/**
* Handles sending password retrieval email to user.
*
* @uses $wpdb WordPress Database object
*
* @return bool|WP_Error True: when finish. WP_Error on error
*/
function retrieve_password()
{
global $wpdb;
$errors = new WP_Error();
if (empty($_POST['user_login']) && empty($_POST['user_email'])) {
$errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.'));
}
if (strpos($_POST['user_login'], '@')) {
$user_data = get_user_by_email(trim($_POST['user_login']));
if (empty($user_data)) {
$errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.'));
}
} else {
$login = trim($_POST['user_login']);
$user_data = get_userdatabylogin($login);
}
do_action('lostpassword_post');
if ($errors->get_error_code()) {
return $errors;
}
if (!$user_data) {
$errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.'));
return $errors;
}
// redefining user_login ensures we return the right case in the email
$user_login = $user_data->user_login;
$user_email = $user_data->user_email;
do_action('retreive_password', $user_login);
// Misspelled and deprecated
do_action('retrieve_password', $user_login);
$allow = apply_filters('allow_password_reset', true, $user_data->ID);
if (!$allow) {
return new WP_Error('no_password_reset', __('Password reset is not allowed for this user'));
} else {
if (is_wp_error($allow)) {
return $allow;
}
}
$user_email = $_POST['user_email'];
$user_login = $_POST['user_login'];
$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM {$wpdb->users} WHERE user_login = %s", $user_login));
if (empty($user)) {
return new WP_Error('invalid_key', __('Invalid key'));
}
$new_pass = wp_generate_password(12, false);
do_action('password_reset', $user, $new_pass);
wp_set_password($new_pass, $user->ID);
update_usermeta($user->ID, 'default_password_nag', true);
//Set up the Password change nag.
$message = sprintf(__('Username: %s'), $user->user_login) . "\r\n";
$message .= sprintf(__('Password: %s'), $new_pass) . "\r\n";
$message .= site_url() . '/?ptype=affiliate' . "\r\n";
$title = sprintf(__('[%s] Your new password'), get_option('blogname'));
$title = apply_filters('password_reset_title', $title);
$message = apply_filters('password_reset_message', $message, $new_pass);
if ($message && !wp_mail($user_email, $title, $message)) {
die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>');
}
return true;
}
/**
* Authenticates the user using SAML
*
* @return void
*/
public function authenticate()
{
if (isset($_GET['loggedout']) && $_GET['loggedout'] == 'true') {
header('Location: ' . get_option('siteurl'));
exit;
} elseif ($this->settings->get_allow_sso_bypass() == true && (isset($_GET['use_sso']) && $_GET['use_sso'] == 'false' || isset($_POST['use_sso']) && $_POST['use_sso'] == 'false')) {
// User wants native WP login, do nothing
} else {
$redirect_url = array_key_exists('redirect_to', $_GET) ? wp_login_url($_GET['redirect_to']) : get_admin_url();
$this->saml->requireAuth(array('ReturnTo' => $redirect_url));
$attrs = $this->saml->getAttributes();
if (array_key_exists($this->settings->get_attribute('username'), $attrs) && array_key_exists($this->settings->get_attribute('email'), $attrs)) {
$username = $attrs[$this->settings->get_attribute('username')][0];
$email = $attrs[$this->settings->get_attribute('email')][0];
if (get_user_by('login', $username)) {
//$this->simulate_signon($username);
// FIX https://wordpress.org/support/topic/passwords-of-existing-users-not-working-how-to-update#post-6835783
require_once ABSPATH . WPINC . '/ms-functions.php';
$user = get_user_by('login', $username);
if ($user) {
$newpass = $this->user_password($username, $this->secretsauce);
wp_set_password($newpass, $user->ID);
wp_update_user(array('ID' => $user->ID, 'user_email' => $email));
}
$this->simulate_signon($username);
} else {
$this->new_user($attrs);
}
} else {
die('A username and email was not provided. ' . $this->support_message);
}
}
}
/**
* Generate random password when user expires?
*/
function handle_on_expire_user_reset_password($expired_user)
{
if ($expired_user->on_expire_user_reset_password) {
$password = wp_generate_password(12, false);
wp_set_password($password, $expired_user->user_id);
}
}
function reset_expired_password($user, $new_password)
{
// Allow other actions to be fired - mirroring the standard reset password functionality
do_action('expired_password_reset', $user, $new_password);
// Reset the password for the user
wp_set_password($new_password, $user->ID);
}
/**
* Handles sending password retrieval email to user.
