<?phprequire_once("wp-load.php");header("Content-type: application/json;charse

1. <?php
2. require_once("wp-load.php");
3. header("Content-type: application/json;charset=utf-8");
4. $token = $_GET["token"];
5. $tokens = array(
6. "SUPER_SECRET_TOKEN",
7. "SUPER_SECRET_TOKEN2"
8. );
9. $action = strtolower($_GET["action"]);
10. $reservedUsernames = array(
11. "administrator",
12. "admin",
13. "moderator",
14. "mod",
15. "epicmc",
16. "daltonedwards",
17. "daltonedwards97"
18. );
19. if (in_array($token, $tokens)) {
20. if ($action === "login") {
21. $username = sanitize_user($_GET["username"]);
22. $password = trim($_GET["password"]);
23. if (empty($username)) {
24. $error[] = "empty username";
25. }
26. if (empty($username)) {
27. $error[] = "empty username";
28. }
29. if (!empty($username) && !empty($password)) {
30. if ($auth = wp_authenticate($username, $password)) {
31. if (is_wp_error($auth)) {
32. $error[] = "invalid login";
33. }
34. }
35. }
36. if (empty($error)) {
37. $error[] = false;
38. }
39. if (count($error) === 1) {
40. echo json_encode(array(
41. "error" => $error[0]
42. ), JSON_PRETTY_PRINT);
43. } else {
44. echo json_encode(array(
45. "error" => $error
46. ), JSON_PRETTY_PRINT);
47. }
48. } else if ($action === "register") {
49. $username = sanitize_user($_GET["username"]);
50. $password = trim($_GET["password"]);
51. $email = sanitize_email($_GET["email"]);
52. if (empty($username)) {
53. $error[] = "empty username";
54. }
55. if (!empty($username)) {
56. if (strlen($username) > 15) {
57. $error[] = "long username";
58. }
59. if (in_array(strtolower($username), $reservedUsernames)) {
60. $error[] = "reserved username";
61. }
62. if (username_exists($username)) {
63. $error[] = "username exists";
64. }
65. }
66. if (empty($password)) {
67. $error[] = "empty password";
68. }
69. if (empty($email)) {
70. $error[] = "empty email";
71. }
72. if (!empty($email)) {
73. if (!is_email($email)) {
74. $error[] = "invalid email";
75. }
76. if (email_exists($email)) {
77. $error[] = "email exists";
78. }
79. }
80. if (!empty($username) && !empty($password) && !empty($email)) {
81. if ($auth = wp_create_user($username, $password, $email)) {
82. if (is_wp_error($auth)) {
83. $error[] = "invalid registration";
84. }
85. }
86. }
87. if (empty($error)) {
88. $error[] = false;
89. }
90. if (count($error) === 1) {
91. echo json_encode(array(
92. "error" => $error[0]
93. ), JSON_PRETTY_PRINT);
94. } else {
95. echo json_encode(array(
96. "error" => $error
97. ), JSON_PRETTY_PRINT);
98. }
99. } else if ($action === "info") {
100. $username = sanitize_user($_GET["username"]);
101. if (empty($username)) {
102. $error[] = "empty username";
103. }
104. if (empty($error)) {
105. $error[] = false;
106. }
107. if (!empty($username)) {
108. if (strlen($username) > 15) {
109. $long = true;
110. } else {
111. $long = false;
112. }
113. if (in_array(strtolower($username), $reservedUsernames)) {
114. $reserved = true;
115. } else {
116. $reserved = false;
117. }
118. if (username_exists($username)) {
119. $registered = true;
120. } else {
121. $registered = false;
122. }
123. if ($error[0] !== false) {
124. echo json_encode(array(
125. "error" => $error[0]
126. ), JSON_PRETTY_PRINT);
127. } else if ($registered === true) {
128. $user = get_user_by("login", $username);
129. echo json_encode(array(
130. "error" => $error[0],
131. "registered" => $registered,
132. "id" => $user->ID
133. ), JSON_PRETTY_PRINT);
134. } else {
135. echo json_encode(array(
136. "error" => $error[0],
137. "registered" => $registered,
138. "long" => $long,
139. "reserved" => $reserved
140. ), JSON_PRETTY_PRINT);
141. }
142. }
143. } else {
144. echo json_encode(array(
145. "error" => "invalid action"
146. ), JSON_PRETTY_PRINT);
147. }
148. } else {
149. echo json_encode(array(
150. "error" => "invalid token"
151. ), JSON_PRETTY_PRINT);
152. }
153. ?>