PluginProbe ʕ •ᴥ•ʔ
Firebase Authentication / 1.3.4
Firebase Authentication v1.3.4
trunk 1.0.0 1.1.1 1.1.2 1.1.3 1.1.4 1.2.0 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.8 1.5.0 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.5.9 1.6.0 1.6.1 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.6.9
firebase-authentication / firebase-authentication.php
firebase-authentication Last commit date
admin 6 years ago includes 6 years ago js 6 years ago languages 6 years ago public 6 years ago views 6 years ago README.txt 6 years ago class-contact-us.php 6 years ago class-mo-firebase-config.php 6 years ago firebase-authentication.php 6 years ago index.php 6 years ago uninstall.php 6 years ago
firebase-authentication.php
460 lines
1 <?php
2
3
4 /**
5 *
6 * @link https://miniorange.com
7 * @since 1.0.0
8 * @package Firebase_Authentication
9 *
10 * @wordpress-plugin
11 * Plugin Name: Firebase Authentication
12 * Plugin URI: firebase-authentication
13 * Description: This plugin allows login into Wordpress using Firebase as Identity provider.
14 * Version: 1.3.4
15 * Author: miniOrange
16 * Author URI: https://miniorange.com
17 * License: MIT/Expat
18 */
19
20
21 // If this file is called directly, abort.
22 if ( ! defined( 'WPINC' ) ) {
23 die;
24 }
25
26 /**
27 * Currently plugin version.
28 * Start at version 1.0.0 and use SemVer - https://semver.org
29 * Rename this for your plugin and update it as you release new versions.
30 */
31 define( 'MO_FIREBASE_AUTHENTICATION_VERSION', '1.3.4' );
32
33 /**
34 * The code that runs during plugin activation.
35 * This action is documented in includes/class-firebase-authentication-activator.php
36 */
37 function mo_firebase_activate_firebase_authentication() {
38 require_once plugin_dir_path( __FILE__ ) . 'includes/class-firebase-authentication-activator.php';
39 MO_Firebase_Authentication_Activator::activate();
40 }
41
42 /**
43 * The code that runs during plugin deactivation.
44 * This action is documented in includes/class-firebase-authentication-deactivator.php
45 */
46 function mo_firebase_deactivate_firebase_authentication() {
47 require_once plugin_dir_path( __FILE__ ) . 'includes/class-firebase-authentication-deactivator.php';
48 MO_Firebase_Authentication_Deactivator::deactivate();
49 }
50
51 register_activation_hook( __FILE__, 'mo_firebase_activate_firebase_authentication' );
52 register_deactivation_hook( __FILE__, 'mo_firebase_deactivate_firebase_authentication' );
53
54 /**
55 * The core plugin class that is used to define internationalization,
56 * admin-specific hooks, and public-facing site hooks.
57 */
58 require plugin_dir_path( __FILE__ ) . 'includes/class-firebase-authentication.php';
59 require_once 'class-mo-firebase-config.php';
60 require('views/feedback_form.php');
61 require('class-contact-us.php');
62 require('admin/class-firebase-authentication-customer.php');
63
64
65 /**
66 * Begins execution of the plugin.
67 *
68 * Since everything within the plugin is registered via hooks,
69 * then kicking off the plugin from this point in the file does
70 * not affect the page life cycle.