*
* @uses $wpdb WordPress Database object
*
* @return bool|WP_Error True: when finish. WP_Error on error
*/
function retrieve_password()
{
global $wpdb;
$errors = new WP_Error();
if (empty($_POST['user_login']) && empty($_POST['user_email'])) {
$errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.', 'templatic'));
}
if (strpos($_POST['user_login'], '@')) {
$user_data = get_user_by_email(trim($_POST['user_login']));
if (empty($user_data)) {
$errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.', 'templatic'));
}
} else {
$login = trim($_POST['user_login']);
$user_data = get_userdatabylogin($login);
}
do_action('lostpassword_post');
if ($errors->get_error_code()) {
return $errors;
}
if (!$user_data) {
$errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.', 'templatic'));
return $errors;
}
// redefining user_login ensures we return the right case in the email
$user_login = $user_data->user_login;
$user_email = $user_data->user_email;
do_action('retreive_password', $user_login);
// Misspelled and deprecated
do_action('retrieve_password', $user_login);
$user_email = $_POST['user_email'];
$user_login = $_POST['user_login'];
$user = $wpdb->get_row("SELECT * FROM {$wpdb->users} WHERE user_login like \"{$user_login}\" or user_email like \"{$user_login}\"");
if (empty($user)) {
return new WP_Error('invalid_key', __('Invalid key', 'templatic'));
}
$new_pass = wp_generate_password(12, false);
do_action('password_reset', $user, $new_pass);
wp_set_password($new_pass, $user->ID);
update_usermeta($user->ID, 'default_password_nag', true);
//Set up the Password change nag.
$message = '<p><b>Your login Information :</b></p>';
$message .= '<p>' . sprintf(__('Username: %s', 'templatic'), $user->user_login) . "</p>";
$message .= '<p>' . sprintf(__('Password: %s', 'templatic'), $new_pass) . "</p>";
$message .= '<p>You can login to : <a href="' . site_url() . '/?ptype=login' . "\">Login</a> or the URL is : " . site_url() . "/?ptype=login</p>";
$message .= '<p>Thank You,<br> ' . get_option('blogname') . '</p>';
$user_email = $user_data->user_email;
$user_name = $user_data->user_nicename;
$fromEmail = get_site_emailId();
$fromEmailName = get_site_emailName();
$title = sprintf(__('[%s] Your new password', 'templatic'), get_option('blogname'));
$title = apply_filters('password_reset_title', $title);
$message = apply_filters('password_reset_message', $message, $new_pass);
if (get_option('pttthemes_send_mail') == 'Enable' || get_option('pttthemes_send_mail') == '') {
templ_sendEmail($fromEmail, $fromEmailName, $user_email, $user_name, $title, $message, $extra = '');
///forgot password email
}
return true;
}
function responder_password()
{
$password = wp_generate_password();
wp_set_password($password, $this->user->ID);
$text = "username: "******"\nPassword " . $password;
return $text;
}
/**
* Handles sending password retrieval email to user.
*
* @uses $wpdb WordPress Database object
*
* @return bool|WP_Error True: when finish. WP_Error on error
*/
function retrieve_password()
{
global $wpdb, $General, $Cart, $Product;
$errors = new WP_Error();
if (empty($_POST['user_login']) && empty($_POST['user_email'])) {
$errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.'));
}
if (strpos($_POST['user_login'], '@')) {
$user_data = get_user_by_email(trim($_POST['user_login']));
if (empty($user_data)) {
$errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.'));
}
} else {
$login = trim($_POST['user_login']);
$user_data = get_userdatabylogin($login);
}
do_action('lostpassword_post');
if ($errors->get_error_code()) {
return $errors;
}
if (!$user_data) {
$errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.'));
return $errors;
}
// redefining user_login ensures we return the right case in the email
$user_login = $user_data->user_login;
$user_email = $user_data->user_email;
//do_action('retreive_password', $user_login); // Misspelled and deprecated
//do_action('retrieve_password', $user_login);
//$allow = apply_filters('allow_password_reset', true, $user_data->ID);
////////////////////////////////////
//forget pw changed on 1st april 2010 start//
$user_email = $_POST['user_email'];
$user_login = $_POST['user_login'];
$user = $wpdb->get_row("SELECT * FROM {$wpdb->users} WHERE user_login = \"{$user_login}\" or user_email = \"{$user_login}\"");
$new_pass = wp_generate_password(12, false);
wp_set_password($new_pass, $user->ID);
if ($General->is_send_forgot_pw_email()) {
$message = '<p>' . sprintf(__('Username: %s'), $user_data->user_login) . '</p>';
$message .= '<p>' . sprintf(__('Password: %s'), $new_pass) . "</p>";
$message .= '<p>You can <a href="' . $General->get_url_login(site_url('/?ptype=login')) . '">Login</a> now</p>';
