1 | <?php |
---|
2 | /** |
---|
3 | * XPress - WordPress for XOOPS |
---|
4 | * |
---|
5 | * Adding multi-author features to XPressME |
---|
6 | * |
---|
7 | * @copyright The XPressME project |
---|
8 | * @license http://www.fsf.org/copyleft/gpl.html GNU public license |
---|
9 | * @author toemon |
---|
10 | * @since 2.05 |
---|
11 | * @version $Id$ |
---|
12 | * @package module::xpress |
---|
13 | */ |
---|
14 | |
---|
15 | // *********************************** Start Pluggable Function Edit (wp-include/pluggable.php) ************************************ |
---|
16 | |
---|
17 | if ( !function_exists('get_currentuserinfo') ) : |
---|
18 | function get_currentuserinfo() { |
---|
19 | global $current_user; |
---|
20 | global $xoopsModule,$xoopsUser,$xoopsUserIsAdmin; |
---|
21 | |
---|
22 | |
---|
23 | if ($xoopsModule){ |
---|
24 | if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST ) |
---|
25 | return false; |
---|
26 | |
---|
27 | if (is_object($xoopsUser)){ // When the user is logging in xoops |
---|
28 | if ( ! empty($current_user) ){ |
---|
29 | $xoops_user = $xoopsUser->getVar("uname"); |
---|
30 | if ($current_user->user_login == $xoops_user){ // If xoops login user and wordpress current user are the same |
---|
31 | return; |
---|
32 | } |
---|
33 | } |
---|
34 | if (check_xpress_auth_cookie()){ //The cookie is login user's or it checks it |
---|
35 | if (function_exists('wp_validate_auth_cookie')){ |
---|
36 | if ( $user = wp_validate_auth_cookie() ) { |
---|
37 | // When the user meta prefix is different according to the change in the xoops data base prefix, it restores it. |
---|
38 | if (!check_user_meta_prefix($user)){ |
---|
39 | repair_user_meta_prefix(); |
---|
40 | } |
---|
41 | wp_set_current_user($user); |
---|
42 | return ; |
---|
43 | } |
---|
44 | } else { // for WP2.0 |
---|
45 | if ( !empty($_COOKIE[USER_COOKIE]) && !empty($_COOKIE[PASS_COOKIE])){ |
---|
46 | if(wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) { |
---|
47 | $user_login = $_COOKIE[USER_COOKIE]; |
---|
48 | wp_set_current_user(0, $user_login); |
---|
49 | return; |
---|
50 | } |
---|
51 | } |
---|
52 | } |
---|
53 | } |
---|
54 | return xpress_login(); |
---|
55 | } else { // For the xoops guest |
---|
56 | if ( ! empty($current_user) ){ // When a current user of wordpress is set, a current user is cleared. |
---|
57 | wp_set_current_user(0); |
---|
58 | wp_logout(); |
---|
59 | wp_clear_auth_cookie(); |
---|
60 | } |
---|
61 | return false; |
---|
62 | } |
---|
63 | } else { |
---|
64 | // WP original |
---|
65 | if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST ) |
---|
66 | return false; |
---|
67 | |
---|
68 | if ( ! empty($current_user) ) |
---|
69 | return; |
---|
70 | |
---|
71 | if (function_exists('wp_validate_auth_cookie')){ |
---|
72 | if ( ! $user = wp_validate_auth_cookie() ) { |
---|
73 | if ( empty($_COOKIE[LOGGED_IN_COOKIE]) || !$user = wp_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in') ) { |
---|
74 | wp_set_current_user(0); |
---|
75 | return false; |
---|
76 | } |
---|
77 | } |
---|
78 | wp_set_current_user($user); |
---|
79 | } else { // for WP2.0 |
---|
80 | if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) || |
---|
81 | !wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) { |
---|
82 | wp_set_current_user(0); |
---|
83 | return false; |
---|
84 | } |
---|
85 | $user_login = $_COOKIE[USER_COOKIE]; |
---|
86 | wp_set_current_user(0, $user_login); |
---|
87 | } |
---|
88 | } |
---|
89 | } |
---|
90 | endif; |
---|
91 | |
---|
92 | if ( !function_exists('xpress_login') ) : |
---|
93 | function xpress_login(){ |
---|
94 | global $current_user; |
---|
95 | global $xoopsModule,$xoopsUser,$xoopsUserIsAdmin; |
---|
96 | |
---|
97 | if(is_object($xoopsUser)){ |
---|
98 | $u_name = $xoopsUser->getVar("uname"); |
