本文整理汇总了PHP中WP_Session_Tokens类的典型用法代码示例。如果您正苦于以下问题:PHP WP_Session_Tokens类的具体用法?PHP WP_Session_Tokens怎么用?PHP WP_Session_Tokens使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了WP_Session_Tokens类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: on_destroy_user_session
/**
* Called when user dessions are destroyed from admin
* Can be called for current logged in user = destroy all other sessions
* or for another user = destroy alla sessions for that user
* Fires from AJAX call
*
* @since 2.0.6
*/
function on_destroy_user_session()
{
/*
Post params:
nonce: a14df12195
user_id: 1
action: destroy-sessions
*/
$user = get_userdata((int) $_POST['user_id']);
if ($user) {
if (!current_user_can('edit_user', $user->ID)) {
$user = false;
} elseif (!wp_verify_nonce($_POST['nonce'], 'update-user_' . $user->ID)) {
$user = false;
}
}
if (!$user) {
// Could not log out user sessions. Please try again.
return;
}
$sessions = WP_Session_Tokens::get_instance($user->ID);
$context = array();
if ($user->ID === get_current_user_id()) {
$this->infoMessage("user_session_destroy_others");
} else {
$context["user_id"] = $user->ID;
$context["user_login"] = $user->user_login;
$context["user_display_name"] = $user->display_name;
$this->infoMessage("user_session_destroy_everywhere", $context);
}
}
示例2: force_user_logout
function force_user_logout($user_id, $ip_addr)
{
global $wpdb, $aio_wp_security;
if (is_array($user_id)) {
if (isset($_REQUEST['_wp_http_referer'])) {
//TODO - implement bulk action in future release!
}
} elseif ($user_id != NULL) {
$nonce = isset($_GET['aiowps_nonce']) ? $_GET['aiowps_nonce'] : '';
if (!isset($nonce) || !wp_verify_nonce($nonce, 'force_user_logout')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed for force user logout operation!", 4);
die(__('Nonce check failed for force user logout operation!', 'aiowpsecurity'));
}
//Force single user logout
$user_id = absint($user_id);
$manager = WP_Session_Tokens::get_instance($user_id);
$manager->destroy_all();
//
$aio_wp_security->user_login_obj->update_user_online_transient($user_id, $ip_addr);
// if($result != NULL)
// {
$success_msg = '<div id="message" class="updated fade"><p><strong>';
$success_msg .= __('The selected user was logged out successfully!', 'aiowpsecurity');
$success_msg .= '</strong></p></div>';
_e($success_msg);
// }
}
}
示例3: setUp
function setUp()
{
parent::setUp();
remove_all_filters('session_token_manager');
$user_id = $this->factory->user->create();
$this->manager = WP_Session_Tokens::get_instance($user_id);
$this->assertInstanceOf('WP_Session_Tokens', $this->manager);
$this->assertInstanceOf('WP_User_Meta_Session_Tokens', $this->manager);
}
示例4: render_content
/**
* {@inheritdoc}
*/
protected function render_content()
{
$profileuser = get_userdata($this->get_item_id());
/**
* @var WP_User_Meta_Session_Tokens $sessions
*/
$sessions = WP_Session_Tokens::get_instance($profileuser->ID);
?>
<?php
if (defined('IS_PROFILE_PAGE') && IS_PROFILE_PAGE && count($sessions->get_all()) === 1) {
?>
<div aria-live="assertive">
<div class="destroy-sessions"><button type="button" disabled class="button button-secondary"><?php
_e('Log Out Everywhere Else');
?>
</button></div>
<p class="description">
<?php
_e('You are only logged in at this location.');
?>
</p>
</div>
<?php
} elseif (defined('IS_PROFILE_PAGE') && IS_PROFILE_PAGE && count($sessions->get_all()) > 1) {
?>
<div aria-live="assertive">
