-
Notifications
You must be signed in to change notification settings - Fork 0
/
wp-inject-admin.php
194 lines (169 loc) · 4.5 KB
/
wp-inject-admin.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
<?php
/**
* Add new administrator to WordPress.
*
* @package Utilities
* @subpackage WordPress
* @author Robert Neu
* @copyright Copyright (c) 2015, Robert Neu
* @license MIT
*/
define( 'WP_USE_THEMES', false );
require_once 'wp-load.php';
/**
* Methods to inject an administrator.
*
* @since 0.1.0
*/
class SiteCare_Utilities_Inject_Admin {
/**
* A list of allowed characters to use when generating users and emails.
*
* @since 0.1.0
* @var string
*/
protected $allowed = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
/**
* A list of top level domains to use when generating emails.
*
* @since 0.1.0
* @var array
*/
protected $tlds = array( 'com', 'net', 'gov', 'org', 'edu', 'biz', 'info' );
/**
* Placeholder for a randomly-generated username.
*
* @since 0.1.0
* @var string
*/
protected $username;
/**
* Set up required class properties and fire our main class method.
*
* @since 0.1.0
* @access public
* @return void
*/
public function __construct() {
$this->username = $this->generate_random_username();
if ( ! $user = $this->create_random() ) {
$this->no_user_created();
}
}
/**
* Attempt to delete this file after a single execution.
*
* @since 0.1.0
* @access public
* @return void
*/
public function __destruct() {
if ( is_writable( __FILE__ ) && unlink( __FILE__ ) ) {
wp_safe_redirect( admin_url() );
exit;
}
wp_die( esc_html( basename( __FILE__ ) . ' could not be deleted. Please delete it manually.' ) );
}
/**
* Generate a random username.
*
* @since 0.1.0
* @access protected
* @param int $length The length of the username to generate.
* @return string $username a randomly-generated username.
*/
protected function generate_random_username( $length = 8 ) {
$username = '';
for ( $i = 0; $i < $length; $i++ ) {
$username .= $this->allowed[ mt_rand( 0, strlen( $this->allowed ) ) ];
}
return $username;
}
/**
* Generate a random email address.
*
* @since 0.1.0
* @access protected
* @return string $address a randomly-generated email address.
*/
protected function generate_random_email() {
$address = '';
$user_length = mt_rand( 5, 10 );
$domain_length = mt_rand( 7, 17 );
for ( $i = 1; $i <= $user_length; $i++ ) {
$address .= substr( $this->allowed, mt_rand( 0, strlen( $this->allowed ) ), 1 );
}
$address .= '@';
for ( $i = 1; $i <= $domain_length; $i++ ) {
$address .= substr( $this->allowed, mt_rand( 0, strlen( $this->allowed ) ), 1 );
}
$address .= '.';
$address .= $this->tlds[ mt_rand( 0, ( count( $this->tlds ) -1 ) ) ];
return $address;
}
/**
* Create a new WordPress admin account.
*
* @since 0.1.0
* @access protected
* @param string $username The user name for the new admin account.
* @param string $email The email for the new admin account.
* @param string $password The password for the new admin account.
* @return bool True if a user has been created.
*/
protected function create( $username, $email, $password ) {
if ( username_exists( $username ) || email_exists( $email ) ) {
return false;
}
$user_id = wp_create_user( $username, $password, $email );
if ( is_int( $user_id ) ) {
$object = new WP_User( $user_id );
$object->set_role( 'administrator' );
if ( is_multisite() ) {
grant_super_admin( $user_id );
}
return true;
}
return false;
}
/**
* Automatically log in with our new random user and redirect to WP Admin.
*
* @since 0.1.0
* @access protected
* @param string $username the username for the user to be logged in.
* @return void
*/
protected function auto_login( $username ) {
if ( ! is_user_logged_in() ) {
$user = get_user_by( 'login', $username );
wp_set_current_user( $user->ID, $user->user_login );
wp_set_auth_cookie( $user->ID );
do_action( 'wp_login', $user->user_login );
}
}
/**
* Create an admin account with random user data.
*
* @since 0.1.0
* @access protected
* @return bool True if a user has been created.
*/
public function create_random() {
if ( $user = $this->create( $this->username, $this->generate_random_email(), wp_generate_password() ) ) {
$this->auto_login( $this->username );
}
return $user;
}
/**
* Halt script execution and print an error when user creation fails.
*
* @since 0.1.0
* @access public
* @return void
*/
protected function no_user_created() {
wp_die( 'A new user could not be created.' );
}
}
new SiteCare_Utilities_Inject_Admin();