コード例 #1
0
ファイル: upgrade.php プロジェクト: nxtclass/NXTClass
 /**
  * Installs the blog
  *
  * {@internal Missing Long Description}}
  *
  * @since 2.1.0
  *
  * @param string $blog_title Blog title.
  * @param string $user_name User's username.
  * @param string $user_email User's email.
  * @param bool $public Whether blog is public.
  * @param null $deprecated Optional. Not used.
  * @param string $user_password Optional. User's chosen password. Will default to a random password.
  * @return array Array keys 'url', 'user_id', 'password', 'password_message'.
  */
 function nxt_install($blog_title, $user_name, $user_email, $public, $deprecated = '', $user_password = '')
 {
     global $nxt_rewrite;
     if (!empty($deprecated)) {
         _deprecated_argument(__FUNCTION__, '2.6');
     }
     nxt_check_mysql_version();
     nxt_cache_flush();
     make_db_current_silent();
     populate_options();
     populate_roles();
     update_option('blogname', $blog_title);
     update_option('admin_email', $user_email);
     update_option('blog_public', $public);
     $guessurl = nxt_guess_url();
     update_option('siteurl', $guessurl);
     // If not a public blog, don't ping.
     if (!$public) {
         update_option('default_pingback_flag', 0);
     }
     // Create default user.  If the user already exists, the user tables are
     // being shared among blogs.  Just set the role in that case.
     $user_id = username_exists($user_name);
     $user_password = trim($user_password);
     $email_password = false;
     if (!$user_id && empty($user_password)) {
         $user_password = nxt_generate_password(12, false);
         $message = __('<strong><em>Note that password</em></strong> carefully! It is a <em>random</em> password that was generated just for you.');
         $user_id = nxt_create_user($user_name, $user_password, $user_email);
         update_user_option($user_id, 'default_password_nag', true, true);
         $email_password = true;
     } else {
         if (!$user_id) {
             // Password has been provided
             $message = '<em>' . __('Your chosen password.') . '</em>';
             $user_id = nxt_create_user($user_name, $user_password, $user_email);
         } else {
             $message = __('User already exists. Password inherited.');
         }
     }
     $user = new nxt_User($user_id);
     $user->set_role('administrator');
     nxt_install_defaults($user_id);
     $nxt_rewrite->flush_rules();
     nxt_new_blog_notification($blog_title, $guessurl, $user_id, $email_password ? $user_password : __('The password you chose during the install.'));
     nxt_cache_flush();
     return array('url' => $guessurl, 'user_id' => $user_id, 'password' => $user_password, 'password_message' => $message);
 }
コード例 #2
0
        $user_upd = array();
        $user_upd['ID'] = $user_login_id;
        $user_upd['user_email'] = $fbuser['email'];
        nxt_update_user($user_upd);
    }
    //Run a hook when an existing user logs in
    do_action('nxtfb_existing_user', array('nxt_ID' => $user_login_id, 'FB_ID' => $fb_uid, 'facebook' => $facebook, 'nxt_UserData' => $user_data));
}
//If we still don't have a user_login_id, the FB user who's logging in has never been to this blog.
//We'll auto-register them a new account.  Note that if they haven't allowed email permissions, the
//account we register will have a bogus email address (but that's OK, since we still know their Facebook ID)
if (!$user_login_id) {
    $jfb_log .= "nxt: No user found. Automatically registering (FB_" . $fb_uid . ")\n";
    $user_data = array();
    $user_data['user_login'] = "******" . $fb_uid;
    $user_data['user_pass'] = nxt_generate_password();
    $user_data['user_nicename'] = sanitize_title($user_data['user_login']);
    $user_data['first_name'] = $fbuser['first_name'];
    $user_data['last_name'] = $fbuser['last_name'];
    $user_data['display_name'] = $fbuser['first_name'];
    $user_data['user_url'] = $fbuser["profile_url"];
    $user_data['user_email'] = $fbuser["email"];
    //Run a filter so the user can be modified to something different before registration
    //NOTE: If the user has selected "pretty names", this'll change FB_xxx to i.e. "John.Smith"
    $user_data = apply_filters('nxtfb_insert_user', $user_data, $fbuser);
    $user_data = apply_filters('nxtfb_inserting_user', $user_data, array('nxt_ID' => $user_login_id, 'FB_ID' => $fb_uid, 'facebook' => $facebook, 'FB_UserData' => $fbuser));
    //Insert a new user to our database and make sure it worked
    $user_login_id = nxt_insert_user($user_data);
    if (is_nxt_error($user_login_id)) {
        j_die("Error: nxt_insert_user failed!<br/><br/>" . "If you get this error while running a nxtclass MultiSite installation, it means you'll need to purchase the <a href=\"{$jfb_homepage}#premium\">premium version</a> of this plugin to enable full MultiSite support.<br/><br/>" . "If you're <u><i>not</i></u> using MultiSite, please report this bug to the plugin author on the support page <a href=\"{$jfb_homepage}#feedback\">here</a>.<br /><br />" . "Error message: " . (function_exists(array(&$user_login_id, 'get_error_message')) ? $user_login_id->get_error_message() : "Undefined") . "<br />" . "nxt_ALLOW_MULTISITE: " . (defined('nxt_ALLOW_MULTISITE') ? constant('nxt_ALLOW_MULTISITE') : "Undefined") . "<br />" . "is_multisite: " . (function_exists('is_multisite') ? is_multisite() : "Undefined"));
    }
コード例 #3
0
ファイル: network.php プロジェクト: nxtclass/NXTClass
/**
 * Prints step 2 for Network installation process.
