Utility function, return the current url
| public static getCurrentUrl ( boolean $request_uri = true ) : string | ||
| $request_uri | boolean | true to get $_SERVER['REQUEST_URI'], false for $_SERVER['PHP_SELF'] |
| return | string | |
/**
* Process OpenID realm request
*/
public static function processOpenidRealm()
{
$output = str_replace("{X_XRDS_LOCATION}", htmlentities(Hybrid_Auth::getCurrentUrl(false), ENT_QUOTES, 'UTF-8') . "?get=openid_xrds&v=" . Hybrid_Auth::$version, file_get_contents(dirname(__FILE__) . "/resources/openid_realm.html"));
print $output;
@session_write_close();
die;
}
/**
* Process OpenID realm request
*/
public static function processOpenidRealm()
{
print '<pre>';
print_r(Hybrid_Auth::$config);
exit;
$output = str_replace("{X_XRDS_LOCATION}", htmlentities(Hybrid_Auth::getCurrentUrl(false), ENT_QUOTES, 'UTF-8') . "?get=openid_xrds&v=" . Hybrid_Auth::$version, file_get_contents(Hybrid_Auth::$config['path_Hybrid'] . "resources/openid_realm.html"));
print $output;
die;
}
/**
* Setup an adapter for a given provider
*/
public static function setup($providerId, $params = NULL)
{
Hybrid_Logger::debug("Enter Hybrid_Auth::setup( {$providerId} )", $params);
if (!$params) {
$params = Hybrid_Auth::storage()->get("hauth_session.{$providerId}.id_provider_params");
Hybrid_Logger::debug("Hybrid_Auth::setup( {$providerId} ), no params given. Trying to get the sotred for this provider.", $params);
}
if (!$params) {
$params = array();
Hybrid_Logger::info("Hybrid_Auth::setup( {$providerId} ), no stored params found for this provider. Initialize a new one for new session");
}
if (!isset($params["hauth_return_to"])) {
$params["hauth_return_to"] = Hybrid_Auth::getCurrentUrl();
}
Hybrid_Logger::debug("Hybrid_Auth::setup( {$providerId} ). HybridAuth Callback URL set to: ", $params["hauth_return_to"]);
# instantiate a new IDProvider Adapter
$provider = new Hybrid_Provider_Adapter();
$provider->factory($providerId, $params);
return $provider;
}
// with /index.php?hauth.done={provider}?{args}...
if (strrpos($_SERVER["QUERY_STRING"], '?')) {
$_SERVER["QUERY_STRING"] = str_replace("?", "&", $_SERVER["QUERY_STRING"]);
parse_str($_SERVER["QUERY_STRING"], $_REQUEST);
}
$provider_id = trim(strip_tags($_REQUEST["hauth_done"]));
$hauth = Hybrid_Auth::setup($provider_id);
if (!$hauth) {
Hybrid_Logger::error("Endpoint: Invalide parameter on hauth_done!");
$hauth->adapter->setUserUnconnected();
header("HTTP/1.0 404 Not Found");
die("Invalide parameter! Please return to the login page and try again.");
}
try {
Hybrid_Logger::info("Endpoint: call adapter [{$provider_id}] loginFinish() ");
$hauth->adapter->loginFinish();
} catch (Exception $e) {
Hybrid_Logger::error("Exception:" . $e->getMessage(), $e);
Hybrid_Error::setError($e->getMessage(), $e->getCode(), $e->getTraceAsString(), $e);
$hauth->adapter->setUserUnconnected();
}
Hybrid_Logger::info("Endpoint: job done. retrun to callback url.");
$hauth->returnToCallbackUrl();
die;
}
} else {
# Else,
# We advertise our XRDS document, something supposed to be done from the Realm URL page
echo str_replace("{X_XRDS_LOCATION}", Hybrid_Auth::getCurrentUrl(false) . "?get=openid_xrds&v=" . Hybrid_Auth::$version, file_get_contents(dirname(__FILE__) . "/Hybrid/resources/openid_realm.html"));
die;
}
/**
* Process OpenID realm request
*/
public static function processOpenidRealm()
{
$output = str_replace("{X_XRDS_LOCATION}", Hybrid_Auth::getCurrentUrl(false) . "?get=openid_xrds&v=" . Hybrid_Auth::$version, file_get_contents(dirname(__FILE__) . "/resources/openid_realm.html"));
print $output;
die;
}
/**
* Process OpenID realm request
*/
protected function processOpenidRealm()
{
$template = '<html>
<head>
<title>HybridAuth Endpoint</title>
<meta name="robots" content="NOINDEX, NOFOLLOW">
<meta http-equiv="X-XRDS-Location" content="{X_XRDS_LOCATION}" />
</head>
<body>
<h3 style="margin-bottom: 2px;">HybridAuth</h3>
Open Source Social Sign On PHP Library.
