/**
* Displays the HTML for error messages
*
* @access public
* @since 1.0
*/
function rcp_show_error_messages($error_id = '')
{
if (rcp_errors()->get_error_codes()) {
do_action('rcp_errors_before');
echo rcp_get_error_messages_html();
do_action('rcp_errors_after');
}
}
/**
* Verify the entered code
*
* @access public
* @since 2.2
*/
public function check_code($post_data)
{
$auth = new GoogleAuthenticator();
$user = get_user_by('login', trim($_POST['rcp_user_login']));
$success = $auth->check_otp($user, trim($_POST['rcp_user_login']), trim($_POST['rcp_user_pass']));
if (is_wp_error($success)) {
rcp_errors()->add('auth_failed', $success->get_error_message(), 'login');
}
}
function rcp_validate_captcha()
{
global $rcp_options;
if (isset($rcp_options['enable_recaptcha']) && !empty($rcp_options['recaptcha_public_key'])) {
/* validate recaptcha, if enabled */
$privatekey = trim($rcp_options['recaptcha_private_key']);
$resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// recaptcha is incorrect
rcp_errors()->add('invalid_recaptcha', __('The words/numbers you entered did not match the reCaptcha', 'rcp'));
}
}
}
function rcp_validate_captcha($data)
{
global $rcp_options;
if (!isset($rcp_options['enable_recaptcha']) || empty($rcp_options['recaptcha_public_key']) || empty($rcp_options['recaptcha_private_key'])) {
return;
}
if (empty($data['g-recaptcha-response']) || empty($data['g-recaptcha-remoteip'])) {
rcp_errors()->add('invalid_recaptcha', __('Please verify that you are not a robot', 'rcp'), 'register');
return;
}
$verify = wp_safe_remote_post('https://www.google.com/recaptcha/api/siteverify', array('body' => array('secret' => trim($rcp_options['recaptcha_private_key']), 'response' => $data['g-recaptcha-response'], 'remoteip' => $data['g-recaptcha-remoteip'])));
$verify = json_decode(wp_remote_retrieve_body($verify));
if (empty($verify->success) || true !== $verify->success) {
rcp_errors()->add('invalid_recaptcha', __('Please verify that you are not a robot', 'rcp'), 'register');
}
}
/**
*Process the login form
*
* @access public
* @since 1.0
*/
function rcp_process_login_form()
{
if (!isset($_POST['rcp_action']) || 'login' != $_POST['rcp_action']) {
return;
}
if (!isset($_POST['rcp_login_nonce']) || !wp_verify_nonce($_POST['rcp_login_nonce'], 'rcp-login-nonce')) {
return;
}
// this returns the user ID and other info from the user name
$user = get_user_by('login', $_POST['rcp_user_login']);
do_action('rcp_before_form_errors', $_POST);
if (!$user) {
// if the user name doesn't exist
rcp_errors()->add('empty_username', __('Invalid username', 'rcp'), 'login');
}
if (!isset($_POST['rcp_user_pass']) || $_POST['rcp_user_pass'] == '') {
// if no password was entered
rcp_errors()->add('empty_password', __('Please enter a password', 'rcp'), 'login');
}
if ($user) {
// check the user's login with their password
if (!wp_check_password($_POST['rcp_user_pass'], $user->user_pass, $user->ID)) {
// if the password is incorrect for the specified user
rcp_errors()->add('empty_password', __('Incorrect password', 'rcp'), 'login');
}
}
if (function_exists('is_limit_login_ok') && !is_limit_login_ok()) {
rcp_errors()->add('limit_login_failed', limit_login_error_msg(), 'login');
}
do_action('rcp_login_form_errors', $_POST);
// retrieve all error messages
$errors = rcp_errors()->get_error_messages();
// only log the user in if there are no errors
if (empty($errors)) {
$remember = isset($_POST['rcp_user_remember']);
$redirect = !empty($_POST['rcp_redirect']) ? $_POST['rcp_redirect'] : home_url();
rcp_login_user_in($user->ID, $_POST['rcp_user_login'], $remember);
// redirect the user back to the page they were previously on
wp_redirect($redirect);
exit;
} else {
if (function_exists('limit_login_failed')) {
limit_login_failed($_POST['rcp_user_login']);
}
}
}
function rcp_show_error_messages($error_id = '')
{
if ($codes = rcp_errors()->get_error_codes()) {
do_action('rcp_errors_before');
echo '<div class="rcp_message error">';
// Loop error codes and display errors
foreach ($codes as $code) {
if (rcp_errors()->get_error_data($code) == $error_id) {
$message = rcp_errors()->get_error_message($code);
do_action('rcp_error_before');
