public static function authenticateWithToken($token)
{
global $wpdb;
$response = array('error' => false);
if (strlen($token) < 32) {
$response['error'] = true;
$response['errorType'] = 'UserException';
$response['errorMessage'] = __('Invalid token', 'bim-bcf-management');
} else {
$userId = $wpdb->get_var($wpdb->prepare("SELECT user_id\n FROM {$wpdb->usermeta}\n WHERE meta_key LIKE '_bcf_viewer_token_%%' AND meta_value COLLATE utf8_bin LIKE %s", $token));
if ($userId != '') {
$timestamp = get_user_meta($userId, '_bcf_viewer_timestamp', true);
if ($timestamp > time()) {
// Token is valid
$serverId = $wpdb->get_var($wpdb->prepare("SELECT meta_key\n FROM {$wpdb->usermeta}\n WHERE meta_key LIKE '_bcf_viewer_token_%%' AND meta_value COLLATE utf8_bin LIKE %s AND user_id = %d", $token, $userId));
$serverId = str_replace('_bcf_viewer_token_', '', $serverId);
$server = BIMsie::getServerById($serverId, $userId);
if ($server !== false) {
$tokenData = get_user_meta($userId, 'bimsie_token', true);
if (isset($tokenData) && $tokenData != '' && $tokenData['timestamp'] > time() - Bimsie::$tokenTimeout) {
// Token is still valid
$token = BIMsie::updateTokenTimestamp($userId);
} else {
$token = BIMsie::updateTokenTimestamp($userId, BIMSie::generateToken());
}
$response['result'] = array('bimserver_url' => $server['uri'], 'bimserver_username' => $server['username'], 'bimserver_password' => $server['password'], 'bcfserver_token' => $token);
} else {
$response['error'] = true;
$response['errorType'] = 'UserException';
$response['errorMessage'] = __('Invalid token', 'bim-bcf-management');
}
} else {
$response['error'] = true;
$response['errorType'] = 'UserException';
$response['errorMessage'] = __('Expired token', 'bim-bcf-management');
}
} else {
$response['error'] = true;
$response['errorType'] = 'UserException';
$response['errorMessage'] = __('Invalid token', 'bim-bcf-management');
}
}
return $response;
}
<?php
include '../../../wp-config.php';
if (isset($_POST['method'])) {
$serverId = -1;
$token = false;
$response = array();
// Server selected by id
if (isset($_POST['serverId']) && ctype_digit($_POST['serverId'])) {
$serverId = $_POST['serverId'];
$server = BIMsie::getServerById($serverId);
if ($server !== false) {
$uri = $server['uri'];
$noServer = false;
if ($server['remember'] == 1) {
$username = $server['username'];
$password = $server['password'];
if (isset($server['tokenValid']) && $server['tokenValid'] > time()) {
$token = $server['token'];
}
} else {
$username = isset($_POST['username']) ? $_POST['username'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';
}
}
}
// New server added
if ($serverId == -1 && isset($_POST['serverURI']) && $_POST['serverURI'] != '' && isset($_POST['username']) && isset($_POST['password'])) {
$uri = $_POST['serverURI'];
$username = $_POST['username'];
$password = $_POST['password'];
