/** * Activates a user * * If registration is moderated, sets the activated flag * in the usermeta. Flag prevents login when WPMEM_MOD_REG * is true (1). Function is fired from bulk user edit or * user profile update. * * @since 2.4 * * @param int $user_id * @param bool $chk_pass * @uses $wpdb WordPress Database object */ function wpmem_a_activate_user($user_id, $chk_pass = false) { // define new_pass $new_pass = ''; // If passwords are user defined skip this if (!$chk_pass) { // generates a password to send the user $new_pass = wp_generate_password(); $new_hash = wp_hash_password($new_pass); // update the user with the new password global $wpdb; $wpdb->update($wpdb->users, array('user_pass' => $new_hash), array('ID' => $user_id), array('%s'), array('%d')); } // if subscriptions can expire, set the user's expiration date if (WPMEM_USE_EXP == 1) { wpmem_set_exp($user_id); } // generate and send user approved email to user require_once WPMEM_PATH . 'wp-members-email.php'; wpmem_inc_regemail($user_id, $new_pass, 2); // set the active flag in usermeta update_user_meta($user_id, 'active', 1); /** * Fires after the user activation process is complete. * * @since 2.8.2 * * @param int $user_id The user's ID. */ do_action('wpmem_user_activated', $user_id); return; }
/** * Register function * * Handles registering new users and updating existing users. * * @since 2.2.1 * * @param string $toggle toggles the function between 'register' and 'update'. * @global int $user_ID * @global string $wpmem_themsg * @global array $userdata * @return string $wpmem_themsg|success|editsuccess */ function wpmem_registration($toggle) { // get the globals global $user_ID, $wpmem_themsg, $userdata; // check the nonce if (defined('WPMEM_USE_NONCE')) { if (empty($_POST) || !wp_verify_nonce($_POST['wpmem-form-submit'], 'wpmem-validate-submit')) { $wpmem_themsg = __('There was an error processing the form.', 'wp-members'); return; } } // is this a registration or a user profile update? if ($toggle == 'register') { $fields['username'] = isset($_POST['log']) ? sanitize_user($_POST['log']) : ''; } // add the user email to the $fields array for _data hooks $fields['user_email'] = isset($_POST['user_email']) ? $_POST['user_email'] : ''; // build the $fields array from $_POST data $wpmem_fields = get_option('wpmembers_fields'); foreach ($wpmem_fields as $meta) { if ($meta[4] == 'y') { if ($meta[2] != 'password') { $fields[$meta[2]] = isset($_POST[$meta[2]]) ? sanitize_text_field($_POST[$meta[2]]) : ''; } else { // we do have password as part of the registration form $fields['password'] = isset($_POST['password']) ? $_POST['password'] : ''; } } } /** * Filter the submitted form field date prior to validation. * * @since 2.8.2 * * @param array $fields An array of the posted form field data. */ $fields = apply_filters('wpmem_pre_validate_form', $fields); // check for required fields $wpmem_fields_rev = array_reverse($wpmem_fields); foreach ($wpmem_fields_rev as $meta) { $pass_arr = array('password', 'confirm_password', 'password_confirm'); $pass_chk = $toggle == 'update' && in_array($meta[2], $pass_arr) ? true : false; if ($meta[5] == 'y' && $pass_chk == false) { if (!$fields[$meta[2]]) { $wpmem_themsg = sprintf(__('Sorry, %s is a required field.', 'wp-members'), $meta[1]); } } } switch ($toggle) { case "register": if (is_multisite()) { // multisite has different requirements $result = wpmu_validate_user_signup($fields['username'], $fields['user_email']); $errors = $result['errors']; if ($errors->errors) { $wpmem_themsg = $errors->get_error_message(); return $wpmem_themsg; exit; } } else { if (!$fields['username']) { $wpmem_themsg = __('Sorry, username is a required field', 'wp-members'); return $wpmem_themsg; exit; } if (!validate_username($fields['username'])) { $wpmem_themsg = __('The username cannot include non-alphanumeric characters.', 'wp-members'); return $wpmem_themsg; exit; } if (!is_email($fields['user_email'])) { $wpmem_themsg = __('You must enter a valid email address.', 'wp-members'); return $wpmem_themsg; exit; } if (username_exists($fields['username'])) { return "user"; exit; } if (email_exists($fields['user_email'])) { return "email"; exit; } } if ($wpmem_themsg) { return "empty"; exit; } // if form contains password and email confirmation, validate that they match if (array_key_exists('confirm_password', $fields) && $fields['confirm_password'] != $fields['password']) { $wpmem_themsg = __('Passwords did not match.', 'wp-members'); } if (array_key_exists('confirm_email', $fields) && $fields['confirm_email'] != $fields['user_email']) { $wpmem_themsg = __('Emails did not match.', 'wp-members'); } $wpmem_captcha = get_option('wpmembers_captcha'); // get the captcha settings (api keys) if (WPMEM_CAPTCHA == 1 && $wpmem_captcha['recaptcha']) { // if captcha is on, check the captcha if ($wpmem_captcha['recaptcha']['public'] && $wpmem_captcha['recaptcha']['private']) { // if there is no api key, the captcha never displayed to the end user if (!