Version bump to 0.4

Not yet implemented though... Just there for now.

swg-auth/admin/admin.php

@@ -0,0 +1,127 @@
+<?php
+
+// Add Menu Pages
+add_action('admin_menu', 'swg_auth_admin_menus');
+function swg_auth_admin_menus(){
+  add_menu_page(
+    'SWG Auth',
+    'SWG Auth',
+    'administrator',
+    'swg-auth-settings',
+    'swg_auth_settings_html',
+    '', //Icon URL
+    3
+  );
+  add_submenu_page(
+    'swg-auth-settings',
+    'SWG Auth Settings',
+    'Settings',
+    'administrator',
+    'swg-auth-settings',
+    'swg_auth_settings_html',
+    1
+  );
+  add_submenu_page(
+    'swg-auth-settings',
+    'Server Config',
+    'Server Config',
+    'administrator',
+    'swg-auth-server-config',
+    'swg_auth_server_config_html',
+    10
+  );
+}
+function swg_auth_settings_html(){
+  if(!current_user_can('manage_options')){
+    return;
+  }
+  include(plugin_dir_path(__FILE__) . 'swg-auth-settings-html.php');
+}
+function swg_auth_server_config_html(){
+  if(!current_user_can('manage_options')){
+    return;
+  }
+  include(plugin_dir_path(__FILE__) . 'swg-auth-server-config-html.php');
+}
+
+// Add settings
+add_action('admin_init', 'swg_auth_settings');
+function swg_auth_settings(){
+  add_settings_section(
+    'swg-auth-general-settings',
+    'General Settings',
+    'swg_auth_general_settings_html',
+    'swg-auth-settings'
+  );
+  register_setting(
+    'swg-auth-general-settings',
+    'swg-auth-approval-required',
+    array(
+      'type' => 'boolean',
+      'description' => 'Whether approval is required for game access.',
+      'sanitize_callback' => '', // TODO: A callback function that sanitizes the option's value.
+      'show_in_rest' => false,
+      'default' => false
+    )
+  );
+  add_settings_field(
+    'swg-auth-approval-required',
+    'Require approval before an account can have game access.',
+    'swg_auth_approval_required_html',
+    'swg-auth-settings',
+    'swg-auth-general-settings',
+    array(
+      //'label_for' => '', // When supplied, the setting title will be wrapped in a <label> element, its for attribute populated with this value.
+      //'class' => '', // CSS Class to be added to the <tr> element when the field is output.
+    )
+  );
+}
+function swg_auth_general_settings_html($args){
+  echo '';
+}
+function swg_auth_approval_required_html($args){
+  ?><input type="checkbox" name="swg-auth-approval-required" <?php echo (get_option('swg-auth-approval-required') == 'on') ? 'checked' : '' ?>><?php
+}
+
+// Add user settings
+add_action('edit_user_profile', 'swg_auth_user_settings');
+function swg_auth_user_settings($user){
+  ?>
+  <h3>SWG Settings</h3>
+  <?php echo (get_user_meta($user->ID, 'swg-auth-approved', true) == 'on') ? '<input type="hidden" name="swg-auth-approved" value="on">' : ''; ?>
+  <table class="form-table">
+    <?php if(get_option('swg-auth-approval-required')) { ?>
+    <tr>
+      <th>
+        <label for="swg-auth-approved">Approved For Game Access</label>
+      </th>
+      <td>
+        <input type="checkbox" name=<?php echo (get_user_meta($user->ID, 'swg-auth-approved', true) == 'on') ? '"swg-auth-display-field" checked disabled' : '"swg-auth-approved"'; ?>>
+      </td>
+    </tr>
+    <?php } ?>
+    <tr>
+      <th>
+        <label for="swg-auth-banned">Banned From Game Access</label>
+      </th>
+      <td>
+        <input type="checkbox" name="swg-auth-banned" <?php echo (get_user_meta($user->ID, 'swg-auth-banned', true) == 'on') ? 'checked' : ''; ?>>
+      </td>
+    </tr>
+  </table>
+  <?php
+}
+add_action('edit_user_profile_update', 'swg_auth_approved_update');
+function swg_auth_approved_update($user_id){
+  if(!current_user_can('edit_user', $user_id)){
+    return false;
+  }
+  return update_user_meta($user_id, 'swg-auth-approved', $_POST['swg-auth-approved']);
+}
+add_action('edit_user_profile_update', 'swg_auth_banned_update');
+function swg_auth_banned_update($user_id){
+  if(!current_user_can('edit_user', $user_id)){
+    return false;
+  }
+  return update_user_meta($user_id, 'swg-auth-banned', $_POST['swg-auth-banned']);
+}

swg-auth/admin/index.php

@@ -0,0 +1 @@
+<?php //Shh...

