function nxt_authenticate_username_password($user, $username, $password)
{
if (is_a($user, 'nxt_User')) {
return $user;
}
if (empty($username) || empty($password)) {
$error = new nxt_Error();
if (empty($username)) {
$error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.'));
}
if (empty($password)) {
$error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.'));
}
return $error;
}
$userdata = get_user_by('login', $username);
if (!$userdata) {
return new nxt_Error('invalid_username', sprintf(__('<strong>ERROR</strong>: Invalid username. <a href="%s" title="Password Lost and Found">Lost your password</a>?'), nxt_lostpassword_url()));
}
if (is_multisite()) {
// Is user marked as spam?
if (1 == $userdata->spam) {
return new nxt_Error('invalid_username', __('<strong>ERROR</strong>: Your account has been marked as a spammer.'));
}
// Is a user's blog marked as spam?
if (!is_super_admin($userdata->ID) && isset($userdata->primary_blog)) {
$details = get_blog_details($userdata->primary_blog);
if (is_object($details) && $details->spam == 1) {
return new nxt_Error('blog_suspended', __('Site Suspended.'));
}
}
}
$userdata = apply_filters('nxt_authenticate_user', $userdata, $password);
if (is_nxt_error($userdata)) {
return $userdata;
}
if (!nxt_check_password($password, $userdata->user_pass, $userdata->ID)) {
return new nxt_Error('incorrect_password', sprintf(__('<strong>ERROR</strong>: The password you entered for the username <strong>%1$s</strong> is incorrect. <a href="%2$s" title="Password Lost and Found">Lost your password</a>?'), $username, nxt_lostpassword_url()));
}
$user = new nxt_User($userdata->ID);
return $user;
}
function bb_manage_user_fields($edit_user = '')
{
global $nxt_roles, $nxt_users_object, $bbdb;
// Cap checks
$user_roles = $nxt_roles->role_names;
$can_keep_gate = bb_current_user_can('keep_gate');
if ('post' == strtolower($_SERVER['REQUEST_METHOD'])) {
bb_check_admin_referer('user-manage');
// Instantiate required vars
$_POST = stripslashes_deep($_POST);
$create_user_errors = new nxt_Error();
// User login
$trimmed_user_login = str_replace(' ', '', $_POST['user_login']);
$user_login = sanitize_user($_POST['user_login'], true);
$user_meta['first_name'] = $_POST['first_name'];
$user_meta['last_name'] = $_POST['last_name'];
$user_display_name = $_POST['display_name'];
$user_email = $_POST['user_email'];
$user_url = $_POST['user_url'];
$user_meta['from'] = $_POST['from'];
$user_meta['occ'] = $_POST['occ'];
$user_meta['interest'] = $_POST['interest'];
$user_role = $_POST['userrole'];
$user_meta['throttle'] = $_POST['throttle'];
$user_pass1 = $_POST['pass1'];
$user_pass2 = $_POST['pass2'];
$user_status = 0;
$user_pass = false;
$user_url = $user_url ? bb_fix_link($user_url) : '';
// Check user_login
if (!isset($_GET['action']) && empty($user_login)) {
$create_user_errors->add('user_login', __('Username is a required field.'));
} else {
if ($user_login !== $trimmed_user_login) {
$create_user_errors->add('user_login', sprintf(__('%s is an invalid username. How\'s this one?'), esc_html($_POST['user_login'])));
$user_login = $trimmed_user_login;
}
}
// Check email
if (isset($user_email) && empty($user_email)) {
$create_user_errors->add('user_email', __('Email address is a required field.'));
}
// Password Sanity Check
if ((!empty($user_pass1) || !empty($user_pass2)) && $user_pass1 !== $user_pass2) {
$create_user_errors->add('pass', __('You must enter the same password twice.'));
} elseif (!isset($_GET['action']) && (empty($user_pass1) && empty($user_pass2))) {
$create_user_errors->add('pass', __('You must enter a password.'));
} elseif (isset($_GET['action']) && (empty($user_pass1) && empty($user_pass2))) {
$user_pass = '';
} else {
$user_pass = $user_pass1;
}
// No errors
if (!$create_user_errors->get_error_messages()) {
// Create or udpate
switch ($_POST['action']) {
case 'create':
$goback = bb_get_uri('bb-admin/users.php', array('created' => 'true'), BB_URI_CONTEXT_FORM_ACTION + BB_URI_CONTEXT_BB_ADMIN);
$user = $nxt_users_object->new_user(compact('user_login', 'user_email', 'user_url', 'user_nicename', 'user_status', 'user_pass'));
// Error handler
if (is_nxt_error($user)) {
bb_admin_notice($user);
unset($goback);
// Update additional user data
} else {
// Update caps
bb_update_usermeta($user['ID'], $bbdb->prefix . 'capabilities', array($user_role => true));
// Update all user meta
foreach ($user_meta as $key => $value) {
bb_update_usermeta($user['ID'], $key, $value);
}
// Don't send email if empty
if (!empty($user_pass)) {
bb_send_pass($user['ID'], $user_pass);
}
do_action('bb_new_user', $user['ID'], $user_pass);
