WP_Auth

The BuddyPress WP Auth class.

Defined (1)

The class is defined in the following location(s).

/bp-forums/bbpress/bb-includes/backpress/class.wp-auth.php  
  1. class WP_Auth 
  2. var $db; // BBPDB object 
  3. var $users; // WP_Users object 
  4.  
  5. var $cookies; 
  6.  
  7. var $current = 0; 
  8.  
  9. function WP_Auth( &$db, &$users, $cookies ) 
  10. $this->__construct( $db, $users, $cookies ); 
  11.  
  12. /** 
  13. * @param array $cookies Array indexed by internal name of cookie. Values are arrays of array defining cookie parameters. 
  14. * $cookies = array( 
  15. * 'auth' => array( 
  16. * 0 => array( 
  17. * 'domain' => (string) cookie domain 
  18. * 'path' => (string) cookie path 
  19. * 'name' => (string) cookie name 
  20. * 'secure' => (bool) restrict cookie to HTTPS only 
  21. * ) 
  22. * ) 
  23. * ); 
  24. * At least one cookie is required. Give it an internal name of 'auth'. 
  25. * Suggested cookie structure: 
  26. * logged_in: whether or not a user is logged in. Send everywhere. 
  27. * auth: used to authorize user's actions. Send only to domains/paths that need it (e.g. wp-admin/) 
  28. * secure_auth: used to authorize user's actions. Send only to domains/paths that need it and only over HTTPS 
  29. * You should be very careful when setting cookie domain to ensure that it always follows the rules set out in 
  30. * the {@link http://curl.haxx.se/rfc/cookie_spec.html Set Cookie spec}. In most cases it is best to leave cookie 
  31. * set to false and allow for user configuration to define a cookie domain in a configuration file when 
  32. * cross subdomain cookies are required. 
  33. *  
  34. * @link  
  35. */ 
  36. function __construct( &$db, &$users, $cookies ) 
  37. $this->db =& $db; 
  38. $this->users =& $users; 
  39.  
  40. $cookies = wp_parse_args( $cookies, array( 'auth' => null ) ); 
  41. $_cookies = array(); 
  42. foreach ( $cookies as $_scheme => $_scheme_cookies ) { 
  43. foreach ( $_scheme_cookies as $_scheme_cookie ) { 
  44. $_cookies[$_scheme][] = wp_parse_args( $_scheme_cookie, array( 'domain' => null, 'path' => null, 'name' => '' ) ); 
  45. unset( $_scheme_cookie ); 
  46. unset( $_scheme, $_scheme_cookies ); 
  47. $this->cookies = $_cookies; 
  48. unset( $_cookies ); 
  49.  
  50. /** 
  51. * Changes the current user by ID or name 
  52. * Set $id to null and specify a name if you do not know a user's ID 
  53. * Some WordPress functionality is based on the current user and 
  54. * not based on the signed in user. Therefore, it opens the ability 
  55. * to edit and perform actions on users who aren't signed in. 
  56. * @since 2.0.4 
  57. * @uses do_action() Calls 'set_current_user' hook after setting the current user. 
  58. * @param int $id User ID 
  59. * @param string $name User's username 
  60. * @return BP_User Current user User object 
  61. */ 
  62. function set_current_user( $user_id ) 
  63. $user = $this->users->get_user( $user_id ); 
  64. if ( !$user || is_wp_error( $user ) ) { 
  65. $this->current = 0; 
  66. return $this->current; 
  67.  
  68. $user_id = $user->ID; 
  69.  
  70. if ( isset( $this->current->ID ) && $user_id == $this->current->ID ) { 
  71. return $this->current; 
  72.  
  73. if ( class_exists( 'BP_User' ) ) { 
  74. $this->current = new BP_User( $user_id ); 
  75. } else { 
  76. $this->current =& $user; 
  77.  
  78. // WP add_action( 'set_current_user', 'setup_userdata', 1 ); 
  79.  
  80. do_action( 'set_current_user', $user_id ); 
  81.  
