1
|
|
|
<?php |
2
|
|
|
/*! |
3
|
|
|
* WordPress Social Login |
4
|
|
|
* |
5
|
|
|
* https://miled.github.io/wordpress-social-login/ | https://github.com/miled/wordpress-social-login |
6
|
|
|
* (c) 2011-2020 Mohamed Mrassi and contributors | https://wordpress.org/plugins/wordpress-social-login/ |
7
|
|
|
*/ |
8
|
|
|
|
9
|
|
|
/** |
10
|
|
|
* Authenticate users via social networks. |
11
|
|
|
* |
12
|
|
|
* Ref: http://miled.github.io/wordpress-social-login/developer-api-authentication.html |
13
|
|
|
** |
14
|
|
|
* Side note: I don't usually over-comment codes, but this is the main WSL script and I had to since |
15
|
|
|
* many users with diffrent "skill levels" may want to understand how this piece of code works. |
16
|
|
|
** |
17
|
|
|
* To sum things up, here is how WSL works (bit hard to explain, so bare with me): |
18
|
|
|
* |
19
|
|
|
* Let assume a user come to page at our website and he click on of the providers icons in order connect. |
20
|
|
|
* |
21
|
|
|
* - If &action=wordpress_social_authenticate is found in the current url, then WSL will display a loading screen, |
22
|
|
|
* - That loading screen will refresh it self adding &redirect_to_provider=ture to the url, which will trigger the next step, |
23
|
|
|
* - Next, WSL will instantiate Hybridauth main class, build the required provider config then initiate the auth protocol /hybridauth/?hauth.start=PROVIDER_ID, |
24
|
|
|
* - Hybridauth will redirect the user to the selected provider site to ask for his consent (authorisation to access his profile), |
25
|
|
|
* - If the user gives his authorisation for your application, the provider will redirect the user back to Hybridauth entry point /hybridauth/?hauth.done=PROVIDER_ID, |
26
|
|
|
* - Hybridauth will redirect the user to the given callback url. |
27
|
|
|
* - In that callback url, WSL will display a second loading screen This loading screen will generate and submit a form with a hidden input &action= wordpress_social_authenticated to the current url which will trigger the second part of the auth process, |
28
|
|
|
* - WSL will grab the user profile from the provider, attempt to identify him and create a new WordPress user if he doesn't exist. In this step, and when enabled, WSL will also import the user contacts and map his profile data to Buddypress xporfiles tables, |
29
|
|
|
* - Finally, WSL will authenticate the user within WordPress (give him a sweet cookie) and redirect him back to Redirect URL |
30
|
|
|
** |
31
|
|
|
* Functions execution order is the following: |
32
|
|
|
* |
33
|
|
|
* do_action('init') |
34
|
|
|
* . wsl_process_login() |
35
|
|
|
* . . wsl_process_login_begin() |
36
|
|
|
* . . . wsl_render_redirect_to_provider_loading_screen() |
37
|
|
|
* . . . Hybridauth\Hybridauth::authenticate() |
38
|
|
|
* . . . wsl_render_return_from_provider_loading_screen() |
39
|
|
|
* . . |
40
|
|
|
* . . wsl_process_login_end() |
41
|
|
|
* . . . wsl_process_login_get_user_data() |
42
|
|
|
* . . . . wsl_process_login_request_user_social_profile() |
43
|
|
|
* . . . . . Hybridauth\Hybridauth::getUserProfile() |
44
|
|
|
* . . . . |
45
|
|
|
* . . . . wsl_process_login_complete_registration() |
46
|
|
|
* . . . |
47
|
|
|
* . . . wsl_process_login_create_wp_user() |
48
|
|
|
* . . . |
49
|
|
|
* . . . wsl_process_login_update_wsl_user_data() |
50
|
|
|
* . . . . wsl_store_hybridauth_user_profile() |
51
|
|
|
* . . . . wsl_buddypress_xprofile_mapping() |
52
|
|
|
* . . . . wsl_store_hybridauth_user_contacts() |
53
|
|
|
* . . . |
54
|
|
|
* . . . wsl_process_login_authenticate_wp_user() |
55
|
|
|
*/ |
56
|
|
|
|
57
|
|
|
// Exit if accessed directly |
58
|
|
|
if( !defined( 'ABSPATH' ) ) exit; |
59
|
|
|
|
60
|
|
|
// -------------------------------------------------------------------- |
61
|
|
|
|
62
|
|
|
/** |
63
|
|
|
* Entry point to the authentication process |
64
|
|
|
* |
65
|
|
|
* This function runs after WordPress has finished loading but before any headers are sent. |
66
|
|
|
* This function will analyse the current URL parameters and start the login process whenever an |
67
|
|
|
* WSL action is found: $_REQUEST['action'] eq wordpress_social_* |
68
|
|
|
* |
69
|
|
|
* Example of valid origin url: |
70
|
|
|
* wp-login.php |
71
|
|
|
* ?action=wordpress_social_authenticate // current step |
72
|
|
|
* &mode=login // auth mode |
73
|
|
|
* &provider=Twitter // selected provider |
74
|
|
|
* &redirect_to=http%3A%2F%2Fexample.com%2Fwordpress%2F%3Fp%3D1 // where the user come from |
75
|
|
|
* |
76
|
|
|
* Ref: http://codex.wordpress.org/Plugin_API/Action_Reference/init |
77
|
|
|
*/ |
78
|
|
|
function wsl_process_login() |
79
|
|
|
{ |
80
|
|
|
// > check for wsl actions |
81
|
|
|
$action = isset( $_REQUEST['action'] ) ? $_REQUEST['action'] : null; |
82
|
|
|
|
83
|
|
View Code Duplication |
if( ! in_array( $action, array( "wordpress_social_authenticate", "wordpress_social_profile_completion", "wordpress_social_account_linking", "wordpress_social_authenticated" ) ) ) |
|
|
|
|
84
|
|
|
{ |
85
|
|
|
return false; |
86
|
|
|
} |
87
|
|
|
|
88
|
|
|
require_once WORDPRESS_SOCIAL_LOGIN_ABS_PATH . 'hybridauth/library/src/autoload.php'; |
89
|
|
|
|
90
|
|
|
// authentication mode |
91
|
|
|
$auth_mode = wsl_process_login_get_auth_mode(); |
92
|
|
|
|
93
|
|
|
// start loggin the auth process, if debug mode is enabled |
94
|
|
|
wsl_watchdog_init(); |
95
|
|
|
|
96
|
|
|
// halt, if mode login and user already logged in |
97
|
|
View Code Duplication |
if( 'login' == $auth_mode && is_user_logged_in() ) |
|
|
|
|
98
|
|
|
{ |
99
|
|
|
$current_user = wp_get_current_user(); |
100
|
|
|
|
101
|
|
|
return wsl_process_login_render_notice_page( sprintf( _wsl__( "You are already logged in as %s. Do you want to <a href='%s'>log out</a>?", 'wordpress-social-login' ), $current_user->display_name, wp_logout_url( home_url() ) ) ); |
102
|
|
|
} |
103
|
|
|
|
104
|
|
|
// halt, if mode link and user not logged in |
105
|
|
View Code Duplication |
if( 'link' == $auth_mode && ! is_user_logged_in() ) |
|
|
|
|
106
|
|
|
{ |
107
|
|
|
return wsl_process_login_render_notice_page( sprintf( _wsl__( "You have to be logged in to be able to link your existing account. Do you want to <a href='%s'>login</a>?", 'wordpress-social-login' ), wp_login_url( home_url() ) ) ); |
108
|
|
|
} |
109
|
|
|
|
110
|
|
|
// halt, if mode test and not admin |
111
|
|
|
if( 'test' == $auth_mode && ! current_user_can('manage_options') ) |
112
|
|
|
{ |
113
|
|
|
return wsl_process_login_render_notice_page( _wsl__( 'You do not have sufficient permissions to access this page.', 'wordpress-social-login' ) ); |
114
|
|
|
} |
115
|
|
|
|
116
|
|
|
// Bouncer :: Allow authentication? |
117
|
|
|
if( get_option( 'wsl_settings_bouncer_authentication_enabled' ) == 2 ) |
118
|
|
|
{ |
119
|
|
|
return wsl_process_login_render_notice_page( _wsl__( "Authentication through social networks is currently disabled.", 'wordpress-social-login' ) ); |
120
|
|
|
} |
121
|
|
|
|
122
|
|
|
