get_defined_vars()); }
function loginRemotely($args) { $username = $args[0]; $password = $args[1]; if (!user_pass_ok($username, $password)) { //an error occurred, the username and password supplied were not valid return false; } $user = get_userdatabylogin($username); wp_set_current_user($user->ID, $username); wp_set_auth_cookie($user->ID); do_action('wp_login', $username); // no errors occurred, the U&P are good, return true return true; }
function authenticate() { $retval = 0; // first check to see if the mac address is already stored $mac = $_POST["mac"]; // $this->load->model("usermodel"); $this->load->model("membermodel"); $this->load->model("issuesmodel"); $user_id = $this->usermodel->getUserIdFromMACAddress($mac); if ($user_id) { // have the userId, so simply sign them in // this piece is useless //$retval = $user_id; } else { // mac not cached, so attempt to authenticate //if the username is the mac-test, we know that this is the first run //authentication attempt, if it was second run, it would be their actual login info if ($this->input->post("u") != "mac-test") { $username = $this->input->post("u"); $password = $this->input->post("p"); $retval = user_pass_ok($username, $password); if (!$retval) { // LOG an issue to the dashboard $issueId = $this->issuesmodel->logMemberIssue(0, "Could not authorize \"{$username}\" with the supplied password.", MemberIssueType::SIGNIN); $this->issuesmodel->closeMemberIssue($issueId); return false; } try { $associatedUserId = $this->usermodel->getUserIdFromWPLogin($username); if ($mac != "") { $this->usermodel->addMACAddress($associatedUserId, $mac); } } catch (Exception $e) { $issueId = $this->issuesmodel->logMemberIssue($associatedUserId, "Exception attempting to store the mac address \"{$mac}\": " . $e->getMessage(), MemberIssueType::SIGNIN); $this->issuesmodel->closeMemberIssue($issueId); } } } return $retval; }
function wp_mail_receive() { global $wpdb, $wp_pop3, $img_target; require_once ABSPATH . WPINC . '/class-pop3.php'; timer_start(); $use_cache = 1; $time_difference = get_settings('time_difference'); $blog_charset = get_settings('blog_charset'); error_reporting(2037); $wp_pop3 = new POP3(); if (!$wp_pop3->connect(get_settings('mailserver_url'), get_settings('mailserver_port'))) { echo "Ooops {$wp_pop3->ERROR} <br />\n"; return; } $mail_count = $wp_pop3->login(get_settings('mailserver_login'), get_settings('mailserver_pass')); if ($mail_count == false) { if (!$wp_pop3->FP) { echo "Oooops Login Failed: {$wp_pop3->ERROR}<br />\n"; } else { echo "No Message<br />\n"; $wp_pop3->quit(); } return; } // ONLY USE THIS IF YOUR PHP VERSION SUPPORTS IT! register_shutdown_function('wp_mail_quit'); for ($mail_num = 1; $mail_num <= $mail_count; $mail_num++) { $MsgOne = $wp_pop3->get($mail_num); if (!$MsgOne || gettype($MsgOne) != 'array') { echo "oops, {$wp_pop3->ERROR}<br />\n"; $wp_pop3->quit(); return; } $content = ''; $content_type = ''; $boundary = ''; $att_boundary = ''; $hatt_boundary = ''; $bodysignal = 0; $dmonths = array('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'); while (list($lineNum, $line) = each($MsgOne)) { if (strlen($line) < 3) { $bodysignal = 1; } if ($bodysignal) { $content .= $line; } else { if (preg_match('/^Content-Type:\\s+(.*?)\\;/i', $line, $match)) { $content_type = $match[1]; $content_type = strtolower($match[1]); } if ($content_type == 'multipart/mixed' && preg_match('/boundary=(?:")?