public function generate_auth_cookie($args)
{
/**
* @var $nonce
* @var $username
* @var $password
*
*/
extract($args);
if (!wp_verify_nonce($nonce, 'auth_gmapp')) {
return array('error' => array('code' => 'nononce', 'message' => "Something goes wrong (nonce error)... try again."));
}
if (!$username) {
return array('error' => array('code' => 'nologin', 'message' => "You must include a 'username' var in your request."));
}
if (!$password) {
return array('error' => array('code' => 'nopassword', 'message' => "You must include a 'password' var in your request."));
}
$user = wp_authenticate($username, $password);
if (is_wp_error($user)) {
remove_action('wp_login_failed', $username);
return array('error' => array('code' => 'passerror', 'message' => "Invalid username and/or password."));
}
$expiration = time() + apply_filters('auth_cookie_expiration', 1209600, $user->ID, true);
$cookie = wp_generate_auth_cookie($user->ID, $expiration, 'logged_in');
preg_match('|src="(.+?)"|', get_avatar($user->ID, 32), $avatar);
if (!isset($avatar[1])) {
$avatar[1] = '';
}
return array("cookie" => $cookie, "user" => array("id" => $user->ID, "username" => $user->user_login, "nicename" => $user->user_nicename, "email" => $user->user_email, "url" => $user->user_url, "registered" => $user->user_registered, "displayname" => $user->display_name, "firstname" => $user->user_firstname, "lastname" => $user->last_name, "nickname" => $user->nickname, "description" => $user->user_description, "capabilities" => $user->wp_capabilities, "avatar" => $avatar[1]));
}
public function generate_auth_cookie()
{
global $json_api;
if (!$json_api->query->username) {
$json_api->error("You must include a 'username' var in your request.");
}
if (!$json_api->query->password) {
$json_api->error("You must include a 'password' var in your request.");
}
if ($json_api->query->seconds) {
$seconds = (int) $json_api->query->seconds;
} else {
$seconds = 1209600;
}
//14 days
$user = wp_authenticate($json_api->query->username, $json_api->query->password);
if (is_wp_error($user)) {
$json_api->error("Invalid username and/or password.", 'error', '401');
remove_action('wp_login_failed', $json_api->query->username);
}
$expiration = time() + apply_filters('auth_cookie_expiration', $seconds, $user->ID, true);
$cookie = wp_generate_auth_cookie($user->ID, $expiration, 'logged_in');
preg_match('|src="(.+?)"|', get_avatar($user->ID, 32), $avatar);
return array("cookie" => $cookie, "cookie_name" => LOGGED_IN_COOKIE, "user" => array("id" => $user->ID, "username" => $user->user_login, "nicename" => $user->user_nicename, "email" => $user->user_email, "url" => $user->user_url, "registered" => $user->user_registered, "displayname" => $user->display_name, "firstname" => $user->user_firstname, "lastname" => $user->last_name, "nickname" => $user->nickname, "description" => $user->user_description, "capabilities" => $user->wp_capabilities, "avatar" => $avatar[1]));
}
function test_auth_cookie_scheme()
{
// arbitrary scheme name
$cookie = wp_generate_auth_cookie(self::$user_id, time() + 3600, 'foo');
$this->assertEquals(self::$user_id, wp_validate_auth_cookie($cookie, 'foo'));
// wrong scheme name - should fail
$cookie = wp_generate_auth_cookie(self::$user_id, time() + 3600, 'foo');
$this->assertEquals(false, wp_validate_auth_cookie($cookie, 'bar'));
}
/**
* Sets the authentication cookies based User ID.
*
* The $remember parameter increases the time that the cookie will be kept. The
* default the cookie is kept without remembering is two days. When $remember is
* set, the cookies will be kept for 14 days or two weeks.
*
* @since 2.5
*
* @param int $user_id User ID
* @param bool $remember Whether to remember the user
*/
function wp_set_auth_cookie($user_id, $remember = false, $secure = '')
{
if ($remember) {
$expiration = $expire = time() + apply_filters('auth_cookie_expiration', 1209600, $user_id, $remember);
} else {
$expiration = time() + apply_filters('auth_cookie_expiration', 172800, $user_id, $remember);
$expire = 0;
}
if ('' === $secure) {
$secure = is_ssl();
}
if ($secure) {
$auth_cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
$subdomain = get_option('rootcookie_subdomain');
$rootcookie_subdomain_manual = get_option('rootcookie_subdomain_manual');
if ($subdomain == 1) {
# Use Scotts implementation
$info = get_bloginfo('url');
$info = parse_url($info);
$info = $info['host'];
$exp = explode('.', $info);
if (count($exp) == 3) {
$domain = '.' . $exp[1] . '.' . $exp[2];
} elseif (count($exp) == 2) {
$domain = '.' . $info;
} elseif (3 < count($exp)) {
$exp = array_reverse($exp);
$domain = '.' . $exp[1] . '.' . $exp[0];
} else {
$domain = COOKIE_DOMAIN;
}
} elseif (!is_null($rootcookie_subdomain_manual)) {
# Use manual domain name setting
$domain = $rootcookie_subdomain_manual;
} else {
# Default
$domain = COOKIE_DOMAIN;
}
setcookie($auth_cookie_name, $auth_cookie, $expire, ROOT_COOKIE, $domain, $secure, true);
/** Duplicate of above - Created by Find & Replace
setcookie($auth_cookie_name, $auth_cookie, $expire, ROOT_COOKIE, $domain, $secure, true);
**/
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, ROOT_COOKIE, $domain, $secure_logged_in_cookie, true);
if (COOKIEPATH != SITECOOKIEPATH) {
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
}
}
public function ajax_on()
{
if (!current_user_can('view_query_monitor') or !check_ajax_referer('qm-auth-on', 'nonce', false)) {
wp_send_json_error(__('Could not set authentication cookie.', 'query-monitor'));
}
$expiration = time() + 2 * DAY_IN_SECONDS;
$secure = self::secure_cookie();
