PluginProbe ʕ •ᴥ•ʔ
Firebase Authentication / 1.4.3
Firebase Authentication v1.4.3
trunk 1.0.0 1.1.1 1.1.2 1.1.3 1.1.4 1.2.0 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.8 1.5.0 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.5.9 1.6.0 1.6.1 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.6.9
firebase-authentication / firebase-authentication.php
firebase-authentication Last commit date
admin 5 years ago includes 5 years ago js 5 years ago languages 5 years ago public 5 years ago views 5 years ago README.txt 5 years ago class-contact-us.php 5 years ago class-mo-firebase-config.php 5 years ago firebase-authentication.php 5 years ago index.php 5 years ago uninstall.php 5 years ago
firebase-authentication.php
472 lines
1 <?php
2
3
4 /**
5 *
6 * @link https://miniorange.com
7 * @since 1.0.0
8 * @package Firebase_Authentication
9 *
10 * @wordpress-plugin
11 * Plugin Name: Firebase Authentication
12 * Plugin URI: firebase-authentication
13 * Description: This plugin allows login into Wordpress using Firebase as Identity provider.
14 * Version: 1.4.3
15 * Author: miniOrange
16 * Author URI: https://miniorange.com
17 * License: MIT/Expat
18 */
19
20
21 // If this file is called directly, abort.
22 if ( ! defined( 'WPINC' ) ) {
23 die;
24 }
25
26 /**
27 * Currently plugin version.
28 * Start at version 1.0.0 and use SemVer - https://semver.org
29 * Rename this for your plugin and update it as you release new versions.
30 */
31 define( 'MO_FIREBASE_AUTHENTICATION_VERSION', '1.4.3' );
32
33 /**
34 * The code that runs during plugin activation.
35 * This action is documented in includes/class-firebase-authentication-activator.php
36 */
37 function mo_firebase_activate_firebase_authentication() {
38 require_once plugin_dir_path( __FILE__ ) . 'includes/class-firebase-authentication-activator.php';
39 MO_Firebase_Authentication_Activator::activate();
40 }
41
42 /**
43 * The code that runs during plugin deactivation.
44 * This action is documented in includes/class-firebase-authentication-deactivator.php
45 */
46 function mo_firebase_deactivate_firebase_authentication() {
47 require_once plugin_dir_path( __FILE__ ) . 'includes/class-firebase-authentication-deactivator.php';
48 MO_Firebase_Authentication_Deactivator::deactivate();
49 }
50
51 register_activation_hook( __FILE__, 'mo_firebase_activate_firebase_authentication' );
52 register_deactivation_hook( __FILE__, 'mo_firebase_deactivate_firebase_authentication' );
53
54 /**
55 * The core plugin class that is used to define internationalization,
56 * admin-specific hooks, and public-facing site hooks.
57 */
58 require plugin_dir_path( __FILE__ ) . 'includes/class-firebase-authentication.php';
59 require_once 'class-mo-firebase-config.php';
60 require('views/feedback_form.php');
61 require('class-contact-us.php');
62 require('admin/class-firebase-authentication-customer.php');
63
64
65 /**
66 * Begins execution of the plugin.
67 *
68 * Since everything within the plugin is registered via hooks,
69 * then kicking off the plugin from this point in the file does
70 * not affect the page life cycle.
