Social Login WordPress Plugin – AccessPress Social Login Lite - Version 3.4.2

Version Description

  • Various unwanted and commented code removed with security check.
Download this release

Release Info

Developer Access Keys
Plugin Icon 128x128 Social Login WordPress Plugin – AccessPress Social Login Lite
Version 3.4.2
Comparing to
See all releases

Code changes from version 3.4.1 to 3.4.2

Files changed (11) hide show
  1. accesspress-social-login-lite.php +124 -88
  2. inc/backend/about.php +28 -16
  3. inc/backend/how-to-use.php +13 -12
  4. inc/backend/main-page.php +34 -44
  5. inc/backend/more-wordpress-resources.php +5 -5
  6. inc/backend/save-settings.php +11 -11
  7. inc/frontend/login_check.php +262 -279
  8. inc/frontend/login_integration.php +1 -2
  9. inc/frontend/shortcode.php +2 -4
  10. js/frontend.js +1 -0
  11. readme.txt +4 -6
accesspress-social-login-lite.php CHANGED
@@ -5,7 +5,7 @@ defined('ABSPATH') or die("No script kiddies please!");
5
  Plugin name: Social Login WordPress Plugin - AccessPress Social Login Lite
6
  Plugin URI: https://accesspressthemes.com/wordpress-plugins/accesspress-social-login-lite/
7
  Description: A plugin to add various social logins to a site.
8
- version: 3.4.1
9
  Author: AccessPress Themes
10
  Author URI: https://accesspressthemes.com/
11
  Text Domain: accesspress-social-login-lite
@@ -13,8 +13,8 @@ defined('ABSPATH') or die("No script kiddies please!");
13
  License: GPLv2 or later
14
  */
15
  //Declearation of the necessary constants for plugin
16
- if (!defined('APSL_VERSION')) {
17
- define('APSL_VERSION', '3.4.1');
18
  }
19
 
20
  if (!defined('APSL_IMAGE_DIR')) {
@@ -257,60 +257,60 @@ if (!class_exists('APSL_Lite_Class')) {
257
  require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
258
 
259
  $sql = "CREATE TABLE IF NOT EXISTS `$apsl_userdetails` (
260
- id int(11) NOT NULL AUTO_INCREMENT,
261
- user_id int(11) NOT NULL,
262
- provider_name varchar(50) NOT NULL,
263
- identifier varchar(255) NOT NULL,
264
- unique_verifier varchar(255) NOT NULL,
265
- email varchar(255) NOT NULL,
266
- email_verified varchar(255) NOT NULL,
267
- first_name varchar(150) NOT NULL,
268
- last_name varchar(150) NOT NULL,
269
- profile_url varchar(255) NOT NULL,
270
- website_url varchar(255) NOT NULL,
271
- photo_url varchar(255) NOT NULL,
272
- display_name varchar(150) NOT NULL,
273
- description varchar(255) NOT NULL,
274
- gender varchar(10) NOT NULL,
275
- language varchar(20) NOT NULL,
276
- age varchar(10) NOT NULL,
277
- birthday int(11) NOT NULL,
278
- birthmonth int(11) NOT NULL,
279
- birthyear int(11) NOT NULL,
280
- phone varchar(75) NOT NULL,
281
- address varchar(255) NOT NULL,
282
- country varchar(75) NOT NULL,
283
- region varchar(50) NOT NULL,
284
- city varchar(50) NOT NULL,
285
- zip varchar(25) NOT NULL,
286
- UNIQUE KEY id (id),
287
- KEY user_id (user_id),
288
- KEY provider_name (provider_name)
289
- )";
290
- dbDelta($sql);
291
- }
292
 
293
  //loads the text domain for translation
294
- function plugin_text_domain() {
295
- load_plugin_textdomain('accesspress-social-login-lite', false, APSL_LANG_DIR);
296
- }
297
 
298
  //register the plugin menu for backend.
299
- function add_apsl_menu() {
300
- add_menu_page('AccessPress Social Login Lite', 'AccessPress Social Login Lite', 'manage_options', 'accesspress-social-login-lite', array($this, 'main_page'), APSL_IMAGE_DIR . '/icon.png');
301
- }
302
 
303
  //menu page
304
- function main_page() {
305
- include( 'inc/backend/main-page.php' );
306
- }
307
 
308
  //registration of the backend assets
309
- function register_admin_assets() {
310
- wp_enqueue_style('fontawsome-css', APSL_CSS_DIR . '/font-awesome/font-awesome.min.css', '', APSL_VERSION);
311
- if (isset($_GET['page']) && $_GET['page'] == 'accesspress-social-login-lite') {
312
  //backend scripts
313
- wp_enqueue_script('jquery-ui-sortable');
314
  wp_enqueue_script('apsl-admin-js', APSL_JS_DIR . '/backend.js', array('jquery', 'jquery-ui-sortable'), APSL_VERSION); //registering plugin's admin js
315
  //register backend css
316
  wp_enqueue_style('apsl-backend-css', APSL_CSS_DIR . '/backend.css', '', APSL_VERSION);
@@ -323,7 +323,6 @@ if (!class_exists('APSL_Lite_Class')) {
323
  wp_enqueue_script('apsl-frontend-js', APSL_JS_DIR . '/frontend.js', array('jquery'), APSL_VERSION);
324
 
325
  //register frontend css
326
- // wp_enqueue_style( 'fontawsome-css', '//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css', '', APSL_VERSION );
327
  wp_enqueue_style('fontawsome-css', APSL_CSS_DIR . '/font-awesome/font-awesome.min.css', '', APSL_VERSION);
328
 
329
  wp_enqueue_style('apsl-frontend-css', APSL_CSS_DIR . '/frontend.css', '', APSL_VERSION);
@@ -331,61 +330,71 @@ if (!class_exists('APSL_Lite_Class')) {
331
 
332
  //save the settings of a plugin
333
  function save_settings() {
334
- if (isset($_POST['apsl_save_settings']) && $_POST['apsl_settings_action'] && wp_verify_nonce($_POST['apsl_settings_action'], 'apsl_nonce_save_settings')) {
 
335
  include( 'inc/backend/save-settings.php' );
336
- } else {
337
- die('No script kiddies please!');
338
  }
 
 
339
  }
 
340
 
341
  //function to add the social login in the login and registration form.
342
- function add_social_login() {
343
- if (!is_user_logged_in()) {
344
- include( 'inc/frontend/login_integration.php' );
345
- }
346
  }
 
347
 
348
  //function to add the social login in the comment form.
349
- function add_social_login_form_to_comment() {
350
- $options = get_option(APSL_SETTINGS);
351
- $login_text = $options['apsl_title_text_field'];
352
- if (!is_user_logged_in()) {
353
- echo do_shortcode("[apsl-login-lite login_text='{$login_text}']");
354
- }
355
  }
 
356
 
357
  //function for adding shortcode of a plugin
358
- function apsl_shortcode($attr) {
359
- ob_start();
360
- include( 'inc/frontend/shortcode.php' );
361
- $html = ob_get_contents();
362
- ob_get_clean();
363
- return $html;
364
- }
365
 
366
  //checking of the login
367
- function login_check() {
368
- include( 'inc/frontend/login_check.php' );
369
- }
370
 
371
  //registration of the social login widget
372
- function register_apsl_widget() {
373
- register_widget('APSL_Lite_Widget');
374
- }
375
 
376
- function apsl_login_form_enqueue_style() {
377
- wp_enqueue_style('fontawsome-css', '//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css', '', APSL_VERSION);
378
- wp_enqueue_style('apsl-backend-css', APSL_CSS_DIR . '/backend.css', '', APSL_VERSION);
379
- wp_enqueue_style('apsl-frontend-css', APSL_CSS_DIR . '/frontend.css', '', APSL_VERSION);
380
- }
381
 
382
- function apsl_login_form__enqueue_script() {
383
  wp_enqueue_script('apsl-admin-js', APSL_JS_DIR . '/backend.js', array('jquery', 'jquery-ui-sortable'), APSL_VERSION); //registering plugin's admin js
384
  }
 
 
 
 
 
 
385
 
386
  function apsl_restore_default_settings() {
387
- $nonce = $_REQUEST['_wpnonce'];
388
- if (!empty($_GET) && wp_verify_nonce($nonce, 'apsl-restore-default-settings-nonce')) {
389
  //restore the default plugin activation settings from the activation page.
390
  include( 'inc/backend/activation.php' );
391
  $_SESSION['apsl_message'] = __('Settings restored Successfully.', 'accesspress-social-login-lite');
@@ -396,11 +405,38 @@ if (!class_exists('APSL_Lite_Class')) {
396
  }
397
  }
398
 
399
- function apsl_delete_user($user_id) {
400
- global $wpdb;
401
- $table_name = $apsl_userdetails = "{$wpdb->prefix}apsl_users_social_profile_details";
402
- $user_obj = get_userdata($user_id);
403
- $result = $wpdb->delete($table_name, array('user_id' => $user_id));
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
404
  }
405
 
406
  }
5
  Plugin name: Social Login WordPress Plugin - AccessPress Social Login Lite
6
  Plugin URI: https://accesspressthemes.com/wordpress-plugins/accesspress-social-login-lite/
7
  Description: A plugin to add various social logins to a site.
8
+ version: 3.4.2
9
  Author: AccessPress Themes
10
  Author URI: https://accesspressthemes.com/
11
  Text Domain: accesspress-social-login-lite
13
  License: GPLv2 or later
14
  */
15
  //Declearation of the necessary constants for plugin
16
+ if (!defined('APSL_VERSION')) {
17
+ define('APSL_VERSION', '3.4.2');
18
  }
19
 
20
  if (!defined('APSL_IMAGE_DIR')) {
257
  require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
258
 
259
  $sql = "CREATE TABLE IF NOT EXISTS `$apsl_userdetails` (
260
+ id int(11) NOT NULL AUTO_INCREMENT,
261
+ user_id int(11) NOT NULL,
262
+ provider_name varchar(50) NOT NULL,
263
+ identifier varchar(255) NOT NULL,
264
+ unique_verifier varchar(255) NOT NULL,
265
+ email varchar(255) NOT NULL,
266
+ email_verified varchar(255) NOT NULL,
267
+ first_name varchar(150) NOT NULL,
268
+ last_name varchar(150) NOT NULL,
269
+ profile_url varchar(255) NOT NULL,
270
+ website_url varchar(255) NOT NULL,
271
+ photo_url varchar(255) NOT NULL,
272
+ display_name varchar(150) NOT NULL,
273
+ description varchar(255) NOT NULL,
274
+ gender varchar(10) NOT NULL,
275
+ language varchar(20) NOT NULL,
276
+ age varchar(10) NOT NULL,
277
+ birthday int(11) NOT NULL,
278
+ birthmonth int(11) NOT NULL,
279
+ birthyear int(11) NOT NULL,
280
+ phone varchar(75) NOT NULL,
281
+ address varchar(255) NOT NULL,
282
+ country varchar(75) NOT NULL,
283
+ region varchar(50) NOT NULL,
284
+ city varchar(50) NOT NULL,
285
+ zip varchar(25) NOT NULL,
286
+ UNIQUE KEY id (id),
287
+ KEY user_id (user_id),
288
+ KEY provider_name (provider_name)
289
+ )";
290
+ dbDelta($sql);
291
+ }
292
 
293
  //loads the text domain for translation
294
+ function plugin_text_domain() {
295
+ load_plugin_textdomain('accesspress-social-login-lite', false, APSL_LANG_DIR);
296
+ }
297
 
298
  //register the plugin menu for backend.
299
+ function add_apsl_menu() {
300
+ add_menu_page('AccessPress Social Login Lite', 'AccessPress Social Login Lite', 'manage_options', 'accesspress-social-login-lite', array($this, 'main_page'), APSL_IMAGE_DIR . '/icon.png');
301
+ }
302
 
303
  //menu page
304
+ function main_page() {
305
+ include( 'inc/backend/main-page.php' );
306
+ }
307
 
308
  //registration of the backend assets
309
+ function register_admin_assets() {
310
+ wp_enqueue_style('fontawsome-css', APSL_CSS_DIR . '/font-awesome/font-awesome.min.css', '', APSL_VERSION);
311
+ if (isset($_GET['page']) && $_GET['page'] == 'accesspress-social-login-lite') {
312
  //backend scripts
313
+ wp_enqueue_script('jquery-ui-sortable');
314
  wp_enqueue_script('apsl-admin-js', APSL_JS_DIR . '/backend.js', array('jquery', 'jquery-ui-sortable'), APSL_VERSION); //registering plugin's admin js
315
  //register backend css
316
  wp_enqueue_style('apsl-backend-css', APSL_CSS_DIR . '/backend.css', '', APSL_VERSION);
323
  wp_enqueue_script('apsl-frontend-js', APSL_JS_DIR . '/frontend.js', array('jquery'), APSL_VERSION);
324
 
325
  //register frontend css
 
326
  wp_enqueue_style('fontawsome-css', APSL_CSS_DIR . '/font-awesome/font-awesome.min.css', '', APSL_VERSION);
327
 
328
  wp_enqueue_style('apsl-frontend-css', APSL_CSS_DIR . '/frontend.css', '', APSL_VERSION);
330
 
331
  //save the settings of a plugin
332
  function save_settings() {
333
+ if (isset($_POST['apsl_save_settings_nonce_field']) && wp_verify_nonce($_POST['apsl_save_settings_nonce_field'], 'apsl_save_settings_nonce')) {
334
+ if(current_user_can( 'manage_options')){
335
  include( 'inc/backend/save-settings.php' );
336
+ }else{
337
+ die('It seems you don\'t have the proper authority. Please try again with proper authority.');
338
  }
339
+ } else {
340
+ die('No! No script kiddies please!');
341
  }
342
+ }
343
 
344
  //function to add the social login in the login and registration form.
345
+ function add_social_login() {
346
+ if (!is_user_logged_in()) {
347
+ include( 'inc/frontend/login_integration.php' );
 