---|
99 | $u_pass_md5 = $xoopsUser->getVar("pass"); |
---|
100 | if ( ! empty($u_name) && ! empty($u_pass_md5) ) { |
---|
101 | include_once dirname( __FILE__ ).'/user_sync_xoops.php'; |
---|
102 | repair_user_meta_prefix(); //Repair when data base prefix is changed on XOOPS side |
---|
103 | $messege = ''; |
---|
104 | $ret = user_sync_to_wordpress($xoopsUser->getVar("uid"),$messege); |
---|
105 | if ($ret){ |
---|
106 | $user = new WP_User(0, $u_name); |
---|
107 | if ( wp_login($u_name, $u_pass_md5) ) { |
---|
108 | wp_setcookie($u_name, $u_pass_md5, true, '', '', false); |
---|
109 | do_action('wp_login', $u_name); |
---|
110 | wp_set_current_user($user->ID); |
---|
111 | return true; |
---|
112 | } |
---|
113 | } |
---|
114 | } |
---|
115 | } |
---|
116 | if ( ! empty($current_user) ){ |
---|
117 | wp_set_current_user(0); |
---|
118 | wp_logout(); |
---|
119 | wp_clear_auth_cookie(); |
---|
120 | } |
---|
121 | return false; |
---|
122 | } |
---|
123 | endif; |
---|
124 | |
---|
125 | if ( !function_exists('check_xpress_auth_cookie') ) : |
---|
126 | function check_xpress_auth_cookie() { // for wp2.5 |
---|
127 | if ( empty($_COOKIE[AUTH_COOKIE]) ){ |
---|
128 | return false; |
---|
129 | } |
---|
130 | $cookie = $_COOKIE[AUTH_COOKIE]; |
---|
131 | |
---|
132 | $cookie_elements = explode('|', $cookie); |
---|
133 | if ( count($cookie_elements) != 3 ){ |
---|
134 | return false; |
---|
135 | } |
---|
136 | |
---|
137 | if(is_object($GLOBALS["xoopsModule"])){ |
---|
138 | // && WP_BLOG_DIRNAME == $GLOBALS["xoopsModule"]->getVar("dirname")){ |
---|
139 | if(is_object($GLOBALS["xoopsUser"])){ |
---|
140 | $u_name = $GLOBALS["xoopsUser"]->getVar("uname"); |
---|
141 | list($username, $expiration, $hmac) = $cookie_elements; |
---|
142 | if ($u_name == $username) { |
---|
143 | return true; |
---|
144 | } |
---|
145 | } |
---|
146 | } else { |
---|
147 | $mydirname = basename( dirname( dirname( __FILE__ ) ) ) ; |
---|
148 | $org_url = $_SERVER['REQUEST_URI']; |
---|
149 | $needle = '/modules/' . $mydirname . '/wp-admin/'; |
---|
150 | if (strstr($org_url , $needle)){ |
---|
151 | return true; |
---|
152 | } |
---|
153 | } |
---|
154 | return false; |
---|
155 | } |
---|
156 | endif; |
---|
157 | |
---|
158 | if ( !function_exists('wp_check_password') ) : |
---|
159 | // for wordpress2.5 |
---|
160 | function wp_check_password($password, $hash, $user_id = '') { |
---|
161 | global $wp_hasher; |
---|
162 | global $modInfo,$wpConfigInfo,$xoops_db; |
---|
163 | |
---|
164 | // For attestation when password has been sent as hash value. (When having logged it in from Xoops and ImpressCMS) |
---|
165 | if ($hash == $password){ |
---|
166 | return apply_filters('check_password', true, $password, $hash, $user_id); |
---|
167 | } |
---|
168 | |
---|
169 | // Password authentication for Xoops |
---|
170 | if ( strlen($hash) <= 32 ) { |
---|
171 | $check = ( $hash == md5($password) ); |
---|
172 | return apply_filters('check_password', $check, $password, $hash, $user_id); |
---|
173 | } |
---|
174 | |
---|
175 | // Password authentication for ImpressCMS |
---|
176 | if($modInfo->is_impress_cms() && function_exists('hash')){ |
---|
177 | $mainSalt = $wpConfigInfo->get_db_salt(); |
---|
178 | // get user salt |
---|
179 | $xpress_user_db = $wpConfigInfo->get_db_prefix() . 'users'; |
---|
180 | $xoops_user_db = $wpConfigInfo->get_xoops_db_prefix() . 'users'; |
---|
181 | $login_name = $xoops_db->get_var("SELECT user_login FROM $xpress_user_db WHERE ID = $user_id"); |
---|
182 | $user_salt = $xoops_db->get_var("SELECT salt FROM $xoops_user_db WHERE uname = '$login_name'"); |
---|
183 | $enc_type = intval( $xoops_db->get_var("SELECT enc_type FROM $xoops_user_db WHERE uname = '$login_name'") ); |
---|
184 | |
---|
185 | // Make Impress hash |