}
break;
case 'update':
$goback = bb_get_uri('bb-admin/users.php', array('updated' => 'true'), BB_URI_CONTEXT_FORM_ACTION + BB_URI_CONTEXT_BB_ADMIN);
$user = $nxt_users_object->get_user($_GET['user_id'], array('output' => ARRAY_A));
bb_update_user($user['ID'], $user_email, $user_url, $user_display_name);
// Don't change PW if empty
if (!empty($user_pass)) {
bb_update_user_password($user['ID'], $user_pass);
}
// Error handler
if (is_nxt_error($user)) {
bb_admin_notice($user);
unset($goback);
// Update additional user data
} else {
// Update caps
bb_update_usermeta($user['ID'], $bbdb->prefix . 'capabilities', array($user_role => true));
// Update all user meta
foreach ($user_meta as $key => $value) {
bb_update_usermeta($user['ID'], $key, $value);
}
// Don't send email if empty
if (!empty($user_pass)) {
bb_send_pass($user['ID'], $user_pass);
}
do_action('bb_update_user', $user['ID'], $user_pass);
}
break;
}
// Redirect
if (isset($goback) && !empty($goback)) {
bb_safe_redirect($goback);
}
// Error handler
} else {
bb_admin_notice($create_user_errors);
}
} elseif (isset($_GET['action']) && $_GET['action'] == 'edit') {
if (isset($_GET['user_id']) && is_numeric($_GET['user_id'])) {
$disabled = true;
// Get the user
if (empty($edit_user)) {
$edit_user = bb_get_user(bb_get_user_id($_GET['user_id']));
}
// Instantiate required vars
$user_login = $edit_user->user_login;
$user_meta['first_name'] = $edit_user->first_name;
$user_meta['last_name'] = $edit_user->last_name;
$user_display_name = $edit_user->display_name;
$user_email = $edit_user->user_email;
$user_url = $edit_user->user_url;
$user_meta['from'] = $edit_user->from;
$user_meta['occ'] = $edit_user->occ;
$user_meta['interest'] = $edit_user->interest;
$user_role = array_search('true', $edit_user->capabilities);
$user_meta['throttle'] = $edit_user->throttle;
// Keymasters can't demote themselves
if ($edit_user->ID == bb_get_current_user_info('id') && $can_keep_gate || isset($edit_user->capabilities) && is_array($edit_user->capabilities) && array_key_exists('keymaster', $edit_user->capabilities) && !$can_keep_gate) {
$user_roles = array('keymaster' => $user_roles['keymaster']);
} elseif (!$can_keep_gate) {
unset($user_roles['keymaster']);
}
}
}
// Load password strength checker
nxt_enqueue_script('password-strength-meter');
nxt_enqueue_script('profile-edit');
// Generate a few PW hints
$some_pass_hints = '';
for ($l = 3; $l != 0; $l--) {
$some_pass_hints .= '<p>' . bb_generate_password() . '</p>';
}
// Create the user fields
$user_fields = array('user_login' => array('title' => __('Username'), 'note' => __('Required! Unique identifier for new user.'), 'value' => $user_login, 'disabled' => $disabled), 'first_name' => array('title' => __('First Name'), 'value' => $user_meta['first_name']), 'last_name' => array('title' => __('Last Name'), 'value' => $user_meta['last_name']), 'display_name' => array('title' => __('Display Name'), 'value' => $user_display_name), 'user_email' => array('title' => __('Email'), 'note' => __('Required! Will be used for notifications and profile settings changes.'), 'value' => $user_email), 'user_url' => array('title' => __('Website'), 'class' => array('long', 'code'), 'note' => __('The full URL of user\'s homepage or blog.'), 'value' => $user_url), 'from' => array('title' => __('Location'), 'class' => array('long'), 'value' => $user_meta['from']), 'occ' => array('title' => __('Occupation'), 'class' => array('long'), 'value' => $user_meta['occ']), 'interest' => array('title' => __('Interests'), 'class' => array('long'), 'value' => $user_meta['interest']), 'userrole' => array('title' => __('User Role'), 'type' => 'select', 'options' => $user_roles, 'note' => __('Allow user the above privileges.'), 'value' => $user_role), 'pass1' => array('title' => __('New Password'), 'type' => 'password', 'class' => array('short', 'text', 'code'), 'note' => __('Hints: ') . $some_pass_hints, 'value' => $user_pass1), 'pass2' => array('title' => __('Repeat New Password'), 'type' => 'password', 'class' => array('short', 'text', 'code'), 'note' => __('If you ignore hints, remember: the password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).'), 'value' => $user_pass2), 'email_pass' => array('title' => '', 'type' => 'checkbox', 'options' => array('1' => array('label' => __('Email the new password.'), 'attributes' => array('checked' => true)))), 'pass-strength-fake-input' => array('title' => __('Password Strength'), 'type' => 'hidden'));
return apply_filters('bb_manage_user_fields', $user_fields);
}
nxt_redirect($sendto);
exit;
}
