PluginProbe ʕ •ᴥ•ʔ
Firebase Authentication / 1.3.0
Firebase Authentication v1.3.0
trunk 1.0.0 1.1.1 1.1.2 1.1.3 1.1.4 1.2.0 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.8 1.5.0 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.5.9 1.6.0 1.6.1 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.6.9
firebase-authentication / firebase-authentication.php
firebase-authentication Last commit date
admin 6 years ago includes 6 years ago js 6 years ago languages 6 years ago public 6 years ago views 6 years ago README.txt 6 years ago class-contact-us.php 6 years ago class-mo-firebase-config.php 6 years ago firebase-authentication.php 6 years ago index.php 6 years ago uninstall.php 6 years ago
firebase-authentication.php
458 lines
1 <?php
2
3
4 /**
5 *
6 * @link https://miniorange.com
7 * @since 1.0.0
8 * @package Firebase_Authentication
9 *
10 * @wordpress-plugin
11 * Plugin Name: Firebase Authentication
12 * Plugin URI: firebase-authentication
13 * Description: This plugin allows login into Wordpress using Firebase as Identity provider.
14 * Version: 1.3.0
15 * Author: miniOrange
16 * Author URI: https://miniorange.com
17 * License: MIT/Expat
18 */
19
20
21 // If this file is called directly, abort.
22 if ( ! defined( 'WPINC' ) ) {
23 die;
24 }
25
26 /**
27 * Currently plugin version.
28 * Start at version 1.0.0 and use SemVer - https://semver.org
29 * Rename this for your plugin and update it as you release new versions.
30 */
31 define( 'MO_FIREBASE_AUTHENTICATION_VERSION', '1.3.0' );
32
33 /**
34 * The code that runs during plugin activation.
35 * This action is documented in includes/class-firebase-authentication-activator.php
36 */
37 function mo_firebase_activate_firebase_authentication() {
38 require_once plugin_dir_path( __FILE__ ) . 'includes/class-firebase-authentication-activator.php';
39 MO_Firebase_Authentication_Activator::activate();
40 }
41
42 /**
43 * The code that runs during plugin deactivation.
44 * This action is documented in includes/class-firebase-authentication-deactivator.php
45 */
46 function mo_firebase_deactivate_firebase_authentication() {
47 require_once plugin_dir_path( __FILE__ ) . 'includes/class-firebase-authentication-deactivator.php';
48 MO_Firebase_Authentication_Deactivator::deactivate();
49 }
50
51 register_activation_hook( __FILE__, 'mo_firebase_activate_firebase_authentication' );
52 register_deactivation_hook( __FILE__, 'mo_firebase_deactivate_firebase_authentication' );
53
54 /**
55 * The core plugin class that is used to define internationalization,
56 * admin-specific hooks, and public-facing site hooks.
57 */
58 require plugin_dir_path( __FILE__ ) . 'includes/class-firebase-authentication.php';
59 require_once 'class-mo-firebase-config.php';
60 require('views/feedback_form.php');
61 require('class-contact-us.php');
62 require('admin/class-firebase-authentication-customer.php');
63
64
65 /**
66 * Begins execution of the plugin.
67 *
68 * Since everything within the plugin is registered via hooks,
69 * then kicking off the plugin from this point in the file does
70 * not affect the page life cycle.
