Google Apps Login - Version 1.2

Version Description

Download this release

Release Info

Developer danlester
Plugin Icon 128x128 Google Apps Login
Version 1.2
Comparing to
See all releases

Code changes from version 1.1 to 1.2

core/core_google_apps_login.php ADDED
@@ -0,0 +1,515 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ /**
4
+ * Plugin component common to all versions of Google Apps Login
5
+ */
6
+
7
+ class core_google_apps_login {
8
+
9
+ public function __construct() {
10
+ $this->add_actions();
11
+ }
12
+
13
+ protected $newcookievalue = null;
14
+ protected function get_cookie_value() {
15
+ if (!$this->newcookievalue) {
16
+ if (isset($_COOKIE['google_apps_login'])) {
17
+ $this->newcookievalue = $_COOKIE['google_apps_login'];
18
+ }
19
+ else {
20
+ $this->newcookievalue = md5(rand());
21
+ }
22
+ }
23
+ return $this->newcookievalue;
24
+ }
25
+
26
+ protected function createGoogleClient($options) {
27
+ require_once( plugin_dir_path(__FILE__).'/../googleclient/Google_Client.php' );
28
+ require_once( plugin_dir_path(__FILE__).'/../googleclient/contrib/Google_Oauth2Service.php' );
29
+
30
+ $client = new Google_Client();
31
+ $client->setApplicationName("Wordpress Blog");
32
+
33
+ $client->setClientId($options['ga_clientid']);
34
+ $client->setClientSecret($options['ga_clientsecret']);
35
+ $client->setRedirectUri($this->get_login_url());
36
+
37
+ $client->setScopes(Array('openid', 'email', 'https://www.googleapis.com/auth/userinfo.profile'));
38
+ $client->setApprovalPrompt('auto');
39
+
40
+ $oauthservice = new Google_Oauth2Service($client);
41
+
42
+ return Array($client, $oauthservice);
43
+ }
44
+
45
+ public function ga_login_styles() { ?>
46
+ <style type="text/css">
47
+ form#loginform div.galogin {
48
+ float: right;
49
+ margin-top: 28px;
50
+ background: #DFDFDF;
51
+ text-align: center;
52
+ vertical-align: middle;
53
+ border-radius: 3px;
54
+ padding: 2px;
55
+ width: 58%;
56
+ height: 27px;
57
+ }
58
+
59
+ form#loginform div.galogin a {
60
+ color: #21759B;
61
+ position: relative;
62
+ top: 6px;
63
+ }
64
+
65
+ form#loginform div.galogin a:hover {
66
+ color: #278AB7;
67
+ }
68
+
69
+ .login .button-primary {
70
+ float: none;
71
+ margin-top: 10px;
72
+ }
73
+ </style>
74
+ <?php }
75
+
76
+ public function ga_login_form() {
77
+ $options = $this->get_option_galogin();
78
+ $clients = $this->createGoogleClient($options);
79
+ $client = $clients[0];
80
+
81
+ // Generate a CSRF token
82
+ $state = wp_create_nonce('google_apps_login');
83
+ $client->setState(urlencode($state
84
+ .'|'.$this->get_cookie_value()
85
+ .'|'.(array_key_exists('redirect_to', $_REQUEST) ? $_REQUEST['redirect_to'] : '')
86
+ ));
87
+
88
+ $authUrl = $client->createAuthUrl();
89
+ if ($client->getClientId() == "") {
90
+ $authUrl = "http://wp-glogin.com/installing-google-apps-login/#main-settings";
91
+ }
92
+ ?>
93
+ <div class="galogin">
94
+ <a href="<?php echo $authUrl; ?>">or <b>Login with Google</b></a>
95
+ </div>
96
+ <?php
97
+ }
98
+
99
+ public function ga_authenticate($user, $username=null, $password=null) {
100
+ if (isset($_REQUEST['error'])) {
101
+ $user = new WP_Error('ga_login_error', $_REQUEST['error'] == 'access_denied' ? 'You did not grant access' : $_REQUEST['error']);
102
+ return $this->displayAndReturnError($user);
103
+ }
104
+
105
+ $options = $this->get_option_galogin();
106
+ $clients = $this->createGoogleClient($options);
107
+ $client = $clients[0];
108
+ $oauthservice = $clients[1];
109
+
110
+ if (isset($_GET['code'])) {
111
+ if (!isset($_REQUEST['state'])) {
112
+ $user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem setting state");
113
+ return $this->displayAndReturnError($user);
114
+ }
115
+
116
+ $statevars = explode('|', urldecode($_REQUEST['state']));
117
+ if (count($statevars) != 3) {
118
+ $user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem computing state");
119
+ return $this->displayAndReturnError($user);
120
+ }
121
+ $retnonce = $statevars[0];
122
+ $retcookie = $statevars[1];
123
+ $retredirectto = $statevars[2];
124
+
125
+ if (!wp_verify_nonce($retnonce, 'google_apps_login')) {
126
+ $user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem setting nonce");
127
+ return $this->displayAndReturnError($user);
128
+ }
129
+
130
+ if (!isset($_COOKIE['google_apps_login']) || $retcookie != $_COOKIE['google_apps_login']) {
131
+ $user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem setting cookie");
132
+ return $this->displayAndReturnError($user);
133
+ }
134
+
135
+ try {
136
+ $client->authenticate($_GET['code']);
137
+
138
+ /* userinfo example:
139
+ "id": "115886881859296909934",
140
+ "email": "dan@danlester.com",
141
+ "verified_email": true,
142
+ "name": "Dan Lester",