// Set some low capabilities if the current user has none
if (!isset($user->capabilities)) {
$user->capabilities = array('inactive' => true);
}
// Store the profile info keys
$profile_info_keys = bb_get_profile_info_keys('profile-edit');
// Store additional keys if the current user has access to them
if (bb_current_user_can('edit_users')) {
$profile_admin_keys = bb_get_profile_admin_keys('profile-edit');
$assignable_caps = bb_get_assignable_caps();
}
// Instantiate the error object
$errors = new nxt_Error();
if ('post' == strtolower($_SERVER['REQUEST_METHOD'])) {
$_POST = stripslashes_deep($_POST);
bb_check_admin_referer('edit-profile_' . $user_id);
// Fix the URL before sanitizing it
$user_url = bb_fix_link($_POST['user_url']);
// Sanitize the profile info keys and check for missing required data
foreach ($profile_info_keys as $key => $label) {
${$key} = apply_filters('sanitize_profile_info', $_POST[$key], $key, $_POST[$key]);
if (!${$key} && $label[0] == 1) {
$errors->add($key, sprintf(__('%s is required.'), esc_html($label[1])));
${$key} = false;
}
}
// Find out if we have a valid email address
if (isset($user_email) && !($user_email = is_email($user_email))) {
/**
* Edit user settings based on contents of $_POST
*
* Used on user-edit.php and profile.php to manage and process user options, passwords etc.
*
* @since 2.0
*
* @param int $user_id Optional. User ID.
* @return int user id of the updated user
*/
function edit_user($user_id = 0)
{
global $nxt_roles, $nxtdb;
$user = new stdClass();
if ($user_id) {
$update = true;
$user->ID = (int) $user_id;
$userdata = get_userdata($user_id);
$user->user_login = $nxtdb->escape($userdata->user_login);
} else {
$update = false;
}
if (!$update && isset($_POST['user_login'])) {
$user->user_login = sanitize_user($_POST['user_login'], true);
}
$pass1 = $pass2 = '';
if (isset($_POST['pass1'])) {
$pass1 = $_POST['pass1'];
}
if (isset($_POST['pass2'])) {
$pass2 = $_POST['pass2'];
}
if (isset($_POST['role']) && current_user_can('edit_users')) {
$new_role = sanitize_text_field($_POST['role']);
$potential_role = isset($nxt_roles->role_objects[$new_role]) ? $nxt_roles->role_objects[$new_role] : false;
// Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
// Multisite super admins can freely edit their blog roles -- they possess all caps.
if (is_multisite() && current_user_can('manage_sites') || $user_id != get_current_user_id() || $potential_role && $potential_role->has_cap('edit_users')) {
$user->role = $new_role;
}
// If the new role isn't editable by the logged-in user die with error
$editable_roles = get_editable_roles();
if (!empty($new_role) && empty($editable_roles[$new_role])) {
nxt_die(__('You can’t give users that role.'));
}
}
if (isset($_POST['email'])) {
$user->user_email = sanitize_text_field($_POST['email']);
}
if (isset($_POST['url'])) {
if (empty($_POST['url']) || $_POST['url'] == 'http://') {
$user->user_url = '';
} else {
$user->user_url = esc_url_raw($_POST['url']);
$user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://' . $user->user_url;
}
}
if (isset($_POST['first_name'])) {
$user->first_name = sanitize_text_field($_POST['first_name']);
}
if (isset($_POST['last_name'])) {
$user->last_name = sanitize_text_field($_POST['last_name']);
}
if (isset($_POST['nickname'])) {
$user->nickname = sanitize_text_field($_POST['nickname']);
}
if (isset($_POST['display_name'])) {
$user->display_name = sanitize_text_field($_POST['display_name']);
}
if (isset($_POST['description'])) {
$user->description = trim($_POST['description']);
}
foreach (_nxt_get_user_contactmethods($user) as $method => $name) {
if (isset($_POST[$method])) {
$user->{$method} = sanitize_text_field($_POST[$method]);
}
}
if ($update) {
$user->rich_editing = isset($_POST['rich_editing']) && 'false' == $_POST['rich_editing'] ? 'false' : 'true';
$user->admin_color = isset($_POST['admin_color']) ? sanitize_text_field($_POST['admin_color']) : 'fresh';
$user->show_admin_bar_front = isset($_POST['admin_bar_front']) ? 'true' : 'false';
}
$user->comment_shortcuts = isset($_POST['comment_shortcuts']) && 'true' == $_POST['comment_shortcuts'] ? 'true' : '';
$user->use_ssl = 0;
if (!empty($_POST['use_ssl'])) {
$user->use_ssl = 1;
}
$errors = new nxt_Error();
/* checking that username has been typed */
if ($user->user_login == '') {
$errors->add('user_login', __('<strong>ERROR</strong>: Please enter a username.'));
}
/* checking the password has been typed twice */
do_action_ref_array('check_passwords', array($user->user_login, &$pass1, &$pass2));
if ($update) {
if (empty($pass1) && !empty($pass2)) {
$errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass1'));
} elseif (!empty($pass1) && empty($pass2)) {
$errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass2'));
}
} else {
if (empty($pass1)) {
$errors->add('pass', __('<strong>ERROR</strong>: Please enter your password.'), array('form-field' => 'pass1'));
} elseif (empty($pass2)) {
$errors->add('pass', __('<strong>ERROR</strong>: Please enter your password twice.'), array('form-field' => 'pass2'));
}
}
/* Check for "\" in password */
if (false !== strpos(stripslashes($pass1), "\\")) {
$errors->add('pass', __('<strong>ERROR</strong>: Passwords may not contain the character "\\".'), array('form-field' => 'pass1'));
}
/* checking the password has been typed twice the same */
if ($pass1 != $pass2) {
$errors->add('pass', __('<strong>ERROR</strong>: Please enter the same password in the two password fields.'), array('form-field' => 'pass1'));
}
if (!empty($pass1)) {
$user->user_pass = $pass1;
}
if (!$update && isset($_POST['user_login']) && !validate_username($_POST['user_login'])) {
$errors->add('user_login', __('<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.'));
}
if (!$update && username_exists($user->user_login)) {
$errors->add('user_login', __('<strong>ERROR</strong>: This username is already registered. Please choose another one.'));
}
/* checking e-mail address */
if (empty($user->user_email)) {
$errors->add('empty_email', __('<strong>ERROR</strong>: Please enter an e-mail address.'), array('form-field' => 'email'));
} elseif (!is_email($user->user_email)) {
$errors->add('invalid_email', __('<strong>ERROR</strong>: The e-mail address isn’t correct.'), array('form-field' => 'email'));
} elseif (($owner_id = email_exists($user->user_email)) && (!$update || $owner_id != $user->ID)) {
$errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.'), array('form-field' => 'email'));
}
// Allow plugins to return their own errors.
do_action_ref_array('user_profile_update_errors', array(&$errors, $update, &$user));
if ($errors->get_error_codes()) {
return $errors;
}
if ($update) {
$user_id = nxt_update_user(get_object_vars($user));
} else {
$user_id = nxt_insert_user(get_object_vars($user));
nxt_new_user_notification($user_id, isset($_POST['send_password']) ? $pass1 : '');
}
return $user_id;
}
/**
* populate network settings
*
* @since 3.0.0
*
* @param int $network_id id of network to populate
* @return bool|nxt_Error True on success, or nxt_Error on warning (with the install otherwise successful,
* so the error code must be checked) or failure.
*/
function populate_network($network_id = 1, $domain = '', $email = '', $site_name = '', $path = '/', $subdomain_install = false)
{
global $nxtdb, $current_site, $nxt_db_version, $nxt_rewrite;
$errors = new nxt_Error();
if ('' == $domain) {
$errors->add('empty_domain', __('You must provide a domain name.'));
}
if ('' == $site_name) {
$errors->add('empty_sitename', __('You must provide a name for your network of sites.'));
}
// check for network collision
if ($network_id == $nxtdb->get_var($nxtdb->prepare("SELECT id FROM {$nxtdb->site} WHERE id = %d", $network_id))) {
$errors->add('siteid_exists', __('The network already exists.'));
}
$site_user = get_user_by('email', $email);
if (!is_email($email)) {
$errors->add('invalid_email', __('You must provide a valid e-mail address.'));
}
if ($errors->get_error_code()) {
return $errors;
}
// set up site tables
$template = get_option('template');
$stylesheet = get_option('stylesheet');
$allowed_themes = array($stylesheet => true);
if ($template != $stylesheet) {
$allowed_themes[$template] = true;
}
if (nxt_DEFAULT_THEME != $stylesheet && nxt_DEFAULT_THEME != $template) {
$allowed_themes[nxt_DEFAULT_THEME] = true;
}
if (1 == $network_id) {
$nxtdb->insert($nxtdb->site, array('domain' => $domain, 'path' => $path));
$network_id = $nxtdb->insert_id;
} else {
$nxtdb->insert($nxtdb->site, array('domain' => $domain, 'path' => $path, 'id' => $network_id));
}
if (!is_multisite()) {
$site_admins = array($site_user->user_login);
$users = get_users(array('fields' => array('ID', 'user_login')));
if ($users) {
foreach ($users as $user) {
if (is_super_admin($user->ID) && !in_array($user->user_login, $site_admins)) {
$site_admins[] = $user->user_login;
}
}
}
} else {
$site_admins = get_site_option('site_admins');
}
$welcome_email = __('Dear User,
Your new SITE_NAME site has been successfully set up at:
BLOG_URL
You can log in to the administrator account with the following information:
Username: USERNAME
Password: PASSWORD
Log in here: BLOG_URLnxt-login.php
We hope you enjoy your new site. Thanks!
