Esempio n. 1
0
    function widget($args, $instance)
    {
        global $wpdb;
        extract($args, EXTR_SKIP);
        echo $before_widget;
        $title = empty($instance['title']) ? ' ' : apply_filters('widget_title', $instance['title']);
        if (!empty($title)) {
            echo $before_title . $title . $after_title;
            // switch if is logged or not
            $logged_user = pc_user_logged(array('username', 'name', 'surname'));
            if ($logged_user) {
                ?>
				<p><?php 
                _e('Welcome', 'pc_ml');
                ?>
 <?php 
                echo empty($logged_user['name']) && empty($logged_user['surname']) ? $logged_user['userame'] : ucfirst($logged_user['name']) . ' ' . ucfirst($logged_user['surname']);
                ?>
</p>
				
				<form class="pc_logout_widget PrivateContentLogin">
					<input type="button" name="pc_widget_logout" class="pc_logout_btn pc_trigger" value="<?php 
                _e('Logout', 'pc_ml');
                ?>
" />
					<span class="pc_loginform_loader"></span>
				</form>
			
			<?php 
            } else {
                echo pc_login_form();
            }
        }
        echo $after_widget;
    }
Esempio n. 2
0
function pcud_get_user_data($field = false)
{
    include_once PC_DIR . '/public_api.php';
    if ($field === false) {
        $field = true;
    }
    // invert bool to be compatible with v5
    return pc_user_logged($field);
}
Esempio n. 3
0
function pc_user_auth()
{
    global $wpdb, $pc_users;
    if (isset($_POST['type']) && $_POST['type'] == 'js_ajax_auth') {
        include_once PC_DIR . '/classes/pc_form_framework.php';
        include_once PC_DIR . '/classes/simple_form_validator.php';
        include_once PC_DIR . '/functions.php';
        $f_fw = new pc_form();
        $validator = new simple_fv();
        $indexes = array();
        $indexes[] = array('index' => 'pc_auth_username', 'label' => 'username', 'required' => true);
        $indexes[] = array('index' => 'pc_auth_psw', 'label' => 'psw', 'required' => true);
        $indexes[] = array('index' => 'pc_remember_me', 'label' => 'remember me');
        $validator->formHandle($indexes);
        $error = $validator->getErrors();
        $fdata = $validator->form_val;
        // honeypot check
        if (!$f_fw->honeypot_validaton()) {
            echo json_encode(array('resp' => 'error', 'mess' => "Antispam - we've got a bot here!"));
            die;
        }
        // error message
        if ($error) {
            die(json_encode(array('resp' => 'error', 'mess' => __('Incorrect username or password', 'pc_ml'))));
        } else {
            //// try to login
            $response = pc_login($fdata['pc_auth_username'], $fdata['pc_auth_psw'], $fdata['pc_remember_me']);
            // user not found
            if (!$response) {
                echo json_encode(array('resp' => 'error', 'mess' => __('Username or password incorrect', 'pc_ml')));
                die;
            } elseif ($response === 2 || $response === 3) {
                echo json_encode(array('resp' => 'error', 'mess' => pc_get_message('pc_default_pu_mex')));
                die;
            }
            // custom error
            if ($response !== true) {
                echo json_encode(array('resp' => 'error', 'mess' => $response));
                die;
            } else {
                // redirect logged user to pvt page
                if (get_option('pg_redirect_back_after_login') && isset($_SESSION['pc_last_restricted']) && filter_var($_SESSION['pc_last_restricted'], FILTER_VALIDATE_URL)) {
                    $redirect_url = $_SESSION['pc_last_restricted'];
                } else {
                    // check for custom categories redirects
                    $custom_cat_redirect = pc_user_cats_login_redirect(pc_user_logged('categories'));
                    $redirect_url = $custom_cat_redirect ? $custom_cat_redirect : pc_man_redirects('pg_logged_user_redirect');
                }
                echo json_encode(array('resp' => 'success', 'mess' => pc_get_message('pc_login_ok_mex'), 'redirect' => $redirect_url));
                die;
            }
        }
        die;
        // security block
    }
}
Esempio n. 4
0
function pcud_cond_block_sc($atts, $content = null)
{
    extract(shortcode_atts(array('f' => '', 'cond' => '=', 'val' => ''), $atts));
    // logged user data
    $ud = pc_user_logged(sanitize_title($f));
    if (!$ud) {
        return '';
    } else {
        // turn field to array to use a cycle
        $arr = is_array($ud) ? $ud : array($ud);
        foreach ($arr as $ud_val) {
            switch ($cond) {
                case '=':
                    $to_return = $ud_val == $val ? do_shortcode($content) : false;
                    break;
                case '!=':
