function bb_manage_user_fields($edit_user = '') { global $nxt_roles, $nxt_users_object, $bbdb; // Cap checks $user_roles = $nxt_roles->role_names; $can_keep_gate = bb_current_user_can('keep_gate'); if ('post' == strtolower($_SERVER['REQUEST_METHOD'])) { bb_check_admin_referer('user-manage'); // Instantiate required vars $_POST = stripslashes_deep($_POST); $create_user_errors = new nxt_Error(); // User login $trimmed_user_login = str_replace(' ', '', $_POST['user_login']); $user_login = sanitize_user($_POST['user_login'], true); $user_meta['first_name'] = $_POST['first_name']; $user_meta['last_name'] = $_POST['last_name']; $user_display_name = $_POST['display_name']; $user_email = $_POST['user_email']; $user_url = $_POST['user_url']; $user_meta['from'] = $_POST['from']; $user_meta['occ'] = $_POST['occ']; $user_meta['interest'] = $_POST['interest']; $user_role = $_POST['userrole']; $user_meta['throttle'] = $_POST['throttle']; $user_pass1 = $_POST['pass1']; $user_pass2 = $_POST['pass2']; $user_status = 0; $user_pass = false; $user_url = $user_url ? bb_fix_link($user_url) : ''; // Check user_login if (!isset($_GET['action']) && empty($user_login)) { $create_user_errors->add('user_login', __('Username is a required field.')); } else { if ($user_login !== $trimmed_user_login) { $create_user_errors->add('user_login', sprintf(__('%s is an invalid username. How\'s this one?'), esc_html($_POST['user_login']))); $user_login = $trimmed_user_login; } } // Check email if (isset($user_email) && empty($user_email)) { $create_user_errors->add('user_email', __('Email address is a required field.')); } // Password Sanity Check if ((!empty($user_pass1) || !empty($user_pass2)) && $user_pass1 !== $user_pass2) { $create_user_errors->add('pass', __('You must enter the same password twice.')); } elseif (!isset($_GET['action']) && (empty($user_pass1) && empty($user_pass2))) { $create_user_errors->add('pass', __('You must enter a password.')); } elseif (isset($_GET['action']) && (empty($user_pass1) && empty($user_pass2))) { $user_pass = ''; } else { $user_pass = $user_pass1; } // No errors if (!$create_user_errors->get_error_messages()) { // Create or udpate switch ($_POST['action']) { case 'create': $goback = bb_get_uri('bb-admin/users.php', array('created' => 'true'), BB_URI_CONTEXT_FORM_ACTION + BB_URI_CONTEXT_BB_ADMIN); $user = $nxt_users_object->new_user(compact('user_login', 'user_email', 'user_url', 'user_nicename', 'user_status', 'user_pass')); // Error handler if (is_nxt_error($user)) { bb_admin_notice($user); unset($goback); // Update additional user data } else { // Update caps bb_update_usermeta($user['ID'], $bbdb->prefix . 'capabilities', array($user_role => true)); // Update all user meta foreach ($user_meta as $key => $value) { bb_update_usermeta($user['ID'], $key, $value); } // Don't send email if empty if (!empty($user_pass)) { bb_send_pass($user['ID'], $user_pass); } do_action('bb_new_user', $user['ID'], $user_pass); } break; case 'update': $goback = bb_get_uri('bb-admin/users.php', array('updated' => 'true'), BB_URI_CONTEXT_FORM_ACTION + BB_URI_CONTEXT_BB_ADMIN); $user = $nxt_users_object->get_user($_GET['user_id'], array('output' => ARRAY_A)); bb_update_user($user['ID'], $user_email, $user_url, $user_display_name); // Don't change PW if empty if (!empty($user_pass)) { bb_update_user_password($user['ID'], $user_pass); } // Error handler if (is_nxt_error($user)) { bb_admin_notice($user); unset($goback); // Update additional user data } else { // Update caps bb_update_usermeta($user['ID'], $bbdb->prefix . 