/**
* @ticket 23192
*/
function test_is_user_spammy() {
$user_id = $this->factory->user->create( array(
'role' => 'author',
'user_login' => 'testuser1',
) );
$spam_username = (string) $user_id;
$spam_user_id = $this->factory->user->create( array(
'role' => 'author',
'user_login' => $spam_username,
) );
update_user_status( $spam_user_id, 'spam', '1' );
$this->assertTrue( is_user_spammy( $spam_username ) );
$this->assertFalse( is_user_spammy( 'testuser1' ) );
}
/**
* For Multisite blogs, check if the authenticated user has been marked as a
* spammer, or if the user's primary blog has been marked as spam.
*
* @since 3.7.0
*
* @param WP_User|WP_Error|null $user WP_User or WP_Error object from a previous callback. Default null.
* @return WP_User|WP_Error WP_User on success, WP_Error if the user is considered a spammer.
*/
function wp_authenticate_spam_check($user)
{
if ($user instanceof WP_User && is_multisite()) {
/**
* Filter whether the user has been marked as a spammer.
*
* @since 3.7.0
*
* @param bool $spammed Whether the user is considered a spammer.
* @param WP_User $user User to check against.
*/
$spammed = apply_filters('check_is_user_spammed', is_user_spammy(), $user);
if ($spammed) {
return new WP_Error('spammer_account', __('<strong>ERROR</strong>: Your account has been marked as a spammer.'));
}
}
return $user;
}
/**
* For multisite blogs, check if the authenticated user has been marked as a
* spammer, or if the user's primary blog has been marked as spam.
*
* @since 3.7.0
*/
function wp_authenticate_spam_check($user)
{
if ($user && is_a($user, 'WP_User') && is_multisite()) {
$spammed = apply_filters('check_is_user_spammed', is_user_spammy(), $user);
if ($spammed) {
return new WP_Error('spammer_account', __('<strong>ERROR</strong>: Your account has been marked as a spammer.'));
}
}
return $user;
}
/**
* Creates, stores, then returns a password reset key for user.
*
* @since 4.4.0
*
* @global wpdb $wpdb WordPress database abstraction object.
* @global PasswordHash $wp_hasher Portable PHP password hashing framework.
*
* @param WP_User $user User to retrieve password reset key for.
*
* @return string|WP_Error Password reset key on success. WP_Error on error.
*/
function get_password_reset_key($user)
{
global $wpdb, $wp_hasher;
/**
* Fires before a new password is retrieved.
*
* Use the {@see 'retrieve_password'} hook instead.
*
* @since 1.5.0
* @deprecated 1.5.1 Misspelled. Use 'retrieve_password' hook instead.
*
* @param string $user_login The user login name.
*/
do_action('retreive_password', $user->user_login);
/**
* Fires before a new password is retrieved.
*
* @since 1.5.1
*
* @param string $user_login The user login name.
*/
do_action('retrieve_password', $user->user_login);
$allow = true;
if (is_multisite() && is_user_spammy($user)) {
$allow = false;
}
/**
* Filters whether to allow a password to be reset.
*
* @since 2.7.0
*
* @param bool $allow Whether to allow the password to be reset. Default true.
* @param int $user_data->ID The ID of the user attempting to reset a password.
*/
$allow = apply_filters('allow_password_reset', $allow, $user->ID);
if (!$allow) {
return new WP_Error('no_password_reset', __('Password reset is not allowed for this user'));
} elseif (is_wp_error($allow)) {
return $allow;
}
// Generate something random for a password reset key.
$key = wp_generate_password(20, false);
/**
* Fires when a password reset key is generated.
*
* @since 2.5.0
*
* @param string $user_login The username for the user.
* @param string $key The generated password reset key.
*/
do_action('retrieve_password_key', $user->user_login, $key);
// Now insert the key, hashed, into the DB.
if (empty($wp_hasher)) {
$wp_hasher = new PasswordHash(8, true);
}
$hashed = time() . ':' . $wp_hasher->HashPassword($key);
$key_saved = $wpdb->update($wpdb->users, array('user_activation_key' => $hashed), array('user_login' => $user->user_login));
if (false === $key_saved) {
return new WP_Error('no_password_key_update', __('Could not save password reset key to database.'));
}
return $key;
}
/**
* Check the main WordPress query to match WP Idea Stream conditions
* Eventually Override query vars and set global template conditions / vars
*
* This the key function of the plugin, it is definining the templates
* to load and is setting the displayed user.