71 *
72 * @since 1.0.0
73 */
74 function mo_firebase_run_firebase_authentication() {
75
76 $plugin = new MO_Firebase_Authentication();
77 $plugin->run();
78
79 }
80 mo_firebase_run_firebase_authentication();
81
82 function mo_firebase_authentication_is_customer_registered() {
83 $email = get_option('mo_firebase_authentication_admin_email');
84 // $phone = get_option('mo_firebase_authentication_admin_phone');
85 $customerKey = get_option('mo_firebase_authentication_admin_customer_key');
86 // if( ! $email || ! $phone || ! $customerKey || ! is_numeric( trim( $customerKey ) ) ) {
87 if( ! $email || ! $customerKey || ! is_numeric( trim( $customerKey ) ) ) {
88
89 return 0;
90 } else {
91 return 1;
92 }
93 }
94 function mo_firebase_authentication_is_clv() {
95 $licenseKey = get_option('mo_firebase_authentication_lk');
96 $isverified = get_option('mo_firebase_authentication_lv');
97 if($isverified)
98 $isverified = mo_firebase_authentication_decrypt($isverified);
99
100 if(!empty($licenseKey) && $isverified=="true") {
101 return 1;
102 }
103 return 0;
104 }
105
106 function mo_firebase_authentication_encrypt($str){
107 $pass = get_option("mo_firebase_authentication_customer_token");
108 $pass = str_split(str_pad('', strlen($str), $pass, STR_PAD_RIGHT));
109 $stra = str_split($str);
110 foreach($stra as $k=>$v){
111 $tmp = ord($v)+ord($pass[$k]);
112 $stra[$k] = chr( $tmp > 255 ?($tmp-256):$tmp);
113 }
114 return base64_encode(join('', $stra));
115 }
116
117 function mo_firebase_authentication_decrypt($str){
118 $str = base64_decode($str);
119 $pass = get_option("mo_firebase_authentication_customer_token");
120 $pass = str_split(str_pad('', strlen($str), $pass, STR_PAD_RIGHT));
121 $stra = str_split($str);
122 foreach($stra as $k=>$v){
123 $tmp = ord($v)-ord($pass[$k]);
124 $stra[$k] = chr( $tmp < 0 ?($tmp+256):$tmp);
125 }
126 return join('', $stra);
127 }
128
129
130 class mo_firebase_authentication_login {
131 function __construct() {
132 add_action( 'init', array( $this, 'postResgiter' ) );
133 add_action( 'admin_init', array( $this, 'mo_firebase_auth_deactivate' ) );
134 if ( get_option( 'mo_enable_firebase_auth' ) == 1 ) {
135 remove_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 );
136 remove_filter( 'authenticate', 'wp_authenticate_email_password', 20, 3 );
137 add_filter( 'authenticate', array( $this, 'mo_firebase_auth' ), 0, 3 );
138 }
139 remove_action( 'admin_notices', array( $this, 'mo_firebase_auth_success_message') );
140 remove_action( 'admin_notices', array( $this, 'mo_firebase_auth_error_message') );
141 add_action( 'admin_footer', array( $this, 'mo_firebase_auth_feedback_request' ) );
142 update_option( 'host_name', 'https://login.xecurify.com' );
143 }
144
145 function postResgiter() {
146 if ( isset( $_POST['verify_user'] ) && isset( $_REQUEST['page'] ) && sanitize_text_field( wp_unslash( $_REQUEST['page'] ) ) == 'mo_firebase_authentication' && wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['mo_firebase_auth_config_field'] ) ), 'mo_firebase_auth_config_form' ) ) {
