function Add_Edit_User()
{
global $wpdb, $feup_success, $ewd_feup_fields_table_name, $ewd_feup_user_fields_table_name, $ewd_feup_user_table_name;
$Salt = get_option("EWD_FEUP_Hash_Salt");
$Sign_Up_Email = get_option("EWD_FEUP_Sign_Up_Email");
$Default_User_Level = get_option("EWD_Default_User_Level");
$Use_Crypt = get_option("EWD_FEUP_Use_Crypt");
$Use_Captcha = get_option("EWD_FEUP_Use_Captcha");
$Email_Confirmation = get_option("EWD_FEUP_Email_Confirmation");
$Admin_Approval = get_option("EWD_FEUP_Admin_Approval");
$Email_On_Admin_Approval = get_option("EWD_FEUP_Email_On_Admin_Approval");
$Admin_Email_On_Registration = get_option("EWD_FEUP_Admin_Email_On_Registration");
$Sql = "SELECT * FROM {$ewd_feup_fields_table_name} ";
$Fields = $wpdb->get_results($Sql);
$date = date("Y-m-d H:i:s");
$UserCookie = CheckLoginCookie();
if (!isset($_POST['Admin_Approved'])) {
$_POST['Admin_Approved'] = null;
}
if (!isset($_POST['action'])) {
$_POST['action'] = null;
}
if (!isset($_POST['ewd-feup-action'])) {
$_POST['ewd-feup-action'] = null;
}
if ($_POST['ewd-feup-action'] == "register" and $Use_Captcha == "Yes") {
$Validate_Captcha = EWD_FEUP_Validate_Captcha();
} else {
$Validate_Captcha = "Yes";
}
$User = $wpdb->get_row($wpdb->prepare("SELECT User_ID FROM {$ewd_feup_user_table_name} WHERE Username='******'", $UserCookie['Username']));
if (is_object($User)) {
$User_ID = $User->User_ID;
}
if (is_admin()) {
$User_ID = $_POST['User_ID'];
}
if (isset($User_ID)) {
$User = $wpdb->get_row($wpdb->prepare("SELECT User_Admin_Approved FROM {$ewd_feup_user_table_name} WHERE User_ID='%d'", $User_ID));
$User_Current_Admin_Approved = $User->User_Admin_Approved;
} else {
$User_Current_Admin_Approved = "No";
}
if (isset($_POST['Omit_Fields'])) {
$Omitted_Fields = explode(",", $_POST['Omit_Fields']);
} else {
$Omitted_Fields = array();
}
if (isset($_POST['Username'])) {
$User_Fields['Username'] = $_POST['Username'];
}
// check if the password is empty - so we won't try to update it if it is empty
if (empty($_POST['User_Password'])) {
unset($_POST['User_Password']);
}
if ($Use_Crypt == "Yes") {
if (isset($_POST['User_Password'])) {
$User_Fields['User_Password'] = Generate_Password($_POST['User_Password']);
}
} else {
if (isset($_POST['User_Password'])) {
$User_Fields['User_Password'] = sha1(md5($_POST['User_Password'] . $Salt));
}
}
if (isset($_POST['Level_ID'])) {
$User_Fields['Level_ID'] = $_POST['Level_ID'];
} elseif ($_POST['ewd-feup-omit-level'] != "Yes") {
$User_Fields['Level_ID'] = $Default_User_Level;
}
if ($_POST['Admin_Approved'] == "Yes") {
$User_Fields['User_Admin_Approved'] = "Yes";
}
if ($_POST['Admin_Approved'] == "No") {
$User_Fields['User_Admin_Approved'] = "No";
}
if ($_POST['User_Password'] != $_POST['Confirm_User_Password']) {
$user_update = array("Message_Type" => "Error", "Message" => __("The passwords you entered did not match.", "EWD_FEUP"));
return $user_update;
}
if ($_POST['action'] == "Add_User" or $_POST['ewd-feup-action'] == "register") {
if (empty($_POST['User_Password'])) {
$user_update = array("Message_Type" => "Error", "Message" => __("The password cannot be empty.", "EWD_FEUP"));
return $user_update;
}
$wpdb->get_results($wpdb->prepare("SELECT User_ID FROM {$ewd_feup_user_table_name} WHERE Username='******'", $_POST['Username']));
if ($wpdb->num_rows > 0) {
$user_update = array("Message_Type" => "Error", "Message" => __("There is already a user with that Username, please select a different one.", "EWD_FEUP"));
return $user_update;
}
if (strlen($_POST['Username']) < 3) {
$user_update = array("Message_Type" => "Error", "Message" => __("Username must be at least 3 characters.", "EWD_FEUP"));
return $user_update;
}
}
if ($_POST['ewd-feup-action'] != "edit-account") {
if (!isset($Additional_Fields_Array)) {
$Additional_Fields_Array = array();
}
