198 lines
8.7 KiB
PHP
Executable File
198 lines
8.7 KiB
PHP
Executable File
<?php
|
|
|
|
function HookWordpress_ssoAllProvideusercredentials()
|
|
{
|
|
include_once __DIR__."/../include/wordpress_sso_functions.php";
|
|
|
|
#use standard authentication if available
|
|
if (isset($_COOKIE["user"]) && $_COOKIE["user"]!="|") {return true;}
|
|
|
|
global $username,$hashsql,$session_hash,$baseurl,$lang,$wordpress_sso_url, $wordpress_sso_secret;
|
|
global $wordpress_sso_auto_create, $wordpress_sso_auto_approve, $wordpress_sso_auto_create_group,$user_select_sql;
|
|
global $session_autologout, $allow_password_change;
|
|
|
|
$session_hash="";
|
|
@$_COOKIE["user"]="|";
|
|
|
|
$wordpress_sso="";
|
|
if (isset($_COOKIE["wordpress_sso"])) {$wordpress_sso=$_COOKIE["wordpress_sso"];}
|
|
|
|
if ($wordpress_sso=="") // No cookie, go to WP or get from query string
|
|
{
|
|
debug("wordpress_sso - no wordpress_sso cookie found, checking query string to see if passed a response from server");
|
|
// Don't escape this yet as the hash is calculated by Wordpress without it
|
|
$wordpress_user=getval("wordpress_sso_user","");
|
|
if ($wordpress_user=="")
|
|
{
|
|
# No wordpress_sso cookie or querystring parameter, redirect back for the first time to wordpress path to initiate wordpress login - step 1 (find username)
|
|
debug("wordpress_sso - nothing in query string, redirecting to server, step 1");
|
|
wordpress_sso_redirect(false,false);
|
|
}
|
|
else // We have got user details in the query string, check they are valid
|
|
{
|
|
$requestid=getval("requestid","");
|
|
$s=explode("|",$wordpress_user);
|
|
debug("wordpress_sso - received response from wordpress server: " . $wordpress_user . " request ID: " . $requestid);
|
|
if (count($s)==3 || count($s)==5)
|
|
{
|
|
$username=$s[0];
|
|
if ($username==""){wordpress_sso_fail();}
|
|
$hash=$s[1];
|
|
$requesthash=$s[2];
|
|
if (isset($s[3])){$wpemail=$s[3];}else{$wpemail="";}
|
|
if (isset($s[4])){$wpdisplayname=$s[4];}else{$wpdisplayname="";}
|
|
$today = date("Ymd");
|
|
$currentrequest = ps_value("SELECT wp_authrequest AS value FROM user WHERE username = ?", array("s", $username), "");
|
|
|
|
if ($requesthash !== md5($baseurl . $wordpress_sso_secret . $username . $today . $requestid)) // Invalid hash. Failed authentication and came from WordPress so no point redirecting.
|
|
{
|
|
wordpress_sso_fail();
|
|
}
|
|
|
|
// Valid response, check if user exists
|
|
$c = ps_value("SELECT count(*) value FROM user WHERE username = ?", array("s", $username), 0);
|
|
if ($c==0) // No user
|
|
{
|
|
if ($wordpress_sso_auto_create) // create user if enabled
|
|
{
|
|
if ($wpemail=="") // no email, need to go back and get details from Wordpress
|
|
{
|
|
debug("wordpress_sso - need to get email details. Redirecting to WordPress");
|
|
wordpress_sso_redirect(true,false);
|
|
}
|
|
debug("wordpress_sso: Auto creating user ({$username} - {$wpemail})");
|
|
ps_query("INSERT INTO user (username, password, origin, fullname, email, usergroup, comments, approved) values (?, ?,'wordpress_sso', ?, ?, ?, ?, ?)",
|
|
array("s", $username, "s", $hash, "s", $wpdisplayname, "s", $wpemail, "s", $wordpress_sso_auto_create_group, "s", $lang['wordpress_sso_auto_created'], "i", (($wordpress_sso_auto_approve) ? 1 : 0)));
|
|
}
|
|
else // not current user, need to redirect
|
|
{
|
|
wordpress_sso_fail();
|
|
}
|
|
}
|
|
debug("wordpress_sso - Found user matching: " . $username);
|
|
// Check that current request
|
|
if ($currentrequest!=$requestid || $requestid=="") // This request is either not set or does not match the last one created, was saved before redirect so go back to WordPress (step 2)
|
|
{
|
|
if ($requestid!=""){debug("wordpress_sso - failed to match request ID. Current user request: " . $currentrequest . " Received request ID: " . $requestid);}
|
|
wordpress_sso_redirect(false,true);
|
|
}
|
|
|
|
//Set cookie and allow login
|
|
setcookie("wordpress_sso",$username . "|" . $hash,0,"/");
|
|
$hashsql="";
|
|
$user_select_sql = new PreparedStatementQuery();
|
|
$user_select_sql->sql = "AND u.username = ?";
|
|
$user_select_sql->parameters = array("s", $username);
|
|
$allow_password_change = false;
|
|
$session_autologout = false;
|
|
return true;
|
|
}
|
|
else // Invalid response from WordPress
|
|
{
|
|
wordpress_sso_fail();
|
|
}
|
|
}
|
|
}
|
|
else // We have a cookie, check it is valid
|
|
{
|
|
debug("wordpress_sso - checking cookie: " . $wordpress_sso);
|
|
$s=explode("|",$wordpress_sso);
|
|
if (count($s)==2)
|
|
{
|
|
$username=$s[0];
|
|
if ($username=="")
|
|
{wordpress_sso_fail();}
|
|
debug("wordpress_sso - wordpress_sso cookie has username");
|
|
$hash=$s[1];
|
|
$today = date("Ymd");
|
|
if ($hash !== md5($baseurl . $wordpress_sso_secret . $username . $today))
|
|
{
|
|
// Invalid hash. Redirect to Wordpress to reauthenticate.