*
* Inspired by bbPress 's bbp_parse_query()
*
* @package WP Idea Stream
* @subpackage core/template-functions
*
* @since 2.0.0
*
* @param WP_Query $posts_query The WP_Query instance
* @uses WP_Query->is_main_query() to check it's the main query
* @uses WP_Query->get() to get a query var
* @uses wp_idea_stream_is_admin() to check if in IdeaStream's Admin territory
* @uses wp_idea_stream_is_sticky_enabled() to check if sticky feature is available
* @uses WP_Query->set() to set a query var
* @uses wp_idea_stream_is_rating_disabled() to check if ratings feature are available
* @uses wp_idea_stream_set_idea_var() to globalize a var
* @uses is_admin() to check for WordPress administration
* @uses wp_idea_stream_get_post_type() to get the ideas post type identifier
* @uses wp_idea_stream_user_rewrite_id() to get the user rewrite id
* @uses wp_idea_stream_users_get_user_data() to get a specific user's data
* @uses WP_Query->set_404() to set a 404
* @uses wp_idea_stream_user_rates_rewrite_id() to get the user rates rewrite id
* @uses wp_idea_stream_user_comments_rewrite_id() to get the user comments rewrite id
* @uses wp_idea_stream_action_rewrite_id() to get the action rewrite id
* @uses wp_idea_stream_addnew_slug() to get the add new slug
* @uses wp_idea_stream_edit_slug() to get the edit slug
* @uses has_action() to check if the action 'wp_idea_stream_custom_action' is used by any plugins
* @uses do_action() Calls 'wp_idea_stream_custom_action' to perform actions relative to ideas
* @uses wp_idea_stream_get_category() to get the ideas category identifier
* @uses wp_idea_stream_get_tag() to get the ideas tag identifier
* @uses wp_idea_stream_search_rewrite_id() to get the search rewrite id
*/
function wp_idea_stream_parse_query($posts_query = null)
{
// Bail if $posts_query is not the main loop
if (!$posts_query->is_main_query()) {
return;
}
// Bail if filters are suppressed on this query
if (true === $posts_query->get('suppress_filters')) {
return;
}
// Handle the specific queries in IdeaStream Admin
if (wp_idea_stream_is_admin()) {
// Display sticky ideas if requested
if (wp_idea_stream_is_sticky_enabled() && !empty($_GET['sticky_ideas'])) {
$posts_query->set('post__in', wp_idea_stream_ideas_get_stickies());
}
// Build meta_query if orderby rates is set
if (!wp_idea_stream_is_rating_disabled() && !empty($_GET['orderby']) && 'rates_count' == $_GET['orderby']) {
$posts_query->set('meta_query', array(array('key' => '_ideastream_average_rate', 'compare' => 'EXISTS')));
// Set the orderby idea var
wp_idea_stream_set_idea_var('orderby', 'rates_count');
}
do_action('wp_idea_stream_admin_request', $posts_query);
return;
}
// Bail if else where in admin
if (is_admin()) {
return;
}
// Ideas post type for a later use
$idea_post_type = wp_idea_stream_get_post_type();
/** User's profile ************************************************************/
// Are we requesting the user-profile template ?
$user = $posts_query->get(wp_idea_stream_user_rewrite_id());
$embed_page = wp_idea_stream_is_embed_profile();
if (!empty($user)) {
if (!is_numeric($user)) {
// Get user by his username
$user = wp_idea_stream_users_get_user_data('slug', $user);
} else {
// Get user by his id
$user = wp_idea_stream_users_get_user_data('id', $user);
}
// No user id: no profile!
if (empty($user->ID) || true === apply_filters('wp_idea_stream_users_is_spammy', is_multisite() && is_user_spammy($user), $user)) {
$posts_query->set_404();
// Make sure the WordPress Embed Template will be used
if ('true' === get_query_var('embed') || true === get_query_var('embed')) {
$posts_query->is_embed = true;
$posts_query->set('p', -1);
}
return;
}
// Set the displayed user id
wp_idea_stream_set_idea_var('is_user', absint($user->ID));
// Make sure the post_type is set to ideas.