 *
 * @since 3.0.0
 */
function network_step2($errors = false)
{
    global $base, $nxtdb;
    $hostname = get_clean_basedomain();
    if (!isset($base)) {
        $base = trailingslashit(stripslashes(dirname(dirname($_SERVER['SCRIPT_NAME']))));
    }
    // Wildcard DNS message.
    if (is_nxt_error($errors)) {
        echo '<div class="error">' . $errors->get_error_message() . '</div>';
    }
    if ($_POST) {
        if (allow_subdomain_install()) {
            $subdomain_install = allow_subdirectory_install() ? !empty($_POST['subdomain_install']) : true;
        } else {
            $subdomain_install = false;
        }
    } else {
        if (is_multisite()) {
            $subdomain_install = is_subdomain_install();
            ?>
	<p><?php 
            _e('The original configuration steps are shown here for reference.');
            ?>
</p>
<?php 
        } else {
            $subdomain_install = (bool) $nxtdb->get_var("SELECT meta_value FROM {$nxtdb->sitemeta} WHERE site_id = 1 AND meta_key = 'subdomain_install'");
            ?>
	<div class="error"><p><strong><?php 
            _e('Warning:');
            ?>
</strong> <?php 
            _e('An existing NXTClass network was detected.');
            ?>
</p></div>
	<p><?php 
            _e('Please complete the configuration steps. To create a new network, you will need to empty or remove the network database tables.');
            ?>
</p>
<?php 
        }
    }
    if ($_POST || !is_multisite()) {
        ?>
		<h3><?php 
        esc_html_e('Enabling the Network');
        ?>
</h3>
		<p><?php 
        _e('Complete the following steps to enable the features for creating a network of sites.');
        ?>
</p>
		<div class="updated inline"><p><?php 
        if (file_exists(ABSPATH . '.htaccess')) {
            printf(__('<strong>Caution:</strong> We recommend you back up your existing <code>nxt-config.php</code> and <code>%s</code> files.'), '.htaccess');
        } elseif (file_exists(ABSPATH . 'web.config')) {
            printf(__('<strong>Caution:</strong> We recommend you back up your existing <code>nxt-config.php</code> and <code>%s</code> files.'), 'web.config');
        } else {
            _e('<strong>Caution:</strong> We recommend you back up your existing <code>nxt-config.php</code> file.');
        }
        ?>
</p></div>
<?php 
    }
    ?>
		<ol>
			<li><p><?php 
    printf(__('Create a <code>blogs.dir</code> directory at <code>%s/blogs.dir</code>. This directory is used to store uploaded media for your additional sites and must be writeable by the web server.'), nxt_CONTENT_DIR);
    if (nxt_CONTENT_DIR != ABSPATH . 'nxt-content') {
        echo ' <strong>' . __('Warning:') . ' ' . __('Networks may not be fully compatible with custom nxt-content directories.') . '</strong>';
    }
    ?>
</p></li>
			<li><p><?php 
    printf(__('Add the following to your <code>nxt-config.php</code> file in <code>%s</code> <strong>above</strong> the line reading <code>/* That&#8217;s all, stop editing! Happy blogging. */</code>:'), ABSPATH);
    ?>
</p>
				<textarea class="code" readonly="readonly" cols="100" rows="7">
define( 'MULTISITE', true );
define( 'SUBDOMAIN_INSTALL', <?php 
    echo $subdomain_install ? 'true' : 'false';
    ?>
 );
$base = '<?php 
    echo $base;
    ?>
';
define( 'DOMAIN_CURRENT_SITE', '<?php 
    echo $hostname;
    ?>
' );
define( 'PATH_CURRENT_SITE', '<?php 
    echo $base;
    ?>
' );
define( 'SITE_ID_CURRENT_SITE', 1 );
define( 'BLOG_ID_CURRENT_SITE', 1 );</textarea>
<?php 
    $keys_salts = array('AUTH_KEY' => '', 'SECURE_AUTH_KEY' => '', 'LOGGED_IN_KEY' => '', 'NONCE_KEY' => '', 'AUTH_SALT' => '', 'SECURE_AUTH_SALT' => '', 'LOGGED_IN_SALT' => '', 'NONCE_SALT' => '');
    foreach ($keys_salts as $c => $v) {
        if (defined($c)) {
            unset($keys_salts[$c]);
        }
    }
    if (!empty($keys_salts)) {
        $keys_salts_str = '';
