$jfb_log .= "nxt: No user found. Automatically registering (FB_" . $fb_uid . ")\n"; $user_data = array(); $user_data['user_login'] = "******" . $fb_uid; $user_data['user_pass'] = nxt_generate_password(); $user_data['user_nicename'] = sanitize_title($user_data['user_login']); $user_data['first_name'] = $fbuser['first_name']; $user_data['last_name'] = $fbuser['last_name']; $user_data['display_name'] = $fbuser['first_name']; $user_data['user_url'] = $fbuser["profile_url"]; $user_data['user_email'] = $fbuser["email"]; //Run a filter so the user can be modified to something different before registration //NOTE: If the user has selected "pretty names", this'll change FB_xxx to i.e. "John.Smith" $user_data = apply_filters('nxtfb_insert_user', $user_data, $fbuser); $user_data = apply_filters('nxtfb_inserting_user', $user_data, array('nxt_ID' => $user_login_id, 'FB_ID' => $fb_uid, 'facebook' => $facebook, 'FB_UserData' => $fbuser)); //Insert a new user to our database and make sure it worked $user_login_id = nxt_insert_user($user_data); if (is_nxt_error($user_login_id)) { j_die("Error: nxt_insert_user failed!<br/><br/>" . "If you get this error while running a nxtclass MultiSite installation, it means you'll need to purchase the <a href=\"{$jfb_homepage}#premium\">premium version</a> of this plugin to enable full MultiSite support.<br/><br/>" . "If you're <u><i>not</i></u> using MultiSite, please report this bug to the plugin author on the support page <a href=\"{$jfb_homepage}#feedback\">here</a>.<br /><br />" . "Error message: " . (function_exists(array(&$user_login_id, 'get_error_message')) ? $user_login_id->get_error_message() : "Undefined") . "<br />" . "nxt_ALLOW_MULTISITE: " . (defined('nxt_ALLOW_MULTISITE') ? constant('nxt_ALLOW_MULTISITE') : "Undefined") . "<br />" . "is_multisite: " . (function_exists('is_multisite') ? is_multisite() : "Undefined")); } //Success! Notify the site admin. $user_login_name = $user_data['user_login']; nxt_new_user_notification($user_login_name); //Run an action so i.e. usermeta can be added to a user after registration do_action('nxtfb_inserted_user', array('nxt_ID' => $user_login_id, 'FB_ID' => $fb_uid, 'facebook' => $facebook, 'nxt_UserData' => $user_data)); } //Tag the user with our meta so we can recognize them next time, without resorting to email hashes update_user_meta($user_login_id, $jfb_uid_meta_name, $fb_uid); $jfb_log .= "nxt: Updated usermeta ({$jfb_uid_meta_name})\n"; //Also store the user's facebook avatar(s), in case the user wants to use them later if ($fbuser['pic_square']) { update_user_meta($user_login_id, 'facebook_avatar_thumb', $fbuser['pic_square']);
/** * Edit user settings based on contents of $_POST * * Used on user-edit.php and profile.php to manage and process user options, passwords etc. * * @since 2.0 * * @param int $user_id Optional. User ID. * @return int user id of the updated user */ function edit_user($user_id = 0) { global $nxt_roles, $nxtdb; $user = new stdClass(); if ($user_id) { $update = true; $user->ID = (int) $user_id; $userdata = get_userdata($user_id); $user->user_login = $nxtdb->escape($userdata->user_login); } else { $update = false; } if (!$update && isset($_POST['user_login'])) { $user->user_login = sanitize_user($_POST['user_login'], true); } $pass1 = $pass2 = ''; if (isset($_POST['pass1'])) { $pass1 = $_POST['pass1']; } if (isset($_POST['pass2'])) { $pass2 = $_POST['pass2']; } if (isset($_POST['role']) && current_user_can('edit_users')) { $new_role = sanitize_text_field($_POST['role']); $potential_role = isset($nxt_roles->role_objects[$new_role]) ? $nxt_roles->role_objects[$new_role] : false; // Don't let anyone with 'edit_users' (admins) edit their own role to something without it. // Multisite super admins can freely edit their blog roles -- they possess all caps. if (is_multisite() && current_user_can('manage_sites') || $user_id != get_current_user_id() || $potential_role && $potential_role->has_cap('edit_users')) { $user->role = $new_role; } // If the new role isn't editable by the logged-in user die with error $editable_roles = get_editable_roles(); if (!empty($new_role) && empty($editable_roles[$new_role])) { nxt_die(__('You can’t give users that role.')); } } if (isset($_POST['email'])) { $user->user_email = sanitize_text_field($_POST['email']); } if (isset($_POST['url'])) { if (empty($_POST['url']) || $_POST['url'] == 'http://') { $user->user_url = ''; } else { $user->user_url = esc_url_raw($_POST['url']); $user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://' . $user->user_url; } } if (isset($_POST['first_name'])) { $user->first_name = sanitize_text_field($_POST['first_name']); } if (isset($_POST['last_name'])) { $user->last_name = sanitize_text_field($_POST['last_name']); } if (isset($_POST['nickname'])) { $user->nickname = sanitize_text_field($_POST['nickname']); } if (isset($_POST['display_name'])) { $user->display_name = sanitize_text_field($_POST['display_name']); } if (isset($_POST['description'])) { $user->description = trim($_POST['description']); } foreach (_nxt_get_user_contactmethods($user) as $method => $name) { if (isset($_POST[$method])) { $user->{$method} = sanitize_text_field($_POST[$method]); } } if ($update) { $user->rich_editing = isset($_POST['rich_editing']) && 'false' == $_POST['rich_editing'] ? 'false' : 'true'; $user->admin_color = isset($_POST['admin_color']) ? sanitize_text_field($_POST['admin_color']) : 'fresh'; $user->show_admin_bar_front = isset($_POST['admin_bar_front']) ? 'true' : 'false'; } $user->comment_shortcuts = isset($_POST['comment_shortcuts']) && 'true' == $_POST['comment_shortcuts'] ? 'true' : ''; $user->use_ssl = 0; if (!empty($_POST['use_ssl'])) { $user->use_ssl = 1; } $errors = new nxt_Error(); /* checking that username has been typed */ if ($user->user_login == '') { $errors->add('user_login', __('<strong>ERROR</strong>: Please enter a username.')); } /* checking the password has been typed twice */ do_action_ref_array('check_passwords', array($user->user_login, &$pass1, &$pass2)); if ($update) { if (empty($pass1) && !empty($pass2)) { $errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass1')); } elseif (!empty($pass1) && empty($pass2)) { $errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass2')); } } else { if (empty($pass1)) { $errors->add('pass', __('<strong>ERROR</strong>: Please enter your password.'), array('form-field' => 'pass1')); } elseif (empty($pass2)) { $errors->add('pass', __('<strong>ERROR</strong>: Please enter your password twice.'), array('form-field' => 'pass2')); } } /* Check for "\" in password */ if (false !== strpos(stripslashes($pass1), "\\")) { $errors->add('pass', __('<strong>ERROR</strong>: Passwords may not contain the character "\\".'), array('form-field' => 'pass1')); } /* checking the password has been typed twice the same */ if ($pass1 != $pass2) { $errors->add('pass', __('<strong>ERROR</strong>: Please enter the same password in the two password fields.'), array('form-field' => 'pass1')); } if (!empty($pass1)) { $user->user_pass = $pass1; } if (!$update && isset($_POST['user_login']) && !validate_username($_POST['user_login'])) { $errors->add('user_login', __('<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.')); } if (!$update && username_exists($user->user_login)) { $errors->add('user_login', __('<strong>ERROR</strong>: This username is already registered. Please choose another one.')); } /* checking e-mail address */ if (empty($user->user_email)) { $errors->add('empty_email', __('<strong>ERROR</strong>: Please enter an e-mail address.'), array('form-field' => 'email')); } elseif (!is_email($user->user_email)) { $errors->add('invalid_email', __('<strong>ERROR</strong>: The e-mail address isn’t correct.'), array('form-field' => 'email')); } elseif (($owner_id = email_exists($user->user_email)) && (!$update || $owner_id != $user->ID)) { $errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.'), array('form-field' => 'email')); } // Allow plugins to return their own errors. do_action_ref_array('user_profile_update_errors', array(&$errors, $update, &$user)); if ($errors->get_error_codes()) { return $errors; } if ($update) { $user_id = nxt_update_user(get_object_vars($user)); } else { $user_id = nxt_insert_user(get_object_vars($user)); nxt_new_user_notification($user_id, isset($_POST['send_password']) ? $pass1 : ''); } return $user_id; }
