bradvin · May 2, 2023 17:03 · bradvin · May 2, 2023
diff --git a/dreamhost-panel-login.php b/dreamhost-panel-login.php
 <?php
 /**
 * Plugin Name:     DreamHost Panel Login
 * Plugin URI:      https://www.dreamhost.com/wordpress/
 * Description:     Used by DreamHost to generate a one-time login URL for your admin user that is to be used from within https://panel.dreamhost.com.
 * Author:          DreamHost, danielbachhuber
 * Author URI:      https://dreamhost.com
 * Version:         1.0.0
 *
 * @package         One_Time_Login
 */

 /**
 * Generate a one-time login URL for any user.
 *
 * ## OPTIONS
 *
 * <user>
 * : ID, email address, or user login for the user.
 *
 * [--count=<count>]
 * : Generate a specified number of login tokens.
 * ---
 * default: 1
 * ---
 *
 * [--delay-delete]
 * : Delete existing tokens after 15 minutes, instead of immediately.
 *
 * ## EXAMPLES
 *
 *     # Generate two one-time login URLs.
 *     $ wp user one-time-login testuser --count=2
 *     http://wpdev.test/wp-login.php?user_id=2&one_time_login_token=ebe62e3
 *     http://wpdev.test/wp-login.php?user_id=2&one_time_login_token=eb41c77
 */

 $min_php_version = '5.6.4';

 function dh_sso_wp_cli_command( $args, $assoc_args ) {

 	$fetcher = new WP_CLI\Fetchers\User;
 	$user = $fetcher->get_check( $args[0] );
 	$delay_delete = WP_CLI\Utils\get_flag_value( $assoc_args, 'delay-delete' );
 	$count = (int) $assoc_args['count'];
 	$tokens = $new_tokens = array();

 	if ( $delay_delete ) {
 		$tokens = get_user_meta( $user->ID, 'one_time_login_token', true );
 		$tokens = is_string( $tokens ) ? array( $tokens ) : $tokens;
 		wp_schedule_single_event( time() + ( 15 * MINUTE_IN_SECONDS ), 'dh_sso_cleanup_expired_tokens', array( $user->ID, $tokens ) );
 	}

 	for ( $i = 0; $i < $count; $i++ ) {
 		$password = wp_generate_password();
 		$token = sha1( $password );
 		$tokens[] = $token;
 		$new_tokens[] = $token;
 	}

 	update_user_meta( $user->ID, 'one_time_login_token', $tokens );
 	do_action( 'dh_sso_created', $user );
 	foreach ( $new_tokens as $token ) {
 		$query_args = array(
 			'user_id'              => $user->ID,
 			'one_time_login_token' => $token,
 		);
 		$login_url = add_query_arg( $query_args, wp_login_url() );
 		WP_CLI::log( $login_url );
 	}
 }

 /**
 * Handle cleanup process for expired one-time login tokens.
 */
 function dh_sso_cleanup_expired_tokens( $user_id, $expired_tokens ) {
 	$tokens = get_user_meta( $user_id, 'one_time_login_token', true );
 	$tokens = is_string( $tokens ) ? array( $tokens ) : $tokens;
 	$new_tokens = array();
 	foreach ( $tokens as $token ) {
 		if ( ! in_array( $token, $expired_tokens, true ) ) {
 			$new_tokens[] = $token;
 		}
 	}
 	update_user_meta( $user_id, 'one_time_login_token', $new_tokens );
 }
 //add_action( 'dh_sso_cleanup_expired_tokens', 'dh_sso_cleanup_expired_tokens', 10, 2 );

 /**
 * Log a request in as a user if the token is valid.
 */
 function dh_sso_handle_token() {
 	global $pagenow;

 	if ( 'wp-login.php' !== $pagenow || empty( $_GET['user_id'] ) || empty( $_GET['one_time_login_token'] ) ) {
 		return;
 	}

 	if ( is_user_logged_in() ) {
 		$error = sprintf( __( 'Invalid one-time login token, but you are logged in as \'%s\'. <a href="%s">Go to the dashboard instead</a>?', 'one-time-login' ), wp_get_current_user()->user_login, admin_url() );
 	} else {
 		$error = sprintf( __( 'Invalid one-time login token. <a href="%s">Try signing in instead</a>?', 'one-time-login' ), wp_login_url() );
 	}

 	// Ensure any expired crons are run
 	// It would be nice if WP-Cron had an API for this, but alas.
 	$crons = _get_cron_array();
 	if ( ! empty( $crons ) ) {
 		foreach ( $crons as $time => $hooks ) {
 			if ( time() < $time ) {
 				continue;
 			}
 			foreach ( $hooks as $hook => $hook_events ) {
 				if ( 'dh_sso_cleanup_expired_tokens' !== $hook ) {
 					continue;
 				}
 				foreach ( $hook_events as $sig => $data ) {
 					if ( ! defined( 'DOING_CRON' ) ) {
 						define( 'DOING_CRON', true );
 					}
 					do_action_ref_array( $hook, $data['args'] );
 					wp_unschedule_event( $time, $hook, $data['args'] );
 				}
 			}
 		}
 	}