348
  }
349
+ }
350
 
351
  //function to add the social login in the comment form.
352
+ function add_social_login_form_to_comment() {
353
+ $options = get_option(APSL_SETTINGS);
354
+ $login_text = $options['apsl_title_text_field'];
355
+ if (!is_user_logged_in()) {
356
+ echo do_shortcode("[apsl-login-lite login_text='{$login_text}']");
 
357
  }
358
+ }
359
 
360
  //function for adding shortcode of a plugin
361
+ function apsl_shortcode($attr) {
362
+ ob_start();
363
+ include( 'inc/frontend/shortcode.php' );
364
+ $html = ob_get_contents();
365
+ ob_get_clean();
366
+ return $html;
367
+ }
368
 
369
  //checking of the login
370
+ function login_check() {
371
+ include( 'inc/frontend/login_check.php' );
372
+ }
373
 
374
  //registration of the social login widget
375
+ function register_apsl_widget() {
376
+ register_widget('APSL_Lite_Widget');
377
+ }
378
 
379
+ function apsl_login_form_enqueue_style() {
380
+ wp_enqueue_style('fontawsome-css', '//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css', '', APSL_VERSION);
381
+ wp_enqueue_style('apsl-backend-css', APSL_CSS_DIR . '/backend.css', '', APSL_VERSION);
382
+ wp_enqueue_style('apsl-frontend-css', APSL_CSS_DIR . '/frontend.css', '', APSL_VERSION);
383
+ }
384
 
385
+ function apsl_login_form__enqueue_script() {
386
  wp_enqueue_script('apsl-admin-js', APSL_JS_DIR . '/backend.js', array('jquery', 'jquery-ui-sortable'), APSL_VERSION); //registering plugin's admin js
387
  }
388
+ function apsl_delete_user($user_id) {
389
+ global $wpdb;
390
+ $table_name = $apsl_userdetails = "{$wpdb->prefix}apsl_users_social_profile_details";
391
+ $user_obj = get_userdata($user_id);
392
+ $result = $wpdb->delete($table_name, array('user_id' => $user_id));
393
+ }
394
 
395
  function apsl_restore_default_settings() {
396
+ $nonce = sanitize_text_field($_REQUEST['_wpnonce']);
397
+ if (!empty($_GET) && wp_verify_nonce($nonce, 'apsl-restore-default-settings-nonce') && current_user_can( 'manage_options')) {
398
  //restore the default plugin activation settings from the activation page.
399
  include( 'inc/backend/activation.php' );
400
  $_SESSION['apsl_message'] = __('Settings restored Successfully.', 'accesspress-social-login-lite');
405
  }
406
  }
407
 
408
+
409
+
410
+ function apsll_sanitize_array($array = array(), $sanitize_rule = array()) {
411
+ if ( !is_array($array) || count($array) == 0 ) {
412
+ return array();
413
+ }
414
+
415
+ foreach ( $array as $k => $v ) {
416
+ if ( !is_array($v) ) {
417
+
418
+ $default_sanitize_rule = (is_numeric($k)) ? 'html' : 'text';
419
+ $sanitize_type = isset($sanitize_rule[ $k ]) ? $sanitize_rule[ $k ] : $default_sanitize_rule;
420
+ $array[ $k ] = $this->apsll_sanitize_value($v, $sanitize_type);
421
+ }
422
+ if ( is_array($v) ) {
423
+ $array[ $k ] = $this->apsll_sanitize_array($v, $sanitize_rule);
424
+ }
425
+ }
426
+
427
+ return $array;
428
+ }
429
+
430
+ function apsll_sanitize_value($value = '', $sanitize_type = 'text') {
431
+ switch ( $sanitize_type ) {
432
+ case 'html':
433
+ $allowed_html = wp_kses_allowed_html('post');
434
+ return wp_kses($value, $allowed_html);
435
+ break;
436
+ default:
437
+ return sanitize_text_field($value);
438
+ break;
439
+ }
440
  }
441
 
442
  }
inc/backend/about.php CHANGED
@@ -1,4 +1,3 @@
1
-
2
  <?php defined('ABSPATH') or die("No script kiddies please!"); ?>
3
 
4
  <div class="about-wrapper clearfix">
@@ -13,21 +12,34 @@
13
  <div class="more-title"> Get social </div>
14
  <div class="social-iframe"> <strong>Like us on facebook:</strong><br />
15
  <iframe style="border: none; overflow: hidden; width: 764px; height: 206px;" src="//www.facebook.com/plugins/likebox.php?href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FAccessPress-Themes%2F1396595907277967&width=842&height=258&colorscheme=light&show_faces=true&header=false&stream=false&show_border=true&appId=1411139805828592" width="240" height="150" frameborder="0" scrolling="no"></iframe></div>
16
- <ul class="about-social clearfix">
17
- <li><a href="https://www.facebook.com/pages/AccessPress-Themes/1396595907277967" class="fb" target="_blank" rel="nofollow"><i class="fa fa-facebook"> </i><br /> <span> Follow us on <span class="bold"> Facebook </span></span></a></li>
18
- <li><a href="https://twitter.com/apthemes" class="twt" target="_blank" rel="nofollow"><i class="fa fa-twitter"> </i><br /><span> Follow us on <span class="bold"> Twitter </span> </span></a></li>
19
- <li><a href="https://plus.google.com/+Accesspressthemesprofile/" class="gp" target="_blank" rel="nofollow"><i class="fa fa-google-plus"> </i><br /><span> Follow us on <span class="bold"> Google + </span> </span></a></li>
20
- <li><a href="https://www.youtube.com/user/accesspressthemes" class="utube" target="_blank" rel="nofollow"><i class="fa fa-youtube"> </i><br /><span> Subscribe us on <span class="bold"> Youtube </span> </span></a></li>
21
- <li><a href="skype:access-keys" class="skype"><i class="fa fa-skype" target="_blank" rel="nofollow"> </i><br /><span> Contact us on <span class="bold"> Skype </span> </span></a></li>
22
- <li><a href="https://www.pinterest.com/accesspresswp/" class="pin" target="_blank" rel="nofollow"><i class="fa fa-pinterest"> </i><br /><span> Follow us on<span class="bold"> Pinterest </span> </span></a></li>
23
- </ul>
24
- </div>
25
- <div class="social-more-wrap clearfix">
26
- <div class="more-title"> More from AccessPress Themes </div>
27
- <ul class="more-product">
28
- <li><a href="https://accesspressthemes.com/plugins/"><span class="prod-title"> Wordpress Plugins </span> <img src="< ?php echo APSL_IMAGE_DIR . '/plugin.png'; ?>" width="100%" /> </a></li>
29
- <li><a href="https://accesspressthemes.com/themes/"><span class="prod-title"> Wordpress Themes </span> <img src="< ?php echo APSL_IMAGE_DIR . '/theme.png'; ?>" width="100%" /></a></li>
30
- <li><a href="https://accesspressthemes.com/contact/"><span class="prod-title"> Wordpress Customization </span> <img src="< ?php echo APSL_IMAGE_DIR . '/customize.png'; ?>" width="100%" /></a></li>
 
 
 
 
 
 
 
 
 
 
 
 
 
31
  </ul>
32
  <div class="clear"></div>
33
  </div>
 
1
  <?php defined('ABSPATH') or die("No script kiddies please!"); ?>
2
 
3
  <div class="about-wrapper clearfix">
12
  <div class="more-title"> Get social </div>
13
  <div class="social-iframe"> <strong>Like us on facebook:</strong><br />
14
  <iframe style="border: none; overflow: hidden; width: 764px; height: 206px;" src="//www.facebook.com/plugins/likebox.php?href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FAccessPress-Themes%2F1396595907277967&width=842&height=258&colorscheme=light&show_faces=true&header=false&stream=false&show_border=true&appId=1411139805828592" width="240" height="150" frameborder="0" scrolling="no"></iframe></div>
15
+ <ul class="about-social clearfix">
16
+ <li><a href="//www.facebook.com/pages/AccessPress-Themes/1396595907277967" class="fb" target="_blank" rel="nofollow"><i class="fa fa-facebook"> </i><br /> <span> Follow us on <span class="bold"> Facebook </span></span></a></li>
17
+ <li><a href="//twitter.com/apthemes" class="twt" target="_blank" rel="nofollow"><i class="fa fa-twitter"> </i><br /><span> Follow us on <span class="bold"> Twitter </span> </span></a></li>
18
+ <li><a href="//www.youtube.com/user/accesspressthemes" class="utube" target="_blank" rel="nofollow"><i class="fa fa-youtube"> </i><br /><span> Subscribe us on <span class="bold"> Youtube </span> </span></a></li>
19
+ <li><a href="skype:access-keys" class="skype"><i class="fa fa-skype" target="_blank" rel="nofollow"> </i><br /><span> Contact us on <span class="bold"> Skype </span> </span></a></li>
20
+ <li><a href="//www.pinterest.com/accesspresswp/" class="pin" target="_blank" rel="nofollow"><i class="fa fa-pinterest"> </i><br /><span> Follow us on<span class="bold"> Pinterest </span> </span></a></li>
21
+ </ul>
22
+ </div>
23
+ <div class="social-more-wrap clearfix">
24
+ <div class="more-title"> More from AccessPress Themes </div>
25
+ <ul class="more-product">
26
+ <li>
27
+ <a href="//accesspressthemes.com/plugins/">
28
+ <span class="prod-title"> Wordpress Plugins </span>
29
+ <img src="<?php echo APSL_IMAGE_DIR . '/plugin.png'; ?>" alt="Our WordPress Plugins" width="100%" />
30
+ </a>
31
+ </li>
32
+ <li>
33
+ <a href="//accesspressthemes.com/themes/">
34
+ <span class="prod-title"> Wordpress Themes </span>
35
+ <img src="<?php echo APSL_IMAGE_DIR . '/theme.png'; ?>" alt="Our WordPress Themes" width="100%" />
36
+ </a>
37
+ </li>
38
+ <li><a href="//accesspressthemes.com/contact/">
39
+ <span class="prod-title"> Wordpress Customization </span>
40
+ <img src="<?php echo APSL_IMAGE_DIR . '/customize.png'; ?>" alt="For WordPress Customization" width="100%" />
41
+ </a>
42
+ </li>
43
  </ul>
44
  <div class="clear"></div>
45
  </div>
inc/backend/how-to-use.php CHANGED
@@ -1,3 +1,4 @@
 
1
  <p>There are 2 main settings tabs that will help you to setup the plugin to work properly.</p>
2
  <dl>Please note that for google login to work the user must have google+ account and may cause error during google login if they don't have google+ account.</dl>
3
  <dl>
@@ -31,23 +32,23 @@
31
  i. login_text: You can use the custom login text for the shortcode using this attribute.<br />
32
  </li>
33
  </ul>
34
- </p></dd>
35
 
36
  <dt><strong>Widget:</strong></dt>
37
  <dd>
38
  <p>You can use widget for the display of the social logins in the widgets area. <br/>
39
- <ul class="how-list">
40
- <li>Widget attributes <br />
41
- i. Title: You can setup the widget title here.<br />
42
- ii. Login text: You can setup the login text here.<br />
43
- </li>
44
- </ul>
45
- </dd>
46
- <dd>
47
- <p>For the complete documentation please visit:<br /> <a href='https://accesspressthemes.com/documentation/documentationplugin-instruction-accesspress-social-login-lite/' target="_blank">https://accesspressthemes.com/documentation/documentationplugin-instruction-accesspress-social-login-lite/</a></p>
48
- </dd>
49
 
50
- </dl>
51
 
52
 
53
 
1
+ <?php defined('ABSPATH') or die("No script kiddies please!"); ?>
2
  <p>There are 2 main settings tabs that will help you to setup the plugin to work properly.</p>
3
  <dl>Please note that for google login to work the user must have google+ account and may cause error during google login if they don't have google+ account.</dl>
4
  <dl>
32
  i. login_text: You can use the custom login text for the shortcode using this attribute.<br />
33
  </li>
34
  </ul>
35
+ </p></dd>
36
 
37
  <dt><strong>Widget:</strong></dt>
38
  <dd>
39
  <p>You can use widget for the display of the social logins in the widgets area. <br/>
40
+ <ul class="how-list">
41
+ <li>Widget attributes <br />
42
+ i. Title: You can setup the widget title here.<br />
43
+ ii. Login text: You can setup the login text here.<br />
44
+ </li>
45
+ </ul>
46
+ </dd>
47
+ <dd>
48
+ <p>For the complete documentation please visit:<br /> <a href='//accesspressthemes.com/documentation/documentationplugin-instruction-accesspress-social-login-lite/' target="_blank">Here</a></p>
49
+ </dd>
50
 
51
+ </dl>
52
 
53
 
54
 
inc/backend/main-page.php CHANGED
@@ -46,9 +46,11 @@
46
  </div>
47
  <?php }
48
  ?>
 
49
  <div class='apsl-networks'>
50
- <div class='apsl-network-options'>
51
- <form method="post" action="<?php echo admin_url() . 'admin-post.php' ?>">
 
52
  <input type="hidden" name="action" value="apsl_save_options"/>
53
  <div class='apsl-settings-tabs-wrapper clearfix'>
54
  <ul class='apsl-tab-wrapper-fix clearfix'>
@@ -75,19 +77,19 @@
75
  <div class='apsl-enable-disable'>
76
  <label><?php _e('Enable?', 'accesspress-social-login-lite'); ?></label>
77
  <input type='hidden' name='network_ordering[]' value='facebook' />
78
- <input type="checkbox" id='aspl-facbook-enable' value='enable' name='apsl_facebook_settings[apsl_facebook_enable]' <?php checked('enable', $options['apsl_facebook_settings']['apsl_facebook_enable']); ?> />
79
  </div>
80
  <div class='apsl-app-id-wrapper'>
81
  <label><?php _e('App ID:', 'accesspress-social-login-lite'); ?></label><input type='text' id='apsl-facebook-app-id' name='apsl_facebook_settings[apsl_facebook_app_id]' value='<?php
82
  if (isset($options['apsl_facebook_settings']['apsl_facebook_app_id'])) {
83
- echo $options['apsl_facebook_settings']['apsl_facebook_app_id'];
84
  }
85
  ?>' />
86
  </div>
87
  <div class='apsl-app-secret-wrapper'>
88
  <label><?php _e('App Secret:', 'accesspress-social-login-lite'); ?></label><input type='text' id='apsl-facebook-app-secret' name='apsl_facebook_settings[apsl_facebook_app_secret]' value='<?php
89
  if (isset($options['apsl_facebook_settings']['apsl_facebook_app_secret'])) {
90
- echo $options['apsl_facebook_settings']['apsl_facebook_app_secret'];
91
  }
92
  ?>' />
93
  </div>
@@ -225,12 +227,12 @@
225
  <li>In the authorized redirect URIs please enter the details provided in the note section from plugin and click save button.</li>
226
  <li>In the popup you will get Client ID and client secret.</li>
227
  <li>And please enter those credentials in the google setting in our plugin.</li>
228
- <li>Rediret uri setup:<br />
229
- Please use <input type='text' value='<?php echo site_url(); ?>/wp-login.php?apsl_login_id=google_check' readonly='readonly'/> - for wordpress login page.<br />
230
- Please use <input type='text' value='<?php echo site_url(); ?>/index.php?apsl_login_id=google_check' readonly='readonly'/> - if you have used the shortcode or widget in frontend.
231
  </li>
232
  <li>
233
- Please note: Make sure to check the protocol "http://" or "https://" as google checks protocol as well. Better to add both URL in the list if you site is https so that google social login work properly for both https and http browser.
234
  </li>
235
  </ul>
236
  </div>
@@ -288,17 +290,20 @@
288
 
289
  <div class='apsl-settings'>
290
  <div class='apsl-themes-wrapper'>
291
- <div class="apsl-label"><?php _e('Available icon themes', 'accesspress-social-login-lite'); ?> <span class='apsl_show_hide'><i class="fa fa-caret-down"></i></span> </div>
 
292
  <div class='apsl_network_settings_wrapper' style='display:none'>
293
- <?php for ($i = 1; $i <= 5; $i++): ?>
294
  <div class='apsl-theme apsl-theme-<?php echo $i; ?>'>
295
- <label><input type="radio" id="apsl-theme-<?php echo $i; ?>" value="<?php echo $i; ?>" class="apsl-theme apsl-png-theme" name="apsl_icon_theme" <?php checked($i, $options['apsl_icon_theme']); ?> >
296
- <span><?php _e('Theme ' . $i, 'accesspress-social-login-lite'); ?></span></label>
 
 
297
  <div class="apsl-theme-previewbox">
298
  <img src="<?php echo APSL_IMAGE_DIR; ?>/preview-<?php echo $i; ?>.jpg" alt="theme preview">
299
  </div>
300
  </div>
301
- <?php endfor; ?>
302
  </div>
303
  </div>
304
  </div>
@@ -320,7 +325,10 @@
320
 
321
  <div class='apsl-settings'>
322
  <div class='apsl-logout-redirect-settings'>
323
- <div class="apsl-label"><?php _e('Logout redirect link', 'accesspress-social-login-lite'); ?> <span class='apsl_show_hide'><i class="fa fa-caret-down"></i></span> </div>
 
 
 
324
  <div class='apsl_network_settings_wrapper' style='display:none'>
325
  <input type='radio' id='apsl_custom_logout_redirect_home' class='apsl_custom_logout_redirect_options' name='apsl_custom_logout_redirect_options' value='home' <?php
326
  if (isset($options['apsl_custom_logout_redirect_options'])) {
@@ -340,15 +348,7 @@
340
  }
341
  ?> /> <label for='apsl_custom_logout_redirect_custom'><?php _e('Custom page', 'accesspress-social-login-lite'); ?></label><br />
342
 
343
- <div class='apsl-custom-logout-redirect-link' <?php
344
- if (isset($options['apsl_custom_logout_redirect_options'])) {
345
- if ($options['apsl_custom_logout_redirect_options'] == 'custom_page') {
346
- ?> style='display: block' <?php
347
- } else {
348
- ?> style='display:none' <?php
349
- }
350
- }
351
- ?>>
352
  <p class='apsl-title-text-field'>
353
  <span><?php _e('Logout redirect page:', 'accesspress-social-login-lite'); ?></span> <input type='text' name='apsl_custom_logout_redirect_link' id='apsl-custom-logout-redirect-link' value='<?php
354
  if (isset($options['apsl_custom_logout_redirect_link']) && $options['apsl_custom_logout_redirect_link'] != '') {
@@ -358,7 +358,7 @@
358
  </p>
359
  <div class='apsl-info'>
360
  <span class='apsl-info-note'><?php _e('Note:', 'accesspress-social-login-lite'); ?></span> <br />
361
- <span class='apsl-info-content'>Please set this value if you want to redirect the user to the custom page url(full url). If this field is not set they will be redirected back to current page.</span>
362
  </div>
363
  </div>
364
  </div>
@@ -366,8 +366,7 @@
366
  </div>
367
 
368
  <div class='apsl-settings'>
369
- <div class='apsl-login-redir
370
- ect-settings'>
371
  <div class="apsl-label"><?php _e('Login redirect link', 'accesspress-social-login-lite'); ?> <span class='apsl_show_hide'><i class="fa fa-caret-down"></i></span> </div>
372
  <div class='apsl_network_settings_wrapper' style='display:none'>
373
  <input type='radio' id='apsl_custom_login_redirect_home' class='apsl_custom_login_redirect_options' name='apsl_custom_login_redirect_options' value='home' <?php
@@ -383,7 +382,7 @@
383
  <div class='apsl-custom-login-redirect-link1' >
384
  <div class='apsl-info'>
385
  <span class='apsl-info-note'><?php _e('Note:', 'accesspress-social-login-lite'); ?></span> <br />
386
- <span class='apsl-info-content'> If plugin can't detect what is the redirect uri for the page it will be redirected to home page.</span>
387
  </div>
388
  </div>
389
  <input type='radio' id='apsl_custom_login_redirect_custom' class='apsl_custom_login_redirect_options' name='apsl_custom_login_redirect_options' value='custom_page' <?php
@@ -392,15 +391,7 @@
392
  }
393
  ?> /> <label for='apsl_custom_login_redirect_custom'><?php _e('Custom page', 'accesspress-social-login-lite'); ?></label><br />
394
 
395
- <div class='apsl-custom-login-redirect-link' <?php
396
- if (isset($options['apsl_custom_login_redirect_options'])) {
397
- if ($options['apsl_custom_login_redirect_options'] == 'custom_page') {
398
- ?> style='display: block' <?php
399
- } else {
400
- ?> style='display:none' <?php
401
- }
402
- }
403
- ?>>
404
  <p class='apsl-title-text-field'>
405
  <span><?php _e('Login redirect page:', 'accesspress-social-login-lite'); ?></span> <input type='text' name='apsl_custom_login_redirect_link' id='apsl-custom-login-redirect-link' value='<?php
406
  if (isset($options['apsl_custom_login_redirect_link']) && $options['apsl_custom_login_redirect_link'] != '') {
@@ -410,13 +401,12 @@
410
  </p>
411
  <div class='apsl-info'>
412
  <span class='apsl-info-note'><?php _e('Note:', 'accesspress-social-login-lite'); ?></span> <br />
413
- <span class='apsl-info-content'>Please set this value if you want to redirect the user to the custom page url(full url). If this field is not set they will be redirected back to home page.</span>
414
  </div>
415
  </div>
416
  </div>
417
  </div>
418
  </div>
419
-
420
  <div class='apsl-settings'>
421
  <div class='apsl-user-avatar-settings'>
422
  <div class="apsl-label"><?php _e('User avatar', 'accesspress-social-login-lite'); ?> <span class='apsl_show_hide'><i class="fa fa-caret-down"></i></span> </div>
@@ -433,7 +423,7 @@
433
  ?> /> <label for='apsl_user_avatar_social'><?php _e('Use the profile picture from social media where available.', 'accesspress-social-login-lite'); ?></label><br /><br />
434
  <div class='apsl-info'>
435
  <span class='apsl-info-note'><?php _e('Note:', 'accesspress-social-login-lite'); ?></span> <br />
436
- <span class='apsl-info-content'>Please choose the options from where you want your users avatar to be loaded from. If you choose default wordpress avatar it will use the gravatar profile image if user have gravatar profile assocated with their registered email address.</span>
437
  </div>
438
  </div>
439
  </div>
@@ -455,7 +445,7 @@
455
  ?> /> <label for='apsl_send_email_notification_no'><?php _e('Do not send email notification to both user and site admin.', 'accesspress-social-login-lite'); ?></label><br /><br />
456
  <div class='apsl-info'>
457
  <span class='apsl-info-note'><?php _e('Note:', 'accesspress-social-login-lite'); ?></span> <br />
458
- <span class='apsl-info-content'>Here you can configure an options to send email notifications about user registration to site admin and user.</span>
459
  </div>
460
  </div>
461
  </div>
@@ -477,7 +467,7 @@
477
  </div>
478
  <!-- Save settings Button -->
479
  <div class='apsl-save-settings'>
480
- <?php wp_nonce_field('apsl_nonce_save_settings', 'apsl_settings_action'); ?>
481
  <input type='submit' class='apsl-submit-settings primary-button' name='apsl_save_settings' value='<?php _e('Save settings', 'accesspress-social-login-lite'); ?>' />
482
  </div>
483
 
@@ -486,8 +476,8 @@
486
  <a href="<?php echo admin_url() . 'admin-post.php?action=apsl_restore_default_settings&_wpnonce=' . $nonce; ?>" onclick="return confirm('<?php _e('Are you sure you want to restore default settings?', 'accesspress-social-login-lite'); ?>')"><input type="button" value="Restore Default Settings" class="apsl-reset-button button primary-button"/></a>
487
  </div>
488
  </div>
489
- </form>
490
- </div>
491
  </div>
492
  </div>
 
493
  </div>
46
  </div>
47
  <?php }
48
  ?>
49
+
50
  <div class='apsl-networks'>
51
+ <form method="post" action="<?php echo admin_url() . 'admin-post.php' ?>">
52
+ <div class='apsl-network-options'>
53
+
54
  <input type="hidden" name="action" value="apsl_save_options"/>
55
  <div class='apsl-settings-tabs-wrapper clearfix'>
56
  <ul class='apsl-tab-wrapper-fix clearfix'>
77
  <div class='apsl-enable-disable'>
78
  <label><?php _e('Enable?', 'accesspress-social-login-lite'); ?></label>
79
  <input type='hidden' name='network_ordering[]' value='facebook' />
80
+ <input type="checkbox" id='aspl-facbook-enable' value='enable' name='apsl_facebook_settings[apsl_facebook_enable]' <?php checked('enable', esc_attr($options['apsl_facebook_settings']['apsl_facebook_enable'])); ?> />
81
  </div>
82
  <div class='apsl-app-id-wrapper'>
83
  <label><?php _e('App ID:', 'accesspress-social-login-lite'); ?></label><input type='text' id='apsl-facebook-app-id' name='apsl_facebook_settings[apsl_facebook_app_id]' value='<?php
84
  if (isset($options['apsl_facebook_settings']['apsl_facebook_app_id'])) {
85
+ echo esc_attr($options['apsl_facebook_settings']['apsl_facebook_app_id']);
86
  }
87
  ?>' />
88
  </div>
89
  <div class='apsl-app-secret-wrapper'>
90
  <label><?php _e('App Secret:', 'accesspress-social-login-lite'); ?></label><input type='text' id='apsl-facebook-app-secret' name='apsl_facebook_settings[apsl_facebook_app_secret]' value='<?php
91
  if (isset($options['apsl_facebook_settings']['apsl_facebook_app_secret'])) {
92
+ echo esc_attr($options['apsl_facebook_settings']['apsl_facebook_app_secret']);
93
  }
94
  ?>' />
95
  </div>
227
  <li>In the authorized redirect URIs please enter the details provided in the note section from plugin and click save button.</li>
228
  <li>In the popup you will get Client ID and client secret.</li>
229
  <li>And please enter those credentials in the google setting in our plugin.</li>
230
+ <li><?php _e('Rediret uri setup', 'accesspress-social-login-lite'); ?> :<br />
231
+ <?php _e('Please use', 'accesspress-social-login-lite'); ?> <input type='text' value='<?php echo site_url(); ?>/wp-login.php?apsl_login_id=google_check' readonly='readonly'/> - <?php _e('for wordpress login page', 'accesspress-social-login-lite'); ?>.<br />
232
+ <?php _e('Please use', 'accesspress-social-login-lite'); ?> <input type='text' value='<?php echo site_url(); ?>/index.php?apsl_login_id=google_check' readonly='readonly'/> - <?php _e('if you have used the shortcode or widget in frontend. ', 'accesspress-social-login-lite'); ?>
233
  </li>
234
  <li>
235
+ <?php _e('Please note: Make sure to check the protocol "http://" or "https://" as google checks protocol as well. Better to add both URL in the list if you site is https so that google social login work properly for both https and http browser.', 'accesspress-social-login-lite'); ?>
236
  </li>
237
  </ul>
238
  </div>
290
 
291
  <div class='apsl-settings'>
292
  <div class='apsl-themes-wrapper'>
293
+ <div class="apsl-label"><?php _e('Available icon themes', 'accesspress-social-login-lite'); ?> <span class='apsl_show_hide'><i class="fa fa-caret-down"></i></span>
294
+ </div>
295
  <div class='apsl_network_settings_wrapper' style='display:none'>
296
+ <?php for ($i = 1; $i <= 5; $i++) { ?>
297
  <div class='apsl-theme apsl-theme-<?php echo $i; ?>'>
298
+ <label>
299
+ <input type="radio" id="apsl-theme-<?php echo $i; ?>" value="<?php echo $i; ?>" class="apsl-theme apsl-png-theme" name="apsl_icon_theme" <?php checked($i, $options['apsl_icon_theme']); ?> >
300
+ <span><?php _e('Theme ' . $i, 'accesspress-social-login-lite'); ?></span>
301
+ </label>
302
  <div class="apsl-theme-previewbox">
303
  <img src="<?php echo APSL_IMAGE_DIR; ?>/preview-<?php echo $i; ?>.jpg" alt="theme preview">
304
  </div>
305
  </div>
306
+ <?php } ?>
307
  </div>
308
  </div>
309
  </div>
325
 
