public function initialize() { $this->user = new stdClass(); if (is_user_logged_in()) { /* Populate settings we need for the menu based on the current user. */ $this->user->blogs = get_blogs_of_user(get_current_user_id()); if (is_multisite()) { $this->user->active_blog = get_active_blog_for_user(get_current_user_id()); $this->user->domain = empty($this->user->active_blog) ? user_admin_url() : trailingslashit(get_home_url($this->user->active_blog->blog_id)); $this->user->account_domain = $this->user->domain; } else { $this->user->active_blog = $this->user->blogs[get_current_blog_id()]; $this->user->domain = trailingslashit(home_url()); $this->user->account_domain = $this->user->domain; } } add_action('wp_head', 'wp_admin_bar_header'); add_action('admin_head', 'wp_admin_bar_header'); if (current_theme_supports('admin-bar')) { $admin_bar_args = get_theme_support('admin-bar'); // add_theme_support( 'admin-bar', array( 'callback' => '__return_false') ); $header_callback = $admin_bar_args[0]['callback']; } if (empty($header_callback)) { $header_callback = '_admin_bar_bump_cb'; } add_action('wp_head', $header_callback); wp_enqueue_script('admin-bar'); wp_enqueue_style('admin-bar'); do_action('admin_bar_init'); }
/** * @ticket 38355 */ public function test_get_active_blog_for_user_with_spam_site() { $current_site_id = get_current_blog_id(); $site_id = self::factory()->blog->create(array('user_id' => self::$user_id, 'meta' => array('spam' => 1))); add_user_to_blog($site_id, self::$user_id, 'subscriber'); update_user_meta(self::$user_id, 'primary_blog', $site_id); $result = get_active_blog_for_user(self::$user_id); wpmu_delete_blog($site_id, true); $this->assertEquals($current_site_id, $result->id); }
function thatcamp_edit_profile_url($url) { $path = 'profile.php'; $scheme = 'admin'; $active = get_active_blog_for_user(get_current_user_id()); if ($active) { $url = get_admin_url($active->blog_id, $path, $scheme); } else { $url = user_admin_url($path, $scheme); } return $url; }
/** * @access public */ public function initialize() { $this->user = new stdClass; if ( is_user_logged_in() ) { /* Populate settings we need for the menu based on the current user. */ $this->user->blogs = get_blogs_of_user( get_current_user_id() ); if ( is_multisite() ) { $this->user->active_blog = get_active_blog_for_user( get_current_user_id() ); $this->user->domain = empty( $this->user->active_blog ) ? user_admin_url() : trailingslashit( get_home_url( $this->user->active_blog->blog_id ) ); $this->user->account_domain = $this->user->domain; } else { $this->user->active_blog = $this->user->blogs[get_current_blog_id()]; $this->user->domain = trailingslashit( home_url() ); $this->user->account_domain = $this->user->domain; } } add_action( 'wp_head', 'wp_admin_bar_header' ); add_action( 'admin_head', 'wp_admin_bar_header' ); if ( current_theme_supports( 'admin-bar' ) ) { /** * To remove the default padding styles from WordPress for the Toolbar, use the following code: * add_theme_support( 'admin-bar', array( 'callback' => '__return_false' ) ); */ $admin_bar_args = get_theme_support( 'admin-bar' ); $header_callback = $admin_bar_args[0]['callback']; } if ( empty($header_callback) ) $header_callback = '_admin_bar_bump_cb'; add_action('wp_head', $header_callback); wp_enqueue_script( 'admin-bar' ); wp_enqueue_style( 'admin-bar' ); /** * Fires after WP_Admin_Bar is initialized. * * @since 3.1.0 */ do_action( 'admin_bar_init' ); }
/** Handles subscriptions and unsubscriptions for different blogs on WPMU installs */ function wpmu_subscribe() { global $mysubscribe2; // subscribe to new blog if (!empty($_GET['s2mu_subscribe'])) { $sub_id = intval($_GET['s2mu_subscribe']); if ($sub_id >= 0) { switch_to_blog($sub_id); $user_ID = get_current_user_id(); // if user is not a user of the current blog if (!is_blog_user($sub_id)) { // add user to current blog as subscriber add_user_to_blog($sub_id, $user_ID, 'subscriber'); // add an action hook for external manipulation of blog and user data do_action_ref_array('subscribe2_wpmu_subscribe', array($user_ID, $sub_id)); } // get categories, remove excluded ones if override is off if (0 == $mysubscribe2->subscribe2_options['reg_override']) { $all_cats = $mysubscribe2->all_cats(true, 'ID'); } else { $all_cats = $mysubscribe2->all_cats(false, 'ID'); } $cats_string = ''; foreach ($all_cats as $cat) { '' == $cats_string ? $cats_string = "{$cat->term_id}" : ($cats_string .= ",{$cat->term_id}"); update_user_meta($user_ID, $mysubscribe2->get_usermeta_keyname('s2_cat') . $cat->term_id, $cat->term_id); } if (empty($cats_string)) { delete_user_meta($user_ID, $mysubscribe2->get_usermeta_keyname('s2_subscribed')); } else { update_user_meta($user_ID, $mysubscribe2->get_usermeta_keyname('s2_subscribed'), $cats_string); } } } elseif (!empty($_GET['s2mu_unsubscribe'])) { // unsubscribe from a blog $unsub_id = intval($_GET['s2mu_unsubscribe']); if ($unsub_id >= 0) { switch_to_blog($unsub_id); $user_ID = get_current_user_id(); // delete subscription to all categories on that blog $cats = get_user_meta($user_ID, $mysubscribe2->get_usermeta_keyname('s2_subscribed'), true); $cats = explode(',', $cats); if (!is_array($cats)) { $cats = array($cats); } foreach ($cats as $id) { delete_user_meta($user_ID, $mysubscribe2->get_usermeta_keyname('s2_cat') . $id); } delete_user_meta($user_ID, $mysubscribe2->get_usermeta_keyname('s2_subscribed')); // add an action hook for external manipulation of blog and user data do_action_ref_array('subscribe2_wpmu_unsubscribe', array($user_ID, $unsub_id)); restore_current_blog(); } } if (!is_user_member_of_blog($user_ID)) { $user_blogs = get_active_blog_for_user($user_ID); if (is_array($user_blogs)) { switch_to_blog(key($user_blogs)); } else { // no longer a member of a blog wp_redirect(get_option('siteurl')); // redirect to front page exit(0); } } // redirect to profile page $url = get_option('siteurl') . '/wp-admin/admin.php?page=s2'; wp_redirect($url); exit(0); }
public function get_author() { if (0 == $this->post->post_author) { return null; } $show_email = $this->context === 'edit' && current_user_can('edit_post', $this->post); $user = get_user_by('id', $this->post->post_author); if (!$user || is_wp_error($user)) { trigger_error('Unknown user', E_USER_WARNING); return null; } // TODO factor this out if (defined('IS_WPCOM') && IS_WPCOM) { $active_blog = get_active_blog_for_user($user->ID); $site_id = $active_blog->blog_id; $profile_URL = "http://en.gravatar.com/{$user->user_login}"; } else { $profile_URL = 'http://en.gravatar.com/' . md5(strtolower(trim($user->user_email))); $site_id = -1; } $author = array('ID' => (int) $user->ID, 'login' => (string) $user->user_login, 'email' => $show_email ? (string) $user->user_email : false, 'name' => (string) $user->display_name, 'first_name' => (string) $user->first_name, 'last_name' => (string) $user->last_name, 'nice_name' => (string) $user->user_nicename, 'URL' => (string) esc_url_raw($user->user_url), 'avatar_URL' => (string) esc_url_raw($this->get_avatar_url($user->user_email)), 'profile_URL' => (string) esc_url_raw($profile_URL)); if ($site_id > -1) { $author['site_ID'] = (int) $site_id; } return (object) $author; }
if ($customize_login) { ?> <script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?> ', channel: 'login' }).send('login') }, 1000 );</script> <?php } ?> </body></html> <?php exit; } if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) { $redirect_to = user_admin_url(); } elseif (is_multisite() && !$user->has_cap('read')) { $redirect_to = get_dashboard_url($user->ID); } elseif (!$user->has_cap('edit_posts')) { $redirect_to = $user->has_cap('read') ? admin_url('profile.php') : home_url(); } } wp_safe_redirect($redirect_to); exit; } $errors = $user; // Clear errors if loggedout is set. if (!empty($_GET['loggedout']) || $reauth) { $errors = new WP_Error(); }
/** * Login user. SSL support is not tested. */ public function login() { global $json_api; $secure_cookie = ''; // If the user wants ssl but the session is not ssl, force a secure cookie. if (!empty($_POST['log']) && !force_ssl_admin()) { $user_name = sanitize_user($_POST['log']); if ($user = get_user_by('login', $user_name)) { // i'm guessing the user can change their login options to work with SSL if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; //passing true to like so, force_ssl_admin(true), makes force_ssl_admin() return true and vice versa //force_ssl_admin(true); http://codex.wordpress.org/Function_Reference/force_ssl_admin // we are declaring error but not returning it for now $errors = new WP_Error(); $errors->add('use_ssl', __("The login must use ssl.")); // not implemeted now //return $errors; } } } if (isset($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; // Redirect to https if user wants ssl if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) { $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); } } else { $redirect_to = admin_url(); } $reauth = empty($_REQUEST['reauth']) ? false : true; // If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure // cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting // the admin via http or https. if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) { $secure_cookie = false; } //$user = wp_authenticate_username_password('', $_POST['log'], $_POST['pwd']); $user = wp_signon('', $secure_cookie); if (is_wp_error($user)) { // user is an error object $errors = $user; // if both login and password are empty no error is added so we add one now if (empty($_POST['log']) && empty($_POST['pwd'])) { $errors->add('invalid_username', __("The username is empty.")); } // Clear errors if loggedout is set. if (!empty($_GET['loggedout']) || $reauth) { $errors = new WP_Error(); } // If cookies are disabled we can't log in even with a valid user+pass if (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) { $errors->add('test_cookie', __("Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress.")); } // Some parts of this script use the main login form to display a message if (isset($_GET['loggedout']) && TRUE == $_GET['loggedout']) { $errors->add('loggedout', __('You are now logged out.'), 'message'); } elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) { $errors->add('registerdisabled', __('User registration is currently not allowed.')); } elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) { $errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message'); } elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail']) { $errors->add('newpass', __('Check your e-mail for your new password.'), 'message'); } elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) { $errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message'); } elseif ($interim_login) { $errors->add('expired', __('Your session has expired. Please log-in again.'), 'message'); } // Clear any stale cookies. if ($reauth) { wp_clear_auth_cookie(); } return $errors; } //if (!$reauth) { // does not redirect if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) { $redirect_to = user_admin_url(); } elseif (is_multisite() && !$user->has_cap('read')) { $redirect_to = get_dashboard_url($user->ID); } elseif (!$user->has_cap('edit_posts')) { $redirect_to = admin_url('profile.php'); } } wp_set_current_user($user->ID); $user = $this->get_logged_in_user(); // left in redirect_to since we could return the value later if we wanted return $user; //} }
