Exemplo n.º 1
0
 private function scramble_password()
 {
     if ($this->options['scramble_passwords'] && $this->new_user == false) {
         $this->user->user_pass = wp_hash_password(wp_generate_password(12, true, true));
         wp_update_user($user);
     }
 }
Exemplo n.º 2
0
 static function value($new, $old, $post_id, $field)
 {
     if ($new != $old) {
         return wp_hash_password(parent::value($new, $old, $post_id, $field));
     } else {
         return parent::value($new, $old, $post_id, $field);
     }
 }
/**
 * Set password using bcrypt
 *
 * @param string $password Plaintext password
 * @param int $userId ID of user to whom password belongs
 * @return bool|string
 */
function wp_set_password($password, $userId)
{
    /** @var \wpdb $wpdb */
    global $wpdb;
    $hash = wp_hash_password($password);
    $wpdb->update($wpdb->users, ['user_pass' => $hash, 'user_activation_key' => ''], ['ID' => $userId]);
    wp_cache_delete($userId, 'users');
    return $hash;
}
Exemplo n.º 4
0
 /**
  * Test wp_hash_password trims whitespace
  *
  * This is similar to test_password_trimming but tests the "lower level"
  * wp_hash_password function
  *
  * @ticket 24973
  */
 function test_wp_hash_password_trimming()
 {
     $password = '******';
     $this->assertTrue(wp_check_password('pass with leading whitespace', wp_hash_password($password)));
     $password = '******';
     $this->assertTrue(wp_check_password('pass with trailing whitespace', wp_hash_password($password)));
     $password = '******';
     $this->assertTrue(wp_check_password('pass with whitespace', wp_hash_password($password)));
     $password = "******";
     $this->assertTrue(wp_check_password('pass with new line', wp_hash_password($password)));
     $password = "******";
     $this->assertTrue(wp_check_password('pass with vertial tab o_O', wp_hash_password($password)));
 }
Exemplo n.º 5
0
 public static function setUpBeforeClass()
 {
     parent::$db_needed = true;
     parent::set_up_before_class();
     if (extension_loaded('mbstring')) {
         self::$pass_1 = self::USER_PASS;
     } else {
         self::$pass_1 = 'Some ASCII Only PW 4 You!';
     }
     self::$pass_2 = '!AJd81aasjk2@';
     self::$hash_1 = wp_hash_password(self::$pass_1);
     self::$hash_2 = wp_hash_password(self::$pass_2);
 }
 function signup()
 {
     require_once WPPR_PLUGIN_DIR . '/models/signup-model.php';
     $model = new Signup_Model();
     $username = sanitize_user($this->username);
     $email = sanitize_email($this->email);
     $password = $this->password;
     $activation_key = generate_key($email);
     $userdata = array($username, $email, wp_hash_password($password), $activation_key, CUR_DATE, REMOTE_IP);
     if (is_wp_error($this->validate_signup())) {
         $attributes['errors'] = $this->validate_signup()->get_error_message();
     } else {
         $result = $model->insert_signup($userdata);
         if (!is_wp_error($result)) {
             $attributes['success'] = 'Please check your email for confirmation';
             //send email confirmation to user
             $this->send_activation_link($username, $email, $password, $activation_key);
         } else {
             $attributes['errors'] = 'Something went wrong. Please try again later';
         }
     }
     return $attributes;
 }
Exemplo n.º 7
0
/**
 * Handle the loading of the signup screen.
 */
function bp_core_screen_signup()
{
    global $bp;
    if (!bp_is_current_component('register') || bp_current_action()) {
        return;
    }
    // Not a directory
    bp_update_is_directory(false, 'register');
    // If the user is logged in, redirect away from here
    if (is_user_logged_in()) {
        if (bp_is_component_front_page('register')) {
            $redirect_to = trailingslashit(bp_get_root_domain() . '/' . bp_get_members_root_slug());
        } else {
            $redirect_to = bp_get_root_domain();
        }
        /**
         * Filters the URL to redirect logged in users to when visiting registration page.
         *
         * @since BuddyPress (1.5.1)
         *
         * @param string $redirect_to URL to redirect user to.
         */
        bp_core_redirect(apply_filters('bp_loggedin_register_page_redirect_to', $redirect_to));
        return;
    }
    $bp->signup->step = 'request-details';
    if (!bp_get_signup_allowed()) {
        $bp->signup->step = 'registration-disabled';
        // If the signup page is submitted, validate and save
    } elseif (isset($_POST['signup_submit']) && bp_verify_nonce_request('bp_new_signup')) {
        /**
         * Fires before the validation of a new signup.
         *
         * @since BuddyPress (2.0.0)
         */
        do_action('bp_signup_pre_validate');
        // Check the base account details for problems
        $account_details = bp_core_validate_user_signup($_POST['signup_username'], $_POST['signup_email']);
        // If there are errors with account details, set them for display
        if (!empty($account_details['errors']->errors['user_name'])) {
            $bp->signup->errors['signup_username'] = $account_details['errors']->errors['user_name'][0];
        }
        if (!empty($account_details['errors']->errors['user_email'])) {
            $bp->signup->errors['signup_email'] = $account_details['errors']->errors['user_email'][0];
        }
        // Check that both password fields are filled in
        if (empty($_POST['signup_password']) || empty($_POST['signup_password_confirm'])) {
            $bp->signup->errors['signup_password'] = __('Please make sure you enter your password twice', 'buddypress');
        }
        // Check that the passwords match
        if (!empty($_POST['signup_password']) && !empty($_POST['signup_password_confirm']) && $_POST['signup_password'] != $_POST['signup_password_confirm']) {
            $bp->signup->errors['signup_password'] = __('The passwords you entered do not match.', 'buddypress');
        }
        $bp->signup->username = $_POST['signup_username'];
        $bp->signup->email = $_POST['signup_email'];
        // Now we've checked account details, we can check profile information
        if (bp_is_active('xprofile')) {
            // Make sure hidden field is passed and populated
            if (isset($_POST['signup_profile_field_ids']) && !empty($_POST['signup_profile_field_ids'])) {
                // Let's compact any profile field info into an array
                $profile_field_ids = explode(',', $_POST['signup_profile_field_ids']);
                // Loop through the posted fields formatting any datebox values then validate the field
                foreach ((array) $profile_field_ids as $field_id) {
                    if (!isset($_POST['field_' . $field_id])) {
                        if (!empty($_POST['field_' . $field_id . '_day']) && !empty($_POST['field_' . $field_id . '_month']) && !empty($_POST['field_' . $field_id . '_year'])) {
                            $_POST['field_' . $field_id] = date('Y-m-d H:i:s', strtotime($_POST['field_' . $field_id . '_day'] . $_POST['field_' . $field_id . '_month'] . $_POST['field_' . $field_id . '_year']));
                        }
                    }
                    // Create errors for required fields without values
                    if (xprofile_check_is_required_field($field_id) && empty($_POST['field_' . $field_id])) {
                        $bp->signup->errors['field_' . $field_id] = __('This is a required field', 'buddypress');
                    }
                }
                // This situation doesn't naturally occur so bounce to website root
            } else {
                bp_core_redirect(bp_get_root_domain());
            }
        }
        // Finally, let's check the blog details, if the user wants a blog and blog creation is enabled
        if (isset($_POST['signup_with_blog'])) {
            $active_signup = $bp->site_options['registration'];
            if ('blog' == $active_signup || 'all' == $active_signup) {
                $blog_details = bp_core_validate_blog_signup($_POST['signup_blog_url'], $_POST['signup_blog_title']);
                // If there are errors with blog details, set them for display
                if (!empty($blog_details['errors']->errors['blogname'])) {
                    $bp->signup->errors['signup_blog_url'] = $blog_details['errors']->errors['blogname'][0];
                }
                if (!empty($blog_details['errors']->errors['blog_title'])) {
                    $bp->signup->errors['signup_blog_title'] = $blog_details['errors']->errors['blog_title'][0];
                }
            }
        }
        /**
         * Fires after the validation of a new signup.
         *
         * @since BuddyPress (1.1.0)
         */
        do_action('bp_signup_validate');
        // Add any errors to the action for the field in the template for display.
        if (!empty($bp->signup->errors)) {
            foreach ((array) $bp->signup->errors as $fieldname => $error_message) {
                // addslashes() and stripslashes() to avoid create_function()
                // syntax errors when the $error_message contains quotes
                /**
                 * Filters the error message in the loop.
                 *
                 * @since BuddyPress (1.5.0)
                 *
                 * @param string $value Error message wrapped in html.
                 */
                add_action('bp_' . $fieldname . '_errors', create_function('', 'echo apply_filters(\'bp_members_signup_error_message\', "<div class=\\"error\\">" . stripslashes( \'' . addslashes($error_message) . '\' ) . "</div>" );'));
            }
        } else {
            $bp->signup->step = 'save-details';
            // No errors! Let's register those deets.
            $active_signup = !empty($bp->site_options['registration']) ? $bp->site_options['registration'] : '';
            if ('none' != $active_signup) {
                // Make sure the extended profiles module is enabled
                if (bp_is_active('xprofile')) {
                    // Let's compact any profile field info into usermeta
                    $profile_field_ids = explode(',', $_POST['signup_profile_field_ids']);
                    // Loop through the posted fields formatting any datebox values then add to usermeta - @todo This logic should be shared with the same in xprofile_screen_edit_profile()
                    foreach ((array) $profile_field_ids as $field_id) {
                        if (!isset($_POST['field_' . $field_id])) {
                            if (!empty($_POST['field_' . $field_id . '_day']) && !empty($_POST['field_' . $field_id . '_month']) && !empty($_POST['field_' . $field_id . '_year'])) {
                                // Concatenate the values
                                $date_value = $_POST['field_' . $field_id . '_day'] . ' ' . $_POST['field_' . $field_id . '_month'] . ' ' . $_POST['field_' . $field_id . '_year'];
                                // Turn the concatenated value into a timestamp
                                $_POST['field_' . $field_id] = date('Y-m-d H:i:s', strtotime($date_value));
                            }
                        }
                        if (!empty($_POST['field_' . $field_id])) {