        $from_api = nxt_remote_get('https://api.nxtclass.org/secret-key/1.1/salt/');
        if (is_nxt_error($from_api)) {
            foreach ($keys_salts as $c => $v) {
                $keys_salts_str .= "\ndefine( '{$c}', '" . nxt_generate_password(64, true, true) . "' );";
            }
        } else {
            $from_api = explode("\n", nxt_remote_retrieve_body($from_api));
            foreach ($keys_salts as $c => $v) {
                $keys_salts_str .= "\ndefine( '{$c}', '" . substr(array_shift($from_api), 28, 64) . "' );";
            }
        }
        $num_keys_salts = count($keys_salts);
        ?>
	<p><?php 
        echo _n('This unique authentication key is also missing from your <code>nxt-config.php</code> file.', 'These unique authentication keys are also missing from your <code>nxt-config.php</code> file.', $num_keys_salts);
        ?>
 <?php 
        _e('To make your installation more secure, you should also add:');
        ?>
</p>
	<textarea class="code" readonly="readonly" cols="100" rows="<?php 
        echo $num_keys_salts;
        ?>
"><?php 
        echo esc_textarea($keys_salts_str);
        ?>
</textarea>
<?php 
    }
    ?>
</li>
<?php 
    if (iis7_supports_permalinks()) {
        if ($subdomain_install) {
            $web_config_file = '<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="NXTClass Rule 1" stopProcessing="true">
                    <match url="^index\\.php$" ignoreCase="false" />
                    <action type="None" />
                </rule>
                <rule name="NXTClass Rule 2" stopProcessing="true">
                    <match url="^files/(.+)" ignoreCase="false" />
                    <action type="Rewrite" url="nxt-includes/ms-files.php?file={R:1}" appendQueryString="false" />
                </rule>
                <rule name="NXTClass Rule 3" stopProcessing="true">
                    <match url="^" ignoreCase="false" />
                    <conditions logicalGrouping="MatchAny">
                        <add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" />
                        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" />
                    </conditions>
                    <action type="None" />
                </rule>
                <rule name="NXTClass Rule 4" stopProcessing="true">
                    <match url="." ignoreCase="false" />
                    <action type="Rewrite" url="index.php" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>';
        } else {
            $web_config_file = '<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="NXTClass Rule 1" stopProcessing="true">
                    <match url="^index\\.php$" ignoreCase="false" />
                    <action type="None" />
                </rule>
                <rule name="NXTClass Rule 2" stopProcessing="true">
                    <match url="^([_0-9a-zA-Z-]+/)?files/(.+)" ignoreCase="false" />
                    <action type="Rewrite" url="nxt-includes/ms-files.php?file={R:2}" appendQueryString="false" />
                </rule>
                <rule name="NXTClass Rule 3" stopProcessing="true">
                    <match url="^([_0-9a-zA-Z-]+/)?nxt-admin$" ignoreCase="false" />
                    <action type="Redirect" url="{R:1}nxt-admin/" redirectType="Permanent" />
                </rule>
                <rule name="NXTClass Rule 4" stopProcessing="true">
                    <match url="^" ignoreCase="false" />
                    <conditions logicalGrouping="MatchAny">
                        <add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" />
                        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" />
                    </conditions>
                    <action type="None" />
                </rule>
                <rule name="NXTClass Rule 5" stopProcessing="true">