/** * @ticket 25162 * @group multisite */ public function test_admin_bar_contains_correct_links_for_users_with_no_role_on_network() { if (!is_multisite()) { $this->markTestSkipped('Test only runs in multisite'); } $this->assertTrue(user_can(self::$admin_id, 'read')); $this->assertFalse(user_can(self::$no_role_id, 'read')); $blog_id = self::factory()->blog->create(array('user_id' => self::$admin_id)); $this->assertTrue(is_user_member_of_blog(self::$admin_id, $blog_id)); $this->assertFalse(is_user_member_of_blog(self::$no_role_id, $blog_id)); $this->assertTrue(is_user_member_of_blog(self::$no_role_id, get_current_blog_id())); // Remove `$nobody` from the current blog, so they're not a member of any blog $removed = remove_user_from_blog(self::$no_role_id, get_current_blog_id()); $this->assertTrue($removed); $this->assertFalse(is_user_member_of_blog(self::$no_role_id, get_current_blog_id())); wp_set_current_user(self::$no_role_id); switch_to_blog($blog_id); $wp_admin_bar = $this->get_standard_admin_bar(); $node_site_name = $wp_admin_bar->get_node('site-name'); $node_my_account = $wp_admin_bar->get_node('my-account'); $node_user_info = $wp_admin_bar->get_node('user-info'); $node_edit_profile = $wp_admin_bar->get_node('edit-profile'); // get primary blog $primary = get_active_blog_for_user(self::$no_role_id); $this->assertNull($primary); // No Site menu as the user isn't a member of this site $this->assertNull($node_site_name); $user_profile_url = user_admin_url('profile.php'); $this->assertNotEquals($user_profile_url, admin_url('profile.php')); // Profile URLs should go to the user's primary blog $this->assertEquals($user_profile_url, $node_my_account->href); $this->assertEquals($user_profile_url, $node_user_info->href); $this->assertEquals($user_profile_url, $node_edit_profile->href); restore_current_blog(); }
function redirect_user_to_blog() { global $current_user; $c = 0; if (isset($_GET['c'])) { $c = (int) $_GET['c']; } if ($c >= 5) { wp_die(__("You don’t have permission to view this site. Please contact the system administrator.")); } $c++; $blog = get_active_blog_for_user($current_user->ID); $dashboard_blog = get_dashboard_blog(); if (is_object($blog)) { wp_redirect(get_admin_url($blog->blog_id, '?c=' . $c)); // redirect and count to 5, "just in case" exit; } /* If the user is a member of only 1 blog and the user's primary_blog isn't set to that blog, then update the primary_blog record to match the user's blog */ $blogs = get_blogs_of_user($current_user->ID); if (!empty($blogs)) { foreach ($blogs as $blogid => $blog) { if ($blogid != $dashboard_blog->blog_id && get_user_meta($current_user->ID, 'primary_blog', true) == $dashboard_blog->blog_id) { update_user_meta($current_user->ID, 'primary_blog', $blogid); continue; } } $blog = get_blog_details(get_user_meta($current_user->ID, 'primary_blog', true)); wp_redirect(get_admin_url($blog->blog_id, '?c=' . $c)); exit; } wp_die(__('You do not have sufficient permissions to access this page.')); }
$message = '<p class="message">' . __('You have logged in successfully.') . '</p>'; login_header('', $message); ?> <script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script> <p class="alignright"> <input type="button" class="btn" value="<?php esc_attr_e('Close'); ?> " onclick="window.close()" /></p> </div></body></html> <?php exit; } if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if (is_multisite() && !get_active_blog_for_user($user->id)) { $redirect_to = user_admin_url(); } elseif (is_multisite() && !$user->has_cap('read')) { $redirect_to = get_dashboard_url($user->id); } elseif (!$user->has_cap('edit_posts')) { $redirect_to = admin_url('profile.php'); } } wp_safe_redirect($redirect_to); exit; } $errors = $user; // Clear errors if loggedout is set. if (!empty($_GET['loggedout']) || $reauth) { $errors = new WP_Error(); }
function simplr_login_includes($post, $option, $file, $path) { global $errors, $is_iphone, $interim_login, $current_site; $http_post = 'POST' == $_SERVER['REQUEST_METHOD']; $options = get_option('simplr_reg_options'); global $wp; $action = @$_REQUEST['action']; if (@$_REQUEST['action'] == '') { wp_redirect('?action=login'); } if (isset($options->login_redirect) and end($path) == $post->post_name) { switch ($action) { case 'lostpassword': case 'retrievepassword': if (isset($http_post)) { $errors = retrieve_password(); if (!is_wp_error($errors)) { $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm'; wp_safe_redirect($redirect_to); exit; } } if (isset($_GET['error']) && 'invalidkey' == $_GET['error']) { $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.', 'simplr-registration-form')); } $redirect_to = apply_filters('lostpassword_redirect', !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : ''); do_action('lost_password'); $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : ''; break; case 'login': case 'default': $secure_cookie = ''; $interim_login = isset($_REQUEST['interim-login']); // If the user wants ssl but the session is not ssl, force a secure cookie. if (!empty($_POST['log']) && !force_ssl_admin()) { $user_name = sanitize_user($_POST['log']); if ($user = get_userdatabylogin($user_name)) { if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } } if (isset($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; // Redirect to https if user wants ssl if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) { $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); } } else { $redirect_to = admin_url(); } $reauth = empty($_REQUEST['reauth']) ? false : true; // If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure // cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting // the admin via http or https. if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) { $secure_cookie = false; } $user = wp_signon('', $secure_cookie); $redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user); if (!is_wp_error($user) && !$reauth) { if ($interim_login) { $message = '<p class="message">' . __('You have logged in successfully.', 'simplr-registration-form') . '</p>'; ?> <script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script> <p class="alignright"> <input type="button" class="button-primary" value="<?php esc_attr_e('Close', 'simplr-registration-form'); ?> " onclick="window.close()" /></p> </div></body></html> <?php exit; } if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if (is_multisite() && !get_active_blog_for_user($user->id) && !is_super_admin($user->id)) { $redirect_to = user_admin_url(); } elseif (is_multisite() && !$user->has_cap('read')) { $redirect_to = get_dashboard_url($user->id); } elseif (!$user->has_cap('edit_posts')) { $redirect_to = admin_url('profile.php'); } } wp_safe_redirect($redirect_to); exit; } $errors = $user; // Clear errors if loggedout is set. if (!empty($_GET['loggedout']) || $reauth) { $errors = new WP_Error(); } // If cookies are disabled we can't log in even with a valid user+pass if (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) { $errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress.", 'simplr-registration-form')); } // Some parts of this script use the main login form to display a message if (isset($_GET['loggedout']) && TRUE == $_GET['loggedout']) { $errors->add('loggedout', __('You are now logged out.', 'simplr-registration-form'), 'message'); } elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) { $errors->add('registerdisabled', __('User registration is currently not allowed.', 'simplr-registration-form')); } elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) { $errors->add('confirm', __('Check your e-mail for the confirmation link.', 'simplr-registration-form'), 'message'); } elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail']) { $errors->add('newpass', __('Check your e-mail for your new password.', 'simplr-registration-form'), 'message'); } elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) { $errors->add('registered', __('Registration complete. Please check your e-mail.', 'simplr-registration-form'), 'message'); } elseif ($interim_login) { $errors->add('expired', __('Your session has expired. Please log-in again.', 'simplr-registration-form'), 'message'); } // Clear any stale cookies. if ($reauth) { wp_clear_auth_cookie(); } break; } } }
