firebase-authentication
Last commit date
admin
6 years ago
includes
6 years ago
js
6 years ago
languages
6 years ago
public
6 years ago
LICENSE.txt
6 years ago
README.txt
6 years ago
class-mo-firebase-config.php
6 years ago
firebase-authentication.php
6 years ago
index.php
6 years ago
uninstall.php
6 years ago
firebase-authentication.php
160 lines
| 1 | <?php |
| 2 | |
| 3 | |
| 4 | /** |
| 5 | * |
| 6 | * @link https://miniorange.com |
| 7 | * @since 1.0.0 |
| 8 | * @package Firebase_Authentication |
| 9 | * |
| 10 | * @wordpress-plugin |
| 11 | * Plugin Name: Firebase Authentication |
| 12 | * Plugin URI: http://miniorange.com |
| 13 | * Description: This plugin allows login into Wordpress using Firebase as Identity provider. |
| 14 | * Version: 1.0.0 |
| 15 | * Author: miniOrange |
| 16 | * Author URI: https://miniorange.com |
| 17 | * License: GPL2 |
| 18 | */ |
| 19 | |
| 20 | // If this file is called directly, abort. |
| 21 | if ( ! defined( 'WPINC' ) ) { |
| 22 | die; |
| 23 | } |
| 24 | |
| 25 | /** |
| 26 | * Currently plugin version. |
| 27 | * Start at version 1.0.0 and use SemVer - https://semver.org |
| 28 | * Rename this for your plugin and update it as you release new versions. |
| 29 | */ |
| 30 | define( 'MO_FIREBASE_AUTHENTICATION_VERSION', '1.0.0' ); |
| 31 | |
| 32 | /** |
| 33 | * The code that runs during plugin activation. |
| 34 | * This action is documented in includes/class-firebase-authentication-activator.php |
| 35 | */ |
| 36 | function mo_firebase_activate_firebase_authentication() { |
| 37 | require_once plugin_dir_path( __FILE__ ) . 'includes/class-firebase-authentication-activator.php'; |
| 38 | MO_Firebase_Authentication_Activator::activate(); |
| 39 | } |
| 40 | |
| 41 | /** |
| 42 | * The code that runs during plugin deactivation. |
| 43 | * This action is documented in includes/class-firebase-authentication-deactivator.php |
| 44 | */ |
| 45 | function mo_firebase_deactivate_firebase_authentication() { |
| 46 | require_once plugin_dir_path( __FILE__ ) . 'includes/class-firebase-authentication-deactivator.php'; |
| 47 | MO_Firebase_Authentication_Deactivator::deactivate(); |
| 48 | } |
| 49 | |
| 50 | register_activation_hook( __FILE__, 'mo_firebase_activate_firebase_authentication' ); |
| 51 | register_deactivation_hook( __FILE__, 'mo_firebase_deactivate_firebase_authentication' ); |
| 52 | |
| 53 | /** |
| 54 | * The core plugin class that is used to define internationalization, |
| 55 | * admin-specific hooks, and public-facing site hooks. |
| 56 | */ |
| 57 | require plugin_dir_path( __FILE__ ) . 'includes/class-firebase-authentication.php'; |
| 58 | require_once 'class-mo-firebase-config.php'; |
| 59 | |
| 60 | /** |
| 61 | * Begins execution of the plugin. |
| 62 | * |
| 63 | * Since everything within the plugin is registered via hooks, |
| 64 | * then kicking off the plugin from this point in the file does |
| 65 | * not affect the page life cycle. |
| 66 | * |
| 67 | * @since 1.0.0 |
| 68 | */ |
| 69 | function mo_firebase_run_firebase_authentication() { |
| 70 | |
| 71 | $plugin = new MO_Firebase_Authentication(); |
| 72 | $plugin->run(); |
| 73 | |
| 74 | } |
| 75 | mo_firebase_run_firebase_authentication(); |
| 76 | |
| 77 | class mo_firebase_authentication_login { |
| 78 | function __construct() { |
| 79 | add_action( 'init', array( $this, 'postResgiter' ) ); |
| 80 | if ( get_option( 'mo_enable_firebase_auth' ) == 1 ) { |
| 81 | remove_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 ); |