                    <match url="^[_0-9a-zA-Z-]+/(nxt-(content|admin|includes).*)" ignoreCase="false" />
                    <action type="Rewrite" url="{R:1}" />
                </rule>
                <rule name="NXTClass Rule 6" stopProcessing="true">
                    <match url="^([_0-9a-zA-Z-]+/)?(.*\\.php)$" ignoreCase="false" />
                    <action type="Rewrite" url="{R:2}" />
                </rule>
                <rule name="NXTClass Rule 7" stopProcessing="true">
                    <match url="." ignoreCase="false" />
                    <action type="Rewrite" url="index.php" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>';
        }
        ?>
		<li><p><?php 
        printf(__('Add the following to your <code>web.config</code> file in <code>%s</code>, replacing other NXTClass rules:'), ABSPATH);
        ?>
</p>
		<textarea class="code" readonly="readonly" cols="100" rows="20">
		<?php 
        echo esc_textarea($web_config_file);
        ?>
		</textarea></li>
		</ol>

	<?php 
    } else {
        // end iis7_supports_permalinks(). construct an htaccess file instead:
        $htaccess_file = 'RewriteEngine On
RewriteBase ' . $base . '
RewriteRule ^index\\.php$ - [L]

# uploaded files
RewriteRule ^' . ($subdomain_install ? '' : '([_0-9a-zA-Z-]+/)?') . 'files/(.+) nxt-includes/ms-files.php?file=$' . ($subdomain_install ? 1 : 2) . ' [L]' . "\n";
        if (!$subdomain_install) {
            $htaccess_file .= "\n# add a trailing slash to /nxt-admin\n" . 'RewriteRule ^([_0-9a-zA-Z-]+/)?nxt-admin$ $1nxt-admin/ [R=301,L]' . "\n";
        }
        $htaccess_file .= "\n" . 'RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]';
        // @todo custom content dir.
        if (!$subdomain_install) {
            $htaccess_file .= "\nRewriteRule  ^[_0-9a-zA-Z-]+/(nxt-(content|admin|includes).*) \$1 [L]\nRewriteRule  ^[_0-9a-zA-Z-]+/(.*\\.php)\$ \$1 [L]";
        }
        $htaccess_file .= "\nRewriteRule . index.php [L]";
        ?>
		<li><p><?php 
        printf(__('Add the following to your <code>.htaccess</code> file in <code>%s</code>, replacing other NXTClass rules:'), ABSPATH);
        ?>
</p>
		<textarea class="code" readonly="readonly" cols="100" rows="<?php 
        echo $subdomain_install ? 11 : 16;
        ?>
">
<?php 
        echo esc_textarea($htaccess_file);
        ?>
</textarea></li>
		</ol>

	<?php 
    }
    // end IIS/Apache code branches.
    if (!is_multisite()) {
        ?>
		<p><?php 
        printf(__('Once you complete these steps, your network is enabled and configured. You will have to log in again.'));
        ?>
 <a href="<?php 
        echo esc_url(site_url('nxt-login.php'));
        ?>
"><?php 
        _e('Log In');
        ?>
</a></p>
<?php 
    }
}
コード例 #4
0
ファイル: setup-config.php プロジェクト: nxtclass/NXTClass
     nxt_fix_server_vars();
     /**#@+
      * @ignore
      */
     function get_bloginfo()
     {
         return (is_ssl() ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . str_replace($_SERVER['PHP_SELF'], '/nxt-admin/setup-config.php', '');
     }
     /**#@-*/
     $secret_keys = nxt_remote_get('https://api.nxtclass.org/secret-key/1.1/salt/');
 }
 if ($no_api || is_nxt_error($secret_keys)) {
     $secret_keys = array();
     require_once ABSPATH . nxtINC . '/pluggable.php';
     for ($i = 0; $i < 8; $i++) {
         $secret_keys[] = nxt_generate_password(64, true, true);
     }
 } else {
     $secret_keys = explode("\n", nxt_remote_retrieve_body($secret_keys));
     foreach ($secret_keys as $k => $v) {
         $secret_keys[$k] = substr($v, 28, 64);
     }
 }
 $key = 0;
 foreach ($configFile as $line_num => $line) {
     switch (substr($line, 0, 16)) {
         case "define('DB_NAME'":
             $configFile[$line_num] = str_replace("database_name_here", $dbname, $line);
             break;
         case "define('DB_USER'":
