/** * Return whether or not the current logged in user is being remembered in the form of a persistent browser * cookie (ie. they checked the 'Remember Me' check box when they logged in). This is used to persist the * 'remember me' value when the user switches to another user. * * @return bool Whether the current user is being 'remembered' or not. */ function remember() { $current_user = wp_get_current_user(); $current = wp_parse_auth_cookie('', 'logged_in'); $cookie_life = apply_filters('auth_cookie_expiration', 172800, $current_user->ID, false); return $current['expiration'] - time() > $cookie_life; }
function wppb_autologin_after_password_changed() { if (isset($_POST['action']) && $_POST['action'] == 'edit_profile') { if (isset($_POST['passw1']) && !empty($_POST['passw1']) && !empty($_POST['form_name'])) { /* all the error checking filters are defined in each field file so we need them here */ if (file_exists(WPPB_PLUGIN_DIR . '/front-end/default-fields/default-fields.php')) { require_once WPPB_PLUGIN_DIR . '/front-end/default-fields/default-fields.php'; } if (file_exists(WPPB_PLUGIN_DIR . '/front-end/extra-fields/extra-fields.php')) { require_once WPPB_PLUGIN_DIR . '/front-end/extra-fields/extra-fields.php'; } /* we get the form_name through $_POST so we can apply correctly the filter so we generate the correct fields in the current form */ $form_fields = apply_filters('wppb_change_form_fields', get_option('wppb_manage_fields'), array('form_type' => 'edit_profile', 'form_fields' => array(), 'form_name' => $_POST['form_name'], 'role' => '', 'ID' => Profile_Builder_Form_Creator::wppb_get_form_id_from_form_name($_POST['form_name'], 'edit_profile'))); if (!empty($form_fields)) { /* check for errors in the form through the filters */ $output_field_errors = array(); foreach ($form_fields as $field) { $error_for_field = apply_filters('wppb_check_form_field_' . Wordpress_Creation_Kit_PB::wck_generate_slug($field['field']), '', $field, $_POST, 'edit_profile'); if (!empty($error_for_field)) { $output_field_errors[$field['id']] = '<span class="wppb-form-error">' . $error_for_field . '</span>'; } } /* if we have no errors change the password */ if (empty($output_field_errors)) { $user_id = get_current_user_id(); if (!is_multisite() && current_user_can('edit_users') || is_multisite() && current_user_can('manage_network')) { if (isset($_GET['edit_user']) && !empty($_GET['edit_user'])) { $user_id = $_GET['edit_user']; } } if (!isset($_GET['edit_user'])) { wp_clear_auth_cookie(); /* set the new password for the user */ wp_set_password($_POST['passw1'], $user_id); // Here we calculate the expiration length of the current auth cookie and compare it to the default expiration. // If it's greater than this, then we know the user checked 'Remember Me' when they logged in. $logged_in_cookie = wp_parse_auth_cookie('', 'logged_in'); /** This filter is documented in wp-includes/pluggable.php */ $default_cookie_life = apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, false); $remember = $logged_in_cookie['expiration'] - time() > $default_cookie_life; wp_set_auth_cookie($user_id, $remember); } else { wp_set_password($_POST['passw1'], $user_id); } } } } } }
/** * Return whether or not the current logged in user is being remembered in the form of a persistent browser cookie * (ie. they checked the 'Remember Me' check box when they logged in). This is used to persist the 'remember me' * value when the user switches to another user. * * @return bool Whether the current user is being 'remembered' or not. */ public static function remember() { $current = wp_parse_auth_cookie('', 'logged_in'); $cookie_life = apply_filters('auth_cookie_expiration', 172800, get_current_user_id(), false); # Here we calculate the expiration length of the current auth cookie and compare it to the default expiration. # If it's greater than this, then we know the user checked 'Remember Me' when they logged in. return $current['expiration'] - time() > $cookie_life; }
