Login With Ajax - Version 3.0.4.1

Version Description

  • fixed xss vulnerability for re-enlistment on wordpress repo, more on the way
Download this release

Release Info

Developer netweblogic
Plugin Icon 128x128 Login With Ajax
Version 3.0.4.1
Comparing to
See all releases

Code changes from version 3.0.4 to 3.0.4.1

Files changed (2) hide show
  1. login-with-ajax.php +53 -53
  2. readme.txt +6 -3
login-with-ajax.php CHANGED
@@ -2,9 +2,9 @@
2
  /*
3
  Plugin Name: Login With Ajax
4
  Plugin URI: http://netweblogic.com/wordpress/plugins/login-with-ajax/
5
- Description: Ajax driven login widget. Customisable from within your template folder, and advanced settings from the admin area.
6
  Author: NetWebLogic
7
- Version: 3.0.4
8
  Author URI: http://netweblogic.com/
9
  Tags: Login, Ajax, Redirect, BuddyPress, MU, WPMU, sidebar, admin, widget
10
 
@@ -24,7 +24,7 @@ You should have received a copy of the GNU General Public License
24
  along with this program. If not, see <http://www.gnu.org/licenses/>.
25
  */
26
  class LoginWithAjax {
27
-
28
  /**
29
  * If logged in upon instantiation, it is a user object.
30
  * @var WP_User
@@ -49,7 +49,7 @@ class LoginWithAjax {
49
  * Location of footer file if one is found when generating a widget, for use in loading template footers.
50
  * @var string
51
  */
52
- var $footer_loc;
53
  /**
54
  * URL for the AJAX Login procedure in templates (including callback and template parameters)
55
  * @var string
@@ -65,38 +65,38 @@ class LoginWithAjax {
65
  * @var string
66
  */
67
  var $url_register;
68
-
69
-
70
-
71
  // Class initialization
72
  function LoginWithAjax() {
73
  //Set when to run the plugin
74
  add_action( 'widgets_init', array(&$this,'init') );
75
  }
76
-
77
  // Actions to take upon initial action hook
78
  function init(){
79
  //Load LWA options
80
  $this->data = get_option('lwa_data');
81
  //Remember the current user, in case there is a logout
82
  $this->current_user = wp_get_current_user();
83
-
84
  //Get Templates from theme and default by checking for folders - we assume a template works if a folder exists!
85
  //Note that duplicate template names are overwritten in this order of precedence (highest to lowest) - Child Theme > Parent Theme > Plugin Defaults
86
  //First are the defaults in the plugin directory
87
  $this->find_templates( path_join( WP_PLUGIN_DIR , basename( dirname( __FILE__ ) ). "/widget/") );
88
  //Now, the parent theme (if exists)
89
  if( get_stylesheet_directory() != get_template_directory() ){
90
- $this->find_templates( get_template_directory().'/plugins/login-with-ajax/' );
91
- }
92
  //Finally, the child theme
93
  $this->find_templates( get_stylesheet_directory().'/plugins/login-with-ajax/' );
94
-
95
  //Generate URLs for login, remember, and register
96
  $this->url_login = $this->template_link(site_url('wp-login.php', 'login_post'));
97
  $this->url_register = $this->template_link(site_url('wp-login.php?action=register', 'login_post'));
98
  $this->url_remember = $this->template_link(site_url('wp-login.php?action=lostpassword', 'login_post'));
99
-
100
  //Make decision on what to display
101
  if ( isset($_REQUEST["login-with-ajax"]) ) { //AJAX Request
102
  $this->ajax();
@@ -117,8 +117,8 @@ class LoginWithAjax {
117
  }else{ //Default file in plugin folder
118
  wp_enqueue_script( "login-with-ajax", $plugin_url."/widget/login-with-ajax.js", array( 'jquery' ) );
119
  }
120
-
121
- //Enqueue stylesheets - Only one style enqueued here.... theme CSS takes priority, then default CSS