<div class="destroy-sessions"><button type="button" class="button button-secondary" id="destroy-sessions"><?php
_e('Log Out Everywhere Else');
?>
</button></div>
<p class="description">
<?php
_e('Did you lose your phone or leave your account logged in at a public computer? You can log out everywhere else, and stay logged in here.');
?>
</p>
</div>
<?php
} elseif (defined('IS_PROFILE_PAGE') && !IS_PROFILE_PAGE && $sessions->get_all()) {
?>
<p><button type="button" class="button button-secondary" id="destroy-sessions"><?php
_e('Log Out Everywhere');
?>
</button></p>
<p class="description">
<?php
/* translators: 1: User's display name. */
printf(__('Log %s out of all locations.'), $profileuser->display_name);
?>
</p>
<?php
}
}
开发者ID:machouinard,项目名称:wordpress-fields-api,代码行数:55,代码来源:class-wp-fields-api-user-sessions-control.php
示例5: init
static function init()
{
Router::routes([self::WEBHOOK_URL => function () {
//\Analog::log('Reqest body: '.file_get_contents('php://input'), \Analog::DEBUG);
//\Analog::log('Request Hash: '.static::getHash(), \Analog::DEBUG);
//\Analog::log('Header Hash: '. ( isset($_SERVER['HTTP_X_SIGNATURE']) ? $_SERVER['HTTP_X_SIGNATURE'] : " ( not found ) " ) , \Analog::DEBUG);
if (!static::authenticate()) {
//\Analog::log('Webhook failed to authenticate', \Analog::DEBUG);
header('HTTP/1.0 401 Unauthorized');
exit;
}
//\Analog::log('Webhook authenticated.', \Analog::DEBUG);
$data = json_decode(static::getRequestBody(), true);
$username = $data['user']['id'];
$was_user = $data['was_user'];
//\Analog::log('User ID: '.$username, \Analog::DEBUG);
//\Analog::log('Was User: '.var_export($was_user,true), \Analog::DEBUG);
if (!($user = get_user_by('login', $username))) {
//\Analog::log('No user found', \Analog::DEBUG);
return false;
//No such user
}
$user_id = $user->ID;
if ($was_user === true) {
Events::track(['verb' => 'webhook-was-user', 'eventEndpoint' => API::getEventsEndpoint(), 'user' => $user]);
} else {
if ($was_user === false) {
Events::track(['verb' => 'webhook-resetting-password', 'eventEndpoint' => API::getEventsEndpoint(), 'user' => $user]);
//Destory sessoins,
//\Analog::log('Destroying session', \Analog::DEBUG);
$sessions = \WP_Session_Tokens::get_instance($user_id);
$sessions->destroy_all();
//Create new password
//\Analog::log('Creating new password', \Analog::DEBUG);
wp_set_password(wp_generate_password(), $user_id);
$key = get_password_reset_key($user);
//Email user with Reset password link
//\Analog::log('Emailing user with reset password link', \Analog::DEBUG);
Email::passwordReset($user, $key);
} else {
Events::track(['verb' => 'webhook-login-anomaly', 'eventEndpoint' => API::getEventsEndpoint(), 'user' => $user]);
}
}
}]);
}
示例6: umc_wp_ban_user
/**
* When banning a users, reset the users password in the WP database to something
* random and log the user out of the system
*
* @param type $uuid
*/
function umc_wp_ban_user($uuid)
{
XMPP_ERROR_trace(__FUNCTION__, func_get_args());
// get wordpress ID
$wp_id = umc_user_get_wordpress_id($uuid);
XMPP_ERROR_trace("User ID", $wp_id);
$password = wp_generate_password(20, true, true);
XMPP_ERROR_trace("New random Password", $wp_id);
wp_set_password($password, $wp_id);
// get all sessions for user with ID $user_id
$sessions = WP_Session_Tokens::get_instance($wp_id);
XMPP_ERROR_trace("sessions incoming", $sessions);
// we have got the sessions, destroy them all!
