Example #1
0
 /**
  * Handles Specific Post/Page Access authentication.
  *
  * @package optimizeMember\SP_Access
  * @since 3.5
  *
  * @param int|str $sp_id Numeric Post/Page ID in WordPress.
  * @param bool $read_only Optional. Defaults to false. If ``$read_only = true``,
  * 	no session cookies are set, no IP Restrictions are checked, and script execution is not exited on Link failure.
  * 	In other words, with ``$read_only = true``, this function will simply return true or false.
  * @return null|bool Always returns `true` if access is indeed allowed in one way or another.
  * 	If access is denied with ``$read_only = true`` simply return false. If access is denied with ``$read_only = false``, return false; but if a Specific Post/Page Access Link is currently being used, we exit with a warning about Access Link expiration here.
  */
 public static function sp_access($sp_id = FALSE, $read_only = FALSE)
 {
     do_action("ws_plugin__optimizemember_before_sp_access", get_defined_vars());
     /**/
     $excluded = apply_filters("ws_plugin__optimizemember_sp_access_excluded", false, get_defined_vars());
     /**/
     if ($excluded || current_user_can(apply_filters("ws_plugin__optimizemember_sp_access_excluded_cap", "edit_posts", get_defined_vars()))) {
         return apply_filters("ws_plugin__optimizemember_sp_access", true, get_defined_vars(), "auth-via-exclusion");
     } else {
         if ($sp_id && is_numeric($sp_id) && (!empty($_GET["optimizemember_sp_access"]) && ($_g["optimizemember_sp_access"] = trim(stripslashes((string) $_GET["optimizemember_sp_access"]))) && is_array($sp_access_values = array($_g["optimizemember_sp_access"])) || is_array($sp_access_values = c_ws_plugin__optimizemember_sp_access::sp_access_session())) && !empty($sp_access_values)) {
             foreach ($sp_access_values as $sp_access_value) {
                 if (is_array($sp_access = preg_split("/\\:\\.\\:\\|\\:\\.\\:/", c_ws_plugin__optimizemember_utils_encryption::decrypt($sp_access_value)))) {
                     if (count($sp_access) === 4 && $sp_access[0] === "sp_time_hours" && in_array($sp_id, preg_split("/[\r\n\t\\s;,]+/", $sp_access[1]))) {
                         if (is_numeric($sp_access[2]) && is_numeric($sp_access[3]) && $sp_access[2] <= strtotime("now") && $sp_access[2] + $sp_access[3] * 3600 >= strtotime("now")) {
                             if (!$read_only && !empty($_g["optimizemember_sp_access"])) {
                                 /* Add to session? */
                                 c_ws_plugin__optimizemember_sp_access::sp_access_session($_g["optimizemember_sp_access"]);
                             }
                             /**/
                             if ($read_only || c_ws_plugin__optimizemember_ip_restrictions::ip_restrictions_ok($_SERVER["REMOTE_ADDR"], $sp_access_value)) {
                                 return apply_filters("ws_plugin__optimizemember_sp_access", true, get_defined_vars(), "auth-via-link-session");
                             }
                         }
                     }
                 }
             }
             /* Otherwise, authentication was NOT possible via link or session. */
             if (!$read_only && !empty($_g["optimizemember_sp_access"])) {
                 status_header(503) . header("Content-Type: text/html; charset=utf-8");
                 eval('while (@ob_end_clean ());');
                 /* End/clean all output buffers that may exist. */
                 exit(_x('<strong>Your Link Expired:</strong><br />Please contact Support if you need assistance.', "s2member-front", "s2member"));
             } else {
                 /* Else return false here. */
                 return apply_filters("ws_plugin__optimizemember_sp_access", false, get_defined_vars(), "no-auth-via-link-session");
             }
         } else {
             /* Else return false here. */
             return apply_filters("ws_plugin__optimizemember_sp_access", false, get_defined_vars(), "no-auth-no-link-session");
         }
     }
 }
Example #2
0
 /**
  * Handles login redirections.
