/**
* Handles the saving of xprofile field visibilities
*
* @since BuddyPress (1.9)
*/
function bp_xprofile_action_settings()
{
// Bail if not a POST action
if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) {
return;
}
// Bail if no submit action
if (!isset($_POST['xprofile-settings-submit'])) {
return;
}
// Bail if not in settings
if (!bp_is_user_settings_profile()) {
return;
}
// 404 if there are any additional action variables attached
if (bp_action_variables()) {
bp_do_404();
return;
}
// Nonce check
check_admin_referer('bp_xprofile_settings');
do_action('bp_xprofile_settings_before_save');
/** Save ******************************************************************/
// Only save if there are field ID's being posted
if (!empty($_POST['field_ids'])) {
// Get the POST'ed field ID's
$posted_field_ids = explode(',', $_POST['field_ids']);
// Save the visibility settings
foreach ($posted_field_ids as $field_id) {
$visibility_level = 'public';
if (!empty($_POST['field_' . $field_id . '_visibility'])) {
$visibility_level = $_POST['field_' . $field_id . '_visibility'];
}
xprofile_set_field_visibility_level($field_id, bp_displayed_user_id(), $visibility_level);
}
}
/** Other *****************************************************************/
do_action('bp_xprofile_settings_after_save');
// Redirect to the root domain
bp_core_redirect(bp_displayed_user_domain() . bp_get_settings_slug() . '/profile');
}
/**
* @group fetch_visibility_level
*/
public function test_fetch_visibility_level()
{
$u = $this->factory->user->create();
$g = $this->factory->xprofile_group->create();
$f = $this->factory->xprofile_field->create(array('field_group_id' => $g));
$f_obj = new BP_XProfile_Field($f);
$fields = array(0 => new stdClass());
$fields[0]->id = $f;
$fields[0]->name = $f_obj->name;
$fields[0]->description = $f_obj->description;
$fields[0]->type = $f_obj->type;
$fields[0]->group_id = $f_obj->group_id;
$fields[0]->is_required = $f_obj->is_required;
$fields[0]->data = new stdClass();
$fields[0]->data->value = 'foo';
$fields[0]->data->id = 123;
// custom visibility enabled, but no fallback
bp_xprofile_update_meta($f, 'field', 'default_visibility', 'adminsonly');
bp_xprofile_update_meta($f, 'field', 'allow_custom_visibility', 'enabled');
$found = BP_XProfile_Group::fetch_visibility_level($u, $fields);
$expected = $fields;
$expected[0]->visibility_level = 'adminsonly';
$this->assertSame($expected, $found);
// custom visibility enabled, with user-provided value
bp_xprofile_update_meta($f, 'field', 'default_visibility', 'adminsonly');
bp_xprofile_update_meta($f, 'field', 'allow_custom_visibility', 'enabled');
xprofile_set_field_visibility_level($f, $u, 'public');
$found = BP_XProfile_Group::fetch_visibility_level($u, $fields);
$expected = $fields;
$expected[0]->visibility_level = 'public';
$this->assertSame($expected, $found);
// custom visibility disabled
bp_xprofile_update_meta($f, 'field', 'default_visibility', 'adminsonly');
bp_xprofile_update_meta($f, 'field', 'allow_custom_visibility', 'disabled');
xprofile_set_field_visibility_level($f, $u, 'public');
$found = BP_XProfile_Group::fetch_visibility_level($u, $fields);
$expected = $fields;
$expected[0]->visibility_level = 'adminsonly';
$this->assertSame($expected, $found);
}
/**
* Create a WP user at signup.
*
* Since BP 2.0, non-multisite configurations have stored signups in
* the same way as Multisite configs traditionally have: in the
* wp_signups table. However, because some plugins may be looking
* directly in the wp_users table for non-activated signups, we
* mirror signups there by creating "phantom" users, mimicking WP's
* default behavior.
*
* @since 2.0.0
*
* @param string $user_login User login string.
* @param string $user_password User password.
* @param string $user_email User email address.
* @param array $usermeta Metadata associated with the signup.
* @return int User id.
*/
public static function add_backcompat($user_login = '', $user_password = '', $user_email = '', $usermeta = array())
{
global $wpdb;
$user_id = wp_insert_user(array('user_login' => $user_login, 'user_pass' => $user_password, 'display_name' => sanitize_title($user_login), 'user_email' => $user_email));
if (is_wp_error($user_id) || empty($user_id)) {
return $user_id;
}
// Update the user status to '2', ie "not activated"
// (0 = active, 1 = spam, 2 = not active).
$wpdb->query($wpdb->prepare("UPDATE {$wpdb->users} SET user_status = 2 WHERE ID = %d", $user_id));
// WordPress creates these options automatically on
// wp_insert_user(), but we delete them so that inactive
// signups don't appear in various user counts.
delete_user_option($user_id, 'capabilities');
delete_user_option($user_id, 'user_level');
// Set any profile data.
if (bp_is_active('xprofile')) {
if (!empty($usermeta['profile_field_ids'])) {
$profile_field_ids = explode(',', $usermeta['profile_field_ids']);
foreach ((array) $profile_field_ids as $field_id) {
if (empty($usermeta["field_{$field_id}"])) {
continue;
}
$current_field = $usermeta["field_{$field_id}"];
xprofile_set_field_data($field_id, $user_id, $current_field);
// Save the visibility level.
$visibility_level = !empty($usermeta['field_' . $field_id . '_visibility']) ? $usermeta['field_' . $field_id . '_visibility'] : 'public';
xprofile_set_field_visibility_level($field_id, $user_id, $visibility_level);
}
}
}
/**
* Filters the user ID for the backcompat functionality.
*
* @since 2.0.0
*
* @param int $user_id User ID being registered.
*/
return apply_filters('bp_core_signups_add_backcompat', $user_id);
}
function bp_core_activate_signup($key)
{
global $wpdb;
$user = false;
// Multisite installs have their own activation routine
if (is_multisite()) {
$user = wpmu_activate_signup($key);
// If there were errors, add a message and redirect
if (!empty($user->errors)) {
return $user;
}
$user_id = $user['user_id'];
// Set any profile data
if (bp_is_active('xprofile')) {
if (!empty($user['meta']['profile_field_ids'])) {
$profile_field_ids = explode(',', $user['meta']['profile_field_ids']);
foreach ((array) $profile_field_ids as $field_id) {
$current_field = isset($user['meta']["field_{$field_id}"]) ? $user['meta']["field_{$field_id}"] : false;
if (!empty($current_field)) {
xprofile_set_field_data($field_id, $user_id, $current_field);
}
// Save the visibility level
$visibility_level = !empty($user['meta']['field_' . $field_id . '_visibility']) ? $user['meta']['field_' . $field_id . '_visibility'] : 'public';
xprofile_set_field_visibility_level($field_id, $user_id, $visibility_level);
}
}
}
} else {
// Get the user_id based on the $key
$user_id = $wpdb->get_var($wpdb->prepare("SELECT user_id FROM {$wpdb->usermeta} WHERE meta_key = 'activation_key' AND meta_value = %s", $key));
if (empty($user_id)) {
return new WP_Error('invalid_key', __('Invalid activation key', 'buddypress'));
}
// Change the user's status so they become active
if (!$wpdb->query($wpdb->prepare("UPDATE {$wpdb->users} SET user_status = 0 WHERE ID = %d", $user_id))) {
return new WP_Error('invalid_key', __('Invalid activation key', 'buddypress'));
}
// Notify the site admin of a new user registration
wp_new_user_notification($user_id);
// Remove the activation key meta
delete_user_meta($user_id, 'activation_key');
}
// Update the display_name
wp_update_user(array('ID' => $user_id, 'display_name' => bp_core_get_user_displayname($user_id)));
// Set the password on multisite installs
if (is_multisite() && !empty($user['meta']['password'])) {
$wpdb->query($wpdb->prepare("UPDATE {$wpdb->users} SET user_pass = %s WHERE ID = %d", $user['meta']['password'], $user_id));
}
do_action('bp_core_activated_user', $user_id, $key, $user);
return $user_id;
}
/**
* @group xprofile_get_field_visibility_level
*/
public function test_bp_xprofile_get_field_visibility_level_admin_override()
{
$u = $this->factory->user->create();
$g = $this->factory->xprofile_group->create();
$f = $this->factory->xprofile_field->create(array('field_group_id' => $g));
bp_xprofile_update_meta($f, 'field', 'default_visibility', 'adminsonly');
bp_xprofile_update_meta($f, 'field', 'allow_custom_visibility', 'disabled');
xprofile_set_field_visibility_level($f, $u, 'loggedin');
$this->assertSame('adminsonly', xprofile_get_field_visibility_level($f, $u));
}
/**
* Activate a signup, as identified by an activation key.
