Version Description
Upgrade recommended Increased security - uses an extra authenticity check Better support for mal-configured Google credentials No longer uses PHP-based sessions - will work on even more WordPress configurations
Download this release
Release Info
Developer | danlester |
Plugin | Google Apps Login |
Version | 1.1 |
Comparing to | |
See all releases |
Code changes from version 1.0 to 1.1
- google_apps_login.php +130 -90
- readme.txt +6 -0
- uninstall.php +15 -0
google_apps_login.php
CHANGED
@@ -4,7 +4,7 @@
|
|
4 |
* Plugin Name: Google Apps Login
|
5 |
* Plugin URI: http://wp-glogin.com/
|
6 |
* Description: Easy login for your Wordpress users by using their Google accounts (uses OAuth2 and requires a Google Apps domain).
|
7 |
-
* Version: 1.
|
8 |
* Author: Dan Lester
|
9 |
* Author URI: http://danlester.com/
|
10 |
* License: GPL3
|
@@ -12,12 +12,27 @@
|
|
12 |
|
13 |
class google_apps_login {
|
14 |
|
15 |
-
function
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
16 |
require_once 'googleclient/Google_Client.php';
|
17 |
require_once 'googleclient/contrib/Google_Oauth2Service.php';
|
18 |
|
19 |
-
$options = get_option('galogin');
|
20 |
-
|
21 |
$client = new Google_Client();
|
22 |
$client->setApplicationName("Wordpress Blog");
|
23 |
|
@@ -33,7 +48,7 @@ class google_apps_login {
|
|
33 |
return Array($client, $oauthservice);
|
34 |
}
|
35 |
|
36 |
-
function ga_login_styles() { ?>
|
37 |
<style type="text/css">
|
38 |
form#loginform div.galogin {
|
39 |
float: right;
|
@@ -64,23 +79,22 @@ class google_apps_login {
|
|
64 |
</style>
|
65 |
<?php }
|
66 |
|
67 |
-
function ga_login_form() {
|
68 |
-
|
69 |
-
|
70 |
-
$clients = self::createGoogleClient();
|
71 |
$client = $clients[0];
|
72 |
|
73 |
// Generate a CSRF token
|
74 |
-
$state =
|
75 |
-
$
|
76 |
-
|
77 |
-
|
78 |
-
|
79 |
-
if (array_key_exists('redirect_to', $_REQUEST)) {
|
80 |
-
$_SESSION['galogin_redirect_to'] = $_REQUEST['redirect_to'];
|
81 |
-
}
|
82 |
|
83 |
$authUrl = $client->createAuthUrl();
|
|
|
|
|
|
|
84 |
?>
|
85 |
<div class="galogin">
|
86 |
<a href="<?php echo $authUrl; ?>">or <b>Login with Google</b></a>
|
@@ -88,21 +102,40 @@ class google_apps_login {
|
|
88 |
<?php
|
89 |
}
|
90 |
|
91 |
-
function ga_authenticate($user) {
|
92 |
if (isset($_REQUEST['error'])) {
|
93 |
$user = new WP_Error('ga_login_error', $_REQUEST['error'] == 'access_denied' ? 'You did not grant access' : $_REQUEST['error']);
|
94 |
-
return
|
95 |
}
|
96 |
|
97 |
-
$
|
|
|
98 |
$client = $clients[0];
|
99 |
$oauthservice = $clients[1];
|
100 |
|
101 |
if (isset($_GET['code'])) {
|
102 |
-
if (
|
103 |
-
|
104 |
-
$user
|
105 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
106 |
}
|
107 |
|
108 |
try {
|
@@ -138,9 +171,10 @@ class google_apps_login {
|
|
138 |
$user = new WP_Error('ga_login_error', 'User '.$google_email.' not registered in Wordpress');
|
139 |
}
|
140 |
else {
|
141 |
-
if
|
142 |
-
|
143 |
-
|
|
|
144 |
}
|
145 |
}
|
146 |
}
|
@@ -152,17 +186,14 @@ class google_apps_login {
|
|
152 |
}
|
153 |
}
|
154 |
|
155 |
-
// Tidy things up for next time
|
156 |
-
self::_ga_unset_session();
|
157 |
-
|
158 |
if (is_wp_error($user)) {
|
159 |
-
|
160 |
}
|
161 |