71 *
72 * @since 1.0.0
73 */
74 function mo_firebase_run_firebase_authentication() {
75
76 $plugin = new MO_Firebase_Authentication();
77 $plugin->run();
78
79 }
80 mo_firebase_run_firebase_authentication();
81
82 function mo_firebase_authentication_is_customer_registered() {
83 $email = get_option('mo_firebase_authentication_admin_email');
84 // $phone = get_option('mo_firebase_authentication_admin_phone');
85 $customerKey = get_option('mo_firebase_authentication_admin_customer_key');
86 // if( ! $email || ! $phone || ! $customerKey || ! is_numeric( trim( $customerKey ) ) ) {
87 if( ! $email || ! $customerKey || ! is_numeric( trim( $customerKey ) ) ) {
88
89 return 0;
90 } else {
91 return 1;
92 }
93 }
94 function mo_firebase_authentication_is_clv() {
95 $licenseKey = get_option('mo_firebase_authentication_lk');
96 $isverified = get_option('mo_firebase_authentication_lv');
97 if($isverified)
98 $isverified = mo_firebase_authentication_decrypt($isverified);
99
100 if(!empty($licenseKey) && $isverified=="true") {
101 return 1;
102 }
103 return 0;
104 }
105
106 function mo_firebase_authentication_encrypt($str){
107 $pass = get_option("mo_firebase_authentication_customer_token");
108 $pass = str_split(str_pad('', strlen($str), $pass, STR_PAD_RIGHT));
109 $stra = str_split($str);
110 foreach($stra as $k=>$v){
111 $tmp = ord($v)+ord($pass[$k]);
112 $stra[$k] = chr( $tmp > 255 ?($tmp-256):$tmp);
113 }
114 return base64_encode(join('', $stra));
115 }
116
117 function mo_firebase_authentication_decrypt($str){
118 $str = base64_decode($str);
119 $pass = get_option("mo_firebase_authentication_customer_token");
120 $pass = str_split(str_pad('', strlen($str), $pass, STR_PAD_RIGHT));
121 $stra = str_split($str);
122 foreach($stra as $k=>$v){
123 $tmp = ord($v)-ord($pass[$k]);
124 $stra[$k] = chr( $tmp < 0 ?($tmp+256):$tmp);
125 }
126 return join('', $stra);
127 }
128
129
130 class mo_firebase_authentication_login {
131 function __construct() {
132 add_action( 'init', array( $this, 'postResgiter' ) );
133 add_action( 'admin_init', array( $this, 'mo_firebase_auth_deactivate' ) );
134 if ( get_option( 'mo_enable_firebase_auth' ) == 1 ) {
135 remove_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 );
136 remove_filter( 'authenticate', 'wp_authenticate_email_password', 20, 3 );
137 add_filter( 'authenticate', array( $this, 'mo_firebase_auth' ), 0, 3 );
138 }
139 remove_action( 'admin_notices', array( $this, 'mo_firebase_auth_success_message') );
140 remove_action( 'admin_notices', array( $this, 'mo_firebase_auth_error_message') );
141 add_action( 'admin_footer', array( $this, 'mo_firebase_auth_feedback_request' ) );
142 update_option( 'host_name', 'https://login.xecurify.com' );
143 }
144
145 function postResgiter() {
146 if ( isset( $_POST['verify_user'] ) && isset( $_REQUEST['page'] ) && sanitize_text_field( wp_unslash( $_REQUEST['page'] ) ) == 'mo_firebase_authentication' && wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['mo_firebase_auth_config_field'] ) ), 'mo_firebase_auth_config_form' ) ) {
147
148 if( current_user_can( 'administrator' ) ) {