swg-auth/admin/swg-auth-server-config-html.php

@@ -0,0 +1,15 @@
+<div class="wrap">
+  <h1><?php echo esc_html(get_admin_page_title()); ?></h1>
+  <p>To enable authentication for your SWG server, edit these lines in your server config:</p>
+  <code>
+    [LoginServer]<br />
+    useExternalAuth=true<br />
+    externalAuthURL=<?php echo get_site_url() ?>/?action=swg-auth
+  </code>
+  <p>Additionally, you can use this plugin to enable God Mode in game. Wordpress Administrators will also be SWG Admins. To do this, be sure you have compiled the latest version of the src and add these lines to your server config:</p>
+  <code>
+    [ServerUtility]<br />
+    externalAdminLevelsEnabled=true<br />
+    externalAdminLevelsURL=<?php echo get_site_url() ?>/?action=swg-auth-admin-level
+  </code>
+</div>

swg-auth/admin/swg-auth-settings-html.php

@@ -0,0 +1,9 @@
+<?php settings_errors(); ?>
+<div class="wrap">
+  <h1><?php echo esc_html(get_admin_page_title()); ?></h1>
+  <form action="options.php" method="post">
+    <?php settings_fields( 'swg-auth-general-settings' ); ?>
+    <?php do_settings_sections( 'swg-auth-settings' ); ?>
+    <?php submit_button( 'Save Settings' ); ?>
+  </form>
+</div>

swg-auth/includes/index.php

@@ -0,0 +1 @@
+<?php //Shh...

swg-auth/includes/swg-auth-admin-level-check.php

@@ -0,0 +1,18 @@
+<?php
+
+// Check if the swg-auth-admin-level action is requested and that a user_name is provided
+if(isset($_GET['action']) && $_GET['action'] == 'swg-auth-admin-level' && isset($_POST['user_name'])){
+  // Look up the user's ID
+  $userID = get_user_by('login', $_POST['user_name']);
+  // Check if the user is a Wordpress Admin
+  if(user_can($userID, 'administrator')){
+    // If the user is a Wordpress Admin, automatically send back level 50
+    $response['message'] = "50";
+    echo json_encode($response);
+    die;
+  }
+  // Not an admin
+  $response['message'] = "0";
+  echo json_encode($response);
+  die;
+}

swg-auth/includes/swg-auth-check.php

@@ -0,0 +1,27 @@
+<?php
+
+// Check if the swg-auth action is requested and that a user_name and user_password are provided
+if(isset($_GET['action']) && $_GET['action'] == 'swg-auth' && isset($_POST['user_name']) && isset($_POST['user_password'])){
+  // Ask Wordpress to authenticate the user_name and user_password
+  $user = wp_authenticate_username_password(NULL, $_POST['user_name'], $_POST['user_password']);
+  // Check if the authentication request returned an error
+  if(is_wp_error($user)){
+    $response['message'] = "Account does not exist or password was incorrect";
+  // Wordpress Administrators are always let in
+  } elseif(user_can($user->ID, 'administrator')){
+    $response['message'] = "success";
+  // Check if the user is banned
+  } elseif(get_user_meta($user->ID, 'swg-auth-banned', true) == "on"){
+    $response['message'] = "This account has been banned";
+  // Check if approval is required and if the user is approved
+  } elseif(get_option('swg-auth-approval-required') == "on" && get_user_meta($user->ID, 'swg-auth-approved', true) != "on") {
+    $response['message'] = "This account has not yet been approved";
+  // If we're this far along, success!
+  } else {
+    $response['message'] = "success";
+  }
+  // Json encode our response so that the LoginServer knows what we're talking about
+  echo json_encode($response);
+  // Once we've responded, we don't want Wordpress to continue
+  die;
+}

swg-auth/index.php

@@ -0,0 +1 @@
+<?php //Shh...

swg-auth/swg-auth.php

@@ -3,7 +3,7 @@
   * Plugin Name: SWG Auth
   * Plugin URI: https://tekaohswg.github.io/swg-auth-wordpress.html
   * Description: Star Wars Galaxies Authentication for Wordpress
-  * Version: 0.2
+  * Version: 0.4
   * Author: Tekaoh
   * Author URI: https://tekaohswg.github.io
 */
@@ -15,49 +15,10 @@ if(!defined('ABSPATH')){
 
