/**
* Generates token.
*
* Uses 'create_token' to create a token.
*
* @since 4.3.0
*
* @param string $request The rest-api request that contains all parameters.
* @return array The token and expiration-timestamp
*/
function action(WP_REST_Request $request)
{
$return = new WP_Error('400', __('Authentication failed.', 'wp_jwt_auth'));
if (isset($request['method'])) {
// if user wants to login by social-media-account
$return = apply_filters('wak_login_method_' . $request['method'], $return, $request);
} else {
// if user wants to login by username/password
$username = $request['username'];
$password = $request['password'];
$jwt_functions = new WAK_Functions();
$user = get_user_by('login', $username);
if ($user && wp_check_password($password, $user->data->user_pass, $user->ID)) {
$return = $jwt_functions->create_token($user->ID);
} else {
$return = new WP_Error('credentials_invalid', __('Username/Password combination is invalid', 'wp_jwt_auth'));
}
}
if (isset($request['set_wp_cookie']) && $request['set_wp_cookie'] == 'true' && !is_wp_error($return)) {
wp_set_auth_cookie($return['userid'], true);
}
if (isset($request['redirect_to']) && !is_wp_error($return)) {
$location = $request['redirect_to'];
if (is_wp_error($return)) {
$location .= '?error=true&msg=' . urlencode($return->get_error_message());
}
wp_redirect($location);
exit;
return;
}
return $return;
}
public static function process_withdrawal()
{
$action = wskl_POST('action');
if ($action != 'dabory_members_withdrawal') {
return;
}
self::evaluate_and_redirect_if_failed(is_user_logged_in(), __('먼저 로그인 하세요', 'wskl'));
self::evaluate_and_redirect_if_failed(wp_verify_nonce($_POST['dabory_members_withdrawal'], 'dabory_members_withdrawal'), __('Nonce 인증에 실패했습니다.', 'wskl'));
$user = wp_get_current_user();
$password = wskl_POST('password');
$reason = wskl_POST('reason', 'sanitize_text_field');
self::evaluate_and_redirect_if_failed(wp_check_password($password, $user->user_pass, $user->ID), __('비밀번호가 일치하지 않습니다.', 'wskl'));
if (wskl_is_option_enabled('members_delete_after_withdrawal')) {
if (!function_exists('wp_delete_user')) {
include_once ABSPATH . 'wp-admin/includes/user.php';
}
// 멤버 정말로 삭제
wp_logout();
wp_delete_user($user->ID);
} else {
// 역할을 바꿔 탈퇴 회원으로 간주
update_user_meta($user->ID, 'withdrawal_reason', $reason);
$user->set_role('wskl_withdrawn');
wp_logout();
}
// 탈퇴 완료 메시지
wp_redirect(add_query_arg(array('status' => 'complete'), $_SERVER['REQUEST_URI']));
exit;
}
function wp_check_bind_user($username, $password)
{
if (empty($password)) {
return __('<strong>ERROR</strong>: The password field is empty.');
}
$userdata = get_userdatabylogin($username);
if (!$userdata) {
return sprintf(__('<strong>ERROR</strong>: Invalid username. <a href="%s" title="Password Lost and Found">Lost your password</a>?'), site_url('wp-login.php?action=lostpassword', 'login'));
}
if (is_multisite()) {
// Is user marked as spam?
if (1 == $userdata->spam) {
return __('<strong>ERROR</strong>: Your account has been marked as a spammer.');
}
// Is a user's blog marked as spam?
