M_Viper/Authentik-Login
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5d6c2d73be75c2f40ffff8113e638b76fd991832
Authentik-Login/includes/login.php
Git Manager GUI 5d6c2d73be Upload folder via GUI - includes
2026-06-05 22:23:21 +02:00

109 lines
3.6 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?php
if ( ! defined( 'ABSPATH' ) ) exit;
// Login-Button auf der WP-Login-Seite
add_action( 'login_form', 'authentik_login_button' );
function authentik_login_button() {
$s = authentik_get_settings();
if ( empty( $s['client_id'] ) || ! authentik_get_authorize_url() ) return;
$url = authentik_build_login_url();
?>
<div style="text-align:center; margin-bottom: 16px;">
<a href="<?php echo esc_url( $url ); ?>"
style="display:inline-block; background:#fd4b2d; color:#fff; padding:10px 20px;
border-radius:4px; text-decoration:none; font-weight:bold; width:100%; box-sizing:border-box; text-align:center;">
🔐 Login mit Authentik
</a>
</div>
<div style="text-align:center; margin-bottom:12px; color:#999; font-size:12px;"> oder mit Benutzername/Passwort </div>
<?php
}
// Callback-Handler
add_action( 'wp_ajax_nopriv_authentik_callback', 'authentik_handle_callback' );
add_action( 'wp_ajax_authentik_callback', 'authentik_handle_callback' );
function authentik_handle_callback() {
$code = $_GET['code'] ?? '';
$state = $_GET['state'] ?? '';
$error = $_GET['error'] ?? '';
if ( $error ) {
authentik_login_error( 'Authentik-Fehler: ' . esc_html( $error ) );
}
// State validieren
if ( ! $state || ! get_transient( 'authentik_state_' . $state ) ) {
authentik_login_error( 'Ungültiger State-Parameter.' );
}
delete_transient( 'authentik_state_' . $state );
if ( ! $code ) {
authentik_login_error( 'Kein Autorisierungscode erhalten.' );
}
// Token holen
$tokens = authentik_exchange_code( $code );
if ( is_wp_error( $tokens ) ) {
authentik_login_error( $tokens->get_error_message() );
}
// Userinfo holen
$userinfo = authentik_get_userinfo( $tokens['access_token'] );
if ( is_wp_error( $userinfo ) || empty( $userinfo ) ) {
authentik_login_error( 'Benutzerinformationen konnten nicht abgerufen werden.' );
}
// User finden oder erstellen
$user = authentik_find_or_create_user( $userinfo );
if ( is_wp_error( $user ) ) {
authentik_login_error( $user->get_error_message() );
}
// Einloggen
wp_set_auth_cookie( $user->ID, true );
wp_set_current_user( $user->ID );
do_action( 'wp_login', $user->user_login, $user );
// Weiterleitung
$redirect = admin_url();
if ( ! user_can( $user->ID, 'manage_options' ) ) {
$redirect = home_url();
}
wp_redirect( $redirect );
exit;
}
function authentik_login_error( $message ) {
wp_redirect( wp_login_url() . '?authentik_error=' . urlencode( $message ) );
exit;
}
// Fehlermeldung anzeigen
add_filter( 'login_message', 'authentik_show_login_message' );
function authentik_show_login_message( $message ) {
if ( ! empty( $_GET['authentik_error'] ) ) {
$message .= '<div id="login_error">' . esc_html( urldecode( $_GET['authentik_error'] ) ) . '</div>';
}
return $message;
}
// Frontend: Verknüpfungs-Button für eingeloggte User (Shortcode)
add_shortcode( 'authentik_link_account', 'authentik_link_account_shortcode' );
function authentik_link_account_shortcode() {
if ( ! is_user_logged_in() ) return '';
$user = wp_get_current_user();
$subject = get_user_meta( $user->ID, 'authentik_subject', true );
ob_start();
if ( $subject ) {
echo '<p>✓ Dein Konto ist mit Authentik verknüpft.</p>';
} else {
$url = authentik_build_login_url();
echo '<a href="' . esc_url( $url ) . '" class="button">Konto mit Authentik verknüpfen</a>';
}
return ob_get_clean();
}
Reference in New Issue View Git Blame Copy Permalink