                    $to_return = $ud_val != $val ? do_shortcode($content) : false;
                    break;
                case 'big':
                    $to_return = (double) $ud_val > (double) $val ? do_shortcode($content) : false;
                    break;
                case 'small':
                    $to_return = (double) $ud_val < (double) $val ? do_shortcode($content) : false;
                    break;
                case 'like':
                    // value contains string
                    $to_return = strpos((string) $ud_val, (string) $val) !== false ? do_shortcode($content) : false;
                    break;
                default:
                    return '';
                    break;
                    // if wrong condition - return nothing
            }
            if ($to_return !== false) {
                return $to_return;
                break;
            }
        }
    }
}
function pc_pvt_page_management($content)
{
    include_once PC_DIR . '/functions.php';
    global $wpdb, $post, $pc_users;
    $orig_content = $content;
    $target_page = (int) get_option('pg_target_page');
    $curr_page_id = (int) get_the_ID();
    // must be the chosen container page
    if (pc_wpml_translated_pag_id($target_page) != pc_wpml_translated_pag_id(get_the_ID())) {
        return $content;
    }
    // preview check
    if (is_user_logged_in() && isset($_REQUEST['pc_pvtpag']) && isset($_REQUEST['pc_utok'])) {
        if (!wp_verify_nonce($_REQUEST['pc_utok'], 'lcwp_nonce')) {
            return 'Cheating?';
        }
        $GLOBALS['pc_user_id'] = (int) $_REQUEST['pc_pvtpag'];
    }
    // check logged user
    $user_data = pc_user_logged(array('page_id', 'disable_pvt_page', 'wp_user_id'));
    if (!$user_data) {
        // return page content and eventually attach form
        $login_form = pc_login_form();
        $pvt_nl_content = get_option('pg_target_page_content');
        //only original contents
        if ($pvt_nl_content == 'original_content') {
            $content = $content;
        } elseif ($pvt_nl_content == 'original_plus_form') {
            $content = $content . $login_form;
        } elseif ($pvt_nl_content == 'form_plus_original') {
            $content = $login_form . $content;
        } else {
            $content = $login_form;
        }
        return $content;
    }
    // if not have a reserved area
    if (!empty($user_data['disable_pvt_page'])) {
        return '<p>' . pc_get_message('pc_default_nhpa_mex') . '</p>';
    }
    // flag for pvt page usage
    $GLOBALS['pc_pvt_page_is_displaying'] = true;
    // private page contents
    $page_data = get_post($user_data['page_id']);
    $content = $page_data->post_content;
    // if there's WP [embed] shortcode, execute it
    if (strpos($content, '[/embed]') !== -1) {
        global $wp_embed;
        $content = $wp_embed->run_shortcode($content);
    }
    // PC-FILTER - private page contents - useful to customize what is returned
    $content = apply_filters('pc_pvt_page_contents', $content);
    $content = do_shortcode(wpautop($content));
    // PC-ACTION - private page is being displayed - triggered in the_content hook
    do_action('pc_pvt_page_display');
    //// COMMENTS
    // disable comments if not synced
    if (!$pc_users->wp_user_sync || !get_option('pg_pvtpage_wps_comments') || !$user_data['wp_user_id'] || $page_data->comment_status != 'open') {
        add_filter('comments_template', 'pc_comments_template', 500);
    } else {
        // override query
        $GLOBALS['pc_custom_comments_template'] = 'original';
        $GLOBALS['pc_pvt_page_id'] = $user_data['page_id'];
        $GLOBALS['pc_pvt_page_obj'] = $page_data;
        $GLOBALS['pc_pvt_page_container_id'] = $curr_page_id;
        // override $post
        global $post;
        $post = get_post($user_data['page_id']);
        // PC-ACTION - give the opportunity to override comments template
        $custom_template = do_action('pc_pvt_page_comments_template');
        if (!empty($custom_template)) {
            $GLOBALS['pc_custom_comments_template'] = $custom_template;
        }
        add_filter('comments_template', 'pc_comments_template', 500);
    }
    return $content;
}
Esempio n. 6
0
function pc_logout()
{
    global $pc_users;
    if (isset($_SESSION['pc_user_id'])) {
        unset($_SESSION['pc_user_id']);
    }
    if (isset($GLOBALS['pc_user_id'])) {
        unset($GLOBALS['pc_user_id']);
    }
    setcookie('pc_user', '', time() - 3600 * 25, '/');
    $wp_user_id = pc_user_logged('wp_user_id');
    if ($wp_user_id !== false) {
        // wp user sync - unlog if WP logged is the one synced
        if ($pc_users->wp_user_sync) {
            $current_user = wp_get_current_user();
            if ($current_user && $wp_user_id == $current_user->ID) {