149 update_option( 'mo_firebase_auth_disable_wordpress_login', isset( $_POST['disable_wordpress_login'] ) ? (int)filter_var( $_POST['disable_wordpress_login'], FILTER_SANITIZE_NUMBER_INT ) : 0 );
150
151 update_option('mo_firebase_auth_enable_admin_wp_login', isset($_POST['mo_firebase_auth_enable_admin_wp_login']) ? $_POST['mo_firebase_auth_enable_admin_wp_login'] : 0);
152
153 $project_id = isset( $_POST['projectid'] ) ? sanitize_text_field( $_POST['projectid'] ) : '';
154 update_option( 'mo_firebase_auth_project_id', $project_id );
155
156 $api_key = isset( $_POST['apikey'] ) ? sanitize_text_field( $_POST['apikey'] ) : '';
157 update_option( 'mo_firebase_auth_api_key', $api_key );
158
159 $response = wp_remote_get( 'https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com' );
160 if ( is_array( $response ) ) {
161 $header = $response['headers']; // array of http header lines
162 $body = $response['body']; // use the content
163
164 $split_result = explode( ":", $body );
165 $count = count( $split_result );
166 $kid1 = substr( $split_result[0], 5, 40 );
167 $s = explode( ",", $split_result[1] );
168 $c1 = substr( $s[0], 2, 1158 );
169 $c1 = str_replace( '\n', '', $c1 );
170 update_option( 'mo_firebase_auth_kid1', $kid1 );
171 update_option( 'mo_firebase_auth_cert1', $c1 );
172 if( $count == 3 ) {
173 $kid2 = substr( $s[1], 4, 40 );
174 $c2 = explode( "}", $split_result[2] );
175 $c2[0] = substr( $c2[0], 2, 1158 );
176 $c2[0] = str_replace( '\n', '', $c2[0] );
177 update_option( 'mo_firebase_auth_kid2', $kid2 );
178 update_option( 'mo_firebase_auth_cert2', $c2[0] );
179 } else if ( $count > 3) {
180 $kid2 = substr( $s[1], 4, 40 );
181 $s2 = explode( ",", $split_result[2] );
182 $c2 = substr( $s2[0], 2, 1158 );
183 $kid3 = substr( $s2[1], 4, 40 );
184 $c3 = explode( "}", $split_result[3] );
185 $c3[0] = substr( $c3[0], 2, 1158 );
186 $c2 = str_replace( '\n', '', $c2 );
187 update_option( 'mo_firebase_auth_kid2', $kid2 );
188 update_option( 'mo_firebase_auth_cert2', $c2 );
189 $c3[0] = str_replace( '\n', '', $c3[0] );
190 update_option( 'mo_firebase_auth_kid3', $kid3 );
191 update_option( 'mo_firebase_auth_cert3', $c3[0] );
192 }
193 }
194 update_option( 'mo_firebase_auth_message', 'Configurations saved successfully. Please <a href="' . admin_url( 'admin.php?page=mo_firebase_authentication&tab=config#test_authentication' ) .'">Test Authentication</a> before trying to Login.');
195 $this->mo_firebase_auth_show_success_message();
196 }
197 }
198 }
199
200
201 function mo_firebase_auth( $user, $username, $password ) {
202 if( "POST" !== sanitize_text_field( wp_unslash( $_SERVER['REQUEST_METHOD'] ) ) ) {
203 return $user;
204 }
205
206 if ( empty( $username ) || empty ( $password ) ) {
207
208 $error = new WP_Error();
209
210 if( isset( $_POST['fb_error_msg'] ) ) {
211 $error_msg = esc_html( wp_unslash( $_POST['fb_error_msg'] ) );
212 if (strpos($error_msg, 'API key not valid. Please pass a valid API key.') !== false) {
213 $error_msg = "API key not valid. Please pass a valid API key.";
214 }
215 $error->add( 'firebase_error_msg', __( '<strong>ERROR</strong>: '.$error_msg ) );
216 }
217
218 //create new error object and add errors to it.