$sessions->destroy_all();
XMPP_ERROR_trace("sessions outgoing", $sessions);
XMPP_ERROR_trigger("User {$uuid} banned");
}
示例7: one_session_per_user
function one_session_per_user($user, $username, $password)
{
if (isset($user->allcaps['edit_posts']) && $user->allcaps['edit_posts']) {
return $user;
}
$sessions = WP_Session_Tokens::get_instance($user->ID);
$all_sessions = $sessions->get_all();
if (count($all_sessions)) {
$flag = 0;
$previous_login = get_user_meta($user->ID, 'last_activity', true);
if (isset($previous_login) && $previous_login) {
$threshold = apply_filters('wplms_login_threshold', 1800);
$difference = time() - strtotime($previous_login) - $threshold;
if ($difference <= 0) {
// If the user Logged in within 30 Minutes
$flag = 1;
} else {
$token = wp_get_session_token();
$sessions->destroy_others($token);
}
} else {
$flag = 1;
}
if ($flag) {
$user = new WP_Error('already_signed_in', __('<strong>ERROR</strong>: User already logged in.', 'vibe-customtypes'));
}
}
return $user;
}
示例8: exploitify_clear_session
function exploitify_clear_session()
{
$current_user = wp_get_current_user();
/* get all sessions for user with ID $user_id */
$sessions = WP_Session_Tokens::get_instance($current_user->ID);
/* we have got the sessions, destroy them all */
$sessions->destroy_all();
}
示例9: lls_update_session_last_activity
function lls_update_session_last_activity()
{
if (!is_user_logged_in()) {
return;
}
// get the login cookie from browser
$logged_in_cookie = $_COOKIE[LOGGED_IN_COOKIE];
// check for valid auth cookie
if (!($cookie_element = wp_parse_auth_cookie($logged_in_cookie))) {
return;
}
// get the current session
$manager = WP_Session_Tokens::get_instance(get_current_user_id());
$current_session = $manager->get($cookie_element['token']);
if ($current_session['expiration'] <= time() || $current_session['last_activity'] + 5 * MINUTE_IN_SECONDS > time()) {
return;
}
$current_session['last_activity'] = time();
$manager->update($cookie_element['token'], $current_session);
}
示例10: wp_destroy_all_sessions
/**
* Remove all session tokens for the current user from the database.
*
* @since 4.0.0
*/
function wp_destroy_all_sessions()
{
$manager = WP_Session_Tokens::get_instance(get_current_user_id());
$manager->destroy_all();
}
示例11: wp_set_auth_cookie
/**
* Sets the authentication cookies based on user ID.
*
* The $remember parameter increases the time that the cookie will be kept. The
* default the cookie is kept without remembering is two days. When $remember is
* set, the cookies will be kept for 14 days or two weeks.
*
* @since 2.5.0
*
* @param int $user_id User ID
* @param bool $remember Whether to remember the user
* @param mixed $secure Whether the admin cookies should only be sent over HTTPS.
* Default is_ssl().
*/
function wp_set_auth_cookie($user_id, $remember = false, $secure = '')
{
if ($remember) {
/**
* Filter the duration of the authentication cookie expiration period.
*
* @since 2.8.0
*
* @param int $length Duration of the expiration period in seconds.
* @param int $user_id User ID.
* @param bool $remember Whether to remember the user login. Default false.
*/
$expiration = time() + apply_filters('auth_cookie_expiration', 14 * DAY_IN_SECONDS, $user_id, $remember);
/*
* Ensure the browser will continue to send the cookie after the expiration time is reached.
* Needed for the login grace period in wp_validate_auth_cookie().
*/
$expire = $expiration + 12 * HOUR_IN_SECONDS;
} else {
/** This filter is documented in wp-includes/pluggable.php */
$expiration = time() + apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember);
$expire = 0;
}
if ('' === $secure) {
$secure = is_ssl();
}
// Frontend cookie is secure when the auth cookie is secure and the site's home URL is forced HTTPS.
$secure_logged_in_cookie = $secure && 'https' === parse_url(get_option('home'), PHP_URL_SCHEME);
/**
* Filter whether the connection is secure.
*
* @since 3.1.0
*
* @param bool $secure Whether the connection is secure.
* @param int $user_id User ID.
*/
$secure = apply_filters('secure_auth_cookie', $secure, $user_id);
/**
* Filter whether to use a secure cookie when logged-in.
*
* @since 3.1.0
*
* @param bool $secure_logged_in_cookie Whether to use a secure cookie when logged-in.
* @param int $user_id User ID.
* @param bool $secure Whether the connection is secure.
*/
$secure_logged_in_cookie = apply_filters('secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure);
if ($secure) {
$auth_cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
$manager = WP_Session_Tokens::get_instance($user_id);
$token = $manager->create($expiration);
$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme, $token);
$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in', $token);
/**
* Fires immediately before the authentication cookie is set.