$_POST["recaptcha_response_field"]) { // validate for empty captcha field $wpmem_themsg = __('You must complete the CAPTCHA form.', 'wp-members'); return "empty"; exit; } } // check to see if the recaptcha library has already been loaded by another plugin if (!function_exists('_recaptcha_qsencode')) { require_once 'lib/recaptchalib.php'; } $publickey = $wpmem_captcha['recaptcha']['public']; $privatekey = $wpmem_captcha['recaptcha']['private']; // the response from reCAPTCHA $resp = null; // the error code from reCAPTCHA, if any $error = null; if ($_POST["recaptcha_response_field"]) { $resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { // set the error code so that we can display it global $wpmem_captcha_err; $wpmem_captcha_err = $resp->error; $wpmem_captcha_err = wpmem_get_captcha_err($wpmem_captcha_err); return "captcha"; exit; } } // end check recaptcha } elseif (WPMEM_CAPTCHA == 2) { if (defined('REALLYSIMPLECAPTCHA_VERSION')) { /** Validate Really Simple Captcha */ $wpmem_captcha = new ReallySimpleCaptcha(); // This variable holds the CAPTCHA image prefix, which corresponds to the correct answer $wpmem_captcha_prefix = isset($_POST['captcha_prefix']) ? $_POST['captcha_prefix'] : ''; // This variable holds the CAPTCHA response, entered by the user $wpmem_captcha_code = isset($_POST['captcha_code']) ? $_POST['captcha_code'] : ''; // Check CAPTCHA validity $wpmem_captcha_correct = $wpmem_captcha->check($wpmem_captcha_prefix, $wpmem_captcha_code) ? true : false; // clean up the tmp directory $wpmem_captcha->remove($wpmem_captcha_prefix); $wpmem_captcha->cleanup(); // If CAPTCHA validation fails (incorrect value entered in CAPTCHA field), return an error if (!$wpmem_captcha_correct) { $wpmem_themsg = wpmem_get_captcha_err('really-simple'); return "empty"; exit; } } } // check for user defined password $fields['password'] = !isset($_POST['password']) ? wp_generate_password() : $_POST['password']; // add for _data hooks $fields['user_registered'] = gmdate('Y-m-d H:i:s'); $fields['user_role'] = get_option('default_role'); $fields['wpmem_reg_ip'] = $_SERVER['REMOTE_ADDR']; $fields['wpmem_reg_url'] = $_REQUEST['redirect_to']; /** * these native fields are not installed by default, but if they * are added, use the $_POST value - otherwise, default to username. * value can be filtered with wpmem_register_data */ $fields['user_nicename'] = isset($_POST['user_nicename']) ? sanitize_title($_POST['user_nicename']) : $fields['username']; $fields['display_name'] = isset($_POST['display_name']) ? sanitize_user($_POST['display_name']) : $fields['username']; $fields['nickname'] = isset($_POST['nickname']) ? sanitize_user($_POST['nickname']) : $fields['username']; /** * Filter registration data after validation before data insertion. * * @since 2.8.2 * * @param array $fields An array of the registration field data. */ $fields = apply_filters('wpmem_register_data', $fields); /** * Fires before any insertion/emails. * * This action is the final step in pre registering a user. This * can be used for attaching custom validation to the registration * process. It cannot be used for changing any user registration * data. Use the wpmem_register_data filter for that. * * @since 2.7.2 * * @param array $fields The user's submitted registration data. */ do_action('wpmem_pre_register_data', $fields); // if the _pre_register_data hook sends back an error message if ($wpmem_themsg) { return $wpmem_themsg; } // main new user fields are ready $new_user_fields = array('user_pass' => $fields['password'], 'user_login' => $fields['username'], 'user_nicename' => $fields['user_nicename'], 'user_email' => $fields['user_email'], 'display_name' => $fields['display_name'], 'nickname' => $fields['nickname'], 'user_registered' => $fields['user_registered'], 'role' => $fields['user_role']); // get any excluded meta fields $excluded_meta = wpmem_get_excluded_meta('register'); // user_url, first_name, last_name, description, jabber, aim, yim $new_user_fields_meta = array('user_url', 'first_name', 'last_name', 'description', 'jabber', 'aim', 'yim'); foreach ($wpmem_fields as $meta) { if (in_array($meta[2], $new_user_fields_meta)) { if ($meta[4] == 'y' && !in_array($meta[2], $excluded_meta)) { $new_user_fields[$meta[2]] = $fields[$meta[2]]; } } } // inserts to wp_users table $fields['ID'] = wp_insert_user($new_user_fields); // set remaining fields to wp_usermeta table foreach ($wpmem_fields as $meta) { // if the field is not excluded, update accordingly if (!in_array($meta[2], $excluded_meta) && !in_array($meta[2], $new_user_fields_meta)) { if ($meta[4] == 'y' && $meta[2] != 'user_email') { update_user_meta($fields['ID'], $meta[2], $fields[$meta[2]]); } } } // capture IP address of user at registration update_user_meta($fields['ID'], 'wpmem_reg_ip', $fields['wpmem_reg_ip']); // store the registration url update_user_meta($fields['ID'], 'wpmem_reg_url', $fields['wpmem_reg_url']); // set user expiration, if used if (WPMEM_USE_EXP == 1 && WPMEM_MOD_REG != 1) { wpmem_set_exp($fields['ID']); } /** * Fires after user insertion but before email. * * @since 2.7.2 * * @param array $fields The user's submitted registration data. */ do_action('wpmem_post_register_data', $fields); require_once 'wp-members-email.php'; // if this was successful, and you have email properly // configured, send a notification email to the user wpmem_inc_regemail($fields['ID'], $fields['password'], WPMEM_MOD_REG, $wpmem_fields, $fields); // notify admin of new reg, if needed; if (WPMEM_NOTIFY_ADMIN == 1) { wpmem_notify_admin($fields['ID'], $wpmem_fields); } /** * Fires after registration is complete. * * @since 2.7.1 */ do_action('wpmem_register_redirect'); // successful registration message return "success"; exit; break; case "update": if ($wpmem_themsg) { return "updaterr"; exit; } // doing a check for existing email is not the same as a new reg. check first to // see if it's different, then check if it is a valid address and it exists. global $current_user; get_currentuserinfo(); if ($fields['user_email'] != $current_user->user_email) { if (email_exists($fields['user_email'])) { return "email"; exit; } if (!is_email($fields['user_email'])) { $wpmem_themsg = __('You must enter a valid email address.', 'wp-members'); return "updaterr"; exit; } } // if form includes email confirmation, validate that they match if (array_key_exists('confirm_email', $fields) && $fields['confirm_email'] != $fields['user_email']) { $wpmem_themsg = __('Emails did not match.', 'wp-members'); } // add the user_ID to the fields array $fields['ID'] = $user_ID; /** * Filter registration data after validation before data insertion. * * @since 2.8.2 * * @param array $fields An array of the registration field data. */ $fields = apply_filters('wpmem_register_data', $fields); /** * Fires before data insertion. * * This action is the final step in pre updating a user. This * can be used for attaching custom validation to the update * process. It cannot be used for changing any user update * data. Use the wpmem_register_data filter for that. * * @since 2.7.2 * * @param array $fields The user's submitted update data. */ do_action('wpmem_pre_update_data', $fields); // if the _pre_update_data hook sends back an error message // @todo - double check this. it should probably return "updaterr" and the hook should globalize wpmem_themsg if ($wpmem_themsg) { return $wpmem_themsg; } // a list of fields that can be updated by wp_update_user $native_fields = array('user_nicename', 'user_url', 'user_email', 'display_name', 'nickname', 'first_name', 'last_name', 'description', 'role', 'jabber', 'aim', 'yim'); $native_update = array('ID' => $user_ID); foreach ($wpmem_fields as $meta) { // if the field is not excluded, update accordingly if (!in_array($meta[2], wpmem_get_excluded_meta('update'))) { switch ($meta[2]) { // if the field can be updated by wp_update_user case in_array($meta[2], $native_fields): $fields[$meta[2]] = isset($fields[$meta[2]]) ? $fields[$meta[2]] : ''; //wp_update_user( array( 'ID' => $user_ID, $meta[2] => $fields[$meta[2]] ) ); $native_update[$meta[2]] = $fields[$meta[2]]; break; // if the field is password // if the field is password case 'password': // do nothing... break; // everything else goes into wp_usermeta // everything else goes into wp_usermeta default: if ($meta[4] == 'y') { update_user_meta($user_ID, $meta[2], $fields[$meta[2]]); } break; } } } // update wp_update_user fields wp_update_user($native_update); /** * Fires at the end of user update data insertion. * * @since 2.7.2 * * @param array $fields The user's submitted registration data. */ do_action('wpmem_post_update_data', $fields); return "editsuccess"; exit; break; } }