71 *
72 * @since 1.0.0
73 */
74 function mo_firebase_run_firebase_authentication() {
75
76 $plugin = new MO_Firebase_Authentication();
77 $plugin->run();
78
79 }
80 mo_firebase_run_firebase_authentication();
81
82 function mo_firebase_authentication_is_customer_registered() {
83 $email = get_option('mo_firebase_authentication_admin_email');
84 // $phone = get_option('mo_firebase_authentication_admin_phone');
85 $customerKey = get_option('mo_firebase_authentication_admin_customer_key');
86 // if( ! $email || ! $phone || ! $customerKey || ! is_numeric( trim( $customerKey ) ) ) {
87 if( ! $email || ! $customerKey || ! is_numeric( trim( $customerKey ) ) ) {
88
89 return 0;
90 } else {
91 return 1;
92 }
93 }
94 function mo_firebase_authentication_is_clv() {
95 $licenseKey = get_option('mo_firebase_authentication_lk');
96 $isverified = get_option('mo_firebase_authentication_lv');
97 if($isverified)
98 $isverified = mo_firebase_authentication_decrypt($isverified);
99
100 if(!empty($licenseKey) && $isverified=="true") {
101 return 1;
102 }
103 return 0;
104 }
105
106 function mo_firebase_authentication_encrypt($str){
107 $pass = get_option("mo_firebase_authentication_customer_token");
108 $pass = str_split(str_pad('', strlen($str), $pass, STR_PAD_RIGHT));
109 $stra = str_split($str);
110 foreach($stra as $k=>$v){
111 $tmp = ord($v)+ord($pass[$k]);
112 $stra[$k] = chr( $tmp > 255 ?($tmp-256):$tmp);
113 }
114 return base64_encode(join('', $stra));
115 }
116
117 function mo_firebase_authentication_decrypt($str){
118 $str = base64_decode($str);
119 $pass = get_option("mo_firebase_authentication_customer_token");
120 $pass = str_split(str_pad('', strlen($str), $pass, STR_PAD_RIGHT));
121 $stra = str_split($str);
122 foreach($stra as $k=>$v){
123 $tmp = ord($v)-ord($pass[$k]);
124 $stra[$k] = chr( $tmp < 0 ?($tmp+256):$tmp);
125 }
126 return join('', $stra);
127 }
128
129
130 class mo_firebase_authentication_login {
131 function __construct() {
132 add_action( 'init', array( $this, 'postResgiter' ) );
133 add_action( 'admin_init', array( $this, 'mo_firebase_auth_deactivate' ) );
134 if ( get_option( 'mo_enable_firebase_auth' ) == 1 ) {
135 if ( strpos( $_SERVER['REQUEST_URI'], '/wp-json' ) === false ) {
136 remove_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 );
137 remove_filter( 'authenticate', 'wp_authenticate_email_password', 20, 3 );
138 add_filter( 'authenticate', array( $this, 'mo_firebase_auth' ), 0, 3 );
139 }
140 }
141 remove_action( 'admin_notices', array( $this, 'mo_firebase_auth_success_message') );
142 remove_action( 'admin_notices', array( $this, 'mo_firebase_auth_error_message') );
143 add_action( 'admin_footer', array( $this, 'mo_firebase_auth_feedback_request' ) );
144 update_option( 'host_name', 'https://login.xecurify.com' );
145 }
146
147 function postResgiter() {
148 if ( isset( $_POST['verify_user'] ) && isset( $_REQUEST['page'] ) && sanitize_text_field( wp_unslash( $_REQUEST['page'] ) ) == 'mo_firebase_authentication' && wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['mo_firebase_auth_config_field'] ) ), 'mo_firebase_auth_config_form' ) ) {
149
150 if( current_user_can( 'administrator' ) ) {
151 update_option( 'mo_firebase_auth_disable_wordpress_login', isset( $_POST['disable_wordpress_login'] ) ? (int)filter_var( $_POST['disable_wordpress_login'], FILTER_SANITIZE_NUMBER_INT ) : 0 );