  82. return $this->current; 
  83.  
  84. /** 
  85. * Populate variables with information about the currently logged in user 
  86. * Will set the current user, if the current user is not set. The current 
  87. * user will be set to the logged in person. If no user is logged in, then 
  88. * it will set the current user to 0, which is invalid and won't have any 
  89. * permissions. 
  90. * @since 0.71 
  91. * @uses $current_user Checks if the current user is set 
  92. * @uses wp_validate_auth_cookie() Retrieves current logged in user. 
  93. * @return bool|null False on XMLRPC Request and invalid auth cookie. Null when current user set 
  94. */ 
  95. function get_current_user() 
  96. if ( !empty( $this->current ) ) { 
  97. return $this->current; 
  98.  
  99. if ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) { 
  100. $this->set_current_user( 0 ); 
  101. } elseif ( $user_id = $this->validate_auth_cookie( null, 'logged_in' ) ) { 
  102. $this->set_current_user( $user_id ); 
  103. } else { 
  104. $this->set_current_user( 0 ); 
  105.  
  106. return $this->current; 
  107.  
  108. /** 
  109. * Validates authentication cookie 
  110. * The checks include making sure that the authentication cookie 
  111. * is set and pulling in the contents (if $cookie is not used). 
  112. * Makes sure the cookie is not expired. Verifies the hash in 
  113. * cookie is what is should be and compares the two. 
  114. * @since 2.5 
  115. * @param string $cookie Optional. If used, will validate contents instead of cookie's 
  116. * @return bool|int False if invalid cookie, User ID if valid. 
  117. */ 
  118. function validate_auth_cookie( $cookie = null, $scheme = 'auth' ) 
  119. if ( empty( $cookie ) ) { 
  120. foreach ( $this->cookies[$scheme] as $_scheme_cookie ) { 
  121. // Take the first cookie of type scheme that exists 
  122. if ( !empty( $_COOKIE[$_scheme_cookie['name']] ) ) { 
  123. $cookie = $_COOKIE[$_scheme_cookie['name']]; 
  124. break; 
  125.  
  126. if ( !$cookie ) { 
  127. return false; 
  128.  
  129. $cookie_elements = explode( '|', $cookie ); 
  130. if ( count( $cookie_elements ) != 3 ) { 
  131. do_action( 'auth_cookie_malformed', $cookie, $scheme ); 
  132. return false; 
  133.  
  134. list( $username, $expiration, $hmac ) = $cookie_elements; 
  135.  
  136. $expired = $expiration; 
  137.  
  138. // Allow a grace period for POST and AJAX requests 
  139. if ( defined( 'DOING_AJAX' ) || 'POST' == $_SERVER['REQUEST_METHOD'] ) { 
  140. $expired += 3600; 
  141.  
  142. if ( $expired < time() ) { 
  143. do_action( 'auth_cookie_expired', $cookie_elements ); 
  144. return false; 
  145.  
  146. $user = $this->users->get_user( $username, array( 'by' => 'login' ) ); 
  147. if ( !$user || is_wp_error( $user ) ) { 
  148. do_action( 'auth_cookie_bad_username', $cookie_elements ); 
  149. return $user; 
  150.  
  151. $pass_frag = ''; 
  152. if ( 1 < WP_AUTH_COOKIE_VERSION ) { 
  153. $pass_frag = substr( $user->user_pass, 8, 4 ); 
  154.  
  155. $key = call_user_func( backpress_get_option( 'hash_function_name' ), $username . $pass_frag . '|' . $expiration, $scheme ); 
  156. $hash = hash_hmac( 'md5', $username . '|' . $expiration, $key ); 
  157.  
  158. if ( $hmac != $hash ) { 
  159. do_action( 'auth_cookie_bad_hash', $cookie_elements ); 
  160. return false; 
  161.  
  162. do_action( 'auth_cookie_valid', $cookie_elements, $user ); 
  163.  
  164. return $user->ID; 
  165.  