/** * Register function * * Handles registering new users and updating existing users. * * @since 2.2.1 * * @uses apply_filters Calls 'wpmem_register_data' filter * @uses do_action Calls 'wpmem_pre_register_data' action * @uses do_action Calls 'wpmem_post_register_data' action * @uses do_action Calls 'wpmem_register_redirect' action * @uses do_action Calls 'wpmem_pre_update_data' action * @uses do_action Calls 'wpmem_post_update_data' action * * @param string $toggle toggles the function between 'register' and 'update'. * @global int $user_ID * @global string $wpmem_themsg * @global array $userdata * @return string $wpmem_themsg|success|editsuccess */ function wpmem_registration($toggle) { // get the globals global $user_ID, $wpmem_themsg, $userdata; // check the nonce if (WPMEM_USE_NONCE == 1) { if (empty($_POST) || !wp_verify_nonce($_POST['wpmem-form-submit'], 'wpmem-validate-submit')) { $wpmem_themsg = __('There was an error processing the form.', 'wp-members'); return; } } // is this a registration or a user profile update? if ($toggle == 'register') { $fields['username'] = $_POST['log']; } // add the user email to the $fields array for _data hooks $fields['user_email'] = $_POST['user_email']; // build the $fields array from $_POST data $wpmem_fields = get_option('wpmembers_fields'); for ($row = 0; $row < count($wpmem_fields); $row++) { if ($wpmem_fields[$row][4] == 'y') { if ($wpmem_fields[$row][2] != 'password') { $fields[$wpmem_fields[$row][2]] = sanitize_text_field($_POST[$wpmem_fields[$row][2]]); } else { // we do have password as part of the registration form $fields['password'] = $_POST['password']; } } } // filters fields prior to default field validation $fields = apply_filters('wpmem_pre_validate_form', $fields); // check for required fields $wpmem_fields_rev = array_reverse($wpmem_fields); for ($row = 0; $row < count($wpmem_fields); $row++) { $pass_chk = $toggle == 'update' && $wpmem_fields_rev[$row][2] == 'password' ? true : false; if ($wpmem_fields_rev[$row][5] == 'y' && $pass_chk == false) { if (!$fields[$wpmem_fields_rev[$row][2]]) { $wpmem_themsg = sprintf(__('Sorry, %s is a required field.', 'wp-members'), $wpmem_fields_rev[$row][1]); } } } switch ($toggle) { case "register": if (!$fields['username']) { $wpmem_themsg = __('Sorry, username is a required field', 'wp-members'); return $wpmem_themsg; exit; } if (!validate_username($fields['username'])) { $wpmem_themsg = __('The username cannot include non-alphanumeric characters.', 'wp-members'); return $wpmem_themsg; exit; } if (!is_email($fields['user_email'])) { $wpmem_themsg = __('You must enter a valid email address.', 'wp-members'); return $wpmem_themsg; exit; } if ($wpmem_themsg) { return "empty"; exit; } if (username_exists($fields['username'])) { return "user"; exit; } if (email_exists($fields['user_email'])) { return "email"; exit; } $wpmem_captcha = get_option('wpmembers_captcha'); // get the captcha settings (api keys) if (WPMEM_CAPTCHA == 1 && $wpmem_captcha[0] && $wpmem_captcha[1]) { // if captcha is on, check the captcha if ($wpmem_captcha[0] && $wpmem_captcha[1]) { // if there is no api key, the captcha never displayed to the end user if (!$_POST["recaptcha_response_field"]) { // validate for empty captcha field $wpmem_themsg = __('You must complete the CAPTCHA form.', 'wp-members'); return "empty"; exit; } } // check to see if the recaptcha library has already been loaded by another plugin if (!function_exists('_recaptcha_qsencode')) { require_once 'lib/recaptchalib.php'; } $publickey = $wpmem_captcha[0]; $privatekey = $wpmem_captcha[1]; // the response from reCAPTCHA $resp = null; // the error code from reCAPTCHA, if any $error = null; if ($_POST["recaptcha_response_field"]) { $resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { // set the error code so that we can display it global $wpmem_captcha_err; $wpmem_captcha_err = $resp->error; $wpmem_captcha_err = wpmem_get_captcha_err($wpmem_captcha_err); return "captcha"; exit; } } // end check recaptcha } // check for user defined password $fields['password'] = !$_POST['password'] ? wp_generate_password() : $_POST['password']; // add for _data hooks $fields['user_registered'] = gmdate('Y-m-d H:i:s'); $fields['user_role'] = get_option('default_role'); $fields['wpmem_reg_ip'] = $_SERVER['REMOTE_ADDR']; $fields['wpmem_reg_url'] = $_REQUEST['redirect_to']; /** * these native fields are not installed by default, but if they * are added, use the $_POST value - otherwise, default to username. * value can be filtered with wpmem_register_data */ $fields['user_nicename'] = isset($_POST['user_nicename']) ? $_POST['user_nicename'] : $fields['username']; $fields['display_name'] = isset($_POST['display_name']) ? $_POST['display_name'] : $fields['username']; $fields['nickname'] = isset($_POST['nickname']) ? $_POST['nickname'] : $fields['username']; // allows all $field values to be filtered $fields = apply_filters('wpmem_register_data', $fields); // _data hook is before any insertion/emails do_action('wpmem_pre_register_data', $fields); // if the _pre_register_data hook sends back an error message if ($wpmem_themsg) { return $wpmem_themsg; } // inserts to wp_users table $fields['ID'] = wp_insert_user(array('user_pass' => $fields['password'], 'user_login' => $fields['username'], 'user_nicename' => $fields['user_nicename'], 'user_email' => $fields['user_email'], 'display_name' => $fields['display_name'], 'nickname' => $fields['nickname'], 'user_registered' => $fields['user_registered'], 'role' => $fields['user_role'])); // set remaining fields to wp_usermeta table for ($row = 0; $row < count($wpmem_fields); $row++) { if ($wpmem_fields[$row][2] != 'password') { if ($wpmem_fields[$row][2] == 'user_url') { // if the field is user_url, it goes in the wp_users table wp_update_user(array('ID' => $fields['ID'], 'user_url' => $fields['user_url'])); } else { if ($wpmem_fields[$row][2] != 'user_email') { // email is already done above, so if it's not email... if ($wpmem_fields[$row][4] == 'y') { // are we using this field? update_user_meta($fields['ID'], $wpmem_fields[$row][2], $fields[$wpmem_fields[$row][2]]); } } } } } // capture IP address of user at registration update_user_meta($fields['ID'], 'wpmem_reg_ip', $_SERVER['REMOTE_ADDR']); // store the registration url update_user_meta($fields['ID'], 'wpmem_reg_url', $_REQUEST['redirect_to']); // set user expiration, if used if (WPMEM_USE_EXP == 1 && WPMEM_MOD_REG != 1) { wpmem_set_exp($fields['ID']); } // _data hook after insertion but before email do_action('wpmem_post_register_data', $fields); require_once 'wp-members-email.php'; // if this was successful, and you have email properly // configured, send a notification email to the user wpmem_inc_regemail($fields['ID'], $fields['password'], WPMEM_MOD_REG); // notify admin of new reg, if needed; if (WPMEM_NOTIFY_ADMIN == 1) { wpmem_notify_admin($fields['ID'], $wpmem_fields); } // add action for redirection do_action('wpmem_register_redirect'); // successful registration message return "success"; exit; break; case "update": if ($wpmem_themsg) { return "updaterr"; exit; } // doing a check for existing email is not the same as a new reg. // check first to see if it's different, then check if it exists. global $current_user; get_currentuserinfo(); if ($fields['user_email'] != $current_user->user_email) { if (email_exists($fields['user_email'])) { return "email"; exit; } } // add the user_ID to the fields array $fields['ID'] = $user_ID; // allow all $field values to be filtered $fields = apply_filters('wpmem_register_data', $fields); // _pre_update_data hook is before data insertion do_action('wpmem_pre_update_data', $fields); // if the _pre_update_data hook sends back an error message if ($wpmem_themsg) { return $wpmem_themsg; } for ($row = 0; $row < count($wpmem_fields); $row++) { switch ($wpmem_fields[$row][2]) { case 'user_url': case 'user_email': case 'user_nicename': case 'display_name': case 'nickname': wp_update_user(array('ID' => $user_ID, $wpmem_fields[$row][2] => $fields[$wpmem_fields[$row][2]])); break; case 'password': // do nothing... break; default: // everything else goes into wp_usermeta if ($wpmem_fields[$row][4] == 'y') { update_user_meta($user_ID, $wpmem_fields[$row][2], $fields[$wpmem_fields[$row][2]]); } break; } } // _post_update_data hook is after insertion do_action('wpmem_post_update_data', $fields); return "editsuccess"; exit; break; } }
/** * Register function. * * Handles registering new users and updating existing users. * * @since 2.2.1 * * @param string $toggle toggles the function between 'register' and 'update'. * @global int $user_ID * @global string $wpmem_themsg * @global array $userdata * @return string $wpmem_themsg|success|editsuccess */ function wpmem_registration($toggle) { // Get the globals. global $user_ID, $wpmem, $wpmem_themsg, $userdata; // Check the nonce. if (defined('WPMEM_USE_NONCE')) { if (empty($_POST) || !wp_verify_nonce($_POST['wpmem-form-submit'], 'wpmem-validate-submit')) { $wpmem_themsg = __('There was an error processing the form.', 'wp-members'); return; } } // Is this a registration or a user profile update? if ($toggle == 'register') { $fields['username'] = isset($_POST['log']) ? sanitize_user($_POST['log']) : ''; } // Add the user email to the $fields array for _data hooks. $fields['user_email'] = isset($_POST['user_email']) ? $_POST['user_email'] : ''; // Build the $fields array from $_POST data. $wpmem_fields = $wpmem->fields; // get_option( 'wpmembers_fields' ); foreach ($wpmem_fields as $meta) { if ($meta[4] == 'y') { if ($meta[2] != 'password') { $fields[$meta[2]] = isset($_POST[$meta[2]]) ? sanitize_text_field($_POST[$meta[2]]) : ''; } else { // We do have password as part of the registration form. $fields['password'] = isset($_POST['password']) ? $_POST['password'] : ''; } } } /** * Filter the submitted form field date prior to validation. * * @since 2.8.2 * * @param array $fields An array of the posted form field data. */ $fields = apply_filters('wpmem_pre_validate_form', $fields); // Check for required fields, reverse the array for logical error message order. $wpmem_fields_rev = array_reverse($wpmem_fields); foreach ($wpmem_fields_rev as $meta) { $pass_arr = array('password', 'confirm_password', 'password_confirm'); $pass_chk = $toggle == 'update' && in_array($meta[2], $pass_arr) ? true : false; if ($meta[5] == 'y' && $pass_chk == false) { if (!$fields[$meta[2]]) { $wpmem_themsg = sprintf(__('Sorry, %s is a required field.', 'wp-members'), $meta[1]); } } } switch ($toggle) { case "register": if (is_multisite()) { // Multisite has different requirements. $result = wpmu_validate_user_signup($fields['username'], $fields['user_email']); $errors = $result['errors']; if ($errors->errors) { $wpmem_themsg = $errors->get_error_message(); return $wpmem_themsg; exit; } } else { // Validate username and email fields. $wpmem_themsg = email_exists($fields['user_email']) ? "email" : $wpmem_themsg; $wpmem_themsg = username_exists($fields['username']) ? "user" : $wpmem_themsg; $wpmem_themsg = !is_email($fields['user_email']) ? __('You must enter a valid email address.', 'wp-members') : $wpmem_themsg; $wpmem_themsg = !validate_username($fields['username']) ? __('The username cannot include non-alphanumeric characters.', 'wp-members') : $wpmem_themsg; $wpmem_themsg = !$fields['username'] ? __('Sorry, username is a required field', 'wp-members') : $wpmem_themsg; // If there is an error from username, email, or required field validation, stop registration and return the error. if ($wpmem_themsg) { return $wpmem_themsg; exit; } } // If form contains password and email confirmation, validate that they match. if (array_key_exists('confirm_password', $fields) && $fields['confirm_password'] != $fields['password']) { $wpmem_themsg = __('Passwords did not match.', 'wp-members'); } if (array_key_exists('confirm_email', $fields) && $fields['confirm_email'] != $fields['user_email']) { $wpmem_themsg = __('Emails did not match.', 'wp-members'); } // Get the captcha settings (api keys). $wpmem_captcha = get_option('wpmembers_captcha'); // If captcha is on, check the captcha. if ($wpmem->captcha == 1 && $wpmem_captcha['recaptcha']) { // If there is no api key, the captcha never displayed to the end user. if ($wpmem_captcha['recaptcha']['public'] && $wpmem_captcha['recaptcha']['private']) { if (!$_POST["recaptcha_response_field"]) { // validate for empty captcha field $wpmem_themsg = __('You must complete the CAPTCHA form.', 'wp-members'); return "empty"; exit; } } // Check to see if the recaptcha library has already been loaded by another plugin. if (!function_exists('_recaptcha_qsencode')) { require_once WPMEM_PATH . 'lib/recaptchalib.php'; } $publickey = $wpmem_captcha['recaptcha']['public']; $privatekey = $wpmem_captcha['recaptcha']['private']; // The response from reCAPTCHA. $resp = null; // The error code from reCAPTCHA, if any. $error = null; if ($_POST["recaptcha_response_field"]) { $resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { // Set the error code so that we can display it. global $wpmem_captcha_err; $wpmem_captcha_err = $resp->error; $wpmem_captcha_err = wpmem_get_captcha_err($wpmem_captcha_err); return "captcha"; exit; } } // End check recaptcha. } elseif ($wpmem->captcha == 2) { if (defined('REALLYSIMPLECAPTCHA_VERSION')) { // Validate Really Simple Captcha. $wpmem_captcha = new ReallySimpleCaptcha(); // This variable holds the CAPTCHA image prefix, which corresponds to the correct answer. $wpmem_captcha_prefix = isset($_POST['captcha_prefix']) ? $_POST['captcha_prefix'] : ''; // This variable holds the CAPTCHA response, entered by the user. $wpmem_captcha_code = isset($_POST['captcha_code']) ? $_POST['captcha_code'] : ''; // Check CAPTCHA validity. $wpmem_captcha_correct = $wpmem_captcha->check($wpmem_captcha_prefix, $wpmem_captcha_code) ? true : false; // Clean up the tmp directory. $wpmem_captcha->remove($wpmem_captcha_prefix); $wpmem_captcha->cleanup(); // If CAPTCHA validation fails (incorrect value entered in CAPTCHA field), return an error. if (!