122
  //The concept here is one stylesheet is loaded which will work for multiple templates.
123
  if( file_exists(get_stylesheet_directory().'/plugins/login-with-ajax/widget.css') ){ //Child Theme (or just theme)
124
  wp_enqueue_style( "login-with-ajax", get_stylesheet_directory_uri().'/plugins/login-with-ajax/widget.css' );
@@ -128,24 +128,24 @@ class LoginWithAjax {
128
  wp_enqueue_style( "login-with-ajax", $plugin_url."/widget/widget.css" );
129
  }
130
  }
131
-
132
  //Register widget
133
  register_widget("LoginWithAjaxWidget");
134
-
135
  //Add logout/in redirection
136
  add_action('login_form_register', array(&$this, 'register'));
137
  add_action('wp_logout', array(&$this, 'logoutRedirect'));
138
- add_action('login_redirect', array(&$this, 'loginRedirect'), 1, 3);
139
  add_shortcode('login-with-ajax', array(&$this, 'shortcode'));
140
  add_shortcode('lwa', array(&$this, 'shortcode'));
141
-
142
  }
143
  }
144
-
145
  /*
146
  * LOGIN OPERATIONS
147
  */
148
-
149
  // Decides what action to take from the ajax request
150
  function ajax(){
151
  switch ( $_REQUEST["login-with-ajax"] ) {
@@ -162,7 +162,7 @@ class LoginWithAjax {
162
  echo $return;
163
  exit();
164
  }
165
-
166
  // Reads ajax login creds via POSt, calls the login script and interprets the result
167
  function login(){
168
  $return = array(); //What we send back
@@ -185,8 +185,8 @@ class LoginWithAjax {
185
  //Is this coming from a template?
186
  $query_vars = ($_GET['template'] != '') ? "&template={$_GET['template']}" : '';
187
  $query_vars .= ($_REQUEST['lwa_profile_link'] == '1') ? "&lwa_profile_link=1" : '';
188
- $return['widget'] = get_bloginfo('wpurl')."?login-with-ajax-widget=1$query_vars";
189
- $return['message'] = __("Login successful, updating...",'login-with-ajax');
190
  }
191
  } elseif ( strtolower(get_class($loginResult)) == 'wp_error' ) {
192
  //User login failed
@@ -205,7 +205,7 @@ class LoginWithAjax {
205
  //Return the result array with errors etc.
206
  return $return;
207
  }
208
-
209
  /**
210
  * Checks post data and registers user
211
  * @return string
@@ -230,12 +230,12 @@ class LoginWithAjax {
230
  exit();
231
  }
232
  }
233
-
234
  // Reads ajax login creds via POSt, calls the login script and interprets the result
235
  function remember(){
236
  $return = array(); //What we send back
237
  $result = retrieve_password();
238
-
239
  if ( $result === true ) {
240
  //Password correctly remembered
241
  $return['result'] = true;
@@ -253,11 +253,11 @@ class LoginWithAjax {
253
  //Return the result array with errors etc.
254
  return $return;
255
  }
256
-
257
  /*
258
  * Redirect Functions
259
  */
260
-
261
  function logoutRedirect(){
262
  $redirect = $this->getLogoutRedirect();
263
  if($redirect != ''){
@@ -265,7 +265,7 @@ class LoginWithAjax {
265
  exit();
266
  }
267
  }
268
-
269
  function getLogoutRedirect(){
270
  $data = $this->data;
271
  if( !empty($data['logout_redirect']) ){
@@ -277,16 +277,16 @@ class LoginWithAjax {
277
  $user_role = array_shift($this->current_user->roles); //Checking for role-based redirects
278
  if( !empty($data["role_logout"]) && is_array($data["role_logout"]) && isset($data["role_logout"][$user_role]) ){
279
  $redirect = $data["role_logout"][$user_role];
280
- }
281
  }
282
  $redirect = str_replace("%LASTURL%", $_SERVER['HTTP_REFERER'], $redirect);
283
  return $redirect;
284
  }
285
-
286
  function loginRedirect( $redirect, $redirect_notsurewhatthisis, $user ){