                wp_destroy_current_session();
                setcookie(AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN);
                setcookie(SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN);
                setcookie(AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN);
                setcookie(SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN);
                setcookie(LOGGED_IN_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN);
                setcookie(LOGGED_IN_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN);
                // Old cookies
                setcookie(AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN);
                setcookie(AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN);
                setcookie(SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN);
                setcookie(SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN);
                // Even older cookies
                setcookie(USER_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN);
                setcookie(PASS_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN);
                setcookie(USER_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN);
                setcookie(PASS_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN);
                //wp_clear_auth_cookie(); // don't use the function to avoid interferences with do_action( 'clear_auth_cookie' );
            }
        }
        // PC-ACTION - user is logged out - passes user id
        do_action('pc_user_logout', $GLOBALS['PC_VER_LOGGED_USER']);
        unset($GLOBALS['PC_VER_LOGGED_USER']);
    }
    return true;
}
Esempio n. 7
0
function pcud_handle_custom_form()
{
    if (isset($_POST['type']) && $_POST['type'] == 'pcud_cf_submit') {
        require_once PC_DIR . '/classes/pc_form_framework.php';
        require_once PCUD_DIR . '/functions.php';
        global $wpdb, $pc_users;
        $f_fw = new pc_form();
        $form_id = (int) $_POST['pcud_fid'];
        // check for logged users
        $pc_logged = pc_user_logged(false);
        if (!$pc_logged && !current_user_can(get_option('pg_min_role', 'upload_files'))) {
            die(json_encode(array('resp' => 'error', 'mess' => __('You must be logged to use this form', 'pcud_ml'))));
        }
        ////////// VALIDATION ////////////////////////////////////
        // get form structure
        $term = get_term_by('id', $form_id, 'pcud_forms');
        if (empty($term)) {
            die(json_encode(array('resp' => 'error', 'mess' => __('Form not found', 'pcud_ml'))));
        }
        if (empty($term->description)) {
            // retrocompatibility
            $form_fields = (array) get_option('pcud_form_' . $form_id, array());
        } else {
            $form_fields = unserialize(base64_decode($term->description));
        }
        $indexes = $f_fw->generate_validator(pcud_v2_field_names_sanitize($form_fields));
        $is_valid = $f_fw->validate_form($indexes, $cust_errors = array(), false, false);
        $fdata = $f_fw->form_data;
        if (!$is_valid) {
            $error = $f_fw->errors;
        } else {
            // check for redirects
            if (isset($form_fields['redirect']) && !empty($form_fields['redirect'])) {
                $redirect = $form_fields['redirect'] == 'custom' ? $form_fields['cust_redir'] : get_permalink($form_fields['redirect']);
            } else {
                $redirect = '';
            }
            // if not PC user - stop here
            if (!$pc_logged) {
                die(json_encode(array('resp' => 'success', 'mess' => __('Form submitted successfully.<br/> Not logged as PrivateContent user, nothing has been saved', 'pcud_ml'), 'redirect' => $redirect)));
            }
            // update user
            $result = $pc_users->update_user($GLOBALS['pc_user_id'], $fdata);
            if (!$result) {
                $error = $pc_users->validation_errors;
            }
        }
        // results
        if (isset($error) && !empty($error)) {
            die(json_encode(array('resp' => 'error', 'mess' => $error)));
        } else {
            // if is updating password - sync also cookie
            if (isset($fdata['psw'])) {
                $encrypted = $pc_users->get_user_field($user_id, $field);
                setcookie('pc_user', $GLOBALS['pc_user_id'] . '|||' . $encrypted, time() + 3600 * 6, '/');
            }
            // PCUD-ACTION - user updated its data - passes form data
            do_action('pcud_user_updated_data', $fdata);
            // success message
            $mess = json_encode(array('resp' => 'success', 'mess' => __('Data saved succesfully', 'pc_ml'), 'redirect' => $redirect));
            die($mess);
        }
        die;
        // security block
    }
}