/**
* Edit user settings based on contents of $_POST
*
* Used on user-edit.php and profile.php to manage and process user options, passwords etc.
*
* @since 0.0.1
*
* @param int $user_id Optional. User ID.
* @return int|HQ_Error user id of the updated user
*/
function edit_user($user_id = 0)
{
$hq_roles = hq_roles();
$user = new stdClass();
if ($user_id) {
$update = true;
$user->ID = (int) $user_id;
$userdata = get_userdata($user_id);
$user->user_login = hq_slash($userdata->user_login);
} else {
$update = false;
}
if (!$update && isset($_POST['user_login'])) {
$user->user_login = sanitize_user($_POST['user_login'], true);
}
$pass1 = $pass2 = '';
if (isset($_POST['pass1'])) {
$pass1 = $_POST['pass1'];
}
if (isset($_POST['pass2'])) {
$pass2 = $_POST['pass2'];
}
if (isset($_POST['role']) && current_user_can('edit_users')) {
$new_role = sanitize_text_field($_POST['role']);
$potential_role = isset($hq_roles->role_objects[$new_role]) ? $hq_roles->role_objects[$new_role] : false;
// Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
// Multisite super admins can freely edit their blog roles -- they possess all caps.
if (is_multisite() && current_user_can('manage_sites') || $user_id != get_current_user_id() || $potential_role && $potential_role->has_cap('edit_users')) {
$user->role = $new_role;
}
// If the new role isn't editable by the logged-in user die with error
$editable_roles = get_editable_roles();
if (!empty($new_role) && empty($editable_roles[$new_role])) {
hq_die(__('You can’t give users that role.'));
}
}
if (isset($_POST['email'])) {
$user->user_email = sanitize_text_field(hq_unslash($_POST['email']));
}
if (isset($_POST['url'])) {
if (empty($_POST['url']) || $_POST['url'] == 'http://') {
$user->user_url = '';
} else {
$user->user_url = esc_url_raw($_POST['url']);
$protocols = implode('|', array_map('preg_quote', hq_allowed_protocols()));
$user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://' . $user->user_url;
}
}
if (isset($_POST['first_name'])) {
$user->first_name = sanitize_text_field($_POST['first_name']);
}
if (isset($_POST['last_name'])) {
$user->last_name = sanitize_text_field($_POST['last_name']);
}
if (isset($_POST['nickname'])) {
$user->nickname = sanitize_text_field($_POST['nickname']);
}
if (isset($_POST['display_name'])) {
$user->display_name = sanitize_text_field($_POST['display_name']);
}
if (isset($_POST['description'])) {
$user->description = trim($_POST['description']);
}
foreach (hq_get_user_contact_methods($user) as $method => $name) {
if (isset($_POST[$method])) {
$user->{$method} = sanitize_text_field($_POST[$method]);
}
}
if ($update) {
$user->rich_editing = isset($_POST['rich_editing']) && 'false' == $_POST['rich_editing'] ? 'false' : 'true';
$user->admin_color = isset($_POST['admin_color']) ? sanitize_text_field($_POST['admin_color']) : 'fresh';
$user->show_admin_bar_front = isset($_POST['admin_bar_front']) ? 'true' : 'false';
}
$user->comment_shortcuts = isset($_POST['comment_shortcuts']) && 'true' == $_POST['comment_shortcuts'] ? 'true' : '';
$user->use_ssl = 0;
if (!empty($_POST['use_ssl'])) {
$user->use_ssl = 1;
}
$errors = new HQ_Error();
/* checking that username has been typed */
if ($user->user_login == '') {
$errors->add('user_login', __('<strong>ERROR</strong>: Please enter a username.'));
}
/* checking the password has been typed twice */
/**
* Fires before the password and confirm password fields are checked for congruity.
*
* @since 0.0.1
*
* @param string $user_login The username.
* @param string &$pass1 The password, passed by reference.
* @param string &$pass2 The confirmed password, passed by reference.
