/** * Displays the HTML for error messages * * @access public * @since 1.0 */ function rcp_show_error_messages($error_id = '') { if (rcp_errors()->get_error_codes()) { do_action('rcp_errors_before'); echo rcp_get_error_messages_html(); do_action('rcp_errors_after'); } }
/** * Verify the entered code * * @access public * @since 2.2 */ public function check_code($post_data) { $auth = new GoogleAuthenticator(); $user = get_user_by('login', trim($_POST['rcp_user_login'])); $success = $auth->check_otp($user, trim($_POST['rcp_user_login']), trim($_POST['rcp_user_pass'])); if (is_wp_error($success)) { rcp_errors()->add('auth_failed', $success->get_error_message(), 'login'); } }
function rcp_validate_captcha() { global $rcp_options; if (isset($rcp_options['enable_recaptcha']) && !empty($rcp_options['recaptcha_public_key'])) { /* validate recaptcha, if enabled */ $privatekey = trim($rcp_options['recaptcha_private_key']); $resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { // recaptcha is incorrect rcp_errors()->add('invalid_recaptcha', __('The words/numbers you entered did not match the reCaptcha', 'rcp')); } } }
function rcp_validate_captcha($data) { global $rcp_options; if (!isset($rcp_options['enable_recaptcha']) || empty($rcp_options['recaptcha_public_key']) || empty($rcp_options['recaptcha_private_key'])) { return; } if (empty($data['g-recaptcha-response']) || empty($data['g-recaptcha-remoteip'])) { rcp_errors()->add('invalid_recaptcha', __('Please verify that you are not a robot', 'rcp'), 'register'); return; } $verify = wp_safe_remote_post('https://www.google.com/recaptcha/api/siteverify', array('body' => array('secret' => trim($rcp_options['recaptcha_private_key']), 'response' => $data['g-recaptcha-response'], 'remoteip' => $data['g-recaptcha-remoteip']))); $verify = json_decode(wp_remote_retrieve_body($verify)); if (empty($verify->success) || true !== $verify->success) { rcp_errors()->add('invalid_recaptcha', __('Please verify that you are not a robot', 'rcp'), 'register'); } }
/** *Process the login form * * @access public * @since 1.0 */ function rcp_process_login_form() { if (!isset($_POST['rcp_action']) || 'login' != $_POST['rcp_action']) { return; } if (!isset($_POST['rcp_login_nonce']) || !wp_verify_nonce($_POST['rcp_login_nonce'], 'rcp-login-nonce')) { return; } // this returns the user ID and other info from the user name $user = get_user_by('login', $_POST['rcp_user_login']); do_action('rcp_before_form_errors', $_POST); if (!$user) { // if the user name doesn't exist rcp_errors()->add('empty_username', __('Invalid username', 'rcp'), 'login'); } if (!isset($_POST['rcp_user_pass']) || $_POST['rcp_user_pass'] == '') { // if no password was entered rcp_errors()->add('empty_password', __('Please enter a password', 'rcp'), 'login'); } if ($user) { // check the user's login with their password if (!wp_check_password($_POST['rcp_user_pass'], $user->user_pass, $user->ID)) { // if the password is incorrect for the specified user rcp_errors()->add('empty_password', __('Incorrect password', 'rcp'), 'login'); } } if (function_exists('is_limit_login_ok') && !is_limit_login_ok()) { rcp_errors()->add('limit_login_failed', limit_login_error_msg(), 'login'); } do_action('rcp_login_form_errors', $_POST); // retrieve all error messages $errors = rcp_errors()->get_error_messages(); // only log the user in if there are no errors if (empty($errors)) { $remember = isset($_POST['rcp_user_remember']); $redirect = !empty($_POST['rcp_redirect']) ? $_POST['rcp_redirect'] : home_url(); rcp_login_user_in($user->ID, $_POST['rcp_user_login'], $remember); // redirect the user back to the page they were previously on wp_redirect($redirect); exit; } else { if (function_exists('limit_login_failed')) { limit_login_failed($_POST['rcp_user_login']); } } }
function rcp_show_error_messages($error_id = '') { if ($codes = rcp_errors()->get_error_codes()) { do_action('rcp_errors_before'); echo '<div class="rcp_message error">'; // Loop error codes and display errors foreach ($codes as $code) { if (rcp_errors()->get_error_data($code) == $error_id) { $message = rcp_errors()->get_error_message($code); do_action('rcp_error_before'); echo '<p class="rcp_error ' . $code . '"><span>' . $message . '</span></p>'; do_action('rcp_error_after'); } } echo '</div>'; do_action('rcp_errors_after'); } }
