WordPress.org
Get WordPress

Plugin Directory

Changeset 3309580


Ignore:
Timestamp:
06/11/2025 07:28:39 AM (10 months ago)
Author:
v1rustyle
Message:

Improved the token retrieval logic.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • flynax-bridge/trunk/src/API.php

    r3306501 r3309580  
    130130     * Greetings method of the bridges
    131131     *
     132     * @since 2.2.1 - Added admin username and password authorization
    132133     * @since 2.2.0 - Method changed to static
    133134     */
    134135    public static function handShake()
    135136    {
     137        $username = sanitize_text_field(wp_unslash($_REQUEST['username'] ?? ''));
     138        $password = sanitize_text_field(wp_unslash($_REQUEST['password'] ?? ''));
     139
     140        if (!$username || !$password) {
     141            $response = new WP_Error('handshake-error', __('Missing username or password', 'flynax-bridge'));
     142            print(json_encode($response));
     143            return;
     144        }
     145
     146        $user = wp_authenticate($username, $password);
     147
     148        if (is_wp_error($user)) {
     149            $response = new WP_Error('handshake-error', __('Invalid username or password', 'flynax-bridge'));
     150            print(json_encode($response));
     151            return;
     152        }
     153
     154        if (!in_array('administrator', (array) $user->roles)) {
     155            $response = new WP_Error('handshake-error', __('Forbidden: User is not an administrator', 'flynax-bridge'));
     156            print(json_encode($response));
     157            return;
     158        }
     159
    136160        $self = new self();
    137161        $token = $self->generateToken();
Note: See TracChangeset for help on using the changeset viewer.