143
+ "given_name": "Dan",
144
+ "family_name": "Lester",
145
+ "link": "https://plus.google.com/115886881859296909934",
146
+ "picture": "https://lh3.googleusercontent.com/-r4WThnaSX8o/AAAAAAAAAAI/AAAAAAAAABE/pEJQwH5wyqM/photo.jpg",
147
+ "gender": "male",
148
+ "locale": "en-GB",
149
+ "hd": "danlester.com"
150
+ */
151
+ $userinfo = $oauthservice->userinfo->get();
152
+ if ($userinfo && is_array($userinfo) && array_key_exists('email', $userinfo)
153
+ && array_key_exists('verified_email', $userinfo)) {
154
+
155
+ $google_email = $userinfo['email'];
156
+ $google_verified_email = $userinfo['verified_email'];
157
+
158
+ if (!$google_verified_email) {
159
+ $user = new WP_Error('ga_login_error', 'Email needs to be verified on your Google Account');
160
+ }
161
+ else {
162
+ $user = get_user_by('email', $google_email);
163
+
164
+ if (!$user) {
165
+ $user = $this->createUserOrError($userinfo, $options);
166
+ }
167
+
168
+ if (!$user) {
169
+ // Set redirect for next load - including if "" to force reset to no redirect
170
+ setcookie('galogin_do_redirect_to', $retredirectto, time()+60, '/');
171
+ // Reset client-side login cookie so it doesn't expire on us next login time
172
+ setcookie('google_apps_login', '', time()-3600, '/');
173
+ }
174
+ }
175
+ }
176
+ else {
177
+ $user = new WP_Error('ga_login_error', "User authenticated OK, but error fetching user details from Google");
178
+ }
179
+ } catch (Google_Exception $e) {
180
+ $user = new WP_Error('ga_login_error', $e->getMessage());
181
+ }
182
+ }
183
+ else {
184
+ $user = $this->checkRegularWPLogin($user, $username, $password, $options);
185
+ }
186
+
187
+ if (is_wp_error($user)) {
188
+ $this->checkRegularWPError($user, $username, $password); // May exit
189
+ $this->displayAndReturnError($user);
190
+ }
191
+
192
+ return $user;
193
+ }
194
+
195
+ protected function createUserOrError($userinfo, $options) {
196
+ return( new WP_Error('ga_login_error', 'User '.$userinfo['email'].' not registered in Wordpress') );
197
+ }
198
+
199
+ protected function checkRegularWPLogin($user, $username, $password, $options) {
200
+ return $user;
201
+ }
202
+
203
+ protected function checkRegularWPError($user, $username, $password) {
204
+ }
205
+
206
+ protected function displayAndReturnError($user) {
207
+ if (is_wp_error($user) && get_bloginfo('version') < 3.7) {
208
+ // Only newer wordpress versions display errors from $user for us
209
+ global $error;
210
+ $error = htmlentities2($user->get_error_message());
211
+ }
212
+ return $user;
213
+ }
214
+
215
+ public function ga_init() {
216
+ if (isset($_COOKIE['galogin_do_redirect_to'])) {
217
+ $do_redirect = $_COOKIE['galogin_do_redirect_to'];
218
+ setcookie('galogin_do_redirect_to', '', time()-3600, '/');
219
+
220
+ if ($do_redirect != "") {
221
+ wp_redirect($do_redirect);
222
+ exit;
223
+ }
224
+ }
225
+
226
+ if (!isset($_COOKIE['google_apps_login']) && $GLOBALS['pagenow'] == 'wp-login.php') {
227
+ setcookie('google_apps_login', $this->get_cookie_value(), time()+1800, '/');
228
+ }
229
+ }
230
+
231
+ protected function get_login_url() {
232
+ $login_url = wp_login_url();
233
+
234
+ if (is_multisite() && defined('SUBDOMAIN_INSTALL') && SUBDOMAIN_INSTALL === false) {
235
+ $login_url = network_site_url('wp-login.php');
236
+ }
237
+
238
+ if ((force_ssl_login() || force_ssl_admin()) && strtolower(substr($login_url,0,7)) == 'http://') {
239
+ $login_url = 'https://'.substr($login_url,7);
240
+ }
241
+
242
+ return $login_url;
243
+ }
244
+
245
+ // ADMIN AND OPTIONS
246
+ // *****************
247
+
248
+ protected function get_options_menuname() {
249
+ return 'galogin_list_options';
250
+ }
251
+
252
+ protected function get_options_pagename() {
253
+ return 'galogin_options';
254
+ }
255
+
256
+ public function ga_admin_init() {
257
+ register_setting( $this->get_options_pagename(), $this->get_options_name(), Array($this, 'ga_options_validate') );
258
+
259
+ $this->ga_admin_init_main();
260
+ $this->ga_admin_init_domain();
261
+ }
262
+
263
+ protected function ga_admin_init_main() {
264
+ add_settings_section('galogin_main_section', 'Main Settings',
265
+ array($this, 'ga_mainsection_text'), $this->get_options_name());
266
+
267
+ add_settings_field('ga_clientid', 'Client ID',
268
+ array($this, 'ga_do_settings_clientid'), $this->get_options_name(), 'galogin_main_section');
269
+ add_settings_field('ga_clientsecret', 'Client Secret',
270
+ array($this, 'ga_do_settings_clientsecret'), $this->get_options_name(), 'galogin_main_section');
271
+ }
272
+
273
+ protected function ga_admin_init_domain() {
274
+ }
275
+
276
+ public function ga_admin_menu() {
277
+ if (is_multisite()) {
278
+ add_submenu_page( 'settings.php', 'Google Apps Login settings', 'Google Apps Login',