---|
186 | if($enc_type == 0) {$impress_hash = md5($password);} // no salt used for compatibility with external scripts such as ipb/phpbb etc. |
---|
187 | elseif($enc_type == 1) {$impress_hash = hash('sha256', $user_salt.md5($password).$mainSalt);} |
---|
188 | elseif($enc_type == 2) {$impress_hash = hash('sha384', $user_salt.md5($password).$mainSalt);} |
---|
189 | elseif($enc_type == 3) {$impress_hash = hash('sha512', $user_salt.md5($password).$mainSalt);} |
---|
190 | elseif($enc_type == 4) {$impress_hash = hash('ripemd128', $user_salt.md5($password).$mainSalt);} |
---|
191 | elseif($enc_type == 5) {$impress_hash = hash('ripemd160', $user_salt.md5($password).$mainSalt);} |
---|
192 | elseif($enc_type == 6) {$impress_hash = hash('whirlpool', $user_salt.md5($password).$mainSalt);} |
---|
193 | elseif($enc_type == 7) {$impress_hash = hash('haval128,4', $user_salt.md5($password).$mainSalt);} |
---|
194 | elseif($enc_type == 8) {$impress_hash = hash('haval160,4', $user_salt.md5($password).$mainSalt);} |
---|
195 | elseif($enc_type == 9) {$impress_hash = hash('haval192,4', $user_salt.md5($password).$mainSalt);} |
---|
196 | elseif($enc_type == 10) {$impress_hash = hash('haval224,4', $user_salt.md5($password).$mainSalt);} |
---|
197 | elseif($enc_type == 11) {$impress_hash = hash('haval256,4', $user_salt.md5($password).$mainSalt);} |
---|
198 | elseif($enc_type == 12) {$impress_hash = hash('haval128,5', $user_salt.md5($password).$mainSalt);} |
---|
199 | elseif($enc_type == 13) {$impress_hash = hash('haval160,5', $user_salt.md5($password).$mainSalt);} |
---|
200 | elseif($enc_type == 14) {$impress_hash = hash('haval192,5', $user_salt.md5($password).$mainSalt);} |
---|
201 | elseif($enc_type == 15) {$impress_hash = hash('haval224,5', $user_salt.md5($password).$mainSalt);} |
---|
202 | elseif($enc_type == 16) {$impress_hash = hash('haval256,5', $user_salt.md5($password).$mainSalt);} |
---|
203 | |
---|
204 | if ($hash == $impress_hash){ |
---|
205 | return apply_filters('check_password', true, $password, $hash, $user_id); |
---|
206 | } |
---|
207 | } |
---|
208 | |
---|
209 | // If the hash is still md5... |
---|
210 | if ( strlen($hash) <= 32 ) { |
---|
211 | $check = ( $hash == md5($password) ); |
---|
212 | /* A new hash is not used because it differs from the hash on the XOOPS password. |
---|
213 | * if ( $check && $user_id ) { |
---|
214 | * // Rehash using new hash. |
---|
215 | * wp_set_password($password, $user_id); |
---|
216 | * $hash = wp_hash_password($password); |
---|
217 | * } |
---|
218 | */ |
---|
219 | return apply_filters('check_password', $check, $password, $hash, $user_id); |
---|
220 | } |
---|
221 | |
---|
222 | // If the stored hash is longer than an MD5, presume the |
---|
223 | // new style phpass portable hash. |
---|
224 | if ( empty($wp_hasher) ) { |
---|
225 | require_once( ABSPATH . 'wp-includes/class-phpass.php'); |
---|
226 | // By default, use the portable hash from phpass |
---|
227 | $wp_hasher = new PasswordHash(8, TRUE); |
---|
228 | } |
---|
229 | |
---|
230 | $check = $wp_hasher->CheckPassword($password, $hash); |
---|
231 | |
---|
232 | return apply_filters('check_password', $check, $password, $hash, $user_id); |
---|
233 | } |
---|
234 | endif; |
---|
235 | |
---|
236 | if ( !function_exists('wp_redirect') ) : |
---|
237 | function wp_redirect($location, $status = 302) { |
---|
238 | global $is_IIS,$modInfo,$action; |
---|
239 | |
---|
240 | if ($location == 'wp-login.php?loggedout=true') $location = $modInfo->get_xoops_url().'/user.php?op=logout'; //xoops logout at wp logout |
---|
241 | if ($location == 'wp-login.php?action=register') $location = $modInfo->get_xoops_url()."/register.php"; //wp-register to xoops register |
---|