function wp_validate_auth_cookie($cookie = '', $scheme = 'auth') { //here starts the part that is new -- get cookie value from request, model taken from media.php global $photoq; if (is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) { $_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie']; } elseif (empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) { $_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie']; } //here ends the part that is new -- the rest is copy paste from pluggable.php //this is for wordpress 2.7 or 2.7.1 if (get_bloginfo('version') === '2.7' || get_bloginfo('version') === '2.7.1') { if (!($cookie_elements = wp_parse_auth_cookie($cookie, $scheme))) { do_action('auth_cookie_malformed', $cookie, $scheme); return false; } extract($cookie_elements, EXTR_OVERWRITE); $expired = $expiration; // Allow a grace period for POST and AJAX requests if (defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD']) { $expired += 3600; } // Quick check to see if an honest cookie has expired if ($expired < time()) { do_action('auth_cookie_expired', $cookie_elements); return false; } $key = wp_hash($username . '|' . $expiration, $scheme); $hash = hash_hmac('md5', $username . '|' . $expiration, $key); if ($hmac != $hash) { do_action('auth_cookie_bad_hash', $cookie_elements); return false; } $user = get_userdatabylogin($username); if (!$user) { do_action('auth_cookie_bad_username', $cookie_elements); return false; } do_action('auth_cookie_valid', $cookie_elements, $user); return $user->ID; } else { // this replaces the above in wp 2.8 if (!($cookie_elements = wp_parse_auth_cookie($cookie, $scheme))) { do_action('auth_cookie_malformed', $cookie, $scheme); return false; } extract($cookie_elements, EXTR_OVERWRITE); $expired = $expiration; // Allow a grace period for POST and AJAX requests if (defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD']) { $expired += 3600; } // Quick check to see if an honest cookie has expired if ($expired < time()) { do_action('auth_cookie_expired', $cookie_elements); return false; } $user = get_userdatabylogin($username); if (!$user) { do_action('auth_cookie_bad_username', $cookie_elements); return false; } $pass_frag = substr($user->user_pass, 8, 4); $key = wp_hash($username . $pass_frag . '|' . $expiration, $scheme); $hash = hash_hmac('md5', $username . '|' . $expiration, $key); if ($hmac != $hash) { do_action('auth_cookie_bad_hash', $cookie_elements); return false; } do_action('auth_cookie_valid', $cookie_elements, $user); return $user->ID; } }
/** * Returns the current user ID. * This function can be called before the init action hook. * * Much of this logic is taken from wp-includes/pluggable.php * * @since 1.0.0 * @internal * @return int|false */ public static function get_user_id() { static $User_id = false; if ($User_id) { // We already found the user-id, no need to do it again. return $User_id; } if (defined('DOING_CRON') && DOING_CRON) { // A cron request has no user credentials... return 0; } $cookie = wp_parse_auth_cookie(); if (!$cookie) { // Missing, expired or corrupt cookie. return 0; } $scheme = $cookie['scheme']; $username = $cookie['username']; $hmac = $cookie['hmac']; $token = $cookie['token']; $expiration = $cookie['expiration']; $user = get_user_by('login', $username); if (!$user) { // Invalid username. return 0; } $pass_frag = substr($user->user_pass, 8, 4); $key = wp_hash($username . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme); $algo = function_exists('hash') ? 'sha256' : 'sha1'; $hash = hash_hmac($algo, $username . '|' . $expiration . '|' . $token, $key); if (!hash_equals($hash, $hmac)) { // Forged/expired cookie value. return 0; } // Remember the user-ID so we don't have to validate everything again. $User_id = $user->ID; return $User_id; }
/** * Validates authentication cookie. * * The checks include making sure that the authentication cookie is set and * pulling in the contents (if $cookie is not used). * * Makes sure the cookie is not expired. Verifies the hash in cookie is what is * should be and compares the two. * * @since 2.5.0 * * @param string $cookie Optional. If used, will validate contents instead of cookie's * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in * @return bool|int False if invalid cookie, User ID if valid. */ function wp_validate_auth_cookie($cookie = '', $scheme = '') { if ( ! $cookie_elements = wp_parse_auth_cookie($cookie, $scheme) ) { /** * Fires if an authentication cookie is malformed. * * @since 2.7.0 * * @param string $cookie Malformed auth cookie. * @param string $scheme Authentication scheme. Values include 'auth', 'secure_auth', * or 'logged_in'. */ do_action( 'auth_cookie_malformed', $cookie, $scheme ); return false; } extract($cookie_elements, EXTR_OVERWRITE); $expired = $expiration; // Allow a grace period for POST and AJAX requests if ( defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD'] ) $expired += HOUR_IN_SECONDS; // Quick check to see if an honest cookie has expired if ( $expired < time() ) { /** * Fires once an authentication cookie has expired. * * @since 2.7.0 * * @param array $cookie_elements An array of data for the authentication