WordPress.org
Get WordPress

Plugin Directory

Changeset 696234


Ignore:
Timestamp:
04/11/2013 08:09:20 PM (13 years ago)
Author:
shrkey
Message:

moved to using a timer based oncer for the key

Location:
expirepassword/trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • expirepassword/trunk/classes/public.expirepassword.php

    r695551 r696234  
    9292                    // 3. Check the key is valid - *before* accessing user data
    9393                    // Get the stored key
    94                     $thekey = shrkey_get_usermeta_oncer( $user->ID, '_shrkey_password_expired_key' );
     94                    $thekey = shrkey_get_usermeta_timed_oncer( $user->ID, '_shrkey_password_expired_key' );
    9595                    // Get and parse the passed key
    9696                    $passedkey = preg_replace('/[^a-z0-9]/i', '', $_POST['key']);
     
    154154            }
    155155
    156             // We are going to save our key to a oncer for later checking
    157             shrkey_set_usermeta_oncer( $user->ID, '_shrkey_password_expired_key', $oncerkey );
     156            // We are going to save our key to a oncer for later checking - but set it to expire in 5 minutes
     157            shrkey_set_usermeta_timed_oncer( $user->ID, '_shrkey_password_expired_key', $oncerkey, '+5 minutes' );
    158158
    159159            login_header( __('Expired Password', 'expirepassword'), '<p class="message reset-pass">' . __('Your password has <strong>expired</strong>. Enter a new password below.', 'expirepassword') . '</p>', $errors );

  • expirepassword/trunk/expirepassword.php

    r695551 r696234  
    22/*
    33Plugin Name: Expire Password
    4 Version: 1.0
     4Version: 1.1
    55Plugin URI: https://github.com/shrkey/expirepassword
    66Description: Forces a user to change their password at their netx login, can be set to force a password change for a new user on first sign in

  • expirepassword/trunk/includes/functions.php

    r695551 r696234  
    11<?php
     2/*
     3* Oncer functions - a oncer is a piece of data that is deleted from the database as soon as it is retrieved
     4*/
    25
    36if( !function_exists( 'shrkey_has_usermeta_oncer') ) {
     
    4447}
    4548
     49/*
     50* Timed Oncers - a timed oncer is a oncer that only exists until a set time, and then it is removed
     51*/
     52
     53if( !function_exists( 'shrkey_has_usermeta_timed_oncer') ) {
     54    function shrkey_has_usermeta_timed_oncer( $user_id, $meta ) {
     55
     56        $value = get_user_meta( $user_id, $meta, true );
     57        if(!empty($value)) {
     58            return true;
     59        } else {
     60            return false;
     61        }
     62
     63    }
     64}
     65
     66if( !function_exists( 'shrkey_get_usermeta_timed_oncer') ) {
     67    function shrkey_get_usermeta_timed_oncer( $user_id, $meta ) {
     68
     69        $value = get_user_meta( $user_id, $meta, true );
     70        if(!empty($value)) {
     71            // 1. remove it as we only want it readable once
     72            delete_user_meta( $user_id, $meta );
     73            // 2. Split the oncer into it's parts
     74            $storage = explode( '##', $value );
     75            // Array map the arrays to get rid of rogue spaces / characters
     76            if( is_array( $storage) ) {
     77                $storage = array_map( 'trim', $storage );
     78            }
     79            // 3. Check it has the correct number of parts
     80            if( count($storage) == 3 ) {
     81                // 4. Rebuild the hash
     82                $newhash = md5( 'SHRKEY' . $storage[0] . $storage[1] );
     83                // 5. Check the hash is correct and it hasn't expired
     84                if( $newhash == $storage[2] && time() <= $storage[1] ) {
     85                    // 6. return it
     86                    return $storage[0];
     87                } else {
     88                    return '';
     89                }
     90            } else {
     91                return '';
     92            }
     93        }
     94
     95        // Our catch all drop out return empty string return :)
     96        return '';
     97
     98    }
     99}
     100
     101if( !function_exists( 'shrkey_set_usermeta_timed_oncer') ) {
     102    function shrkey_set_usermeta_timed_oncer( $user_id, $meta, $value, $expires = '+1 day' ) {
     103
     104        $expirytime = strtotime( $expires );
     105        $storage = array(   $value,
     106                            $expirytime,
     107                            md5( 'SHRKEY' . $value . $expirytime )
     108                        );
     109
     110        update_user_meta( $user_id, $meta, implode( '##', $storage ) );
     111
     112    }
     113}
     114
     115if( !function_exists( 'shrkey_delete_usermeta_timed_oncer') ) {
     116    function shrkey_delete_usermeta_timed_oncer( $user_id, $meta ) {
     117
     118        delete_user_meta( $user_id, $meta );
     119
     120    }
     121}
     122
     123/*
     124* Options functions that get the information from the options or sitemeta table depending a setting
     125*/
     126
    46127if( !function_exists( 'shrkey_get_option') ) {
    47128    function shrkey_get_option($key, $default = false) {

  • expirepassword/trunk/readme.txt

    r695568 r696234  
    44Requires at least: 3.0
    55Tested up to: 3.5.1
    6 Stable tag: 1.0
     6Stable tag: 1.1
    77
    88Enables a site administrator to expire a users password and enforce a change to a new, different password before they can login again
Note: See TracChangeset for help on using the changeset viewer.