/** * Create a new NXTClass user with the specified identity URL and user data. * * @param string $identity_url OpenID to associate with the newly * created account * @param array $user_data array of user data */ function openid_create_new_user($identity_url, &$user_data) { global $nxtdb; // Identity URL is new, so create a user @(include_once ABSPATH . 'nxt-admin/upgrade-functions.php'); // 2.1 @(include_once ABSPATH . nxtINC . '/registration-functions.php'); // 2.0.4 // otherwise, try to use preferred username if (empty($username) && array_key_exists('nickname', $user_data)) { $username = openid_generate_new_username($user_data['nickname'], false); } // finally, build username from OpenID URL if (empty($username)) { $username = openid_generate_new_username($identity_url); } $user_data['user_login'] = $username; $user_data['user_pass'] = substr(md5(uniqid(microtime())), 0, 7); $user_id = nxt_insert_user($user_data); if ($user_id) { // created ok $user_data['ID'] = $user_id; // XXX this all looks redundant, see openid_set_current_user $user = new nxt_User($user_id); if (!nxt_login($user->user_login, $user_data['user_pass'])) { openid_message(__('User was created fine, but nxt_login() for the new user failed. This is probably a bug.', 'openid')); openid_status('error'); openid_error(openid_message()); return; } // notify of user creation nxt_new_user_notification($user->user_login); nxt_clearcookie(); nxt_setcookie($user->user_login, md5($user->user_pass), true, '', '', true); // Bind the provided identity to the just-created user openid_add_user_identity($user_id, $identity_url); openid_status('redirect'); if (!$user->has_cap('edit_posts')) { $redirect_to = '/nxt-admin/profile.php'; } } else { // failed to create user for some reason. openid_message(__('OpenID authentication successful, but failed to create NXTClass user. This is probably a bug.', 'openid')); openid_status('error'); openid_error(openid_message()); } }
/** * A simpler way of inserting an user into the database. * * Creates a new user with just the username, password, and email. For more * complex user creation use nxt_insert_user() to specify more information. * * @since 2.0.0 * @see nxt_insert_user() More complete way to create a new user * * @param string $username The user's username. * @param string $password The user's password. * @param string $email The user's email (optional). * @return int The new user's ID. */ function nxt_create_user($username, $password, $email = '') { $user_login = esc_sql($username); $user_email = esc_sql($email); $user_pass = $password; $userdata = compact('user_login', 'user_email', 'user_pass'); return nxt_insert_user($userdata); }
function bp_core_signup_user($user_login, $user_password, $user_email, $usermeta) { global $bp, $nxtdb; // Multisite installs have their own install procedure if (is_multisite()) { nxtmu_signup_user($user_login, $user_email, $usermeta); // On multisite, the user id is not created until the user activates the account // but we need to cast $user_id to pass to the filters $user_id = false; } else { $errors = new nxt_Error(); $user_id = nxt_insert_user(array('user_login' => $user_login, 'user_pass' => $user_password, 'display_name' => sanitize_title($user_login), 'user_email' => $user_email)); if (is_nxt_error($user_id) || empty($user_id)) { $errors->add('registerfail', sprintf(__('<strong>ERROR</strong>: Couldn’t register