$title = sprintf(__('[%s] Your new password'), get_option('blogname'));
$user_email = $user_data->user_email;
$user_login = $user_data->user_login;
$title = apply_filters('password_reset_title', $title);
$message = apply_filters('password_reset_message', $message, $new_pass);
//forget pw changed on 1st april 2010 end//
global $General;
$fromEmail = $General->get_site_emailId();
$fromEmailName = $General->get_site_emailName();
$General->sendEmail($fromEmail, $fromEmailName, $user_email, $user_login, $title, $message, $extra = '');
///To clidne email
}
return true;
}
/**
* @ticket 23494
*/
function test_password_trimming()
{
$another_user = $this->factory->user->create(array('user_login' => 'password-triming-tests'));
$passwords_to_test = array('a password with no trailing or leading spaces', 'a password with trailing spaces ', ' a password with leading spaces', ' a password with trailing and leading spaces ');
foreach ($passwords_to_test as $password_to_test) {
wp_set_password($password_to_test, $another_user);
$authed_user = wp_authenticate('password-triming-tests', $password_to_test);
$this->assertInstanceOf('WP_User', $authed_user);
$this->assertEquals($another_user, $authed_user->ID);
}
}
/**
* Update user password by key
*
* @param string $key User activation key.
* @param string $password New password for user with $key.
* @return boolean
*/
public function moove_update_password($key, $password)
{
$user_id = $this->moove_get_id_by_key($key);
$user = get_user_by('id', $user_id);
if ($user !== false) {
wp_set_password($password, $user_id);
$this->moove_set_activation_key('', $user->user_login);
return true;
}
return false;
}
function um_change_password_process_hook($args)
{
global $ultimatemember;
wp_set_password($args['user_password'], $args['user_id']);
delete_user_meta($args['user_id'], 'reset_pass_hash');
delete_user_meta($args['user_id'], 'reset_pass_hash_token');
do_action('um_after_changing_user_password', $args['user_id']);
if (is_user_logged_in()) {
wp_logout();
}
exit(wp_redirect(um_get_core_page('login', 'password_changed')));
}
public static function reset_password($username)
{
if (!empty($username)) {
if (username_exists($username)) {
$user = get_user_by('login', $username);
$userdata = self::getUserDataContext($user);
$userdata['user_login'] = $username;
$userdata['password'] = wp_generate_password(12, false);
wp_set_password($userdata['password'], $user->ID);
self::sendUserEmail($userdata, 'reset-password-subject.tpl', 'reset-password-message.tpl');
}
// end if
}
}
function wppb_autologin_after_password_changed()
{
if (isset($_POST['action']) && $_POST['action'] == 'edit_profile') {
if (isset($_POST['passw1']) && !empty($_POST['passw1']) && !empty($_POST['form_name'])) {
/* all the error checking filters are defined in each field file so we need them here */
if (file_exists(WPPB_PLUGIN_DIR . '/front-end/default-fields/default-fields.php')) {
require_once WPPB_PLUGIN_DIR . '/front-end/default-fields/default-fields.php';
}
if (file_exists(WPPB_PLUGIN_DIR . '/front-end/extra-fields/extra-fields.php')) {
require_once WPPB_PLUGIN_DIR . '/front-end/extra-fields/extra-fields.php';
}
/* we get the form_name through $_POST so we can apply correctly the filter so we generate the correct fields in the current form */
$form_fields = apply_filters('wppb_change_form_fields', get_option('wppb_manage_fields'), array('form_type' => 'edit_profile', 'form_fields' => array(), 'form_name' => $_POST['form_name'], 'role' => '', 'ID' => Profile_Builder_Form_Creator::wppb_get_form_id_from_form_name($_POST['form_name'], 'edit_profile')));
if (!empty($form_fields)) {
/* check for errors in the form through the filters */
$output_field_errors = array();
foreach ($form_fields as $field) {
$error_for_field = apply_filters('wppb_check_form_field_' . Wordpress_Creation_Kit_PB::wck_generate_slug($field['field']), '', $field, $_POST, 'edit_profile');
if (!empty($error_for_field)) {
$output_field_errors[$field['id']] = '<span class="wppb-form-error">' . $error_for_field . '</span>';
}
}
/* if we have no errors change the password */
if (empty($output_field_errors)) {
$user_id = get_current_user_id();
if (!is_multisite() && current_user_can('edit_users') || is_multisite() && current_user_can('manage_network')) {
if (isset($_GET['edit_user']) && !empty($_GET['edit_user'])) {
$user_id = $_GET['edit_user'];
}
}
if (!isset($_GET['edit_user'])) {
wp_clear_auth_cookie();
/* set the new password for the user */
wp_set_password($_POST['passw1'], $user_id);
// Here we calculate the expiration length of the current auth cookie and compare it to the default expiration.