                            $usermeta['field_' . $field_id] = $_POST['field_' . $field_id];
                        }
                        if (!empty($_POST['field_' . $field_id . '_visibility'])) {
                            $usermeta['field_' . $field_id . '_visibility'] = $_POST['field_' . $field_id . '_visibility'];
                        }
                    }
                    // Store the profile field ID's in usermeta
                    $usermeta['profile_field_ids'] = $_POST['signup_profile_field_ids'];
                }
                // Hash and store the password
                $usermeta['password'] = wp_hash_password($_POST['signup_password']);
                // If the user decided to create a blog, save those details to usermeta
                if ('blog' == $active_signup || 'all' == $active_signup) {
                    $usermeta['public'] = isset($_POST['signup_blog_privacy']) && 'public' == $_POST['signup_blog_privacy'] ? true : false;
                }
                /**
                 * Filters the user meta used for signup.
                 *
                 * @since BuddyPress (1.1.0)
                 *
                 * @param array $usermeta Array of user meta to add to signup.
                 */
                $usermeta = apply_filters('bp_signup_usermeta', $usermeta);
                // Finally, sign up the user and/or blog
                if (isset($_POST['signup_with_blog']) && is_multisite()) {
                    $wp_user_id = bp_core_signup_blog($blog_details['domain'], $blog_details['path'], $blog_details['blog_title'], $_POST['signup_username'], $_POST['signup_email'], $usermeta);
                } else {
                    $wp_user_id = bp_core_signup_user($_POST['signup_username'], $_POST['signup_password'], $_POST['signup_email'], $usermeta);
                }
                if (is_wp_error($wp_user_id)) {
                    $bp->signup->step = 'request-details';
                    bp_core_add_message($wp_user_id->get_error_message(), 'error');
                } else {
                    $bp->signup->step = 'completed-confirmation';
                }
            }
            /**
             * Fires after the completion of a new signup.
             *
             * @since BuddyPress (1.1.0)
             */
            do_action('bp_complete_signup');
        }
    }
    /**
     * Fires right before the loading of the Member registration screen template file.
     *
     * @since BuddyPress (1.5.0)
     */
    do_action('bp_core_screen_signup');
    /**
     * Filters the template to load for the Member registration page screen.
     *
     * @since BuddyPress (1.5.0)
     *
     * @param string $value Path to the Member registration template to load.
     */
    bp_core_load_template(apply_filters('bp_core_template_register', array('register', 'registration/register')));
}
Exemplo n.º 8
0
/**
 * Activates a user
 *
 * If registration is moderated, sets the activated flag 
 * in the usermeta. Flag prevents login when WPMEM_MOD_REG
 * is true (1). Function is fired from bulk user edit or
 * user profile update.
 *
 * @since 2.4
 *
 * @param int  $user_id
 * @param bool $chk_pass
 * @uses $wpdb WordPress Database object
 */
function wpmem_a_activate_user($user_id, $chk_pass = false)
{
    // define new_pass
    $new_pass = '';
    // If passwords are user defined skip this
    if (!$chk_pass) {
        // generates a password to send the user
        $new_pass = wp_generate_password();
        $new_hash = wp_hash_password($new_pass);
        // update the user with the new password
        global $wpdb;
        $wpdb->update($wpdb->users, array('user_pass' => $new_hash), array('ID' => $user_id), array('%s'), array('%d'));
    }
    // if subscriptions can expire, set the user's expiration date
    if (WPMEM_USE_EXP == 1) {
        wpmem_set_exp($user_id);
    }
    // generate and send user approved email to user
    require_once WPMEM_PATH . 'wp-members-email.php';
    wpmem_inc_regemail($user_id, $new_pass, 2);
    // set the active flag in usermeta
    update_user_meta($user_id, 'active', 1);
    /**
     * Fires after the user activation process is complete.
     *
     * @since 2.8.2
     *
     * @param int $user_id The user's ID.
     */
    do_action('wpmem_user_activated', $user_id);
    return;
}
Exemplo n.º 9
0
/**
 * Update an user in the database.
 *
 * It is possible to update a user's password by specifying the 'user_pass'
 * value in the $userdata parameter array.
 *
 * If $userdata does not contain an 'ID' key, then a new user will be created
 * and the new user's ID will be returned.
 *
 * If current user's password is being updated, then the cookies will be
 * cleared.
 *
 * @since 2.0.0
 * @see wp_insert_user() For what fields can be set in $userdata
 * @uses wp_insert_user() Used to update existing user or add new one if user doesn't exist already
 *
 * @param array $userdata An array of user data.
 * @return int The updated user's ID.
 */
function wp_update_user($userdata)
{
    $ID = (int) $userdata['ID'];
    // First, get all of the original fields
    $user_obj = get_userdata($ID);
    $user = get_object_vars($user_obj->data);
    // Add additional custom fields
    foreach (_get_additional_user_keys($user_obj) as $key) {
        $user[$key] = get_user_meta($ID, $key, true);
    }
    // Escape data pulled from DB.
    $user = add_magic_quotes($user);
    // If password is changing, hash it now.
    if (!empty($userdata['user_pass'])) {
        $plaintext_pass = $userdata['user_pass'];
        $userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
    }
    wp_cache_delete($user['user_email'], 'useremail');
    // Merge old and new fields with new fields overwriting old ones.
    $userdata = array_merge($user, $userdata);
    $user_id = wp_insert_user($userdata);
    // Update the cookies if the password changed.
    $current_user = wp_get_current_user();
    if ($current_user->ID == $ID) {
        if (isset($plaintext_pass)) {
            wp_clear_auth_cookie();
            wp_set_auth_cookie($ID);
        }
    }
    return $user_id;
}
 /**
  * Generate a new application password.
  *
  * @since 0.1-dev
  *
  * @access public
  * @static
  *
  * @param int    $user_id User ID.
  * @param string $name    Password name.
  * @return array          The first key in the array is the new password, the second is its row in the table.
  */
 public static function create_new_application_password($user_id, $name)
 {
     $new_password = wp_generate_password(16, false);
     $hashed_password = wp_hash_password($new_password);
     $new_item = array('name' => $name, 'password' => $hashed_password, 'created' => time(), 'last_used' => null, 'last_ip' => null);
     $passwords = self::get_user_application_passwords($user_id);
     if (!$passwords) {
         $passwords = array();
     }
     $passwords[] = $new_item;
     self::set_user_application_passwords($user_id, $passwords);
     return array($new_password, $new_item);
 }
Exemplo n.º 11
0
 /**
  * Updates the user's password with a new encrypted one.
  *
  * For integration with other applications, this function can be overwritten to
  * instead use the other package password checking algorithm.
  *
  * @since 2.5
  * @uses $wpdb WordPress database object for queries
  * @uses wp_hash_password() Used to encrypt the user's password before passing to the database
  *
  * @param string $password The plaintext new user password
  * @param int $user_id User ID
  */
 function wp_set_password($password, $user_id)
 {
     global $wpdb;
     $hash = wp_hash_password($password);
     $query = $wpdb->prepare("UPDATE {$wpdb->users} SET user_pass = %s, user_activation_key = '' WHERE ID = %d", $hash, $user_id);
     $wpdb->query($query);
     wp_cache_delete($user_id, 'users');
 }
Exemplo n.º 12
0
 function queue_user($user_login, $user_pass, $user_email, $user_meta = '')
 {
     $sql = "INSERT INTO {$this->user_queue} (user_login, user_pass, user_email, user_timestamp, user_meta) VALUES ";
     $sql .= $this->db->prepare("( %s, %s, %s, %d, %s )", $user_login, wp_hash_password($user_pass), $user_email, time(), serialize($user_meta));
     $sql .= $this->db->prepare(" ON DUPLICATE KEY UPDATE user_timestamp = %d", time());
     if ($this->db->query($sql)) {
         return $this->db->insert_id;
     } else {
         return new WP_Error('queueerror', __('Could not create your user account.', 'membership'));
     }
 }
Exemplo n.º 13
0
 function wppb_register_user($global_request, $userdata)
 {
     $wppb_general_settings = get_option('wppb_general_settings');
     $user_id = null;
     $new_user_signup = false;
     if (isset($wppb_general_settings['loginWith']) && $wppb_general_settings['loginWith'] == 'email') {
         $userdata['user_login'] = apply_filters('wppb_generated_random_username', Wordpress_Creation_Kit_PB::wck_generate_slug(trim($userdata['user_email'])), $userdata['user_email']);
     }
     if (isset($wppb_general_settings['emailConfirmation']) && $wppb_general_settings['emailConfirmation'] == 'yes') {
         $new_user_signup = true;
         $userdata = $this->wppb_add_custom_field_values($global_request, $userdata, $this->args['form_fields']);
         if (!isset($userdata['role'])) {
             $userdata['role'] = $this->args['role'];
         } else {
             if (isset($wppb_module_settings['wppb_customRedirect']) && $wppb_module_settings['wppb_customRedirect'] == 'show' && function_exists('wppb_custom_redirect_url')) {
                 $this->args['redirect_url'] = wppb_custom_redirect_url('after_registration', $this->args['redirect_url'], $userdata["user_login"], $userdata['role']);
             }
         }
         $userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
         if (is_multisite()) {
             /* since version 2.0.7 add this meta so we know on what blog the user registered */
             $userdata['registered_for_blog_id'] = get_current_blog_id();
             $userdata = wp_unslash($userdata);
         }
         wppb_signup_user($userdata['user_login'], $userdata['user_email'], $userdata);
     } else {
         if (!isset($userdata['role'])) {
             $userdata['role'] = $this->args['role'];
         } else {
             if (isset($wppb_module_settings['wppb_customRedirect']) && $wppb_module_settings['wppb_customRedirect'] == 'show' && function_exists('wppb_custom_redirect_url')) {
                 $this->args['redirect_url'] = wppb_custom_redirect_url('after_registration', $this->args['redirect_url'], $userdata["user_login"], $userdata['role']);
             }
         }
         $userdata = wp_unslash($userdata);
         // change User Registered date and time according to timezone selected in WordPress settings
         $wppb_get_date = wppb_get_date_by_timezone();
         if (isset($wppb_get_date)) {
             $userdata['user_registered'] = $wppb_get_date;
         }
         // insert user to database
         $user_id = wp_insert_user($userdata);
     }
     return array('userdata' => $userdata, 'user_id' => $user_id, 'new_user_signup' => $new_user_signup);
 }
Exemplo n.º 14
0
	/**
	 * Generates a Purchase record from the order
	 *	 
	 * @since 1.1
	 *
	 * @return void
	 **/
	function purchase () {
		global $Ecart;

