Created
June 21, 2012 20:49
-
-
Save trepmal/2968439 to your computer and use it in GitHub Desktop.
[WordPress Plugin] Remote Login
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| Plugin Name: Remote Login | |
| Description: Log into the site with creds that work on remote site (as defined in plugin). The remote site must have XML-RPC enabled. | |
| Author: Kailey Lampert | |
| Author URI: http://kaileylampert.com/ | |
| THIS IS NOT COMPLETE - DO NOT USE IN PRODUCTION | |
| The remote site (defined below in $server) is the "master" site. | |
| All active users on the master site can log in this site with their "master" credentials | |
| "this site" means the site this plugin is installed on :) | |
| When they log in a "ghost" users is created. This user is not destroyed. Ideally they'd self-delete after some amount of time to make sure we don't have unneeded users sticking around... | |
| If the user already exists, a new password will be created each time it is logged in. | |
| "ghost" users are always admins, even if the master user isn't. This needs to be fixed. | |
| */ | |
| new Remote_Login(); | |
| class Remote_Login { | |
| //this should be your remote site | |
| var $server = 'demo.trepmal.com'; //has public credentials demo:demo for testing | |
| //demo.trepmal.com resets periodically, so the XML-RPC option may be off by the time you use this | |
| //that's a good thing, else anyone could log into this site with demo:demo | |
| function __construct() { | |
| add_filter( 'authenticate', array( &$this, 'auth' ), 10, 3 ); | |
| } | |
| function auth( $user, $username, $password ) { | |
| if ($username == 'demo') { | |
| //if username is 'demo'. may change this to check for special username prefix or something... | |
| //try it against remote server | |
| if ( ! $this->remote_login_check( $this->server, $username, $password )) return $user; | |
| //if it worked, setup new user | |
| $username = 'prefix_'.$username; //prefix the "ghost" user's username | |
| $password = wp_generate_password( 16, true ); | |
| //if user already exists, change the password | |
| if ( $user_id = username_exists( $username ) ) { | |
| wp_set_password( $password, $user_id ); | |
| $user = new WP_User( $user_id ); | |
| } else { | |
| //else create the user | |
| $user_id = wp_create_user( $username, $password ); | |
| } | |
| //authenticate them | |
| $user = wp_authenticate( $username, $password ); | |
| //make sure it has correct role | |
| $user->set_role('administrator'); //we should be fetching the "master" user's role, and using that instead of always administrator | |
| } | |
| return $user; | |
| } | |
| function remote_login_check( $server, $username, $password ) { | |
| require_once( ABSPATH . '/wp-includes/class-IXR.php' ); | |
| $client = new IXR_Client( esc_url( $server ) .'/xmlrpc.php' ); | |
| //test query, see if creds work | |
| //todo: instead of wp.getOptions, get user so we can give the "ghost" a better role | |
| if ( ! $client->query( 'wp.getOptions', '', $username, $password, 'blog_title' ) ) { | |
| //return $client->getErrorMessage(); | |
| return false; | |
| echo 'Error occured during the request.<br />' . | |
| $client->getErrorCode() . ': ' . $client->getErrorMessage(); | |
| } else { | |
| //return $client->getResponse(); | |
| return true; | |
| printer( $client->getResponse() ); | |
| } | |
| } | |
| } | |
| if ( ! function_exists( 'printer') ) { | |
| function printer( $input ) { | |
| echo '<pre>' . print_r( $input, true ) . '</pre>'; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment