Example #1
0
function nxt_authenticate_username_password($user, $username, $password)
{
    if (is_a($user, 'nxt_User')) {
        return $user;
    }
    if (empty($username) || empty($password)) {
        $error = new nxt_Error();
        if (empty($username)) {
            $error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.'));
        }
        if (empty($password)) {
            $error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.'));
        }
        return $error;
    }
    $userdata = get_user_by('login', $username);
    if (!$userdata) {
        return new nxt_Error('invalid_username', sprintf(__('<strong>ERROR</strong>: Invalid username. <a href="%s" title="Password Lost and Found">Lost your password</a>?'), nxt_lostpassword_url()));
    }
    if (is_multisite()) {
        // Is user marked as spam?
        if (1 == $userdata->spam) {
            return new nxt_Error('invalid_username', __('<strong>ERROR</strong>: Your account has been marked as a spammer.'));
        }
        // Is a user's blog marked as spam?
        if (!is_super_admin($userdata->ID) && isset($userdata->primary_blog)) {
            $details = get_blog_details($userdata->primary_blog);
            if (is_object($details) && $details->spam == 1) {
                return new nxt_Error('blog_suspended', __('Site Suspended.'));
            }
        }
    }
    $userdata = apply_filters('nxt_authenticate_user', $userdata, $password);
    if (is_nxt_error($userdata)) {
        return $userdata;
    }
    if (!nxt_check_password($password, $userdata->user_pass, $userdata->ID)) {
        return new nxt_Error('incorrect_password', sprintf(__('<strong>ERROR</strong>: The password you entered for the username <strong>%1$s</strong> is incorrect. <a href="%2$s" title="Password Lost and Found">Lost your password</a>?'), $username, nxt_lostpassword_url()));
    }
    $user = new nxt_User($userdata->ID);
    return $user;
}
function bb_manage_user_fields($edit_user = '')
{
    global $nxt_roles, $nxt_users_object, $bbdb;
    // Cap checks
    $user_roles = $nxt_roles->role_names;
    $can_keep_gate = bb_current_user_can('keep_gate');
    if ('post' == strtolower($_SERVER['REQUEST_METHOD'])) {
        bb_check_admin_referer('user-manage');
        // Instantiate required vars
        $_POST = stripslashes_deep($_POST);
        $create_user_errors = new nxt_Error();
        // User login
        $trimmed_user_login = str_replace(' ', '', $_POST['user_login']);
        $user_login = sanitize_user($_POST['user_login'], true);
        $user_meta['first_name'] = $_POST['first_name'];
        $user_meta['last_name'] = $_POST['last_name'];
        $user_display_name = $_POST['display_name'];
        $user_email = $_POST['user_email'];
        $user_url = $_POST['user_url'];
        $user_meta['from'] = $_POST['from'];
        $user_meta['occ'] = $_POST['occ'];
        $user_meta['interest'] = $_POST['interest'];
        $user_role = $_POST['userrole'];
        $user_meta['throttle'] = $_POST['throttle'];
        $user_pass1 = $_POST['pass1'];
        $user_pass2 = $_POST['pass2'];
        $user_status = 0;
        $user_pass = false;
        $user_url = $user_url ? bb_fix_link($user_url) : '';
        // Check user_login
        if (!isset($_GET['action']) && empty($user_login)) {
            $create_user_errors->add('user_login', __('Username is a required field.'));
        } else {
            if ($user_login !== $trimmed_user_login) {
                $create_user_errors->add('user_login', sprintf(__('%s is an invalid username. How\'s this one?'), esc_html($_POST['user_login'])));
                $user_login = $trimmed_user_login;
            }
        }
        // Check email
        if (isset($user_email) && empty($user_email)) {
            $create_user_errors->add('user_email', __('Email address is a required field.'));
        }
        // Password Sanity Check
        if ((!empty($user_pass1) || !empty($user_pass2)) && $user_pass1 !== $user_pass2) {
            $create_user_errors->add('pass', __('You must enter the same password twice.'));
        } elseif (!isset($_GET['action']) && (empty($user_pass1) && empty($user_pass2))) {
            $create_user_errors->add('pass', __('You must enter a password.'));
        } elseif (isset($_GET['action']) && (empty($user_pass1) && empty($user_pass2))) {
            $user_pass = '';
        } else {
            $user_pass = $user_pass1;
        }
        // No errors
        if (!$create_user_errors->get_error_messages()) {
            // Create or udpate
            switch ($_POST['action']) {
                case 'create':
                    $goback = bb_get_uri('bb-admin/users.php', array('created' => 'true'), BB_URI_CONTEXT_FORM_ACTION + BB_URI_CONTEXT_BB_ADMIN);
                    $user = $nxt_users_object->new_user(compact('user_login', 'user_email', 'user_url', 'user_nicename', 'user_status', 'user_pass'));
                    // Error handler
                    if (is_nxt_error($user)) {
                        bb_admin_notice($user);
                        unset($goback);
                        // Update additional user data
                    } else {
                        // Update caps
                        bb_update_usermeta($user['ID'], $bbdb->prefix . 'capabilities', array($user_role => true));
                        // Update all user meta
                        foreach ($user_meta as $key => $value) {
                            bb_update_usermeta($user['ID'], $key, $value);