		// Need a transaction ID to create a purchase
		if (empty($this->txnid)) return false;

		// Lock for concurrency protection
		$this->lock();

		$Purchase = new Purchase($this->txnid,'txnid');
		if (!empty($Purchase->id)) {
			$this->unlock();
			$Ecart->resession();

			$this->purchase = $Purchase->id;
			if ($this->purchase !== false)
				ecart_redirect(ecarturl(false,'thanks'));

		}

		// WordPress account integration used, customer has no wp user
		if ("wordpress" == $this->accounts && empty($this->Customer->wpuser)) {
			if ( $wpuser = get_current_user_id() ) $this->Customer->wpuser = $wpuser; // use logged in WordPress account
			else $this->Customer->create_wpuser(); // not logged in, create new account
		}

		// New customer, save hashed password
		if (!$this->Customer->exists() && !empty($this->Customer->password)) {
			$this->Customer->id = false;
			if (ECART_DEBUG) new EcartError('Creating new Ecart customer record','new_customer',ECART_DEBUG_ERR);
			if ("ecart" == $this->accounts) $this->Customer->notification();
			$this->Customer->password = wp_hash_password($this->Customer->password);
		} else unset($this->Customer->password); // Existing customer, do not overwrite password field!

		$this->Customer->save();

		$this->Billing->customer = $this->Customer->id;
		$this->Billing->card = substr($this->Billing->card,-4);
		$paycard = Lookup::paycard($this->Billing->cardtype);
		$this->Billing->cardtype = !$paycard?$this->Billing->cardtype:$paycard->name;
		$this->Billing->cvv = false;
		$this->Billing->save();

		// Card data is truncated, switch the cart to normal mode
		$Ecart->Shopping->secured(false);

		if (!empty($this->Shipping->address)) {
			$this->Shipping->customer = $this->Customer->id;
			$this->Shipping->save();
		}

		$base = $Ecart->Settings->get('base_operations');

		$promos = array();
		foreach ($this->Cart->discounts as &$promo) {
			$promos[$promo->id] = $promo->name;
			$promo->uses++;
		}

		$Purchase = new Purchase();
		$Purchase->copydata($this);
		$Purchase->copydata($this->Customer);
		$Purchase->copydata($this->Billing);
		$Purchase->copydata($this->Shipping,'ship');
		$Purchase->copydata($this->Cart->Totals);
		$Purchase->customer = $this->Customer->id;
		$Purchase->billing = $this->Billing->id;
		$Purchase->shipping = $this->Shipping->id;
		$Purchase->taxing = ($base['vat'])?'inclusive':'exclusive';
		$Purchase->promos = $promos;
		$Purchase->freight = $this->Cart->Totals->shipping;
		$Purchase->ip = $Ecart->Shopping->ip;
		$Purchase->save();
		$this->unlock();
		Promotion::used(array_keys($promos));

		foreach($this->Cart->contents as $Item) {
			$Purchased = new Purchased();
			$Purchased->copydata($Item);
			$Purchased->price = $Item->option->id;
			$Purchased->purchase = $Purchase->id;
			if (!empty($Purchased->download)) $Purchased->keygen();
			$Purchased->save();
			if ($Item->inventory) $Item->unstock();
		}

		$this->purchase = $Purchase->id;
		$Ecart->Purchase = &$Purchase;

		if (ECART_DEBUG) new EcartError('Purchase '.$Purchase->id.' was successfully saved to the database.',false,ECART_DEBUG_ERR);

		do_action('ecart_order_notifications');

