PluginProbe ʕ •ᴥ•ʔ
Firebase Authentication / 1.1.1
Firebase Authentication v1.1.1
1.7.0 trunk 1.0.0 1.1.1 1.1.2 1.1.3 1.1.4 1.2.0 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.8 1.5.0 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.5.9 1.6.0 1.6.1 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.6.9
firebase-authentication / firebase-authentication.php
firebase-authentication Last commit date
admin 6 years ago includes 6 years ago js 6 years ago languages 6 years ago public 6 years ago LICENSE.txt 6 years ago README.txt 6 years ago class-mo-firebase-config.php 6 years ago firebase-authentication.php 6 years ago index.php 6 years ago uninstall.php 6 years ago
firebase-authentication.php
184 lines
1 <?php
2
3
4 /**
5 *
6 * @link https://miniorange.com
7 * @since 1.0.0
8 * @package Firebase_Authentication
9 *
10 * @wordpress-plugin
11 * Plugin Name: Firebase Authentication
12 * Plugin URI: http://miniorange.com
13 * Description: This plugin allows login into Wordpress using Firebase as Identity provider.
14 * Version: 1.1.1
15 * Author: miniOrange
16 * Author URI: https://miniorange.com
17 * License: GPL2
18 */
19
20 // If this file is called directly, abort.
21 if ( ! defined( 'WPINC' ) ) {
22 die;
23 }
24
25 /**
26 * Currently plugin version.
27 * Start at version 1.0.0 and use SemVer - https://semver.org
28 * Rename this for your plugin and update it as you release new versions.
29 */
30 define( 'MO_FIREBASE_AUTHENTICATION_VERSION', '1.1.1' );
31
32 /**
33 * The code that runs during plugin activation.
34 * This action is documented in includes/class-firebase-authentication-activator.php
35 */
36 function mo_firebase_activate_firebase_authentication() {
37 require_once plugin_dir_path( __FILE__ ) . 'includes/class-firebase-authentication-activator.php';
38 MO_Firebase_Authentication_Activator::activate();
39 }
40
41 /**
42 * The code that runs during plugin deactivation.
43 * This action is documented in includes/class-firebase-authentication-deactivator.php
44 */
45 function mo_firebase_deactivate_firebase_authentication() {
46 require_once plugin_dir_path( __FILE__ ) . 'includes/class-firebase-authentication-deactivator.php';
47 MO_Firebase_Authentication_Deactivator::deactivate();
48 }
49
50 register_activation_hook( __FILE__, 'mo_firebase_activate_firebase_authentication' );
51 register_deactivation_hook( __FILE__, 'mo_firebase_deactivate_firebase_authentication' );
52
53 /**
54 * The core plugin class that is used to define internationalization,
55 * admin-specific hooks, and public-facing site hooks.
56 */
57 require plugin_dir_path( __FILE__ ) . 'includes/class-firebase-authentication.php';
58 require_once 'class-mo-firebase-config.php';
59
60 /**
61 * Begins execution of the plugin.
62 *
63 * Since everything within the plugin is registered via hooks,
64 * then kicking off the plugin from this point in the file does
65 * not affect the page life cycle.
