function wp_eMember_add_memebers()
{
$emember_config = Emember_Config::getInstance();
global $wpdb;
$d = WP_EMEMBER_URL . '/images/default_image.gif';
//If being edited, grab current info
if (isset($_GET['editrecord']) && $_GET['editrecord'] != '') {
$theid = $_GET['editrecord'];
$editingrecord = dbAccess::find(WP_EMEMBER_MEMBERS_TABLE_NAME, ' member_id=' . $theid);
$edit_custom_fields = dbAccess::find(WP_EMEMBER_MEMBERS_META_TABLE, ' user_id=' . $theid . ' AND meta_key="custom_field"');
$edit_custom_fields = isset($edit_custom_fields->meta_value) ? unserialize($edit_custom_fields->meta_value) : array();
$editingrecord->more_membership_levels = explode(',', $editingrecord->more_membership_levels);
$editingrecord = (array) $editingrecord;
$image_url = null;
$image_path = null;
$upload_dir = wp_upload_dir();
$upload_url = $upload_dir['baseurl'] . '/emember/';
$upload_path = $upload_dir['basedir'] . '/emember/';
$use_gravatar = $emember_config->getValue('eMember_use_gravatar');
if ($use_gravatar) {
$image_url = WP_EMEMBER_GRAVATAR_URL . "/" . md5(strtolower($editingrecord['email'])) . "?d=" . urlencode($d) . "&s=" . 96;
} else {
if (!empty($editingrecord['profile_image'])) {
$image_url = $upload_url . $editingrecord['profile_image'];
$image_path = $theid;
} else {
$image_path = "";
$image_url = WP_EMEMBER_URL . '/images/default_image.gif';
}
}
}
if (isset($_POST['Submit'])) {
global $wpdb;
include_once ABSPATH . WPINC . '/class-phpass.php';
$wp_hasher = new PasswordHash(8, TRUE);
$post_editedrecord = esc_sql(isset($_POST['editedrecord']) ? $_POST['editedrecord'] : "");
$fields = array();
$fields['flags'] = 0;
if ($emember_config->getValue('eMember_enable_secondary_membership')) {
$fields['more_membership_levels'] = implode(',', empty($_POST['more_membership_levels']) ? array() : $_POST['more_membership_levels']);
}
$fields["user_name"] = $_POST["user_name"];
$fields["first_name"] = $_POST["first_name"];
$fields["last_name"] = $_POST["last_name"];
$fields["company_name"] = $_POST["company_name"];
$fields["member_since"] = $_POST["member_since"];
$fields["membership_level"] = $_POST["membership_level"];
$fields["account_state"] = $_POST["account_state"];
$fields["email"] = $_POST["email"];
$fields["phone"] = $_POST["phone"];
$fields["address_street"] = $_POST["address_street"];
$fields["address_city"] = $_POST["address_city"];
$fields["address_state"] = $_POST["address_state"];
$fields["address_zipcode"] = $_POST["address_zipcode"];
$fields["home_page"] = $_POST["home_page"];
$fields["country"] = $_POST["country"];
$fields["gender"] = $_POST["gender"];
$fields["referrer"] = $_POST["referrer"];
$fields["subscription_starts"] = $_POST["subscription_starts"];
$fields['last_accessed_from_ip'] = get_real_ip_addr();
$fields["notes"] = $_POST['notes'];
$wp_user_info = array();
$wp_user_info['user_nicename'] = implode('-', explode(' ', $_POST['user_name']));
$wp_user_info['display_name'] = $_POST['user_name'];
$wp_user_info['user_email'] = $_POST['email'];
$wp_user_info['nickname'] = $_POST['user_name'];
$wp_user_info['first_name'] = $_POST['first_name'];
$wp_user_info['last_name'] = $_POST['last_name'];
if ($post_editedrecord == '') {
$fields['user_name'] = esc_sql($_POST['user_name']);
$wp_user_info['user_login'] = $_POST['user_name'];
// Add the record to the DB
include_once 'emember_validator.php';
$validator = new Emember_Validator();
$validator->add(array('value' => $fields['user_name'], 'label' => 'User Name', 'rules' => array('user_required', 'user_name', 'user_unavail', 'user_minlength')));