 // Run when Wordpress is loaded
 add_action('wp_loaded', 'swg_auth_run');
-
 function swg_auth_run(){
-  // Check if the swg-auth action is requested
-  if($_GET['action'] == 'swg-auth'){
-    // Check if a user_name and user_password are provided
-    if($_POST['user_name'] && $_POST['user_password']){
-      // Ask Wordpress to authenticate the user_name and user_password
-      $userInfo = wp_authenticate_username_password(NULL, $_POST['user_name'], $_POST['user_password']);
-      // Check if the authentication request returned an error
-      if(is_wp_error($userInfo)){
-        // If there was an error, we'll let the client know.
-        $response['message'] = "Account does not exist or password was incorrect";
-      } else {
-        // If there's no error, Success!
-        $response['message'] = "success";
-      }
-      // Json encode our response so that the LoginServer knows what we're talking about
-      echo json_encode($response);
-      // Once we've responded, we don't want Wordpress to continue
-      die;
-    }
-    // If we're here, the swg-auth action was requested but no user_name and user_password were provided. That's weird... Don't return anything
-    die;
-  }
-  // Check if the swg-auth-admin-level action is requested
-  if($_GET['action'] == 'swg-auth-admin-level'){
-    // Check if a user_name is provided
-    if($_POST['user_name']){
-      // Look up the user
-      $userID = get_user_by('login', $_POST['user_name']);
-      // Check if the user is a Wordpress Admin
-      if(user_can($userID, 'administrator')){
-        // Send back level 50
-        $response['message'] = "50";
-        echo json_encode($response);
-        die;
-      }
-      // Not an admin
-      $response['message'] = "0";
-      echo json_encode($response);
-      die;
-    }
-  // If we're here, the swg-auth-admin-level action was requested by no user_name was provided. Don't return anything.
-  die;
-  }
+  include(plugin_dir_path(__FILE__) . 'includes/swg-auth-check.php');
+  include(plugin_dir_path(__FILE__) . 'includes/swg-auth-admin-level-check.php');
 }
+
+// Run the admin panel stuff
+include(plugin_dir_path(__FILE__) . 'admin/admin.php');

swg-auth/uninstall.php

@@ -0,0 +1,19 @@
+<?php
+
+// Don't run this if you're not actually unstalling
+if (!defined('WP_UNINSTALL_PLUGIN')) {
+    die;
+}
+
+// Delete installation settings
+delete_option('swg-auth-approval-required');
+
+// Delete user settings
+swg_auth_delete_user_meta();
+function swg_auth_delete_user_meta(){
+  $users = get_users();
+  foreach ($users as $user){
+    delete_user_meta($user->ID, 'swg-auth-approved');
+    delete_user_meta($user->ID, 'swg-auth-banned');
+  }
+}

trunk/readme.txt

@@ -1,10 +1,9 @@
 === SWG Auth ===
 Contributors: tekaoh
-Donate link: https://tekaohswg.github.io/donate.html
 Tags: admin, integration
 Requires at least: 2.8
 Tested up to: 5.4
-Stable tag: 0.2
+Stable tag: 0.4
 Requires PHP: 4.3
 License: The Unlicense
 License URI: https://unlicense.org
@@ -13,7 +12,7 @@ Star Wars Galaxies Authentication for Wordpress
 
 == Description ==
 
-If you're running a Star Wars Galaxies server, now you can use Wordpress to allow users to sign up and change their passwords.
+If you're running a Star Wars Galaxies server, now you can use Wordpress to manage your users.
 
 == Installation ==
 
@@ -22,23 +21,33 @@ If you're running a Star Wars Galaxies server, now you can use Wordpress to allo
 3. Point your SWG server's externalAuthURL config flag to `http://url.to.wordpress/?action=swg-auth`.
 4. Done!
 
-== Frequently Asked Questions ==
-
-= How do I run a Star Wars Galaxies server? =
-
-Check out https://swg-source.github.io/ and join that community on discord. If you'd rather build your own VM than download one, you could check out https://tekaohswg.github.io/new.html but be aware that this isn't for the faint of heart.
-
-== Screenshots ==
-
-1. Once this plugin is installed, your SWG Server will authenticate users with Wordpress.
-
 == Changelog ==
 
+= 0.4 =
+* Optionally, you can require that new account have to be specifically approved for game access
+* You can now ban an account from the game from the Wordpress Admin Panel
+
+= 0.3 =
+* Added an admin menu that provides you with the server cfg you need
+* Bug fixes
+
+= 0.2 =
+* Wordpress can now take requests for admin level checks
+
 = 0.1 =
-* Initial version
 * Authentication is functional
 
 == Upgrade Notice ==
 
+= 0.4 =
+* New features
+* Security enhancements
+
+= 0.3 =
+* Bug fixes
+
+= 0.2 =
+* New features
+
 = 0.1 =
 * Initial version