| 82 | add_filter( 'authenticate', array( $this, 'mo_firebase_auth' ), 0, 3 ); |
| 83 | } |
| 84 | } |
| 85 | |
| 86 | function postResgiter() { |
| 87 | if ( isset( $_POST['verify_user'] ) && isset( $_REQUEST['page'] ) && sanitize_text_field( wp_unslash( $_REQUEST['page'] ) ) == 'mo_firebase_configuration' && wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['mo_firebase_auth_config_field'] ) ), 'mo_firebase_auth_config_form' ) ) { |
| 88 | |
| 89 | if( current_user_can( 'administrator' ) ) { |
| 90 | update_option( 'mo_firebase_auth_disable_wordpress_login', isset( $_POST['disable_wordpress_login'] ) ? (int)filter_var( $_POST['disable_wordpress_login'], FILTER_SANITIZE_NUMBER_INT ) : 0 ); |
| 91 | |
| 92 | $project_id = isset( $_POST['projectid'] ) ? sanitize_text_field( $_POST['projectid'] ) : ''; |
| 93 | update_option( 'mo_firebase_auth_project_id', $project_id ); |
| 94 | |
| 95 | $api_key = isset( $_POST['apikey'] ) ? sanitize_text_field( $_POST['apikey'] ) : ''; |
| 96 | update_option( 'mo_firebase_auth_api_key', $api_key ); |
| 97 | |
| 98 | $response = wp_remote_get( 'https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com' ); |
| 99 | if ( is_array( $response ) ) { |
| 100 | $header = $response['headers']; // array of http header lines |
| 101 | $body = $response['body']; // use the content |
| 102 | |
| 103 | $split_result = explode( ":", $body ); |
| 104 | |
| 105 | $kid1 = substr( $split_result[0], 5, 40 ); |
| 106 | $s = explode( ",", $split_result[1] ); |
| 107 | $c1 = substr( $s[0], 2, 1158 ); |
| 108 | $kid2 = substr( $s[1], 4, 40); |
| 109 | $c2 = explode( "}", $split_result[2] ); |
| 110 | $c2[0] = substr( $c2[0], 2, 1158 ); |
| 111 | $c1 = str_replace( '\n', '', $c1 ); |
| 112 | update_option( 'mo_firebase_auth_kid1', $kid1 ); |
| 113 | update_option( 'mo_firebase_auth_cert1', $c1 ); |
| 114 | $c2[0] = str_replace( '\n', '', $c2[0] ); |
| 115 | update_option( 'mo_firebase_auth_kid2', $kid2 ); |
| 116 | update_option( 'mo_firebase_auth_cert2', $c2[0] ); |
| 117 | } |
| 118 | } |
| 119 | } |
| 120 | } |
| 121 | |
| 122 | |
| 123 | function mo_firebase_auth( $user, $username, $password ) { |
| 124 | if( "POST" !== sanitize_text_field( wp_unslash( $_SERVER['REQUEST_METHOD'] ) ) ) { |
| 125 | return $user; |
| 126 | } |
| 127 | if ( empty( $username ) || empty ( $password ) ) { |
| 128 | |
| 129 | $error = new WP_Error(); |
| 130 | |
| 131 | if( isset( $_POST['fb_error_msg'] ) ) { |
| 132 | $error->add( 'firebase_error_msg', __( '<strong>ERROR</strong>: '.esc_html( $_POST['fb_error_msg'] ) ) ); |
| 133 | } |
| 134 | |
| 135 | //create new error object and add errors to it. |
| 136 | |
| 137 | |
| 138 | else if ( empty( $username ) ) { //No email |
| 139 | $error->add( 'empty_username', __( '<strong>ERROR</strong>: Email field is empty.' ) ); |
| 140 | } |
| 141 | |
| 142 | else if ( empty( $password ) ) { //No password |
| 143 | $error->add( 'empty_password', __( '<strong>ERROR</strong>: Password field is empty.' ) ); |
| 144 | } |
| 145 | return $error; |
| 146 | } |
| 147 | if ( boolval( get_option( 'mo_firebase_auth_disable_wordpress_login' ) ) == false ) { |
| 148 | $user = get_user_by( "login", $username ); |
| 149 | if( !$user ) { |
| 150 | $user = get_user_by( "email", $username ); |
| 151 | } |
| 152 | if ( $user && wp_check_password( $password, $user->data->user_pass, $user->ID ) ) { |
| 153 | return $user; |
| 154 | } |
| 155 | } |
| 156 | } |
| 157 | |
| 158 | } |
| 159 | |
| 160 | $mo_firebase_authentication_obj = new mo_firebase_authentication_login(); |