public function test_bp_verify_nonce_request_with_port_in_home_url_and_wordpress_installed_in_subdirectory()
 {
     // fake various $_SERVER parameters
     $host = explode(':', $_SERVER['HTTP_HOST']);
     $_SERVER['HTTP_HOST'] = $host[0] . ':80';
     $_SERVER['SERVER_PORT'] = 80;
     $_SERVER['REQUEST_URI'] = '/wordpress/';
     // add port number and subdirecotry to home URL for testing
     add_filter('home_url', array($this, 'add_port_and_subdirectory_to_home_url'), 10, 3);
     // test bp_verify_nonce_request()
     $action = 'verify-this';
     $_REQUEST[$action] = wp_create_nonce($action);
     $test = bp_verify_nonce_request($action, $action);
     // clean up!
     remove_filter('home_url', array($this, 'add_port_and_subdirectory_to_home_url'), 10);
     unset($_REQUEST[$action]);
     // assert!
     $this->assertSame(1, $test);
 }
예제 #2
0
/**
 * Handle the loading of the signup screen.
 */
function bp_core_screen_signup()
{
    global $bp;
    if (!bp_is_current_component('register') || bp_current_action()) {
        return;
    }
    // Not a directory
    bp_update_is_directory(false, 'register');
    // If the user is logged in, redirect away from here
    if (is_user_logged_in()) {
        if (bp_is_component_front_page('register')) {
            $redirect_to = trailingslashit(bp_get_root_domain() . '/' . bp_get_members_root_slug());
        } else {
            $redirect_to = bp_get_root_domain();
        }
        /**
         * Filters the URL to redirect logged in users to when visiting registration page.
         *
         * @since BuddyPress (1.5.1)
         *
         * @param string $redirect_to URL to redirect user to.
         */
        bp_core_redirect(apply_filters('bp_loggedin_register_page_redirect_to', $redirect_to));
        return;
    }
    $bp->signup->step = 'request-details';
    if (!bp_get_signup_allowed()) {
        $bp->signup->step = 'registration-disabled';
        // If the signup page is submitted, validate and save
    } elseif (isset($_POST['signup_submit']) && bp_verify_nonce_request('bp_new_signup')) {
        /**
         * Fires before the validation of a new signup.
         *
         * @since BuddyPress (2.0.0)
         */
        do_action('bp_signup_pre_validate');
        // Check the base account details for problems
        $account_details = bp_core_validate_user_signup($_POST['signup_username'], $_POST['signup_email']);
        // If there are errors with account details, set them for display
        if (!empty($account_details['errors']->errors['user_name'])) {
            $bp->signup->errors['signup_username'] = $account_details['errors']->errors['user_name'][0];
        }
        if (!empty($account_details['errors']->errors['user_email'])) {
            $bp->signup->errors['signup_email'] = $account_details['errors']->errors['user_email'][0];
        }
        // Check that both password fields are filled in
        if (empty($_POST['signup_password']) || empty($_POST['signup_password_confirm'])) {
            $bp->signup->errors['signup_password'] = __('Please make sure you enter your password twice', 'buddypress');
        }
        // Check that the passwords match
        if (!empty($_POST['signup_password']) && !empty($_POST['signup_password_confirm']) && $_POST['signup_password'] != $_POST['signup_password_confirm']) {
            $bp->signup->errors['signup_password'] = __('The passwords you entered do not match.', 'buddypress');
        }
        $bp->signup->username = $_POST['signup_username'];
        $bp->signup->email = $_POST['signup_email'];
        // Now we've checked account details, we can check profile information
        if (bp_is_active('xprofile')) {
            // Make sure hidden field is passed and populated
            if (isset($_POST['signup_profile_field_ids']) && !empty($_POST['signup_profile_field_ids'])) {
                // Let's compact any profile field info into an array
                $profile_field_ids = explode(',', $_POST['signup_profile_field_ids']);
                // Loop through the posted fields formatting any datebox values then validate the field
                foreach ((array) $profile_field_ids as $field_id) {
                    if (!isset($_POST['field_' . $field_id])) {
                        if (!empty($_POST['field_' . $field_id . '_day']) && !empty($_POST['field_' . $field_id . '_month']) && !empty($_POST['field_' . $field_id . '_year'])) {
                            $_POST['field_' . $field_id] = date('Y-m-d H:i:s', strtotime($_POST['field_' . $field_id . '_day'] . $_POST['field_' . $field_id . '_month'] . $_POST['field_' . $field_id . '_year']));
                        }
                    }
                    // Create errors for required fields without values
                    if (xprofile_check_is_required_field($field_id) && empty($_POST['field_' . $field_id])) {
