public function initialize()
{
$this->user = new stdClass();
if (is_user_logged_in()) {
/* Populate settings we need for the menu based on the current user. */
$this->user->blogs = get_blogs_of_user(get_current_user_id());
if (is_multisite()) {
$this->user->active_blog = get_active_blog_for_user(get_current_user_id());
$this->user->domain = empty($this->user->active_blog) ? user_admin_url() : trailingslashit(get_home_url($this->user->active_blog->blog_id));
$this->user->account_domain = $this->user->domain;
} else {
$this->user->active_blog = $this->user->blogs[get_current_blog_id()];
$this->user->domain = trailingslashit(home_url());
$this->user->account_domain = $this->user->domain;
}
}
add_action('wp_head', 'wp_admin_bar_header');
add_action('admin_head', 'wp_admin_bar_header');
if (current_theme_supports('admin-bar')) {
$admin_bar_args = get_theme_support('admin-bar');
// add_theme_support( 'admin-bar', array( 'callback' => '__return_false') );
$header_callback = $admin_bar_args[0]['callback'];
}
if (empty($header_callback)) {
$header_callback = '_admin_bar_bump_cb';
}
add_action('wp_head', $header_callback);
wp_enqueue_script('admin-bar');
wp_enqueue_style('admin-bar');
do_action('admin_bar_init');
}
/**
* @ticket 38355
*/
public function test_get_active_blog_for_user_with_spam_site()
{
$current_site_id = get_current_blog_id();
$site_id = self::factory()->blog->create(array('user_id' => self::$user_id, 'meta' => array('spam' => 1)));
add_user_to_blog($site_id, self::$user_id, 'subscriber');
update_user_meta(self::$user_id, 'primary_blog', $site_id);
$result = get_active_blog_for_user(self::$user_id);
wpmu_delete_blog($site_id, true);
$this->assertEquals($current_site_id, $result->id);
}
function thatcamp_edit_profile_url($url)
{
$path = 'profile.php';
$scheme = 'admin';
$active = get_active_blog_for_user(get_current_user_id());
if ($active) {
$url = get_admin_url($active->blog_id, $path, $scheme);
} else {
$url = user_admin_url($path, $scheme);
}
return $url;
}
/**
* @access public
*/
public function initialize() {
$this->user = new stdClass;
if ( is_user_logged_in() ) {
/* Populate settings we need for the menu based on the current user. */
$this->user->blogs = get_blogs_of_user( get_current_user_id() );
if ( is_multisite() ) {
$this->user->active_blog = get_active_blog_for_user( get_current_user_id() );
$this->user->domain = empty( $this->user->active_blog ) ? user_admin_url() : trailingslashit( get_home_url( $this->user->active_blog->blog_id ) );
$this->user->account_domain = $this->user->domain;
} else {
$this->user->active_blog = $this->user->blogs[get_current_blog_id()];
$this->user->domain = trailingslashit( home_url() );
$this->user->account_domain = $this->user->domain;
}
}
add_action( 'wp_head', 'wp_admin_bar_header' );
add_action( 'admin_head', 'wp_admin_bar_header' );
if ( current_theme_supports( 'admin-bar' ) ) {
/**
* To remove the default padding styles from WordPress for the Toolbar, use the following code:
* add_theme_support( 'admin-bar', array( 'callback' => '__return_false' ) );
*/
$admin_bar_args = get_theme_support( 'admin-bar' );
$header_callback = $admin_bar_args[0]['callback'];
}
if ( empty($header_callback) )
$header_callback = '_admin_bar_bump_cb';
add_action('wp_head', $header_callback);
wp_enqueue_script( 'admin-bar' );
wp_enqueue_style( 'admin-bar' );
/**
* Fires after WP_Admin_Bar is initialized.
*
* @since 3.1.0
*/
do_action( 'admin_bar_init' );
}
/**
Handles subscriptions and unsubscriptions for different blogs on WPMU installs
*/
function wpmu_subscribe()
{
global $mysubscribe2;
// subscribe to new blog
if (!empty($_GET['s2mu_subscribe'])) {
$sub_id = intval($_GET['s2mu_subscribe']);
if ($sub_id >= 0) {
switch_to_blog($sub_id);
$user_ID = get_current_user_id();
// if user is not a user of the current blog
if (!is_blog_user($sub_id)) {
// add user to current blog as subscriber
add_user_to_blog($sub_id, $user_ID, 'subscriber');
// add an action hook for external manipulation of blog and user data
do_action_ref_array('subscribe2_wpmu_subscribe', array($user_ID, $sub_id));
}
// get categories, remove excluded ones if override is off
if (0 == $mysubscribe2->subscribe2_options['reg_override']) {
$all_cats = $mysubscribe2->all_cats(true, 'ID');
} else {
$all_cats = $mysubscribe2->all_cats(false, 'ID');
}
$cats_string = '';
foreach ($all_cats as $cat) {
'' == $cats_string ? $cats_string = "{$cat->term_id}" : ($cats_string .= ",{$cat->term_id}");
update_user_meta($user_ID, $mysubscribe2->get_usermeta_keyname('s2_cat') . $cat->term_id, $cat->term_id);
}
if (empty($cats_string)) {
delete_user_meta($user_ID, $mysubscribe2->get_usermeta_keyname('s2_subscribed'));
} else {
update_user_meta($user_ID, $mysubscribe2->get_usermeta_keyname('s2_subscribed'), $cats_string);
}
}
} elseif (!empty($_GET['s2mu_unsubscribe'])) {
// unsubscribe from a blog
$unsub_id = intval($_GET['s2mu_unsubscribe']);
if ($unsub_id >= 0) {
switch_to_blog($unsub_id);
$user_ID = get_current_user_id();
// delete subscription to all categories on that blog
$cats = get_user_meta($user_ID, $mysubscribe2->get_usermeta_keyname('s2_subscribed'), true);
$cats = explode(',', $cats);
if (!is_array($cats)) {
$cats = array($cats);
}
foreach ($cats as $id) {
delete_user_meta($user_ID, $mysubscribe2->get_usermeta_keyname('s2_cat') . $id);
}
delete_user_meta($user_ID, $mysubscribe2->get_usermeta_keyname('s2_subscribed'));
// add an action hook for external manipulation of blog and user data
do_action_ref_array('subscribe2_wpmu_unsubscribe', array($user_ID, $unsub_id));
restore_current_blog();
}
}
if (!is_user_member_of_blog($user_ID)) {
$user_blogs = get_active_blog_for_user($user_ID);
if (is_array($user_blogs)) {
switch_to_blog(key($user_blogs));
} else {
// no longer a member of a blog
wp_redirect(get_option('siteurl'));
// redirect to front page
exit(0);
}
}
// redirect to profile page
$url = get_option('siteurl') . '/wp-admin/admin.php?page=s2';
wp_redirect($url);
exit(0);
}
public function get_author()
{
if (0 == $this->post->post_author) {
return null;
}
$show_email = $this->context === 'edit' && current_user_can('edit_post', $this->post);
$user = get_user_by('id', $this->post->post_author);
if (!$user || is_wp_error($user)) {
trigger_error('Unknown user', E_USER_WARNING);
return null;
}
// TODO factor this out
if (defined('IS_WPCOM') && IS_WPCOM) {
$active_blog = get_active_blog_for_user($user->ID);
$site_id = $active_blog->blog_id;
$profile_URL = "http://en.gravatar.com/{$user->user_login}";
} else {
$profile_URL = 'http://en.gravatar.com/' . md5(strtolower(trim($user->user_email)));
$site_id = -1;
}
$author = array('ID' => (int) $user->ID, 'login' => (string) $user->user_login, 'email' => $show_email ? (string) $user->user_email : false, 'name' => (string) $user->display_name, 'first_name' => (string) $user->first_name, 'last_name' => (string) $user->last_name, 'nice_name' => (string) $user->user_nicename, 'URL' => (string) esc_url_raw($user->user_url), 'avatar_URL' => (string) esc_url_raw($this->get_avatar_url($user->user_email)), 'profile_URL' => (string) esc_url_raw($profile_URL));
if ($site_id > -1) {
$author['site_ID'] = (int) $site_id;
}
return (object) $author;
}
if ($customize_login) {
?>
<script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php
echo wp_customize_url();
?>
', channel: 'login' }).send('login') }, 1000 );</script>
<?php
}
?>
</body></html>
<?php
exit;
}
if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) {
$redirect_to = user_admin_url();
} elseif (is_multisite() && !$user->has_cap('read')) {
$redirect_to = get_dashboard_url($user->ID);
} elseif (!$user->has_cap('edit_posts')) {
$redirect_to = $user->has_cap('read') ? admin_url('profile.php') : home_url();
}
}
wp_safe_redirect($redirect_to);
exit;
}
$errors = $user;
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout']) || $reauth) {
$errors = new WP_Error();
}
/**
* Login user. SSL support is not tested.