echo '<p class="rcp_error ' . $code . '"><span>' . $message . '</span></p>';
do_action('rcp_error_after');
}
}
echo '</div>';
do_action('rcp_errors_after');
}
}
/**
* Validate additional fields during registration submission
*
* @since 2.3
*/
public function validate_fields()
{
if (empty($_POST['rcp_card_cvc'])) {
rcp_errors()->add('missing_card_code', __('The security code you have entered is invalid', 'rcp'), 'register');
}
if (empty($_POST['rcp_card_address'])) {
rcp_errors()->add('missing_card_address', __('The address you have entered is invalid', 'rcp'), 'register');
}
if (empty($_POST['rcp_card_city'])) {
rcp_errors()->add('missing_card_city', __('The city you have entered is invalid', 'rcp'), 'register');
}
if (empty($_POST['rcp_card_state']) && $this->card_needs_state_and_zip()) {
rcp_errors()->add('missing_card_state', __('The state you have entered is invalid', 'rcp'), 'register');
}
if (empty($_POST['rcp_card_country'])) {
rcp_errors()->add('missing_card_country', __('The country you have entered is invalid', 'rcp'), 'register');
}
if (empty($_POST['rcp_card_zip']) && $this->card_needs_state_and_zip()) {
rcp_errors()->add('missing_card_zip', __('The zip / postal code you have entered is invalid', 'rcp'), 'register');
}
}
/**
* Validate additional fields during registration submission
*
* @since 2.1
*/
public function validate_fields()
{
global $rcp_options;
if (empty($_POST['rcp_card_number'])) {
rcp_errors()->add('missing_card_number', __('The card number you have entered is invalid', 'rcp'), 'register');
}
if (empty($_POST['rcp_card_cvc'])) {
rcp_errors()->add('missing_card_code', __('The security code you have entered is invalid', 'rcp'), 'register');
}
if (empty($_POST['rcp_card_zip'])) {
rcp_errors()->add('missing_card_zip', __('The zip / postal code you have entered is invalid', 'rcp'), 'register');
}
if (empty($_POST['rcp_card_name'])) {
rcp_errors()->add('missing_card_name', __('The card holder name you have entered is invalid', 'rcp'), 'register');
}
if (empty($_POST['rcp_card_exp_month'])) {
rcp_errors()->add('missing_card_exp_month', __('The card expiration month you have entered is invalid', 'rcp'), 'register');
}
if (empty($_POST['rcp_card_exp_year'])) {
rcp_errors()->add('missing_card_exp_year', __('The card expiration year you have entered is invalid', 'rcp'), 'register');
}
if ($this->test_mode && (empty($rcp_options['stripe_test_secret']) || empty($rcp_options['stripe_test_publishable']))) {
rcp_errors()->add('missing_stripe_test_keys', __('Missing Stripe test keys. Please enter your test keys to use Stripe in Sandbox Mode.', 'rcp'), 'register');
}
if (!$this->test_mode && (empty($rcp_options['stripe_live_secret']) || empty($rcp_options['stripe_live_publishable']))) {
rcp_errors()->add('missing_stripe_live_keys', __('Missing Stripe live keys. Please enter your live keys to use Stripe in Live Mode.', 'rcp'), 'register');
}
}
/**
* Validate additional fields during registration submission
*
* @since 2.1
*/
public function validate_fields()
{
if (!rcp_has_paypal_api_access()) {
rcp_errors()->add('no_paypal_api', __('You have not configured PayPal API access. Please configure it in Restrict → Settings', 'rcp'), 'register');
}
}
/**
* Send password reset email to user. Adapted from wp-login.php
*
* @access public
* @since 2.3
*/
function rcp_retrieve_password() {
global $wpdb, $wp_hasher, $wp_db_version;
if ( empty( $_POST['rcp_user_login'] ) ) {
rcp_errors()->add( 'empty_username', __( 'Enter a username or e-mail address.', 'rcp' ), 'lostpassword' );
} elseif ( strpos( $_POST['rcp_user_login'], '@' ) ) {
$user_data = get_user_by( 'email', trim( $_POST['rcp_user_login'] ) );
if ( empty( $user_data ) ) {
rcp_errors()->add( 'invalid_email', __( 'There is no user registered with that email address.', 'rcp' ), 'lostpassword' );
}
} else {
$login = trim($_POST['rcp_user_login']);
$user_data = get_user_by('login', $login);
}
if ( rcp_errors()->get_error_code() ) {
return rcp_errors();
}
if ( !$user_data ) {
rcp_errors()->add('invalidcombo', __('Invalid username or e-mail.', 'rcp' ), 'lostpassword');
return rcp_errors();
}
// Redefining user_login ensures we return the right case in the email.