  166. /** 
  167. * Generate authentication cookie contents 
  168. * @since 2.5 
  169. * @uses apply_filters() Calls 'auth_cookie' hook on $cookie contents, User ID 
  170. * and expiration of cookie. 
  171. * @param int $user_id User ID 
  172. * @param int $expiration Cookie expiration in seconds 
  173. * @return string Authentication cookie contents 
  174. */ 
  175. function generate_auth_cookie( $user_id, $expiration, $scheme = 'auth' ) 
  176. $user = $this->users->get_user( $user_id ); 
  177. if ( !$user || is_wp_error( $user ) ) { 
  178. return $user; 
  179.  
  180. $pass_frag = ''; 
  181. if ( 1 < WP_AUTH_COOKIE_VERSION ) { 
  182. $pass_frag = substr( $user->user_pass, 8, 4 ); 
  183.  
  184. $key = call_user_func( backpress_get_option( 'hash_function_name' ), $user->user_login . $pass_frag . '|' . $expiration, $scheme ); 
  185. $hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key); 
  186.  
  187. $cookie = $user->user_login . '|' . $expiration . '|' . $hash; 
  188.  
  189. return apply_filters( 'auth_cookie', $cookie, $user_id, $expiration, $scheme ); 
  190.  
  191. /** 
  192. * Sets the authentication cookies based User ID 
  193. * The $remember parameter increases the time that the cookie will 
  194. * be kept. The default the cookie is kept without remembering is 
  195. * two days. When $remember is set, the cookies will be kept for 
  196. * 14 days or two weeks. 
  197. * @since 2.5 
  198. * @param int $user_id User ID 
  199. * @param int $expiration the UNIX time after which the cookie's authentication token is no longer valid 
  200. * @param int $expire the UNIX time at which the cookie expires 
  201. * @param int $scheme name of the  
  202. */ 
  203. function set_auth_cookie( $user_id, $expiration = 0, $expire = 0, $scheme = 'auth' ) 
  204. if ( !isset( $this->cookies[$scheme] ) ) { 
  205. return; 
  206.  
  207. if ( !$expiration = absint( $expiration ) ) { 
  208. $expiration = time() + 172800; // 2 days 
  209.  
  210. $expire = absint( $expire ); 
  211.  
  212. foreach ( $this->cookies[$scheme] as $_cookie ) { 
  213. $cookie = $this->generate_auth_cookie( $user_id, $expiration, $scheme ); 
  214. if ( is_wp_error( $cookie ) ) { 
  215. return $cookie; 
  216.  
  217. do_action( 'set_' . $scheme . '_cookie', $cookie, $expire, $expiration, $user_id, $scheme ); 
  218.  
  219. $domain = $_cookie['domain']; 
  220. $secure = isset($_cookie['secure']) ? (bool) $_cookie['secure'] : false; 
  221.  
  222. // Set httponly if the php version is >= 5.2.0 
  223. if ( version_compare( phpversion(), '5.2.0', 'ge' ) ) { 
  224. backpress_set_cookie( $_cookie['name'], $cookie, $expire, $_cookie['path'], $domain, $secure, true ); 
  225. } else { 
  226. $domain = ( empty( $domain ) ) ? $domain : $domain . '; HttpOnly'; 
  227. backpress_set_cookie( $_cookie['name'], $cookie, $expire, $_cookie['path'], $domain, $secure ); 
  228. unset( $_cookie ); 
  229.  
  230. /** 
  231. * Deletes all of the cookies associated with authentication 
  232. * @since 2.5 
  233. */ 
  234. function clear_auth_cookie() 
  235. do_action( 'clear_auth_cookie' ); 
  236. foreach ( $this->cookies as $_scheme => $_scheme_cookies ) { 
  237. foreach ( $_scheme_cookies as $_cookie ) { 
  238. backpress_set_cookie( $_cookie['name'], ' ', time() - 31536000, $_cookie['path'], $_cookie['domain'] ); 
  239. unset( $_cookie ); 
  240. unset( $_scheme, $_scheme_cookies );