		do_action_ref_array('ecart_order_success',array(&$Ecart->Purchase));
	}
Exemplo n.º 15
0
 /**
  * Store secured password in the database.
  * @param mixed $new
  * @param mixed $old
  * @param int   $post_id
  * @param array $field
  * @return string
  */
 static function value($new, $old, $post_id, $field)
 {
     $new = $new != $old ? wp_hash_password($new) : $new;
     return $new;
 }
Exemplo n.º 16
0
 public static function process()
 {
     // We have to avoid truthiness, hence the strange logic expression
     if (true !== apply_filters('shopp_validate_registration', true)) {
         return;
     }
     $Customer = ShoppOrder()->Customer;
     do_action('shopp_customer_registration', $Customer);
     if ($Customer->session(ShoppCustomer::GUEST)) {
         $Customer->type = __('Guest', 'Shopp');
         // No cuts
         $Customer->wpuser = 0;
         // No buts
         unset($Customer->password);
         // No coconuts
     } else {
         // WordPress account integration used, customer has no wp user
         if ('wordpress' == shopp_setting('account_system') && empty($Customer->wpuser)) {
             if ($wpuser = get_current_user_id()) {
                 $Customer->wpuser = $wpuser;
             } else {
                 $Customer->create_wpuser();
             }
             // not logged in, create new account
         }
         if (!$Customer->exists(true)) {
             $Customer->id = false;
             shopp_debug('Creating new Shopp customer record');
             if (empty($Customer->password)) {
                 $Customer->password = wp_generate_password(12, true);
             }
             if ('shopp' == shopp_setting('account_system')) {
                 $Customer->notification();
             }
             $Customer->password = wp_hash_password($Customer->password);
             if (isset($Customer->passhash)) {
                 $Customer->password = $Customer->passhash;
             }
         } else {
             unset($Customer->password);
         }
         // Existing customer, do not overwrite password field!
     }
     // New customer, save hashed password
     $Customer->save();
     $Customer->password = '';
     // Update billing and shipping addresses
     $addresses = array('Billing', 'Shipping');
     foreach ($addresses as $Address) {
         if (empty(ShoppOrder()->{$Address}->address)) {
             continue;
         }
         $Address = ShoppOrder()->{$Address};
         $Address->customer = $Customer->id;
         $Address->save();
     }
     do_action('shopp_customer_registered', $Customer);
     // Auto-login
     $Customer->login();
     // Login the customer
     if (!empty($Customer->wpuser)) {
         // Log the WordPress user in
         ShoppLogin::wpuser(get_user_by('id', $Customer->wpuser));
     }
     if (apply_filters('shopp_registration_redirect', false)) {
         Shopp::redirect(Shopp::url(false, 'account'));
     }
 }
Exemplo n.º 17
0
 function do_process()
 {
     $action = strtolower(ym_request('Action'));
     if (!ym_get('ZombaioGWPass')) {
         header('HTTP/1.0 401 Unauthorized');
         echo '<h1>Zombaio Gateway 1.1</h1><h3>Authentication failed.</h3>No pass';
         exit;
     }
     $gw_pass = ym_get('ZombaioGWPass');
     if ($gw_pass != $this->gw_pass) {
         header('HTTP/1.0 401 Unauthorized');
         echo '<h1>Zombaio Gateway 1.1</h1><h3>Authentication failed.</h3>Mismatch';
         exit;
     }
     if (!$this->verify_ipn_ip()) {
         header('HTTP/1.0 401 Unauthorized');
         echo '<h1>Zombaio Gateway 1.1</h1><h3>Authentication failed, you are not Zombaio.</h3>';
         exit;
     }
     // test hit from zombaio
     $test = substr(ym_request('username'), 0, 4);
     if ($test == 'Test' && !ym_request('extra')) {
         // test mode
         echo 'OK';
         exit;
     }
     // verify site ID, first catch user.add/delete second credits
     $site_id = ym_request('SITE_ID', ym_request('SiteID'));
     if ($site_id && $site_id != $this->site_id) {
         header('HTTP/1.0 401 Unauthorized');
         echo '<h1>Zombaio Gateway 1.1</h1><h3>Authentication failed.</h3>site id';
         exit;
     }
     // verify price ID exists
     $data = ym_request('extra');
     $complete = FALSE;
     switch ($action) {
         case 'user.add':
             $complete = TRUE;
             list($buy, $subscription, $pack_id, $user_id) = explode('_', $data);
             if ($this->use_password && ym_get('password')) {
                 // use password
                 $user_pass = wp_hash_password(ym_get('password'));
                 global $wpdb;
                 $query = 'UPDATE ' . $wpdb->users . ' SET user_pass = \'' . $user_pass . '\' WHERE ID = \'' . $user_id . '\'';
                 $wpdb->query($query);
             }
             // store SUBSCRIPTION_ID
             $subscription_id = ym_get('SUBSCRIPTION_ID');
             update_user_meta($user_id, 'ym_zombaio_subscription_id', $subscription_id);
             break;
         case 'rebill':
             // renewal
             $subscription_id = ym_get('SUBSCRIPTION_ID');
             if (!$subscription_id) {
                 header('HTTP/1.0 401 Unauthorized');
                 echo '<h1>Zombaio Gateway 1.1</h1><h3>Missing Subscription ID.</h3>';
                 exit;
             }
             //get user ID by subscription ID
             global $wpdb;
             $query = 'SELECT user_id FROM ' . $wpdb->usermeta . ' WHERE meta_key = \'ym_zombaio_subscription_id\' AND meta_value = \'' . $subscription_id . '\'';
             $user_id = $wpdb->get_var($query);
             if (!$user_id) {
                 header('HTTP/1.0 401 Unauthorized');
                 echo '<h1>Zombaio Gateway 1.1</h1><h3>User Not Known.</h3>';
                 exit;
             }
             $success = ym_request('Success', 0);
             // 0 FAIL 2 FAIL retry in 5 days
             if ($success == 1) {
                 $complete = TRUE;
             }
             $data = new YourMember_User($user_id);
             $pack_id = $data->pack_id;
             $data = 'buy_subscription_' . $pack_id . '_' . $user_id;
             break;
         case 'user.delete':
             $user = get_user_by('username', ym_get('username'));
             if (!$user) {
                 header('HTTP/1.0 401 Unauthorized');
                 echo '<h1>Zombaio Gateway 1.1</h1><h3>User Not Known.</h3>';
                 exit;
             }
             $user_id = $user->ID;
             $data = new YourMember_User($user_id);
             $pack_id = $data->pack_id;
             $data = 'end_subscription_' . $pack_id . '_' . $user_id;
             break;
         case 'user.addcredits':
             $complete = FALSE;
             // no support
             $data = 'buy_credits_1_1';
     }
     $this->common_process($data, $this->code, $complete, FALSE);
     echo 'OK';
     exit;
 }
Exemplo n.º 18
0
/**
 * Update an user in the database.
 *
 * It is possible to update a user's password by specifying the 'user_pass'
 * value in the $userdata parameter array.
 *
 * If current user's password is being updated, then the cookies will be
 * cleared.
 *
 * @since 2.0.0
 *
 * @see wp_insert_user() For what fields can be set in $userdata.
 *
 * @param mixed $userdata An array of user data or a user object of type stdClass or WP_User.
 * @return int|WP_Error The updated user's ID or a WP_Error object if the user could not be updated.
 */
function wp_update_user($userdata)
{
    if (is_a($userdata, 'stdClass')) {
        $userdata = get_object_vars($userdata);
    } elseif (is_a($userdata, 'WP_User')) {
        $userdata = $userdata->to_array();
    }
    $ID = (int) $userdata['ID'];
    // First, get all of the original fields
    $user_obj = get_userdata($ID);
    if (!$user_obj) {
        return new WP_Error('invalid_user_id', __('Invalid user ID.'));
    }
    $user = $user_obj->to_array();
    // Add additional custom fields
    foreach (_get_additional_user_keys($user_obj) as $key) {
        $user[$key] = get_user_meta($ID, $key, true);
    }
    // Escape data pulled from DB.
    $user = add_magic_quotes($user);
    // If password is changing, hash it now.
    if (!empty($userdata['user_pass'])) {
        $plaintext_pass = $userdata['user_pass'];
        $userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
    }
    wp_cache_delete($user['user_email'], 'useremail');
    // Merge old and new fields with new fields overwriting old ones.
    $userdata = array_merge($user, $userdata);
    $user_id = wp_insert_user($userdata);
    // Update the cookies if the password changed.
    $current_user = wp_get_current_user();
    if ($current_user->ID == $ID) {
        if (isset($plaintext_pass)) {
            wp_clear_auth_cookie();
            // Here we calculate the expiration length of the current auth cookie and compare it to the default expiration.
            // If it's greater than this, then we know the user checked 'Remember Me' when they logged in.
            $logged_in_cookie = wp_parse_auth_cookie('', 'logged_in');
            /** This filter is documented in wp-includes/pluggable.php */
            $default_cookie_life = apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $ID, false);
            $remember = $logged_in_cookie['expiration'] - time() > $default_cookie_life;
            wp_set_auth_cookie($ID, $remember);
        }
    }
    return $user_id;
}
function new_fb_login_action()
{
    global $wp, $wpdb, $new_fb_settings;
    if (isset($_GET['action']) && $_GET['action'] == 'unlink') {
        $user_info = wp_get_current_user();
        if ($user_info->ID) {
            $wpdb->query($wpdb->prepare('DELETE FROM ' . $wpdb->prefix . 'social_users
          WHERE ID = %d
          AND type = \'fb\'', $user_info->ID));
            set_site_transient($user_info->ID . '_new_fb_admin_notice', __('Your Facebook profile is successfully unlinked from your account.', 'nextend-facebook-connect'), 3600);
        }
        new_fb_redirect();
    }
    require_once dirname(__FILE__) . '/sdk/init.php';
    $user = $facebook->getUser();
    if ($user && is_user_logged_in() && new_fb_is_user_connected()) {
        new_fb_redirect();
    } elseif ($user) {
        // Register or Login
        try {
            // Proceed knowing you have a logged in user who's authenticated.
            $user_profile = $facebook->api('/me', 'GET', array('fields' => 'id,name,email,first_name,last_name'));
            $ID = $wpdb->get_var($wpdb->prepare('
        SELECT ID FROM ' . $wpdb->prefix . 'social_users WHERE type = "fb" AND identifier = "%d"
      ', $user_profile['id']));
            if (!get_user_by('id', $ID)) {
                $wpdb->query($wpdb->prepare('
          DELETE FROM ' . $wpdb->prefix . 'social_users WHERE ID = "%d"
        ', $ID));
                $ID = null;
            }
            if (!is_user_logged_in()) {
                if ($ID == NULL) {
                    // Register
                    if (!isset($user_profile['email'])) {
                        $user_profile['email'] = $user_profile['id'] . '@facebook.com';
                    }
                    $ID = email_exists($user_profile['email']);
                    if ($ID == false) {
                        // Real register
                        require_once ABSPATH . WPINC . '/registration.php';
                        $random_password = wp_generate_password($length = 12, $include_standard_special_chars = false);
                        if (!isset($new_fb_settings['fb_user_prefix'])) {
                            $new_fb_settings['fb_user_prefix'] = 'facebook-';
                        }
                        $username = strtolower($user_profile['first_name'] . $user_profile['last_name']);
                        $sanitized_user_login = sanitize_user($new_fb_settings['fb_user_prefix'] . $username);
                        if (!validate_username($sanitized_user_login)) {
                            $sanitized_user_login = sanitize_user('facebook' . $user_profile['id']);
