/**
* Gets the user links for the current user's role
*
* Callback for "tml_user_links" hook in method Theme_My_Login_Template::display()
*
* @see Theme_My_Login_Template::display()
* @since 6.0
* @access public
*
* @param array $links Default user links
* @return array New user links
*/
public function get_user_links($links = array())
{
if (!is_user_logged_in()) {
return $links;
}
$current_user = wp_get_current_user();
if (is_multisite() && empty($current_user->roles)) {
$current_user->roles = array('subscriber');
}
foreach ((array) $current_user->roles as $role) {
if ($links = $this->get_option($role)) {
}
break;
}
// Define and allow filtering of replacement variables
$replacements = apply_filters('tml_custom_user_links_variables', array('%user_id%' => $current_user->ID, '%username%' => $current_user->user_nicename));
// Replace variables in link
foreach ((array) $links as $key => $link) {
$links[$key]['url'] = Theme_My_Login_Common::replace_vars($link['url'], $current_user->ID, $replacements);
}
return $links;
}
/**
* Sanitizes settings
*
* Callback for register_setting()
*
* @since 6.0
* @access public
*
* @param string|array $settings Settings passed in from filter
* @return string|array Sanitized settings
*/
public function save_settings($settings)
{
$settings['new_user']['admin_disable'] = isset($settings['new_user']['admin_disable']);
$settings['reset_pass']['admin_disable'] = isset($settings['reset_pass']['admin_disable']);
if (class_exists('Theme_My_Login_User_Moderation')) {
$settings['user_approval']['admin_disable'] = isset($settings['user_approval']['admin_disable']);
$settings['user_denial']['disable'] = isset($settings['user_denial']['disable']);
}
$settings = Theme_My_Login_Common::array_merge_recursive($this->get_options(), $settings);
return $settings;
}
/**
* Returns requested action URL
*
* @since 6.0
* @access public
*
* @param string $action Action to retrieve
* @param string $scheme Scheme to give the URL context
* @return string The requested action URL
*/
public function get_action_url($action = '', $scheme = 'login')
{
$instance = $this->get_option('instance');
if ($action == $this->get_option('default_action')) {
$args = array();
if ($instance) {
$args['instance'] = $instance;
}
$url = Theme_My_Login_Common::get_current_url($args);
} else {
$url = Theme_My_Login::get_page_link($action);
}
$url = set_url_scheme($url, $scheme);
return apply_filters('tml_action_url', $url, $action, $scheme, $instance);
}
/**
* Handles logout redirection
*
* Callback for "logout_redirect" hook in method Theme_My_Login::the_request()
*
* @see Theme_My_Login::the_request()
* @since 6.0
* @access public
*
* @param string $redirect_to Default redirect
* @param string $request Requested redirect
* @param WP_User|WP_Error WP_User if user logged in, WP_Error otherwise
* @return string New redirect
*/
public function logout_redirect($redirect_to, $request, $user)
{
// Determine the correct referer
if (!($http_referer = wp_get_original_referer())) {
$http_referer = wp_get_referer();
}
// Remove some arguments that may be present and shouldn't be
$http_referer = remove_query_arg(array('instance', 'action', 'checkemail', 'error', 'loggedout', 'registered', 'redirect_to', 'updated', 'key', '_wpnonce'), $http_referer);
// Make sure $user object exists and is a WP_User instance
if (!is_wp_error($user) && is_a($user, 'WP_User')) {
if (is_multisite() && empty($user->roles)) {
$user->roles = array('subscriber');
}
$user_role = reset($user->roles);
$redirection = $this->get_option($user_role, array());
if ('referer' == $redirection['logout_type']) {
// Send 'em back to the referer
$redirect_to = $http_referer;
} elseif ('custom' == $redirection['logout_type']) {
// Send 'em to the specified URL
$redirect_to = $redirection['logout_url'];
// Allow a few user specific variables
$redirect_to = Theme_My_Login_Common::replace_vars($redirect_to, $user->ID, array('%user_id%' => $user->ID));
}
}
// Make sure $redirect_to isn't empty or pointing to an admin URL (causing an endless loop)
if (empty($redirect_to) || false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = add_query_arg('loggedout', 'true', wp_login_url());
}
return $redirect_to;
}
/**
* Handles "send_activation" action for login page
*
* Callback for "tml_request_send_activation" hook in method Theme_My_Login::the_request();
*
* @see Theme_My_Login::the_request();
* @since 6.0
* @access public
*/
public static function send_activation()
{
global $wpdb;
$login = isset($_GET['login']) ? trim($_GET['login']) : '';
if (!($user_id = $wpdb->get_var($wpdb->prepare("SELECT ID FROM {$wpdb->users} WHERE user_login = %s", $login)))) {
$redirect_to = Theme_My_Login_Common::get_current_url(array('sendactivation' => 'failed'));
wp_redirect($redirect_to);
exit;
}
do_action('tml_user_activation_resend', $user_id);
$user = new WP_User($user_id);
if (in_array('pending', (array) $user->roles)) {
// Send activation e-mail
self::new_user_activation_notification($user->ID);
// Now redirect them
$redirect_to = Theme_My_Login_Common::get_current_url(array('sendactivation' => 'sent'));
wp_redirect($redirect_to);
exit;
}
}
/**
* Get the redirect URL for a user.
