PluginProbe ʕ •ᴥ•ʔ
Firebase Authentication / 1.3.7
Firebase Authentication v1.3.7
trunk 1.0.0 1.1.1 1.1.2 1.1.3 1.1.4 1.2.0 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.8 1.5.0 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.5.9 1.6.0 1.6.1 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.6.9
firebase-authentication / firebase-authentication.php
firebase-authentication Last commit date
admin 5 years ago includes 5 years ago js 5 years ago languages 5 years ago public 5 years ago views 5 years ago README.txt 5 years ago class-contact-us.php 5 years ago class-mo-firebase-config.php 5 years ago firebase-authentication.php 5 years ago index.php 5 years ago uninstall.php 5 years ago
firebase-authentication.php
466 lines
1 <?php
2
3
4 /**
5 *
6 * @link https://miniorange.com
7 * @since 1.0.0
8 * @package Firebase_Authentication
9 *
10 * @wordpress-plugin
11 * Plugin Name: Firebase Authentication
12 * Plugin URI: firebase-authentication
13 * Description: This plugin allows login into Wordpress using Firebase as Identity provider.
14 * Version: 1.3.7
15 * Author: miniOrange
16 * Author URI: https://miniorange.com
17 * License: MIT/Expat
18 */
19
20
21 // If this file is called directly, abort.
22 if ( ! defined( 'WPINC' ) ) {
23 die;
24 }
25
26 /**
27 * Currently plugin version.
28 * Start at version 1.0.0 and use SemVer - https://semver.org
29 * Rename this for your plugin and update it as you release new versions.
30 */
31 define( 'MO_FIREBASE_AUTHENTICATION_VERSION', '1.3.7' );
32
33 /**
34 * The code that runs during plugin activation.
35 * This action is documented in includes/class-firebase-authentication-activator.php
36 */
37 function mo_firebase_activate_firebase_authentication() {
38 require_once plugin_dir_path( __FILE__ ) . 'includes/class-firebase-authentication-activator.php';
39 MO_Firebase_Authentication_Activator::activate();
40 }
41
42 /**
43 * The code that runs during plugin deactivation.
44 * This action is documented in includes/class-firebase-authentication-deactivator.php
45 */
46 function mo_firebase_deactivate_firebase_authentication() {
47 require_once plugin_dir_path( __FILE__ ) . 'includes/class-firebase-authentication-deactivator.php';
48 MO_Firebase_Authentication_Deactivator::deactivate();
49 }
50
51 register_activation_hook( __FILE__, 'mo_firebase_activate_firebase_authentication' );
52 register_deactivation_hook( __FILE__, 'mo_firebase_deactivate_firebase_authentication' );
53
54 /**
55 * The core plugin class that is used to define internationalization,
56 * admin-specific hooks, and public-facing site hooks.
57 */
58 require plugin_dir_path( __FILE__ ) . 'includes/class-firebase-authentication.php';
59 require_once 'class-mo-firebase-config.php';
60 require('views/feedback_form.php');
61 require('class-contact-us.php');
62 require('admin/class-firebase-authentication-customer.php');
63
64
65 /**
66 * Begins execution of the plugin.
67 *
68 * Since everything within the plugin is registered via hooks,
69 * then kicking off the plugin from this point in the file does
70 * not affect the page life cycle.