'capabilities', array($user_role => true)); // Update all user meta foreach ($user_meta as $key => $value) { bb_update_usermeta($user['ID'], $key, $value); } // Don't send email if empty if (!empty($user_pass)) { bb_send_pass($user['ID'], $user_pass); } do_action('bb_update_user', $user['ID'], $user_pass); } break; } // Redirect if (isset($goback) && !empty($goback)) { bb_safe_redirect($goback); } // Error handler } else { bb_admin_notice($create_user_errors); } } elseif (isset($_GET['action']) && $_GET['action'] == 'edit') { if (isset($_GET['user_id']) && is_numeric($_GET['user_id'])) { $disabled = true; // Get the user if (empty($edit_user)) { $edit_user = bb_get_user(bb_get_user_id($_GET['user_id'])); } // Instantiate required vars $user_login = $edit_user->user_login; $user_meta['first_name'] = $edit_user->first_name; $user_meta['last_name'] = $edit_user->last_name; $user_display_name = $edit_user->display_name; $user_email = $edit_user->user_email; $user_url = $edit_user->user_url; $user_meta['from'] = $edit_user->from; $user_meta['occ'] = $edit_user->occ; $user_meta['interest'] = $edit_user->interest; $user_role = array_search('true', $edit_user->capabilities); $user_meta['throttle'] = $edit_user->throttle; // Keymasters can't demote themselves if ($edit_user->ID == bb_get_current_user_info('id') && $can_keep_gate || isset($edit_user->capabilities) && is_array($edit_user->capabilities) && array_key_exists('keymaster', $edit_user->capabilities) && !$can_keep_gate) { $user_roles = array('keymaster' => $user_roles['keymaster']); } elseif (!$can_keep_gate) { unset($user_roles['keymaster']); } } } // Load password strength checker nxt_enqueue_script('password-strength-meter'); nxt_enqueue_script('profile-edit'); // Generate a few PW hints $some_pass_hints = ''; for ($l = 3; $l != 0; $l--) { $some_pass_hints .= '<p>' . bb_generate_password() . '</p>'; } // Create the user fields $user_fields = array('user_login' => array('title' => __('Username'), 'note' => __('Required! Unique identifier for new user.'), 'value' => $user_login, 'disabled' => $disabled), 'first_name' => array('title' => __('First Name'), 'value' => $user_meta['first_name']), 'last_name' => array('title' => __('Last Name'), 'value' => $user_meta['last_name']), 'display_name' => array('title' => __('Display Name'), 'value' => $user_display_name), 'user_email' => array('title' => __('Email'), 'note' => __('Required! Will be used for notifications and profile settings changes.'), 'value' => $user_email), 'user_url' => array('title' => __('Website'), 'class' => array('long', 'code'), 'note' => __('The full URL of user\'s homepage or blog.'), 'value' => $user_url), 'from' => array('title' => __('Location'), 'class' => array('long'), 'value' => $user_meta['from']), 'occ' => array('title' => __('Occupation'), 'class' => array('long'), 'value' => $user_meta['occ']), 'interest' => array('title' => __('Interests'), 'class' => array('long'), 'value' => $user_meta['interest']), 'userrole' => array('title' => __('User Role'), 'type' => 'select', 'options' => $user_roles, 'note' => __('Allow user the above privileges.'), 'value' => $user_role), 'pass1' => array('title' => __('New Password'), 'type' => 'password', 'class' => array('short', 'text', 'code'), 'note' => __('Hints: ') . $some_pass_hints, 'value' => $user_pass1), 'pass2' => array('title' => __('Repeat New Password'), 'type' => 'password', 'class' => array('short', 'text', 'code'), 'note' => __('If you ignore hints, remember: the password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).'), 'value' => $user_pass2), 'email_pass' => array('title' => '', 'type' => 'checkbox', 'options' => array('1' => array('label' => __('Email the new password.'), 'attributes' => array('checked' => true)))), 'pass-strength-fake-input' => array('title' => __('Password Strength'), 'type' => 'hidden')); return apply_filters('bb_manage_user_fields', $user_fields); }