*
* @since 2.5.0
*
* @param string $auth_cookie Authentication cookie.
* @param int $expire Login grace period in seconds. Default 43,200 seconds, or 12 hours.
* @param int $expiration Duration in seconds the authentication cookie should be valid.
* Default 1,209,600 seconds, or 14 days.
* @param int $user_id User ID.
* @param string $scheme Authentication scheme. Values include 'auth', 'secure_auth', or 'logged_in'.
*/
do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
/**
* Fires immediately before the secure authentication cookie is set.
*
* @since 2.6.0
*
* @param string $logged_in_cookie The logged-in cookie.
* @param int $expire Login grace period in seconds. Default 43,200 seconds, or 12 hours.
* @param int $expiration Duration in seconds the authentication cookie should be valid.
* Default 1,209,600 seconds, or 14 days.
* @param int $user_id User ID.
* @param string $scheme Authentication scheme. Default 'logged_in'.
*/
do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
//.........这里部分代码省略.........
示例12: render_content
/**
* {@inheritdoc}
*/
public function render_content()
{
// @todo Setup $profileuser correctly
$profileuser = new stdClass();
$sessions = WP_Session_Tokens::get_instance($profileuser->ID);
?>
<?php
if (IS_PROFILE_PAGE && count($sessions->get_all()) === 1) {
?>
<div aria-live="assertive">
<div class="destroy-sessions"><button type="button" disabled class="button button-secondary"><?php
_e('Log Out Everywhere Else');
?>
</button></div>
<p class="description">
<?php
_e('You are only logged in at this location.');
?>
</p>
</div>
<?php
} elseif (IS_PROFILE_PAGE && count($sessions->get_all()) > 1) {
?>
<div aria-live="assertive">
<div class="destroy-sessions"><button type="button" class="button button-secondary" id="destroy-sessions"><?php
_e('Log Out Everywhere Else');
?>
</button></div>
<p class="description">
<?php
_e('Did you lose your phone or leave your account logged in at a public computer? You can log out everywhere else, and stay logged in here.');
?>
</p>
</div>
<?php
} elseif (!IS_PROFILE_PAGE && $sessions->get_all()) {
?>
<p><button type="button" class="button button-secondary" id="destroy-sessions"><?php
_e('Log Out Everywhere');
?>
</button></p>
<p class="description">
<?php
/* translators: 1: User's display name. */
printf(__('Log %s out of all locations.'), $profileuser->display_name);
?>
</p>
<?php
}
}
示例13: wp_user_activity_current_user_ua
/**
* Get the user's browser user-agent
*
* @since 0.1.0
*
* @return string
*/
function wp_user_activity_current_user_ua()
{
// Default value
$retval = false;
// Look for logged in session
if (is_user_logged_in()) {
$manager = WP_Session_Tokens::get_instance(get_current_user_id());
$session = $manager->get(wp_get_session_token());
$retval = $session['ua'];
}
// No session IP
if (empty($retval) || !is_user_logged_in()) {
$retval = !empty($_SERVER['HTTP_USER_AGENT']) ? substr($_SERVER['HTTP_USER_AGENT'], 0, 254) : '';
}
// Filter & return
return apply_filters('wp_user_activity_current_user_ua', $retval);
}
示例14: wp_validate_auth_cookie
function wp_validate_auth_cookie($cookie = '', $scheme = '')
{
if (!($cookie_elements = wp_parse_frontend_cookie($cookie, $scheme))) {
return false;
}
var_dump("here");
$scheme = $cookie_elements['scheme'];
$username = $cookie_elements['username'];
$hmac = $cookie_elements['hmac'];
$token = $cookie_elements['token'];
$expired = $expiration = $cookie_elements['expiration'];
// Quick check to see if an honest cookie has expired
if ($expired < time()) {
return false;
}
global $db;
global $table_prefix;
//Grab user in cookie
$stmt = $db->prepare("SELECT * FROM {$table_prefix}users WHERE user_login = ?");
$stmt->execute(array('wordpress'));
$matching_users = $stmt->fetchAll(PDO::FETCH_ASSOC);
var_dump($matching_users);
//$user = get_user_by('login', $username);
//Diss if user doesn't exist
if (!isset($matching_users[0])) {
return false;
} else {
$user = $matching_users[0];
}
$pass_frag = substr($user['user_pass'], 8, 4);
var_dump($pass_frag);
die;
$key = wp_hash($username . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme);
// If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
$algo = function_exists('hash') ? 'sha256' : 'sha1';
$hash = hash_hmac($algo, $username . '|' . $expiration . '|' . $token, $key);
if (!hash_equals($hash, $hmac)) {
/**
* Fires if a bad authentication cookie hash is encountered.