<br />
<a href="http://hybridauth.sourceforge.net/" style="color:green;text-decoration:none;">hybridauth.sourceforge.net/</a>
</body>
</html>
';
$output = str_replace("{X_XRDS_LOCATION}", htmlentities(Hybrid_Auth::getCurrentUrl(false), ENT_QUOTES, 'UTF-8') . "?get=openid_xrds&v=" . Hybrid_Auth::$version, $template);
return $output;
}
/**
* Setup an adapter for a given provider
*/
public static function setup($providerId, $params = NULL)
{
if (!$params) {
$params = Hybrid_Auth::storage()->get("hauth_session.{$providerId}.id_provider_params");
}
if (!$params) {
$params = array();
}
if (is_array($params) && !isset($params["hauth_return_to"])) {
$params["hauth_return_to"] = Hybrid_Auth::getCurrentUrl();
}
# instantiate a new IDProvider Adapter
$provider = new Hybrid_Provider_Adapter();
$provider->factory($providerId, $params);
return $provider;
}
function wsl_component_tools_do_diagnostics()
{
?>
<style>
table td, table th { border: 1px solid #DDDDDD; }
table th label { font-weight: bold; }
</style>
<div class="metabox-holder columns-2" id="post-body">
<div class="stuffbox">
<h3>
<label><?php
_wsl_e("WordPress Social Login Diagnostics", 'wordpress-social-login');
?>
</label>
</h3>
<div class="inside">
<br />
<table class="wp-list-table widefat">
<?php
$test = version_compare(PHP_VERSION, '5.2.0', '>=');
// $test = 0;
?>
<tr>
<th width="200">
<label>PHP Version</label>
</th>
<td>
<p>PHP >= 5.2.0 installed.</p>
<?php
if (!$test) {
?>
<div class="fade error" style="margin: 20px 0;">
<p><b>Error</b>: An old version of PHP is installed.</p>
<p>The solution is to make a trouble ticket to your web host and request them to upgrade to newer version of PHP.</p>
</div>
<?php
}
?>
</td>
<td width="60">
<?php
if ($test) {
echo "<b style='color:green;'>OK!</b>";
} else {
echo "<b style='color:red;'>FAIL!</b>";
}
?>
</td>
</tr>
<?php
$test = isset($_SESSION["wsl::plugin"]) && $_SESSION["wsl::plugin"];
// $test = 0;
?>
<tr>
<th width="200">
<label>PHP Sessions</label>
</th>
<td>
<p>PHP/Session must be enabled and working.</p>
<?php
if (!$test) {
?>
<div class="fade error" style="margin: 20px 0;">
<p><b>Error</b>: PHP Sessions are not working as expected.</p>
<p>
This error may occur for many reasons:
</p>
<p>
1. PHP session are either disabled, renamed or there is files permissions issues.
</p>
<p>
2. When using a reverse proxy like Varnish or a caching engine that might strip cookies. On this case, WSL will requires these two urls to be white-listed:
</p>
<div style="background-color: #FFFFE0;border:1px solid #E6DB55; border-radius: 3px;padding: 10px;margin:2px;">
<?php
echo '<a href="' . site_url('wp-login.php', 'login_post') . '" target="_blank">' . site_url('wp-login.php', 'login_post') . '</a>';
echo '<br />';
echo '<a href="' . WORDPRESS_SOCIAL_LOGIN_HYBRIDAUTH_ENDPOINT_URL . '" target="_blank">' . WORDPRESS_SOCIAL_LOGIN_HYBRIDAUTH_ENDPOINT_URL . '</a>';
?>
</div>
</div>
<?php
} else {
?>
<hr />
<h4>Notes:</h4>
<p>
1. If you're hosting your website on <b>WP Engine</b>, refer this topic: <a href="https://wordpress.org/support/topic/500-internal-server-error-when-redirecting" target="_blank">https://wordpress.org/support/topic/500-internal-server-error-when-redirecting</a>
</p>
<p>2. In case you're using a reverse proxy like Varnish or a caching engine that might strip cookies, WSL will requires these two urls to be white-listed:</p>
<div style="background-color: #FFFFE0;border:1px solid #E6DB55; border-radius: 3px;padding: 10px;margin:2px;">
<?php
echo '<a href="' . site_url('wp-login.php', 'login_post') . '" target="_blank">' . site_url('wp-login.php', 'login_post') . '</a>';
echo '<br />';
echo '<a href="' . WORDPRESS_SOCIAL_LOGIN_HYBRIDAUTH_ENDPOINT_URL . '" target="_blank">' . WORDPRESS_SOCIAL_LOGIN_HYBRIDAUTH_ENDPOINT_URL . '</a>';
?>
</div>
<?php
}
?>
</td>
<td>
<?php
if ($test) {
echo "<b style='color:green;'>OK!</b>";
} else {
echo "<b style='color:red;'>FAIL!</b>";
}
?>
</td>
</tr>
<?php
$test = false;
if (function_exists('curl_init')) {
$curl_version = curl_version();
if ($curl_version['features'] & CURL_VERSION_SSL) {
$test = true;
}
}
// $test = 0;
?>
<tr>
<th width="200">
<label>PHP CURL/SSL Extension</label>
</th>
<td>
<p>PHP CURL extension with SSL must be enabled and working.</p>
<?php
if (!$test) {
?>
<div class="fade error" style="margin: 20px 0;">
<p><b>Error</b>: CURL library is either not installed or SSL is not enabled.</p>
<p>The solution is to make a trouble ticket to your web host and request them to enable the PHP CURL.</p>
</div>
<?php
}
?>
</td>
<td>
<?php
if ($test) {
echo "<b style='color:green;'>OK!</b>";
} else {
echo "<b style='color:red;'>FAIL!</b>";
}
?>
</td>
</tr>
<?php
$test = !ini_get('register_globals') ? true : false;
// $test = 0;
?>
<tr>
<th width="200">
<label>PHP Register Globals</label>
</th>
<td>
<p>PHP Register Globals must be OFF.</p>
<?php
if (!$test) {
?>
<div class="fade error" style="margin: 20px 0;">
<p><b>Error</b>: REGISTER_GLOBALS are On.</p>
<p>This will prevent WSL from working properly and will result on an infinite loop on the authentication page.</p>
<p>The solution is to make a trouble ticket with your web host to disable it, Or, if you have a dedicated server and you know what are you doing then edit php.ini file and turn it Off.</p>
</div>
<?php
}
?>
</td>
<td>
<?php
if ($test) {
echo "<b style='color:green;'>OK!</b>";
} else {
echo "<b style='color:red;'>FAIL!</b>";
}
?>
</td>
</tr>
<!-- this should keep Mika happy -->
<tr>
<th width="200">
<label>WSL end-points</label>
</th>
<td>
<p>Check if WSL end-points urls are reachable.</p>
<div id="end_points_warn" class="fade error" style="margin: 20px 0;display:none;">
<p><b>Error</b>: Your web server returned <span id="end_points_error"></span> when checking WSL end-points.</p>
<p>This issue usually happen when :</p>