326
  <div class='apsl-settings'>
327
  <div class='apsl-logout-redirect-settings'>
328
+ <div class="apsl-label">
329
+ <?php _e('Logout redirect link', 'accesspress-social-login-lite'); ?> <span class='apsl_show_hide'><i class="fa fa-caret-down"></i>
330
+ </span>
331
+ </div>
332
  <div class='apsl_network_settings_wrapper' style='display:none'>
333
  <input type='radio' id='apsl_custom_logout_redirect_home' class='apsl_custom_logout_redirect_options' name='apsl_custom_logout_redirect_options' value='home' <?php
334
  if (isset($options['apsl_custom_logout_redirect_options'])) {
348
  }
349
  ?> /> <label for='apsl_custom_logout_redirect_custom'><?php _e('Custom page', 'accesspress-social-login-lite'); ?></label><br />
350
 
351
+ <div class='apsl-custom-logout-redirect-link' <?php echo (isset($options['apsl_custom_logout_redirect_options']) && $options['apsl_custom_logout_redirect_options'] == 'custom_page') ? "style='display:block;'" : "style='display:none'"; ?>>
 
 
 
 
 
 
 
 
352
  <p class='apsl-title-text-field'>
353
  <span><?php _e('Logout redirect page:', 'accesspress-social-login-lite'); ?></span> <input type='text' name='apsl_custom_logout_redirect_link' id='apsl-custom-logout-redirect-link' value='<?php
354
  if (isset($options['apsl_custom_logout_redirect_link']) && $options['apsl_custom_logout_redirect_link'] != '') {
358
  </p>
359
  <div class='apsl-info'>
360
  <span class='apsl-info-note'><?php _e('Note:', 'accesspress-social-login-lite'); ?></span> <br />
361
+ <span class='apsl-info-content'><?php _e('Please set this value if you want to redirect the user to the custom page url(full url). If this field is not set they will be redirected back to current page', 'accesspress-social-login-lite'); ?>.</span>
362
  </div>
363
  </div>
364
  </div>
366
  </div>
367
 
368
  <div class='apsl-settings'>
369
+ <div class='apsl-login-redirect-settings'>
 
370
  <div class="apsl-label"><?php _e('Login redirect link', 'accesspress-social-login-lite'); ?> <span class='apsl_show_hide'><i class="fa fa-caret-down"></i></span> </div>
371
  <div class='apsl_network_settings_wrapper' style='display:none'>
372
  <input type='radio' id='apsl_custom_login_redirect_home' class='apsl_custom_login_redirect_options' name='apsl_custom_login_redirect_options' value='home' <?php
382
  <div class='apsl-custom-login-redirect-link1' >
383
  <div class='apsl-info'>
384
  <span class='apsl-info-note'><?php _e('Note:', 'accesspress-social-login-lite'); ?></span> <br />
385
+ <span class='apsl-info-content'> <?php _e('If plugin can\'t detect what is the redirect uri for the page it will be redirected to home page', 'accesspress-social-login-lite'); ?>.</span>
386
  </div>
387
  </div>
388
  <input type='radio' id='apsl_custom_login_redirect_custom' class='apsl_custom_login_redirect_options' name='apsl_custom_login_redirect_options' value='custom_page' <?php
391
  }
392
  ?> /> <label for='apsl_custom_login_redirect_custom'><?php _e('Custom page', 'accesspress-social-login-lite'); ?></label><br />
393
 
394
+ <div class='apsl-custom-login-redirect-link' <?php echo (isset($options['apsl_custom_login_redirect_options']) && $options['apsl_custom_login_redirect_options'] == 'custom_page') ? "style='display: block'" : "style='display:none'"; ?>>
 
 
 
 
 
 
 
 
395
  <p class='apsl-title-text-field'>
396
  <span><?php _e('Login redirect page:', 'accesspress-social-login-lite'); ?></span> <input type='text' name='apsl_custom_login_redirect_link' id='apsl-custom-login-redirect-link' value='<?php
397
  if (isset($options['apsl_custom_login_redirect_link']) && $options['apsl_custom_login_redirect_link'] != '') {
401
  </p>
402
  <div class='apsl-info'>
403
  <span class='apsl-info-note'><?php _e('Note:', 'accesspress-social-login-lite'); ?></span> <br />
404
+ <span class='apsl-info-content'><?php _e('Please set this value if you want to redirect the user to the custom page url(full url). If this field is not set they will be redirected back to home page', 'accesspress-social-login-lite'); ?>.</span>
405
  </div>
406
  </div>
407
  </div>
408
  </div>
409
  </div>
 
410
  <div class='apsl-settings'>
411
  <div class='apsl-user-avatar-settings'>
412
  <div class="apsl-label"><?php _e('User avatar', 'accesspress-social-login-lite'); ?> <span class='apsl_show_hide'><i class="fa fa-caret-down"></i></span> </div>
423
  ?> /> <label for='apsl_user_avatar_social'><?php _e('Use the profile picture from social media where available.', 'accesspress-social-login-lite'); ?></label><br /><br />
424
  <div class='apsl-info'>
425
  <span class='apsl-info-note'><?php _e('Note:', 'accesspress-social-login-lite'); ?></span> <br />
426
+ <span class='apsl-info-content'><?php _e('Please choose the options from where you want your users avatar to be loaded from. If you choose default wordpress avatar it will use the gravatar profile image if user have gravatar profile assocated with their registered email address', 'accesspress-social-login-lite'); ?>.</span>
427
  </div>
428
  </div>
429
  </div>
445
  ?> /> <label for='apsl_send_email_notification_no'><?php _e('Do not send email notification to both user and site admin.', 'accesspress-social-login-lite'); ?></label><br /><br />
446
  <div class='apsl-info'>
447
  <span class='apsl-info-note'><?php _e('Note:', 'accesspress-social-login-lite'); ?></span> <br />
448
+ <span class='apsl-info-content'><?php _e('Here you can configure an options to send email notifications about user registration to site admin and user', 'accesspress-social-login-lite'); ?>.</span>
449
  </div>
450
  </div>
451
  </div>
467
  </div>
468
  <!-- Save settings Button -->
469
  <div class='apsl-save-settings'>
470
+ <?php wp_nonce_field('apsl_save_settings_nonce', 'apsl_save_settings_nonce_field'); ?>
471
  <input type='submit' class='apsl-submit-settings primary-button' name='apsl_save_settings' value='<?php _e('Save settings', 'accesspress-social-login-lite'); ?>' />
472
  </div>
473
 
476
  <a href="<?php echo admin_url() . 'admin-post.php?action=apsl_restore_default_settings&_wpnonce=' . $nonce; ?>" onclick="return confirm('<?php _e('Are you sure you want to restore default settings?', 'accesspress-social-login-lite'); ?>')"><input type="button" value="Restore Default Settings" class="apsl-reset-button button primary-button"/></a>
477
  </div>
478
  </div>
479
+ </form>
 
480
  </div>
481
  </div>
482
+ </div>
483
  </div>
inc/backend/more-wordpress-resources.php CHANGED
@@ -12,15 +12,15 @@
12
 
13
  <p>AND IF THIS PLUGIN HAS IMPRESSED YOU, THEN YOU WOULD ENJOY OUR OTHER PROJECTS TOO. DO CHECK THESE OUT :</p>
14
 
15
- <p><a href="https://wpall.club/" target="_blank">WPAll Club</a> - A complete WordPress resources club. WordPress tutorials, blogs, curated free and premium themes and plugins, WordPress deals, offers, hosting info and more.</p>
16
 
17
- <p> <a href="https://themeforest.net/user/accesskeys/portfolio" target="_blank">Premium WordPress Themes</a> - 6 premium WordPress themes well suited for all sort of websites. Professional, well coded and highly configurable themes for you. </p>
18
 
19
- <p> <a href="https://codecanyon.net/user/accesskeys/portfolio?Ref=AccessKeys" target="_blank">Premium WordPress Plugins</a> - 45+ premium WordPress plugins of many different types. High user ratings, great quality and best sellers in CodeCanyon marketplace. </p>
20
 
21
- <p> <a href="https://accesspressthemes.com/" target="_blank">AccessPress Themes</a> - AccessPress Themes has 50+ beautiful and elegant, fully responsive, multipurpose themes to meet your need for free and commercial basis.</p>
22
 
23
- <p> <a href="https://8degreethemes.com/" target="_blank">8Degree Themes</a> - 8Degree Themes offers 15+ free WordPress themes and 16+ premium WordPress themes carefully crafted with creativity.</p>
24
  </div>
25
  </div>
26
  </div>
12
 
13
  <p>AND IF THIS PLUGIN HAS IMPRESSED YOU, THEN YOU WOULD ENJOY OUR OTHER PROJECTS TOO. DO CHECK THESE OUT :</p>
14
 
15
+ <p><a href="//wpall.club/" target="_blank">WPAll Club</a> - A complete WordPress resources club. WordPress tutorials, blogs, curated free and premium themes and plugins, WordPress deals, offers, hosting info and more.</p>
16
 
17
+ <p> <a href="//themeforest.net/user/accesskeys/portfolio" target="_blank">Premium WordPress Themes</a> - 6 premium WordPress themes well suited for all sort of websites. Professional, well coded and highly configurable themes for you. </p>
18
 
19
+ <p> <a href="//codecanyon.net/user/accesskeys/portfolio?Ref=AccessKeys" target="_blank">Premium WordPress Plugins</a> - 45+ premium WordPress plugins of many different types. High user ratings, great quality and best sellers in CodeCanyon marketplace. </p>
20
 
21
+ <p> <a href="//accesspressthemes.com/" target="_blank">AccessPress Themes</a> - AccessPress Themes has 50+ beautiful and elegant, fully responsive, multipurpose themes to meet your need for free and commercial basis.</p>
22
 
23
+ <p> <a href="//8degreethemes.com/" target="_blank">8Degree Themes</a> - 8Degree Themes offers 15+ free WordPress themes and 16+ premium WordPress themes carefully crafted with creativity.</p>
24
  </div>
25
  </div>
26
  </div>
inc/backend/save-settings.php CHANGED
@@ -2,7 +2,7 @@
2
  defined( 'ABSPATH' ) or die( "No script kiddies please!" );
3
 
4
  $apsl_settings = array();
5
- $apsl_settings['network_ordering'] = $_POST['network_ordering'];
6
 
7
  //for facebook settings
8
  foreach( $_POST['apsl_facebook_settings'] as $key => $value ) {
@@ -11,11 +11,11 @@ foreach( $_POST['apsl_facebook_settings'] as $key => $value ) {
11
 
12
  $apsl_facebook_enable = isset( $apsl_facebook_enable ) ? $apsl_facebook_enable : '';
13
  $facebook_parameters = array( 'apsl_facebook_enable' => $apsl_facebook_enable,
14
- 'apsl_facebook_app_id' => $apsl_facebook_app_id,
15
- 'apsl_facebook_app_secret' => $apsl_facebook_app_secret,
16
- 'apsl_profile_image_width' => $apsl_profile_image_width,
17
- 'apsl_profile_image_height' => $apsl_profile_image_height
18
- );
19
  $apsl_settings['apsl_facebook_settings'] = $facebook_parameters;
20
 
21
  //for twitter settings
@@ -36,23 +36,23 @@ $apsl_google_enable = isset( $apsl_google_enable ) ? $apsl_google_enable : '';
36
  $google_parameters = array('apsl_google_enable' => $apsl_google_enable, 'apsl_google_client_id' => $apsl_google_client_id, 'apsl_google_client_secret' => $apsl_google_client_secret);
37
 
38
  $apsl_settings['apsl_google_settings'] = $google_parameters;
39
- $apsl_settings['apsl_enable_disable_plugin'] = $_POST['apsl_enable_disable_plugin'];
40
  $display_options = array();
41
  if( isset( $_POST['apsl_display_options'] ) ) {
42
  foreach( $_POST['apsl_display_options'] as $key => $value ) {
43
- $display_options[] = $value;
44
  }
45
  }
46
 
47
  $apsl_settings['apsl_display_options'] = $display_options;
48
- $apsl_settings['apsl_icon_theme'] = $_POST['apsl_icon_theme'];
49
  $apsl_settings['apsl_title_text_field'] = sanitize_text_field( $_POST['apsl_title_text_field'] );
50
  $apsl_settings['apsl_custom_logout_redirect_options'] = sanitize_text_field( $_POST['apsl_custom_logout_redirect_options'] );
51
  $apsl_settings['apsl_custom_logout_redirect_link'] = sanitize_text_field( $_POST['apsl_custom_logout_redirect_link'] );
52
  $apsl_settings['apsl_custom_login_redirect_options'] = sanitize_text_field( $_POST['apsl_custom_login_redirect_options'] );
53
  $apsl_settings['apsl_custom_login_redirect_link'] = sanitize_text_field( $_POST['apsl_custom_login_redirect_link'] );
54
- $apsl_settings['apsl_user_avatar_options'] = $_POST['apsl_user_avatar_options'];
55
- $apsl_settings['apsl_send_email_notification_options'] = $_POST['apsl_send_email_notification_options'];
56
 
57
  //for saving the settings
58
  update_option( APSL_SETTINGS, $apsl_settings );
2
  defined( 'ABSPATH' ) or die( "No script kiddies please!" );
3
 
4
  $apsl_settings = array();
5
+ $apsl_settings['network_ordering'] = $this->apsll_sanitize_array($_POST['network_ordering']);
6
 
7
  //for facebook settings
8
  foreach( $_POST['apsl_facebook_settings'] as $key => $value ) {
11
 
