Forked from stracker-phil/wp-login-master-password.php
Created
January 16, 2024 04:23
-
-
Save habibimroncn/cae52fc3aef9587b6f183f7a629e3a14 to your computer and use it in GitHub Desktop.
Small WordPress plugin that allows you to login as Admin user to any WordPress installation that you can access via FTP. Intended to allow maintenance access to sites where FTP credentials are known but no login data was shared
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
******************************************************************************* | |
* MAL: Maintenance Auto-Login. | |
******************************************************************************* | |
* Automatically logs you in as the first admin user found in the WordPress | |
* database. | |
* | |
* How to use it: | |
* | |
* 1. Add the following 2 lines to wp-config.php - adjust the values | |
* define( 'MAL_SECRET_USER', 'admin:auto' ); | |
* define( 'MAL_SECRET_PASS', '****' ); | |
* 2. Save this code to wp-content/mu-plugins/auto-login.php | |
* 3. Now you can login to WordPress by using the SECRET_USER / SECRET_PASS | |
* combination. When using these credentials you will end up as admin user. | |
* 4. To disable this plugin again comment out the 2 lines in wp-config.php | |
******************************************************************************* | |
*/ | |
if ( ! defined( 'ABSPATH' ) ) { die(); } | |
if ( defined( 'MAL_SECRET_USER' ) | |
&& defined( 'MAL_SECRET_PASS' ) | |
&& MAL_SECRET_USER | |
&& MAL_SECRET_PASS | |
) { | |
add_filter( 'authenticate', 'mal_auto_login', 3, 10 ); | |
} | |
function mal_auto_login( $user, $username, $password ) { | |
if ( MAL_SECRET_USER == $username && MAL_SECRET_PASS == $password ) { | |
// Find an admin user ID. | |
$user_id = mal_get_admin_user_id(); | |
if ( ! $user_id ) { | |
wp_die( 'No admin user found' ); | |
} | |
// Log in as admin user automatically. | |
$user = get_user_by( 'id', $user_id ); | |
wp_set_current_user( $user_id, $user->data->user_login ); | |
wp_set_auth_cookie( $user_id ); | |
do_action( 'wp_login', $user->data->user_login ); | |
wp_safe_redirect( admin_url() ); | |
exit; | |
} | |
} | |
function mal_get_admin_user_id() { | |
global $wpdb; | |
$sql = " | |
SELECT u.ID | |
FROM {$wpdb->users} u | |
INNER JOIN {$wpdb->usermeta} m ON m.user_id = u.ID | |
WHERE | |
(m.meta_key = '{$wpdb->prefix}user_level' AND m.meta_value = 10) | |
OR | |
(m.meta_key = '{$wpdb->prefix}capabilities' AND m.meta_value LIKE '%\"administrator\"%') | |
"; | |
$res = intval( $wpdb->get_var( $sql ) ); | |
return $res; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment