private function compare() { if (version_compare($this->php, self::PHP, '<')) { $this->e->add('error', 'Dana Don Boom Boom Doo plugin cannot be activated.'); } if (version_compare($this->wp, self::WP, '<')) { $this->e->add('error', 'Dana Don Boom Boom Doo plugin cannot be activated.'); } if ($this->e->get_error_code()) { add_action('admin_init', [$this, 'error_message']); return false; } return true; }
/** * Handles sending password retrieval email to user. * * @uses $wpdb WordPress Database object * * @return bool|WP_Error True: when finish. WP_Error on error */ function retrieve_password() { global $wpdb; $errors = new WP_Error(); if (empty($_POST['user_login']) && empty($_POST['user_email'])) { $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.')); } if (strpos($_POST['user_login'], '@')) { $user_data = get_user_by_email(trim($_POST['user_login'])); if (empty($user_data)) { $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.')); } } else { $login = trim($_POST['user_login']); $user_data = get_userdatabylogin($login); } do_action('lostpassword_post'); if ($errors->get_error_code()) { return $errors; } if (!$user_data) { $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.')); return $errors; } // redefining user_login ensures we return the right case in the email $user_login = $user_data->user_login; $user_email = $user_data->user_email; do_action('retreive_password', $user_login); // Misspelled and deprecated do_action('retrieve_password', $user_login); $allow = apply_filters('allow_password_reset', true, $user_data->ID); if (!$allow) { return new WP_Error('no_password_reset', __('Password reset is not allowed for this user')); } else { if (is_wp_error($allow)) { return $allow; } } $user_email = $_POST['user_email']; $user_login = $_POST['user_login']; $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM {$wpdb->users} WHERE user_login = %s", $user_login)); if (empty($user)) { return new WP_Error('invalid_key', __('Invalid key')); } $new_pass = wp_generate_password(12, false); do_action('password_reset', $user, $new_pass); wp_set_password($new_pass, $user->ID); update_usermeta($user->ID, 'default_password_nag', true); //Set up the Password change nag. $message = sprintf(__('Username: %s'), $user->user_login) . "\r\n"; $message .= sprintf(__('Password: %s'), $new_pass) . "\r\n"; $message .= site_url() . '/?ptype=affiliate' . "\r\n"; $title = sprintf(__('[%s] Your new password'), get_option('blogname')); $title = apply_filters('password_reset_title', $title); $message = apply_filters('password_reset_message', $message, $new_pass); if ($message && !wp_mail($user_email, $title, $message)) { die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>'); } return true; }
/** * Handles sending password retrieval email to user. * * @uses $wpdb WordPress Database object * * @return bool|WP_Error True: when finish. WP_Error on error */ function retrieve_password() { global $wpdb; $errors = new WP_Error(); if (empty($_POST['user_login']) && empty($_POST['user_email'])) { $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.', 'templatic')); } if (strpos($_POST['user_login'], '@')) { $user_data = get_user_by_email(trim($_POST['user_login'])); if (empty($user_data)) { $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.', 'templatic')); } } else { $login = trim($_POST['user_login']); $user_data = get_userdatabylogin($login); } do_action('lostpassword_post'); if ($errors->get_error_code()) { return $errors; } if (!$user_data) { $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.', 'templatic')); return $errors; } // redefining user_login ensures we return the right case in the email $user_login = $user_data->user_login; $user_email = $user_data->user_email; do_action('retreive_password', $user_login); // Misspelled and deprecated do_action('retrieve_password', $user_login); $user_email = $_POST['user_email']; $user_login = $_POST['user_login']; $user = $wpdb->get_row("SELECT * FROM {$wpdb->users} WHERE user_login like \"{$user_login}\" or user_email like \"{$user_login}\""); if (empty($user)) { return new WP_Error('invalid_key', __('Invalid key', 'templatic')); } $new_pass = wp_generate_password(12, false); do_action('password_reset', $user, $new_pass); wp_set_password($new_pass, $user->ID); update_usermeta($user->ID, 'default_password_nag', true); //Set up the Password change nag. $message = '<p><b>Your login Information :</b></p>'; $message .= '<p>' . sprintf(__('Username: %s', 'templatic'), $user->user_login) . "</p>"; $message .= '<p>' . sprintf(__('Password: %s', 'templatic'), $new_pass) . "</p>"; $message .= '<p>You can login to : <a href="' . site_url() . '/?ptype=login' . "\">Login</a> or the URL is : " . site_url() . "/?ptype=login</p>"; $message .= '<p>Thank You,<br> ' . get_option('blogname') . '</p>'; $user_email = $user_data->user_email; $user_name = $user_data->user_nicename; $fromEmail = get_site_emailId(); $fromEmailName = get_site_emailName(); $title = sprintf(__('[%s] Your new password', 'templatic'), get_option('blogname')); $title = apply_filters('password_reset_title', $title); $message = apply_filters('password_reset_message', $message, $new_pass); if (get_option('pttthemes_send_mail') == 'Enable' || get_option('pttthemes_send_mail') == '') { templ_sendEmail($fromEmail, $fromEmailName, $user_email, $user_name, $title, $message, $extra = ''); ///forgot password email } return true; }
/** * Determine if rescheduling is suggested based on the job result. * * @since 1.3.0 * * @return bool */ public function found_temporary_error() { if ($this->is_service_unavailable()) { return true; } if (!is_wp_error($this->job_result)) { return false; } if ('http_request_failed' != $this->job_result->get_error_code()) { return false; } $error_message_patterns = array('Failed to connect', 'Couldn\'t resolve host', 'name lookup timed out', 'couldn\'t connect to host', 'Connection refused', 'Empty reply from server'); $error_message_pattern = '/(' . implode('|', $error_message_patterns) . ')/'; if (!preg_match($error_message_pattern, $this->job_result->get_error_message())) { return false; } return true; }
/** * Handles sending password retrieval email to user. * * @uses $wpdb WordPress Database object * * @return bool|WP_Error True: when finish. WP_Error on error */ function retrieve_password() { global $wpdb, $General, $Cart, $Product; $errors = new WP_Error(); if (empty($_POST['user_login']) && empty($_POST['user_email'])) { $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.')); } if (strpos($_POST['user_login'], '@')) { $user_data = get_user_by_email(trim($_POST['user_login'])); if (empty($user_data)) { $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.')); } } else { $login = trim($_POST['user_login']); $user_data = get_userdatabylogin($login); } do_action('lostpassword_post'); if ($errors->get_error_code()) { return $errors; } if (!$user_data) { $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.')); return $errors; } // redefining user_login ensures we return the right case in the email $user_login = $user_data->user_login; $user_email = $user_data->user_email; //do_action('retreive_password', $user_login); // Misspelled and deprecated //do_action('retrieve_password', $user_login); //$allow = apply_filters('allow_password_reset', true, $user_data->ID); //////////////////////////////////// //forget pw changed on 1st april 2010 start// $user_email = $_POST['user_email']; $user_login = $_POST['user_login']; $user = $wpdb->get_row("SELECT * FROM {$wpdb->users} WHERE user_login = \"{$user_login}\" or user_email = \"{$user_login}\""); $new_pass = wp_generate_password(12, false); wp_set_password($new_pass, $user->ID); if ($General->is_send_forgot_pw_email()) { $message = '<p>' . sprintf(__('Username: %s'), $user_data->user_login) . '</p>'; $message .= '<p>' . sprintf(__('Password: %s'), $new_pass) . "</p>"; $message .= '<p>You can <a href="' . $General->get_url_login(site_url('/?ptype=login')) . '">Login</a> now</p>'; $title = sprintf(__('[%s] Your new password'), get_option('blogname')); $user_email = $user_data->user_email; $user_login = $user_data->user_login; $title = apply_filters('password_reset_title', $title); $message = apply_filters('password_reset_message', $message, $new_pass); //forget pw changed on 1st april 2010 end// global $General; $fromEmail = $General->get_site_emailId(); $fromEmailName = $General->get_site_emailName(); $General->sendEmail($fromEmail, $fromEmailName, $user_email, $user_login, $title, $message, $extra = ''); ///To clidne email } return true; }
function retrieve_password() { global $wpdb; $errors = new WP_Error(); if ( empty( $_POST['user_login'] ) && empty( $_POST['user_email'] ) ) $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.')); if ( strstr($_POST['user_login'], '@') ) { $user_data = get_user_by_email(trim($_POST['user_login'])); if ( empty($user_data) ) $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.')); } else { $login = trim($_POST['user_login']); $user_data = get_userdatabylogin($login); } do_action('lostpassword_post'); if ( $errors->get_error_code() ) return $errors; if ( !$user_data ) { $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.')); return $errors; } // redefining user_login ensures we return the right case in the email $user_login = $user_data->user_login; $user_email = $user_data->user_email; do_action('retreive_password', $user_login); // Misspelled and deprecated do_action('retrieve_password', $user_login); $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login)); if ( empty($key) ) { // Generate something random for a key... $key = wp_generate_password(); do_action('retrieve_password_key', $user_login, $key); // Now insert the new md5 key into the db $wpdb->query($wpdb->prepare("UPDATE $wpdb->users SET user_activation_key = %s WHERE user_login = %s", $key, $user_login)); } $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n"; $message .= get_option('siteurl') . "\r\n\r\n"; $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; $message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n"; $message .= get_option('siteurl') . "/wp-login.php?action=rp&key=$key\r\n"; if ( !wp_mail($user_email, sprintf(__('[%s] Password Reset'), get_option('blogname')), $message) ) die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>'); return true; }
/** * WordPress exception constructor. * * The class constructor accepts either the traditional `\Exception` creation * parameters or a `\WP_Error` instance in place of the previous exception. * * If a `\WP_Error` instance is given in this way, the `$message` and `$code` * parameters are ignored in favour of the message and code provided by the * `\WP_Error` instance. * * Depending on whether a `\WP_Error` instance was received, the instance is kept * or a new one is created from the provided parameters. * * @param string $message Exception message (optional, defaults to empty). * @param string $code Exception code (optional, defaults to empty). * @param \Exception|\WP_Error $previous Previous exception or error (optional). * * @uses \WP_Error * @uses \WP_Error::get_error_code() * @uses \WP_Error::get_error_message() * * @codeCoverageIgnore */ public function __construct($message = '', $code = '', $previous = null) { $exception = $previous; $wp_error = null; if ($previous instanceof \WP_Error) { $code = $previous->get_error_code(); $message = $previous->get_error_message($code); $wp_error = $previous; $exception = null; } parent::__construct($message, null, $exception); $this->code = $code; $this->wp_error = $wp_error; }
/** * @ticket 28092 */ function test_remove_error() { $error = new WP_Error(); $error->add('foo', 'This is the first error message', 'some error data'); $error->add('foo', 'This is the second error message'); $error->add('bar', 'This is another error'); $error->remove('foo'); // Check the error has been removed. $this->assertEmpty($error->get_error_data('foo')); $this->assertEmpty($error->get_error_messages('foo')); // The 'bar' error should now be the 'first' error retrieved. $this->assertEquals('bar', $error->get_error_code()); $this->assertEmpty($error->get_error_data()); }
function registrar_usuario($parametros) { $errors = new WP_Error(); if ($parametros['email'] == NULL) { $errors->add('empty_email', __('<strong>ERROR</strong>: Please type your e-mail address.')); //return $errors; } if (!es_email($parametros['email'])) { $errors->add('invalid_email', __('<strong>ERROR</strong>: The email address isn’t correct.')); //return $errors; } if (email_exists($parametros['email'])) { $errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.')); //return $errors; } if ($parametros['nombre'] == NULL) { $errors->add('empty_username', __('<strong>ERROR</strong>: Please enter a username.')); //return $errors; } if ($parametros['empresa'] == NULL) { $errors->add('empty_empresa', '<strong>ERROR</strong>: Por favor introduce una empresa.'); } if ($errors->get_error_code()) { return $errors; } $user_pass = $parametros['clave'] == NULL ? wp_generate_password(12, false) : $parametros['clave']; $user_id = wp_create_user($parametros['nombre'], $user_pass, $parametros['email']); if (!$user_id) { $errors->add('registerfail', sprintf(__('<strong>ERROR</strong>: Couldn’t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_option('admin_email'))); return $errors; } update_user_option($user_id, 'default_password_nag', true, true); //Set up the Password change nag. wp_new_user_notification($user_id, $user_pass); //actualizo la empresa global $wpdb; $sql = "update wp_users set empresa = '" . $parametros['empresa'] . "' where ID = '" . $user_id . "'"; $result = $wpdb->query($sql); if ($result === false) { $errors->add('empty_empresa', '<strong>ERROR</strong>: No se ha asignado la empresa.'); } return $user_id; }
function populate_global($email = '', $global_name = '') { global $wpdb; $errors = new WP_Error(); if (empty($global_name)) { $errors->add('empty_global_name', __('You must provide a name for your global multinetwork.', 'global-admin')); } if (!is_email($email)) { $errors->add('invalid_email', __('You must provide a valid email address.', 'global-admin')); } if ($errors->get_error_code()) { return $errors; } $user = get_user_by('email', $email); if (false === $user) { $user = wp_get_current_user(); } $user->add_global_role('administrator'); $global_options = array('global_name' => $global_name, 'admin_email' => $email); /** * Filters options for the global admin on creation. * * @since 1.0.0 * * @param array $global_options Associative array of global keys and values to be inserted. */ $global_options = apply_filters('populate_global_options', $global_options); $insert = ''; foreach ($global_options as $key => $value) { if (is_array($value)) { $value = serialize($value); } if (!empty($insert)) { $insert .= ', '; } $insert .= $wpdb->prepare("( %s, %s, %s)", $key, $value, 'yes'); } $wpdb->query("INSERT INTO {$wpdb->global_options} ( option_name, option_value, autoload ) VALUES " . $insert); return true; }
/** * WPSC add new user function, validates and adds a new user, for the * * @since 3.7 * * @param string $user_login The user's username. * @param string $password The user's password. * @param string $user_email The user's email (optional). * @return int The new user's ID. */ function wpsc_add_new_user($user_login, $user_pass, $user_email) { require_once ABSPATH . WPINC . '/registration.php'; $errors = new WP_Error(); $user_login = sanitize_user($user_login); $user_email = apply_filters('user_registration_email', $user_email); // Check the username if ($user_login == '') { $errors->add('empty_username', __('<strong>ERROR</strong>: Please enter a username.')); } elseif (!validate_username($user_login)) { $errors->add('invalid_username', __('<strong>ERROR</strong>: This username is invalid. Please enter a valid username.')); $user_login = ''; } elseif (username_exists($user_login)) { $errors->add('username_exists', __('<strong>ERROR</strong>: This username is already registered, please choose another one.')); } // Check the e-mail address if ($user_email == '') { $errors->add('empty_email', __('<strong>ERROR</strong>: Please type your e-mail address.')); } elseif (!is_email($user_email)) { $errors->add('invalid_email', __('<strong>ERROR</strong>: The email address isn’t correct.')); $user_email = ''; } elseif (email_exists($user_email)) { $errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.')); } if ($errors->get_error_code()) { return $errors; } $user_id = wp_create_user($user_login, $user_pass, $user_email); if (!$user_id) { $errors->add('registerfail', sprintf(__('<strong>ERROR</strong>: Couldn’t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_option('admin_email'))); return $errors; } $credentials = array('user_login' => $user_login, 'user_password' => $user_pass, 'remember' => true); $user = wp_signon($credentials); return $user; //wp_new_user_notification($user_id, $user_pass); }
function wpmp_switcher_login_header($title, $message = '', $wp_error = '') { global $error; if (empty($wp_error)) { $wp_error = new WP_Error(); } include_once 'mobile.php'; wpmp_ms_mobile_top($title); if (!empty($message)) { echo apply_filters('login_message', $message) . "\n"; } if (!empty($error)) { $wp_error->add('error', $error); unset($error); } if ($wp_error->get_error_code()) { $errors = ''; $messages = ''; foreach ($wp_error->get_error_codes() as $code) { $severity = $wp_error->get_error_data($code); foreach ($wp_error->get_error_messages($code) as $error) { if ('message' == $severity) { $messages .= ' ' . $error . "<br />\n"; } else { $errors .= ' ' . $error . "<br />\n"; } } } if (!empty($errors)) { echo '<div id="login_error">' . apply_filters('login_errors', $errors) . "</div>\n"; } if (!empty($messages)) { echo '<p class="message">' . apply_filters('login_messages', $messages) . "</p>\n"; } } }
/** * populate network settings * * @since 3.0.0 * * @param int $network_id id of network to populate * @return bool|WP_Error True on success, or WP_Error on warning (with the install otherwise successful, * so the error code must be checked) or failure. */ function populate_network( $network_id = 1, $domain = '', $email = '', $site_name = '', $path = '/', $subdomain_install = false ) { global $wpdb, $current_site, $wp_db_version, $wp_rewrite; $errors = new WP_Error(); if ( '' == $domain ) $errors->add( 'empty_domain', __( 'You must provide a domain name.' ) ); if ( '' == $site_name ) $errors->add( 'empty_sitename', __( 'You must provide a name for your network of sites.' ) ); // check for network collision if ( $network_id == $wpdb->get_var( $wpdb->prepare( "SELECT id FROM $wpdb->site WHERE id = %d", $network_id ) ) ) $errors->add( 'siteid_exists', __( 'The network already exists.' ) ); $site_user = get_user_by_email( $email ); if ( ! is_email( $email ) ) $errors->add( 'invalid_email', __( 'You must provide a valid e-mail address.' ) ); if ( $errors->get_error_code() ) return $errors; // set up site tables $template = get_option( 'template' ); $stylesheet = get_option( 'stylesheet' ); $allowed_themes = array( $stylesheet => true ); if ( $template != $stylesheet ) $allowed_themes[ $template ] = true; if ( WP_DEFAULT_THEME != $stylesheet && WP_DEFAULT_THEME != $template ) $allowed_themes[ WP_DEFAULT_THEME ] = true; if ( 1 == $network_id ) { $wpdb->insert( $wpdb->site, array( 'domain' => $domain, 'path' => $path ) ); $network_id = $wpdb->insert_id; } else { $wpdb->insert( $wpdb->site, array( 'domain' => $domain, 'path' => $path, 'id' => $network_id ) ); } if ( !is_multisite() ) { $site_admins = array( $site_user->user_login ); $users = get_users_of_blog(); if ( $users ) { foreach ( $users as $user ) { if ( is_super_admin( $user->ID ) && !in_array( $user->user_login, $site_admins ) ) $site_admins[] = $user->user_login; } } } else { $site_admins = get_site_option( 'site_admins' ); } $welcome_email = __( 'Dear User, Your new SITE_NAME site has been successfully set up at: BLOG_URL You can log in to the administrator account with the following information: Username: USERNAME Password: PASSWORD Login Here: BLOG_URLwp-login.php We hope you enjoy your new site. Thanks! --The Team @ SITE_NAME' ); $sitemeta = array( 'site_name' => $site_name, 'admin_email' => $site_user->user_email, 'admin_user_id' => $site_user->ID, 'registration' => 'none', 'upload_filetypes' => 'jpg jpeg png gif mp3 mov avi wmv midi mid pdf', 'blog_upload_space' => 10, 'fileupload_maxk' => 1500, 'site_admins' => $site_admins, 'allowedthemes' => $allowed_themes, 'illegal_names' => array( 'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator', 'files' ), 'wpmu_upgrade_site' => $wp_db_version, 'welcome_email' => $welcome_email, 'first_post' => __( 'Welcome to <a href="SITE_URL">SITE_NAME</a>. This is your first post. Edit or delete it, then start blogging!' ), // @todo - network admins should have a method of editing the network siteurl (used for cookie hash) 'siteurl' => get_option( 'siteurl' ) . '/', 'add_new_users' => '0', 'upload_space_check_disabled' => '0', 'subdomain_install' => intval( $subdomain_install ), 'global_terms_enabled' => global_terms_enabled() ? '1' : '0' ); if ( !intval( $subdomain_install ) ) $sitemeta['illegal_names'][] = 'blog'; $insert = ''; foreach ( $sitemeta as $meta_key => $meta_value ) { $meta_key = $wpdb->escape( $meta_key ); if ( is_array( $meta_value ) ) $meta_value = serialize( $meta_value ); $meta_value = $wpdb->escape( $meta_value ); if ( !empty( $insert ) ) $insert .= ', '; $insert .= "( $network_id, '$meta_key', '$meta_value')"; } $wpdb->query( "INSERT INTO $wpdb->sitemeta ( site_id, meta_key, meta_value ) VALUES " . $insert ); $current_site->domain = $domain; $current_site->path = $path; $current_site->site_name = ucfirst( $domain ); if ( !is_multisite() ) { $wpdb->insert( $wpdb->blogs, array( 'site_id' => $network_id, 'domain' => $domain, 'path' => $path, 'registered' => current_time( 'mysql' ) ) ); $blog_id = $wpdb->insert_id; update_user_meta( $site_user->ID, 'source_domain', $domain ); update_user_meta( $site_user->ID, 'primary_blog', $blog_id ); if ( !$upload_path = get_option( 'upload_path' ) ) { $upload_path = substr( WP_CONTENT_DIR, strlen( ABSPATH ) ) . '/uploads'; update_option( 'upload_path', $upload_path ); } update_option( 'fileupload_url', get_option( 'siteurl' ) . '/' . $upload_path ); } if ( $subdomain_install ) update_option( 'permalink_structure', '/%year%/%monthnum%/%day%/%postname%/'); else update_option( 'permalink_structure', '/blog/%year%/%monthnum%/%day%/%postname%/'); $wp_rewrite->flush_rules(); if ( $subdomain_install ) { $vhost_ok = false; $errstr = ''; $hostname = substr( md5( time() ), 0, 6 ) . '.' . $domain; // Very random hostname! $page = wp_remote_get( 'http://' . $hostname, array( 'timeout' => 5, 'httpversion' => '1.1' ) ); if ( is_wp_error( $page ) ) $errstr = $page->get_error_message(); elseif ( 200 == $page['response']['code'] ) $vhost_ok = true; if ( ! $vhost_ok ) { $msg = '<p><strong>' . __( 'Warning! Wildcard DNS may not be configured correctly!' ) . '</strong></p>'; $msg .= '<p>' . sprintf( __( 'The installer attempted to contact a random hostname (<code>%1$s</code>) on your domain.' ), $hostname ); if ( ! empty ( $errstr ) ) $msg .= ' ' . sprintf( __( 'This resulted in an error message: %s' ), '<code>' . $errstr . '</code>' ); $msg .= '</p>'; $msg .= '<p>' . __( 'To use a subdomain configuration, you must have a wildcard entry in your DNS. This usually means adding a <code>*</code> hostname record pointing at your web server in your DNS configuration tool.' ) . '</p>'; $msg .= '<p>' . __( 'You can still use your site but any subdomain you create may not be accessible. If you know your DNS is correct, ignore this message.' ) . '</p>'; return new WP_Error( 'no_wildcard_dns', $msg ); } } return true; }
/** * Output the login page header. * * @param string $title Optional. WordPress login Page title to display in the `<title>` element. * Default 'Log In'. * @param string $message Optional. Message to display in header. Default empty. * @param WP_Error $wp_error Optional. The error to pass. Default empty. */ function login_header($title = 'Log In', $message = '', $wp_error = '') { global $error, $interim_login, $action; // Don't index any of these forms add_action('login_head', 'wp_no_robots'); if (wp_is_mobile()) { add_action('login_head', 'wp_login_viewport_meta'); } if (empty($wp_error)) { $wp_error = new WP_Error(); } // Shake it! $shake_error_codes = array('empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password'); /** * Filter the error codes array for shaking the login form. * * @since 3.0.0 * * @param array $shake_error_codes Error codes that shake the login form. */ $shake_error_codes = apply_filters('shake_error_codes', $shake_error_codes); if ($shake_error_codes && $wp_error->get_error_code() && in_array($wp_error->get_error_code(), $shake_error_codes)) { add_action('login_head', 'wp_shake_js', 12); } ?> <!DOCTYPE html> <!--[if IE 8]> <html xmlns="http://www.w3.org/1999/xhtml" class="ie8" <?php language_attributes(); ?> > <![endif]--> <!--[if !(IE 8) ]><!--> <html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?> > <!--<![endif]--> <head> <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?> ; charset=<?php bloginfo('charset'); ?> " /> <title><?php bloginfo('name'); ?> › <?php echo $title; ?> </title> <?php wp_admin_css('login', true); /* * Remove all stored post data on logging out. * This could be added by add_action('login_head'...) like wp_shake_js(), * but maybe better if it's not removable by plugins */ if ('loggedout' == $wp_error->get_error_code()) { ?> <script>if("sessionStorage" in window){try{for(var key in sessionStorage){if(key.indexOf("wp-autosave-")!=-1){sessionStorage.removeItem(key)}}}catch(e){}};</script> <?php } /** * Enqueue scripts and styles for the login page. * * @since 3.1.0 */ do_action('login_enqueue_scripts'); /** * Fires in the login page header after scripts are enqueued. * * @since 2.1.0 */ do_action('login_head'); if (is_multisite()) { $login_header_url = network_home_url(); $login_header_title = get_current_site()->site_name; } else { $login_header_url = __('https://wordpress.org/'); $login_header_title = __('Powered by WordPress'); } /** * Filter link URL of the header logo above login form. * * @since 2.1.0 * * @param string $login_header_url Login header logo URL. */ $login_header_url = apply_filters('login_headerurl', $login_header_url); /** * Filter the title attribute of the header logo above login form. * * @since 2.1.0 * * @param string $login_header_title Login header logo title attribute. */ $login_header_title = apply_filters('login_headertitle', $login_header_title); $classes = array('login-action-' . $action, 'wp-core-ui'); if (wp_is_mobile()) { $classes[] = 'mobile'; } if (is_rtl()) { $classes[] = 'rtl'; } if ($interim_login) { $classes[] = 'interim-login'; ?> <style type="text/css">html{background-color: transparent;}</style> <?php if ('success' === $interim_login) { $classes[] = 'interim-login-success'; } } $classes[] = ' locale-' . sanitize_html_class(strtolower(str_replace('_', '-', get_locale()))); /** * Filter the login page body classes. * * @since 3.5.0 * * @param array $classes An array of body classes. * @param string $action The action that brought the visitor to the login page. */ $classes = apply_filters('login_body_class', $classes, $action); ?> </head> <body class="login <?php echo esc_attr(implode(' ', $classes)); ?> "> <div id="login"> <h1><a href="<?php echo esc_url($login_header_url); ?> " title="<?php echo esc_attr($login_header_title); ?> " tabindex="-1"><?php bloginfo('name'); ?> </a></h1> <?php unset($login_header_url, $login_header_title); /** * Filter the message to display above the login form. * * @since 2.1.0 * * @param string $message Login message text. */ $message = apply_filters('login_message', $message); if (!empty($message)) { echo $message . "\n"; } // In case a plugin uses $error rather than the $wp_errors object if (!empty($error)) { $wp_error->add('error', $error); unset($error); } if ($wp_error->get_error_code()) { $errors = ''; $messages = ''; foreach ($wp_error->get_error_codes() as $code) { $severity = $wp_error->get_error_data($code); foreach ($wp_error->get_error_messages($code) as $error_message) { if ('message' == $severity) { $messages .= ' ' . $error_message . "<br />\n"; } else { $errors .= ' ' . $error_message . "<br />\n"; } } } if (!empty($errors)) { /** * Filter the error messages displayed above the login form. * * @since 2.1.0 * * @param string $errors Login error message. */ echo '<div id="login_error">' . apply_filters('login_errors', $errors) . "</div>\n"; } if (!empty($messages)) { /** * Filter instructional messages displayed above the login form. * * @since 2.5.0 * * @param string $messages Login messages. */ echo '<p class="message">' . apply_filters('login_messages', $messages) . "</p>\n"; } } }
/** * Upgrade the core of WordPress. * * This will create a .maintenance file at the base of the WordPress directory * to ensure that people can not access the web site, when the files are being * copied to their locations. * * The files in the {@link $_old_files} list will be removed and the new files * copied from the zip file after the database is upgraded. * * The files in the {@link $_new_bundled_files} list will be added to the installation * if the version is greater than or equal to the old version being upgraded. * * The steps for the upgrader for after the new release is downloaded and * unzipped is: * 1. Test unzipped location for select files to ensure that unzipped worked. * 2. Create the .maintenance file in current WordPress base. * 3. Copy new WordPress directory over old WordPress files. * 4. Upgrade WordPress to new version. * 4.1. Copy all files/folders other than wp-content * 4.2. Copy any language files to WP_LANG_DIR (which may differ from WP_CONTENT_DIR * 4.3. Copy any new bundled themes/plugins to their respective locations * 5. Delete new WordPress directory path. * 6. Delete .maintenance file. * 7. Remove old files. * 8. Delete 'update_core' option. * * There are several areas of failure. For instance if PHP times out before step * 6, then you will not be able to access any portion of your site. Also, since * the upgrade will not continue where it left off, you will not be able to * automatically remove old files and remove the 'update_core' option. This * isn't that bad. * * If the copy of the new WordPress over the old fails, then the worse is that * the new WordPress directory will remain. * * If it is assumed that every file will be copied over, including plugins and * themes, then if you edit the default theme, you should rename it, so that * your changes remain. * * @since 2.7.0 * * @global WP_Filesystem_Base $wp_filesystem * @global array $_old_files * @global array $_new_bundled_files * @global wpdb $wpdb * @global string $wp_version * @global string $required_php_version * @global string $required_mysql_version * * @param string $from New release unzipped path. * @param string $to Path to old WordPress installation. * @return WP_Error|null WP_Error on failure, null on success. */ function update_core($from, $to) { global $wp_filesystem, $_old_files, $_new_bundled_files, $wpdb; @set_time_limit(300); /** * Filter feedback messages displayed during the core update process. * * The filter is first evaluated after the zip file for the latest version * has been downloaded and unzipped. It is evaluated five more times during * the process: * * 1. Before WordPress begins the core upgrade process. * 2. Before Maintenance Mode is enabled. * 3. Before WordPress begins copying over the necessary files. * 4. Before Maintenance Mode is disabled. * 5. Before the database is upgraded. * * @since 2.5.0 * * @param string $feedback The core update feedback messages. */ apply_filters('update_feedback', __('Verifying the unpacked files…')); // Sanity check the unzipped distribution. $distro = ''; $roots = array('/wordpress/', '/wordpress-mu/'); foreach ($roots as $root) { if ($wp_filesystem->exists($from . $root . 'readme.html') && $wp_filesystem->exists($from . $root . 'wp-includes/version.php')) { $distro = $root; break; } } if (!$distro) { $wp_filesystem->delete($from, true); return new WP_Error('insane_distro', __('The update could not be unpacked')); } /** * Import $wp_version, $required_php_version, and $required_mysql_version from the new version * $wp_filesystem->wp_content_dir() returned unslashed pre-2.8 * * @global string $wp_version * @global string $required_php_version * @global string $required_mysql_version */ global $wp_version, $required_php_version, $required_mysql_version; $versions_file = trailingslashit($wp_filesystem->wp_content_dir()) . 'upgrade/version-current.php'; if (!$wp_filesystem->copy($from . $distro . 'wp-includes/version.php', $versions_file)) { $wp_filesystem->delete($from, true); return new WP_Error('copy_failed_for_version_file', __('The update cannot be installed because we will be unable to copy some files. This is usually due to inconsistent file permissions.'), 'wp-includes/version.php'); } $wp_filesystem->chmod($versions_file, FS_CHMOD_FILE); require WP_CONTENT_DIR . '/upgrade/version-current.php'; $wp_filesystem->delete($versions_file); $php_version = phpversion(); $mysql_version = $wpdb->db_version(); $old_wp_version = $wp_version; // The version of WordPress we're updating from $development_build = false !== strpos($old_wp_version . $wp_version, '-'); // a dash in the version indicates a Development release $php_compat = version_compare($php_version, $required_php_version, '>='); if (file_exists(WP_CONTENT_DIR . '/db.php') && empty($wpdb->is_mysql)) { $mysql_compat = true; } else { $mysql_compat = version_compare($mysql_version, $required_mysql_version, '>='); } if (!$mysql_compat || !$php_compat) { $wp_filesystem->delete($from, true); } if (!$mysql_compat && !$php_compat) { return new WP_Error('php_mysql_not_compatible', sprintf(__('The update cannot be installed because WordPress %1$s requires PHP version %2$s or higher and MySQL version %3$s or higher. You are running PHP version %4$s and MySQL version %5$s.'), $wp_version, $required_php_version, $required_mysql_version, $php_version, $mysql_version)); } elseif (!$php_compat) { return new WP_Error('php_not_compatible', sprintf(__('The update cannot be installed because WordPress %1$s requires PHP version %2$s or higher. You are running version %3$s.'), $wp_version, $required_php_version, $php_version)); } elseif (!$mysql_compat) { return new WP_Error('mysql_not_compatible', sprintf(__('The update cannot be installed because WordPress %1$s requires MySQL version %2$s or higher. You are running version %3$s.'), $wp_version, $required_mysql_version, $mysql_version)); } /** This filter is documented in wp-admin/includes/update-core.php */ apply_filters('update_feedback', __('Preparing to install the latest version…')); // Don't copy wp-content, we'll deal with that below // We also copy version.php last so failed updates report their old version $skip = array('wp-content', 'wp-includes/version.php'); $check_is_writable = array(); // Check to see which files don't really need updating - only available for 3.7 and higher if (function_exists('get_core_checksums')) { // Find the local version of the working directory $working_dir_local = WP_CONTENT_DIR . '/upgrade/' . basename($from) . $distro; $checksums = get_core_checksums($wp_version, isset($wp_local_package) ? $wp_local_package : 'en_US'); if (is_array($checksums) && isset($checksums[$wp_version])) { $checksums = $checksums[$wp_version]; } // Compat code for 3.7-beta2 if (is_array($checksums)) { foreach ($checksums as $file => $checksum) { if ('wp-content' == substr($file, 0, 10)) { continue; } if (!file_exists(ABSPATH . $file)) { continue; } if (!file_exists($working_dir_local . $file)) { continue; } if (md5_file(ABSPATH . $file) === $checksum) { $skip[] = $file; } else { $check_is_writable[$file] = ABSPATH . $file; } } } } // If we're using the direct method, we can predict write failures that are due to permissions. if ($check_is_writable && 'direct' === $wp_filesystem->method) { $files_writable = array_filter($check_is_writable, array($wp_filesystem, 'is_writable')); if ($files_writable !