HEX
Server: nginx
System: Linux pool195-106-36.bur.atomicsites.net 6.12.57+deb12-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.57-1~bpo12+1 (2025-11-17) x86_64
User: (0)
PHP: 8.3.32
Disabled: pcntl_fork
Upload Files
File: /wordpress/plugins/wp-cloud-client/1.0.0/src/Access/LoginInterceptor.php
<?php

declare(strict_types=1);

namespace VPlugins\WPCloudClient\Access;

use VPlugins\WPCloudClient\Support\Logger;

class LoginInterceptor {

	private const QUERY_PARAM = 'wpcc_login_token';

	/**
	 * Construct the login interceptor.
	 *
	 * @param LoginTokenManager $tokenManager Login token manager instance.
	 * @param Logger            $logger       Logger instance.
	 */
	public function __construct(
		private readonly LoginTokenManager $tokenManager,
		private readonly Logger $logger,
	) {}

	/**
	 * Hooked to `init`. Checks for login token in the URL and authenticates.
	 */
	public function handle(): void {
		if ( ! isset( $_GET[ self::QUERY_PARAM ] ) ) {
			return;
		}

		$token = sanitize_text_field( wp_unslash( $_GET[ self::QUERY_PARAM ] ) );

		if ( '' === $token ) {
			return;
		}

		$userId = $this->tokenManager->consume( $token );

		if ( null === $userId ) {
			$this->logger->warning( 'One-click login failed: invalid or expired token' );
			wp_die(
				esc_html__( 'This login link is invalid or has expired.', 'wp-cloud-client' ),
				esc_html__( 'Login Failed', 'wp-cloud-client' ),
				[ 'response' => 403 ],
			);
		}

		$user = get_user_by( 'id', $userId );

		if ( ! $user ) {
			$this->logger->warning( sprintf( 'One-click login failed: user ID %d not found', $userId ) );
			wp_die(
				esc_html__( 'User not found.', 'wp-cloud-client' ),
				esc_html__( 'Login Failed', 'wp-cloud-client' ),
				[ 'response' => 404 ],
			);
		}

		// Log the user in
		wp_set_current_user( $userId );
		wp_set_auth_cookie( $userId, false );
		do_action( 'wp_login', $user->user_login, $user );

		$this->logger->info( sprintf( 'One-click login successful for user "%s" (ID: %d)', $user->user_login, $userId ) );

		// Redirect to the requested path or wp-admin
		$redirect = isset( $_GET['redirect_to'] )
			? esc_url_raw( wp_unslash( $_GET['redirect_to'] ) )
			: admin_url();

		wp_safe_redirect( $redirect );
		exit;
	}
}