$validator->add(array('value' => $_POST['password'], 'repeat' => $_POST['retype_password'], 'label' => 'Password', 'rules' => array('pass_required', 'pass_mismatch')));
$validator->add(array('value' => $fields['email'], 'label' => 'Email', 'rules' => array('email_required', 'email_unavail')));
$messages = $validator->validate();
if (count($messages) > 0) {
echo '<span class="emember_error">' . implode('<br/>', $messages) . '</span>';
$editingrecord = $_POST;
} else {
$password = $wp_hasher->HashPassword($_POST['password']);
$fields['password'] = esc_sql($password);
$ret = dbAccess::insert(WP_EMEMBER_MEMBERS_TABLE_NAME, $fields);
$lastid = $wpdb->insert_id;
$should_create_wp_user = $emember_config->getValue('eMember_create_wp_user');
if ($should_create_wp_user) {
$role_names = array(1 => 'Administrator', 2 => 'Editor', 3 => 'Author', 4 => 'Contributor', 5 => 'Subscriber');
$membership_level_resultset = dbAccess::find(WP_EMEMBER_MEMBERSHIP_LEVEL_TABLE, " id='" . $fields['membership_level'] . "'");
$wp_user_info['role'] = $membership_level_resultset->role;
$wp_user_info['user_registered'] = date('Y-m-d H:i:s');
//$wp_user_id = wp_create_user($_POST['user_name'], $_POST['password'], $_POST['email']);
$wp_user_id = eMember_wp_create_user($_POST['user_name'], $_POST['password'], $_POST['email'], $wp_user_info);
//do_action( 'set_user_role', $wp_user_id, $membership_level_resultset->role );
}
///custom field insert
if (isset($_POST['emember_custom'])) {
$wpdb->query("INSERT INTO " . WP_EMEMBER_MEMBERS_META_TABLE . '( user_id, meta_key, meta_value ) VALUES(' . $lastid . ',"custom_field",' . '\'' . addslashes(serialize($_POST['emember_custom'])) . '\')');
}
if ($ret === false) {
$_SESSION['flash_message'] = '<div id="message" style = "color:red;" class="updated fade"><p>Couldn\'t create new member.</p></div>';
} else {
if (isset($_POST['uploaded_profile_img'])) {
$upload_dir = wp_upload_dir();
$upload_path = $upload_dir['basedir'];
$upload_path .= '/emember/';
$ext = explode('.', $_POST['uploaded_profile_img']);
rename($upload_path . $_POST['uploaded_profile_img'], $upload_path . $lastid . '.' . $ext[1]);
}
$_SESSION['flash_message'] = '<div id="message" class="updated fade"><p>Member "' . $fields['user_name'] . '" created.</p></div>';
//Notify the newly created member if specified in the settings
if ($emember_config->getValue('eMember_email_notification_for_manual_member_add')) {
$login_link = $emember_config->getValue('login_page_url');
$member_email_address = $_POST['email'];
$subject_rego_complete = $emember_config->getValue('eMember_email_subject_rego_complete');
$body_rego_complete = $emember_config->getValue('eMember_email_body_rego_complete');
$from_address = $emember_config->getValue('senders_email_address');
$headers = 'From: ' . $from_address . "\r\n";
$curr_member_id = $lastid;
$additional_params = array('password' => $_POST['password'], 'login_link' => $login_link);
$email_body1 = emember_dynamically_replace_member_details_in_message($curr_member_id, $body_rego_complete, $additional_params);
wp_mail($member_email_address, $subject_rego_complete, $email_body1, $headers);
}
//Create the corresponding affliate account if specified in the settings
if ($emember_config->getValue('eMember_auto_affiliate_account')) {
eMember_handle_affiliate_signup($_POST['user_name'], $_POST['password'], $_POST['first_name'], $_POST['last_name'], $_POST['email'], '');
}
/* * * Signup the member to Autoresponder List (Autoresponder integration) ** */
eMember_log_debug("===> Performing autoresponder signup if needed (member was added via admin dashboard) <===", true);