279
+ 'manage_network_options', $this->get_options_menuname(),
280
+ array($this, 'ga_options_do_page'));
281
+ }
282
+ else {
283
+ add_options_page('Google Apps Login settings', 'Google Apps Login',
284
+ 'manage_options', $this->get_options_menuname(),
285
+ array($this, 'ga_options_do_page'));
286
+ }
287
+ }
288
+
289
+ public function ga_options_do_page() {
290
+ $submit_page = is_multisite() ? 'edit.php?action='.$this->get_options_menuname() : 'options.php'; //settings.php?page=galogin_list_premium
291
+
292
+ if (is_multisite()) {
293
+ $this->ga_options_do_network_errors();
294
+ }
295
+ ?>
296
+
297
+ <div>
298
+ <h2>Google Apps Login setup</h2>
299
+ Set up your website to enable Google logins.
300
+ <form action="<?php echo $submit_page; ?>" method="post">
301
+ <?php settings_fields($this->get_options_pagename()); ?>
302
+ <?php do_settings_sections($this->get_options_name()); ?>
303
+
304
+ <input name="Submit" type="submit" value="<?php esc_attr_e('Save Changes'); ?>" />
305
+ </form></div> <?php
306
+ }
307
+
308
+ protected function ga_options_do_network_errors() {
309
+ if (isset($_REQUEST['updated']) && $_REQUEST['updated']) {
310
+ ?>
311
+ <div id="setting-error-settings_updated" class="updated settings-error">
312
+ <p>
313
+ <strong>Settings saved.</strong>
314
+ </p>
315
+ </div>
316
+ <?php
317
+ }
318
+
319
+ if (isset($_REQUEST['error_setting']) && is_array($_REQUEST['error_setting'])
320
+ && isset($_REQUEST['error_code']) && is_array($_REQUEST['error_code'])) {
321
+ $error_code = $_REQUEST['error_code'];
322
+ $error_setting = $_REQUEST['error_setting'];
323
+ if (count($error_code) > 0 && count($error_code) == count($error_setting)) {
324
+ for ($i=0; $i<count($error_code) ; ++$i) {
325
+ ?>
326
+ <div id="setting-error-settings_<?php echo $i; ?>" class="error settings-error">
327
+ <p>
328
+ <strong><?php echo htmlentities2($this->get_error_string($error_setting[$i].'|'.$error_code[$i])); ?></strong>
329
+ </p>
330
+ </div>
331
+ <?php
332
+ }
333
+ }
334
+ }
335
+ }
336
+
337
+ public function ga_do_settings_clientid() {
338
+ $options = $this->get_option_galogin();
339
+ echo "<input id='input_ga_domainname' name='".$this->get_options_name()."[ga_clientid]' size='80' type='text' value='{$options['ga_clientid']}' />";
340
+ echo "<br /><span>Normally something like 1234567890123.apps.googleusercontent.com</span>";
341
+ }
342
+
343
+ public function ga_do_settings_clientsecret() {
344
+ $options = $this->get_option_galogin();
345
+ echo "<input id='input_ga_clientsecret' name='".$this->get_options_name()."[ga_clientsecret]' size='40' type='text' value='{$options['ga_clientsecret']}' />";
346
+ echo "<br /><span>Normally something like sHSfR4_jf_2jsy-kjPjgf2dT</span>";
347
+ }
348
+
349
+ public function ga_mainsection_text() {
350
+ ?>
351
+ <p>The Google Apps domain admin needs to go to
352
+ <a href="https://cloud.google.com/console" target="_blank">https://cloud.google.com/console</a>. If you
353
+ are not the domain admin, you may still have permissions to use the console, so just try it. If you are
354
+ not using Google Apps, then just use your regular Gmail account to access the console.
355
+ </p>
356
+ <p>There, create a new project (any name is fine, and just leave Project ID as it is) - you may be required to
357
+ accept a verification phone call or SMS from Google.</p>
358
+
359
+ <p>Then create a Web application within the project. To create the application,
360
+ you need to click into the new project, then click <i>APIs &amp; Auth</i> in the left-hand menu.
361
+ Click <i>Registered Apps</i> beneath that, then click the red <i>Register App</i> button.
362
+ You can choose any name you wish, and make sure you select <i>Web Application</i> as the Platform type.
363
+ </p>
364
+ <p>
365
+ Once you have created the application, you may need to open up the <i>OAuth 2.0 Client ID</i> section to be able to complete
366
+ the following steps.
367
+ </p>
368
+ <p>You must input, into your new Google application, the following items:
369
+ <ul style="margin-left: 10px;">
370
+ <li>Web Origin: <?php echo (is_ssl() || force_ssl_login() || force_ssl_admin() ? 'https://' : 'http://').$_SERVER['HTTP_HOST'].'/'; ?></li>
371
+ <li>Redirect URL: <?php echo $this->get_login_url(); ?></li>
372
+ </ul>
373
+ </p>
374
+ <p>Click Generate. You will see a Client ID and Client Secret which you must copy
375
+ and paste into the boxes below on this screen - i.e. back in your Wordpress admin, right here.</p>
376
+
377
+ <p><b>Optional:</b> In the Google Cloud Console, you can configure some things your users will see when they
378
+ login. By default, Google will tell them they are authorizing 'Project Default Service Account', which is