152
153 update_option('mo_firebase_auth_enable_admin_wp_login', isset($_POST['mo_firebase_auth_enable_admin_wp_login']) ? $_POST['mo_firebase_auth_enable_admin_wp_login'] : 0);
154
155 $project_id = isset( $_POST['projectid'] ) ? sanitize_text_field( $_POST['projectid'] ) : '';
156 update_option( 'mo_firebase_auth_project_id', $project_id );
157
158 $api_key = isset( $_POST['apikey'] ) ? sanitize_text_field( $_POST['apikey'] ) : '';
159 update_option( 'mo_firebase_auth_api_key', $api_key );
160
161 $this->mo_firebase_auth_store_certificates();
162 update_option( 'mo_firebase_auth_message', 'Configurations saved successfully. Please <a href="' . admin_url( 'admin.php?page=mo_firebase_authentication&tab=config#test_authentication' ) .'">Test Authentication</a> before trying to Login.');
163 $this->mo_firebase_auth_show_success_message();
164 }
165 }
166 }
167
168 function mo_firebase_auth_store_certificates(){
169 $response = wp_remote_get( 'https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com' );
170 if ( is_array( $response ) ) {
171 $header = $response['headers']; // array of http header lines
172 $body = $response['body']; // use the content
173
174 $split_result = explode( ":", $body );
175 $count = count( $split_result );
176 $kid1 = substr( $split_result[0], 5, 40 );
177 $s = explode( ",", $split_result[1] );
178 $c1 = substr( $s[0], 2, 1158 );
179 $c1 = str_replace( '\n', '', $c1 );
180 update_option( 'mo_firebase_auth_kid1', $kid1 );
181 update_option( 'mo_firebase_auth_cert1', $c1 );
182 if( $count == 3 ) {
183 $kid2 = substr( $s[1], 4, 40 );
184 $c2 = explode( "}", $split_result[2] );
185 $c2[0] = substr( $c2[0], 2, 1158 );
186 $c2[0] = str_replace( '\n', '', $c2[0] );
187 update_option( 'mo_firebase_auth_kid2', $kid2 );
188 update_option( 'mo_firebase_auth_cert2', $c2[0] );
189 } else if ( $count > 3) {
190 $kid2 = substr( $s[1], 4, 40 );
191 $s2 = explode( ",", $split_result[2] );
192 $c2 = substr( $s2[0], 2, 1158 );
193 $kid3 = substr( $s2[1], 4, 40 );
194 $c3 = explode( "}", $split_result[3] );
195 $c3[0] = substr( $c3[0], 2, 1158 );
196 $c2 = str_replace( '\n', '', $c2 );
197 update_option( 'mo_firebase_auth_kid2', $kid2 );
198 update_option( 'mo_firebase_auth_cert2', $c2 );
199 $c3[0] = str_replace( '\n', '', $c3[0] );
200 update_option( 'mo_firebase_auth_kid3', $kid3 );
201 update_option( 'mo_firebase_auth_cert3', $c3[0] );
202 }
203 } else {
204 if ( is_wp_error( $response ) ) {
205 $error_message = $response->get_error_message();
206 echo "Something went wrong: $error_message";
207 exit();
208 }
209 }
210 }
211
212
213 function mo_firebase_auth( $user, $username, $password ) {
214 if( "POST" !== sanitize_text_field( wp_unslash( $_SERVER['REQUEST_METHOD'] ) ) ) {
215 return $user;
216 }
217
218 if ( empty( $username ) || empty ( $password ) ) {
219
220 $error = new WP_Error();
221
222 if( isset( $_POST['fb_error_msg'] ) ) {
223 $error_msg = esc_html( wp_unslash( $_POST['fb_error_msg'] ) );
224 if (strpos($error_msg, 'API key not valid. Please pass a valid API key.') !== false) {
225 $error_msg = "API key not valid. Please pass a valid API key.";
226 }
227 $error->add( 'firebase_error_msg', __( '<strong>ERROR</strong>: '.$error_msg ) );
228 }
229
230 //create new error object and add errors to it.