*/
public function login()
{
global $json_api;
$secure_cookie = '';
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log']) && !force_ssl_admin()) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_user_by('login', $user_name)) {
// i'm guessing the user can change their login options to work with SSL
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
//passing true to like so, force_ssl_admin(true), makes force_ssl_admin() return true and vice versa
//force_ssl_admin(true); http://codex.wordpress.org/Function_Reference/force_ssl_admin
// we are declaring error but not returning it for now
$errors = new WP_Error();
$errors->add('use_ssl', __("The login must use ssl."));
// not implemeted now
//return $errors;
}
}
}
if (isset($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
} else {
$redirect_to = admin_url();
}
$reauth = empty($_REQUEST['reauth']) ? false : true;
// If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
// cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
// the admin via http or https.
if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) {
$secure_cookie = false;
}
//$user = wp_authenticate_username_password('', $_POST['log'], $_POST['pwd']);
$user = wp_signon('', $secure_cookie);
if (is_wp_error($user)) {
// user is an error object
$errors = $user;
// if both login and password are empty no error is added so we add one now
if (empty($_POST['log']) && empty($_POST['pwd'])) {
$errors->add('invalid_username', __("The username is empty."));
}
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout']) || $reauth) {
$errors = new WP_Error();
}
// If cookies are disabled we can't log in even with a valid user+pass
if (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) {
$errors->add('test_cookie', __("Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
}
// Some parts of this script use the main login form to display a message
if (isset($_GET['loggedout']) && TRUE == $_GET['loggedout']) {
$errors->add('loggedout', __('You are now logged out.'), 'message');
} elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
$errors->add('registerdisabled', __('User registration is currently not allowed.'));
} elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
$errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message');
} elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail']) {
$errors->add('newpass', __('Check your e-mail for your new password.'), 'message');
} elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
$errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message');
} elseif ($interim_login) {
$errors->add('expired', __('Your session has expired. Please log-in again.'), 'message');
}
// Clear any stale cookies.
if ($reauth) {
wp_clear_auth_cookie();
}
return $errors;
}
//if (!$reauth) {
// does not redirect
if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) {
$redirect_to = user_admin_url();
} elseif (is_multisite() && !$user->has_cap('read')) {
$redirect_to = get_dashboard_url($user->ID);
} elseif (!$user->has_cap('edit_posts')) {
$redirect_to = admin_url('profile.php');
}
}
wp_set_current_user($user->ID);
$user = $this->get_logged_in_user();
// left in redirect_to since we could return the value later if we wanted
return $user;
//}
}
/**
* @ticket 25162
* @group multisite
*/
public function test_admin_bar_contains_correct_links_for_users_with_no_role_on_network()
{
if (!is_multisite()) {
$this->markTestSkipped('Test only runs in multisite');
}
$this->assertTrue(user_can(self::$admin_id, 'read'));
$this->assertFalse(user_can(self::$no_role_id, 'read'));
$blog_id = self::factory()->blog->create(array('user_id' => self::$admin_id));
$this->assertTrue(is_user_member_of_blog(self::$admin_id, $blog_id));
$this->assertFalse(is_user_member_of_blog(self::$no_role_id, $blog_id));
$this->assertTrue(is_user_member_of_blog(self::$no_role_id, get_current_blog_id()));
// Remove `$nobody` from the current blog, so they're not a member of any blog
$removed = remove_user_from_blog(self::$no_role_id, get_current_blog_id());
$this->assertTrue($removed);
$this->assertFalse(is_user_member_of_blog(self::$no_role_id, get_current_blog_id()));
wp_set_current_user(self::$no_role_id);
switch_to_blog($blog_id);
$wp_admin_bar = $this->get_standard_admin_bar();
$node_site_name = $wp_admin_bar->get_node('site-name');
$node_my_account = $wp_admin_bar->get_node('my-account');
$node_user_info = $wp_admin_bar->get_node('user-info');
$node_edit_profile = $wp_admin_bar->get_node('edit-profile');
// get primary blog
$primary = get_active_blog_for_user(self::$no_role_id);
$this->assertNull($primary);
// No Site menu as the user isn't a member of this site
$this->assertNull($node_site_name);
$user_profile_url = user_admin_url('profile.php');
$this->assertNotEquals($user_profile_url, admin_url('profile.php'));
// Profile URLs should go to the user's primary blog
$this->assertEquals($user_profile_url, $node_my_account->href);
$this->assertEquals($user_profile_url, $node_user_info->href);
$this->assertEquals($user_profile_url, $node_edit_profile->href);
restore_current_blog();
}
function redirect_user_to_blog()
{
global $current_user;
$c = 0;
if (isset($_GET['c'])) {
$c = (int) $_GET['c'];
}
if ($c >= 5) {
wp_die(__("You don’t have permission to view this site. Please contact the system administrator."));
}
$c++;
$blog = get_active_blog_for_user($current_user->ID);
$dashboard_blog = get_dashboard_blog();
if (is_object($blog)) {
wp_redirect(get_admin_url($blog->blog_id, '?c=' . $c));
// redirect and count to 5, "just in case"
exit;
}
/*
If the user is a member of only 1 blog and the user's primary_blog isn't set to that blog,
then update the primary_blog record to match the user's blog
*/
$blogs = get_blogs_of_user($current_user->ID);
if (!empty($blogs)) {
foreach ($blogs as $blogid => $blog) {
if ($blogid != $dashboard_blog->blog_id && get_user_meta($current_user->ID, 'primary_blog', true) == $dashboard_blog->blog_id) {
update_user_meta($current_user->ID, 'primary_blog', $blogid);
continue;
}
}
$blog = get_blog_details(get_user_meta($current_user->ID, 'primary_blog', true));
wp_redirect(get_admin_url($blog->blog_id, '?c=' . $c));
exit;
}
wp_die(__('You do not have sufficient permissions to access this page.'));
}
$message = '<p class="message">' . __('You have logged in successfully.') . '</p>';
login_header('', $message);
?>
<script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script>
<p class="alignright">
<input type="button" class="btn" value="<?php
esc_attr_e('Close');
?>
" onclick="window.close()" /></p>
</div></body></html>
<?php
exit;
}
if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if (is_multisite() && !get_active_blog_for_user($user->id)) {
$redirect_to = user_admin_url();
} elseif (is_multisite() && !$user->has_cap('read')) {
$redirect_to = get_dashboard_url($user->id);
} elseif (!$user->has_cap('edit_posts')) {
$redirect_to = admin_url('profile.php');
}
}
wp_safe_redirect($redirect_to);
exit;
}
$errors = $user;
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout']) || $reauth) {
$errors = new WP_Error();
}
function simplr_login_includes($post, $option, $file, $path)
{
global $errors, $is_iphone, $interim_login, $current_site;
$http_post = 'POST' == $_SERVER['REQUEST_METHOD'];
$options = get_option('simplr_reg_options');
global $wp;
$action = @$_REQUEST['action'];
if (@$_REQUEST['action'] == '') {
wp_redirect('?action=login');
}
if (isset($options->login_redirect) and end($path) == $post->post_name) {
switch ($action) {
case 'lostpassword':
case 'retrievepassword':
if (isset($http_post)) {
$errors = retrieve_password();
if (!is_wp_error($errors)) {
$redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm';
wp_safe_redirect($redirect_to);
exit;
}
}
if (isset($_GET['error']) && 'invalidkey' == $_GET['error']) {
$errors->add('invalidkey', __('Sorry, that key does not appear to be valid.', 'simplr-registration-form'));
}
$redirect_to = apply_filters('lostpassword_redirect', !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '');
do_action('lost_password');
$user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : '';
break;
case 'login':
case 'default':
$secure_cookie = '';
$interim_login = isset($_REQUEST['interim-login']);
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log']) && !force_ssl_admin()) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_userdatabylogin($user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
if (isset($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
} else {
$redirect_to = admin_url();
}
$reauth = empty($_REQUEST['reauth']) ? false : true;
// If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
// cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
// the admin via http or https.
if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) {
$secure_cookie = false;
}
$user = wp_signon('', $secure_cookie);
$redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
if (!is_wp_error($user) && !$reauth) {
if ($interim_login) {
$message = '<p class="message">' . __('You have logged in successfully.', 'simplr-registration-form') . '</p>';
?>
<script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script>
<p class="alignright">
<input type="button" class="button-primary" value="<?php
esc_attr_e('Close', 'simplr-registration-form');
?>
" onclick="window.close()" /></p>
</div></body></html>
<?php
exit;
}
if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if (is_multisite() && !get_active_blog_for_user($user->id) && !is_super_admin($user->id)) {
$redirect_to = user_admin_url();
} elseif (is_multisite() && !$user->has_cap('read')) {
$redirect_to = get_dashboard_url($user->id);
} elseif (!$user->has_cap('edit_posts')) {
$redirect_to = admin_url('profile.php');
}
}
wp_safe_redirect($redirect_to);
exit;
}
$errors = $user;
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout']) || $reauth) {
$errors = new WP_Error();
}
// If cookies are disabled we can't log in even with a valid user+pass
if (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) {
$errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress.", 'simplr-registration-form'));
}
// Some parts of this script use the main login form to display a message
if (isset($_GET['loggedout']) && TRUE == $_GET['loggedout']) {
$errors->add('loggedout', __('You are now logged out.', 'simplr-registration-form'), 'message');
} elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
$errors->add('registerdisabled', __('User registration is currently not allowed.', 'simplr-registration-form'));
} elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
$errors->add('confirm', __('Check your e-mail for the confirmation link.', 'simplr-registration-form'), 'message');
} elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail']) {
$errors->add('newpass', __('Check your e-mail for your new password.', 'simplr-registration-form'), 'message');
} elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
$errors->add('registered', __('Registration complete. Please check your e-mail.', 'simplr-registration-form'), 'message');
} elseif ($interim_login) {
$errors->add('expired', __('Your session has expired. Please log-in again.', 'simplr-registration-form'), 'message');
}
// Clear any stale cookies.