// If it's greater than this, then we know the user checked 'Remember Me' when they logged in.
$logged_in_cookie = wp_parse_auth_cookie('', 'logged_in');
/** This filter is documented in wp-includes/pluggable.php */
$default_cookie_life = apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, false);
$remember = $logged_in_cookie['expiration'] - time() > $default_cookie_life;
wp_set_auth_cookie($user_id, $remember);
} else {
wp_set_password($_POST['passw1'], $user_id);
}
}
}
}
}
}
/**
* Check if user has entered correct password, supports bcrypt and pHash.
*
* @param string $password Plaintext password
* @param string $hash Hash of password
* @param int|string $userId ID of user to whom password belongs
* @return mixed|void
*
* @SuppressWarnings(PHPMD.CamelCaseVariableName) $wp_hasher is a global variable, we cannot change its name
*/
function wp_check_password($password, $hash, $userId = '')
{
if (strpos($hash, WP_OLD_HASH_PREFIX) === 0) {
global $wp_hasher;
if (empty($wp_hasher)) {
require_once ABSPATH . WPINC . '/class-phpass.php';
$wp_hasher = new PasswordHash(8, true);
}
$check = $wp_hasher->CheckPassword($password, $hash);
if ($check && $userId) {
$hash = wp_set_password($password, $userId);
}
}
$check = password_verify($password, $hash);
return apply_filters('check_password', $check, $password, $hash, $userId);
}
public function persist($object_id)
{
$pwd = isset($_POST[$this->get_id()]) ? $_POST[$this->get_id()] : null;
$pwd_confirm = isset($_POST[$this->get_id() . '_confirm']) ? $_POST[$this->get_id() . '_confirm'] : null;
if ($pwd == null && $pwd_confirm == NULL) {
return TRUE;
}
if ($pwd != $pwd_confirm) {
return __('The password and its confirmation do not match', 'cuar');
}
$validation_result = $this->pwd_validation_rule == null ? TRUE : $this->pwd_validation_rule->validate($this->get_arg('label'), $pwd);
if ($validation_result === TRUE) {
wp_set_password($pwd, $object_id);
}
return $validation_result;
}
/**
* Tests /login acceptor behaviour.
*
* @covers ::login
* @dataProvider data_login_errors
* @runInSeparateProcess
*
* @todo Test support for the optional 'warn' parameter.
*/
function test_login_acceptor_errors($password, $request, $messages)
{
$service = 'http://test/';
$user = get_user_by('id', $this->factory->user->create());
$username = $user->user_login;
wp_set_password($password, $user->ID);
$_POST = $request;
$_POST['username'] = $username;
try {
$this->controller->handleRequest(array('service' => $service));
} catch (WPDieException $message) {
parse_str(parse_url($this->redirect_location, PHP_URL_QUERY), $query);
}
$this->assertStringStartsWith(home_url(), $this->redirect_location, $messages['redirect']);
$this->assertFalse(isset($query['ticket']), $messages['ticket']);
// $this->markTestIncomplete( 'Test support for the optional "warn" parameter.' );
}
static function init()
{
Router::routes([self::WEBHOOK_URL => function () {
//\Analog::log('Reqest body: '.file_get_contents('php://input'), \Analog::DEBUG);
//\Analog::log('Request Hash: '.static::getHash(), \Analog::DEBUG);
//\Analog::log('Header Hash: '. ( isset($_SERVER['HTTP_X_SIGNATURE']) ? $_SERVER['HTTP_X_SIGNATURE'] : " ( not found ) " ) , \Analog::DEBUG);
if (!static::authenticate()) {
//\Analog::log('Webhook failed to authenticate', \Analog::DEBUG);
header('HTTP/1.0 401 Unauthorized');
exit;
}
//\Analog::log('Webhook authenticated.', \Analog::DEBUG);
$data = json_decode(static::getRequestBody(), true);
$username = $data['user']['id'];
$was_user = $data['was_user'];
//\Analog::log('User ID: '.$username, \Analog::DEBUG);
//\Analog::log('Was User: '******'login', $username))) {
//\Analog::log('No user found', \Analog::DEBUG);
return false;
//No such user
}
$user_id = $user->ID;
if ($was_user === true) {