             $configFile[$line_num] = str_replace("'username_here'", "'{$uname}'", $line);
コード例 #5
0
ファイル: ms.php プロジェクト: nxtclass/NXTClass
function secret_salt_warning()
{
    if (!is_super_admin()) {
        return;
    }
    $secret_keys = array('AUTH_KEY', 'SECURE_AUTH_KEY', 'LOGGED_IN_KEY', 'NONCE_KEY', 'AUTH_SALT', 'SECURE_AUTH_SALT', 'LOGGED_IN_SALT', 'NONCE_SALT');
    $out = '';
    foreach ($secret_keys as $key) {
        if (!defined($key)) {
            $out .= "define( '{$key}', '" . esc_html(nxt_generate_password(64, true, true)) . "' );<br />";
        }
    }
    if ($out != '') {
        $msg = __('Warning! NXTClass encrypts user cookies, but you must add the following lines to <strong>nxt-config.php</strong> for it to be more secure.');
        $msg .= '<br/>' . __("Before the line <code>/* That's all, stop editing! Happy blogging. */</code> please add this code:");
        $msg .= "<br/><br/><code>{$out}</code>";
        echo "<div class='update-nag'>{$msg}</div>";
    }
}
コード例 #6
0
ファイル: ms-deprecated.php プロジェクト: nxtclass/NXTClass
/**
 * @since MU
 * @deprecated 3.0.0
 * @deprecated Use nxt_generate_password()
 * @see nxt_generate_password()
 */
function generate_random_password($len = 8)
{
    _deprecated_function(__FUNCTION__, '3.0', 'nxt_generate_password()');
    return nxt_generate_password($len);
}
コード例 #7
0
ファイル: site-users.php プロジェクト: nxtclass/NXTClass
} else {
    // Roles are stored in memory, not the DB.
    $editblog_roles = $nxt_roles->roles;
}
$default_role = get_blog_option($id, 'default_role');
$action = $nxt_list_table->current_action();
if ($action) {
    switch_to_blog($id);
    switch ($action) {
        case 'newuser':
            check_admin_referer('add-user', '_nxtnonce_add-new-user');
            $user = $_POST['user'];
            if (!is_array($_POST['user']) || empty($user['username']) || empty($user['email'])) {
                $update = 'err_new';
            } else {
                $password = nxt_generate_password(12, false);
                $user_id = nxtmu_create_user(esc_html(strtolower($user['username'])), $password, esc_html($user['email']));
                if (false == $user_id) {
                    $update = 'err_new_dup';
                } else {
                    nxt_new_user_notification($user_id, $password);
                    add_user_to_blog($id, $user_id, $_POST['new_role']);
                    $update = 'newuser';
                }
            }
            break;
        case 'adduser':
            check_admin_referer('add-user', '_nxtnonce_add-user');
            if (!empty($_POST['newuser'])) {
                $update = 'adduser';
                $newuser = $_POST['newuser'];
コード例 #8
0
ファイル: options-writing.php プロジェクト: nxtclass/NXTClass
</p>
	<p><textarea rows="5" cols="120" readonly="readonly"><?php 
echo htmlspecialchars(get_shortcut_link());
?>
</textarea></p>
</div>

<?php 
if (apply_filters('enable_post_by_email_configuration', true)) {
    ?>
<h3><?php 
    _e('Post via e-mail');
    ?>
</h3>
<p><?php 
    printf(__('To post to NXTClass by e-mail you must set up a secret e-mail account with POP3 access. Any mail received at this address will be posted, so it&#8217;s a good idea to keep this address very secret. Here are three random strings you could use: <kbd>%s</kbd>, <kbd>%s</kbd>, <kbd>%s</kbd>.'), nxt_generate_password(8, false), nxt_generate_password(8, false), nxt_generate_password(8, false));
    ?>
</p>

<table class="form-table">
<tr valign="top">
<th scope="row"><label for="mailserver_url"><?php 
    _e('Mail Server');
    ?>
</label></th>
<td><input name="mailserver_url" type="text" id="mailserver_url" value="<?php 
    form_option('mailserver_url');
    ?>
" class="regular-text code" />
<label for="mailserver_port"><?php 
    _e('Port');
コード例 #9
0
ファイル: pluggable.php プロジェクト: nxtclass/NXTClass
 /**
  * Get salt to add to hashes to help prevent attacks.