$posts_query->set('post_type', $idea_post_type);
// Are we requesting user rates
$user_rates = $posts_query->get(wp_idea_stream_user_rates_rewrite_id());
// Or user comments ?
$user_comments = $posts_query->get(wp_idea_stream_user_comments_rewrite_id());
if (!empty($user_rates) && !wp_idea_stream_is_rating_disabled()) {
// We are viewing user's rates
wp_idea_stream_set_idea_var('is_user_rates', true);
// Define the Meta Query to get his rates
$posts_query->set('meta_query', array(array('key' => '_ideastream_rates', 'value' => ';i:' . $user->ID . ';', 'compare' => 'LIKE')));
} else {
if (!empty($user_comments)) {
// We are viewing user's comments
wp_idea_stream_set_idea_var('is_user_comments', true);
/**
* Make sure no result.
* Query will be built later in user comments loop
*/
$posts_query->set('p', -1);
} else {
if ('true' === get_query_var('embed') || true === get_query_var('embed')) {
$posts_query->is_embed = true;
$posts_query->set('p', -1);
if ($embed_page) {
wp_idea_stream_set_idea_var('is_user_embed', true);
} else {
$posts_query->set_404();
return;
}
}
// Default to the ideas the user submitted
$posts_query->set('author', $user->ID);
}
}
// No stickies on user's profile
$posts_query->set('ignore_sticky_posts', true);
// Make sure no 404
$posts_query->is_404 = false;
// Set the displayed user.
wp_idea_stream_set_idea_var('displayed_user', $user);
}
/** Actions (New Idea) ********************************************************/
$action = $posts_query->get(wp_idea_stream_action_rewrite_id());
if (!empty($action)) {
// Make sure the post type is set to ideas
$posts_query->set('post_type', $idea_post_type);
// Define a global to inform we're dealing with an action
wp_idea_stream_set_idea_var('is_action', true);
// Is the new idea form requested ?
if (wp_idea_stream_addnew_slug() == $action) {
// Yes so set the corresponding var
wp_idea_stream_set_idea_var('is_new', true);
/**
* Make sure no result.
* We are not querying any content, but creating one
*/
$posts_query->set('p', -1);
// Edit action ?
} else {
if (wp_idea_stream_edit_slug() == $action) {
// Yes so set the corresponding var
wp_idea_stream_set_idea_var('is_edit', true);
// Signup support
} else {
if (wp_idea_stream_signup_slug() == $action && wp_idea_stream_is_signup_allowed_for_current_blog()) {
// Set the signup global var
wp_idea_stream_set_idea_var('is_signup', true);
/**
* Make sure no result.
* We are not querying any content, but creating one
*/
$posts_query->set('p', -1);
} else {
if (has_action('wp_idea_stream_custom_action')) {
/**
* Allow plugins to other custom idea actions
*
* @param string $action The requested action
* @param WP_Query $posts_query The WP_Query instance
*/
do_action('wp_idea_stream_custom_action', $action, $posts_query);
} else {
$posts_query->set_404();
return;
}
}
}
}
}
/** Ideas by category *********************************************************/
$category = $posts_query->get(wp_idea_stream_get_category());
if (!empty($category)) {
// Make sure the post type is set to ideas
$posts_query->set('post_type', $idea_post_type);
// Define the current category
wp_idea_stream_set_idea_var('is_category', $category);
}
/** Ideas by tag **************************************************************/
$tag = $posts_query->get(wp_idea_stream_get_tag());
if (!empty($tag)) {
// Make sure the post type is set to ideas
$posts_query->set('post_type', $idea_post_type);
// Define the current tag
wp_idea_stream_set_idea_var('is_tag', $tag);
}
/** Searching ideas ***********************************************************/
$search = $posts_query->get(wp_idea_stream_search_rewrite_id());
if (!empty($search)) {
// Make sure the post type is set to ideas
$posts_query->set('post_type', $idea_post_type);
// Define the query as a search one
$posts_query->set('is_search', true);
/**
* Temporarly set the 's' parameter of WP Query
* This will be reset while building ideas main_query args
* @see wp_idea_stream_set_template()
*/
$posts_query->set('s', $search);
// Set the search conditionnal var
wp_idea_stream_set_idea_var('is_search', true);
}
/** Changing order ************************************************************/
// Here we're using built-in var
$orderby = $posts_query->get('orderby');
// Make sure we are ordering ideas
if (!empty($orderby) && $idea_post_type == $posts_query->get('post_type')) {
if (!wp_idea_stream_is_rating_disabled() && 'rates_count' == $orderby) {
/**
* It's an order by rates request, set the meta query to achieve this.