if ($reauth) {
wp_clear_auth_cookie();
}
break;
}
}
}
/**
* Proccesses the request
*
* Callback for "template_redirect" hook in template-loader.php
*
* @since 6.3
* @access public
*/
public function template_redirect()
{
$this->request_action = isset($_REQUEST['action']) ? sanitize_key($_REQUEST['action']) : '';
if (!$this->request_action && self::is_tml_page()) {
$this->request_action = self::get_page_action(get_the_id());
}
$this->request_instance = isset($_REQUEST['instance']) ? sanitize_key($_REQUEST['instance']) : 0;
do_action_ref_array('tml_request', array(&$this));
// allow plugins to override the default actions, and to add extra actions if they want
do_action('login_form_' . $this->request_action);
if (has_action('tml_request_' . $this->request_action)) {
do_action_ref_array('tml_request_' . $this->request_action, array(&$this));
} else {
$http_post = 'POST' == $_SERVER['REQUEST_METHOD'];
switch ($this->request_action) {
case 'postpass':
global $wp_hasher;
if (empty($wp_hasher)) {
require_once ABSPATH . 'wp-includes/class-phpass.php';
// By default, use the portable hash from phpass
$wp_hasher = new PasswordHash(8, true);
}
// 10 days
setcookie('wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword(stripslashes($_POST['post_password'])), time() + 864000, COOKIEPATH);
wp_safe_redirect(wp_get_referer());
exit;
break;
case 'logout':
check_admin_referer('log-out');
$user = wp_get_current_user();
wp_logout();
$redirect_to = apply_filters('logout_redirect', site_url('wp-login.php?loggedout=true'), isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
wp_safe_redirect($redirect_to);
exit;
break;
case 'lostpassword':
case 'retrievepassword':
if ($http_post) {
$this->errors = self::retrieve_password();
if (!is_wp_error($this->errors)) {
$redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : site_url('wp-login.php?checkemail=confirm');
wp_safe_redirect($redirect_to);
exit;
}
}
if (isset($_REQUEST['error']) && 'invalidkey' == $_REQUEST['error']) {
$this->errors->add('invalidkey', __('Sorry, that key does not appear to be valid.', 'theme-my-login'));
}
do_action('lost_password');
break;
case 'resetpass':
case 'rp':
$user = self::check_password_reset_key($_REQUEST['key'], $_REQUEST['login']);
if (is_wp_error($user)) {
$redirect_to = site_url('wp-login.php?action=lostpassword&error=invalidkey');
wp_redirect($redirect_to);
exit;
}
if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
$this->errors->add('password_reset_mismatch', __('The passwords do not match.', 'theme-my-login'));
} elseif (isset($_POST['pass1']) && !empty($_POST['pass1'])) {
self::reset_password($user, $_POST['pass1']);
$redirect_to = site_url('wp-login.php?resetpass=complete');
wp_safe_redirect($redirect_to);
exit;
}
wp_enqueue_script('utils');
wp_enqueue_script('user-profile');
break;
case 'register':
if (!get_option('users_can_register')) {
$redirect_to = site_url('wp-login.php?registration=disabled');
wp_redirect($redirect_to);
exit;
}
$user_login = '';
$user_email = '';
if ($http_post) {
$user_login = $_POST['user_login'];
$user_email = $_POST['user_email'];
$this->errors = self::register_new_user($user_login, $user_email);
if (!is_wp_error($this->errors)) {
$redirect_to = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : site_url('wp-login.php?checkemail=registered');
wp_safe_redirect($redirect_to);
exit;
}
}
break;
case 'login':
default:
$secure_cookie = '';
$interim_login = isset($_REQUEST['interim-login']);
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log']) && !force_ssl_admin()) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_user_by('login', $user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
if (!empty($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
} else {
$redirect_to = admin_url();
}
$reauth = empty($_REQUEST['reauth']) ? false : true;
// If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
// cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
// the admin via http or https.
if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) {
$secure_cookie = false;
}
if ($http_post && isset($_POST['log'])) {
$user = wp_signon('', $secure_cookie);
$redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
if (!is_wp_error($user) && !$reauth) {
if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) {
$redirect_to = user_admin_url();
} elseif (is_multisite() && !$user->has_cap('read')) {
$redirect_to = get_dashboard_url($user->ID);
} elseif (!$user->has_cap('edit_posts')) {
$redirect_to = admin_url('profile.php');
}
}
wp_safe_redirect($redirect_to);
exit;
}
$this->errors = $user;
}
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout']) || $reauth) {
$this->errors = new WP_Error();
}
// Some parts of this script use the main login form to display a message
if (isset($_GET['loggedout']) && true == $_GET['loggedout']) {
$this->errors->add('loggedout', __('You are now logged out.', 'theme-my-login'), 'message');
} elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
$this->errors->add('registerdisabled', __('User registration is currently not allowed.', 'theme-my-login'));
} elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
$this->errors->add('confirm', __('Check your e-mail for the confirmation link.', 'theme-my-login'), 'message');
} elseif (isset($_GET['resetpass']) && 'complete' == $_GET['resetpass']) {
$this->errors->add('password_reset', __('Your password has been reset.', 'theme-my-login'), 'message');
} elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
$this->errors->add('registered', __('Registration complete. Please check your e-mail.', 'theme-my-login'), 'message');
} elseif ($interim_login) {
$this->errors->add('expired', __('Your session has expired. Please log-in again.', 'theme-my-login'), 'message');
} elseif (strpos($redirect_to, 'about.php?updated')) {
$this->errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.', 'theme-my-login'), 'message');
} elseif ($reauth) {
$this->errors->add('reauth', __('Please log in to continue.', 'theme-my-login'), 'message');
}
// Clear any stale cookies.
if ($reauth) {
wp_clear_auth_cookie();
}
break;
}
// end switch
}
// endif has_filter()
}
function redirect_user_to_blog()
{
$c = 0;
if (isset($_GET['c'])) {
$c = (int) $_GET['c'];
}
if ($c >= 5) {
wp_die(__("You don’t have permission to view this site. Please contact the system administrator."));
}
$c++;
$blog = get_active_blog_for_user(get_current_user_id());
if (is_object($blog)) {
wp_redirect(get_admin_url($blog->blog_id, '?c=' . $c));
// redirect and count to 5, "just in case"
} else {
wp_redirect(user_admin_url('?c=' . $c));
// redirect and count to 5, "just in case"
}
exit;
}
/**
* Login hooks
*/
function action_login()
{
$interim_login = isset($_REQUEST['interim-login']);
$secure_cookie = '';
$customize_login = isset($_REQUEST['customize-login']);
if ($customize_login) {
wp_enqueue_script('customize-base');
}
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log']) && !force_ssl_admin()) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_user_by('login', $user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
if (isset($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
} else {
$redirect_to = admin_url();
}
$reauth = empty($_REQUEST['reauth']) ? false : true;
$user = wp_signon('', $secure_cookie);
if (empty($_COOKIE[LOGGED_IN_COOKIE])) {
if (headers_sent()) {
$user = new WP_Error('test_cookie', sprintf(__('<strong>ERROR</strong>: Cookies are blocked due to unexpected output. For help, please see <a href="%1$s">this documentation</a> or try the <a href="%2$s">support forums</a>.', 'colabsthemes'), 'http://codex.wordpress.org/Cookies', 'https://wordpress.org/support/'));
} elseif (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) {
// If cookies are disabled we can't log in even with a valid user+pass
$user = new WP_Error('test_cookie', sprintf(__('<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href="%s">enable cookies</a> to use WordPress.', 'colabsthemes'), 'http://codex.wordpress.org/Cookies'));
}
}
$requested_redirect_to = isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '';
/**
* Filter the login redirect URL.
*
* @since 3.0.0
*
* @param string $redirect_to The redirect destination URL.
* @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
* @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise.
*/
$redirect_to = apply_filters('login_redirect', $redirect_to, $requested_redirect_to, $user);
if (!is_wp_error($user) && !$reauth) {
if ($interim_login) {
$message = '<div class="alert alert-success">' . __('You have logged in successfully.', 'colabsthemes') . '</div>';
$interim_login = '******';
echo $message;
}
if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) {
$redirect_to = user_admin_url();
} elseif (is_multisite() && !$user->has_cap('read')) {
$redirect_to = get_dashboard_url($user->ID);
} elseif (!$user->has_cap('edit_posts')) {
$redirect_to = admin_url('profile.php');
}
}
wp_safe_redirect($redirect_to);
exit;
}
$errors = $user;
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout']) || $reauth) {
$errors = new WP_Error();
}
if ($interim_login) {
if (!$errors->get_error_code()) {
$errors->add('expired', __('Session expired. Please log in again. You will not move away from this page.', 'colabsthemes'), 'message');
}
} else {
// Some parts of this script use the main login form to display a message
if (isset($_GET['loggedout']) && true == $_GET['loggedout']) {
$errors->add('loggedout', __('You are now logged out.', 'colabsthemes'), 'message');
} elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
$errors->add('registerdisabled', __('User registration is currently not allowed.', 'colabsthemes'));
} elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
$errors->add('confirm', __('Check your e-mail for the confirmation link.', 'colabsthemes'), 'message');
} elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail']) {
$errors->add('newpass', __('Check your e-mail for your new password.', 'colabsthemes'), 'message');
} elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
$errors->add('registered', __('Registration complete. Please check your e-mail.', 'colabsthemes'), 'message');
} elseif (strpos($redirect_to, 'about.php?updated')) {
$errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to see what’s new.', 'colabsthemes'), 'message');
}
}
/**
* Filter the login page errors.
*
* @since 3.6.0
*
* @param object $errors WP Error object.
* @param string $redirect_to Redirect destination URL.
*/
$errors = apply_filters('wp_login_errors', $errors, $redirect_to);
// Clear any stale cookies.
if ($reauth) {
wp_clear_auth_cookie();
}
// Error Messages
$this->render_messages($errors);
$this->login_form($interim_login, $redirect_to, $errors);
}
/**
* The shortcode handler for the [show_avatar] shortcode.