147
148 if( current_user_can( 'administrator' ) ) {
149 update_option( 'mo_firebase_auth_disable_wordpress_login', isset( $_POST['disable_wordpress_login'] ) ? (int)filter_var( $_POST['disable_wordpress_login'], FILTER_SANITIZE_NUMBER_INT ) : 0 );
150
151 update_option('mo_firebase_auth_enable_admin_wp_login', isset($_POST['mo_firebase_auth_enable_admin_wp_login']) ? $_POST['mo_firebase_auth_enable_admin_wp_login'] : 0);
152
153 $project_id = isset( $_POST['projectid'] ) ? sanitize_text_field( $_POST['projectid'] ) : '';
154 update_option( 'mo_firebase_auth_project_id', $project_id );
155
156 $api_key = isset( $_POST['apikey'] ) ? sanitize_text_field( $_POST['apikey'] ) : '';
157 update_option( 'mo_firebase_auth_api_key', $api_key );
158
159 $response = wp_remote_get( 'https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com' );
160 if ( is_array( $response ) ) {
161 $header = $response['headers']; // array of http header lines
162 $body = $response['body']; // use the content
163
164 $split_result = explode( ":", $body );
165 $count = count( $split_result );
166 $kid1 = substr( $split_result[0], 5, 40 );
167 $s = explode( ",", $split_result[1] );
168 $c1 = substr( $s[0], 2, 1158 );
169 $c1 = str_replace( '\n', '', $c1 );
170 update_option( 'mo_firebase_auth_kid1', $kid1 );
171 update_option( 'mo_firebase_auth_cert1', $c1 );
172 if( $count == 3 ) {
173 $kid2 = substr( $s[1], 4, 40 );
174 $c2 = explode( "}", $split_result[2] );
175 $c2[0] = substr( $c2[0], 2, 1158 );
176 $c2[0] = str_replace( '\n', '', $c2[0] );
177 update_option( 'mo_firebase_auth_kid2', $kid2 );
178 update_option( 'mo_firebase_auth_cert2', $c2[0] );
179 } else if ( $count > 3) {
180 $kid2 = substr( $s[1], 4, 40 );
181 $s2 = explode( ",", $split_result[2] );
182 $c2 = substr( $s2[0], 2, 1158 );
183 $kid3 = substr( $s2[1], 4, 40 );
184 $c3 = explode( "}", $split_result[3] );
185 $c3[0] = substr( $c3[0], 2, 1158 );
186 $c2 = str_replace( '\n', '', $c2 );
187 update_option( 'mo_firebase_auth_kid2', $kid2 );
188 update_option( 'mo_firebase_auth_cert2', $c2 );
189 $c3[0] = str_replace( '\n', '', $c3[0] );
190 update_option( 'mo_firebase_auth_kid3', $kid3 );
191 update_option( 'mo_firebase_auth_cert3', $c3[0] );
192 }
193 }
194 }
195 }
196 }
197
198
199 function mo_firebase_auth( $user, $username, $password ) {
200 if( "POST" !== sanitize_text_field( wp_unslash( $_SERVER['REQUEST_METHOD'] ) ) ) {
201 return $user;
202 }
203
204 if ( empty( $username ) || empty ( $password ) ) {
205
206 $error = new WP_Error();
207
208 if( isset( $_POST['fb_error_msg'] ) ) {
209 $error_msg = esc_html( wp_unslash( $_POST['fb_error_msg'] ) );
210 if (strpos($error_msg, 'API key not valid. Please pass a valid API key.') !== false) {
211 $error_msg = "API key not valid. Please pass a valid API key.";
212 }
213 $error->add( 'firebase_error_msg', __( '<strong>ERROR</strong>: '.$error_msg ) );
214 }
215
216 //create new error object and add errors to it.