<p>1. Your web host uses <code>mod_security</code> to block requests containing URLs (eg. hosts like HostGator, GoDaddy and The Planet). On this case, you should contact your provider to have WSL end-points urls white-listed.</p>
<p>2. There is a <code>.htaccess</code> file that prevent direct access to the WordPress plugins directory.</p>
<p>In any case, WSL requires this url to be white-listed:</p>
<div style="background-color: #FFFFE0;border:1px solid #E6DB55; border-radius: 3px;padding: 10px;margin:2px;">
<?php
echo '<a href="' . WORDPRESS_SOCIAL_LOGIN_HYBRIDAUTH_ENDPOINT_URL . '" target="_blank">' . WORDPRESS_SOCIAL_LOGIN_HYBRIDAUTH_ENDPOINT_URL . '</a>';
?>
</div>
</div>
<div id="end_points_note" style="margin: 20px 0;">
<hr />
<p><b>Note</b>: In case you're using <code>mod_security</code> to block requests containing URLs or a <code>.htaccess</code> file to protect the WordPress plugins directory, WSL will requires this url to be white-listed:</p>
<div style="background-color: #FFFFE0;border:1px solid #E6DB55; border-radius: 3px;padding: 10px;margin:2px;">
<?php
echo '<a href="' . WORDPRESS_SOCIAL_LOGIN_HYBRIDAUTH_ENDPOINT_URL . '" target="_blank">' . WORDPRESS_SOCIAL_LOGIN_HYBRIDAUTH_ENDPOINT_URL . '</a>';
?>
</div>
</div>
<p>You may double-check this test manually by clicking this <a href="<?php
echo WORDPRESS_SOCIAL_LOGIN_HYBRIDAUTH_ENDPOINT_URL;
?>
?test=http://example.com" target="_blank">direct link</a>.</p>
</td>
<td width="60">
<span id="end_points">testing..</span>
<script>
jQuery(document).ready(function($) {
jQuery.ajax({
url: '<?php
echo WORDPRESS_SOCIAL_LOGIN_HYBRIDAUTH_ENDPOINT_URL;
?>
',
data: 'url=http://example.com',
success: function () {
jQuery('#end_points').html( '<b style="color:green;">OK!</b>' );
},
error: function (xhr, ajaxOptions, thrownError) {
// console.log( xhr );
jQuery('#end_points_error').html( '"<b style="color:red;">' + xhr.status + ' ' + xhr.statusText + '</b>"' );
jQuery('#end_points').html( '<b style="color:red;">FAIL!</b>' );
jQuery('#end_points_warn').show();
jQuery('#end_points_note').hide();
}
});
});
</script>
</td>
</tr>
<?php
global $wpdb;
$db_check_profiles = $wpdb->get_var("SHOW TABLES LIKE '{$wpdb->prefix}wslusersprofiles'") === $wpdb->prefix . 'wslusersprofiles' ? 1 : 0;
$db_check_contacts = $wpdb->get_var("SHOW TABLES LIKE '{$wpdb->prefix}wsluserscontacts'") === $wpdb->prefix . 'wsluserscontacts' ? 1 : 0;
$test = $db_check_profiles && $db_check_contacts ? true : false;
?>
<tr>
<th width="200">
<label>WSL database tables</label>
</th>
<td>
<p>Check if WSL database tables (<code>wslusersprofiles</code> and <code>wsluserscontacts</code>) exist.</p>
<?php
if (!$test) {
?>
<div class="fade error" style="margin: 20px 0;">
<p><b>Error:</b> One or more of WordPress Social Login tables do not exist.</p>
<p>This may prevent this plugin form working correctly. To fix this, navigate to <b>Tools</b> tab then <b><a href="options-general.php?page=wordpress-social-login&wslp=tools#repair-tables">Repair WSL tables</a></b>.</p>
</div>
<?php
}
?>
</td>
<td width="60">
<?php
if ($test) {
echo "<b style='color:green;'>OK!</b>";
} else {
echo "<b style='color:red;'>FAIL!</b>";
}
?>
</td>
</tr>
<?php
$test = class_exists('Hybrid_Auth', false) ? false : true;
?>
<tr>
<th width="200">
<label>Hybridauth Library</label>
</th>
<td>
<p>Check if the Hybridauth Library is auto-loaded by another plugin.</p>
<?php
if (!$test) {
?>
<div class="fade error" style="margin: 20px 0;">
<p>Hybridauth Library is auto-included by another plugin.</p>
<p>This is not critical but it may prevent WSL from working.</p>
<p>Please, inform the developer of that plugin not to auto-include the file below and to use Hybridauth Library only when required.</p>