71 *
72 * @since 1.0.0
73 */
74 function mo_firebase_run_firebase_authentication() {
75
76 $plugin = new MO_Firebase_Authentication();
77 $plugin->run();
78
79 }
80 mo_firebase_run_firebase_authentication();
81
82 function mo_firebase_authentication_is_customer_registered() {
83 $email = get_option('mo_firebase_authentication_admin_email');
84 // $phone = get_option('mo_firebase_authentication_admin_phone');
85 $customerKey = get_option('mo_firebase_authentication_admin_customer_key');
86 // if( ! $email || ! $phone || ! $customerKey || ! is_numeric( trim( $customerKey ) ) ) {
87 if( ! $email || ! $customerKey || ! is_numeric( trim( $customerKey ) ) ) {
88
89 return 0;
90 } else {
91 return 1;
92 }
93 }
94 function mo_firebase_authentication_is_clv() {
95 $licenseKey = get_option('mo_firebase_authentication_lk');
96 $isverified = get_option('mo_firebase_authentication_lv');
97 if($isverified)
98 $isverified = mo_firebase_authentication_decrypt($isverified);
99
100 if(!empty($licenseKey) && $isverified=="true") {
101 return 1;
102 }
103 return 0;
104 }
105
106 function mo_firebase_authentication_encrypt($str){
107 $pass = get_option("mo_firebase_authentication_customer_token");
108 $pass = str_split(str_pad('', strlen($str), $pass, STR_PAD_RIGHT));
109 $stra = str_split($str);
110 foreach($stra as $k=>$v){
111 $tmp = ord($v)+ord($pass[$k]);
112 $stra[$k] = chr( $tmp > 255 ?($tmp-256):$tmp);
113 }
114 return base64_encode(join('', $stra));
115 }
116
117 function mo_firebase_authentication_decrypt($str){
118 $str = base64_decode($str);
119 $pass = get_option("mo_firebase_authentication_customer_token");
120 $pass = str_split(str_pad('', strlen($str), $pass, STR_PAD_RIGHT));
121 $stra = str_split($str);
122 foreach($stra as $k=>$v){
123 $tmp = ord($v)-ord($pass[$k]);
124 $stra[$k] = chr( $tmp < 0 ?($tmp+256):$tmp);
125 }
126 return join('', $stra);
127 }
128
129
130 class mo_firebase_authentication_login {
131 function __construct() {
132 add_action( 'init', array( $this, 'postResgiter' ) );
133 add_action( 'admin_init', array( $this, 'mo_firebase_auth_deactivate' ) );
134 if ( get_option( 'mo_enable_firebase_auth' ) == 1 ) {
135 if ( strpos( $_SERVER['REQUEST_URI'], '/wp-json' ) === false ) {
136 remove_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 );
137 remove_filter( 'authenticate', 'wp_authenticate_email_password', 20, 3 );
138 add_filter( 'authenticate', array( $this, 'mo_firebase_auth' ), 0, 3 );
139 }
140 }
141 remove_action( 'admin_notices', array( $this, 'mo_firebase_auth_success_message') );
142 remove_action( 'admin_notices', array( $this, 'mo_firebase_auth_error_message') );
143 add_action( 'admin_footer', array( $this, 'mo_firebase_auth_feedback_request' ) );
144 update_option( 'host_name', 'https://login.xecurify.com' );
145 }
146
147 function postResgiter() {
148 if ( isset( $_POST['verify_user'] ) && isset( $_REQUEST['page'] ) && sanitize_text_field( wp_unslash( $_REQUEST['page'] ) ) == 'mo_firebase_authentication' && wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['mo_firebase_auth_config_field'] ) ), 'mo_firebase_auth_config_form' ) ) {
149
150 if( current_user_can( 'administrator' ) ) {