/** * Proccesses the request * * Callback for "template_redirect" hook in template-loader.php * * @since 6.3 * @access public */ public function template_redirect() { $this->request_action = isset($_REQUEST['action']) ? sanitize_key($_REQUEST['action']) : ''; if (!$this->request_action && self::is_tml_page()) { $this->request_action = self::get_page_action(get_the_id()); } $this->request_instance = isset($_REQUEST['instance']) ? sanitize_key($_REQUEST['instance']) : 0; do_action_ref_array('tml_request', array(&$this)); // allow plugins to override the default actions, and to add extra actions if they want do_action('login_form_' . $this->request_action); if (has_action('tml_request_' . $this->request_action)) { do_action_ref_array('tml_request_' . $this->request_action, array(&$this)); } else { $http_post = 'POST' == $_SERVER['REQUEST_METHOD']; switch ($this->request_action) { case 'postpass': global $wp_hasher; if (empty($wp_hasher)) { require_once ABSPATH . 'wp-includes/class-phpass.php'; // By default, use the portable hash from phpass $wp_hasher = new PasswordHash(8, true); } // 10 days setcookie('wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword(stripslashes($_POST['post_password'])), time() + 864000, COOKIEPATH); wp_safe_redirect(wp_get_referer()); exit; break; case 'logout': check_admin_referer('log-out'); $user = wp_get_current_user(); wp_logout(); $redirect_to = apply_filters('logout_redirect', site_url('wp-login.php?loggedout=true'), isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user); wp_safe_redirect($redirect_to); exit; break; case 'lostpassword': case 'retrievepassword': if ($http_post) { $this->errors = self::retrieve_password(); if (!is_wp_error($this->errors)) { $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : site_url('wp-login.php?checkemail=confirm'); wp_safe_redirect($redirect_to); exit; } } if (isset($_REQUEST['error']) && 'invalidkey' == $_REQUEST['error']) { $this->errors->add('invalidkey', __('Sorry, that key does not appear to be valid.', 'theme-my-login')); } do_action('lost_password'); break; case 'resetpass': case 'rp': $user = self::check_password_reset_key($_REQUEST['key'], $_REQUEST['login']); if (is_wp_error($user)) { $redirect_to = site_url('wp-login.php?action=lostpassword&error=invalidkey'); wp_redirect($redirect_to); exit; } if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) { $this->errors->add('password_reset_mismatch', __('The passwords do not match.', 'theme-my-login')); } elseif (isset($_POST['pass1']) && !empty($_POST['pass1'])) { self::reset_password($user, $_POST['pass1']); $redirect_to = site_url('wp-login.php?resetpass=complete'); wp_safe_redirect($redirect_to); exit; } wp_enqueue_script('utils'); wp_enqueue_script('user-profile'); break; case 'register': if (!get_option('users_can_register')) { $redirect_to = site_url('wp-login.php?registration=disabled'); wp_redirect($redirect_to); exit; } $user_login = ''; $user_email = ''; if ($http_post) { $user_login = $_POST['user_login']; $user_email = $_POST['user_email']; $this->errors = self::register_new_user($user_login, $user_email); if (!is_wp_error($this->errors)) { $redirect_to = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : site_url('wp-login.php?checkemail=registered'); wp_safe_redirect($redirect_to); exit; } } break; case 'login': default: $secure_cookie = ''; $interim_login = isset($_REQUEST['interim-login']); // If the user wants ssl but the session is not ssl, force a secure cookie. if (!empty($_POST['log']) && !force_ssl_admin()) { $user_name = sanitize_user($_POST['log']); if ($user = get_user_by('login', $user_name)) { if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } } if (!empty($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; // Redirect to https if user wants ssl if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) { $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); } } else { $redirect_to = admin_url(); } $reauth = empty($_REQUEST['reauth']) ? false : true; // If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure // cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting // the admin via http or https. if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) { $secure_cookie = false; } if ($http_post && isset($_POST['log'])) { $user = wp_signon('', $secure_cookie); $redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user); if (!is_wp_error($user) && !$reauth) { if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) { $redirect_to = user_admin_url(); } elseif (is_multisite() && !$user->has_cap('read')) { $redirect_to = get_dashboard_url($user->ID); } elseif (!$user->has_cap('edit_posts')) { $redirect_to = admin_url('profile.php'); } } wp_safe_redirect($redirect_to); exit; } $this->errors = $user; } // Clear errors if loggedout is set. if (!empty($_GET['loggedout']) || $reauth) { $this->errors = new WP_Error(); } // Some parts of this script use the main login form to display a message if (isset($_GET['loggedout']) && true == $_GET['loggedout']) { $this->errors->add('loggedout', __('You are now logged out.', 'theme-my-login'), 'message'); } elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) { $this->errors->add('registerdisabled', __('User registration is currently not allowed.', 'theme-my-login')); } elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) { $this->errors->add('confirm', __('Check your e-mail for the confirmation link.', 'theme-my-login'), 'message'); } elseif (isset($_GET['resetpass']) && 'complete' == $_GET['resetpass']) { $this->errors->add('password_reset', __('Your password has been reset.', 'theme-my-login'), 'message'); } elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) { $this->errors->add('registered', __('Registration complete. Please check your e-mail.', 'theme-my-login'), 'message'); } elseif ($interim_login) { $this->errors->add('expired', __('Your session has expired. Please log-in again.', 'theme-my-login'), 'message'); } elseif (strpos($redirect_to, 'about.php?updated')) { $this->errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.', 'theme-my-login'), 'message'); } elseif ($reauth) { $this->errors->add('reauth', __('Please log in to continue.', 'theme-my-login'), 'message'); } // Clear any stale cookies. if ($reauth) { wp_clear_auth_cookie(); } break; } // end switch } // endif has_filter() }
function redirect_user_to_blog() { $c = 0; if (isset($_GET['c'])) { $c = (int) $_GET['c']; } if ($c >= 5) { wp_die(__("You don’t have permission to view this site. Please contact the system administrator.")); } $c++; $blog = get_active_blog_for_user(get_current_user_id()); if (is_object($blog)) { wp_redirect(get_admin_url($blog->blog_id, '?c=' . $c)); // redirect and count to 5, "just in case" } else { wp_redirect(user_admin_url('?c=' . $c)); // redirect and count to 5, "just in case" } exit; }
/** * Login hooks */ function action_login() { $interim_login = isset($_REQUEST['interim-login']); $secure_cookie = ''; $customize_login = isset($_REQUEST['customize-login']); if ($customize_login) { wp_enqueue_script('customize-base'); } // If the user wants ssl but the session is not ssl, force a secure cookie. if (!empty($_POST['log']) && !force_ssl_admin()) { $user_name = sanitize_user($_POST['log']); if ($user = get_user_by('login', $user_name)) { if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } } if (isset($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; // Redirect to https if user wants ssl if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) { $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); } } else { $redirect_to = admin_url(); } $reauth = empty($_REQUEST['reauth']) ? false : true; $user = wp_signon('', $secure_cookie); if (empty($_COOKIE[LOGGED_IN_COOKIE])) { if (headers_sent()) { $user = new WP_Error('test_cookie', sprintf(__('<strong>ERROR</strong>: Cookies are blocked due to unexpected output. For help, please see <a href="%1$s">this documentation</a> or try the <a href="%2$s">support forums</a>.', 'colabsthemes'), 'http://codex.wordpress.org/Cookies', 'https://wordpress.org/support/')); } elseif (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) { // If cookies are disabled we can't log in even with a valid user+pass $user = new WP_Error('test_cookie', sprintf(__('<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href="%s">enable cookies</a> to use WordPress.', 'colabsthemes'), 'http://codex.wordpress.org/Cookies')); } } $requested_redirect_to = isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : ''; /** * Filter the login redirect URL. * * @since 3.0.0 * * @param string $redirect_to The redirect destination URL. * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter. * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise. */ $redirect_to = apply_filters('login_redirect', $redirect_to, $requested_redirect_to, $user); if (!is_wp_error($user) && !$reauth) { if ($interim_login) { $message = '<div class="alert alert-success">' . __('You have logged in successfully.', 'colabsthemes') . '</div>'; $interim_login = '******'; echo $message; } if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) { $redirect_to = user_admin_url(); } elseif (is_multisite() && !$user->has_cap('read')) { $redirect_to = get_dashboard_url($user->ID); } elseif (!$user->has_cap('edit_posts')) { $redirect_to = admin_url('profile.php'); } } wp_safe_redirect($redirect_to); exit; } $errors = $user; // Clear errors if loggedout is set. if (!empty($_GET['loggedout']) || $reauth) { $errors = new WP_Error(); } if ($interim_login) { if (!$errors->get_error_code()) { $errors->add('expired', __('Session expired. Please log in again. You will not move away from this page.', 'colabsthemes'), 'message'); } } else { // Some parts of this script use the main login form to display a message if (isset($_GET['loggedout']) && true == $_GET['loggedout']) { $errors->add('loggedout', __('You are now logged out.', 'colabsthemes'), 'message'); } elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) { $errors->add('registerdisabled', __('User registration is currently not allowed.', 'colabsthemes')); } elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) { $errors->add('confirm', __('Check your e-mail for the confirmation link.', 'colabsthemes'), 'message'); } elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail']) { $errors->add('newpass', __('Check your e-mail for your new password.', 'colabsthemes'), 'message'); } elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) { $errors->add('registered', __('Registration complete. Please check your e-mail.', 'colabsthemes'), 'message'); } elseif (strpos($redirect_to, 'about.php?updated')) { $errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to see what’s new.', 'colabsthemes'), 'message'); } } /** * Filter the login page errors. * * @since 3.6.0 * * @param object $errors WP Error object. * @param string $redirect_to Redirect destination URL. */ $errors = apply_filters('wp_login_errors', $errors, $redirect_to); // Clear any stale cookies. if ($reauth) { wp_clear_auth_cookie(); } // Error Messages $this->render_messages($errors); $this->login_form($interim_login, $redirect_to, $errors); }