$cookie = wp_generate_auth_cookie(get_current_user_id(), $expiration, 'logged_in');
setcookie(QM_COOKIE, $cookie, $expiration, COOKIEPATH, COOKIE_DOMAIN, $secure, false);
$text = __('Authentication cookie set. You can now view Query Monitor output while logged out or while logged in as a different user.', 'query-monitor');
wp_send_json_success($text);
}
public function generate_auth_cookie()
{
global $json_api;
$nonce_id = $json_api->get_nonce_id('auth', 'generate_auth_cookie');
if (!wp_verify_nonce($json_api->query->nonce, $nonce_id)) {
$json_api->error("Your 'nonce' value was incorrect. Use the 'get_nonce' API method.");
}
if (!$json_api->query->username) {
$json_api->error("You must include a 'username' var in your request.");
}
if (!$json_api->query->password) {
$json_api->error("You must include a 'password' var in your request.");
}
$user = wp_authenticate($json_api->query->username, $json_api->query->password);
if (is_wp_error($user)) {
$json_api->error("Invalid username and/or password.", 'error', '401');
remove_action('wp_login_failed', $json_api->query->username);
}
$expiration = time() + apply_filters('auth_cookie_expiration', 1209600, $user->ID, true);
$cookie = wp_generate_auth_cookie($user->ID, $expiration, 'logged_in');
return array("cookie" => $cookie, "user" => array("id" => $user->ID, "username" => $user->user_login, "nicename" => $user->user_nicename, "email" => $user->user_email, "url" => $user->user_url, "registered" => $user->user_registered, "displayname" => $user->display_name, "firstname" => $user->user_firstname, "lastname" => $user->last_name, "nickname" => $user->nickname, "description" => $user->user_description, "capabilities" => $user->wp_capabilities));
}
function testOldUserCookieAuthentication()
{
$admin = $this->testers['admin'];
$editor = $this->testers['editor'];
$expiry = time() + 172800;
// A valid authentication cookie should pass authentication:
$auth_cookie = wp_generate_auth_cookie($editor->ID, $expiry, 'auth');
$_COOKIE[USER_SWITCHING_COOKIE] = json_encode(array($auth_cookie));
$this->assertTrue(user_switching::authenticate_old_user($editor));
$this->assertFalse(user_switching::authenticate_old_user($admin));
// An expired but otherwise valid authentication cookie should not pass authentication:
$auth_cookie = wp_generate_auth_cookie($editor->ID, time() - 1000, 'auth');
$_COOKIE[USER_SWITCHING_COOKIE] = json_encode(array($auth_cookie));
$this->assertFalse(user_switching::authenticate_old_user($editor));
$this->assertFalse(user_switching::authenticate_old_user($admin));
// A valid authentication cookie with the incorrect scheme should not pass authentication:
$logged_in_cookie = wp_generate_auth_cookie($editor->ID, $expiry, 'logged_in');
$_COOKIE[USER_SWITCHING_COOKIE] = json_encode(array($logged_in_cookie));
$this->assertFalse(user_switching::authenticate_old_user($editor));
$this->assertFalse(user_switching::authenticate_old_user($admin));
$logged_in_cookie = wp_generate_auth_cookie($editor->ID, $expiry, 'secure_auth');
$_COOKIE[USER_SWITCHING_COOKIE] = json_encode(array($logged_in_cookie));
$this->assertFalse(user_switching::authenticate_old_user($editor));
$this->assertFalse(user_switching::authenticate_old_user($admin));
// A malformed cookie should not pass authentication and not trigger any PHP errors:
$_COOKIE[USER_SWITCHING_COOKIE] = 'hello';
$this->assertFalse(user_switching::authenticate_old_user($editor));
$this->assertFalse(user_switching::authenticate_old_user($admin));
// A non-JSON-encoded cookie should not pass authentication and not trigger any PHP errors:
$auth_cookie = wp_generate_auth_cookie($editor->ID, $expiry, 'auth');
$_COOKIE[USER_SWITCHING_COOKIE] = $auth_cookie;
$this->assertFalse(user_switching::authenticate_old_user($editor));
$this->assertFalse(user_switching::authenticate_old_user($admin));
// No cookie should not pass authentication and not trigger any PHP errors:
unset($_COOKIE[USER_SWITCHING_COOKIE]);
$this->assertFalse(user_switching::authenticate_old_user($editor));
$this->assertFalse(user_switching::authenticate_old_user($admin));
}
/**
* Sets the authentication cookies based User ID.
*
* The $remember parameter increases the time that the cookie will be kept. The
* default the cookie is kept without remembering is two days. When $remember is
* set, the cookies will be kept for 14 days or two weeks.
*
* @since 2.5
*
* @param int $user_id User ID
* @param bool $remember Whether to remember the user
*/
function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
if ( $remember ) {
$expiration = time() + apply_filters('auth_cookie_expiration', 14 * DAY_IN_SECONDS, $user_id, $remember);
// Ensure the browser will continue to send the cookie after the expiration time is reached.
// Needed for the login grace period in wp_validate_auth_cookie().
$expire = $expiration + ( 12 * HOUR_IN_SECONDS );
} else {
$expiration = time() + apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember);
$expire = 0;
}
if ( '' === $secure )
$secure = is_ssl();
$secure = apply_filters('secure_auth_cookie', $secure, $user_id);
$secure_logged_in_cookie = apply_filters('secure_logged_in_cookie', false, $user_id, $secure);
if ( $secure ) {
$auth_cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
if ( COOKIEPATH != SITECOOKIEPATH )
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
}
/**
* Set the $_COOKIE values for our custom authentication
*
* Certain areas of WordPress use the $_COOKIE value directly rather than
* passing through the authentication filter, so we need to work
* around this.