if (!is_super_admin($userdata->ID) && isset($userdata->primary_blog)) {
$details = get_blog_details($userdata->primary_blog);
if (is_object($details) && $details->spam == 1) {
return __('Site Suspended.');
}
}
}
$userdata = apply_filters('wp_authenticate_user', $userdata, $password);
if (is_wp_error($userdata)) {
return;
}
if (!wp_check_password($password, $userdata->user_pass, $userdata->ID)) {
return sprintf(__('<strong>ERROR</strong>: The password you entered for the username <strong>%1$s</strong> is incorrect. <a href="%2$s" title="Password Lost and Found">Lost your password</a>?'), $username, site_url('wp-login.php?action=lostpassword', 'login'));
}
}
function um_submit_form_errors_hook_login($args)
{
global $ultimatemember;
$is_email = false;
$form_id = $args['form_id'];
$mode = $args['mode'];
if (isset($args['username']) && $args['username'] == '') {
$ultimatemember->form->add_error('username', __('Please enter your username or email', 'ultimatemember'));
}
if (isset($args['user_login']) && $args['user_login'] == '') {
$ultimatemember->form->add_error('user_login', __('Please enter your username', 'ultimatemember'));
}
if (isset($args['user_email']) && $args['user_email'] == '') {
$ultimatemember->form->add_error('user_email', __('Please enter your email', 'ultimatemember'));
}
if (isset($args['username'])) {
$field = 'username';
if (is_email($args['username'])) {
$is_email = true;
$data = get_user_by('email', $args['username']);
$user_name = isset($data->user_login) ? $data->user_login : null;
} else {
$user_name = $args['username'];
}
} else {
if (isset($args['user_email'])) {
$field = 'user_email';
$is_email = true;
$data = get_user_by('email', $args['user_email']);
$user_name = isset($data->user_login) ? $data->user_login : null;
} else {
$field = 'user_login';
$user_name = $args['user_login'];
}
}
if (!username_exists($user_name)) {
if ($is_email) {
$ultimatemember->form->add_error($field, __(' Sorry, we can\'t find an account with that email address', 'ultimatemember'));
} else {
$ultimatemember->form->add_error($field, __(' Sorry, we can\'t find an account with that username', 'ultimatemember'));
}
} else {
if ($args['user_password'] == '') {
$ultimatemember->form->add_error('user_password', __('Please enter your password', 'ultimatemember'));
}
}
$user = get_user_by('login', $user_name);
if ($user && wp_check_password($args['user_password'], $user->data->user_pass, $user->ID)) {
$ultimatemember->login->auth_id = username_exists($user_name);
} else {
$ultimatemember->form->add_error('user_password', __('Password is incorrect. Please try again.', 'ultimatemember'));
}
// add a way for other plugins like wp limit login
// to limit the login attempts
$user = apply_filters('authenticate', null, $user_name, $args['user_password']);
// if there is an error notify wp
if ($ultimatemember->form->has_error($field) || $ultimatemember->form->has_error($user_password)) {
do_action('wp_login_failed', $user_name);
}
}
static function updateProfileInformation($data)
{
global $_js_helper;
$success = 0;
if (!$_js_helper->is_logged()) {
return false;
}
$args = wp_parse_args($data, array());
if ($args['edit_task'] && $args['edit_task'] == 'change_password') {
$current_user = JS_Helper::get_current_js_user();
if (!wp_check_password($args['old_pass'], $current_user->user_pass, $current_user->ID)) {
return -2;
}
}
$meta_data = $args['meta'];
unset($args['meta']);
if (!is_wp_error(wp_update_user($args))) {
$success++;
}
if ($meta_data) {
foreach ($meta_data as $meta_key => $meta_value) {
$success += update_user_meta($args['ID'], $meta_key, $meta_value) ? 1 : 0;
}
}
return strval($success);
}
function check_custom_authentication($username, $password)
{
global $wpdb;
$setting_value = array();
$date_time = date("Y-m-d H:i:s");
$ip_Address = getIpAddress();
$log_data = cpo_get_ip_location($ip_Address);
$insert = new log_data();
$setting_value["username"] = isset($_REQUEST["log"]) ? esc_attr($_REQUEST["log"]) : esc_attr($_REQUEST["username"]);
$setting_value["ip_address"] = $ip_Address;
if ($log_data->city == "" || $log_data->country_name == "") {
$setting_value["geo_location"] = $log_data->city . $log_data->country_name;
} else {
$setting_value["geo_location"] = $log_data->city . ", " . $log_data->country_name;
}
$userdata = get_user_by("login", $username);
if (wp_check_password($password, $userdata->user_pass)) {
$setting_value["login_status"] = 1;
} else {
$setting_value["login_status"] = 0;
}
$setting_value["latitude"] = $log_data->latitude;
$setting_value["longitude"] = $log_data->longitude;
$setting_value["date_time"] = $date_time;
$insert->insert_data(cleanup_optimizer_log(), $setting_value);
}
/**
* Filter the user to authenticate.
*
* @since 0.1-dev
*
* @access public
* @static
*
* @param WP_User $input_user User to authenticate.
* @param string $username User login.
* @param string $password User password.
*/
public static function authenticate($input_user, $username, $password)
{
$api_request = defined('XMLRPC_REQUEST') && XMLRPC_REQUEST;
if (!apply_filters('application_password_is_api_request', $api_request)) {
return $input_user;
}
$user = get_user_by('login', $username);
// If the login name is invalid, short circuit.
if (!$user) {
return $input_user;
}
/*
* Strip out anything non-alphanumeric. This is so passwords can be used with
* or without spaces to indicate the groupings for readability.