379
+ not very user friendly. You can change this to your company or blog name (and add your logo etc) by clicking
380
+ <i>Consent screen</i> (which is another sub-menu of <i>APIs &amp; Auth</i>).
381
+ </p>
382
+
383
+ <?php
384
+
385
+ $this->ga_section_text_end();
386
+ }
387
+
388
+ protected function ga_section_text_end() {
389
+ }
390
+
391
+ public function ga_options_validate($input) {
392
+ $newinput = Array();
393
+ $newinput['ga_clientid'] = trim($input['ga_clientid']);
394
+ $newinput['ga_clientsecret'] = trim($input['ga_clientsecret']);
395
+ if(!preg_match('/^.{10}.*$/i', $newinput['ga_clientid'])) {
396
+ add_settings_error(
397
+ 'ga_clientid',
398
+ 'tooshort_texterror',
399
+ self::get_error_string('ga_clientid|tooshort_texterror'),
400
+ 'error'
401
+ );
402
+ }
403
+ if(!preg_match('/^.{10}.*$/i', $newinput['ga_clientsecret'])) {
404
+ add_settings_error(
405
+ 'ga_clientsecret',
406
+ 'tooshort_texterror',
407
+ self::get_error_string('ga_clientsecret|tooshort_texterror'),
408
+ 'error'
409
+ );
410
+ }
411
+ return $newinput;
412
+ }
413
+
414
+ protected function get_error_string($fielderror) {
415
+ static $local_error_strings = Array(
416
+ 'ga_clientid|tooshort_texterror' => 'The Client ID should be longer than that',
417
+ 'ga_clientsecret|tooshort_texterror' => 'The Client Secret should be longer than that'
418
+ );
419
+ if (isset($local_error_strings[$fielderror])) {
420
+ return $local_error_strings[$fielderror];
421
+ }
422
+ return 'Unspecified error';
423
+ }
424
+
425
+ protected function get_options_name() {
426
+ return 'galogin';
427
+ }
428
+
429
+ protected function get_default_options() {
430
+ return Array( 'ga_clientid' => '', 'ga_clientsecret' => '');
431
+ }
432
+
433
+ protected $ga_options = null;
434
+ protected function get_option_galogin() {
435
+ if ($this->ga_options != null) {
436
+ return $this->ga_options;
437
+ }
438
+
439
+ $option = get_site_option($this->get_options_name(), Array());
440
+
441
+ $default_options = $this->get_default_options();
442
+ foreach ($default_options as $k => $v) {
443
+ if (!isset($option[$k])) {
444
+ $option[$k] = $v;
445
+ }
446
+ }
447
+
448
+ $this->ga_options = $option;
449
+ return $this->ga_options;
450
+ }
451
+
452
+ public function ga_save_network_options() {
453
+ check_admin_referer( $this->get_options_pagename().'-options' );
454
+
455
+ if (isset($_POST[$this->get_options_name()]) && is_array($_POST[$this->get_options_name()])) {
456
+ $inoptions = $_POST[$this->get_options_name()];
457
+ $outoptions = $this->ga_options_validate($inoptions);
458
+
459
+ $updated = false;
460
+ if ( !count( get_settings_errors() ) ) {
461
+ update_site_option($this->get_options_name(), $outoptions);
462
+ $updated = true;
463
+ }
464
+
465
+ $error_code = Array();
466
+ $error_setting = Array();
467
+ foreach (get_settings_errors() as $e) {
468
+ if (is_array($e) && isset($e['code']) && isset($e['setting'])) {
469
+ $error_code[] = $e['code'];
470
+ $error_setting[] = $e['setting'];
471
+ }
472
+ }
473
+
474
+ // redirect to settings page in network
475
+ wp_redirect(
476
+ add_query_arg(
477
+ array( 'page' => $this->get_options_menuname(),
478
+ 'updated' => $updated,
479
+ 'error_setting' => $error_setting,
480
+ 'error_code' => $error_code ),
481
+ network_admin_url( 'admin.php' )
482
+ )
483
+ );
484
+ exit;
485
+ }
486
+ }
487
+
488
+ // HOOKS AND FILTERS
489
+ // *****************
490
+
491
+ protected function add_actions() {
492
+ add_action('login_enqueue_scripts', array($this, 'ga_login_styles'));
493
+ add_action('login_form', array($this, 'ga_login_form'));
494
+ add_action('authenticate', array($this, 'ga_authenticate'), 5, 3);
495
+ add_action('init', array($this, 'ga_init'), 1);
496
+
497
+ add_action('admin_init', array($this, 'ga_admin_init'));
498
+
499
+ add_action(is_multisite() ? 'network_admin_menu' : 'admin_menu', array($this, 'ga_admin_menu'));
500
+
501
+ if (is_multisite()) {
502
+ add_action('network_admin_edit_'.$this->get_options_menuname(), array($this, 'ga_save_network_options'));
503
+ }
504
+ }
505
+
506
+ public static function my_plugin_basename($file) {
507
+ $basename = plugin_basename($file);
508
+ if ('/'.$basename == $file) { // Maybe due to symlink
509
+ $basename = basename(dirname($file)).'/'.basename($file);
510
+ }
511
+ return $basename;
512
+ }
513
+ }
514
+
515
+ ?>
google_apps_login.php CHANGED
@@ -4,375 +4,26 @@
4
  * Plugin Name: Google Apps Login
5
  * Plugin URI: http://wp-glogin.com/
6
  * Description: Easy login for your Wordpress users by using their Google accounts (uses OAuth2 and requires a Google Apps domain).
7
- * Version: 1.1
8
  * Author: Dan Lester
9
  * Author URI: http://danlester.com/
10
  * License: GPL3
11
  */
12
 