/** * Validate additional fields during registration submission * * @since 2.3 */ public function validate_fields() { if (empty($_POST['rcp_card_cvc'])) { rcp_errors()->add('missing_card_code', __('The security code you have entered is invalid', 'rcp'), 'register'); } if (empty($_POST['rcp_card_address'])) { rcp_errors()->add('missing_card_address', __('The address you have entered is invalid', 'rcp'), 'register'); } if (empty($_POST['rcp_card_city'])) { rcp_errors()->add('missing_card_city', __('The city you have entered is invalid', 'rcp'), 'register'); } if (empty($_POST['rcp_card_state']) && $this->card_needs_state_and_zip()) { rcp_errors()->add('missing_card_state', __('The state you have entered is invalid', 'rcp'), 'register'); } if (empty($_POST['rcp_card_country'])) { rcp_errors()->add('missing_card_country', __('The country you have entered is invalid', 'rcp'), 'register'); } if (empty($_POST['rcp_card_zip']) && $this->card_needs_state_and_zip()) { rcp_errors()->add('missing_card_zip', __('The zip / postal code you have entered is invalid', 'rcp'), 'register'); } }
/** * Validate additional fields during registration submission * * @since 2.1 */ public function validate_fields() { global $rcp_options; if (empty($_POST['rcp_card_number'])) { rcp_errors()->add('missing_card_number', __('The card number you have entered is invalid', 'rcp'), 'register'); } if (empty($_POST['rcp_card_cvc'])) { rcp_errors()->add('missing_card_code', __('The security code you have entered is invalid', 'rcp'), 'register'); } if (empty($_POST['rcp_card_zip'])) { rcp_errors()->add('missing_card_zip', __('The zip / postal code you have entered is invalid', 'rcp'), 'register'); } if (empty($_POST['rcp_card_name'])) { rcp_errors()->add('missing_card_name', __('The card holder name you have entered is invalid', 'rcp'), 'register'); } if (empty($_POST['rcp_card_exp_month'])) { rcp_errors()->add('missing_card_exp_month', __('The card expiration month you have entered is invalid', 'rcp'), 'register'); } if (empty($_POST['rcp_card_exp_year'])) { rcp_errors()->add('missing_card_exp_year', __('The card expiration year you have entered is invalid', 'rcp'), 'register'); } if ($this->test_mode && (empty($rcp_options['stripe_test_secret']) || empty($rcp_options['stripe_test_publishable']))) { rcp_errors()->add('missing_stripe_test_keys', __('Missing Stripe test keys. Please enter your test keys to use Stripe in Sandbox Mode.', 'rcp'), 'register'); } if (!$this->test_mode && (empty($rcp_options['stripe_live_secret']) || empty($rcp_options['stripe_live_publishable']))) { rcp_errors()->add('missing_stripe_live_keys', __('Missing Stripe live keys. Please enter your live keys to use Stripe in Live Mode.', 'rcp'), 'register'); } }
/** * Validate additional fields during registration submission * * @since 2.1 */ public function validate_fields() { if (!rcp_has_paypal_api_access()) { rcp_errors()->add('no_paypal_api', __('You have not configured PayPal API access. Please configure it in Restrict → Settings', 'rcp'), 'register'); } }
/** * Send password reset email to user. Adapted from wp-login.php * * @access public * @since 2.3 */ function rcp_retrieve_password() { global $wpdb, $wp_hasher, $wp_db_version; if ( empty( $_POST['rcp_user_login'] ) ) { rcp_errors()->add( 'empty_username', __( 'Enter a username or e-mail address.', 'rcp' ), 'lostpassword' ); } elseif ( strpos( $_POST['rcp_user_login'], '@' ) ) { $user_data = get_user_by( 'email', trim( $_POST['rcp_user_login'] ) ); if ( empty( $user_data ) ) { rcp_errors()->add( 'invalid_email', __( 'There is no user registered with that email address.', 'rcp' ), 'lostpassword' ); } } else { $login = trim($_POST['rcp_user_login']); $user_data = get_user_by('login', $login); } if ( rcp_errors()->get_error_code() ) { return rcp_errors(); } if ( !