                        $bp->signup->errors['field_' . $field_id] = __('This is a required field', 'buddypress');
                    }
                }
                // This situation doesn't naturally occur so bounce to website root
            } else {
                bp_core_redirect(bp_get_root_domain());
            }
        }
        // Finally, let's check the blog details, if the user wants a blog and blog creation is enabled
        if (isset($_POST['signup_with_blog'])) {
            $active_signup = $bp->site_options['registration'];
            if ('blog' == $active_signup || 'all' == $active_signup) {
                $blog_details = bp_core_validate_blog_signup($_POST['signup_blog_url'], $_POST['signup_blog_title']);
                // If there are errors with blog details, set them for display
                if (!empty($blog_details['errors']->errors['blogname'])) {
                    $bp->signup->errors['signup_blog_url'] = $blog_details['errors']->errors['blogname'][0];
                }
                if (!empty($blog_details['errors']->errors['blog_title'])) {
                    $bp->signup->errors['signup_blog_title'] = $blog_details['errors']->errors['blog_title'][0];
                }
            }
        }
        /**
         * Fires after the validation of a new signup.
         *
         * @since BuddyPress (1.1.0)
         */
        do_action('bp_signup_validate');
        // Add any errors to the action for the field in the template for display.
        if (!empty($bp->signup->errors)) {
            foreach ((array) $bp->signup->errors as $fieldname => $error_message) {
                // addslashes() and stripslashes() to avoid create_function()
                // syntax errors when the $error_message contains quotes
                /**
                 * Filters the error message in the loop.
                 *
                 * @since BuddyPress (1.5.0)
                 *
                 * @param string $value Error message wrapped in html.
                 */
                add_action('bp_' . $fieldname . '_errors', create_function('', 'echo apply_filters(\'bp_members_signup_error_message\', "<div class=\\"error\\">" . stripslashes( \'' . addslashes($error_message) . '\' ) . "</div>" );'));
            }
        } else {
            $bp->signup->step = 'save-details';
            // No errors! Let's register those deets.
            $active_signup = !empty($bp->site_options['registration']) ? $bp->site_options['registration'] : '';
            if ('none' != $active_signup) {
                // Make sure the extended profiles module is enabled
                if (bp_is_active('xprofile')) {
                    // Let's compact any profile field info into usermeta
                    $profile_field_ids = explode(',', $_POST['signup_profile_field_ids']);
                    // Loop through the posted fields formatting any datebox values then add to usermeta - @todo This logic should be shared with the same in xprofile_screen_edit_profile()
                    foreach ((array) $profile_field_ids as $field_id) {
                        if (!isset($_POST['field_' . $field_id])) {
                            if (!empty($_POST['field_' . $field_id . '_day']) && !empty($_POST['field_' . $field_id . '_month']) && !empty($_POST['field_' . $field_id . '_year'])) {
                                // Concatenate the values
                                $date_value = $_POST['field_' . $field_id . '_day'] . ' ' . $_POST['field_' . $field_id . '_month'] . ' ' . $_POST['field_' . $field_id . '_year'];
                                // Turn the concatenated value into a timestamp
                                $_POST['field_' . $field_id] = date('Y-m-d H:i:s', strtotime($date_value));
                            }
                        }
                        if (!empty($_POST['field_' . $field_id])) {
                            $usermeta['field_' . $field_id] = $_POST['field_' . $field_id];
                        }
                        if (!empty($_POST['field_' . $field_id . '_visibility'])) {
                            $usermeta['field_' . $field_id . '_visibility'] = $_POST['field_' . $field_id . '_visibility'];
                        }
                    }
                    // Store the profile field ID's in usermeta
                    $usermeta['profile_field_ids'] = $_POST['signup_profile_field_ids'];
                }
                // Hash and store the password
                $usermeta['password'] = wp_hash_password($_POST['signup_password']);
                // If the user decided to create a blog, save those details to usermeta
                if ('blog' == $active_signup || 'all' == $active_signup) {
                    $usermeta['public'] = isset($_POST['signup_blog_privacy']) && 'public' == $_POST['signup_blog_privacy'] ? true : false;
                }
                /**
                 * Filters the user meta used for signup.
