PageRenderTime 40ms CodeModel.GetById 13ms RepoModel.GetById 0ms app.codeStats 0ms

/htdocs/wp-content/plugins/sitepress-multilingual-cms/modules/multiple-domains-login.php

https://bitbucket.org/dkrzos/phc
PHP | 124 lines | 120 code | 4 blank | 0 comment | 23 complexity | f43d962afee145d436bfd2acb5050c59 MD5 | raw file
Possible License(s): GPL-2.0
  1. <?php
  2. add_filter('login_url', 'emw_login_url', 10, 2);
  3. add_action('wp_authenticate', 'emw_intercept_login', 10, 1);
  4. add_action('wp_logout', 'emw_intercept_logout');
  5. add_action('plugins_loaded', 'emw_check_cross_domain_login', 1);
  6. function emw_login_url ($login_url, $redirect) {
  7. global $sitepress_settings;
  8. $domains = $sitepress_settings['language_domains'];
  9. if ($domains) {
  10. $domains[$sitepress_settings['default_language']] = get_option('siteurl');
  11. $login_url = $domains[ICL_LANGUAGE_CODE].'/wp-login.php';
  12. }
  13. if ($redirect != '')
  14. $login_url .= '?redirect_to='.$redirect;
  15. return $login_url;
  16. }
  17. function emw_intercept_login ($username) {
  18. global $sitepress_settings;
  19. if (user_pass_ok($username, $_POST['pwd'])) {
  20. wp_set_auth_cookie(get_profile('ID', $username), $_POST['rememberme'], is_ssl());
  21. $domains = $sitepress_settings['language_domains'];
  22. if ($domains) {
  23. $time = floor(time()/10);
  24. $_languages=icl_get_languages('skip_missing=0');
  25. foreach($_languages as $l){
  26. $languages[] = $l;
  27. }
  28. $next_domain = $domains[$languages[1]['language_code']];
  29. $parts = parse_url($next_domain);
  30. $options['nonce'] = md5($parts['scheme'] . '://' . $parts['host']."-{$username}-{$time}");
  31. $options['redirect'] = $_REQUEST['redirect_to'];
  32. $options['remember'] = $_POST['rememberme'];
  33. $options['language_number'] = 1;
  34. update_option('emw_login', $options);
  35. wp_redirect($next_domain."?emw-login&user={$username}&nonce={$options['nonce']}");
  36. die();
  37. }
  38. }
  39. }
  40. function emw_intercept_logout () {
  41. global $sitepress_settings;
  42. $domains = $sitepress_settings['language_domains'];
  43. if ($domains) {
  44. $_languages=icl_get_languages('skip_missing=0');
  45. foreach($_languages as $l){
  46. $languages[] = $l;
  47. }
  48. $next_domain = $domains[$languages[1]['language_code']];
  49. wp_clear_auth_cookie();
  50. wp_redirect($next_domain.'?emw-logout&next_language=1&redirect_to='.$_GET['redirect_to']);
  51. exit;
  52. }
  53. }
  54. function emw_check_cross_domain_login () {
  55. global $sitepress_settings;
  56. if (isset($_REQUEST['emw-login'])) {
  57. $options = get_option('emw_login');
  58. $username = $_GET['user'];
  59. $time = floor(time()/10);
  60. $https = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] ? 's' : '';
  61. $hash1 = md5("http{$https}://".$_SERVER['SERVER_NAME']."-{$username}-{$time}");
  62. $time = $time-1;
  63. $hash2 = md5("http://".$_SERVER['SERVER_NAME']."-{$username}-{$time}");
  64. if ($options['nonce'] == $hash1 | $options['nonce'] == $hash2) {
  65. if ($_GET['nonce'] == $hash1 | $_GET['nonce'] == $hash2) {
  66. wp_set_auth_cookie(get_profile('ID', $username), $options['remember'], is_ssl());
  67. $domains = $sitepress_settings['language_domains'];
  68. if ($domains) {
  69. $_languages=icl_get_languages('skip_missing=0');
  70. foreach($_languages as $l){
  71. $languages[] = $l;
  72. }
  73. if (isset($languages[$options['language_number']+1])) {
  74. $next_domain = $domains[$languages[$options['language_number']+1]['language_code']];
  75. $options['nonce'] = md5($next_domain."-{$username}-{$time}");
  76. $options['remember'] = $_POST['rememberme'];
  77. $options['language_number'] = $options['language_number']+1;
  78. update_option('emw_login', $options);
  79. wp_redirect($next_domain."?emw-login&user={$username}&nonce={$options['nonce']}");
  80. exit;
  81. } else {
  82. delete_option ('emw_login');
  83. wp_redirect($options['redirect']);
  84. exit;
  85. }
  86. }
  87. } else {
  88. delete_option ('emw_login');
  89. wp_die(__('Possible login hack attempt','sitepress'));
  90. }
  91. } else {
  92. delete_option ('emw_login');
  93. wp_die(__('Possible login hack attempt','sitepress'));
  94. }
  95. } elseif (isset($_REQUEST['emw-logout'])) {
  96. $domains = $sitepress_settings['language_domains'];
  97. if ($domains) {
  98. $languages=icl_get_languages('skip_missing=0');
  99. $_languages=icl_get_languages('skip_missing=0');
  100. foreach($_languages as $l){
  101. $languages[] = $l;
  102. }
  103. $language_index = $_GET['next_language']+1;
  104. if (isset($languages[$language_index]['language_code'])) {
  105. $next_domain = $domains[$languages[$language_index]['language_code']];
  106. wp_clear_auth_cookie();
  107. wp_redirect($next_domain.'?emw-logout&next_language='.$language_index.'&redirect_to='.$_GET['redirect_to']);
  108. exit;
  109. } else {
  110. wp_clear_auth_cookie();
  111. if ($_GET['redirect_to'])
  112. wp_redirect($_GET['redirect_to']);
  113. else
  114. wp_redirect(get_option('siteurl'));
  115. exit;
  116. }
  117. }
  118. }
  119. }
  120. ?>