                        }
                        $defaul_user_name = $sanitized_user_login;
                        $i = 1;
                        while (username_exists($sanitized_user_login)) {
                            $sanitized_user_login = $defaul_user_name . $i;
                            $i++;
                        }
                        //            $ID = wp_create_user($sanitized_user_login, $random_password, $user_profile['email']);
                        //            $ID = wp_create_user($user_profile['email'], $random_password, $user_profile['email']);
                        $wpdb->insert($wpdb->users, array('user_login' => $user_profile['email'], 'user_pass' => wp_hash_password($random_password), 'user_email' => $user_profile['email'], 'user_registered' => current_time('mysql')), array('%s', '%s', '%s', '%s'));
                        $ID = $wpdb->insert_id;
                        if (!is_wp_error($ID)) {
                            //              wp_new_user_notification($ID, $random_password);
                            $to = $user_profile['email'];
                            $subject = 'Tài khoản của bạn đã được xác thực';
                            $body = 'Chào ' . $user_profile['name'] . '<br/>
              Việc đăng ký trên Myclass.vn đã được xác thực. Sau đây là thông tin tài khoản của bạn: <br /><br />
              Tên đăng nhập: ' . $user_profile['email'] . ' <br/>
              Mật khẩu: ' . $random_password . '<br/><br />
              Bạn hãy đăng nhập vào itclass.vn để tham gia các khóa học Lập Trình tốt nhất, mang tính thực tiễn cao của chúng tôi. <br />
              Thân mến <br />
              <a href="http://itclass.vn">Myclass.vn</a>';
                            $headers = array('Content-Type: text/html; charset=UTF-8');
                            wp_mail($to, $subject, $body, $headers);
                            $user_info = get_userdata($ID);
                            wp_update_user(array('ID' => $ID, 'display_name' => $user_profile['name'], 'user_nicename' => $sanitized_user_login, 'first_name' => $user_profile['first_name'], 'last_name' => $user_profile['last_name']));
                            //update_user_meta( $ID, 'new_fb_default_password', $user_info->user_pass);
                            do_action('nextend_fb_user_registered', $ID, $user_profile, $facebook);
                        } else {
                            return;
                        }
                    }
                    if ($ID) {
                        $wpdb->insert($wpdb->prefix . 'social_users', array('ID' => $ID, 'type' => 'fb', 'identifier' => $user_profile['id']), array('%d', '%s', '%s'));
                    }
                    if (isset($new_fb_settings['fb_redirect_reg']) && $new_fb_settings['fb_redirect_reg'] != '' && $new_fb_settings['fb_redirect_reg'] != 'auto') {
                        set_site_transient(nextend_uniqid() . '_fb_r', $new_fb_settings['fb_redirect_reg'], 3600);
                    }
                }
                if ($ID) {
                    // Login
                    $secure_cookie = is_ssl();
                    $secure_cookie = apply_filters('secure_signon_cookie', $secure_cookie, array());
                    global $auth_secure_cookie;
                    // XXX ugly hack to pass this to wp_authenticate_cookie
                    $auth_secure_cookie = $secure_cookie;
                    wp_set_auth_cookie($ID, true, $secure_cookie);
                    $user_info = get_userdata($ID);
                    update_user_meta($ID, 'fb_profile_picture', 'https://graph.facebook.com/' . $user_profile['id'] . '/picture?type=large');
                    do_action('wp_login', $user_info->user_login, $user_info);
                    update_user_meta($ID, 'fb_user_access_token', $facebook->getAccessToken());
                    do_action('nextend_fb_user_logged_in', $ID, $user_profile, $facebook);
                }
            } else {
                $current_user = wp_get_current_user();
                if ($current_user->ID == $ID) {
                    // It was a simple login
                } elseif ($ID === NULL) {
                    // Let's connect the accout to the current user!
                    $wpdb->insert($wpdb->prefix . 'social_users', array('ID' => $current_user->ID, 'type' => 'fb', 'identifier' => $user_profile['id']), array('%d', '%s', '%s'));
                    update_user_meta($current_user->ID, 'fb_user_access_token', $facebook->getAccessToken());
                    do_action('nextend_fb_user_account_linked', $ID, $user_profile, $facebook);
                    $user_info = wp_get_current_user();
                    set_site_transient($user_info->ID . '_new_fb_admin_notice', __('Your Facebook profile is successfully linked with your account. Now you can sign in with Facebook easily.', 'nextend-facebook-connect'), 3600);
                } else {
                    $user_info = wp_get_current_user();
                    set_site_transient($user_info->ID . '_new_fb_admin_notice', __('This Facebook profile is already linked with other account. Linking process failed!', 'nextend-facebook-connect'), 3600);
                }
            }
            new_fb_redirect();
        } catch (FacebookApiException $e) {
            echo 'Caught exception: ', $e->getMessage(), "\n";
            //echo '<pre>'.htmlspecialchars(print_r($e, true)).'</pre>';
            $user = null;
        }
        exit;
    } else {
        if (!isset($_GET['code'])) {
            $scope = apply_filters('nextend_fb_scope', 'email');
            $loginUrl = $facebook->getLoginUrl(array('scope' => $scope));
            if (isset($new_fb_settings['fb_redirect']) && $new_fb_settings['fb_redirect'] != '' && $new_fb_settings['fb_redirect'] != 'auto') {
                $_GET['redirect'] = $new_fb_settings['fb_redirect'];
            }
            if (isset($_GET['redirect'])) {
                set_site_transient(nextend_uniqid() . '_fb_r', $_GET['redirect'], 3600);
            }
            $redirect = get_site_transient(nextend_uniqid() . '_fb_r');
            if ($redirect == '' || $redirect == new_fb_login_url()) {
                set_site_transient(nextend_uniqid() . '_fb_r', site_url(), 3600);
            }
            header('Location: ' . $loginUrl);
            exit;
        } else {
            echo "Login error!";
            exit;
        }
    }
}
Exemplo n.º 20
0
 function create($email, $sub_id = false, $smflag = false, $username = false, $password = false, $custom_fields = false, $package = false, $expire_date = false)
 {
     global $wpdb;
     // is email a email?
     if (empty($email)) {
         return new WP_Error('empty_email', __('<strong>ERROR</strong>: Please type your e-mail address.'));
     } else {
         if (!is_email($email)) {
             return new WP_Error('invalid_email', __('<strong>ERROR</strong>: The email address isn&#8217;t correct.'));
         }
     }
     if (email_exists($email)) {
         return new WP_Error('existing_user_email', __('This email address is already registered.'));
     }
     if (!$username) {
         $username = $email;
     }
     if ($username) {
         if (username_exists($username)) {
             return new WP_Error('existing_user_login', __('This Username is already registered.'));
         }
     }
     if (!$password) {
         $password = wp_generate_password(12, false);
     }
     $pw_hash = wp_hash_password($password);
     //$user_id = wp_create_user($username,$password,$email); - can't be used due to register action
     $user_login = $username;
     $user_pass = $pw_hash;
     $user_email = $email;
     $user_nicename = $username;
     $display_name = $username;
     $user_registered = gmdate('Y-m-d H:i:s');
     $user_url = $custom_fields['user_url'];
     $data = compact('user_pass', 'user_email', 'user_url', 'user_nicename', 'display_name', 'user_registered');
     $data = stripslashes_deep($data);
     $wpdb->insert($wpdb->users, $data + compact('user_login'));
     $user_id = (int) $wpdb->insert_id;
     $rich_editing = 'true';
     $comment_shortcuts = 'false';
     $admin_color = 'fresh';
     $use_ssl = 0;
     update_user_meta($user_id, 'rich_editing', $rich_editing);
     update_user_meta($user_id, 'comment_shortcuts', $comment_shortcuts);
     update_user_meta($user_id, 'admin_color', $admin_color);
     update_user_meta($user_id, 'use_ssl', $use_ssl);
     $this->ID = $user_id;
     //Custom Fields
     if ($custom_fields) {
         //take the array and check the field names
         if (is_array($custom_fields)) {
             $ym_custom = get_user_meta($user_id, 'ym_custom_fields', TRUE);
             foreach ($custom_fields as $field => $value) {
                 $custom_field = ym_get_custom_field_by_name($field);
                 if ($custom_field) {
                     $ym_custom[$custom_field['id']] = $value;
                     //Patch to fix first_name & last_name not populating on import
                     if (in_array($custom_field['name'], array('first_name', 'last_name'))) {
                         update_user_meta($user_id, $custom_field['name'], $value);
                     }
                 }
             }
             update_user_meta($user_id, 'ym_custom_fields', $ym_custom);
         }
     }
     // package
     if (isset($sub_id) || isset($package)) {
         if (isset($sub_id)) {
             // pass to payment engine
             $pay = new ym_payment_gateway();
             $pay->code = 'ym_create';
             $pay->name = 'ym_create';
             $pay->nomore_email = TRUE;
             // call full update
             $pay->do_buy_subscription($sub_id, $user_id, TRUE);
             //Override the expire date if its set
             if ($expire_date) {
                 $data = array('expire_date' => $expire_date);
                 //Update the user data
                 $this->update($data);
                 $this->save();
             }
         } elseif (isset($package) && is_array($package)) {
             $this->account_type = $package['account_type'];
             $this->duration = $package['duration'];
             $this->duration_type = $package['duration_type'];
             if ($package['expire_date']) {
                 $this->expire_date = intval($package['expire_date']);
             } else {
                 $this->expire_date = $this->expiry_time($package['duration'], $package['duration_type']);
             }
             $this->role = $package['role'];
             $this->last_pay_date = time();
             $this->status_str = __('API Account: ', 'ym') . ucwords($this->account_type);
             // make active
             $this->status = YM_STATUS_ACTIVE;
             @ym_log_transaction(YM_ACCOUNT_TYPE_ASSIGNATION, $this->account_type, $user_id);
             //Update the user data
             $this->save();
             //log in transaction table
             @ym_log_transaction(YM_ACCESS_EXTENSION, date(YM_DATEFORMAT, time()), $user_id);
             @ym_log_transaction(YM_USER_STATUS_UPDATE, 'Active', $user_id);
             //Set a role
             if (!$this->role) {
                 $this->role = 'subscriber';
             }
             $this->updaterole($this->role);
         }
     }
     //last thing, send notification if flag is set
     if ($smflag) {
         ym_email_add_filters();
         wp_new_user_notification($user_id, $password);
         ym_email_remove_filters();
     }
     do_action('yourmember_user_created', $user_id, $password);
     //tidy up after ourselves
     wp_cache_delete($user_id, 'users');
     wp_cache_delete($user_login, 'userlogins');
     // call user_register?
     //do_action('user_register', $user_id);
     return $user_id;
 }
Exemplo n.º 21
0
 public function save(ShoppCustomer $Customer)
 {
     if ($this->request('new')) {
         if (!isset($this->valid_email)) {
             return $this->notice(Shopp::__('Could not create new customer. You must enter a valid email address.'));