  *
  * The secret key is located in two places: the database in case the secret key
  * isn't defined in the second place, which is in the nxt-config.php file. If you
  * are going to set the secret key, then you must do so in the nxt-config.php
  * file.
  *
  * The secret key in the database is randomly generated and will be appended to
  * the secret key that is in nxt-config.php file in some instances. It is
  * important to have the secret key defined or changed in nxt-config.php.
  *
  * If you have installed NXTClass 2.5 or later, then you will have the
  * SECRET_KEY defined in the nxt-config.php already. You will want to change the
  * value in it because hackers will know what it is. If you have upgraded to
  * NXTClass 2.5 or later version from a version before NXTClass 2.5, then you
  * should add the constant to your nxt-config.php file.
  *
  * Below is an example of how the SECRET_KEY constant is defined with a value.
  * You must not copy the below example and paste into your nxt-config.php. If you
  * need an example, then you can have a
  * {@link https://api.nxtclass.org/secret-key/1.1/ secret key created} for you.
  *
  * <code>
  * define('SECRET_KEY', 'mAry1HadA15|\/|b17w55w1t3asSn09w');
  * </code>
  *
  * Salting passwords helps against tools which has stored hashed values of
  * common dictionary strings. The added values makes it harder to crack if given
  * salt string is not weak.
  *
  * @since 2.5
  * @link https://api.nxtclass.org/secret-key/1.1/ Create a Secret Key for nxt-config.php
  *
  * @param string $scheme Authentication scheme
  * @return string Salt value
  */
 function nxt_salt($scheme = 'auth')
 {
     global $nxt_default_secret_key;
     $secret_key = '';
     if (defined('SECRET_KEY') && '' != SECRET_KEY && $nxt_default_secret_key != SECRET_KEY) {
         $secret_key = SECRET_KEY;
     }
     if ('auth' == $scheme) {
         if (defined('AUTH_KEY') && '' != AUTH_KEY && $nxt_default_secret_key != AUTH_KEY) {
             $secret_key = AUTH_KEY;
         }
         if (defined('AUTH_SALT') && '' != AUTH_SALT && $nxt_default_secret_key != AUTH_SALT) {
             $salt = AUTH_SALT;
         } elseif (defined('SECRET_SALT') && '' != SECRET_SALT && $nxt_default_secret_key != SECRET_SALT) {
             $salt = SECRET_SALT;
         } else {
             $salt = get_site_option('auth_salt');
             if (empty($salt)) {
                 $salt = nxt_generate_password(64, true, true);
                 update_site_option('auth_salt', $salt);
             }
         }
     } elseif ('secure_auth' == $scheme) {
         if (defined('SECURE_AUTH_KEY') && '' != SECURE_AUTH_KEY && $nxt_default_secret_key != SECURE_AUTH_KEY) {
             $secret_key = SECURE_AUTH_KEY;
         }
         if (defined('SECURE_AUTH_SALT') && '' != SECURE_AUTH_SALT && $nxt_default_secret_key != SECURE_AUTH_SALT) {
             $salt = SECURE_AUTH_SALT;
         } else {
             $salt = get_site_option('secure_auth_salt');
             if (empty($salt)) {
                 $salt = nxt_generate_password(64, true, true);
                 update_site_option('secure_auth_salt', $salt);
             }
         }
     } elseif ('logged_in' == $scheme) {
         if (defined('LOGGED_IN_KEY') && '' != LOGGED_IN_KEY && $nxt_default_secret_key != LOGGED_IN_KEY) {
             $secret_key = LOGGED_IN_KEY;
         }
         if (defined('LOGGED_IN_SALT') && '' != LOGGED_IN_SALT && $nxt_default_secret_key != LOGGED_IN_SALT) {
             $salt = LOGGED_IN_SALT;
         } else {
             $salt = get_site_option('logged_in_salt');
             if (empty($salt)) {
                 $salt = nxt_generate_password(64, true, true);
                 update_site_option('logged_in_salt', $salt);
             }
         }
     } elseif ('nonce' == $scheme) {
         if (defined('NONCE_KEY') && '' != NONCE_KEY && $nxt_default_secret_key != NONCE_KEY) {
             $secret_key = NONCE_KEY;
         }
         if (defined('NONCE_SALT') && '' != NONCE_SALT && $nxt_default_secret_key != NONCE_SALT) {
             $salt = NONCE_SALT;
         } else {
             $salt = get_site_option('nonce_salt');
             if (empty($salt)) {
                 $salt = nxt_generate_password(64, true, true);
                 update_site_option('nonce_salt', $salt);
             }
         }
     } else {
         // ensure each auth scheme has its own unique salt
         $salt = hash_hmac('md5', $scheme, $secret_key);
     }
     return apply_filters('salt', $secret_key . $salt, $scheme);
 }
コード例 #10
0
ファイル: ms-functions.php プロジェクト: nxtclass/NXTClass
/**
 * Activate a signup.