 	// Use a generic error message to ensure user ids can't be sniffed
 	$user = get_user_by( 'id', (int) $_GET['user_id'] );
 	if ( ! $user ) {
 		wp_die( $error );
 	}

 	$tokens = get_user_meta( $user->ID, 'one_time_login_token', true );
 	$tokens = is_string( $tokens ) ? array( $tokens ) : $tokens;
 	$is_valid = false;
 	foreach ( $tokens as $i => $token ) {
 		if ( hash_equals( $token, $_GET['one_time_login_token'] ) ) {
 			$is_valid = true;
 			unset( $tokens[ $i ] );
 			break;
 		}
 	}

 	if ( ! $is_valid ) {
 		wp_die( $error );
 	}

 	do_action( 'dh_sso_logged_in', $user );
 	update_user_meta( $user->ID, 'one_time_login_token', $tokens );
 	wp_set_auth_cookie( $user->ID, true, is_ssl() );
 	wp_safe_redirect( admin_url() );
 	exit;
 }
 //add_action( 'init', 'dh_sso_handle_token' );

 function hide_plugin_dh_sso() {   
 	global $wp_list_table;
 	$hidearray = array(
 			plugin_basename( __FILE__ ),
 	);
 	$myplugins = $wp_list_table->items;
 	foreach ($myplugins as $key => $val) {
 		if (in_array($key,$hidearray)) {
 			unset($wp_list_table->items[$key]);
 		}
 	}
 }
 if ( is_admin() ) {
 	//add_action('pre_current_active_plugins', 'hide_plugin_dh_sso');
 }

 function dh_sso_disable_my_plugin_update( $return, $url ) {
 	if ( 0 === strpos( $url, 'https://api.wordpress.org/plugins/update-check/' ) ) {
 		$my_plugin = plugin_basename( __FILE__ );
 		$plugins   = json_decode( $return['body']['plugins'], true );
 		if (!empty($plugins)) {
 			unset( $plugins['plugins'][$my_plugin] );
                	unset( $plugins['active'][array_search( $my_plugin, $plugins['active'] )] );
 			$return['body']['plugins'] = json_encode( $plugins );
 		}
 	}
 	return $return;
 }
 add_filter( 'http_request_args', 'dh_sso_disable_my_plugin_update', 10, 2 );

 if ( class_exists( 'WP_CLI' ) && version_compare( phpversion(), $min_php_version, '>=' )) {
 	WP_CLI::add_command( 'user one-time-login', 'dh_sso_wp_cli_command' );
 }
	<?php
	/**
	* Plugin Name: DreamHost Panel Login
	* Plugin URI: https://www.dreamhost.com/wordpress/
	* Description: Used by DreamHost to generate a one-time login URL for your admin user that is to be used from within https://panel.dreamhost.com.
	* Author: DreamHost, danielbachhuber
	* Author URI: https://dreamhost.com
	* Version: 1.0.0
	*
	* @package One_Time_Login
	*/

	/**
	* Generate a one-time login URL for any user.
	*
	* ## OPTIONS
	*
	* <user>
	* : ID, email address, or user login for the user.
	*
	* [--count=<count>]
	* : Generate a specified number of login tokens.
	* ---
	* default: 1
	* ---
	*
	* [--delay-delete]
	* : Delete existing tokens after 15 minutes, instead of immediately.
	*
	* ## EXAMPLES
	*
	* # Generate two one-time login URLs.
	* $ wp user one-time-login testuser --count=2
	* http://wpdev.test/wp-login.php?user_id=2&one_time_login_token=ebe62e3
	* http://wpdev.test/wp-login.php?user_id=2&one_time_login_token=eb41c77
	*/

	$min_php_version = '5.6.4';

	function dh_sso_wp_cli_command( $args, $assoc_args ) {

	$fetcher = new WP_CLI\Fetchers\User;
	$user = $fetcher->get_check( $args[0] );
	$delay_delete = WP_CLI\Utils\get_flag_value( $assoc_args, 'delay-delete' );
	$count = (int) $assoc_args['count'];
	$tokens = $new_tokens = array();

	if ( $delay_delete ) {
	$tokens = get_user_meta( $user->ID, 'one_time_login_token', true );
	$tokens = is_string( $tokens ) ? array( $tokens ) : $tokens;
	wp_schedule_single_event( time() + ( 15 * MINUTE_IN_SECONDS ), 'dh_sso_cleanup_expired_tokens', array( $user->ID, $tokens ) );
	}

	for ( $i = 0; $i < $count; $i++ ) {
	$password = wp_generate_password();
	$token = sha1( $password );
	$tokens[] = $token;
	$new_tokens[] = $token;
	}

	update_user_meta( $user->ID, 'one_time_login_token', $tokens );
	do_action( 'dh_sso_created', $user );
	foreach ( $new_tokens as $token ) {
	$query_args = array(
	'user_id' => $user->ID,
	'one_time_login_token' => $token,
	);
	$login_url = add_query_arg( $query_args, wp_login_url() );
	WP_CLI::log( $login_url );
	}
	}