*
* @since 6.4.1
*
* @param WP_User $user User object
* @param string $type Optional. Type of redirect. Accepts 'login'
* or 'logout'. Default is 'login'.
* @param string $default Optional. Default URL if somehow not found
* @return string Redirect URL
*/
public function get_redirect_for_user($user, $type = 'login', $default = '')
{
// Make sure we have a default
if (empty($default)) {
$default = admin_url('profile.php');
}
// Bail if $user is not a WP_User
if (!$user instanceof WP_User) {
return $default;
}
// Make sure $type is valid
if (!('login' == $type || 'logout' == $type)) {
$type = 'login';
}
// Make sure the user has a role
if (is_multisite() && empty($user->roles)) {
$user->roles = array('subscriber');
}
// Get the user's role
$user_role = reset($user->roles);
// Get the redirection settings for the user's role
$redirection = $this->get_option($user_role, array());
// Determine which redirection type is being used
switch ($redirection["{$type}_type"]) {
case 'referer':
// Get the referer
if (!($referer = wp_get_original_referer())) {
$referer = wp_get_referer();
}
// Strip unwanted arguments from the referer
$referer = Theme_My_Login_Common::strip_query_args($referer);
// Is the URL a single post type?
if ($page_id = url_to_postid($referer)) {
// Bail if the referer is TML page
if (Theme_My_Login::is_tml_page(null, $page_id)) {
return $default;
}
}
// Send 'em back to the referer
$redirect_to = $referer;
break;
case 'custom':
// Send 'em to the specified URL
$redirect_to = $redirection["{$type}_url"];
// Allow a few user specific variables
$redirect_to = str_replace(array('%user_id%', '%user_nicename%'), array($user->ID, $user->user_nicename), $redirect_to);
break;
}
// Make sure $redirect_to isn't empty
if (empty($redirect_to)) {
$redirect_to = $default;
}
return $redirect_to;
}
/**
* Changes the user denial e-mail message
*
* Callback for "user_denial_notification_message" hook in Theme_My_Login_User_Moderation_Admin::deny_user()
*
* @see Theme_My_Login_User_Moderation_Admin::deny_user()
* @since 6.1
* @access public
*
* @param string $message The default message
* @param int $user_id The user's ID
* @return string The filtered message
*/
public function user_denial_notification_message_filter($message, $user_id)
{
$_message = $this->get_option(array('user_denial', 'message'));
return empty($_message) ? $message : Theme_My_Login_Common::replace_vars($_message, $user_id);
}
/**
* Returns requested action URL
*
* @since 6.0
* @access public
*
* @param string $action Action to retrieve
* @return string The requested action URL
*/
public function get_action_url($action = '')
{
$instance = $this->get_option('instance');
if ($action == $this->get_option('default_action')) {
$args = array();
if ($instance) {
$args['instance'] = $instance;
}
$url = Theme_My_Login_Common::get_current_url($args);
} else {
$url = Theme_My_Login::get_page_link($action);
}
// Respect FORCE_SSL_LOGIN
if ('login' == $action && force_ssl_login()) {
$url = preg_replace('|^http://|', 'https://', $url);
}
return apply_filters('tml_action_url', $url, $action, $instance);
}
/**
* Handles "unlock" action for login page
*
* Callback for "tml_request_activate" hook in method Theme_My_Login::the_request();
*
* @see Theme_My_Login::the_request();
* @since 6.3
*/
public function request_unlock()
{
$user = self::check_user_unlock_key($_GET['key'], $_GET['login']);
$redirect_to = Theme_My_Login_Common::get_current_url();
if (is_wp_error($user)) {
$redirect_to = add_query_arg('unlock', 'invalidkey', $redirect_to);
wp_redirect($redirect_to);
exit;
}
self::unlock_user($user->ID);
$redirect_to = add_query_arg('unlock', 'complete', $redirect_to);
wp_redirect($redirect_to);
exit;
}
/**
* Displays the registration page
*
* @since 6.1
* @access public
*
* @param object $template Theme_My_Login_Template object
*/
public function tml_display_register(&$template)
{
global $wpdb, $blogname, $blog_title, $domain, $path, $active_signup;
$theme_my_login = Theme_My_Login::get_object();
do_action('before_signup_form');
echo '<div class="login mu_register" id="theme-my-login' . esc_attr($template->get_option('instance')) . '">';
$active_signup = get_site_option('registration');
if (!$active_signup) {
$active_signup = 'all';
}
$active_signup = apply_filters('wpmu_active_signup', $active_signup);
// return "all", "none", "blog" or "user"
// Make the signup type translatable.