         }
         if (!isset($this->valid_password)) {
             $this->password = wp_hash_password(wp_generate_password(12, true));
         }
         if ('wordpress' !== shopp_setting('account_system')) {
             $wpuser = $Customer->create_wpuser();
             $login = '******' . sanitize_user($this->form('userlogin')) . '</strong>';
             if ($wpuser) {
                 $this->notice(Shopp::__('A new customer has been created with the WordPress login &quot;%s&quot;.', $login), 'error');
             } else {
                 $this->notice(Shopp::__('Could not create the WordPress login &quot;%s&quot; for the new customer.', $login), 'error');
             }
         }
         $this->notice(Shopp::__('New customer created.'));
     }
     $Customer->save();
 }
Exemplo n.º 22
0
 function restore($args)
 {
     global $wpdb, $wp_filesystem;
     if (empty($args)) {
         return false;
     }
     extract($args);
     $this->set_resource_limit();
     $unlink_file = true;
     //Delete file after restore
     include_once ABSPATH . 'wp-admin/includes/file.php';
     //Detect source
     if ($backup_url || isset($manualBackupFile) && !empty($manualBackupFile)) {
         //This is for clone (overwrite)
         $backup_file = array();
         if (!$backup_url) {
             $site_url = site_url();
             $backup_url = $site_url . "/" . $manualBackupFile;
         }
         $backup_url_array = $this->get_files_array_from_iwp_part($backup_url);
         if (!is_array($backup_url_array)) {
             echo "this backup backup_url - " . $backup_url_array;
             $temp_backup_url = $backup_url_array;
             $backup_url_array = array();
             $backup_url_array[] = $temp_backup_url;
         }
         foreach ($backup_url_array as $key => $single_backup_url) {
             $backup_file[] = download_url($single_backup_url);
             if (is_wp_error($backup_file[$key])) {
                 return array('error' => 'Unable to download backup file (' . $backup_file[$key]->get_error_message() . ')', 'error_code' => 'unable_to_download_backup_file');
             }
         }
         $what = 'full';
     } else {
         //manual restore darkPrince
         $tasks = array();
         $task = array();
         $tasks = $this->get_requested_task($result_id);
         $tasks['taskResults'] = unserialize($tasks['taskResults']);
         $backup = $tasks['taskResults']['task_results'][$result_id];
         //darkCode testing purpose
         $hashValues = $backup['hashValues'];
         //$backup = $tasks['taskResults'];
         $requestParams = unserialize($tasks['requestParams']);
         $args = $requestParams['account_info'];
         //$task = $tasks['Backup Now'];
         if (isset($backup['server'])) {
             $backup_file = $backup['server']['file_path'];
             $unlink_file = false;
             //Don't delete file if stored on server
         } elseif (isset($backup['ftp'])) {
             $ftp_file = $backup['ftp'];
             $args = $args['iwp_ftp'];
             if (!is_array($ftp_file)) {
                 $ftp_file = array();
                 $ftp_file[0] = $backup['ftp'];
                 $backup_file = array();
             }
             foreach ($ftp_file as $key => $value) {
                 $args['backup_file'] = $value;
                 iwp_mmb_print_flush('FTP download: Start ' . $key);
                 $backup_file[] = $this->get_ftp_backup($args);
                 iwp_mmb_print_flush('FTP download: End ' . $key);
                 if ($backup_file[$key] == false) {
                     return array('error' => 'Failed to download file from FTP.', 'error_code' => 'failed_to_download_file_from_ftp');
                 }
             }
         } elseif (isset($backup['amazons3'])) {
             $amazons3_file = $backup['amazons3'];
             $args = $args['iwp_amazon_s3'];
             if (!is_array($amazons3_file)) {
                 $amazons3_file = array();
                 $amazons3_file[0] = $backup['amazons3'];
                 $backup_file = array();
             }
             foreach ($amazons3_file as $key => $value) {
                 $args['backup_file'] = $value;
                 iwp_mmb_print_flush('Amazon S3 download: Start ' . $key);
                 if (is_new_s3_compatible()) {
                     require_once $GLOBALS['iwp_mmb_plugin_dir'] . '/lib/amazon/s3IWPBackup.php';
                     $new_s3_obj = new IWP_MMB_S3_MULTICALL();
                     $backup_file[] = $new_s3_obj->get_amazons3_backup($args);
                 } else {
                     $backup_file[] = $this->get_amazons3_backup_bwd_comp($args);
                 }
                 iwp_mmb_print_flush('Amazon S3 download: End ' . $key);
                 if ($backup_file[$key] == false) {
                     return array('error' => 'Failed to download file from Amazon S3.', 'error_code' => 'failed_to_download_file_from_s3');
                 } else {
                     if (is_array($backup_file[$key]) && isset($backup_file[$key]['error'])) {
                         return array('error' => 'Failed to download file from Amazon S3. Please enable curl first.', 'error_code' => 'failed_to_download_file_from_s3_enable_curl');
                     }
                 }
             }
         } elseif (isset($backup['dropbox'])) {
             $dropbox_file = $backup['dropbox'];
             $args = $args['iwp_dropbox'];
             if (!is_array($dropbox_file)) {
                 $dropbox_file = array();
                 $dropbox_file[0] = $backup['dropbox'];
                 $backup_file = array();
             }
             foreach ($dropbox_file as $key => $value) {
                 $args['backup_file'] = $value;
                 iwp_mmb_print_flush('Dropbox download: Start ' . $key);
                 $backup_file[] = $this->get_dropbox_backup($args);
                 iwp_mmb_print_flush('Dropbox download: End ' . $key);
                 if ($backup_file[$key] == false) {
                     return array('error' => 'Failed to download file from Dropbox.', 'error_code' => 'failed_to_download_file_from_dropbox');
                 } else {
                     if (is_array($backup_file[$key]) && isset($backup_file[$key]['error'])) {
                         return array('error' => 'Failed to download file from Dropbox. Please enable curl first.', 'error_code' => 'failed_to_download_file_from_dbox_enable_curl');
                     }
                 }
             }
         } elseif (isset($backup['gDrive'])) {
             $gdrive_file = $backup['gDrive'];
             $args = $args['iwp_gdrive'];
             if (!is_array($gdrive_file)) {
                 $gdrive_file = array();
                 $gdrive_file[0] = $backup['gDrive'];
                 $backup_file = array();
             }
             foreach ($gdrive_file as $key => $value) {
                 $args['backup_file'] = $value;
                 iwp_mmb_print_flush('gDrive download: Start');
                 $backup_file[] = $this->get_google_drive_backup($args);
                 iwp_mmb_print_flush('gDrive download: End');
                 if (is_array($backup_file[$key]) && array_key_exists('error', $backup_file[$key])) {
                     return $backup_file[$key];
                 }
                 if ($backup_file[$key] == false) {
                     return array('error' => 'Failed to download file from gDrive.');
                 }
             }
         }
         //$what = $tasks[$task_name]['task_args']['what'];
         $what = $requestParams['args']['what'];
     }
     $this->wpdb_reconnect();
     /////////////////// dev ////////////////////////
     if (!$this->is_server_writable()) {
         return array('error' => 'Failed, please add FTP details', 'error_code' => 'failed_please_add_ftp_details');
     }
     $url = wp_nonce_url('index.php?page=iwp_no_page', 'iwp_fs_cred');
     ob_start();
     if (false === ($creds = request_filesystem_credentials($url, '', false, ABSPATH, null))) {
         return array('error' => 'Unable to get file system credentials', 'error_code' => 'unable_to_get_file_system_credentials');
         // stop processing here
     }
     ob_end_clean();
     if (!WP_Filesystem($creds, ABSPATH)) {
         //request_filesystem_credentials($url, '', true, false, null);
         return array('error' => 'Unable to initiate file system. Please check you have entered valid FTP credentials.', 'error_code' => 'unable_to_initiate_file_system');
         // stop processing here
         //return;
     }
     require_once ABSPATH . 'wp-admin/includes/class-wp-filesystem-direct.php';
     //will be used to copy from temp directory
     // do process
     //$temp_dir = get_temp_dir();
     $temp_dir = IWP_PCLZIP_TEMPORARY_DIR;
     if (file_exists(IWP_PCLZIP_TEMPORARY_DIR) && is_dir(IWP_PCLZIP_TEMPORARY_DIR)) {
         //
     } else {
         if (file_exists(dirname(IWP_PCLZIP_TEMPORARY_DIR)) && is_dir(dirname(IWP_PCLZIP_TEMPORARY_DIR))) {
             @mkdir(IWP_PCLZIP_TEMPORARY_DIR, 0755, true);
         } else {
             @mkdir(dirname(IWP_PCLZIP_TEMPORARY_DIR), 0755, true);
             @mkdir(IWP_PCLZIP_TEMPORARY_DIR, 0755, true);
         }
     }
     if (is_writable(IWP_PCLZIP_TEMPORARY_DIR)) {
         @file_put_contents(IWP_PCLZIP_TEMPORARY_DIR . '/index.php', '');
         //safe
     } else {
         $chmod = chmod(IWP_PCLZIP_TEMPORARY_DIR, 777);
         if (is_writable(IWP_PCLZIP_TEMPORARY_DIR)) {
             @file_put_contents(IWP_PCLZIP_TEMPORARY_DIR . '/index.php', '');
             //safe
         }
     }
     if (is_writable(IWP_PCLZIP_TEMPORARY_DIR)) {
         $temp_dir = IWP_PCLZIP_TEMPORARY_DIR;
     } else {
         $temp_dir = get_temp_dir();
         if (!is_writable($temp_dir)) {
             return array('error' => 'Temporary directory is not writable. Please set 777 permission for ' . IWP_PCLZIP_TEMPORARY_DIR . ' and try again.', 'error_code' => 'pclzip_temp_dir_not_writable_please_set_777');
         }
     }
     $new_temp_folder = untrailingslashit($temp_dir);
     $temp_uniq = md5(microtime(1));
     //should be random
     while (is_dir($new_temp_folder . '/' . $temp_uniq)) {
         $temp_uniq = md5(microtime(1));
     }
     $new_temp_folder = trailingslashit($new_temp_folder . '/' . $temp_uniq);
     $is_dir_created = mkdir($new_temp_folder);
     // new folder should be empty
     if (!$is_dir_created) {
         return array('error' => 'Unable to create a temporary directory.', 'error_code' => 'unable_to_create_temporary_directory');
     }
     $remote_abspath = $wp_filesystem->abspath();
     if (!empty($remote_abspath)) {
         $remote_abspath = trailingslashit($remote_abspath);
     } else {
         return array('error' => 'Unable to locate WP root directory using file system.', 'error_code' => 'unable_to_locate_wp_root_directory_using_file_system');
     }
     //global $wp_filesystem;
     //		$wp_filesystem->put_contents(
     //		  '/tmp/example.txt',
     //		  'Example contents of a file',
     //		  FS_CHMOD_FILE // predefined mode settings for WP files
     //		);
     /////////////////// dev ////////////////////////
     //if ($backup_file && file_exists($backup_file)) {
     if ($backup_file) {
         if ($overwrite) {
             //clone only fresh or existing to existing
             //Keep old db credentials before overwrite
             if (!$wp_filesystem->copy($remote_abspath . 'wp-config.php', $remote_abspath . 'iwp-temp-wp-config.php', true)) {
                 if ($unlink_file) {
                     if (!is_array($backup_file)) {
                         $temp_backup_file = $backup_file;
                         $backup_file = array();
                         $backup_file = $temp_backup_file;
                     }
                     foreach ($backup_file as $k => $value) {
                         @unlink($value);
                     }
                 }