== $check_is_writable) { $files_not_writable = array_diff_key($check_is_writable, $files_writable); foreach ($files_not_writable as $relative_file_not_writable => $file_not_writable) { // If the writable check failed, chmod file to 0644 and try again, same as copy_dir(). $wp_filesystem->chmod($file_not_writable, FS_CHMOD_FILE); if ($wp_filesystem->is_writable($file_not_writable)) { unset($files_not_writable[$relative_file_not_writable]); } } // Store package-relative paths (the key) of non-writable files in the WP_Error object. $error_data = version_compare($old_wp_version, '3.7-beta2', '>') ? array_keys($files_not_writable) : ''; if ($files_not_writable) { return new WP_Error('files_not_writable', __('The update cannot be installed because we will be unable to copy some files. This is usually due to inconsistent file permissions.'), implode(', ', $error_data)); } } } /** This filter is documented in wp-admin/includes/update-core.php */ apply_filters('update_feedback', __('Enabling Maintenance mode…')); // Create maintenance file to signal that we are upgrading $maintenance_string = '<?php $upgrading = ' . time() . '; ?>'; $maintenance_file = $to . '.maintenance'; $wp_filesystem->delete($maintenance_file); $wp_filesystem->put_contents($maintenance_file, $maintenance_string, FS_CHMOD_FILE); /** This filter is documented in wp-admin/includes/update-core.php */ apply_filters('update_feedback', __('Copying the required files…')); // Copy new versions of WP files into place. $result = _copy_dir($from . $distro, $to, $skip); if (is_wp_error($result)) { $result = new WP_Error($result->get_error_code(), $result->get_error_message(), substr($result->get_error_data(), strlen($to))); } // Since we know the core files have copied over, we can now copy the version file if (!is_wp_error($result)) { if (!$wp_filesystem->copy($from . $distro . 'wp-includes/version.php', $to . 'wp-includes/version.php', true)) { $wp_filesystem->delete($from, true); $result = new WP_Error('copy_failed_for_version_file', __('The update cannot be installed because we will be unable to copy some files. This is usually due to inconsistent file permissions.'), 'wp-includes/version.php'); } $wp_filesystem->chmod($to . 'wp-includes/version.php', FS_CHMOD_FILE); } // Check to make sure everything copied correctly, ignoring the contents of wp-content $skip = array('wp-content'); $failed = array(); if (isset($checksums) && is_array($checksums)) { foreach ($checksums as $file => $checksum) { if ('wp-content' == substr($file, 0, 10)) { continue; } if (!file_exists($working_dir_local . $file)) { continue; } if (file_exists(ABSPATH . $file) && md5_file(ABSPATH . $file) == $checksum) { $skip[] = $file; } else { $failed[] = $file; } } } // Some files didn't copy properly if (!empty($failed)) { $total_size = 0; foreach ($failed as $file) { if (file_exists($working_dir_local . $file)) { $total_size += filesize($working_dir_local . $file); } } // If we don't have enough free space, it isn't worth trying again. // Unlikely to be hit due to the check in unzip_file(). $available_space = @disk_free_space(ABSPATH); if ($available_space && $total_size >= $available_space) { $result = new WP_Error('disk_full', __('There is not enough free disk space to complete the update.')); } else { $result = _copy_dir($from . $distro, $to, $skip); if (is_wp_error($result)) { $result = new WP_Error($result->get_error_code() . '_retry', $result->get_error_message(), substr($result->get_error_data(), strlen($to))); } } } // Custom Content Directory needs updating now. // Copy Languages if (!is_wp_error($result) && $wp_filesystem->is_dir($from . $distro . 'wp-content/languages')) { if (WP_LANG_DIR != ABSPATH . WPINC . '/languages' || @is_dir(WP_LANG_DIR)) { $lang_dir = WP_LANG_DIR; } else { $lang_dir = WP_CONTENT_DIR . '/languages'; } if (!@is_dir($lang_dir) && 0 === strpos($lang_dir, ABSPATH)) { // Check the language directory exists first $wp_filesystem->mkdir($to . str_replace(ABSPATH, '', $lang_dir), FS_CHMOD_DIR); // If it's within the ABSPATH we can handle it here, otherwise they're out of luck. clearstatcache(); // for FTP, Need to clear the stat cache } if (@is_dir($lang_dir)) { $wp_lang_dir = $wp_filesystem->find_folder($lang_dir); if ($wp_lang_dir) { $result = copy_dir($from . $distro . 'wp-content/languages/', $wp_lang_dir); if (is_wp_error($result)) { $result = new WP_Error($result->get_error_code() . '_languages', $result->get_error_message(), substr($result->get_error_data(), strlen($wp_lang_dir))); } } } } /** This filter is documented in wp-admin/includes/update-core.php */ apply_filters('update_feedback', __('Disabling Maintenance mode…')); // Remove maintenance file, we're done with potential site-breaking changes $wp_filesystem->delete($maintenance_file); // 3.5 -> 3.5+ - an empty twentytwelve directory was created upon upgrade to 3.5 for some users, preventing installation of Twenty Twelve. if ('3.5' == $old_wp_version) { if (is_dir(WP_CONTENT_DIR . '/themes/twentytwelve') && !file_exists(WP_CONTENT_DIR . '/themes/twentytwelve/style.css')) { $wp_filesystem->delete($wp_filesystem->wp_themes_dir() . 'twentytwelve/'); } } // Copy New bundled plugins & themes // This gives us the ability to install new plugins & themes bundled with future versions of WordPress whilst avoiding the re-install upon upgrade issue. // $development_build controls us overwriting bundled themes and plugins when a non-stable release is being updated if (!is_wp_error($result) && (!defined('CORE_UPGRADE_SKIP_NEW_BUNDLED') || !CORE_UPGRADE_SKIP_NEW_BUNDLED)) { foreach ((array) $_new_bundled_files as $file => $introduced_version) { // If a $development_build or if $introduced version is greater than what the site was previously running if ($development_build || version_compare($introduced_version, $old_wp_version, '>')) { $directory = '/' == $file[strlen($file) - 1]; list($type, $filename) = explode('/', $file, 2); // Check to see if the bundled items exist before attempting to copy them if (!$wp_filesystem->exists($from . $distro . 'wp-content/' . $file)) { continue; } if ('plugins' == $type) { $dest = $wp_filesystem->wp_plugins_dir(); } elseif ('themes' == $type) { $dest = trailingslashit($wp_filesystem->wp_themes_dir()); } else { continue; } if (!$directory) { if (!$development_build && $wp_filesystem->exists($dest . $filename)) { continue; } if (!$wp_filesystem->copy($from . $distro . 'wp-content/' . $file, $dest . $filename, FS_CHMOD_FILE)) { $result = new WP_Error("copy_failed_for_new_bundled_{$type}", __('Could not copy file.'), $dest . $filename); } } else { if (!$development_build && $wp_filesystem->is_dir($dest . $filename)) { continue; } $wp_filesystem->mkdir($dest . $filename, FS_CHMOD_DIR); $_result = copy_dir($from . $distro . 'wp-content/' . $file, $dest . $filename); // If a error occurs partway through this final step, keep the error flowing through, but keep process going. if (is_wp_error($_result)) { if (!is_wp_error($result)) { $result = new WP_Error(); } $result->add($_result->get_error_code() . "_{$type}", $_result->get_error_message(), substr($_result->get_error_data(), strlen($dest))); } } } } //end foreach } // Handle $result error from the above blocks if (is_wp_error($result)) { $wp_filesystem->delete($from, true); return $result; } // Remove old files foreach ($_old_files as $old_file) { $old_file = $to . $old_file; if (!$wp_filesystem->exists($old_file)) { continue; } $wp_filesystem->delete($old_file, true); } // Remove any Genericons example.html's from the filesystem _upgrade_422_remove_genericons(); // Upgrade DB with separate request /** This filter is documented in wp-admin/includes/update-core.php */ apply_filters('update_feedback', __('Upgrading database…')); $db_upgrade_url = admin_url('upgrade.php?step=upgrade_db'); wp_remote_post($db_upgrade_url, array('timeout' => 60)); // Clear the cache to prevent an update_option() from saving a stale db_version to the cache wp_cache_flush(); // (Not all cache backends listen to 'flush') wp_cache_delete('alloptions', 'options'); // Remove working directory $wp_filesystem->delete($from, true); // Force refresh of update information if (function_exists('delete_site_transient')) { delete_site_transient('update_core'); } else { delete_option('update_core'); } /** * Fires after WordPress core has been successfully updated. * * @since 3.3.0 * * @param string $wp_version The current WordPress version. */ do_action('_core_updated_successfully', $wp_version); // Clear the option that blocks auto updates after failures, now that we've been successful. if (function_exists('delete_site_option')) { delete_site_option('auto_core_update_failed'); } return $wp_version; }
/** * Handles sending password retrieval email to user. * * @uses $wpdb WordPress Database object * * @return bool|WP_Error True: when finish. WP_Error on error */ function retrieve_password() { global $wpdb, $wp_hasher; $errors = new WP_Error(); if (empty($_POST['user_login'])) { $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.')); } else { if (strpos($_POST['user_login'], '@')) { $user_data = get_user_by('email', trim($_POST['user_login'])); if (empty($user_data)) { $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.')); } } else { $login = trim($_POST['user_login']); $user_data = get_user_by('login', $login); } } /** * Fires before errors are returned from a password reset request. * * @since 2.1.0 */ do_action('lostpassword_post'); if ($errors->get_error_code()) { return $errors; } if (!$user_data) { $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.')); return $errors; } // Redefining user_login ensures we return the right case in the email. $user_login = $user_data->user_login; $user_email = $user_data->user_email; /** * Fires before a new password is retrieved. * * @since 1.5.0 * @deprecated 1.5.1 Misspelled. Use 'retrieve_password' hook instead. * * @param string $user_login The user login name. */ do_action('retreive_password', $user_login); /** * Fires before a new password is retrieved. * * @since 1.5.1 * * @param string $user_login The user login name. */ do_action('retrieve_password', $user_login); /** * Filter whether to allow a password to be reset. * * @since 2.7.0 * * @param bool true Whether to allow the password to be reset. Default true. * @param int $user_data->ID The ID of the user attempting to reset a password. */ $allow = apply_filters('allow_password_reset', true, $user_data->ID); if (!$allow) { return new WP_Error('no_password_reset', __('Password reset is not allowed for this user')); } else { if (is_wp_error($allow)) { return $allow; } } // Generate something random for a password reset key. $key = wp_generate_password(20, false); /** * Fires when a password reset key is generated. * * @since 2.5.0 * * @param string $user_login The username for the user. * @param string $key The generated password reset key. */ do_action('retrieve_password_key', $user_login, $key); // Now insert the key, hashed, into the DB. if (empty($wp_hasher)) { require_once ABSPATH . WPINC . '/class-phpass.php'; $wp_hasher = new PasswordHash(8, true); } $hashed = $wp_hasher->HashPassword($key); $wpdb->update($wpdb->users, array('user_activation_key' => $hashed), array('user_login' => $user_login)); $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n"; $message .= network_home_url('/') . "\r\n\r\n"; $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; $message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n"; $message .= __('To reset your password, visit the following address:') . "\r\n\r\n"; $message .= '<' . network_site_url("wp-login.php?action=rp&key={$key}&login="******">\r\n"; if (is_multisite()) { $blogname = $GLOBALS['current_site']->site_name; } else { /* * The blogname option is escaped with esc_html on the way into the database * in sanitize_option we want to reverse this for the plain text arena of emails. */ $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); } $title = sprintf(__('[%s] Password Reset'), $blogname); /** * Filter the subject of the password reset email. * * @since 2.8.0 * * @param string $title Default email title. */ $title = apply_filters('retrieve_password_title', $title); /** * Filter the message body of the password reset mail. * * @since 2.8.0 * * @param string $message Default mail message. * @param string $key The activation key. */ $message = apply_filters('retrieve_password_message', $message, $key); if ($message && !wp_mail($user_email, wp_specialchars_decode($title), $message)) { wp_die(__('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.')); } return true; }