 *
 * Hook to 'nxtmu_activate_user' or 'nxtmu_activate_blog' for events
 * that should happen only when users or sites are self-created (since
 * those actions are not called when users and sites are created
 * by a Super Admin).
 *
 * @since MU
 * @uses nxt_generate_password()
 * @uses nxtmu_welcome_user_notification()
 * @uses add_user_to_blog()
 * @uses add_new_user_to_blog()
 * @uses nxtmu_create_user()
 * @uses nxtmu_create_blog()
 * @uses nxtmu_welcome_notification()
 *
 * @param string $key The activation key provided to the user.
 * @return array An array containing information about the activated user and/or blog
 */
function nxtmu_activate_signup($key)
{
    global $nxtdb, $current_site;
    $signup = $nxtdb->get_row($nxtdb->prepare("SELECT * FROM {$nxtdb->signups} WHERE activation_key = %s", $key));
    if (empty($signup)) {
        return new nxt_Error('invalid_key', __('Invalid activation key.'));
    }
    if ($signup->active) {
        if (empty($signup->domain)) {
            return new nxt_Error('already_active', __('The user is already active.'), $signup);
        } else {
            return new nxt_Error('already_active', __('The site is already active.'), $signup);
        }
    }
    $meta = unserialize($signup->meta);
    $user_login = $nxtdb->escape($signup->user_login);
    $user_email = $nxtdb->escape($signup->user_email);
    $password = nxt_generate_password(12, false);
    $user_id = username_exists($user_login);
    if (!$user_id) {
        $user_id = nxtmu_create_user($user_login, $password, $user_email);
    } else {
        $user_already_exists = true;
    }
    if (!$user_id) {
        return new nxt_Error('create_user', __('Could not create user'), $signup);
    }
    $now = current_time('mysql', true);
    if (empty($signup->domain)) {
        $nxtdb->update($nxtdb->signups, array('active' => 1, 'activated' => $now), array('activation_key' => $key));
        if (isset($user_already_exists)) {
            return new nxt_Error('user_already_exists', __('That username is already activated.'), $signup);
        }
        nxtmu_welcome_user_notification($user_id, $password, $meta);
        add_new_user_to_blog($user_id, $user_email, $meta);
        do_action('nxtmu_activate_user', $user_id, $password, $meta);
        return array('user_id' => $user_id, 'password' => $password, 'meta' => $meta);
    }
    $blog_id = nxtmu_create_blog($signup->domain, $signup->path, $signup->title, $user_id, $meta, $nxtdb->siteid);
    // TODO: What to do if we create a user but cannot create a blog?
    if (is_nxt_error($blog_id)) {
        // If blog is taken, that means a previous attempt to activate this blog failed in between creating the blog and
        // setting the activation flag.  Let's just set the active flag and instruct the user to reset their password.
