WordPress.org
Get WordPress

Plugin Directory

Changeset 1179594


Ignore:
Timestamp:
06/12/2015 12:20:44 PM (11 years ago)
Author:
SecSign
Message:

version 1.7.5

Location:
secsign/trunk
Files:
6 added
4 deleted
3 edited

Legend:

Unmodified
Added
Removed

  • secsign/trunk/readme.txt

    r1147928 r1179594  
    33Tags: two-factor authentication, two-factor, authentication, 2 factor authentication, login, sign in, single sign-on, challenge response, rsa, password, mobile, iphone, android, security, authenticator, authenticate, two step authentication, 2fa
    44Requires at least: 3.0.1
    5 Tested up to: 4.2.1
     5Tested up to: 4.2.2
    66Stable tag: trunk
    77License: GPLv2 or later
     
    140140
    141141== Changelog ==
     142
     143= 1.7.5 =
     144* New version of [SecSignIDApi.js](https://github.com/SecSign/secsign-js-api) and [SecSignIDApi.php](https://github.com/SecSign/secsign-php-api)
     145* Fixed error which could interfere with some rules in Apache .htaccess
     146* Tested WP compatibility for Wordpress 4.2.2
    142147
    143148= 1.7.4 =

  • secsign/trunk/secsignfunctions.js

    r1147912 r1179594  
    4444//responsive layout
    4545window.onload = function () {
    46     var secsignidplugin = document.getElementById("secsignidplugin");
    47     if(secsignidplugin){
    48         responsive(secsignidplugin.offsetWidth);
     46    var secsignidplugin = document.getElementById("secsignidplugin");
     47    if(secsignidplugin != null){
     48        responsive(secsignidplugin.offsetWidth);
    4949    }
    5050    frameOption(frameoption, backend);
     
    5353window.addEventListener('resize', function () {
    5454    var secsignidplugin = document.getElementById("secsignidplugin");
    55     if(secsignidplugin){
    56         responsive(secsignidplugin.offsetWidth);
     55    if(secsignidplugin != null){
     56        responsive(secsignidplugin.offsetWidth);
    5757    }
    5858});
     
    136136
    137137//Load SecSignID API
    138 jQuery.getScript(secsignPluginPath + "SecSignIDApi.js", function () {
     138jQuery.getScript(secsignPluginPath + "jsApi/SecSignIDApi.js", function () {
    139139
    140140    //Polling

  • secsign/trunk/secsignid_login.php

    r1147912 r1179594  
    33Plugin Name: SecSign
    44Plugin URI: https://www.secsign.com/add-it-to-your-website/
    5 Version: 1.7.4
     5Version: 1.7.5
    66Description: The plugin allows a user to login using a SecSign ID and his smartphone.
    77Author: SecSign Technologies Inc.
     
    99*/
    1010
    11 // $Id: secsignid_login.php,v 1.25 2015/04/28 09:50:30 titus Exp $
    12 
    1311global $secsignid_login_text_domain;
    1412global $secsignid_login_plugin_name;
     
    1816
    1917include(plugin_dir_path(__FILE__) . 'secsignid_login_db.php');
    20 include(plugin_dir_path(__FILE__) . 'SecSignIDApi.php'); // include low-level interface to connector to SecSign ID Server
     18include(plugin_dir_path(__FILE__) . 'jsApi/phpApi/SecSignIDApi.php'); // include low-level interface to connector to SecSign ID Server
    2119
    2220// check if admin page is called
     
    5250add_action('login_footer', 'secsign_custom_login_form', 0); //custom login form
    5351add_action('wp_login_failed', 'secsign_front_end_pw_login_fail'); // hook failed login
    54 add_filter('wp_enqueue_scripts', 'enqueue_secsign_scripts', 0 ); //enqueue all js scripts at website
    5552add_filter('login_enqueue_scripts', 'enqueue_secsign_scripts'); //enqueue all js scripts at admin dashboard
    5653
     
    5855if (!(function_exists('enqueue_secsign_scripts'))) {
    5956    /**
    60      * enqueue all js scripts
    61      */
    62     function enqueue_secsign_scripts()
    63     {
    64         secsign_print_parameters();
    65         wp_register_script('SecSignIDApi', plugins_url('/SecSignIDApi.js', __FILE__), array('jquery'));
    66         wp_register_script('secsignfunctions', plugins_url('/secsignfunctions.js', __FILE__), array('jquery'), false, true);
    67         wp_enqueue_script('SecSignIDApi');
    68         wp_enqueue_script('secsignfunctions');
     57     * Enqueue all js scripts
     58     */
     59    function enqueue_secsign_scripts() {
     60            secsign_print_parameters();
     61            wp_register_script('SecSignIDApi', plugins_url('/jsApi/SecSignIDApi.js', __FILE__), array('jquery'));
     62            wp_register_script('secsignfunctions', plugins_url('/secsignfunctions.js', __FILE__), array('jquery'), false, true);
     63            wp_enqueue_script('SecSignIDApi');
     64            wp_enqueue_script('secsignfunctions');
    6965    }
    7066}
     