$user_data ) { rcp_errors()->add('invalidcombo', __('Invalid username or e-mail.', 'rcp' ), 'lostpassword'); return rcp_errors(); } // Redefining user_login ensures we return the right case in the email. $user_login = $user_data->user_login; $user_email = $user_data->user_email; $allow = apply_filters( 'allow_password_reset', true, $user_data->ID ); if ( ! $allow ) { rcp_errors()->add( 'no_password_reset', __( 'Password reset is not allowed for this user', 'rcp' ), 'lostpassword' ); return rcp_errors(); } elseif ( is_wp_error( $allow ) ) { return $allow; } // Generate something random for a password reset key. $key = wp_generate_password( 20, false ); // Now insert the key, hashed, into the DB. if ( empty( $wp_hasher ) ) { require_once ABSPATH . WPINC . '/class-phpass.php'; $wp_hasher = new PasswordHash( 8, true ); } if ($wp_db_version >= 32814) { // 4.3 or later $hashed = time() . ':' . $wp_hasher->HashPassword( $key ); } else { $hashed = $wp_hasher->HashPassword( $key ); } $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) ); $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n"; $message .= network_home_url( '/' ) . "\r\n\r\n"; $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; $message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n"; $message .= __('To reset your password, visit the following address:') . "\r\n\r\n"; $message .= '<' . esc_url_raw( add_query_arg( array( 'rcp_action' => 'lostpassword', 'key' => $key, 'login' => rawurlencode( $user_login ) ), $_POST['rcp_redirect'] ) ) . ">\r\n"; if ( is_multisite() ) { $blogname = $GLOBALS['current_site']->site_name; } else { /* * The blogname option is escaped with esc_html on the way into the database * in sanitize_option we want to reverse this for the plain text arena of emails. */ $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); } $title = sprintf( __('[%s] Password Reset'), $blogname ); $title = apply_filters( 'retrieve_password_title', $title ); $message = apply_filters( 'retrieve_password_message', $message, $key, $user_login, $user_data ); if ( $message && ! wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) ) { wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.') ); } return true; }
function pippin_rcp_check_for_agreement($posted) { if (!isset($posted['rcp_terms_agreement'])) { rcp_errors()->add('agree_to_terms', __('You must agree to our terms of use', 'rcp'), 'register'); } }
/** * Change a user password * * @access public * @since 1.0 */ function rcp_change_password() { // reset a users password if (isset($_POST['rcp_action']) && $_POST['rcp_action'] == 'reset-password') { global $user_ID; list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI'])); $rp_cookie = 'rcp-resetpass-' . COOKIEHASH; $user = rcp_get_user_resetting_password($rp_cookie); if (!is_user_logged_in() && !$user) { return; } if (wp_verify_nonce($_POST['rcp_password_nonce'], 'rcp-password-nonce')) { do_action('rcp_before_password_form_errors', $_POST); if ($_POST['rcp_user_pass'] == '' || $_POST['rcp_user_pass_confirm'] == '') { // password(s) field empty rcp_errors()->add('password_empty', __('Please enter a password, and confirm it', 'rcp'), 'password'); } if ($_POST['rcp_user_pass'] != $_POST['rcp_user_pass_confirm']) { // passwords do not match rcp_errors()->add('password_mismatch', __('Passwords do not match', 'rcp'), 'password'); } do_action('rcp_password_form_errors', $_POST); // retrieve all error messages, if any $errors = rcp_errors()->get_error_messages(); if (empty($errors)) { // change the password here $user_data = array('ID' => is_user_logged_in() ? $user_ID : $user->ID, 'user_pass' => $_POST['rcp_user_pass']); wp_update_user($user_data); // remove cookie with password reset info setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true); // send password change email here (if WP doesn't) wp_safe_redirect(add_query_arg('password-reset', 'true', $_POST['rcp_redirect'])); exit; } } } }
public function check_for_agreement($posted) { if (!isset($posted['rcp_terms_agreement'])) { rcp_errors()->add('agree_to_terms', __('You must agree to the terms to continue', 'rcp'), 'register'); } }
/** * Determines if there are problems with the registration data submitted * */ function pw_rcp_validate_user_fields_on_register($posted) { if (!isset($posted['rcp_privacy'])) { rcp_errors()->add('invalid_location', __('Please agree to our privacy policy', 'rcp'), 'register'); } }
public function add_error($code = '', $message = '') { rcp_errors()->add($code, $message, 'register'); }