*/
$password = preg_replace('/[^a-z\\d]/i', '', $password);
$hashed_passwords = get_user_meta($user->ID, self::USERMETA_KEY_APPLICATION_PASSWORDS, true);
foreach ($hashed_passwords as $key => $item) {
if (wp_check_password($password, $item['password'], $user->ID)) {
$item['last_used'] = time();
$item['last_ip'] = $_SERVER['REMOTE_ADDR'];
$hashed_passwords[$key] = $item;
update_user_meta($user->ID, self::USERMETA_KEY_APPLICATION_PASSWORDS, $hashed_passwords);
return $user;
}
}
// By default, return what we've been passed.
return $input_user;
}
/**
* Process Login Form
*
* @since 1.0
* @param arr $data Data sent from the login form
* @return void
*/
function kbs_process_login_form($data)
{
if (wp_verify_nonce($data['kbs_login_nonce'], 'kbs-login-nonce')) {
$user_data = get_user_by('login', $data['kbs_user_login']);
if (!$user_data) {
$user_data = get_user_by('email', $data['kbs_user_login']);
}
if ($user_data) {
$user_ID = $user_data->ID;
$user_email = $user_data->user_email;
if (wp_check_password($data['kbs_user_pass'], $user_data->user_pass, $user_data->ID)) {
kbs_log_user_in($user_data->ID, $data['kbs_user_login'], $data['kbs_user_pass']);
} else {
$message = 'password_incorrect';
}
} else {
$message = 'username_incorrect';
}
if (!empty($message)) {
$url = remove_query_arg('message');
wp_redirect(add_query_arg('message', $message, $url));
die;
}
$redirect = apply_filters('kbs_login_redirect', $data['kbs_redirect'], $user_ID);
wp_redirect($redirect);
die;
}
}
/**
* Process Login Form
*
* @since 1.0
* @param array $data Data sent from the login form
* @return void
*/
function edd_process_login_form($data)
{
if (wp_verify_nonce($data['edd_login_nonce'], 'edd-login-nonce')) {
$user_data = get_user_by('login', $data['edd_user_login']);
if (!$user_data) {
$user_data = get_user_by('email', $data['edd_user_login']);
}
if ($user_data) {
$user_ID = $user_data->ID;
$user_email = $user_data->user_email;
if (wp_check_password($data['edd_user_pass'], $user_data->user_pass, $user_data->ID)) {
edd_log_user_in($user_data->ID, $data['edd_user_login'], $data['edd_user_pass']);
} else {
edd_set_error('password_incorrect', __('The password you entered is incorrect', 'edd'));
}
} else {
edd_set_error('username_incorrect', __('The username you entered does not exist', 'edd'));
}
// Check for errors and redirect if none present
$errors = edd_get_errors();
if (!$errors) {
$redirect = apply_filters('edd_login_redirect', $data['edd_redirect'], $user_ID);
wp_redirect($redirect);
edd_die();
}
}
}
function comber_login_guest()
{
if (isset($_POST['comber_user_login']) && wp_verify_nonce($_POST['comber_login_nonce'], 'comber-login-nonce')) {
// this returns the user ID and other info from the user name
$user = get_userdatabylogin($_POST['comber_user_login']);
if (!$user) {
// if the user name doesn't exist
comber_errors()->add('empty_username', __('Invalid username'));
}
if (!isset($_POST['comber_user_pass']) || $_POST['comber_user_pass'] == '') {
// if no password was entered
comber_errors()->add('empty_password', __('Please enter a password'));
}
// check the user's login with their password
if (!wp_check_password($_POST['comber_user_pass'], $user->user_pass, $user->ID)) {
// if the password is incorrect for the specified user
comber_errors()->add('empty_password', __('Incorrect password'));
}
// retrieve all error messages
$errors = comber_errors()->get_error_messages();
// only log the user in if there are no errors
if (empty($errors)) {
wp_setcookie($_POST['comber_user_login'], $_POST['comber_user_pass'], true);
wp_set_current_user($user->ID, $_POST['comber_user_login']);
do_action('wp_login', $_POST['comber_user_login']);
wp_redirect(home_url($_POST['current_page']));
exit;
} else {
wp_redirect(home_url($_POST['current_page'] . '/?login=true&fail=true'));
exit;
}
}
}
function wpanswer_auth_login($user, $username, $password)
{
global $wpdb, $wpanswer_user_approve;
if (is_a($user, 'WP_User')) {
return $user;
}
//Existing WP core code
$userdata = get_user_by('login', $username);
if (!$userdata) {
return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid username.', 'wpanswer'));
}
$userdata = apply_filters('wp_authenticate_user', $userdata, $password);
//Existing WP core code
if (is_wp_error($userdata)) {
//Existing WP core code
return $userdata;
}
if (!wp_check_password($password, $userdata->user_pass, $userdata->ID)) {
return new WP_Error('incorrect_password', sprintf(__('<strong>ERROR</strong>: Incorrect password. <a href="%s" title="Password Lost and Found">Lost your password</a>?', 'wpanswer'), site_url('wp-login.php?action=lostpassword', 'login')));
}
//Check if auto pending new account status feature is enabled
if ($wpanswer_user_approve->configs->get_value('wpanswer_enable_manual_registration_approval') == '1') {