287
  $data = $this->data;
288
  if(is_user_logged_in()){
289
- $lwa_redirect = $this->getLoginRedirect($user);
290
  if( $lwa_redirect != '' ){
291
  wp_redirect($lwa_redirect);
292
  exit();
@@ -294,9 +294,9 @@ class LoginWithAjax {
294
  }
295
  return $redirect;
296
  }
297
-
298
  function getLoginRedirect($user){
299
- $data = $this->data;
300
  if($data['login_redirect'] != ''){
301
  $redirect = $data["login_redirect"];
302
  }
@@ -304,18 +304,18 @@ class LoginWithAjax {
304
  $user_role = array_shift($user->roles); //Checking for role-based redirects
305
  if( isset($data["role_login"][$user_role]) ){
306
  $redirect = $data["role_login"][$user_role];
307
- }
308
  }
309
- //Do string replacements
310
  $redirect = str_replace('%USERNAME%', $user->user_login, $redirect);
311
  $redirect = str_replace("%LASTURL%", $_SERVER['HTTP_REFERER'], $redirect);
312
  return $redirect;
313
  }
314
-
315
  /*
316
  * WIDGET OPERATIONS
317
  */
318
-
319
  function widget($args, $instance = array() ){
320
  //Extract widget arguments
321
  extract($args);
@@ -342,7 +342,7 @@ class LoginWithAjax {
342
  include ( $template_loc != '' ) ? $template_loc : 'widget/default/widget_out.php';
343
  }
344
  }
345
-
346
  function shortcode($atts){
347
  $defaults = array( 'is_widget' => false, 'profile_link' => false, 'registration' => 1 );
348
  $atts = shortcode_atts($defaults, $atts);
@@ -350,7 +350,7 @@ class LoginWithAjax {
350
  $this->widget(array(), $atts );
351
  return ob_get_clean();
352
  }
353
-
354
  function new_user_notification($user_login, $plaintext_pass, $user_email, $blogname){
355
  //Copied out of /wp-includes/pluggable.php
356
  $message = $this->data['notification_message'];
@@ -358,20 +358,20 @@ class LoginWithAjax {
358
  $message = str_replace('%PASSWORD%', $plaintext_pass, $message);
359
  $message = str_replace('%BLOGNAME%', $blogname, $message);
360
  $message = str_replace('%BLOGURL%', get_bloginfo('wpurl'), $message);
361
-
362
  $subject = $this->data['notification_subject'];
363
  $subject = str_replace('%BLOGNAME%', $blogname, $subject);
364
  $subject = str_replace('%BLOGURL%', get_bloginfo('wpurl'), $subject);
365
-
366
  wp_mail($user_email, $subject, $message);
367
- }
368
-
369
  /*
370
  * Auxillary Functions
371
  */
372
-
373
  //Checks a directory for folders and populates the template file
374
- function find_templates($dir){
375
  if (is_dir($dir)) {
376
  if ($dh = opendir($dir)) {
377
  while (($file = readdir($dh)) !== false) {
@@ -384,7 +384,7 @@ class LoginWithAjax {
384
  }
385
  }
386
  }
387
-
388
  //Add template link and JSON callback var to the URL
389
  function template_link( $content ){
390
  if(strstr($content, '?')){
@@ -394,7 +394,7 @@ class LoginWithAjax {
394
  }
395
  return $content;
396
  }
397
-
398
  //PHP4 Safe JSON encoding
399
  function json_encode($array){
400
  if( !function_exists("json_encode") ){
@@ -402,7 +402,7 @@ class LoginWithAjax {
402
  }else{
403
  $return = $this->array_to_json($array);
404
  }
405
- if( isset($_GET['callback']) ){
406
  $return = $_GET['callback']."($return)";
407
  }
408
  return $return;
@@ -451,12 +451,12 @@ class LoginWithAjax {
451
  }
452
  // Then we collapse the staging array into the JSON form:
453
  $result = "[ " . implode( ", ", $construct ) . " ]";
454
- }
455
  return $result;
456
  }
457
  }
458
  //Add translation
459
- load_plugin_textdomain('login-with-ajax', false, "login-with-ajax/langs");
460
 