*
* @param int $user_id
*/
protected static function set_fake_cookies($user_id)
{
$expiration = time() + apply_filters('auth_cookie_expiration', self::COOKIE_AGE * DAY_IN_SECONDS, $user_id, false);
$expire = 0;
$secure = apply_filters('secure_auth_cookie', is_ssl(), $user_id);
$secure_logged_in_cookie = apply_filters('secure_logged_in_cookie', false, $user_id, $secure);
if ($secure) {
$auth_cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
if (!isset($_COOKIE[$auth_cookie_name])) {
$_COOKIE[$auth_cookie_name] = $auth_cookie;
}
if (!isset($_COOKIE[LOGGED_IN_COOKIE])) {
$_COOKIE[LOGGED_IN_COOKIE] = $logged_in_cookie;
}
}
/**
* Sets the authentication cookies based User ID.
*
* The $remember parameter increases the time that the cookie will be kept. The
* default the cookie is kept without remembering is two days. When $remember is
* set, the cookies will be kept for 14 days or two weeks.
*
* @since 2.5
*
* @param int $user_id User ID
* @param bool $remember Whether to remember the user or not
*/
function wp_set_auth_cookie($user_id, $remember = false, $secure = '')
{
if ($remember) {
$expiration = $expire = time() + 1209600;
} else {
$expiration = time() + 172800;
$expire = 0;
}
if ('' === $secure) {
$secure = is_ssl() ? true : false;
}
if ($secure) {
$auth_cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
// Set httponly if the php version is >= 5.2.0
if (version_compare(phpversion(), '5.2.0', 'ge')) {
setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, false, true);
if (COOKIEPATH != SITECOOKIEPATH) {
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, false, true);
}
} else {
$cookie_domain = COOKIE_DOMAIN;
if (!empty($cookie_domain)) {
$cookie_domain .= '; HttpOnly';
}
setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, $cookie_domain, $secure);
setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, $cookie_domain, $secure);
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, $cookie_domain);
if (COOKIEPATH != SITECOOKIEPATH) {
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, $cookie_domain);
}
}
}
/**
* Sets the authentication cookies based User ID.
* Override for WordPress' pluggable function wp_set_auth_cookie
*
* The $remember parameter increases the time that the cookie will be kept. The
* default the cookie is kept without remembering is two days. When $remember is
* set, the cookies will be kept for 14 days or two weeks.
*
* @param int $user_id User ID
* @param bool $remember Whether to remember the user or not
* @param bool $secure Whether or not cookie is secure
*/
function wp_set_auth_cookie($user_id, $remember = false, $secure = '')
{
if ($remember) {
$expiration = $expire = time() + apply_filters('auth_cookie_expiration', 1209600, $user_id, $remember);
} else {
$expiration = time() + apply_filters('auth_cookie_expiration', 172800, $user_id, $remember);
$expire = 0;
}
if ($secure === '') {
$secure = $this->is_ssl() ? true : false;
}
if ($secure) {
$auth_cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
// Cookie paths defined to accomodate Shared SSL
$cookie_domain = '.' . parse_url($this->https_url, PHP_URL_HOST);
$cookie_path = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . COOKIEPATH;
$cookie_path_site = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . SITECOOKIEPATH;
$cookie_path_plugins = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . PLUGINS_COOKIE_PATH;
$cookie_path_admin = $cookie_path_site . 'wp-admin';
if ($this->shared_ssl && $this->is_ssl()) {
setcookie($auth_cookie_name, $auth_cookie, $expire, $cookie_path_plugins, $cookie_domain, $secure, true);
setcookie($auth_cookie_name, $auth_cookie, $expire, $cookie_path_admin, $cookie_domain, $secure, true);
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $cookie_path, $cookie_domain, false, true);
if ($cookie_path != $cookie_path_site) {
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $cookie_path_site, $cookie_domain, false, true);
}
} else {
setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
if (COOKIEPATH != SITECOOKIEPATH) {
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
}
}
}
/**
* Sets authorisation cookies containing the originating user information.
*
* @param int $old_user_id The ID of the originating user, usually the current logged in user.
* @param bool $pop Optional. Pop the latest user off the auth cookie, instead of appending the new one. Default false.
*/
function user_switching_set_olduser_cookie($old_user_id, $pop = false)
{
$secure_auth_cookie = user_switching::secure_auth_cookie();
$secure_olduser_cookie = user_switching::secure_olduser_cookie();
$expiration = time() + 172800;
# 48 hours
$auth_cookie = user_switching_get_auth_cookie();
$olduser_cookie = wp_generate_auth_cookie($old_user_id, $expiration, 'logged_in');
if ($secure_auth_cookie) {
$auth_cookie_name = USER_SWITCHING_SECURE_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = USER_SWITCHING_COOKIE;
$scheme = 'auth';
}
if ($pop) {
array_pop($auth_cookie);
} else {
array_push($auth_cookie, wp_generate_auth_cookie($old_user_id, $expiration, $scheme));
}
setcookie($auth_cookie_name, json_encode($auth_cookie), $expiration, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_auth_cookie, true);
setcookie(USER_SWITCHING_OLDUSER_COOKIE, $olduser_cookie, $expiration, COOKIEPATH, COOKIE_DOMAIN, $secure_olduser_cookie, true);
}
/**
* Get auth cookies and start a session for a user
*
* This is not the security vulerability you think it is:
* 1. anybody with access to WP:CLI can execute commands on behalf of a user without knowing the password
* 2. the session is destroyed when done, so the cookie becomes invalid and useless if intercepted
*/
private function get_auth_cookies($user_id)
{
$expiration = time() + DAY_IN_SECONDS;
require_once ABSPATH . WPINC . '/session.php';
$manager = WP_Session_Tokens::get_instance($user_id);
$this->token = $manager->create($expiration);
return array(SECURE_AUTH_COOKIE => wp_generate_auth_cookie($user_id, $expiration, 'secure_auth', $this->token), AUTH_COOKIE => wp_generate_auth_cookie($user_id, $expiration, 'auth', $this->token), LOGGED_IN_COOKIE => wp_generate_auth_cookie($user_id, $expiration, 'logged_in', $this->token));
}
/**
* Sets the authentication cookies based on user ID.
*
* The $remember parameter increases the time that the cookie will be kept. The
* default the cookie is kept without remembering is two days. When $remember is
* set, the cookies will be kept for 14 days or two weeks.
