/** * Edit user settings based on contents of $_POST * * Used on user-edit.php and profile.php to manage and process user options, passwords etc. * * @since 0.0.1 * * @param int $user_id Optional. User ID. * @return int|HQ_Error user id of the updated user */ function edit_user($user_id = 0) { $hq_roles = hq_roles(); $user = new stdClass(); if ($user_id) { $update = true; $user->ID = (int) $user_id; $userdata = get_userdata($user_id); $user->user_login = hq_slash($userdata->user_login); } else { $update = false; } if (!$update && isset($_POST['user_login'])) { $user->user_login = sanitize_user($_POST['user_login'], true); } $pass1 = $pass2 = ''; if (isset($_POST['pass1'])) { $pass1 = $_POST['pass1']; } if (isset($_POST['pass2'])) { $pass2 = $_POST['pass2']; } if (isset($_POST['role']) && current_user_can('edit_users')) { $new_role = sanitize_text_field($_POST['role']); $potential_role = isset($hq_roles->role_objects[$new_role]) ? $hq_roles->role_objects[$new_role] : false; // Don't let anyone with 'edit_users' (admins) edit their own role to something without it. // Multisite super admins can freely edit their blog roles -- they possess all caps. if (is_multisite() && current_user_can('manage_sites') || $user_id != get_current_user_id() || $potential_role && $potential_role->has_cap('edit_users')) { $user->role = $new_role; } // If the new role isn't editable by the logged-in user die with error $editable_roles = get_editable_roles(); if (!empty($new_role) && empty($editable_roles[$new_role])) { hq_die(__('You can’t give users that role.')); } } if (isset($_POST['email'])) { $user->user_email = sanitize_text_field(hq_unslash($_POST['email'])); } if (isset($_POST['url'])) { if (empty($_POST['url']) || $_POST['url'] == 'http://') { $user->user_url = ''; } else { $user->user_url = esc_url_raw($_POST['url']); $protocols = implode('|', array_map('preg_quote', hq_allowed_protocols())); $user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://' . $user->user_url; } } if (isset($_POST['first_name'])) { $user->first_name = sanitize_text_field($_POST['first_name']); } if (isset($_POST['last_name'])) { $user->last_name = sanitize_text_field($_POST['last_name']); } if (isset($_POST['nickname'])) { $user->nickname = sanitize_text_field($_POST['nickname']); } if (isset($_POST['display_name'])) { $user->display_name = sanitize_text_field($_POST['display_name']); } if (isset($_POST['description'])) { $user->description = trim($_POST['description']); } foreach (hq_get_user_contact_methods($user) as $method => $name) { if (isset($_POST[$method])) { $user->{$method} = sanitize_text_field($_POST[$method]); } } if ($update) { $user->rich_editing = isset($_POST['rich_editing']) && 'false' == $_POST['rich_editing'] ? 'false' : 'true'; $user->admin_color = isset($_POST['admin_color']) ? sanitize_text_field($_POST['admin_color']) : 'fresh'; $user->show_admin_bar_front = isset($_POST['admin_bar_front']) ? 'true' : 'false'; } $user->comment_shortcuts = isset($_POST['comment_shortcuts']) && 'true' == $_POST['comment_shortcuts'] ? 'true' : ''; $user->use_ssl = 0; if (!empty($_POST['use_ssl'])) { $user->use_ssl = 1; } $errors = new HQ_Error(); /* checking that username has been typed */ if ($user->user_login == '') { $errors->add('user_login', __('<strong>ERROR</strong>: Please enter a username.')); } /* checking the password has been typed twice */ /** * Fires before the password and confirm password fields are checked for congruity. * * @since 0.0.1 * * @param string $user_login The username. * @param string &$pass1 The password, passed by reference. * @param string &$pass2 The confirmed password, passed by reference. */ do_action_ref_array('check_passwords', array($user->user_login, &$pass1, &$pass2)); if ($update) { if (empty($pass1) && !empty($pass2)) { $errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass1')); } elseif (!empty($pass1) && empty($pass2)) { $errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass2')); } } else { if (empty($pass1)) { $errors->add('pass', __('<strong>ERROR</strong>: Please enter your password.'), array('form-field' => 'pass1')); } elseif (empty($pass2)) { $errors->add('pass', __('<strong>ERROR</strong>: Please enter your password twice.'), array('form-field' => 'pass2')); } } /* Check for "\" in password */ if (false !== strpos(hq_unslash($pass1), "\\")) { $errors->add('pass', __('<strong>ERROR</strong>: Passwords may not contain the character "\\".'), array('form-field' => 'pass1')); } /* checking the password has been typed twice the same */ if ($pass1 != $pass2) { $errors->add('pass', __('<strong>ERROR</strong>: Please enter the same password in the two password fields.'), array('form-field' => 'pass1')); } if (!empty($pass1)) { $user->user_pass = $pass1; } if (!$update && isset($_POST['user_login']) && !validate_username($_POST['user_login'])) { $errors->add('user_login', __('<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.')); } if (!$update && username_exists($user->user_login)) { $errors->add('user_login', __('<strong>ERROR</strong>: This username is already registered. Please choose another one.')); } /* checking e-mail address */ if (empty($user->user_email)) { $errors->add('empty_email', __('<strong>ERROR</strong>: Please enter an e-mail address.'), array('form-field' => 'email')); } elseif (!is_email($user->user_email)) { $errors->add('invalid_email', __('<strong>ERROR</strong>: The email address isn’t correct.'), array('form-field' => 'email')); } elseif (($owner_id = email_exists($user->user_email)) && (!$update || $owner_id != $user->ID)) { $errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.'), array('form-field' => 'email')); } /** * Fires before user profile update errors are returned. * * @since 0.0.1 * * @param array &$errors An array of user profile update errors, passed by reference. * @param bool $update Whether this is a user update. * @param HQ_User &$user HQ_User object, passed by reference. */ do_action_ref_array('user_profile_update_errors', array(&$errors, $update, &$user)); if ($errors->get_error_codes()) { return $errors; } if ($update) { $user_id = hq_update_user($user); } else { $user_id = hq_insert_user($user); hq_new_user_notification($user_id, null, 'both'); } return $user_id; }