--The SITE_NAME Team');
$sitemeta = array('site_name' => $site_name, 'admin_email' => $site_user->user_email, 'admin_user_id' => $site_user->ID, 'registration' => 'none', 'upload_filetypes' => 'jpg jpeg png gif mp3 mov avi wmv midi mid pdf', 'blog_upload_space' => 10, 'fileupload_maxk' => 1500, 'site_admins' => $site_admins, 'allowedthemes' => $allowed_themes, 'illegal_names' => array('www', 'web', 'root', 'admin', 'main', 'invite', 'administrator', 'files'), 'nxtmu_upgrade_site' => $nxt_db_version, 'welcome_email' => $welcome_email, 'first_post' => __('Welcome to <a href="SITE_URL">SITE_NAME</a>. This is your first post. Edit or delete it, then start blogging!'), 'siteurl' => get_option('siteurl') . '/', 'add_new_users' => '0', 'upload_space_check_disabled' => '0', 'subdomain_install' => intval($subdomain_install), 'global_terms_enabled' => global_terms_enabled() ? '1' : '0', 'initial_db_version' => get_option('initial_db_version'), 'active_sitewide_plugins' => array());
if (!$subdomain_install) {
$sitemeta['illegal_names'][] = 'blog';
}
$insert = '';
foreach ($sitemeta as $meta_key => $meta_value) {
$meta_key = $nxtdb->escape($meta_key);
if (is_array($meta_value)) {
$meta_value = serialize($meta_value);
}
$meta_value = $nxtdb->escape($meta_value);
if (!empty($insert)) {
$insert .= ', ';
}
$insert .= "( {$network_id}, '{$meta_key}', '{$meta_value}')";
}
$nxtdb->query("INSERT INTO {$nxtdb->sitemeta} ( site_id, meta_key, meta_value ) VALUES " . $insert);
$current_site->domain = $domain;
$current_site->path = $path;
$current_site->site_name = ucfirst($domain);
if (!is_multisite()) {
$nxtdb->insert($nxtdb->blogs, array('site_id' => $network_id, 'domain' => $domain, 'path' => $path, 'registered' => current_time('mysql')));
$blog_id = $nxtdb->insert_id;
update_user_meta($site_user->ID, 'source_domain', $domain);
update_user_meta($site_user->ID, 'primary_blog', $blog_id);
if (!($upload_path = get_option('upload_path'))) {
$upload_path = substr(nxt_CONTENT_DIR, strlen(ABSPATH)) . '/uploads';
update_option('upload_path', $upload_path);
}
update_option('fileupload_url', get_option('siteurl') . '/' . $upload_path);
}
if ($subdomain_install) {
update_option('permalink_structure', '/%year%/%monthnum%/%day%/%postname%/');
} else {
update_option('permalink_structure', '/blog/%year%/%monthnum%/%day%/%postname%/');
}
$nxt_rewrite->flush_rules();
if ($subdomain_install) {
$vhost_ok = false;
$errstr = '';
$hostname = substr(md5(time()), 0, 6) . '.' . $domain;
// Very random hostname!
$page = nxt_remote_get('http://' . $hostname, array('timeout' => 5, 'httpversion' => '1.1'));
if (is_nxt_error($page)) {
$errstr = $page->get_error_message();
} elseif (200 == nxt_remote_retrieve_response_code($page)) {
$vhost_ok = true;
}
if (!$vhost_ok) {
$msg = '<p><strong>' . __('Warning! Wildcard DNS may not be configured correctly!') . '</strong></p>';
$msg .= '<p>' . sprintf(__('The installer attempted to contact a random hostname (<code>%1$s</code>) on your domain.'), $hostname);
if (!empty($errstr)) {
$msg .= ' ' . sprintf(__('This resulted in an error message: %s'), '<code>' . $errstr . '</code>');
}
$msg .= '</p>';
$msg .= '<p>' . __('To use a subdomain configuration, you must have a wildcard entry in your DNS. This usually means adding a <code>*</code> hostname record pointing at your web server in your DNS configuration tool.') . '</p>';
$msg .= '<p>' . __('You can still use your site but any subdomain you create may not be accessible. If you know your DNS is correct, ignore this message.') . '</p>';
return new nxt_Error('no_wildcard_dns', $msg);
}
}
return true;
}
/**
* Validates the class variables
*
* @access public
* @global object $bp BuddyPress global settings
* @global nxtdb $nxtdb NXTClass database object
* @param DPA_Achievement $achievement The Achievement to validate
* @param DPA_Achievement $old_achievement A copy of the Achievement which is about to be saved, for comparision purposes
* @param nxt_Error $errors Holds any errors (by ref)
* @since 2.0
* @static
* @uses nxt_Error
*/
function validate_achievement_details($achievement, $old_achievement, &$errors)
{
global $bp, $nxtdb;
$readonly_properties = array('id', 'is_active', 'action_count', 'action_id', 'achieved_at', 'site_id', 'group_id');
foreach ($achievement as $property => $value) {
if (in_array($property, $readonly_properties)) {
continue;
}
if (empty($value)) {
if (is_int($value)) {
$errors->add($property, __("This can't be zero.", 'dpa'));
} else {
$errors->add($property, __("This can't be blank.", 'dpa'));
}
}
}
$valid_action_ids = array(-1);
