public function onMasterRequest(MWP_Event_MasterRequest $event) { $request = $event->getRequest(); $secureKey = $this->configuration->getSecureKey(); $params = $event->getParams(); $givenPublicKey = isset($params['public_key']) ? base64_decode($params['public_key']) : null; $existingPublicKey = $this->configuration->getPublicKey(); if ($request->getAction() === 'add_site') { if ($secureKey && (!$existingPublicKey || $givenPublicKey !== $existingPublicKey)) { // Secure key exists, and public key either doesn't exist, or doesn't match. throw new MWP_Worker_Exception(MWP_Worker_Exception::LEGACY_AUTHENTICATION_KEY_EXISTS, "Sorry, the site appears to be already added to a ManageWP account. Please deactivate, then activate ManageWP Worker plugin on your website and try again or contact our support."); } return; } if (!$secureKey) { // The site is relying on public key. return; } $messageId = $request->getAction() . $request->getNonce(); $signature = $request->getSignature(); if (md5($messageId . $secureKey) !== $signature) { throw new MWP_Worker_Exception(MWP_Worker_Exception::LEGACY_AUTHENTICATION_INVALID_SIGNATURE, "Invalid message signature. Deactivate and activate the ManageWP Worker plugin on this site, then re-add it to your ManageWP account."); } $request->setAuthenticated(true); // Skip verification test because the signature is not an SSL signature. $params = $event->getParams(); $params['skipVerificationTest'] = true; $event->setParams($params); }
public function onMasterRequest(MWP_Event_MasterRequest $event) { $params = $event->getParams(); if (!array_key_exists('username', $params)) { return; } unset($params['username']); $event->setParams($params); }