*
* @since 2.5.0
*
* @param int $user_id User ID
* @param bool $remember Whether to remember the user
* @param mixed $secure Whether the admin cookies should only be sent over HTTPS.
* Default is_ssl().
*/
function wp_set_auth_cookie($user_id, $remember = false, $secure = '')
{
if ($remember) {
/**
* Filter the duration of the authentication cookie expiration period.
*
* @since 2.8.0
*
* @param int $length Duration of the expiration period in seconds.
* @param int $user_id User ID.
* @param bool $remember Whether to remember the user login. Default false.
*/
$expiration = time() + apply_filters('auth_cookie_expiration', 14 * DAY_IN_SECONDS, $user_id, $remember);
/*
* Ensure the browser will continue to send the cookie after the expiration time is reached.
* Needed for the login grace period in wp_validate_auth_cookie().
*/
$expire = $expiration + 12 * HOUR_IN_SECONDS;
} else {
/** This filter is documented in wp-includes/pluggable.php */
$expiration = time() + apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember);
$expire = 0;
}
if ('' === $secure) {
$secure = is_ssl();
}
// Frontend cookie is secure when the auth cookie is secure and the site's home URL is forced HTTPS.
$secure_logged_in_cookie = $secure && 'https' === parse_url(get_option('home'), PHP_URL_SCHEME);
/**
* Filter whether the connection is secure.
*
* @since 3.1.0
*
* @param bool $secure Whether the connection is secure.
* @param int $user_id User ID.
*/
$secure = apply_filters('secure_auth_cookie', $secure, $user_id);
/**
* Filter whether to use a secure cookie when logged-in.
*
* @since 3.1.0
*
* @param bool $secure_logged_in_cookie Whether to use a secure cookie when logged-in.
* @param int $user_id User ID.
* @param bool $secure Whether the connection is secure.
*/
$secure_logged_in_cookie = apply_filters('secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure);
if ($secure) {
$auth_cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
$manager = WP_Session_Tokens::get_instance($user_id);
$token = $manager->create($expiration);
$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme, $token);
$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in', $token);
/**
* Fires immediately before the authentication cookie is set.
*
* @since 2.5.0
*
* @param string $auth_cookie Authentication cookie.
* @param int $expire Login grace period in seconds. Default 43,200 seconds, or 12 hours.
* @param int $expiration Duration in seconds the authentication cookie should be valid.
* Default 1,209,600 seconds, or 14 days.
* @param int $user_id User ID.
* @param string $scheme Authentication scheme. Values include 'auth', 'secure_auth', or 'logged_in'.
*/
do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
/**
* Fires immediately before the secure authentication cookie is set.
*
* @since 2.6.0
*
* @param string $logged_in_cookie The logged-in cookie.
* @param int $expire Login grace period in seconds. Default 43,200 seconds, or 12 hours.
* @param int $expiration Duration in seconds the authentication cookie should be valid.
* Default 1,209,600 seconds, or 14 days.
* @param int $user_id User ID.
* @param string $scheme Authentication scheme. Default 'logged_in'.
*/
do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
if (COOKIEPATH != SITECOOKIEPATH) {
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
}
}
/**
* @depends test_bad_user
*/
public function test_bad_pass()
{
$_SERVER['REQUEST_METHOD'] = 'GET';
$_COOKIE[AUTH_COOKIE] = wp_generate_auth_cookie(1, time() + 10);
$parts = explode('|', $_COOKIE[AUTH_COOKIE]);
$parts[$this->cookie_key_pass] = 'badpassword';
$_COOKIE[AUTH_COOKIE] = implode('|', $parts);
$expected_error = 'Cannot modify header information';
$this->expected_errors($expected_error);
$result = wp_validate_auth_cookie();
$this->assertFalse($result);
$pass = self::$lss->md5($parts[$this->cookie_key_pass]);
$this->check_fail_record($this->ip, $parts[0], $pass);
$this->assertTrue($this->were_expected_errors_found(), "Expected error not found: '{$expected_error}'");
}
/**
* Sets the authentication cookies based User ID.
*
* The $remember parameter increases the time that the cookie will be kept. The
* default the cookie is kept without remembering is two days. When $remember is
* set, the cookies will be kept for 14 days or two weeks.
*
* @since 2.5
*
* @param int $user_id User ID
* @param bool $remember Whether to remember the user or not
*/
function wp_set_auth_cookie($user_id, $remember = false, $secure = '')
{
if ($remember) {
$expiration = $expire = time() + 1209600;
} else {
$expiration = time() + 172800;
$expire = 0;
}
if ('' === $secure) {
$secure = is_ssl() ? true : false;
}
if ($secure) {
$auth_cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure);
setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure);
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN);
if (COOKIEPATH != SITECOOKIEPATH) {
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN);
}
}
/**
* wp_set_auth_cookie() - Sets the authentication cookies based User ID
*
* The $remember parameter increases the time that the cookie will
* be kept. The default the cookie is kept without remembering is
* two days. When $remember is set, the cookies will be kept for
* 14 days or two weeks.