219 else if ( empty( $username ) ) { //No email
220 $error->add( 'empty_username', __( '<strong>ERROR</strong>: Email field is empty.' ) );
221 }
222
223 else if ( empty( $password ) ) { //No password
224 $error->add( 'empty_password', __( '<strong>ERROR</strong>: Password field is empty.' ) );
225 }
226 return $error;
227 }
228 if ( get_option( 'mo_firebase_auth_disable_wordpress_login' ) == false ) {
229 $user = get_user_by( "login", $username );
230 if ( !$user ) {
231 $user = get_user_by( "email", $username );
232 }
233 if ( $user && wp_check_password( $password, $user->data->user_pass, $user->ID ) ) {
234 return $user;
235 }
236 }
237 else if ( get_option( 'mo_firebase_auth_enable_admin_wp_login' ) ) {
238 $user = get_user_by( "login", $username );
239 if ( !$user ) {
240 $user = get_user_by( "email", $username );
241 }
242 if ( $user && $this->is_administrator_user( $user ) ) {
243 if ( wp_check_password( $password, $user->data->user_pass, $user->ID ) ) {
244 return $user;
245 }
246 }
247 }
248 }
249
250 function mo_firebase_auth_success_message() {
251 $class = "error";
252 $message = get_option('mo_firebase_auth_message');
253 echo "<div class='" . $class . "'> <p>" . $message . "</p></div>";
254 }
255
256 function mo_firebase_auth_error_message() {
257 $class = "updated";
258 $message = get_option('mo_firebase_auth_message');
259 echo "<div class='" . $class . "'><p>" . $message . "</p></div>";
260 }
261
262 function is_administrator_user( $user ) {
263 $userRole = ( $user->roles );
264 if ( ! is_null( $userRole ) && in_array( 'administrator' , $userRole ) ) {
265 return true;
266 }
267 else {
268 return false;
269 }
270 }
271
272 private function mo_firebase_auth_show_success_message() {
273 remove_action( 'admin_notices', array( $this, 'mo_firebase_auth_success_message') );
274 add_action( 'admin_notices', array( $this, 'mo_firebase_auth_error_message') );
275 }
276
277 private function mo_firebase_auth_show_error_message() {
278 remove_action( 'admin_notices', array( $this, 'mo_firebase_auth_error_message') );
279 add_action( 'admin_notices', array( $this, 'mo_firebase_auth_success_message') );
280 }
281
282 function mo_firebase_auth_feedback_request() {
283 mo_firebase_auth_display_feedback_form();
284 }
285
286 private function mo_firebase_authentication_check_empty_or_null( $value ) {
287 if( ! isset( $value ) || empty( $value ) ) {
288 return true;
289 }
290 return false;
291 }
292
293 function mo_firebase_auth_deactivate(){
294
295 if ( isset( $_POST['option'] ) ) {
296
297 if( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == "mo_firebase_authentication_change_email" ) {
298 //Adding back button
299 update_option('mo_firebase_authentication_verify_customer', '');
300 update_option('mo_firebase_authentication_registration_status','');
301 update_option('mo_firebase_authentication_new_registration','true');
302 }
303
304 if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == "change_miniorange" ) {
305 require_once plugin_dir_path( __FILE__ ) . 'includes/class-firebase-authentication-deactivator.php';
306 MO_Firebase_Authentication_Deactivator::deactivate();
307 return;
308 }
309
310 if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == "mo_firebase_authentication_register_customer" ) { //register the admin to miniOrange
311 //validation and sanitization
312 $email = '';
313 $phone = '';
314 $password = '';
315 $confirmPassword = '';
316 $fname = '';
317 $lname = '';
318 $company = '';
319 if ( $this->mo_firebase_authentication_check_empty_or_null( $_POST['email'] ) || $this->mo_firebase_authentication_check_empty_or_null( $_POST['password'] ) || $this->mo_firebase_authentication_check_empty_or_null( $_POST['confirmPassword'] ) ) {
320 update_option( 'mo_firebase_auth_message', 'All the fields are required. Please enter valid entries.');
321 $this->mo_firebase_auth_show_error_message();
322 return;