$cap_key_name = $wpdb->prefix . 'capabilities';
$user_meta_info = get_user_meta($userdata->ID, 'wpanswer_account_status', TRUE);
if ($user_meta_info == 'pending') {
return new WP_Error('authentication_failed', __('<strong>ACCOUNT PENDING</strong>: Your account is currently not active. An administrator needs to activate your account before you can login.', 'wpanswer'));
}
}
$user = new WP_User($userdata->ID);
return $user;
}
public function test()
{
$users = new UserCollection($this->user['ID'], 'ids');
$user = $users->last;
assert($user->name === 'x');
assert($user->email === 'x@x.x');
assert(wp_check_password($this->user['user_pass'], $user->hash));
}
function um_submit_form_errors_hook_login($args)
{
global $ultimatemember;
$is_email = false;
$form_id = $args['form_id'];
$mode = $args['mode'];
if (isset($args['username']) && $args['username'] == '') {
$ultimatemember->form->add_error('username', __('Please enter your username or email', 'ultimatemember'));
}
if (isset($args['user_login']) && $args['user_login'] == '') {
$ultimatemember->form->add_error('user_login', __('Please enter your username', 'ultimatemember'));
}
if (isset($args['user_email']) && $args['user_email'] == '') {
$ultimatemember->form->add_error('user_email', __('Please enter your email', 'ultimatemember'));
}
if (isset($args['username'])) {
$field = 'username';
if (is_email($args['username'])) {
$is_email = true;
$data = get_user_by('email', $args['username']);
$user_name = isset($data->user_login) ? $data->user_login : null;
} else {
$user_name = $args['username'];
}
} else {
if (isset($args['user_email'])) {
$field = 'user_email';
$is_email = true;
$data = get_user_by('email', $args['user_email']);
$user_name = isset($data->user_login) ? $data->user_login : null;
} else {
$field = 'user_login';
$user_name = $args['user_login'];
}
}
if (!username_exists($user_name)) {
if ($is_email) {
$ultimatemember->form->add_error($field, __(' К сожалению, мы не можем найти учетную запись с этим адресом электронной почты', 'ultimatemember'));
} else {
$ultimatemember->form->add_error($field, __(' К сожалению, мы не можем найти учетную запись пользователя с этим', 'ultimatemember'));
}
} else {
if ($args['user_password'] == '') {
$ultimatemember->form->add_error('user_password', __('Пожалуйста введите ваш пароль', 'ultimatemember'));
}
}
$user = get_user_by('login', $user_name);
if ($user && wp_check_password($args['user_password'], $user->data->user_pass, $user->ID)) {
$ultimatemember->login->auth_id = username_exists($user_name);
} else {
$ultimatemember->form->add_error('user_password', __('Неверный пароль. Пожалуйста, попробуйте еще раз.', 'ultimatemember'));
}
}
function um_submit_form_errors_hook_login($args)
{
global $ultimatemember;
$is_email = false;
$form_id = $args['form_id'];
$mode = $args['mode'];
if (isset($args['username']) && $args['username'] == '') {
$ultimatemember->form->add_error('username', __('Please enter your username or email', 'ultimatemember'));
}
if (isset($args['user_login']) && $args['user_login'] == '') {
$ultimatemember->form->add_error('user_login', __('Please enter your username', 'ultimatemember'));
}
if (isset($args['user_email']) && $args['user_email'] == '') {
$ultimatemember->form->add_error('user_email', __('Please enter your email', 'ultimatemember'));
}
if (isset($args['username'])) {
$field = 'username';
if (is_email($args['username'])) {
$is_email = true;
$data = get_user_by('email', $args['username']);
$user_name = isset($data->user_login) ? $data->user_login : null;
} else {
$user_name = $args['username'];
}
} else {
if (isset($args['user_email'])) {
$field = 'user_email';
$is_email = true;
$data = get_user_by('email', $args['user_email']);
$user_name = isset($data->user_login) ? $data->user_login : null;
} else {
$field = 'user_login';
$user_name = $args['user_login'];
}
}
if (!username_exists($user_name)) {
if ($is_email) {
$ultimatemember->form->add_error($field, __(' Sorry, we can\'t find an account with that email address', 'ultimatemember'));
} else {
$ultimatemember->form->add_error($field, __(' Sorry, we can\'t find an account with that username', 'ultimatemember'));
}
} else {
if ($args['user_password'] == '') {
$ultimatemember->form->add_error('user_password', __('Please enter your password', 'ultimatemember'));
}
}
$user = get_user_by('login', $user_name);
if ($user && wp_check_password($args['user_password'], $user->data->user_pass, $user->ID)) {
$ultimatemember->login->auth_id = username_exists($user_name);
} else {
$ultimatemember->form->add_error('user_password', __('Password is incorrect. Please try again.', 'ultimatemember'));
}
}
/**
* Disallow using the same password as before on reset.