151 update_option( 'mo_firebase_auth_disable_wordpress_login', isset( $_POST['disable_wordpress_login'] ) ? (int)filter_var( $_POST['disable_wordpress_login'], FILTER_SANITIZE_NUMBER_INT ) : 0 );
152
153 update_option('mo_firebase_auth_enable_admin_wp_login', isset($_POST['mo_firebase_auth_enable_admin_wp_login']) ? $_POST['mo_firebase_auth_enable_admin_wp_login'] : 0);
154
155 $project_id = isset( $_POST['projectid'] ) ? sanitize_text_field( $_POST['projectid'] ) : '';
156 update_option( 'mo_firebase_auth_project_id', $project_id );
157
158 $api_key = isset( $_POST['apikey'] ) ? sanitize_text_field( $_POST['apikey'] ) : '';
159 update_option( 'mo_firebase_auth_api_key', $api_key );
160
161 $this->mo_firebase_auth_store_certificates();
162 update_option( 'mo_firebase_auth_message', 'Configurations saved successfully. Please <a href="' . admin_url( 'admin.php?page=mo_firebase_authentication&tab=config#test_authentication' ) .'">Test Authentication</a> before trying to Login.');
163 $this->mo_firebase_auth_show_success_message();
164 }
165 }
166 }
167
168 function mo_firebase_auth_store_certificates(){
169 $response = wp_remote_get( 'https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com' );
170 if ( is_array( $response ) ) {
171 $header = $response['headers']; // array of http header lines
172 $body = $response['body']; // use the content
173
174 $split_result = explode( ":", $body );
175 $count = count( $split_result );
176 $kid1 = substr( $split_result[0], 5, 40 );
177 $s = explode( ",", $split_result[1] );
178 $c1 = substr( $s[0], 2, 1158 );
179 $c1 = str_replace( '\n', '', $c1 );
180 update_option( 'mo_firebase_auth_kid1', $kid1 );
181 update_option( 'mo_firebase_auth_cert1', $c1 );
182 if( $count == 3 ) {
183 $kid2 = substr( $s[1], 4, 40 );
184 $c2 = explode( "}", $split_result[2] );
185 $c2[0] = substr( $c2[0], 2, 1158 );
186 $c2[0] = str_replace( '\n', '', $c2[0] );
187 update_option( 'mo_firebase_auth_kid2', $kid2 );
188 update_option( 'mo_firebase_auth_cert2', $c2[0] );
189 } else if ( $count > 3) {
190 $kid2 = substr( $s[1], 4, 40 );
191 $s2 = explode( ",", $split_result[2] );
192 $c2 = substr( $s2[0], 2, 1158 );
193 $kid3 = substr( $s2[1], 4, 40 );
194 $c3 = explode( "}", $split_result[3] );
195 $c3[0] = substr( $c3[0], 2, 1158 );
196 $c2 = str_replace( '\n', '', $c2 );
197 update_option( 'mo_firebase_auth_kid2', $kid2 );
198 update_option( 'mo_firebase_auth_cert2', $c2 );
199 $c3[0] = str_replace( '\n', '', $c3[0] );
200 update_option( 'mo_firebase_auth_kid3', $kid3 );
201 update_option( 'mo_firebase_auth_cert3', $c3[0] );
202 }
203 }
204 }
205
206
207 function mo_firebase_auth( $user, $username, $password ) {
208 if( "POST" !== sanitize_text_field( wp_unslash( $_SERVER['REQUEST_METHOD'] ) ) ) {
209 return $user;
210 }
211
212 if ( empty( $username ) || empty ( $password ) ) {
213
214 $error = new WP_Error();
215
216 if( isset( $_POST['fb_error_msg'] ) ) {
217 $error_msg = esc_html( wp_unslash( $_POST['fb_error_msg'] ) );
218 if (strpos($error_msg, 'API key not valid. Please pass a valid API key.') !== false) {
219 $error_msg = "API key not valid. Please pass a valid API key.";
220 }
221 $error->add( 'firebase_error_msg', __( '<strong>ERROR</strong>: '.$error_msg ) );
222 }
223
224 //create new error object and add errors to it.