                        }
                        // Don't send email if empty
                        if (!empty($user_pass)) {
                            bb_send_pass($user['ID'], $user_pass);
                        }
                        do_action('bb_new_user', $user['ID'], $user_pass);
                    }
                    break;
                case 'update':
                    $goback = bb_get_uri('bb-admin/users.php', array('updated' => 'true'), BB_URI_CONTEXT_FORM_ACTION + BB_URI_CONTEXT_BB_ADMIN);
                    $user = $nxt_users_object->get_user($_GET['user_id'], array('output' => ARRAY_A));
                    bb_update_user($user['ID'], $user_email, $user_url, $user_display_name);
                    // Don't change PW if empty
                    if (!empty($user_pass)) {
                        bb_update_user_password($user['ID'], $user_pass);
                    }
                    // Error handler
                    if (is_nxt_error($user)) {
                        bb_admin_notice($user);
                        unset($goback);
                        // Update additional user data
                    } else {
                        // Update caps
                        bb_update_usermeta($user['ID'], $bbdb->prefix . 'capabilities', array($user_role => true));
                        // Update all user meta
                        foreach ($user_meta as $key => $value) {
                            bb_update_usermeta($user['ID'], $key, $value);
                        }
                        // Don't send email if empty
                        if (!empty($user_pass)) {
                            bb_send_pass($user['ID'], $user_pass);
                        }
                        do_action('bb_update_user', $user['ID'], $user_pass);
                    }
                    break;
            }
            // Redirect
            if (isset($goback) && !empty($goback)) {
                bb_safe_redirect($goback);
            }
            // Error handler
        } else {
            bb_admin_notice($create_user_errors);
        }
    } elseif (isset($_GET['action']) && $_GET['action'] == 'edit') {
        if (isset($_GET['user_id']) && is_numeric($_GET['user_id'])) {
            $disabled = true;
            // Get the user
            if (empty($edit_user)) {
                $edit_user = bb_get_user(bb_get_user_id($_GET['user_id']));
            }
            // Instantiate required vars
            $user_login = $edit_user->user_login;
            $user_meta['first_name'] = $edit_user->first_name;
            $user_meta['last_name'] = $edit_user->last_name;
            $user_display_name = $edit_user->display_name;
            $user_email = $edit_user->user_email;
            $user_url = $edit_user->user_url;
            $user_meta['from'] = $edit_user->from;
            $user_meta['occ'] = $edit_user->occ;
            $user_meta['interest'] = $edit_user->interest;
            $user_role = array_search('true', $edit_user->capabilities);
            $user_meta['throttle'] = $edit_user->throttle;
            // Keymasters can't demote themselves
            if ($edit_user->ID == bb_get_current_user_info('id') && $can_keep_gate || isset($edit_user->capabilities) && is_array($edit_user->capabilities) && array_key_exists('keymaster', $edit_user->capabilities) && !$can_keep_gate) {
                $user_roles = array('keymaster' => $user_roles['keymaster']);
            } elseif (!$can_keep_gate) {
                unset($user_roles['keymaster']);
            }
        }
    }
    // Load password strength checker
    nxt_enqueue_script('password-strength-meter');
    nxt_enqueue_script('profile-edit');
    // Generate a few PW hints
    $some_pass_hints = '';
    for ($l = 3; $l != 0; $l--) {
        $some_pass_hints .= '<p>' . bb_generate_password() . '</p>';
    }
    // Create  the user fields
    $user_fields = array('user_login' => array('title' => __('Username'), 'note' => __('Required! Unique identifier for new user.'), 'value' => $user_login, 'disabled' => $disabled), 'first_name' => array('title' => __('First Name'), 'value' => $user_meta['first_name']), 'last_name' => array('title' => __('Last Name'), 'value' => $user_meta['last_name']), 'display_name' => array('title' => __('Display Name'), 'value' => $user_display_name), 'user_email' => array('title' => __('Email'), 'note' => __('Required! Will be used for notifications and profile settings changes.'), 'value' => $user_email), 'user_url' => array('title' => __('Website'), 'class' => array('long', 'code'), 'note' => __('The full URL of user\'s homepage or blog.'), 'value' => $user_url), 'from' => array('title' => __('Location'), 'class' => array('long'), 'value' => $user_meta['from']), 'occ' => array('title' => __('Occupation'), 'class' => array('long'), 'value' => $user_meta['occ']), 'interest' => array('title' => __('Interests'), 'class' => array('long'), 'value' => $user_meta['interest']), 'userrole' => array('title' => __('User Role'), 'type' => 'select', 'options' => $user_roles, 'note' => __('Allow user the above privileges.'), 'value' => $user_role), 'pass1' => array('title' => __('New Password'), 'type' => 'password', 'class' => array('short', 'text', 'code'), 'note' => __('Hints: ') . $some_pass_hints, 'value' => $user_pass1), 'pass2' => array('title' => __('Repeat New Password'), 'type' => 'password', 'class' => array('short', 'text', 'code'), 'note' => __('If you ignore hints, remember: the password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ &amp; ).'), 'value' => $user_pass2), 'email_pass' => array('title' => '', 'type' => 'checkbox', 'options' => array('1' => array('label' => __('Email the new password.'), 'attributes' => array('checked' => true)))), 'pass-strength-fake-input' => array('title' => __('Password Strength'), 'type' => 'hidden'));