$membership_level_id = $_POST["membership_level"];
$firstname = $_POST['first_name'];
$lastname = $_POST['last_name'];
$emailaddress = $_POST['email'];
eMember_level_specific_autoresponder_signup($membership_level_id, $firstname, $lastname, $emailaddress);
eMember_global_autoresponder_signup($firstname, $lastname, $emailaddress);
/* * * end of autoresponder integration ** */
echo '<script type="text/javascript">window.location = "admin.php?page=wp_eMember_manage";</script>';
}
}
} else {
if (isset($_POST['emember_custom'])) {
$custom_fields = dbAccess::find(WP_EMEMBER_MEMBERS_META_TABLE, ' user_id=' . $post_editedrecord . ' AND meta_key=\'custom_field\'');
if ($custom_fields) {
$wpdb->query('UPDATE ' . WP_EMEMBER_MEMBERS_META_TABLE . ' SET meta_value =' . '\'' . addslashes(serialize($_POST['emember_custom'])) . '\' WHERE meta_key = \'custom_field\' AND user_id=' . $post_editedrecord);
} else {
$wpdb->query("INSERT INTO " . WP_EMEMBER_MEMBERS_META_TABLE . '( user_id, meta_key, meta_value ) VALUES(' . $post_editedrecord . ',"custom_field",' . '\'' . addslashes(serialize($_POST['emember_custom'])) . '\')');
}
} else {
$wpdb->query('DELETE FROM ' . WP_EMEMBER_MEMBERS_META_TABLE . ' WHERE meta_key = \'custom_field\' AND user_id=' . $post_editedrecord);
}
$editingrecord = dbAccess::find(WP_EMEMBER_MEMBERS_TABLE_NAME, ' member_id=' . $post_editedrecord);
// Update the member info
$member_id = esc_sql($_POST['editedrecord']);
$wp_user_id = username_exists($fields['user_name']);
$wp_email_owner = email_exists($fields['email']);
$emember_email_owner = emember_email_exists($fields['email']);
if (empty($fields['user_name']) || $fields['user_name'] != $editingrecord->user_name) {
echo '<div id="message" class="updated fade"><p>User Name Cannot Be Changed!</p></div>';
} else {
if (empty($fields['email'])) {
echo '<div id="message" class="updated fade"><p>Email Field is Empty!</p></div>';
} else {
if ($wp_email_owner && $wp_user_id != $wp_email_owner || $emember_email_owner && $member_id != $emember_email_owner) {
echo '<div id="message" class="updated fade"><p>Email ID "' . $fields['email'] . '" is already registered to a user!</p></div>';
} else {
$update_possible = true;
if (!empty($_POST['password'])) {
if ($_POST['password'] === $_POST['retype_password']) {
$password = $wp_hasher->HashPassword($_POST['password']);
$fields['password'] = esc_sql($password);
$wp_user_info['user_pass'] = $_POST['password'];
} else {
$update_possible = false;
echo '<div id="message" class="updated fade"><p>Password does\'t match!</p></div>';
}
}
if ($update_possible) {
$ret = dbAccess::update(WP_EMEMBER_MEMBERS_TABLE_NAME, 'member_id = ' . $member_id, $fields);
if ($fields["membership_level"] != $editingrecord->membership_level) {
do_action('emember_membership_changed', array('member_id' => $editingrecord->member_id, 'from_level' => $editingrecord->membership_level, 'to_level' => $fields["membership_level"]));
}
if ($wp_user_id && !is_wp_error($wp_user_id)) {
$wp_user_info['ID'] = $wp_user_id;
wp_update_user($wp_user_info);
if (($editingrecord->flags & 1) != 1) {
$cond = " id='" . $fields['membership_level'] . "'";
$membership_level_resultset = dbAccess::find(WP_EMEMBER_MEMBERSHIP_LEVEL_TABLE, $cond);
update_wp_user_Role($wp_user_id, $membership_level_resultset->role);
//do_action( 'set_user_role', $wp_user_id, $membership_level_resultset->role );
}
}
if ($ret === false) {
$_SESSION['flash_message'] = '<div id="message" class="updated fade"><p>' . __('Member', 'wp_eMember') . ' "' . $fields['user_name'] . '" ' . __('Update Failed.', 'wp_eMember') . '</p></div>';