/** * Echo a JSON error message, set a HTTP status, and exit * * @since 1.0 * @param WP_Error $error error code of HTTP status int. error message echoed in JSON */ public static function reject_message(WP_Error $error) { status_header($error->get_error_code()); wp_send_json(array('error' => $error->get_error_message())); }
/** * * */ function lost_password_reset() { global $wpdb, $current_site, $wp_hasher; $errors = new WP_Error(); $user_data = get_user_by('email', trim($_POST['user-email'])); if (empty($user_data)) { $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.')); } do_action('lostpassword_post'); if (!$user_data) { $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.')); } if ($errors->get_error_code()) { echo implode('<br/>', $errors->get_error_messages()); exit; } $user_info = $user_data; $user_login = $user_info->user_login; $user_email = $user_info->user_email; //url para onde ele encaminha a validação do link por email, é preciso alterar. $validate_url = get_bloginfo('url') . '/' . lost_password_page; if ($user_info) { /* * Daqui para a frente eu fiz com base na função original do wordpress. */ // Generate something random for a password reset key. $key = wp_generate_password(20, false); /** * Fires when a password reset key is generated. * * @since 2.5.0 * * @param string $user_login The username for the user. * @param string $key The generated password reset key. */ do_action('retrieve_password_key', $user_login, $key); // Now insert the key, hashed, into the DB. if (empty($wp_hasher)) { require_once ABSPATH . 'wp-includes/class-phpass.php'; $wp_hasher = new PasswordHash(8, true); } $hashed = $wp_hasher->HashPassword($key); $wpdb->update($wpdb->users, array('user_activation_key' => $hashed), array('user_login' => $user_login)); $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n"; $message .= network_home_url('/') . "\r\n\r\n"; $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; $message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n"; $message .= __('To reset your password, visit the following address:') . "\r\n\r\n"; $url = network_site_url("wp-login.php?action=rp&key={$key}&login="******"<a href=\"{$url}\" target=\"_blank\">{$url}</a>\r\n"; if (is_multisite()) { $blogname = $GLOBALS['current_site']->site_name; } else { // The blogname option is escaped with esc_html on the way into the database in sanitize_option // we want to reverse this for the plain text arena of emails. $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); } $title = sprintf(__('[%s] Password Reset'), $blogname); /** * Filter the subject of the password reset email. * * @since 2.8.0 * * @param string $title Default email title. */ $title = apply_filters('retrieve_password_title', $title); /** * Filter the message body of the password reset mail. * * @since 2.8.0 * * @param string $message Default mail message. * @param string $key The activation key. */ $message = apply_filters('retrieve_password_message', $message, $key); add_filter('wp_mail_content_type', create_function('', 'return "text/html"; ')); if ($message && !wp_mail($user_email, $title, $message)) { wp_die(__('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.')); } /* * Fim do ctrl+c do wordpress */ echo _x('Foi enviada uma mensagem para seu email com uma chave de validação e os próximos passos para recuperar sua senha', 'custom-lost-password', 'redelivre'); return true; } else { echo _x('Nenhum usuário encontrado com este email', 'custom-lost-password', 'redelivre'); return false; } }
function popover_login_process() { $error = new WP_Error(); if (!wp_verify_nonce($_POST['nonce'], 'membership_login')) { $error->add('invalid', __('Invalid form submission.', 'membership')); } $userbylogin = get_user_by('login', $_POST['user_login']); if (!empty($userbylogin)) { $user = wp_authenticate($userbylogin->user_login, $_POST['password']); if (is_wp_error($user)) { $error->add('userlogin', $user->get_error_message()); } else { wp_set_auth_cookie($user->ID); // Set the current user up wp_set_current_user($user->ID); } } else { $error->add('userlogin', __('User not found.', 'membership')); } $anyerrors = $error->get_error_code(); if (is_wp_error($error) && !empty($anyerrors)) { // we have an error - output $messages = $error->get_error_messages(); //sendback error echo json_encode(array('errormsg' => $messages[0])); } else { // everything seems fine (so far), so we have our queued user so let's // move to picking a subscription - so send back the form. echo $this->popover_sendpayment_form($user->ID); } exit; }
function retrieve_password() { global $wpdb, $SimpleLogin; $errors = new WP_Error(); if (empty($_POST['user_login']) && empty($_POST['user_email'])) { $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.', 'simplelogin')); } if (strpos($_POST['user_login'], '@')) { $user_data = get_user_by_email(trim($_POST['user_login'])); if (empty($user_data)) { $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.', 'simplelogin')); } } else { $login = trim($_POST['user_login']); $user_data = get_userdatabylogin($login); } do_action('lostpassword_post'); if ($errors->get_error_code()) { return $errors; } if (!$user_data) { $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.', 'simplelogin')); return $errors; } // redefining user_login ensures we return the right case in the email $user_login = $user_data->user_login; $user_email = $user_data->user_email; do_action('retreive_password', $user_login); // Misspelled and deprecated do_action('retrieve_password', $user_login); $allow = apply_filters('allow_password_reset', true, $user_data->ID); if (!$allow) { return new WP_Error('no_password_reset', __('Password reset is not allowed for this user', 'simplelogin')); } else { if (is_wp_error($allow)) { return $allow; } } $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM {$wpdb->users} WHERE user_login = %s", $user_login)); if (empty($key)) { // Generate something random for a key... $key = wp_generate_password(20, false); do_action('retrieve_password_key', $user_login, $key); // Now insert the new md5 key into the db $wpdb->query($wpdb->prepare("UPDATE {$wpdb->users} SET user_activation_key = %s WHERE user_login = %s", $key, $user_login)); } $from = $SimpleLogin->MailFrom(); $from_name = $SimpleLogin->MailFromName(); $subject = $SimpleLogin->GetOption('custom_user_pass_request_mail_subject'); $message = $SimpleLogin->GetOption('custom_user_pass_request_mail_message'); $replace_this = array('/%blogname%/', '/%siteurl%/', '/%reseturl%/', '/%user_login%/', '/%user_email%/', '/%user_ip%/'); $replace_with = array(get_option('blogname'), get_option('siteurl'), simplelogin_url(array('action' => 'rp', 'key' => $key)), $user->user_login, $user->user_email, $_SERVER['REMOTE_ADDR']); if (!empty($from)) { add_filter('wp_mail_from', array(&$SimpleLogin, 'MailFrom')); } if (!empty($from_name)) { add_filter('wp_mail_from_name', array(&$SimpleLogin, 'MailFromName')); } if (empty($subject)) { $subject = sprintf(__('[%s] Password Reset', 'simplelogin'), get_option('blogname')); } else { $subject = preg_replace($replace_this, $replace_with, $subject); } if (empty($message)) { $message = __('Someone has asked to reset the password for the following site and username.', 'simplelogin') . "\r\n\r\n"; $message .= get_option('siteurl') . "\r\n\r\n"; $message .= sprintf(__('Username: %s', 'simplelogin'), $user_login) . "\r\n\r\n"; $message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.', 'simplelogin') . "\r\n\r\n"; $message .= simplelogin_url(array('action' => 'rp', 'key' => $key)) . "\r\n"; } else { $message = preg_replace($replace_this, $replace_with, $message); } if (!wp_mail($user_email, $subject, $message)) { die('<p>' . __('The e-mail could not be sent.', 'simplelogin') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...', 'simplelogin') . '</p>'); } return true; }
/** * Handles sending password retrieval email to user. * * @uses $wpdb WordPress Database object * * @return bool|WP_Error True: when finish. WP_Error on error */ function retrieve_password() { global $wpdb; $errors = new WP_Error(); if (empty($_POST['user_login']) && empty($_POST['user_email'])) { $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.')); } if (strpos($_POST['user_login'], '@')) { $user_data = get_user_by_email(trim($_POST['user_login'])); if (empty($user_data)) { $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.')); } } else { $login = trim($_POST['user_login']); $user_data = get_userdatabylogin($login); } do_action('lostpassword_post'); if ($errors->get_error_code()) { return $errors; } if (!$user_data) { $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.')); return $errors; } // redefining user_login ensures we return the right case in the email $user_login = $user_data->user_login; $user_email = $user_data->user_email; do_action('retreive_password', $user_login); // Misspelled and deprecated do_action('retrieve_password', $user_login); $allow = apply_filters('allow_password_reset', true, $user_data->ID); if (!$allow) { return new WP_Error('no_password_reset', __('Password reset is not allowed for this user')); } else { if (is_wp_error($allow)) { return $allow; } } $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM {$wpdb->users} WHERE user_login = %s", $user_login)); if (empty($key)) { // Generate something random for a key... $key = wp_generate_password(20, false); do_action('retrieve_password_key', $user_login, $key); // Now insert the new md5 key into the db $wpdb->update($wpdb->users, array('user_activation_key' => $key), array('user_login' => $user_login)); } $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n"; $message .= get_option('siteurl') . "\r\n\r\n"; $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; $message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n"; $message .= site_url("wp-login.php?action=rp&key={$key}&login="******"\r\n"; $title = sprintf(__('[%s] Password Reset'), get_option('blogname')); $title = apply_filters('retrieve_password_title', $title); $message = apply_filters('retrieve_password_message', $message, $key); if ($message && !wp_mail($user_email, $title, $message)) { die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>'); } return true; }