    return apply_filters('bb_manage_user_fields', $user_fields);
}
Example #3
0
    nxt_redirect($sendto);
    exit;
}
// Set some low capabilities if the current user has none
if (!isset($user->capabilities)) {
    $user->capabilities = array('inactive' => true);
}
// Store the profile info keys
$profile_info_keys = bb_get_profile_info_keys('profile-edit');
// Store additional keys if the current user has access to them
if (bb_current_user_can('edit_users')) {
    $profile_admin_keys = bb_get_profile_admin_keys('profile-edit');
    $assignable_caps = bb_get_assignable_caps();
}
// Instantiate the error object
$errors = new nxt_Error();
if ('post' == strtolower($_SERVER['REQUEST_METHOD'])) {
    $_POST = stripslashes_deep($_POST);
    bb_check_admin_referer('edit-profile_' . $user_id);
    // Fix the URL before sanitizing it
    $user_url = bb_fix_link($_POST['user_url']);
    // Sanitize the profile info keys and check for missing required data
    foreach ($profile_info_keys as $key => $label) {
        ${$key} = apply_filters('sanitize_profile_info', $_POST[$key], $key, $_POST[$key]);
        if (!${$key} && $label[0] == 1) {
            $errors->add($key, sprintf(__('%s is required.'), esc_html($label[1])));
            ${$key} = false;
        }
    }
    // Find out if we have a valid email address
    if (isset($user_email) && !($user_email = is_email($user_email))) {
Example #4
0
/**
 * Edit user settings based on contents of $_POST
 *
 * Used on user-edit.php and profile.php to manage and process user options, passwords etc.
 *
 * @since 2.0
 *
 * @param int $user_id Optional. User ID.
 * @return int user id of the updated user
 */
function edit_user($user_id = 0)
{
    global $nxt_roles, $nxtdb;
    $user = new stdClass();
    if ($user_id) {
        $update = true;
        $user->ID = (int) $user_id;
        $userdata = get_userdata($user_id);
        $user->user_login = $nxtdb->escape($userdata->user_login);
    } else {
        $update = false;
    }
    if (!$update && isset($_POST['user_login'])) {
        $user->user_login = sanitize_user($_POST['user_login'], true);
    }
    $pass1 = $pass2 = '';
    if (isset($_POST['pass1'])) {
        $pass1 = $_POST['pass1'];
    }
    if (isset($_POST['pass2'])) {
        $pass2 = $_POST['pass2'];
    }
    if (isset($_POST['role']) && current_user_can('edit_users')) {
        $new_role = sanitize_text_field($_POST['role']);
        $potential_role = isset($nxt_roles->role_objects[$new_role]) ? $nxt_roles->role_objects[$new_role] : false;
        // Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
        // Multisite super admins can freely edit their blog roles -- they possess all caps.
        if (is_multisite() && current_user_can('manage_sites') || $user_id != get_current_user_id() || $potential_role && $potential_role->has_cap('edit_users')) {
            $user->role = $new_role;
        }
        // If the new role isn't editable by the logged-in user die with error
        $editable_roles = get_editable_roles();
        if (!empty($new_role) && empty($editable_roles[$new_role])) {
            nxt_die(__('You can&#8217;t give users that role.'));
        }
    }
    if (isset($_POST['email'])) {
        $user->user_email = sanitize_text_field($_POST['email']);
    }
    if (isset($_POST['url'])) {
        if (empty($_POST['url']) || $_POST['url'] == 'http://') {
            $user->user_url = '';
        } else {
            $user->user_url = esc_url_raw($_POST['url']);
            $user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://' . $user->user_url;
        }
    }
    if (isset($_POST['first_name'])) {
        $user->first_name = sanitize_text_field($_POST['first_name']);
    }
    if (isset($_POST['last_name'])) {
        $user->last_name = sanitize_text_field($_POST['last_name']);
    }
    if (isset($_POST['nickname'])) {
        $user->nickname = sanitize_text_field($_POST['nickname']);
    }
    if (isset($_POST['display_name'])) {
        $user->display_name = sanitize_text_field($_POST['display_name']);
    }
    if (isset($_POST['description'])) {
        $user->description = trim($_POST['description']);
    }
    foreach (_nxt_get_user_contactmethods($user) as $method => $name) {
        if (isset($_POST[$method])) {
            $user->{$method} = sanitize_text_field($_POST[$method]);
        }
    }
    if ($update) {
        $user->rich_editing = isset($_POST['rich_editing']) && 'false' == $_POST['rich_editing'] ? 'false' : 'true';
        $user->admin_color = isset($_POST['admin_color']) ? sanitize_text_field($_POST['admin_color']) : 'fresh';
        $user->show_admin_bar_front = isset($_POST['admin_bar_front']) ? 'true' : 'false';
    }
    $user->comment_shortcuts = isset($_POST['comment_shortcuts']) && 'true' == $_POST['comment_shortcuts'] ? 'true' : '';
    $user->use_ssl = 0;
    if (!empty($_POST['use_ssl'])) {
        $user->use_ssl = 1;
    }
    $errors = new nxt_Error();
    /* checking that username has been typed */
    if ($user->user_login == '') {
        $errors->add('user_login', __('<strong>ERROR</strong>: Please enter a username.'));