13
- class google_apps_login {
14
-
15
- public function __construct() {
16
- $this->add_actions();
17
- }
18
-
19
- protected $newcookievalue = null;
20
- protected function get_cookie_value() {
21
- if (!$this->newcookievalue) {
22
- if (isset($_COOKIE['google_apps_login'])) {
23
- $this->newcookievalue = $_COOKIE['google_apps_login'];
24
- }
25
- else {
26
- $this->newcookievalue = md5(rand());
27
- }
28
- }
29
- return $this->newcookievalue;
30
- }
31
-
32
- protected function createGoogleClient($options) {
33
- require_once 'googleclient/Google_Client.php';
34
- require_once 'googleclient/contrib/Google_Oauth2Service.php';
35
-
36
- $client = new Google_Client();
37
- $client->setApplicationName("Wordpress Blog");
38
-
39
- $client->setClientId($options['ga_clientid']);
40
- $client->setClientSecret($options['ga_clientsecret']);
41
- $client->setRedirectUri(wp_login_url());
42
-
43
- $client->setScopes(Array('openid', 'email', 'https://www.googleapis.com/auth/userinfo.profile'));
44
- $client->setApprovalPrompt('auto');
45
-
46
- $oauthservice = new Google_Oauth2Service($client);
47
-
48
- return Array($client, $oauthservice);
49
- }
50
-
51
- public function ga_login_styles() { ?>
52
- <style type="text/css">
53
- form#loginform div.galogin {
54
- float: right;
55
- margin-top: 28px;
56
- background: #DFDFDF;
57
- text-align: center;
58
- vertical-align: middle;
59
- border-radius: 3px;
60
- padding: 2px;
61
- width: 58%;
62
- height: 27px;
63
- }
64
-
65
- form#loginform div.galogin a {
66
- color: #21759B;
67
- position: relative;
68
- top: 6px;
69
- }
70
-
71
- form#loginform div.galogin a:hover {
72
- color: #278AB7;
73
- }
74
-
75
- .login .button-primary {
76
- float: none;
77
- margin-top: 10px;
78
- }
79
- </style>
80
- <?php }
81
-
82
- public function ga_login_form() {
83
- $options = $this->get_option_galogin();
84
- $clients = $this->createGoogleClient($options);
85
- $client = $clients[0];
86
-
87
- // Generate a CSRF token
88
- $state = wp_create_nonce('google_apps_login');
89
- $client->setState(urlencode($state
90
- .'|'.$this->get_cookie_value()
91
- .'|'.(array_key_exists('redirect_to', $_REQUEST) ? $_REQUEST['redirect_to'] : '')
92
- ));
93
-
94
- $authUrl = $client->createAuthUrl();
95
- if ($client->getClientId() == "") {
96
- $authUrl = "http://wp-glogin.com/installing-google-apps-login/#main-settings";
97
- }
98
- ?>
99
- <div class="galogin">
100
- <a href="<?php echo $authUrl; ?>">or <b>Login with Google</b></a>
101
- </div>
102
- <?php
103
- }
104
-
105
- public function ga_authenticate($user) {
106
- if (isset($_REQUEST['error'])) {
107
- $user = new WP_Error('ga_login_error', $_REQUEST['error'] == 'access_denied' ? 'You did not grant access' : $_REQUEST['error']);
108
- return $this->displayAndReturnError($user);
109
- }
110
-
111
- $options = $this->get_option_galogin();
112
- $clients = $this->createGoogleClient($options);
113
- $client = $clients[0];
114
- $oauthservice = $clients[1];
115
-
116
- if (isset($_GET['code'])) {
117
- if (!isset($_REQUEST['state'])) {
118
- $user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem setting state");
119
- return $this->displayAndReturnError($user);
120
- }
121
-
122
- $statevars = explode('|', urldecode($_REQUEST['state']));
123
- if (count($statevars) != 3) {
124
- $user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem computing state");
125
- return $this->displayAndReturnError($user);
126
- }
127
- $retnonce = $statevars[0];
128
- $retcookie = $statevars[1];
129
- $retredirectto = $statevars[2];
130
-
131
- if (!wp_verify_nonce($retnonce, 'google_apps_login')) {
132
- $user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem setting nonce");
133
- return $this->displayAndReturnError($user);
134
- }
135
-
136
- if (!isset($_COOKIE['google_apps_login']) || $retcookie != $_COOKIE['google_apps_login']) {
137
- $user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem setting cookie");
138
- return $this->displayAndReturnError($user);
139
- }
140
-
141
- try {
142
- $client->authenticate($_GET['code']);
143
-
144
- /* userinfo example:
145
- "id": "115886881859296909934",
146