12
  $apsl_facebook_enable = isset( $apsl_facebook_enable ) ? $apsl_facebook_enable : '';
13
  $facebook_parameters = array( 'apsl_facebook_enable' => $apsl_facebook_enable,
14
+ 'apsl_facebook_app_id' => $apsl_facebook_app_id,
15
+ 'apsl_facebook_app_secret' => $apsl_facebook_app_secret,
16
+ 'apsl_profile_image_width' => $apsl_profile_image_width,
17
+ 'apsl_profile_image_height' => $apsl_profile_image_height
18
+ );
19
  $apsl_settings['apsl_facebook_settings'] = $facebook_parameters;
20
 
21
  //for twitter settings
36
  $google_parameters = array('apsl_google_enable' => $apsl_google_enable, 'apsl_google_client_id' => $apsl_google_client_id, 'apsl_google_client_secret' => $apsl_google_client_secret);
37
 
38
  $apsl_settings['apsl_google_settings'] = $google_parameters;
39
+ $apsl_settings['apsl_enable_disable_plugin'] = sanitize_text_field($_POST['apsl_enable_disable_plugin']);
40
  $display_options = array();
41
  if( isset( $_POST['apsl_display_options'] ) ) {
42
  foreach( $_POST['apsl_display_options'] as $key => $value ) {
43
+ $display_options[] = sanitize_text_field($value);
44
  }
45
  }
46
 
47
  $apsl_settings['apsl_display_options'] = $display_options;
48
+ $apsl_settings['apsl_icon_theme'] = sanitize_text_field($_POST['apsl_icon_theme']);
49
  $apsl_settings['apsl_title_text_field'] = sanitize_text_field( $_POST['apsl_title_text_field'] );
50
  $apsl_settings['apsl_custom_logout_redirect_options'] = sanitize_text_field( $_POST['apsl_custom_logout_redirect_options'] );
51
  $apsl_settings['apsl_custom_logout_redirect_link'] = sanitize_text_field( $_POST['apsl_custom_logout_redirect_link'] );
52
  $apsl_settings['apsl_custom_login_redirect_options'] = sanitize_text_field( $_POST['apsl_custom_login_redirect_options'] );
53
  $apsl_settings['apsl_custom_login_redirect_link'] = sanitize_text_field( $_POST['apsl_custom_login_redirect_link'] );
54
+ $apsl_settings['apsl_user_avatar_options'] = sanitize_text_field($_POST['apsl_user_avatar_options']);
55
+ $apsl_settings['apsl_send_email_notification_options'] = sanitize_text_field($_POST['apsl_send_email_notification_options']);
56
 
57
  //for saving the settings
58
  update_option( APSL_SETTINGS, $apsl_settings );
inc/frontend/login_check.php CHANGED
@@ -3,140 +3,138 @@ defined( 'ABSPATH' ) or die( "No script kiddies please!" );
3
 
4
  if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
5
 
6
- class APSL_Lite_Login_Check_Class {
7
  //constructor
8
  function __construct() {
9
 
10
  if( isset( $_GET['apsl_login_id'] ) ) {
11
  if( isset( $_REQUEST['state'] ) ) {
12
- parse_str( base64_decode( $_REQUEST['state'] ), $state_vars );
13
 
14
  if( isset( $state_vars['redirect_to'] ) ) {
15
- $_GET['redirect_to'] = $_REQUEST['redirect_to'] = $state_vars['redirect_to'];
16
- }
 
 
 
 
 
 
 
 
 
 
17
  }
18
-
19
- $exploder = explode( '_', $_GET['apsl_login_id'] );
20
- switch( $exploder[0] ) {
21
- case 'facebook':
22
- if( version_compare( PHP_VERSION, '5.4.0', '<' ) ) {
23
- echo _e( 'The Facebook SDK requires PHP version 5.4 or higher. Please notify about this error to site admin.', 'accesspress-social-login-lite' );
24
- die();
25
- }
26
- $this->onFacebookLogin();
27
- break;
28
- case 'twitter':
29
- if( !class_exists( 'TwitterOAuth' ) ) {
30
- include( APSL_PLUGIN_DIR . 'twitter/OAuth.php' );
31
- include( APSL_PLUGIN_DIR . 'twitter/twitteroauth.php' );
32
- }
33
- $this->onTwitterLogin();
34
- break;
35
- case 'google':
36
- if( !class_exists( 'Google_Client' ) ) {
37
- include( APSL_PLUGIN_DIR . 'google/Client.php' );
38
- }
39
- if(!class_exists('Google_Service_Plus')){
40
- include( APSL_PLUGIN_DIR . 'google/Service/Oauth2.php' );
41
- //include( APSL_PLUGIN_DIR . 'google/Service/Plus.php' );
42
- }
43
- $this->onGoogleLogin();
44
- break;
45
  }
 
 
 
 
 
46
  }
47
  }
 
48
  //for facebook login
49
- function onFacebookLogin() {
50
- $response = new stdClass();
51
- $result = $this->facebookLogin( $response );
52
- if( isset( $result->status ) && $result->status == 'SUCCESS' ) {
53
- global $wpdb;
54
- $unique_verifier = sha1($result->deutype.$result->deuid);
55
- $sql = "SELECT * FROM `{$wpdb->prefix}apsl_users_social_profile_details` WHERE `provider_name` LIKE '$result->deutype' AND `identifier` LIKE '$result->deuid' AND `unique_verifier` LIKE '$unique_verifier'";
56
- $row = $wpdb->get_row($sql);
57
- if( !$row ) {
58
  //check if there is already a user with the email address provided from social login already
59
- $user_details_by_email = $this->getUserByMail($result->email);
60
- if( $user_details_by_email != false ){
61
  //user already there so log him in
62
- $id = $user_details_by_email->ID;
63
- $sql = "SELECT * FROM `{$wpdb->prefix}apsl_users_social_profile_details` WHERE `user_id` LIKE '$id'; ";
64
- $row = $wpdb->get_row($sql);
65
- if(!$row){
66
  self:: link_user($id, $result);
67
- }
68
- self:: loginUser( $id );
69
- die();
70
  }
71
- $_SESSION['user_details']= $result;
72
-
 
 
 
73
  // use FB id as username if sanitized username is empty
74
- $sanitized_user_name = sanitize_user( $result->username, true );
75
- if ( empty( $sanitized_user_name ) ) {
76
  $sanitized_user_name = $result->deuid;
77
- }
78
- $user_Id = self::creatUser( $sanitized_user_name, $result->email );
79
- $user_row = self:: getUserByMail( $result->email );
80
- $id = $user_row->ID;
81
- $result = $result;
82
- $role = 'subscriber';
83
- self:: UpdateUserMeta( $id, $result, $role );
84
- self:: loginUser( $id );
 
 
 
 
85
  exit();
86
  }else{
87
- if( ($row->provider_name == $result->deutype) && ($row->identifier == $result->deuid) ){
88
- //echo "user found in our database";
89
- self:: loginUser( $row->user_id );
90
- exit();
91
- }else{
92
  // user not found in our database
93
- // need to handle an exception
94
- }
95
- }
96
- }else{
97
- if(isset($_REQUEST['error'])){
98
- $_SESSION['apsl_login_error_flag'] = 1;
99
- $redirect_url = isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : site_url();
100
- $this->redirect($redirect_url);
101
  }
102
- die();
103
  }
104
- }
105
-
106
- function facebookLogin() {
107
- $request = $_REQUEST;
108
- $site = $this->siteUrl();
109
- $callBackUrl = $this->callBackUrl();
110
- $response = new stdClass();
111
- $return_user_details = new stdClass();
112
- $exploder = explode( '_', $_GET['apsl_login_id'] );
113
- $action = $exploder[1];
114
- $options = get_option( APSL_SETTINGS );
115
- if(isset($options['apsl_facebook_settings']['apsl_profile_image_width'])){
116
- $width = $options['apsl_facebook_settings']['apsl_profile_image_width'];
117
- }else{
118
- $width = 150;
119
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
120
 
121
- if(isset($options['apsl_facebook_settings']['apsl_profile_image_height'])){
122
- $height = $options['apsl_facebook_settings']['apsl_profile_image_height'];
123
- }else{
124
- $height = 150;
125
- }
126
 
127
- $config = array('app_id' => $options['apsl_facebook_settings']['apsl_facebook_app_id'], 'app_secret' => $options['apsl_facebook_settings']['apsl_facebook_app_secret'], 'default_graph_version' => 'v2.4', 'persistent_data_handler' => 'session' );
128
- include( APSL_PLUGIN_DIR . 'facebook/autoload.php' );
129
- $fb = new Facebook\Facebook( $config );
130
 
131
- $callback = $callBackUrl . 'apsl_login_id' . '=facebook_check';
132
 
133
- if( $action == 'login' ) {
134
  // Well looks like we are a fresh dude, login to Facebook!
135
- $helper = $fb->getRedirectLoginHelper();
136
  $permissions = array('email', 'public_profile'); // optional
137
  $loginUrl = $helper->getLoginUrl( $callback, $permissions );
138
 
139
- $encoded_url = isset( $_GET['redirect_to'] ) ? $_GET['redirect_to'] : '';
140
  if( isset( $encoded_url ) && $encoded_url != '' ) {
141
  setcookie("apsl_login_redirect_url", $encoded_url, time()+3600);
142
  // $callback = $callBackUrl . 'apsl_login_id' . '=facebook_check&redirect_to=' . $encoded_url;
@@ -154,7 +152,7 @@ if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
154
  if( isset( $_REQUEST['code'] ) ) {
155
  $helper = $fb->getRedirectLoginHelper();
156
  // Trick below will avoid "Cross-site request forgery validation failed. Required param "state" missing." from Facebook
157
- $_SESSION['FBRLH_state'] = $_REQUEST['state'];
158
  try {
159
  $accessToken = $helper->getAccessToken($callback);
160
  }
@@ -213,8 +211,8 @@ if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
213
 
214
  }
215
  else {
216
- $return_user_details->deuimage = false; // nothing there? .. weird, but okay!
217
-
218
  }
219
  $return_user_details->error_message = '';
220
  }
@@ -251,9 +249,8 @@ if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
251
  $id = $user_details_by_email->ID;
252
  $sql = "SELECT * FROM `{$wpdb->prefix}apsl_users_social_profile_details` WHERE `user_id` LIKE '$id'; ";
253
  $row = $wpdb->get_row($sql);
254
- // var_dump($row);
255
  if(!$row){
256
- self:: link_user($id, $result);
257
  }
258
  self:: loginUser( $id );
259
  die();
@@ -269,7 +266,6 @@ if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
269
  exit();
270
  }else{
271
  if( ($row->provider_name == $result->deutype) && ($row->identifier == $result->deuid) ){
272
- //echo "user found in our database";
273
  self:: loginUser( $row->user_id );
274
  exit();
275
  }else{
@@ -277,10 +273,10 @@ if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
277
  // need to handle an exception
278
  }
279
  }
280
- $_SESSION['apsl_login_error_flag'] = 1;
281
  }else{
282
  if(isset($_REQUEST['denied'])){
283
- $redirect_url = isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : site_url();
284
  $this->redirect($redirect_url);
285
  }
286
  die();
@@ -288,101 +284,100 @@ if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
288
  }
289
 
290
  function twitterLogin() {
291
- $request = $_REQUEST;
292
- $site = $this->siteUrl();
293
- $callBackUrl = $this->callBackUrl();
294
- $response = new stdClass();
295
- $exploder = explode( '_', $_GET['apsl_login_id'] );
296
- $action = $exploder[1];
297
- @session_start();
298
- $options = get_option( APSL_SETTINGS );
299
- if( $action == 'login' ) {
300
  // Get identity from user and redirect browser to OpenID Server
301
- if( !isset( $request['oauth_token'] ) || $request['oauth_token'] == '' ) {
302
- $twitterObj = new TwitterOAuth( $options['apsl_twitter_settings']['apsl_twitter_api_key'], $options['apsl_twitter_settings']['apsl_twitter_api_secret'] );
303
- $encoded_url = isset( $_GET['redirect_to'] ) ? $_GET['redirect_to'] : '';
304
- if( isset( $encoded_url ) && $encoded_url != '' ) {
305
- $callback = $callBackUrl . 'apsl_login_id' . '=twitter_check&redirect_to=' . $encoded_url;
306
- }
307
- else {
308
- $callback = $callBackUrl . 'apsl_login_id' . '=twitter_check';
309
- }
310
-
311
- $request_token = $twitterObj->getRequestToken( $callback );
312
- $_SESSION['oauth_twitter'] = array();
313
- /* Save temporary credentials to session. */
314
- $_SESSION['oauth_twitter']['oauth_token'] = $token = $request_token['oauth_token'];
315
- $_SESSION['oauth_twitter']['oauth_token_secret'] = $request_token['oauth_token_secret'];
316
- /* If last connection failed don't display authorization link. */
317
- switch( $twitterObj->http_code ) {
318
- case 200:
319
- try {
320
- $url = $twitterObj->getAuthorizeUrl( $token );
321
- $this->redirect( $url );
322
- }
323
- catch( Exception $e ) {
324
- $response->status = 'ERROR';
325
- $response->error_code = 2;
326
- $response->error_message = 'Could not get AuthorizeUrl.';
327
- }
328
- break;
329
- default:
330
- $response->status = 'ERROR';
331
- $response->error_code = 2;
332
- $response->error_message = 'Could not connect to Twitter. Refresh the page or try again later.';
333
- break;
334
- }
335
  }
336
  else {
337
- $response->status = 'ERROR';
338
- $response->error_code = 2;
339
- $response->error_message = 'INVALID AUTHORIZATION';
340
  }
341
- }
342
- else if( isset( $request['oauth_token'] ) && isset( $request['oauth_verifier'] ) ) {
343
- /* Create TwitteroAuth object with app key/secret and token key/secret from default phase */
344
- $twitterObj = new TwitterOAuth( $options['apsl_twitter_settings']['apsl_twitter_api_key'], $options['apsl_twitter_settings']['apsl_twitter_api_secret'], $_SESSION['oauth_twitter']['oauth_token'], $_SESSION['oauth_twitter']['oauth_token_secret'] );
345
- /* Remove no longer needed request tokens */
346
- unset( $_SESSION['oauth_twitter'] );
347
- try {
348
- $access_token = $twitterObj->getAccessToken( $request['oauth_verifier'] );
349
- /* If HTTP response is 200 continue otherwise send to connect page to retry */
350
- if( 200 == $twitterObj->http_code ) {
351
- $user_profile = $twitterObj->get( 'account/verify_credentials', array(
352
- 'screen_name' => $access_token['screen_name'],
353
- 'skip_status' => 'true',
354
- 'include_entities' => 'true',
355
- 'include_email' => 'true'
356
- )
357
- );
358
- /* Request access twitterObj from twitter */
359
- $response->status = 'SUCCESS';
360
- $response->deuid = $user_profile->id;
361
- $response->deutype = 'twitter';
362
- $response->name = explode( ' ', $user_profile->name, 2 );
363
- $response->first_name = $response->name[0];
364
- $response->last_name =( isset( $response->name[1] ) ) ? $response->name[1] : '';
365
- $response->deuimage = $user_profile->profile_image_url_https;
366
- $response->email = isset($user_profile->email) ? $user_profile->email : $user_profile->screen_name . '@twitter.com';
367
- $response->username = ($user_profile->screen_name !='') ? strtolower($user_profile->screen_name) : $user_email;
368
- $response->url = $user_profile->url;
369
- $response->about = isset($user_profile->description) ? $user_profile->description : '';
370
- $response->gender = isset($user_profile->gender) ? $user_profile->gender : 'N/A';
371
- $response->location = $user_profile->location;
372
- $response->error_message = '';
373
  }
374
- else {
375
  $response->status = 'ERROR';
376
  $response->error_code = 2;
377
- $response->error_message = 'Could not connect to Twitter. Refresh the page or try again later.';
378
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
379
  }
380
- catch( Exception $e ) {
381
  $response->status = 'ERROR';
382
  $response->error_code = 2;
383
- $response->error_message = 'Could not get AccessToken.';
384
  }
385
  }
 