242 | if ($action == 'logout') $location = $modInfo->get_xoops_url().'/user.php?op=logout'; //xoops logout at comment logout |
---|
243 | |
---|
244 | $location = apply_filters('wp_redirect', $location, $status); |
---|
245 | $status = apply_filters('wp_redirect_status', $status, $location); |
---|
246 | |
---|
247 | if ( !$location ) // allows the wp_redirect filter to cancel a redirect |
---|
248 | return false; |
---|
249 | |
---|
250 | $location = wp_sanitize_redirect($location); |
---|
251 | |
---|
252 | if (!headers_sent()) { |
---|
253 | ob_end_clean(); |
---|
254 | if ( $is_IIS ) { |
---|
255 | header("Refresh: 0;url=$location"); |
---|
256 | } else { |
---|
257 | if ( php_sapi_name() != 'cgi-fcgi' ) |
---|
258 | status_header($status); // This causes problems on IIS and some FastCGI setups |
---|
259 | header("Location: $location"); |
---|
260 | } |
---|
261 | } else { // force redirect |
---|
262 | echo ("<HTML>"); |
---|
263 | echo("<META http-equiv=\"Refresh\" content=\"0;url=$location\">"); |
---|
264 | echo ("<BODY onload=\"try {self.location.href='$location' } catch(e) {}\">"); |
---|
265 | printf(__("If the page does not automatically reload, please click <a href='%s'>here</a>","xpressme"),$location); |
---|
266 | echo ("</BODY>"); |
---|
267 | echo ("</HTML>"); |
---|
268 | } |
---|
269 | } |
---|
270 | endif; |
---|
271 | |
---|
272 | if ( !function_exists('wp_hash_password') ) : |
---|
273 | function wp_hash_password($password) { |
---|
274 | global $wp_hasher; |
---|
275 | return md5($password); // A new hash is not used because it differs from the hash on the XOOPS password. |
---|
276 | /* |
---|
277 | if ( empty($wp_hasher) ) { |
---|
278 | require_once( ABSPATH . 'wp-includes/class-phpass.php'); |
---|
279 | // By default, use the portable hash from phpass |
---|
280 | $wp_hasher = new PasswordHash(8, TRUE); |
---|
281 | } |
---|
282 | |
---|
283 | return $wp_hasher->HashPassword($password); |
---|
284 | */ |
---|
285 | } |
---|
286 | endif; |
---|
287 | |
---|
288 | if ( !function_exists('wp_clear_auth_cookie') ) : |
---|
289 | /** |
---|
290 | * Removes all of the cookies associated with authentication. |
---|
291 | * |
---|
292 | * @since 2.5 |
---|
293 | */ |
---|
294 | function wp_clear_auth_cookie() { |
---|
295 | do_action('clear_auth_cookie'); |
---|
296 | |
---|
297 | @setcookie(AUTH_COOKIE, ' ', time() - 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN); |
---|
298 | @setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN); |
---|
299 | @setcookie(AUTH_COOKIE, ' ', time() - 31536000, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN); |
---|
300 | @setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN); |
---|
301 | @setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); |
---|
302 | @setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); |
---|
303 | |
---|
304 | // Old cookies |
---|
305 | @setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); |
---|
306 | @setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); |
---|
307 | @setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); |
---|
308 | @setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); |
---|
309 | |
---|
310 | // Even older cookies |
---|
311 | @setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); |
---|
312 | @setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); |
---|
313 | @setcookie(USER_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); |
---|
314 | @setcookie(PASS_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); |
---|
315 | |
---|
316 | } |
---|
317 | endif; |
---|
318 | |
---|
319 | |
---|
320 | |
---|
321 | |
---|
322 | |
---|
323 | |
---|
324 | // *********************************** End Of Pluggable Function Edit (wp-include/pluggable.php) ************************************ |
---|
325 | |
---|
326 | ?> |
---|