- "email": "dan@danlester.com",
147
- "verified_email": true,
148
- "name": "Dan Lester",
149
- "given_name": "Dan",
150
- "family_name": "Lester",
151
- "link": "https://plus.google.com/115886881859296909934",
152
- "picture": "https://lh3.googleusercontent.com/-r4WThnaSX8o/AAAAAAAAAAI/AAAAAAAAABE/pEJQwH5wyqM/photo.jpg",
153
- "gender": "male",
154
- "locale": "en-GB",
155
- "hd": "danlester.com"
156
- */
157
- $userinfo = $oauthservice->userinfo->get();
158
- if ($userinfo && is_array($userinfo) && array_key_exists('email', $userinfo)
159
- && array_key_exists('verified_email', $userinfo)) {
160
-
161
- $google_email = $userinfo['email'];
162
- $google_verified_email = $userinfo['verified_email'];
163
-
164
- if (!$google_verified_email) {
165
- $user = new WP_Error('ga_login_error', 'Email needs to be verified on your Google Account');
166
- }
167
- else {
168
- $user = get_user_by('email', $google_email);
169
-
170
- if (!$user) {
171
- $user = new WP_Error('ga_login_error', 'User '.$google_email.' not registered in Wordpress');
172
- }
173
- else {
174
- // Set redirect for next load - including if "" to force reset to no redirect
175
- setcookie('galogin_do_redirect_to', $retredirectto, time()+60, '/');
176
- // Reset client-side login cookie so it doesn't expire on us next login time
177
- setcookie('google_apps_login', '', time()-3600, '/');
178
- }
179
- }
180
- }
181
- else {
182
- $user = new WP_Error('ga_login_error', "User authenticated OK, but error fetching user details from Google");
183
- }
184
- } catch (Google_Exception $e) {
185
- $user = new WP_Error('ga_login_error', $e->getMessage());
186
- }
187
- }
188
-
189
- if (is_wp_error($user)) {
190
- $this->displayAndReturnError($user);
191
- }
192
-
193
- return $user;
194
- }
195
-
196
- protected function displayAndReturnError($user) {
197
- if (is_wp_error($user) && get_bloginfo('version') < 3.7) {
198
- // Only newer wordpress versions display errors from $user for us
199
- global $error;
200
- $error = htmlentities2($user->get_error_message());
201
- }
202
- return $user;
203
- }
204
-
205
- public function ga_init() {
206
- if (isset($_COOKIE['galogin_do_redirect_to'])) {
207
- $do_redirect = $_COOKIE['galogin_do_redirect_to'];
208
- setcookie('galogin_do_redirect_to', '', time()-3600, '/');
209
-
210
- if ($do_redirect != "") {
211
- wp_redirect($do_redirect);
212
- exit;
213
- }
214
- }
215
-
216
- if (!isset($_COOKIE['google_apps_login']) && $GLOBALS['pagenow'] == 'wp-login.php') {
217
- setcookie('google_apps_login', $this->get_cookie_value(), time()+1800, '/');
218
- }
219
- }
220
-
221
- public function ga_admin_init() {
222
-
223
- register_setting( 'galogin_options', 'galogin', Array($this, 'ga_options_validate') );
224
-
225
- add_settings_section('galogin_main_section', 'Main Settings',
226
- array($this, 'ga_section_text'), 'galogin');
227
-
228
- add_settings_field('ga_clientid', 'Client ID',
229
- array($this, 'ga_do_settings_clientid'), 'galogin', 'galogin_main_section');
230
- add_settings_field('ga_clientsecret', 'Client Secret',
231
- array($this, 'ga_do_settings_clientsecret'), 'galogin', 'galogin_main_section');
232
- }
233
-
234
- public function ga_admin_menu() {
235
- add_options_page('Google Apps Login settings', 'Google Apps Login',
236
- 'manage_options', 'galogin_list_options',
237
- array($this, 'ga_options_do_page'));
238
- }
239
-
240
- public function ga_options_do_page() { ?>
241
- <div>
242
- <h2>Google Apps Login setup</h2>
243
- Set up your blog to enable Google logins.
244
- <form action="options.php" method="post">
245
- <?php settings_fields('galogin_options'); ?>
246
- <?php do_settings_sections('galogin'); ?>
247
-
248
- <input name="Submit" type="submit" value="<?php esc_attr_e('Save Changes'); ?>" />
249
- </form></div> <?php
250
- }
251
-
252
- public function ga_do_settings_clientid() {
253
- $options = $this->get_option_galogin();
254
- echo "<input id='plugin_text_string' name='galogin[ga_clientid]' size='80' type='text' value='{$options['ga_clientid']}' />";
255
- echo "<br /><span>Normally something like 1234567890123.apps.googleusercontent.com</span>";
256
- }
257
 