*/
do_action_ref_array('check_passwords', array($user->user_login, &$pass1, &$pass2));
if ($update) {
if (empty($pass1) && !empty($pass2)) {
$errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass1'));
} elseif (!empty($pass1) && empty($pass2)) {
$errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass2'));
}
} else {
if (empty($pass1)) {
$errors->add('pass', __('<strong>ERROR</strong>: Please enter your password.'), array('form-field' => 'pass1'));
} elseif (empty($pass2)) {
$errors->add('pass', __('<strong>ERROR</strong>: Please enter your password twice.'), array('form-field' => 'pass2'));
}
}
/* Check for "\" in password */
if (false !== strpos(hq_unslash($pass1), "\\")) {
$errors->add('pass', __('<strong>ERROR</strong>: Passwords may not contain the character "\\".'), array('form-field' => 'pass1'));
}
/* checking the password has been typed twice the same */
if ($pass1 != $pass2) {
$errors->add('pass', __('<strong>ERROR</strong>: Please enter the same password in the two password fields.'), array('form-field' => 'pass1'));
}
if (!empty($pass1)) {
$user->user_pass = $pass1;
}
if (!$update && isset($_POST['user_login']) && !validate_username($_POST['user_login'])) {
$errors->add('user_login', __('<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.'));
}
if (!$update && username_exists($user->user_login)) {
$errors->add('user_login', __('<strong>ERROR</strong>: This username is already registered. Please choose another one.'));
}
/* checking e-mail address */
if (empty($user->user_email)) {
$errors->add('empty_email', __('<strong>ERROR</strong>: Please enter an e-mail address.'), array('form-field' => 'email'));
} elseif (!is_email($user->user_email)) {
$errors->add('invalid_email', __('<strong>ERROR</strong>: The email address isn’t correct.'), array('form-field' => 'email'));
} elseif (($owner_id = email_exists($user->user_email)) && (!$update || $owner_id != $user->ID)) {
$errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.'), array('form-field' => 'email'));
}
/**
* Fires before user profile update errors are returned.
*
* @since 0.0.1
*
* @param array &$errors An array of user profile update errors, passed by reference.
* @param bool $update Whether this is a user update.
* @param HQ_User &$user HQ_User object, passed by reference.
*/
do_action_ref_array('user_profile_update_errors', array(&$errors, $update, &$user));
if ($errors->get_error_codes()) {
return $errors;
}
if ($update) {
$user_id = hq_update_user($user);
} else {
$user_id = hq_insert_user($user);
hq_new_user_notification($user_id, null, 'both');
}
return $user_id;
}
/**
* Output the login page header.
*
* @param string $title Optional. HiveQueen login Page title to display in the `<title>` element.
* Default 'Log In'.
* @param string $message Optional. Message to display in header. Default empty.
* @param HQ_Error $hq_error Optional. The error to pass. Default empty.
*/
function login_header($title = 'Log In', $message = '', $hq_error = '')
{
global $error, $interim_login, $action;
// Don't index any of these forms
add_action('login_head', 'hq_no_robots');
if (hq_is_mobile()) {
add_action('login_head', 'hq_login_viehqort_meta');
}
if (empty($hq_error)) {
$hq_error = new HQ_Error();
}
// Shake it!
$shake_error_codes = array('empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password');
/**
* Filter the error codes array for shaking the login form.
*
* @since 0.0.1
*
* @param array $shake_error_codes Error codes that shake the login form.
*/
$shake_error_codes = apply_filters('shake_error_codes', $shake_error_codes);
if ($shake_error_codes && $hq_error->get_error_code() && in_array($hq_error->get_error_code(), $shake_error_codes)) {
add_action('login_head', 'hq_shake_js', 12);
}
?>
<!DOCTYPE html>
<!--[if IE 6]>
<html id="ie6" <?php
language_attributes();
?>
>
<![endif]-->
<!--[if IE 7]>
<html id="ie7" <?php
language_attributes();
?>
>
<![endif]-->
<!--[if IE 8]>
<html id="ie8" <?php
language_attributes();
?>
>
<![endif]-->
<!--[if !(IE 6) & !(IE 7) & !(IE 8)]><!-->
<html <?php
language_attributes();
?>
>
<!--<![endif]-->
<head>
<meta charset="<?php
bloginfo('charset');
?>
" />
<meta name="viewport" content="width=device-width" />
<title><?php
hq_admin_css('login', true);
/*
* Remove all stored post data on logging out.