add_action( 'wsl_clear_user_php_session', 'wsl_process_login_clear_user_php_session' ); |
123
|
|
|
|
124
|
|
|
// HOOKABLE: |
125
|
|
|
do_action( "wsl_process_login_start" ); |
126
|
|
|
|
127
|
|
|
// if action=wordpress_social_authenticate |
128
|
|
|
// > start the first part of authentication (redirect the user to the selected provider) |
129
|
|
|
if( $action == "wordpress_social_authenticate" ) |
130
|
|
|
{ |
131
|
|
|
return wsl_process_login_begin(); |
132
|
|
|
} |
133
|
|
|
|
134
|
|
|
// if action=wordpress_social_authenticated or action=wordpress_social_profile_completion |
135
|
|
|
// > finish the authentication process (create new user if doesn't exist in database, then log him in within wordpress) |
136
|
|
|
wsl_process_login_end(); |
137
|
|
|
} |
138
|
|
|
|
139
|
|
|
add_action( 'init', 'wsl_process_login' ); |
140
|
|
|
|
141
|
|
|
// -------------------------------------------------------------------- |
142
|
|
|
|
143
|
|
|
/** |
144
|
|
|
* Start the first part of authentication |
145
|
|
|
* |
146
|
|
|
* Steps: |
147
|
|
|
* 1. Display a loading screen while hybridauth is redirecting the user to the selected provider |
148
|
|
|
* 2. Build the hybridauth config for the selected provider (keys, scope, etc) |
149
|
|
|
* 3. Instantiate the class Hybridauth\Hybridauth and redirect the user to provider to ask for authorisation for this website |
150
|
|
|
* 4. Display a loading screen after user come back from provider as we redirect the user back to Widget::Redirect URL |
151
|
|
|
*/ |
152
|
|
|
function wsl_process_login_begin() |
153
|
|
|
{ |
154
|
|
|
// HOOKABLE: |
155
|
|
|
do_action( "wsl_process_login_begin_start" ); |
156
|
|
|
|
157
|
|
|
$config = null; |
|
|
|
|
158
|
|
|
$hybridauth = null; |
159
|
|
|
$provider = null; |
|
|
|
|
160
|
|
|
$adapter = null; |
161
|
|
|
|
162
|
|
|
// check if php session are working as expected by wsl |
163
|
|
|
if( ! wsl_process_login_check_php_session() ) |
164
|
|
|
{ |
165
|
|
|
return wsl_process_login_render_notice_page( sprintf( _wsl__( 'The session identifier is missing.<br />For more information refer to WSL <a href="http://miled.github.io/wordpress-social-login/troubleshooting.html#session-error" target="_blank">Troubleshooting</a>.', 'wordpress-social-login' ), home_url() ) ); |
166
|
|
|
} |
167
|
|
|
|
168
|
|
|
// HOOKABLE: selected provider name |
169
|
|
|
$provider = wsl_process_login_get_selected_provider(); |
170
|
|
|
|
171
|
|
|
if( ! $provider ) |
172
|
|
|
{ |
173
|
|
|
return wsl_process_login_render_notice_page( _wsl__( 'Bouncer says this makes no sense.', 'wordpress-social-login' ) ); |
174
|
|
|
} |
175
|
|
|
|
176
|
|
|
/* 1. Display a loading screen while hybridauth is redirecting the user to the selected provider */ |
177
|
|
|
|
178
|
|
|
// the loading screen should refresh it self with a new arg in url: &redirect_to_provider=true |
179
|
|
|
if( ! isset( $_REQUEST["redirect_to_provider"] ) ) |
180
|
|
|
{ |
181
|
|
|
do_action( 'wsl_clear_user_php_session' ); |
182
|
|
|
|
183
|
|
|
return wsl_render_redirect_to_provider_loading_screen( $provider ); |
184
|
|
|
} |
185
|
|
|
|
186
|
|
|
/* 2. Build the hybridauth config for the selected provider (keys, scope, etc) */ |
187
|
|
|
|
188
|
|
|
// provider enabled? |
189
|
|
View Code Duplication |
if( ! get_option( 'wsl_settings_' . $provider . '_enabled' ) ) |
|
|
|
|
190
|
|
|
{ |
191
|
|
|
return wsl_process_login_render_notice_page( _wsl__( "Unknown or disabled provider.", 'wordpress-social-login' ) ); |
192
|
|
|
} |
193
|
|
|
|
194
|
|
|
$config = wsl_process_login_build_provider_config( $provider ); |
195
|
|
|
|
196
|
|
|
/* 3. Instantiate the class Hybridauth and redirect the user to provider to ask for authorisation for this website */ |
197
|
|
|
|
198
|
|
|
// HOOKABLE: |
199
|
|
|
do_action( "wsl_hook_process_login_before_hybridauth_authenticate", $provider, $config ); |
200
|
|
|
|
201
|
|
|
try |
202
|
|
|
{ |
203
|
|
|
// create an instance oh hybridauth with the generated config |
204
|
|
|
$hybridauth = new Hybridauth\Hybridauth( $config ); |
205
|
|
|
|
206
|
|
|
// start the authentication process via hybridauth |
207
|
|
|
// > if not already connected hybridauth::authenticate() will redirect the user to the provider |
208
|
|
|
// > where he will be asked for his consent (most providers ask for consent only once). |
209
|
|
|
// > after that, the provider will redirect the user back to this same page (and this same line). |
210
|
|
|
// > if the user is successfully connected to provider, then this time hybridauth::authenticate() |
211
|
|
|
// > will just return the provider adapter |
212
|
|
|
wsl_set_provider_config_in_session_storage( $provider, $config ); |
213
|
|
|
|
214
|
|
|
$adapter = $hybridauth->authenticate( $provider ); |
215
|
|
|
} |
216
|
|
|
|
217
|
|
|
// if hybridauth fails to authenticate the user, then we display an error message |
218
|
|
|
catch( Exception $e ) |
219
|
|
|
{ |
220
|
|
|
return wsl_process_login_render_error_page( $e, $config, $provider ); |
221
|
|
|
} |
222
|
|
|
|
223
|
|
|
// HOOKABLE: |
224
|
|
|
do_action( "wsl_hook_process_login_after_hybridauth_authenticate", $provider, $config, $hybridauth, $adapter ); |
225
|
|
|
|
226
|
|
|
/* 4. Display a loading screen after user come back from provider as we redirect the user back to Widget::Redirect URL */ |
227
|
|
|
|
228
|
|
|
// get Widget::Authentication display |
229
|
|
|
$wsl_settings_use_popup = get_option( 'wsl_settings_use_popup' ); |
230
|
|
|
|
231
|
|
|
// authentication mode |
232
|
|
|
$auth_mode = wsl_process_login_get_auth_mode(); |
233
|
|
|
|
234
|
|
|
$redirect_to = isset( $_REQUEST[ 'redirect_to' ] ) ? $_REQUEST[ 'redirect_to' ] : home_url(); |
235
|
|
|
|
236
|
|
|
// build the authenticateD, which will make wsl_process_login() fire the next step wsl_process_login_end() |
237
|
|
|
$authenticated_url = site_url( 'wp-login.php', 'login_post' ) . ( strpos( site_url( 'wp-login.php', 'login_post' ), '?' ) ? '&' : '?' ) . "action=wordpress_social_authenticated&provider=" . $provider . '&mode=' . $auth_mode; |
238
|
|
|
|
239
|
|
|
// display a loading screen |
240
|
|
|
return wsl_render_return_from_provider_loading_screen( $provider, $authenticated_url, $redirect_to, $wsl_settings_use_popup ); |
241
|
|
|
} |
242
|
|
|
|
243
|
|
|
// -------------------------------------------------------------------- |
244
|
|
|
|
245
|
|
|
/** |
246
|
|
|
* Finish the authentication process |
247
|
|
|
* |
248
|
|
|
* Steps: |
249
|
|
|
* 1. Get the user profile from provider |
250
|
|
|
* 2. Create new wordpress user if he didn't exist in database |
251
|
|
|
* 3. Store his Hybridauth profile, contacts and BP mapping |
252
|
|
|
* 4. Authenticate the user within wordpress |
253
|
|
|
*/ |
254
|
|
|
function wsl_process_login_end() |
255
|
|
|
{ |
256
|
|
|
// HOOKABLE: |
257
|
|
|
do_action( "wsl_process_login_end_start" ); |
258
|
|
|
|
259
|
|
|
// HOOKABLE: set a custom Redirect URL |
260
|
|
|
$redirect_to = wsl_process_login_get_redirect_to(); |
261
|
|
|
|