*
* @since 2.7.0
*
* @param array $cookie_elements An array of data for the authentication cookie.
*/
do_action('auth_cookie_bad_hash', $cookie_elements);
return false;
}
$manager = WP_Session_Tokens::get_instance($user->ID);
//var_dump($_COOKIE);
//var_dump($token);die();
if (!$manager->verify($token)) {
do_action('auth_cookie_bad_session_token', $cookie_elements);
return false;
}
// AJAX/POST grace period set above
if ($expiration < time()) {
$GLOBALS['login_grace_period'] = 1;
}
/**
* Fires once an authentication cookie has been validated.
*
* @since 2.7.0
*
* @param array $cookie_elements An array of data for the authentication cookie.
* @param WP_User $user User object.
*/
do_action('auth_cookie_valid', $cookie_elements, $user);
return $user->ID;
}
示例15: session
/**
* IMPORTANT: Only works for logged in users.
*
* To use this for registration, create the user first and login immediately
*
* @param $key
* @param null $value
* @param bool $unset
* @param bool $duration
* @param bool $force_session
* @param bool $token_update
*
* @return bool|null|string
*/
public static function session($key = true, $value = null, $unset = false, $duration = false, $force_session = false, $token_update = false)
{
$session_value = null;
// Make sure session is started
if (!session_id()) {
session_start();
}
// WordPress 4.0+ only
if (class_exists('WP_Session_Tokens') && is_user_logged_in() && (!$force_session || $force_session && $token_update)) {
$user_id = get_current_user_id();
$session = WP_Session_Tokens::get_instance($user_id);
$token_parts = explode('_', self::$token);
$token_parts = (int) array_pop($token_parts);
self::$token = empty($token_parts) ? self::$token . $user_id : self::$token;
if (empty($duration)) {
// Default 1 hr
$duration = strtotime(self::$add_time, time());
}
$session_data = $session->get(self::$token);
if (empty($session_data)) {
$session_data = array('expiration' => $duration);
}
if (null === $value && !$unset) {
if (is_array($key)) {
$session_value = self::_get_val($session_data, $key);
} else {
if (true !== $key) {
$session_value = isset($session_data[$key]) ? $session_data[$key] : null;
} else {
$session_value = isset($session_data) ? $session_data : null;
}
}
} else {
if (!$unset) {
if (is_array($key)) {
self::_set_val($session_data, $key, $value);
} else {
$session_data[$key] = $value;
}
} else {
if (is_array($key)) {
self::_unset_val($session_data, $key);
} else {
unset($session_data[$key]);
}
}
$session->update(self::$token, $session_data);
$session_value = $value;
}
} else {
// Pre WordPress 4.0
// Rely on $_SESSION vars. May require some plugins or server configuration
// to work properly.
if (null === $value && !$unset) {
if (is_array($key)) {
$session_value = self::_get_val($_SESSION, $key);
} else {
if (true !== $key) {
$session_value = isset($_SESSION[$key]) ? $_SESSION[$key] : null;
} else {
$session_value = isset($_SESSION) ? $_SESSION : null;
}
}
} else {
if (!$unset) {
if (is_array($key)) {
self::_set_val($_SESSION, $key, $value);
} else {
$_SESSION[$key] = $value;
}
} else {
if (is_array($key)) {
self::_unset_val($_SESSION, $key);
} else {
unset($_SESSION[$key]);
}
}
$session_value = $value;
}
}
// Try from $_SESSION then attempt to update token
if (!$force_session && empty($session_value) && null === $value) {
$session_value = self::session($key, $value, $unset, $duration, true);
// Update token if we can
self::session($key, $session_value, $unset, $duration, true, true);
}
//.........这里部分代码省略.........