225 else if ( empty( $username ) ) { //No email
226 $error->add( 'empty_username', __( '<strong>ERROR</strong>: Email field is empty.' ) );
227 }
228
229 else if ( empty( $password ) ) { //No password
230 $error->add( 'empty_password', __( '<strong>ERROR</strong>: Password field is empty.' ) );
231 }
232 return $error;
233 }
234 if ( get_option( 'mo_firebase_auth_disable_wordpress_login' ) == false ) {
235 $user = get_user_by( "login", $username );
236 if ( !$user ) {
237 $user = get_user_by( "email", $username );
238 }
239 if ( $user && wp_check_password( $password, $user->data->user_pass, $user->ID ) ) {
240 return $user;
241 }
242 }
243 else if ( get_option( 'mo_firebase_auth_enable_admin_wp_login' ) ) {
244 $user = get_user_by( "login", $username );
245 if ( !$user ) {
246 $user = get_user_by( "email", $username );
247 }
248 if ( $user && $this->is_administrator_user( $user ) ) {
249 if ( wp_check_password( $password, $user->data->user_pass, $user->ID ) ) {
250 return $user;
251 }
252 }
253 }
254 }
255
256 function mo_firebase_auth_success_message() {
257 $class = "error";
258 $message = get_option('mo_firebase_auth_message');
259 echo "<div class='" . $class . "'> <p>" . $message . "</p></div>";
260 }
261
262 function mo_firebase_auth_error_message() {
263 $class = "updated";
264 $message = get_option('mo_firebase_auth_message');
265 echo "<div class='" . $class . "'><p>" . $message . "</p></div>";
266 }
267
268 function is_administrator_user( $user ) {
269 $userRole = ( $user->roles );
270 if ( ! is_null( $userRole ) && in_array( 'administrator' , $userRole ) ) {
271 return true;
272 }
273 else {
274 return false;
275 }
276 }
277
278 private function mo_firebase_auth_show_success_message() {
279 remove_action( 'admin_notices', array( $this, 'mo_firebase_auth_success_message') );
280 add_action( 'admin_notices', array( $this, 'mo_firebase_auth_error_message') );
281 }
282
283 private function mo_firebase_auth_show_error_message() {
284 remove_action( 'admin_notices', array( $this, 'mo_firebase_auth_error_message') );
285 add_action( 'admin_notices', array( $this, 'mo_firebase_auth_success_message') );
286 }
287
288 function mo_firebase_auth_feedback_request() {
289 mo_firebase_auth_display_feedback_form();
290 }
291
292 private function mo_firebase_authentication_check_empty_or_null( $value ) {
293 if( ! isset( $value ) || empty( $value ) ) {
294 return true;
295 }
296 return false;
297 }
298
299 function mo_firebase_auth_deactivate(){
300
301 if ( isset( $_POST['option'] ) ) {
302
303 if( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == "mo_firebase_authentication_change_email" ) {
304 //Adding back button
305 update_option('mo_firebase_authentication_verify_customer', '');
306 update_option('mo_firebase_authentication_registration_status','');
307 update_option('mo_firebase_authentication_new_registration','true');
308 }
309
310 if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == "change_miniorange" ) {
311 require_once plugin_dir_path( __FILE__ ) . 'includes/class-firebase-authentication-deactivator.php';
312 MO_Firebase_Authentication_Deactivator::deactivate();
313 return;
314 }
315
316 if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == "mo_firebase_authentication_register_customer" ) { //register the admin to miniOrange
317 //validation and sanitization
318 $email = '';
319 $phone = '';
320 $password = '';
321 $confirmPassword = '';
322 $fname = '';
323 $lname = '';
324 $company = '';
325 if ( $this->mo_firebase_authentication_check_empty_or_null( $_POST['email'] ) || $this->mo_firebase_authentication_check_empty_or_null( $_POST['password'] ) || $this->mo_firebase_authentication_check_empty_or_null( $_POST['confirmPassword'] ) ) {
326 update_option( 'mo_firebase_auth_message', 'All the fields are required. Please enter valid entries.');
327 $this->mo_firebase_auth_show_error_message();
328 return;