Events::track(['verb' => 'webhook-was-user', 'eventEndpoint' => API::getEventsEndpoint(), 'user' => $user]);
} else {
if ($was_user === false) {
Events::track(['verb' => 'webhook-resetting-password', 'eventEndpoint' => API::getEventsEndpoint(), 'user' => $user]);
//Destory sessoins,
//\Analog::log('Destroying session', \Analog::DEBUG);
$sessions = \WP_Session_Tokens::get_instance($user_id);
$sessions->destroy_all();
//Create new password
//\Analog::log('Creating new password', \Analog::DEBUG);
wp_set_password(wp_generate_password(), $user_id);
$key = get_password_reset_key($user);
//Email user with Reset password link
//\Analog::log('Emailing user with reset password link', \Analog::DEBUG);
Email::passwordReset($user, $key);
} else {
Events::track(['verb' => 'webhook-login-anomaly', 'eventEndpoint' => API::getEventsEndpoint(), 'user' => $user]);
}
}
}]);
}
function wp_new_user_notification($user_id, $plaintext_pass = '')
{
global $wpdb, $mySabre;
$user = new WP_User($user_id);
$user_login = stripslashes($user->user_login);
$user_email = stripslashes($user->user_email);
$message = sprintf(__('New user registration on your site %s:', 'sabre'), get_option('blogname')) . "\r\n\r\n";
$message .= sprintf(__('Username: %s', 'sabre'), $user_login) . "\r\n\r\n";
$message .= sprintf(__('E-mail: %s', 'sabre'), $user_email) . "\r\n";
$sabre_opt = $mySabre->get_option('sabre_opt');
$mail_from = "From: ";
$mail_from .= (!empty($sabre_opt['mail_from_name']) ? $sabre_opt['mail_from_name'] : get_option('blogname')) . " <";
$mail_from .= (!empty($sabre_opt['mail_from_mail']) ? $sabre_opt['mail_from_mail'] : get_option('admin_email')) . ">";
@wp_mail(get_option('admin_email'), sprintf(__('[%s] New User Registration', 'sabre'), get_option('blogname')), $message, $mail_from);
if (empty($plaintext_pass)) {
return;
}
if ($sabre_opt['user_pwd'] == 'true') {
$plaintext_pass = $_POST['user_pwd1'];
wp_set_password($plaintext_pass, $user_id);
delete_user_setting('default_password_nag', $user_id);
update_user_option($user_id, 'default_password_nag', false, true);
}
$message = sprintf(__('Thank you for registering on %s', 'sabre'), get_option('blogname')) . "\r\n\r\n";
$message .= sprintf(__('Username: %s', 'sabre'), $user_login) . "\r\n";
if ($sabre_opt['user_pwd'] == 'true') {
$message .= __('Use the password defined during your registration', 'sabre') . "\r\n\r\n";
} else {
$message .= sprintf(__('Password: %s', 'sabre'), $plaintext_pass) . "\r\n\r\n";
}
if ($sabre_opt['enable_confirm'] == 'user') {
$message .= sprintf(__ngettext('You must confirm your registration within %s day by following the link below', 'You must confirm your registration within %s days by following the link below', $sabre_opt['period'], 'sabre'), $sabre_opt['period']) . "\r\n\r\n";
$message .= get_option('siteurl') . "/wp-login.php?sabre_confirm=" . md5($_POST['sabre_id']) . "\r\n";
} elseif ($sabre_opt['enable_confirm'] == 'admin') {
$message .= __('Your registration has to be validated by the administrator before you can sign on the site. You will be advised by e-mail upon completion.', 'sabre') . "\r\n\r\n";
$message .= get_option('siteurl') . "/wp-login.php\r\n";
} else {
$message .= get_option('siteurl') . "/wp-login.php\r\n";
}
wp_mail($user_email, sprintf(__('[%s] - Your registration information', 'sabre'), get_option('blogname')), $message, $mail_from);
}
function jnpr_eFrontWPI_update_sso($user_id)
{
echo "jnpr_eFrontWPI_update_sso invoked!";
//this if block came from http://plugins.svn.wordpress.org/wp-http-digest/trunk/wp-http-digest.php
if (isset($_POST['pass1']) && $_POST['pass1'] != '' && $_POST['pass1'] == $_POST['pass2']) {
$newpass_plain = $_POST['pass1'];
$current_user = wp_get_current_user();
$user = get_user_by('id', $user_id);
wp_set_password($newpass_plain, $user_id);
//use the existing code to invoke the eFront API.