*
* Example: [show_avatar id=pbearne@tycoelectronics.com avatar_size=30 align=right]
*/
function shortcode_handler($atts, $content = null)
{
$extraClass = '';
$hrefStart = '';
$name = '';
$bio = '';
$last_post = '';
$style = '';
$email = '';
$link = '';
$id = '';
// get id or email
if (!empty($atts['id'])) {
$id = preg_replace('[^\\w\\.\\@\\-]', '', $atts['id']);
}
if (empty($id) && !empty($atts['email'])) {
$id = preg_replace('[^\\w\\.\\@\\-]', '', $atts['email']);
}
// get avatar size
$bio_length = -1;
if (!empty($atts['max_bio_length'])) {
$bio_length = intval($atts['max_bio_length']);
}
// get avatar size
$avatar_size = false;
if (!empty($atts['avatar_size'])) {
$avatar_size = intval($atts['avatar_size']);
}
// get alignment
if (!empty($atts['align'])) {
switch ($atts['align']) {
case 'left':
$style = "float: left; margin-right: 10px;";
break;
case 'right':
$style = "float: right; margin-left: 10px;";
break;
case 'center':
$style = "text-align: center; width: 100%;";
break;
}
}
if (!empty($id)) {
$avatar = get_avatar($id, $avatar_size);
} else {
$avatar = __("[show_author shortcode: please set id/email attribute]");
}
// is there an user link request
if (!empty($atts['user_link']) || !empty($atts['show_biography']) || !empty($atts['show_postcount']) || !empty($atts['show_name']) || !empty($atts['show_email'])) {
// try to fetch user profile
$isUser = true;
if (!is_numeric($id)) {
if (email_exists($id)) {
$id = email_exists($id);
} else {
$isUser = false;
}
}
if ($isUser) {
$all_meta_for_user = get_user_meta($id);
if (count($all_meta_for_user) == 0) {
$isUser = false;
}
}
if ($isUser) {
if (!empty($atts['user_link'])) {
switch ($atts['user_link']) {
case 'authorpage':
$link = get_author_posts_url($id);
break;
case 'website':
$link = get_the_author_meta('user_url', $id);
if (empty($link) || $link == 'http://') {
$link = false;
}
break;
case 'blog':
if (AA_is_wpmu()) {
$blog = get_active_blog_for_user($id);
if (!empty($blog->siteurl)) {
$link = $blog->siteurl;
}
}
break;
case 'bp_memberpage':
if (function_exists('bp_core_get_user_domain')) {
$link = bp_core_get_user_domain($id);
} elseif (function_exists('bp_core_get_userurl')) {
// BP versions < 1.1
$link = bp_core_get_userurl($id);
}
break;
case 'bbpress_memberpage':
if (function_exists('bbp_get_user_profile_url')) {
$link = bbp_get_user_profile_url($id);
}
if (empty($link) || $link == 'http://') {
$link = false;
}
break;
case 'last_post':
$recent = get_posts(array('author' => $id, 'orderby' => 'date', 'order' => 'desc', 'numberposts' => 1));
$link = get_permalink($recent[0]->ID);
break;
case 'last_post_filtered':
$recent = get_posts(array('author' => $id, 'orderby' => 'date', 'order' => 'desc', 'numberposts' => 1));
$link = get_permalink($recent[0]->ID);
break;
case 'last_post_all':
$last_post = get_most_recent_post_of_user($id);
$link = get_permalink($last_post['post_id']);
break;
}
if ($link) {
$hrefStart = '<a href="' . $link . '">';
}
}
if (!empty($atts['show_name'])) {
$name = '<br />' . get_the_author_meta('display_name', $id);
$extraClass .= ' with-name';
}
if (!empty($atts['show_email'])) {
$userEmail = get_the_author_meta('user_email', $id);
$email = "<div class='email'><a href='mailto:" . $userEmail . "''>" . $userEmail . "</a></div>";
if (empty($email)) {
$extraClass .= 'email-missing';
} else {
$extraClass .= ' with-email';
}
}
if (!empty($atts['show_postcount'])) {
$name .= ' (' . ($postcount = $this->userlist->get_user_postcount($id) . ')');
}
if (!empty($atts['show_bbpress_post_count'])) {
if (function_exists('bbp_get_user_topic_count_raw')) {
$BBPRESS_postcount = bbp_get_user_topic_count_raw($id) + bbp_get_user_reply_count_raw($id);
$name .= ' (' . ($postcount = $BBPRESS_postcount . ')');
}
}
if (!empty($atts['show_biography'])) {
$biography = get_the_author_meta('description', $id);
if (0 < $bio_length) {
$biography = $this->userlist->truncate_html(wpautop($biography, true), apply_filters('aa_user_bio_length', $bio_length));
} else {
$biography = wpautop($biography, true);
}
if (!empty($atts['show_name'])) {
$bio = '<div class="bio bio-length-' . $atts['max_bio_length'] . '">' . $biography . '</div>';
}
if (empty($bio)) {
$extraClass .= ' biography-missing';
} else {
$extraClass .= ' with-biography bio-length-' . $bio_length;
}
}
// show last_post?
if (isset($atts['show_last_post']) && strlen($atts['show_last_post']) > 0) {
$last_post = '<div class="last_post">' . $this->userlist->aa_get_last_post($id) . '</div>';
if (empty($last_post)) {
$extraClass .= ' last-post-missing';
} else {
$extraClass .= ' with-last-post';
}
}
}
}
$hrefend = '';
if (!empty($hrefStart)) {
$hrefend = '</a>';
}
if (!empty($style)) {
$style = ' style="' . $style . '"';
}
return '<div class="shortcode-show-avatar ' . $extraClass . '"' . $style . '>' . $hrefStart . $avatar . $name . $last_post . $hrefend . $bio . $email . '</div>' . $content;
}
/**
* Function is responsible for initializing the login page
*
*/
function bum_init_page_login()
{
//reasons to return
if (!bum_is_page('Login')) {
return false;
}
// Redirect to https login if forced to use SSL
if (force_ssl_admin() && !is_ssl()) {
if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) {
wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
exit;
} else {
wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit;
}
}
// Don't index any of these forms
add_filter('pre_option_blog_public', '__return_zero');
add_action('login_head', 'noindex');
//initializing
global $bum_action, $bum_errors, $bum_redirect_to, $bum_user, $bum_http_post, $bum_secure_cookie, $bum_interim_login, $bum_reauth, $bum_rememberme, $bum_messages_txt, $bum_errors_txt;
$bum_action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login';
$bum_errors = new WP_Error();
if (isset($_GET['key'])) {
$bum_action = 'resetpass';
}
// validate action so as to default to the login screen
if (!in_array($bum_action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login'), true) && false === has_filter('login_form_' . $bum_action)) {
$bum_action = 'login';
}
nocache_headers();
header('Content-Type: ' . get_bloginfo('html_type') . '; charset=' . get_bloginfo('charset'));
if (defined('RELOCATE')) {
// Move flag is set
if (isset($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) {
$_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF']);
}
$schema = is_ssl() ? 'https://' : 'http://';
if (dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_option('siteurl')) {
update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']));
}
}
//Set a cookie now to see if they are supported by the browser.
setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
if (SITECOOKIEPATH != COOKIEPATH) {
setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
}
// allow plugins to override the default actions, and to add extra actions if they want
do_action('login_init');
do_action('login_form_' . $bum_action);
$bum_http_post = 'POST' == $_SERVER['REQUEST_METHOD'];
switch ($bum_action) {
case 'logout':
//check_admin_referer('log-out');
wp_logout();
$bum_redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : bum_get_permalink_login() . '?loggedout=true';
wp_safe_redirect($bum_redirect_to);
exit;
break;
case 'lostpassword':
case 'retrievepassword':
if ($bum_http_post) {
$bum_errors = bum_retrieve_password();
if (!is_wp_error($bum_errors)) {
$bum_redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : bum_get_permalink_login() . '&checkemail=confirm';
wp_safe_redirect($bum_redirect_to);
exit;
}
}
if (isset($_GET['error']) && 'invalidkey' == $_GET['error']) {
$bum_errors->add('invalidkey', __('Sorry, that key does not appear to be valid.'));
}
$bum_redirect_to = apply_filters('lostpassword_redirect', !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '');
do_action('lost_password');
break;
case 'resetpass':
case 'rp':
$bum_user = bum_check_password_reset_key($_GET['key'], $_GET['login']);
if (is_wp_error($bum_user)) {
wp_redirect(bum_get_permalink_login() . '?action=lostpassword&error=invalidkey');
exit;
}
$bum_errors = '';
if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
$bum_errors = new WP_Error('password_reset_mismatch', __('The passwords do not match.'));
} elseif (isset($_POST['pass1']) && !empty($_POST['pass1'])) {
bum_reset_password($bum_user, $_POST['pass1']);
exit;
}
wp_enqueue_script('utils');
wp_enqueue_script('user-profile');
break;
case 'register':
wp_redirect(bum_get_permalink_registration());
exit;
break;
case 'login':
default:
//redirect if logged in
if (is_user_logged_in()) {
wp_redirect(get_bloginfo('url'));
exit;
}
$bum_secure_cookie = '';
$bum_interim_login = isset($_REQUEST['interim-login']);
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log']) && !force_ssl_admin()) {
$bum_user_name = sanitize_user($_POST['log']);
if ($bum_user = get_userdatabylogin($bum_user_name)) {
if (get_user_option('use_ssl', $bum_user->ID)) {
$bum_secure_cookie = true;
force_ssl_admin(true);
}
}
}
if (isset($_REQUEST['redirect_to'])) {
$bum_redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ($bum_secure_cookie && false !== strpos($bum_redirect_to, 'wp-admin')) {
$bum_redirect_to = preg_replace('|^http://|', 'https://', $bum_redirect_to);
}
} else {
$bum_redirect_to = admin_url();
}
$bum_reauth = empty($_REQUEST['reauth']) ? false : true;
// If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
// cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
// the admin via http or https.
if (!$bum_secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($bum_redirect_to, 'https') && 0 === strpos($bum_redirect_to, 'http')) {
$bum_secure_cookie = false;
}
$bum_user = wp_signon('', $bum_secure_cookie);
$bum_redirect_to = apply_filters('login_redirect', $bum_redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $bum_user);
if (!is_wp_error($bum_user) && !$bum_reauth) {
if (empty($bum_redirect_to) || $bum_redirect_to == 'wp-admin/' || $bum_redirect_to == admin_url()) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if (is_multisite() && !get_active_blog_for_user($bum_user->id)) {
$bum_redirect_to = user_admin_url();
} elseif (is_multisite() && !$bum_user->has_cap('read')) {
$bum_redirect_to = get_dashboard_url($bum_user->id);
} elseif (!$bum_user->has_cap('edit_posts')) {
$bum_redirect_to = bum_get_permalink_profile();
}
}
wp_safe_redirect($bum_redirect_to);
exit;
}
$bum_errors = $bum_user;
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout']) || $bum_reauth) {
$bum_errors = new WP_Error();
}
// If cookies are disabled we can't log in even with a valid user+pass
if (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) {
$bum_errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
}
// Some parts of this script use the main login form to display a message
if (isset($_GET['loggedout']) && TRUE == $_GET['loggedout']) {
$bum_errors->add('loggedout', __('You are now logged out.'), 'message');
} elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
$bum_errors->add('registerdisabled', __('User registration is currently not allowed.'));
} elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
$bum_errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message');
} elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail']) {
$bum_errors->add('newpass', __('Check your e-mail for your new password.'), 'message');
} elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
$bum_errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message');
} elseif ($bum_interim_login) {
$bum_errors->add('expired', __('Your session has expired. Please log-in again.'), 'message');
}
// Clear any stale cookies.
if ($bum_reauth) {
wp_clear_auth_cookie();
}
if (isset($_POST['log'])) {
$bum_user_login = '******' == $bum_errors->get_error_code() || 'empty_password' == $bum_errors->get_error_code() ? esc_attr(stripslashes($_POST['log'])) : '';
}
$bum_rememberme = !empty($_POST['rememberme']);
break;
}
if ($bum_errors->get_error_code()) {
$bum_errors_txt = '';
$bum_messages_txt = '';
foreach ($bum_errors->get_error_codes() as $code) {
$bum_severity = $bum_errors->get_error_data($code);
foreach ($bum_errors->get_error_messages($code) as $error) {
if ('message' == $bum_severity) {
$bum_messages_txt .= ' ' . $error . "<br />\n";
} else {
$bum_errors_txt .= ' ' . $error . "<br />\n";
}
}
}
}
}
/**
* The shortcode handler for the [show_avatar] shortcode.