|
162 |
return $user;
|
163 |
}
|
164 |
|
165 |
-
function displayAndReturnError($user) {
|
166 |
if (is_wp_error($user) && get_bloginfo('version') < 3.7) {
|
167 |
// Only newer wordpress versions display errors from $user for us
|
168 |
global $error;
|
@@ -171,52 +202,42 @@ class google_apps_login {
|
|
171 |
return $user;
|
172 |
}
|
173 |
|
174 |
-
function ga_init() {
|
175 |
-
if(
|
176 |
-
|
177 |
-
|
178 |
-
|
179 |
-
|
180 |
-
|
181 |
-
|
182 |
-
wp_redirect($url);
|
183 |
-
exit;
|
184 |
-
}
|
185 |
-
}
|
186 |
-
|
187 |
-
function _ga_unset_session() {
|
188 |
-
// Reset session state
|
189 |
-
if (session_id()) {
|
190 |
-
if (array_key_exists('galogin_redirect_to', $_SESSION)) {
|
191 |
-
unset($_SESSION['galogin_redirect_to']);
|
192 |
-
}
|
193 |
-
if (array_key_exists('galogin_state', $_SESSION)) {
|
194 |
-
unset($_SESSION['galogin_state']);
|
195 |
-
unset($_SESSION['state']);
|
196 |
}
|
197 |
}
|
|
|
|
|
|
|
|
|
198 |
}
|
199 |
|
200 |
-
function ga_admin_init() {
|
201 |
|
202 |
-
register_setting( 'galogin_options', 'galogin', Array(
|
203 |
|
204 |
add_settings_section('galogin_main_section', 'Main Settings',
|
205 |
-
array(
|
206 |
|
207 |
add_settings_field('ga_clientid', 'Client ID',
|
208 |
-
array(
|
209 |
add_settings_field('ga_clientsecret', 'Client Secret',
|
210 |
-
array(
|
211 |
}
|
212 |
|
213 |
-
function ga_admin_menu() {
|
214 |
add_options_page('Google Apps Login settings', 'Google Apps Login',
|
215 |
'manage_options', 'galogin_list_options',
|
216 |
-
array(
|
217 |
}
|
218 |
|
219 |
-
function ga_options_do_page() { ?>
|
220 |
<div>
|
221 |
<h2>Google Apps Login setup</h2>
|
222 |
Set up your blog to enable Google logins.
|
@@ -228,19 +249,19 @@ class google_apps_login {
|
|
228 |
</form></div> <?php
|
229 |
}
|
230 |
|
231 |
-
function ga_do_settings_clientid() {
|
232 |
-
$options =
|
233 |
echo "<input id='plugin_text_string' name='galogin[ga_clientid]' size='80' type='text' value='{$options['ga_clientid']}' />";
|
234 |
echo "<br /><span>Normally something like 1234567890123.apps.googleusercontent.com</span>";
|
235 |
}
|
236 |
|
237 |
-
function ga_do_settings_clientsecret() {
|
238 |
-
$options =
|
239 |
echo "<input id='plugin_text_string' name='galogin[ga_clientsecret]' size='40' type='text' value='{$options['ga_clientsecret']}' />";
|
240 |
echo "<br /><span>Normally something like sHSfR4_jf_2jsy-kjPjgf2dT</span>";
|
241 |
}
|
242 |
|
243 |
-
function ga_section_text() {
|
244 |
?>
|
245 |
<p>The Google Apps domain admin needs to go to
|
246 |
<a href="https://cloud.google.com/console" target="_blank">https://cloud.google.com/console</a>. If you
|
@@ -261,7 +282,17 @@ class google_apps_login {
|
|
261 |
</p>
|
262 |
<p>You must input, into your new Google application, the following items:
|
263 |
<ul style="margin-left: 10px;">
|
264 |
-
<li>Web Origin: <?php echo
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
265 |
<li>Redirect URL: <?php echo wp_login_url(); ?></li>
|
266 |
<?php
|
267 |
if (force_ssl_login() && strtolower(substr(wp_login_url(),0,7)) == 'http://') {
|
@@ -283,12 +314,14 @@ class google_apps_login {
|
|
283 |
<i>Consent screen</i> (which is another sub-menu of <i>APIs & Auth</i>).