 
 
 
 
 
386
  else { // User Canceled your Request
387
  $response->status = 'ERROR';
388
  $response->error_code = 1;
@@ -407,7 +402,7 @@ if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
407
  $sql = "SELECT * FROM `{$wpdb->prefix}apsl_users_social_profile_details` WHERE `user_id` LIKE '$id'; ";
408
  $row = $wpdb->get_row($sql);
409
  if(!$row){
410
- self:: link_user($id, $result);
411
  }
412
  self:: loginUser( $id );
413
  die();
@@ -423,18 +418,16 @@ if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
423
  exit();
424
  }else{
425
  if( ($row->provider_name == $result->deutype) && ($row->identifier == $result->deuid) ){
426
- //echo "user found in our database";
427
  self:: loginUser( $row->user_id );
428
  exit();
429
  }else{
430
  // user not found in our database
431
- // need to handle an exception
432
  }
433
  }
434
  }else{
435
  if(isset($_REQUEST['error'])){
436
  $_SESSION['apsl_login_error_flag'] = 1;
437
- $redirect_url = isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : site_url();
438
  $this->redirect($redirect_url);
439
  }
440
  die();
@@ -442,20 +435,19 @@ if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
442
  }
443
 
444
  function GoogleLogin() {
445
- $post = $_POST;
446
- $get = $_GET;
447
- $request = $_REQUEST;
448
  $site = $this->siteUrl();
449
  $callBackUrl = $this->callBackUrl();
450
  $options = get_option( APSL_SETTINGS );
451
  $response = new stdClass();
452
- $a = explode( '_', $_GET['apsl_login_id'] );
453
  $action = $a[1];
454
  $client_id = $options['apsl_google_settings']['apsl_google_client_id'];
455
  $client_secret = $options['apsl_google_settings']['apsl_google_client_secret'];
456
 
457
  $site_url = site_url() . '/wp-admin';
458
- $encoded_url = isset( $_GET['redirect_to'] ) ? $_GET['redirect_to'] : $site_url;
459
  $callback = $callBackUrl . 'apsl_login_id' . '=google_check';
460
 
461
  $redirect_uri = $callback;
@@ -464,7 +456,6 @@ if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
464
  $client->setClientId( $client_id );
465
  $client->setClientSecret( $client_secret );
466
  $client->setRedirectUri( $redirect_uri );
467
- //$client->addScope( "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/plus.profile.emails.read" );
468
 
469
  $client->setScopes([
470
  "profile", // can give: all we need, but no email
@@ -475,7 +466,6 @@ if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
475
  $client->setState( base64_encode( "redirect_to=$encoded_url" ) );
476
  }
477
 
478
- //$service = new Google_Service_Plus( $client );
479
  $service = new Google_Service_Oauth2($client);
480
  if( $action == 'login' ) { // Get identity from user and redirect browser to OpenID Server
481
  unset($_SESSION['access_token']);
@@ -490,7 +480,7 @@ if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
490
  }
491
  }
492
  elseif( isset( $_GET['code'] ) ) { // Perform HTTP Request to OpenID server to validate key
493
- $client->authenticate( $_GET['code'] );
494
  $_SESSION['access_token'] = $client->getAccessToken();
495
  $this->redirect( $redirect_uri . "&redirect_to=$encoded_url" );
496
  die();
@@ -499,42 +489,39 @@ if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
499
  $client->setAccessToken( $_SESSION['access_token'] );
500
 
501
  try {
502
- //$user = $service->people->get( "me", array() );
503
- $user = $service->userinfo->get();
504
- }
505
- catch( Exception $fault ) {
506
- unset( $_SESSION['access_token'] );
507
- $ref_object = $this->accessProtected( $fault, 'errors' );
508
- echo $ref_object[0]['message'] . " Please notify about this error to the Site Admin.";
509
- die();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
510
  }
511
-
512
- if( !empty( $user ) ) {
513
- if( !empty( $user->email ) ) {
514
-
515
- $response->email = $user->email;
516
- //$response->username = ($user->name->givenName) ? strtolower($user->name->givenName) : $user_email;
517
- $response->username = ($user->givenName != '') ? strtolower($user->givenName) : $user->email;
518
- $response->first_name = $user->givenName;
519
- $response->last_name = $user->familyName;
520
- $response->deuid = $user->emails[0]->value;
521
- //$response->deuimage = $user->image->url;
522
- $imageUrl = substr($user->picture, 0, strpos($user->picture . "?sz=", "?sz=")) . '?sz=450';
523
- $response->deuimage = $imageUrl;
524
- $response->gender = isset($user->gender) ? $user->gender : 'N/A';
525
- $response->id = $user->id;
526
- $response->about = $user->aboutMe;
527
- $response->url = $user->url;
528
- $response->deutype = 'google';
529
- $response->status = 'SUCCESS';
530
- $response->error_message = '';
531
- }
532
- else {
533
- $response->status = 'ERROR';
534
- $response->error_code = 2;
535
- $response->error_message = "INVALID AUTHORIZATION";
536
- }
537
  }
 
538
  else { // Signature Verification Failed
539
  $response->status = 'ERROR';
540
  $response->error_code = 2;
@@ -554,7 +541,6 @@ if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
554
  }
555
 
556
  function callBackUrl() {
557
- // $connection = !empty( $_SERVER['HTTPS'] ) ? 'https://' : 'http://';
558
  $url = wp_login_url();
559
  if( strpos( $url, '?' ) === false ) {
560
  $url.= '?';
@@ -655,7 +641,7 @@ if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
655
  if( $reauth )wp_clear_auth_cookie();
656
 
657
  if( isset( $_REQUEST['redirect_to'] ) ) {
658
- $redirect_to = $_REQUEST['redirect_to'];
659
  // Redirect to https if user wants ssl
660
  if( isset( $secure_cookie ) && false !== strpos( $redirect_to, 'wp-admin' ) )$redirect_to = preg_replace( '|^http://|', 'https://', $redirect_to );
661
  }
@@ -670,7 +656,7 @@ if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
670
  if( !$this->set_cookies( $user_id ) ) {
671
  return false;
672
  }
673
- $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : site_url();
674
  $user_login_url = apply_filters( 'login_redirect', $redirect_to, $requested_redirect_to, $user );
675
 
676
  $options = get_option( APSL_SETTINGS );
@@ -680,7 +666,8 @@ if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
680
  }
681
  else if( $options['apsl_custom_login_redirect_options'] == 'current_page' ) {
682
  if( isset( $_REQUEST['redirect_to'] ) ) {
683
- $redirect_to = $_REQUEST['redirect_to'];
 
684
  // Redirect to https if user wants ssl
685
  if( isset( $secure_cookie ) && false !== strpos( $redirect_to, 'wp-admin' ) )$user_login_url = preg_replace( '|^http://|', 'https://', $redirect_to );
686
  }
@@ -690,7 +677,7 @@ if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
690
  }
691
  else if( $options['apsl_custom_login_redirect_options'] == 'custom_page' ) {
692
  if( $options['apsl_custom_login_redirect_link'] != '' ) {
693
- $login_page = $options['apsl_custom_login_redirect_link'];
694
  $user_login_url = $login_page;
695
  }
696
  else {
@@ -704,7 +691,6 @@ if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
704
  $redirect_to = $user_login_url;
705
  $redirect_to = apply_filters( 'login_redirect', $redirect_to );
706
  $redirect_to = isset($_COOKIE["apsl_login_redirect_url"]) ? urldecode($_COOKIE["apsl_login_redirect_url"]) : $redirect_to;
707
- // echo "<script> window.close(); window.opener.location.href='$redirect_to'; </script>";
708
  wp_safe_redirect( $redirect_to );
709
  exit();
710
  }
@@ -716,10 +702,10 @@ if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
716
  }
717
  $pageURL.= "://";
718
  if( $_SERVER["SERVER_PORT"] != "80" ) {
719
- $pageURL.= $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] . $_SERVER["REQUEST_URI"];
720
  }
721
  else {
722
- $pageURL.= $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
723
  }
724
  return $pageURL;
725
  }
@@ -747,24 +733,23 @@ if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
747
 
748
  $table_name = $apsl_userdetails;
749
  $submit_array = array(
750
- "user_id" => $id,
751
- "provider_name" => $result->deutype,
752
- "identifier" => $result->deuid,
753
- "unique_verifier" => $unique_verifier,
754
- "email" => $result->email,
755
- "first_name" => $first_name,
756
- "last_name" => $last_name,
757
- "profile_url" =>$profile_url,
758
- "photo_url" =>$photo_url,
759
- "display_name" =>$display_name,
760
- "description" =>$description,
761
- "gender" =>$result->gender
762
- );
763
  $user_profile_details = $result;
764
  $wpdb->insert($table_name, $submit_array );
765
  if(!$result){
766
- echo "Data insertion failed";
767
- // die(mysql_error());
768
  }
769
  }
770
 
@@ -783,7 +768,6 @@ if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
783
  wp_update_user( array(
784
  'ID' => $id,
785
  'display_name' => $result->first_name . ' ' . $result->last_name,
786
- // 'role' => $role,
787
  'user_url' => $result->url
788
  ) );
789
 
@@ -800,31 +784,30 @@ if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
800
 
801
  $table_name = $apsl_userdetails;
802
  $submit_array = array(
803
- "user_id" => $id,
804
- "provider_name" => $result->deutype,
805
- "identifier" => $result->deuid,
806
- "unique_verifier" => $unique_verifier,
807
- "email" => $result->email,
808
- "first_name" => $first_name,
809
- "last_name" => $last_name,
810
- "profile_url" =>$profile_url,
811
- "photo_url" =>$photo_url,
812
- "display_name" =>$display_name,
813
- "description" =>$description,
814
- "gender" =>$result->gender
815
- );
816
  $user_profile_details = $result;
817
  $wpdb->insert($table_name, $submit_array );
818
 
819
- // if(function_exists('bp_has_profile')){
820
- // self:: apsl_buddypress_xprofile_mapping($id, $user_profile_details->deutype, $user_profile_details);
821
- // }
822
  if(!$result){
823
  echo "Data insertion failed";
824
- // die(mysql_error());
825
  }
826
  }
827
 
 
 
 
828
  } //termination of a class
829
 
830
  } //end of if statement
3
 
4
  if( !class_exists( 'APSL_Lite_Login_Check_Class' ) ) {
5
 
6
+ class APSL_Lite_Login_Check_Class extends APSL_Lite_Class{
7
  //constructor
8
  function __construct() {
9
 
10
  if( isset( $_GET['apsl_login_id'] ) ) {
11
  if( isset( $_REQUEST['state'] ) ) {
12
+ parse_str( base64_decode( sanitize_text_field($_REQUEST['state']) ), $state_vars );
13
 
