/**
* Updates the user's password with a new encrypted one.
*
* For integration with other applications, this function can be overwritten to
* instead use the other package password checking algorithm.
*
* @since 2.5
* @uses $nxtdb NXTClass database object for queries
* @uses nxt_hash_password() Used to encrypt the user's password before passing to the database
*
* @param string $password The plaintext new user password
* @param int $user_id User ID
*/
function nxt_set_password($password, $user_id)
{
global $nxtdb;
$hash = nxt_hash_password($password);
$nxtdb->update($nxtdb->users, array('user_pass' => $hash, 'user_activation_key' => ''), array('ID' => $user_id));
nxt_cache_delete($user_id, 'users');
}
function bp_core_screen_signup()
{
global $bp, $nxtdb;
if (!bp_is_current_component('register')) {
return;
}
// Not a directory
bp_update_is_directory(false, 'register');
// If the user is logged in, redirect away from here
if (is_user_logged_in()) {
if (bp_is_component_front_page('register')) {
$redirect_to = bp_get_root_domain() . '/' . bp_get_members_root_slug();
} else {
$redirect_to = bp_get_root_domain();
}
bp_core_redirect(apply_filters('bp_loggedin_register_page_redirect_to', $redirect_to));
return;
}
$bp->signup->step = 'request-details';
if (!bp_get_signup_allowed()) {
$bp->signup->step = 'registration-disabled';
} elseif (isset($_POST['signup_submit'])) {
// Check the nonce
check_admin_referer('bp_new_signup');
// Check the base account details for problems
$account_details = bp_core_validate_user_signup($_POST['signup_username'], $_POST['signup_email']);
// If there are errors with account details, set them for display
if (!empty($account_details['errors']->errors['user_name'])) {
$bp->signup->errors['signup_username'] = $account_details['errors']->errors['user_name'][0];
}
if (!empty($account_details['errors']->errors['user_email'])) {
$bp->signup->errors['signup_email'] = $account_details['errors']->errors['user_email'][0];
}
// Check that both password fields are filled in
if (empty($_POST['signup_password']) || empty($_POST['signup_password_confirm'])) {
$bp->signup->errors['signup_password'] = __('Please make sure you enter your password twice', 'buddypress');
}
// Check that the passwords match
if (!empty($_POST['signup_password']) && !empty($_POST['signup_password_confirm']) && $_POST['signup_password'] != $_POST['signup_password_confirm']) {
$bp->signup->errors['signup_password'] = __('The passwords you entered do not match.', 'buddypress');
}
$bp->signup->username = $_POST['signup_username'];
$bp->signup->email = $_POST['signup_email'];
// Now we've checked account details, we can check profile information
if (bp_is_active('xprofile')) {
// Make sure hidden field is passed and populated
if (isset($_POST['signup_profile_field_ids']) && !empty($_POST['signup_profile_field_ids'])) {
// Let's compact any profile field info into an array
$profile_field_ids = explode(',', $_POST['signup_profile_field_ids']);
// Loop through the posted fields formatting any datebox values then validate the field
foreach ((array) $profile_field_ids as $field_id) {
if (!isset($_POST['field_' . $field_id])) {
if (!empty($_POST['field_' . $field_id . '_day']) && !empty($_POST['field_' . $field_id . '_month']) && !empty($_POST['field_' . $field_id . '_year'])) {
$_POST['field_' . $field_id] = date('Y-m-d H:i:s', strtotime($_POST['field_' . $field_id . '_day'] . $_POST['field_' . $field_id . '_month'] . $_POST['field_' . $field_id . '_year']));
}
}
// Create errors for required fields without values
if (xprofile_check_is_required_field($field_id) && empty($_POST['field_' . $field_id])) {
$bp->signup->errors['field_' . $field_id] = __('This is a required field', 'buddypress');
}
}
// This situation doesn't naturally occur so bounce to website root
} else {
bp_core_redirect(bp_get_root_domain());
}
}
// Finally, let's check the blog details, if the user wants a blog and blog creation is enabled
if (isset($_POST['signup_with_blog'])) {
$active_signup = $bp->site_options['registration'];
if ('blog' == $active_signup || 'all' == $active_signup) {
$blog_details = bp_core_validate_blog_signup($_POST['signup_blog_url'], $_POST['signup_blog_title']);
// If there are errors with blog details, set them for display
if (!empty($blog_details['errors']->errors['blogname'])) {
$bp->signup->errors['signup_blog_url'] = $blog_details['errors']->errors['blogname'][0];
}
if (!empty($blog_details['errors']->errors['blog_title'])) {
$bp->signup->errors['signup_blog_title'] = $blog_details['errors']->errors['blog_title'][0];
}
}
}
do_action('bp_signup_validate');
// Add any errors to the action for the field in the template for display.
if (!empty($bp->signup->errors)) {
foreach ((array) $bp->signup->errors as $fieldname => $error_message) {
// addslashes() and stripslashes() to avoid create_function()
// syntax errors when the $error_message contains quotes
add_action('bp_' . $fieldname . '_errors', create_function('', 'echo apply_filters(\'bp_members_signup_error_message\', "<div class=\\"error\\">" . stripslashes( \'' . addslashes($error_message) . '\' ) . "</div>" );'));
}
} else {
$bp->signup->step = 'save-details';
// No errors! Let's register those deets.