|
284 |
</p>
|
285 |
|
286 |
-
<p><b>For support and premium features, please visit:
|
|
|
|
|
287 |
|
288 |
<?php
|
289 |
}
|
290 |
|
291 |
-
function ga_options_validate($input) {
|
292 |
$newinput = Array();
|
293 |
$newinput['ga_clientid'] = trim($input['ga_clientid']);
|
294 |
$newinput['ga_clientsecret'] = trim($input['ga_clientsecret']);
|
@@ -311,28 +344,35 @@ class google_apps_login {
|
|
311 |
return $newinput;
|
312 |
}
|
313 |
|
314 |
-
|
315 |
-
|
316 |
-
|
317 |
-
|
318 |
-
|
319 |
-
|
320 |
-
|
321 |
-
|
322 |
-
|
323 |
-
|
324 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
325 |
}
|
326 |
}
|
327 |
|
328 |
-
|
329 |
-
add_action('login_form', array('google_apps_login', 'ga_login_form'));
|
330 |
-
add_action('authenticate', array('google_apps_login', 'ga_authenticate'));
|
331 |
-
add_action('init', array('google_apps_login', 'ga_init'), 1);
|
332 |
-
|
333 |
-
add_action('admin_init', array('google_apps_login', 'ga_admin_init'));
|
334 |
-
add_action('admin_menu', array('google_apps_login', 'ga_admin_menu'));
|
335 |
-
|
336 |
-
register_uninstall_hook(__FILE__, array('google_apps_login', 'ga_on_uninstall'));
|
337 |
|
338 |
?>
|
4 |
* Plugin Name: Google Apps Login
|
5 |
* Plugin URI: http://wp-glogin.com/
|
6 |
* Description: Easy login for your Wordpress users by using their Google accounts (uses OAuth2 and requires a Google Apps domain).
|
7 |
+
* Version: 1.1
|
8 |
* Author: Dan Lester
|
9 |
* Author URI: http://danlester.com/
|
10 |
* License: GPL3
|
12 |
|
13 |
class google_apps_login {
|
14 |
|
15 |
+
public function __construct() {
|
16 |
+
$this->add_actions();
|
17 |
+
}
|
18 |
+
|
19 |
+
protected $newcookievalue = null;
|
20 |
+
protected function get_cookie_value() {
|
21 |
+
if (!$this->newcookievalue) {
|
22 |
+
if (isset($_COOKIE['google_apps_login'])) {
|
23 |
+
$this->newcookievalue = $_COOKIE['google_apps_login'];
|
24 |
+
}
|
25 |
+
else {
|
26 |
+
$this->newcookievalue = md5(rand());
|
27 |
+
}
|
28 |
+
}
|
29 |
+
return $this->newcookievalue;
|
30 |
+
}
|
31 |
+
|
32 |
+
protected function createGoogleClient($options) {
|
33 |
require_once 'googleclient/Google_Client.php';
|
34 |
require_once 'googleclient/contrib/Google_Oauth2Service.php';
|
35 |
|
|
|
|
|
36 |
$client = new Google_Client();
|
37 |
$client->setApplicationName("Wordpress Blog");
|
38 |
|
48 |
return Array($client, $oauthservice);
|
49 |
}
|
50 |
|
51 |
+
public function ga_login_styles() { ?>
|
52 |
<style type="text/css">
|
53 |
form#loginform div.galogin {
|
54 |
float: right;
|
79 |
</style>
|
80 |
<?php }
|
81 |
|
82 |
+
public function ga_login_form() {
|
83 |
+
$options = $this->get_option_galogin();
|
84 |
+
$clients = $this->createGoogleClient($options);
|
|
|
85 |
$client = $clients[0];
|
86 |
|
87 |
// Generate a CSRF token
|
88 |
+
$state = wp_create_nonce('google_apps_login');
|
89 |
+
$client->setState(urlencode($state
|
90 |
+
.'|'.$this->get_cookie_value()
|
91 |
+
.'|'.(array_key_exists('redirect_to', $_REQUEST) ? $_REQUEST['redirect_to'] : '')
|
92 |
+
));
|
|
|
|
|
|
|
93 |
|
94 |