// Badge
$actions = dpa_get_actions();
foreach ($actions as $action) {
$valid_action_ids[] = $action->id;
}
if (!in_array($achievement->action_id, $valid_action_ids)) {
$errors->add('action_id', __("Choose an event.", 'dpa'));
}
if ($achievement->action_count < 0) {
$errors->add('action_count', __("This needs to be at least one.", 'dpa'));
}
if (strlen($achievement->name) > 200) {
$errors->add('name', __("This needs to be less than two hundred characters long.", 'dpa'));
}
if ($this->achievement_name_exists($achievement->name)) {
$errors->add('name', __("The Achievement's name must be unique; this one is already in use.", 'dpa'));
}
if (empty($achievement->description)) {
$errors->add('description', __("Missing Achievement description.", 'dpa'));
}
if (strlen($achievement->slug) > 200) {
$errors->add('slug', __("This needs to be less than two hundred characters long.", 'dpa'));
}
$illegal_names = array_unique(array_merge((array) get_site_option("illegal_names"), apply_filters('validate_achievement_details_slug', array(DPA_SLUG, DPA_SLUG_CREATE, DPA_SLUG_MY_ACHIEVEMENTS, DPA_SLUG_ACHIEVEMENT_EDIT, DPA_SLUG_ACHIEVEMENT_DELETE, DPA_SLUG_ACHIEVEMENT_CHANGE_PICTURE, DPA_SLUG_ACHIEVEMENT_UNLOCKED_BY, DPA_SLUG_ACHIEVEMENT_GRANT))));
if ($achievement->slug && is_array($illegal_names) && in_array($achievement->slug, $illegal_names)) {
$errors->add('slug', __("This slug conflicts with something important; please try another.", 'dpa'));
}
if ($this->achievement_slug_exists($achievement->slug)) {
$errors->add('slug', __("The slug must be unique; this one is already in use.", 'dpa'));
}
}
function send_confirmation_on_profile_email()
{
global $errors, $nxtdb;
$current_user = nxt_get_current_user();
if (!is_object($errors)) {
$errors = new nxt_Error();
}
if ($current_user->ID != $_POST['user_id']) {
return false;
}
if ($current_user->user_email != $_POST['email']) {
if (!is_email($_POST['email'])) {
$errors->add('user_email', __("<strong>ERROR</strong>: The e-mail address isn't correct."), array('form-field' => 'email'));
return;
}
if ($nxtdb->get_var($nxtdb->prepare("SELECT user_email FROM {$nxtdb->users} WHERE user_email=%s", $_POST['email']))) {
$errors->add('user_email', __("<strong>ERROR</strong>: The e-mail address is already used."), array('form-field' => 'email'));
delete_option($current_user->ID . '_new_email');
return;
}
$hash = md5($_POST['email'] . time() . mt_rand());
$new_user_email = array('hash' => $hash, 'newemail' => $_POST['email']);
update_option($current_user->ID . '_new_email', $new_user_email);
$content = apply_filters('new_user_email_content', __("Dear user,\n\nYou recently requested to have the email address on your account changed.\nIf this is correct, please click on the following link to change it:\n###ADMIN_URL###\n\nYou can safely ignore and delete this email if you do not want to\ntake this action.\n\nThis email has been sent to ###EMAIL###\n\nRegards,\nAll at ###SITENAME###\n###SITEURL###"), $new_user_email);
$content = str_replace('###ADMIN_URL###', esc_url(admin_url('profile.php?newuseremail=' . $hash)), $content);
$content = str_replace('###EMAIL###', $_POST['email'], $content);
$content = str_replace('###SITENAME###', get_site_option('site_name'), $content);
$content = str_replace('###SITEURL###', network_home_url(), $content);
nxt_mail($_POST['email'], sprintf(__('[%s] New Email Address'), get_option('blogname')), $content);
$_POST['email'] = $current_user->user_email;
}
}
$_POST['pwd'] = !empty($_POST['password']) ? $_POST['password'] : '';
}
if (empty($_POST['rememberme'])) {
$_POST['rememberme'] = !empty($_POST['remember']) ? 1 : '';
}
// Attempt to log the user in
if ($user = bb_login(@$_POST['log'], @$_POST['pwd'], @$_POST['rememberme'])) {
if (!is_nxt_error($user)) {
bb_safe_redirect($re);
exit;
} else {
$bb_login_error =& $user;
}
// No login so prepare the error
} else {
$bb_login_error = new nxt_Error();
}
/** Handle errors *************************************************************/
// Get error data so we can provide feedback
$error_data = $bb_login_error->get_error_data();
// Does user actually exist
if (isset($error_data['unique']) && false === $error_data['unique']) {
$user_exists = true;
} else {
$user_exists = !empty($_POST['log']) && (bool) bb_get_user($_POST['log'], array('by' => 'login'));
}
// Check for errors on post method
if ('post' == strtolower($_SERVER['REQUEST_METHOD'])) {
// If the user doesn't exist then add that error
if (empty($user_exists)) {
if (!empty($_POST['log'])) {
/**
* Processes new site registrations.