cookie. */ do_action( 'auth_cookie_expired', $cookie_elements ); return false; } $user = get_user_by('login', $username); if ( ! $user ) { /** * Fires if a bad username is entered in the user authentication process. * * @since 2.7.0 * * @param array $cookie_elements An array of data for the authentication cookie. */ do_action( 'auth_cookie_bad_username', $cookie_elements ); return false; } $pass_frag = substr($user->user_pass, 8, 4); $key = wp_hash($username . $pass_frag . '|' . $expiration, $scheme); $hash = hash_hmac('md5', $username . '|' . $expiration, $key); if ( ! hash_equals( $hash, $hmac ) ) { /** * Fires if a bad authentication cookie hash is encountered. * * @since 2.7.0 * * @param array $cookie_elements An array of data for the authentication cookie. */ do_action( 'auth_cookie_bad_hash', $cookie_elements ); return false; } if ( $expiration < time() ) // AJAX/POST grace period set above $GLOBALS['login_grace_period'] = 1; /** * Fires once an authentication cookie has been validated. * * @since 2.7.0 * * @param array $cookie_elements An array of data for the authentication cookie. * @param WP_User $user User object. */ do_action( 'auth_cookie_valid', $cookie_elements, $user ); return $user->ID; }
function lls_update_session_last_activity() { if (!is_user_logged_in()) { return; } // get the login cookie from browser $logged_in_cookie = $_COOKIE[LOGGED_IN_COOKIE]; // check for valid auth cookie if (!($cookie_element = wp_parse_auth_cookie($logged_in_cookie))) { return; } // get the current session $manager = WP_Session_Tokens::get_instance(get_current_user_id()); $current_session = $manager->get($cookie_element['token']); if ($current_session['expiration'] <= time() || $current_session['last_activity'] + 5 * MINUTE_IN_SECONDS > time()) { return; } $current_session['last_activity'] = time(); $manager->update($cookie_element['token'], $current_session); }
/** * Validates authentication cookie. * * The checks include making sure that the authentication cookie is set and * pulling in the contents (if $cookie is not used). * * Makes sure the cookie is not expired. Verifies the hash in cookie is what is * should be and compares the two. * * @since 2.5.0 * * @param string $cookie Optional. If used, will validate contents instead of cookie's * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in * @return bool|int False if invalid cookie, User ID if valid. */ function wp_validate_auth_cookie($cookie = '', $scheme = '') { if (!($cookie_elements = wp_parse_auth_cookie($cookie, $scheme))) { /** * Fires if an authentication cookie is malformed. * * @since 2.7.0 * * @param string $cookie Malformed auth cookie. * @param string $scheme Authentication scheme. Values include 'auth', 'secure_auth', * or 'logged_in'. */ do_action('auth_cookie_malformed', $cookie, $scheme); return false; } $scheme = $cookie_elements['scheme']; $username = $cookie_elements['username']; $hmac = $cookie_elements['hmac']; $token = $cookie_elements['token']; $expired = $expiration = $cookie_elements['expiration']; // Allow a grace period for POST and AJAX requests if (defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD']) { $expired += HOUR_IN_SECONDS; } // Quick check to see if an honest cookie has expired if ($expired < time()) { /** * Fires once an authentication cookie has expired. * * @since 2.7.0 * * @param array $cookie_elements An array of data for the authentication cookie. */ do_action('auth_cookie_expired', $cookie_elements); return false; } $user = get_user_by('login', $username); if (!$user) { /** * Fires if a bad username is entered in the user authentication process. * * @since 2.7.0 * * @param array $cookie_elements An array of data for the authentication cookie. */ do_action('auth_cookie_bad_username', $cookie_elements); return false; } $pass_frag = substr($user->user_pass, 8, 4); $key = wp_hash($username . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme); // If ext/hash is not present, compat.php's hash_hmac() does not support sha256. $algo = function_exists('hash') ? 'sha256' : 'sha1'; $hash = hash_hmac($algo, $username . '|' . $expiration . '|' . $token, $key); if (!hash_equals($hash, $hmac)) { /** * Fires if a bad authentication cookie hash is encountered. * * @since 2.7.0 * * @param array $cookie_elements An array of data for the authentication cookie. */ do_action('auth_cookie_bad_hash', $cookie_elements); return false; } $manager = WP_Session_Tokens::get_instance($user->ID); if (!$manager->verify($token)) { do_action('auth_cookie_bad_session_token', $cookie_elements); return false; } // AJAX/POST grace period set above if ($expiration < time()) { $GLOBALS['login_grace_period'] = 1; } /** * Fires once an authentication cookie has been validated. * * @since 2.7.0 * * @param array $cookie_elements An array of data for the authentication cookie. * @param WP_User $user User object. */ do_action('auth_cookie_valid', $cookie_elements, $user); return $user->ID; }