$wpmem_captcha_correct) { $wpmem_themsg = wpmem_get_captcha_err('really-simple'); return "empty"; exit; } } } elseif ($wpmem->captcha == 3 && $wpmem_captcha['recaptcha']) { // Get the captcha response. if (isset($_POST['g-recaptcha-response'])) { $captcha = $_POST['g-recaptcha-response']; } // If there is no captcha value, return error. if (!$captcha) { $wpmem_themsg = __('You must complete the CAPTCHA form.', 'wp-members'); return "empty"; exit; } // We need the private key for validation. $privatekey = $wpmem_captcha['recaptcha']['private']; // Validate the captcha. $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=" . $privatekey . "&response=" . $captcha . "&remoteip=" . $_SERVER['REMOTE_ADDR']); // Decode the json response. $response = json_decode($response, true); // If captcha validation was unsuccessful. if ($response['success'] == false) { $wpmem_themsg = __('CAPTCHA was not valid.', 'wp-members'); return "empty"; exit; } } // Check for user defined password. $fields['password'] = !isset($_POST['password']) ? wp_generate_password() : $_POST['password']; // Add for _data hooks $fields['user_registered'] = gmdate('Y-m-d H:i:s'); $fields['user_role'] = get_option('default_role'); $fields['wpmem_reg_ip'] = $_SERVER['REMOTE_ADDR']; $fields['wpmem_reg_url'] = isset($_REQUEST['wpmem_reg_page']) ? $_REQUEST['wpmem_reg_page'] : $_REQUEST['redirect_to']; /* * These native fields are not installed by default, but if they * are added, use the $_POST value - otherwise, default to username. * Value can be filtered with wpmem_register_data. */ $fields['user_nicename'] = isset($_POST['user_nicename']) ? sanitize_title($_POST['user_nicename']) : $fields['username']; $fields['display_name'] = isset($_POST['display_name']) ? sanitize_user($_POST['display_name']) : $fields['username']; $fields['nickname'] = isset($_POST['nickname']) ? sanitize_user($_POST['nickname']) : $fields['username']; /** * Filter registration data after validation before data insertion. * * @since 2.8.2 * * @param array $fields An array of the registration field data. * @param string $toggle A switch to indicate the action (new|edit). */ $fields = apply_filters('wpmem_register_data', $fields, 'new'); /** * Fires before any insertion/emails. * * This action is the final step in pre registering a user. This * can be used for attaching custom validation to the registration * process. It cannot be used for changing any user registration * data. Use the wpmem_register_data filter for that. * * @since 2.7.2 * * @param array $fields The user's submitted registration data. */ do_action('wpmem_pre_register_data', $fields); // If the _pre_register_data hook sends back an error message. if ($wpmem_themsg) { return $wpmem_themsg; } // Main new user fields are ready. $new_user_fields = array('user_pass' => $fields['password'], 'user_login' => $fields['username'], 'user_nicename' => $fields['user_nicename'], 'user_email' => $fields['user_email'], 'display_name' => $fields['display_name'], 'nickname' => $fields['nickname'], 'user_registered' => $fields['user_registered'], 'role' => $fields['user_role']); // Get any excluded meta fields. $excluded_meta = wpmem_get_excluded_meta('register'); // Fields for wp_insert_user: user_url, first_name, last_name, description, jabber, aim, yim. $new_user_fields_meta = array('user_url', 'first_name', 'last_name', 'description', 'jabber', 'aim', 'yim'); foreach ($wpmem_fields as $meta) { if (in_array($meta[2], $new_user_fields_meta)) { if ($meta[4] == 'y' && !in_array($meta[2], $excluded_meta)) { $new_user_fields[$meta[2]] = $fields[$meta[2]]; } } } // Inserts to wp_users table. $fields['ID'] = wp_insert_user($new_user_fields); // Set remaining fields to wp_usermeta table. foreach ($wpmem_fields as $meta) { // If the field is not excluded, update accordingly. if (!in_array($meta[2], $excluded_meta) && !in_array($meta[2], $new_user_fields_meta)) { if ($meta[4] == 'y' && $meta[2] != 'user_email') { update_user_meta($fields['ID'], $meta[2], $fields[$meta[2]]); } } } // Capture IP address of user at registration. update_user_meta($fields['ID'], 'wpmem_reg_ip', $fields['wpmem_reg_ip']); // Store the registration url. update_user_meta($fields['ID'], 'wpmem_reg_url', $fields['wpmem_reg_url']); // Set user expiration, if used. if ($wpmem->use_exp == 1 && $wpmem->mod_reg != 1) { wpmem_set_exp($fields['ID']); } /** * Fires after user insertion but before email. * * @since 2.7.2 * * @param array $fields The user's submitted registration data. */ do_action('wpmem_post_register_data', $fields); require_once WPMEM_PATH . 