/** * The shortcode handler for the [show_avatar] shortcode. * * Example: [show_avatar id=pbearne@tycoelectronics.com avatar_size=30 align=right] */ function shortcode_handler($atts, $content = null) { $extraClass = ''; $hrefStart = ''; $name = ''; $bio = ''; $last_post = ''; $style = ''; $email = ''; $link = ''; $id = ''; // get id or email if (!empty($atts['id'])) { $id = preg_replace('[^\\w\\.\\@\\-]', '', $atts['id']); } if (empty($id) && !empty($atts['email'])) { $id = preg_replace('[^\\w\\.\\@\\-]', '', $atts['email']); } // get avatar size $bio_length = -1; if (!empty($atts['max_bio_length'])) { $bio_length = intval($atts['max_bio_length']); } // get avatar size $avatar_size = false; if (!empty($atts['avatar_size'])) { $avatar_size = intval($atts['avatar_size']); } // get alignment if (!empty($atts['align'])) { switch ($atts['align']) { case 'left': $style = "float: left; margin-right: 10px;"; break; case 'right': $style = "float: right; margin-left: 10px;"; break; case 'center': $style = "text-align: center; width: 100%;"; break; } } if (!empty($id)) { $avatar = get_avatar($id, $avatar_size); } else { $avatar = __("[show_author shortcode: please set id/email attribute]"); } // is there an user link request if (!empty($atts['user_link']) || !empty($atts['show_biography']) || !empty($atts['show_postcount']) || !empty($atts['show_name']) || !empty($atts['show_email'])) { // try to fetch user profile $isUser = true; if (!is_numeric($id)) { if (email_exists($id)) { $id = email_exists($id); } else { $isUser = false; } } if ($isUser) { $all_meta_for_user = get_user_meta($id); if (count($all_meta_for_user) == 0) { $isUser = false; } } if ($isUser) { if (!empty($atts['user_link'])) { switch ($atts['user_link']) { case 'authorpage': $link = get_author_posts_url($id); break; case 'website': $link = get_the_author_meta('user_url', $id); if (empty($link) || $link == 'http://') { $link = false; } break; case 'blog': if (AA_is_wpmu()) { $blog = get_active_blog_for_user($id); if (!empty($blog->siteurl)) { $link = $blog->siteurl; } } break; case 'bp_memberpage': if (function_exists('bp_core_get_user_domain')) { $link = bp_core_get_user_domain($id); } elseif (function_exists('bp_core_get_userurl')) { // BP versions < 1.1 $link = bp_core_get_userurl($id); } break; case 'bbpress_memberpage': if (function_exists('bbp_get_user_profile_url')) { $link = bbp_get_user_profile_url($id); } if (empty($link) || $link == 'http://') { $link = false; } break; case 'last_post': $recent = get_posts(array('author' => $id, 'orderby' => 'date', 'order' => 'desc', 'numberposts' => 1)); $link = get_permalink($recent[0]->ID); break; case 'last_post_filtered': $recent = get_posts(array('author' => $id, 'orderby' => 'date', 'order' => 'desc', 'numberposts' => 1)); $link = get_permalink($recent[0]->ID); break; case 'last_post_all': $last_post = get_most_recent_post_of_user($id); $link = get_permalink($last_post['post_id']); break; } if ($link) { $hrefStart = '<a href="' . $link . '">'; } } if (!empty($atts['show_name'])) { $name = '<br />' . get_the_author_meta('display_name', $id); $extraClass .= ' with-name'; } if (!empty($atts['show_email'])) { $userEmail = get_the_author_meta('user_email', $id); $email = "<div class='email'><a href='mailto:" . $userEmail . "''>" . $userEmail . "</a></div>"; if (empty($email)) { $extraClass .= 'email-missing'; } else { $extraClass .= ' with-email'; } } if (!empty($atts['show_postcount'])) { $name .= ' (' . ($postcount = $this->userlist->get_user_postcount($id) . ')'); } if (!empty($atts['show_bbpress_post_count'])) { if (function_exists('bbp_get_user_topic_count_raw')) { $BBPRESS_postcount = bbp_get_user_topic_count_raw($id) + bbp_get_user_reply_count_raw($id); $name .= ' (' . ($postcount = $BBPRESS_postcount . ')'); } } if (!empty($atts['show_biography'])) { $biography = get_the_author_meta('description', $id); if (0 < $bio_length) { $biography = $this->userlist->truncate_html(wpautop($biography, true), apply_filters('aa_user_bio_length', $bio_length)); } else { $biography = wpautop($biography, true); } if (!empty($atts['show_name'])) { $bio = '<div class="bio bio-length-' . $atts['max_bio_length'] . '">' . $biography . '</div>'; } if (empty($bio)) { $extraClass .= ' biography-missing'; } else { $extraClass .= ' with-biography bio-length-' . $bio_length; } } // show last_post? if (isset($atts['show_last_post']) && strlen($atts['show_last_post']) > 0) { $last_post = '<div class="last_post">' . $this->userlist->aa_get_last_post($id) . '</div>'; if (empty($last_post)) { $extraClass .= ' last-post-missing'; } else { $extraClass .= ' with-last-post'; } } } } $hrefend = ''; if (!empty($hrefStart)) { $hrefend = '</a>'; } if (!empty($style)) { $style = ' style="' . $style . '"'; } return '<div class="shortcode-show-avatar ' . $extraClass . '"' . $style . '>' . $hrefStart . $avatar . $name . $last_post . $hrefend . $bio . $email . '</div>' . $content; }
/** * Function is responsible for initializing the login page * */ function bum_init_page_login() { //reasons to return if (!bum_is_page('Login')) { return false; } // Redirect to https login if forced to use SSL if (force_ssl_admin() && !is_ssl()) { if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) { wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); exit; } else { wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); exit; } } // Don't index any of these forms add_filter('pre_option_blog_public', '__return_zero'); add_action('login_head', 'noindex'); //initializing global $bum_action, $bum_errors, $bum_redirect_to, $bum_user, $bum_http_post, $bum_secure_cookie, $bum_interim_login, $bum_reauth, $bum_rememberme, $bum_messages_txt, $bum_errors_txt; $bum_action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login'; $bum_errors = new WP_Error(); if (isset($_GET['key'])) { $bum_action = 'resetpass'; } // validate action so as to default to the login screen if (!in_array($bum_action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login'), true) && false === has_filter('login_form_' . $bum_action)) { $bum_action = 'login'; } nocache_headers(); header('Content-Type: ' . get_bloginfo('html_type') . '; charset=' . get_bloginfo('charset')); if (defined('RELOCATE')) { // Move flag is set if (isset($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) { $_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF']); } $schema = is_ssl() ? 'https://' : 'http://'; if (dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_option('siteurl')) { update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'])); } } //Set a cookie now to see if they are supported by the browser. setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN); if (SITECOOKIEPATH != COOKIEPATH) { setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN); } // allow plugins to override the default actions, and to add extra actions if they want do_action('login_init'); do_action('login_form_' . $bum_action); $bum_http_post = 'POST' == $_SERVER['REQUEST_METHOD']; switch ($bum_action) { case 'logout': //check_admin_referer('log-out'); wp_logout(); $bum_redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : bum_get_permalink_login() . '?loggedout=true'; wp_safe_redirect($bum_redirect_to); exit; break; case 'lostpassword': case 'retrievepassword': if ($bum_http_post) { $bum_errors = bum_retrieve_password(); if (!is_wp_error($bum_errors)) { $bum_redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : bum_get_permalink_login() . '&checkemail=confirm'; wp_safe_redirect($bum_redirect_to); exit; } } if (isset($_GET['error']) && 'invalidkey' == $_GET['error']) { $bum_errors->add('invalidkey', __('Sorry, that key does not appear to be valid.')); } $bum_redirect_to = apply_filters('lostpassword_redirect', !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : ''); do_action('lost_password'); break; case 'resetpass': case 'rp': $bum_user = bum_check_password_reset_key($_GET['key'], $_GET['login']); if (is_wp_error($bum_user)) { wp_redirect(bum_get_permalink_login() . '?action=lostpassword&error=invalidkey'); exit; } $bum_errors = ''; if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) { $bum_errors = new WP_Error('password_reset_mismatch', __('The passwords do not match.')); } elseif (isset($_POST['pass1']) && !empty($_POST['pass1'])) { bum_reset_password($bum_user, $_POST['pass1']); exit; } wp_enqueue_script('utils'); wp_enqueue_script('user-profile'); break; case 'register': wp_redirect(bum_get_permalink_registration()); exit; break; case 'login': default: //redirect if logged in if (is_user_logged_in()) { wp_redirect(get_bloginfo('url')); exit; } $bum_secure_cookie = ''; $bum_interim_login = isset($_REQUEST['interim-login']); // If the user wants ssl but the session is not ssl, force a secure cookie. if (!empty($_POST['log']) && !force_ssl_admin()) { $bum_user_name = sanitize_user($_POST['log']); if ($bum_user = get_userdatabylogin($bum_user_name)) { if (get_user_option('use_ssl', $bum_user->ID)) { $bum_secure_cookie = true; force_ssl_admin(true); } } } if (isset($_REQUEST['redirect_to'])) { $bum_redirect_to = $_REQUEST['redirect_to']; // Redirect to https if user wants ssl if ($bum_secure_cookie && false !== strpos($bum_redirect_to, 'wp-admin')) { $bum_redirect_to = preg_replace('|^http://|', 'https://', $bum_redirect_to); } } else { $bum_redirect_to = admin_url(); } $bum_reauth = empty($_REQUEST['reauth']) ? false : true; // If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure // cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting // the admin via http or https. if (!