<div style="background-color: #FFFFE0;border:1px solid #E6DB55; border-radius: 3px;padding: 10px;margin:2px;">
<?php
try {
$reflector = new ReflectionClass('Hybrid_Auth');
echo $reflector->getFileName();
} catch (Exception $e) {
}
?>
</div>
</div>
<?php
}
?>
</td>
<td>
<?php
if ($test) {
echo "<b style='color:green;'>OK!</b>";
} else {
echo "<b style='color:orange;'>PASS</b>";
}
?>
</td>
</tr>
<?php
$test = class_exists('OAuthConsumer', false) ? false : true;
?>
<tr>
<th width="200">
<label>OAUTH Library</label>
</th>
<td>
<p>Check if OAUTH Library is auto-loaded by another plugin.</p>
<?php
if (!$test) {
?>
<div class="fade error" style="margin: 20px 0;">
<p>OAUTH Library is auto-included by another plugin.</p>
<p>This is not critical but it may prevent Twitter, LinkedIn and few other providers from working.</p>
<p>Please, inform the developer of that plugin not to auto-include the file below and to use OAUTH Library only when required.</p>
<div style="background-color: #FFFFE0;border:1px solid #E6DB55; border-radius: 3px;padding: 10px;margin:2px;">
<?php
try {
$reflector = new ReflectionClass('OAuthConsumer');
echo $reflector->getFileName();
} catch (Exception $e) {
}
?>
</div>
</div>
<?php
}
?>
</td>
<td>
<?php
if ($test) {
echo "<b style='color:green;'>OK!</b>";
} else {
echo "<b style='color:orange;'>PASS</b>";
}
?>
</td>
</tr>
<?php
$test = class_exists('BaseFacebook', false) ? false : true;
?>
<tr>
<th width="200">
<label>Facebook SDK</label>
</th>
<td>
<p>Check if Facebook SDK is auto-loaded by another plugin.</p>
<?php
if (!$test) {
?>
<div class="fade error" style="margin: 20px 0;">
<p><b>Error:</b> Facebook SDK is auto-included by another plugin.</p>
<p>This will prevent Facebook from working.</p>
<p>Please, inform the developer of that plugin not to auto-include the file below and to use Facebook SDK only when required.</p>
<div style="background-color: #FFFFE0;border:1px solid #E6DB55; border-radius: 3px;padding: 10px;margin:2px;">
<?php
try {
$reflector = new ReflectionClass('BaseFacebook');
echo $reflector->getFileName();
} catch (Exception $e) {
}
?>
</div>
</div>
<?php
}
?>
</td>
<td>
<?php
if ($test) {
echo "<b style='color:green;'>OK!</b>";
} else {
echo "<b style='color:red;'>FAIL!</b>";
}
?>
</td>
</tr>
<?php
$test = class_exists('LightOpenID', false) ? false : true;
?>
<tr>
<th width="200">
<label>Class LightOpenID</label>
</th>
<td>
<p>Check if the LightOpenID Class is auto-loaded by another plugin.</p>
<?php
if (!$test) {
?>
<div class="fade error" style="margin: 20px 0;">
<p>Class LightOpenID is auto-included by another plugin.</p>
<p>This is not critical but it may prevent Yahoo, Steam, and few other providers from working.</p>
<p>Please, inform the developer of that plugin not to auto-include the file below and to use Class LightOpenID only when required.</p>
<div style="background-color: #FFFFE0;border:1px solid #E6DB55; border-radius: 3px;padding: 10px;margin:2px;">
<?php
try {
$reflector = new ReflectionClass('LightOpenID');
echo $reflector->getFileName();
} catch (Exception $e) {
}
?>
</div>
</div>
<?php
}
?>
</td>
<td>
<?php
if ($test) {
echo "<b style='color:green;'>OK!</b>";
} else {
echo "<b style='color:orange;'>PASS</b>";
}
?>
</td>
</tr>
<?php
$curl = '';
$test = true;
if (!class_exists('Hybrid_Auth', false)) {
include_once WORDPRESS_SOCIAL_LOGIN_ABS_PATH . "/hybridauth/Hybrid/Auth.php";
$curl = Hybrid_Auth::getCurrentUrl();
}
$headers = array('HTTP_VIA', 'HTTP_X_FORWARDED_FOR', 'HTTP_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_FORWARDED', 'HTTP_CLIENT_IP', 'HTTP_FORWARDED_FOR_IP', 'VIA', 'X_FORWARDED_FOR', 'FORWARDED_FOR', 'X_FORWARDED', 'FORWARDED', 'CLIENT_IP', 'FORWARDED_FOR_IP', 'HTTP_PROXY_CONNECTION');