  *
  * @package optimizeMember\Login_Redirects
  * @since 3.5
  *
  * @attaches-to ``add_action("wp_login");``
  *
  * @param str $username Expects Username to be passed in by the Action Hook.
  * @return null Or exits script execution after a redirection takes place.
  */
 public static function login_redirect($username = FALSE)
 {
     eval('foreach(array_keys(get_defined_vars())as$__v)$__refs[$__v]=&$$__v;');
     do_action("ws_plugin__optimizemember_before_login_redirect", get_defined_vars());
     unset($__refs, $__v);
     /* Unset defined __refs, __v. */
     /**/
     $username = !$username && is_object($user = wp_get_current_user()) && !empty($user->user_login) ? strtolower($user->user_login) : strtolower($username);
     /**/
     if ($username && (isset($user) && is_object($user) || is_object($user = new WP_User($username))) && !empty($user->ID) && ($user_id = $user->ID)) {
         if (!get_user_option("optimizemember_registration_ip", $user_id)) {
             /* Have we got this yet? */
             update_user_option($user_id, "optimizemember_registration_ip", $_SERVER["REMOTE_ADDR"]);
         }
         /**/
         if (($logins = (int) get_user_option("optimizemember_login_counter", $user_id) + 1) >= 1 || ($logins = 1)) {
             update_user_option($user_id, "optimizemember_login_counter", $logins);
         }
         /**/
         if ($GLOBALS["WS_PLUGIN__"]["optimizemember"]["o"]["custom_reg_password"]) {
             /* Nag em? */
             delete_user_setting("default_password_nag") . update_user_option($user_id, "default_password_nag", false, true);
         }
         /**/
         $disable_login_ip_restrictions = apply_filters("ws_plugin__optimizemember_disable_login_ip_restrictions", false, get_defined_vars());
         /**/
         if (($ok = true) && !is_super_admin($user_id) && $username !== "demo" && !$disable_login_ip_restrictions) {
             $ok = c_ws_plugin__optimizemember_ip_restrictions::ip_restrictions_ok($_SERVER["REMOTE_ADDR"], $username);
         }
         /**/
         if ($redirect = apply_filters("ws_plugin__optimizemember_login_redirect", $user->has_cap("edit_posts") ? false : true, get_defined_vars())) {
             $obey_redirect_to = apply_filters("ws_plugin__optimizemember_obey_login_redirect_to", true, get_defined_vars());
             /**/
             if (!$obey_redirect_to || empty($_REQUEST["redirect_to"]) || !is_string($_REQUEST["redirect_to"]) || $_REQUEST["redirect_to"] === admin_url() || preg_match("/^\\/?wp-admin\\/?\$/", $_REQUEST["redirect_to"])) {
                 eval('foreach(array_keys(get_defined_vars())as$__v)$__refs[$__v]=&$$__v;');
                 do_action("ws_plugin__optimizemember_during_login_redirect", get_defined_vars());
                 unset($__refs, $__v);
                 /* Unset defined __refs, __v. */
                 /**/
                 if ($redirect && is_string($redirect)) {
                     /* Is this a string? */
                     wp_redirect($redirect);
                 } else {
                     if ($redirection_url = c_ws_plugin__optimizemember_login_redirects::login_redirection_url($user)) {
                         wp_redirect($redirection_url);
                     } else {
                         /* Else we use the Login Welcome Page configured for optimizeMember. */
                         wp_redirect(get_page_link($GLOBALS["WS_PLUGIN__"]["optimizemember"]["o"]["login_welcome_page"]));
                     }
                 }
                 /**/
                 exit;
                 /* Clean exit. */
             }
         }
     }
     /**/
     eval('foreach(array_keys(get_defined_vars())as$__v)$__refs[$__v]=&$$__v;');
     do_action("ws_plugin__optimizemember_after_login_redirect", get_defined_vars());
     unset($__refs, $__v);
     /* Unset defined __refs, __v. */
     /**/
     return;
     /* Return for uniformity. */
 }