    }
    /* checking the password has been typed twice */
    do_action_ref_array('check_passwords', array($user->user_login, &$pass1, &$pass2));
    if ($update) {
        if (empty($pass1) && !empty($pass2)) {
            $errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass1'));
        } elseif (!empty($pass1) && empty($pass2)) {
            $errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass2'));
        }
    } else {
        if (empty($pass1)) {
            $errors->add('pass', __('<strong>ERROR</strong>: Please enter your password.'), array('form-field' => 'pass1'));
        } elseif (empty($pass2)) {
            $errors->add('pass', __('<strong>ERROR</strong>: Please enter your password twice.'), array('form-field' => 'pass2'));
        }
    }
    /* Check for "\" in password */
    if (false !== strpos(stripslashes($pass1), "\\")) {
        $errors->add('pass', __('<strong>ERROR</strong>: Passwords may not contain the character "\\".'), array('form-field' => 'pass1'));
    }
    /* checking the password has been typed twice the same */
    if ($pass1 != $pass2) {
        $errors->add('pass', __('<strong>ERROR</strong>: Please enter the same password in the two password fields.'), array('form-field' => 'pass1'));
    }
    if (!empty($pass1)) {
        $user->user_pass = $pass1;
    }
    if (!$update && isset($_POST['user_login']) && !validate_username($_POST['user_login'])) {
        $errors->add('user_login', __('<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.'));
    }
    if (!$update && username_exists($user->user_login)) {
        $errors->add('user_login', __('<strong>ERROR</strong>: This username is already registered. Please choose another one.'));
    }
    /* checking e-mail address */
    if (empty($user->user_email)) {
        $errors->add('empty_email', __('<strong>ERROR</strong>: Please enter an e-mail address.'), array('form-field' => 'email'));
    } elseif (!is_email($user->user_email)) {
        $errors->add('invalid_email', __('<strong>ERROR</strong>: The e-mail address isn&#8217;t correct.'), array('form-field' => 'email'));
    } elseif (($owner_id = email_exists($user->user_email)) && (!$update || $owner_id != $user->ID)) {
        $errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.'), array('form-field' => 'email'));
    }
    // Allow plugins to return their own errors.
    do_action_ref_array('user_profile_update_errors', array(&$errors, $update, &$user));
    if ($errors->get_error_codes()) {
        return $errors;
    }
    if ($update) {
        $user_id = nxt_update_user(get_object_vars($user));
    } else {
        $user_id = nxt_insert_user(get_object_vars($user));
        nxt_new_user_notification($user_id, isset($_POST['send_password']) ? $pass1 : '');
    }
    return $user_id;
}
Example #5
0
/**
 * populate network settings
 *
 * @since 3.0.0
 *
 * @param int $network_id id of network to populate
 * @return bool|nxt_Error True on success, or nxt_Error on warning (with the install otherwise successful,
 * 	so the error code must be checked) or failure.
 */
function populate_network($network_id = 1, $domain = '', $email = '', $site_name = '', $path = '/', $subdomain_install = false)
{
    global $nxtdb, $current_site, $nxt_db_version, $nxt_rewrite;
    $errors = new nxt_Error();
    if ('' == $domain) {
        $errors->add('empty_domain', __('You must provide a domain name.'));
    }
    if ('' == $site_name) {
        $errors->add('empty_sitename', __('You must provide a name for your network of sites.'));
    }
    // check for network collision
    if ($network_id == $nxtdb->get_var($nxtdb->prepare("SELECT id FROM {$nxtdb->site} WHERE id = %d", $network_id))) {
        $errors->add('siteid_exists', __('The network already exists.'));
    }
    $site_user = get_user_by('email', $email);
    if (!is_email($email)) {
        $errors->add('invalid_email', __('You must provide a valid e-mail address.'));
    }
    if ($errors->get_error_code()) {
        return $errors;
    }
    // set up site tables
    $template = get_option('template');
    $stylesheet = get_option('stylesheet');
    $allowed_themes = array($stylesheet => true);
    if ($template != $stylesheet) {
        $allowed_themes[$template] = true;
    }
    if (nxt_DEFAULT_THEME != $stylesheet && nxt_DEFAULT_THEME != $template) {
        $allowed_themes[nxt_DEFAULT_THEME] = true;
    }
    if (1 == $network_id) {
        $nxtdb->insert($nxtdb->site, array('domain' => $domain, 'path' => $path));
        $network_id = $nxtdb->insert_id;
    } else {
        $nxtdb->insert($nxtdb->site, array('domain' => $domain, 'path' => $path, 'id' => $network_id));
    }
    if (!is_multisite()) {
        $site_admins = array($site_user->user_login);
        $users = get_users(array('fields' => array('ID', 'user_login')));
        if ($users) {
            foreach ($users as $user) {
                if (is_super_admin($user->ID) && !in_array($user->user_login, $site_admins)) {
                    $site_admins[] = $user->user_login;
                }
            }
        }
    } else {
        $site_admins = get_site_option('site_admins');
    }
    $welcome_email = __('Dear User,

Your new SITE_NAME site has been successfully set up at:
BLOG_URL

You can log in to the administrator account with the following information:
Username: USERNAME
Password: PASSWORD
Log in here: BLOG_URLnxt-login.php

We hope you enjoy your new site. Thanks!