*
* @param string $key Activation key.
* @return int|bool User ID on success, false on failure.
*/
function bp_core_activate_signup($key)
{
global $wpdb;
$user = false;
// Multisite installs have their own activation routine.
if (is_multisite()) {
$user = wpmu_activate_signup($key);
// If there were errors, add a message and redirect.
if (!empty($user->errors)) {
return $user;
}
$user_id = $user['user_id'];
} else {
$signups = BP_Signup::get(array('activation_key' => $key));
if (empty($signups['signups'])) {
return new WP_Error('invalid_key', __('Invalid activation key.', 'buddypress'));
}
$signup = $signups['signups'][0];
if ($signup->active) {
if (empty($signup->domain)) {
return new WP_Error('already_active', __('The user is already active.', 'buddypress'), $signup);
} else {
return new WP_Error('already_active', __('The site is already active.', 'buddypress'), $signup);
}
}
// Password is hashed again in wp_insert_user.
$password = wp_generate_password(12, false);
$user_id = username_exists($signup->user_login);
// Create the user.
if (!$user_id) {
$user_id = wp_create_user($signup->user_login, $password, $signup->user_email);
// If a user ID is found, this may be a legacy signup, or one
// created locally for backward compatibility. Process it.
} elseif ($key == wp_hash($user_id)) {
// Change the user's status so they become active.
if (!$wpdb->query($wpdb->prepare("UPDATE {$wpdb->users} SET user_status = 0 WHERE ID = %d", $user_id))) {
return new WP_Error('invalid_key', __('Invalid activation key.', 'buddypress'));
}
bp_delete_user_meta($user_id, 'activation_key');
$member = get_userdata($user_id);
$member->set_role(get_option('default_role'));
$user_already_created = true;
} else {
$user_already_exists = true;
}
if (!$user_id) {
return new WP_Error('create_user', __('Could not create user', 'buddypress'), $signup);
}
// Fetch the signup so we have the data later on.
$signups = BP_Signup::get(array('activation_key' => $key));
$signup = isset($signups['signups']) && !empty($signups['signups'][0]) ? $signups['signups'][0] : false;
// Activate the signup.
BP_Signup::validate($key);
if (isset($user_already_exists)) {
return new WP_Error('user_already_exists', __('That username is already activated.', 'buddypress'), $signup);
}
// Set up data to pass to the legacy filter.
$user = array('user_id' => $user_id, 'password' => $signup->meta['password'], 'meta' => $signup->meta);
// Notify the site admin of a new user registration.
wp_new_user_notification($user_id);
if (isset($user_already_created)) {
/**
* Fires if the user has already been created.
*
* @since 1.2.2
*
* @param int $user_id ID of the user being checked.
* @param string $key Activation key.
* @param array $user Array of user data.
*/
do_action('bp_core_activated_user', $user_id, $key, $user);
return $user_id;
}
}
// Set any profile data.
if (bp_is_active('xprofile')) {
if (!empty($user['meta']['profile_field_ids'])) {
$profile_field_ids = explode(',', $user['meta']['profile_field_ids']);
foreach ((array) $profile_field_ids as $field_id) {
$current_field = isset($user['meta']["field_{$field_id}"]) ? $user['meta']["field_{$field_id}"] : false;
if (!empty($current_field)) {
xprofile_set_field_data($field_id, $user_id, $current_field);
}
// Save the visibility level.
$visibility_level = !empty($user['meta']['field_' . $field_id . '_visibility']) ? $user['meta']['field_' . $field_id . '_visibility'] : 'public';
xprofile_set_field_visibility_level($field_id, $user_id, $visibility_level);
}
}
}
// Update the display_name.
wp_update_user(array('ID' => $user_id, 'display_name' => bp_core_get_user_displayname($user_id)));
// Set the password on multisite installs.
if (!empty($user['meta']['password'])) {
$wpdb->query($wpdb->prepare("UPDATE {$wpdb->users} SET user_pass = %s WHERE ID = %d", $user['meta']['password'], $user_id));
}
/**
* Fires at the end of the user activation process.
*
* @since 1.2.2
*
* @param int $user_id ID of the user being checked.
* @param string $key Activation key.
* @param array $user Array of user data.
*/
do_action('bp_core_activated_user', $user_id, $key, $user);
return $user_id;
}
/**
* Save the profile fields in Members community profile page.
*
* Loaded before the page is rendered, this function is processing form
* requests.
*
* @since 2.0.0
*
* @param string $doaction Action being run.
* @param int $user_id ID for the user whose profile is being saved.
* @param array $request Request being made.
* @param string $redirect_to Where to redirect user to.
*/
public function user_admin_load($doaction = '', $user_id = 0, $request = array(), $redirect_to = '')
{
// Eventually delete avatar.
if ('delete_avatar' === $doaction) {
check_admin_referer('delete_avatar');
$redirect_to = remove_query_arg('_wpnonce', $redirect_to);
if (bp_core_delete_existing_avatar(array('item_id' => $user_id))) {
$redirect_to = add_query_arg('updated', 'avatar', $redirect_to);
} else {
$redirect_to = add_query_arg('error', 'avatar', $redirect_to);
}
bp_core_redirect($redirect_to);
} elseif (isset($_POST['field_ids'])) {
// Update profile fields.
// Check the nonce.
check_admin_referer('edit-bp-profile_' . $user_id);
// Check we have field ID's.
if (empty($_POST['field_ids'])) {
$redirect_to = add_query_arg('error', '1', $redirect_to);
bp_core_redirect($redirect_to);
}
/**
* Unlike front-end edit-fields screens, the wp-admin/profile
* displays all groups of fields on a single page, so the list of
* field ids is an array gathering for each group of fields a
* distinct comma separated list of ids.
*
* As a result, before using the wp_parse_id_list() function, we
* must ensure that these ids are "merged" into a single comma
* separated list.
*/
$merge_ids = join(',', $_POST['field_ids']);
// Explode the posted field IDs into an array so we know which fields have been submitted.
$posted_field_ids = wp_parse_id_list($merge_ids);
$is_required = array();
// Loop through the posted fields formatting any datebox values then validate the field.
foreach ((array) $posted_field_ids as $field_id) {
bp_xprofile_maybe_format_datebox_post_data($field_id);
$is_required[$field_id] = xprofile_check_is_required_field($field_id) && !bp_current_user_can('bp_moderate');
if ($is_required[$field_id] && empty($_POST['field_' . $field_id])) {
$redirect_to = add_query_arg('error', '2', $redirect_to);
bp_core_redirect($redirect_to);
}
}
// Set the errors var.