262
|
|
|
// HOOKABLE: selected provider name |
263
|
|
|
$provider = wsl_process_login_get_selected_provider(); |
264
|
|
|
|
265
|
|
|
// authentication mode |
266
|
|
|
$auth_mode = wsl_process_login_get_auth_mode(); |
267
|
|
|
|
268
|
|
|
$is_new_user = false; // is it a new or returning user |
269
|
|
|
$user_id = '' ; // wp user id |
270
|
|
|
$adapter = '' ; // hybriauth adapter for the selected provider |
271
|
|
|
$hybridauth_user_profile = '' ; // hybriauth user profile |
272
|
|
|
$requested_user_login = '' ; // username typed by users in Profile Completion |
273
|
|
|
$requested_user_email = '' ; // email typed by users in Profile Completion |
274
|
|
|
|
275
|
|
|
// provider is enabled? |
276
|
|
View Code Duplication |
if( ! get_option( 'wsl_settings_' . $provider . '_enabled' ) ) |
|
|
|
|
277
|
|
|
{ |
278
|
|
|
return wsl_process_login_render_notice_page( _wsl__( "Unknown or disabled provider.", 'wordpress-social-login' ) ); |
279
|
|
|
} |
280
|
|
|
|
281
|
|
|
if( 'test' == $auth_mode ) |
282
|
|
|
{ |
283
|
|
|
$redirect_to = admin_url( 'options-general.php?page=wordpress-social-login&wslp=auth-paly&provider=' . $provider ); |
284
|
|
|
|
285
|
|
|
return wp_safe_redirect( $redirect_to ); |
286
|
|
|
} |
287
|
|
|
|
288
|
|
|
if( 'link' == $auth_mode ) |
289
|
|
|
{ |
290
|
|
|
// a social account cant be associated with more than one wordpress account. |
291
|
|
|
|
292
|
|
|
$hybridauth_user_profile = wsl_process_login_request_user_social_profile( $provider ); |
293
|
|
|
|
294
|
|
|
$adapter = wsl_process_login_get_provider_adapter( $provider ); |
295
|
|
|
|
296
|
|
|
$user_id = (int) wsl_get_stored_hybridauth_user_id_by_provider_and_provider_uid( $provider, $hybridauth_user_profile->identifier ); |
297
|
|
|
|
298
|
|
|
if( $user_id && $user_id != get_current_user_id() ) |
299
|
|
|
{ |
300
|
|
|
return wsl_process_login_render_notice_page( sprintf( _wsl__( "Your <b>%s ID</b> is already linked to another account on this website.", 'wordpress-social-login'), $provider ) ); |
301
|
|
|
} |
302
|
|
|
|
303
|
|
|
$user_id = get_current_user_id(); |
304
|
|
|
|
305
|
|
|
// doesn't hurt to double check |
306
|
|
|
if( ! $user_id ) |
307
|
|
|
{ |
308
|
|
|
return wsl_process_login_render_notice_page( _wsl__( "Sorry, we couldn't link your account.", 'wordpress-social-login' ) ); |
309
|
|
|
} |
310
|
|
|
} |
311
|
|
|
elseif( 'login' != $auth_mode ) |
312
|
|
|
{ |
313
|
|
|
return wsl_process_login_render_notice_page( _wsl__( 'Bouncer says no.', 'wordpress-social-login' ) ); |
314
|
|
|
} |
315
|
|
|
|
316
|
|
|
if( 'login' == $auth_mode ) |
317
|
|
|
{ |
318
|
|
|
// returns user data after he authenticate via hybridauth |
319
|
|
|
list |
320
|
|
|
( |
321
|
|
|
$user_id , |
|
|
|
|
322
|
|
|
$adapter , |
323
|
|
|
$hybridauth_user_profile, |
324
|
|
|
$requested_user_login , |
325
|
|
|
$requested_user_email , |
326
|
|
|
$wordpress_user_id |
327
|
|
|
) |
328
|
|
|
= wsl_process_login_get_user_data( $provider, $redirect_to ); |
329
|
|
|
|
330
|
|
|
// if no associated user were found in wslusersprofiles, create new WordPress user |
331
|
|
|
if( ! $wordpress_user_id ) |
332
|
|
|
{ |
333
|
|
|
$user_id = wsl_process_login_create_wp_user( $provider, $hybridauth_user_profile, $requested_user_login, $requested_user_email ); |
334
|
|
|
|
335
|
|
|
$is_new_user = true; |
336
|
|
|
$redirect_to = apply_filters('wsl_redirect_after_registration', $redirect_to); |
337
|
|
|
}else{ |
338
|
|
|
$user_id = $wordpress_user_id; |
339
|
|
|
$is_new_user = false; |
340
|
|
|
} |
341
|
|
|
} |
342
|
|
|
|
343
|
|
|
// if user is found in wslusersprofiles but the associated WP user account no longer exist |
344
|
|
|
// > this should never happen! but just in case: we delete the user wslusersprofiles/wsluserscontacts entries and we reset the process |
345
|
|
|
$wp_user = get_userdata( $user_id ); |
346
|
|
|
|
347
|
|
|
if( ! $wp_user ) |
348
|
|
|
{ |
349
|
|
|
wsl_delete_stored_hybridauth_user_data( $user_id ); |
350
|
|
|
|
351
|
|
|
return wsl_process_login_render_notice_page( sprintf( _wsl__( "Sorry, we couldn't connect you. <a href=\"%s\">Please try again</a>.", 'wordpress-social-login' ), site_url( 'wp-login.php', 'login_post' ) ) ); |
352
|
|
|
} |
353
|
|
|
|
354
|
|
|
// store user hybridauth profile (wslusersprofiles), contacts (wsluserscontacts) and buddypress mapping |
355
|
|
|
wsl_process_login_update_wsl_user_data( $is_new_user, $user_id, $provider, $adapter, $hybridauth_user_profile, $wp_user ); |
356
|
|
|
|
357
|
|
|
// finally create a wordpress session for the user |
358
|
|
|
wsl_process_login_authenticate_wp_user( $user_id, $provider, $redirect_to, $adapter, $hybridauth_user_profile, $wp_user ); |
359
|
|
|
} |
360
|
|
|
|
361
|
|
|
// -------------------------------------------------------------------- |
362
|
|
|
|
363
|
|
|
/** |
364
|
|
|
* Returns user data after he authenticate via hybridauth |
365
|
|
|
* |
366
|
|
|
* Steps: |
367
|
|
|
* 1. Grab the user profile from hybridauth |
368
|
|
|
* 2. Run Bouncer::Filters if enabled (domains, emails, profiles urls) |
369
|
|
|
* 3. Check if user exist in database by looking for the couple (Provider name, Provider user ID) or verified email |
370
|
|
|
* 4. Deletegate detection of user id to custom functions / hooks |
371
|
|
|
* 5. If Bouncer::Profile Completion is enabled and user didn't exist, we require the user to complete the registration (user name & email) |
372
|
|
|
*/ |
373
|
|
|
function wsl_process_login_get_user_data( $provider, $redirect_to ) |
374
|
|
|
{ |
375
|
|
|
// HOOKABLE: |
376
|
|
|
do_action( "wsl_process_login_get_user_data_start", $provider, $redirect_to ); |
377
|
|
|
|
378
|
|
|
$user_id = null; |
|
|
|
|
379
|
|
|
$config = null; |
|
|
|
|
380
|
|
|
$hybridauth = null; |
|
|
|
|
381
|
|
|
$adapter = null; |
|
|
|
|
382
|
|
|
$hybridauth_user_profile = null; |
383
|
|
|
$requested_user_login = ''; |
384
|
|
|
$requested_user_email = ''; |
385
|
|
|
$wordpress_user_id = 0; |
386
|
|
|
|
387
|
|
|
/* 1. Grab the user profile from social network */ |
388
|
|
|
|
389
|
|
View Code Duplication |
if( ! ( isset( $_SESSION['wsl::userprofile'] ) && $_SESSION['wsl::userprofile'] && $hybridauth_user_profile = json_decode( $_SESSION['wsl::userprofile'] ) ) ) |
|
|
|
|
390
|
|
|
{ |
391
|
|
|
$hybridauth_user_profile = wsl_process_login_request_user_social_profile( $provider ); |
392
|
|
|
|
393
|
|
|
$_SESSION['wsl::userprofile'] = json_encode( $hybridauth_user_profile ); |
394
|
|
|
} |
395
|
|
|
|
396
|
|
|
$adapter = wsl_process_login_get_provider_adapter( $provider ); |
397
|
|
|
|
398
|
|
|
$hybridauth_user_email = sanitize_email( $hybridauth_user_profile->email ); |
399
|
|
|
$hybridauth_user_email_verified = sanitize_email( $hybridauth_user_profile->emailVerified ); |
400
|
|
|
|
401
|
|
|
/* 2. Run Bouncer::Filters if enabled (domains, emails, profiles urls) */ |
402
|
|
|
|
403
|
|
|
// Bouncer::Filters by emails domains name |
404
|
|
|
if( get_option( 'wsl_settings_bouncer_new_users_restrict_domain_enabled' ) == 1 ) |