$authUrl = $client->createAuthUrl();
|
95 |
+
if ($client->getClientId() == "") {
|
96 |
+
$authUrl = "http://wp-glogin.com/installing-google-apps-login/#main-settings";
|
97 |
+
}
|
98 |
?>
|
99 |
<div class="galogin">
|
100 |
<a href="<?php echo $authUrl; ?>">or <b>Login with Google</b></a>
|
102 |
<?php
|
103 |
}
|
104 |
|
105 |
+
public function ga_authenticate($user) {
|
106 |
if (isset($_REQUEST['error'])) {
|
107 |
$user = new WP_Error('ga_login_error', $_REQUEST['error'] == 'access_denied' ? 'You did not grant access' : $_REQUEST['error']);
|
108 |
+
return $this->displayAndReturnError($user);
|
109 |
}
|
110 |
|
111 |
+
$options = $this->get_option_galogin();
|
112 |
+
$clients = $this->createGoogleClient($options);
|
113 |
$client = $clients[0];
|
114 |
$oauthservice = $clients[1];
|
115 |
|
116 |
if (isset($_GET['code'])) {
|
117 |
+
if (!isset($_REQUEST['state'])) {
|
118 |
+
$user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem setting state");
|
119 |
+
return $this->displayAndReturnError($user);
|
120 |
+
}
|
121 |
+
|
122 |
+
$statevars = explode('|', urldecode($_REQUEST['state']));
|
123 |
+
if (count($statevars) != 3) {
|
124 |
+
$user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem computing state");
|
125 |
+
return $this->displayAndReturnError($user);
|
126 |
+
}
|
127 |
+
$retnonce = $statevars[0];
|
128 |
+
$retcookie = $statevars[1];
|
129 |
+
$retredirectto = $statevars[2];
|
130 |
+
|
131 |
+
if (!wp_verify_nonce($retnonce, 'google_apps_login')) {
|
132 |
+
$user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem setting nonce");
|
133 |
+
return $this->displayAndReturnError($user);
|
134 |
+
}
|
135 |
+
|
136 |
+
if (!isset($_COOKIE['google_apps_login']) || $retcookie != $_COOKIE['google_apps_login']) {
|
137 |
+
$user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem setting cookie");
|
138 |
+
return $this->displayAndReturnError($user);
|
139 |
}
|
140 |
|
141 |
try {
|
171 |
$user = new WP_Error('ga_login_error', 'User '.$google_email.' not registered in Wordpress');
|
172 |
}
|
173 |
else {
|
174 |
+
// Set redirect for next load - including if "" to force reset to no redirect
|
175 |
+
setcookie('galogin_do_redirect_to', $retredirectto, time()+60, '/');
|
176 |
+
// Reset client-side login cookie so it doesn't expire on us next login time
|
177 |
+
setcookie('google_apps_login', '', time()-3600, '/');
|
178 |
}
|
179 |
}
|
180 |
}
|
186 |
}
|
187 |
}
|
188 |
|
|
|
|
|
|
|
189 |
if (is_wp_error($user)) {
|
190 |
+
$this->displayAndReturnError($user);
|
191 |
}
|
192 |
|
193 |
return $user;
|
194 |
}
|
195 |
|
196 |
+
protected function displayAndReturnError($user) {
|
197 |
if (is_wp_error($user) && get_bloginfo('version') < 3.7) {
|
198 |
// Only newer wordpress versions display errors from $user for us
|
199 |
global $error;
|
202 |
return $user;
|
203 |
}
|
204 |
|
205 |
+
public function ga_init() {
|
206 |
+
if (isset($_COOKIE['galogin_do_redirect_to'])) {
|
207 |
+
$do_redirect = $_COOKIE['galogin_do_redirect_to'];
|
208 |
+
setcookie('galogin_do_redirect_to', '', time()-3600, '/');