231 else if ( empty( $username ) ) { //No email
232 $error->add( 'empty_username', __( '<strong>ERROR</strong>: Email field is empty.' ) );
233 }
234
235 else if ( empty( $password ) ) { //No password
236 $error->add( 'empty_password', __( '<strong>ERROR</strong>: Password field is empty.' ) );
237 }
238 return $error;
239 }
240 if ( get_option( 'mo_firebase_auth_disable_wordpress_login' ) == false ) {
241 $user = get_user_by( "login", $username );
242 if ( !$user ) {
243 $user = get_user_by( "email", $username );
244 }
245 if ( $user && wp_check_password( $password, $user->data->user_pass, $user->ID ) ) {
246 return $user;
247 }
248 }
249 else if ( get_option( 'mo_firebase_auth_enable_admin_wp_login' ) ) {
250 $user = get_user_by( "login", $username );
251 if ( !$user ) {
252 $user = get_user_by( "email", $username );
253 }
254 if ( $user && $this->is_administrator_user( $user ) ) {
255 if ( wp_check_password( $password, $user->data->user_pass, $user->ID ) ) {
256 return $user;
257 }
258 }
259 }
260 }
261
262 function mo_firebase_auth_success_message() {
263 $class = "error";
264 $message = get_option('mo_firebase_auth_message');
265 echo "<div class='" . $class . "'> <p>" . $message . "</p></div>";
266 }
267
268 function mo_firebase_auth_error_message() {
269 $class = "updated";
270 $message = get_option('mo_firebase_auth_message');
271 echo "<div class='" . $class . "'><p>" . $message . "</p></div>";
272 }
273
274 function is_administrator_user( $user ) {
275 $userRole = ( $user->roles );
276 if ( ! is_null( $userRole ) && in_array( 'administrator' , $userRole ) ) {
277 return true;
278 }
279 else {
280 return false;
281 }
282 }
283
284 private function mo_firebase_auth_show_success_message() {
285 remove_action( 'admin_notices', array( $this, 'mo_firebase_auth_success_message') );
286 add_action( 'admin_notices', array( $this, 'mo_firebase_auth_error_message') );
287 }
288
289 private function mo_firebase_auth_show_error_message() {
290 remove_action( 'admin_notices', array( $this, 'mo_firebase_auth_error_message') );
291 add_action( 'admin_notices', array( $this, 'mo_firebase_auth_success_message') );
292 }
293
294 function mo_firebase_auth_feedback_request() {
295 mo_firebase_auth_display_feedback_form();
296 }
297
298 private function mo_firebase_authentication_check_empty_or_null( $value ) {
299 if( ! isset( $value ) || empty( $value ) ) {
300 return true;
301 }
302 return false;
303 }
304
305 function mo_firebase_auth_deactivate(){
306
307 if ( isset( $_POST['option'] ) ) {
308
309 if( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == "mo_firebase_authentication_change_email" ) {
310 //Adding back button
311 update_option('mo_firebase_authentication_verify_customer', '');
312 update_option('mo_firebase_authentication_registration_status','');
313 update_option('mo_firebase_authentication_new_registration','true');
314 }
315
316 if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == "change_miniorange" ) {
317 require_once plugin_dir_path( __FILE__ ) . 'includes/class-firebase-authentication-deactivator.php';
318 MO_Firebase_Authentication_Deactivator::deactivate();
319 return;
320 }
321
322 if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == "mo_firebase_authentication_register_customer" ) { //register the admin to miniOrange
323 //validation and sanitization
324 $email = '';
325 $phone = '';
326 $password = '';
327 $confirmPassword = '';
328 $fname = '';
329 $lname = '';
330 $company = '';
331 if ( $this->mo_firebase_authentication_check_empty_or_null( $_POST['email'] ) || $this->mo_firebase_authentication_check_empty_or_null( $_POST['password'] ) || $this->mo_firebase_authentication_check_empty_or_null( $_POST['confirmPassword'] ) ) {
332 update_option( 'mo_firebase_auth_message', 'All the fields are required. Please enter valid entries.');
333 $this->mo_firebase_auth_show_error_message();
334 return;
335 } else if ( strlen( $_POST['password'] ) < 8 || strlen( $_POST['confirmPassword'] ) < 8) {