405
|
|
|
{ |
406
|
|
|
if( empty( $hybridauth_user_email ) ) |
407
|
|
|
{ |
408
|
|
|
return wsl_process_login_render_notice_page( _wsl__( get_option( 'wsl_settings_bouncer_new_users_restrict_domain_text_bounce' ), 'wordpress-social-login') ); |
409
|
|
|
} |
410
|
|
|
|
411
|
|
|
$list = get_option( 'wsl_settings_bouncer_new_users_restrict_domain_list' ); |
412
|
|
|
$list = preg_split( '/$\R?^/m', $list ); |
413
|
|
|
|
414
|
|
|
$current = strstr( $hybridauth_user_email, '@' ); |
415
|
|
|
|
416
|
|
|
$shall_pass = false; |
417
|
|
|
|
418
|
|
View Code Duplication |
foreach( $list as $item ) |
|
|
|
|
419
|
|
|
{ |
420
|
|
|
if( trim( strtolower( "@$item" ) ) == strtolower( $current ) ) |
421
|
|
|
{ |
422
|
|
|
$shall_pass = true; |
423
|
|
|
} |
424
|
|
|
} |
425
|
|
|
|
426
|
|
|
if( ! $shall_pass ) |
427
|
|
|
{ |
428
|
|
|
return wsl_process_login_render_notice_page( _wsl__( get_option( 'wsl_settings_bouncer_new_users_restrict_domain_text_bounce' ), 'wordpress-social-login') ); |
429
|
|
|
} |
430
|
|
|
} |
431
|
|
|
|
432
|
|
|
// Bouncer::Filters by e-mails addresses |
433
|
|
|
if( get_option( 'wsl_settings_bouncer_new_users_restrict_email_enabled' ) == 1 ) |
434
|
|
|
{ |
435
|
|
|
error_log(__METHOD__ . ' start wsl_settings_bouncer_new_users_restrict_email_enabled.'); |
436
|
|
|
error_log(__METHOD__ . ' hybridauth_user_email is ' . $hybridauth_user_email ); |
437
|
|
|
if( empty( $hybridauth_user_email ) ) |
438
|
|
|
{ |
439
|
|
|
return wsl_process_login_render_notice_page( _wsl__( get_option( 'wsl_settings_bouncer_new_users_restrict_email_text_bounce' ), 'wordpress-social-login') ); |
440
|
|
|
} |
441
|
|
|
|
442
|
|
|
$list = get_option( 'wsl_settings_bouncer_new_users_restrict_email_list' ); |
443
|
|
|
$list = preg_split( '/$\R?^/m', $list ); |
444
|
|
|
|
445
|
|
|
$shall_pass = false; |
446
|
|
|
|
447
|
|
View Code Duplication |
foreach( $list as $item ) |
|
|
|
|
448
|
|
|
{ |
449
|
|
|
if( trim( strtolower( $item ) ) == strtolower( $hybridauth_user_email ) ) |
450
|
|
|
{ |
451
|
|
|
$shall_pass = true; |
452
|
|
|
} |
453
|
|
|
} |
454
|
|
|
|
455
|
|
|
if( ! $shall_pass ) |
456
|
|
|
{ |
457
|
|
|
return wsl_process_login_render_notice_page( _wsl__( get_option( 'wsl_settings_bouncer_new_users_restrict_email_text_bounce' ), 'wordpress-social-login') ); |
458
|
|
|
} |
459
|
|
|
} |
460
|
|
|
|
461
|
|
|
// Bouncer::Filters by profile urls |
462
|
|
|
if( get_option( 'wsl_settings_bouncer_new_users_restrict_profile_enabled' ) == 1 ) |
463
|
|
|
{ |
464
|
|
|
error_log(__METHOD__ . ' start restrict_profile_enabled.'); |
465
|
|
|
$list = get_option( 'wsl_settings_bouncer_new_users_restrict_profile_list' ); |
466
|
|
|
$list = preg_split( '/$\R?^/m', $list ); |
467
|
|
|
error_log(__METHOD__ . ' $list is ' . print_r($list, true)); |
468
|
|
|
|
469
|
|
|
$shall_pass = false; |
470
|
|
|
|
471
|
|
|
foreach( $list as $item ) |
472
|
|
|
{ |
473
|
|
|
error_log(__METHOD__ . ' $item is ' . $item ); |
474
|
|
|
error_log(__METHOD__ . ' $hybridauth_user_profile->profileURL is ' . $hybridauth_user_profile->profileURL); |
475
|
|
|
if( trim( strtolower( $item ) ) == strtolower( $hybridauth_user_profile->profileURL ) ) |
476
|
|
|
{ |
477
|
|
|
$shall_pass = true; |
478
|
|
|
} |
479
|
|
|
} |
480
|
|
|
|
481
|
|
|
if( ! $shall_pass ) |
482
|
|
|
{ |
483
|
|
|
return wsl_process_login_render_notice_page( _wsl__( get_option( 'wsl_settings_bouncer_new_users_restrict_profile_text_bounce' ), 'wordpress-social-login') ); |
484
|
|
|
} |
485
|
|
|
} |
486
|
|
|
|
487
|
|
|
/* 3. Check if user exist in database by looking for the couple (Provider name, Provider user ID) or verified email */ |
488
|
|
|
|
489
|
|
|
// check if user already exist in wslusersprofiles |
490
|
|
|
$user_id = (int) wsl_get_stored_hybridauth_user_id_by_provider_and_provider_uid( $provider, $hybridauth_user_profile->identifier ); |
491
|
|
|
|
492
|
|
|
// if not found in wslusersprofiles, then check his verified email |
493
|
|
|
if( ! $user_id && ! empty( $hybridauth_user_email_verified ) ) |
494
|
|
|
{ |
495
|
|
|
// check if the verified email exist in wp_users |
496
|
|
|
$user_id = (int) wsl_wp_email_exists( $hybridauth_user_email_verified ); |
497
|
|
|
|
498
|
|
|
// check if the verified email exist in wslusersprofiles |
499
|
|
|
if( ! $user_id ) |
500
|
|
|
{ |
501
|
|
|
$user_id = (int) wsl_get_stored_hybridauth_user_id_by_email_verified( $hybridauth_user_email_verified ); |
502
|
|
|
} |
503
|
|
|
|
504
|
|
|
// if the user exists in Wordpress |
505
|
|
|
if( $user_id ) |
506
|
|
|
{ |
507
|
|
|
$wordpress_user_id = $user_id; |
508
|
|
|
} |
509
|
|
|
} |
510
|
|
|
|
511
|
|
|
/* 4 Deletegate detection of user id to custom filters hooks */ |
512
|
|
|
|
513
|
|
|
// HOOKABLE: |
514
|
|
|
$user_id = apply_filters( 'wsl_hook_process_login_alter_user_id', $user_id, $provider, $hybridauth_user_profile ); |
515
|
|
|
|
516
|
|
|
/* 5. If Bouncer::Profile Completion is enabled and user didn't exist, we require the user to complete the registration (user name & email) */ |
517
|
|
|
if( ! $user_id ) |
518
|
|
|
{ |
519
|
|
|
// Bouncer :: Accept new registrations? |
520
|
|
|
if( get_option( 'wsl_settings_bouncer_registration_enabled' ) == 2 |
521
|
|
|
&& ( get_option( 'wsl_settings_bouncer_authentication_enabled' ) == 2 || get_option( 'wsl_settings_bouncer_accounts_linking_enabled' ) == 2 ) ) |
522
|
|
|
{ |
523
|
|
|
return wsl_process_login_render_notice_page( _wsl__( "Registration is now closed.", 'wordpress-social-login' ) ); |
524
|
|
|
} |
525
|
|
|
|
526
|
|
|
// Bouncer::Accounts linking/mapping |
527
|
|
|
// > > not implemented yet! Planned for WSL 2.3 |
528
|
|
|
if( get_option( 'wsl_settings_bouncer_accounts_linking_enabled' ) == 1 ) |
529
|
|
|
{ |
530
|
|
|
do |
531
|
|
|
{ |
532
|
|
|
list |
533
|
|
|
( |
534
|
|
|
$shall_pass, |
535
|
|
|
$user_id, |
536
|
|
|
$requested_user_login, |
537
|
|
|
$requested_user_email |
538
|
|
|
) |
539
|
|
|
= wsl_process_login_new_users_gateway( $provider, $redirect_to, $hybridauth_user_profile ); |
540
|
|
|
} |
541
|
|
|
while( ! $shall_pass ); |
542
|
|
|
$wordpress_user_id = $user_id; |
543
|
|
|
} |
544
|
|
|
|
545
|
|
|
// Bouncer::Profile Completion |
546
|
|
|
// > > in WSL 2.3 Profile Completion will be reworked and merged with Accounts linking |
547
|
|
|
elseif( ( get_option( 'wsl_settings_bouncer_profile_completion_require_email' ) == 1 && empty( $hybridauth_user_email ) ) |
548
|
|
|
|| get_option( 'wsl_settings_bouncer_profile_completion_change_username' ) == 1 ) |
549
|
|
|
{ |
550
|
|
|
do |
551
|
|
|
{ |
552
|
|
|
list |
553
|
|
|
( |
554
|
|
|
$shall_pass, |
555
|
|
|
$user_id, |
556
|
|
|
$requested_user_login, |
557
|
|
|
$requested_user_email |
558
|
|
|
) |
559
|
|
|
= wsl_process_login_new_users_gateway( $provider, $redirect_to, $hybridauth_user_profile ); |
560
|
|
|
} |
561
|
|
|
while( ! $shall_pass ); |
562
|
|
|
} |
563
|
|
|
|
564
|
|
|
}else{ |
565
|
|
|
$wordpress_user_id = $user_id; |
566
|