--The SITE_NAME Team');
    $sitemeta = array('site_name' => $site_name, 'admin_email' => $site_user->user_email, 'admin_user_id' => $site_user->ID, 'registration' => 'none', 'upload_filetypes' => 'jpg jpeg png gif mp3 mov avi wmv midi mid pdf', 'blog_upload_space' => 10, 'fileupload_maxk' => 1500, 'site_admins' => $site_admins, 'allowedthemes' => $allowed_themes, 'illegal_names' => array('www', 'web', 'root', 'admin', 'main', 'invite', 'administrator', 'files'), 'nxtmu_upgrade_site' => $nxt_db_version, 'welcome_email' => $welcome_email, 'first_post' => __('Welcome to <a href="SITE_URL">SITE_NAME</a>. This is your first post. Edit or delete it, then start blogging!'), 'siteurl' => get_option('siteurl') . '/', 'add_new_users' => '0', 'upload_space_check_disabled' => '0', 'subdomain_install' => intval($subdomain_install), 'global_terms_enabled' => global_terms_enabled() ? '1' : '0', 'initial_db_version' => get_option('initial_db_version'), 'active_sitewide_plugins' => array());
    if (!$subdomain_install) {
        $sitemeta['illegal_names'][] = 'blog';
    }
    $insert = '';
    foreach ($sitemeta as $meta_key => $meta_value) {
        $meta_key = $nxtdb->escape($meta_key);
        if (is_array($meta_value)) {
            $meta_value = serialize($meta_value);
        }
        $meta_value = $nxtdb->escape($meta_value);
        if (!empty($insert)) {
            $insert .= ', ';
        }
        $insert .= "( {$network_id}, '{$meta_key}', '{$meta_value}')";
    }
    $nxtdb->query("INSERT INTO {$nxtdb->sitemeta} ( site_id, meta_key, meta_value ) VALUES " . $insert);
    $current_site->domain = $domain;
    $current_site->path = $path;
    $current_site->site_name = ucfirst($domain);
    if (!is_multisite()) {
        $nxtdb->insert($nxtdb->blogs, array('site_id' => $network_id, 'domain' => $domain, 'path' => $path, 'registered' => current_time('mysql')));
        $blog_id = $nxtdb->insert_id;
        update_user_meta($site_user->ID, 'source_domain', $domain);
        update_user_meta($site_user->ID, 'primary_blog', $blog_id);
        if (!($upload_path = get_option('upload_path'))) {
            $upload_path = substr(nxt_CONTENT_DIR, strlen(ABSPATH)) . '/uploads';
            update_option('upload_path', $upload_path);
        }
        update_option('fileupload_url', get_option('siteurl') . '/' . $upload_path);
    }
    if ($subdomain_install) {
        update_option('permalink_structure', '/%year%/%monthnum%/%day%/%postname%/');
    } else {
        update_option('permalink_structure', '/blog/%year%/%monthnum%/%day%/%postname%/');
    }
    $nxt_rewrite->flush_rules();
    if ($subdomain_install) {
        $vhost_ok = false;
        $errstr = '';
        $hostname = substr(md5(time()), 0, 6) . '.' . $domain;
        // Very random hostname!