217 else if ( empty( $username ) ) { //No email
218 $error->add( 'empty_username', __( '<strong>ERROR</strong>: Email field is empty.' ) );
219 }
220
221 else if ( empty( $password ) ) { //No password
222 $error->add( 'empty_password', __( '<strong>ERROR</strong>: Password field is empty.' ) );
223 }
224 return $error;
225 }
226 if ( get_option( 'mo_firebase_auth_disable_wordpress_login' ) == false ) {
227 $user = get_user_by( "login", $username );
228 if ( !$user ) {
229 $user = get_user_by( "email", $username );
230 }
231 if ( $user && wp_check_password( $password, $user->data->user_pass, $user->ID ) ) {
232 return $user;
233 }
234 }
235 else if ( get_option( 'mo_firebase_auth_enable_admin_wp_login' ) ) {
236 $user = get_user_by( "login", $username );
237 if ( !$user ) {
238 $user = get_user_by( "email", $username );
239 }
240 if ( $user && $this->is_administrator_user( $user ) ) {
241 if ( wp_check_password( $password, $user->data->user_pass, $user->ID ) ) {
242 return $user;
243 }
244 }
245 }
246 }
247
248 function mo_firebase_auth_success_message() {
249 $class = "error";
250 $message = get_option('mo_firebase_auth_message');
251 echo "<div class='" . $class . "'> <p>" . $message . "</p></div>";
252 }
253
254 function mo_firebase_auth_error_message() {
255 $class = "updated";
256 $message = get_option('mo_firebase_auth_message');
257 echo "<div class='" . $class . "'><p>" . $message . "</p></div>";
258 }
259
260 function is_administrator_user( $user ) {
261 $userRole = ( $user->roles );
262 if ( ! is_null( $userRole ) && in_array( 'administrator' , $userRole ) ) {
263 return true;
264 }
265 else {
266 return false;
267 }
268 }
269
270 private function mo_firebase_auth_show_success_message() {
271 remove_action( 'admin_notices', array( $this, 'mo_firebase_auth_success_message') );
272 add_action( 'admin_notices', array( $this, 'mo_firebase_auth_error_message') );
273 }
274
275 private function mo_firebase_auth_show_error_message() {
276 remove_action( 'admin_notices', array( $this, 'mo_firebase_auth_error_message') );
277 add_action( 'admin_notices', array( $this, 'mo_firebase_auth_success_message') );
278 }
279
280 function mo_firebase_auth_feedback_request() {
281 mo_firebase_auth_display_feedback_form();
282 }
283
284 private function mo_firebase_authentication_check_empty_or_null( $value ) {
285 if( ! isset( $value ) || empty( $value ) ) {
286 return true;
287 }
288 return false;
289 }
290
291 function mo_firebase_auth_deactivate(){
292
293 if ( isset( $_POST['option'] ) ) {
294
295 if( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == "mo_firebase_authentication_change_email" ) {
296 //Adding back button
297 update_option('mo_firebase_authentication_verify_customer', '');
298 update_option('mo_firebase_authentication_registration_status','');
299 update_option('mo_firebase_authentication_new_registration','true');
300 }
301
302 if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == "change_miniorange" ) {
303 require_once plugin_dir_path( __FILE__ ) . 'includes/class-firebase-authentication-deactivator.php';
304 MO_Firebase_Authentication_Deactivator::deactivate();
305 return;
306 }
307
308 if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == "mo_firebase_authentication_register_customer" ) { //register the admin to miniOrange
309 //validation and sanitization
310 $email = '';
311 $phone = '';
312 $password = '';
313 $confirmPassword = '';
314 $fname = '';
315 $lname = '';
316 $company = '';
317 if ( $this->mo_firebase_authentication_check_empty_or_null( $_POST['email'] ) || $this->mo_firebase_authentication_check_empty_or_null( $_POST['password'] ) || $this->mo_firebase_authentication_check_empty_or_null( $_POST['confirmPassword'] ) ) {
318 update_option( 'mo_firebase_auth_message', 'All the fields are required. Please enter valid entries.');
319 $this->mo_firebase_auth_show_error_message();
320 return;