* Here we're not ordering yet, we simply make sure to get ideas that
* have been rated.
* Order will happen thanks to wp_idea_stream_set_rates_count_orderby()
* filter.
*/
$posts_query->set('meta_query', array(array('key' => '_ideastream_average_rate', 'compare' => 'EXISTS')));
}
// Set the order by var
wp_idea_stream_set_idea_var('orderby', $orderby);
}
// Set the idea archive var if viewing ideas archive
if ($posts_query->is_post_type_archive()) {
wp_idea_stream_set_idea_var('is_idea_archive', true);
}
/**
* Finally if post_type is ideas, then we're in IdeaStream's
* territory so set this
*/
if ($idea_post_type === $posts_query->get('post_type')) {
wp_idea_stream_set_idea_var('is_ideastream', true);
// Reset the pagination
if (-1 !== $posts_query->get('p')) {
$posts_query->set('posts_per_page', wp_idea_stream_ideas_per_page());
}
}
}
function login_spam_check($user, $password)
{
if (is_user_spammy($user->id)) {
return new WP_Error('invalid_username', __('<strong>ERROR</strong>: your account has been marked as a spammer.'));
}
return $user;
}
/**
* WordPress requires a post id to allow content to be Embed, As our users are not organized
* into a post type, we need to use an utility page to get a post ID, and then filter its permalink
* and title so that the ones of the user's profile will be used instead
*
* @since 2.3.0
*
* @global WP_Rewrite $wp_rewrite
* @param int $post_id the requested post id (should be empty for our users profiles)
* @param string $url the requested url which can contain an IdeaStream user's profile
*/
function wp_idea_stream_users_oembed_request_post_id($post_id = 0, $url = '')
{
// The post is not empty leave WordPress deal with it!
if (!empty($post_id)) {
return $post_id;
}
$utility_page = wp_idea_stream_is_embed_profile();
// No utility page, stop!
if (!$utility_page) {
return $post_id;
}
// Get the WP Rewrites
global $wp_rewrite;
$extra_rules = $wp_rewrite->extra_rules_top;
if (empty($extra_rules)) {
return $post_id;
}
// Parse the url
$parse_url = parse_url($url);
// Pretty permalinks: Loop through each extra rules to find the username or user id
if ($wp_rewrite->using_permalinks() && isset($parse_url['path']) && false !== strpos($parse_url['path'], wp_idea_stream_user_slug())) {
// Loop through each extra rules to find the username or user id
foreach ((array) $extra_rules as $match => $query) {
if (preg_match("#^{$match}#", str_replace(trailingslashit(home_url()), '', $url), $matches)) {
if (isset($matches[1])) {
$user = $matches[1];
break;
}
}
}
// Default permalinks: find the query var containing the user_id
} elseif (isset($parse_url['query'])) {
// Parse the query string
parse_str($parse_url['query'], $query_vars);
if (!empty($query_vars[wp_idea_stream_user_rewrite_id()])) {
$user = (int) $query_vars[wp_idea_stream_user_rewrite_id()];
}
}
// No username or user id found stop
if (empty($user)) {
return $post_id;
}
if (!is_numeric($user)) {
// Get user by his username
$user = wp_idea_stream_users_get_user_data('slug', $user);
} else {
// Get user by his id
$user = wp_idea_stream_users_get_user_data('id', $user);
}
// A user was found globalize it for a latter use and init some filters
if (is_a($user, 'WP_User')) {
// If the user is a spammer, do not allow his profile to be embed
if (true === apply_filters('wp_idea_stream_users_is_spammy', is_multisite() && is_user_spammy($user), $user)) {
return $post_id;
}
// Set the utility page as the post id
$post_id = $utility_page;
wp_idea_stream_set_idea_var('embed_user_data', $user);
// Temporarly only!
add_filter('post_type_link', 'wp_idea_stream_users_oembed_link', 10, 2);
add_filter('the_title', 'wp_idea_stream_users_oembed_title', 10, 2);
}
return $post_id;
}