|
|
} |
567
|
|
|
|
568
|
|
|
/* 6. returns user data */ |
569
|
|
|
|
570
|
|
|
return array( |
571
|
|
|
$user_id, |
572
|
|
|
$adapter, |
573
|
|
|
$hybridauth_user_profile, |
574
|
|
|
$requested_user_login, |
575
|
|
|
$requested_user_email, |
576
|
|
|
$wordpress_user_id |
577
|
|
|
); |
578
|
|
|
} |
579
|
|
|
|
580
|
|
|
// -------------------------------------------------------------------- |
581
|
|
|
|
582
|
|
|
/** |
583
|
|
|
* Create a new wordpress user |
584
|
|
|
* |
585
|
|
|
* Ref: http://codex.wordpress.org/Function_Reference/wp_insert_user |
586
|
|
|
*/ |
587
|
|
|
function wsl_process_login_create_wp_user( $provider, $hybridauth_user_profile, $requested_user_login, $requested_user_email ) |
588
|
|
|
{ |
589
|
|
|
// HOOKABLE: |
590
|
|
|
do_action( "wsl_process_login_create_wp_user_start", $provider, $hybridauth_user_profile, $requested_user_login, $requested_user_email ); |
591
|
|
|
|
592
|
|
|
$user_login = ''; |
593
|
|
|
$user_email = ''; |
594
|
|
|
|
595
|
|
|
// if coming from "complete registration form" |
596
|
|
|
if( $requested_user_login ) |
597
|
|
|
{ |
598
|
|
|
$user_login = $requested_user_login; |
599
|
|
|
} |
600
|
|
|
|
601
|
|
|
if( $requested_user_email ) |
602
|
|
|
{ |
603
|
|
|
$user_email = $requested_user_email; |
604
|
|
|
} |
605
|
|
|
|
606
|
|
|
if( ! $user_login ) |
607
|
|
|
{ |
608
|
|
|
// attempt to generate user_login from hybridauth user profile display name |
609
|
|
|
$user_login = $hybridauth_user_profile->displayName; |
610
|
|
|
|
611
|
|
|
// sanitize user login |
612
|
|
|
$user_login = sanitize_user( $user_login, true ); |
613
|
|
|
|
614
|
|
|
// remove spaces and dots |
615
|
|
|
$user_login = trim( str_replace( array( ' ', '.' ), '_', $user_login ) ); |
616
|
|
|
$user_login = trim( str_replace( '__', '_', $user_login ) ); |
617
|
|
|
|
618
|
|
|
// if user profile display name is not provided |
619
|
|
|
if( empty( $user_login ) ) |
620
|
|
|
{ |
621
|
|
|
// may be that $user_email is empty then we got wp error login can't be empty, so check it now |
622
|
|
|
if ( $user_email ) { |
623
|
|
|
$user_login = sanitize_user( current( explode( '@', $user_email ) ), true ); |
624
|
|
|
} else { |
625
|
|
|
$user_login = sanitize_user( current( explode( '@', $hybridauth_user_profile->email ) ), true ); |
626
|
|
|
} |
627
|
|
|
} |
628
|
|
|
} |
629
|
|
|
|
630
|
|
|
// user name should be unique |
631
|
|
|
if( username_exists( $user_login ) ) |
632
|
|
|
{ |
633
|
|
|
$i = 1; |
634
|
|
|
$user_login_tmp = $user_login; |
|
|
|
|
635
|
|
|
|
636
|
|
|
do |
637
|
|
|
{ |
638
|
|
|
$user_login_tmp = $user_login . "_" . ($i++); |
639
|
|
|
} |
640
|
|
|
while( username_exists ($user_login_tmp)); |
641
|
|
|
|
642
|
|
|
$user_login = $user_login_tmp; |
643
|
|
|
} |
644
|
|
|
|
645
|
|
|
if( ! $user_email ) |
646
|
|
|
{ |
647
|
|
|
$user_email = $hybridauth_user_profile->email; |
648
|
|
|
|
649
|
|
|
// generate an email if none |
650
|
|
|
if( ! isset ( $user_email ) OR ! is_email( $user_email ) ) |
651
|
|
|
{ |
652
|
|
|
$user_email = strtolower( $provider . "_user_" . $user_login ) . '@example.com'; |
653
|
|
|
} |
654
|
|
|
|
655
|
|
|
// email should be unique |
656
|
|
|
if( wsl_wp_email_exists ( $user_email ) ) |
657
|
|
|
{ |
658
|
|
|
do |
659
|
|
|
{ |
660
|
|
|
$user_email = md5( uniqid( wp_rand( 10000, 99000 ) ) ) . '@example.com'; |
661
|
|
|
} |
662
|
|
|
while( wsl_wp_email_exists( $user_email ) ); |
663
|
|
|
} |
664
|
|
|
} |
665
|
|
|
|
666
|
|
|
$display_name = $hybridauth_user_profile->displayName; |
667
|
|
|
|
668
|
|
|
if( empty( $display_name ) ) |
669
|
|
|
{ |
670
|
|
|
$display_name = $hybridauth_user_profile->firstName; |
671
|
|
|
} |
672
|
|
|
|
673
|
|
|
if( empty( $display_name ) ) |
674
|
|
|
{ |
675
|
|
|
$display_name = strtolower( $provider ) . "_user"; |
676
|
|
|
} |
677
|
|
|
|
678
|
|
|
$userdata = array( |
679
|
|
|
'user_login' => $user_login, |
680
|
|
|
'user_email' => $user_email, |
681
|
|
|
|
682
|
|
|
'display_name' => $display_name, |
683
|
|
|
|
684
|
|
|
'first_name' => $hybridauth_user_profile->firstName, |
685
|
|
|
'last_name' => $hybridauth_user_profile->lastName, |
686
|
|
|
'user_url' => $hybridauth_user_profile->profileURL, |
687
|
|
|
'description' => $hybridauth_user_profile->description, |
688
|
|
|
|
689
|
|
|
'user_pass' => wp_generate_password() |
690
|
|
|
); |
691
|
|
|
|
692
|
|
|
// Bouncer::Membership level |
693
|
|
|
$wsl_settings_bouncer_new_users_membership_default_role = get_option( 'wsl_settings_bouncer_new_users_membership_default_role' ); |
694
|
|
|
|
695
|
|
|
// if level eq "default", we set role to wp default user role |
696
|
|
|
if( $wsl_settings_bouncer_new_users_membership_default_role == "default" ) |
697
|
|
|
{ |
698
|
|
|
$userdata['role'] = get_option('default_role'); |
699
|
|
|
} |
700
|
|
|
|
701
|
|
|
// if level not eq "default" or 'wslnorole' nor empty, we set role to the selected role in bouncer settings |
702
|
|
|
elseif( $wsl_settings_bouncer_new_users_membership_default_role && $wsl_settings_bouncer_new_users_membership_default_role != 'wslnorole' ) |
703
|
|
|
{ |
704
|
|
|
$userdata['role'] = $wsl_settings_bouncer_new_users_membership_default_role; |
705
|
|
|
} |
706
|
|
|
|
707
|
|
|
// Bouncer::User Moderation |
708
|
|
|
// > if Bouncer::User Moderation is enabled (Yield to Theme My Login), then we overwrite the user role to 'pending' |
709
|
|
|
# http://www.jfarthing.com/development/theme-my-login/user-moderation/ |
710
|
|
|
if( get_option( 'wsl_settings_bouncer_new_users_moderation_level' ) > 100 ) |
711
|
|
|
{ |
712
|
|
|
$userdata['role'] = "pending"; |
713
|
|
|
} |
714
|
|
|
|
715
|
|
|
// HOOKABLE: change the user data |
716
|
|
|
$userdata = apply_filters( 'wsl_hook_process_login_alter_wp_insert_user_data', $userdata, $provider, $hybridauth_user_profile ); |
717
|
|
|
|
718
|
|
|
// DEPRECIATED: as of 2.2.3 |
719
|
|
|
// $userdata = apply_filters( 'wsl_hook_process_login_alter_userdata', $userdata, $provider, $hybridauth_user_profile ); |
720
|
|
|
|
721
|
|
|
// HOOKABLE: This action runs just before creating a new wordpress user. |
722
|
|
|
do_action( 'wsl_hook_process_login_before_wp_insert_user', $userdata, $provider, $hybridauth_user_profile ); |
723
|
|
|
|
724
|
|
|
// DEPRECIATED: as of 2.2.3 |
725
|
|
|
// do_action( 'wsl_hook_process_login_before_insert_user', $userdata, $provider, $hybridauth_user_profile ); |
726
|
|
|
|
727
|
|
|
// HOOKABLE: This action runs just before creating a new wordpress user, it delegate user insert to a custom function. |
728
|
|
|
$user_id = apply_filters( 'wsl_hook_process_login_delegate_wp_insert_user', $userdata, $provider, $hybridauth_user_profile ); |
729
|
|
|
|
730
|
|
|
// Create a new WordPress user |
731
|
|
|
if( ! $user_id || ! is_integer( $user_id ) ) |
732
|
|
|
{ |
733
|
|
|
$user_id = wp_insert_user( $userdata ); |
734
|
|
|
} |
735
|
|
|
|
736
|
|
|
// do not continue without user_id |
737
|
|
|
if( ! $user_id || ! is_integer( $user_id ) ) |
738
|
|
|
{ |
739