$errors = false;
// Now we've checked for required fields, let's save the values.
$old_values = $new_values = array();
foreach ((array) $posted_field_ids as $field_id) {
/*
* Certain types of fields (checkboxes, multiselects) may come
* through empty. Save them as an empty array so that they don't
* get overwritten by the default on the next edit.
*/
$value = isset($_POST['field_' . $field_id]) ? $_POST['field_' . $field_id] : '';
$visibility_level = !empty($_POST['field_' . $field_id . '_visibility']) ? $_POST['field_' . $field_id . '_visibility'] : 'public';
/*
* Save the old and new values. They will be
* passed to the filter and used to determine
* whether an activity item should be posted.
*/
$old_values[$field_id] = array('value' => xprofile_get_field_data($field_id, $user_id), 'visibility' => xprofile_get_field_visibility_level($field_id, $user_id));
// Update the field data and visibility level.
xprofile_set_field_visibility_level($field_id, $user_id, $visibility_level);
$field_updated = xprofile_set_field_data($field_id, $user_id, $value, $is_required[$field_id]);
$value = xprofile_get_field_data($field_id, $user_id);
$new_values[$field_id] = array('value' => $value, 'visibility' => xprofile_get_field_visibility_level($field_id, $user_id));
if (!$field_updated) {
$errors = true;
} else {
/**
* Fires after the saving of each profile field, if successful.
*
* @since 1.1.0
*
* @param int $field_id ID of the field being updated.
* @param string $value Value that was saved to the field.
*/
do_action('xprofile_profile_field_data_updated', $field_id, $value);
}
}
/**
* Fires after all XProfile fields have been saved for the current profile.
*
* @since 1.0.0
* @since 2.6.0 Added $old_values and $new_values parameters.
*
* @param int $user_id ID for the user whose profile is being saved.
* @param array $posted_field_ids Array of field IDs that were edited.
* @param bool $errors Whether or not any errors occurred.
* @param array $old_values Array of original values before update.
* @param array $new_values Array of newly saved values after update.
*/
do_action('xprofile_updated_profile', $user_id, $posted_field_ids, $errors, $old_values, $new_values);
// Set the feedback messages.
if (!empty($errors)) {
$redirect_to = add_query_arg('error', '3', $redirect_to);
} else {
$redirect_to = add_query_arg('updated', '1', $redirect_to);
}
bp_core_redirect($redirect_to);
}
}
/**
* After the user was successfully created we now have the opportunity to
* save the XProfile fields.
*
* @see bp-xprofile-screens.php function xprofile_screen_edit_profile()
*
* @since 1.0.0
* @param WP_User $user The new user.
*/
public function save_custom_fields($user)
{
if (!bp_is_active('xprofile')) {
return;
}
// Make sure hidden field is passed and populated
if (isset($_POST['signup_profile_field_ids']) && !empty($_POST['signup_profile_field_ids'])) {
// Let's compact any profile field info into an array
$profile_field_ids = wp_parse_id_list($_POST['signup_profile_field_ids']);
// Loop through the posted fields formatting any datebox values then add to usermeta
foreach ((array) $profile_field_ids as $field_id) {
$value = '';
$visibility = 'public';
if (!isset($_POST['field_' . $field_id])) {
// Build the value of date-fields.
if (!empty($_POST['field_' . $field_id . '_day']) && !empty($_POST['field_' . $field_id . '_month']) && !empty($_POST['field_' . $field_id . '_year'])) {
// Concatenate the values.
$date_value = $_POST['field_' . $field_id . '_day'] . ' ' . $_POST['field_' . $field_id . '_month'] . ' ' . $_POST['field_' . $field_id . '_year'];
// Turn the concatenated value into a timestamp.
$_POST['field_' . $field_id] = date('Y-m-d H:i:s', strtotime($date_value));
}
}
if (!empty($_POST['field_' . $field_id])) {
$value = $_POST['field_' . $field_id];
}
if (!empty($_POST['field_' . $field_id . '_visibility'])) {
$visibility = $_POST['field_' . $field_id . '_visibility'];
}
xprofile_set_field_visibility_level($field_id, $user->id, $visibility);
xprofile_set_field_data($field_id, $user->id, $value, false);
}
}
}
/**
* Create a WP user at signup.
*
* Since BP 2.0, non-multisite configurations have stored signups in
* the same way as Multisite configs traditionally have: in the
* wp_signups table. However, because some plugins may be looking
* directly in the wp_users table for non-activated signups, we
* mirror signups there by creating "phantom" users, mimicking WP's
* default behavior.
*
* @since BuddyPress (2.0.0)
*
* @param string $user_login User login string.
* @param string $user_password User password.
* @param string $user_email User email address.
* @param array $usermeta Metadata associated with the signup.
* @return int User id.
*/
public static function add_backcompat($user_login = '', $user_password = '', $user_email = '', $usermeta = array())
{
global $wpdb;
$errors = new WP_Error();
$user_id = wp_insert_user(array('user_login' => $user_login, 'user_pass' => $user_password, 'display_name' => sanitize_title($user_login), 'user_email' => $user_email));
if (is_wp_error($user_id) || empty($user_id)) {
$errors->add('registerfail', sprintf(__('<strong>ERROR</strong>: Couldn’t register you. Please contact the <a href="mailto:%s">webmaster</a>.', 'buddypress'), bp_get_option('admin_email')));
return $errors;
}
// Update the user status to '2', ie "not activated"
// (0 = active, 1 = spam, 2 = not active)
$wpdb->query($wpdb->prepare("UPDATE {$wpdb->users} SET user_status = 2 WHERE ID = %d", $user_id));
// WordPress creates these options automatically on
// wp_insert_user(), but we delete them so that inactive
// signups don't appear in various user counts.
delete_user_option($user_id, 'capabilities');
delete_user_option($user_id, 'user_level');
// Set any profile data
if (bp_is_active('xprofile')) {
if (!empty($usermeta['profile_field_ids'])) {
$profile_field_ids = explode(',', $usermeta['profile_field_ids']);
foreach ((array) $profile_field_ids as $field_id) {
if (empty($usermeta["field_{$field_id}"])) {
continue;
}
$current_field = $usermeta["field_{$field_id}"];
xprofile_set_field_data($field_id, $user_id, $current_field);
// Save the visibility level
$visibility_level = !empty($usermeta['field_' . $field_id . '_visibility']) ? $usermeta['field_' . $field_id . '_visibility'] : 'public';
xprofile_set_field_visibility_level($field_id, $user_id, $visibility_level);
}
}
}
return apply_filters('bp_core_signups_add_backcompat', $user_id);
}
/**
* Handles the display of the profile edit page by loading the correct template file.
* Also checks to make sure this can only be accessed for the logged in users profile.