/** * Validates authentication cookie. * * The checks include making sure that the authentication cookie is set and * pulling in the contents (if $cookie is not used). * * Makes sure the cookie is not expired. Verifies the hash in cookie is what is * should be and compares the two. * * @since 2.5 * * @param string $cookie Optional. If used, will validate contents instead of cookie's * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in * @return bool|int False if invalid cookie, User ID if valid. */ function wp_validate_auth_cookie($cookie = '', $scheme = '') { if (!($cookie_elements = wp_parse_auth_cookie($cookie, $scheme))) { do_action('auth_cookie_malformed', $cookie, $scheme); return false; } extract($cookie_elements, EXTR_OVERWRITE); $expired = $expiration; // Allow a grace period for POST and AJAX requests if (defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD']) { $expired += HOUR_IN_SECONDS; } // Quick check to see if an honest cookie has expired if ($expired < time()) { do_action('auth_cookie_expired', $cookie_elements); return false; } $user = get_user_by('login', $username); if (!$user) { do_action('auth_cookie_bad_username', $cookie_elements); return false; } $pass_frag = substr($user->user_pass, 8, 4); $key = wp_hash($username . $pass_frag . '|' . $expiration, $scheme); $hash = hash_hmac('md5', $username . '|' . $expiration, $key); if (!hash_equals($hash, $hmac)) { do_action('auth_cookie_bad_hash', $cookie_elements); return false; } if ($expiration < time()) { // AJAX/POST grace period set above $GLOBALS['login_grace_period'] = 1; } do_action('auth_cookie_valid', $cookie_elements, $user); return $user->ID; }
private static function _isUserRemembered($user) { $logged_in_cookie = wp_parse_auth_cookie('', 'logged_in'); $default_cookie_life = apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, RublonHelper::getUserId($user), false); $remember = $logged_in_cookie['expiration'] - time() > $default_cookie_life; return $remember; }
/** 4.0 and higher version - NOTE: I need a better way to do this. * Sets the authentication cookies based on user ID. * * The $remember parameter increases the time that the cookie will be kept. The * default the cookie is kept without remembering is two days. When $remember is * set, the cookies will be kept for 14 days or two weeks. * * @since 2.5.0 * * @param int $user_id User ID * @param bool $remember Whether to remember the user * @param mixed $secure Whether the admin cookies should only be sent over HTTPS. * Default is_ssl(). */ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') { if ($remember) { /** * Filter the duration of the authentication cookie expiration period. * * @since 2.8.0 * * @param int $length Duration of the expiration period in seconds. * @param int $user_id User ID. * @param bool $remember Whether to remember the user login. Default false. */ $expiration = time() + apply_filters('auth_cookie_expiration', 14 * DAY_IN_SECONDS, $user_id, $remember); /* * Ensure the browser will continue to send the cookie after the expiration time is reached. * Needed for the login grace period in wp_validate_auth_cookie(). */ $expire = $expiration + 12 * HOUR_IN_SECONDS; } else { /** This filter is documented in wp-includes/pluggable.php */ $expiration = time() + apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember); $expire = 0; } $expire = apply_filters('auth_cookie_expire_time', $expire, $user_id, $remember, $expiration); if ('' === $secure) { $secure = is_ssl(); } // Frontend cookie is secure when the auth cookie is secure and the site's home URL is forced HTTPS. $secure_logged_in_cookie = $secure && 'https' === parse_url(get_option('home'), PHP_URL_SCHEME); /** * Filter whether the connection is secure. * * @since 3.1.0 * * @param bool $secure Whether the connection is secure. * @param int $user_id User ID. */ $secure = apply_filters('secure_auth_cookie', $secure, $user_id); /** * Filter whether to use a secure cookie when logged-in. * * @since 3.1.0 * * @param bool $secure_logged_in_cookie Whether to use a secure cookie when logged-in. * @param int $user_id User ID. * @param bool $secure Whether the connection is secure. */ $secure_logged_in_cookie = apply_filters('secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure); if ($secure) { $auth_cookie_name = SECURE_AUTH_COOKIE; $scheme = 'secure_auth'; } else { $auth_cookie_name = AUTH_COOKIE; $scheme = 'auth'; } $manager = WP_Session_Tokens::get_instance($user_id); $current_cookie = wp_parse_auth_cookie('', 'logged_in'); if (!