258
- public function ga_do_settings_clientsecret() {
259
- $options = $this->get_option_galogin();
260
- echo "<input id='plugin_text_string' name='galogin[ga_clientsecret]' size='40' type='text' value='{$options['ga_clientsecret']}' />";
261
- echo "<br /><span>Normally something like sHSfR4_jf_2jsy-kjPjgf2dT</span>";
262
- }
263
 
264
- public function ga_section_text() {
265
- ?>
266
- <p>The Google Apps domain admin needs to go to
267
- <a href="https://cloud.google.com/console" target="_blank">https://cloud.google.com/console</a>. If you
268
- are not the domain admin, you may still have permissions to use the console, so just try it. If you are
269
- not using Google Apps, then just use your regular Gmail account to access the console.
270
- </p>
271
- <p>There, create a new project (any name is fine, and just leave Project ID as it is) - you may be required to
272
- accept a verification phone call or SMS from Google.</p>
273
-
274
- <p>Then create a Web application within the project. To create the application,
275
- you need to click into the new project, then click <i>APIs &amp; Auth</i> in the left-hand menu.
276
- Click <i>Registered Apps</i> beneath that, then click the red <i>Register App</i> button.
277
- You can choose any name you wish, and make sure you select <i>Web Application</i> as the Platform type.
278
- </p>
279
- <p>
280
- Once you have created the application, you may need to open up the <i>OAuth 2.0 Client ID</i> section to be able to complete
281
- the following steps.
282
- </p>
283
- <p>You must input, into your new Google application, the following items:
284
- <ul style="margin-left: 10px;">
285
- <li>Web Origin: <?php echo (is_ssl() ? 'https://' : 'http://').$_SERVER['HTTP_HOST'].'/'; ?></li>
286
- <?php
287
- if (is_ssl()) {
288
- ?>
289
- <li>
290
- Web Origin (add a 2nd entry): http://<?php echo $_SERVER['HTTP_HOST'].'/'; ?>
291
- </li>
292
- <?php
293
- }
294
- ?>
295
-
296
- <li>Redirect URL: <?php echo wp_login_url(); ?></li>
297
- <?php
298
- if (force_ssl_login() && strtolower(substr(wp_login_url(),0,7)) == 'http://') {
299
- ?>
300
- <li>
301
- Redirect URL (add a 2nd entry): https://<?php echo substr(wp_login_url(),7); ?>
302
- </li>
303
- <?php
304
- }
305
- ?>
306
- </ul>
307
  </p>
308
- <p>Click Generate. You will see a Client ID and Client Secret which you must copy
309
- and paste into the boxes below on this screen - i.e. back in your Wordpress admin, right here.</p>
310
-
311
- <p><b>Optional:</b> In the Google Cloud Console, you can configure some things your users will see when they
312
- login. By default, Google will tell them they are authorizing 'Project Default Service Account', which is
313
- not very user friendly. You can change this to your company or blog name (and add your logo etc) by clicking
314
- <i>Consent screen</i> (which is another sub-menu of <i>APIs &amp; Auth</i>).
315
- </p>
316
-
317
- <p><b>For support and premium features, please visit:
318
- <a href="http://wp-glogin.com/?utm_source=Admin%20Panel&utm_medium=freemium&utm_campaign=Freemium" target="_blank">http://wp-glogin.com/</a></b>
319
- </p>
320
-
321
- <?php
322
- }
323
-
324
- public function ga_options_validate($input) {
325
- $newinput = Array();
326
- $newinput['ga_clientid'] = trim($input['ga_clientid']);
327
- $newinput['ga_clientsecret'] = trim($input['ga_clientsecret']);
328
- if(!preg_match('/^.{10}.*$/i', $newinput['ga_clientid'])) {
329
- add_settings_error(
330
- 'ga_clientid',
331
- 'tooshort_texterror',
332
- 'The Client ID should be longer than that',
333
- 'error'
334
- );
335
- }
336
- if(!preg_match('/^.{10}.*$/i', $newinput['ga_clientsecret'])) {
337
- add_settings_error(
338
- 'ga_clientsecret',
339
- 'tooshort_texterror',
340
- 'The Client Secret should be longer than that',
341
- 'error'
342
- );
343
- }
344
- return $newinput;
345
- }
346
-
347
- static $default_options = Array( 'ga_clientid' => '', 'ga_clientsecret' => '');
348
- private $ga_options = null;
349
- protected function get_option_galogin() {
350
- if ($this->ga_options != null) {
351
- return $this->ga_options;
352
- }
353
-
354
- $option = get_option('galogin');
355
-
356
- foreach (self::$default_options as $k => $v) {
357
- if (!isset($option[$k])) {
358
- $option[$k] = $v;
359
- }
360
- }
361
- $this->ga_options = $option;
362
- return $this->ga_options;
363
- }
364
-
365
- protected function add_actions() {
366
- add_action('login_enqueue_scripts', array($this, 'ga_login_styles'));
367
- add_action('login_form', array($this, 'ga_login_form'));
368
- add_action('authenticate', array($this, 'ga_authenticate'), 5, 3);
369
- add_action('init', array($this, 'ga_init'), 1);
370
-
371
- add_action('admin_init', array($this, 'ga_admin_init'));
372
- add_action('admin_menu', array($this, 'ga_admin_menu'));
373
  }
 