*
* Example: [show_avatar id=pbearne@tycoelectronics.com avatar_size=30 align=right]
*/
function shortcode_handler($atts, $content = null)
{
$extraClass = "";
$hrefStart = "";
$name = "";
$bio = "";
$style = "";
$email = "";
$link = "";
$id = '';
// get id or email
if (!empty($atts['id'])) {
$id = preg_replace('[^\\w\\.\\@\\-]', '', $atts['id']);
}
if (empty($id) && !empty($atts['email'])) {
$id = preg_replace('[^\\w\\.\\@\\-]', '', $atts['email']);
}
// get avatar size
$avatar_size = false;
if (!empty($atts['avatar_size'])) {
$avatar_size = intval($atts['avatar_size']);
}
// get alignment
if (!empty($atts['align'])) {
switch ($atts['align']) {
case 'left':
$style = "float: left; margin-right: 10px;";
break;
case 'right':
$style = "float: right; margin-left: 10px;";
break;
case 'center':
$style = "text-align: center; width: 100%;";
break;
}
}
if (!empty($id)) {
$avatar = get_avatar($id, $avatar_size);
} else {
$avatar = __("[show_author shortcode: please set id/email attribute]");
}
// is there an user link request
if (!empty($atts['user_link']) || !empty($atts['show_biography']) || !empty($atts['show_postcount']) || !empty($atts['show_name']) || !empty($atts['show_email'])) {
// try to fetch user profile
$isUser = true;
if (!is_numeric($id)) {
if (email_exists($id)) {
$id = email_exists($id);
} else {
$isUser = false;
}
}
if ($isUser) {
$all_meta_for_user = get_user_meta($id);
if (count($all_meta_for_user) == 0) {
$isUser = false;
}
}
if ($isUser) {
if (!empty($atts['user_link'])) {
switch ($atts['user_link']) {
case 'authorpage':
$link = get_author_posts_url($id);
break;
case 'website':
$link = get_the_author_meta('user_url', $id);
if (empty($link) || $link == 'http://') {
$link = false;
}
break;
case 'blog':
if (AA_is_wpmu()) {
$blog = get_active_blog_for_user($id);
if (!empty($blog->siteurl)) {
$link = $blog->siteurl;
}
}
break;
case 'bp_memberpage':
if (function_exists('bp_core_get_user_domain')) {
$link = bp_core_get_user_domain($id);
} elseif (function_exists('bp_core_get_userurl')) {
// BP versions < 1.1
$link = bp_core_get_userurl($id);
}
break;
case 'bbpress_memberpage':
if (function_exists('bbp_get_user_profile_url')) {
$link = bbp_get_user_profile_url($id);
}
if (empty($link) || $link == 'http://') {
$link = false;
}
break;
}
if ($link) {
$hrefStart = '<a href="' . $link . '">';
}
}
if (!empty($atts['show_name'])) {
$name = '<br />' . get_the_author_meta('display_name', $id);
$extraClass .= ' with-name';
}
if (!empty($atts['show_email'])) {
$userEmail = get_the_author_meta('user_email', $id);
$email = "<div class='email'><a href='mailto:" . $userEmail . "''>" . $userEmail . "</a></div>";
if (empty($email)) {
$extraClass .= 'email-missing';
} else {
$extraClass .= ' with-email';
}
}
if (!empty($atts['show_postcount'])) {
require_once 'UserList.class.php';
$this->userlist = new UserList();
$name .= ' (' . ($postcount = $this->userlist->get_user_postcount($id) . ')');
}
if (!empty($atts['show_bbpress_post_count'])) {
if (function_exists('bbp_get_user_topic_count_raw')) {
$BBPRESS_postcount = bbp_get_user_topic_count_raw($id) + bbp_get_user_reply_count_raw($id);
$name .= ' (' . ($postcount = $BBPRESS_postcount . ')');
}
}
if (!empty($atts['show_biography'])) {
$bio = get_the_author_meta('description', $id);
if (!empty($atts['show_name'])) {
$bio = '<div class="bio">' . $bio . '</div>';
}
if (empty($bio)) {
$extraClass .= 'biography-missing';
} else {
$extraClass .= ' with-biography';
}
}
}
}
$hrefend = '';
if (!empty($hrefStart)) {
$hrefend = '</a>';
}
if (!empty($style)) {
$style = ' style="' . $style . '"';
}
return '<div class="shortcode-show-avatar ' . $extraClass . '"' . $style . '>' . $hrefStart . $avatar . $name . $hrefend . $bio . $email . '</div>' . $content;
}
function redirect_user_to_blog()
{
global $current_user, $current_site;
$details = get_active_blog_for_user($current_user->ID);
if ($details == "username only") {
add_user_to_blog(get_blog_id_from_url($current_site->domain, $current_site->path), $current_user->ID, 'subscriber');
// Add subscriber permission for first blog.
wp_redirect('http://' . $current_site->domain . $current_site->path . 'wp-admin/');
exit;
} elseif (is_object($details)) {
wp_redirect("http://" . $details->domain . $details->path . 'wp-admin/');
exit;
} else {
wp_redirect("http://" . $current_site->domain . $current_site->path);
exit;
}
wp_die(__('You do not have sufficient permissions to access this page.'));
}
/**
* Formats the given user as html.
*
* @param WP_User $user The user to format (object of type WP_User).
*
* @uses apply_filters() Calls 'aa_user_template' hook
* @return String html
*/
function format_user($user)
{
$tpl_vars = array('{class}' => '', '{user}' => '');
$avatar_size = intval($this->avatar_size);
if (!$avatar_size) {
$avatar_size = false;
}
$name = "";
if ($this->show_name) {
$name = $user->display_name;
}
$alt = $title = $name;
$divcss = array('user');
if ($this->show_name) {
$divcss[] = 'with-name';
}
$link = false;
$link_type = $this->user_link;
// always use 'website' for commentators
$type = isset($user->type) ? $user->type : null;
if ($user->user_id == -1 && "guest-author" != $type) {
$link_type = 'website';
}
switch ($link_type) {
case 'authorpage':
if ("guest-author" == $type) {
$link = get_author_posts_url($user->user_id, $user->user_nicename);
} else {
$link = get_author_posts_url($user->user_id);
}
break;
case 'website':
if ("guest-author" == $type) {
$link = get_the_author_meta('url', $user->ID);
} else {
$link = $user->user_url;
if (empty($link) || $link == 'http://') {
$link = false;
}
}
break;
case 'blog':
if (AA_is_wpmu()) {
$blog = get_active_blog_for_user($user->user_id);
if (!empty($blog->siteurl)) {
$link = $blog->siteurl;
}
}
break;
case 'bp_memberpage':
if (function_exists('bp_core_get_user_domain')) {
$link = bp_core_get_user_domain($user->user_id);
} elseif (function_exists('bp_core_get_userurl')) {
// BP versions < 1.1
$link = bp_core_get_userurl($user->user_id);
}
break;
case 'bbpress_memberpage':
if (function_exists('bbp_get_user_profile_url')) {
$link = bbp_get_user_profile_url($user->user_id);
}
if (empty($link) || $link == 'http://') {
$link = false;
}
break;
case 'last_post':
$recent = get_posts(array('author' => $user->user_id, 'orderby' => 'date', 'order' => 'desc', 'numberposts' => 1));
$link = get_permalink($recent[0]->ID);
break;
case 'last_post_all':
$last_post = get_most_recent_post_of_user($user->user_id);
$link = get_permalink($last_post['post_id']);
break;
}
if ($this->show_postcount) {
$postcount = 0;
if ($user->user_id == -1 && "guest-author" != $type) {
$postcount = $this->get_comment_count($user->user_email);
$title .= ' (' . sprintf(_n("%d comment", "%d comments", $postcount, 'author-avatars'), $postcount) . ')';
} else {
// this is passing 1 for coauthors
if ("guest-author" == $type && $user->linked_account) {
$linked_user = get_user_by('login', $user->linked_account);
// fetch the linked account and show thats count
$postcount = $this->get_user_postcount($linked_user->ID);
} else {
$postcount = $this->get_user_postcount($user->user_id);
}
$title .= ' (' . sprintf(_n("%d post", "%d posts", $postcount, 'author-avatars'), $postcount) . ')';
}
$name .= sprintf(apply_filters('aa_post_count', ' (%d)', $postcount), $postcount);
}
if ($this->show_bbpress_post_count && AA_is_bbpress()) {
$BBPRESS_postcount = 0;
if (function_exists('bbp_get_user_topic_count_raw')) {
$BBPRESS_postcount = bbp_get_user_topic_count_raw($user->user_id) + bbp_get_user_reply_count_raw($user->user_id);
$title .= ' (' . sprintf(_n("%d BBPress post", "%d BBPress posts", $BBPRESS_postcount, 'author-avatars'), $BBPRESS_postcount) . ')';
}
$name .= sprintf(' (%d)', $BBPRESS_postcount);
}
$biography = false;
if ($this->show_biography) {
if ("guest-author" != $type && $user->user_id > 0) {
$biography = get_the_author_meta('description', $user->user_id);
} else {
$biography = isset($user->description) ? $user->description : '';
}
$biography = apply_filters('aa_user_biography_filter', $biography);
// trim $biography to bio_length
if (0 < $this->bio_length) {
$biography = $this->truncate_html(wpautop($biography, true), apply_filters('aa_user_bio_length', $this->bio_length));
} else {
$biography = wpautop($biography, true);
}
$divcss[] = 'with-biography bio-length-' . $this->bio_length;
$name = '<strong>' . $name . '</strong>';
if (empty($biography)) {
$divcss[] = 'biography-missing';
}
}
$show_last_post = false;
if ($this->show_last_post) {
$show_last_post = $this->aa_get_last_post($user->user_id);
/**
* Filter the users last post.