*
* Checks the data provided by the user during blog signup. Verifies
* the validity and uniqueness of blog paths and domains.
*
* This function prevents the current user from registering a new site
* with a blogname equivalent to another user's login name. Passing the
* $user parameter to the function, where $user is the other user, is
* effectively an override of this limitation.
*
* Filter 'nxtmu_validate_blog_signup' if you want to modify
* the way that NXTClass validates new site signups.
*
* @since MU
* @uses domain_exists()
* @uses username_exists()
*
* @param string $blogname The blog name provided by the user. Must be unique.
* @param string $blog_title The blog title provided by the user.
* @return array Contains the new site data and error messages.
*/
function nxtmu_validate_blog_signup($blogname, $blog_title, $user = '')
{
global $nxtdb, $domain, $base, $current_site;
$blog_title = strip_tags($blog_title);
$blog_title = substr($blog_title, 0, 50);
$errors = new nxt_Error();
$illegal_names = get_site_option('illegal_names');
if ($illegal_names == false) {
$illegal_names = array('www', 'web', 'root', 'admin', 'main', 'invite', 'administrator');
add_site_option('illegal_names', $illegal_names);
}
// On sub dir installs, Some names are so illegal, only a filter can spring them from jail
if (!is_subdomain_install()) {
$illegal_names = array_merge($illegal_names, apply_filters('subdirectory_reserved_names', array('page', 'comments', 'blog', 'files', 'feed')));
}
if (empty($blogname)) {
$errors->add('blogname', __('Please enter a site name'));
}
if (preg_match('/[^a-z0-9]+/', $blogname)) {
$errors->add('blogname', __('Only lowercase letters and numbers allowed'));
}
if (in_array($blogname, $illegal_names) == true) {
$errors->add('blogname', __('That name is not allowed'));
}
if (strlen($blogname) < 4 && !is_super_admin()) {
$errors->add('blogname', __('Site name must be at least 4 characters'));
}
if (strpos(' ' . $blogname, '_') != false) {
$errors->add('blogname', __('Sorry, site names may not contain the character “_”!'));
}
// do not allow users to create a blog that conflicts with a page on the main blog.
if (!is_subdomain_install() && $nxtdb->get_var($nxtdb->prepare("SELECT post_name FROM " . $nxtdb->get_blog_prefix($current_site->blog_id) . "posts WHERE post_type = 'page' AND post_name = %s", $blogname))) {
$errors->add('blogname', __('Sorry, you may not use that site name.'));
}
// all numeric?
$match = array();
preg_match('/[0-9]*/', $blogname, $match);
if ($match[0] == $blogname) {
$errors->add('blogname', __('Sorry, site names must have letters too!'));
}
$blogname = apply_filters('newblogname', $blogname);
$blog_title = stripslashes($blog_title);
if (empty($blog_title)) {
$errors->add('blog_title', __('Please enter a site title'));
}
// Check if the domain/path has been used already.
if (is_subdomain_install()) {
$mydomain = $blogname . '.' . preg_replace('|^www\\.|', '', $domain);
$path = $base;
} else {
$mydomain = "{$domain}";
$path = $base . $blogname . '/';
}
if (domain_exists($mydomain, $path)) {
$errors->add('blogname', __('Sorry, that site already exists!'));
}
if (username_exists($blogname)) {
if (is_object($user) == false || is_object($user) && $user->user_login != $blogname) {
$errors->add('blogname', __('Sorry, that site is reserved!'));
}
}
// Has someone already signed up for this domain?