} else {
$_SESSION['flash_message'] = '<div id="message" class="updated fade"><p>' . __('Member', 'wp_eMember') . ' "' . $fields['user_name'] . '" ' . __('updated.', 'wp_eMember') . '</p></div>';
if (isset($_POST['account_status_change'])) {
$from_address = $emember_config->getValue('senders_email_address');
$headers = 'From: ' . $from_address . "\r\n";
$subject = $_POST['notificationmailhead'];
$member_email_address = $_POST['email'];
$login_link = $emember_config->getValue('login_page_url');
$additional_params = array('password' => $_POST['password'], 'login_link' => $login_link);
$curr_member_id = $post_editedrecord;
$email_body = emember_dynamically_replace_member_details_in_message($curr_member_id, $_POST['notificationmailbody'], $additional_params);
wp_mail($member_email_address, $subject, $email_body, $headers);
$emember_config->setValue('eMember_status_change_email_body', $_POST['notificationmailbody']);
$emember_config->setValue('eMember_status_change_email_subject', $_POST['notificationmailhead']);
$emember_config->saveConfig();
}
echo '<script type="text/javascript">window.location = "admin.php?page=wp_eMember_manage";</script>';
}
}
}
}
}
$editingrecord = (array) $editingrecord;
}
}
$all_levels = dbAccess::findAll(WP_EMEMBER_MEMBERSHIP_LEVEL_TABLE, ' id != 1 ', ' id DESC ');
include_once 'views/add_member_view.php';
}
function is_blocked_ip($user_ip)
{
$user_ip = trim($user_ip);
$emember_config = Emember_Config::getInstance();
$blacklisted_ips = $emember_config->getValue('blacklisted_ips');
$blacklisted_ips = empty($blacklisted_ips) ? array() : explode(';', $blacklisted_ips);
$current_ip = get_real_ip_addr();
foreach ($blacklisted_ips as $ip) {
$ip_port = explode(':', $ip);
$ip = trim($ip_port[0]);
if (!empty($ip) && preg_match('/^(' . $ip . ')/', $user_ip) === 1) {
return true;
}
}
return false;
}
$fields = array();
$fields['user_name'] = $username;
$fields['password'] = $hashed_password;
$fields['first_name'] = $first_name;
$fields['last_name'] = $last_name;
$fields['email'] = $email;
$fields['member_since'] = date("Y-m-d");
$fields['subscription_starts'] = date("Y-m-d");
$fields['membership_level'] = $membership_level_id;
$manually_approve = $emember_config->getValue('eMember_manually_approve_member_registration');
if ($manually_approve) {
$fields['account_state'] = 'pending';
} else {
$fields['account_state'] = 'active';
}
$fields['last_accessed_from_ip'] = get_real_ip_addr();
if (isset($_REQUEST['phone'])) {
$fields['phone'] = strip_tags($_REQUEST['phone']);
}
if (isset($_REQUEST['address_street'])) {
$fields['address_street'] = strip_tags($_REQUEST['address_street']);
}
if (isset($_REQUEST['address_city'])) {
$fields['address_city'] = strip_tags($_REQUEST['address_city']);
}
if (isset($_REQUEST['address_state'])) {
$fields['address_state'] = strip_tags($_REQUEST['address_state']);
}
if (isset($_REQUEST['address_zipcode'])) {
$fields['address_zipcode'] = strip_tags($_REQUEST['address_zipcode']);
}
private function validate()
{
global $wpdb;
$emember_config = Emember_Config::getInstance();
$sign_in_with_wp = $emember_config->getValue('eMember_signin_emem_user');
$auth_cookie_name = is_ssl() ? WP_EMEMBER_SEC_AUTH : WP_EMEMBER_AUTH;
$logout = filter_input(INPUT_GET, 'emember_logout');
$logout_alt = filter_input(INPUT_GET, 'member_logout');
$logout_alt2 = filter_input(INPUT_GET, 'event');
if (!empty($logout) || $logout_alt == 1 || $logout_alt2 == 'logout') {
$this->isLoggedIn = true;
// trick to forcefully logout.