14
  if( isset( $state_vars['redirect_to'] ) ) {
15
+ $get_request = isset($_GET['redirect_to'])?sanitize_text_field($_GET['redirect_to']):'';
16
+ $request_request = isset($_REQUEST['redirect_to'])?sanitize_text_field($_REQUEST['redirect_to']):'';
17
+ $get_request = $request_request = isset($state_vars['redirect_to'])?sanitize_text_field($state_vars['redirect_to']):'';
18
+ }
19
+ }
20
+
21
+ $exploder = explode( '_', sanitize_text_field($_GET['apsl_login_id'] ));
22
+ switch( $exploder[0] ) {
23
+ case 'facebook':
24
+ if( version_compare( PHP_VERSION, '5.4.0', '<' ) ) {
25
+ echo _e( 'The Facebook SDK requires PHP version 5.4 or higher. Please notify about this error to site admin.', 'accesspress-social-login-lite' );
26
+ die();
27
  }
28
+ $this->onFacebookLogin();
29
+ break;
30
+ case 'twitter':
31
+ if( !class_exists( 'TwitterOAuth' ) ) {
32
+ include( APSL_PLUGIN_DIR . 'twitter/OAuth.php' );
33
+ include( APSL_PLUGIN_DIR . 'twitter/twitteroauth.php' );
34
+ }
35
+ $this->onTwitterLogin();
36
+ break;
37
+ case 'google':
38
+ if( !class_exists( 'Google_Client' ) ) {
39
+ include( APSL_PLUGIN_DIR . 'google/Client.php' );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
40
  }
41
+ if(!class_exists('Google_Service_Plus')){
42
+ include( APSL_PLUGIN_DIR . 'google/Service/Oauth2.php' );
43
+ }
44
+ $this->onGoogleLogin();
45
+ break;
46
  }
47
  }
48
+ }
49
  //for facebook login
50
+ function onFacebookLogin() {
51
+ $response = new stdClass();
52
+ $result = $this->facebookLogin( $response );
53
+ if( isset( $result->status ) && $result->status == 'SUCCESS' ) {
54
+ global $wpdb;
55
+ $unique_verifier = sha1($result->deutype.$result->deuid);
56
+ $sql = "SELECT * FROM `{$wpdb->prefix}apsl_users_social_profile_details` WHERE `provider_name` LIKE '$result->deutype' AND `identifier` LIKE '$result->deuid' AND `unique_verifier` LIKE '$unique_verifier'";
57
+ $row = $wpdb->get_row($sql);
58
+ if( !$row ) {
59
  //check if there is already a user with the email address provided from social login already
60
+ $user_details_by_email = $this->getUserByMail($result->email);
61
+ if( $user_details_by_email != false ){
62
  //user already there so log him in
63
+ $id = $user_details_by_email->ID;
64
+ $sql = "SELECT * FROM `{$wpdb->prefix}apsl_users_social_profile_details` WHERE `user_id` LIKE '$id'; ";
65
+ $row = $wpdb->get_row($sql);
66
+ if(!$row){
67
  self:: link_user($id, $result);
 
 
 
68
  }
69
+ self:: loginUser( $id );
70
+ die();
71
+ }
72
+ $_SESSION['user_details']= $result;
73
+
74
  // use FB id as username if sanitized username is empty
75
+ $sanitized_user_name = sanitize_user( $result->username, true );
76
+ if ( empty( $sanitized_user_name ) ) {
77
  $sanitized_user_name = $result->deuid;
78
+ }
79
+ $user_Id = self::creatUser( $sanitized_user_name, $result->email );
80
+ $user_row = self:: getUserByMail( $result->email );
81
+ $id = $user_row->ID;
82
+ $result = $result;
83
+ $role = 'subscriber';
84
+ self:: UpdateUserMeta( $id, $result, $role );
85
+ self:: loginUser( $id );
86
+ exit();
87
+ }else{
88
+ if( ($row->provider_name == $result->deutype) && ($row->identifier == $result->deuid) ){
89
+ self:: loginUser( $row->user_id );
90
  exit();
91
  }else{
 
 
 
 
 
92
  // user not found in our database
 
 
 
 
 
 
 
 
93
  }
 
94
  }
95
+ }else{
96
+ if(isset($_REQUEST['error'])){
97
+ $_SESSION['apsl_login_error_flag'] = 1;
98
+ $redirect_url = isset($_REQUEST['redirect_to']) ? sanitization_text_field($_REQUEST['redirect_to']) : site_url();
99
+ $this->redirect($redirect_url);
 
 
 
 
 
 
 
 
 
 
100
  }
101
+ die();
102
+ }
103
+ }
104
+
105
+ function facebookLogin() {
106
+ $site = $this->siteUrl();
107
+ $callBackUrl = $this->callBackUrl();
108
+ $response = new stdClass();
109
+ $return_user_details = new stdClass();
110
+ $exploder = explode( '_', sanitize_text_field($_GET['apsl_login_id'] ));
111
+ $action = $exploder[1];
112
+ $options = get_option( APSL_SETTINGS );
113
+ if(isset($options['apsl_facebook_settings']['apsl_profile_image_width'])){
114
+ $width = $options['apsl_facebook_settings']['apsl_profile_image_width'];
115
+ }else{
116
+ $width = 150;
117
+ }
118
 
119
+ if(isset($options['apsl_facebook_settings']['apsl_profile_image_height'])){
120
+ $height = $options['apsl_facebook_settings']['apsl_profile_image_height'];
121
+ }else{
122
+ $height = 150;
123
+ }
124
 
125
+ $config = array('app_id' => $options['apsl_facebook_settings']['apsl_facebook_app_id'], 'app_secret' => $options['apsl_facebook_settings']['apsl_facebook_app_secret'], 'default_graph_version' => 'v2.4', 'persistent_data_handler' => 'session' );
126
+ include( APSL_PLUGIN_DIR . 'facebook/autoload.php' );
127
+ $fb = new Facebook\Facebook( $config );
128
 
129
+ $callback = $callBackUrl . 'apsl_login_id' . '=facebook_check';
130
 
131
+ if( $action == 'login' ) {
132
  // Well looks like we are a fresh dude, login to Facebook!
133
+ $helper = $fb->getRedirectLoginHelper();
134
  $permissions = array('email', 'public_profile'); // optional
135
  $loginUrl = $helper->getLoginUrl( $callback, $permissions );
136
 
137
+ $encoded_url = isset( $_GET['redirect_to'] ) ? esc_url($_GET['redirect_to']) : '';
138
  if( isset( $encoded_url ) && $encoded_url != '' ) {
139
  setcookie("apsl_login_redirect_url", $encoded_url, time()+3600);
140
  // $callback = $callBackUrl . 'apsl_login_id' . '=facebook_check&redirect_to=' . $encoded_url;
152
  if( isset( $_REQUEST['code'] ) ) {
153
  $helper = $fb->getRedirectLoginHelper();
154
  // Trick below will avoid "Cross-site request forgery validation failed. Required param "state" missing." from Facebook
155
+ $_SESSION['FBRLH_state'] = sanitize_text_field($_REQUEST['state']);
156
  try {
157
  $accessToken = $helper->getAccessToken($callback);
158
  }
211
 
212
  }
213
  else {
214
+ $return_user_details->deuimage = false;
215
+ // nothing there? .. weird, but okay!
216
  }
217
  $return_user_details->error_message = '';
218
  }
249
  $id = $user_details_by_email->ID;
250
  $sql = "SELECT * FROM `{$wpdb->prefix}apsl_users_social_profile_details` WHERE `user_id` LIKE '$id'; ";
251
  $row = $wpdb->get_row($sql);
 
252
  if(!$row){
253
+ self:: link_user($id, $result);
254
  }
255
  self:: loginUser( $id );
256
  die();
266
  exit();
267
  }else{
268
  if( ($row->provider_name == $result->deutype) && ($row->identifier == $result->deuid) ){
 
269
  self:: loginUser( $row->user_id );
270
  exit();
271
  }else{
273
  // need to handle an exception
274
  }
275
  }
276
+ $_SESSION['apsl_login_error_flag'] = 1;
277
  }else{
278
  if(isset($_REQUEST['denied'])){
279
+ $redirect_url = isset($_REQUEST['redirect_to']) ? sanitize_text_field($_REQUEST['redirect_to']) : site_url();
280
  $this->redirect($redirect_url);
281
  }
282
  die();
284
  }
285
 
286
  function twitterLogin() {
287
+ $site = $this->siteUrl();
288
+ $callBackUrl = $this->callBackUrl();
289
+ $response = new stdClass();
290
+ $exploder = explode( '_', sanitize_text_field($_GET['apsl_login_id'] ));
291
+ $action = $exploder[1];
292
+ @session_start();
293
+ $options = get_option( APSL_SETTINGS );
294
+ if( $action == 'login' ) {
 
295
  // Get identity from user and redirect browser to OpenID Server
296
+ if( !isset( $_REQUEST['oauth_token'] ) || $_REQUEST['oauth_token'] == '' ) {
297
+ $twitterObj = new TwitterOAuth( $options['apsl_twitter_settings']['apsl_twitter_api_key'], $options['apsl_twitter_settings']['apsl_twitter_api_secret'] );
298
+ $encoded_url = isset( $_GET['redirect_to'] ) ? esc_url($_GET['redirect_to']) : '';
299
+ if( isset( $encoded_url ) && $encoded_url != '' ) {
300
+ $callback = $callBackUrl . 'apsl_login_id' . '=twitter_check&redirect_to=' . $encoded_url;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
301
  }
302
  else {
303
+ $callback = $callBackUrl . 'apsl_login_id' . '=twitter_check';
 
 
304
  }
305
+
306
+ $request_token = $twitterObj->getRequestToken( $callback );
307
+ $_SESSION['oauth_twitter'] = array();
308
+ /* Save temporary credentials to session. */
309
+ $_SESSION['oauth_twitter']['oauth_token'] = $token = $request_token['oauth_token'];
310
+ $_SESSION['oauth_twitter']['oauth_token_secret'] = $request_token['oauth_token_secret'];
311
+ /* If last connection failed don't display authorization link. */
312
+ switch( $twitterObj->http_code ) {
313
+ case 200:
314
+ try {
315
+ $url = $twitterObj->getAuthorizeUrl( $token );
316
+ $this->redirect( $url );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
317
  }
318
+ catch( Exception $e ) {
319
  $response->status = 'ERROR';
320
  $response->error_code = 2;
321
+ $response->error_message = 'Could not get AuthorizeUrl.';
322
  }
323
+ break;
324
+ default:
325
+ $response->status = 'ERROR';
326
+ $response->error_code = 2;
327
+ $response->error_message = 'Could not connect to Twitter. Refresh the page or try again later.';
328
+ break;
329
+ }
330
+ }
331
+ else {
332
+ $response->status = 'ERROR';
333
+ $response->error_code = 2;
334
+ $response->error_message = 'INVALID AUTHORIZATION';
335
+ }
336
+ }
337
+ else if( isset( $_REQUEST['oauth_token'] ) && isset( $_REQUEST['oauth_verifier'] ) ) {
338
+ /* Create TwitteroAuth object with app key/secret and token key/secret from default phase */
339
+ $twitterObj = new TwitterOAuth( $options['apsl_twitter_settings']['apsl_twitter_api_key'], $options['apsl_twitter_settings']['apsl_twitter_api_secret'], $_SESSION['oauth_twitter']['oauth_token'], $_SESSION['oauth_twitter']['oauth_token_secret'] );
340
+ /* Remove no longer needed request tokens */
341
+ unset( $_SESSION['oauth_twitter'] );
342
+ try {
343
+ $access_token = $twitterObj->getAccessToken( $_REQUEST['oauth_verifier'] );
344
+ /* If HTTP response is 200 continue otherwise send to connect page to retry */
345
+ if( 200 == $twitterObj->http_code ) {
346
+ $user_profile = $twitterObj->get( 'account/verify_credentials', array(
347
+ 'screen_name' => $access_token['screen_name'],
348
+ 'skip_status' => 'true',
349
+ 'include_entities' => 'true',
350
+ 'include_email' => 'true'
351
+ )
352
+ );
353
+ /* Request access twitterObj from twitter */
354
+ $response->status = 'SUCCESS';
355
+ $response->deuid = $user_profile->id;
356
+ $response->deutype = 'twitter';
357
+ $response->name = explode( ' ', $user_profile->name, 2 );
358
+ $response->first_name = $response->name[0];
359
+ $response->last_name =( isset( $response->name[1] ) ) ? $response->name[1] : '';
360
+ $response->deuimage = $user_profile->profile_image_url_https;
361
+ $response->email = isset($user_profile->email) ? $user_profile->email : $user_profile->screen_name . '@twitter.com';
362
+ $response->username = ($user_profile->screen_name !='') ? strtolower($user_profile->screen_name) : $user_email;
363
+ $response->url = $user_profile->url;
364
+ $response->about = isset($user_profile->description) ? $user_profile->description : '';
365
+ $response->gender = isset($user_profile->gender) ? $user_profile->gender : 'N/A';
366
+ $response->location = $user_profile->location;
367
+ $response->error_message = '';
368
  }
369
+ else {
370
  $response->status = 'ERROR';
371
  $response->error_code = 2;
372
+ $response->error_message = 'Could not connect to Twitter. Refresh the page or try again later.';
373
  }
374
  }
375
+ catch( Exception $e ) {
376
+ $response->status = 'ERROR';
377
+ $response->error_code = 2;
378
+ $response->error_message = 'Could not get AccessToken.';
379
+ }
380
+ }
381
  else { // User Canceled your Request
382
  $response->status = 'ERROR';
383
  $response->error_code = 1;
402
  $sql = "SELECT * FROM `{$wpdb->prefix}apsl_users_social_profile_details` WHERE `user_id` LIKE '$id'; ";
403
  $row = $wpdb->get_row($sql);
404
  if(!$row){
405
+ self:: link_user($id, $result);
406
  }
407
  self:: loginUser( $id );
408
  die();
418
  exit();
419
  }else{
420
  if( ($row->provider_name == $result->deutype) && ($row->identifier == $result->deuid) ){
 
421
  self:: loginUser( $row->user_id );
422
  exit();
423
  }else{
424
  // user not found in our database
 
425
  }
426
  }
427
  }else{
428
  if(isset($_REQUEST['error'])){
429
  $_SESSION['apsl_login_error_flag'] = 1;
430
+ $redirect_url = isset($_REQUEST['redirect_to']) ? sanitize_text_field($_REQUEST['redirect_to']) : site_url();
431
  $this->redirect($redirect_url);
432
  }
433
  die();
435
  }
436
 
437
  function GoogleLogin() {
438
+ $post = $this->apsll_sanitize_array($_POST);
439
+ $get = $this->apsll_sanitize_array($_GET);
 
440
  $site = $this->siteUrl();
441
  $callBackUrl = $this->callBackUrl();
442
  $options = get_option( APSL_SETTINGS );
443
  $response = new stdClass();
444
+ $a = explode( '_', sanitize_text_field($_GET['apsl_login_id'] ));
445
  $action = $a[1];
446
  $client_id = $options['apsl_google_settings']['apsl_google_client_id'];
447
  $client_secret = $options['apsl_google_settings']['apsl_google_client_secret'];
448
 