|
|
|
if( is_wp_error( $user_id ) ) |
740
|
|
|
{ |
741
|
|
|
return wsl_process_login_render_notice_page( _wsl__( "An error occurred while creating a new user: ", 'wordpress-social-login' ) . $user_id->get_error_message() ); |
742
|
|
|
} |
743
|
|
|
|
744
|
|
|
return wsl_process_login_render_notice_page( _wsl__( "An error occurred while creating a new user!", 'wordpress-social-login' ) ); |
745
|
|
|
} |
746
|
|
|
|
747
|
|
|
// wp_insert_user may fail on first and last name meta, expliciting setting to correct. |
748
|
|
|
update_user_meta($user_id, 'first_name', apply_filters( 'pre_user_first_name',$userdata['first_name'])); |
749
|
|
|
update_user_meta($user_id, 'last_name', apply_filters( 'pre_user_last_name', $userdata['last_name'])); |
750
|
|
|
|
751
|
|
|
// Send notifications |
752
|
|
|
if( get_option( 'wsl_settings_users_notification' ) == 1 ) |
753
|
|
|
{ |
754
|
|
|
wsl_admin_notification( $user_id, $provider ); |
755
|
|
|
} |
756
|
|
|
|
757
|
|
|
// HOOKABLE: This action runs just after a wordpress user has been created |
758
|
|
|
// > Note: At this point, the user has been added to wordpress database, but NOT CONNECTED. |
759
|
|
|
do_action( 'wsl_hook_process_login_after_wp_insert_user', $user_id, $provider, $hybridauth_user_profile ); |
760
|
|
|
|
761
|
|
|
// DEPRECIATED: as of 2.2.3 |
762
|
|
|
// do_action( 'wsl_hook_process_login_after_create_wp_user', $user_id, $provider, $hybridauth_user_profile ); |
763
|
|
|
|
764
|
|
|
// returns the user created user id |
765
|
|
|
return $user_id; |
766
|
|
|
} |
767
|
|
|
|
768
|
|
|
// -------------------------------------------------------------------- |
769
|
|
|
|
770
|
|
|
/** |
771
|
|
|
* Store WSL user data |
772
|
|
|
* |
773
|
|
|
* Steps: |
774
|
|
|
* 1. Store Hybridauth user profile |
775
|
|
|
* 2. Import user contacts |
776
|
|
|
* 3. Launch BuddyPress Profile mapping |
777
|
|
|
*/ |
778
|
|
|
function wsl_process_login_update_wsl_user_data( $is_new_user, $user_id, $provider, $adapter, $hybridauth_user_profile, $wp_user ) |
779
|
|
|
{ |
780
|
|
|
// HOOKABLE: |
781
|
|
|
do_action( "wsl_process_login_update_wsl_user_data_start", $is_new_user, $user_id, $provider, $adapter, $hybridauth_user_profile, $wp_user ); |
782
|
|
|
|
783
|
|
|
// store user hybridauth user profile in table wslusersprofiles |
784
|
|
|
// > wsl will only sotre the user profile if it has changed since last login. |
785
|
|
|
wsl_store_hybridauth_user_profile( $user_id, $provider, $hybridauth_user_profile ); |
786
|
|
|
|
787
|
|
|
// map hybridauth user profile to buddypress xprofile table, if enabled |
788
|
|
|
// > Profile mapping will only work with new users. Profile mapping for returning users will implemented in future version of WSL. |
789
|
|
|
if( $is_new_user ) |
790
|
|
|
{ |
791
|
|
|
wsl_buddypress_xprofile_mapping( $user_id, $provider, $hybridauth_user_profile ); |
792
|
|
|
} |
793
|
|
|
|
794
|
|
|
// import user contacts into wslusersprofiles, if enabled |
795
|
|
|
// > wsl will only import the contacts list once per user per provider. |
796
|
|
|
wsl_store_hybridauth_user_contacts( $user_id, $provider, $adapter ); |
797
|
|
|
} |
798
|
|
|
|
799
|
|
|
// -------------------------------------------------------------------- |
800
|
|
|
|
801
|
|
|
/** |
802
|
|
|
* Authenticate a user within wordpress |
803
|
|
|
* |
804
|
|
|
* Ref: http://codex.wordpress.org/Function_Reference/wp_set_auth_cookie |
805
|
|
|
* Ref: http://codex.wordpress.org/Function_Reference/wp_safe_redirect |
806
|
|
|
*/ |
807
|
|
|
function wsl_process_login_authenticate_wp_user( $user_id, $provider, $redirect_to, $adapter, $hybridauth_user_profile, $wp_user ) |
808
|
|
|
{ |
809
|
|
|
// HOOKABLE: |
810
|
|
|
do_action( "wsl_process_login_authenticate_wp_user_start", $user_id, $provider, $redirect_to, $adapter, $hybridauth_user_profile, $wp_user ); |
811
|
|
|
|
812
|
|
|
// update some fields in usermeta for the current user |
813
|
|
|
update_user_meta( $user_id, 'wsl_current_provider', $provider ); |
814
|
|
|
|
815
|
|
|
if( $hybridauth_user_profile->photoURL ) |
816
|
|
|
{ |
817
|
|
|
update_user_meta( $user_id, 'wsl_current_user_image', $hybridauth_user_profile->photoURL ); |
818
|
|
|
} |
819
|
|
|
|
820
|
|
|
// Bouncer::User Moderation |
821
|
|
|
// > When Bouncer::User Moderation is enabled, WSL will check for the current user role. If equal to 'pending', then Bouncer will do the following : |
822
|
|
|
// 1. Halt the authentication process, |
823
|
|
|
// 2. Skip setting the authentication cookies for the user, |
824
|
|
|
// 3. Reset the Redirect URL to the appropriate Theme My Login page. |
825
|
|
|
$wsl_settings_bouncer_new_users_moderation_level = get_option( 'wsl_settings_bouncer_new_users_moderation_level' ); |
826
|
|
|
|
827
|
|
|
// current user role |
828
|
|
|
$role = current( $wp_user->roles ); |
829
|
|
|
|
830
|
|
|
// if role eq 'pending', we halt the authentication and we redirect the user to the appropriate url (pending=activation or pending=approval) |
831
|
|
|
if( $role == 'pending' ) |
832
|
|
|
{ |
833
|
|
|
// E-mail Confirmation |
834
|
|
|
if( $wsl_settings_bouncer_new_users_moderation_level == 101 ) |
835
|
|
|
{ |
836
|
|
|
$redirect_to = site_url( 'wp-login.php', 'login_post' ) . ( strpos( site_url( 'wp-login.php', 'login_post' ), '?' ) ? '&' : '?' ) . "pending=activation"; |
837
|
|
|
|
838
|
|
|
// send a new e-mail/activation notification - if TML not enabled, we ensure WSL to keep it quiet |
839
|
|
|
$errors = new WP_Error(); |
840
|
|
|
do_action( 'register_post', $wp_user->user_nicename, $wp_user->user_email, $errors ); |
841
|
|
|
@ Theme_My_Login_User_Moderation::new_user_activation_notification( $user_id ); |
|
|
|
|
842
|
|
|
} |
843
|
|
|
|
844
|
|
|
// Admin Approval |
845
|
|
|
elseif( $wsl_settings_bouncer_new_users_moderation_level == 102 ) |
846
|
|
|
{ |
847
|
|
|
$redirect_to = site_url( 'wp-login.php', 'login_post' ) . ( strpos( site_url( 'wp-login.php', 'login_post' ), '?' ) ? '&' : '?' ) . "pending=approval"; |
848
|
|
|
} |
849
|
|
|
} |
850
|
|
|
|
851
|
|
|
// otherwise, we connect the user with in wordpress (we give him a cookie) |
852
|
|
|
else |
853
|
|
|
{ |
854
|
|
|
// HOOKABLE: This action runs just before logging the user in (before creating a WP cookie) |
855
|
|
|
do_action( "wsl_hook_process_login_before_wp_set_auth_cookie", $user_id, $provider, $hybridauth_user_profile ); |
856
|
|
|
|
857
|
|
|
// DEPRECIATED: as of 2.2.3 |
858
|
|
|
// do_action( 'wsl_hook_process_login_before_set_auth_cookie', $user_id, $provider, $hybridauth_user_profile ); |
859
|
|
|
|
860
|
|
|
// Set WP auth cookie |
861
|
|
|
wp_set_auth_cookie( $user_id, true ); |
862
|
|
|
|
863
|
|
|
// let keep it std |
864
|
|
|
do_action( 'wp_login', $wp_user->user_login, $wp_user ); |
865
|
|
|
} |
866
|
|
|
|
867
|
|
|
// HOOKABLE: This action runs just before redirecting the user back to $redirect_to |
868
|
|
|
// > Note: If you have enabled User Moderation, then the user is NOT NECESSARILY CONNECTED |