374
  }
375
 
376
- $ga_google_apps_login_plugin = new google_apps_login();
377
 
378
  ?>
4
  * Plugin Name: Google Apps Login
5
  * Plugin URI: http://wp-glogin.com/
6
  * Description: Easy login for your Wordpress users by using their Google accounts (uses OAuth2 and requires a Google Apps domain).
7
+ * Version: 1.2
8
  * Author: Dan Lester
9
  * Author URI: http://danlester.com/
10
  * License: GPL3
11
  */
12
 
13
+ require_once( plugin_dir_path(__FILE__).'/core/core_google_apps_login.php' );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
14
 
15
+ class basic_google_apps_login extends core_google_apps_login {
 
 
 
 
16
 
17
+ public function ga_section_text_end() {
18
+ ?>
19
+ <p><b>For support and premium features, please visit:
20
+ <a href="http://wp-glogin.com/?utm_source=Admin%20Panel&utm_medium=freemium&utm_campaign=Freemium" target="_blank">http://wp-glogin.com/</a></b>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
21
  </p>
22
+ <?php
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
23
  }
24
+
25
  }
26
 
27
+ $ga_google_apps_login_plugin = new basic_google_apps_login();
28
 
29
  ?>
readme.txt CHANGED
@@ -1,9 +1,9 @@
1
  === Plugin Name ===
2
  Contributors: danlester
3
- Tags: login, google, authentication, oauth2, oauth, admin, googleapps
4
  Requires at least: 3.3
5
- Tested up to: 3.7.1
6
- Stable tag: trunk
7
  License: GPLv3
8
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
9
 
@@ -41,9 +41,45 @@ has permission to authenticate the user and obtain basic profile data - it can n
41
  1. User login screen can work as normal or via Google's authentication system
42
  2. Admin obtains two simple codes from Google to set up - easy instructions to follow
43
 
44
- == Requirements ==
45
 
46
- System requirements:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
47
 
48
  * PHP 5.2.x or higher with Curl and JSON extensions
49
  * Wordpress 3.3 or above
1
  === Plugin Name ===
2
  Contributors: danlester
3
+ Tags: login, google, authentication, oauth2, oauth, admin, googleapps, sso
4
  Requires at least: 3.3
5
+ Tested up to: 3.8
6
+ Stable tag: 1.1
7
  License: GPLv3
8
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
9
 
41
  1. User login screen can work as normal or via Google's authentication system
42
  2. Admin obtains two simple codes from Google to set up - easy instructions to follow
43
 
44
+ == Frequently Asked Questions ==
45
 
46
+ = Does the plugin work with HTTP or HTTPS login pages? =
47
+
48
+ The plugin will work whether your site is configured for HTTP or HTTPS.
49
+
50
+ However, you may have configured your site to run so that the login pages
51
+ can be accessed by *either* HTTP *or* HTTPS. In that case, you may run into problems.
52
+ We recommend that you set [FORCE_SSL_ADMIN](http://codex.wordpress.org/Administration_Over_SSL)
53
+ or at least FORCE_SSL_LOGIN to true. This will ensure that all users are consistently using HTTPS
54
+ for login.
55
+
56
+ You may then need to ensure the Redirect URL and Web Origin in the Google Cloud Console are
57
+ set as HTTPS (this will make sense if you follow the installation instructions again).
58
+
59
+ If for some reason you cannot set FORCE_SSL_ADMIN, then you can add two URLs to the Google
60
+ Cloud Console for each entry, e.g. Redirect URL = http://wpexample.com/wp-login.php, and
61
+ then add another one for https://wpexample.com/wp-login.php. Same idea for Web Origin.
62
+
63
+ = Does the plugin work on Multisite? =
64
+
65
+ It is written, tested, and secure for multisite in subdirectories (not subdomains), and *must* be activated
66
+ network-wide for security reasons.
67
+
68
+ If you do require it used for subdomains, please contact the plugin author who may
69
+ be able to help for your specific installation.
70
+
71
+ = Is it secure? =
72
+
73
+ Yes, and depending on your setup, it can be much more secure than just using
74
+ WordPress usernames and passwords.
75
+
76
+ However, the author does not accept liability or offer any guarantee,
77
+ and it is your responsibility to ensure that your site is secure in the way you require.
78
+
79
+ In particular, other plugins may conflict with each other, and different WordPress versions and configurations
80
+ may render your site insecure.
81
+
82
+ = What are the system requirements? =
83
 
84
  * PHP 5.2.x or higher with Curl and JSON extensions
85
  * Wordpress 3.3 or above
uninstall.php CHANGED
@@ -10,6 +10,6 @@ if (!defined('ABSPATH') && !defined('WP_UNINSTALL_PLUGIN')) {
10
  if (!current_user_can('activate_plugins'))
11
  exit;
12
 
13
- delete_option('galogin');
14
 
15
  ?>
10
  if (!current_user_can('activate_plugins'))
11
  exit;
12
 
13
+ delete_site_option('galogin');
14
 
15
  ?>