$current_cookie || !isset($current_cookie['token'])) { $token = $manager->create($expiration); } else { $token = $current_cookie['token']; $sess = $manager->get($token); $sess['expiration'] = $expiration; $manager->update($token, $sess); } $auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme, $token); $logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in', $token); /** * Fires immediately before the authentication cookie is set. * * @since 2.5.0 * * @param string $auth_cookie Authentication cookie. * @param int $expire Login grace period in seconds. Default 43,200 seconds, or 12 hours. * @param int $expiration Duration in seconds the authentication cookie should be valid. * Default 1,209,600 seconds, or 14 days. * @param int $user_id User ID. * @param string $scheme Authentication scheme. Values include 'auth', 'secure_auth', or 'logged_in'. */ do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme); /** * Fires immediately before the secure authentication cookie is set. * * @since 2.6.0 * * @param string $logged_in_cookie The logged-in cookie. * @param int $expire Login grace period in seconds. Default 43,200 seconds, or 12 hours. * @param int $expiration Duration in seconds the authentication cookie should be valid. * Default 1,209,600 seconds, or 14 days. * @param int $user_id User ID. * @param string $scheme Authentication scheme. Default 'logged_in'. */ do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in'); setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true); setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true); setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true); if (COOKIEPATH != SITECOOKIEPATH) { setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true); } }
/** * Calculates the user ID and Session Token to be used when calculating the Cache Key * @return string */ function get_user_session() { if (!is_user_logged_in()) { return ''; } /** * @see wp_get_session_token() */ $cookie = wp_parse_auth_cookie('', 'logged_in'); $token = !empty($cookie['token']) ? $cookie['token'] : ''; return get_current_user_id() . '_' . $token; }
function wp_validate_auth_cookie($cookie = '', $scheme = '') { if (OPENSSO_ENABLED) { // Quick hack to get round the fact that '+' often gets decoded to ' ' $ssotoken = str_replace(' ', '+', $_COOKIE[OPENSSO_COOKIE_NAME]); // Is there an SSO token? if (empty($ssotoken)) { return false; } // Is the token valid? switch (opensso_is_token_valid($ssotoken)) { case 0: // Session expired return false; case -1: // Error validating token do_action('auth_cookie_malformed', $cookie, $scheme); return false; } $username = opensso_get_name($ssotoken); } else { if (!($cookie_elements = wp_parse_auth_cookie($cookie, $scheme))) { do_action('auth_cookie_malformed', $cookie, $scheme); return false; } extract($cookie_elements, EXTR_OVERWRITE); $expired = $expiration; // Allow a grace period for POST and AJAX requests if (defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD']) { $expired += 3600; } // Quick check to see if an honest cookie has expired if ($expired < time()) { do_action('auth_cookie_expired', $cookie_elements); return false; } } $user = get_userdatabylogin($username); if (!$user) { do_action('auth_cookie_bad_username', $cookie_elements); return false; } if (!OPENSSO_ENABLED) { $pass_frag = substr($user->user_pass, 8, 4); $key = wp_hash($username . $pass_frag . '|' . $expiration, $scheme); $hash = hash_hmac('md5', $username . '|' . $expiration, $key); if ($hmac != $hash) { do_action('auth_cookie_bad_hash', $cookie_elements); return false; } } do_action('auth_cookie_valid', $cookie_elements, $user); return $user->ID; }
/** * Return whether or not the current logged in user is being remembered in the form of a persistent browser cookie * (ie. they checked the 'Remember Me' check box when they logged in). This is used to persist the 'remember me' * value when the user switches to another user. * * @return bool Whether the current user is being 'remembered' or not. */ public static function remember() { /** * Filter the duration of the authentication cookie expiration period. * * This matches the WordPress core filter in `wp_set_auth_cookie()`. * * @since 0.2.2 * * @param int $length Duration of the expiration period in seconds. * @param int $user_id User ID. * @param bool $remember Whether to remember the user login. Default false. */ $cookie_life = apply_filters('auth_cookie_expiration', 172800, get_current_user_id(), false); $current = wp_parse_auth_cookie('', 'logged_in'); # Here we calculate the expiration length of the current auth cookie and compare it to the default expiration. # If it's greater than this, then we know the user checked 'Remember Me' when they logged in. return $current['expiration'] - time() > $cookie_life; }