([^;"\\s\\n]*?)(?:")?\\s*(?:$|;)/', $line, $match) && $att_boundary == '') { $att_boundary = trim($match[1]); } if ($content_type == 'multipart/alternative' && preg_match('/boundary=(?:")?([^;"\\s\\n]*?)(?:")?\\s*(?:$|;)/', $line, $match) && $boundary == '') { $boundary = trim($match[1]); } if ($content_type == 'multipart/related' && preg_match('/boundary=(?:")?([^;"\\s\\n]*?)(?:")?\\s*(?:$|;)/', $line, $match) && $hatt_boundary == '') { $hatt_boundary = trim($match[1]); } if (preg_match('/Subject: /', $line)) { $subject = trim($line); $subject = substr($subject, 9, strlen($subject) - 9); if (function_exists('mb_decode_mimeheader')) { $subject1 = mb_decode_mimeheader($subject); if ($subject != $subject) { $sub_charset = mb_internal_encoding(); } else { $sub_charset = "auto"; } $subject = $subject1; } if (get_settings('use_phoneemail')) { $subject = explode(get_settings('phoneemail_separator'), $subject); $subject = trim($subject[0]); } } if (preg_match('/Date: /', $line)) { // of the form '20 Mar 2002 20:32:37' $ddate = trim($line); $ddate = str_replace('Date: ', '', $ddate); if (strpos($ddate, ',')) { $ddate = trim(substr($ddate, strpos($ddate, ',') + 1, strlen($ddate))); } $ddate_U = strtotime($ddate) + $time_difference * 3600; $post_date = date('Y-m-d H:i:s', $ddate_U); } } } if (!ereg(get_settings('subjectprefix'), $subject)) { continue; } $charset = ""; $ncharset = preg_match("/\\s?charset=\"?([A-Za-z0-9\\-]*)\"?/i", $content, $matches); if ($ncharset) { $charset = $matches[1]; } $ddate_today = time() + $time_difference * 3600; $ddate_difference_days = ($ddate_today - $ddate_U) / 86400; if ($ddate_difference_days > 14) { echo "Too old<br />\n"; continue; } if (preg_match('/' . get_settings('subjectprefix') . '/', $subject)) { $userpassstring = ''; echo "<div style=\"border: 1px dashed #999; padding: 10px; margin: 10px;\">\n"; echo "<p><b>{$mail_num}</b></p><p><b>Subject: </b>{$subject}</p>\n"; $subject = trim(str_replace(get_settings('subjectprefix'), '', $subject)); $attachment = false; if ($att_boundary) { $contents = explode('--' . $att_boundary, $content); $content = $contents[1]; $ncharset = preg_match("/\\s?charset=\"?([A-Za-z0-9\\-]*)\"?/i", $content, $matches); if ($ncharset) { $charset = $matches[1]; } $content = explode("\r\n\r\n", $content, 2); $content = $content[1]; } if ($hatt_boundary) { $contents = explode('--' . $hatt_boundary, $content); $content = $contents[1]; if (preg_match('/Content-Type: multipart\\/alternative\\;\\s*boundary\\=(?:")?([^";\\s\\n]*?)(?:")?\\s*(?:;|\\n|$)"/i', $content, $matches)) { $boundary = trim($matches[1]); $content = explode('--' . $boundary, $content); $content = $content[2]; } $ncharset = preg_match("/charset=\"?([^\"]*)\"?/i", $content, $matches); if ($ncharset) { $charset = $matches[1]; } $content = explode('Content-Transfer-Encoding: quoted-printable', $content); $content = strip_tags($content[1], '<img><p><br><i><b><u><em><strong><strike><font><span><div><dl><dt><dd><ol><ul><li>,<table><tr><td>'); } else { if ($boundary) { $content = explode('--' . $boundary, $content); $content = $content[2]; if (preg_match('/Content-Type: multipart\\/related\\;\\s*boundary=(?:")?([^";\\s\\n]*?)(?:")?\\s*(?:;|\\n|$)/i', $content, $matches)) { $hatt_boundary = trim($matches[1]); $contents = explode('--' . $hatt_boundary, $content); $content = $contents[1]; } $ncharset = preg_match("/charset=\"?([^\"]*)\"?