*
* @since 1.8.6.0
*
* @param string $show_last_post The HTML link to users last post.
* @param object The Current user object.
*/
$show_last_post = apply_filters('aa_user_show_last_post_filter', $show_last_post, $user);
$divcss[] = 'with-last-post';
if (empty($show_last_post)) {
$divcss[] = 'last-post-missing';
}
}
$email = false;
if ($this->show_email && $user->user_email) {
$userEmail = $user->user_email;
/**
* Filter the title tag content for an admin page.
*
* @since 1.8.6.0
*
* @param string The mailto href for sprintf the $1$s is where the email is inserted.
* @param string $userEmail The Email to be inserted.
* @param object The Current user object.
*/
$email = sprintf(apply_filters('aa_user_email_url_template', '<a href="mailto:%1$s">%1$s</a>', $userEmail, $user), $userEmail);
$divcss[] = 'with-email';
if (empty($email)) {
$divcss[] = 'email-missing';
}
}
if ($user->user_id == -1) {
// use email for commentators
$avatar = get_avatar($user->user_email, $avatar_size);
} else {
// if on buddypress install use BP function
if (function_exists('bp_core_fetch_avatar')) {
$avatar = bp_core_fetch_avatar(array('item_id' => $user->user_id, 'width' => $avatar_size, 'height' => $avatar_size, 'type' => 'full', 'alt' => $alt, 'title' => $title));
} else {
// call the standard avatar function
$avatar = get_avatar($user->user_id, $avatar_size);
}
}
/* Strip all existing links (a tags) from the get_avatar() code to
* remove e.g. the link which is added by the add-local-avatar plugin
* @see http://wordpress.org/support/topic/309878 */
if (!empty($link)) {
$avatar = preg_replace('@<\\s*\\/?\\s*[aA]\\s*.*?>@', '', $avatar);
}
// the buddypress code
if (!function_exists('bp_core_fetch_avatar')) {
/* strip alt and title parameter */
$avatar = preg_replace('@alt=["\'][\\w]*["\'] ?@', '', $avatar);
$avatar = preg_replace('@title=["\'][\\w]*["\'] ?@', '', $avatar);
/* insert alt and title parameters */
if (!stripos($avatar, 'title=')) {
$avatar = preg_replace('@ ?\\/>@', ' title="' . $title . '" />', $avatar);
}
if (!stripos($avatar, 'alt=')) {
$avatar = preg_replace('@ ?\\/>@', ' alt="' . $alt . '" />', $avatar);
}
}
$html = '';
/**
* filter the span that holds the avatar
*
* @param string The sprintf template.
* @param string @title The value passed to the title attr in span.
* @param string @avatar The HTML returned from get_avatar() etc.
* @param object $user The user object
*/
$html .= sprintf(apply_filters('aa_user_avatar_template', '<span class="avatar" title="%s">%s</span>', $title, $avatar, $user), $title, $avatar);
if ($this->show_name || $this->show_bbpress_post_count || $this->show_postcount) {
/**
* filter the span that contains the users name
*
* @param string The sprintf template.
* @param string $name The value (users name) passed into the span
* @param object $user The user object
*/
$html .= sprintf(apply_filters('aa_user_name_template', '<span class="name">%s</span>', $name, $user), $name);
}
if ($link) {
/**
* filter the href that wrap's avatar and users name
*
* @param string The sprintf template.
* @param string $link The href value.
* @param string $title The value for the href title
* @param string $html The HTML with avatar and name
* @param object $user The user object
*/
$html = sprintf(apply_filters('aa_user_link_template', '<a href="%s" title="%s">%s</a>', $link, $title, $html, $user), $link, $title, $html);
}
if ($email) {
/**
* filter that wrap's the email link in a div
*
* @param string The sprintf template.
* @param string $email The HTML containing the mailto href and email string.
* @param object $user The user object
*/
$html .= sprintf(apply_filters('aa_user_email_template', '<div class="email">%s</div>', $email, $user), $email);
}
if ($biography) {
/**
* filter that wrap's the BIO text in a div
*
* @param string The sprintf template.
* @param string $biography The Bio text.
* @param object $user The user object
*/
$html .= sprintf(apply_filters('aa_user_biography_template', '<div class="biography">%s</div>', $biography, $user), $biography);
}
if ($show_last_post) {
/**
* filter that wrap's the last post link in a div
*
* @param string The sprintf template.
* @param string $show_last_post The last post link.
* @param object $user The user object
*/
$html .= sprintf(apply_filters('aa_user_last_post_template', '<div class="show_last_post">%s</div>', $show_last_post, $user), $show_last_post);
}
if (!empty($this->display_extra)) {
/**
* filter the extra HTML block before its appended
*
* @param string $extra extra HTML / string.
* @param object $user The user object
*/
$html .= apply_filters('aa_user_display_extra', $this->display_extra, $user);
}
$tpl_vars['{class}'] = implode($divcss, ' ');
/**
* filter on the complete HTML for the user
*
* @param string $html The generated HTML.
* @param object $user the user object
*/
$tpl_vars['{user}'] = apply_filters('aa_user_final_content', $html, $user);
/**
* filter the outer HTML template
*
* @param string $html The outer user template.
* @param object $user the user object
*/
return str_replace(array_keys($tpl_vars), $tpl_vars, apply_filters('aa_user_template', $this->user_template, $user));
}
/**
* Retrieve the blogs of the user.
*
* @since 2.6.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type string $username Username.
* @type string $password Password.
* }
* @return array|IXR_Error Array contains:
* - 'isAdmin'
* - 'isPrimary' - whether the blog is the user's primary blog
* - 'url'
* - 'blogid'
* - 'blogName'
* - 'xmlrpc' - url of xmlrpc endpoint
*/
public function wp_getUsersBlogs($args)
{
// If this isn't on WPMU then just use blogger_getUsersBlogs
if (!is_multisite()) {
array_unshift($args, 1);
return $this->blogger_getUsersBlogs($args);
}
$this->escape($args);
$username = $args[0];
$password = $args[1];
if (!($user = $this->login($username, $password))) {
return $this->error;
}
/**
* Fires after the XML-RPC user has been authenticated but before the rest of
* the method logic begins.
*
* All built-in XML-RPC methods use the action xmlrpc_call, with a parameter
* equal to the method's name, e.g., wp.getUsersBlogs, wp.newPost, etc.
*
* @since 2.5.0
*
* @param string $name The method name.
*/
do_action('xmlrpc_call', 'wp.getUsersBlogs');
$blogs = (array) get_blogs_of_user($user->ID);
$struct = array();
$primary_blog_id = 0;
$active_blog = get_active_blog_for_user($user->ID);
if ($active_blog) {
$primary_blog_id = (int) $active_blog->blog_id;
}
foreach ($blogs as $blog) {
// Don't include blogs that aren't hosted at this site.
if ($blog->site_id != get_current_site()->id) {
continue;
}
$blog_id = $blog->userblog_id;
switch_to_blog($blog_id);
$is_admin = current_user_can('manage_options');
$is_primary = (int) $blog_id === $primary_blog_id;
$struct[] = array('isAdmin' => $is_admin, 'isPrimary' => $is_primary, 'url' => home_url('/'), 'blogid' => (string) $blog_id, 'blogName' => get_option('blogname'), 'xmlrpc' => site_url('xmlrpc.php', 'rpc'));
restore_current_blog();
}
return $struct;
}
/**
* Returns author object.
*
* @param $author user ID, user row, WP_User object, comment row, post row
* @param $show_email output the author's email address?
*
* @return (object)
*/
function get_author($author, $show_email = false)
{
if (isset($author->comment_author_email) && !$author->user_id) {
$ID = 0;
$login = '';
$email = $author->comment_author_email;
$name = $author->comment_author;
$URL = $author->comment_author_url;
$profile_URL = 'http://en.gravatar.com/' . md5(strtolower(trim($email)));
$nice = '';
$site_id = -1;
// Comment author URLs and Emails are sent through wp_kses() on save, which replaces "&" with "&"
// "&" is the only email/URL character altered by wp_kses()
foreach (array('email', 'URL') as $field) {
${$field} = str_replace('&', '&', ${$field});
}
} else {
$post = $author;
if (isset($author->post_author)) {
if (0 == $author->post_author) {
return null;
}
$author = $author->post_author;
} elseif (isset($author->user_id) && $author->user_id) {
$author = $author->user_id;
} elseif (isset($author->user_email)) {
$author = $author->ID;
}
$is_jetpack = true === apply_filters('is_jetpack_site', false, get_current_blog_id());
if ($is_jetpack) {
$ID = get_post_meta($post->ID, '_jetpack_post_author_external_id', true);
$email = get_post_meta($post->ID, '_jetpack_author_email', true);
$login = '';
$name = get_post_meta($post->ID, '_jetpack_author', true);
$URL = '';
$nice = '';
} else {
$user = get_user_by('id', $author);
if (!$user || is_wp_error($user)) {
trigger_error('Unknown user', E_USER_WARNING);
return null;
}
$ID = $user->ID;
$email = $user->user_email;
$login = $user->user_login;
$name = $user->display_name;
$URL = $user->user_url;
$nice = $user->user_nicename;
}
if (defined('IS_WPCOM') && IS_WPCOM && !$is_jetpack) {
$active_blog = get_active_blog_for_user($ID);
$site_id = $active_blog->blog_id;
$profile_URL = "http://en.gravatar.com/{$login}";
} else {
$profile_URL = 'http://en.gravatar.com/' . md5(strtolower(trim($email)));
$site_id = -1;
}
}
$avatar_URL = $this->api->get_avatar_url($email);
$email = $show_email ? (string) $email : false;
$author = array('ID' => (int) $ID, 'login' => (string) $login, 'email' => $email, 'name' => (string) $name, 'nice_name' => (string) $nice, 'URL' => (string) esc_url_raw($URL), 'avatar_URL' => (string) esc_url_raw($avatar_URL), 'profile_URL' => (string) esc_url_raw($profile_URL));
if ($site_id > -1) {
$author['site_ID'] = (int) $site_id;
}
return (object) $author;
}
/**
* Returns author object.
