PageRenderTime 87ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 1ms

/wp-content/plugins/social/lib/social/controller/auth.php

https://gitlab.com/Blueprint-Marketing/interoccupy.net
PHP | 264 lines | 197 code | 34 blank | 33 comment | 29 complexity | 2093bfc65f98357c31f5661143458986 MD5 | raw file
  1. <?php
  2. /**
  3. * @package Social
  4. * @subpackage controllers
  5. */
  6. final class Social_Controller_Auth extends Social_Controller {
  7. private function auth_nonce_key($salt = null) {
  8. if (is_null($salt)) {
  9. $salt = $this->auth_nonce_salt();
  10. }
  11. return md5('social_authentication'.AUTH_KEY.$salt);
  12. }
  13. private function auth_nonce_salt() {
  14. return md5(microtime().$_SERVER['SERVER_ADDR']);
  15. }
  16. /**
  17. * Sets the nonce cookie then redirects to Sopresto.
  18. *
  19. * @return void
  20. */
  21. public function action_authorize() {
  22. $proxy = apply_filters('social_authorize_url', Social::$api_url.$this->request->query('key').'/authorize/', $this->request->query('key'));
  23. if (strpos($proxy, Social::$api_url) !== false) {
  24. $salt = $this->auth_nonce_salt();
  25. $id = wp_create_nonce($this->auth_nonce_key($salt));
  26. $url = home_url('index.php');
  27. $args = array(
  28. 'social_controller' => 'auth',
  29. 'social_action' => 'authorized',
  30. 'salt' => $salt,
  31. );
  32. if (is_admin()) {
  33. $args['is_admin'] = 'true';
  34. $args['user_id'] = get_current_user_id();
  35. if (defined('IS_PROFILE_PAGE')) {
  36. $args['personal'] = 'true';
  37. $url = add_query_arg('personal', 'true', $url);
  38. }
  39. }
  40. else {
  41. $post_id = $this->request->query('post_id');
  42. if ($post_id !== null) {
  43. $args['p'] = $post_id;
  44. }
  45. // Set the nonce cookie
  46. setcookie('social_auth_nonce', $id, 0, '/');
  47. }
  48. $proxy = add_query_arg(array(
  49. 'v' => '2',
  50. 'id' => $id,
  51. 'response_url' => urlencode(add_query_arg($args, $url))
  52. ), $proxy);
  53. $proxy = apply_filters('social_proxy_url', $proxy);
  54. }
  55. Social::log('Authorizing with URL: '.$proxy);
  56. wp_redirect($proxy);
  57. exit;
  58. }
  59. /**
  60. * Handles the authorized response.
  61. *
  62. * @return void
  63. */
  64. public function action_authorized() {
  65. // User ID on the request? Must be set before nonce comparison
  66. $user_id = stripslashes($this->request->query('user_id'));
  67. if ($user_id !== null) {
  68. wp_set_current_user($user_id);
  69. }
  70. $nonce = stripslashes($this->request->post('id'));
  71. $salt = stripslashes($this->request->query('salt'));
  72. if (wp_verify_nonce($nonce, $this->auth_nonce_key($salt)) === false) {
  73. Social::log('Failed to verify authentication nonce.');
  74. echo json_encode(array(
  75. 'result' => 'error',
  76. 'message' => 'Invalid nonce',
  77. ));
  78. exit;
  79. }
  80. Social::log('Authorizing with nonce :nonce.', array('nonce' => $nonce));
  81. $response = stripslashes_deep($this->request->post('response'));
  82. $account = (object) array(
  83. 'keys' => (object) $response['keys'],
  84. 'user' => (object) $response['user'],
  85. );
  86. $account->user = $this->social->kses($account->user);
  87. $class = 'Social_Service_'.$response['service'].'_Account';
  88. $account = new $class($account);
  89. $service = $this->social->service($response['service'])->account($account);
  90. $is_personal = false;
  91. $is_admin = $this->request->query('is_admin');
  92. if ($is_admin == 'true') {
  93. $user_id = get_current_user_id();
  94. $personal = $this->request->query('personal');
  95. if ($personal === 'true') {
  96. $is_personal = true;
  97. $account->personal(true);
  98. }
  99. else {
  100. $account->universal(true);
  101. }
  102. $use_pages = $this->request->query('use_pages');
  103. if ($use_pages == 'true') {
  104. $account->use_pages($is_personal, true);
  105. }
  106. }
  107. else {
  108. $user_id = $service->create_user($account, $nonce);
  109. $account->personal(true);
  110. $is_personal = true;
  111. // Store avatar
  112. update_user_meta($user_id, 'social_avatar', $account->avatar());
  113. update_user_meta($user_id, 'show_admin_bar_front', 'false');
  114. }
  115. if ($user_id !== false) {
  116. Social::log('Saving account #:id.', array(
  117. 'id' => $account->id(),
  118. ));
  119. $service->save($is_personal);
  120. // Remove the service from the errors?