foreach ($headers as $v) {
if (isset($_SERVER[$v])) {
$test = true;
}
}
?>
<tr>
<th width="200">
<label>HTTP Proxies</label>
</th>
<td>
<p>Check for proxified urls.</p>
<?php
if (!$test) {
?>
<div class="fade error" style="margin: 20px 0;">
<p>WSL has detected that you are using a proxy in your website. The URL shown below should match the URL on your browser address bar.</p>
<div style="background-color: #FFFFE0;border:1px solid #E6DB55; border-radius: 3px;padding: 10px;margin:2px;">
<?php
echo $curl;
?>
</div>
</div>
<?php
}
?>
</td>
<td>
<?php
if ($test) {
echo "<b style='color:green;'>OK!</b>";
} else {
echo "<b style='color:orange;'>PASS</b>";
}
?>
</td>
</tr>
<?php
$test = !stristr(plugins_url(), site_url()) ? false : true;
?>
<tr>
<th width="200">
<label>WordPress functions</label>
</th>
<td>
<p>Check for WordPress directories functions.</p>
<?php
if (!$test) {
?>
<hr />
<p><code>plugins_url()</code> is not returning an expected result : <?php
echo plugins_url();
?>
</p>
<?php
}
?>
</td>
<td>
<?php
if ($test) {
echo "<b style='color:green;'>OK!</b>";
} else {
echo "<b style='color:orange;'>PASS</b>";
}
?>
</td>
</tr>
<?php
$test = true;
$used = array();
$depreciated = array('wsl_hook_process_login_alter_userdata', 'wsl_hook_process_login_before_insert_user', 'wsl_hook_process_login_after_create_wp_user', 'wsl_hook_process_login_before_set_auth_cookie', 'wsl_hook_process_login_before_redirect', 'wsl_render_login_form_start', 'wsl_alter_hook_provider_icon_markup', 'wsl_render_login_form_alter_provider_icon_markup', 'wsl_render_login_form_end');
foreach ($depreciated as $v) {
if (has_filter($v) || has_action($v)) {
$test = false;
$used[] = $v;
}
}
?>
<tr>
<th width="200">
<label>WSL depreciated hooks</label>
</th>
<td>
<p>Check for depreciated WSL actions and filters in use.</p>
<?php
if (!$test) {
?>
<div class="fade error" style="margin: 20px 0;">
<p>WSL has detected that you are using depreciated WSL: <code><?php
echo implode('</code>, <code>', $used);
?>
</code></p>
<p>Please update the WSL hooks you were using accordingly to the new developer API at <a href="http://miled.github.io/wordpress-social-login/documentation.html" target="_blank">http://miled.github.io/wordpress-social-login/documentation.html</a></p>
</div>
<?php
}
?>
<p> Note: this test is not reliable 100% as we simply match the depreciated hooks against <code>has_filter</code> and <code>has_action</code>.</p>
</td>
<td>
<?php
if ($test) {
echo "<b style='color:green;'>OK!</b>";
} else {
echo "<b style='color:orange;'>PASS</b>";
}
?>
</td>
</tr>
<?php
$itsec_tweaks = get_option('itsec_tweaks');
$test = $itsec_tweaks && $itsec_tweaks['long_url_strings'] ? false : true;
?>
<tr>
<th width="200">
<label>iThemes Security</label>
</th>
<td>
<p>Check if 'Prevent long URL strings' option is enabled.</p>
<?php
if (!$test) {
?>
<div class="fade error" style="margin: 20px 0;">
<p><b>Error:</b> 'Prevent long URL strings' option is in enabled.</p>
<p>This may prevent Facebook and few other providers from working.</p>
</div>
<?php
}
?>
</td>
<td>
<?php
if ($test) {
echo "<b style='color:green;'>OK!</b>";
} else {
echo "<b style='color:red;'>FAIL!</b>";
}
?>
</td>
</tr>
<?php
/**
* Check twitter timestamp
*
* Thanks much Joe for the cool idea
* https://wordpress.org/plugins/wp-to-twitter/
*/
$test = true;
$error = '';
$hint = '';
$server_time = date(DATE_COOKIE);
$response = wp_remote_get("https://api.twitter.com/1.1/help/test.json", array('timeout' => 2, 'redirection' => 1));
if (is_wp_error($response)) {
$test = false;