$active_signup = !empty($bp->site_options['registration']) ? $bp->site_options['registration'] : '';
if ('none' != $active_signup) {
// Let's compact any profile field info into usermeta
$profile_field_ids = explode(',', $_POST['signup_profile_field_ids']);
// Loop through the posted fields formatting any datebox values then add to usermeta
foreach ((array) $profile_field_ids as $field_id) {
if (!isset($_POST['field_' . $field_id])) {
if (isset($_POST['field_' . $field_id . '_day'])) {
$_POST['field_' . $field_id] = date('Y-m-d H:i:s', strtotime($_POST['field_' . $field_id . '_day'] . $_POST['field_' . $field_id . '_month'] . $_POST['field_' . $field_id . '_year']));
}
}
if (!empty($_POST['field_' . $field_id])) {
$usermeta['field_' . $field_id] = $_POST['field_' . $field_id];
}
}
// Store the profile field ID's in usermeta
$usermeta['profile_field_ids'] = $_POST['signup_profile_field_ids'];
// Hash and store the password
$usermeta['password'] = nxt_hash_password($_POST['signup_password']);
// If the user decided to create a blog, save those details to usermeta
if ('blog' == $active_signup || 'all' == $active_signup) {
$usermeta['public'] = isset($_POST['signup_blog_privacy']) && 'public' == $_POST['signup_blog_privacy'] ? true : false;
}
$usermeta = apply_filters('bp_signup_usermeta', $usermeta);
// Finally, sign up the user and/or blog
if (isset($_POST['signup_with_blog']) && is_multisite()) {
$nxt_user_id = bp_core_signup_blog($blog_details['domain'], $blog_details['path'], $blog_details['blog_title'], $_POST['signup_username'], $_POST['signup_email'], $usermeta);
} else {
$nxt_user_id = bp_core_signup_user($_POST['signup_username'], $_POST['signup_password'], $_POST['signup_email'], $usermeta);
}
if (is_nxt_error($nxt_user_id)) {
$bp->signup->step = 'request-details';
bp_core_add_message(strip_tags($nxt_user_id->get_error_message()), 'error');
} else {
$bp->signup->step = 'completed-confirmation';
}
}
do_action('bp_complete_signup');
}
}
do_action('bp_core_screen_signup');
bp_core_load_template(apply_filters('bp_core_template_register', 'registration/register'));
}
/**
* Update an user in the database.
*
* It is possible to update a user's password by specifying the 'user_pass'
* value in the $userdata parameter array.
*
* If $userdata does not contain an 'ID' key, then a new user will be created
* and the new user's ID will be returned.
*
* If current user's password is being updated, then the cookies will be
* cleared.
*
* @since 2.0.0
* @see nxt_insert_user() For what fields can be set in $userdata
* @uses nxt_insert_user() Used to update existing user or add new one if user doesn't exist already
*
* @param array $userdata An array of user data.
* @return int The updated user's ID.
*/
function nxt_update_user($userdata)
{
$ID = (int) $userdata['ID'];
// First, get all of the original fields
$user_obj = get_userdata($ID);
$user = get_object_vars($user_obj->data);
// Add additional custom fields
foreach (_get_additional_user_keys($user_obj) as $key) {
$user[$key] = get_user_meta($ID, $key, true);
}
// Escape data pulled from DB.
$user = add_magic_quotes($user);
// If password is changing, hash it now.
if (!empty($userdata['user_pass'])) {
$plaintext_pass = $userdata['user_pass'];
$userdata['user_pass'] = nxt_hash_password($userdata['user_pass']);
}
nxt_cache_delete($user['user_email'], 'useremail');
// Merge old and new fields with new fields overwriting old ones.
$userdata = array_merge($user, $userdata);
$user_id = nxt_insert_user($userdata);
// Update the cookies if the password changed.
$current_user = nxt_get_current_user();
if ($current_user->ID == $ID) {
if (isset($plaintext_pass)) {
nxt_clear_auth_cookie();
nxt_set_auth_cookie($ID);
}
}
return $user_id;
}
function queue_user($user_login, $user_pass, $user_email, $user_meta = '')
{
$sql = $this->db->prepare("INSERT INTO {$this->user_queue} (user_login, user_pass, user_email, user_timestamp, user_meta) VALUES ");
$sql .= $this->db->prepare("( %s, %s, %s, %d, %s )", $user_login, nxt_hash_password($user_pass), $user_email, time(), serialize($user_meta));
$sql .= $this->db->prepare(" ON DUPLICATE KEY UPDATE user_timestamp = %d", time());
if ($this->db->query($sql)) {
return $this->db->insert_id;
} else {
return new nxt_Error('queueerror', __('Could not create your user account.', 'membership'));
}
}