                 *
                 * @since BuddyPress (1.1.0)
                 *
                 * @param array $usermeta Array of user meta to add to signup.
                 */
                $usermeta = apply_filters('bp_signup_usermeta', $usermeta);
                // Finally, sign up the user and/or blog
                if (isset($_POST['signup_with_blog']) && is_multisite()) {
                    $wp_user_id = bp_core_signup_blog($blog_details['domain'], $blog_details['path'], $blog_details['blog_title'], $_POST['signup_username'], $_POST['signup_email'], $usermeta);
                } else {
                    $wp_user_id = bp_core_signup_user($_POST['signup_username'], $_POST['signup_password'], $_POST['signup_email'], $usermeta);
                }
                if (is_wp_error($wp_user_id)) {
                    $bp->signup->step = 'request-details';
                    bp_core_add_message($wp_user_id->get_error_message(), 'error');
                } else {
                    $bp->signup->step = 'completed-confirmation';
                }
            }
            /**
             * Fires after the completion of a new signup.
             *
             * @since BuddyPress (1.1.0)
             */
            do_action('bp_complete_signup');
        }
    }
    /**
     * Fires right before the loading of the Member registration screen template file.
     *
     * @since BuddyPress (1.5.0)
     */
    do_action('bp_core_screen_signup');
    /**
     * Filters the template to load for the Member registration page screen.
     *
     * @since BuddyPress (1.5.0)
     *
     * @param string $value Path to the Member registration template to load.
     */
    bp_core_load_template(apply_filters('bp_core_template_register', array('register', 'registration/register')));
}
/**
 * Handle deleting single notifications.
 *
 * @since 1.9.0
 *
 * @return bool
 */
function bp_notifications_action_delete()
{
    // Bail if not the read or unread screen.
    if (!bp_is_notifications_component() || !(bp_is_current_action('read') || bp_is_current_action('unread'))) {
        return false;
    }
    // Get the action.
    $action = !empty($_GET['action']) ? $_GET['action'] : '';
    $nonce = !empty($_GET['_wpnonce']) ? $_GET['_wpnonce'] : '';
    $id = !empty($_GET['notification_id']) ? $_GET['notification_id'] : '';
    // Bail if no action or no ID.
    if ('delete' !== $action || empty($id) || empty($nonce)) {
        return false;
    }
    // Check the nonce and delete the notification.
    if (bp_verify_nonce_request('bp_notification_delete_' . $id) && bp_notifications_delete_notification($id)) {
        bp_core_add_message(__('Notification successfully deleted.', 'buddypress'));
    } else {
        bp_core_add_message(__('There was a problem deleting that notification.', 'buddypress'), 'error');
    }
    // Redirect.
    bp_core_redirect(bp_displayed_user_domain() . bp_get_notifications_slug() . '/' . bp_current_action() . '/');
}
예제 #4
0
/**
 * Handle marking a single message thread as unread.
 *
 * @since BuddyPress (2.2.0)
 *
 * @return bool|null Returns false on failure. Otherwise redirects back to the
 *         message box URL.
 */
function bp_messages_action_mark_unread()
{
    if (!bp_is_messages_component() || bp_is_current_action('notices') || !bp_is_action_variable('unread', 0)) {
        return false;
    }
    $action = !empty($_GET['action']) ? $_GET['action'] : '';
    $nonce = !empty($_GET['_wpnonce']) ? $_GET['_wpnonce'] : '';
    $id = !empty($_GET['message_id']) ? intval($_GET['message_id']) : '';
    // Bail if no action or no ID.
    if ('unread' !== $action || empty($id) || empty($nonce)) {
        return false;
    }
    // Check the nonce.
    if (!bp_verify_nonce_request('bp_message_thread_mark_unread_' . $id)) {
        return false;
    }
    // Check access to the message and mark unread.
    if (messages_check_thread_access($id)) {
        messages_mark_thread_unread($id);
        bp_core_add_message(__('Message marked unread.', 'buddypress'));
    } else {
        bp_core_add_message(__('There was a problem marking that message.', 'buddypress'), 'error');
    }
    // Redirect back to the message box URL.
    bp_core_redirect(bp_displayed_user_domain() . bp_get_messages_slug() . '/' . bp_current_action());
}