$i18n_signup['all'] = _x('all', 'Multisite active signup type');
$i18n_signup['none'] = _x('none', 'Multisite active signup type');
$i18n_signup['blog'] = _x('blog', 'Multisite active signup type');
$i18n_signup['user'] = _x('user', 'Multisite active signup type');
if (is_super_admin()) {
echo '<p class="message">' . sprintf(__('Greetings Site Administrator! You are currently allowing “%s” registrations. To change or disable registration go to your <a href="%s">Options page</a>.', 'theme-my-login'), $i18n_signup[$active_signup], esc_url(network_admin_url('ms-options.php'))) . '</p>';
}
$newblogname = isset($_GET['new']) ? strtolower(preg_replace('/^-|-$|[^-a-zA-Z0-9]/', '', $_GET['new'])) : null;
$current_user = wp_get_current_user();
if ($active_signup == "none") {
_e('Registration has been disabled.', 'theme-my-login');
} elseif ($active_signup == 'blog' && !is_user_logged_in()) {
printf(__('You must first <a href="%s">log in</a>, and then you can create a new site.', 'theme-my-login'), wp_login_url(Theme_My_Login_Common::get_current_url()));
} else {
$stage = isset($_POST['stage']) ? $_POST['stage'] : 'default';
switch ($stage) {
case 'validate-user-signup':
if ($active_signup == 'all' || $_POST['signup_for'] == 'blog' && $active_signup == 'blog' || $_POST['signup_for'] == 'user' && $active_signup == 'user') {
$result = wpmu_validate_user_signup($_POST['user_name'], $_POST['user_email']);
extract($result);
$theme_my_login->errors = $errors;
if ($errors->get_error_code()) {
$this->signup_user($user_name, $user_email);
break;
}
if ('blog' == $_POST['signup_for']) {
$this->signup_blog($user_name, $user_email);
break;
}
wpmu_signup_user($user_name, $user_email, apply_filters('add_signup_meta', array()));
?>
<h2><?php
printf(__('%s is your new username', 'theme-my-login'), $user_name);
?>
</h2>
<p><?php
_e('But, before you can start using your new username, <strong>you must activate it</strong>.', 'theme-my-login');
?>
</p>
<p><?php
printf(__('Check your inbox at <strong>%1$s</strong> and click the link given.', 'theme-my-login'), $user_email);
?>
</p>
<p><?php
_e('If you do not activate your username within two days, you will have to sign up again.', 'theme-my-login');
?>
</p>
<?php
do_action('signup_finished');
} else {
_e('User registration has been disabled.', 'theme-my-login');
}
break;
case 'validate-blog-signup':
if ($active_signup == 'all' || $active_signup == 'blog') {
// Re-validate user info.