$bum_secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($bum_redirect_to, 'https') && 0 === strpos($bum_redirect_to, 'http')) { $bum_secure_cookie = false; } $bum_user = wp_signon('', $bum_secure_cookie); $bum_redirect_to = apply_filters('login_redirect', $bum_redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $bum_user); if (!is_wp_error($bum_user) && !$bum_reauth) { if (empty($bum_redirect_to) || $bum_redirect_to == 'wp-admin/' || $bum_redirect_to == admin_url()) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if (is_multisite() && !get_active_blog_for_user($bum_user->id)) { $bum_redirect_to = user_admin_url(); } elseif (is_multisite() && !$bum_user->has_cap('read')) { $bum_redirect_to = get_dashboard_url($bum_user->id); } elseif (!$bum_user->has_cap('edit_posts')) { $bum_redirect_to = bum_get_permalink_profile(); } } wp_safe_redirect($bum_redirect_to); exit; } $bum_errors = $bum_user; // Clear errors if loggedout is set. if (!empty($_GET['loggedout']) || $bum_reauth) { $bum_errors = new WP_Error(); } // If cookies are disabled we can't log in even with a valid user+pass if (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) { $bum_errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress.")); } // Some parts of this script use the main login form to display a message if (isset($_GET['loggedout']) && TRUE == $_GET['loggedout']) { $bum_errors->add('loggedout', __('You are now logged out.'), 'message'); } elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) { $bum_errors->add('registerdisabled', __('User registration is currently not allowed.')); } elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) { $bum_errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message'); } elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail']) { $bum_errors->add('newpass', __('Check your e-mail for your new password.'), 'message'); } elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) { $bum_errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message'); } elseif ($bum_interim_login) { $bum_errors->add('expired', __('Your session has expired. Please log-in again.'), 'message'); } // Clear any stale cookies. if ($bum_reauth) { wp_clear_auth_cookie(); } if (isset($_POST['log'])) { $bum_user_login = '******' == $bum_errors->get_error_code() || 'empty_password' == $bum_errors->get_error_code() ? esc_attr(stripslashes($_POST['log'])) : ''; } $bum_rememberme = !empty($_POST['rememberme']); break; } if ($bum_errors->get_error_code()) { $bum_errors_txt = ''; $bum_messages_txt = ''; foreach ($bum_errors->get_error_codes() as $code) { $bum_severity = $bum_errors->get_error_data($code); foreach ($bum_errors->get_error_messages($code) as $error) { if ('message' == $bum_severity) { $bum_messages_txt .= ' ' . $error . "<br />\n"; } else { $bum_errors_txt .= ' ' . $error . "<br />\n"; } } } } }
/** * The shortcode handler for the [show_avatar] shortcode. * * Example: [show_avatar id=pbearne@tycoelectronics.com avatar_size=30 align=right] */ function shortcode_handler($atts, $content = null) { $extraClass = ""; $hrefStart = ""; $name = ""; $bio = ""; $style = ""; $email = ""; $link = ""; $id = ''; // get id or email if (!empty($atts['id'])) { $id = preg_replace('[^\\w\\.\\@\\-]', '', $atts['id']); } if (empty($id) && !empty($atts['email'])) { $id = preg_replace('[^\\w\\.\\@\\-]', '', $atts['email']); } // get avatar size $avatar_size = false; if (!empty($atts['avatar_size'])) { $avatar_size = intval($atts['avatar_size']); } // get alignment if (!empty($atts['align'])) { switch ($atts['align']) { case 'left': $style = "float: left; margin-right: 10px;"; break; case 'right': $style = "float: right; margin-left: 10px;"; break; case 'center': $style = "text-align: center; width: 100%;"; break; } } if (!empty($id)) { $avatar = get_avatar($id, $avatar_size); } else { $avatar = __("[show_author shortcode: please set id/email attribute]"); } // is there an user link request if (!empty($atts['user_link']) || !empty($atts['show_biography']) || !empty($atts['show_postcount']) || !empty($atts['show_name']) || !empty($atts['show_email'])) { // try to fetch user profile $isUser = true; if (!is_numeric($id)) { if (email_exists($id)) { $id = email_exists($id); } else { $isUser = false; } } if ($isUser) { $all_meta_for_user = get_user_meta($id); if (count($all_meta_for_user) == 0) { $isUser = false; } } if ($isUser) { if (!empty($atts['user_link'])) { switch ($atts['user_link']) { case 'authorpage': $link = get_author_posts_url($id); break; case 'website': $link = get_the_author_meta('user_url', $id); if (empty($link) || $link == 'http://') { $link = false; } break; case 'blog': if (AA_is_wpmu()) { $blog = get_active_blog_for_user($id); if (!empty($blog->siteurl)) { $link = $blog->siteurl; } } break; case 'bp_memberpage': if (function_exists('bp_core_get_user_domain')) { $link = bp_core_get_user_domain($id); } elseif (function_exists('bp_core_get_userurl')) { // BP versions < 1.1 $link = bp_core_get_userurl($id); } break; case 'bbpress_memberpage': if (function_exists('bbp_get_user_profile_url')) { $link = bbp_get_user_profile_url($id); } if (empty($link) || $link == 'http://') { $link = false; } break; } if ($link) { $hrefStart = '<a href="' . $link . '">'; } } if (!empty($atts['show_name'])) { $name = '<br />' . get_the_author_meta('display_name', $id); $extraClass .= ' with-name'; } if (!empty($atts['show_email'])) { $userEmail = get_the_author_meta('user_email', $id); $email = "<div class='email'><a href='mailto:" . $userEmail . "''>" . $userEmail . "</a></div>"; if (empty($email)) { $extraClass .= 'email-missing'; } else { $extraClass .= ' with-email'; } } if (!empty($atts['show_postcount'])) { require_once 'UserList.class.php'; $this->userlist = new UserList(); $name .= ' (' . ($postcount = $this->userlist->get_user_postcount($id) . ')'); } if (!empty($atts['show_bbpress_post_count'])) { if (function_exists('bbp_get_user_topic_count_raw')) { $BBPRESS_postcount = bbp_get_user_topic_count_raw($id) + bbp_get_user_reply_count_raw($id); $name .= ' (' . ($postcount = $BBPRESS_postcount . ')'); } } if (!empty($atts['show_biography'])) { $bio = get_the_author_meta('description', $id); if (!empty($atts['show_name'])) { $bio = '<div class="bio">' . $bio . '</div>'; } if (empty($bio)) { $extraClass .= 'biography-missing'; } else { $extraClass .= ' with-biography'; } } } } $hrefend = ''; if (!empty($hrefStart)) { $hrefend = '</a>'; } if (!empty($style)) { $style = ' style="' . $style . '"'; } return '<div class="shortcode-show-avatar ' . $extraClass . '"' . $style . '>' . $hrefStart . $avatar . $name . $hrefend . $bio . $email . '</div>' . $content; }
function redirect_user_to_blog() { global $current_user, $current_site; $details = get_active_blog_for_user($current_user->ID); if ($details == "username only") { add_user_to_blog(get_blog_id_from_url($current_site->domain, $current_site->path), $current_user->ID, 'subscriber'); // Add subscriber permission for first blog. wp_redirect('http://' . $current_site->domain . $current_site->path . 'wp-admin/'); exit; } elseif (is_object($details)) { wp_redirect("http://" . $details->domain . $details->path . 'wp-admin/'); exit; } else { wp_redirect("http://" . $current_site->domain . $current_site->path); exit; } wp_die(__('You do not have sufficient permissions to access this page.')); }
/** * Formats the given user as html. * * @param WP_User $user The user to format (object of type WP_User). * * @uses apply_filters() Calls 'aa_user_template' hook * @return String html */ function format_user($user) { $tpl_vars = array('{class}' => '', '{user}' => ''); $avatar_size = intval($this->avatar_size); if (!$avatar_size) { $avatar_size = false; } $name = ""; if ($this->show_name) { $name = $user->display_name; } $alt = $title = $name; $divcss = array('user'); if ($this->show_name) { $divcss[] = 'with-name'; } $link = false; $link_type = $this->user_link; // always use 'website' for commentators $type = isset($user->type) ? $user->type : null; if ($user->user_id == -1 && "guest-author" != $type) { $link_type = 'website'; } switch ($link_type) { case 'authorpage': if ("guest-author" == $type) { $link = get_author_posts_url($user->user_id, $user->user_nicename); } else { $link = get_author_posts_url($user->user_id); } break; case 'website': if ("guest-author" == $type) { $link = get_the_author_meta('url', $user->ID); } else { $link = $user->user_url; if (empty($link) || $link == 'http://') { $link = false; } } break; case 'blog': if (AA_is_wpmu()) { $blog = get_active_blog_for_user($user->user_id); if (!empty($blog->siteurl)) { $link = $blog->siteurl; } } break; case 'bp_memberpage': if (function_exists('bp_core_get_user_domain')) { $link = bp_core_get_user_domain($user->user_id); } elseif (function_exists('bp_core_get_userurl')) { // BP versions < 1.1 $link = bp_core_get_userurl($user->user_id); } break; case 'bbpress_memberpage': if (function_exists('bbp_get_user_profile_url')) { $link = bbp_get_user_profile_url($user->user_id); } if (empty($link) || $link == 'http://') { $link = false; } break; case 'last_post': $recent = get_posts(array('author' => $user->user_id, 'orderby' => 'date', 'order' => 'desc', 'numberposts' => 1)); $link = get_permalink($recent[0]->ID); break; case 'last_post_all': $last_post = get_most_recent_post_of_user($user->user_id); $link = get_permalink($last_post['post_id']); break; } if ($this->show_postcount) { $postcount = 0; if ($user->user_id == -1 && "guest-author" != $type) { $postcount = $this->get_comment_count($user->user_email); $title .= ' (' . sprintf(_n("%d comment", "%d comments", $postcount, 'author-avatars'), $postcount) . ')'; } else { // this is passing 1 for coauthors if ("guest-author" == $type && $user->linked_account) { $linked_user = get_user_by('login', $user->linked_account); // fetch the linked account and show thats count $postcount = $this->get_user_postcount($linked_user->ID); } else { $postcount = $this->get_user_postcount($user->user_id); } $title .= ' (' . sprintf(_n("%d post", "%d posts", $postcount, 'author-avatars'), $postcount) . ')'; } $name .