*
* @since 2.5
*
* @param int $user_id User ID
* @param bool $remember Whether to remember the user or not
*/
function wp_set_auth_cookie($user_id, $remember = false) {
if ( $remember ) {
$expiration = $expire = time() + 1209600;
} else {
$expiration = time() + 172800;
$expire = 0;
}
$cookie = wp_generate_auth_cookie($user_id, $expiration);
do_action('set_auth_cookie', $cookie, $expire);
setcookie(AUTH_COOKIE, $cookie, $expire, COOKIEPATH, COOKIE_DOMAIN);
if ( COOKIEPATH != SITECOOKIEPATH )
setcookie(AUTH_COOKIE, $cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN);
}
function wc1c_mode_checkauth()
{
foreach (array('HTTP_AUTHORIZATION', 'REDIRECT_HTTP_AUTHORIZATION') as $server_key) {
if (!isset($_SERVER[$server_key])) {
continue;
}
list(, $auth_value) = explode(' ', $_SERVER[$server_key], 2);
$auth_value = base64_decode($auth_value);
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', $auth_value);
break;
}
if (!isset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
wc1c_error("No authentication credentials");
}
$user = wp_authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
wc1c_check_wp_error($user);
wc1c_check_permissions($user);
$expiration = time() + apply_filters('auth_cookie_expiration', DAY_IN_SECONDS, $user->ID, false);
$auth_cookie = wp_generate_auth_cookie($user->ID, $expiration);
exit("success\nwc1c-auth\n{$auth_cookie}");
}
/**
*
* Get a url to run a job of BackWPup
*
* @param string $starttype Start types are 'runnow', 'runnowlink', 'cronrun', 'runext', 'restart', 'test'
* @param int $jobid The id of job to start else 0
* @return array|object [url] is the job url [header] for auth header or object form wp_remote_get()
*/
public static function get_jobrun_url($starttype, $jobid = 0)
{
$wp_admin_user = get_users(array('role' => 'backwpup_admin', 'number' => 1));
//get a user for cookie auth
$url = site_url('wp-cron.php');
$header = array();
$authurl = '';
$query_args = array('_nonce' => substr(wp_hash(wp_nonce_tick() . 'backwpup_job_run-' . $starttype, 'nonce'), -12, 10), 'doing_wp_cron' => sprintf('%.22F', microtime(true)));
if (in_array($starttype, array('restart', 'runnow', 'cronrun', 'runext', 'test'))) {
$query_args['backwpup_run'] = $starttype;
}
if (in_array($starttype, array('runnowlink', 'runnow', 'cronrun', 'runext')) && !empty($jobid)) {
$query_args['jobid'] = $jobid;
}
if (get_site_option('backwpup_cfg_httpauthuser') && get_site_option('backwpup_cfg_httpauthpassword')) {
$header['Authorization'] = 'Basic ' . base64_encode(get_site_option('backwpup_cfg_httpauthuser') . ':' . BackWPup_Encryption::decrypt(get_site_option('backwpup_cfg_httpauthpassword')));
$authurl = get_site_option('backwpup_cfg_httpauthuser') . ':' . BackWPup_Encryption::decrypt(get_site_option('backwpup_cfg_httpauthpassword')) . '@';
}
if ($starttype == 'runext') {
$query_args['_nonce'] = get_site_option('backwpup_cfg_jobrunauthkey');
$query_args['doing_wp_cron'] = NULL;
if (!empty($authurl)) {
$url = str_replace('https://', 'https://' . $authurl, $url);
$url = str_replace('http://', 'http://' . $authurl, $url);
}
}
if ($starttype == 'runnowlink' && (!defined('ALTERNATE_WP_CRON') || !ALTERNATE_WP_CRON)) {
$url = wp_nonce_url(network_admin_url('admin.php'), 'backwpup_job_run-' . $starttype);
$query_args['page'] = 'backwpupjobs';
$query_args['action'] = 'runnow';
$query_args['doing_wp_cron'] = NULL;
unset($query_args['_nonce']);
}
if ($starttype == 'runnowlink' && defined('ALTERNATE_WP_CRON') && ALTERNATE_WP_CRON) {
$query_args['backwpup_run'] = 'runnowalt';
$query_args['_nonce'] = substr(wp_hash(wp_nonce_tick() . 'backwpup_job_run-runnowalt', 'nonce'), -12, 10);
$query_args['doing_wp_cron'] = NULL;
}
//Extra for WP-Cron control
if (class_exists('WP_Cron_Control') && ($starttype == 'runext' || $starttype == 'runnow' || $starttype == 'restart')) {
$wp_cron_control_settings = get_option('wpcroncontrol_settings', array());
if (empty($wp_cron_control_settings['secret_string']) && file_exists(WP_PLUGIN_DIR . '/wp-cron-control/wp-cron-control.php')) {
$wp_cron_control_settings['secret_string'] = md5(realpath(WP_PLUGIN_DIR . '/wp-cron-control/wp-cron-control.php') . get_current_blog_id());
$wp_cron_control_settings['enable'] = 1;
}
if (isset($wp_cron_control_settings['enable']) && $wp_cron_control_settings['enable'] == 1) {
if (defined('WP_CRON_CONTROL_SECRET')) {
$wp_cron_control_settings['secret_string'] = WP_CRON_CONTROL_SECRET;
}
$query_args[$wp_cron_control_settings['secret_string']] = '';
$query_args['doing_wp_cron'] = NULL;
}
}
$cron_request = apply_filters('cron_request', array('url' => add_query_arg($query_args, $url), 'key' => $query_args['doing_wp_cron'], 'args' => array('blocking' => FALSE, 'sslverify' => apply_filters('https_local_ssl_verify', true), 'timeout' => 0.01, 'headers' => $header, 'cookies' => array(new WP_Http_Cookie(array('name' => AUTH_COOKIE, 'value' => wp_generate_auth_cookie($wp_admin_user[0]->ID, time() + 300, 'auth'))), new WP_Http_Cookie(array('name' => LOGGED_IN_COOKIE, 'value' => wp_generate_auth_cookie($wp_admin_user[0]->ID, time() + 300, 'logged_in')))), 'user-agent' => BackWpup::get_plugin_data('User-Agent'))));
if ($starttype == 'test') {
$cron_request['args']['timeout'] = 15;
$cron_request['args']['blocking'] = TRUE;
}
if (!in_array($starttype, array('runnowlink', 'runext'))) {
set_transient('doing_cron', $query_args['doing_wp_cron']);
return wp_remote_post($cron_request['url'], $cron_request['args']);
}
return $cron_request;
}
protected function visit_site_as_browser()
{
if (!isset($_POST['url']) || !is_string($_POST['url']) || strlen($_POST['url']) < 2) {
return array('error' => 'Missing url');
}
if (!isset($_POST['args']) || !is_array($_POST['args'])) {
return array('error' => 'Missing args');
}