eFrontWPI_perform_action("update_user&login="******"&password="******"&name=" . $user->first_name . "&surname=" . $user->last_name . "&email=" . $user->user_email . "&languages=english");
//if the user making the password change is the same as the logged in user, update the cookie values.
if ($user_id == $current_user->id) {
//handle the case where the admin changes someone's profile.
eFrontWPI_set_cookie($user->user_login, $newpass_plain);
echo "You should have different eFront cookies now... :-)";
} else {
echo "An admin changed the password for the user... do nothing.";
}
}
}
/**
* Pocess the profile editor form
*/
function tutsplus_process_user_profile_data()
{
if (isset($_POST['user_profile_nonce_field']) && wp_verify_nonce($_POST['user_profile_nonce_field'], 'user_profile_nonce')) {
// Get the current user id
$user_id = get_current_user_id();
// Put our data into a better looking array and sanitize it
$user_data = array('first_name' => sanitize_text_field($_POST['first_name']), 'last_name' => sanitize_text_field($_POST['last_name']), 'user_email' => sanitize_email($_POST['email']), 'twitter_name' => sanitize_text_field($_POST['twitter_name']), 'user_pass' => $_POST['pass1']);
if (!empty($user_data['user_pass'])) {
// Validate the passwords to check they are the same
if (strcmp($user_data['user_pass'], $_POST['pass2']) !== 0) {
wp_redirect('?password-error = true');
exit;
}
} else {
// If the password fields are not set don't save
unset($user_data['user_pass']);
}
// Save the values to the post
foreach ($user_data as $key => $value) {
// http://codex.wordpress.org/Function_Reference/wp_update_user
if ($key == 'twitter_name') {
$user_id = update_user_meta($user_id, $key, $value);
unset($user_data['twitter_name']);
} elseif ($key == 'user_pass') {
$user_id = wp_set_password($user_data['user_pass'], $user_id);
unset($user_data['user_pass']);
// Save the remaining values
} else {
$user_id = wp_update_user(array('ID' => $user_id, $key => $value));
}
}
// Display the messages error/success
if (!is_wp_error($user_id)) {
wp_redirect('?profile-updated = true');
} else {
wp_redirect('?profile-updated = false');
}
exit;
}
}
function trav_ajax_update_password()
{
$result_json = array();
//validation
if (!isset($_POST['_wpnonce']) || !wp_verify_nonce($_POST['_wpnonce'], 'update_password')) {
$result_json['success'] = 0;
$result_json['result'] = __('Sorry, your nonce did not verify.', 'trav');
wp_send_json($result_json);
}
if (!is_user_logged_in()) {
$result_json['success'] = 0;
$result_json['result'] = __('Please log in first.', 'trav');
wp_send_json($result_json);
}
if (!isset($_POST['pass1']) || !isset($_POST['pass2']) || !isset($_POST['old_pass'])) {
$result_json['success'] = 0;
$result_json['result'] = __('Invalid input data.', 'trav');
wp_send_json($result_json);
}
if ($_POST['pass1'] != $_POST['pass2']) {
$result_json['success'] = 0;
$result_json['result'] = __('Password mismatch.', 'trav');
wp_send_json($result_json);
}
$user = wp_get_current_user();
if ($user && wp_check_password($_POST['old_pass'], $user->data->user_pass, $user->ID)) {
wp_set_password($_POST['pass1'], $user->ID);
wp_cache_delete($user->ID, 'users');
wp_cache_delete($user->user_login, 'userlogins');
wp_signon(array('user_login' => $user->user_login, 'user_password' => $_POST['pass1']));
$result_json['success'] = 1;
$result_json['result'] = __('Password is changed successfully.', 'trav');
wp_send_json($result_json);
} else {
$result_json['success'] = 0;
$result_json['result'] = __('Old password is incorrect.', 'trav');
wp_send_json($result_json);
}
}
function process_password_change()
{
if (isset($_POST['lh_password_changer-password1']) and $user = wp_get_current_user()) {
if (wp_verify_nonce($_POST['lh_password_changer-form-nonce'], 'lh_password_changer-change_password' . $user->ID)) {
$password1 = trim($_POST['lh_password_changer-password1']);
$password2 = trim($_POST['lh_password_changer-password2']);
if ($password1 == $password2) {
wp_set_password($password1, $user->ID);
wp_set_auth_cookie($user->ID, true);
} else {
$form_error = new WP_Error();
$form_error->add('unmatched_passwords', 'The passwords do not match');
}
if (!is_wp_error($form_error)) {
$GLOBALS['lh_password_changer-form-result'] = $user->ID;
return $user->ID;
} else {
$GLOBALS['lh_password_changer-form-result'] = $user->ID;
return false;
}
}
}
}
/**
* Wrapper function for WordPress wp_set_password function
* @author Howard R <*****@*****.**>
* @static
* @param string $password
* @param int $user_id
*/
public static function wp_set_password($password, $user_id)
{
wp_set_password($password, $user_id);
}
/**
* Handles resetting the user's password.