/i", $content, $matches); if ($ncharset) { $charset = $matches[1]; } $content = explode('Content-Transfer-Encoding: quoted-printable', $content); $content = strip_tags($content[1], '<img><p><br><i><b><u><em><strong><strike><font><span><div><dl><dt><dd><ol><ul><li>,<table><tr><td>'); } } $content = trim($content); echo "<p><b>Content-type:</b> {$content_type}, <b>boundary:</b> {$boundary}</p>\n"; echo "<p><b>att_boundary:</b> {$att_boundary}, <b>hatt_boundary:</b> {$hatt_boundary}</p>\n"; echo "<p><b>charset:</b>{$charset}, <b>BLOG charset:</b>{$blog_charset}</p>\n"; // echo "<p><b>Raw content:</b><br /><pre>".$content.'</pre></p>'; if ($charset == "" || trim(strtoupper($charset)) == "ISO-2022-JP") { $charset = "JIS"; } if (trim(strtoupper($charset)) == "SHIFT_JIS") { $charset = "SJIS"; } $btpos = strpos($content, get_settings('bodyterminator')); if ($btpos) { $content = substr($content, 0, $btpos); } $content = trim($content); $blah = explode("\n", preg_replace("/^[\n\r\\s]*/", "", strip_tags($content))); $firstline = preg_replace("/[\n\r]/", "", $blah[0]); $secondline = $blah[1]; if (get_settings('use_phoneemail')) { echo "<p><b>Use Phone Mail:</b> Yes</p>\n"; $btpos = strpos($firstline, get_settings('phoneemail_separator')); if ($btpos) { $userpassstring = trim(substr($firstline, 0, $btpos)); $content = trim(substr($content, $btpos + strlen(get_settings('phoneemail_separator')), strlen($content))); $btpos = strpos($content, get_settings('phoneemail_separator')); if ($btpos) { $userpassstring = trim(substr($content, 0, $btpos)); $content = trim(substr($content, $btpos + strlen(get_settings('phoneemail_separator')), strlen($content))); } } $contentfirstline = $blah[1]; } else { echo "<p><b>Use Phone Mail:</b> No</p>\n"; $userpassstring = strip_tags($firstline); $contentfirstline = ''; } $flat = 999.0; $flon = 999.0; $secondlineParts = explode(':', strip_tags($secondline)); if (strncmp($secondlineParts[0], "POS", 3) == 0) { echo "Found POS:<br />\n"; // echo "Second parts is:".$secondlineParts[1]; // the second line is the postion listing line $secLineParts = explode(',', $secondlineParts[1]); $flatStr = $secLineParts[0]; $flonStr = $secLineParts[1]; // echo "String are ".$flatStr.$flonStr; $flat = floatval($secLineParts[0]); $flon = floatval($secLineParts[1]); // echo "values are ".$flat." and ".$flon; // ok remove that position... we should not have it in the final output $content = str_replace($secondline, '', $content); } $blah = explode(':', $userpassstring); $user_login = $blah[0]; $user_pass = $blah[1]; $user_login = mb_conv(trim($user_login), $blog_charset, $charset); $content = $contentfirstline . str_replace($firstline, '', $content); $content = trim($content); // Please uncomment following line, only if you want to check user and password. // echo "<p><b>Login:</b> $user_login, <b>Pass:</b> $user_pass</p>"; echo "<p><b>Login:</b> {$user_login}, <b>Pass:</b> *********</p>"; if (!user_pass_ok($user_login, $user_pass)) { echo "<p><b>Error: Wrong Login.</b></p></div>\n"; continue; } $userdata = get_userdatabylogin($user_login); $user_level = $userdata->user_level; $post_author = $userdata->ID; if ($user_level > 0) { $post_title = xmlrpc_getposttitle($content); if ($post_title == '') { $post_title = $subject; } echo "Subject : " . mb_conv($post_title, $blog_charset, $sub_charset) . " <br />\n"; $post_category = get_settings('default_category'); if (preg_match('/<category>(.+?)