foreach ($Fields as $Field) {
if (!in_array($Field->Field_Name, $Omitted_Fields)) {
if ($Field->Field_Options != "") {
$Field_Allowed_Values = explode(",", $Field->Field_Options);
}
if (!is_array($Field_Allowed_Values) or in_array($_POST[$Field_Name], $Field_Allowed_Values)) {
$Additional_Fields_Array[$Field->Field_Name]['Field_ID'] = $Field->Field_ID;
$Additional_Fields_Array[$Field->Field_Name]['Field_Name'] = $Field->Field_Name;
$Field_Name = str_replace(" ", "_", $Field->Field_Name);
if ($Field->Field_Type == "file") {
$File_Upload_Return = Handle_File_Upload($Field_Name);
if ($File_Upload_Return['Success'] == "No") {
return $File_Upload_Return['Data'];
} elseif ($File_Upload_Return['Success'] == "N/A") {
unset($Additional_Fields_Array[$Field->Field_Name]);
} else {
$Additional_Fields_Array[$Field->Field_Name]['Field_Value'] = $File_Upload_Return['Data'];
}
} elseif (is_array($_POST[$Field_Name])) {
$Additional_Fields_Array[$Field->Field_Name]['Field_Value'] = stripslashes_deep(implode(",", $_POST[$Field_Name]));
} else {
$Additional_Fields_Array[$Field->Field_Name]['Field_Value'] = stripslashes_deep($_POST[$Field_Name]);
}
}
}
}
}
if (!isset($error) and $Validate_Captcha == "Yes") {
/* Pass the data to the appropriate function in Update_Admin_Databases.php to create the user */
if ($_POST['action'] == "Add_User" or $_POST['ewd-feup-action'] == "register") {
if (is_object($User)) {
$user_update = __("There is already an account with that Username. Please select a different one.", "EWD_FEUP");
return $user_update;
}
if (!isset($User_Fields['User_Admin_Approved'])) {
$User_Fields['User_Admin_Approved'] = "No";
}
if (!isset($User_Fields['User_Email_Confirmed'])) {
$User_Fields['User_Email_Confirmed'] = "No";
}
$User_Fields['User_Date_Created'] = $date;
$User_Fields['User_Last_Login'] = $date;
$user_update = Add_EWD_FEUP_User($User_Fields);
$User_ID = $wpdb->insert_id;
if (!isset($Additional_Fields_Array)) {
$Additional_Fields_Array = array();
}
foreach ($Additional_Fields_Array as $Field) {
$user_update = Add_EWD_FEUP_User_Field($Field['Field_ID'], $User_ID, $Field['Field_Name'], $Field['Field_Value'], $date);
}
if ($_POST['ewd-feup-action'] == "register") {
$user_update = __("Your account has been succesfully created.", "EWD_FEUP");
if ($Sign_Up_Email == "Yes") {
EWD_FEUP_Send_Email($User_Fields, $Additional_Fields_Array, $User_ID);
}
if ($Admin_Email_On_Registration == "Yes") {
EWD_FEUP_Send_Admin_Registration_Email($User_Fields, $Additional_Fields_Array, $User_ID);
}
if ($Email_Confirmation != "Yes" and $Admin_Approval != "Yes") {
Confirm_Login();
//CreateLoginCookie($_POST['Username'], $_POST['User_Password']);
$feup_success = true;
}
}
} else {
if (isset($User_Fields)) {
$user_update = Edit_EWD_FEUP_User($User_ID, $User_Fields);
}
if (!isset($Additional_Fields_Array)) {
$Additional_Fields_Array = array();
}
if (is_array($Additional_Fields_Array)) {
foreach ($Additional_Fields_Array as $Field) {
$CurrentField = $wpdb->get_row($wpdb->prepare("SELECT User_Field_ID FROM {$ewd_feup_user_fields_table_name} WHERE Field_ID='%d' AND User_ID='%d'", $Field['Field_ID'], $User_ID));
if ($CurrentField->User_Field_ID != "") {
$user_update = Edit_EWD_FEUP_User_Field($Field['Field_ID'], $User_ID, $Field['Field_Name'], $Field['Field_Value']);
} else {
$user_update = Add_EWD_FEUP_User_Field($Field['Field_ID'], $User_ID, $Field['Field_Name'], $Field['Field_Value'], $date);
}
}
}
if ($_POST['ewd-feup-action'] == "edit-account") {
CreateLoginCookie($_POST['Username'], $_POST['User_Password']);
}
}
// If the user receives admin approval for the first time and the option is selected, send them an e-mail
//Need to check earlier, as it already gets set before this
if ($User_Current_Admin_Approved == "No" and $User_Fields['User_Admin_Approved'] == "Yes" and $Email_On_Admin_Approval == "Yes") {
