public static function process() { theme_features::check_nonce(); theme_features::check_referer(); $output = []; $type = isset($_REQUEST['type']) && is_string($_REQUEST['type']) ? $_REQUEST['type'] : null; $user = isset($_POST['user']) && is_array($_POST['user']) ? $_POST['user'] : false; $email = isset($user['email']) && is_email($user['email']) ? $user['email'] : null; $pwd = isset($user['pwd']) && is_string($user['pwd']) ? $user['pwd'] : null; switch ($type) { /** * login */ case 'login': $output = self::user_login(array('email' => $email, 'pwd' => $pwd, 'remember' => isset($user['remember']) ? true : false)); if ($output['status'] === 'success') { $output['msg'] = self::get_options('lang-login-success'); } else { die(theme_features::json_format($output)); } break; /** * register */ /** * register */ case 'register': /** * check can register */ if (!theme_cache::get_option('users_can_register')) { die(theme_features::json_format(['status' => 'error', 'code' => 'users_can_not_register', 'msg' => ___('Sorry, it is not the time, the site is temporarily closed registration.')])); } /** * nickname */ $user['nickname'] = isset($user['nickname']) && is_string($user['nickname']) ? filter_blank($user['nickname']) : false; if (mb_strlen($user['nickname']) < self::$min_display_name_length) { $output['status'] = 'error'; $output['code'] = 'invalid_nickname'; $output['msg'] = sprintf(___('Sorry, you nick name is invalid, at least %d characters in length, please try again.'), self::$min_display_name_length); die(theme_features::json_format($output)); } /** * pwd */ if (mb_strlen($pwd) < self::$min_pwd_length) { $output['status'] = 'error'; $output['code'] = 'invalid_pwd'; $output['msg'] = sprintf(___('Sorry, you password is invalid, at least %d characters in length, please try again.'), self::$min_pwd_length); die(theme_features::json_format($output)); } /** * email */ if (!$email) { $output['status'] = 'error'; $output['code'] = 'invalid_email'; $output['msg'] = ___('Sorry, your email address is invalid, please check it and try again.'); die(theme_features::json_format($output)); } /** * check display_name repeat */ $exists_users = array_filter(get_users(['meta_key' => 'display_name', 'meta_value' => $user['nickname']])); if (count($exists_users) >= 1) { $output['status'] = 'error'; $output['code'] = 'duplicate_display_name'; $output['msg'] = ___('Sorry, the nickname has been used, please change another one.'); die(theme_features::json_format($output)); } /****************** * PASS *****************/ $output = self::user_register(array('email' => $email, 'pwd' => $pwd, 'nickname' => $user['nickname'], 'remember' => true)); if ($output['status'] === 'success') { // $output['redirect'] = $output['msg'] = ___('Register successfully, page is refreshing, please wait...'); } break; /** * lost-password */ /** * lost-password */ case 'recover': if (!$email) { $output['status'] = 'error'; $output['code'] = 'invalid_email'; $output['msg'] = ___('Sorry, your email address is invalid, please check it and try again.'); die(theme_features::json_format($output)); } /** * check the email is exist */ $user_id = email_exists($email); if (!$user_id) { $output['status'] = 'error'; $output['code'] = 'email_not_exist'; $output['msg'] = ___('Sorry, the email does not exist.'); die(theme_features::json_format($output)); } /** * create and encode code */ $user = get_userdata($user_id); $encode_arr = array('user_id' => $user_id, 'user_email' => $user->user_email); $encode_str = json_encode($encode_arr); $encode = base64_encode(authcode($encode_str, 'encode', AUTH_KEY, 7200)); $callback_url = esc_url(add_query_arg(['token' => $encode], self::get_tabs('reset')['url'])); $content = ' <h3>' . sprintf(___('Dear %s!'), esc_html($user->display_name)) . '</h3> <p> ' . sprintf(___('You are receiving this email because you forgot your password. We already made an address for