869
|
|
|
// > within wordpress at this point (in case the user $role == 'pending'). |
870
|
|
|
// > To be sure the user is connected, use wsl_hook_process_login_before_wp_set_auth_cookie instead. |
871
|
|
|
do_action( "wsl_hook_process_login_before_wp_safe_redirect", $user_id, $provider, $hybridauth_user_profile, $redirect_to ); |
872
|
|
|
|
873
|
|
|
// DEPRECIATED: as of 2.2.3 |
874
|
|
|
// do_action( 'wsl_hook_process_login_before_set_auth_cookie', $user_id, $provider, $hybridauth_user_profile ); |
875
|
|
|
|
876
|
|
|
do_action( 'wsl_clear_user_php_session' ); |
877
|
|
|
|
878
|
|
|
// Display WSL debugging instead of redirecting the user |
879
|
|
|
// > this will give a complete report on what wsl did : database queries and fired hooks |
880
|
|
|
// wsl_display_dev_mode_debugging_area(); die(); // ! keep this line commented unless you know what you are doing :) |
881
|
|
|
|
882
|
|
|
// That's it. We done. |
883
|
|
|
wp_safe_redirect( $redirect_to ); |
884
|
|
|
|
885
|
|
|
// for good measures |
886
|
|
|
die(); |
887
|
|
|
} |
888
|
|
|
|
889
|
|
|
// -------------------------------------------------------------------- |
890
|
|
|
|
891
|
|
|
/** |
892
|
|
|
* Build required hybridauth configuration for the given provider |
893
|
|
|
*/ |
894
|
|
|
function wsl_process_login_build_provider_config( $provider ) |
895
|
|
|
{ |
896
|
|
|
require_once WORDPRESS_SOCIAL_LOGIN_ABS_PATH . 'hybridauth/library/src/autoload.php'; |
897
|
|
|
|
898
|
|
|
$config = array(); |
899
|
|
|
$config["current_page"] = Hybridauth\HttpClient\Util::getCurrentUrl(true); |
900
|
|
|
$config["callback"] = WORDPRESS_SOCIAL_LOGIN_HYBRIDAUTH_ENDPOINT_URL . 'callbacks/' . strtolower( $provider ) . '.php'; |
901
|
|
|
$config["providers"] = array(); |
902
|
|
|
$config["providers"][$provider] = array(); |
903
|
|
|
$config["providers"][$provider]["enabled"] = true; |
904
|
|
|
$config["providers"][$provider]["keys"] = array( 'id' => null, 'key' => null, 'secret' => null ); |
905
|
|
|
|
906
|
|
|
// provider application id ? |
907
|
|
View Code Duplication |
if( get_option( 'wsl_settings_' . $provider . '_app_id' ) ) |
|
|
|
|
908
|
|
|
{ |
909
|
|
|
$config["providers"][$provider]["keys"]["id"] = get_option( 'wsl_settings_' . $provider . '_app_id' ); |
910
|
|
|
} |
911
|
|
|
|
912
|
|
|
// provider application key ? |
913
|
|
View Code Duplication |
if( get_option( 'wsl_settings_' . $provider . '_app_key' ) ) |
|
|
|
|
914
|
|
|
{ |
915
|
|
|
$config["providers"][$provider]["keys"]["key"] = get_option( 'wsl_settings_' . $provider . '_app_key' ); |
916
|
|
|
} |
917
|
|
|
|
918
|
|
|
// provider application secret ? |
919
|
|
|
if( get_option( 'wsl_settings_' . $provider . '_app_secret' ) ) |
920
|
|
|
{ |
921
|
|
|
$config["providers"][$provider]["keys"]["secret"] = get_option( 'wsl_settings_' . $provider . '_app_secret' ); |
922
|
|
|
} |
923
|
|
|
|
924
|
|
|
// set custom config for facebook |
925
|
|
|
if( strtolower( $provider ) == "facebook" ) |
926
|
|
|
{ |
927
|
|
|
$config["providers"][$provider]["display"] = "popup"; |
928
|
|
|
$config["providers"][$provider]["trustForwarded"] = true; |
929
|
|
|
|
930
|
|
|
// switch to fb::display 'page' if wsl auth in page |
931
|
|
|
if( get_option( 'wsl_settings_use_popup') == 2 ) |
932
|
|
|
{ |
933
|
|
|
$config["providers"][$provider]["display"] = "page"; |
934
|
|
|
} |
935
|
|
|
|
936
|
|
|
$config["providers"][$provider]["scope"] = "email, public_profile"; |
937
|
|
|
} |
938
|
|
|
|
939
|
|
|
// set custom config for google |
940
|
|
|
if( strtolower( $provider ) == "google" ) |
941
|
|
|
{ |
942
|
|
|
$config["providers"][$provider]["scope"] = "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email"; |
943
|
|
|
} |
944
|
|
|
|
945
|
|
|
// set custom config for linkedin |
946
|
|
|
if( strtolower( $provider ) == "linkedin" ) |
947
|
|
|
{ |
948
|
|
|
$config["providers"][$provider]["scope"] = "r_liteprofile r_emailaddress"; |
949
|
|
|
} |
950
|
|
|
|
951
|
|
|
$provider_scope = isset( $config["providers"][$provider]["scope"] ) ? $config["providers"][$provider]["scope"] : null ; |
952
|
|
|
|
953
|
|
|
// HOOKABLE: allow to overwrite scopes |
954
|
|
|
$provider_scope = apply_filters( 'wsl_hook_alter_provider_scope', $provider_scope, $provider ); |
955
|
|
|
|
956
|
|
|
// XXX: Scope needs to be diffrent than null. |
957
|
|
|
if($provider_scope !== null){ |
958
|
|
|
$config["providers"][$provider]["scope"] = $provider_scope; |
959
|
|
|
} |
960
|
|
|
|
961
|
|
|
// HOOKABLE: allow to overwrite hybridauth config for the selected provider |
962
|
|
|
$config["providers"][$provider] = apply_filters( 'wsl_hook_alter_provider_config', $config["providers"][$provider], $provider ); |
963
|
|
|
|
964
|
|
|
return $config; |
965
|
|
|
} |
966
|
|
|
|
967
|
|
|
// -------------------------------------------------------------------- |
968
|
|
|
|
969
|
|
|
/** |
970
|
|
|
* Grab the user profile from social network |
971
|
|
|
*/ |
972
|
|
|
function wsl_process_login_request_user_social_profile( $provider ) |
973
|
|
|
{ |
974
|
|
|
$adapter = null; |
975
|
|
|
$config = null; |
976
|
|
|
$hybridauth_user_profile = null; |
977
|
|
|
|
978
|
|
|
try |
979
|
|
|
{ |
980
|
|
|
// get idp adapter |
981
|
|
|
$adapter = wsl_process_login_get_provider_adapter( $provider ); |
982
|
|
|
|
983
|
|
|
$config = wsl_get_provider_config_from_session_storage( $provider ); |
984
|
|
|
|
985
|
|
|
// if user authenticated successfully with social network |
986
|
|
|
if( $adapter->isConnected() ) |
987
|
|
|
{ |
988
|
|
|
// grab user profile via hybridauth api |
989
|
|
|
$hybridauth_user_profile = $adapter->getUserProfile(); |
990
|
|
|
} |
991
|
|
|
|
992
|
|
|
// if user not connected to provider (ie: session lost, url forged) |
993
|
|
|
else |
994
|
|
|
{ |
995
|
|
|
return wsl_process_login_render_notice_page( sprintf( _wsl__( "Sorry, we couldn't connect you with <b>%s</b>. <a href=\"%s\">Please try again</a>.", 'wordpress-social-login' ), $provider, site_url( 'wp-login.php', 'login_post' ) ) ); |
996
|
|
|
} |
997
|
|
|
} |
998
|
|
|
|
999
|
|
|
// if things didn't go as expected, we dispay the appropriate error message |
1000
|
|
|
catch( Exception $e ) |
1001
|
|
|
{ |
1002
|
|
|
return wsl_process_login_render_error_page( $e, $config, $provider, $adapter ); |
1003
|
|
|
} |
1004
|
|
|
|
1005
|
|
|
return $hybridauth_user_profile; |
1006
|
|
|
} |
1007
|
|
|
|
1008
|
|
|
// -------------------------------------------------------------------- |
1009
|
|
|
|
1010
|
|
|
/** |
1011
|
|
|
* Returns hybriauth idp adapter. |
1012
|
|
|
*/ |
1013
|
|
|
function wsl_process_login_get_provider_adapter( $provider ) |
1014
|
|
|
{ |
1015
|
|
|
require_once WORDPRESS_SOCIAL_LOGIN_ABS_PATH . 'hybridauth/library/src/autoload.php'; |
1016
|
|
|
|
1017
|
|
|
$config = wsl_get_provider_config_from_session_storage( $provider ); |
1018
|
|
|
|
1019
|
|
|
$hybridauth = new Hybridauth\Hybridauth( $config ); |
1020
|
|
|
|
1021
|
|
|
return $hybridauth->getAdapter( $provider ); |
1022