    7369if (!(function_exists('secsign_front_end_pw_login_fail'))) {
    7470    /**
    75      * change referrer when frontend password login fails
     71     * Change referrer when frontend password login fails
    7672     */
    7773    function secsign_front_end_pw_login_fail($username)
     
    110106            var title = "' . addslashes(get_option('secsignid_service_name')) . '";
    111107            var secsignPluginPath = "' .addslashes($plugin_path) . '";
    112             var apiurl = secsignPluginPath+"/signin-bridge.php";
     108            var apiurl = secsignPluginPath + "jsApi/signin-bridge.php";
    113109            var errormsg = "Your login session has expired, was canceled, or was denied.";
    114110            var noresponse = "The authentication server sent no response or you are not connected to the internet.";
     
    118114
    119115            if (url == "") {
    120                 //url = document.URL;
    121116                url = "' . $wp_site_url . '";
    122117            }
     
    175170if (!(function_exists('secsign_id_check_login'))) {
    176171    /**
    177      * this hook will be called for every password based login
     172     * This hook will be called for every password based login
    178173     *
    179174     * @param null|WP_USER|WP_Error $user null indicates no process has authenticated the user yet.
     
    209204if (!(function_exists('check_session_for_bruteforce'))) {
    210205    /**
    211      * the function will check a counter in session. if the counter exceeds a maximum, the session is destroyd to prevent brute force attacks.
     206     * The function will check a counter in session. if the counter exceeds a maximum, the session is destroyd to prevent brute force attacks.
    212207     */
    213208    function check_session_for_bruteforce()
     
    239234if (!(function_exists('secsign_id_init'))) {
    240235    /**
    241      * init function which is hooked to wordpress init action.
    242      * the init function declares this php script to a widget which can be used in wordpress.
    243      * the overriden function widget() calls secsign_id_login($args);
     236     * Init function which is hooked to wordpress init action.
     237     * The init function declares this php script to a widget which can be used in wordpress.
     238     * The overriden function widget() calls secsign_id_login($args);
    244239     */
    245240    function secsign_id_init()
     
    274269if (!(function_exists('secsign_id_init_auth_cookie_check'))) {
    275270    /**
    276      * init function which is hooked to wordpress init action.
    277      * used to check if this login is legit or not
     271     * Init function which is hooked to wordpress init action.
     272     * Used to check if this login is legit or not
    278273     * on multisites you can otherwise bypass the authentication and use the password-based one even if deactivated
    279274     */
     
    299294if (!(function_exists('secsign_id_get_random_secret'))) {
    300295    /**
    301      * gets a random secret from the db or creates it if not available
     296     * Gets a random secret from the db or creates it if not available
    302297     * @return string returns the random secret to sign the auth cookie
    303298     */
     
    319314if (!(function_exists('secsign_id_verify_cookie'))) {
    320315    /**
    321      * verifies a user cookie
     316     * Verifies a user cookie
    322317     * @param string $username the user's username
    323318     * @return bool returns true if the auth cookie is ok, or false if something is wrong
     
    368363if (!(function_exists('secsign_id_set_cookie'))) {
    369364    /**
    370      * sets a secsign id auth cookie, which proves that the login was done with this plugin
     365     * Sets a secsign id auth cookie, which proves that the login was done with this plugin
    371366     * @param string $username the user's username
    372367     */
     
    396391if (!(function_exists('secsign_id_unset_cookie'))) {
    397392    /**
    398      * unsets the secsign id auth cookie
     393     * Unsets the secsign id auth cookie
    399394     */
    400395    function secsign_id_unset_cookie()
     
    578573        } else {
    579574            // user is logged in, show logout screen
     575
     576            enqueue_secsign_scripts();
    580577
    581578            $form_post_url = secsign_id_login_post_url();
     