329 } else if ( strlen( $_POST['password'] ) < 8 || strlen( $_POST['confirmPassword'] ) < 8) {
330 update_option( 'mo_firebase_auth_message', 'Choose a password with minimum length 8.');
331 $this->mo_firebase_auth_show_error_message();
332 return;
333 } else {
334 $email = sanitize_email( $_POST['email'] );
335 $phone = stripslashes( $_POST['phone'] );
336 $password = stripslashes( $_POST['password'] );
337 $confirmPassword = stripslashes( $_POST['confirmPassword'] );
338 $fname = stripslashes( $_POST['fname'] );
339 $lname = stripslashes( $_POST['lname' ] );
340 $company = stripslashes( $_POST['company'] );
341 }
342
343 update_option( 'mo_firebase_authentication_admin_email', $email );
344 update_option( 'mo_firebase_authentication_admin_phone', $phone );
345 update_option( 'mo_firebase_authentication_admin_fname', $fname );
346 update_option( 'mo_firebase_authentication_admin_lname', $lname );
347 update_option( 'mo_firebase_authentication_admin_company', $company );
348
349 if ( strcmp( $password, $confirmPassword) == 0 ) {
350 update_option( 'password', $password );
351 $customer = new MO_Firebase_Customer();
352 $email = get_option('mo_firebase_authentication_admin_email');
353 $content = json_decode( $customer->check_customer(), true );
354
355 if ( strcasecmp( $content['status'], 'CUSTOMER_NOT_FOUND') == 0 ) {
356 $response = json_decode( $customer->create_customer(), true );
357 if ( strcasecmp( $response['status'], 'SUCCESS' ) != 0 ) {
358 update_option( 'mo_firebase_auth_message', 'Failed to create customer. Try again.' );
359 }
360 $this->mo_firebase_auth_show_success_message();
361 } elseif ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
362 update_option( 'mo_firebase_auth_message', 'Account already exist. Please Login.' );
363 } else {
364 update_option( 'mo_firebase_auth_message', $content['status'] );
365 }
366 $this->mo_firebase_auth_show_success_message();
367
368 } else {
369 update_option( 'mo_firebase_auth_message', 'Passwords do not match.');
370 delete_option('mo_firebase_authentication_verify_customer');
371 $this->mo_firebase_auth_show_error_message();
372 }
373
374 } if( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == "mo_firebase_authentication_goto_login" ) {
375 delete_option( 'mo_firebase_authentication_new_registration' );
376 update_option( 'mo_firebase_authentication_verify_customer', 'true' );
377
378 } if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == 'mo_enable_firebase_auth' && wp_verify_nonce( $_REQUEST['mo_firebase_auth_enable_field'], 'mo_firebase_auth_enable_form' ) ){
379 update_option( 'mo_enable_firebase_auth', isset( $_POST['mo_enable_firebase_auth'] ) ? (int)filter_var( $_POST['mo_enable_firebase_auth'], FILTER_SANITIZE_NUMBER_INT ) : 0 );
380
381 } else if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == 'mo_firebase_auth_contact_us' && isset($_REQUEST['mo_firebase_auth_contact_us_field']) && wp_verify_nonce( $_REQUEST['mo_firebase_auth_contact_us_field'], 'mo_firebase_auth_contact_us_form' ) ) {
382 $email = isset( $_POST['mo_firebase_auth_contact_us_email'] ) ? sanitize_email( $_POST['mo_firebase_auth_contact_us_email'] ) : "";
383 $phone = "+ ".preg_replace( '/[^0-9]/', '', $_POST['mo_firebase_auth_contact_us_phone'] );
384 //$phone = sanitize_textarea_field($_POST['mo_firebase_auth_contact_us_phone']);
385 $query = isset( $_POST['mo_firebase_auth_contact_us_query'] ) ? sanitize_textarea_field( $_POST['mo_firebase_auth_contact_us_query'] ) : "";
386 if ( $this->mo_firebase_authentication_check_empty_or_null( $email ) || $this->mo_firebase_authentication_check_empty_or_null( $query ) ) {
387 echo '<br><b style=color:red>Please fill up Email and Query fields to submit your query.</b>';
388 } else {
389 $contact_us = new MO_Firebase_contact_us();
390 $submited = $contact_us->mo_firebase_auth_contact_us( $email, $phone, $query );
391 if ( $submited == false ) {