  121. $deauthed = get_option('social_deauthed');
  122. if (isset($deauthed[$response['service']][$account->id()])) {
  123. unset($deauthed[$response['service']][$account->id()]);
  124. update_option('social_deauthed', $deauthed);
  125. // Remove from the global broadcast content as well.
  126. $this->social->remove_from_default_accounts($response['service'], $account->id());
  127. }
  128. // 2.0 Upgrade
  129. if ($response['service'] == 'facebook') {
  130. delete_user_meta(get_current_user_id(), 'social_2.0_upgrade');
  131. }
  132. echo json_encode(array(
  133. 'result' => 'success',
  134. 'message' => 'User created',
  135. ));
  136. }
  137. else {
  138. echo json_encode(array(
  139. 'result' => 'error',
  140. 'message' => 'Failed to create user',
  141. ));
  142. }
  143. exit;
  144. }
  145. /**
  146. * Disconnects an account.
  147. *
  148. * @return void
  149. */
  150. public function action_disconnect() {
  151. $id = $this->request->query('id');
  152. $service_key = $this->request->query('service');
  153. $personal = false;
  154. if (defined('IS_PROFILE_PAGE')) {
  155. Social::log('Disconnecting a personal account #:id', array('id' => $id));
  156. $personal = true;
  157. }
  158. else {
  159. Social::log('Disconnecting a universal account #:id', array('id' => $id));
  160. }
  161. $this->social->service($service_key)->disconnect($id);
  162. $this->social->remove_from_default_accounts($service_key, $id);
  163. // Flush the cache
  164. wp_cache_delete('services', 'social');
  165. if (is_admin()) {
  166. wp_redirect(Social::settings_url(array(), $personal));
  167. }
  168. else {
  169. wp_logout();
  170. wp_redirect($this->request->query('redirect_to'));
  171. }
  172. exit;
  173. }
  174. /**
  175. * Renders the new comment form.
  176. *
  177. * @return void
  178. */
  179. public function action_reload_form() {
  180. if (!$this->request->is_ajax()) {
  181. exit;
  182. }
  183. if (isset($_COOKIE['social_auth_nonce'])) {
  184. $cookie_nonce = stripslashes($_COOKIE['social_auth_nonce']);
  185. // Find the user by NONCE.
  186. global $wpdb;
  187. $user_id = $wpdb->get_var($wpdb->prepare("
  188. SELECT user_id
  189. FROM $wpdb->usermeta
  190. WHERE meta_key = %s
  191. ", 'social_auth_nonce_'.$cookie_nonce));
  192. if ($user_id !== null) {
  193. Social::log('Found user #:id using nonce :nonce.', array(
  194. 'id' => $user_id,
  195. 'nonce' => $cookie_nonce
  196. ));
  197. // Log the user in
  198. wp_set_current_user($user_id);
  199. add_filter('auth_cookie_expiration', array($this->social, 'auth_cookie_expiration'));
  200. wp_set_auth_cookie($user_id, true);
  201. remove_filter('auth_cookie_expiration', array($this->social, 'auth_cookie_expiration'));
  202. delete_user_meta($user_id, 'social_auth_nonce_'.$cookie_nonce);
  203. setcookie('social_auth_nonce', '', -3600, '/');
  204. $post_id = $this->request->query('post_id');
  205. $form = trim(Social_Comment_Form::instance($post_id)->render());
  206. echo json_encode(array(
  207. 'result' => 'success',
  208. 'html' => $form,
  209. 'disconnect_url' => wp_loginout('', false)
  210. ));
  211. }
  212. else {
  213. Social::log('Failed to find the user using nonce :nonce.', array(
  214. 'nonce' => $_COOKIE['social_auth_nonce']
  215. ));
  216. echo json_encode(array(
  217. 'result' => 'error',
  218. 'html' => 'not logged in',
  219. ));
  220. }
  221. }
  222. else {
  223. echo json_encode(array(
  224. 'result' => 'error',
  225. 'html' => 'not logged in',
  226. ));
  227. }
  228. exit;
  229. }
  230. } // End Social_Controller_Auth