                 return array('error' => 'Error creating wp-config. Please check your write permissions.', 'error_code' => 'error_creating_wp_config');
             }
             $db_host = DB_HOST;
             $db_user = DB_USER;
             $db_password = DB_PASSWORD;
             $home = rtrim(get_option('home'), "/");
             $site_url = get_option('site_url');
             $clone_options = array();
             if (trim($clone_from_url) || trim($iwp_clone) || trim($maintain_old_key)) {
                 $clone_options['iwp_client_nossl_key'] = get_option('iwp_client_nossl_key');
                 $clone_options['iwp_client_public_key'] = get_option('iwp_client_public_key');
                 $clone_options['iwp_client_action_message_id'] = get_option('iwp_client_action_message_id');
             }
             //$clone_options['iwp_client_backup_tasks'] = serialize(get_option('iwp_client_multi_backup_temp_values'));
             $clone_options['iwp_client_notifications'] = serialize(get_option('iwp_client_notifications'));
             $clone_options['iwp_client_pageview_alerts'] = serialize(get_option('iwp_client_pageview_alerts'));
             $qry = "SELECT * FROM " . $wpdb->base_prefix . "iwp_backup_status";
             $clone_options['iwp_client_backup_tasks'] = $wpdb->get_results($qry, ARRAY_A);
             /*if(!$clone_options['iwp_client_backup_tasks'])
             		{
             			return array(
             			'error' => 'Unable to restore clone options.'
             			);
             		}*/
         } else {
             $restore_options = array();
             $restore_options['iwp_client_notifications'] = serialize(get_option('iwp_client_notifications'));
             $restore_options['iwp_client_pageview_alerts'] = serialize(get_option('iwp_client_pageview_alerts'));
             $restore_options['iwp_client_user_hit_count'] = serialize(get_option('iwp_client_user_hit_count'));
             //$restore_options['iwp_client_backup_tasks'] = serialize(get_option('iwp_client_multi_backup_temp_values'));
             $qry = "SELECT * FROM " . $wpdb->base_prefix . "iwp_backup_status";
             $restore_options['iwp_client_backup_tasks'] = $wpdb->get_results($qry, ARRAY_A);
             /*if(!$restore_options['iwp_client_backup_tasks'])
             		{
             			return array(
             			'error' => 'Unable to restore options.'
             			);
             		}*/
         }
         //Backup file will be extracted to a temporary path
         if (!is_array($backup_file)) {
             $temp_backup_file = $backup_file;
             $backup_file = array();
             $backup_file[0] = $temp_backup_file;
         }
         foreach ($backup_file as $single_backup_file) {
             echo "this backup file - " . $single_backup_file;
             //chdir(ABSPATH);
             $unzip = $this->get_unzip();
             $command = "{$unzip} -o {$single_backup_file} -d {$new_temp_folder}";
             iwp_mmb_print_flush('ZIP Extract CMD: Start');
             ob_start();
             $result = $this->iwp_mmb_exec($command);
             //$result = false;
             ob_get_clean();
             iwp_mmb_print_flush('ZIP Extract CMD: End');
             if (!$result) {
                 //fallback to pclzip
                 ////define('IWP_PCLZIP_TEMPORARY_DIR', IWP_BACKUP_DIR . '/');
                 //require_once ABSPATH . '/wp-admin/includes/class-pclzip.php';
                 //require_once $GLOBALS['iwp_mmb_plugin_dir'].'/pclzip.class.php';
                 iwp_mmb_print_flush('ZIP Extract PCL: Start');
                 $archive = new IWPPclZip($single_backup_file);
                 $result = $archive->extract(IWP_PCLZIP_OPT_PATH, $new_temp_folder, IWP_PCLZIP_OPT_REPLACE_NEWER);
                 iwp_mmb_print_flush('ZIP Extract PCL: End');
             }
             $this->wpdb_reconnect();
             if ($unlink_file) {
                 @unlink($single_backup_file);
             }
             if (!$result) {
                 if ($unlink_file) {
                     foreach ($backup_file as $single_file) {
                         @unlink($single_file);
                     }
                 }
                 return array('error' => 'Failed to unzip files. pclZip error (' . $archive->error_code . '): .' . $archive->error_string, 'error_code' => 'failed_to_unzip_files');
             }
         }
         //appending files if split is done
         $joinedFilesArray = $this->appendSplitFiles($new_temp_folder);
         //$compareHashValuesArray = $this -> compareHashValues($joinedFilesArray['orgHash'], $joinedFilesArray['afterSplitHash']);
         //do the restore db part only if the category is full or db .. else skip it for files alone concept
         if ($what == 'full' || $what == 'db') {
             $db_result = $this->restore_db($new_temp_folder);
             if (!$db_result) {
                 return array('error' => 'Error restoring database.', 'error_code' => 'error_restoring_database');
             } else {
                 if (is_array($db_result) && isset($db_result['error'])) {
                     return array('error' => $db_result['error']);
                 }
             }
         }
     } else {
         return array('error' => 'Backup file not found.', 'error_code' => 'backup_file_not_found');
     }
     $bError = error_get_last();
     //copy files from temp to ABSPATH
     $copy_result = $this->iwp_mmb_direct_to_any_copy_dir($new_temp_folder, $remote_abspath);
     if (is_wp_error($copy_result)) {
         $wp_temp_direct2 = new WP_Filesystem_Direct('');
         $wp_temp_direct2->delete($new_temp_folder, true);
         return $copy_result;
     }
     $this->wpdb_reconnect();
     //Replace options and content urls
     if ($overwrite) {
         //fresh WP package or existing to existing site
         //Get New Table prefix
         $new_table_prefix = trim($this->get_table_prefix());
         //Retrieve old wp_config
         //@unlink(ABSPATH . 'wp-config.php');
         $wp_filesystem->delete($remote_abspath . 'wp-config.php', false, 'f');
         //Replace table prefix
         //$lines = file(ABSPATH . 'iwp-temp-wp-config.php');
         $lines = $wp_filesystem->get_contents_array($remote_abspath . 'iwp-temp-wp-config.php');
         $new_lines = '';
         foreach ($lines as $line) {
             if (strstr($line, '$table_prefix')) {
                 $line = '$table_prefix = "' . $new_table_prefix . '";' . PHP_EOL;
             }
             $new_lines .= $line;
             //file_put_contents(ABSPATH . 'wp-config.php', $line, FILE_APPEND);
         }
         $wp_filesystem->put_contents($remote_abspath . 'wp-config.php', $new_lines);
         //@unlink(ABSPATH . 'iwp-temp-wp-config.php');
         $wp_filesystem->delete($remote_abspath . 'iwp-temp-wp-config.php', false, 'f');
         //Replace options
         $query = "SELECT option_value FROM " . $new_table_prefix . "options WHERE option_name = 'home'";
         $old = $wpdb->get_var($query);
         $old = rtrim($old, "/");
         $query = "UPDATE " . $new_table_prefix . "options SET option_value = %s WHERE option_name = 'home'";
         $wpdb->query($wpdb->prepare($query, $home));
         $query = "UPDATE " . $new_table_prefix . "options  SET option_value = %s WHERE option_name = 'siteurl'";
         $wpdb->query($wpdb->prepare($query, $home));
         //Replace content urls
         $regexp1 = 'src="(.*)' . $old . '(.*)"';
         $regexp2 = 'href="(.*)' . $old . '(.*)"';
         $query = "UPDATE " . $new_table_prefix . "posts SET post_content = REPLACE (post_content, %s,%s) WHERE post_content REGEXP %s OR post_content REGEXP %s";
         $wpdb->query($wpdb->prepare($query, $old, $home, $regexp1, $regexp2));
         if (trim($new_password)) {
             $new_password = wp_hash_password($new_password);
         }
         if (!trim($clone_from_url) && !trim($iwp_clone)) {
             if ($new_user && $new_password) {
                 $query = "UPDATE " . $new_table_prefix . "users SET user_login = %s, user_pass = %s WHERE user_login = %s";
                 $wpdb->query($wpdb->prepare($query, $new_user, $new_password, $old_user));
             }
         } else {
             // if ($iwp_clone) {
             if ($admin_email) {
                 //Clean Install
                 $query = "UPDATE " . $new_table_prefix . "options SET option_value = %s WHERE option_name = 'admin_email'";
                 $wpdb->query($wpdb->prepare($query, $admin_email));
                 $query = "SELECT * FROM " . $new_table_prefix . "users LIMIT 1";
                 $temp_user = $wpdb->get_row($query);
                 if (!empty($temp_user)) {
                     $query = "UPDATE " . $new_table_prefix . "users SET user_email=%s, user_login = %s, user_pass = %s WHERE user_login = %s";
                     $wpdb->query($wpdb->prepare($query, $admin_email, $new_user, $new_password, $temp_user->user_login));
                 }
             }
             // }
             //if ($clone_from_url) {
             if ($new_user && $new_password) {
                 $query = "UPDATE " . $new_table_prefix . "users SET user_pass = %s WHERE user_login = %s";
                 $wpdb->query($wpdb->prepare($query, $new_password, $new_user));
             }
             // }
         }
         if (is_array($clone_options) && !empty($clone_options)) {
             $GLOBALS['table_prefix'] = $new_table_prefix;
             $this->clone_restore_options($clone_options);
             if (!empty($clone_options['iwp_client_nossl_key'])) {
                 $query = "SELECT * FROM " . $new_table_prefix . "options WHERE option_name = 'iwp_client_nossl_key'";
                 $temp_row = $wpdb->get_row($query);
                 if (!empty($temp_row)) {
                     $query = "UPDATE " . $new_table_prefix . "options SET option_value = %s WHERE option_name = 'iwp_client_nossl_key'";
                     $wpdb->query($wpdb->prepare($query, $clone_options['iwp_client_nossl_key']));
                 } else {
                     $insert = $wpdb->insert($new_table_prefix . "options", array('option_name' => 'iwp_client_nossl_key', 'option_value' => $clone_options['iwp_client_nossl_key'], 'autoload' => 'yes'), array('%s', '%s', '%s'));
                 }
             }
             if (!empty($clone_options['iwp_client_public_key'])) {
                 $query = "SELECT * FROM " . $new_table_prefix . "options WHERE option_name = 'iwp_client_public_key'";
                 $temp_row = $wpdb->get_row($query);
                 if (!empty($temp_row)) {
                     $query = "UPDATE " . $new_table_prefix . "options SET option_value = %s WHERE option_name = 'iwp_client_public_key'";
                     $wpdb->query($wpdb->prepare($query, $clone_options['iwp_client_public_key']));
                 } else {
                     $insert = $wpdb->insert($new_table_prefix . "options", array('option_name' => 'iwp_client_public_key', 'option_value' => $clone_options['iwp_client_public_key'], 'autoload' => 'yes'), array('%s', '%s', '%s'));
                 }
             }
         }
         $query = "SELECT * FROM " . $new_table_prefix . "users LIMIT 1";
         $temp_user = $wpdb->get_row($query);
         $new_user = $temp_user->user_login;
         //Remove hit count
         $query = "DELETE FROM " . $new_table_prefix . "options WHERE option_name = 'iwp_client_user_hit_count'";
         $wpdb->query($query);
         //Check for .htaccess permalinks update
         $this->replace_htaccess($home, $remote_abspath);
     } else {
         //restore client options
         if (is_array($restore_options) && !empty($restore_options)) {
             $GLOBALS['table_prefix'] = $wpdb->base_prefix;
             $this->clone_restore_options($restore_options);
         }
     }
     //clear the temp directory
     $wp_temp_direct2 = new WP_Filesystem_Direct('');
     $wp_temp_direct2->delete($new_temp_folder, true);
     return !empty($new_user) ? $new_user : true;
 }
Exemplo n.º 23
0
<?php

