function rcl_confirm_user_registration() { global $wpdb, $rcl_options; $reglogin = $_GET['rglogin']; $regpass = $_GET['rgpass']; $regcode = md5($reglogin); if ($regcode == $_GET['rgcode']) { if ($user = get_user_by('login', $reglogin)) { wp_update_user(array('ID' => $user->ID, 'role' => get_option('default_role'))); $time_action = current_time('mysql'); $action = $wpdb->get_var($wpdb->prepare("SELECT time_action FROM " . RCL_PREF . "user_action WHERE user = '******'", $user->ID)); if (!$action) { $wpdb->insert(RCL_PREF . 'user_action', array('user' => $user->ID, 'time_action' => $time_action)); } $creds = array(); $creds['user_login'] = $reglogin; $creds['user_password'] = $regpass; $creds['remember'] = true; $sign = wp_signon($creds, false); if (!is_wp_error($sign)) { rcl_update_timeaction_user(); do_action('rcl_confirm_registration', $user->ID); wp_redirect(rcl_get_authorize_url($user->ID)); exit; } } } if ($rcl_options['login_form_recall'] == 2) { wp_safe_redirect('wp-login.php?checkemail=confirm'); } else { wp_redirect(get_bloginfo('wpurl') . '?action-rcl=login&error=confirm'); } exit; }
function rcl_get_login_user() { global $wp_errors; $pass = sanitize_text_field($_POST['user_pass']); $login = sanitize_user($_POST['user_login']); $member = isset($_POST['rememberme']) ? intval($_POST['rememberme']) : 0; $url = esc_url($_POST['redirect_to']); $wp_errors = new WP_Error(); if (!$pass || !$login) { $wp_errors->add('rcl_login_empty', __('Fill in the required fields!', 'wp-recall')); return $wp_errors; } if ($user = get_user_by('login', $login)) { $user_data = get_userdata($user->ID); $roles = $user_data->roles; $role = array_shift($roles); if ($role == 'need-confirm') { $wp_errors->add('rcl_login_confirm', __('Your email is not confirmed!', 'wp-recall')); return $wp_errors; } } $creds = array(); $creds['user_login'] = $login; $creds['user_password'] = $pass; $creds['remember'] = $member; $user = wp_signon($creds, false); if (is_wp_error($user)) { $wp_errors = $user; return $wp_errors; } else { rcl_update_timeaction_user(); wp_redirect(rcl_get_authorize_url($user->ID)); exit; } }
function add_private_message_recall() { global $user_ID, $wpdb, $rcl_options; if (!$user_ID) { exit; } $_POST = stripslashes_deep($_POST); $this->user_lk = intval($_POST['adressat_mess']); $content_mess = esc_textarea($_POST['content_mess']); $online = 0; $status_mess = 0; $time = current_time('mysql'); $rcl_action_users = $wpdb->get_row($wpdb->prepare("SELECT * FROM " . RCL_PREF . "user_action WHERE user = '******'", $this->user_lk)); $last_action = rcl_get_useraction($rcl_action_users->time_action); if (!$last_action) { $online = 1; } $result = rcl_add_message(array('addressat' => $this->user_lk, 'content' => $content_mess)); if ($result) { rcl_update_timeaction_user(); if ($_POST['widget'] != 'undefined') { $wpdb->update(RCL_PREF . 'private_message', array('status_mess' => 1), array('ID' => intval($_POST['widget']))); $message_block = '<p class="success-mess">' . __('Your message has been sent!', 'wp-recall') . '</p>'; $log['recall'] = 200; } else { $id_mess = $wpdb->get_var("SELECT ID FROM " . RCL_PREF . "private_message WHERE author_mess = '{$user_ID}' AND time_mess = '{$time}'"); $message_block = ''; $message = array('ID' => $id_mess, 'content_mess' => $content_mess, 'status_mess' => 0, 'author_mess' => $user_ID, 'time_mess' => $time); $this->ava_user_lk = ''; $this->ava_user_ID = get_avatar($user_ID, 40); $message_block = $this->get_private_message_block_rcl($message_block, (object) $message); $newmess = '<div class="new_mess"></div>'; if (!$rcl_options['sort_mess']) { $message_block .= $newmess; } else { $message_block = $newmess . $message_block; } $log['recall'] = 100; } $log['message_block'] = $message_block; } else { $log['recall'] = 120; } echo json_encode($log); exit; }
function rcl_message_upload() { global $user_ID, $wpdb, $rcl_options; $adressat_mess = intval($_POST['talker']); $online = intval($_POST['online']); //print_r($_POST); //print_r($_FILES); exit; if (!$user_ID) { exit; } if ($rcl_options['file_limit']) { $file_num = $wpdb->get_var($wpdb->prepare("SELECT COUNT(ID) FROM " . RCL_PREF . "private_message WHERE author_mess = '%d' AND status_mess = '4'", $user_ID)); if ($file_num > $rcl_options['file_limit']) { $log['recall'] = 150; echo json_encode($log); exit; } } rcl_update_timeaction_user(); $time = current_time('mysql'); $mime = explode('/', $_FILES['filedata']['type']); $name = explode('/', str_replace('\\', '/', untrailingslashit($_FILES['filedata']['tmp_name']))); $cnt = count($name); $t_name = $name[--$cnt]; $file_name = $_FILES['filedata']['name']; $type = substr($file_name, -4); if (false !== strpos($type, '.')) { $type = substr($file_name, -3); } $upload_dir = wp_upload_dir(); $path_temp = $upload_dir['basedir'] . '/temp-files/'; if (!is_dir($path_temp)) { mkdir($path_temp); chmod($path_temp, 0755); } $file_path = $path_temp . $t_name . '.' . $type; //echo $file_path;exit; if ($mime[0] != 'video' && $mime[0] != 'image' && $mime[0] != 'audio') { $archive_name = $t_name . '.zip'; $arhive_path = $path_temp . $archive_name; $file_url = rcl_path_to_url($arhive_path); $zip = new ZipArchive(); if ($zip->open($arhive_path, ZipArchive::CREATE) === TRUE) { $zip->addFile($_FILES['filedata']['tmp_name'], $file_name); $zip->close(); } else { print_r($_FILES); exit; } } else { if ($type == 'php' || $type == 'html') { exit; } move_uploaded_file($_FILES['filedata']['tmp_name'], $file_path); $file_url = rcl_path_to_url($file_path); } $wpdb->insert(RCL_PREF . 'private_message', array('author_mess' => $user_ID, 'content_mess' => $file_url, 'adressat_mess' => $adressat_mess, 'time_mess' => $time, 'status_mess' => 4)); $result = $wpdb->get_var($wpdb->prepare("SELECT ID FROM " . RCL_PREF . "private_message WHERE author_mess = '%d' AND content_mess = '%s'", $user_ID, $file_url)); if ($result) { $file_url = wp_nonce_url(get_bloginfo('wpurl') . '/?rcl-download-id=' . base64_encode($result), 'user-' . $user_ID); $log['recall'] = 100; $log['time'] = $time; } else { $log['recall'] = 120; } echo json_encode($log); exit; }