function alimir_bootModal_ajax_lostPassword_retrieve($user_data) { global $wpdb, $current_site, $wp_hasher; $errors = new WP_Error(); if (empty($user_data)) { $errors->add('empty_username', __('Please enter a username or e-mail address.', 'alimir')); } else { if (strpos($user_data, '@')) { $user_data = get_user_by('email', trim($user_data)); if (empty($user_data)) { $errors->add('invalid_email', __('There is no user registered with that email address.', 'alimir')); } } else { $login = trim($user_data); $user_data = get_user_by('login', $login); } } if ($errors->get_error_code()) { return $errors; } if (!$user_data) { $errors->add('invalidcombo', __('Invalid username or e-mail.', 'alimir')); return $errors; } $user_login = $user_data->user_login; $user_email = $user_data->user_email; do_action('retrieve_password', $user_login); $allow = apply_filters('allow_password_reset', true, $user_data->ID); if (!$allow) { return new WP_Error('no_password_reset', __('Password reset is not allowed for this user', 'alimir')); } else { if (is_wp_error($allow)) { return $allow; } } $key = wp_generate_password(20, false); do_action('retrieve_password_key', $user_login, $key); if (empty($wp_hasher)) { require_once ABSPATH . 'wp-includes/class-phpass.php'; $wp_hasher = new PasswordHash(8, true); } $hashed = $wp_hasher->HashPassword($key); $wpdb->update($wpdb->users, array('user_activation_key' => $hashed), array('user_login' => $user_login)); $message = __('Someone requested that the password be reset for the following account:', 'alimir') . "\r\n\r\n"; $message .= network_home_url('/') . "\r\n\r\n"; $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; $message .= __('If this was a mistake, just ignore this email and nothing will happen.', 'alimir') . "\r\n\r\n"; $message .= __('To reset your password, visit the following address:', 'alimir') . "\r\n\r\n"; $message .= '<' . network_site_url("wp-login.php?action=rp&key={$key}&login="******">\r\n\r\n"; $message .= __("powered by < http://wordpress.org/plugins/ajax-bootmodal-login >", 'alimir') . "\r\n"; $message .= __("Ali Mizraei < http://alimir.ir >", 'alimir') . "\r\n"; if (is_multisite()) { $blogname = $GLOBALS['current_site']->site_name; } else { $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); } $title = sprintf(__('[%s] Password Reset'), $blogname); $title = apply_filters('retrieve_password_title', $title); $message = apply_filters('retrieve_password_message', $message, $key); if ($message && !wp_mail($user_email, $title, $message)) { $errors->add('noemail', __('The e-mail could not be sent.<br />Possible reason: your host may have disabled the mail() function.', 'alimir')); return $errors; wp_die(); } return true; }
/** * Handles sending password retrieval email to user. * * @uses $wpdb WordPress Database object * * @return bool|WP_Error True: when finish. WP_Error on error */ function retrieve_password() { global $wpdb, $current_site; $errors = new WP_Error(); if (empty($_POST['user_login'])) { $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.')); } else { if (strpos($_POST['user_login'], '@')) { $user_data = get_user_by('email', trim($_POST['user_login'])); if (empty($user_data)) { $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.')); } } else { $login = trim($_POST['user_login']); $user_data = get_user_by('login', $login); } } do_action('lostpassword_post'); if ($errors->get_error_code()) { return $errors; } if (!$user_data) { $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.')); return $errors; } // redefining user_login ensures we return the right case in the email $user_login = $user_data->user_login; $user_email = $user_data->user_email; do_action('retreive_password', $user_login); // Misspelled and deprecated do_action('retrieve_password', $user_login); $allow = apply_filters('allow_password_reset', true, $user_data->ID); if (!$allow) { return new WP_Error('no_password_reset', __('Password reset is not allowed for this user')); } else { if (is_wp_error($allow)) { return $allow; } } $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM {$wpdb->users} WHERE user_login = %s", $user_login)); if (empty($key)) { // Generate something random for a key... $key = wp_generate_password(20, false); do_action('retrieve_password_key', $user_login, $key); // Now insert the new md5 key into the db $wpdb->update($wpdb->users, array('user_activation_key' => $key), array('user_login' => $user_login)); } $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n"; $message .= network_home_url('/') . "\r\n\r\n"; $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; $message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n"; $message .= __('To reset your password, visit the following address:') . "\r\n\r\n"; $message .= '<' . network_site_url("wp-login.php?action=rp&key={$key}&login="******">\r\n"; if (is_multisite()) { $blogname = $GLOBALS['current_site']->site_name; } else { // The blogname option is escaped with esc_html on the way into the database in sanitize_option // we want to reverse this for the plain text arena of emails. $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); } $title = sprintf(__('[%s] Password Reset'), $blogname); $title = apply_filters('retrieve_password_title', $title); $message = apply_filters('retrieve_password_message', $message, $key); if ($message && !wp_mail($user_email, $title, $message)) { wp_die(__('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...')); } return true; }
function postInsertUser() { global $userMeta, $user_ID; $userMeta->verifyNonce(); $errors = new WP_Error(); /// Determine $userID $userID = $user_ID; if (isset($_REQUEST['user_id'])) { $user = new WP_User($user_ID); if ($user->has_cap('add_users') && $_REQUEST['user_id']) { $userID = esc_attr($_REQUEST['user_id']); } } /// $_REQUEST Validation $actionType = @$_REQUEST['action_type']; if (empty($actionType)) { $errors->add('empty_action_type', __('Action type not set', $userMeta->name)); } if (!isset($_REQUEST['form_key'])) { $errors->add('empty_form_name', __('Form name not set', $userMeta->name)); } /// Determine $actionType $actionType = strtolower($actionType); if ($actionType == 'profile-registration') { if ($user_ID) { $actionType = 'profile'; } else { $actionType = 'registration'; } } /// filter valid key for update $validFields = $userMeta->formValidInputField(@$_REQUEST['form_key']); if (!$validFields) { $errors->add('empty_field', __('No field to Update', $userMeta->name)); } /// Showing error if ($errors->get_error_code()) { return $userMeta->ShowError($errors); } // Free version limitation //if( ( $actionType <> 'profile' ) && ! ( $userMeta->isPro ) ) //return $userMeta->showError( sprintf( __( 'type="%s" is not supported in free version', $userMeta->name ), $actionType ) ); /// Assign $fieldName,$fieldData to $userData. Also validating required and unique foreach ($validFields as $fieldName => $fieldData) { /// user_login is read-only for profile update, so remove it to being $userData /*if( $fieldName == 'user_login' && $actionType == 'profile' ) continue; if( $fieldName == 'user_pass' && $actionType == 'profile' ){ if( !$_REQUEST[$fieldName] ) continue; }*/ if ($actionType == 'profile') { if ($fieldName == 'user_login' || $fieldName == 'user_pass' && empty($_REQUEST['user_pass'])) { continue; } } /// Assigning data to $userData $userData[$fieldName] = @$_REQUEST[$fieldName]; /// Handle non-ajax file upload if (in_array($fieldData['field_type'], array('user_avatar', 'file'))) { if (isset($_FILES[$fieldName])) { $extensions = @$fieldData['allowed_extension'] ? $fieldData['allowed_extension'] : "jpg,png,gif"; $maxSize = @$fieldData['max_file_size'] ? $fieldData['max_file_size'] * 1024 : 1024 * 1024; $file = $userMeta->fileUpload($fieldName, $extensions, $maxSize); if (is_wp_error($file)) { if ($file->get_error_code() != 'no_file') { $errors->add($file->get_error_code(), $file->get_error_message()); } } else { if (is_string($file)) { $userData[$fieldName] = $file; } } } } // For removing value for cache //if( $fieldName == 'user_avatar' OR $fieldName == 'file' ) //$imageCache[] = $userData[$fieldName]; /*if( $fieldName == 'user_login' || $fieldName == 'user_email' ){ $fieldData[ 'required' ] = true; $fieldData[ 'unique' ] = true; }*/ /*if( $fieldName == 'user_pass' && $actionType == 'registration' ) $fieldData[ 'required' ] = true;*/ /*if( $fieldData[ 'required' ] ){ if( !$userData[ $fieldName ] ){ $errors->add( 'required', sprintf( __( '%s field is required', $userMeta->name ), $fieldData['field_title'] ) ); continue; } }*/ /* * Using umField Class */ if (!isset($fieldData['field_value'])) { $fieldData['field_value'] = $userData[$fieldName]; } $field = new umField($fieldData['field_id'], $fieldData, array('user_id' => $userID, 'insert_type' => $actionType)); if ($fieldName == 'user_pass' && $actionType == 'registration') { $field->addRule('required'); } if (isset($_REQUEST[$fieldName . "_retype"])) { $field->addRule('equals'); } if (!$field->validate()) { foreach ($field->getErrors() as $errKey => $errVal) { $errors->add($errKey, $errVal); } } /*if( isset($_REQUEST[ $fieldName . "_retype" ]) && !empty($_REQUEST[$fieldName]) ){ if( $_REQUEST[ $fieldName . "_retype" ] != $_REQUEST[$fieldName] ) $errors->add( 'retype_required', sprintf( __( '%s field is required to retype', $userMeta->name ), $fieldData['field_title'] ) ); } if( $fieldData[ 'unique' ] ){ $available = $userMeta->isUserFieldAvailable( $fieldName, $userData[ $fieldName ], $userID ); if( ! $available ) $errors->add( 'existing_' . $fieldName, sprintf( __( '%1$s: "%2$s" already taken', $userMeta->name ), $fieldData[ 'field_title' ], $userData[ $fieldName ] ) ); }*/ } // If add_user_to_blog set true in UserMeta settings panel if (is_multisite() && $actionType == 'registration') { $registrationSettings = $userMeta->getSettings('registration'); if (!empty($registrationSettings['add_user_to_blog'])) { if (in_array('existing_user_login', $errors->get_error_codes())) { unset($errors->errors['existing_user_login']); } if (in_array('existing_user_email', $errors->get_error_codes())) { unset($errors->errors['existing_user_email']); } } } if (empty($userData)) { return $userMeta->ShowError(__('No data to update', $userMeta->name)); } // Showing error if ($errors->get_error_code()) { return $userMeta->ShowError($errors); } /// Run Captcha validation after completed all other validation $captchaValidation = $userMeta->isInvalidateCaptcha(); if ($captchaValidation) { $errors->add('invalid_captcha', $captchaValidation); return $userMeta->ShowError($errors); } /** * Check allowed role for security purpose */ if (isset($userData['role'])) { $ignoreRole = true; $fieldData = $userMeta->getFieldData(@$_REQUEST['role_field_id']); if (is_array(@$fieldData['allowed_roles'])) { if (in_array($userData['role'], $fieldData['allowed_roles'])) { $ignoreRole = false; } } if ($ignoreRole) { unset($userData['role']); } } if ($actionType == 'registration') { return $userMeta->registerUser($userData, @$imageCache); } $html = null; if ($actionType == 'profile') { if (!$user_ID) { return $userMeta->showError(__('User must be logged in to update profile', $userMeta->name)); } $userData = apply_filters('user_meta_pre_user_update', $userData); if (is_wp_error($userData)) { return $userMeta->showError($userData); } $response = $userMeta->insertUser($userData, $userID); if (is_wp_error($response)) { return $userMeta->showError($response); } /// Allow to populate form data based on DB instead of $_REQUEST $userMeta->showDataFromDB = true; // Removing Cache if (isset($imageCache)) { $userMeta->removeCache('image_cache', $imageCache, false); } do_action('user_meta_after_user_update', (object) $response); $message = $userMeta->getMsg('profile_updated'); $html = "<div action_type='{$actionType}'>" . $userMeta->showMessage($message) . "</div>"; } return $userMeta->printAjaxOutput($html); }