$user_login = $user_data->user_login;
$user_email = $user_data->user_email;
$allow = apply_filters( 'allow_password_reset', true, $user_data->ID );
if ( ! $allow ) {
rcp_errors()->add( 'no_password_reset', __( 'Password reset is not allowed for this user', 'rcp' ), 'lostpassword' );
return rcp_errors();
} elseif ( is_wp_error( $allow ) ) {
return $allow;
}
// Generate something random for a password reset key.
$key = wp_generate_password( 20, false );
// Now insert the key, hashed, into the DB.
if ( empty( $wp_hasher ) ) {
require_once ABSPATH . WPINC . '/class-phpass.php';
$wp_hasher = new PasswordHash( 8, true );
}
if ($wp_db_version >= 32814) {
// 4.3 or later
$hashed = time() . ':' . $wp_hasher->HashPassword( $key );
} else {
$hashed = $wp_hasher->HashPassword( $key );
}
$wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) );
$message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
$message .= network_home_url( '/' ) . "\r\n\r\n";
$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
$message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
$message .= __('To reset your password, visit the following address:') . "\r\n\r\n";
$message .= '<' . esc_url_raw( add_query_arg( array( 'rcp_action' => 'lostpassword', 'key' => $key, 'login' => rawurlencode( $user_login ) ), $_POST['rcp_redirect'] ) ) . ">\r\n";
if ( is_multisite() ) {
$blogname = $GLOBALS['current_site']->site_name;
} else {
/*
* The blogname option is escaped with esc_html on the way into the database
* in sanitize_option we want to reverse this for the plain text arena of emails.
*/
$blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
}
$title = sprintf( __('[%s] Password Reset'), $blogname );
$title = apply_filters( 'retrieve_password_title', $title );
$message = apply_filters( 'retrieve_password_message', $message, $key, $user_login, $user_data );
if ( $message && ! wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) ) {
wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.') );
}
return true;
}
function pippin_rcp_check_for_agreement($posted)
{
if (!isset($posted['rcp_terms_agreement'])) {
rcp_errors()->add('agree_to_terms', __('You must agree to our terms of use', 'rcp'), 'register');
}
}
/**
* Change a user password
*
* @access public
* @since 1.0
*/
function rcp_change_password()
{
// reset a users password
if (isset($_POST['rcp_action']) && $_POST['rcp_action'] == 'reset-password') {
global $user_ID;
list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI']));
$rp_cookie = 'rcp-resetpass-' . COOKIEHASH;
$user = rcp_get_user_resetting_password($rp_cookie);
if (!is_user_logged_in() && !$user) {
return;
}
if (wp_verify_nonce($_POST['rcp_password_nonce'], 'rcp-password-nonce')) {
do_action('rcp_before_password_form_errors', $_POST);
if ($_POST['rcp_user_pass'] == '' || $_POST['rcp_user_pass_confirm'] == '') {
// password(s) field empty
rcp_errors()->add('password_empty', __('Please enter a password, and confirm it', 'rcp'), 'password');
}
if ($_POST['rcp_user_pass'] != $_POST['rcp_user_pass_confirm']) {
// passwords do not match
rcp_errors()->add('password_mismatch', __('Passwords do not match', 'rcp'), 'password');
}
do_action('rcp_password_form_errors', $_POST);
// retrieve all error messages, if any
$errors = rcp_errors()->get_error_messages();
if (empty($errors)) {
// change the password here
$user_data = array('ID' => is_user_logged_in() ? $user_ID : $user->ID, 'user_pass' => $_POST['rcp_user_pass']);
wp_update_user($user_data);
// remove cookie with password reset info
setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
// send password change email here (if WP doesn't)
wp_safe_redirect(add_query_arg('password-reset', 'true', $_POST['rcp_redirect']));
exit;
}
}
}
}
public function check_for_agreement($posted)
{
if (!isset($posted['rcp_terms_agreement'])) {
rcp_errors()->add('agree_to_terms', __('You must agree to the terms to continue', 'rcp'), 'register');
}
}
/**
* Determines if there are problems with the registration data submitted
*
*/
function pw_rcp_validate_user_fields_on_register($posted)
{
if (!isset($posted['rcp_privacy'])) {
rcp_errors()->add('invalid_location', __('Please agree to our privacy policy', 'rcp'), 'register');
}
}
public function add_error($code = '', $message = '')
{
rcp_errors()->add($code, $message, 'register');
}
/**
* Validate and setup the user data for registration
*
* @access public
* @since 1.5
* @return array
*/
function rcp_validate_user_data() {