336 update_option( 'mo_firebase_auth_message', 'Choose a password with minimum length 8.');
337 $this->mo_firebase_auth_show_error_message();
338 return;
339 } else {
340 $email = sanitize_email( $_POST['email'] );
341 $phone = stripslashes( $_POST['phone'] );
342 $password = stripslashes( $_POST['password'] );
343 $confirmPassword = stripslashes( $_POST['confirmPassword'] );
344 $fname = stripslashes( $_POST['fname'] );
345 $lname = stripslashes( $_POST['lname' ] );
346 $company = stripslashes( $_POST['company'] );
347 }
348
349 update_option( 'mo_firebase_authentication_admin_email', $email );
350 update_option( 'mo_firebase_authentication_admin_phone', $phone );
351 update_option( 'mo_firebase_authentication_admin_fname', $fname );
352 update_option( 'mo_firebase_authentication_admin_lname', $lname );
353 update_option( 'mo_firebase_authentication_admin_company', $company );
354
355 if ( strcmp( $password, $confirmPassword) == 0 ) {
356 update_option( 'password', $password );
357 $customer = new MO_Firebase_Customer();
358 $email = get_option('mo_firebase_authentication_admin_email');
359 $content = json_decode( $customer->check_customer(), true );
360
361 if ( strcasecmp( $content['status'], 'CUSTOMER_NOT_FOUND') == 0 ) {
362 $response = json_decode( $customer->create_customer(), true );
363 if ( strcasecmp( $response['status'], 'SUCCESS' ) != 0 ) {
364 update_option( 'mo_firebase_auth_message', 'Failed to create customer. Try again.' );
365 }
366 $this->mo_firebase_auth_show_success_message();
367 } elseif ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
368 update_option( 'mo_firebase_auth_message', 'Account already exist. Please Login.' );
369 } else {
370 update_option( 'mo_firebase_auth_message', $content['status'] );
371 }
372 $this->mo_firebase_auth_show_success_message();
373
374 } else {
375 update_option( 'mo_firebase_auth_message', 'Passwords do not match.');
376 delete_option('mo_firebase_authentication_verify_customer');
377 $this->mo_firebase_auth_show_error_message();
378 }
379
380 } if( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == "mo_firebase_authentication_goto_login" && isset( $_REQUEST['mo_firebase_authentication_goto_login_form_field'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['mo_firebase_authentication_goto_login_form_field'] ) ), 'mo_firebase_authentication_goto_login_form' )) {
381 delete_option( 'mo_firebase_authentication_new_registration' );
382 update_option( 'mo_firebase_authentication_verify_customer', 'true' );
383
384 } if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == 'mo_enable_firebase_auth' && wp_verify_nonce( $_REQUEST['mo_firebase_auth_enable_field'], 'mo_firebase_auth_enable_form' ) ){
385 update_option( 'mo_enable_firebase_auth', isset( $_POST['mo_enable_firebase_auth'] ) ? (int)filter_var( $_POST['mo_enable_firebase_auth'], FILTER_SANITIZE_NUMBER_INT ) : 0 );
386
387 } else if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == 'mo_firebase_auth_contact_us' && isset($_REQUEST['mo_firebase_auth_contact_us_field']) && wp_verify_nonce( $_REQUEST['mo_firebase_auth_contact_us_field'], 'mo_firebase_auth_contact_us_form' ) ) {
388 $email = isset( $_POST['mo_firebase_auth_contact_us_email'] ) ? sanitize_email( $_POST['mo_firebase_auth_contact_us_email'] ) : "";
389 $phone = "+ ".preg_replace( '/[^0-9]/', '', $_POST['mo_firebase_auth_contact_us_phone'] );
390 //$phone = sanitize_textarea_field($_POST['mo_firebase_auth_contact_us_phone']);
391 $query = isset( $_POST['mo_firebase_auth_contact_us_query'] ) ? sanitize_textarea_field( $_POST['mo_firebase_auth_contact_us_query'] ) : "";
392 if ( $this->mo_firebase_authentication_check_empty_or_null( $email ) || $this->mo_firebase_authentication_check_empty_or_null( $query ) ) {
393 echo '<br><b style=color:red>Please fill up Email and Query fields to submit your query.</b>';
394 } else {
395 $contact_us = new MO_Firebase_contact_us();
396 $submited = $contact_us->mo_firebase_auth_contact_us( $email, $phone, $query );