*
* @package BuddyPress XProfile
* @uses bp_is_my_profile() Checks to make sure the current user being viewed equals the logged in user
* @uses bp_core_load_template() Looks for and loads a template file within the current member theme (folder/filename)
*/
function xprofile_screen_edit_profile()
{
global $bp;
if (!bp_is_my_profile() && !bp_current_user_can('bp_moderate')) {
return false;
}
// Make sure a group is set.
if (!bp_action_variable(1)) {
bp_core_redirect(trailingslashit(bp_displayed_user_domain() . $bp->profile->slug . '/edit/group/1'));
}
// Check the field group exists
if (!bp_is_action_variable('group') || !xprofile_get_field_group(bp_action_variable(1))) {
bp_do_404();
return;
}
// No errors
$errors = false;
// Check to see if any new information has been submitted
if (isset($_POST['field_ids'])) {
// Check the nonce
check_admin_referer('bp_xprofile_edit');
// Check we have field ID's
if (empty($_POST['field_ids'])) {
bp_core_redirect(trailingslashit(bp_displayed_user_domain() . $bp->profile->slug . '/edit/group/' . bp_action_variable(1)));
}
// Explode the posted field IDs into an array so we know which
// fields have been submitted
$posted_field_ids = explode(',', $_POST['field_ids']);
$is_required = array();
// Loop through the posted fields formatting any datebox values
// then validate the field
foreach ((array) $posted_field_ids as $field_id) {
if (!isset($_POST['field_' . $field_id])) {
if (!empty($_POST['field_' . $field_id . '_day']) && !empty($_POST['field_' . $field_id . '_month']) && !empty($_POST['field_' . $field_id . '_year'])) {
// Concatenate the values
$date_value = $_POST['field_' . $field_id . '_day'] . ' ' . $_POST['field_' . $field_id . '_month'] . ' ' . $_POST['field_' . $field_id . '_year'];
// Turn the concatenated value into a timestamp
$_POST['field_' . $field_id] = date('Y-m-d H:i:s', strtotime($date_value));
}
}
$is_required[$field_id] = xprofile_check_is_required_field($field_id);
if ($is_required[$field_id] && empty($_POST['field_' . $field_id])) {
$errors = true;
}
}
// There are errors
if (!empty($errors)) {
bp_core_add_message(__('Please make sure you fill in all required fields in this profile field group before saving.', 'buddypress'), 'error');
// No errors
} else {
// Reset the errors var
$errors = false;
// Now we've checked for required fields, lets save the values.
foreach ((array) $posted_field_ids as $field_id) {
// Certain types of fields (checkboxes, multiselects) may come through empty. Save them as an empty array so that they don't get overwritten by the default on the next edit.
if (empty($_POST['field_' . $field_id])) {
$value = array();
} else {
$value = $_POST['field_' . $field_id];
}
if (!xprofile_set_field_data($field_id, bp_displayed_user_id(), $value, $is_required[$field_id])) {
$errors = true;
} else {
do_action('xprofile_profile_field_data_updated', $field_id, $value);
}
// Save the visibility level
$visibility_level = !empty($_POST['field_' . $field_id . '_visibility']) ? $_POST['field_' . $field_id . '_visibility'] : 'public';
xprofile_set_field_visibility_level($field_id, bp_displayed_user_id(), $visibility_level);
}
do_action('xprofile_updated_profile', bp_displayed_user_id(), $posted_field_ids, $errors);
// Set the feedback messages
if (!empty($errors)) {
bp_core_add_message(__('There was a problem updating some of your profile information, please try again.', 'buddypress'), 'error');
} else {
bp_core_add_message(__('Changes saved.', 'buddypress'));
}
// Redirect back to the edit screen to display the updates and message
bp_core_redirect(trailingslashit(bp_displayed_user_domain() . $bp->profile->slug . '/edit/group/' . bp_action_variable(1)));
}
}
do_action('xprofile_screen_edit_profile');
bp_core_load_template(apply_filters('xprofile_template_edit_profile', 'members/single/home'));
}
function rtmedia_api_process_update_profile_request()
{
$this->rtmediajsonapifunction->rtmedia_api_verfiy_token();
$ec_empty_name_location = 120001;
$msg_empty_name_location = esc_html__('name/location empty', 'buddypress-media');
$ec_profile_updated = 120002;
$msg_profile_updated = esc_html__('profile updated', 'buddypress-media');
for ($i = 1; $i <= 12; $i++) {
$field_str = 'field_';
$field_str .= $i;
$field_str_privacy = $field_str . '_privacy';
${$field_str} = filter_input(INPUT_POST, $field_str, FILTER_SANITIZE_STRING);
${$field_str_privacy} = filter_input(INPUT_POST, $field_str_privacy, FILTER_SANITIZE_STRING);
!empty(${$field_str}) ? ${$field_str} : '';
!empty(${$field_str_privacy}) ? ${$field_str_privacy} : 'public';
if (1 === $i || 4 === $i) {
$field_str_privacy = 'public';
if (empty($field_str)) {
wp_send_json($this->rtmedia_api_response_object('TRUE', $ec_empty_name_location, $msg_empty_name_location));
}
}
xprofile_set_field_data($i, $this->user_id, ${$field_str});
xprofile_set_field_visibility_level($i, $this->user_id, ${$field_str_privacy});
}
wp_send_json($this->rtmedia_api_response_object('TRUE', $ec_profile_updated, $msg_profile_updated));
}
public static function insert_buddypress_data($bp_rows)
{
global $wpdb, $bp;
require_once WP_PLUGIN_DIR . '/buddypress/bp-xprofile/bp-xprofile-functions.php';
$table = $bp->profile->table_name_data;
foreach ($bp_rows as $bp_row) {
$success = xprofile_set_field_data($bp_row['field_id'], $bp_row['user_id'], $bp_row['value']);
xprofile_set_field_visibility_level($bp_row['field_id'], $bp_row['user_id'], $bp_row['field']->default_visibility);
}
}
/**
* Save the profile fields in Members community profile page.
*
* Loaded before the page is rendered, this function is processing form
* requests.
*
* @access public
* @since BuddyPress (2.0.0)
*/
public function user_admin_load($doaction = '', $user_id = 0, $request = array(), $redirect_to = '')
{
// Eventually delete avatar
if ('delete_avatar' == $doaction) {
check_admin_referer('delete_avatar');
$redirect_to = remove_query_arg('_wpnonce', $redirect_to);
if (bp_core_delete_existing_avatar(array('item_id' => $user_id))) {
$redirect_to = add_query_arg('updated', 'avatar', $redirect_to);
} else {
$redirect_to = add_query_arg('error', 'avatar', $redirect_to);
}
bp_core_redirect($redirect_to);
// Update profile fields
} else {
// Check to see if any new information has been submitted
if (isset($_POST['field_ids'])) {
// Check the nonce
check_admin_referer('edit-bp-profile_' . $user_id);
// Check we have field ID's
if (empty($_POST['field_ids'])) {
$redirect_to = add_query_arg('error', '1', $redirect_to);
bp_core_redirect($redirect_to);
}
/**
* Unlike front-end edit-fields screens, the wp-admin/profile displays all
* groups of fields on a single page, so the list of field ids is an array
* gathering for each group of fields a distinct comma separated list of ids.
* As a result, before using the wp_parse_id_list() function, we must ensure
* that these ids are "merged" into a single comma separated list.
*/
$merge_ids = join(',', $_POST['field_ids']);
// Explode the posted field IDs into an array so we know which fields have been submitted
$posted_field_ids = wp_parse_id_list($merge_ids);
$is_required = array();
// Loop through the posted fields formatting any datebox values then validate the field
foreach ((array) $posted_field_ids as $field_id) {
if (!isset($_POST['field_' . $field_id])) {
if (!empty($_POST['field_' . $field_id . '_day']) && !empty($_POST['field_' . $field_id . '_month']) && !empty($_POST['field_' . $field_id . '_year'])) {
// Concatenate the values
$date_value = $_POST['field_' . $field_id . '_day'] . ' ' . $_POST['field_' . $field_id . '_month'] . ' ' . $_POST['field_' . $field_id . '_year'];
// Turn the concatenated value into a timestamp
$_POST['field_' . $field_id] = date('Y-m-d H:i:s', strtotime($date_value));
}
}
$is_required[$field_id] = xprofile_check_is_required_field($field_id);
if ($is_required[$field_id] && empty($_POST['field_' . $field_id])) {
$redirect_to = add_query_arg('error', '2', $redirect_to);
bp_core_redirect($redirect_to);
}
}
// Set the errors var
$errors = false;
// Now we've checked for required fields, let's save the values.
foreach ((array) $posted_field_ids as $field_id) {
// Certain types of fields (checkboxes, multiselects) may come through empty. Save them as an empty array so that they don't get overwritten by the default on the next edit.