        if ('blog_taken' == $blog_id->get_error_code()) {
            $blog_id->add_data($signup);
            $nxtdb->update($nxtdb->signups, array('active' => 1, 'activated' => $now), array('activation_key' => $key));
        }
        return $blog_id;
    }
    $nxtdb->update($nxtdb->signups, array('active' => 1, 'activated' => $now), array('activation_key' => $key));
    nxtmu_welcome_notification($blog_id, $user_id, $password, $signup->title, $meta);
    do_action('nxtmu_activate_blog', $blog_id, $user_id, $password, $signup->title, $meta);
    return array('blog_id' => $blog_id, 'user_id' => $user_id, 'password' => $password, 'title' => $signup->title, 'meta' => $meta);
}
コード例 #11
0
ファイル: ms-delete-site.php プロジェクト: nxtclass/NXTClass
    if (get_option('delete_blog_hash') == $_GET['h']) {
        nxtmu_delete_blog($nxtdb->blogid);
        nxt_die(sprintf(__('Thank you for using %s, your site has been deleted. Happy trails to you until we meet again.'), $current_site->site_name));
    } else {
        nxt_die(__("I'm sorry, the link you clicked is stale. Please select another option."));
    }
}
$title = __('Delete Site');
$parent_file = 'tools.php';
require_once './admin-header.php';
echo '<div class="wrap">';
screen_icon();
echo '<h2>' . esc_html($title) . '</h2>';
if (isset($_POST['action']) && $_POST['action'] == 'deleteblog' && isset($_POST['confirmdelete']) && $_POST['confirmdelete'] == '1') {
    check_admin_referer('delete-blog');
    $hash = nxt_generate_password(20, false);
    update_option('delete_blog_hash', $hash);
    $url_delete = esc_url(admin_url('ms-delete-site.php?h=' . $hash));
    $content = apply_filters('delete_site_email_content', __("Dear User,\nYou recently clicked the 'Delete Site' link on your site and filled in a\nform on that page.\nIf you really want to delete your site, click the link below. You will not\nbe asked to confirm again so only click this link if you are absolutely certain:\n###URL_DELETE###\n\nIf you delete your site, please consider opening a new site here\nsome time in the future! (But remember your current site and username\nare gone forever.)\n\nThanks for using the site,\nWebmaster\n###SITE_NAME###"));
    $content = str_replace('###URL_DELETE###', $url_delete, $content);
    $content = str_replace('###SITE_NAME###', $current_site->site_name, $content);
    nxt_mail(get_option('admin_email'), "[ " . get_option('blogname') . " ] " . __('Delete My Site'), $content);
    ?>

	<p><?php 
    _e('Thank you. Please check your email for a link to confirm your action. Your site will not be deleted until this link is clicked. ');
    ?>
</p>

<?php 
} else {
コード例 #12
0
 /**
  * Map old author logins to local user IDs based on decisions made
  * in import options form. Can map to an existing user, create a new user
  * or falls back to the current user in case of error with either of the previous
  */
 function get_author_mapping()
 {
     if (!isset($_POST['imported_authors'])) {
         return;
     }
     $create_users = $this->allow_create_users();
     foreach ((array) $_POST['imported_authors'] as $i => $old_login) {
         // Multsite adds strtolower to sanitize_user. Need to sanitize here to stop breakage in process_posts.
         $santized_old_login = sanitize_user($old_login, true);
         $old_id = isset($this->authors[$old_login]['author_id']) ? intval($this->authors[$old_login]['author_id']) : false;
         if (!empty($_POST['user_map'][$i])) {
             $user = get_userdata(intval($_POST['user_map'][$i]));
             if (isset($user->ID)) {
                 if ($old_id) {
                     $this->processed_authors[$old_id] = $user->ID;
                 }
                 $this->author_mapping[$santized_old_login] = $user->ID;
             }
         } else {
             if ($create_users) {
                 if (!empty($_POST['user_new'][$i])) {
                     $user_id = nxt_create_user($_POST['user_new'][$i], nxt_generate_password());
                 } else {
                     if ($this->version != '1.0') {
                         $user_data = array('user_login' => $old_login, 'user_pass' => nxt_generate_password(), 'user_email' => isset($this->authors[$old_login]['author_email']) ? $this->authors[$old_login]['author_email'] : '', 'display_name' => $this->authors[$old_login]['author_display_name'], 'first_name' => isset($this->authors[$old_login]['author_first_name']) ? $this->authors[$old_login]['author_first_name'] : '', 'last_name' => isset($this->authors[$old_login]['author_last_name']) ? $this->authors[$old_login]['author_last_name'] : '');
                         $user_id = nxt_insert_user($user_data);
                     }
                 }
                 if (!is_nxt_error($user_id)) {
                     if ($old_id) {
                         $this->processed_authors[$old_id] = $user_id;
                     }
                     $this->author_mapping[$santized_old_login] = $user_id;
                 } else {
                     printf(__('Failed to create new user for %s. Their posts will be attributed to the current user.', 'nxtclass-importer'), esc_html($this->authors[$old_login]['author_display_name']));
                     if (defined('IMPORT_DEBUG') && IMPORT_DEBUG) {
                         echo ' ' . $user_id->get_error_message();
                     }
                     echo '<br />';
                 }
             }
         }
         // failsafe: if the user_id was invalid, default to the current user
         if (!isset($this->author_mapping[$santized_old_login])) {
             if ($old_id) {
                 $this->processed_authors[$old_id] = (int) get_current_user_id();
             }
             $this->author_mapping[$santized_old_login] = (int) get_current_user_id();
         }
     }
 }