392 update_option( 'mo_firebase_auth_message', 'Your query could not be submitted. Please try again.' );
393 $this->mo_firebase_auth_show_error_message();
394 } else {
395 update_option( 'mo_firebase_auth_message', 'Thanks for getting in touch! We shall get back to you shortly.' );
396 $this->mo_firebase_auth_show_success_message();
397 }
398 }
399
400 } else if( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == "mo_firebase_authentication_verify_customer" ) {//register the admin to miniOrange
401 //validation and sanitization
402 $email = '';
403 $password = '';
404 if( $this->mo_firebase_authentication_check_empty_or_null( $_POST['email'] ) || $this->mo_firebase_authentication_check_empty_or_null( $_POST['password'] ) ) {
405 update_option( 'mo_firebase_auth_message', 'All the fields are required. Please enter valid entries.');
406 $this->mo_firebase_auth_show_error_message();
407 return;
408 } else{
409 $email = sanitize_email( $_POST['email'] );
410 $password = stripslashes( $_POST['password'] );
411 }
412
413 update_option( 'mo_firebase_authentication_admin_email', $email );
414 update_option( 'password', $password );
415 $customer = new MO_Firebase_Customer();
416 $content = $customer->mo_firebase_auth_get_customer_key();
417 $customerKey = json_decode( $content, true );
418 if( json_last_error() == JSON_ERROR_NONE ) {
419 update_option( 'mo_firebase_authentication_admin_customer_key', $customerKey['id'] );
420 update_option( 'mo_firebase_authentication_admin_api_key', $customerKey['apiKey'] );
421 update_option( 'mo_firebase_authentication_customer_token', $customerKey['token'] );
422 if( isset( $customerKey['phone'] ) )
423 update_option( 'mo_firebase_authentication_admin_phone', $customerKey['phone'] );
424 delete_option( 'password' );
425 update_option( 'mo_firebase_auth_message', 'Customer retrieved successfully');
426 delete_option( 'mo_firebase_authentication_verify_customer' );
427 $this->mo_firebase_auth_show_success_message();
428 } else {
429 update_option( 'mo_firebase_auth_message', 'Invalid username or password. Please try again.');
430 $this->mo_firebase_auth_show_error_message();
431 }
432
433 } else if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == 'mo_firebase_auth_skip_feedback' ) {
434 deactivate_plugins( __FILE__ );
435 update_option( 'mo_firebase_auth_message', 'Plugin deactivated successfully' );
436 $this->mo_firebase_auth_show_success_message();
437
438 } else if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == 'mo_firebase_auth_feedback' && isset($_REQUEST['mo_firebase_auth_feedback_field']) && wp_verify_nonce( $_REQUEST['mo_firebase_auth_feedback_field'], 'mo_firebase_auth_feedback_form' ) ) {
439 $user = wp_get_current_user();
440 $message = 'Plugin Deactivated:';
441 $deactivate_reason = array_key_exists( 'deactivate_reason_radio', $_POST ) ? $_POST['deactivate_reason_radio'] : false;
442 $deactivate_reason_message = array_key_exists( 'query_feedback', $_POST ) ? $_POST['query_feedback'] : false;
443 if ( $deactivate_reason ) {
444 $message .= $deactivate_reason;
445 if ( isset( $deactivate_reason_message ) ) {
446 $message .= ':' . $deactivate_reason_message;
447 }
448
449 $email = $user->user_email;
450 $contact_us = new MO_Firebase_contact_us();
451 $submited = json_decode( $contact_us->mo_firebase_auth_send_email_alert( $email, $message, "Feedback: WordPress Firebase Authentication" ), true );
452 deactivate_plugins( __FILE__ );
453 update_option( 'mo_firebase_auth_message', 'Thank you for the feedback.' );
454 $this->mo_firebase_auth_show_success_message();
455
456 } else {
457 update_option( 'mo_firebase_auth_message', 'Please Select one of the reasons ,if your reason is not mentioned please select Other Reasons' );
458 $this->mo_firebase_auth_show_error_message();
459 }
460 }
461 }
462 }
463
464 }
465
466 $mo_firebase_authentication_obj = new mo_firebase_authentication_login();