66 *
67 * @since 1.0.0
68 */
69 function mo_firebase_run_firebase_authentication() {
70
71 $plugin = new MO_Firebase_Authentication();
72 $plugin->run();
73
74 }
75 mo_firebase_run_firebase_authentication();
76
77 class mo_firebase_authentication_login {
78 function __construct() {
79 add_action( 'init', array( $this, 'postResgiter' ) );
80 if ( get_option( 'mo_enable_firebase_auth' ) == 1 ) {
81 remove_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 );
82 remove_filter( 'authenticate', 'wp_authenticate_email_password', 20, 3 );
83 add_filter( 'authenticate', array( $this, 'mo_firebase_auth' ), 0, 3 );
84 }
85 }
86
87 function postResgiter() {
88 if ( isset( $_POST['verify_user'] ) && isset( $_REQUEST['page'] ) && sanitize_text_field( wp_unslash( $_REQUEST['page'] ) ) == 'mo_firebase_configuration' && wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['mo_firebase_auth_config_field'] ) ), 'mo_firebase_auth_config_form' ) ) {
89
90 if( current_user_can( 'administrator' ) ) {
91 update_option( 'mo_firebase_auth_disable_wordpress_login', isset( $_POST['disable_wordpress_login'] ) ? (int)filter_var( $_POST['disable_wordpress_login'], FILTER_SANITIZE_NUMBER_INT ) : 0 );
92
93 update_option('mo_firebase_auth_enable_admin_wp_login', isset($_POST['mo_firebase_auth_enable_admin_wp_login']) ? $_POST['mo_firebase_auth_enable_admin_wp_login'] : 0);
94
95 $project_id = isset( $_POST['projectid'] ) ? sanitize_text_field( $_POST['projectid'] ) : '';
96 update_option( 'mo_firebase_auth_project_id', $project_id );
97
98 $api_key = isset( $_POST['apikey'] ) ? sanitize_text_field( $_POST['apikey'] ) : '';
99 update_option( 'mo_firebase_auth_api_key', $api_key );
100
101 $response = wp_remote_get( 'https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com' );
102 if ( is_array( $response ) ) {
103 $header = $response['headers']; // array of http header lines
104 $body = $response['body']; // use the content
105
106 $split_result = explode( ":", $body );
107
108 $kid1 = substr( $split_result[0], 5, 40 );
109 $s = explode( ",", $split_result[1] );
110 $c1 = substr( $s[0], 2, 1158 );
111 $kid2 = substr( $s[1], 4, 40 );
112 $c2 = explode( "}", $split_result[2] );
113 $c2[0] = substr( $c2[0], 2, 1158 );
114 $c1 = str_replace( '\n', '', $c1 );
115 update_option( 'mo_firebase_auth_kid1', $kid1 );
116 update_option( 'mo_firebase_auth_cert1', $c1 );
117 $c2[0] = str_replace( '\n', '', $c2[0] );
118 update_option( 'mo_firebase_auth_kid2', $kid2 );
119 update_option( 'mo_firebase_auth_cert2', $c2[0] );
120 }
121 }
122 }
123 }
124
125
126 function mo_firebase_auth( $user, $username, $password ) {
127
128 if( "POST" !== sanitize_text_field( wp_unslash( $_SERVER['REQUEST_METHOD'] ) ) ) {
129 return $user;
130 }
131
132 if ( empty( $username ) || empty ( $password ) ) {
133
134 $error = new WP_Error();
135
136 if( isset( $_POST['fb_error_msg'] ) ) {
137 $error->add( 'firebase_error_msg', __( '<strong>ERROR</strong>: '.esc_html( wp_unslash( $_POST['fb_error_msg'] ) ) ) );
138 }
139
140 //create new error object and add errors to it.
141 else if ( empty( $username ) ) { //No email
142 $error->add( 'empty_username', __( '<strong>ERROR</strong>: Email field is empty.' ) );
143 }
144
145 else if ( empty( $password ) ) { //No password
146 $error->add( 'empty_password', __( '<strong>ERROR</strong>: Password field is empty.' ) );
147 }
148 return $error;
149 }
150 if ( get_option( 'mo_firebase_auth_disable_wordpress_login' ) == false ) {
151 $user = get_user_by( "login", $username );
152 if ( !$user ) {
153 $user = get_user_by( "email", $username );
154 }
155 if ( $user && wp_check_password( $password, $user->data->user_pass, $user->ID ) ) {
156 return $user;
157 }
158 }
159 else if ( get_option( 'mo_firebase_auth_enable_admin_wp_login' ) ) {
160 $user = get_user_by( "login", $username );
161 if ( !$user ) {
162 $user = get_user_by( "email", $username );
163 }
164 if ( $user && $this->is_administrator_user( $user ) ) {
165 if ( wp_check_password( $password, $user->data->user_pass, $user->ID ) ) {
166 return $user;
167 }
168 }
169 }
170 }
171
172 function is_administrator_user( $user ) {
173 $userRole = ( $user->roles );
174 if ( ! is_null( $userRole ) && in_array( 'administrator' , $userRole ) ) {
175 return true;
176 }
177 else {
178 return false;
179 }
180 }
181
182 }
183
184 $mo_firebase_authentication_obj = new mo_firebase_authentication_login();