/** * Returns plugin errors * * @since 6.0 * @access public */ function get_errors() { global $error; $wp_error =& $GLOBALS['theme_my_login']->errors; if (empty($wp_error)) { $wp_error = new WP_Error(); } // Incase a plugin uses $error rather than the $errors object if (!empty($error)) { $wp_error->add('error', $error); unset($error); } $output = ''; if ($this->is_active) { if ($wp_error->get_error_code()) { $errors = ''; $messages = ''; foreach ($wp_error->get_error_codes() as $code) { $severity = $wp_error->get_error_data($code); foreach ($wp_error->get_error_messages($code) as $error) { if ('message' == $severity) { $messages .= ' ' . $error . "<br />\n"; } else { $errors .= ' ' . $error . "<br />\n"; } } } if (!empty($errors)) { $output .= '<p class="error">' . apply_filters('login_errors', $errors) . "</p>\n"; } if (!empty($messages)) { $output .= '<p class="message">' . apply_filters('login_messages', $messages) . "</p>\n"; } } } return $output; }
/** * Handles sending password retrieval email to user. * * @since 1.0.0 * @package GeoDirectory * @global object $wpdb WordPress Database object. * @return bool|WP_Error True: when finish. WP_Error on error. */ function geodir_retrieve_password() { global $wpdb; $errors = new WP_Error(); if (empty($_POST['user_login']) && empty($_POST['user_email'])) { $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.', 'geodirectory')); } if (strpos($_POST['user_login'], '@')) { //$user_data = get_user_by_email(trim($_POST['user_login'])); $user_data = get_user_by('email', trim($_POST['user_login'])); if (empty($user_data)) { $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.', 'geodirectory')); } } else { $login = trim($_POST['user_login']); $user_data = get_user_by('email', $login); } /** * Called in the geodir_retrieve_password() function before any errors are set or any emails are sent. * * @since 1.0.0 */ do_action('lostpassword_post'); if ($errors->get_error_code()) { return $errors; } if (!$user_data) { $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.', 'geodirectory')); return $errors; } // redefining user_login ensures we return the right case in the email $user_login = $user_data->user_login; $user_email = $user_data->user_email; /** * Called in the geodir_retrieve_password() function before any emails are sent. * * @since 1.0.0 * @param string $user_login The users username. */ do_action('retrieve_password', $user_login); //////////////////////////////////// $user_email = isset($_POST['user_email']) ? $_POST['user_email'] : ''; $user_login = $_POST['user_login']; $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM {$wpdb->users} WHERE user_login like %s or user_email like %s", array($user_login, $user_login))); if (empty($user)) { return new WP_Error('invalid_key', __('Invalid key', 'geodirectory')); } $new_pass = wp_generate_password(12, false); /** * Called in the geodir_retrieve_password() function before any emails are sent. * * @since 1.0.0 * @param object $user The user object. * @param string $new_pass The new pass being sent to the user. */ do_action('password_reset', $user, $new_pass); wp_set_password($new_pass, $user->ID); update_user_meta($user->ID, 'default_password_nag', true); //Set up the Password change nag. $message = '<p><b>' . __('Your login Information :', 'geodirectory') . '</b></p>'; $message .= '<p>' . sprintf(__('Username: %s', 'geodirectory'), $user->user_login) . "</p>"; $message .= '<p>' . sprintf(__('Password: %s', 'geodirectory'), $new_pass) . "</p>"; //$message .= '<p>You can login to : <a href="'.home_url().'/?ptype=login' . "\">Login</a> or the URL is : ".home_url()."/?ptype=login</p>"; //$message .= '<p>Thank You,<br> '.get_option('blogname').'</p>'; $user_email = $user_data->user_email; $user_name = geodir_get_client_name($user->ID); $fromEmail = geodir_get_site_email_id(); $fromEmailName = get_site_emailName(); $title = sprintf(__('[%s] Your new password', 'geodirectory'), get_option('blogname')); /** * Filter the password reset email subject part. * * @since 1.0.0 * * @param string $title Password reset email subject. */ $title = apply_filters('password_reset_title', $title); /** * Filter the password reset email message part. * * @since 1.0.0 * * @param string $message Password reset email message. * @param string $new_pass The new password string. */ $message = apply_filters('password_reset_message', $message, $new_pass); //geodir_sendEmail($fromEmail,$fromEmailName,$user_email,$user_name,$title,$message,$extra='');///forgot password email geodir_sendEmail($fromEmail, $fromEmailName, $user_email, $user_name, $title, $message, $extra = '', 'forgot_password', $post_id = '', $user->ID); ///forgot password email return true; }
/** * Populate network settings. * * @since 3.0.0 * * @global wpdb $wpdb * @global object $current_site * @global int $wp_db_version * @global WP_Rewrite $wp_rewrite * * @param int $network_id ID of network to populate. * @return bool|WP_Error True on success, or WP_Error on warning (with the install otherwise successful, * so the error code must be checked) or failure. */ function populate_network($network_id = 1, $domain = '', $email = '', $site_name = '', $path = '/', $subdomain_install = false) { global $wpdb, $current_site, $wp_db_version, $wp_rewrite; $errors = new WP_Error(); if ('' == $domain) { $errors->add('empty_domain', __('You must provide a domain name.')); } if ('' == $site_name) { $errors->add('empty_sitename', __('You must provide a name for your network of sites.')); } // Check for network collision. if ($network_id == $wpdb->get_var($wpdb->prepare("SELECT id FROM {$wpdb->site} WHERE id = %d", $network_id))) { $errors->add('siteid_exists', __('The network already exists.')); } if (!is_email($email)) { $errors->add('invalid_email', __('You must provide a valid email address.')); } if ($errors->get_error_code()) { return $errors; } // If a user with the provided email does not exist, default to the current user as the new network admin. $site_user = get_user_by('email', $email); if (false === $site_user) { $site_user = wp_get_current_user(); } // Set up site tables. $template = get_option('template'); $stylesheet = get_option('stylesheet'); $allowed_themes = array($stylesheet => true); if ($template != $stylesheet) { $allowed_themes[$template] = true; } if (WP_DEFAULT_THEME != $stylesheet && WP_DEFAULT_THEME != $template) { $allowed_themes[WP_DEFAULT_THEME] = true; } // If WP_DEFAULT_THEME doesn't exist, also whitelist the latest core default theme. if (!wp_get_theme(WP_DEFAULT_THEME)->exists()) { if ($core_default = WP_Theme::get_core_default_theme()) { $allowed_themes[$core_default->get_stylesheet()] = true; } } if (1 == $network_id) { $wpdb->insert($wpdb->site, array('domain' => $domain, 'path' => $path)); $network_id = $wpdb->insert_id; } else { $wpdb->insert($wpdb->site, array('domain' => $domain, 'path' => $path, 'id' => $network_id)); } wp_cache_delete('networks_have_paths', 'site-options'); if (!is_multisite()) { $site_admins = array($site_user->user_login); $users = get_users(array('fields' => array('ID', 'user_login'))); if ($users) { foreach ($users as $user) { if (is_super_admin($user->ID) && !in_array($user->user_login, $site_admins)) { $site_admins[] = $user->user_login; } } } } else { $site_admins = get_site_option('site_admins'); } /* translators: Do not translate USERNAME, SITE_NAME, BLOG_URL, PASSWORD: those are placeholders. */ $welcome_email = __('Howdy USERNAME, Your new SITE_NAME site has been successfully set up at: BLOG_URL You can log in to the administrator account with the following information: Username: USERNAME Password: PASSWORD Log in here: BLOG_URLwp-login.php We hope you enjoy your new site. Thanks! --The Team @ SITE_NAME'); $misc_exts = array('jpg', 'jpeg', 'png', 'gif', 'mov', 'avi', 'mpg', '3gp', '3g2', 'midi', 'mid', 'pdf', 'doc', 'ppt', 'odt', 'pptx', 'docx', 'pps', 'ppsx', 'xls', 'xlsx', 'key'); $audio_exts = wp_get_audio_extensions(); $video_exts = wp_get_video_extensions(); $upload_filetypes = array_unique(array_merge($misc_exts, $audio_exts, $video_exts)); $sitemeta = array('site_name' => $site_name, 'admin_email' => $email, 'admin_user_id' => $site_user->ID, 'registration' => 'none', 'upload_filetypes' => implode(' ', $upload_filetypes), 'blog_upload_space' => 100, 'fileupload_maxk' => 1500, 'site_admins' => $site_admins, 'allowedthemes' => $allowed_themes, 'illegal_names' => array('www', 'web', 'root', 'admin', 'main', 'invite', 'administrator', 'files'), 'wpmu_upgrade_site' => $wp_db_version, 'welcome_email' => $welcome_email, 'first_post' => __('Welcome to %s. This is your first post. Edit or delete it, then start blogging!'), 'siteurl' => get_option('siteurl') . '/', 'add_new_users' => '0', 'upload_space_check_disabled' => is_multisite() ? get_site_option('upload_space_check_disabled') : '1', 'subdomain_install' => intval($subdomain_install), 'global_terms_enabled' => global_terms_enabled() ? '1' : '0', 'ms_files_rewriting' => is_multisite() ? get_site_option('ms_files_rewriting') : '0', 'initial_db_version' => get_option('initial_db_version'), 'active_sitewide_plugins' => array(), 'WPLANG' => get_locale()); if (!$subdomain_install) { $sitemeta['illegal_names'][] = 'blog'; } /** * Filter meta for a network on creation. * * @since 3.7.0 * * @param array $sitemeta Associative array of network meta keys and values to be inserted. * @param int $network_id ID of network to populate. */ $sitemeta = apply_filters('populate_network_meta', $sitemeta, $network_id); $insert = ''; foreach ($sitemeta as $meta_key => $meta_value) { if (is_array($meta_value)) { $meta_value = serialize($meta_value); } if (!empty($insert)) { $insert .= ', '; } $insert .= $wpdb->prepare("( %d, %s, %s)", $network_id, $meta_key, $meta_value); } $wpdb->query("INSERT INTO {$wpdb->sitemeta} ( site_id, meta_key, meta_value ) VALUES " . $insert); /* * When upgrading from single to multisite, assume the current site will * become the main site of the network. When using populate_network() * to create another network in an existing multisite environment, skip * these steps since the main site of the new network has not yet been * created. */ if (!is_multisite()) { $current_site = new stdClass(); $current_site->domain = $domain; $current_site->path = $path; $current_site->site_name = ucfirst($domain); $wpdb->insert($wpdb->blogs, array('site_id' => $network_id, 'blog_id' => 1, 'domain' => $domain, 'path' => $path, 'registered' => current_time('mysql'))); $current_site->blog_id = $blog_id = $wpdb->insert_id; update_user_meta($site_user->ID, 'source_domain', $domain); update_user_meta($site_user->ID, 'primary_blog', $blog_id); if ($subdomain_install) { $wp_rewrite->set_permalink_structure('/%year%/%monthnum%/%day%/%postname%/'); } else { $wp_rewrite->set_permalink_structure('/blog/%year%/%monthnum%/%day%/%postname%/'); } flush_rewrite_rules(); if (!$subdomain_install) { return true; } $vhost_ok = false; $errstr = ''; $hostname = substr(md5(time()), 0, 6) . '.' . $domain; // Very random hostname! $page = wp_remote_get('http://' . $hostname, array('timeout' => 5, 'httpversion' => '1.1')); if (is_wp_error($page)) { $errstr = $page->get_error_message(); } elseif (200 == wp_remote_retrieve_response_code($page)) { $vhost_ok = true; } if (!$vhost_ok) { $msg = '<p><strong>' . __('Warning! Wildcard DNS may not be configured correctly!') . '</strong></p>'; $msg .= '<p>' . sprintf(__('The installer attempted to contact a random hostname (%s) on your domain.'), '<code>' . $hostname . '</code>'); if (!empty($errstr)) { /* translators: %s: error message */ $msg .= ' ' . sprintf(__('This resulted in an error message: %s'), '<code>' . $errstr . '</code>'); } $msg .= '</p>'; $msg .= '<p>' . sprintf(__('To use a subdomain configuration, you must have a wildcard entry in your DNS. This usually means adding a %s hostname record pointing at your web server in your DNS configuration tool.'), '<code>*</code>') . '</p>'; $msg .= '<p>' . __('You can still use your site but any subdomain you create may not be accessible. If you know your DNS is correct, ignore this message.') . '</p>'; return new WP_Error('no_wildcard_dns', $msg); } } return true; }