461
  //Include admin file if needed
462
  if(is_admin()){
@@ -479,7 +479,7 @@ function login_with_ajax($atts = ''){
479
  }
480
 
481
  // Start plugin
482
- global $LoginWithAjax;
483
  $LoginWithAjax = new LoginWithAjax();
484
 
485
  ?>
2
  /*
3
  Plugin Name: Login With Ajax
4
  Plugin URI: http://netweblogic.com/wordpress/plugins/login-with-ajax/
5
+ Description: Ajax driven login widget. Customisable from within your template folder, and advanced settings from the admin area.
6
  Author: NetWebLogic
7
+ Version: 3.0.4.1
8
  Author URI: http://netweblogic.com/
9
  Tags: Login, Ajax, Redirect, BuddyPress, MU, WPMU, sidebar, admin, widget
10
 
24
  along with this program. If not, see <http://www.gnu.org/licenses/>.
25
  */
26
  class LoginWithAjax {
27
+
28
  /**
29
  * If logged in upon instantiation, it is a user object.
30
  * @var WP_User
49
  * Location of footer file if one is found when generating a widget, for use in loading template footers.
50
  * @var string
51
  */
52
+ var $footer_loc;
53
  /**
54
  * URL for the AJAX Login procedure in templates (including callback and template parameters)
55
  * @var string
65
  * @var string
66
  */
67
  var $url_register;
68
+
69
+
70
+
71
  // Class initialization
72
  function LoginWithAjax() {
73
  //Set when to run the plugin
74
  add_action( 'widgets_init', array(&$this,'init') );
75
  }
76
+
77
  // Actions to take upon initial action hook
78
  function init(){
79
  //Load LWA options
80
  $this->data = get_option('lwa_data');
81
  //Remember the current user, in case there is a logout
82
  $this->current_user = wp_get_current_user();
83
+
84
  //Get Templates from theme and default by checking for folders - we assume a template works if a folder exists!
85
  //Note that duplicate template names are overwritten in this order of precedence (highest to lowest) - Child Theme > Parent Theme > Plugin Defaults
86
  //First are the defaults in the plugin directory
87
  $this->find_templates( path_join( WP_PLUGIN_DIR , basename( dirname( __FILE__ ) ). "/widget/") );
88
  //Now, the parent theme (if exists)
89
  if( get_stylesheet_directory() != get_template_directory() ){
90
+ $this->find_templates( get_template_directory().'/plugins/login-with-ajax/' );
91
+ }
92
  //Finally, the child theme
93
  $this->find_templates( get_stylesheet_directory().'/plugins/login-with-ajax/' );
94
+
95
  //Generate URLs for login, remember, and register
96
  $this->url_login = $this->template_link(site_url('wp-login.php', 'login_post'));
97
  $this->url_register = $this->template_link(site_url('wp-login.php?action=register', 'login_post'));
98
  $this->url_remember = $this->template_link(site_url('wp-login.php?action=lostpassword', 'login_post'));
99
+
100
  //Make decision on what to display
101
  if ( isset($_REQUEST["login-with-ajax"]) ) { //AJAX Request
102
  $this->ajax();
117
  }else{ //Default file in plugin folder
118
  wp_enqueue_script( "login-with-ajax", $plugin_url."/widget/login-with-ajax.js", array( 'jquery' ) );
119
  }
120
+
121
+ //Enqueue stylesheets - Only one style enqueued here.... theme CSS takes priority, then default CSS
122
  //The concept here is one stylesheet is loaded which will work for multiple templates.
123
  if( file_exists(get_stylesheet_directory().'/plugins/login-with-ajax/widget.css') ){ //Child Theme (or just theme)
124
  wp_enqueue_style( "login-with-ajax", get_stylesheet_directory_uri().'/plugins/login-with-ajax/widget.css' );
128
  wp_enqueue_style( "login-with-ajax", $plugin_url."/widget/widget.css" );
129
  }
130
  }
131
+
132
  //Register widget
133
  register_widget("LoginWithAjaxWidget");
134
+
135
  //Add logout/in redirection
136
  add_action('login_form_register', array(&$this, 'register'));
137
  add_action('wp_logout', array(&$this, 'logoutRedirect'));
138
+ add_action('login_redirect', array(&$this, 'loginRedirect'), 1, 3);
139
  add_shortcode('login-with-ajax', array(&$this, 'shortcode'));
140
  add_shortcode('lwa', array(&$this, 'shortcode'));
141
+
142
  }
143
  }
144
+
145
  /*
146
  * LOGIN OPERATIONS
147
  */
148
+
149
  // Decides what action to take from the ajax request
150
  function ajax(){
151
  switch ( $_REQUEST["login-with-ajax"] ) {
162
  echo $return;
163
  exit();
164
  }
165
+
166
  // Reads ajax login creds via POSt, calls the login script and interprets the result
167
  function login(){
168
  $return = array(); //What we send back
185
  //Is this coming from a template?
186
  $query_vars = ($_GET['template'] != '') ? "&template={$_GET['template']}" : '';
187
  $query_vars .= ($_REQUEST['lwa_profile_link'] == '1') ? "&lwa_profile_link=1" : '';
188
+ $return['widget'] = get_bloginfo('wpurl')."?login-with-ajax-widget=1$query_vars";