|
209 |
+
|
210 |
+
if ($do_redirect != "") {
|
211 |
+
wp_redirect($do_redirect);
|
212 |
+
exit;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
213 |
}
|
214 |
}
|
215 |
+
|
216 |
+
if (!isset($_COOKIE['google_apps_login']) && $GLOBALS['pagenow'] == 'wp-login.php') {
|
217 |
+
setcookie('google_apps_login', $this->get_cookie_value(), time()+1800, '/');
|
218 |
+
}
|
219 |
}
|
220 |
|
221 |
+
public function ga_admin_init() {
|
222 |
|
223 |
+
register_setting( 'galogin_options', 'galogin', Array($this, 'ga_options_validate') );
|
224 |
|
225 |
add_settings_section('galogin_main_section', 'Main Settings',
|
226 |
+
array($this, 'ga_section_text'), 'galogin');
|
227 |
|
228 |
add_settings_field('ga_clientid', 'Client ID',
|
229 |
+
array($this, 'ga_do_settings_clientid'), 'galogin', 'galogin_main_section');
|
230 |
add_settings_field('ga_clientsecret', 'Client Secret',
|
231 |
+
array($this, 'ga_do_settings_clientsecret'), 'galogin', 'galogin_main_section');
|
232 |
}
|
233 |
|
234 |
+
public function ga_admin_menu() {
|
235 |
add_options_page('Google Apps Login settings', 'Google Apps Login',
|
236 |
'manage_options', 'galogin_list_options',
|
237 |
+
array($this, 'ga_options_do_page'));
|
238 |
}
|
239 |
|
240 |
+
public function ga_options_do_page() { ?>
|
241 |
<div>
|
242 |
<h2>Google Apps Login setup</h2>
|
243 |
Set up your blog to enable Google logins.
|
249 |
</form></div> <?php
|
250 |
}
|
251 |
|
252 |
+
public function ga_do_settings_clientid() {
|
253 |
+
$options = $this->get_option_galogin();
|
254 |
echo "<input id='plugin_text_string' name='galogin[ga_clientid]' size='80' type='text' value='{$options['ga_clientid']}' />";
|
255 |
echo "<br /><span>Normally something like 1234567890123.apps.googleusercontent.com</span>";
|
256 |
}
|
257 |
|
258 |
+
public function ga_do_settings_clientsecret() {
|
259 |
+
$options = $this->get_option_galogin();
|
260 |
echo "<input id='plugin_text_string' name='galogin[ga_clientsecret]' size='40' type='text' value='{$options['ga_clientsecret']}' />";
|
261 |
echo "<br /><span>Normally something like sHSfR4_jf_2jsy-kjPjgf2dT</span>";
|
262 |
}
|
263 |
|
264 |
+
public function ga_section_text() {
|
265 |
?>
|
266 |
<p>The Google Apps domain admin needs to go to
|
267 |
<a href="https://cloud.google.com/console" target="_blank">https://cloud.google.com/console</a>. If you
|
282 |
</p>
|
283 |
<p>You must input, into your new Google application, the following items:
|
284 |
<ul style="margin-left: 10px;">
|
285 |
+
<li>Web Origin: <?php echo (is_ssl() ? 'https://' : 'http://').$_SERVER['HTTP_HOST'].'/'; ?></li>
|
286 |
+
<?php
|
287 |
+
if (is_ssl()) {
|
288 |
+
?>
|
289 |
+
<li>
|
290 |
+
Web Origin (add a 2nd entry): http://<?php echo $_SERVER['HTTP_HOST'].'/'; ?>
|
291 |
+
</li>
|
292 |
+
<?php
|
293 |
+
}
|
294 |
+
?>
|
295 |
+
|
296 |
<li>Redirect URL: <?php echo wp_login_url(); ?></li>
|
297 |
<?php
|
298 |
if (force_ssl_login() && strtolower(substr(wp_login_url(),0,7)) == 'http://') {
|
314 |
<i>Consent screen</i> (which is another sub-menu of <i>APIs & Auth</i>).