EWD_FEUP_Send_Admin_Approval_Email($User_Fields, $Additional_Fields_Array, $User_ID);
}
$user_update = array("Message_Type" => "Update", "Message" => $user_update);
$feup_success = true;
return $user_update;
} else {
if ($Validate_Captcha != "Yes") {
$error = "The Captcha text did not match the image";
}
$output_error = array("Message_Type" => "Error", "Message" => $error);
return $output_error;
}
}
function Forgot_Password()
{
global $wpdb, $feup_success;
global $ewd_feup_user_table_name, $ewd_feup_fields_table_name, $ewd_feup_user_fields_table_name;
$Salt = get_option("EWD_FEUP_Hash_Salt");
$Admin_Approval = get_option("EWD_FEUP_Admin_Approval");
$Admin_Email = get_option("EWD_FEUP_Admin_Email");
$Email_Confirmation = get_option("EWD_FEUP_Email_Confirmation");
$Username_Is_Email = get_option("EWD_FEUP_Username_Is_Email");
$Use_Captcha = get_option("EWD_FEUP_Use_Captcha");
$Email_Field = get_option("EWD_FEUP_Email_Field");
$Email_Field = str_replace(" ", "_", $Email_Field);
//$User = $wpdb->get_row($wpdb->prepare("SELECT * FROM $ewd_feup_user_table_name WHERE Username ='******'", $_POST['Email']));
if ($Username_Is_Email == "Yes") {
$User = $wpdb->get_row($wpdb->prepare("SELECT * FROM {$ewd_feup_user_table_name} WHERE Username = '******'", $_POST['Email']));
$User_Email = $User->Username;
} else {
$User_Fields = $wpdb->get_row($wpdb->prepare("SELECT * FROM {$ewd_feup_user_fields_table_name} WHERE Field_Value = '%s' AND Field_Name = '%s' ", $_POST['Email'], $Email_Field));
$User = $wpdb->get_row($wpdb->prepare("SELECT * FROM {$ewd_feup_user_table_name} WHERE User_ID = '%d'", $User_Fields->User_ID));
$User_Email = $User_Fields->Field_Value;
}
if ($Use_Captcha == "Yes") {
$Validate_Captcha = EWD_FEUP_Validate_Captcha();
} else {
$Validate_Captcha = "Yes";
}
if (!empty($User) and $Validate_Captcha == "Yes") {
//update users password
//$password = wp_generate_password();
//$hashedPassword = sha1( md5( $password.$Salt ) );
// generate pw reset code
$letters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$resetcode = '';
$length = 15;
for ($i = 0; $i < $length; $i++) {
$resetcode .= $letters[rand(0, strlen($letters) - 1)];
}
$wpdb->update($ewd_feup_user_table_name, array('User_Password_Reset_Code' => $resetcode, 'User_Password_Reset_Date' => date('Y-m-d H:i:s', time())), array('User_ID' => $User->User_ID), array('%s'));
//send email to user with account credentials
$subject = __("Password reset requested from ", 'EWD_FEUP') . get_bloginfo('name');
$headers = 'From: ' . $Admin_Email . "\r\n" . 'Reply-To: ' . $Admin_Email . "\r\n" . 'X-Mailer: PHP/' . phpversion();
$message = __("Greetings from ", 'EWD_FEUP') . get_bloginfo('name') . "\n\n";
$message .= __("Somebody requested a password reset for you. If this wasn't you, you can ignore this mail.", 'EWD_FEUP') . "\n\n";
$message .= __("If you want to reset the password, please visit ", 'EWD_FEUP') . site_url() . "/" . $_POST['ewd-feup-reset-email-url'] . "?add=" . urlencode($User_Email) . "&rc=" . $resetcode . "\n";
$message .= __("If the link above doesn't work, go to ", 'EWD_FEUP') . site_url() . "/" . $_POST['ewd-feup-reset-email-url'] . __(" and enter your email address and the following code:", 'EWD_FEUP') . "\n";
$message .= $resetcode;
//$feup_success = true;
//return($User_Email."\n". $subject."\n". $message."\n". $headers);
wp_mail($User_Email, $subject, $message, $headers);
$feup_success = true;
//return success message
return __("For completing the password reset procedure, please follow the instructions in your email.", 'EWD_FEUP');
} else {
//return success message even though operation failed - we don't want 'them' to know which
// email addresses are used
return __("For completing the password reset procedure, please follow the instructions in your email.", 'EWD_FEUP');
}
}