function bb_new_user($user_login, $user_email, $user_url, $user_status = 1) { global $wp_users_object, $bbdb; // is_email check + dns if (!($user_email = is_email($user_email))) { return new WP_Error('user_email', __('Invalid email address'), $user_email); } if (!($user_login = sanitize_user($user_login, true))) { return new WP_Error('user_login', __('Invalid username'), $user_login); } // user_status = 1 means the user has not yet been verified $user_status = is_numeric($user_status) ? (int) $user_status : 1; if (defined('BB_INSTALLING')) { $user_status = 0; } $user_nicename = $_user_nicename = bb_user_nicename_sanitize($user_login); if (strlen($_user_nicename) < 1) { return new WP_Error('user_login', __('Invalid username'), $user_login); } while (is_numeric($user_nicename) || ($existing_user = bb_get_user_by_nicename($user_nicename))) { $user_nicename = bb_slug_increment($_user_nicename, $existing_user->user_nicename, 50); } $user_url = $user_url ? bb_fix_link($user_url) : ''; $user_pass = bb_generate_password(); $user = $wp_users_object->new_user(compact('user_login', 'user_email', 'user_url', 'user_nicename', 'user_status', 'user_pass')); if (is_wp_error($user)) { if ('user_nicename' == $user->get_error_code()) { return new WP_Error('user_login', $user->get_error_message()); } return $user; } if (BB_INSTALLING) { bb_update_usermeta($user['ID'], $bbdb->prefix . 'capabilities', array('keymaster' => true)); } else { bb_update_usermeta($user['ID'], $bbdb->prefix . 'capabilities', array('member' => true)); bb_send_pass($user['ID'], $user['plain_pass']); } do_action('bb_new_user', $user['ID'], $user['plain_pass']); return $user['ID']; }
/** * Handles the resetting of users' passwords * * Handles resetting a user's password, prompted by an email sent by * {@see bb_reset_email()} * * @since 0.7.2 * @global bbdb $bbdb * * @param string $key * @return unknown */ function bb_reset_password($key) { global $bbdb; $key = sanitize_user($key, true); if (empty($key) || !is_string($key)) { return new WP_Error('invalid_key', __('Invalid key')); } if (!($user_id = $bbdb->get_var($bbdb->prepare("SELECT user_id FROM {$bbdb->usermeta} WHERE meta_key = 'newpwdkey' AND meta_value = %s", $key)))) { return new WP_Error('invalid_key', __('Invalid key')); } $user = new BP_User($user_id); if (!$user || is_wp_error($user)) { return new WP_Error('invalid_key', __('Invalid key')); } if (bb_has_broken_pass($user->ID)) { bb_block_current_user(); } if (!$user->has_cap('change_user_password', $user->ID)) { return new WP_Error('permission_denied', __('You are not allowed to change your password.')); } $newpass = bb_generate_password(); bb_update_user_password($user->ID, $newpass); if (!bb_send_pass($user->ID, $newpass)) { return new WP_Error('sending_mail_failed', __('The email containing the new password could not be sent.')); } bb_update_usermeta($user->ID, 'newpwdkey', ''); return true; }
function nxt_generate_password($length = 12, $special_chars = true) { bb_log_deprecated('function', __FUNCTION__, 'bb_generate_password'); return bb_generate_password($length, $special_chars); }