$this->logout();
return false;
} else {
if (!isset($_COOKIE[$auth_cookie_name]) || empty($_COOKIE[$auth_cookie_name])) {
//$this->lastStatusMsg = EMEMBER_NOT_LOGGED_IN;
$this->errorCode = 1;
//set_transient( 'eMember_login_status_msg', "", 3600 );
$this->loggedIn = false;
$this->userInfo = null;
return false;
}
//@todo check if login is for rss
$cookie_elements = explode('|', $_COOKIE[$auth_cookie_name]);
if (count($cookie_elements) != 3) {
return false;
}
list($username, $expiration, $hmac) = $cookie_elements;
$expired = $expiration;
// Allow a grace period for POST and AJAX requests
if (defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD']) {
$expired += HOUR_IN_SECONDS;
}
// Quick check to see if an honest cookie has expired
if ($expired < time()) {
$this->lastStatusMsg = EMEMBER_SESSION_EXPIRED;
//do_action('auth_cookie_expired', $cookie_elements);
return false;
}
$query = " SELECT * FROM " . $wpdb->prefix . "wp_eMember_members_tbl";
$query .= " WHERE user_name = '" . $username . "'";
$user = $wpdb->get_row($query);
if (!$user) {
$this->errorCode = 1;
return false;
}
$pass_frag = substr($user->password, 8, 4);
$key = Emember_Auth::b_hash($username . $pass_frag . '|' . $expiration);
$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
if ($hmac != $hash) {
$this->lastStatusMsg = EMEMBER_LOGIN_AGAIN;
$this->error_code = 20;
self::setSavedMessage('eMember_login_status_msg', $this->lastStatusMsg);
self::setSavedMessage('eMember_login_status_code', $this->errorCode);
return false;
}
}
if ($expiration < time()) {
$GLOBALS['login_grace_period'] = 1;
}
$disable_multiple_logins = $emember_config->getValue('eMember_multiple_logins');
if ($disable_multiple_logins) {
$query = "SELECT * FROM " . WP_EMEMBER_AUTH_SESSION_TABLE . " WHERE " . "user_name = '" . $username . "' ORDER BY login_impression DESC";
$session = $wpdb->get_row($query);
if (!empty($session) && ($session->logged_in_from_ip != get_real_ip_addr() || $session->session_id != $hmac)) {
$this->userInfo = null;
$this->isLoggedIn = true;
// trick to forcefully logout.
$this->lastStatusMsg = EMEMBER_ALREADY_LOGGED_IN;
$this->errorCode = 13;
$this->logout();
self::setSavedMessage('eMember_login_status_code', $this->errorCode);
self::setSavedMessage('eMember_login_status_msg', $this->lastStatusMsg);
return false;
}
}
$query = "select last_impression FROM " . WP_EMEMBER_AUTH_SESSION_TABLE . " WHERE session_id = '" . $hmac . "'";
$last_impression = $wpdb->get_col($query);
$current_time = current_time('mysql', 1);
$last_impression = isset($last_impression[0]) ? strtotime($last_impression[0]) : strtotime($current_time);
$this->inactivity = empty($last_impression) ? 0 : strtotime($current_time) - $last_impression;
$query = "UPDATE " . WP_EMEMBER_AUTH_SESSION_TABLE . " SET last_impression = '" . $current_time . "' WHERE session_id = '" . $hmac . "'";
$wpdb->query($query);
$autologout = $emember_config->getValue('wp_eMember_auto_logout');
if ($autologout && $this->inactivity > $autologout * 60) {
eMember_log_debug("Auto logout triggered. Logging out the member!", true);
$this->isLoggedIn = true;
// trick to forcefully logout.
$this->logout();
return false;
}
/**
* looks to be valid user. so save user info to member variable.
*/
$this->userInfo = $user;
return $this->check_constraints();
}