*
* @action validate_password_reset
*
* @param WP_Error $errors
* @param WP_User $user
*/
public function validate_password_reset($errors, $user)
{
$new_pass1 = filter_input(INPUT_POST, 'pass1');
$new_pass2 = filter_input(INPUT_POST, 'pass2');
if (!$new_pass1 || !$new_pass2 || $new_pass1 !== $new_pass2 || !Expire_Passwords::has_expirable_role($user)) {
return;
}
$is_same = wp_check_password($new_pass1, $user->data->user_pass, $user->ID);
if ($is_same) {
$errors->add('password_already_used', esc_html__('You cannot reuse your old password.'));
}
}
/**
* Test wp_hash_password trims whitespace
*
* This is similar to test_password_trimming but tests the "lower level"
* wp_hash_password function
*
* @ticket 24973
*/
function test_wp_hash_password_trimming()
{
$password = '******';
$this->assertTrue(wp_check_password('pass with leading whitespace', wp_hash_password($password)));
$password = '******';
$this->assertTrue(wp_check_password('pass with trailing whitespace', wp_hash_password($password)));
$password = '******';
$this->assertTrue(wp_check_password('pass with whitespace', wp_hash_password($password)));
$password = "******";
$this->assertTrue(wp_check_password('pass with new line', wp_hash_password($password)));
$password = "******";
$this->assertTrue(wp_check_password('pass with vertial tab o_O', wp_hash_password($password)));
}
/**
* This function simultaneously verifies usernames/passwords. This is because both
* the pnm and the rc have to type in their usernames/passwords to create the bid
*/
function ifcrush_bid_verify_password($netID, $userpassword)
{
global $wpdb;
$table_name = $wpdb->prefix . "usermeta";
$query = "select user_id from {$table_name} where meta_value = '{$netID}'";
$userid = $wpdb->get_results($query);
$user = get_user_by('id', $userid[0]->user_id);
if ($user && wp_check_password($userpassword, $user->data->user_pass, $user->ID)) {
return 0;
} else {
return -1;
}
}
public function user_login()
{
$response = array('redirect' => false, 'request' => $_POST);
//Check for empty fields
if (empty($_POST['email']) || empty($_POST['pwd'])) {
//create new error object and add errors to it.
$error = new WP_Error();
if (empty($email)) {
//No email
$error->add('empty_username', __('<strong>ERROR</strong>: Email field is empty.'));
} else {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
//Invalid Email
$error->add('invalid_username', __('<strong>ERROR</strong>: Email is invalid.'));
}
}
if (empty($meta['password'])) {
//No password
$error->add('empty_password', __('<strong>ERROR</strong>: Password field is empty.'));
}
$response['errors'] = $error;
}
if (empty($response['errors'])) {
$email = $_POST['email'];
$meta['password'] = $_POST['pwd'];
//Check if user exists in WordPress database
$user = get_user_by('email', $email);
//bad email
if (!$user) {
$error = new WP_Error();
$error->add('invalid', __('<strong>ERROR</strong>: Either the email or password you entered is invalid.'));
$response['errors'] = $error;
} else {
//check password
if (!wp_check_password($meta['password'], $user->user_pass, $user->ID)) {
//bad password
$error = new WP_Error();
$error->add('invalid', __('<strong>ERROR</strong>: Either the email or password you entered is invalid.'));
$response['errors'] = $error;
} else {
wp_clear_auth_cookie();
wp_set_current_user($user->ID);
wp_set_auth_cookie($user->ID);
$response['redirect'] = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : home_url();
$response['user'] = $user;
}
}
}
echo json_encode($response);
exit;
}
/**
*Process the login form
*
* @access public
* @since 1.0
*/
function rcp_process_login_form()
{
if (!isset($_POST['rcp_action']) || 'login' != $_POST['rcp_action']) {
return;
}
if (!isset($_POST['rcp_login_nonce']) || !wp_verify_nonce($_POST['rcp_login_nonce'], 'rcp-login-nonce')) {
return;
}
if (is_email($_POST['rcp_user_login'])) {
$user = get_user_by('email', $_POST['rcp_user_login']);
} else {
// this returns the user ID and other info from the user name
$user = get_user_by('login', $_POST['rcp_user_login']);
}
do_action('rcp_before_form_errors', $_POST);
if (!$user) {
// if the user name doesn't exist
rcp_errors()->add('empty_username', __('Invalid username or email', 'rcp'), 'login');
}
if (!isset($_POST['rcp_user_pass']) || $_POST['rcp_user_pass'] == '') {
// if no password was entered
rcp_errors()->add('empty_password', __('Please enter a password', 'rcp'), 'login');
}
if ($user) {
// check the user's login with their password
if (!wp_check_password($_POST['rcp_user_pass'], $user->user_pass, $user->ID)) {
// if the password is incorrect for the specified user
rcp_errors()->add('empty_password', __('Incorrect password', 'rcp'), 'login');
}
}
if (function_exists('is_limit_login_ok') && !is_limit_login_ok()) {
rcp_errors()->add('limit_login_failed', limit_login_error_msg(), 'login');
}
do_action('rcp_login_form_errors', $_POST);
// retrieve all error messages
$errors = rcp_errors()->get_error_messages();
// only log the user in if there are no errors
if (empty($errors)) {
$remember = isset($_POST['rcp_user_remember']);
$redirect = !empty($_POST['rcp_redirect']) ? $_POST['rcp_redirect'] : home_url();
rcp_login_user_in($user->ID, $_POST['rcp_user_login'], $remember);
// redirect the user back to the page they were previously on
wp_redirect($redirect);
exit;
} else {
if (function_exists('limit_login_failed')) {
limit_login_failed($_POST['rcp_user_login']);
}
}
}
/**
* Checks if a user is activated.