321 } else if ( strlen( $_POST['password'] ) < 8 || strlen( $_POST['confirmPassword'] ) < 8) {
322 update_option( 'mo_firebase_auth_message', 'Choose a password with minimum length 8.');
323 $this->mo_firebase_auth_show_error_message();
324 return;
325 } else {
326 $email = sanitize_email( $_POST['email'] );
327 $phone = stripslashes( $_POST['phone'] );
328 $password = stripslashes( $_POST['password'] );
329 $confirmPassword = stripslashes( $_POST['confirmPassword'] );
330 $fname = stripslashes( $_POST['fname'] );
331 $lname = stripslashes( $_POST['lname' ] );
332 $company = stripslashes( $_POST['company'] );
333 }
334
335 update_option( 'mo_firebase_authentication_admin_email', $email );
336 update_option( 'mo_firebase_authentication_admin_phone', $phone );
337 update_option( 'mo_firebase_authentication_admin_fname', $fname );
338 update_option( 'mo_firebase_authentication_admin_lname', $lname );
339 update_option( 'mo_firebase_authentication_admin_company', $company );
340
341 if ( strcmp( $password, $confirmPassword) == 0 ) {
342 update_option( 'password', $password );
343 $customer = new MO_Firebase_Customer();
344 $email = get_option('mo_firebase_authentication_admin_email');
345 $content = json_decode( $customer->check_customer(), true );
346
347 if ( strcasecmp( $content['status'], 'CUSTOMER_NOT_FOUND') == 0 ) {
348 $response = json_decode( $customer->create_customer(), true );
349 if ( strcasecmp( $response['status'], 'SUCCESS' ) != 0 ) {
350 update_option( 'mo_firebase_auth_message', 'Failed to create customer. Try again.' );
351 }
352 $this->mo_firebase_auth_show_success_message();
353 } elseif ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
354 update_option( 'mo_firebase_auth_message', 'Account already exist. Please Login.' );
355 } else {
356 update_option( 'mo_firebase_auth_message', $content['status'] );
357 }
358 $this->mo_firebase_auth_show_success_message();
359
360 } else {
361 update_option( 'mo_firebase_auth_message', 'Passwords do not match.');
362 delete_option('mo_firebase_authentication_verify_customer');
363 $this->mo_firebase_auth_show_error_message();
364 }
365
366 } if( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == "mo_firebase_authentication_goto_login" ) {
367 delete_option( 'mo_firebase_authentication_new_registration' );
368 update_option( 'mo_firebase_authentication_verify_customer', 'true' );
369
370 } if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == 'mo_enable_firebase_auth' && wp_verify_nonce( $_REQUEST['mo_firebase_auth_enable_field'], 'mo_firebase_auth_enable_form' ) ){
371 update_option( 'mo_enable_firebase_auth', isset( $_POST['mo_enable_firebase_auth'] ) ? (int)filter_var( $_POST['mo_enable_firebase_auth'], FILTER_SANITIZE_NUMBER_INT ) : 0 );
372
373 } else if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == 'mo_firebase_auth_contact_us' && isset($_REQUEST['mo_firebase_auth_contact_us_field']) && wp_verify_nonce( $_REQUEST['mo_firebase_auth_contact_us_field'], 'mo_firebase_auth_contact_us_form' ) ) {
374 $email = isset( $_POST['mo_firebase_auth_contact_us_email'] ) ? sanitize_email( $_POST['mo_firebase_auth_contact_us_email'] ) : "";
375 $phone = "+ ".preg_replace( '/[^0-9]/', '', $_POST['mo_firebase_auth_contact_us_phone'] );
376 //$phone = sanitize_textarea_field($_POST['mo_firebase_auth_contact_us_phone']);
377 $query = isset( $_POST['mo_firebase_auth_contact_us_query'] ) ? sanitize_textarea_field( $_POST['mo_firebase_auth_contact_us_query'] ) : "";
378 if ( $this->mo_firebase_authentication_check_empty_or_null( $email ) || $this->mo_firebase_authentication_check_empty_or_null( $query ) ) {
379 echo '<br><b style=color:red>Please fill up Email and Query fields to submit your query.</b>';
380 } else {
381 $contact_us = new MO_Firebase_contact_us();
382 $submited = $contact_us->mo_firebase_auth_contact_us( $email, $phone, $query );
383 if ( $submited == false ) {
