File: /wordpress/plugins/wp-cloud-client/1.0.0/src/Access/LoginInterceptor.php
<?php
declare(strict_types=1);
namespace VPlugins\WPCloudClient\Access;
use VPlugins\WPCloudClient\Support\Logger;
class LoginInterceptor {
private const QUERY_PARAM = 'wpcc_login_token';
/**
* Construct the login interceptor.
*
* @param LoginTokenManager $tokenManager Login token manager instance.
* @param Logger $logger Logger instance.
*/
public function __construct(
private readonly LoginTokenManager $tokenManager,
private readonly Logger $logger,
) {}
/**
* Hooked to `init`. Checks for login token in the URL and authenticates.
*/
public function handle(): void {
if ( ! isset( $_GET[ self::QUERY_PARAM ] ) ) {
return;
}
$token = sanitize_text_field( wp_unslash( $_GET[ self::QUERY_PARAM ] ) );
if ( '' === $token ) {
return;
}
$userId = $this->tokenManager->consume( $token );
if ( null === $userId ) {
$this->logger->warning( 'One-click login failed: invalid or expired token' );
wp_die(
esc_html__( 'This login link is invalid or has expired.', 'wp-cloud-client' ),
esc_html__( 'Login Failed', 'wp-cloud-client' ),
[ 'response' => 403 ],
);
}
$user = get_user_by( 'id', $userId );
if ( ! $user ) {
$this->logger->warning( sprintf( 'One-click login failed: user ID %d not found', $userId ) );
wp_die(
esc_html__( 'User not found.', 'wp-cloud-client' ),
esc_html__( 'Login Failed', 'wp-cloud-client' ),
[ 'response' => 404 ],
);
}
// Log the user in
wp_set_current_user( $userId );
wp_set_auth_cookie( $userId, false );
do_action( 'wp_login', $user->user_login, $user );
$this->logger->info( sprintf( 'One-click login successful for user "%s" (ID: %d)', $user->user_login, $userId ) );
// Redirect to the requested path or wp-admin
$redirect = isset( $_GET['redirect_to'] )
? esc_url_raw( wp_unslash( $_GET['redirect_to'] ) )
: admin_url();
wp_safe_redirect( $redirect );
exit;
}
}