your account, you can access this address ( %s ) to log-in and change your password in 3 hours.'), '<a href="' . $callback_url . '" target="_blank">' . $callback_url . '</a>') . ' </p> <p>' . sprintf(___('-- From %s'), '<a href="' . theme_cache::home_url() . '" target="_blank">' . theme_cache::get_bloginfo('name') . '</a>') . '</p> '; $title = ___('You are applying to reset your password.'); $headers = ['Content-Type: text/html; charset=UTF-8']; $wp_mail = wp_mail($user->user_email, $title, $content, $headers); /** * check wp_mail is success or not */ if ($wp_mail === true) { update_user_meta($user_id, '_tmp_lost_pwd', 1); $output['status'] = 'success'; $output['msg'] = ___('Success, we sent an email that includes how to retrieve your password, please check it out in 3 hours.'); } else { $output['status'] = 'error'; $output['code'] = 'server_error'; $output['detial'] = $wp_mail['msg']; $output['msg'] = ___('Error, server can not send email, please contact the administrator.'); } break; /** * reset */ /** * reset */ case 'reset': if (!$user) { $output['status'] = 'error'; $output['code'] = 'invalid_param'; $output['msg'] = ___('Sorry, the param is invalid.'); die(theme_features::json_format($output)); } $token = isset($user['token']) && is_string($user['token']) ? $user['token'] : false; if (!$token) { $output['status'] = 'error'; $output['code'] = 'invaild_token'; $output['msg'] = ___('Sorry, the token is invaild.'); die(theme_features::json_format($output)); } /** pwd again */ $pwd_again = isset($user['pwd-again']) && is_string($user['pwd-again']) ? $user['pwd-again'] : null; if (empty($pwd) || $pwd !== $pwd_again) { $output['status'] = 'error'; $output['code'] = 'invalid_twice_pwd'; $output['msg'] = ___('Sorry, twice password is invaild, please try again.'); die(theme_features::json_format($output)); } /** decode token */ $token_decode = self::get_decode_token($token); if (!$token_decode) { $output['status'] = 'error'; $output['code'] = 'expired_token'; $output['msg'] = ___('Sorry, the token is expired.'); die(theme_features::json_format($output)); } $token_user_id = isset($token_decode['user_id']) && is_numeric($token_decode['user_id']) ? $token_decode['user_id'] : null; $token_user_email = isset($token_decode['user_email']) && is_email($token_decode['user_email']) ? $token_decode['user_email'] : null; /** check token email is match post email */ if (!$token_user_email) { $output['status'] = 'error'; $output['code'] = 'token_email_not_match'; $output['msg'] = ___('Sorry, the token email and you account email do not match.'); die(theme_features::json_format($output)); } /** check post email exists */ $user_id = (int) email_exists($token_user_email); if ($user_id != $token_decode['user_id']) { $output['status'] = 'error'; $output['code'] = 'email_not_exist'; $output['msg'] = ___('Sorry, your account email is not exist.'); die(theme_features::json_format($output)); } /** check user already apply to recover password */ if (!get_user_meta($user_id, '_tmp_recover_pwd', true)) { $output['status'] = 'error'; $output['code'] = 'not_apply_recover'; $output['msg'] = ___('Sorry, the user do not apply recover yet.'); } /** all ok, just set new password */ delete_user_meta($user_id, '_tmp_recover_pwd'); wp_set_password($pwd, $user_id); wp_set_current_user($user_id); wp_set_auth_cookie($user_id, true); $output['status'] = 'success'; $output['redirect'] = theme_cache::home_url(); $output['msg'] = ___('Congratulation, your account has been recovered! Password has been updated. Redirecting home page, please wait...'); break; default: $output['status'] = 'error'; $output['code'] = 'invalid_type'; $output['msg'] = ___('Invalid type.'); } die(theme_features::json_format($output)); }
public static function filter_display_name($name) { $name = filter_blank($name); if (empty($name)) { $name = ___('Monster') . '-' . mt_rand(100, 999); } return $name; }