|
|
|
} |
1023
|
|
|
|
1024
|
|
|
// -------------------------------------------------------------------- |
1025
|
|
|
|
1026
|
|
|
/** |
1027
|
|
|
* Returns redirect_to (callback url) |
1028
|
|
|
* |
1029
|
|
|
* By default, once a user authenticate, he will be automatically redirected to the page where he come from (referer). |
1030
|
|
|
* If WSL wasn't able to identify the referer url (or if the user come wp-login.php), then they will be redirected to |
1031
|
|
|
* Widget::Redirect URL instead. |
1032
|
|
|
* |
1033
|
|
|
* When Widget::Force redirection is set to Yes, users will be always redirected to Widget::Redirect URL. |
1034
|
|
|
* |
1035
|
|
|
* Note: Widget::Redirect URL can be customised using the filter 'wsl_hook_process_login_alter_redirect_to' |
1036
|
|
|
*/ |
1037
|
|
|
function wsl_process_login_get_redirect_to() |
1038
|
|
|
{ |
1039
|
|
|
// force redirection? |
1040
|
|
|
$wsl_settings_redirect_url = get_option( 'wsl_settings_redirect_url' ); |
1041
|
|
|
|
1042
|
|
|
if( get_option( 'wsl_settings_force_redirect_url' ) == 1 ) |
1043
|
|
|
{ |
1044
|
|
|
$redirect_to = apply_filters( 'wsl_hook_process_login_alter_redirect_to', $wsl_settings_redirect_url ); |
1045
|
|
|
|
1046
|
|
|
return $redirect_to; |
1047
|
|
|
} |
1048
|
|
|
|
1049
|
|
|
// get a valid $redirect_to |
1050
|
|
|
if( isset( $_REQUEST[ 'redirect_to' ] ) && $_REQUEST[ 'redirect_to' ] != '' ) |
1051
|
|
|
{ |
1052
|
|
|
$redirect_to = $_REQUEST[ 'redirect_to' ]; |
1053
|
|
|
|
1054
|
|
|
// we don't go there.. |
1055
|
|
|
if( strpos( $redirect_to, 'wp-admin') ) |
1056
|
|
|
{ |
1057
|
|
|
$redirect_to = $wsl_settings_redirect_url; |
1058
|
|
|
} |
1059
|
|
|
|
1060
|
|
|
// nor there.. |
1061
|
|
|
if( strpos( $redirect_to, 'wp-login.php') ) |
1062
|
|
|
{ |
1063
|
|
|
$redirect_to = $wsl_settings_redirect_url; |
1064
|
|
|
} |
1065
|
|
|
} |
1066
|
|
|
|
1067
|
|
|
if( empty( $redirect_to ) ) |
1068
|
|
|
{ |
1069
|
|
|
$redirect_to = $wsl_settings_redirect_url; |
1070
|
|
|
} |
1071
|
|
|
|
1072
|
|
|
if( empty( $redirect_to ) ) |
1073
|
|
|
{ |
1074
|
|
|
$redirect_to = home_url(); |
1075
|
|
|
} |
1076
|
|
|
|
1077
|
|
|
$redirect_to = apply_filters( 'wsl_hook_process_login_alter_redirect_to', $redirect_to ); |
1078
|
|
|
|
1079
|
|
|
return $redirect_to; |
1080
|
|
|
} |
1081
|
|
|
|
1082
|
|
|
// -------------------------------------------------------------------- |
1083
|
|
|
|
1084
|
|
|
/** |
1085
|
|
|
* Display an error message in case user authentication fails |
1086
|
|
|
*/ |
1087
|
|
|
function wsl_process_login_render_error_page( $e, $config = null, $provider = null, $adapter = null ) |
1088
|
|
|
{ |
1089
|
|
|
// HOOKABLE: |
1090
|
|
|
do_action( "wsl_process_login_render_error_page", $e, $config, $provider, $adapter ); |
1091
|
|
|
|
1092
|
|
|
$assets_base_url = WORDPRESS_SOCIAL_LOGIN_PLUGIN_URL . 'assets/img/'; |
|
|
|
|
1093
|
|
|
|
1094
|
|
|
$message = ""; |
1095
|
|
|
$notes = ""; |
1096
|
|
|
$apierror = substr( $e->getMessage(), 0, 256 ); |
1097
|
|
|
|
1098
|
|
|
if( is_object( $adapter ) ) |
1099
|
|
|
{ |
1100
|
|
|
$adapter->disconnect(); |
1101
|
|
|
} |
1102
|
|
|
|
1103
|
|
|
return wsl_render_error_page( $message, $notes, $provider, $apierror, $e ); |
1104
|
|
|
} |
1105
|
|
|
|
1106
|
|
|
// -------------------------------------------------------------------- |
1107
|
|
|
|
1108
|
|
|
/** |
1109
|
|
|
* Display an notice message |
1110
|
|
|
*/ |
1111
|
|
|
function wsl_process_login_render_notice_page( $message ) |
1112
|
|
|
{ |
1113
|
|
|
// HOOKABLE: |
1114
|
|
|
do_action( "wsl_process_login_render_notice_page", $message ); |
1115
|
|
|
|
1116
|
|
|
return wsl_render_notice_page( $message ); |
1117
|
|
|
} |
1118
|
|
|
|
1119
|
|
|
// -------------------------------------------------------------------- |
1120
|
|
|
|
1121
|
|
|
/** |
1122
|
|
|
* Returns the selected provider from _REQUEST, default to null |
1123
|
|
|
*/ |
1124
|
|
|
function wsl_process_login_get_selected_provider() |
1125
|
|
|
{ |
1126
|
|
|
$provider = isset( $_REQUEST["provider"] ) ? sanitize_text_field( $_REQUEST["provider"] ) : null; |
1127
|
|
|
|
1128
|
|
|
return apply_filters( 'wsl_hook_process_login_alter_provider', $provider ) ; |
1129
|
|
|
} |
1130
|
|
|
|
1131
|
|
|
// -------------------------------------------------------------------- |
1132
|
|
|
|
1133
|
|
|
/** |
1134
|
|
|
* Returns the selected auth mode from _REQUEST, default to login |
1135
|
|
|
*/ |
1136
|
|
|
function wsl_process_login_get_auth_mode() |
1137
|
|
|
{ |
1138
|
|
|
$auth_mode = isset( $_REQUEST["mode"] ) ? sanitize_text_field( $_REQUEST["mode"] ) : 'login'; |
1139
|
|
|
|
1140
|
|
|
return apply_filters( 'wsl_hook_process_login_alter_auth_mode', $auth_mode ) ; |
1141
|
|
|
} |
1142
|
|
|
|
1143
|
|
|
// -------------------------------------------------------------------- |
1144
|
|
|
|
1145
|
|
|
/** |
1146
|
|
|
* Clear the stored data by hybridauth and wsl in php session |
1147
|
|
|
*/ |
1148
|
|
|
function wsl_process_login_clear_user_php_session() |
1149
|
|
|
{ |
1150
|
|
|
$_SESSION["HYBRIDAUTH::STORAGE"] = array(); // used by hybridauth library. to clear as soon as the auth process ends. |
1151
|
|
|
$_SESSION["wsl::userprofile"] = array(); // used by wsl to temporarily store the user profile so we don't make unnecessary calls to social apis. |
1152
|
|
|
} |
1153
|
|
|
|
1154
|
|
|
// -------------------------------------------------------------------- |
1155
|
|
|
|
1156
|
|
|
/** |
1157
|
|
|
* Returns IDP actual name |
1158
|
|
|
*/ |
1159
|
|
|
function wsl_get_provider_name_by_id( $provider_id) |
1160
|
|
|
{ |
1161
|
|
|
global $WORDPRESS_SOCIAL_LOGIN_PROVIDERS_CONFIG; |
1162
|
|
|
|
1163
|
|
|
foreach( $WORDPRESS_SOCIAL_LOGIN_PROVIDERS_CONFIG as $provider_settings ) { |
1164
|
|
|
if ( $provider_settings['provider_id'] == $provider_id ) { |
1165
|
|
|
return $provider_name = $provider_settings['provider_name']; |
|
|
|
|
1166
|
|
|
} |
1167
|
|
|
} |
1168
|
|
|
|
1169
|
|
|
return $provider_id; |
1170
|
|
|
} |
1171
|
|
|
|
1172
|
|
|
// -------------------------------------------------------------------- |
1173
|
|
|
|
1174
|
|
|
/** |
1175
|
|
|
* Check Php session |
1176
|
|
|
*/ |
1177
|
|
|
function wsl_process_login_check_php_session() |
1178
|
|
|
{ |
1179
|
|
|
if( isset( $_SESSION["wsl::plugin"] ) && $_SESSION["wsl::plugin"] ) |
1180
|
|
|
{ |
1181
|
|
|
return true; |
1182
|
|
|
} |
1183
|
|
|
} |
1184
|
|
|
|
1185
|
|
|
// -------------------------------------------------------------------- |
1186
|
|
|
|
1187
|
|
|
/** |
1188
|
|
|
* Returns redirect url for when a new account was created |
1189
|
|
|
*/ |
1190
|
|
|
function wsl_new_register_redirect_url($redirect_to) { |
1191
|
|
|
return $redirect_to; |
1192
|
|
|
} |
1193
|
|
|
add_filter("wsl_redirect_after_registration", "wsl_new_register_redirect_url", 10, 1); |
1194
|
|
|
|
1195
|
|
|
// -------------------------------------------------------------------- |
1196
|
|
|
|
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.