function my_retrieve_password() { global $current_theme_locale_name, $wpdb, $current_site; $errors = new WP_Error(); if (empty($_POST['user_login'])) { $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.', $current_theme_locale_name)); } else { if (strpos($_POST['user_login'], '@')) { $user_data = get_user_by('email', trim($_POST['user_login'])); if (empty($user_data)) { $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.', $current_theme_locale_name)); } } else { $login = trim($_POST['user_login']); $user_data = get_user_by('login', $login); } } do_action('lostpassword_post'); if ($errors->get_error_code()) { return $errors; } if (!$user_data) { $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.', $current_theme_locale_name)); return $errors; } // redefining user_login ensures we return the right case in the email $user_login = $user_data->user_login; $user_email = $user_data->user_email; do_action('retreive_password', $user_login); // Misspelled and deprecated do_action('retrieve_password', $user_login); $allow = apply_filters('allow_password_reset', true, $user_data->ID); if (!$allow) { return new WP_Error('no_password_reset', __('Password reset is not allowed for this user', $current_theme_locale_name)); } else { if (is_wp_error($allow)) { return $allow; } } $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM {$wpdb->users} WHERE user_login = %s", $user_login)); if (empty($key)) { // Generate something random for a key... $key = wp_generate_password(20, false); do_action('retrieve_password_key', $user_login, $key); // Now insert the new md5 key into the db $wpdb->update($wpdb->users, array('user_activation_key' => $key), array('user_login' => $user_login)); } $link = projectTheme_makeClickableLinks(get_bloginfo('url') . "/wp-login.php?action=rp&key={$key}&login="******"logo" alt="%s" src="%s"><br>Hello! You have requested to reset your password for the following account:', $current_theme_locale_name) . "\n<br><br>", $site_name, $logo_src); //$message .= get_bloginfo('url') . "\n<br>"; $message .= sprintf(__('Username: %s', $current_theme_locale_name), $user_login) . "\n<br>"; $message .= __('To reset your password, visit the following link:', $current_theme_locale_name) . "\n<br>"; $message .= '' . $link . "\n<br>"; $message .= __('Please ignore this message, if you did not request a reset of your password.', $current_theme_locale_name) . "\n<br>"; if (is_multisite()) { $blogname = $GLOBALS['current_site']->site_name; } else { // The blogname option is escaped with esc_html on the way into the database in sanitize_option // we want to reverse this for the plain text arena of emails. $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); } $title = sprintf(__('Password Reset', $current_theme_locale_name)); //var_dump($message); $title = apply_filters('retrieve_password_title', $title); $message = apply_filters('retrieve_password_message', $message, $key); // var_dump($message); // die(); function set_html_content_type() { return 'text/html'; } add_filter('wp_mail_content_type', 'set_html_content_type'); if ($message && !wp_mail($user_email, $title, $message)) { wp_die(__('The e-mail could not be sent.', $current_theme_locale_name) . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...', $current_theme_locale_name)); } }
echo "'checked' value='Yes'"; } else { echo "value='No'"; } ?> > <a href="<?php echo get_admin_url(); ?> admin-post.php?action=terms_condition&KeepThis=true&TB_iframe=true&height=600&width=600&modal=true" class="thickbox">Terms & Conditions</a> </span> </span> </div>--> <?php global $error; $error = new WP_Error(); print_r($error->get_error_code()); if (is_wp_error($error)) { echo $error->get_error_message(); } ?> <div class="col-lg-12"> <span class="defaultP"> <span class="radio-phone"> <input type="checkbox" id="terms_condition" name="data[new_application][terms_condition]" <?php if (isset($application_data->new_application->terms_condition) && $application_data->new_application->terms_condition == 'Yes') { ?> checked="checked" value="Yes"<?php } else { ?> value="No"<?php }
function postInsertUser() { global $userMeta; //$userMeta->dump($_REQUEST);die(); $userMeta->verifyNonce(); $umUserInsert = new umUserInsert(); return $umUserInsert->postInsertUserProcess(); $errors = new WP_Error(); $user_ID = get_current_user_id(); /// Determine $userID $userID = $user_ID; if (isset($_REQUEST['user_id'])) { $user = new WP_User($user_ID); if ($user->has_cap('add_users') && $_REQUEST['user_id']) { $userID = esc_attr($_REQUEST['user_id']); } } $user = new WP_User($userID); /// $_REQUEST Validation $actionType = @$_REQUEST['action_type']; if (empty($actionType)) { $errors->add('empty_action_type', __('Action type is empty', $userMeta->name)); } if (!isset($_REQUEST['form_key'])) { $errors->add('empty_form_name', __('Form name is empty', $userMeta->name)); } /// Determine $actionType $actionType = strtolower($actionType); if ($actionType == 'profile-registration') { if ($user_ID) { $actionType = 'profile'; } else { $actionType = 'registration'; } } $formName = $_REQUEST['form_key']; $formBuilder = new umFormGenerate($formName, $actionType, $userID); if (!$formBuilder->isFound()) { $errors->add('not_found', sprintf(__('Form "%s" is not found.', $userMeta->name), $formName)); } /// filter valid key for update //$validFields = $userMeta->formValidInputField( @$_REQUEST['form_key'] ); $validFields = $formBuilder->validInputFields(); if (!$validFields) { $errors->add('empty_field', __('No field to update', $userMeta->name)); } /// Showing error if ($errors->get_error_code()) { return $userMeta->ShowError($errors); } // Free version limitation //if( ( $actionType <> 'profile' ) && ! ( $userMeta->isPro ) ) //return $userMeta->showError( sprintf( __( 'type="%s" is not supported in free version', $userMeta->name ), $actionType ) ); /// Assign $fieldName,$field to $userData. Also validating required and unique foreach ($validFields as $fieldName => $field) { $field = apply_filters('user_meta_field_config', $field, $field['id'], $formName, $userID); if ($actionType == 'profile') { if ($fieldName == 'user_login' || $fieldName == 'user_pass' && empty($_REQUEST['user_pass'])) { continue; } } if ($field['field_type'] == 'custom' && isset($field['input_type']) && $field['input_type'] == 'password') { if (empty($_REQUEST[$fieldName])) { continue; } } /// Assigning data to $userData $userData[$fieldName] = @$_REQUEST[$fieldName]; if (is_array($userData[$fieldName]) && count($userData[$fieldName]) == 1 && !empty($userData[$fieldName])) { $userData[$fieldName] = $userData[$fieldName][0]; } /// Handle non-ajax file upload if (in_array($field['field_type'], array('user_avatar', 'file'))) { if (isset($_FILES[$fieldName])) { $extensions = !empty($field['allowed_extension']) ? $field['allowed_extension'] : "jpg,png,gif"; $maxSize = !empty($field['max_file_size']) ? $field['max_file_size'] * 1024 : 1024 * 1024; $file = $userMeta->fileUpload($fieldName, $extensions, $maxSize); if (is_wp_error($file)) { if ($file->get_error_code() != 'no_file') { $errors->add($file->get_error_code(), $file->get_error_message()); } } else { if (is_string($file)) { $umFile = new umFile(); $umFile->initFile($field); $userData[$fieldName] = $file; } } } $userMeta->removeFromFileCache($userData[$fieldName]); } /* * Using umField Class */ if (!isset($field['field_value'])) { $field['field_value'] = $userData[$fieldName]; } $umField = new umField($field['id'], $field, array('user_id' => $userID, 'insert_type' => $actionType)); if ($fieldName == 'user_pass' && $actionType == 'registration') { $umField->addRule('required'); } if ($fieldName == 'user_pass' && $actionType == 'profile') { if (!empty($field['required_current_password'])) { $umField->addRule('current_password'); } } if (isset($_REQUEST[$fieldName . "_retype"])) { $umField->addRule('equals'); } if (!$umField->validate()) { foreach ($umField->getErrors() as $errKey => $errVal) { $errors->add($errKey, $errVal); } } /*if( isset($_REQUEST[ $fieldName . "_retype" ]) && !empty($_REQUEST[$fieldName]) ){ if( $_REQUEST[ $fieldName . "_retype" ] != $_REQUEST[$fieldName] ) $errors->add( 'retype_required', sprintf( __( '%s field is required to retype', $userMeta->name ), $fieldData['field_title'] ) ); } if( $fieldData[ 'unique' ] ){ $available = $userMeta->isUserFieldAvailable( $fieldName, $userData[ $fieldName ], $userID ); if( ! $available ) $errors->add( 'existing_' . $fieldName, sprintf( __( '%1$s: "%2$s" already taken', $userMeta->name ), $fieldData[ 'field_title' ], $userData[ $fieldName ] ) ); }*/ } // If add_user_to_blog set true in UserMeta settings panel if (is_multisite() && $actionType == 'registration') { $registrationSettings = $userMeta->getSettings('registration'); if (!empty($registrationSettings['add_user_to_blog'])) { if (in_array('existing_user_login', $errors->get_error_codes())) { unset($errors->errors['existing_user_login']); } if (in_array('existing_user_email', $errors->get_error_codes())) { unset($errors->errors['existing_user_email']); } } } if (empty($userData)) { return $userMeta->ShowError(__('No data to update', $userMeta->name)); } // Showing error if ($errors->get_error_code()) { return $userMeta->ShowError($errors); } /// Run Captcha validation after completed all other validation $captchaValidation = $userMeta->isInvalidateCaptcha(); if ($captchaValidation) { $errors->add('invalid_captcha', $captchaValidation); return $userMeta->ShowError($errors); } /** * Check allowed role for security purpose */ if (isset($userData['role'])) { $ignoreRole = true; //$fieldData = $userMeta->getFieldData( @$_REQUEST['role_field_id'] ); $field = $formBuilder->getField(@$_REQUEST['role_field_id']); if (is_array(@$field['allowed_roles'])) { if (in_array($userData['role'], $field['allowed_roles'])) { $ignoreRole = false; } } if ($ignoreRole) { unset($userData['role']); } } if ($actionType == 'registration') { return $userMeta->registerUser($userData, @$imageCache); } $html = null; if ($actionType == 'profile') { if (!$user_ID) { return $userMeta->showError(__('User must be logged in to update profile', $userMeta->name)); } $userData = apply_filters('user_meta_pre_user_update', $userData, $userID, $formName); if (is_wp_error($userData)) { return $userMeta->showError($userData); } /** * Profile Update modified data */ $modifiedData = array(); foreach ($userData as $key => $val) { if ($user->{$key} != $val) { $modifiedData[$key] = $user->{$key}; } } $response = $userMeta->insertUser($userData, $userID); if (is_wp_error($response)) { return $userMeta->showError($response); } if (!empty($modifiedData)) { $storedData = get_transient($userMeta->prefix . 'user_modified_data'); if (empty($storedData)) { $storedData = array(); } $storedData[$userID] = $modifiedData; set_transient($userMeta->prefix . 'user_modified_data', $storedData, 30); } /** * End Profile Update modified data */ /// Allow to populate form data based on DB instead of $_REQUEST $userMeta->showDataFromDB = true; // Commented since 1.1.5rc3 //if( isset( $imageCache ) ) //$userMeta->removeCache( 'image_cache', $imageCache, false ); do_action('user_meta_after_user_update', (object) $response, $formName); $message = $userMeta->getMsg('profile_updated'); $html = "<div action_type='{$actionType}'>" . $userMeta->showMessage($message) . "</div>"; } return $userMeta->printAjaxOutput($html); }