$value = isset($_POST['field_' . $field_id]) ? $_POST['field_' . $field_id] : '';
if (!xprofile_set_field_data($field_id, $user_id, $value, $is_required[$field_id])) {
$errors = true;
} else {
do_action('xprofile_profile_field_data_updated', $field_id, $value);
}
// Save the visibility level
$visibility_level = !empty($_POST['field_' . $field_id . '_visibility']) ? $_POST['field_' . $field_id . '_visibility'] : 'public';
xprofile_set_field_visibility_level($field_id, $user_id, $visibility_level);
}
do_action('xprofile_updated_profile', $user_id, $posted_field_ids, $errors);
// Set the feedback messages
if (!empty($errors)) {
$redirect_to = add_query_arg('error', '3', $redirect_to);
} else {
$redirect_to = add_query_arg('updated', '1', $redirect_to);
}
bp_core_redirect($redirect_to);
}
}
}
/**
* Handles the saving of xprofile field visibilities
*
* @since BuddyPress (1.9.0)
*/
function bp_xprofile_action_settings()
{
// Bail if not a POST action
if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) {
return;
}
// Bail if no submit action
if (!isset($_POST['xprofile-settings-submit'])) {
return;
}
// Bail if not in settings
if (!bp_is_user_settings_profile()) {
return;
}
// 404 if there are any additional action variables attached
if (bp_action_variables()) {
bp_do_404();
return;
}
// Nonce check
check_admin_referer('bp_xprofile_settings');
/**
* Fires before saving xprofile field visibilities.
*
* @since BuddyPress (2.0.0)
*/
do_action('bp_xprofile_settings_before_save');
/** Save ******************************************************************/
// Only save if there are field ID's being posted
if (!empty($_POST['field_ids'])) {
// Get the POST'ed field ID's
$posted_field_ids = explode(',', $_POST['field_ids']);
// Backward compatibility: a bug in BP 2.0 caused only a single
// group's field IDs to be submitted. Look for values submitted
// in the POST request that may not appear in 'field_ids', and
// add them to the list of IDs to save.
foreach ($_POST as $posted_key => $posted_value) {
preg_match('/^field_([0-9]+)_visibility$/', $posted_key, $matches);
if (!empty($matches[1]) && !in_array($matches[1], $posted_field_ids)) {
$posted_field_ids[] = $matches[1];
}
}
// Save the visibility settings
foreach ($posted_field_ids as $field_id) {
$visibility_level = 'public';
if (!empty($_POST['field_' . $field_id . '_visibility'])) {
$visibility_level = $_POST['field_' . $field_id . '_visibility'];
}
xprofile_set_field_visibility_level($field_id, bp_displayed_user_id(), $visibility_level);
}
}
/** Other *****************************************************************/
/**
* Fires after saving xprofile field visibilities.
*
* @since BuddyPress (2.0.0)
*/
do_action('bp_xprofile_settings_after_save');
// Redirect to the root domain
bp_core_redirect(bp_displayed_user_domain() . bp_get_settings_slug() . '/profile');
}
/**
* Handles the display of the profile edit page by loading the correct template file.
* Also checks to make sure this can only be accessed for the logged in users profile.
*
* @package BuddyPress XProfile
* @uses bp_is_my_profile() Checks to make sure the current user being viewed equals the logged in user
* @uses bp_core_load_template() Looks for and loads a template file within the current member theme (folder/filename)
*/
function xprofile_screen_edit_profile()
{
if (!bp_is_my_profile() && !bp_current_user_can('bp_moderate')) {
return false;
}
$bp = buddypress();
// Make sure a group is set.
if (!bp_action_variable(1)) {
bp_core_redirect(trailingslashit(bp_displayed_user_domain() . $bp->profile->slug . '/edit/group/1'));
}
// Check the field group exists
if (!bp_is_action_variable('group') || !xprofile_get_field_group(bp_action_variable(1))) {
bp_do_404();
return;
}
// No errors
$errors = false;
// Check to see if any new information has been submitted
if (isset($_POST['field_ids'])) {
// Check the nonce
check_admin_referer('bp_xprofile_edit');
// Check we have field ID's
if (empty($_POST['field_ids'])) {
bp_core_redirect(trailingslashit(bp_displayed_user_domain() . $bp->profile->slug . '/edit/group/' . bp_action_variable(1)));
}
// Explode the posted field IDs into an array so we know which
// fields have been submitted
$posted_field_ids = wp_parse_id_list($_POST['field_ids']);
$is_required = array();
// Loop through the posted fields formatting any datebox values
// then validate the field
foreach ((array) $posted_field_ids as $field_id) {
if (!isset($_POST['field_' . $field_id])) {
if (!empty($_POST['field_' . $field_id . '_day']) && !empty($_POST['field_' . $field_id . '_month']) && !empty($_POST['field_' . $field_id . '_year'])) {
// Concatenate the values
$date_value = $_POST['field_' . $field_id . '_day'] . ' ' . $_POST['field_' . $field_id . '_month'] . ' ' . $_POST['field_' . $field_id . '_year'];
// Turn the concatenated value into a timestamp
$_POST['field_' . $field_id] = date('Y-m-d H:i:s', strtotime($date_value));
}
}
$is_required[$field_id] = xprofile_check_is_required_field($field_id);
if ($is_required[$field_id] && empty($_POST['field_' . $field_id])) {
$errors = true;
}
}
// There are errors
if (!empty($errors)) {
bp_core_add_message(__('Please make sure you fill in all required fields in this profile field group before saving.', 'buddypress'), 'error');
// No errors
} else {
// Reset the errors var
$errors = false;
// Now we've checked for required fields, lets save the values.
$old_values = $new_values = array();
foreach ((array) $posted_field_ids as $field_id) {
// Certain types of fields (checkboxes, multiselects) may come through empty. Save them as an empty array so that they don't get overwritten by the default on the next edit.
$value = isset($_POST['field_' . $field_id]) ? $_POST['field_' . $field_id] : '';
$visibility_level = !empty($_POST['field_' . $field_id . '_visibility']) ? $_POST['field_' . $field_id . '_visibility'] : 'public';
// Save the old and new values. They will be
// passed to the filter and used to determine
// whether an activity item should be posted
$old_values[$field_id] = array('value' => xprofile_get_field_data($field_id, bp_displayed_user_id()), 'visibility' => xprofile_get_field_visibility_level($field_id, bp_displayed_user_id()));
// Update the field data and visibility level
xprofile_set_field_visibility_level($field_id, bp_displayed_user_id(), $visibility_level);
$field_updated = xprofile_set_field_data($field_id, bp_displayed_user_id(), $value, $is_required[$field_id]);
$value = xprofile_get_field_data($field_id, bp_displayed_user_id());
$new_values[$field_id] = array('value' => $value, 'visibility' => xprofile_get_field_visibility_level($field_id, bp_displayed_user_id()));
if (!$field_updated) {
$errors = true;
} else {
/**
* Fires on each iteration of an XProfile field being saved with no error.
*
* @since BuddyPress (1.1.0)
*
* @param int $field_id ID of the field that was saved.
* @param string $value Value that was saved to the field.
*/
do_action('xprofile_profile_field_data_updated', $field_id, $value);
}
}
/**
* Fires after all XProfile fields have been saved for the current profile.
