| Disable Functions: Path : /opt/wp/mu-plugins/ |
| Current File : //opt/wp/mu-plugins/sso.php |
<?php
/**
Plugin Name: SSO
Author: Garth Mortensen, Mike Hansen
Version: 0.3
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
*/
function sso_check() {
if ( ! isset( $_GET['salt'] ) || ! isset( $_GET['nonce'] ) ) { sso_req_login(); }
if ( sso_check_blocked() ) { sso_req_login(); }
$nonce = esc_attr( $_GET['nonce'] );
$salt = esc_attr( $_GET['salt'] );
$user;
if ( ! empty( $_GET['user'] ) ) {
$user = esc_attr( $_GET['user'] );
} else {
$user = get_users( array( 'role' => 'administrator', 'number' => 1 ) );
if ( is_array( $user ) && is_a( $user[0], 'WP_User' ) ) {
$user = $user[0];
$user = $user->ID;
} else {
$user = 0;
}
}
$bounce = $_GET['bounce'];
$hash = base64_encode( hash( 'sha256', $nonce . $salt, false ) );
$hash = substr( $hash, 0, 64 );
if ( get_transient( 'sso_token' ) == $hash ) {
if ( is_email( $user ) ) {
$user = get_user_by( 'email', $user );
} else {
$user = get_user_by( 'id', (int) $user );
}
if ( is_a( $user, 'WP_User' ) ) {
wp_set_current_user( $user->ID, $user->user_login );
wp_set_auth_cookie( $user->ID );
do_action( 'wp_login', $user->user_login, $user );
delete_transient( 'sso_token' );
wp_safe_redirect( admin_url( $bounce ) );
} else {
sso_req_login();
}
} else {
sso_add_failed_attempt();
sso_req_login();
}
die();
}
add_action( 'wp_ajax_nopriv_sso-check', 'sso_check' );
add_action( 'wp_ajax_sso-check', 'sso_check' );
function sso_req_login() {
wp_safe_redirect( wp_login_url() );
}
function sso_get_attempt_id() {
return 'sso' . esc_url( $_SERVER['REMOTE_ADDR'] );
}
function sso_add_failed_attempt() {
$attempts = get_transient( sso_get_attempt_id(), 0 );
$attempts++;
set_transient( sso_get_attempt_id(), $attempts, 300 );
}
function sso_check_blocked() {
$attempts = get_transient( sso_get_attempt_id(), 0 );
if ( $attempts > 4 ) {
return true;
}
return false;
}