    628625if (!(function_exists('secsign_id_check_ticket'))) {
    629626    /**
    630      * the actual login process.
    631      * the function is hooked to init action of wordpress.
    632      * for this reason this method is called before the widget rendering function.
     627     * The actual login process.
     628     * The function is hooked to init action of wordpress.
     629     * For this reason this method is called before the widget rendering function.
    633630     *
    634      * all post parameter are available and a possible auth session can be checked if its status is AUTHENTICATED.
    635      * the auth session status is saved in a global variable $secsignid_login_auth_session_status
     631     * All post parameter are available and a possible auth session can be checked if its status is AUTHENTICATED.
     632     * The auth session status is saved in a global variable $secsignid_login_auth_session_status
    636633     *
    637      * if the auth session status is authenticated, the user will be logged in.
     634     * If the auth session status is authenticated, the user will be logged in.
    638635     * otherwise the function just will end without any effects.
    639636     */
     
    833830                    //save to the session, that the secsign id was authenticated. This will later allow the assignment to/creation of a wordpress user
    834831                    $_SESSION['authenticated'] = $_POST['secsigniduserid'];
     832
    835833                    // release authentication session. it is not used any more
    836                     $secSignIDApi->releaseAuthSession($authsession);
     834                    try {
     835                        $secSignIDApi->releaseAuthSession($authsession);
     836                    } catch(Exception $e){
     837                        //do nothing if the authentication session cannot be released, proceed with user login
     838                    }
    837839
    838840                    $user_to_login = get_wp_user($_POST['secsigniduserid']);
     
    889891if (!(function_exists('secsign_id_login_post_url'))) {
    890892    /**
    891      * builds an url which is used for all html forms to post data to.
     893     * Builds an url which is used for all html forms to post data to.
    892894     */
    893895    function secsign_id_login_post_url()
     
    915917if (!(function_exists('secsign_id_login_remove_all_url_params'))) {
    916918    /**
    917      * removes all not needed parameter (loggedout, reauth, action) from a url path
     919     * Removes all not needed parameter (loggedout, reauth, action) from a url path
    918920     * the second parameter is optional and returns the redirect_to value by reference if available
    919921     * Example: secsign_id_login_remove_url_param('/wp-login-php?para1=1&para2=2')
     
    969971if (!(function_exists('get_secsignid_server_instance'))) {
    970972    /**
    971      * creates an instance of the SecSignIDApi and returns it.
    972      *
     973     * Creates an instance of the SecSignIDApi and returns it.
    973974     * @return SecSignIDApi the SecSign ID server API
    974975     */
     
    984985if (!(function_exists('print_login_form'))) {
    985986    /**
    986      * prints out the actual login form
     987     * Prints out the actual login form.
    987988     */
    988989    function print_login_form()
    989990    {
     991        enqueue_secsign_scripts();
     992
    990993        $form_post_url = secsign_id_login_post_url();
    991994        $plugin_path = plugin_dir_url(__FILE__);
     
    11781181if (!(function_exists('print_wpuser_mapping_form'))) {
    11791182    /**
    1180      * prints out the WP User mapping login form
     1183     * Prints out the WP User mapping login form. This happens if the given secsign id is not mapped to a wordpress user and self enrollment is enabled.
    11811184     */
    11821185    function print_wpuser_mapping_form()
     
    12561259if (!function_exists('secsignid_login_hide_wp_login')) {
    12571260    /**
    1258      * prints jQuery code to hide the normal password based login, when using the secsign id login
     1261     * Prints jQuery code to hide the normal password based login, when using the secsign id login.
    12591262     */
    12601263    function secsignid_login_hide_wp_login()
     
    12751278if (!function_exists('add_error')) {
    12761279    /**
    1277      * check if the global variable error is set and is an instance of WP_Error.
     1280     * Check if the global variable error is set and is an instance of WP_Error.
    12781281     * If not the function creates a new WP_Error instance and assignes it to global variable $errors.
    12791282     * After that the given error message is added to WP_Error instance.
     
    12981301if (!(function_exists('print_error'))) {
    12991302    /**
    1300      * prints out an error
    1301      *
     1303     * Prints out an error as message
    13021304     * @param string $error an error message
    13031305     * @param BOOL $print_login_form Optional. if true, it prints the login form
     
    13221324if (!(function_exists('print_message'))) {
    13231325    /**
    1324      * prints out a message
    1325      *
     1326     * Prints out a message.
    13261327     * @param string $msg the messsage
    13271328     */
     
    13501351if (!(function_exists('get_plugin_version'))) {
    13511352    /**
    1352      * Gets the version of this plugin. It propably costs some time to parse the plugin file. But it is better to hve another variable to keep updated.
     1353     * Gets the version of this plugin. It probably costs some time to parse the plugin file. But this is better than haveing another variable which needs to be updated as well.
    13531354     */
    13541355    function get_plugin_version()
Note: See TracChangeset for help on using the changeset viewer.