$result = wpmu_validate_user_signup($_POST['user_name'], $_POST['user_email']);
extract($result);
$theme_my_login->errors = $errors;
if ($errors->get_error_code()) {
$this->signup_user($user_name, $user_email);
break;
}
$result = wpmu_validate_blog_signup($_POST['blogname'], $_POST['blog_title']);
extract($result);
$theme_my_login->errors = $errors;
if ($errors->get_error_code()) {
$this->signup_blog($user_name, $user_email, $blogname, $blog_title);
break;
}
$public = (int) $_POST['blog_public'];
$meta = array('lang_id' => 1, 'public' => $public);
$meta = apply_filters('add_signup_meta', $meta);
wpmu_signup_blog($domain, $path, $blog_title, $user_name, $user_email, $meta);
?>
<h2><?php
printf(__('Congratulations! Your new site, %s, is almost ready.', 'theme-my-login'), "<a href='http://{$domain}{$path}'>{$blog_title}</a>");
?>
</h2>
<p><?php
_e('But, before you can start using your site, <strong>you must activate it</strong>.', 'theme-my-login');
?>
</p>
<p><?php
printf(__('Check your inbox at <strong>%s</strong> and click the link given.', 'theme-my-login'), $user_email);
?>
</p>
<p><?php
_e('If you do not activate your site within two days, you will have to sign up again.', 'theme-my-login');
?>
</p>
<h2><?php
_e('Still waiting for your email?', 'theme-my-login');
?>
</h2>
<p>
<?php
_e('If you haven’t received your email yet, there are a number of things you can do:', 'theme-my-login');
?>
<ul id="noemail-tips">
<li><p><strong><?php
_e('Wait a little longer. Sometimes delivery of email can be delayed by processes outside of our control.', 'theme-my-login');
?>
</strong></p></li>
<li><p><?php
_e('Check the junk or spam folder of your email client. Sometime emails wind up there by mistake.', 'theme-my-login');
?>
</p></li>
<li><?php
printf(__('Have you entered your email correctly? You have entered %s, if it’s incorrect, you will not receive your email.', 'theme-my-login'), $user_email);
?>
</li>
</ul>
</p>
<?php
do_action('signup_finished');
} else {
_e('Site registration has been disabled.', 'theme-my-login');
}
break;
case 'gimmeanotherblog':
$current_user = wp_get_current_user();
if (!is_user_logged_in()) {
die;
}
$result = wpmu_validate_blog_signup($_POST['blogname'], $_POST['blog_title'], $current_user);
extract($result);
$theme_my_login->errors = $errors;
if ($errors->get_error_code()) {
$this->signup_another_blog($blogname, $blog_title);
break;
}
$public = (int) $_POST['blog_public'];
$meta = apply_filters('signup_create_blog_meta', array('lang_id' => 1, 'public' => $public));
// deprecated
$meta = apply_filters('add_signup_meta', $meta);
wpmu_create_blog($domain, $path, $blog_title, $current_user->ID, $meta, $wpdb->siteid);
?>
<h2><?php
printf(__('The site %s is yours.', 'theme-my-login'), "<a href='http://{$domain}{$path}'>{$blog_title}</a>");
?>
</h2>
<p>
<?php
printf(__('<a href="http://%1$s">http://%2$s</a> is your new site. <a href="%3$s">Log in</a> as “%4$s” using your existing password.', 'theme-my-login'), $domain . $path, $domain . $path, "http://" . $domain . $path . "wp-login.php", $current_user->user_login);
?>
</p>
<?php
do_action('signup_finished');
break;
case 'default':
default:
$user_email = isset($_POST['user_email']) ? $_POST['user_email'] : '';
do_action('preprocess_signup_form');
// populate the form from invites, elsewhere?
if (is_user_logged_in() && ($active_signup == 'all' || $active_signup == 'blog')) {
$this->signup_another_blog($newblogname);
} elseif (is_user_logged_in() == false && ($active_signup == 'all' || $active_signup == 'user')) {
$this->signup_user($newblogname, $user_email);
} elseif (is_user_logged_in() == false && $active_signup == 'blog') {
_e('Sorry, new registrations are not allowed at this time.', 'theme-my-login');
} else {
_e('You are logged in already. No need to register again!', 'theme-my-login');
}
if ($newblogname) {
$newblog = get_blogaddress_by_name($newblogname);
if ($active_signup == 'blog' || $active_signup == 'all') {
printf(__('<p><em>The site you were looking for, <strong>%s</strong> does not exist, but you can create it now!</em></p>', 'theme-my-login'), $newblog);
} else {
printf(__('<p><em>The site you were looking for, <strong>%s</strong>, does not exist.</em></p>', 'theme-my-login'), $newblog);
}
}
break;
}
}
echo '</div>';
do_action('after_signup_form');
}