*
* @since BuddyPress (1.0.0)
*
* @param int $value Displayed user ID.
* @param array $posted_field_ids Array of field IDs that were edited.
* @param bool $errors Whether or not any errors occurred.
* @param array $old_values Array of original values before updated.
* @param array $new_values Array of newly saved values after update.
*/
do_action('xprofile_updated_profile', bp_displayed_user_id(), $posted_field_ids, $errors, $old_values, $new_values);
// Set the feedback messages
if (!empty($errors)) {
bp_core_add_message(__('There was a problem updating some of your profile information. Please try again.', 'buddypress'), 'error');
} else {
bp_core_add_message(__('Changes saved.', 'buddypress'));
}
// Redirect back to the edit screen to display the updates and message
bp_core_redirect(trailingslashit(bp_displayed_user_domain() . $bp->profile->slug . '/edit/group/' . bp_action_variable(1)));
}
}
/**
* Fires right before the loading of the XProfile edit screen template file.
*
* @since BuddyPress (1.0.0)
*/
do_action('xprofile_screen_edit_profile');
/**
* Filters the template to load for the XProfile edit screen.
*
* @since BuddyPress (1.0.0)
*
* @param string $template Path to the XProfile edit template to load.
*/
bp_core_load_template(apply_filters('xprofile_template_edit_profile', 'members/single/home'));
}
/**
* Save the profile fields in Members community profile page.
*
* Loaded before the page is rendered, this function is processing form
* requests.
*
* @since 2.0.0
*
* @param string $doaction Action being run.
* @param int $user_id ID for the user whose profile is being saved.
* @param array $request Request being made.
* @param string $redirect_to Where to redirect user to.
*/
public function user_admin_load($doaction = '', $user_id = 0, $request = array(), $redirect_to = '')
{
// Eventually delete avatar.
if ('delete_avatar' === $doaction) {
check_admin_referer('delete_avatar');
$redirect_to = remove_query_arg('_wpnonce', $redirect_to);
if (bp_core_delete_existing_avatar(array('item_id' => $user_id))) {
$redirect_to = add_query_arg('updated', 'avatar', $redirect_to);
} else {
$redirect_to = add_query_arg('error', 'avatar', $redirect_to);
}
bp_core_redirect($redirect_to);
// Update profile fields.
} elseif (isset($_POST['field_ids'])) {
// Check the nonce.
check_admin_referer('edit-bp-profile_' . $user_id);
// Check we have field ID's.
if (empty($_POST['field_ids'])) {
$redirect_to = add_query_arg('error', '1', $redirect_to);
bp_core_redirect($redirect_to);
}
/**
* Unlike front-end edit-fields screens, the wp-admin/profile
* displays all groups of fields on a single page, so the list of
* field ids is an array gathering for each group of fields a
* distinct comma separated list of ids.
*
* As a result, before using the wp_parse_id_list() function, we
* must ensure that these ids are "merged" into a single comma
* separated list.
*/
$merge_ids = join(',', $_POST['field_ids']);
// Explode the posted field IDs into an array so we know which fields have been submitted.
$posted_field_ids = wp_parse_id_list($merge_ids);
$is_required = array();
// Loop through the posted fields formatting any datebox values then validate the field.
foreach ((array) $posted_field_ids as $field_id) {
if (!isset($_POST['field_' . $field_id])) {
if (!empty($_POST['field_' . $field_id . '_day']) && !empty($_POST['field_' . $field_id . '_month']) && !empty($_POST['field_' . $field_id . '_year'])) {
// Concatenate the values.
$date_value = $_POST['field_' . $field_id . '_day'] . ' ' . $_POST['field_' . $field_id . '_month'] . ' ' . $_POST['field_' . $field_id . '_year'];
// Turn the concatenated value into a timestamp.
$_POST['field_' . $field_id] = date('Y-m-d H:i:s', strtotime($date_value));
}
}
$is_required[$field_id] = xprofile_check_is_required_field($field_id) && !bp_current_user_can('bp_moderate');
if ($is_required[$field_id] && empty($_POST['field_' . $field_id])) {
$redirect_to = add_query_arg('error', '2', $redirect_to);
bp_core_redirect($redirect_to);
}
}
// Set the errors var.
$errors = false;
// Now we've checked for required fields, let's save the values.
foreach ((array) $posted_field_ids as $field_id) {
// Certain types of fields (checkboxes, multiselects) may come
// through empty. Save them as an empty array so that they don't
// get overwritten by the default on the next edit.
$value = isset($_POST['field_' . $field_id]) ? $_POST['field_' . $field_id] : '';
if (!xprofile_set_field_data($field_id, $user_id, $value, $is_required[$field_id])) {
$errors = true;
} else {
/**
* Fires after the saving of each profile field, if successful.
*
* @since 1.1.0
*
* @param int $field_id ID of the field being updated.
* @param string $value Value that was saved to the field.
*/
do_action('xprofile_profile_field_data_updated', $field_id, $value);
}
// Save the visibility level.
$visibility_level = !empty($_POST['field_' . $field_id . '_visibility']) ? $_POST['field_' . $field_id . '_visibility'] : 'public';
xprofile_set_field_visibility_level($field_id, $user_id, $visibility_level);
}
/**
* Fires after all of the profile fields have been saved.
*
* @since 1.0.0
*
* @param int $user_id ID of the user whose data is being saved.
* @param array $posted_field_ids IDs of the fields that were submitted.
* @param bool $errors Whether or not errors occurred during saving.
*/
do_action('xprofile_updated_profile', $user_id, $posted_field_ids, $errors);
// Set the feedback messages.
if (!empty($errors)) {
$redirect_to = add_query_arg('error', '3', $redirect_to);
} else {
$redirect_to = add_query_arg('updated', '1', $redirect_to);
}
bp_core_redirect($redirect_to);
}
}
function rtmedia_api_process_update_profile_request()
{
$this->rtmediajsonapifunction->rtmedia_api_verfiy_token();
$ec_empty_name_location = 120001;
$msg_empty_name_location = __('name/location empty', 'rtmedia');
$ec_profile_updated = 120002;
$msg_profile_updated = __('profile updated', 'rtmedia');
extract($_POST);
for ($i = 1; $i <= 12; $i++) {
$field_str = 'field_';
$field_str .= $i;
$field_str_privacy = $field_str . '_privacy';
!empty(${$field_str}) ? ${$field_str} : '';
!empty(${$field_str_privacy}) ? ${$field_str_privacy} : 'public';
if ($i == 1 || $i == 4) {
$field_str_privacy = 'public';
if (empty($field_str)) {
echo $this->rtmedia_api_response_object('TRUE', $ec_empty_name_location, $msg_empty_name_location);
exit;
}
}
xprofile_set_field_data($i, $this->user_id, ${$field_str});
xprofile_set_field_visibility_level($i, $this->user_id, ${$field_str_privacy});
}
echo $this->rtmedia_api_response_object('TRUE', $ec_profile_updated, $msg_profile_updated);
exit;
}
/**
* Activate a signup, as identified by an activation key.
*
* @since 1.2.2
*
* @param string $key Activation key.
* @return int|bool User ID on success, false on failure.
*/
function bp_core_activate_signup($key)
{
global $wpdb;
$user = false;
// Multisite installs have their own activation routine.
if (is_multisite()) {
$user = wpmu_activate_signup($key);
// If there were errors, add a message and redirect.
if (!empty($user->errors)) {
return $user;
}
$user_id = $user['user_id'];
} else {
$signups = BP_Signup::get(array('activation_key' => $key));
if (empty($signups['signups'])) {
return new WP_Error('invalid_key', __('Invalid activation key.', 'buddypress'));
}
$signup = $signups['signups'][0];
if ($signup->active) {
if (empty($signup->domain)) {
return new WP_Error('already_active', __('The user is already active.', 'buddypress'), $signup);
} else {
return new WP_Error('already_active', __('The site is already active.', 'buddypress'), $signup);
}
}
// Password is hashed again in wp_insert_user.