$_POST = stripslashes_deep($_POST);
$args = $_POST['args'];
$current_user = wp_get_current_user();
$url = '/' . $_POST['url'];
$expiration = time() + 300;
$manager = WP_Session_Tokens::get_instance($current_user->ID);
$token = $manager->create($expiration);
$auth_cookie = wp_generate_auth_cookie($current_user->ID, $expiration, 'auth', $token);
$logged_cookie = wp_generate_auth_cookie($current_user->ID, $expiration, 'logged_in', $token);
$_COOKIE[AUTH_COOKIE] = $auth_cookie;
$_COOKIE[LOGGED_IN_COOKIE] = $logged_cookie;
$post_args = array();
$post_args['body'] = array();
$post_args['redirection'] = 5;
$post_args['decompress'] = false;
// For gzinflate() data error bug
$post_args['cookies'] = array(new WP_Http_Cookie(array('name' => AUTH_COOKIE, 'value' => $auth_cookie)), new WP_Http_Cookie(array('name' => LOGGED_IN_COOKIE, 'value' => $logged_cookie)));
if (isset($args['get'])) {
$get_args = $args['get'];
parse_str($args['get'], $get_args);
}
if (!isset($get_args) || !is_array($get_args)) {
$get_args = array();
}
$get_args['skeleton_keyuse_nonce_key'] = intval(time());
$get_args['skeleton_keyuse_nonce_hmac'] = hash_hmac('sha256', $get_args['skeleton_keyuse_nonce_key'], NONCE_KEY);
$good_nonce = null;
if (isset($args['nonce']) && !empty($args['nonce'])) {
parse_str($args['nonce'], $temp_nonce);
$good_nonce = $this->wp_create_nonce_recursive($temp_nonce);
$get_args = array_merge($get_args, $good_nonce);
}
if (isset($args['post'])) {
parse_str($args['post'], $temp_post);
if (!isset($temp_post) || !is_array($temp_post)) {
$temp_post = array();
}
if (!empty($good_nonce)) {
$temp_post = array_merge($temp_post, $good_nonce);
}
$post_args['body'] = $temp_post;
}
$full_url = add_query_arg($get_args, get_site_url() . $url);
$response = wp_remote_post($full_url, $post_args);
if (is_wp_error($response)) {
return array('error' => 'wp_remote_post error: ' . $response->get_error_message());
}
$received_content = wp_remote_retrieve_body($response);
if (preg_match('/<mainwp>(.*)<\\/mainwp>/', $received_content, $received_result) > 0) {
$received_content_mainwp = json_decode(base64_decode($received_result[1]), true);
if (isset($received_content_mainwp['error'])) {
return array('error' => $received_content_mainwp['error']);
}
}
$search_ok_counter = 0;
$search_fail_counter = 0;
if (isset($args['search']['ok'])) {
foreach ($args['search']['ok'] as $search) {
if (preg_match('/' . preg_quote($search, '/') . '/i', $received_content)) {
++$search_ok_counter;
}
}
}
if (isset($args['search']['fail'])) {
foreach ($args['search']['fail'] as $search) {
if (preg_match('/' . preg_quote($search, '/') . '/i', $received_content)) {
++$search_fail_counter;
}
}
}
unset($get_args['skeleton_keyuse_nonce_key']);
unset($get_args['skeleton_keyuse_nonce_hmac']);
return array('success' => 1, 'content' => $received_content, 'url' => $full_url, 'get' => $get_args, 'post' => $post_args['body'], 'search_ok_counter' => $search_ok_counter, 'search_fail_counter' => $search_fail_counter);
}
/**
* Sets the authentication cookies based User ID.
*
* The $remember parameter increases the time that the cookie will be kept. The
* default the cookie is kept without remembering is two days. When $remember is
* set, the cookies will be kept for 14 days or two weeks.
*
* @since 2.5
*
* @param int $user_id User ID
* @param bool $remember Whether to remember the user
*/
function wp_set_auth_cookie($user_id, $remember = false, $secure = '')
{
if ($remember) {
$expiration = $expire = time() + apply_filters('auth_cookie_expiration', 14 * DAY_IN_SECONDS, $user_id, $remember);
} else {
$expiration = time() + apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember);
$expire = 0;
}
if ('' === $secure) {
$secure = is_ssl();
}
$secure = apply_filters('secure_auth_cookie', $secure, $user_id);
$secure_logged_in_cookie = apply_filters('secure_logged_in_cookie', false, $user_id, $secure);
if ($secure) {
$auth_cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
if (COOKIEPATH != SITECOOKIEPATH) {
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
}
}
function wp_set_olduser_cookie($old_user_id)
{
$expiration = time() + 172800;
# 48 hours
$cookie = wp_generate_auth_cookie($old_user_id, $expiration, 'old_user');
setcookie(OLDUSER_COOKIE, $cookie, $expiration, COOKIEPATH, COOKIE_DOMAIN, false);
}
function wp_set_olduser_cookie($old_user_id)
{
$expiration = time() + 172800;
# 48 hours
$cookie = wp_get_olduser_cookie();
$cookie[] = wp_generate_auth_cookie($old_user_id, $expiration, 'old_user');
$secure = apply_filters('secure_logged_in_cookie', false, $old_user_id, is_ssl());
setcookie(OLDUSER_COOKIE, json_encode($cookie), $expiration, COOKIEPATH, COOKIE_DOMAIN, $secure, true);
}
/**
*
* Get a url to run a job of BackWPup
*
* @param string $starttype Start types are 'runnow', 'runnowlink', 'cronrun', 'runext', 'restart', 'restartalt', 'test'
* @param int $jobid The id of job to start else 0
*
* @return array|object [url] is the job url [header] for auth header or object form wp_remote_get()
*/
public static function get_jobrun_url($starttype, $jobid = 0)
{
$authentication = get_site_option('backwpup_cfg_authentication', array('method' => '', 'basic_user' => '', 'basic_password' => '', 'user_id' => 0, 'query_arg' => ''));
$url = site_url('wp-cron.php');
$header = array('Cache-Control' => 'no-cache');
$authurl = '';
$query_args = array('_nonce' => substr(wp_hash(wp_nonce_tick() . 'backwpup_job_run-' . $starttype, 'nonce'), -12, 10), 'doing_wp_cron' => sprintf('%.22F', microtime(true)));
if (in_array($starttype, array('restart', 'runnow', 'cronrun', 'runext', 'test'), true)) {
$query_args['backwpup_run'] = $starttype;
}
if (in_array($starttype, array('runnowlink', 'runnow', 'cronrun', 'runext'), true) && !empty($jobid)) {