        $page = nxt_remote_get('http://' . $hostname, array('timeout' => 5, 'httpversion' => '1.1'));
        if (is_nxt_error($page)) {
            $errstr = $page->get_error_message();
        } elseif (200 == nxt_remote_retrieve_response_code($page)) {
            $vhost_ok = true;
        }
        if (!$vhost_ok) {
            $msg = '<p><strong>' . __('Warning! Wildcard DNS may not be configured correctly!') . '</strong></p>';
            $msg .= '<p>' . sprintf(__('The installer attempted to contact a random hostname (<code>%1$s</code>) on your domain.'), $hostname);
            if (!empty($errstr)) {
                $msg .= ' ' . sprintf(__('This resulted in an error message: %s'), '<code>' . $errstr . '</code>');
            }
            $msg .= '</p>';
            $msg .= '<p>' . __('To use a subdomain configuration, you must have a wildcard entry in your DNS. This usually means adding a <code>*</code> hostname record pointing at your web server in your DNS configuration tool.') . '</p>';
            $msg .= '<p>' . __('You can still use your site but any subdomain you create may not be accessible. If you know your DNS is correct, ignore this message.') . '</p>';
            return new nxt_Error('no_wildcard_dns', $msg);
        }
    }
    return true;
}
 /**
  * Validates the class variables
  *
  * @access public
  * @global object $bp BuddyPress global settings
  * @global nxtdb $nxtdb NXTClass database object
  * @param DPA_Achievement $achievement The Achievement to validate
  * @param DPA_Achievement $old_achievement A copy of the Achievement which is about to be saved, for comparision purposes
  * @param nxt_Error $errors Holds any errors (by ref)
  * @since 2.0
  * @static
  * @uses nxt_Error
  */
 function validate_achievement_details($achievement, $old_achievement, &$errors)
 {
     global $bp, $nxtdb;
     $readonly_properties = array('id', 'is_active', 'action_count', 'action_id', 'achieved_at', 'site_id', 'group_id');
     foreach ($achievement as $property => $value) {
         if (in_array($property, $readonly_properties)) {
             continue;
         }
         if (empty($value)) {
             if (is_int($value)) {
                 $errors->add($property, __("This can't be zero.", 'dpa'));
             } else {
                 $errors->add($property, __("This can't be blank.", 'dpa'));
             }
         }
     }
     $valid_action_ids = array(-1);
     // Badge
     $actions = dpa_get_actions();
     foreach ($actions as $action) {
         $valid_action_ids[] = $action->id;
     }
     if (!in_array($achievement->action_id, $valid_action_ids)) {
         $errors->add('action_id', __("Choose an event.", 'dpa'));
     }
     if ($achievement->action_count < 0) {
         $errors->add('action_count', __("This needs to be at least one.", 'dpa'));
     }
     if (strlen($achievement->name) > 200) {
         $errors->add('name', __("This needs to be less than two hundred characters long.", 'dpa'));
     }
     if ($this->achievement_name_exists($achievement->name)) {
         $errors->add('name', __("The Achievement's name must be unique; this one is already in use.", 'dpa'));
     }
     if (empty($achievement->description)) {
         $errors->add('description', __("Missing Achievement description.", 'dpa'));
     }
     if (strlen($achievement->slug) > 200) {
         $errors->add('slug', __("This needs to be less than two hundred characters long.", 'dpa'));
     }
     $illegal_names = array_unique(array_merge((array) get_site_option("illegal_names"), apply_filters('validate_achievement_details_slug', array(DPA_SLUG, DPA_SLUG_CREATE, DPA_SLUG_MY_ACHIEVEMENTS, DPA_SLUG_ACHIEVEMENT_EDIT, DPA_SLUG_ACHIEVEMENT_DELETE, DPA_SLUG_ACHIEVEMENT_CHANGE_PICTURE, DPA_SLUG_ACHIEVEMENT_UNLOCKED_BY, DPA_SLUG_ACHIEVEMENT_GRANT))));
     if ($achievement->slug && is_array($illegal_names) && in_array($achievement->slug, $illegal_names)) {
         $errors->add('slug', __("This slug conflicts with something important; please try another.", 'dpa'));
     }
     if ($this->achievement_slug_exists($achievement->slug)) {
         $errors->add('slug', __("The slug must be unique; this one is already in use.", 'dpa'));
     }
 }
Example #7
0
function send_confirmation_on_profile_email()
{
    global $errors, $nxtdb;
    $current_user = nxt_get_current_user();
    if (!is_object($errors)) {
        $errors = new nxt_Error();
    }
    if ($current_user->ID != $_POST['user_id']) {
        return false;
    }
    if ($current_user->user_email != $_POST['email']) {
        if (!is_email($_POST['email'])) {
            $errors->add('user_email', __("<strong>ERROR</strong>: The e-mail address isn't correct."), array('form-field' => 'email'));
            return;
        }
        if ($nxtdb->get_var($nxtdb->prepare("SELECT user_email FROM {$nxtdb->users} WHERE user_email=%s", $_POST['email']))) {
            $errors->add('user_email', __("<strong>ERROR</strong>: The e-mail address is already used."), array('form-field' => 'email'));
            delete_option($current_user->ID . '_new_email');
            return;
        }
        $hash = md5($_POST['email'] . time() . mt_rand());
        $new_user_email = array('hash' => $hash, 'newemail' => $_POST['email']);
        update_option($current_user->ID . '_new_email', $new_user_email);
        $content = apply_filters('new_user_email_content', __("Dear user,\n\nYou recently requested to have the email address on your account changed.\nIf this is correct, please click on the following link to change it:\n###ADMIN_URL###\n\nYou can safely ignore and delete this email if you do not want to\ntake this action.\n\nThis email has been sent to ###EMAIL###\n\nRegards,\nAll at ###SITENAME###\n###SITEURL###"), $new_user_email);
        $content = str_replace('###ADMIN_URL###', esc_url(admin_url('profile.php?newuseremail=' . $hash)), $content);
        $content = str_replace('###EMAIL###', $_POST['email'], $content);
        $content = str_replace('###SITENAME###', get_site_option('site_name'), $content);
        $content = str_replace('###SITEURL###', network_home_url(), $content);
        nxt_mail($_POST['email'], sprintf(__('[%s] New Email Address'), get_option('blogname')), $content);
        $_POST['email'] = $current_user->user_email;
    }
}
Example #8
0
    $_POST['pwd'] = !empty($_POST['password']) ? $_POST['password'] : '';
}
if (empty($_POST['rememberme'])) {
    $_POST['rememberme'] = !empty($_POST['remember']) ? 1 : '';
}
// Attempt to log the user in
if ($user = bb_login(@$_POST['log'], @$_POST['pwd'], @$_POST['rememberme'])) {
    if (!is_nxt_error($user)) {
        bb_safe_redirect($re);
        exit;
    } else {
        $bb_login_error =& $user;
    }
    // No login so prepare the error
} else {
    $bb_login_error = new nxt_Error();
}
/** Handle errors *************************************************************/
// Get error data so we can provide feedback
$error_data = $bb_login_error->get_error_data();
// Does user actually exist
if (isset($error_data['unique']) && false === $error_data['unique']) {
    $user_exists = true;
} else {
    $user_exists = !empty($_POST['log']) && (bool) bb_get_user($_POST['log'], array('by' => 'login'));
}
// Check for errors on post method
if ('post' == strtolower($_SERVER['REQUEST_METHOD'])) {
    // If the user doesn't exist then add that error
    if (empty($user_exists)) {
        if (!empty($_POST['log'])) {
Example #9
0
/**
 * Processes new site registrations.