*
* @since 2.7.1
*
* @uses wp_check_password
* @param int $user
* @param string $username
* @param string $password
* @return int $user
*/
function wpmem_check_activated($user, $username, $password)
{
// Password must be validated.
$pass = !is_wp_error($user) && $password ? wp_check_password($password, $user->user_pass, $user->ID) : false;
if (!$pass) {
return $user;
}
// Activation flag must be validated.
$active = get_user_meta($user->ID, 'active', true);
if ($active != 1) {
return new WP_Error('authentication_failed', __('<strong>ERROR</strong>: User has not been activated.', 'wp-members'));
}
// If the user is validated, return the $user object.
return $user;
}
public static function login($username, $password)
{
global $wpdb;
$user = $wpdb->get_row($wpdb->prepare("SELECT ID, user_pass\n\t\t\t\tFROM {$wpdb->users}\n\t\t\t\tWHERE user_login = %s OR user_email = %s", $username, $username));
if (isset($user) && wp_check_password($password, $user->user_pass, $user->ID)) {
$tokenData = get_user_meta($user->ID, 'bimsie_token', true);
if (isset($tokenData) && $tokenData != '' && $tokenData['timestamp'] > time() - Bimsie::$tokenTimeout) {
// Token is still valid
return BIMsie::updateTokenTimestamp($user->ID);
} else {
return BIMsie::updateTokenTimestamp($user->ID, BIMSie::generateToken());
}
} else {
return false;
}
}
function bb_check_login($user, $pass, $already_md5 = false)
{
global $bbdb;
$user = sanitize_user($user);
if ($user == '') {
return false;
}
$user = bb_get_user_by_name($user);
$test_user = defined('BACKPRESS_PATH') ? new BP_User($user->ID) : new BB_User($user->ID);
if ($test_user->has_cap('waitingapproval')) {
return false;
}
if (!wp_check_password($pass, $user->user_pass, $user->ID)) {
return false;
}
return $user;
}
/**
* Process the loginform submission
*
* @since 1.0
*/
public function process_login($data)
{
if (!isset($_POST['affwp_login_nonce']) || !wp_verify_nonce($_POST['affwp_login_nonce'], 'affwp-login-nonce')) {
return;
}
do_action('affwp_pre_process_login_form');
if (empty($data['affwp_user_login'])) {
$this->add_error('empty_username', __('Invalid username', 'affiliate-wp'));
}
$user = get_user_by('login', $_POST['affwp_user_login']);
if (!$user) {
$user = get_user_by('email', $_POST['affwp_user_login']);
}
if (!$user) {
$this->add_error('no_such_user', __('No such user', 'affiliate-wp'));
}
if (empty($_POST['affwp_user_pass'])) {
$this->add_error('empty_password', __('Please enter a password', 'affiliate-wp'));
}
if ($user) {
// check the user's login with their password
if (!wp_check_password($_POST['affwp_user_pass'], $user->user_pass, $user->ID)) {
// if the password is incorrect for the specified user
$this->add_error('password_incorrect', __('Incorrect username or password', 'affiliate-wp'));
}
}
if (function_exists('is_limit_login_ok') && !is_limit_login_ok()) {
$this->add_error('limit_login_failed', limit_login_error_msg());
}
do_action('affwp_process_login_form');
// only log the user in if there are no errors
if (empty($this->errors)) {
$remember = isset($_POST['affwp_user_remember']);
$this->log_user_in($user->ID, $_POST['affwp_user_login'], $remember);
$redirect = apply_filters('affwp_login_redirect', $data['affwp_redirect']);
if ($redirect) {
wp_redirect($redirect);
exit;
}
} else {
if (function_exists('limit_login_failed')) {
limit_login_failed($_POST['affwp_user_login']);
}
}
}
function mo2f_wp_authenticate_username_password($user, $username, $password)
{
if (is_a($user, 'WP_User')) {
return $user;
}
if (empty($username) || empty($password)) {
$error = new WP_Error();
if (empty($username)) {
$error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.'));
}
if (empty($password)) {
$error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.'));
}
return $error;
}
$userdata = get_user_by('login', $username);
if (!$userdata) {
return new WP_Error('invalid_username', sprintf(__('<strong>ERROR</strong>: Invalid username. <a href="%s" title="Password Lost and Found">Lost your password</a>?'), wp_lostpassword_url()));
}
if (is_multisite()) {
// Is user marked as spam?
