-
Notifications
You must be signed in to change notification settings - Fork 2
/
sso.php
105 lines (93 loc) · 2.59 KB
/
sso.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<?php
/**
* Plugin Name: SSO
* Author: Garth Mortensen, Mike Hansen
* Version: 0.5
* License: GPLv2 or later
* License URI: http://www.gnu.org/licenses/gpl-2.0.html
*/
if( ! function_exists( 'sso_check' ) ){
function sso_check() {
if ( ! isset( $_GET['salt'] ) || ! isset( $_GET['nonce'] ) ) {
sso_req_login();
}
if ( sso_check_blocked() ) {
sso_req_login();
}
$nonce = esc_attr( $_GET['nonce'] );
$salt = esc_attr( $_GET['salt'] );
$has_epoch = preg_match('/-e(\d+)$/', $nonce, $epoch);
$expired = ( $has_epoch && (time() - $epoch[1]) > 300 ) ? true : false;
if ( ! empty( $_GET['user'] ) ) {
$user = esc_attr( $_GET['user'] );
} else {
$user = get_users( array( 'role' => 'administrator', 'number' => 1 ) );
if ( is_array( $user ) && is_a( $user[0], 'WP_User' ) ) {
$user = $user[0];
$user = $user->ID;
} else {
$user = 0;
}
}
$bounce = ! empty( $_GET['bounce'] ) ? $_GET['bounce'] : '';
$hash = base64_encode( hash( 'sha256', $nonce . $salt, false ) );
$hash = substr( $hash, 0, 64 );
$token = get_transient( 'sso_token' );
$from_options = false;
if ( $token === false ) {
$token = get_option( 'sso_token' );
$from_options = true;
}
if ( ! $expired && $token == $hash ) {
if ( is_email( $user ) ) {
$user = get_user_by( 'email', $user );
} else {
$user = get_user_by( 'id', (int) $user );
}
if ( $from_options ) {
delete_option( 'sso_token' );
}
if ( is_a( $user, 'WP_User' ) ) {
wp_set_current_user( $user->ID, $user->user_login );
wp_set_auth_cookie( $user->ID );
do_action( 'wp_login', $user->user_login, $user );
delete_transient( 'sso_token' );
wp_safe_redirect( admin_url( $bounce ) );
} else {
sso_req_login();
}
} else {
sso_add_failed_attempt();
sso_req_login();
}
die();
}
}
add_action( 'wp_ajax_nopriv_sso-check', 'sso_check' );
add_action( 'wp_ajax_sso-check', 'sso_check' );
if( ! function_exists( 'sso_req_login' ) ){
function sso_req_login() {
wp_safe_redirect( wp_login_url() );
}
}
if( ! function_exists( 'sso_get_attempt_id' ) ){
function sso_get_attempt_id() {
return 'sso' . esc_url( $_SERVER['REMOTE_ADDR'] );
}
}
if( ! function_exists( 'sso_add_failed_attempt' ) ){
function sso_add_failed_attempt() {
$attempts = get_transient( sso_get_attempt_id(), 0 );
$attempts ++;
set_transient( sso_get_attempt_id(), $attempts, 300 );
}
}
if( ! function_exists( 'sso_check_blocked' ) ){
function sso_check_blocked() {
$attempts = get_transient( sso_get_attempt_id(), 0 );
if ( $attempts > 4 ) {
return true;
}
return false;
}
}