* This could be added by add_action('login_head'...) like hq_shake_js(),
* but maybe better if it's not removable by plugins
*/
if ('loggedout' == $hq_error->get_error_code()) {
?>
<script>if("sessionStorage" in window){try{for(var key in sessionStorage){if(key.indexOf("hq-autosave-")!=-1){sessionStorage.removeItem(key)}}}catch(e){}};</script>
<?php
}
/**
* Enqueue scripts and styles for the login page.
*
* @since 0.0.1
*/
do_action('login_enqueue_scripts');
/**
* Fires in the login page header after scripts are enqueued.
*
* @since 0.0.1
*/
do_action('login_head');
//TODO: Goyo no multisite
//if ( is_multisite() ) {
if (false) {
$login_header_url = network_home_url();
$login_header_title = get_current_site()->site_name;
} else {
$login_header_url = __('https://hivequeen.org/');
$login_header_title = __('Powered by HiveQueen');
}
/**
* Filter link URL of the header logo above login form.
*
* @since 0.0.1
*
* @param string $login_header_url Login header logo URL.
*/
$login_header_url = apply_filters('login_headerurl', $login_header_url);
/**
* Filter the title attribute of the header logo above login form.
*
* @since 0.0.1
*
* @param string $login_header_title Login header logo title attribute.
*/
$login_header_title = apply_filters('login_headertitle', $login_header_title);
$classes = array('login-action-' . $action, 'hq-core-ui');
if (hq_is_mobile()) {
$classes[] = 'mobile';
}
if (is_rtl()) {
$classes[] = 'rtl';
}
if ($interim_login) {
$classes[] = 'interim-login';
?>
<style type="text/css">html{background-color: transparent;}</style>
<?php
if ('success' === $interim_login) {
$classes[] = 'interim-login-success';
}
}
$classes[] = ' locale-' . sanitize_html_class(strtolower(str_replace('_', '-', get_locale())));
/**
* Filter the login page body classes.
*
* @since 0.0.1
*
* @param array $classes An array of body classes.
* @param string $action The action that brought the visitor to the login page.
*/
$classes = apply_filters('login_body_class', $classes, $action);
?>
</head>
<body class="login <?php
echo esc_attr(implode(' ', $classes));
?>
">
<div id="login">
<h1><a href="<?php
echo esc_url($login_header_url);
?>
" title="<?php
echo esc_attr($login_header_title);
?>
" tabindex="-1"><?php
bloginfo('name');
?>
</a></h1>
<?php
unset($login_header_url, $login_header_title);
/**
* Filter the message to display above the login form.
*
* @since 0.0.1
*
* @param string $message Login message text.
*/
$message = apply_filters('login_message', $message);
if (!empty($message)) {
echo $message . "\n";
}
// In case a plugin uses $error rather than the $hq_errors object
if (!empty($error)) {
$hq_error->add('error', $error);
unset($error);
}
if ($hq_error->get_error_code()) {
$errors = '';
$messages = '';
foreach ($hq_error->get_error_codes() as $code) {
$severity = $hq_error->get_error_data($code);
foreach ($hq_error->get_error_messages($code) as $error_message) {
if ('message' == $severity) {
$messages .= ' ' . $error_message . "<br />\n";
} else {
$errors .= ' ' . $error_message . "<br />\n";
}
}
}
if (!empty($errors)) {
/**
* Filter the error messages displayed above the login form.
*
* @since 0.0.1
*
* @param string $errors Login error message.
*/
echo '<div id="login_error">' . apply_filters('login_errors', $errors) . "</div>\n";
}
if (!empty($messages)) {
/**
* Filter instructional messages displayed above the login form.
*
* @since 0.0.1
*
* @param string $messages Login messages.
*/
echo '<p class="message">' . apply_filters('login_messages', $messages) . "</p>\n";
}
}
}