$query_args['jobid'] = $jobid;
}
if (!empty($authentication['basic_user']) && !empty($authentication['basic_password']) && $authentication['method'] == 'basic') {
$header['Authorization'] = 'Basic ' . base64_encode($authentication['basic_user'] . ':' . BackWPup_Encryption::decrypt($authentication['basic_password']));
$authurl = urlencode($authentication['basic_user']) . ':' . urlencode(BackWPup_Encryption::decrypt($authentication['basic_password'])) . '@';
}
if (!empty($authentication['query_arg']) && $authentication['method'] == 'query_arg') {
$url .= '?' . $authentication['query_arg'];
}
if ($starttype === 'runext') {
$query_args['_nonce'] = get_site_option('backwpup_cfg_jobrunauthkey');
$query_args['doing_wp_cron'] = null;
if (!empty($authurl)) {
$url = str_replace('https://', 'https://' . $authurl, $url);
$url = str_replace('http://', 'http://' . $authurl, $url);
}
}
if ($starttype === 'runnowlink' && (!defined('ALTERNATE_WP_CRON') || !ALTERNATE_WP_CRON)) {
$url = wp_nonce_url(network_admin_url('admin.php'), 'backwpup_job_run-' . $starttype);
$query_args['page'] = 'backwpupjobs';
$query_args['action'] = 'runnow';
$query_args['doing_wp_cron'] = null;
unset($query_args['_nonce']);
}
if ($starttype === 'runnowlink' && defined('ALTERNATE_WP_CRON') && ALTERNATE_WP_CRON) {
$query_args['backwpup_run'] = 'runnowalt';
$query_args['_nonce'] = substr(wp_hash(wp_nonce_tick() . 'backwpup_job_run-runnowalt', 'nonce'), -12, 10);
$query_args['doing_wp_cron'] = null;
}
if ($starttype === 'restartalt' && defined('ALTERNATE_WP_CRON') && ALTERNATE_WP_CRON) {
$query_args['backwpup_run'] = 'restart';
$query_args['_nonce'] = null;
}
if ($starttype === 'restart' || $starttype === 'test') {
$query_args['_nonce'] = null;
}
if (!empty($authentication['user_id']) && $authentication['method'] === 'user') {
//cache cookies for auth some
$cookies = get_site_transient('backwpup_cookies');
if (empty($cookies)) {
$wp_admin_user = get_users(array('role' => 'administrator', 'number' => 1));
if (empty($wp_admin_user)) {
$wp_admin_user = get_users(array('role' => 'backwpup_admin', 'number' => 1));
}
if (!empty($wp_admin_user[0]->ID)) {
$expiration = time() + 356 * DAY_IN_SECONDS;
$manager = WP_Session_Tokens::get_instance($wp_admin_user[0]->ID);
$token = $manager->create($expiration);
$cookies[LOGGED_IN_COOKIE] = wp_generate_auth_cookie($wp_admin_user[0]->ID, $expiration, 'logged_in', $token);
}
set_site_transient('backwpup_cookies', $cookies, HOUR_IN_SECONDS - 30);
}
} else {
$cookies = '';
}
$cron_request = array('url' => add_query_arg($query_args, $url), 'key' => $query_args['doing_wp_cron'], 'args' => array('blocking' => false, 'sslverify' => false, 'timeout' => 0.01, 'headers' => $header, 'user-agent' => BackWPup::get_plugin_data('User-Agent')));
if (!empty($cookies)) {
foreach ($cookies as $name => $value) {
$cron_request['args']['cookies'][] = new WP_Http_Cookie(array('name' => $name, 'value' => $value));
}
}
$cron_request = apply_filters('cron_request', $cron_request);
if ($starttype === 'test') {
$cron_request['args']['timeout'] = 15;
$cron_request['args']['blocking'] = true;
}
if (!in_array($starttype, array('runnowlink', 'runext', 'restartalt'), true)) {
delete_transient('doing_cron');
return wp_remote_post($cron_request['url'], $cron_request['args']);
}
return $cron_request;
}
/**
* Generate auth and login cookies for the given user
*
* @param $user_id
*
* @return array
*/
protected function make_auth_cookies($user_id)
{
$token = '';
$remember = '';
$secure = 'https' === parse_url($this->url(), PHP_URL_SCHEME);
/** This filter is documented in wp-includes/pluggable.php */
$expiration = time() + apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember);
$expire = 0;
// Frontend cookie is secure when the auth cookie is secure and the site's home URL is forced HTTPS.
$secure_logged_in_cookie = $secure;
/**
* Filter whether the connection is secure.
*
* @since 3.1.0
*
* @param bool $secure Whether the connection is secure.
* @param int $user_id User ID.
*/
$secure = apply_filters('secure_auth_cookie', $secure, $user_id);
/**
* Filter whether to use a secure cookie when logged-in.
*
* @since 3.1.0
*
* @param bool $secure_logged_in_cookie Whether to use a secure cookie when logged-in.
* @param int $user_id User ID.
* @param bool $secure Whether the connection is secure.
*/
$secure_logged_in_cookie = apply_filters('secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure);
if ($secure) {
$auth_cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
if ('' === $token) {
$manager = WP_Session_Tokens::get_instance($user_id);
$token = $manager->create($expiration);
}
$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme, $token);
$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in', $token);
$cookies = [$this->make_cookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true), $this->make_cookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true), $this->make_cookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true)];
if (COOKIEPATH != SITECOOKIEPATH) {
$cookies[] = $this->make_cookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
}
return $cookies;
}
public function get_auth_cookies($user_id)
{
$cookies = array();
$secure = is_ssl();
$secure = apply_filters('secure_auth_cookie', $secure, $user_id);
if ($secure) {
$auth_cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
$expiration = time() + 2592000;
$cookies[$auth_cookie_name] = wp_generate_auth_cookie($user_id, $expiration, $scheme);
$cookies[LOGGED_IN_COOKIE] = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
if (defined('WPE_APIKEY')) {
$cookies['wpe-auth'] = md5('wpe_auth_salty_dog|' . WPE_APIKEY);
}
return $cookies;
}
/**
* Sets the authentication cookies based User ID.