= sprintf(apply_filters('aa_post_count', ' (%d)', $postcount), $postcount); } if ($this->show_bbpress_post_count && AA_is_bbpress()) { $BBPRESS_postcount = 0; if (function_exists('bbp_get_user_topic_count_raw')) { $BBPRESS_postcount = bbp_get_user_topic_count_raw($user->user_id) + bbp_get_user_reply_count_raw($user->user_id); $title .= ' (' . sprintf(_n("%d BBPress post", "%d BBPress posts", $BBPRESS_postcount, 'author-avatars'), $BBPRESS_postcount) . ')'; } $name .= sprintf(' (%d)', $BBPRESS_postcount); } $biography = false; if ($this->show_biography) { if ("guest-author" != $type && $user->user_id > 0) { $biography = get_the_author_meta('description', $user->user_id); } else { $biography = isset($user->description) ? $user->description : ''; } $biography = apply_filters('aa_user_biography_filter', $biography); // trim $biography to bio_length if (0 < $this->bio_length) { $biography = $this->truncate_html(wpautop($biography, true), apply_filters('aa_user_bio_length', $this->bio_length)); } else { $biography = wpautop($biography, true); } $divcss[] = 'with-biography bio-length-' . $this->bio_length; $name = '<strong>' . $name . '</strong>'; if (empty($biography)) { $divcss[] = 'biography-missing'; } } $show_last_post = false; if ($this->show_last_post) { $show_last_post = $this->aa_get_last_post($user->user_id); /** * Filter the users last post. * * @since 1.8.6.0 * * @param string $show_last_post The HTML link to users last post. * @param object The Current user object. */ $show_last_post = apply_filters('aa_user_show_last_post_filter', $show_last_post, $user); $divcss[] = 'with-last-post'; if (empty($show_last_post)) { $divcss[] = 'last-post-missing'; } } $email = false; if ($this->show_email && $user->user_email) { $userEmail = $user->user_email; /** * Filter the title tag content for an admin page. * * @since 1.8.6.0 * * @param string The mailto href for sprintf the $1$s is where the email is inserted. * @param string $userEmail The Email to be inserted. * @param object The Current user object. */ $email = sprintf(apply_filters('aa_user_email_url_template', '<a href="mailto:%1$s">%1$s</a>', $userEmail, $user), $userEmail); $divcss[] = 'with-email'; if (empty($email)) { $divcss[] = 'email-missing'; } } if ($user->user_id == -1) { // use email for commentators $avatar = get_avatar($user->user_email, $avatar_size); } else { // if on buddypress install use BP function if (function_exists('bp_core_fetch_avatar')) { $avatar = bp_core_fetch_avatar(array('item_id' => $user->user_id, 'width' => $avatar_size, 'height' => $avatar_size, 'type' => 'full', 'alt' => $alt, 'title' => $title)); } else { // call the standard avatar function $avatar = get_avatar($user->user_id, $avatar_size); } } /* Strip all existing links (a tags) from the get_avatar() code to * remove e.g. the link which is added by the add-local-avatar plugin * @see http://wordpress.org/support/topic/309878 */ if (!empty($link)) { $avatar = preg_replace('@<\\s*\\/?\\s*[aA]\\s*.*?>@', '', $avatar); } // the buddypress code if (!function_exists('bp_core_fetch_avatar')) { /* strip alt and title parameter */ $avatar = preg_replace('@alt=["\'][\\w]*["\'] ?@', '', $avatar); $avatar = preg_replace('@title=["\'][\\w]*["\'] ?@', '', $avatar); /* insert alt and title parameters */ if (!stripos($avatar, 'title=')) { $avatar = preg_replace('@ ?\\/>@', ' title="' . $title . '" />', $avatar); } if (!stripos($avatar, 'alt=')) { $avatar = preg_replace('@ ?\\/>@', ' alt="' . $alt . '" />', $avatar); } } $html = ''; /** * filter the span that holds the avatar * * @param string The sprintf template. * @param string @title The value passed to the title attr in span. * @param string @avatar The HTML returned from get_avatar() etc. * @param object $user The user object */ $html .= sprintf(apply_filters('aa_user_avatar_template', '<span class="avatar" title="%s">%s</span>', $title, $avatar, $user), $title, $avatar); if ($this->show_name || $this->show_bbpress_post_count || $this->show_postcount) { /** * filter the span that contains the users name * * @param string The sprintf template. * @param string $name The value (users name) passed into the span * @param object $user The user object */ $html .= sprintf(apply_filters('aa_user_name_template', '<span class="name">%s</span>', $name, $user), $name); } if ($link) { /** * filter the href that wrap's avatar and users name * * @param string The sprintf template. * @param string $link The href value. * @param string $title The value for the href title * @param string $html The HTML with avatar and name * @param object $user The user object */ $html = sprintf(apply_filters('aa_user_link_template', '<a href="%s" title="%s">%s</a>', $link, $title, $html, $user), $link, $title, $html); } if ($email) { /** * filter that wrap's the email link in a div * * @param string The sprintf template. * @param string $email The HTML containing the mailto href and email string. * @param object $user The user object */ $html .= sprintf(apply_filters('aa_user_email_template', '<div class="email">%s</div>', $email, $user), $email); } if ($biography) { /** * filter that wrap's the BIO text in a div * * @param string The sprintf template. * @param string $biography The Bio text. * @param object $user The user object */ $html .= sprintf(apply_filters('aa_user_biography_template', '<div class="biography">%s</div>', $biography, $user), $biography); } if ($show_last_post) { /** * filter that wrap's the last post link in a div * * @param string The sprintf template. * @param string $show_last_post The last post link. * @param object $user The user object */ $html .= sprintf(apply_filters('aa_user_last_post_template', '<div class="show_last_post">%s</div>', $show_last_post, $user), $show_last_post); } if (!empty($this->display_extra)) { /** * filter the extra HTML block before its appended * * @param string $extra extra HTML / string. * @param object $user The user object */ $html .= apply_filters('aa_user_display_extra', $this->display_extra, $user); } $tpl_vars['{class}'] = implode($divcss, ' '); /** * filter on the complete HTML for the user * * @param string $html The generated HTML. * @param object $user the user object */ $tpl_vars['{user}'] = apply_filters('aa_user_final_content', $html, $user); /** * filter the outer HTML template * * @param string $html The outer user template. * @param object $user the user object */ return str_replace(array_keys($tpl_vars), $tpl_vars, apply_filters('aa_user_template', $this->user_template, $user)); }
/** * Retrieve the blogs of the user. * * @since 2.6.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type string $username Username. * @type string $password Password. * } * @return array|IXR_Error Array contains: * - 'isAdmin' * - 'isPrimary' - whether the blog is the user's primary blog * - 'url' * - 'blogid' * - 'blogName' * - 'xmlrpc' - url of xmlrpc endpoint */ public function wp_getUsersBlogs($args) { // If this isn't on WPMU then just use blogger_getUsersBlogs if (!is_multisite()) { array_unshift($args, 1); return $this->blogger_getUsersBlogs($args); } $this->escape($args); $username = $args[0]; $password = $args[1]; if (!($user = $this->login($username, $password))) { return $this->error; } /** * Fires after the XML-RPC user has been authenticated but before the rest of * the method logic begins. * * All built-in XML-RPC methods use the action xmlrpc_call, with a parameter * equal to the method's name, e.g., wp.getUsersBlogs, wp.newPost, etc. * * @since 2.5.0 * * @param string $name The method name. */ do_action('xmlrpc_call', 'wp.getUsersBlogs'); $blogs = (array) get_blogs_of_user($user->ID); $struct = array(); $primary_blog_id = 0; $active_blog = get_active_blog_for_user($user->ID); if ($active_blog) { $primary_blog_id = (int) $active_blog->blog_id; } foreach ($blogs as $blog) { // Don't include blogs that aren't hosted at this site. if ($blog->site_id != get_current_site()->id) { continue; } $blog_id = $blog->userblog_id; switch_to_blog($blog_id); $is_admin = current_user_can('manage_options'); $is_primary = (int) $blog_id === $primary_blog_id; $struct[] = array('isAdmin' => $is_admin, 'isPrimary' => $is_primary, 'url' => home_url('/'), 'blogid' => (string) $blog_id, 'blogName' => get_option('blogname'), 'xmlrpc' => site_url('xmlrpc.php', 'rpc')); restore_current_blog(); } return $struct; }
/** * Returns author object. * * @param $author user ID, user row, WP_User object, comment row, post row * @param $show_email output the author's email address? * * @return (object) */ function get_author($author, $show_email = false) { if (isset($author->comment_author_email) && !$author->user_id) { $ID = 0; $login = ''; $email = $author->comment_author_email; $name = $author->comment_author; $URL = $author->comment_author_url; $profile_URL = 'http://en.gravatar.com/' . md5(strtolower(trim($email))); $nice = ''; $site_id = -1; // Comment author URLs and Emails are sent through wp_kses() on save, which replaces "&" with "&" // "&" is the only email/URL character altered by wp_kses() foreach (array('email', 'URL') as $field) { ${$field} = str_replace('&', '&', ${$field}); } } else { $post = $author; if (isset($author->post_author)) { if (0 == $author->post_author) { return null; } $author = $author->post_author; } elseif (isset($author->user_id) && $author->user_id) { $author = $author->user_id; } elseif (isset($author->user_email)) { $author = $author->ID; } $is_jetpack = true === apply_filters('is_jetpack_site', false, get_current_blog_id()); if ($is_jetpack) { $ID = get_post_meta($post->ID, '_jetpack_post_author_external_id', true); $email = get_post_meta($post->ID, '_jetpack_author_email', true); $login = ''; $name = get_post_meta($post->ID, '_jetpack_author', true); $URL = ''; $nice = ''; } else { $user = get_user_by('id', $author); if (!$user || is_wp_error($user)) { trigger_error('Unknown user', E_USER_WARNING); return null; } $ID = $user->ID; $email = $user->user_email; $login = $user->user_login; $name = $user->display_name; $URL = $user->user_url; $nice = $user->user_nicename; } if (defined('IS_WPCOM') && IS_WPCOM && !$is_jetpack) { $active_blog = get_active_blog_for_user($ID); $site_id = $active_blog->blog_id; $profile_URL = "http://en.gravatar.com/{$login}"; } else { $profile_URL = 'http://en.gravatar.com/' . md5(strtolower(trim($email))); $site_id = -1; } } $avatar_URL = $this->api->get_avatar_url($email); $email = $show_email ? (string) $email : false; $author = array('ID' => (int) $ID, 'login' => (string) $login, 'email' => $email, 'name' => (string) $name, 'nice_name' => (string) $nice, 'URL' => (string) esc_url_raw($URL), 'avatar_URL' => (string) esc_url_raw($avatar_URL), 'profile_URL' => (string) esc_url_raw($profile_URL)); if ($site_id > -1) { $author['site_ID'] = (int) $site_id; } return (object) $author; }