<\\/category>/is', $content, $matchcat)) { $post_category = xmlrpc_getpostcategory($content); } if (empty($post_category)) { $post_category = get_settings('default_post_category'); } echo "Category : {$post_category} <br />\n"; $post_category = explode(',', $post_category); if (!get_settings('emailtestonly')) { // Attaching Image Files Save if ($att_boundary != "") { $attachment = wp_getattach($contents[2], "user-" . trim($post_author), 1); } if ($boundary != "" && $hatt_boundary != "") { for ($i = 2; $i < count($contents); $i++) { $hattachment = wp_getattach($contents[$i], "user-" . trim($post_author), 0); if ($hattachment) { if (preg_match("/Content-Id: \\<([^\\>]*)>/i", $contents[$i], $matches)) { $content = preg_replace("/(cid:" . preg_quote($matches[1]) . ")/", get_settings('fileupload_url') . '/' . $hattachment, $content); } } } } if ($boundary != "") { $content = preg_replace("/\\=[\r\n]/", "", $content); $content = preg_replace("/[\r\n]/", " ", $content); } $content = preg_replace("|\n([^\n])|", " \$1", $content); $content = preg_replace("/\\=([0-9a-fA-F]{2,2})/e", "pack('c',base_convert('\\1',16,10))", $content); $content = mb_conv(trim($content), $blog_charset, $charset); // If we find an attachment, add it to the post if ($attachment) { if (isset($img_target) && $img_target) { $img_target = ' target="' . $img_target . '"'; } else { $img_target = ''; } if (file_exists(get_settings('fileupload_realpath') . "/thumb-" . $attachment)) { $content = "<a href=\"" . get_settings('fileupload_url') . '/' . rawurlencode($attachment) . "\"" . $img_target . "><img style=\"float: left;\" hspace=\"6\" src = \"" . get_settings('fileupload_url') . '/thumb-' . rawurlencode($attachment) . "\" alt=\"" . $attachment . "\" title=\"" . $attachment . "\" /></a>" . $content . "<br clear=\"left\" />"; } else { $content = "<a href=\"" . get_settings('fileupload_url') . '/' . rawurlencode($attachment) . "\"" . $img_target . "><img style=\"float: left;\" hspace=\"6\" src = \"" . get_settings('fileupload_url') . '/' . rawurlencode($attachment) . "\" alt=\"" . $attachment . "\" title=\"" . $attachment . "\" /></a>" . $content . "<br clear=\"left\" />"; } } $postHandler =& wp_handler('Post'); $postObject =& $postHandler->create(); $postObject->setVar('post_content', $content); $postObject->setVar('post_title', trim(mb_conv($post_title, $blog_charset, $sub_charset))); $postObject->setVar('post_date', $post_date); $postObject->setVar('post_author', $post_author); $postObject->setVar('post_category', $post_category[0]); $postObject->setVar('post_name', sanitize_title($post_title)); if ($flat < 500) { $postObject->setVar('post_lat', $flat); $postObject->setVar('post_lon', $flon); } if (!$postHandler->insert($postObject, true)) { echo "<b>Error: Insert New Post</b><br />"; } $post_ID = $postObject->getVar('ID'); echo "Post ID = {$post_ID}<br />\n"; $postObject->assignCategories($post_category); do_action('publish_post', $post_ID); do_action('publish_phone', $post_ID); if ($flat < 500) { pingGeoUrl($post_ID); } $blog_ID = 1; pingWeblogs($blog_ID); pingBlogs($blog_ID); pingback($content, $post_ID); } echo "\n<p><b>Posted title:</b> {$post_title}<br />\n"; echo "<b>Posted content:</b><br /><pre>" . $content . "</pre></p>\n"; if (!$wp_pop3->delete($mail_num)) { echo "<p>Oops " . $wp_pop3->ERROR . "</p></div>\n"; $wp_pop3->reset(); return; } else { echo "<p>Mission complete, message <strong>{$mail_num}</strong> deleted.</p>\n"; } } else { echo "<p><strong>Level 0 users can\\'t post.</strong></p>\n"; } echo "</div>\n"; } } $wp_pop3->quit(); timer_stop($output_debugging_info); return; }