323 } else if ( strlen( $_POST['password'] ) < 8 || strlen( $_POST['confirmPassword'] ) < 8) {
324 update_option( 'mo_firebase_auth_message', 'Choose a password with minimum length 8.');
325 $this->mo_firebase_auth_show_error_message();
326 return;
327 } else {
328 $email = sanitize_email( $_POST['email'] );
329 $phone = stripslashes( $_POST['phone'] );
330 $password = stripslashes( $_POST['password'] );
331 $confirmPassword = stripslashes( $_POST['confirmPassword'] );
332 $fname = stripslashes( $_POST['fname'] );
333 $lname = stripslashes( $_POST['lname' ] );
334 $company = stripslashes( $_POST['company'] );
335 }
336
337 update_option( 'mo_firebase_authentication_admin_email', $email );
338 update_option( 'mo_firebase_authentication_admin_phone', $phone );
339 update_option( 'mo_firebase_authentication_admin_fname', $fname );
340 update_option( 'mo_firebase_authentication_admin_lname', $lname );
341 update_option( 'mo_firebase_authentication_admin_company', $company );
342
343 if ( strcmp( $password, $confirmPassword) == 0 ) {
344 update_option( 'password', $password );
345 $customer = new MO_Firebase_Customer();
346 $email = get_option('mo_firebase_authentication_admin_email');
347 $content = json_decode( $customer->check_customer(), true );
348
349 if ( strcasecmp( $content['status'], 'CUSTOMER_NOT_FOUND') == 0 ) {
350 $response = json_decode( $customer->create_customer(), true );
351 if ( strcasecmp( $response['status'], 'SUCCESS' ) != 0 ) {
352 update_option( 'mo_firebase_auth_message', 'Failed to create customer. Try again.' );
353 }
354 $this->mo_firebase_auth_show_success_message();
355 } elseif ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
356 update_option( 'mo_firebase_auth_message', 'Account already exist. Please Login.' );
357 } else {
358 update_option( 'mo_firebase_auth_message', $content['status'] );
359 }
360 $this->mo_firebase_auth_show_success_message();
361
362 } else {
363 update_option( 'mo_firebase_auth_message', 'Passwords do not match.');
364 delete_option('mo_firebase_authentication_verify_customer');
365 $this->mo_firebase_auth_show_error_message();
366 }
367
368 } if( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == "mo_firebase_authentication_goto_login" ) {
369 delete_option( 'mo_firebase_authentication_new_registration' );
370 update_option( 'mo_firebase_authentication_verify_customer', 'true' );
371
372 } if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == 'mo_enable_firebase_auth' && wp_verify_nonce( $_REQUEST['mo_firebase_auth_enable_field'], 'mo_firebase_auth_enable_form' ) ){
373 update_option( 'mo_enable_firebase_auth', isset( $_POST['mo_enable_firebase_auth'] ) ? (int)filter_var( $_POST['mo_enable_firebase_auth'], FILTER_SANITIZE_NUMBER_INT ) : 0 );
374
375 } else if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == 'mo_firebase_auth_contact_us' && isset($_REQUEST['mo_firebase_auth_contact_us_field']) && wp_verify_nonce( $_REQUEST['mo_firebase_auth_contact_us_field'], 'mo_firebase_auth_contact_us_form' ) ) {
376 $email = isset( $_POST['mo_firebase_auth_contact_us_email'] ) ? sanitize_email( $_POST['mo_firebase_auth_contact_us_email'] ) : "";
377 $phone = "+ ".preg_replace( '/[^0-9]/', '', $_POST['mo_firebase_auth_contact_us_phone'] );
378 //$phone = sanitize_textarea_field($_POST['mo_firebase_auth_contact_us_phone']);
379 $query = isset( $_POST['mo_firebase_auth_contact_us_query'] ) ? sanitize_textarea_field( $_POST['mo_firebase_auth_contact_us_query'] ) : "";
380 if ( $this->mo_firebase_authentication_check_empty_or_null( $email ) || $this->mo_firebase_authentication_check_empty_or_null( $query ) ) {
381 echo '<br><b style=color:red>Please fill up Email and Query fields to submit your query.</b>';
382 } else {
383 $contact_us = new MO_Firebase_contact_us();
384 $submited = $contact_us->mo_firebase_auth_contact_us( $email, $phone, $query );
385 if ( $submited == false ) {