189
+ $return['message'] = __("Login successful, updating...",'login-with-ajax');
190
  }
191
  } elseif ( strtolower(get_class($loginResult)) == 'wp_error' ) {
192
  //User login failed
205
  //Return the result array with errors etc.
206
  return $return;
207
  }
208
+
209
  /**
210
  * Checks post data and registers user
211
  * @return string
230
  exit();
231
  }
232
  }
233
+
234
  // Reads ajax login creds via POSt, calls the login script and interprets the result
235
  function remember(){
236
  $return = array(); //What we send back
237
  $result = retrieve_password();
238
+
239
  if ( $result === true ) {
240
  //Password correctly remembered
241
  $return['result'] = true;
253
  //Return the result array with errors etc.
254
  return $return;
255
  }
256
+
257
  /*
258
  * Redirect Functions
259
  */
260
+
261
  function logoutRedirect(){
262
  $redirect = $this->getLogoutRedirect();
263
  if($redirect != ''){
265
  exit();
266
  }
267
  }
268
+
269
  function getLogoutRedirect(){
270
  $data = $this->data;
271
  if( !empty($data['logout_redirect']) ){
277
  $user_role = array_shift($this->current_user->roles); //Checking for role-based redirects
278
  if( !empty($data["role_logout"]) && is_array($data["role_logout"]) && isset($data["role_logout"][$user_role]) ){
279
  $redirect = $data["role_logout"][$user_role];
280
+ }
281
  }
282
  $redirect = str_replace("%LASTURL%", $_SERVER['HTTP_REFERER'], $redirect);
283
  return $redirect;
284
  }
285
+
286
  function loginRedirect( $redirect, $redirect_notsurewhatthisis, $user ){
287
  $data = $this->data;
288
  if(is_user_logged_in()){
289
+ $lwa_redirect = $this->getLoginRedirect($user);
290
  if( $lwa_redirect != '' ){
291
  wp_redirect($lwa_redirect);
292
  exit();
294
  }
295
  return $redirect;
296
  }
297
+
298
  function getLoginRedirect($user){
299
+ $data = $this->data;
300
  if($data['login_redirect'] != ''){
301
  $redirect = $data["login_redirect"];
302
  }
304
  $user_role = array_shift($user->roles); //Checking for role-based redirects
305
  if( isset($data["role_login"][$user_role]) ){
306
  $redirect = $data["role_login"][$user_role];
307
+ }
308
  }
309
+ //Do string replacements
310
  $redirect = str_replace('%USERNAME%', $user->user_login, $redirect);
311
  $redirect = str_replace("%LASTURL%", $_SERVER['HTTP_REFERER'], $redirect);
312
  return $redirect;
313
  }
314
+
315
  /*
316
  * WIDGET OPERATIONS
317
  */
318
+
319
  function widget($args, $instance = array() ){
320
  //Extract widget arguments
321
  extract($args);
342
  include ( $template_loc != '' ) ? $template_loc : 'widget/default/widget_out.php';
343
  }
344
  }
345
+
346
  function shortcode($atts){
347
  $defaults = array( 'is_widget' => false, 'profile_link' => false, 'registration' => 1 );
348
  $atts = shortcode_atts($defaults, $atts);
350
  $this->widget(array(), $atts );
351
  return ob_get_clean();
352
  }
353
+
354
  function new_user_notification($user_login, $plaintext_pass, $user_email, $blogname){
355
  //Copied out of /wp-includes/pluggable.php
356
  $message = $this->data['notification_message'];
358
  $message = str_replace('%PASSWORD%', $plaintext_pass, $message);
359
  $message = str_replace('%BLOGNAME%', $blogname, $message);
360
  $message = str_replace('%BLOGURL%', get_bloginfo('wpurl'), $message);
361
+
362
  $subject = $this->data['notification_subject'];
363
  $subject = str_replace('%BLOGNAME%', $blogname, $subject);
364
  $subject = str_replace('%BLOGURL%', get_bloginfo('wpurl'), $subject);
365
+
366
  wp_mail($user_email, $subject, $message);
367
+ }
368
+
369
  /*
370
  * Auxillary Functions
371
  */
372
+
373
  //Checks a directory for folders and populates the template file
374
+ function find_templates($dir){
375
  if (is_dir($dir)) {
376
  if ($dh = opendir($dir)) {
377
  while (($file = readdir($dh)) !== false) {
384
  }
385
  }
386
  }
387
+
388
  //Add template link and JSON callback var to the URL
389
  function template_link( $content ){
390
  if(strstr($content, '?')){
394
  }
395
  return $content;
396
  }
397
+
398
  //PHP4 Safe JSON encoding
399
  function json_encode($array){
400
  if( !function_exists("json_encode") ){
402
  }else{
403
  $return = $this->array_to_json($array);
404
  }
405
+ if( isset($_REQUEST['callback']) && preg_match("/^jQuery[_a-zA-Z0-9]+$/", $_REQUEST['callback']) ){
406
  $return = $_GET['callback']."($return)";
407
  }
408
  return $return;
451
  }
452
  // Then we collapse the staging array into the JSON form:
453
  $result = "[ " . implode( ", ", $construct ) . " ]";
454
+ }
455
  return $result;
456
  }
457
  }
458
  //Add translation
459
+ load_plugin_textdomain('login-with-ajax', false, "login-with-ajax/langs");
460
 
