public static function process()
{
theme_features::check_nonce();
theme_features::check_referer();
$output = [];
$type = isset($_REQUEST['type']) && is_string($_REQUEST['type']) ? $_REQUEST['type'] : null;
$user = isset($_POST['user']) && is_array($_POST['user']) ? $_POST['user'] : false;
$email = isset($user['email']) && is_email($user['email']) ? $user['email'] : null;
$pwd = isset($user['pwd']) && is_string($user['pwd']) ? $user['pwd'] : null;
switch ($type) {
/**
* login
*/
case 'login':
$output = self::user_login(array('email' => $email, 'pwd' => $pwd, 'remember' => isset($user['remember']) ? true : false));
if ($output['status'] === 'success') {
$output['msg'] = self::get_options('lang-login-success');
} else {
die(theme_features::json_format($output));
}
break;
/**
* register
*/
/**
* register
*/
case 'register':
/**
* check can register
*/
if (!theme_cache::get_option('users_can_register')) {
die(theme_features::json_format(['status' => 'error', 'code' => 'users_can_not_register', 'msg' => ___('Sorry, it is not the time, the site is temporarily closed registration.')]));
}
/**
* nickname
*/
$user['nickname'] = isset($user['nickname']) && is_string($user['nickname']) ? filter_blank($user['nickname']) : false;
if (mb_strlen($user['nickname']) < self::$min_display_name_length) {
$output['status'] = 'error';
$output['code'] = 'invalid_nickname';
$output['msg'] = sprintf(___('Sorry, you nick name is invalid, at least %d characters in length, please try again.'), self::$min_display_name_length);
die(theme_features::json_format($output));
}
/**
* pwd
*/
if (mb_strlen($pwd) < self::$min_pwd_length) {
$output['status'] = 'error';
$output['code'] = 'invalid_pwd';
$output['msg'] = sprintf(___('Sorry, you password is invalid, at least %d characters in length, please try again.'), self::$min_pwd_length);
die(theme_features::json_format($output));
}
/**
* email
*/
if (!$email) {
$output['status'] = 'error';
$output['code'] = 'invalid_email';
$output['msg'] = ___('Sorry, your email address is invalid, please check it and try again.');
die(theme_features::json_format($output));
}
/**
* check display_name repeat
*/
$exists_users = array_filter(get_users(['meta_key' => 'display_name', 'meta_value' => $user['nickname']]));
if (count($exists_users) >= 1) {
$output['status'] = 'error';
$output['code'] = 'duplicate_display_name';
$output['msg'] = ___('Sorry, the nickname has been used, please change another one.');
die(theme_features::json_format($output));
}
/******************
* PASS
*****************/
$output = self::user_register(array('email' => $email, 'pwd' => $pwd, 'nickname' => $user['nickname'], 'remember' => true));
if ($output['status'] === 'success') {
// $output['redirect'] =
$output['msg'] = ___('Register successfully, page is refreshing, please wait...');
}
break;
/**
* lost-password
*/
/**
* lost-password
*/
case 'recover':
if (!$email) {
$output['status'] = 'error';
$output['code'] = 'invalid_email';
$output['msg'] = ___('Sorry, your email address is invalid, please check it and try again.');
die(theme_features::json_format($output));
}
/**
* check the email is exist
*/
$user_id = email_exists($email);
if (!$user_id) {
$output['status'] = 'error';
$output['code'] = 'email_not_exist';
$output['msg'] = ___('Sorry, the email does not exist.');
die(theme_features::json_format($output));
}
/**
* create and encode code
*/
$user = get_userdata($user_id);
$encode_arr = array('user_id' => $user_id, 'user_email' => $user->user_email);
$encode_str = json_encode($encode_arr);
$encode = base64_encode(authcode($encode_str, 'encode', AUTH_KEY, 7200));
$callback_url = esc_url(add_query_arg(['token' => $encode], self::get_tabs('reset')['url']));
$content = '
<h3>' . sprintf(___('Dear %s!'), esc_html($user->display_name)) . '</h3>
<p>