$user = array();
if( ! is_user_logged_in() ) {
$user['id'] = 0;
$user['login'] = sanitize_text_field( $_POST['rcp_user_login'] );
$user['email'] = sanitize_text_field( $_POST['rcp_user_email'] );
$user['first_name'] = sanitize_text_field( $_POST['rcp_user_first'] );
$user['last_name'] = sanitize_text_field( $_POST['rcp_user_last'] );
$user['password'] = sanitize_text_field( $_POST['rcp_user_pass'] );
$user['password_confirm'] = sanitize_text_field( $_POST['rcp_user_pass_confirm'] );
$user['need_new'] = true;
} else {
$userdata = get_userdata( get_current_user_id() );
$user['id'] = $userdata->ID;
$user['login'] = $userdata->user_login;
$user['email'] = $userdata->user_email;
$user['need_new'] = false;
}
if( $user['need_new'] ) {
if( username_exists( $user['login'] ) ) {
// Username already registered
rcp_errors()->add( 'username_unavailable', __( 'Username already taken', 'rcp' ), 'register' );
}
if( ! rcp_validate_username( $user['login'] ) ) {
// invalid username
rcp_errors()->add( 'username_invalid', __( 'Invalid username', 'rcp' ), 'register' );
}
if( empty( $user['login'] ) ) {
// empty username
rcp_errors()->add( 'username_empty', __( 'Please enter a username', 'rcp' ), 'register' );
}
if( ! is_email( $user['email'] ) ) {
//invalid email
rcp_errors()->add( 'email_invalid', __( 'Invalid email', 'rcp' ), 'register' );
}
if( email_exists( $user['email'] ) ) {
//Email address already registered
rcp_errors()->add( 'email_used', __( 'Email already registered', 'rcp' ), 'register' );
}
if( empty( $user['password'] ) ) {
// passwords do not match
rcp_errors()->add( 'password_empty', __( 'Please enter a password', 'rcp' ), 'register' );
}
if( $user['password'] !== $user['password_confirm'] ) {
// passwords do not match
rcp_errors()->add( 'password_mismatch', __( 'Passwords do not match', 'rcp' ), 'register' );
}
}
return apply_filters( 'rcp_user_registration_data', $user );
}
/**
* Validate additional fields during registration submission
*
* @since 2.1
*/
public function validate_fields()
{
if (empty($_POST['rcp_card_number'])) {
rcp_errors()->add('missing_card_number', __('The card number you have entered is invalid', 'rcp'), 'register');
}
if (empty($_POST['rcp_card_cvc'])) {
rcp_errors()->add('missing_card_code', __('The security code you have entered is invalid', 'rcp'), 'register');
}
if (empty($_POST['rcp_card_zip'])) {
rcp_errors()->add('missing_card_zip', __('The zip / postal code you have entered is invalid', 'rcp'), 'register');
}
if (empty($_POST['rcp_card_name'])) {
rcp_errors()->add('missing_card_name', __('The card holder name you have entered is invalid', 'rcp'), 'register');
}
if (empty($_POST['rcp_card_exp_month'])) {
rcp_errors()->add('missing_card_exp_month', __('The card expiration month you have entered is invalid', 'rcp'), 'register');
}
if (empty($_POST['rcp_card_exp_year'])) {
rcp_errors()->add('missing_card_exp_year', __('The card expiration year you have entered is invalid', 'rcp'), 'register');
}
}
/**
* Change a user password
*
* @access public
* @since 1.0
*/
function rcp_change_password() {
// reset a users password
if( isset( $_POST['rcp_action'] ) && $_POST['rcp_action'] == 'reset-password' ) {
global $user_ID;
if( !is_user_logged_in() )
return;
if( wp_verify_nonce( $_POST['rcp_password_nonce'], 'rcp-password-nonce' ) ) {
do_action( 'rcp_before_password_form_errors', $_POST );
if( $_POST['rcp_user_pass'] == '' || $_POST['rcp_user_pass_confirm'] == '' ) {
// password(s) field empty
rcp_errors()->add( 'password_empty', __( 'Please enter a password, and confirm it', 'rcp' ), 'password' );
}
if( $_POST['rcp_user_pass'] != $_POST['rcp_user_pass_confirm'] ) {
// passwords do not match
rcp_errors()->add( 'password_mismatch', __( 'Passwords do not match', 'rcp' ), 'password' );
}
do_action( 'rcp_password_form_errors', $_POST );
// retrieve all error messages, if any
$errors = rcp_errors()->get_error_messages();
if( empty( $errors ) ) {
// change the password here
$user_data = array(
'ID' => $user_ID,
'user_pass' => $_POST['rcp_user_pass']
);
wp_update_user( $user_data );
// send password change email here (if WP doesn't)
wp_safe_redirect( add_query_arg( 'password-reset', 'true', $_POST['rcp_redirect'] ) );
exit;
}
}
}
}
/**
* This will remove the username requirement on the registration form
* and use the email address as the username.
*/
function jp_rcp_user_registration_data($user)
{
rcp_errors()->remove('username_empty');
$user['login'] = $user['email'];
return $user;
}