/** * Returns author object. * * @param $author user ID, user row, WP_User object, comment row, post row * @param $show_email output the author's email address? * * @return (object) */ function get_author($author, $show_email = false) { if (isset($author->comment_author_email) && !$author->user_id) { $ID = 0; $email = $author->comment_author_email; $name = $author->comment_author; $URL = $author->comment_author_url; $profile_URL = 'http://en.gravatar.com/' . md5(strtolower(trim($email))); $nice = ''; $site_id = -1; } else { if (isset($author->post_author)) { if (0 == $author->post_author) { return null; } $author = $author->post_author; } elseif (isset($author->user_id) && $author->user_id) { $author = $author->user_id; } elseif (isset($author->user_email)) { $author = $author->ID; } $user = get_user_by('id', $author); if (!$user || is_wp_error($user)) { trigger_error('Unknown user', E_USER_WARNING); return null; } $ID = $user->ID; $email = $user->user_email; $name = $user->display_name; $URL = $user->user_url; $nice = $user->user_nicename; if (defined('IS_WPCOM') && IS_WPCOM) { $active_blog = get_active_blog_for_user($ID); $site_id = $active_blog->blog_id; $profile_URL = "http://en.gravatar.com/{$user->user_login}"; } else { $profile_URL = 'http://en.gravatar.com/' . md5(strtolower(trim($email))); $site_id = -1; } } $avatar_URL = $this->api->get_avatar_url($email); $email = $show_email ? (string) $email : false; $author = array('ID' => (int) $ID, 'email' => $email, 'name' => (string) $name, 'nice_name' => (string) $nice, 'URL' => (string) esc_url_raw($URL), 'avatar_URL' => (string) esc_url_raw($avatar_URL), 'profile_URL' => (string) esc_url_raw($profile_URL)); if ($site_id > -1) { $author['site_ID'] = (int) $site_id; } return (object) $author; }
/** * Get the URL to the user's dashboard. * * If a user does not belong to any sites, the global user dashboard is used. If the user belongs to the current site, * the dashboard for the current site is returned. If the user cannot edit the current site, the dashboard to the user's * primary blog is returned. * * @since 3.1.0 * * @param int $user_id User ID * @param string $path Optional path relative to the dashboard. Use only paths known to both blog and user admins. * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl(). 'http' or 'https' can be passed to force those schemes. * @return string Dashboard url link with optional path appended */ function get_dashboard_url($user_id, $path = '', $scheme = 'admin') { $user_id = (int) $user_id; $blogs = get_blogs_of_user($user_id); if (!is_super_admin() && empty($blogs)) { $url = user_admin_url($path, $scheme); } elseif (!is_multisite()) { $url = admin_url($path, $scheme); } else { $current_blog = get_current_blog_id(); if ($current_blog && (is_super_admin($user_id) || in_array($current_blog, array_keys($blogs)))) { $url = admin_url($path, $scheme); } else { $active = get_active_blog_for_user($user_id); if ($active) { $url = get_admin_url($active->blog_id, $path, $scheme); } else { $url = user_admin_url($path, $scheme); } } } return apply_filters('user_dashboard_url', $url, $user_id, $path, $scheme); }
/** * WP_Ajax hook for pb_delete_catalog_logo */ static function deleteLogo() { check_ajax_referer('pb-delete-catalog-logo'); $image_url = $_POST['filename']; $user_id = (int) $_POST['pid']; $book = get_active_blog_for_user($user_id); if (current_user_can_for_blog($book->blog_id, 'upload_files')) { switch_to_blog($book->blog_id); // Delete old images $old_id = \PressBooks\Image\attachment_id_from_url($image_url); if ($old_id) { wp_delete_attachment($old_id, true); } update_user_meta($user_id, 'pb_catalog_logo', \PressBooks\Image\default_cover_url()); restore_current_blog(); } // @see http://codex.wordpress.org/AJAX_in_Plugins#Error_Return_Values // Will append 0 to returned json string if we don't die() die; }
function get_recent_avatar_list($count = 20) { global $image_dir; $directory = ABSPATH . '/' . $image_dir . '/'; // create an array to hold directory list $result = array(); // create a handler for the directory $handler = opendir($directory); // keep going until all files in directory have been read while ($file = readdir($handler)) { // if $file is a picture, and not the default one if ((strpos($file, '.gif', 1) || strpos($file, '.jpg', 1) || strpos($file, '.png', 1)) && strcmp($file, 'default.png') != 0) { // Only keep avatar number $result[] = substr($file, 0, -4); } } // tidy up: close the handler closedir($handler); // Sort result rsort($result); // And keep only $count result $result = array_slice($result, 0, $count); $list = ""; // Produce list of $count avatars foreach ($result as $user_id) { // Get user display name $user = get_userdata($user_id); // Get user active blog $blog = get_active_blog_for_user($user_id); // User avatar url $avatar = author_image_path($user_id, $display = false); // Create element $list .= "<li><a href='{$blog->siteurl}' title='{$user->display_name}'>"; $list .= "<img src='{$avatar}' alt='{$user->display_name}' width='48px' height='48px'/></a></li>"; } echo "<ul class='clearfix'>{$list}</ul>"; }
/** * Proccesses the request * * Callback for "template_redirect" hook in template-loader.php * * @since 6.3 * @access public */ public function template_redirect() { $this->request_action = isset($_REQUEST['action']) ? sanitize_key($_REQUEST['action']) : ''; if (!$this->request_action && self::is_tml_page()) { $this->request_action = self::get_page_action(get_the_id()); } $this->request_instance = isset($_REQUEST['instance']) ? sanitize_key($_REQUEST['instance']) : 0; do_action_ref_array('tml_request', array(&$this)); // allow plugins to override the default actions, and to add extra actions if they want do_action('login_form_' . $this->request_action); if (has_action('tml_request_' . $this->request_action)) { do_action_ref_array('tml_request_' . $this->request_action, array(&$this)); } else { $http_post = 'POST' == $_SERVER['REQUEST_METHOD']; switch ($this->request_action) { case 'postpass': if (!array_key_exists('post_password', $_POST)) { wp_safe_redirect(wp_get_referer()); exit; } require_once ABSPATH . 'wp-includes/class-phpass.php'; $hasher = new PasswordHash(8, true); $expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS); if ($referer) { $secure = 'https' === parse_url($referer, PHP_URL_SCHEME); } else { $secure = false; } setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure); wp_safe_redirect(wp_get_referer()); exit; break; case 'logout': check_admin_referer('log-out'); $user = wp_get_current_user(); wp_logout(); if (!empty($_REQUEST['redirect_to'])) { $redirect_to = $requested_redirect_to = $_REQUEST['redirect_to']; } else { $redirect_to = site_url('wp-login.php?loggedout=true'); $requested_redirect_to = ''; } $redirect_to = apply_filters('logout_redirect', $redirect_to, $requested_redirect_to, $user); wp_safe_redirect($redirect_to); exit; break; case 'lostpassword': case 'retrievepassword': if ($http_post) { $this->errors = self::retrieve_password(); if (!is_wp_error($this->errors)) { $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : site_url('wp-login.php?checkemail=confirm'); wp_safe_redirect($redirect_to); exit; } } if (isset($_REQUEST['error'])) { if ('invalidkey' == $_REQUEST['error']) { $this->errors->add('invalidkey', __('Your password reset link appears to be invalid. Please request a new link below.', 'theme-my-login')); } elseif ('expiredkey' == $_REQUEST['error']) { $this->errors->add('expiredkey', __('Your password reset link has expired. Please request a new link below.', 'theme-my-login')); } } do_action('lost_password'); break; case 'resetpass': case 'rp': // Dirty hack for now global $rp_login, $rp_key; list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI'])); $rp_cookie = 'wp-resetpass-' . COOKIEHASH; if (isset($_GET['key'])) { $value = sprintf('%s:%s', wp_unslash($_GET['login']), wp_unslash($_GET['key'])); setcookie($rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true); wp_safe_redirect(remove_query_arg(array('key', 'login'))); exit; } if (isset($_COOKIE[$rp_cookie]) && 0 < strpos($_COOKIE[$rp_cookie], ':')) { list($rp_login, $rp_key) = explode(':', wp_unslash($_COOKIE[$rp_cookie]), 2); $user = check_password_reset_key($rp_key, $rp_login); if (isset($_POST['pass1']) && !hash_equals($rp_key, $_POST['rp_key'])) { $user = false; } } else { $user = false; } if (!$user || is_wp_error($user)) { setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true); if ($user && $user->get_error_code() === 'expired_key') { wp_redirect(site_url('wp-login.php?action=lostpassword&error=expiredkey')); } else { wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey')); } exit; } if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) { $this->errors->add('password_reset_mismatch', __('The passwords do not match.', 'theme-my-login')); } do_action('validate_password_reset', $this->errors, $user); if (!