$error = __("There was an error querying Twitter's servers", 'wordpress-social-login');
} else {
if (time() < strtotime($response['headers']['date']) - 300 || time() > strtotime($response['headers']['date']) + 300) {
$test = false;
$error = _wsl__("Your web server date is set incorrectly. This may prevent Twitter and LinkedIn and few other providers from working", 'wordpress-social-login');
$hint = sprintf(_wsl__("Please check if your web server time is correct: <code>%s</code>", 'wordpress-social-login'), $server_time);
}
}
?>
<tr>
<th width="200">
<label>Server Timestamp</label>
</th>
<td>
<p>Check if your web server clock is in sync.</p>
<?php
if (!$test) {
?>
<div class="fade error" style="margin: 20px 0;">
<p><b>Error:</b> <?php
echo $error;
?>
.</p>
<?php
if ($hint) {
echo '<p>' . $hint . '.</p>';
}
?>
</div>
<?php
}
?>
</td>
<td>
<?php
if ($test) {
echo "<b style='color:green;'>OK!</b>";
} else {
echo "<b style='color:orange;'>PASS</b>";
}
?>
</td>
</tr>
</table>
<br />
<hr />
<a class="button-secondary" href="options-general.php?page=wordpress-social-login&wslp=tools">← <?php
_wsl_e("Back to Tools", 'wordpress-social-login');
?>
</a>
</div>
</div>
</div>
<?php
}
/**
* Hybrid_Provider_Adapter::login(), prepare the user session and the authentication request
* for index.php
*/
function login()
{
if (!$this->adapter) {
throw new Exception("Hybrid_Provider_Adapter::login() should not directly used.");
}
// clear all unneeded params
foreach (Hybrid_Auth::$config["providers"] as $idpid => $params) {
Hybrid_Auth::storage()->delete("hauth_session.{$idpid}.hauth_return_to");
Hybrid_Auth::storage()->delete("hauth_session.{$idpid}.hauth_endpoint");
Hybrid_Auth::storage()->delete("hauth_session.{$idpid}.id_provider_params");
}
// make a fresh start
$this->logout();
# get hybridauth base url
if (empty(Hybrid_Auth::$config["base_url"])) {
$HYBRID_AUTH_URL_BASE = Hybrid_Auth::getCurrentUrl(true);
} else {
$HYBRID_AUTH_URL_BASE = Hybrid_Auth::$config["base_url"];
}
// make sure params is array
if (!is_array($this->params)) {
$this->params = array();
}
# we make use of session_id() as storage hash to identify the current user
# using session_regenerate_id() will be a problem, but ..
$this->params["hauth_token"] = session_id();
# set request timestamp
$this->params["hauth_time"] = time();
# for default HybridAuth endpoint url hauth_login_start_url
# auth.start required the IDp ID
# auth.time optional login request timestamp
$this->params["login_start"] = $HYBRID_AUTH_URL_BASE . (strpos($HYBRID_AUTH_URL_BASE, '?') ? '&' : '?') . "hauth.start={$this->id}&hauth.time={$this->params["hauth_time"]}";
# for default HybridAuth endpoint url hauth_login_done_url
# auth.done required the IDp ID
$this->params["login_done"] = $HYBRID_AUTH_URL_BASE . (strpos($HYBRID_AUTH_URL_BASE, '?') ? '&' : '?') . "hauth.done={$this->id}";
if (isset($this->config["endpoint"])) {
$this->params["login_start"] = $this->config["endpoint"] . (strpos($HYBRID_AUTH_URL_BASE, '?') ? '&' : '?') . "hauth.start={$this->id}&hauth.time={$this->params["hauth_time"]}";
$this->params["login_done"] = $this->config["endpoint"];
}
if (isset($this->params["hauth_return_to"])) {
Hybrid_Auth::storage()->set("hauth_session.{$this->id}.hauth_return_to", $this->params["hauth_return_to"]);
}
if (isset($this->params["login_done"])) {
Hybrid_Auth::storage()->set("hauth_session.{$this->id}.hauth_endpoint", $this->params["login_done"]);
}
Hybrid_Auth::storage()->set("hauth_session.{$this->id}.id_provider_params", $this->params);
// store config to be used by the end point
Hybrid_Auth::storage()->config("CONFIG", Hybrid_Auth::$config);
Hybrid_Auth::redirect($this->params["login_start"]);
}