461
  //Include admin file if needed
462
  if(is_admin()){
479
  }
480
 
481
  // Start plugin
482
+ global $LoginWithAjax;
483
  $LoginWithAjax = new LoginWithAjax();
484
 
485
  ?>
readme.txt CHANGED
@@ -3,8 +3,8 @@ Contributors: netweblogic
3
  Donate link: http://netweblogic.com/wordpress/plugins/login-with-ajax/
4
  Tags: Login, Ajax, Redirect, BuddyPress, MU, WPMU, sidebar, admin, widget
5
  Requires at least: 2.8
6
- Tested up to: 3.3.1
7
- Stable tag: 3.0.4
8
 
9
  Add smooth ajax login and registration effects to your blog and choose where users get redirected upon login/logout. Supports SSL, MU, and BuddyPress.
10
 
@@ -206,4 +206,7 @@ For further questions and answers (or to submit one yourself) go to our [http://
206
  * updated russian translation
207
  * added japanese
208
  * updated iranian
209
- * added registration attribute to template tags/shortcode
 
 
 
3
  Donate link: http://netweblogic.com/wordpress/plugins/login-with-ajax/
4
  Tags: Login, Ajax, Redirect, BuddyPress, MU, WPMU, sidebar, admin, widget
5
  Requires at least: 2.8
6
+ Tested up to: 3.3.2
7
+ Stable tag: 3.0.4.1
8
 
9
  Add smooth ajax login and registration effects to your blog and choose where users get redirected upon login/logout. Supports SSL, MU, and BuddyPress.
10
 
206
  * updated russian translation
207
  * added japanese
208
  * updated iranian
209
+ * added registration attribute to template tags/shortcode
210
+
211
+ = 3.0.4.1 =
212
+ * fixed xss vulnerability for re-enlistment on wordpress repo, more on the way