$this->errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) { reset_password($user, $_POST['pass1']); setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true); $redirect_to = site_url('wp-login.php?resetpass=complete'); wp_safe_redirect($redirect_to); exit; } wp_enqueue_script('utils'); wp_enqueue_script('user-profile'); break; case 'register': if (!get_option('users_can_register')) { $redirect_to = site_url('wp-login.php?registration=disabled'); wp_redirect($redirect_to); exit; } $user_login = ''; $user_email = ''; if ($http_post) { if ('email' == $this->get_option('login_type')) { $user_login = isset($_POST['user_email']) ? $_POST['user_email'] : ''; } else { $user_login = isset($_POST['user_login']) ? $_POST['user_login'] : ''; } $user_email = isset($_POST['user_email']) ? $_POST['user_email'] : ''; $this->errors = register_new_user($user_login, $user_email); if (!is_wp_error($this->errors)) { $redirect_to = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : site_url('wp-login.php?checkemail=registered'); wp_safe_redirect($redirect_to); exit; } } break; case 'login': default: $secure_cookie = ''; $interim_login = isset($_REQUEST['interim-login']); // If the user wants ssl but the session is not ssl, force a secure cookie. if (!empty($_POST['log']) && !force_ssl_admin()) { $user_name = sanitize_user($_POST['log']); if ($user = get_user_by('login', $user_name)) { if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } } if (!empty($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; // Redirect to https if user wants ssl if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) { $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); } } else { $redirect_to = admin_url(); } $reauth = empty($_REQUEST['reauth']) ? false : true; if ($http_post && isset($_POST['log'])) { $user = wp_signon('', $secure_cookie); $redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user); if (!is_wp_error($user) && !$reauth) { if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) { $redirect_to = user_admin_url(); } elseif (is_multisite() && !$user->has_cap('read')) { $redirect_to = get_dashboard_url($user->ID); } elseif (!$user->has_cap('edit_posts')) { $redirect_to = $user->has_cap('read') ? admin_url('profile.php') : home_url(); } } wp_safe_redirect($redirect_to); exit; } $this->errors = $user; } // Clear errors if loggedout is set. if (!empty($_GET['loggedout']) || $reauth) { $this->errors = new WP_Error(); } // Some parts of this script use the main login form to display a message if (isset($_GET['loggedout']) && true == $_GET['loggedout']) { $this->errors->add('loggedout', __('You are now logged out.', 'theme-my-login'), 'message'); } elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) { $this->errors->add('registerdisabled', __('User registration is currently not allowed.', 'theme-my-login')); } elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) { $this->errors->add('confirm', __('Check your e-mail for the confirmation link.', 'theme-my-login'), 'message'); } elseif (isset($_GET['resetpass']) && 'complete' == $_GET['resetpass']) { $this->errors->add('password_reset', __('Your password has been reset.', 'theme-my-login'), 'message'); } elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) { $this->errors->add('registered', __('Registration complete. Please check your e-mail.', 'theme-my-login'), 'message'); } elseif ($interim_login) { $this->errors->add('expired', __('Your session has expired. Please log-in again.', 'theme-my-login'), 'message'); } elseif (strpos($redirect_to, 'about.php?updated')) { $this->errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.', 'theme-my-login'), 'message'); } elseif ($reauth) { $this->errors->add('reauth', __('Please log in to continue.', 'theme-my-login'), 'message'); } // Clear any stale cookies. if ($reauth) { wp_clear_auth_cookie(); } break; } // end switch } // endif has_filter() }
public function doLogin() { $minecraftjp = $this->getMinecraftJP(); $authType = !empty($_SESSION['auth_type']) ? $_SESSION['auth_type'] : 'login'; $redirectTo = !empty($_SESSION['redirect_to']) ? $_SESSION['redirect_to'] : ''; if ($authType == 'link') { try { $mcjpUser = $minecraftjp->getUser(); } catch (\Exception $e) { $this->setFlash($e->getMessage(), 'default', array('class' => 'error')); wp_safe_redirect(admin_url('profile.php')); exit; } if (!empty($mcjpUser)) { $userId = get_current_user_id(); $existsUserId = $this->User->getUserIdBySub($mcjpUser['sub']); if (!empty($existsUserId) && $existsUserId != $userId) { $this->setFlash(__('This account is already linked.', App::NAME), 'default', array('class' => 'error')); } else { update_user_meta($userId, 'minecraftjp_sub', $mcjpUser['sub']); update_user_meta($userId, 'minecraftjp_uuid', $mcjpUser['uuid']); update_user_meta($userId, 'minecraftjp_username', $mcjpUser['preferred_username']); $this->setFlash(__('Minecraft.jp account linked successfully.', App::NAME)); } } else { $this->setFlash(__('Authorization denied.', App::NAME), 'default', array('class' => 'error')); } wp_safe_redirect(admin_url('profile.php')); } else { try { $mcjpUser = $minecraftjp->getUser(); } catch (\Exception $e) { $this->setFlash($e->getMessage(), 'default', array('class' => 'error')); wp_safe_redirect(site_url('wp-login.php')); exit; } if (!empty($mcjpUser)) { $userId = $this->User->getUserIdBySub($mcjpUser['sub']); if (!$userId) { if (!get_option('users_can_register') && !Configure::read('force_users_can_register')) { wp_redirect(site_url('wp-login.php?registration=disabled')); exit; } $password = wp_generate_password(); $result = wp_create_user($mcjpUser['preferred_username'] . Configure::read('username_suffix'), $password, $mcjpUser['email']); if (is_wp_error($result)) { $this->setFlash(__('username or email is already taken.', App::NAME), 'default', array('class' => 'error')); wp_safe_redirect(site_url('wp-login.php')); exit; } else { $userId = $result; wp_update_user(array('ID' => $userId, 'user_url' => !empty($mcjpUser['website']) ? $mcjpUser['website'] : $mcjpUser['profile'], 'display_name' => $mcjpUser['preferred_username'])); update_user_meta($userId, 'nickname', $mcjpUser['preferred_username']); update_user_meta($userId, 'minecraftjp_sub', $mcjpUser['sub']); update_user_meta($userId, 'minecraftjp_uuid', $mcjpUser['uuid']); // send password notification wp_new_user_notification($userId, $password); } } update_user_meta($userId, 'minecraftjp_username', $mcjpUser['preferred_username']); wp_set_auth_cookie($userId, true); $user = get_user_by('id', $userId); if (empty($redirectTo) || $redirectTo == 'wp-admin/' || $redirectTo == admin_url()) { if (is_multisite() && !get_active_blog_for_user($userId) && !is_super_admin($userId)) { $redirectTo = user_admin_url(); } else { if (is_multisite() && !$user->has_cap('read')) { $redirectTo = get_dashboard_url($userId); } else { if (!$user->has_cap('edit_posts')) { $redirectTo = admin_url('profile.php'); } } } } wp_safe_redirect($redirectTo); exit; } else { $this->setFlash(__('Authorization denied.', App::NAME), 'default', array('class' => 'error')); wp_safe_redirect(site_url('wp-login.php')); exit; } } }
/** * Get the URL to the user's dashboard. * * If a user does not belong to any site, the global user dashboard is used. If the user belongs to the current site, * the dashboard for the current site is returned. If the user cannot edit the current site, the dashboard to the user's * primary blog is returned. * * @since 3.1.0 * * @param int $user_id Optional. User ID. Defaults to current user. * @param string $path Optional path relative to the dashboard. Use only paths known to both blog and user admins. * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl(). 'http' or 'https' can be passed to force those schemes. * @return string Dashboard url link with optional path appended. */ function get_dashboard_url($user_id = 0, $path = '', $scheme = 'admin') { $user_id = $user_id ? (int) $user_id : get_current_user_id(); $blogs = get_blogs_of_user($user_id); if (!is_super_admin() && empty($blogs)) { $url = user_admin_url($path, $scheme); } elseif (!is_multisite()) { $url = admin_url($path, $scheme); } else { $current_blog = get_current_blog_id(); if ($current_blog && (is_super_admin($user_id) || in_array($current_blog, array_keys($blogs)))) { $url = admin_url($path, $scheme); } else { $active = get_active_blog_for_user($user_id); if ($active) { $url = get_admin_url($active->blog_id, $path, $scheme); } else { $url = user_admin_url($path, $scheme); } } } /** * Filter the dashboard URL for a user. * * @since 3.1.0 * * @param string $url The complete URL including scheme and path. * @param int $user_id The user ID. * @param string $path Path relative to the URL. Blank string if no path is specified. * @param string $scheme Scheme to give the URL context. Accepts 'http', 'https', 'login', * 'login_post', 'admin', 'relative' or null. */ return apply_filters('user_dashboard_url', $url, $user_id, $path, $scheme); }
/** * @group activate */ public function test_activate_user_accounts_with_blogs() { global $wpdb, $current_site, $base; if (!is_multisite()) { return; } $signups = array(); // Can't trust this first signup :( $signups['testpath1'] = $this->factory->signup->create(array('user_login' => 'testpath1', 'user_email' => '*****@*****.**', 'domain' => '', 'path' => '', 'title' => '', 'activation_key' => 'activationkeyblogone')); $signups['blogtwo'] = $this->factory->signup->create(array('user_login' => 'blogtwo', 'user_email' => '*****@*****.**', 'domain' => $current_site->domain, 'path' => $base . 'blogtwo', 'title' => 'Blog Two', 'activation_key' => 'activationkeyblogtwo')); $signups['blogthree'] = $this->factory->signup->create(array('user_login' => 'blogthree', 'user_email' => '*****@*****.**', 'domain' => '', 'path' => '', 'title' => '', 'activation_key' => 'activationkeyblogthree')); $signups['blogfour'] = $this->factory->signup->create(array('user_login' => 'blogfour', 'user_email' => '*****@*****.**', 'domain' => $current_site->domain, 'path' => $base . 'blogfour', 'title' => 'Blog Four', 'activation_key' => 'activationkeyblogfour')); // Neutralize db errors $suppress = $wpdb->suppress_errors(); $results = BP_Signup::activate($signups); $wpdb->suppress_errors($suppress); $this->assertNotEmpty($results['activated']); $users = array(); foreach ($signups as $login => $signup_id) { $users[$login] = get_user_by('login', $login); } $this->assertEqualSets($results['activated'], wp_list_pluck($users, 'ID')); $blogs = array(); foreach ($users as $path => $user) { // Can't trust this first signup :( if ('testpath1' == $path) { continue; } $blogs[$path] = get_active_blog_for_user($user->ID); } $blogs = array_filter($blogs); $blogs = array_map('basename', wp_list_pluck($blogs, 'path')); $this->assertEqualSets($blogs, array_keys($blogs)); }