 *
 * Checks the data provided by the user during blog signup. Verifies
 * the validity and uniqueness of blog paths and domains.
 *
 * This function prevents the current user from registering a new site
 * with a blogname equivalent to another user's login name. Passing the
 * $user parameter to the function, where $user is the other user, is
 * effectively an override of this limitation.
 *
 * Filter 'nxtmu_validate_blog_signup' if you want to modify
 * the way that NXTClass validates new site signups.
 *
 * @since MU
 * @uses domain_exists()
 * @uses username_exists()
 *
 * @param string $blogname The blog name provided by the user. Must be unique.
 * @param string $blog_title The blog title provided by the user.
 * @return array Contains the new site data and error messages.
 */
function nxtmu_validate_blog_signup($blogname, $blog_title, $user = '')
{
    global $nxtdb, $domain, $base, $current_site;
    $blog_title = strip_tags($blog_title);
    $blog_title = substr($blog_title, 0, 50);
    $errors = new nxt_Error();
    $illegal_names = get_site_option('illegal_names');
    if ($illegal_names == false) {
        $illegal_names = array('www', 'web', 'root', 'admin', 'main', 'invite', 'administrator');
        add_site_option('illegal_names', $illegal_names);
    }
    // On sub dir installs, Some names are so illegal, only a filter can spring them from jail
    if (!is_subdomain_install()) {
        $illegal_names = array_merge($illegal_names, apply_filters('subdirectory_reserved_names', array('page', 'comments', 'blog', 'files', 'feed')));
    }
    if (empty($blogname)) {
        $errors->add('blogname', __('Please enter a site name'));
    }
    if (preg_match('/[^a-z0-9]+/', $blogname)) {
        $errors->add('blogname', __('Only lowercase letters and numbers allowed'));
    }
    if (in_array($blogname, $illegal_names) == true) {
        $errors->add('blogname', __('That name is not allowed'));
    }
    if (strlen($blogname) < 4 && !is_super_admin()) {
        $errors->add('blogname', __('Site name must be at least 4 characters'));
    }
    if (strpos(' ' . $blogname, '_') != false) {
        $errors->add('blogname', __('Sorry, site names may not contain the character &#8220;_&#8221;!'));
    }
    // do not allow users to create a blog that conflicts with a page on the main blog.
    if (!is_subdomain_install() && $nxtdb->get_var($nxtdb->prepare("SELECT post_name FROM " . $nxtdb->get_blog_prefix($current_site->blog_id) . "posts WHERE post_type = 'page' AND post_name = %s", $blogname))) {
        $errors->add('blogname', __('Sorry, you may not use that site name.'));
    }
    // all numeric?
    $match = array();
    preg_match('/[0-9]*/', $blogname, $match);
    if ($match[0] == $blogname) {
        $errors->add('blogname', __('Sorry, site names must have letters too!'));
    }
    $blogname = apply_filters('newblogname', $blogname);
    $blog_title = stripslashes($blog_title);
    if (empty($blog_title)) {
        $errors->add('blog_title', __('Please enter a site title'));
    }
    // Check if the domain/path has been used already.
    if (is_subdomain_install()) {
        $mydomain = $blogname . '.' . preg_replace('|^www\\.|', '', $domain);
        $path = $base;
    } else {
        $mydomain = "{$domain}";
        $path = $base . $blogname . '/';
    }
    if (domain_exists($mydomain, $path)) {
        $errors->add('blogname', __('Sorry, that site already exists!'));
    }
    if (username_exists($blogname)) {
        if (is_object($user) == false || is_object($user) && $user->user_login != $blogname) {
            $errors->add('blogname', __('Sorry, that site is reserved!'));
        }
    }
    // Has someone already signed up for this domain?