function handle_wordpress_login() { header("Content-type: application/json"); $resp = array("status" => 0); $data = stripslashes_deep(@$_POST['data']); $login = @$data['username']; $pass = @$data['password']; if (!user_pass_ok($login, $pass)) { die(json_encode($resp)); } $user = get_user_by('login', $login); if (is_wp_error($user)) { die(json_encode($resp)); } wp_set_current_user($user->ID, $user->user_login); wp_set_auth_cookie($user->ID); // Logged in with WordPress, yay do_action('wp_login', $user->user_login); die(json_encode(array("status" => 1))); }
/** * Check user's credentials. * * @since 1.5.0 * * @param string $user_login User's username. * @param string $user_pass User's password. * @return bool Whether authentication passed. * @deprecated use wp_xmlrpc_server::login * @see wp_xmlrpc_server::login */ function login_pass_ok($user_login, $user_pass) { if (!get_option('enable_xmlrpc')) { $this->error = new IXR_Error(405, sprintf(__('XML-RPC services are disabled on this site. An admin user can enable them at %s'), admin_url('options-writing.php'))); return false; } if (!user_pass_ok($user_login, $user_pass)) { $this->error = new IXR_Error(403, __('Bad login/pass combination.')); return false; } return true; }
function bloggersettemplate($m) { global $xmlrpcerruser, $tableusers, $blogfilename; error_reporting(0); // there is a bug in phpxmlrpc that makes it say there are errors while the output is actually valid, so let's disable errors for that function dbconnect(); $blogid = 1; // we do not need this yet $template = $m->getParam(4); $template = $template->scalarval(); $templateType = $m->getParam(5); $templateType = $templateType->scalarval(); $username = $m->getParam(2); $username = $username->scalarval(); $password = $m->getParam(3); $password = $password->scalarval(); $userdata = get_userdatabylogin($username); if ($userdata["user_level"] < 3) { return new xmlrpcresp(0, $xmlrpcerruser + 1, "Sorry, users whose level is less than 3, can not edit the template."); } if (user_pass_ok($username, $password)) { if ($templateType == "main") { if ($blogfilename != "") { $file = $blogfilename; } else { $file = "b2.php"; } } elseif ($templateType == "archiveIndex") { $file = "b2archives.php"; } $f = fopen($file, "w+"); fwrite($f, $template); fclose($file); return new xmlrpcresp(new xmlrpcval("1", "boolean")); } else { return new xmlrpcresp(0, $xmlrpcerruser + 3, 'Wrong username/password combination ' . $username . ' / ' . starify($password)); } }
/** * Checks Header Authorization for Remote File Downloads. * * @package s2Member\Files * @since 110926 * * @attaches-to ``add_filter('ws_plugin__s2member_check_file_download_access_user');`` * * @param WP_User $user Expects a WP_User object passed in by the Filter. * * @return WP_User A `WP_User` object, possibly obtained through Header Authorization. */ public static function check_file_remote_authorization($user = NULL) { foreach (array_keys(get_defined_vars()) as $__v) { $__refs[$__v] =& ${$__v}; } do_action('ws_plugin__s2member_before_check_file_remote_authorization', get_defined_vars()); unset($__refs, $__v); // Housekeeping. $_g = c_ws_plugin__s2member_utils_strings::trim_deep(stripslashes_deep(!empty($_GET) ? $_GET : array())); if (!is_object($user) && isset($_g['s2member_file_remote']) && filter_var($_g['s2member_file_remote'], FILTER_VALIDATE_BOOLEAN)) { do_action('ws_plugin__s2member_during_check_file_remote_authorization_before', get_defined_vars()); if ((empty($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER'] === 'NOUSER') && !empty($_SERVER['HTTP_AUTHORIZATION'])) { $auth = trim(preg_replace('/^.