*
* The $remember parameter increases the time that the cookie will be kept. The
* default the cookie is kept without remembering is two days. When $remember is
* set, the cookies will be kept for 14 days or two weeks.
*
* @since 2.5
*
* @param int $user_id User ID
* @param bool $remember Whether to remember the user or not
*/
function wp_set_auth_cookie($user_id, $remember = false, $secure = '')
{
if ($remember) {
$expiration = $expire = time() + apply_filters('auth_cookie_expiration', 1209600, $user_id, $remember);
} else {
$expiration = time() + apply_filters('auth_cookie_expiration', 172800, $user_id, $remember);
$expire = 0;
}
if ('' === $secure) {
$secure = is_ssl() ? true : false;
}
if ($secure) {
$auth_cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
$VanillaCookiePath = '/';
$VanillaCookieDomain = get_option('vanilla_cookie_domain');
// Set httponly if the php version is >= 5.2.0
if (version_compare(phpversion(), '5.2.0', 'ge')) {
setcookie($auth_cookie_name, $auth_cookie, $expire, $VanillaCookiePath, $VanillaCookieDomain, $secure, true);
setcookie($auth_cookie_name, $auth_cookie, $expire, $VanillaCookiePath, $VanillaCookieDomain, $secure, true);
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $VanillaCookiePath, $VanillaCookieDomain, false, true);
if (COOKIEPATH != SITECOOKIEPATH) {
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $VanillaCookiePath, $VanillaCookieDomain, false, true);
}
} else {
$cookie_domain = $VanillaCookieDomain;
if (!empty($cookie_domain)) {
$cookie_domain .= '; HttpOnly';
}
setcookie($auth_cookie_name, $auth_cookie, $expire, $VanillaCookiePath, $cookie_domain, $secure);
setcookie($auth_cookie_name, $auth_cookie, $expire, $VanillaCookiePath, $cookie_domain, $secure);
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $VanillaCookiePath, $cookie_domain);
if (COOKIEPATH != SITECOOKIEPATH) {
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $VanillaCookiePath, $cookie_domain);
}
}
}
public function fb_connect()
{
global $json_api;
if ($json_api->query->fields) {
$fields = $json_api->query->fields;
} else {
$fields = 'id,name,first_name,last_name,email';
}
if ($json_api->query->ssl) {
$enable_ssl = $json_api->query->ssl;
} else {
$enable_ssl = true;
}
if (!$json_api->query->access_token) {
$json_api->error("You must include a 'access_token' variable. Get the valid access_token for this app from Facebook API.");
} else {
$url = 'https://graph.facebook.com/me/?fields=' . $fields . '&access_token=' . $json_api->query->access_token;
// Initiate curl
$ch = curl_init();
// Enable SSL verification
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $enable_ssl);
// Will return the response, if false it print the response
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Set the url
curl_setopt($ch, CURLOPT_URL, $url);
// Execute
$result = curl_exec($ch);
// Closing
curl_close($ch);
$result = json_decode($result, true);
if (isset($result["email"])) {
$user_email = $result["email"];
$email_exists = email_exists($user_email);
if ($email_exists) {
$user = get_user_by('email', $user_email);
$user_id = $user->ID;
$user_name = $user->user_login;
}
if (!$user_id && $email_exists == false) {
$user_name = strtolower($result['first_name'] . '.' . $result['last_name']);
while (username_exists($user_name)) {
$i++;
$user_name = strtolower($result['first_name'] . '.' . $result['last_name']) . '.' . $i;
}
$random_password = wp_generate_password($length = 12, $include_standard_special_chars = false);
$userdata = array('user_login' => $user_name, 'user_email' => $user_email, 'user_pass' => $random_password, 'display_name' => $result["name"], 'first_name' => $result['first_name'], 'last_name' => $result['last_name']);
$user_id = wp_insert_user($userdata);
if ($user_id) {
$user_account = 'user registered.';
}
} else {
if ($user_id) {
$user_account = 'user logged in.';
}
}
$expiration = time() + apply_filters('auth_cookie_expiration', 1209600, $user_id, true);
$cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
$response['msg'] = $user_account;
$response['wp_user_id'] = $user_id;
$response['cookie'] = $cookie;
$response['user_login'] = $user_name;
} else {
$response['msg'] = "Your 'access_token' did not return email of the user. Without 'email' user can't be logged in or registered. Get user email extended permission while joining the Facebook app.";
}
}
return $response;
}
function bbpress_integration_set_bb_cookies($uri, $expire = false, $expiration = '', $user_id = '')
{
if (!($uri_parsed = @parse_url($uri))) {
return false;
}
$secure = false;
if (strtolower($uri_parsed['scheme']) === 'https') {
$secure = true;
}
if ($secure) {
$name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$name = AUTH_COOKIE;
$scheme = 'auth';
}
if ($expiration && $scheme) {
$contents = wp_generate_auth_cookie($user_id, $expiration, $scheme);
} else {
$contents = ' ';
$expire = time() - 31536000;
}
if (!($cookiedomain_and_path = bbpress_integration_get_cookie_domain_and_path())) {
return false;
}
extract($cookiedomain_and_path);
$domain = $cookiedomain;
$path = $uri_parsed['path'];
// Set httponly if the php version is >= 5.2.0
if (version_compare(phpversion(), '5.2.0', 'ge')) {
setcookie($name, $contents, $expire, $path, $domain, $secure, true);
} else {
if (!empty($domain)) {
$domain .= '; HttpOnly';
}
setcookie($name, $contents, $expire, $path, $domain, $secure);
}
}