'inc/email.php'; /* * If this was successful, and you have email properly * configured, send a notification email to the user. */ wpmem_inc_regemail($fields['ID'], $fields['password'], $wpmem->mod_reg, $wpmem_fields, $fields); // Notify admin of new reg, if needed. if ($wpmem->notify == 1) { wpmem_notify_admin($fields['ID'], $wpmem_fields); } /** * Fires after registration is complete. * * @since 2.7.1 */ do_action('wpmem_register_redirect'); // successful registration message return "success"; exit; break; case "update": if ($wpmem_themsg) { return "updaterr"; exit; } /* * Doing a check for existing email is not the same as a new reg. check first to * see if it's different, then check if it is a valid address and it exists. */ global $current_user; get_currentuserinfo(); if ($fields['user_email'] != $current_user->user_email) { if (email_exists($fields['user_email'])) { return "email"; exit; } if (!is_email($fields['user_email'])) { $wpmem_themsg = __('You must enter a valid email address.', 'wp-members'); return "updaterr"; exit; } } // If form includes email confirmation, validate that they match. if (array_key_exists('confirm_email', $fields) && $fields['confirm_email'] != $fields['user_email']) { $wpmem_themsg = __('Emails did not match.', 'wp-members'); } // Add the user_ID to the fields array. $fields['ID'] = $user_ID; /** * Filter registration data after validation before data insertion. * * @since 2.8.2 * * @param array $fields An array of the registration field data. * @param string $toggle A switch to indicate the action (new|edit). */ $fields = apply_filters('wpmem_register_data', $fields, 'edit'); /** * Fires before data insertion. * * This action is the final step in pre updating a user. This * can be used for attaching custom validation to the update * process. It cannot be used for changing any user update * data. Use the wpmem_register_data filter for that. * * @since 2.7.2 * * @param array $fields The user's submitted update data. */ do_action('wpmem_pre_update_data', $fields); /* * If the _pre_update_data hook sends back an error message. * @todo - double check this. it should probably return "updaterr" and the hook should globalize wpmem_themsg */ if ($wpmem_themsg) { return $wpmem_themsg; } // A list of fields that can be updated by wp_update_user. $native_fields = array('user_nicename', 'user_url', 'user_email', 'display_name', 'nickname', 'first_name', 'last_name', 'description', 'role', 'jabber', 'aim', 'yim'); $native_update = array('ID' => $user_ID); foreach ($wpmem_fields as $meta) { // If the field is not excluded, update accordingly. if (!in_array($meta[2], wpmem_get_excluded_meta('update'))) { switch ($meta[2]) { // If the field can be updated by wp_update_user. case in_array($meta[2], $native_fields): $fields[$meta[2]] = isset($fields[$meta[2]]) ? $fields[$meta[2]] : ''; $native_update[$meta[2]] = $fields[$meta[2]]; break; // If the field is password. // If the field is password. case 'password': // Do nothing. break; // Everything else goes into wp_usermeta. // Everything else goes into wp_usermeta. default: if ($meta[4] == 'y') { update_user_meta($user_ID, $meta[2], $fields[$meta[2]]); } break; } } } // Update wp_update_user fields. wp_update_user($native_update); /** * Fires at the end of user update data insertion. * * @since 2.7.2 * * @param array $fields The user's submitted registration data. */ do_action('wpmem_post_update_data', $fields); return "editsuccess"; exit; break; } }
/** * Activates a user. * * If registration is moderated, sets the activated flag * in the usermeta. Flag prevents login when $wpmem->mod_reg * is true (1). Function is fired from bulk user edit or * user profile update. * * @since 2.4 * * @param int $user_id * @param bool $chk_pass * @uses $wpdb WordPress Database object. */ function wpmem_a_activate_user($user_id, $chk_pass = false) { global $wpmem; // Define new_pass. $new_pass = ''; // If passwords are user defined skip this. if (!$chk_pass) { // Generates a password to send the user. $new_pass = wp_generate_password(); $new_hash = wp_hash_password($new_pass); // Update the user with the new password. global $wpdb; $wpdb->update($wpdb->users, array('user_pass' => $new_hash), array('ID' => $user_id), array('%s'), array('%d')); } // If subscriptions can expire, and the user has no expiration date, set one. if ($wpmem->use_exp == 1 && !get_user_meta($user_id, 'expires', true)) { if (function_exists('wpmem_set_exp')) { wpmem_set_exp($user_id); } } // Generate and send user approved email to user. require_once WPMEM_PATH . '/inc/email.php'; wpmem_inc_regemail($user_id, $new_pass, 2); // Set the active flag in usermeta. update_user_meta($user_id, 'active', 1); /** * Fires after the user activation process is complete. * * @since 2.8.2 * * @param int $user_id The user's ID. */ do_action('wpmem_user_activated', $user_id); return; }