+?\\s+/', '', $_SERVER['HTTP_AUTHORIZATION'])); $auth = explode(':', base64_decode($auth), 2); if (!empty($auth[0])) { $_SERVER['PHP_AUTH_USER'] = $auth[0]; } if (!empty($auth[1])) { $_SERVER['PHP_AUTH_PW'] = $auth[1]; } } if (empty($_SERVER['PHP_AUTH_USER']) || empty($_SERVER['PHP_AUTH_PW']) || !user_pass_ok($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) { header('WWW-Authenticate: Basic realm="' . c_ws_plugin__s2member_utils_strings::esc_dq(strip_tags(_x('Members Only', 's2member-front', 's2member'))) . '"'); status_header(401); // Send an unauthorized 401 status header now. header('Content-Type: text/html; charset=UTF-8'); // Content-Type with UTF-8. while (@ob_end_clean()) { } // Clean any existing output buffers. exit(_x('<strong>401:</strong> Sorry, access denied.', 's2member-front', 's2member')); } else { if (is_object($_user = new WP_User($_SERVER['PHP_AUTH_USER'])) && !empty($_user->ID)) { $user = $_user; } } // Now assign ``$user``. do_action('ws_plugin__s2member_during_check_file_remote_authorization_after', get_defined_vars()); } return apply_filters('ws_plugin__s2member_check_file_remote_authorization', $user, get_defined_vars()); }
/** * Checks Header Authorization for Remote File Downloads. * * @package optimizeMember\Files * @since 110926 * * @attaches-to ``add_filter("ws_plugin__optimizemember_check_file_download_access_user");`` * * @param obj $user Expects a WP_User object passed in by the Filter. * @return obj A `WP_User` object, possibly obtained through Header Authorization. */ public static function check_file_remote_authorization($user = FALSE) { eval('foreach(array_keys(get_defined_vars())as$__v)$__refs[$__v]=&$$__v;'); do_action("ws_plugin__optimizemember_before_check_file_remote_authorization", get_defined_vars()); unset($__refs, $__v); /* Unset defined __refs, __v. */ /**/ $_g = c_ws_plugin__optimizemember_utils_strings::trim_deep(stripslashes_deep(!empty($_GET) ? $_GET : array())); /**/ if (!is_object($user) && isset($_g["optimizemember_file_remote"]) && filter_var($_g["optimizemember_file_remote"], FILTER_VALIDATE_BOOLEAN)) { do_action("ws_plugin__optimizemember_during_check_file_remote_authorization_before", get_defined_vars()); /**/ if (empty($_SERVER["PHP_AUTH_USER"]) || empty($_SERVER["PHP_AUTH_PW"]) || !user_pass_ok($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) { header('WWW-Authenticate: Basic realm="' . c_ws_plugin__optimizemember_utils_strings::esc_dq(strip_tags(_x("Members Only", "s2member-front", "s2member"))) . '"'); /**/ status_header(401); header("Content-Type: text/html; charset=utf-8"); eval('while (@ob_end_clean ());'); /**/ exit(_x('<strong>401:</strong> Sorry, access denied.', "s2member-front", "s2member")); } else { if (is_object($_user = new WP_User($_SERVER["PHP_AUTH_USER"])) && !empty($_user->ID)) { $user = $_user; } } /**/ do_action("ws_plugin__optimizemember_during_check_file_remote_authorization_after", get_defined_vars()); } return apply_filters("ws_plugin__optimizemember_check_file_remote_authorization", $user, get_defined_vars()); }