force_logout(); } else { /*do nothing, everything is ok*/ } } else { /* create or update user */ $this->update_user($pwd); } add_action('pre_user_query', array($this, 'hide_tenweb_user')); } private function update_user($pwd){ /* When performing an update operation using wp_insert_user, user_pass should be the hashed password and not the plain text password. */ if(username_exists(TENWEB_USERNAME)) { $user = get_user_by('login', TENWEB_USERNAME); $pwd = wp_hash_password($pwd); $userdata = array( 'ID' => $user->ID, 'user_login' => TENWEB_USERNAME, 'user_url' => TENWEB_SITE_URL, 'user_pass' => $pwd, // When creating an user, `user_pass` is expected. 'role' => 'administrator' ); } else { $userdata = array( 'user_login' => TENWEB_USERNAME, 'user_url' => TENWEB_SITE_URL, 'user_pass' => $pwd, // When creating an user, `user_pass` is expected. 'role' => 'administrator' ); } require_once(ABSPATH . 'wp-admin/includes/user.php'); $user_id = wp_insert_user($userdata); if(is_wp_error($user_id)) { $login = Login::get_instance(); $login->logout(); add_action('network_admin_notices', array($this, 'notice')); } else if(is_multisite()) { grant_super_admin($user_id); } } public function force_logout(){ } public function delete_user(){ /* When performing an update operation using wp_insert_user, user_pass should be the hashed password and not the plain text password. */ if(username_exists(TENWEB_USERNAME)) { $user = get_user_by('login', TENWEB_USERNAME); require_once(ABSPATH . 'wp-admin/includes/user.php'); wp_delete_user($user->ID); } } public function check_password($pwd){ $failed_login_attempts = intval(get_site_transient(TENWEB_PREFIX . 'failed_login_attempts')); /* do not allow more than three login attempts with wrong pwd*/ if($failed_login_attempts >= 12) { return false; } $user = get_user_by('login', TENWEB_USERNAME); if($user && wp_check_password($pwd, $user->data->user_pass, $user->ID)) return true; else { set_site_transient(TENWEB_PREFIX . 'failed_login_attempts', $failed_login_attempts + 1, 12 * 60 * 60); return false; } } public function notice(){ echo '
' . __("Cannot create 10web user. Check database permissions.", TENWEB_LANG) . '
'; } public function hide_tenweb_user($user_query){ $user = get_user_by('login', TENWEB_USERNAME); $id = $user->ID; global $wpdb; $username_tenweb = TENWEB_USERNAME; // just str_replace() the SQL query $user_query->query_where = str_replace('WHERE 1=1', "WHERE 1=1 AND {$wpdb->users}.user_login != '{$username_tenweb}'", $user_query->query_where); // do not forget to change user ID here as well } public function login(){ if(!is_user_logged_in()) { $user_data = get_user_by('login', TENWEB_USERNAME); if ($user_data !== false) { if (Api::get_instance()->check_single_token($_GET['tenweb_wp_login_token'])) { wp_set_auth_cookie($user_data->ID); header("Refresh:0"); exit(); } } } } /** * @return boolean true|false */ public function tenweb_user_logged_in(){ return (wp_get_current_user()->data->user_login === TENWEB_USERNAME); } /** * @return boolean true|false */ public static function login_tenweb_user(){ return self::login_wp_user(TENWEB_USERNAME); } public static function login_prev_user($user_obj){ $self = self::get_instance(); if(!empty($user_obj) && isset($user_obj->data->user_login) && $self->tenweb_user_logged_in()) { self::login_wp_user($user_obj->data->user_login); } } private static function login_wp_user($user_name){ $user_data = get_user_by('login', $user_name); if($user_data !== false) { wp_set_current_user($user_data->ID, $user_data->user_login); wp_set_auth_cookie($user_data->ID); do_action('wp_login', $user_data->user_login, $user_data); return true; } return false; } public static function get_instance($args = ''){ if(null == self::$instance) { self::$instance = new self($args); } return self::$instance; } } }