449
  $site_url = site_url() . '/wp-admin';
450
+ $encoded_url = isset( $_GET['redirect_to'] ) ? sanitize_text_field($_GET['redirect_to']) : $site_url;
451
  $callback = $callBackUrl . 'apsl_login_id' . '=google_check';
452
 
453
  $redirect_uri = $callback;
456
  $client->setClientId( $client_id );
457
  $client->setClientSecret( $client_secret );
458
  $client->setRedirectUri( $redirect_uri );
 
459
 
460
  $client->setScopes([
461
  "profile", // can give: all we need, but no email
466
  $client->setState( base64_encode( "redirect_to=$encoded_url" ) );
467
  }
468
 
 
469
  $service = new Google_Service_Oauth2($client);
470
  if( $action == 'login' ) { // Get identity from user and redirect browser to OpenID Server
471
  unset($_SESSION['access_token']);
480
  }
481
  }
482
  elseif( isset( $_GET['code'] ) ) { // Perform HTTP Request to OpenID server to validate key
483
+ $client->authenticate( sanitize_text_field($_GET['code']));
484
  $_SESSION['access_token'] = $client->getAccessToken();
485
  $this->redirect( $redirect_uri . "&redirect_to=$encoded_url" );
486
  die();
489
  $client->setAccessToken( $_SESSION['access_token'] );
490
 
491
  try {
492
+ $user = $service->userinfo->get();
493
+ }
494
+ catch( Exception $fault ) {
495
+ unset( $_SESSION['access_token'] );
496
+ $ref_object = $this->accessProtected( $fault, 'errors' );
497
+ echo $ref_object[0]['message'] . " Please notify about this error to the Site Admin.";
498
+ die();
499
+ }
500
+
501
+ if( !empty( $user ) ) {
502
+ if( !empty( $user->email ) ) {
503
+
504
+ $response->email = $user->email;
505
+ $response->username = ($user->givenName != '') ? strtolower($user->givenName) : $user->email;
506
+ $response->first_name = $user->givenName;
507
+ $response->last_name = $user->familyName;
508
+ $response->deuid = $user->emails[0]->value;
509
+ $imageUrl = substr($user->picture, 0, strpos($user->picture . "?sz=", "?sz=")) . '?sz=450';
510
+ $response->deuimage = $imageUrl;
511
+ $response->gender = isset($user->gender) ? $user->gender : 'N/A';
512
+ $response->id = $user->id;
513
+ $response->about = $user->aboutMe;
514
+ $response->url = $user->url;
515
+ $response->deutype = 'google';
516
+ $response->status = 'SUCCESS';
517
+ $response->error_message = '';
518
  }
519
+ else {
520
+ $response->status = 'ERROR';
521
+ $response->error_code = 2;
522
+ $response->error_message = "INVALID AUTHORIZATION";
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
523
  }
524
+ }
525
  else { // Signature Verification Failed
526
  $response->status = 'ERROR';
527
  $response->error_code = 2;
541
  }
542
 
543
  function callBackUrl() {
 
544
  $url = wp_login_url();
545
  if( strpos( $url, '?' ) === false ) {
546
  $url.= '?';
641
  if( $reauth )wp_clear_auth_cookie();
642
 
643
  if( isset( $_REQUEST['redirect_to'] ) ) {
644
+ $redirect_to = sanitize_text_field($_REQUEST['redirect_to']);
645
  // Redirect to https if user wants ssl
646
  if( isset( $secure_cookie ) && false !== strpos( $redirect_to, 'wp-admin' ) )$redirect_to = preg_replace( '|^http://|', 'https://', $redirect_to );
647
  }
656
  if( !$this->set_cookies( $user_id ) ) {
657
  return false;
658
  }
659
+ $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? sanitize_text_field($_REQUEST['redirect_to']) : site_url();
660
  $user_login_url = apply_filters( 'login_redirect', $redirect_to, $requested_redirect_to, $user );
661
 
662
  $options = get_option( APSL_SETTINGS );
666
  }
667
  else if( $options['apsl_custom_login_redirect_options'] == 'current_page' ) {
668
  if( isset( $_REQUEST['redirect_to'] ) ) {
669
+ $redirect_to = sanitize_text_field($_REQUEST['redirect_to']);
670
+
671
  // Redirect to https if user wants ssl
672
  if( isset( $secure_cookie ) && false !== strpos( $redirect_to, 'wp-admin' ) )$user_login_url = preg_replace( '|^http://|', 'https://', $redirect_to );
673
  }
677
  }
678
  else if( $options['apsl_custom_login_redirect_options'] == 'custom_page' ) {
679
  if( $options['apsl_custom_login_redirect_link'] != '' ) {
680
+ $login_page = esc_url($options['apsl_custom_login_redirect_link']);
681
  $user_login_url = $login_page;
682
  }
683
  else {
691
  $redirect_to = $user_login_url;
692
  $redirect_to = apply_filters( 'login_redirect', $redirect_to );
693
  $redirect_to = isset($_COOKIE["apsl_login_redirect_url"]) ? urldecode($_COOKIE["apsl_login_redirect_url"]) : $redirect_to;
 
694
  wp_safe_redirect( $redirect_to );
695
  exit();
696
  }
702
  }
703
  $pageURL.= "://";
704
  if( $_SERVER["SERVER_PORT"] != "80" ) {
705
+ $pageURL.= sanitize_text_field($_SERVER["SERVER_NAME"]) . ":" . sanitize_text_field($_SERVER["SERVER_PORT"]) . sanitize_text_field($_SERVER["REQUEST_URI"]);
706
  }
707
  else {
708
+ $pageURL.= sanitize_text_field($_SERVER["SERVER_NAME"]) . sanitize_text_field($_SERVER["REQUEST_URI"]);
709
  }
710
  return $pageURL;
711
  }
733
 
734
  $table_name = $apsl_userdetails;
735
  $submit_array = array(
736
+ "user_id" => $id,
737
+ "provider_name" => $result->deutype,
738
+ "identifier" => $result->deuid,
739
+ "unique_verifier" => $unique_verifier,
740
+ "email" => $result->email,
741
+ "first_name" => $first_name,
742
+ "last_name" => $last_name,
743
+ "profile_url" =>$profile_url,
744
+ "photo_url" =>$photo_url,
745
+ "display_name" =>$display_name,
746
+ "description" =>$description,
747
+ "gender" =>$result->gender
748
+ );
749
  $user_profile_details = $result;
750
  $wpdb->insert($table_name, $submit_array );
751
  if(!$result){
752
+ echo __("Data insertion failed");
 
753
  }
754
  }
755
 
768
  wp_update_user( array(
769
  'ID' => $id,
770
  'display_name' => $result->first_name . ' ' . $result->last_name,
 
771
  'user_url' => $result->url
772
  ) );
773
 
784
 
785
  $table_name = $apsl_userdetails;
786
  $submit_array = array(
787
+ "user_id" => $id,
788
+ "provider_name" => $result->deutype,
789
+ "identifier" => $result->deuid,
790
+ "unique_verifier" => $unique_verifier,
791
+ "email" => $result->email,
792
+ "first_name" => $first_name,
793
+ "last_name" => $last_name,
794
+ "profile_url" =>$profile_url,
795
+ "photo_url" =>$photo_url,
796
+ "display_name" =>$display_name,
797
+ "description" =>$description,
798
+ "gender" =>$result->gender
799
+ );
800
  $user_profile_details = $result;
801
  $wpdb->insert($table_name, $submit_array );
802
 
 
 
 
803
  if(!$result){
804
  echo "Data insertion failed";
 
805
  }
806
  }
807
 
808
+
809
+
810
+
811
  } //termination of a class
812
 
813
  } //end of if statement
inc/frontend/login_integration.php CHANGED
@@ -2,7 +2,7 @@
2
  defined( 'ABSPATH' ) or die( "No script kiddies please!" );
3
  $options = get_option( APSL_SETTINGS );
4
  if ( !empty( $_GET['redirect'] ) )
5
- $current_url = $_GET['redirect'];
6
  else
7
  $current_url = APSL_Lite_Login_Check_Class::curPageURL();
8
 
@@ -26,7 +26,6 @@ if( isset( $options['apsl_custom_login_redirect_options'] ) && $options['apsl_cu
26
  $user_login_url = home_url();
27
  }
28
 
29
- // $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
30
 
31
  $encoded_url = urlencode( $user_login_url );
32
  ?>
2
  defined( 'ABSPATH' ) or die( "No script kiddies please!" );
3
  $options = get_option( APSL_SETTINGS );
4
  if ( !empty( $_GET['redirect'] ) )
5
+ $current_url = esc_url($_GET['redirect']);
6
  else
7
  $current_url = APSL_Lite_Login_Check_Class::curPageURL();
8
 
26
  $user_login_url = home_url();
27
  }
28
 
 
29
 
30
  $encoded_url = urlencode( $user_login_url );
31
  ?>
inc/frontend/shortcode.php CHANGED
@@ -7,7 +7,7 @@ if ( is_user_logged_in() ) {
7
  $user_info .= get_avatar( $current_user->ID, 20 );
8
 
9
  if ( !empty( $_GET['redirect'] ) )
10
- $current_url = $_GET['redirect'];
11
  else
12
  $current_url = APSL_Lite_Login_Check_Class::curPageURL();
13
 
@@ -36,7 +36,7 @@ if ( is_user_logged_in() ) {
36
  }
37
  else if( $options['apsl_custom_login_redirect_options'] == 'current_page' ) {
38
  if ( !empty( $_GET['redirect'] ) )
39
- $current_url = $_GET['redirect'];
40
  else
41
  $current_url = APSL_Lite_Login_Check_Class::curPageURL();
42
 
@@ -55,8 +55,6 @@ if ( is_user_logged_in() ) {
55
  $user_login_url = home_url();
56
  }
57
 
58
- // $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
59
-
60
  $encoded_url = urlencode( $user_login_url );
61
  $theme = $options['apsl_icon_theme'];
62
  ?>
7
  $user_info .= get_avatar( $current_user->ID, 20 );
8
 
9
  if ( !empty( $_GET['redirect'] ) )
10
+ $current_url = esc_url($_GET['redirect']);
11
  else
12
  $current_url = APSL_Lite_Login_Check_Class::curPageURL();
13
 
36
  }
37
  else if( $options['apsl_custom_login_redirect_options'] == 'current_page' ) {
38
  if ( !empty( $_GET['redirect'] ) )
39
+ $current_url = esc_url($_GET['redirect']);
40
  else
41
  $current_url = APSL_Lite_Login_Check_Class::curPageURL();
42
 
55
  $user_login_url = home_url();
56
  }
57
 
 
 
58
  $encoded_url = urlencode( $user_login_url );
59
  $theme = $options['apsl_icon_theme'];
60
  ?>
js/frontend.js CHANGED
@@ -1,4 +1,5 @@
1
  jQuery(document).ready( function($){
 
2
  $('.show-apsl-container').on('click', function(e){
3
  e.preventDefault();
4
  $('.apsl-container').slideToggle();
1
  jQuery(document).ready( function($){
2
+ "use strict";
3
  $('.show-apsl-container').on('click', function(e){
4
  e.preventDefault();
5
  $('.apsl-container').slideToggle();
readme.txt CHANGED
@@ -4,7 +4,7 @@ Tags: social, login, social login, facebook, twitter, google, social connect, s
4
  Donate link: http://accesspressthemes.com/donation/
5
  Requires at least: 3.8
6
  Tested up to: 5.0
7
- Stable tag: 3.4.1
8
  Requires PHP: 5.4
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -12,7 +12,6 @@ License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
  No WordPress account and user credentials to remember, login using any of the most popular 3 social media accounts!
13
 
14
  == Description ==
15
- Tested With 5.0
16
 
17
  [Homepage](https://accesspressthemes.com/) | [Documentation](https://accesspressthemes.com/documentation/documentationplugin-instruction-accesspress-social-login-lite/) | [Support](https://accesspressthemes.com/support) | [Demo](http://demo.accesspressthemes.com/wordpress-plugins/accesspress-social-login-lite/) | [Premium Version](https://accesspressthemes.com/wordpress-plugins/accesspress-social-login/)
18
 
@@ -132,13 +131,12 @@ No, you won't need to get any trouble regarding design and layout of the icons s
132
  Yes. You can use the AccessPress social login lite anywhere by using the shortcode in your templates files or in posts and pages content. Also, you can use login widget in the sidebar.
133
 
134
  == Screenshots ==
135
- 1. Backend Display of Social Login.
136
- 2. Frontend Display of Social Login.
137
- 3. Backend Networks settings section.
138
- 4. Backend Other settings Section.
139
 
140
  == Changelog ==
141
 
 
 
142
 
143
  = 3.4.1 =
144
  * Issue resolved for google+ login being shutdown and migrate to google OAuth.
4
  Donate link: http://accesspressthemes.com/donation/
5
  Requires at least: 3.8
6
  Tested up to: 5.0
7
+ Stable tag: 3.4.2
8
  Requires PHP: 5.4
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
  No WordPress account and user credentials to remember, login using any of the most popular 3 social media accounts!
13
 
14
  == Description ==
 
15
 
16
  [Homepage](https://accesspressthemes.com/) | [Documentation](https://accesspressthemes.com/documentation/documentationplugin-instruction-accesspress-social-login-lite/) | [Support](https://accesspressthemes.com/support) | [Demo](http://demo.accesspressthemes.com/wordpress-plugins/accesspress-social-login-lite/) | [Premium Version](https://accesspressthemes.com/wordpress-plugins/accesspress-social-login/)
17
 
131
  Yes. You can use the AccessPress social login lite anywhere by using the shortcode in your templates files or in posts and pages content. Also, you can use login widget in the sidebar.
132
 
133
  == Screenshots ==
134
+ 1. Backend Networks settings section.
 
 
 
135
 
136
  == Changelog ==
137
 
138
+ = 3.4.2 =
139
+ * Various unwanted and commented code removed with security check.
140
 
141
  = 3.4.1 =
142
  * Issue resolved for google+ login being shutdown and migrate to google OAuth.