$signup = $nxtdb->get_row($nxtdb->prepare("SELECT * FROM {$nxtdb->signups} WHERE domain = %s AND path = %s", $mydomain, $path));
// TODO: Check email too?
if (!empty($signup)) {
$diff = current_time('timestamp', true) - mysql2date('U', $signup->registered);
// If registered more than two days ago, cancel registration and let this signup go through.
if ($diff > 172800) {
$nxtdb->query($nxtdb->prepare("DELETE FROM {$nxtdb->signups} WHERE domain = %s AND path = %s", $mydomain, $path));
} else {
$errors->add('blogname', __('That site is currently reserved but may be available in a couple days.'));
}
}
$result = array('domain' => $mydomain, 'path' => $path, 'blogname' => $blogname, 'blog_title' => $blog_title, 'errors' => $errors);
return apply_filters('nxtmu_validate_blog_signup', $result);
}
/**
* Clean out registration errors that don't apply.
*/
function openid_clean_registration_errors($errors)
{
if (get_option('openid_required_for_registration') || !empty($_POST['openid_identifier'])) {
$new = new nxt_Error();
foreach ($errors->get_error_codes() as $code) {
if (in_array($code, array('empty_username', 'empty_email'))) {
continue;
}
$message = $errors->get_error_message($code);
$data = $errors->get_error_data($code);
$new->add($code, $message, $data);
}
$errors = $new;
}
if (get_option('openid_required_for_registration') && empty($_POST['openid_identifier'])) {
$errors->add('openid_only', __('<strong>ERROR</strong>: ', 'openid') . __('New users must register using OpenID.', 'openid'));
}
return $errors;
}
function bp_core_signup_user($user_login, $user_password, $user_email, $usermeta)
{
global $bp, $nxtdb;
// Multisite installs have their own install procedure
if (is_multisite()) {
nxtmu_signup_user($user_login, $user_email, $usermeta);
// On multisite, the user id is not created until the user activates the account
// but we need to cast $user_id to pass to the filters
$user_id = false;
} else {
$errors = new nxt_Error();
$user_id = nxt_insert_user(array('user_login' => $user_login, 'user_pass' => $user_password, 'display_name' => sanitize_title($user_login), 'user_email' => $user_email));
if (is_nxt_error($user_id) || empty($user_id)) {
$errors->add('registerfail', sprintf(__('<strong>ERROR</strong>: Couldn’t register you... please contact the <a href="mailto:%s">webmaster</a> !', 'buddypress'), get_option('admin_email')));
return $errors;
}
// Update the user status to '2' which we will use as 'not activated' (0 = active, 1 = spam, 2 = not active)
$nxtdb->query($nxtdb->prepare("UPDATE {$nxtdb->users} SET user_status = 2 WHERE ID = %d", $user_id));
// Set any profile data
if (bp_is_active('xprofile')) {
if (!empty($usermeta['profile_field_ids'])) {
$profile_field_ids = explode(',', $usermeta['profile_field_ids']);
foreach ((array) $profile_field_ids as $field_id) {
if (empty($usermeta["field_{$field_id}"])) {
continue;
}
$current_field = $usermeta["field_{$field_id}"];
xprofile_set_field_data($field_id, $user_id, $current_field);
}
}
}
}
$bp->signup->username = $user_login;
/***
* Now generate an activation key and send an email to the user so they can activate their account
* and validate their email address. Multisite installs send their own email, so this is only for single blog installs.
*
* To disable sending activation emails you can user the filter 'bp_core_signup_send_activation_key' and return false.
*/
if (apply_filters('bp_core_signup_send_activation_key', true)) {
if (!is_multisite()) {
$activation_key = nxt_hash($user_id);
update_user_meta($user_id, 'activation_key', $activation_key);
bp_core_signup_send_validation_email($user_id, $user_email, $activation_key);
}
}
do_action('bp_core_signup_user', $user_id, $user_login, $user_password, $user_email, $usermeta);
return $user_id;
}
<?php
require './bb-load.php';
bb_ssl_redirect();
$profile_info_keys = bb_get_profile_info_keys();
unset($profile_info_keys['first_name']);
unset($profile_info_keys['last_name']);
unset($profile_info_keys['display_name']);
$user_login = '';
$user_safe = true;
$bb_register_error = new nxt_Error();
$_globals = array('profile_info_keys', 'user_safe', 'user_login', 'user_email', 'user_url', 'bad_input', 'bb_register_error');
$_globals = array_merge($_globals, array_keys($profile_info_keys));
if ($_POST && 'post' == strtolower($_SERVER['REQUEST_METHOD'])) {
$_POST = stripslashes_deep($_POST);
$_POST['user_login'] = trim($_POST['user_login']);
$user_login = sanitize_user($_POST['user_login'], true);
if ($user_login !== $_POST['user_login']) {
$bad_input = true;
if ($user_login) {
$bb_register_error->add('user_login', sprintf(__('%s is an invalid username. How\'s this one?'), esc_html($_POST['user_login'])));
} else {
$bb_register_error->add('user_login', sprintf(__('%s is an invalid username.'), esc_html($_POST['user_login'])));
}
}
foreach ($profile_info_keys as $key => $label) {
if (is_string(${$key})) {
${$key} = esc_attr(${$key});
} elseif (is_null(${$key})) {
${$key} = esc_attr($_POST[$key]);
}