you... please contact the <a href="mailto:%s">webmaster</a> !', 'buddypress'), get_option('admin_email'))); return $errors; } // Update the user status to '2' which we will use as 'not activated' (0 = active, 1 = spam, 2 = not active) $nxtdb->query($nxtdb->prepare("UPDATE {$nxtdb->users} SET user_status = 2 WHERE ID = %d", $user_id)); // Set any profile data if (bp_is_active('xprofile')) { if (!empty($usermeta['profile_field_ids'])) { $profile_field_ids = explode(',', $usermeta['profile_field_ids']); foreach ((array) $profile_field_ids as $field_id) { if (empty($usermeta["field_{$field_id}"])) { continue; } $current_field = $usermeta["field_{$field_id}"]; xprofile_set_field_data($field_id, $user_id, $current_field); } } } } $bp->signup->username = $user_login; /*** * Now generate an activation key and send an email to the user so they can activate their account * and validate their email address. Multisite installs send their own email, so this is only for single blog installs. * * To disable sending activation emails you can user the filter 'bp_core_signup_send_activation_key' and return false. */ if (apply_filters('bp_core_signup_send_activation_key', true)) { if (!is_multisite()) { $activation_key = nxt_hash($user_id); update_user_meta($user_id, 'activation_key', $activation_key); bp_core_signup_send_validation_email($user_id, $user_email, $activation_key); } } do_action('bp_core_signup_user', $user_id, $user_login, $user_password, $user_email, $usermeta); return $user_id; }
/** * Map old author logins to local user IDs based on decisions made * in import options form. Can map to an existing user, create a new user * or falls back to the current user in case of error with either of the previous */ function get_author_mapping() { if (!isset($_POST['imported_authors'])) { return; } $create_users = $this->allow_create_users(); foreach ((array) $_POST['imported_authors'] as $i => $old_login) { // Multsite adds strtolower to sanitize_user. Need to sanitize here to stop breakage in process_posts. $santized_old_login = sanitize_user($old_login, true); $old_id = isset($this->authors[$old_login]['author_id']) ? intval($this->authors[$old_login]['author_id']) : false; if (!empty($_POST['user_map'][$i])) { $user = get_userdata(intval($_POST['user_map'][$i])); if (isset($user->ID)) { if ($old_id) { $this->processed_authors[$old_id] = $user->ID; } $this->author_mapping[$santized_old_login] = $user->ID; } } else { if ($create_users) { if (!empty($_POST['user_new'][$i])) { $user_id = nxt_create_user($_POST['user_new'][$i], nxt_generate_password()); } else { if ($this->version != '1.0') { $user_data = array('user_login' => $old_login, 'user_pass' => nxt_generate_password(), 'user_email' => isset($this->authors[$old_login]['author_email']) ? $this->authors[$old_login]['author_email'] : '', 'display_name' => $this->authors[$old_login]['author_display_name'], 'first_name' => isset($this->authors[$old_login]['author_first_name']) ? $this->authors[$old_login]['author_first_name'] : '', 'last_name' => isset($this->authors[$old_login]['author_last_name']) ? $this->authors[$old_login]['author_last_name'] : ''); $user_id = nxt_insert_user($user_data); } } if (!is_nxt_error($user_id)) { if ($old_id) { $this->processed_authors[$old_id] = $user_id; } $this->author_mapping[$santized_old_login] = $user_id; } else { printf(__('Failed to create new user for %s. Their posts will be attributed to the current user.', 'nxtclass-importer'), esc_html($this->authors[$old_login]['author_display_name'])); if (defined('IMPORT_DEBUG') && IMPORT_DEBUG) { echo ' ' . $user_id->get_error_message(); } echo '<br />'; } } } // failsafe: if the user_id was invalid, default to the current user if (!isset($this->author_mapping[$santized_old_login])) { if ($old_id) { $this->processed_authors[$old_id] = (int) get_current_user_id(); } $this->author_mapping[$santized_old_login] = (int) get_current_user_id(); } } }