384 update_option( 'mo_firebase_auth_message', 'Your query could not be submitted. Please try again.' );
385 $this->mo_firebase_auth_show_error_message();
386 } else {
387 update_option( 'mo_firebase_auth_message', 'Thanks for getting in touch! We shall get back to you shortly.' );
388 $this->mo_firebase_auth_show_success_message();
389 }
390 }
391
392 } else if( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == "mo_firebase_authentication_verify_customer" ) {//register the admin to miniOrange
393 //validation and sanitization
394 $email = '';
395 $password = '';
396 if( $this->mo_firebase_authentication_check_empty_or_null( $_POST['email'] ) || $this->mo_firebase_authentication_check_empty_or_null( $_POST['password'] ) ) {
397 update_option( 'mo_firebase_auth_message', 'All the fields are required. Please enter valid entries.');
398 $this->mo_firebase_auth_show_error_message();
399 return;
400 } else{
401 $email = sanitize_email( $_POST['email'] );
402 $password = stripslashes( $_POST['password'] );
403 }
404
405 update_option( 'mo_firebase_authentication_admin_email', $email );
406 update_option( 'password', $password );
407 $customer = new MO_Firebase_Customer();
408 $content = $customer->mo_firebase_auth_get_customer_key();
409 $customerKey = json_decode( $content, true );
410 if( json_last_error() == JSON_ERROR_NONE ) {
411 update_option( 'mo_firebase_authentication_admin_customer_key', $customerKey['id'] );
412 update_option( 'mo_firebase_authentication_admin_api_key', $customerKey['apiKey'] );
413 update_option( 'mo_firebase_authentication_customer_token', $customerKey['token'] );
414 if( isset( $customerKey['phone'] ) )
415 update_option( 'mo_firebase_authentication_admin_phone', $customerKey['phone'] );
416 delete_option( 'password' );
417 update_option( 'mo_firebase_auth_message', 'Customer retrieved successfully');
418 delete_option( 'mo_firebase_authentication_verify_customer' );
419 $this->mo_firebase_auth_show_success_message();
420 } else {
421 update_option( 'mo_firebase_auth_message', 'Invalid username or password. Please try again.');
422 $this->mo_firebase_auth_show_error_message();
423 }
424
425 } else if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == 'mo_firebase_auth_skip_feedback' ) {
426 deactivate_plugins( __FILE__ );
427 update_option( 'mo_firebase_auth_message', 'Plugin deactivated successfully' );
428 $this->mo_firebase_auth_show_success_message();
429
430 } else if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == 'mo_firebase_auth_feedback' && isset($_REQUEST['mo_firebase_auth_feedback_field']) && wp_verify_nonce( $_REQUEST['mo_firebase_auth_feedback_field'], 'mo_firebase_auth_feedback_form' ) ) {
431 $user = wp_get_current_user();
432 $message = 'Plugin Deactivated:';
433 $deactivate_reason = array_key_exists( 'deactivate_reason_radio', $_POST ) ? $_POST['deactivate_reason_radio'] : false;
434 $deactivate_reason_message = array_key_exists( 'query_feedback', $_POST ) ? $_POST['query_feedback'] : false;
435 if ( $deactivate_reason ) {
436 $message .= $deactivate_reason;
437 if ( isset( $deactivate_reason_message ) ) {
438 $message .= ':' . $deactivate_reason_message;
439 }
440
441 $email = $user->user_email;
442 $contact_us = new MO_Firebase_contact_us();
443 $submited = json_decode( $contact_us->mo_firebase_auth_send_email_alert( $email, $message, "Feedback: WordPress Firebase Authentication" ), true );
444 deactivate_plugins( __FILE__ );
445 update_option( 'mo_firebase_auth_message', 'Thank you for the feedback.' );
446 $this->mo_firebase_auth_show_success_message();
447
448 } else {
449 update_option( 'mo_firebase_auth_message', 'Please Select one of the reasons ,if your reason is not mentioned please select Other Reasons' );
450 $this->mo_firebase_auth_show_error_message();
451 }
452 }
453 }
454 }
455
456 }
457
458 $mo_firebase_authentication_obj = new mo_firebase_authentication_login();