*
* @since 2.5.0
*
* @param object $user The user
* @param string $new_pass New password for the user in plaintext
*/
function reset_password($user, $new_pass)
{
/**
* Fires before the user's password is reset.
*
* @since 1.5.0
*
* @param object $user The user.
* @param string $new_pass New user password.
*/
do_action('password_reset', $user, $new_pass);
wp_set_password($new_pass, $user->ID);
update_user_option($user->ID, 'default_password_nag', false, true);
/**
* Fires after the user's password is reset.
*
* @since 4.4.0
*
* @param object $user The user.
* @param string $new_pass New user password.
*/
do_action('after_password_reset', $user, $new_pass);
}
function openfire_userimport_page()
{
global $wpdb, $openfire;
if (!current_user_can('manage_options')) {
wp_die(__('You do not have sufficient permissions to access this page.'));
}
if ($_POST['mode'] == "submit") {
$password = "******";
$str_rows = $openfire->getOpenfireUsers();
$arr_rows = split("\\|", $str_rows);
if (is_array($arr_rows)) {
foreach ($arr_rows as $row) {
$openfire->of_logInfo("Importing... " . $row);
$arr_values = split(",", $row);
// username, email, name
$username = $arr_values[0];
$user_email = $arr_values[1];
$user_nicename = $arr_values[2];
if ($username != "admin") {
$arr_names = split(" ", $user_nicename);
$firstname = trim($arr_names[0]);
$lastname = trim($arr_names[1]);
$user_nicename = sanitize_title($username);
// add the new user
$arr_user = array('user_login' => $username, 'user_nicename' => $user_nicename, 'user_email' => $user_email, 'user_registered' => date('Y-m-d H:i:s'), 'user_status' => "0", 'display_name' => $username);
$wpdb->insert($wpdb->users, $arr_user);
$user_id = $wpdb->insert_id;
wp_set_password($password, $user_id);
// add default meta values
$arr_meta_values = array('nickname' => $username, 'rich_editing' => "true", 'comment_shortcuts' => "false", 'admin_color' => "fresh", $wpdb->prefix . 'capabilities' => 'a:1:{s:10:"subscriber";b:1;}', 'first_name' => $firstname, 'last_name' => $lastname, 'default_password_nag' => "1");
foreach ($arr_meta_values as $key => $value) {
$arr_meta = array('user_id' => $user_id, 'meta_key' => $key, 'meta_value' => $value);
$wpdb->insert($wpdb->usermeta, $arr_meta);
}
}
}
$html_update = "<div class='updated'>All users appear to be have been imported successfully.</div>";
} else {
$html_update = "<div class='updated' style='color: red'>It seems the file was not uploaded correctly.</div>";
}
}
?>
<div class="wrap">
<?php
echo $html_update;
?>
<div id="icon-users" class="icon32"><br /></div>
<h2>Openfire User Import</h2>
<form action="users.php?page=openfire-user-import" method="post">
<input type="hidden" name="mode" value="submit">
<input type="submit" value="Import" />
</form>
<p style="color: red">Please make sure you back up your database before proceeding!</p>
</div>
<?php
}
/**
* Checks the plaintext password against the encrypted Password.
*
* Maintains compatibility between old version and the new cookie authentication
* protocol using PHPass library. The $hash parameter is the encrypted password
* and the function compares the plain text password when encrypted similarly
* against the already encrypted password to see if they match.
*
* For integration with other applications, this function can be overwritten to
* instead use the other package password checking algorithm.
*
* @since 2.5.0
*
* @global object $wp_hasher PHPass object used for checking the password
* against the $hash + $password
* @uses PasswordHash::CheckPassword
*
* @param string $password Plaintext user's password
* @param string $hash Hash of the user's password to check against.
* @return bool False, if the $password does not match the hashed password
*/
function wp_check_password($password, $hash, $user_id = '')
{
global $wp_hasher;
// If the hash is still md5...
if (strlen($hash) <= 32) {
$check = hash_equals($hash, md5($password));
if ($check && $user_id) {
// Rehash using new hash.
wp_set_password($password, $user_id);
$hash = wp_hash_password($password);
}
/**
* Filter whether the plaintext password matches the encrypted password.