|
|
debug("wordpress_sso - wordpress_sso cookie has invalid hash");
|
|
wordpress_sso_redirect(false,false);
|
|
}
|
|
// cookie is valid, check user still exists
|
|
$c = ps_value("select count(*) value from user where username = ?", array("s", $username), 0);
|
|
if ($c==0)
|
|
{
|
|
if ($wordpress_sso_auto_create)
|
|
{
|
|
debug("wordpress_sso - need to create new user. Redirecting to get details");
|
|
wordpress_sso_redirect(true,false);
|
|
}
|
|
else
|
|
{
|
|
debug("wordpress_sso - no ResourceSpace account present and auto creation not enabled. Exiting.");
|
|
wordpress_sso_fail();
|
|
}
|
|
}
|
|
debug("wordpress_sso - found matching ResourceSpace user");
|
|
$dummyrequest=uniqid(); # use to prevent subsequent authentication using same querystring
|
|
ps_query("UPDATE user SET wp_authrequest = ? WHERE username = ?", array("s", $dummyrequest, "s", $username));
|
|
setcookie("wordpress_sso_test",$dummyrequest,0,"/");
|
|
|
|
//allow login
|
|
$user_select_sql = new PreparedStatementQuery();
|
|
$user_select_sql->sql = "AND u.username = ?";
|
|
$user_select_sql->parameters = array("s", $username);
|
|
$hashsql="";
|
|
return true;
|
|
}
|
|
else // Invalid cookie
|
|
{
|
|
debug("wordpress_sso: invalid cookie");
|
|
wordpress_sso_fail();
|
|
}
|
|
}
|
|
}
|
|
|
|
function HookWordpress_ssoLoginLoginformlink()
|
|
{
|
|
// Add a link to login.php, which is still used if $wordpress_sso_allow_standard_login is set to true
|
|
global $wordpress_sso_url,$lang;
|
|
?>
|
|
<a href="<?php echo $wordpress_sso_url . "?rsauth=true&url=%2F\">" . '<i class="fab fa-fw fa-wordpress-simple"></i> ' . $lang["wordpress_sso_use_wp_login"];?></a><br/>
|
|
<?php
|
|
}
|
|
|
|
function HookWordpress_ssoLoginInitialise()
|
|
{
|
|
global $wordpress_sso_url;
|
|
if (getval("logout","")!="" && isset($_COOKIE["wordpress_sso"]))
|
|
{
|
|
redirect("/plugins/wordpress_sso/pages/logout.php");
|
|
exit();
|
|
}
|
|
}
|
|
|
|
function HookWordpress_ssoTeam_user_editPassword()
|
|
{
|
|
global $ref, $lang;
|
|
$checkwpuser = ps_value("SELECT wp_authrequest AS value FROM user WHERE ref = ?", array("i", (int)$ref), "");
|
|
if (strlen($checkwpuser)>0)
|
|
{
|
|
?>
|
|
<input type="hidden" name="password" value="<?php echo escape($lang['hidden']); ?>">
|
|
<?php
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
function HookWordpress_ssoTeam_user_editTicktoemailpassword()
|
|
{
|
|
global $ref, $lang;
|
|
$checkwpuser = ps_value("SELECT wp_authrequest AS value FROM user WHERE ref = ?", array("i", (int)$ref), "");
|
|
if (strlen((string) $checkwpuser)>0)
|
|
{
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|