$password = wp_generate_password(12, false);
$user_id = username_exists($signup->user_login);
// Create the user. This should only be necessary if BP_SIGNUPS_SKIP_USER_CREATION is true.
if (!$user_id) {
$user_id = wp_create_user($signup->user_login, $password, $signup->user_email);
// Otherwise, update the existing user's status.
} elseif ($key === bp_get_user_meta($user_id, 'activation_key', true) || $key === wp_hash($user_id)) {
// Change the user's status so they become active.
if (!$wpdb->query($wpdb->prepare("UPDATE {$wpdb->users} SET user_status = 0 WHERE ID = %d", $user_id))) {
return new WP_Error('invalid_key', __('Invalid activation key.', 'buddypress'));
}
bp_delete_user_meta($user_id, 'activation_key');
$member = get_userdata($user_id);
$member->set_role(get_option('default_role'));
$user_already_created = true;
} else {
$user_already_exists = true;
}
if (!$user_id) {
return new WP_Error('create_user', __('Could not create user', 'buddypress'), $signup);
}
// Fetch the signup so we have the data later on.
$signups = BP_Signup::get(array('activation_key' => $key));
$signup = isset($signups['signups']) && !empty($signups['signups'][0]) ? $signups['signups'][0] : false;
// Activate the signup.
BP_Signup::validate($key);
if (isset($user_already_exists)) {
return new WP_Error('user_already_exists', __('That username is already activated.', 'buddypress'), $signup);
}
// Set up data to pass to the legacy filter.
$user = array('user_id' => $user_id, 'password' => $signup->meta['password'], 'meta' => $signup->meta);
// Notify the site admin of a new user registration.
wp_new_user_notification($user_id);
if (isset($user_already_created)) {
/**
* Fires if the user has already been created.
*
* @since 1.2.2
*
* @param int $user_id ID of the user being checked.
* @param string $key Activation key.
* @param array $user Array of user data.
*/
do_action('bp_core_activated_user', $user_id, $key, $user);
return $user_id;
}
}
// Set any profile data.
if (bp_is_active('xprofile')) {
if (!empty($user['meta']['profile_field_ids'])) {
$profile_field_ids = explode(',', $user['meta']['profile_field_ids']);
foreach ((array) $profile_field_ids as $field_id) {
$current_field = isset($user['meta']["field_{$field_id}"]) ? $user['meta']["field_{$field_id}"] : false;
if (!empty($current_field)) {
xprofile_set_field_data($field_id, $user_id, $current_field);
}
// Save the visibility level.
$visibility_level = !empty($user['meta']['field_' . $field_id . '_visibility']) ? $user['meta']['field_' . $field_id . '_visibility'] : 'public';
xprofile_set_field_visibility_level($field_id, $user_id, $visibility_level);
}
}
}
// Replace the password automatically generated by WordPress by the one the user chose.
if (!empty($user['meta']['password'])) {
$wpdb->query($wpdb->prepare("UPDATE {$wpdb->users} SET user_pass = %s WHERE ID = %d", $user['meta']['password'], $user_id));
/**
* Make sure to clean the user's cache as we've
* directly edited the password without using
* wp_update_user().
*
* If we can't use wp_update_user() that's because
* we already hashed the password at the signup step.
*/
$uc = wp_cache_get($user_id, 'users');
if (!empty($uc->ID)) {
clean_user_cache($uc->ID);
}
}
/**
* Fires at the end of the user activation process.
*
* @since 1.2.2
*
* @param int $user_id ID of the user being checked.
* @param string $key Activation key.
* @param array $user Array of user data.
*/
do_action('bp_core_activated_user', $user_id, $key, $user);
return $user_id;
}
function process_subscription_form()
{
global $M_options, $bp;
$logged_in = is_user_logged_in();
$subscription = isset($_REQUEST['subscription']) ? $_REQUEST['subscription'] : 0;
$page = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'subscriptionform';
switch ($page) {
case 'validatepage1':
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
return;
}
$required = array('user_login' => __('Username', 'membership'), 'user_email' => __('Email address', 'membership'), 'password' => __('Password', 'membership'), 'password2' => __('Password confirmation', 'membership'));
$this->_register_errors = new WP_Error();
foreach ($required as $key => $message) {
if (empty($_POST[$key])) {
$this->_register_errors->add($key, __('Please ensure that the ', 'membership') . "<strong>" . $message . "</strong>" . __(' information is completed.', 'membership'));
}
}
if ($_POST['password'] != $_POST['password2']) {
$this->_register_errors->add('passmatch', __('Please ensure the passwords match.', 'membership'));
}
if (!validate_username($_POST['user_login'])) {
$this->_register_errors->add('usernamenotvalid', __('The username is not valid, sorry.', 'membership'));
}
if (username_exists(sanitize_user($_POST['user_login']))) {
$this->_register_errors->add('usernameexists', __('That username is already taken, sorry.', 'membership'));
}
if (!is_email($_POST['user_email'])) {
$this->_register_errors->add('emailnotvalid', __('The email address is not valid, sorry.', 'membership'));
}
if (email_exists($_POST['user_email'])) {
$this->_register_errors->add('emailexists', __('That email address is already taken, sorry.', 'membership'));
}
$this->_register_errors = apply_filters('membership_subscription_form_before_registration_process', $this->_register_errors);
$result = apply_filters('wpmu_validate_user_signup', array('user_name' => $_POST['user_login'], 'orig_username' => $_POST['user_login'], 'user_email' => $_POST['user_email'], 'errors' => $this->_register_errors));
$this->_register_errors = $result['errors'];
// Hack for now - eeek
$anyerrors = $this->_register_errors->get_error_code();
if (empty($anyerrors)) {
// No errors so far - error reporting check for final add user *note $error should always be an error object becuase we created it as such.