*
* @param $author user ID, user row, WP_User object, comment row, post row
* @param $show_email output the author's email address?
*
* @return (object)
*/
function get_author($author, $show_email = false)
{
if (isset($author->comment_author_email) && !$author->user_id) {
$ID = 0;
$email = $author->comment_author_email;
$name = $author->comment_author;
$URL = $author->comment_author_url;
$profile_URL = 'http://en.gravatar.com/' . md5(strtolower(trim($email)));
$nice = '';
$site_id = -1;
} else {
if (isset($author->post_author)) {
if (0 == $author->post_author) {
return null;
}
$author = $author->post_author;
} elseif (isset($author->user_id) && $author->user_id) {
$author = $author->user_id;
} elseif (isset($author->user_email)) {
$author = $author->ID;
}
$user = get_user_by('id', $author);
if (!$user || is_wp_error($user)) {
trigger_error('Unknown user', E_USER_WARNING);
return null;
}
$ID = $user->ID;
$email = $user->user_email;
$name = $user->display_name;
$URL = $user->user_url;
$nice = $user->user_nicename;
if (defined('IS_WPCOM') && IS_WPCOM) {
$active_blog = get_active_blog_for_user($ID);
$site_id = $active_blog->blog_id;
$profile_URL = "http://en.gravatar.com/{$user->user_login}";
} else {
$profile_URL = 'http://en.gravatar.com/' . md5(strtolower(trim($email)));
$site_id = -1;
}
}
$avatar_URL = $this->api->get_avatar_url($email);
$email = $show_email ? (string) $email : false;
$author = array('ID' => (int) $ID, 'email' => $email, 'name' => (string) $name, 'nice_name' => (string) $nice, 'URL' => (string) esc_url_raw($URL), 'avatar_URL' => (string) esc_url_raw($avatar_URL), 'profile_URL' => (string) esc_url_raw($profile_URL));
if ($site_id > -1) {
$author['site_ID'] = (int) $site_id;
}
return (object) $author;
}
/**
* Get the URL to the user's dashboard.
*
* If a user does not belong to any sites, the global user dashboard is used. If the user belongs to the current site,
* the dashboard for the current site is returned. If the user cannot edit the current site, the dashboard to the user's
* primary blog is returned.
*
* @since 3.1.0
*
* @param int $user_id User ID
* @param string $path Optional path relative to the dashboard. Use only paths known to both blog and user admins.
* @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl(). 'http' or 'https' can be passed to force those schemes.
* @return string Dashboard url link with optional path appended
*/
function get_dashboard_url($user_id, $path = '', $scheme = 'admin')
{
$user_id = (int) $user_id;
$blogs = get_blogs_of_user($user_id);
if (!is_super_admin() && empty($blogs)) {
$url = user_admin_url($path, $scheme);
} elseif (!is_multisite()) {
$url = admin_url($path, $scheme);
} else {
$current_blog = get_current_blog_id();
if ($current_blog && (is_super_admin($user_id) || in_array($current_blog, array_keys($blogs)))) {
$url = admin_url($path, $scheme);
} else {
$active = get_active_blog_for_user($user_id);
if ($active) {
$url = get_admin_url($active->blog_id, $path, $scheme);
} else {
$url = user_admin_url($path, $scheme);
}
}
}
return apply_filters('user_dashboard_url', $url, $user_id, $path, $scheme);
}
/**
* WP_Ajax hook for pb_delete_catalog_logo
*/
static function deleteLogo()
{
check_ajax_referer('pb-delete-catalog-logo');
$image_url = $_POST['filename'];
$user_id = (int) $_POST['pid'];
$book = get_active_blog_for_user($user_id);
if (current_user_can_for_blog($book->blog_id, 'upload_files')) {
switch_to_blog($book->blog_id);
// Delete old images
$old_id = \PressBooks\Image\attachment_id_from_url($image_url);
if ($old_id) {
wp_delete_attachment($old_id, true);
}
update_user_meta($user_id, 'pb_catalog_logo', \PressBooks\Image\default_cover_url());
restore_current_blog();
}
// @see http://codex.wordpress.org/AJAX_in_Plugins#Error_Return_Values
// Will append 0 to returned json string if we don't die()
die;
}
function get_recent_avatar_list($count = 20)
{
global $image_dir;
$directory = ABSPATH . '/' . $image_dir . '/';
// create an array to hold directory list
$result = array();
// create a handler for the directory
$handler = opendir($directory);
// keep going until all files in directory have been read
while ($file = readdir($handler)) {
// if $file is a picture, and not the default one
if ((strpos($file, '.gif', 1) || strpos($file, '.jpg', 1) || strpos($file, '.png', 1)) && strcmp($file, 'default.png') != 0) {
// Only keep avatar number
$result[] = substr($file, 0, -4);
}
}
// tidy up: close the handler
closedir($handler);
// Sort result
rsort($result);
// And keep only $count result
$result = array_slice($result, 0, $count);
$list = "";
// Produce list of $count avatars
foreach ($result as $user_id) {
// Get user display name
$user = get_userdata($user_id);
// Get user active blog
$blog = get_active_blog_for_user($user_id);
// User avatar url
$avatar = author_image_path($user_id, $display = false);
// Create element
$list .= "<li><a href='{$blog->siteurl}' title='{$user->display_name}'>";
$list .= "<img src='{$avatar}' alt='{$user->display_name}' width='48px' height='48px'/></a></li>";
}
echo "<ul class='clearfix'>{$list}</ul>";
}
/**
* Proccesses the request
*
* Callback for "template_redirect" hook in template-loader.php
*
* @since 6.3
* @access public
*/
public function template_redirect()
{
$this->request_action = isset($_REQUEST['action']) ? sanitize_key($_REQUEST['action']) : '';
if (!$this->request_action && self::is_tml_page()) {
$this->request_action = self::get_page_action(get_the_id());
}
$this->request_instance = isset($_REQUEST['instance']) ? sanitize_key($_REQUEST['instance']) : 0;
do_action_ref_array('tml_request', array(&$this));
// allow plugins to override the default actions, and to add extra actions if they want
do_action('login_form_' . $this->request_action);
if (has_action('tml_request_' . $this->request_action)) {
do_action_ref_array('tml_request_' . $this->request_action, array(&$this));
} else {
$http_post = 'POST' == $_SERVER['REQUEST_METHOD'];
switch ($this->request_action) {
case 'postpass':
if (!array_key_exists('post_password', $_POST)) {
wp_safe_redirect(wp_get_referer());
exit;
}
require_once ABSPATH . 'wp-includes/class-phpass.php';
$hasher = new PasswordHash(8, true);
$expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS);
if ($referer) {
$secure = 'https' === parse_url($referer, PHP_URL_SCHEME);
} else {
$secure = false;
}
setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure);
wp_safe_redirect(wp_get_referer());
exit;
break;
case 'logout':
check_admin_referer('log-out');
$user = wp_get_current_user();
wp_logout();
if (!empty($_REQUEST['redirect_to'])) {
$redirect_to = $requested_redirect_to = $_REQUEST['redirect_to'];
} else {
$redirect_to = site_url('wp-login.php?loggedout=true');
$requested_redirect_to = '';
}
$redirect_to = apply_filters('logout_redirect', $redirect_to, $requested_redirect_to, $user);
wp_safe_redirect($redirect_to);
exit;
break;
case 'lostpassword':
case 'retrievepassword':
if ($http_post) {
$this->errors = self::retrieve_password();
if (!is_wp_error($this->errors)) {
$redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : site_url('wp-login.php?checkemail=confirm');
wp_safe_redirect($redirect_to);
exit;
}
}
if (isset($_REQUEST['error'])) {
if ('invalidkey' == $_REQUEST['error']) {
$this->errors->add('invalidkey', __('Your password reset link appears to be invalid. Please request a new link below.', 'theme-my-login'));
} elseif ('expiredkey' == $_REQUEST['error']) {
$this->errors->add('expiredkey', __('Your password reset link has expired. Please request a new link below.', 'theme-my-login'));
}
}
do_action('lost_password');
break;
case 'resetpass':
case 'rp':
// Dirty hack for now
global $rp_login, $rp_key;
list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI']));
$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
if (isset($_GET['key'])) {
$value = sprintf('%s:%s', wp_unslash($_GET['login']), wp_unslash($_GET['key']));
setcookie($rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
wp_safe_redirect(remove_query_arg(array('key', 'login')));
exit;
}
if (isset($_COOKIE[$rp_cookie]) && 0 < strpos($_COOKIE[$rp_cookie], ':')) {
list($rp_login, $rp_key) = explode(':', wp_unslash($_COOKIE[$rp_cookie]), 2);
$user = check_password_reset_key($rp_key, $rp_login);
if (isset($_POST['pass1']) && !hash_equals($rp_key, $_POST['rp_key'])) {
$user = false;
}
} else {
$user = false;
}
if (!$user || is_wp_error($user)) {
setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
if ($user && $user->get_error_code() === 'expired_key') {
wp_redirect(site_url('wp-login.php?action=lostpassword&error=expiredkey'));
} else {
wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey'));
}
exit;
}
if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
$this->errors->add('password_reset_mismatch', __('The passwords do not match.', 'theme-my-login'));
}
do_action('validate_password_reset', $this->errors, $user);
if (!$this->errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) {
reset_password($user, $_POST['pass1']);
setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
$redirect_to = site_url('wp-login.php?resetpass=complete');
wp_safe_redirect($redirect_to);
exit;
}
wp_enqueue_script('utils');
wp_enqueue_script('user-profile');
break;
case 'register':
if (!get_option('users_can_register')) {
$redirect_to = site_url('wp-login.php?registration=disabled');
wp_redirect($redirect_to);
exit;
}
$user_login = '';
$user_email = '';
if ($http_post) {
if ('email' == $this->get_option('login_type')) {
$user_login = isset($_POST['user_email']) ? $_POST['user_email'] : '';
} else {
$user_login = isset($_POST['user_login']) ? $_POST['user_login'] : '';
}
$user_email = isset($_POST['user_email']) ? $_POST['user_email'] : '';
$this->errors = register_new_user($user_login, $user_email);
if (!is_wp_error($this->errors)) {
$redirect_to = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : site_url('wp-login.php?checkemail=registered');
wp_safe_redirect($redirect_to);
exit;
}
}
break;
case 'login':
default:
$secure_cookie = '';
$interim_login = isset($_REQUEST['interim-login']);
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log']) && !force_ssl_admin()) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_user_by('login', $user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
if (!empty($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
} else {
$redirect_to = admin_url();
}
$reauth = empty($_REQUEST['reauth']) ? false : true;
if ($http_post && isset($_POST['log'])) {
$user = wp_signon('', $secure_cookie);
$redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
if (!is_wp_error($user) && !$reauth) {
if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) {
$redirect_to = user_admin_url();
} elseif (is_multisite() && !$user->has_cap('read')) {
$redirect_to = get_dashboard_url($user->ID);
} elseif (!$user->has_cap('edit_posts')) {
$redirect_to = $user->has_cap('read') ? admin_url('profile.php') : home_url();
}
}
wp_safe_redirect($redirect_to);
exit;
}
$this->errors = $user;
}
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout']) || $reauth) {
$this->errors = new WP_Error();
}
// Some parts of this script use the main login form to display a message
if (isset($_GET['loggedout']) && true == $_GET['loggedout']) {
$this->errors->add('loggedout', __('You are now logged out.', 'theme-my-login'), 'message');
} elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
$this->errors->add('registerdisabled', __('User registration is currently not allowed.', 'theme-my-login'));
} elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
$this->errors->add('confirm', __('Check your e-mail for the confirmation link.', 'theme-my-login'), 'message');
} elseif (isset($_GET['resetpass']) && 'complete' == $_GET['resetpass']) {
$this->errors->add('password_reset', __('Your password has been reset.', 'theme-my-login'), 'message');
} elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
$this->errors->add('registered', __('Registration complete. Please check your e-mail.', 'theme-my-login'), 'message');
} elseif ($interim_login) {
$this->errors->add('expired', __('Your session has expired. Please log-in again.', 'theme-my-login'), 'message');
} elseif (strpos($redirect_to, 'about.php?updated')) {
$this->errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.', 'theme-my-login'), 'message');
} elseif ($reauth) {
$this->errors->add('reauth', __('Please log in to continue.', 'theme-my-login'), 'message');
}
// Clear any stale cookies.