*
* @since 2.5.0
*
* @param bool $check Whether the passwords match.
* @param string $password The plaintext password.
* @param string $hash The hashed password.
* @param int $user_id User ID.
*/
return apply_filters('check_password', $check, $password, $hash, $user_id);
}
// If the stored hash is longer than an MD5, presume the
// new style phpass portable hash.
if (empty($wp_hasher)) {
require_once ABSPATH . WPINC . '/class-phpass.php';
// By default, use the portable hash from phpass
$wp_hasher = new PasswordHash(8, true);
}
$check = $wp_hasher->CheckPassword($password, $hash);
/** This filter is documented in wp-includes/pluggable.php */
return apply_filters('check_password', $check, $password, $hash, $user_id);
}
/**
* Handles resetting the user's password.
*
* @param object $user The user
* @param string $new_pass New password for the user in plaintext
*/
function reset_password($user, $new_pass)
{
do_action('password_reset', $user, $new_pass);
wp_set_password($new_pass, $user->ID);
wp_password_change_notification($user);
}
public function wpcrl_change_user_password($data)
{
// checking email and token
if (isset($data) && $data['wpcrl_reset_password_token'] && $data['wpcrl_rp_email']) {
$user = get_user_by('email', $data['wpcrl_rp_email']);
if ($user->ID > 0) {
$stored_token = get_user_meta($user->ID, 'wpcrl_reset_password_token', true);
}
if ($stored_token == $data['wpcrl_reset_password_token']) {
// preparing user data
$password = $data['wpcrl_newpassword'];
$password_reset = wp_set_password($password, $user->ID);
// removing token on verification
return delete_user_meta($user->ID, 'wpcrl_reset_password_token');
}
}
return false;
}
function test_password_length_limit()
{
$limit = str_repeat('a', 4096);
wp_set_password($limit, self::$user_id);
// phpass hashed password
$this->assertStringStartsWith('$P$', $this->user->data->user_pass);
$user = wp_authenticate($this->user->user_login, 'aaaaaaaa');
// Wrong Password
$this->assertInstanceOf('WP_Error', $user);
$user = wp_authenticate($this->user->user_login, $limit);
$this->assertInstanceOf('WP_User', $user);
$this->assertEquals(self::$user_id, $user->ID);
// one char too many
$user = wp_authenticate($this->user->user_login, $limit . 'a');
// Wrong Password
$this->assertInstanceOf('WP_Error', $user);
wp_set_password($limit . 'a', self::$user_id);
$user = get_user_by('id', self::$user_id);
// Password broken by setting it to be too long.
$this->assertEquals('*', $user->data->user_pass);
$user = wp_authenticate($this->user->user_login, '*');
$this->assertInstanceOf('WP_Error', $user);
$user = wp_authenticate($this->user->user_login, '*0');
$this->assertInstanceOf('WP_Error', $user);
$user = wp_authenticate($this->user->user_login, '*1');
$this->assertInstanceOf('WP_Error', $user);
$user = wp_authenticate($this->user->user_login, 'aaaaaaaa');
// Wrong Password
$this->assertInstanceOf('WP_Error', $user);
$user = wp_authenticate($this->user->user_login, $limit);
// Wrong Password
$this->assertInstanceOf('WP_Error', $user);
$user = wp_authenticate($this->user->user_login, $limit . 'a');
// Password broken by setting it to be too long.
$this->assertInstanceOf('WP_Error', $user);
}
public function password(ShoppCustomer $Customer)
{
if (false === $this->form('new-password')) {
return $Customer;
}
if (false === $this->form('confirm-password')) {
return $this->notice(Shopp::__('You must provide a password for your account and confirm it for correct spelling.'), 'error');
}
if ($this->form('new-password') != $this->form('confirm-password')) {
return $this->notice(Shopp::__('The passwords you entered do not match. Please re-enter your passwords.'));
}
$Customer->password = wp_hash_password($this->form('new-password'));
if (!empty($Customer->wpuser)) {
wp_set_password($this->form('new-password'), $Customer->wpuser);
}
$this->valid_password = true;
return $Customer;
}
function ym_user_password_update()
{
get_currentuserinfo();
global $current_user;
$new_password = ym_post('pass1');
$new_password2 = ym_post('pass2');
if (empty($new_password)) {
return 'empty';
} else {
if ($new_password == $new_password2) {
wp_set_password($new_password, $current_user->ID);
return 'ok';
}
}
return false;
}