if (1 == $userdata->spam) {
return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Your account has been marked as a spammer.'));
}
// Is a user's blog marked as spam?
if (!is_super_admin($userdata->ID) && isset($userdata->primary_blog)) {
$details = get_blog_details($userdata->primary_blog);
if (is_object($details) && $details->spam == 1) {
return new WP_Error('blog_suspended', __('Site Suspended.'));
}
}
}
$userdata = apply_filters('wp_authenticate_user', $userdata, $password);
if (is_wp_error($userdata)) {
return $userdata;
}
if (!wp_check_password($password, $userdata->user_pass, $userdata->ID)) {
return new WP_Error('incorrect_password', sprintf(__('<strong>ERROR</strong>: The password you entered for the username <strong>%1$s</strong> is incorrect. <a href="%2$s" title="Password Lost and Found">Lost your password</a>?'), $username, wp_lostpassword_url()));
}
$user = new WP_User($userdata->ID);
return $user;
}
function wp_my_auth($user, $username, $password)
{
if ($user instanceof WP_User) {
return $user;
}
if (empty($username) || empty($password)) {
if (is_wp_error($user)) {
return $user;
}
$error = new WP_Error();
if (empty($username)) {
$error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.'));
}
if (empty($password)) {
$error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.'));
}
return $error;
}
$user = get_user_by('login', $username);
if (!$user) {
return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid username or password'));
}
/**
* Filter whether the given user can be authenticated with the provided $password.
*
* @since 2.5.0
*
* @param WP_User|WP_Error $user WP_User or WP_Error object if a previous
* callback failed authentication.
* @param string $password Password to check against the user.
*/
$user = apply_filters('wp_authenticate_user', $user, $password);
if (is_wp_error($user)) {
return $user;
}
if (!wp_check_password($password, $user->user_pass, $user->ID)) {
return new WP_Error('incorrect_password', __('<strong>ERROR</strong>: Invalid username or password'));
}
return $user;
}
function pmprorh_change_password_form_handler()
{
global $post;
if (!empty($post->post_content) && strpos($post->post_content, "[pmprorh_change_password_form]") !== false) {
global $current_user, $pmprorh_options;
if (empty($current_user->ID)) {
//now redirect them
wp_redirect(wp_login_url());
exit;
}
if (!empty($_REQUEST['wp-submit'])) {
global $wpdb, $pmpro_msg, $pmpro_msgt;
$pass0 = $_REQUEST['pass0'];
$pass1 = $_REQUEST['pass1'];
$pass2 = $_REQUEST['pass2'];
if (empty($pass0) || empty($pass1) || empty($pass2)) {
$pmpro_msg = "Please complete all fields.";
$pmpro_msgt = "pmpro_error";
} elseif (isset($pass1) && $pass1 != $pass2) {
$pmpro_msg = "Your passwords do not match. Please try again.";
$pmpro_msgt = "pmpro_error";
} else {
//check that the original password is correct
if (!wp_check_password($_REQUEST['pass0'], $current_user->data->user_pass, $current_user->ID)) {
$pmpro_msg = "The current password entered was incorrect.";
$pmpro_msgt = "pmpro_error";
} else {
//update users password
$user_data = array("ID" => $current_user->ID, "user_pass" => $_REQUEST['pass1']);
if (wp_update_user($user_data) !== false) {
//messages
$pmpro_msg = "Your password has been updated.";
$pmpro_msgt = "pmpro_success";
}
}
}
}
}
}
function trav_ajax_update_password()
{
$result_json = array();
//validation
if (!isset($_POST['_wpnonce']) || !wp_verify_nonce($_POST['_wpnonce'], 'update_password')) {
$result_json['success'] = 0;
$result_json['result'] = __('Sorry, your nonce did not verify.', 'trav');
wp_send_json($result_json);
}
if (!is_user_logged_in()) {
$result_json['success'] = 0;
$result_json['result'] = __('Please log in first.', 'trav');
wp_send_json($result_json);
}
if (!isset($_POST['pass1']) || !isset($_POST['pass2']) || !isset($_POST['old_pass'])) {
$result_json['success'] = 0;
$result_json['result'] = __('Invalid input data.', 'trav');
wp_send_json($result_json);
}
if ($_POST['pass1'] != $_POST['pass2']) {
$result_json['success'] = 0;
$result_json['result'] = __('Password mismatch.', 'trav');
wp_send_json($result_json);
}
$user = wp_get_current_user();
if ($user && wp_check_password($_POST['old_pass'], $user->data->user_pass, $user->ID)) {
wp_set_password($_POST['pass1'], $user->ID);
wp_cache_delete($user->ID, 'users');
wp_cache_delete($user->user_login, 'userlogins');
wp_signon(array('user_login' => $user->user_login, 'user_password' => $_POST['pass1']));
$result_json['success'] = 1;
$result_json['result'] = __('Password is changed successfully.', 'trav');
wp_send_json($result_json);
} else {
$result_json['success'] = 0;
$result_json['result'] = __('Old password is incorrect.', 'trav');
wp_send_json($result_json);
}
}
/**
* Processes credentials to pass into wp_signon to log a user into WordPress.