function bb_li_connect() { global $wp_users_object, $li_attr; //li authorization if (!$_SESSION['oauth']['linkedin']['authorized'] === TRUE) { try_li_connect(); } $me = get_li_profile(); if (!$me) { bb_die("Linkedin Connect failed"); exit; } $li_id = trim($me->{$li_attr}['id']); //bb_die($li_id); if (!$li_id) { bb_die("LinkedIn Connect failed, no user id found."); exit; } // Check if the user has already connected before $user_id = li_get_userid_by_linkedin_id($li_id); if (!$user_id) { // User did not exist yet, lets create the local account // First order of business is to find a unused usable account name for ($i = 1;; $i++) { $user_login = strtolower(sanitize_user(li_get_user_displayname($me), true)); $user_login = str_replace(' ', '_', $user_login); $user_login = str_replace('__', '_', $user_login); if (strlen($user_login) < 2) { $user_login = "******"; } if (strlen($user_login) > 50 - strlen($i)) { $user_login = substr($user_login, 0, 50 - strlen($i)); } if ($i > 1) { $user_login .= $i; } // A very rare potential race condition exists here, if two users with the same name // happen to register at the same time. One of them would fail, and have to retry. if (bb_get_user($user_login, array('by' => 'login')) === false) { break; } } $user_nicename = $user_login; $user_email = $user_login . "@none.local"; $user_url = trim($me->{$li_attr}['public-profile-url']); $user_url = $user_url ? bb_fix_link($user_url) : ''; $user_status = 0; $user_pass = bb_generate_password(); // User may have given permission to use his/her real email. Lets use it if so. /*if (isset($me['email']) && $me['email'] != '' && is_email($me['email'])) { $user_email = trim($me['email']); if (bb_get_user($user_email, array ('by' => 'email')) !== false) { // Uh oh. A user with this email already exists. This does not work out for us. bb_die("Error: an user account with the email address '$user_email' already exists."); } }*/ $user = $wp_users_object->new_user(compact('user_login', 'user_email', 'user_url', 'user_nicename', 'user_status', 'user_pass')); if (!$user || is_wp_error($user)) { bb_die("Creating new user failed"); exit; } $user_id = $user['ID']; //bb_die($user_id); bb_update_usermeta($user_id, $bbdb->prefix . 'capabilities', array('member' => true)); bb_update_usermeta($user_id, 'linkedin_id', $li_id); bb_update_usermeta($user_id, 'prompt_email', '1'); // will prompt user for email until set false. 1=true 0=false bb_update_usermeta($user_id, 'li_avatar', trim($me->{$li_attr}['picture-url'])); // user avatar bb_update_user($user_id, $user_email, $user_url, li_get_user_displayname($me)); bb_update_usermeta($user_id, 'first_name', trim($me->{$li_attr}['first-name'])); bb_update_usermeta($user_id, 'last_name', trim($me->{$li_attr}['last-name'])); bb_update_usermeta($user_id, 'occ', trim($me->{$li_attr}['headline'])); bb_update_usermeta($user_id, 'interest', trim($me->{$li_attr}['industry'])); do_action('bb_new_user', $user_id, $user_pass); do_action('register_user', $user_id); } else { bb_update_usermeta($user_id, 'prompt_email', '1'); bb_update_usermeta($user_id, 'li_avatar', trim($me->{$li_attr}['picture-url'])); if (!bb_get_option('li_allow_useredit')) { // enforce first name, last name and display name if the users are not allowed to change them bb_update_user($user_id, bb_get_user_email($user_id), get_user_link($user_id), li_get_user_displayname($me)); bb_update_usermeta($user_id, 'first_name', trim($me->{$li_attr}['first-name'])); bb_update_usermeta($user_id, 'last_name', trim($me->{$li_attr}['last-name'])); bb_update_usermeta($user_id, 'occ', trim($me->{$li_attr}['headline'])); bb_update_usermeta($user_id, 'interest', trim($me->{$li_attr}['industry'])); } } bb_set_auth_cookie($user_id, true); do_action('bb_user_login', $user_id); $redirect_url = $_REQUEST['li_bb_connect']; if (strpos($redirect_url, bb_get_option('uri')) !== 0) { $redirect_url = bb_get_option('uri'); } bb_safe_redirect($redirect_url); exit; }