if ($reauth) {
wp_clear_auth_cookie();
}
break;
}
// end switch
}
// endif has_filter()
}
public function doLogin()
{
$minecraftjp = $this->getMinecraftJP();
$authType = !empty($_SESSION['auth_type']) ? $_SESSION['auth_type'] : 'login';
$redirectTo = !empty($_SESSION['redirect_to']) ? $_SESSION['redirect_to'] : '';
if ($authType == 'link') {
try {
$mcjpUser = $minecraftjp->getUser();
} catch (\Exception $e) {
$this->setFlash($e->getMessage(), 'default', array('class' => 'error'));
wp_safe_redirect(admin_url('profile.php'));
exit;
}
if (!empty($mcjpUser)) {
$userId = get_current_user_id();
$existsUserId = $this->User->getUserIdBySub($mcjpUser['sub']);
if (!empty($existsUserId) && $existsUserId != $userId) {
$this->setFlash(__('This account is already linked.', App::NAME), 'default', array('class' => 'error'));
} else {
update_user_meta($userId, 'minecraftjp_sub', $mcjpUser['sub']);
update_user_meta($userId, 'minecraftjp_uuid', $mcjpUser['uuid']);
update_user_meta($userId, 'minecraftjp_username', $mcjpUser['preferred_username']);
$this->setFlash(__('Minecraft.jp account linked successfully.', App::NAME));
}
} else {
$this->setFlash(__('Authorization denied.', App::NAME), 'default', array('class' => 'error'));
}
wp_safe_redirect(admin_url('profile.php'));
} else {
try {
$mcjpUser = $minecraftjp->getUser();
} catch (\Exception $e) {
$this->setFlash($e->getMessage(), 'default', array('class' => 'error'));
wp_safe_redirect(site_url('wp-login.php'));
exit;
}
if (!empty($mcjpUser)) {
$userId = $this->User->getUserIdBySub($mcjpUser['sub']);
if (!$userId) {
if (!get_option('users_can_register') && !Configure::read('force_users_can_register')) {
wp_redirect(site_url('wp-login.php?registration=disabled'));
exit;
}
$password = wp_generate_password();
$result = wp_create_user($mcjpUser['preferred_username'] . Configure::read('username_suffix'), $password, $mcjpUser['email']);
if (is_wp_error($result)) {
$this->setFlash(__('username or email is already taken.', App::NAME), 'default', array('class' => 'error'));
wp_safe_redirect(site_url('wp-login.php'));
exit;
} else {
$userId = $result;
wp_update_user(array('ID' => $userId, 'user_url' => !empty($mcjpUser['website']) ? $mcjpUser['website'] : $mcjpUser['profile'], 'display_name' => $mcjpUser['preferred_username']));
update_user_meta($userId, 'nickname', $mcjpUser['preferred_username']);
update_user_meta($userId, 'minecraftjp_sub', $mcjpUser['sub']);
update_user_meta($userId, 'minecraftjp_uuid', $mcjpUser['uuid']);
// send password notification
wp_new_user_notification($userId, $password);
}
}
update_user_meta($userId, 'minecraftjp_username', $mcjpUser['preferred_username']);
wp_set_auth_cookie($userId, true);
$user = get_user_by('id', $userId);
if (empty($redirectTo) || $redirectTo == 'wp-admin/' || $redirectTo == admin_url()) {
if (is_multisite() && !get_active_blog_for_user($userId) && !is_super_admin($userId)) {
$redirectTo = user_admin_url();
} else {
if (is_multisite() && !$user->has_cap('read')) {
$redirectTo = get_dashboard_url($userId);
} else {
if (!$user->has_cap('edit_posts')) {
$redirectTo = admin_url('profile.php');
}
}
}
}
wp_safe_redirect($redirectTo);
exit;
} else {
$this->setFlash(__('Authorization denied.', App::NAME), 'default', array('class' => 'error'));
wp_safe_redirect(site_url('wp-login.php'));
exit;
}
}
}
/**
* Get the URL to the user's dashboard.
*
* If a user does not belong to any site, the global user dashboard is used. If the user belongs to the current site,
* the dashboard for the current site is returned. If the user cannot edit the current site, the dashboard to the user's
* primary blog is returned.
*
* @since 3.1.0
*
* @param int $user_id Optional. User ID. Defaults to current user.
* @param string $path Optional path relative to the dashboard. Use only paths known to both blog and user admins.
* @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl(). 'http' or 'https' can be passed to force those schemes.
* @return string Dashboard url link with optional path appended.
*/
function get_dashboard_url($user_id = 0, $path = '', $scheme = 'admin')
{
$user_id = $user_id ? (int) $user_id : get_current_user_id();
$blogs = get_blogs_of_user($user_id);
if (!is_super_admin() && empty($blogs)) {
$url = user_admin_url($path, $scheme);
} elseif (!is_multisite()) {
$url = admin_url($path, $scheme);
} else {
$current_blog = get_current_blog_id();
if ($current_blog && (is_super_admin($user_id) || in_array($current_blog, array_keys($blogs)))) {
$url = admin_url($path, $scheme);
} else {
$active = get_active_blog_for_user($user_id);
if ($active) {
$url = get_admin_url($active->blog_id, $path, $scheme);
} else {
$url = user_admin_url($path, $scheme);
}
}
}
/**
* Filter the dashboard URL for a user.
*
* @since 3.1.0
*
* @param string $url The complete URL including scheme and path.
* @param int $user_id The user ID.
* @param string $path Path relative to the URL. Blank string if no path is specified.
* @param string $scheme Scheme to give the URL context. Accepts 'http', 'https', 'login',
* 'login_post', 'admin', 'relative' or null.
*/
return apply_filters('user_dashboard_url', $url, $user_id, $path, $scheme);
}
/**
* @group activate
*/
public function test_activate_user_accounts_with_blogs()
{
global $wpdb, $current_site, $base;
if (!is_multisite()) {
return;
}
$signups = array();
// Can't trust this first signup :(
$signups['testpath1'] = $this->factory->signup->create(array('user_login' => 'testpath1', 'user_email' => '*****@*****.**', 'domain' => '', 'path' => '', 'title' => '', 'activation_key' => 'activationkeyblogone'));
$signups['blogtwo'] = $this->factory->signup->create(array('user_login' => 'blogtwo', 'user_email' => '*****@*****.**', 'domain' => $current_site->domain, 'path' => $base . 'blogtwo', 'title' => 'Blog Two', 'activation_key' => 'activationkeyblogtwo'));
$signups['blogthree'] = $this->factory->signup->create(array('user_login' => 'blogthree', 'user_email' => '*****@*****.**', 'domain' => '', 'path' => '', 'title' => '', 'activation_key' => 'activationkeyblogthree'));
$signups['blogfour'] = $this->factory->signup->create(array('user_login' => 'blogfour', 'user_email' => '*****@*****.**', 'domain' => $current_site->domain, 'path' => $base . 'blogfour', 'title' => 'Blog Four', 'activation_key' => 'activationkeyblogfour'));
// Neutralize db errors
$suppress = $wpdb->suppress_errors();
$results = BP_Signup::activate($signups);
$wpdb->suppress_errors($suppress);
$this->assertNotEmpty($results['activated']);
$users = array();
foreach ($signups as $login => $signup_id) {
$users[$login] = get_user_by('login', $login);
}
$this->assertEqualSets($results['activated'], wp_list_pluck($users, 'ID'));
$blogs = array();
foreach ($users as $path => $user) {
// Can't trust this first signup :(
if ('testpath1' == $path) {
continue;
}
$blogs[$path] = get_active_blog_for_user($user->ID);
}
$blogs = array_filter($blogs);
$blogs = array_map('basename', wp_list_pluck($blogs, 'path'));
$this->assertEqualSets($blogs, array_keys($blogs));
}