$user_id = wp_create_user(sanitize_user($_POST['user_login']), $_POST['password'], $_POST['user_email']);
if (is_wp_error($user_id)) {
$this->_register_errors->add('userid', $user_id->get_error_message());
} else {
$member = Membership_Plugin::factory()->get_member($user_id);
if (!headers_sent()) {
$user = @wp_signon(array('user_login' => $_POST['user_login'], 'user_password' => $_POST['password'], 'remember' => true));
if (is_wp_error($user) && method_exists($user, 'get_error_message')) {
$this->_register_errors->add('userlogin', $user->get_error_message());
} else {
// Set the current user up
wp_set_current_user($user_id);
}
} else {
// Set the current user up
wp_set_current_user($user_id);
}
if (has_action('membership_susbcription_form_registration_notification')) {
do_action('membership_susbcription_form_registration_notification', $user_id, $_POST['password']);
} else {
wp_new_user_notification($user_id, $_POST['password']);
}
if (!empty($M_options['freeusersubscription'])) {
$level = !empty($M_options['strangerlevel']) ? $M_options['strangerlevel'] : 0;
//free subscription is active - do 'membership_add_subscription' action so pings are triggered, etc
do_action('membership_add_subscription', $M_options['freeusersubscription'], $level, false, $user_id);
}
}
do_action('membership_subscription_form_registration_process', $this->_register_errors, $user_id);
} else {
do_action('membership_subscription_form_registration_process', $this->_register_errors, 0);
}
// Hack for now - eeek
$anyerrors = $this->_register_errors->get_error_code();
if (empty($anyerrors)) {
// redirect to payments page
wp_redirect(esc_url_raw(add_query_arg(array('action' => 'subscriptionsignup', 'subscription' => $subscription))));
exit;
}
break;
case 'validatepage1bp':
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
return;
}
$required = array('signup_username' => __('Username', 'membership'), 'signup_email' => __('Email address', 'membership'), 'signup_password' => __('Password', 'membership'), 'signup_password_confirm' => __('Password confirmation', 'membership'));
$this->_register_errors = new WP_Error();
foreach ($required as $key => $message) {
if (empty($_POST[$key])) {
$this->_register_errors->add($key, __('Please ensure that the ', 'membership') . "<strong>" . $message . "</strong>" . __(' information is completed.', 'membership'));
}
}
if ($_POST['signup_password'] != $_POST['signup_password_confirm']) {
$this->_register_errors->add('passmatch', __('Please ensure the passwords match.', 'membership'));
}
if (!validate_username($_POST['signup_username'])) {
$this->_register_errors->add('usernamenotvalid', __('The username is not valid, sorry.', 'membership'));
}
if (username_exists(sanitize_user($_POST['signup_username']))) {
$this->_register_errors->add('usernameexists', __('That username is already taken, sorry.', 'membership'));
}
if (!is_email($_POST['signup_email'])) {
$this->_register_errors->add('emailnotvalid', __('The email address is not valid, sorry.', 'membership'));
}
if (email_exists($_POST['signup_email'])) {
$this->_register_errors->add('emailexists', __('That email address is already taken, sorry.', 'membership'));
}
// Initial fix provided by user: cmurtagh - modified to add extra checks and rejigged a bit
// Run the buddypress validation
do_action('bp_signup_validate');
// Add any errors to the action for the field in the template for display.
if (!empty($bp->signup->errors)) {
foreach ((array) $bp->signup->errors as $fieldname => $error_message) {
$this->_register_errors->add($fieldname, $error_message);
}
}
$meta_array = array();
// xprofile required fields
/* Now we've checked account details, we can check profile information */
//if ( function_exists( 'xprofile_check_is_required_field' ) ) {
if (function_exists('bp_is_active') && bp_is_active('xprofile')) {
/* Make sure hidden field is passed and populated */
if (isset($_POST['signup_profile_field_ids']) && !empty($_POST['signup_profile_field_ids'])) {
/* Let's compact any profile field info into an array */
$profile_field_ids = explode(',', $_POST['signup_profile_field_ids']);
/* Loop through the posted fields formatting any datebox values then validate the field */
foreach ((array) $profile_field_ids as $field_id) {
if (!isset($_POST['field_' . $field_id])) {
if (isset($_POST['field_' . $field_id . '_day'])) {
$_POST['field_' . $field_id] = strtotime($_POST['field_' . $field_id . '_day'] . $_POST['field_' . $field_id . '_month'] . $_POST['field_' . $field_id . '_year']);
}
}
/* Create errors for required fields without values */
if (xprofile_check_is_required_field($field_id) && empty($_POST['field_' . $field_id])) {
$field = new BP_Xprofile_Field($field_id);
$this->_register_errors->add($field->name, __('Please ensure that the ', 'membership') . "<strong>" . $field->name . "</strong>" . __(' information is completed.', 'membership'));
}
$meta_array[$field_id] = $_POST['field_' . $field_id];
}
}
}
$this->_register_errors = apply_filters('membership_subscription_form_before_registration_process', $this->_register_errors);
// Hack for now - eeek
$anyerrors = $this->_register_errors->get_error_code();
if (empty($anyerrors)) {
// No errors so far - error reporting check for final add user *note $error should always be an error object becuase we created it as such.
$user_id = wp_create_user(sanitize_user($_POST['signup_username']), $_POST['signup_password'], $_POST['signup_email']);
if (is_wp_error($user_id)) {
$this->_register_errors->add('userid', $user_id->get_error_message());
} else {
$member = Membership_Plugin::factory()->get_member($user_id);
if (!headers_sent()) {
$user = @wp_signon(array('user_login' => $_POST['signup_username'], 'user_password' => $_POST['signup_password'], 'remember' => true));
if (is_wp_error($user) && method_exists($user, 'get_error_message')) {
$this->_register_errors->add('userlogin', $user->get_error_message());
} else {
// Set the current user up
wp_set_current_user($user_id);
}
} else {
// Set the current user up
wp_set_current_user($user_id);
}
if (has_action('membership_susbcription_form_registration_notification')) {
do_action('membership_susbcription_form_registration_notification', $user_id, $_POST['signup_password']);
} else {
wp_new_user_notification($user_id, $_POST['signup_password']);
}
if (function_exists('xprofile_set_field_data')) {
// Add the bp filter for usermeta signup
$meta_array = apply_filters('bp_signup_usermeta', $meta_array);
foreach ((array) $meta_array as $field_id => $field_content) {
xprofile_set_field_data($field_id, $user_id, $field_content);
$visibility_level = !empty($_POST['field_' . $field_id . '_visibility']) ? $_POST['field_' . $field_id . '_visibility'] : 'public';
xprofile_set_field_visibility_level($field_id, $user_id, $visibility_level);
}
// Make sure the User Meta is updated with the xprofile name
$data = explode(' ', xprofile_get_field_data('Name', $user_id, 'array'));
$firstname = array_shift($data);
$lastname = implode(' ', $data);
update_user_meta($user_id, 'first_name', $firstname);
update_user_meta($user_id, 'last_name', $lastname);
}
}
do_action('membership_subscription_form_registration_process', $this->_register_errors, $user_id);
// Hack for now - eeek
$anyerrors = $this->_register_errors->get_error_code();
if (empty($anyerrors)) {
// everything seems fine (so far), so we have our queued user so let's
// run the bp complete signup action
do_action('bp_complete_signup');
// redirect to payments page
wp_redirect(esc_url_raw(add_query_arg(array('action' => 'subscriptionsignup', 'subscription' => $subscription))));
exit;
}
} else {
do_action('membership_subscription_form_registration_process', $this->_register_errors, 0);
}
break;
case 'registeruser':
case 'subscriptionsignup':
$to_sub_id = false;
// free subscription processing
if ($logged_in && $subscription) {
$sub = Membership_Plugin::factory()->get_subscription($subscription);
if ($sub->is_free()) {
$to_sub_id = $subscription;
}
}
// coupon processing
$coupon = filter_input(INPUT_POST, 'coupon_code');
$sub_id = filter_input(INPUT_POST, 'coupon_sub_id', FILTER_VALIDATE_INT);
if ($logged_in && $coupon && $sub_id) {
$coupon = new M_Coupon($coupon);
$coupon_obj = $coupon->get_coupon();
//if ( $coupon->valid_coupon() && $coupon_obj->discount >= 100 && $coupon_obj->discount_type == 'pct' ) {
if ($coupon->valid_for_subscription($sub_id) && $coupon_obj->discount >= 100 && $coupon_obj->discount_type == 'pct') {
$to_sub_id = $sub_id;
$coupon->increment_coupon_used();
}
}
if ($to_sub_id) {
$member = Membership_Plugin::factory()->get_member(get_current_user_id());
$from_sub_id = isset($_REQUEST['from_subscription']) ? absint($_REQUEST['from_subscription']) : 0;
if ($from_sub_id) {
$member->drop_subscription($from_sub_id);
}
$member->create_subscription($to_sub_id);
if (isset($M_options['registrationcompleted_page']) && absint($M_options['registrationcompleted_page'])) {
wp_redirect(get_permalink($M_options['registrationcompleted_page']));
exit;
}
}
break;
}
}