/** * Output the login page header. * * @param string $title Optional. HiveQueen login Page title to display in the `<title>` element. * Default 'Log In'. * @param string $message Optional. Message to display in header. Default empty. * @param HQ_Error $hq_error Optional. The error to pass. Default empty. */ function login_header($title = 'Log In', $message = '', $hq_error = '') { global $error, $interim_login, $action; // Don't index any of these forms add_action('login_head', 'hq_no_robots'); if (hq_is_mobile()) { add_action('login_head', 'hq_login_viehqort_meta'); } if (empty($hq_error)) { $hq_error = new HQ_Error(); } // Shake it! $shake_error_codes = array('empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password'); /** * Filter the error codes array for shaking the login form. * * @since 0.0.1 * * @param array $shake_error_codes Error codes that shake the login form. */ $shake_error_codes = apply_filters('shake_error_codes', $shake_error_codes); if ($shake_error_codes && $hq_error->get_error_code() && in_array($hq_error->get_error_code(), $shake_error_codes)) { add_action('login_head', 'hq_shake_js', 12); } ?> <!DOCTYPE html> <!--[if IE 6]> <html id="ie6" <?php language_attributes(); ?> > <![endif]--> <!--[if IE 7]> <html id="ie7" <?php language_attributes(); ?> > <![endif]--> <!--[if IE 8]> <html id="ie8" <?php language_attributes(); ?> > <![endif]--> <!--[if !(IE 6) & !(IE 7) & !(IE 8)]><!--> <html <?php language_attributes(); ?> > <!--<![endif]--> <head> <meta charset="<?php bloginfo('charset'); ?> " /> <meta name="viewport" content="width=device-width" /> <title><?php hq_admin_css('login', true); /* * Remove all stored post data on logging out. * This could be added by add_action('login_head'...) like hq_shake_js(), * but maybe better if it's not removable by plugins */ if ('loggedout' == $hq_error->get_error_code()) { ?> <script>if("sessionStorage" in window){try{for(var key in sessionStorage){if(key.indexOf("hq-autosave-")!=-1){sessionStorage.removeItem(key)}}}catch(e){}};</script> <?php } /** * Enqueue scripts and styles for the login page. * * @since 0.0.1 */ do_action('login_enqueue_scripts'); /** * Fires in the login page header after scripts are enqueued. * * @since 0.0.1 */ do_action('login_head'); //TODO: Goyo no multisite //if ( is_multisite() ) { if (false) { $login_header_url = network_home_url(); $login_header_title = get_current_site()->site_name; } else { $login_header_url = __('https://hivequeen.org/'); $login_header_title = __('Powered by HiveQueen'); } /** * Filter link URL of the header logo above login form. * * @since 0.0.1 * * @param string $login_header_url Login header logo URL. */ $login_header_url = apply_filters('login_headerurl', $login_header_url); /** * Filter the title attribute of the header logo above login form. * * @since 0.0.1 * * @param string $login_header_title Login header logo title attribute. */ $login_header_title = apply_filters('login_headertitle', $login_header_title); $classes = array('login-action-' . $action, 'hq-core-ui'); if (hq_is_mobile()) { $classes[] = 'mobile'; } if (is_rtl()) { $classes[] = 'rtl'; } if ($interim_login) { $classes[] = 'interim-login'; ?> <style type="text/css">html{background-color: transparent;}</style> <?php if ('success' === $interim_login) { $classes[] = 'interim-login-success'; } } $classes[] = ' locale-' . sanitize_html_class(strtolower(str_replace('_', '-', get_locale()))); /** * Filter the login page body classes. * * @since 0.0.1 * * @param array $classes An array of body classes. * @param string $action The action that brought the visitor to the login page. */ $classes = apply_filters('login_body_class', $classes, $action); ?> </head> <body class="login <?php echo esc_attr(implode(' ', $classes)); ?> "> <div id="login"> <h1><a href="<?php echo esc_url($login_header_url); ?> " title="<?php echo esc_attr($login_header_title); ?> " tabindex="-1"><?php bloginfo('name'); ?> </a></h1> <?php unset($login_header_url, $login_header_title); /** * Filter the message to display above the login form. * * @since 0.0.1 * * @param string $message Login message text. */ $message = apply_filters('login_message', $message); if (!empty($message)) { echo $message . "\n"; } // In case a plugin uses $error rather than the $hq_errors object if (!empty($error)) { $hq_error->add('error', $error); unset($error); } if ($hq_error->get_error_code()) { $errors = ''; $messages = ''; foreach ($hq_error->get_error_codes() as $code) { $severity = $hq_error->get_error_data($code); foreach ($hq_error->get_error_messages($code) as $error_message) { if ('message' == $severity) { $messages .= ' ' . $error_message . "<br />\n"; } else { $errors .= ' ' . $error_message . "<br />\n"; } } } if (!empty($errors)) { /** * Filter the error messages displayed above the login form. * * @since 0.0.1 * * @param string $errors Login error message. */ echo '<div id="login_error">' . apply_filters('login_errors', $errors) . "</div>\n"; } if (!empty($messages)) { /** * Filter instructional messages displayed above the login form. * * @since 0.0.1 * * @param string $messages Login messages. */ echo '<p class="message">' . apply_filters('login_messages', $messages) . "</p>\n"; } } }