	/**
	* Handle cleanup process for expired one-time login tokens.
	*/
	function dh_sso_cleanup_expired_tokens( $user_id, $expired_tokens ) {
	$tokens = get_user_meta( $user_id, 'one_time_login_token', true );
	$tokens = is_string( $tokens ) ? array( $tokens ) : $tokens;
	$new_tokens = array();
	foreach ( $tokens as $token ) {
	if ( ! in_array( $token, $expired_tokens, true ) ) {
	$new_tokens[] = $token;
	}
	}
	update_user_meta( $user_id, 'one_time_login_token', $new_tokens );
	}
	//add_action( 'dh_sso_cleanup_expired_tokens', 'dh_sso_cleanup_expired_tokens', 10, 2 );

	/**
	* Log a request in as a user if the token is valid.
	*/
	function dh_sso_handle_token() {
	global $pagenow;

	if ( 'wp-login.php' !== $pagenow \|\| empty( $_GET['user_id'] ) \|\| empty( $_GET['one_time_login_token'] ) ) {
	return;
	}

	if ( is_user_logged_in() ) {
	$error = sprintf( __( 'Invalid one-time login token, but you are logged in as \'%s\'. <a href="%s">Go to the dashboard instead</a>?', 'one-time-login' ), wp_get_current_user()->user_login, admin_url() );
	} else {
	$error = sprintf( __( 'Invalid one-time login token. <a href="%s">Try signing in instead</a>?', 'one-time-login' ), wp_login_url() );
	}

	// Ensure any expired crons are run
	// It would be nice if WP-Cron had an API for this, but alas.
	$crons = _get_cron_array();
	if ( ! empty( $crons ) ) {
	foreach ( $crons as $time => $hooks ) {
	if ( time() < $time ) {
	continue;
	}
	foreach ( $hooks as $hook => $hook_events ) {
	if ( 'dh_sso_cleanup_expired_tokens' !== $hook ) {
	continue;
	}
	foreach ( $hook_events as $sig => $data ) {
	if ( ! defined( 'DOING_CRON' ) ) {
	define( 'DOING_CRON', true );
	}
	do_action_ref_array( $hook, $data['args'] );
	wp_unschedule_event( $time, $hook, $data['args'] );
	}
	}
	}
	}

	// Use a generic error message to ensure user ids can't be sniffed
	$user = get_user_by( 'id', (int) $_GET['user_id'] );
	if ( ! $user ) {
	wp_die( $error );
	}

	$tokens = get_user_meta( $user->ID, 'one_time_login_token', true );
	$tokens = is_string( $tokens ) ? array( $tokens ) : $tokens;
	$is_valid = false;
	foreach ( $tokens as $i => $token ) {
	if ( hash_equals( $token, $_GET['one_time_login_token'] ) ) {
	$is_valid = true;
	unset( $tokens[ $i ] );
	break;
	}
	}

	if ( ! $is_valid ) {
	wp_die( $error );
	}

	do_action( 'dh_sso_logged_in', $user );
	update_user_meta( $user->ID, 'one_time_login_token', $tokens );
	wp_set_auth_cookie( $user->ID, true, is_ssl() );
	wp_safe_redirect( admin_url() );
	exit;
	}
	//add_action( 'init', 'dh_sso_handle_token' );

	function hide_plugin_dh_sso() {
	global $wp_list_table;
	$hidearray = array(
	plugin_basename( __FILE__ ),
	);
	$myplugins = $wp_list_table->items;
	foreach ($myplugins as $key => $val) {
	if (in_array($key,$hidearray)) {
	unset($wp_list_table->items[$key]);
	}
	}
	}
	if ( is_admin() ) {
	//add_action('pre_current_active_plugins', 'hide_plugin_dh_sso');
	}

	function dh_sso_disable_my_plugin_update( $return, $url ) {
	if ( 0 === strpos( $url, 'https://api.wordpress.org/plugins/update-check/' ) ) {
	$my_plugin = plugin_basename( __FILE__ );
	$plugins = json_decode( $return['body']['plugins'], true );
	if (!empty($plugins)) {
	unset( $plugins['plugins'][$my_plugin] );
	unset( $plugins['active'][array_search( $my_plugin, $plugins['active'] )] );
	$return['body']['plugins'] = json_encode( $plugins );
	}
	}
	return $return;
	}
	add_filter( 'http_request_args', 'dh_sso_disable_my_plugin_update', 10, 2 );

	if ( class_exists( 'WP_CLI' ) && version_compare( phpversion(), $min_php_version, '>=' )) {
	WP_CLI::add_command( 'user one-time-login', 'dh_sso_wp_cli_command' );
	}