} } if (empty($_COOKIE[$cookie_name])) { return false; } $cookie = $_COOKIE[$cookie_name]; } $cookie_elements = explode('|', $cookie); if (count($cookie_elements) != 3) { return false; } list($username, $expiration, $hmac) = $cookie_elements; return compact('username', 'expiration', 'hmac', 'scheme'); } } if ($cookie_elements = wp_parse_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in')) { extract($cookie_elements, EXTR_OVERWRITE); $expired = $expiration; // Allow a grace period for POST and AJAX requests if (defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD']) { $expired += HOUR_IN_SECONDS; } // Quick check to see if an honest cookie has expired if ($expired >= time()) { $CI_USER = get_user_by('login', $username); } } $ci_path = get_option('wp_igniter_ci_path'); $cwd = getcwd(); $errmsg = ''; // always force CodeIgniter to load it's default controller,
/** * Validates authentication cookie. * * The checks include making sure that the authentication cookie is set and * pulling in the contents (if $cookie is not used). * * Makes sure the cookie is not expired. Verifies the hash in cookie is what is * should be and compares the two. * * @since 2.5 * * @param string $cookie Optional. If used, will validate contents instead of cookie's * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in * @return bool|int False if invalid cookie, User ID if valid. */ function wp_validate_auth_cookie($cookie = '', $scheme = '') { if (!($cookie_elements = wp_parse_auth_cookie($cookie, $scheme))) { do_action('auth_cookie_malformed', $cookie, $scheme); return false; } extract($cookie_elements, EXTR_OVERWRITE); $expired = $expiration; // Allow a grace period for POST and AJAX requests if (defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD']) { $expired += 3600; } // Quick check to see if an honest cookie has expired if ($expired < time()) { do_action('auth_cookie_expired', $cookie_elements); return false; } $key = wp_hash($username . '|' . $expiration, $scheme); $hash = hash_hmac('md5', $username . '|' . $expiration, $key); if ($hmac != $hash) { do_action('auth_cookie_bad_hash', $cookie_elements); return false; } $user = get_userdatabylogin($username); if (!$user) { do_action('auth_cookie_bad_username', $cookie_elements); return false; } do_action('auth_cookie_valid', $cookie_elements, $user); return $user->ID; }
/** * Run the plugin! * Check current user, load nessesary data and register all used hooks * * @since 0.1 * @access private * @return void */ private function run() { // Not needed, the delete_user actions already remove all metadata //add_action( 'remove_user_from_blog', array( $this->store, 'delete_user_meta' ) ); //add_action( 'wpmu_delete_user', array( $this->store, 'delete_user_meta' ) ); //add_action( 'wp_delete_user', array( $this->store, 'delete_user_meta' ) ); if (is_user_logged_in()) { $this->store->set_nonce('view-admin-as'); // Get the current user $this->store->set_curUser(wp_get_current_user()); // Get the current user session if (function_exists('wp_get_session_token')) { // WP 4.0+ $this->store->set_curUserSession((string) wp_get_session_token()); } else { $cookie = wp_parse_auth_cookie('', 'logged_in'); if (!empty($cookie['token'])) { $this->store->set_curUserSession((string) $cookie['token']); } else { // Fallback. This disables the use of multiple views in different sessions $this->store->set_curUserSession($this->store->get_curUser()->ID); } } /** * Validate if the current user has access to the functionalities * * @since 0.1 Check if the current user had administrator rights (is_super_admin) * Disable plugin functions for nedwork admin pages * @since 1.4 Make sure we have a session for the current user * @since 1.5.1 If a user has the correct capability (view_admin_as + edit_users) this plugin is also enabled, use with care * Note that in network installations the non-admin user also needs the manage_network_users capability (of not the edit_users will return false) * @since 1.5.3 Enable on network pages for superior admins */ if ((is_super_admin($this->store->get_curUser()->ID) || current_user_can('view_admin_as') && current_user_can('edit_users')) && (!is_network_admin() || VAA_API::is_superior_admin($this->store->get_curUser()->ID)) && $this->store->get_curUserSession() != '') { $this->enable = true; } // Get database settings $this->store->set_optionData(get_option($this->store->get_optionKey())); // Get database settings of the current user $this->store->set_userMeta(get_user_meta($this->store->get_curUser()->ID, $this->store->get_userMetaKey(), true)); $this->load_modules(); // Check if a database update is needed VAA_View_Admin_As_Update::get_instance($this)->maybe_db_update(); if ($this->is_enabled()) { // Fix some compatibility issues, more to come! VAA_View_Admin_As_Compat::get_instance($this)->init(); $this->store->store_caps(); $this->store->store_roles(); $this->store->store_users(); $this->view->init(); $this->load_ui(); // Dúh.. add_action('admin_enqueue_scripts', array($this, 'enqueue_scripts')); add_action('wp_enqueue_scripts', array($this, 'enqueue_scripts')); add_filter('wp_die_handler', array($this, 'die_handler')); /** * Init is finished. Hook is used for other classes related to View Admin As * @since 1.5 * @param object $this VAA_View_Admin_As */ do_action('vaa_view_admin_as_init', $this); } else { // Extra security check for non-admins who did something naughty or we're demoted to a lesser role // If they have settings etc. we'll keep them in case they get promoted again add_action('wp_login', array($this, 'reset_all_views'), 10, 2); } } }
public function user_lang_by_authcookie() { $username = ''; if (function_exists('wp_parse_auth_cookie')) { $cookie_data = wp_parse_auth_cookie(); $username = isset($cookie_data['username']) ? $cookie_data['username'] : null; } $user_obj = new WP_User(null, $username); $user_id = isset($user_obj->ID) ? $user_obj->ID : 0; $user_lang = $this->get_user_admin_language($user_id); $user_lang = $user_lang ? $user_lang : $this->get_current_language(); return $user_lang; }
*/ // Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead // We then have to validate the cookie manually. NOTE: WordPress functions, like // get_current_user_id() and the like are NOT available in this file. if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) ) $_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie']; elseif ( empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) ) $_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie']; if ( empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie']) ) $_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie']; header('Content-Type: text/plain; charset=' . get_option('blog_charset')); if (wp_validate_auth_cookie()) { $results = wp_parse_auth_cookie(); $logged_in = FALSE; if (isset($results['username']) && isset($results['expiration'])) { if (time() < floatval($results['expiration'])) { if (($userdata = get_userdatabylogin($results['username']))) $logged_in = $userdata->ID; } } if (!$logged_in) die("Login failure. -1"); else if (!user_can($logged_in, 'NextGEN Upload images')) { die('You do not have permission to upload files. -2'); } } //check for nggallery
/** * Retrieve the current session token from the logged_in cookie. * * @since 4.0.0 * * @return string Token. */ function wp_get_session_token() { $cookie = wp_parse_auth_cookie('', 'logged_in'); return !empty($cookie['token']) ? $cookie['token'] : ''; }
/** * custom user login form, output by [user_register] shortcode * * @param bool $use_default_links * @param string $html */ function mgm_user_login_form($use_default_links = true) { //fb logins i.e. facebook connect errors global $fb_errors; // hide from logged in user if (is_user_logged_in()) { // not logout call to self if (mgm_get_var('action', '', true) != 'logout') { return __('You are already logged in!', 'mgm'); } } // check auto login if ($html = mgm_try_auto_login()) { return $html; } // init errors $fb_errors = $errors = null; // system $system_obj = mgm_get_class('system'); // process hooked logins i.e. facebook connect do_action('mgm_user_login_pre_process'); // check security before processing form if (isset($_POST['log'])) { if (!wp_verify_nonce(mgm_post_var('_mgmnonce_user_login'), 'user_login')) { mgm_security_error('user_login'); } } // issue #1203 if (empty($fb_errors)) { $errors = mgm_process_user_login(); } else { $errors = $fb_errors; } // action $form_action = mgm_get_custom_url('login'); // init $user_login = $user_pwd = $html = ''; //check logged in cookie: $rememberme = !empty($_POST['rememberme']); $interim_login = isset($_REQUEST['interim-login']); // login if (isset($_POST['log'])) { $user_login = esc_attr(stripslashes($_POST['log'])); // issue# 525 } elseif ($cookie_userid = wp_validate_auth_cookie('', 'logged_in')) { //check a valid logged cookie exists // cookie $arr_loggedin_cookie = wp_parse_auth_cookie('', 'logged_in'); // get mgm_member $member = mgm_get_member($cookie_userid); // mark checked $rememberme = true; // get login from cookie $user_login = esc_attr(stripslashes($arr_loggedin_cookie['username'])); // password from member object // issue#: 672 $user_pwd = mgm_decrypt_password($member->user_password, $cookie_userid); } // redirect $redirect_to = isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : ''; // start html $html = ''; // set error ! if (isset($errors) && is_object($errors)) { // get error if ($error_html = mgm_set_errors($errors, true)) { $html .= $error_html; } } // check if (bool_from_yn($system_obj->get_setting('enable_email_as_username'))) { $email_username_label = __('Email', 'mgm'); } else { $email_username_label = __('Username', 'mgm'); } // start form $html .= '<form class="mgm_form" name="loginform" id="loginform" action="' . $form_action . '" method="post"> <div> <label>' . $email_username_label . '<br /> <input type="text" name="log" id="user_login" class="input" value="' . esc_attr($user_login) . '" size="40" tabindex="10" /></label> </div> <div> <label>' . __('Password', 'mgm') . '<br /> <input type="password" name="pwd" id="user_pass" class="input" value="' . esc_attr($user_pwd) . '" size="40" tabindex="20" /></label> </div>'; //Issue #782 $html .= mgm_get_captcha_field('mgm_login_field'); // login form, fetch as return // do_action('login_form'); // custom $html .= apply_filters('mgm_login_form', $html); // forget $html .= '<div class="forgetmenot"> <label> <input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90" ' . checked($rememberme, true, false) . ' /> ' . __('Remember Me', 'mgm') . ' </label> </div>'; // buttons $buttons = array(sprintf('<input class="button mgm-login-button" type="submit" name="wp-submit" id="wp-submit" value="%s" tabindex="100" />', __('Log In', 'mgm'))); // apply filters $buttons_s = implode(apply_filters('mgm_login_form_buttons_sep', ' '), apply_filters('mgm_login_form_buttons', $buttons)); // append $html .= sprintf('<div class="login-page-buttons">%s</div>', $buttons_s); if ($system_obj->get_setting('disable_testcookie') == 'N') { // hiddens $html .= '<input type="hidden" name="testcookie" value="1" /> '; } // intrim if ($interim_login) { $html .= '<input type="hidden" name="interim-login" value="1" />'; } else { $html .= '<input type="hidden" name="redirect_to" value="' . esc_attr($redirect_to) . '" />'; } // nonce $html .= wp_nonce_field('user_login', '_mgmnonce_user_login', true, false); // end form $html .= '</form>'; // after links $links = array(); // interim_login if (!$interim_login) { // check mail will not have any if (!isset($_GET['checkemail']) || isset($_GET['checkemail']) && !in_array($_GET['checkemail'], array('confirm', 'newpass'))) { // register if (get_option('users_can_register')) { $links[] = sprintf('<a class="mgm-register-link" href="%s">%s</a>', mgm_get_custom_url('register'), __('Register', 'mgm')); } // lostpassword $links[] = sprintf('<a class="mgm-lostpassword-link" href="%s" title="%s">%s</a>', mgm_get_custom_url('lostpassword'), __('Password Lost and Found', 'mgm'), __('Lost your password?', 'mgm')); } } // apply filters $links_s = implode(apply_filters('mgm_login_form_after_links_sep', ' | '), apply_filters('mgm_login_form_after_links', $links)); // appaend $html .= sprintf('<div class="login-page-links">%s</div>', $links_s); // scripts & styles -------------------- // focus $focus = $user_login || $interim_login ? 'user_pass' : 'user_login'; // script $script = 'function wp_attempt_focus(){setTimeout( function(){ try{ d = document.getElementById("' . $focus . '"); d.focus();} catch(e){}}, 200);}'; // focus if (@(!$error)) { $script .= 'wp_attempt_focus();'; } // script $script = sprintf('<script type="text/javascript">%s</script>', apply_filters('mgm_login_form_inline_script', $script)); // scripts $html .= apply_filters('mgm_login_form_scripts', $script); // style $style = '.login-page-links, .login-page-buttons{margin-top:10px; clear:both}'; // style $style = sprintf('<style type="text/css">%s</style>', apply_filters('mgm_login_form_inline_style', $style)); // style $html .= apply_filters('mgm_login_form_styles', $style); // apply filters and return return apply_filters('mgm_login_form_html', $html); }