|
315 |
</p>
|
316 |
|
317 |
+
<p><b>For support and premium features, please visit:
|
318 |
+
<a href="http://wp-glogin.com/?utm_source=Admin%20Panel&utm_medium=freemium&utm_campaign=Freemium" target="_blank">http://wp-glogin.com/</a></b>
|
319 |
+
</p>
|
320 |
|
321 |
<?php
|
322 |
}
|
323 |
|
324 |
+
public function ga_options_validate($input) {
|
325 |
$newinput = Array();
|
326 |
$newinput['ga_clientid'] = trim($input['ga_clientid']);
|
327 |
$newinput['ga_clientsecret'] = trim($input['ga_clientsecret']);
|
344 |
return $newinput;
|
345 |
}
|
346 |
|
347 |
+
static $default_options = Array( 'ga_clientid' => '', 'ga_clientsecret' => '');
|
348 |
+
private $ga_options = null;
|
349 |
+
protected function get_option_galogin() {
|
350 |
+
if ($this->ga_options != null) {
|
351 |
+
return $this->ga_options;
|
352 |
+
}
|
353 |
+
|
354 |
+
$option = get_option('galogin');
|
355 |
+
|
356 |
+
foreach (self::$default_options as $k => $v) {
|
357 |
+
if (!isset($option[$k])) {
|
358 |
+
$option[$k] = $v;
|
359 |
+
}
|
360 |
+
}
|
361 |
+
$this->ga_options = $option;
|
362 |
+
return $this->ga_options;
|
363 |
+
}
|
364 |
+
|
365 |
+
protected function add_actions() {
|
366 |
+
add_action('login_enqueue_scripts', array($this, 'ga_login_styles'));
|
367 |
+
add_action('login_form', array($this, 'ga_login_form'));
|
368 |
+
add_action('authenticate', array($this, 'ga_authenticate'), 5, 3);
|
369 |
+
add_action('init', array($this, 'ga_init'), 1);
|
370 |
+
|
371 |
+
add_action('admin_init', array($this, 'ga_admin_init'));
|
372 |
+
add_action('admin_menu', array($this, 'ga_admin_menu'));
|
373 |
}
|
374 |
}
|
375 |
|
376 |
+
$ga_google_apps_login_plugin = new google_apps_login();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
377 |
|
378 |
?>
|
readme.txt
CHANGED
@@ -71,6 +71,12 @@ the Plugins section of your Wordpress admin
|
|
71 |
|
72 |
== Upgrade Notice ==
|
73 |
|
|
|
|
|
|
|
|
|
|
|
|
|
74 |
= 1.0 =
|
75 |
All existing versions are functionally identical - no need to upgrade.
|
76 |
|
71 |
|
72 |
== Upgrade Notice ==
|
73 |
|
74 |
+
= 1.1 =
|
75 |
+
Upgrade recommended
|
76 |
+
Increased security - uses an extra authenticity check
|
77 |
+
Better support for mal-configured Google credentials
|
78 |
+
No longer uses PHP-based sessions - will work on even more WordPress configurations
|
79 |
+
|
80 |
= 1.0 =
|
81 |
All existing versions are functionally identical - no need to upgrade.
|
82 |
|
uninstall.php
ADDED
@@ -0,0 +1,15 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
/*
|
3 |
+
* Remove plugin data
|
4 |
+
*/
|
5 |
+
|
6 |
+
if (!defined('ABSPATH') && !defined('WP_UNINSTALL_PLUGIN')) {
|
7 |
+
exit;
|
8 |
+
}
|
9 |
+
|
10 |
+
if (!current_user_can('activate_plugins'))
|
11 |
+
exit;
|
12 |
+
|
13 |
+
delete_option('galogin');
|
14 |
+
|
15 |
+
?>
|