/** * Handles resetting the user's password. * * @uses $wpdb WordPress Database object * * @param string $key Hash to validate sending user's password * @return bool|WP_Error */ function hma_override_reset_password($key, $login) { global $wpdb; $key = preg_replace('/[^a-z0-9]/i', '', $key); if (empty($key) || !is_string($key)) { hm_error_message('The key you provided was invalid', 'lost-password'); return new WP_Error('invalid_key', __('Invalid key')); } if (empty($login) || !is_string($login)) { hm_error_message('The key you provided was invalid', 'lost-password'); return new WP_Error('invalid_key', __('Invalid key')); } $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM {$wpdb->users} WHERE user_activation_key = %s AND user_login = %s", $key, $login)); if (empty($user)) { hm_error_message('The key you provided was invalid', 'lost-password'); return new WP_Error('invalid_key', __('Invalid key')); } // Generate something random for a password... $new_pass = wp_generate_password(); do_action('password_reset', $user, $new_pass); wp_set_password($new_pass, $user->ID); update_user_meta($user->ID, 'default_password_nag', true); //Set up the Password change nag. $message = sprintf(__('Username: %s'), $user->user_login) . "\r\n"; $message .= sprintf(__('Password: %s'), $new_pass) . "\r\n"; $message .= site_url('wp-login.php', 'login') . "\r\n"; // The blogname option is escaped with esc_html on the way into the database in sanitize_option // we want to reverse this for the plain text arena of emails. $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); $title = sprintf(__('[%s] Your new password'), $blogname); $title = apply_filters('password_reset_title', $title); $message = apply_filters('password_reset_message', $message, $new_pass); if ($message && !wp_mail($user->user_email, $title, $message)) { die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>'); } wp_password_change_notification($user); return true; }
/** * Process the edit profile form submission * * @return null */ function hma_profile_submitted() { check_admin_referer('hma_profile_submitted'); $current_user = wp_get_current_user(); // check the user is logged in if (!is_user_logged_in()) { return; } // Loop through all data and only user user_* fields or fields which have been registered using hma_register_profile_field foreach ($_POST as $key => $value) { if (!hma_is_profile_field($key) && hma_custom_profile_fields() || !hma_custom_profile_fields() && strpos($key, 'user_') !== 0) { continue; } $user_data[$key] = is_string($value) ? esc_attr($value) : array_map('esc_attr', $value); } // Check that the passwords match if they were $_POST'd if (!empty($_POST['user_pass']) && isset($_POST['user_pass2']) && $_POST['user_pass'] !== $_POST['user_pass2']) { hm_error_message('The passwords you entered do not match', 'update-user'); return; } if (!empty($_POST['user_pass'])) { $user_data['user_pass'] = esc_attr($_POST['user_pass']); } if (!empty($_POST['user_email'])) { $user_data['user_email'] = esc_attr($_POST['user_email']); } $user_data['ID'] = $current_user->ID; if (isset($_POST['first_name'])) { $user_data['first_name'] = esc_attr($_POST['first_name']); } if (isset($_POST['last_name'])) { $user_data['last_name'] = esc_attr($_POST['last_name']); } if (isset($_POST['nickname'])) { $user_data['nickname'] = esc_attr($_POST['nickname']); } $user_data['user_login'] = $current_user->user_login; if (isset($_POST['description'])) { $user_data['description'] = esc_attr($_POST['description']); } if (isset($_POST['display_name'])) { $name = trim($_POST['display_name']); $match = preg_match_all('/([\\S^\\,]*)/', esc_attr($_POST['display_name']), $matches); foreach (array_filter((array) $matches[0]) as $match) { $name = trim(str_replace($match, $user_data[$match], $name)); } $user_data['display_name'] = $name; $user_data['display_name_preference'] = esc_attr($_POST['display_name']); } if (!empty($_FILES['user_avatar']['name'])) { $user_data['user_avatar'] = esc_attr($_FILES['user_avatar']); } $success = hma_update_user_info($user_data); // Unlink any SSO providers if (!is_wp_error($success) && !empty($_POST['unlink_sso_providers']) && array_filter((array) $_POST['unlink_sso_providers'])) { if (empty($user_data['user_pass'])) { hm_error_message('The social network(s) could not be unlinked because you did not enter your password', 'update-user'); } else { foreach (array_filter((array) $_POST['unlink_sso_providers']) as $sso_provider_id) { $sso_provider = hma_get_sso_provider($sso_provider_id); $sso_provider->unlink(); } } } if ($_POST['redirect_to']) { $redirect = esc_attr($_POST['redirect_to']); } elseif ($_POST['referer']) { $redirect = esc_attr($_POST['referer']); } elseif (wp_get_referer()) { $redirect = wp_get_referer(); } else { $redirect = get_bloginfo('edit_profile_url', 'display'); } do_action('hma_update_user_profile_completed', $redirect); wp_redirect(add_query_arg('message', is_wp_error($success) ? $success->get_error_code() : '1', $redirect)); exit; }
/** * Link the current Twitter with $this->user * * @access public * @return true | WP_Error on failure */ function link() { if (!is_user_logged_in()) { return new WP_Error('user-logged-in'); } //we are in the popup were (seperate window) if ($this->usingSession && !empty($_SESSION['twitter_oauth_token'])) { $this->access_token = $_SESSION['twitter_oauth_token']; } elseif (!empty($_POST['access_token'])) { $this->access_token = $this->get_access_token_from_string($_POST['access_token']); } else { $this->access_token = unserialize(base64_decode($_COOKIE['twitter_oauth_token'])); setcookie('twitter_oauth_token', '', time() - 100, COOKIEPATH); } $info = $this->get_twitter_user_info(); if (!empty($info->error)) { hm_error_message('There was a problem connecting you with Twitter, please try again.', 'update-user'); return new WP_Error($info->error); } //Check if this twitter account has already been connected with an account, if so log them in and dont register if ($this->_get_user_id_from_sso_id($info->id)) { hm_error_message('This Twitter account is already linked with another account, please try a different one.', 'update-user'); return new WP_Error('sso-provider-already-linked'); } update_user_meta(get_current_user_id(), '_twitter_oauth_token', $this->access_token['oauth_token']); update_user_meta(get_current_user_id(), '_twitter_oauth_token_secret', $this->access_token['oauth_token_secret']); update_user_meta(get_current_user_id(), '_twitter_access_token', $this->access_token); update_user_meta(get_current_user_id(), '_twitter_uid', $info->id); hm_success_message('Successfully connected the Twitter account "' . $info->screen_name . '" with your profile.', 'update-user'); return true; }
public function login() { if (!$this->check_for_provider_logged_in()) { hm_error_message('You are not logged in to Facebook', 'login'); return new WP_Error('no-logged-in-to-facebook'); } global $wpdb; $fb_uid = $this->client->getUser(); $user_id = $wpdb->get_var("SELECT user_id FROM {$wpdb->usermeta} WHERE meta_key = '_fb_uid' AND meta_value = '{$fb_uid}'"); if (!$user_id) { $fb_info = $this->get_facebook_user_info(); $user_id = $this->_get_user_id_from_sso_id($fb_info['username']); if (!$user_id) { hm_error_message('This Facebook account has not been linked to an account on this site.', 'login'); return new WP_Error('facebook-account-not-connected'); } } //Update their access token incase it has changed update_user_meta($user_id, '_fb_access_token', $this->get_access_token_from_cookie_session()); wp_set_auth_cookie($user_id, false); wp_set_current_user($user_id); do_action('hma_log_user_in', $user_id); do_action('hma_login_submitted_success'); return true; }