    $signup = $nxtdb->get_row($nxtdb->prepare("SELECT * FROM {$nxtdb->signups} WHERE domain = %s AND path = %s", $mydomain, $path));
    // TODO: Check email too?
    if (!empty($signup)) {
        $diff = current_time('timestamp', true) - mysql2date('U', $signup->registered);
        // If registered more than two days ago, cancel registration and let this signup go through.
        if ($diff > 172800) {
            $nxtdb->query($nxtdb->prepare("DELETE FROM {$nxtdb->signups} WHERE domain = %s AND path = %s", $mydomain, $path));
        } else {
            $errors->add('blogname', __('That site is currently reserved but may be available in a couple days.'));
        }
    }
    $result = array('domain' => $mydomain, 'path' => $path, 'blogname' => $blogname, 'blog_title' => $blog_title, 'errors' => $errors);
    return apply_filters('nxtmu_validate_blog_signup', $result);
}
Example #10
0
/**
 * Clean out registration errors that don't apply.
 */
function openid_clean_registration_errors($errors)
{
    if (get_option('openid_required_for_registration') || !empty($_POST['openid_identifier'])) {
        $new = new nxt_Error();
        foreach ($errors->get_error_codes() as $code) {
            if (in_array($code, array('empty_username', 'empty_email'))) {
                continue;
            }
            $message = $errors->get_error_message($code);
            $data = $errors->get_error_data($code);
            $new->add($code, $message, $data);
        }
        $errors = $new;
    }
    if (get_option('openid_required_for_registration') && empty($_POST['openid_identifier'])) {
        $errors->add('openid_only', __('<strong>ERROR</strong>: ', 'openid') . __('New users must register using OpenID.', 'openid'));
    }
    return $errors;
}
Example #11
0
function bp_core_signup_user($user_login, $user_password, $user_email, $usermeta)
{
    global $bp, $nxtdb;
    // Multisite installs have their own install procedure
    if (is_multisite()) {
        nxtmu_signup_user($user_login, $user_email, $usermeta);
        // On multisite, the user id is not created until the user activates the account
        // but we need to cast $user_id to pass to the filters
        $user_id = false;
    } else {
        $errors = new nxt_Error();
        $user_id = nxt_insert_user(array('user_login' => $user_login, 'user_pass' => $user_password, 'display_name' => sanitize_title($user_login), 'user_email' => $user_email));
        if (is_nxt_error($user_id) || empty($user_id)) {
            $errors->add('registerfail', sprintf(__('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !', 'buddypress'), get_option('admin_email')));
            return $errors;
        }
        // Update the user status to '2' which we will use as 'not activated' (0 = active, 1 = spam, 2 = not active)
        $nxtdb->query($nxtdb->prepare("UPDATE {$nxtdb->users} SET user_status = 2 WHERE ID = %d", $user_id));
        // Set any profile data
        if (bp_is_active('xprofile')) {
            if (!empty($usermeta['profile_field_ids'])) {
                $profile_field_ids = explode(',', $usermeta['profile_field_ids']);
                foreach ((array) $profile_field_ids as $field_id) {
                    if (empty($usermeta["field_{$field_id}"])) {
                        continue;
                    }
                    $current_field = $usermeta["field_{$field_id}"];
                    xprofile_set_field_data($field_id, $user_id, $current_field);
                }
            }
        }
    }
    $bp->signup->username = $user_login;
    /***
     * Now generate an activation key and send an email to the user so they can activate their account
     * and validate their email address. Multisite installs send their own email, so this is only for single blog installs.
     *
     * To disable sending activation emails you can user the filter 'bp_core_signup_send_activation_key' and return false.
     */
    if (apply_filters('bp_core_signup_send_activation_key', true)) {
        if (!is_multisite()) {
            $activation_key = nxt_hash($user_id);
            update_user_meta($user_id, 'activation_key', $activation_key);
            bp_core_signup_send_validation_email($user_id, $user_email, $activation_key);
        }
    }
    do_action('bp_core_signup_user', $user_id, $user_login, $user_password, $user_email, $usermeta);
    return $user_id;
}
Example #12
0
<?php

require './bb-load.php';
bb_ssl_redirect();
$profile_info_keys = bb_get_profile_info_keys();
unset($profile_info_keys['first_name']);
unset($profile_info_keys['last_name']);
unset($profile_info_keys['display_name']);
$user_login = '';
$user_safe = true;
$bb_register_error = new nxt_Error();
$_globals = array('profile_info_keys', 'user_safe', 'user_login', 'user_email', 'user_url', 'bad_input', 'bb_register_error');
$_globals = array_merge($_globals, array_keys($profile_info_keys));
if ($_POST && 'post' == strtolower($_SERVER['REQUEST_METHOD'])) {
    $_POST = stripslashes_deep($_POST);
    $_POST['user_login'] = trim($_POST['user_login']);
    $user_login = sanitize_user($_POST['user_login'], true);
    if ($user_login !== $_POST['user_login']) {
        $bad_input = true;
        if ($user_login) {
            $bb_register_error->add('user_login', sprintf(__('%s is an invalid username. How\'s this one?'), esc_html($_POST['user_login'])));
        } else {
            $bb_register_error->add('user_login', sprintf(__('%s is an invalid username.'), esc_html($_POST['user_login'])));
        }
    }
    foreach ($profile_info_keys as $key => $label) {
        if (is_string(${$key})) {
            ${$key} = esc_attr(${$key});
        } elseif (is_null(${$key})) {
            ${$key} = esc_attr($_POST[$key]);
        }