/** * Validate and setup the user data for registration * * @access public * @since 1.5 * @return array */ function rcp_validate_user_data() { $user = array(); if( ! is_user_logged_in() ) { $user['id'] = 0; $user['login'] = sanitize_text_field( $_POST['rcp_user_login'] ); $user['email'] = sanitize_text_field( $_POST['rcp_user_email'] ); $user['first_name'] = sanitize_text_field( $_POST['rcp_user_first'] ); $user['last_name'] = sanitize_text_field( $_POST['rcp_user_last'] ); $user['password'] = sanitize_text_field( $_POST['rcp_user_pass'] ); $user['password_confirm'] = sanitize_text_field( $_POST['rcp_user_pass_confirm'] ); $user['need_new'] = true; } else { $userdata = get_userdata( get_current_user_id() ); $user['id'] = $userdata->ID; $user['login'] = $userdata->user_login; $user['email'] = $userdata->user_email; $user['need_new'] = false; } if( $user['need_new'] ) { if( username_exists( $user['login'] ) ) { // Username already registered rcp_errors()->add( 'username_unavailable', __( 'Username already taken', 'rcp' ), 'register' ); } if( ! rcp_validate_username( $user['login'] ) ) { // invalid username rcp_errors()->add( 'username_invalid', __( 'Invalid username', 'rcp' ), 'register' ); } if( empty( $user['login'] ) ) { // empty username rcp_errors()->add( 'username_empty', __( 'Please enter a username', 'rcp' ), 'register' ); } if( ! is_email( $user['email'] ) ) { //invalid email rcp_errors()->add( 'email_invalid', __( 'Invalid email', 'rcp' ), 'register' ); } if( email_exists( $user['email'] ) ) { //Email address already registered rcp_errors()->add( 'email_used', __( 'Email already registered', 'rcp' ), 'register' ); } if( empty( $user['password'] ) ) { // passwords do not match rcp_errors()->add( 'password_empty', __( 'Please enter a password', 'rcp' ), 'register' ); } if( $user['password'] !== $user['password_confirm'] ) { // passwords do not match rcp_errors()->add( 'password_mismatch', __( 'Passwords do not match', 'rcp' ), 'register' ); } } return apply_filters( 'rcp_user_registration_data', $user ); }
/** * Validate additional fields during registration submission * * @since 2.1 */ public function validate_fields() { if (empty($_POST['rcp_card_number'])) { rcp_errors()->add('missing_card_number', __('The card number you have entered is invalid', 'rcp'), 'register'); } if (empty($_POST['rcp_card_cvc'])) { rcp_errors()->add('missing_card_code', __('The security code you have entered is invalid', 'rcp'), 'register'); } if (empty($_POST['rcp_card_zip'])) { rcp_errors()->add('missing_card_zip', __('The zip / postal code you have entered is invalid', 'rcp'), 'register'); } if (empty($_POST['rcp_card_name'])) { rcp_errors()->add('missing_card_name', __('The card holder name you have entered is invalid', 'rcp'), 'register'); } if (empty($_POST['rcp_card_exp_month'])) { rcp_errors()->add('missing_card_exp_month', __('The card expiration month you have entered is invalid', 'rcp'), 'register'); } if (empty($_POST['rcp_card_exp_year'])) { rcp_errors()->add('missing_card_exp_year', __('The card expiration year you have entered is invalid', 'rcp'), 'register'); } }
/** * Change a user password * * @access public * @since 1.0 */ function rcp_change_password() { // reset a users password if( isset( $_POST['rcp_action'] ) && $_POST['rcp_action'] == 'reset-password' ) { global $user_ID; if( !is_user_logged_in() ) return; if( wp_verify_nonce( $_POST['rcp_password_nonce'], 'rcp-password-nonce' ) ) { do_action( 'rcp_before_password_form_errors', $_POST ); if( $_POST['rcp_user_pass'] == '' || $_POST['rcp_user_pass_confirm'] == '' ) { // password(s) field empty rcp_errors()->add( 'password_empty', __( 'Please enter a password, and confirm it', 'rcp' ), 'password' ); } if( $_POST['rcp_user_pass'] != $_POST['rcp_user_pass_confirm'] ) { // passwords do not match rcp_errors()->add( 'password_mismatch', __( 'Passwords do not match', 'rcp' ), 'password' ); } do_action( 'rcp_password_form_errors', $_POST ); // retrieve all error messages, if any $errors = rcp_errors()->get_error_messages(); if( empty( $errors ) ) { // change the password here $user_data = array( 'ID' => $user_ID, 'user_pass' => $_POST['rcp_user_pass'] ); wp_update_user( $user_data ); // send password change email here (if WP doesn't) wp_safe_redirect( add_query_arg( 'password-reset', 'true', $_POST['rcp_redirect'] ) ); exit; } } } }
/** * This will remove the username requirement on the registration form * and use the email address as the username. */ function jp_rcp_user_registration_data($user) { rcp_errors()->remove('username_empty'); $user['login'] = $user['email']; return $user; }