386 update_option( 'mo_firebase_auth_message', 'Your query could not be submitted. Please try again.' );
387 $this->mo_firebase_auth_show_error_message();
388 } else {
389 update_option( 'mo_firebase_auth_message', 'Thanks for getting in touch! We shall get back to you shortly.' );
390 $this->mo_firebase_auth_show_success_message();
391 }
392 }
393
394 } else if( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == "mo_firebase_authentication_verify_customer" ) {//register the admin to miniOrange
395 //validation and sanitization
396 $email = '';
397 $password = '';
398 if( $this->mo_firebase_authentication_check_empty_or_null( $_POST['email'] ) || $this->mo_firebase_authentication_check_empty_or_null( $_POST['password'] ) ) {
399 update_option( 'mo_firebase_auth_message', 'All the fields are required. Please enter valid entries.');
400 $this->mo_firebase_auth_show_error_message();
401 return;
402 } else{
403 $email = sanitize_email( $_POST['email'] );
404 $password = stripslashes( $_POST['password'] );
405 }
406
407 update_option( 'mo_firebase_authentication_admin_email', $email );
408 update_option( 'password', $password );
409 $customer = new MO_Firebase_Customer();
410 $content = $customer->mo_firebase_auth_get_customer_key();
411 $customerKey = json_decode( $content, true );
412 if( json_last_error() == JSON_ERROR_NONE ) {
413 update_option( 'mo_firebase_authentication_admin_customer_key', $customerKey['id'] );
414 update_option( 'mo_firebase_authentication_admin_api_key', $customerKey['apiKey'] );
415 update_option( 'mo_firebase_authentication_customer_token', $customerKey['token'] );
416 if( isset( $customerKey['phone'] ) )
417 update_option( 'mo_firebase_authentication_admin_phone', $customerKey['phone'] );
418 delete_option( 'password' );
419 update_option( 'mo_firebase_auth_message', 'Customer retrieved successfully');
420 delete_option( 'mo_firebase_authentication_verify_customer' );
421 $this->mo_firebase_auth_show_success_message();
422 } else {
423 update_option( 'mo_firebase_auth_message', 'Invalid username or password. Please try again.');
424 $this->mo_firebase_auth_show_error_message();
425 }
426
427 } else if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == 'mo_firebase_auth_skip_feedback' ) {
428 deactivate_plugins( __FILE__ );
429 update_option( 'mo_firebase_auth_message', 'Plugin deactivated successfully' );
430 $this->mo_firebase_auth_show_success_message();
431
432 } else if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == 'mo_firebase_auth_feedback' && isset($_REQUEST['mo_firebase_auth_feedback_field']) && wp_verify_nonce( $_REQUEST['mo_firebase_auth_feedback_field'], 'mo_firebase_auth_feedback_form' ) ) {
433 $user = wp_get_current_user();
434 $message = 'Plugin Deactivated:';
435 $deactivate_reason = array_key_exists( 'deactivate_reason_radio', $_POST ) ? $_POST['deactivate_reason_radio'] : false;
436 $deactivate_reason_message = array_key_exists( 'query_feedback', $_POST ) ? $_POST['query_feedback'] : false;
437 if ( $deactivate_reason ) {
438 $message .= $deactivate_reason;
439 if ( isset( $deactivate_reason_message ) ) {
440 $message .= ':' . $deactivate_reason_message;
441 }
442
443 $email = $user->user_email;
444 $contact_us = new MO_Firebase_contact_us();
445 $submited = json_decode( $contact_us->mo_firebase_auth_send_email_alert( $email, $message, "Feedback: WordPress Firebase Authentication" ), true );
446 deactivate_plugins( __FILE__ );
447 update_option( 'mo_firebase_auth_message', 'Thank you for the feedback.' );
448 $this->mo_firebase_auth_show_success_message();
449
450 } else {
451 update_option( 'mo_firebase_auth_message', 'Please Select one of the reasons ,if your reason is not mentioned please select Other Reasons' );
452 $this->mo_firebase_auth_show_error_message();
453 }
454 }
455 }
456 }
457
458 }
459
460 $mo_firebase_authentication_obj = new mo_firebase_authentication_login();