397 if ( $submited == false ) {
398 update_option( 'mo_firebase_auth_message', 'Your query could not be submitted. Please try again.' );
399 $this->mo_firebase_auth_show_error_message();
400 } else {
401 update_option( 'mo_firebase_auth_message', 'Thanks for getting in touch! We shall get back to you shortly.' );
402 $this->mo_firebase_auth_show_success_message();
403 }
404 }
405
406 } else if( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == "mo_firebase_authentication_verify_customer" ) {//register the admin to miniOrange
407 //validation and sanitization
408 $email = '';
409 $password = '';
410 if( $this->mo_firebase_authentication_check_empty_or_null( $_POST['email'] ) || $this->mo_firebase_authentication_check_empty_or_null( $_POST['password'] ) ) {
411 update_option( 'mo_firebase_auth_message', 'All the fields are required. Please enter valid entries.');
412 $this->mo_firebase_auth_show_error_message();
413 return;
414 } else{
415 $email = sanitize_email( $_POST['email'] );
416 $password = stripslashes( $_POST['password'] );
417 }
418
419 update_option( 'mo_firebase_authentication_admin_email', $email );
420 update_option( 'password', $password );
421 $customer = new MO_Firebase_Customer();
422 $content = $customer->mo_firebase_auth_get_customer_key();
423 $customerKey = json_decode( $content, true );
424 if( json_last_error() == JSON_ERROR_NONE ) {
425 update_option( 'mo_firebase_authentication_admin_customer_key', $customerKey['id'] );
426 update_option( 'mo_firebase_authentication_admin_api_key', $customerKey['apiKey'] );
427 update_option( 'mo_firebase_authentication_customer_token', $customerKey['token'] );
428 if( isset( $customerKey['phone'] ) )
429 update_option( 'mo_firebase_authentication_admin_phone', $customerKey['phone'] );
430 delete_option( 'password' );
431 update_option( 'mo_firebase_auth_message', 'Customer retrieved successfully');
432 delete_option( 'mo_firebase_authentication_verify_customer' );
433 $this->mo_firebase_auth_show_success_message();
434 } else {
435 update_option( 'mo_firebase_auth_message', 'Invalid username or password. Please try again.');
436 $this->mo_firebase_auth_show_error_message();
437 }
438
439 } else if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == 'mo_firebase_auth_skip_feedback' ) {
440 deactivate_plugins( __FILE__ );
441 update_option( 'mo_firebase_auth_message', 'Plugin deactivated successfully' );
442 $this->mo_firebase_auth_show_success_message();
443
444 } else if ( sanitize_text_field( wp_unslash( $_POST['option'] ) ) == 'mo_firebase_auth_feedback' && isset($_REQUEST['mo_firebase_auth_feedback_field']) && wp_verify_nonce( $_REQUEST['mo_firebase_auth_feedback_field'], 'mo_firebase_auth_feedback_form' ) ) {
445 $user = wp_get_current_user();
446 $message = 'Plugin Deactivated:';
447 $deactivate_reason = array_key_exists( 'deactivate_reason_radio', $_POST ) ? $_POST['deactivate_reason_radio'] : false;
448 $deactivate_reason_message = array_key_exists( 'query_feedback', $_POST ) ? $_POST['query_feedback'] : false;
449 if ( $deactivate_reason ) {
450 $message .= $deactivate_reason;
451 if ( isset( $deactivate_reason_message ) ) {
452 $message .= ':' . $deactivate_reason_message;
453 }
454
455 $email = $user->user_email;
456 $contact_us = new MO_Firebase_contact_us();
457 $submited = json_decode( $contact_us->mo_firebase_auth_send_email_alert( $email, $message, "Feedback: WordPress Firebase Authentication" ), true );
458 deactivate_plugins( __FILE__ );
459 update_option( 'mo_firebase_auth_message', 'Thank you for the feedback.' );
460 $this->mo_firebase_auth_show_success_message();
461
462 } else {
463 update_option( 'mo_firebase_auth_message', 'Please Select one of the reasons ,if your reason is not mentioned please select Other Reasons' );
464 $this->mo_firebase_auth_show_error_message();
465 }
466 }
467 }
468 }
469
470 }
471
472 $mo_firebase_authentication_obj = new mo_firebase_authentication_login();