' . sprintf(___('You are receiving this email because you forgot your password. We already made an address for your account, you can access this address ( %s ) to log-in and change your password in 3 hours.'), '<a href="' . $callback_url . '" target="_blank">' . $callback_url . '</a>') . '
</p>
<p>' . sprintf(___('-- From %s'), '<a href="' . theme_cache::home_url() . '" target="_blank">' . theme_cache::get_bloginfo('name') . '</a>') . '</p>
';
$title = ___('You are applying to reset your password.');
$headers = ['Content-Type: text/html; charset=UTF-8'];
$wp_mail = wp_mail($user->user_email, $title, $content, $headers);
/**
* check wp_mail is success or not
*/
if ($wp_mail === true) {
update_user_meta($user_id, '_tmp_lost_pwd', 1);
$output['status'] = 'success';
$output['msg'] = ___('Success, we sent an email that includes how to retrieve your password, please check it out in 3 hours.');
} else {
$output['status'] = 'error';
$output['code'] = 'server_error';
$output['detial'] = $wp_mail['msg'];
$output['msg'] = ___('Error, server can not send email, please contact the administrator.');
}
break;
/**
* reset
*/
/**
* reset
*/
case 'reset':
if (!$user) {
$output['status'] = 'error';
$output['code'] = 'invalid_param';
$output['msg'] = ___('Sorry, the param is invalid.');
die(theme_features::json_format($output));
}
$token = isset($user['token']) && is_string($user['token']) ? $user['token'] : false;
if (!$token) {
$output['status'] = 'error';
$output['code'] = 'invaild_token';
$output['msg'] = ___('Sorry, the token is invaild.');
die(theme_features::json_format($output));
}
/** pwd again */
$pwd_again = isset($user['pwd-again']) && is_string($user['pwd-again']) ? $user['pwd-again'] : null;
if (empty($pwd) || $pwd !== $pwd_again) {
$output['status'] = 'error';
$output['code'] = 'invalid_twice_pwd';
$output['msg'] = ___('Sorry, twice password is invaild, please try again.');
die(theme_features::json_format($output));
}
/** decode token */
$token_decode = self::get_decode_token($token);
if (!$token_decode) {
$output['status'] = 'error';
$output['code'] = 'expired_token';
$output['msg'] = ___('Sorry, the token is expired.');
die(theme_features::json_format($output));
}
$token_user_id = isset($token_decode['user_id']) && is_numeric($token_decode['user_id']) ? $token_decode['user_id'] : null;
$token_user_email = isset($token_decode['user_email']) && is_email($token_decode['user_email']) ? $token_decode['user_email'] : null;
/** check token email is match post email */
if (!$token_user_email) {
$output['status'] = 'error';
$output['code'] = 'token_email_not_match';
$output['msg'] = ___('Sorry, the token email and you account email do not match.');
die(theme_features::json_format($output));
}
/** check post email exists */
$user_id = (int) email_exists($token_user_email);
if ($user_id != $token_decode['user_id']) {
$output['status'] = 'error';
$output['code'] = 'email_not_exist';
$output['msg'] = ___('Sorry, your account email is not exist.');
die(theme_features::json_format($output));
}
/** check user already apply to recover password */
if (!get_user_meta($user_id, '_tmp_recover_pwd', true)) {
$output['status'] = 'error';
$output['code'] = 'not_apply_recover';
$output['msg'] = ___('Sorry, the user do not apply recover yet.');
}
/** all ok, just set new password */
delete_user_meta($user_id, '_tmp_recover_pwd');
wp_set_password($pwd, $user_id);
wp_set_current_user($user_id);
wp_set_auth_cookie($user_id, true);
$output['status'] = 'success';
$output['redirect'] = theme_cache::home_url();
$output['msg'] = ___('Congratulation, your account has been recovered! Password has been updated. Redirecting home page, please wait...');
break;
default:
$output['status'] = 'error';
$output['code'] = 'invalid_type';
$output['msg'] = ___('Invalid type.');
}
die(theme_features::json_format($output));
}
public static function filter_display_name($name)
{
$name = filter_blank($name);
if (empty($name)) {
$name = ___('Monster') . '-' . mt_rand(100, 999);
}
return $name;
}
