public static function authenticateWithToken($token) { global $wpdb; $response = array('error' => false); if (strlen($token) < 32) { $response['error'] = true; $response['errorType'] = 'UserException'; $response['errorMessage'] = __('Invalid token', 'bim-bcf-management'); } else { $userId = $wpdb->get_var($wpdb->prepare("SELECT user_id\n FROM {$wpdb->usermeta}\n WHERE meta_key LIKE '_bcf_viewer_token_%%' AND meta_value COLLATE utf8_bin LIKE %s", $token)); if ($userId != '') { $timestamp = get_user_meta($userId, '_bcf_viewer_timestamp', true); if ($timestamp > time()) { // Token is valid $serverId = $wpdb->get_var($wpdb->prepare("SELECT meta_key\n FROM {$wpdb->usermeta}\n WHERE meta_key LIKE '_bcf_viewer_token_%%' AND meta_value COLLATE utf8_bin LIKE %s AND user_id = %d", $token, $userId)); $serverId = str_replace('_bcf_viewer_token_', '', $serverId); $server = BIMsie::getServerById($serverId, $userId); if ($server !== false) { $tokenData = get_user_meta($userId, 'bimsie_token', true); if (isset($tokenData) && $tokenData != '' && $tokenData['timestamp'] > time() - Bimsie::$tokenTimeout) { // Token is still valid $token = BIMsie::updateTokenTimestamp($userId); } else { $token = BIMsie::updateTokenTimestamp($userId, BIMSie::generateToken()); } $response['result'] = array('bimserver_url' => $server['uri'], 'bimserver_username' => $server['username'], 'bimserver_password' => $server['password'], 'bcfserver_token' => $token); } else { $response['error'] = true; $response['errorType'] = 'UserException'; $response['errorMessage'] = __('Invalid token', 'bim-bcf-management'); } } else { $response['error'] = true; $response['errorType'] = 'UserException'; $response['errorMessage'] = __('Expired token', 'bim-bcf-management'); } } else { $response['error'] = true; $response['errorType'] = 'UserException'; $response['errorMessage'] = __('Invalid token', 'bim-bcf-management'); } } return $response; }
<?php include '../../../wp-config.php'; if (isset($_POST['method'])) { $serverId = -1; $token = false; $response = array(); // Server selected by id if (isset($_POST['serverId']) && ctype_digit($_POST['serverId'])) { $serverId = $_POST['serverId']; $server = BIMsie::getServerById($serverId); if ($server !== false) { $uri = $server['uri']; $noServer = false; if ($server['remember'] == 1) { $username = $server['username']; $password = $server['password']; if (isset($server['tokenValid']) && $server['tokenValid'] > time()) { $token = $server['token']; } } else { $username = isset($_POST['username']) ? $_POST['username'] : ''; $password = isset($_POST['password']) ? $_POST['password'] : ''; } } } // New server added if ($serverId == -1 && isset($_POST['serverURI']) && $_POST['serverURI'] != '' && isset($_POST['username']) && isset($_POST['password'])) { $uri = $_POST['serverURI']; $username = $_POST['username']; $password = $_POST['password'];