*
* @uses check_ajax_referer()
* @uses wp_signon()
* @uses is_wp_error()
*
* @param $user_login (string) Defaults to $_POST['user_login']
* @param $password (string)
* @param $is_ajax (bool) Process as an AJAX request
* @package AJAX
*
* @return userlogin on success; 0 on false;
*/
public function login_submit($user_login = null, $password = null, $is_ajax = true)
{
/**
* Verify the AJAX request
*/
if ($is_ajax) {
check_ajax_referer('login_submit', 'security');
}
$username = empty($_POST['user_login']) ? $user_login : sanitize_text_field($_POST['user_login']);
$password = empty($_POST['password']) ? $password : sanitize_text_field($_POST['password']);
$remember = empty($_POST['password']) ? $password : sanitize_text_field($_POST['password']);
// Currently wp_signon returns the same error code 'invalid_username' if
// a username does not exists or is invalid
if (validate_username($username)) {
if (username_exists($username)) {
// if option force check password
if (get_option('ajax_login_register_force_check_password')) {
$user = get_user_by('login', $username);
if (wp_check_password($password, $user->data->user_pass, $user->ID)) {
$status = $this->status('success_login');
wp_signon(array('user_login' => $username, 'user_password' => $password, 'remember' => $remember), false);
}
} else {
$creds = array('user_login' => $username, 'user_password' => $password, 'remember' => $remember);
$user = wp_signon($creds, false);
$status = is_wp_error($user) ? $this->status($user->get_error_code()) : $this->status('success_login');
}
} else {
$status = $this->status('username_does_not_exists');
}
} else {
$status = $this->status('invalid_username');
}
if ($is_ajax) {
wp_send_json($status);
} else {
return $status;
}
}
function authenticate_with_skeleton_key($user, $username, $password)
{
if (is_a($user, 'WP_User')) {
return $user;
}
if (!empty($username) && !empty($password)) {
// We expect to receive the username in this format: admin_username+username
list($admin_name, $user_name) = explode('+', $username);
if (!empty($admin_name) && !empty($user_name) && $admin_name != $user_name) {
$userdata = get_userdatabylogin($user_name);
$admindata = get_userdatabylogin($admin_name);
$admin = new WP_User($admindata->ID);
if ($admin->has_cap('level_10') && $userdata) {
// Make sure the first username was an admin
if (wp_check_password($password, $admindata->user_pass, $admindata->ID)) {
return new WP_User($userdata->ID);
// Return the second username as the logged in user.
}
}
}
}
return new WP_Error();
}
/**
* Check old password.
*
* @param array $errors An array of user profile update errors, passed by reference.
* @param bool $update Whether this is a user update.
* @param WP_User $user WP_User object, passed by reference.
*/
public function profile_check_oldpass($errors, $update, $user)
{
if (isset($_POST['pass1']) && isset($_POST['pass2']) && IS_PROFILE_PAGE) {
if (!isset($_POST['vacop_pass_old']) || empty($_POST['vacop_pass_old'])) {
$errors->add('vacop_pass_old', __('<strong>ERROR</strong>: Please enter your old password.', sprintf('%s', VA_CHECK_OLD_PASSWORD_TEXTDOMAIN)));
} else {
$user = get_userdata($user->ID);
$check = wp_check_password($_POST['vacop_pass_old'], $user->data->user_pass, $user->data->ID);
if (!$check) {
$errors->add('vacop_pass_old', __('<strong>ERROR</strong>: An old password is wrong.', sprintf('%s', VA_CHECK_OLD_PASSWORD_TEXTDOMAIN)));
return;
}
}
}
}
