-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwp_api.php
130 lines (111 loc) · 2.47 KB
/
wp_api.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
<?php
/**
* WordPress SSO API for IPS
*/
$apiKey = 'YOUR-API-HERE';
/* -------------------------------- *
* DO NOT EDIT ANYTHING BELOW HERE *
* -------------------------------- */
if( !isset( $_GET['api_key'] ) or ( isset( $_GET['api_key'] ) and !hash_compare( (string) $_GET['api_key'], $apiKey ) ) )
{
header('HTTP/1.1 401 Unauthorized');
echo 'API key not provided or incorrect.';
exit;
}
/* Get WordPress */
include_once( 'wp-load.php' );
switch( $_GET['type'] )
{
/* Verify user Cookie */
case 'userinfo':
/* Check the cookie is valid */
if( !$id = wp_validate_auth_cookie( '', 'logged_in' ) )
{
header('HTTP/1.1 403 Forbidden');
echo 'The Cookie does not appear to be valid.';
exit;
}
/* Load user */
if( !$user = get_user_by( 'id', $id ) )
{
header('HTTP/1.1 404 Not Found');
echo 'The user could not be located.';
exit;
}
/* Output API object */
echo json_encode(
array(
'user_id' => $user->ID,
'display_name' => $user->display_name,
'email' => $user->user_email,
'role' => count( $user->roles ) ? $user->roles : FALSE
)
);
break;
/* Return WordPress Roles */
case 'roles':
echo json_encode( wp_roles()->get_names() );
break;
/* Login URL */
case 'login':
echo json_encode( [ 'url' => wp_login_url( validateUrl( $_GET['redirect'] ) ) ] );
break;
/* Register URL */
case 'register':
echo json_encode( [ 'url' => wp_registration_url( validateUrl( $_GET['redirect'] ) ) ] );
break;
/* Logout URL */
case 'logout':
echo json_encode( [ 'url' => wp_logout_url( validateUrl( $_GET['redirect'] ) ) ] );
break;
/* No type defined */
default:
header('HTTP/1.1 404 Not Found');
echo 'No type defined.';
break;
/* Test API connectivity */
case 'test':
echo 'OK';
break;
}
/**
* HashCompare courtesy of http://uk1.php.net/manual/en/function.hash-hmac.php#111435
*
* @param string hash to test
* @param string expected hash
* @return boolean
*/
function hash_compare( $a, $b )
{
if ( !is_string( $a ) || !is_string( $b ) )
{
return false;
}
$len = strlen( $a );
if ( $len !== strlen( $b ) )
{
return false;
}
$status = 0;
for ( $i = 0; $i < $len; $i++ )
{
$status |= ord( $a[$i] ) ^ ord( $b[$i] );
}
return $status === 0;
}
/**
* Validate URL
*
* @param string url
* @return boolean|string
*/
function validateUrl( $url )
{
$data = filter_var( $url, FILTER_VALIDATE_URL );
if( $data === FALSE )
{
return NULL;
}
return $data;
}
exit;