if (!defined('ABSPATH')) {
    exit;
}
global $wpdb, $registry, $message, $validator;
if (isset($_POST['save'])) {
    if (wp_check_password($_POST['old_password'], $user_info->user_pass, $user_id)) {
        if (strlen(wp_unslash($_POST['new_password'])) > 5) {
            if (strlen(wp_unslash($_POST['new_password'])) <= 16) {
                if (wp_unslash($_POST['new_password_repeat']) == wp_unslash($_POST['new_password'])) {
                    if (wp_unslash($_POST['new_password']) != wp_unslash($_POST['old_password'])) {
                        $hash = wp_hash_password(wp_unslash($_POST['new_password']));
                        if ($wpdb->update('is_users', array('user_pass' => $hash), array('ID' => $user_id))) {
                            $message[0] = 'success';
                            $message[1] = 'მონაცემები წარმატებით შეიცვალა';
                        } else {
                            $message[0] = 'error';
                            $message[1] = 'ვერ ხერხდება ბაზასთან დაკავშირება, მოგვიანებით სცადეთ.';
                        }
                    } else {
                        $message[0] = 'error';
                        $message[1] = 'ძველი და ახალი პაროლები არ უნდა ემთხვეოდეს ერთმანეთს.';
                    }
                } else {
                    $message[0] = 'error';
                    $message[1] = 'ახალი პაროლი და გაიმეორე პაროლი არ ემთხვევა ერთმანეთს.';
                }
            } else {
                $message[0] = 'error';
                $message[1] = 'პაროლი უნდა შეიცავდეს მაქსიმუმ 16 სიმბოლოს და მინიმუმ 6 სიმბოლოს.';
Exemplo n.º 24
0
/**
 * Activate a signup.
 *
 *
 * @param string $key The activation key provided to the user.
 * @return array An array containing information about the activated user and/or blog
 */
function wppb_activate_signup($key)
{
    global $wpdb;
    $bloginfo = get_bloginfo('name');
    $wppb_general_settings = get_option('wppb_general_settings');
    $signup = is_multisite() ? $wpdb->get_row($wpdb->prepare("SELECT * FROM {$wpdb->signups} WHERE activation_key = %s", $key)) : $wpdb->get_row($wpdb->prepare("SELECT * FROM " . $wpdb->base_prefix . "signups WHERE activation_key = %s", $key));
    if (empty($signup)) {
        return apply_filters('wppb_register_activate_user_error_message1', '<p class="error">' . __('Invalid activation key!', 'profilebuilder') . '</p>');
    }
    if ($signup->active) {
        if (empty($signup->domain)) {
            return apply_filters('wppb_register_activate_user_error_message2', '<p class="error">' . __('This username is now active!', 'profilebuilder') . '</p>');
        }
    }
    $meta = unserialize($signup->meta);
    $user_login = isset($wppb_general_settings['loginWith']) && $wppb_general_settings['loginWith'] == 'email' ? trim($signup->user_email) : trim($signup->user_login);
    $user_email = esc_sql($signup->user_email);
    /* the password is in hashed form in the signup table so we will add it later */
    $password = NULL;
    $user_id = username_exists($user_login);
    if (!$user_id) {
        $user_id = wppb_create_user($user_login, $password, $user_email);
    } else {
        $user_already_exists = true;
    }
    if (!$user_id) {
        return apply_filters('wppb_register_activate_user_error_message4', '<p class="error">' . __('Could not create user!', 'profilebuilder') . '</p>');
    } elseif (isset($user_already_exists) && $user_already_exists == true) {
        return apply_filters('wppb_register_activate_user_error_message5', '<p class="error">' . __('This username is already activated!', 'profilebuilder') . '</p>');
    } else {
        $inserted_user = is_multisite() ? $wpdb->update($wpdb->signups, array('active' => 1, 'activated' => current_time('mysql', true)), array('activation_key' => $key)) : $wpdb->update($wpdb->base_prefix . 'signups', array('active' => 1, 'activated' => current_time('mysql', true)), array('activation_key' => $key));
        wppb_add_meta_to_user_on_activation($user_id, '', $meta);
        // if admin approval is activated, then block the user untill he gets approved
        $wppb_generalSettings = get_option('wppb_general_settings');
        if (isset($wppb_generalSettings['adminApproval']) && $wppb_generalSettings['adminApproval'] == 'yes') {
            $user_data = get_userdata($user_id);
            if ($wppb_generalSettings != 'not_found' && !empty($wppb_generalSettings['adminApprovalOnUserRole'])) {
                foreach ($user_data->roles as $role) {
                    if (in_array($role, $wppb_generalSettings['adminApprovalOnUserRole'])) {
                        wp_set_object_terms($user_id, array('unapproved'), 'user_status', false);
                        clean_object_term_cache($user_id, 'user_status');
                    } else {
                        add_filter('wppb_register_success_message', 'wppb_noAdminApproval_successMessage');
                    }
                }
            } else {
                wp_set_object_terms($user_id, array('unapproved'), 'user_status', false);
                clean_object_term_cache($user_id, 'user_status');
            }
        }
        if (!isset($wppb_generalSettings['adminApproval'])) {
            $wppb_generalSettings['adminApproval'] = 'no';
        }
        /* copy the hashed password from signup meta to wp user table */
        if (!empty($meta['user_pass'])) {
            /* we might still have the base64 encoded password in signups and not the hash */
            if (base64_encode(base64_decode($meta['user_pass'], true)) === $meta['user_pass']) {
                $meta['user_pass'] = wp_hash_password($meta['user_pass']);
            }
            $wpdb->update($wpdb->users, array('user_pass' => $meta['user_pass']), array('ID' => $user_id));
        }
        wppb_notify_user_registration_email($bloginfo, $user_login, $user_email, 'sending', $password, $wppb_generalSettings['adminApproval']);
        do_action('wppb_activate_user', $user_id, $password, $meta);
        if ($inserted_user) {
            $success_message = apply_filters('wppb_success_email_confirmation', '<p class="wppb-success">' . __('Your email was successfully confirmed.', 'profilebuilder') . '</p><!-- .success -->');
            $admin_approval_message = apply_filters('wppb_email_confirmation_with_admin_approval', '<p class="wppb-success">' . __('Before you can access your account, an administrator needs to approve it. You will be notified via email.', 'profilebuilder') . '</p>');
            $wppb_general_settings = get_option('wppb_general_settings', 'false');
            if (!empty($wppb_general_settings['adminApproval']) && $wppb_general_settings['adminApproval'] == 'yes') {
                $user_data = get_userdata($user_id);
                if ($wppb_general_settings != 'not_found' && !empty($wppb_general_settings['adminApprovalOnUserRole'])) {
                    foreach ($user_data->roles as $role) {
                        if (in_array($role, $wppb_general_settings['adminApprovalOnUserRole'])) {
                            return $success_message . $admin_approval_message;
                        } else {
                            wp_set_object_terms($user_id, NULL, 'user_status');
                            clean_object_term_cache($user_id, 'user_status');
                            return $success_message;
                        }
                    }
                } else {
                    return $success_message . $admin_approval_message;
                }
            } else {
                wp_set_object_terms($user_id, NULL, 'user_status');
                clean_object_term_cache($user_id, 'user_status');
                return $success_message;
            }
        } else {
            return apply_filters('wppb_register_failed_user_activation', '<p class="error">' . __('There was an error while trying to activate the user.', 'profilebuilder') . '</p><!-- .error -->');
        }
    }
}
Exemplo n.º 25
0
 /**
  * Updates the user's password with a new encrypted one.
  *
  * For integration with other applications, this function can be overwritten to
  * instead use the other package password checking algorithm.
  *
  * Please note: This function should be used sparingly and is really only meant for single-time
  * application. Leveraging this improperly in a plugin or theme could result in an endless loop
  * of password resets if precautions are not taken to ensure it does not execute on every page load.
  *
  * @since 2.5.0
  *
  * @global wpdb $wpdb WordPress database abstraction object.
  *
  * @param string $password The plaintext new user password
  * @param int $user_id User ID
  */
 function wp_set_password($password, $user_id)
 {
     global $wpdb;
     $hash = wp_hash_password($password);
     $wpdb->update($wpdb->users, array('user_pass' => $hash, 'user_activation_key' => ''), array('ID' => $user_id));
     wp_cache_delete($user_id, 'users');
 }
Exemplo n.º 26
0
 /**
  * Handle "quick actions" via ajax
  *
  * Return json instructions on next action.  User by several JS functions.
  *
  * @since 0.1
  *
  */
 static function quick_action($array = false)
 {
     global $wpdb;
     $action = !empty($_REQUEST['wp_crm_quick_action']) ? $_REQUEST['wp_crm_quick_action'] : false;
     $object_id = !empty($_REQUEST['object_id']) ? $_REQUEST['object_id'] : false;
     switch ($action) {
         case 'reset_user_password':
             $user_password = wp_generate_password(12, false);
             if ($object_id && $wpdb->update($wpdb->users, array('user_pass' => wp_hash_password($user_password)), array('ID' => $object_id))) {
                 $user_data = get_userdata($object_id);
                 $user_login = $user_data->user_login;
                 $user_email = $user_data->user_email;
                 $reset_key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM {$wpdb->users} WHERE user_login = %s", $user_login));
                 if (empty($reset_key)) {
                     $key = wp_generate_password(20, false);
                     $wpdb->update($wpdb->users, array('user_activation_key' => $reset_key), array('user_login' => $user_login));
                 }
                 wp_crm_add_to_user_log($object_id, __('Password reset. A random password has been generated for user by system.', 'wp_crm'));
                 $args['user_login'] = $user_login;
                 $args['user_email'] = $user_email;
                 $args['user_password'] = $user_password;
                 $args['reset_key'] = $reset_key;
                 $args['reset_url'] = network_site_url("wp-login.php?action=rp&key={$reset_key}&login="******"DELETE FROM {$wpdb->crm_log} WHERE id = {$object_id}")) {
                 $return['success'] = 'true';
                 $return['message'] = __('Message deleted.', 'wp_crm');
                 $return['action'] = 'hide_element';
             }
             break;
         case 'trash_message_and_user':
             if (current_user_can('delete_users')) {
                 $user_id = $wpdb->get_var("SELECT object_id FROM {$wpdb->crm_log} WHERE id = {$object_id} AND object_type = 'user' ");
                 if ($user_id) {
                     wp_delete_user($user_id);
                 }
                 $return['success'] = 'true';
                 $return['message'] = __('Sender trashed.', 'wp_crm');
                 $return['action'] = 'hide_element';
             }
             break;
         default:
             $return = apply_filters('wp_crm_quick_action', array('action' => $action, 'object_id' => $object_id));
             break;
     }
     if (is_array($return)) {
         return json_encode($return);
     } else {
         return false;
     }
 }
Exemplo n.º 27
0
 function wppb_save_form_values($global_request)
 {
     $user_id = $this->wppb_get_desired_user_id();
     $userdata = apply_filters('wppb_build_userdata', array(), $global_request);
     $new_user_signup = false;
     $wppb_general_settings = get_option('wppb_general_settings');
     if (isset($wppb_general_settings['loginWith']) && $wppb_general_settings['loginWith'] == 'email') {
         $userdata['user_login'] = apply_filters('wppb_generated_random_username', Wordpress_Creation_Kit_PB::wck_generate_slug(trim($userdata['user_email'])), $userdata['user_email']);
     }
     if ($this->args['form_type'] == 'register') {
         if (!is_multisite()) {
             if (isset($wppb_general_settings['emailConfirmation']) && $wppb_general_settings['emailConfirmation'] == 'yes') {
                 $new_user_signup = true;
                 $multisite_message = true;
                 $userdata = $this->wppb_add_custom_field_values($global_request, $userdata, $this->args['form_fields']);
                 if (!isset($userdata['role'])) {
                     $userdata['role'] = $this->args['role'];
                 }
                 $userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
                 wppb_signup_user($userdata['user_login'], $userdata['user_email'], $userdata);
             } else {
                 if (!isset($userdata['role'])) {
                     $userdata['role'] = $this->args['role'];
                 }
                 $userdata = wp_unslash($userdata);
                 $user_id = wp_insert_user($userdata);
             }
         } else {
             $new_user_signup = true;
             $multisite_message = true;
             $userdata = $this->wppb_add_custom_field_values($global_request, $userdata, $this->args['form_fields']);
             if (!isset($userdata['role'])) {
                 $userdata['role'] = $this->args['role'];
             }
             $userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
             /* since version 2.0.7 add this meta so we know on what blog the user registered */
             $userdata['registered_for_blog_id'] = get_current_blog_id();
             $userdata = wp_unslash($userdata);
             wppb_signup_user($userdata['user_login'], $userdata['user_email'], $userdata);
         }
     } elseif ($this->args['form_type'] == 'edit_profile') {
         $userdata['ID'] = $this->wppb_get_desired_user_id();
         $userdata = wp_unslash($userdata);
         /* if the user changes his password then we can't send it to the wp_update_user() function or
            the user will be logged out and won't be logged in again because we call wp_update_user() after
            the headers were sent( in the content as a shortcode ) */
         if (isset($userdata['user_pass']) && !empty($userdata['user_pass'])) {
             unset($userdata['user_pass']);
         }
         wp_update_user($userdata);
     }
     if (!empty($this->args['form_fields']) && !$new_user_signup) {
         foreach ($this->args['form_fields'] as $field) {
             do_action('wppb_save_form_field', $field, $user_id, $global_request, $this->args['form_type']);
         }
         if ($this->args['form_type'] == 'register') {
             if (!is_wp_error($user_id)) {
                 $wppb_general_settings = get_option('wppb_general_settings');
                 if (isset($global_request['send_credentials_via_email']) && $global_request['send_credentials_via_email'] == 'sending') {
                     $send_credentials_via_email = 'sending';
                 } else {
                     $send_credentials_via_email = '';
                 }
                 wppb_notify_user_registration_email(get_bloginfo('name'), isset($userdata['user_login']) ? trim($userdata['user_login']) : trim($userdata['user_email']), trim($userdata['user_email']), $send_credentials_via_email, trim($userdata['user_pass']), isset($wppb_general_settings['adminApproval']) ? $wppb_general_settings['adminApproval'] : 'no');
             }
         }
     }
     return $user_id;
 }
Exemplo n.º 28
0
 /**
  * ecartregcust::add_user()
  * 
  * @param mixed $data
  * @return
  */
 private function add_user()
 {
     require_once(ABSPATH."/wp-includes/registration.php");
     
     $Errors =& EcartErrors();
     $Errors->reset();
     if (empty($_POST['customer']['email'])) 
     {
         $this->form_error = 'Email address is required.';
         return false;
     }
     if ($this->email_exists($_POST['customer']['email'])) 
     {
         $this->form_error = 'Email address is already registered with another customer.';
         return false;
     }
     if (empty($_POST['customer']['password'])) 
     {
         $this->form_error = 'Password is required.';
         return false;
     }
     if ($_POST['customer']['password'] !== $_POST['customer']['confirm-password']) 
     {
         $this->form_error = 'Passwords do not match.';
         return false;
     } 
     if ($this->ecart_account_type == 'wordpress')
     {
         if (empty($_POST['customer']['loginname'])) 
         {
             $this->form_error = 'Username is already registered.';
             return false;                
         }
         if (email_exists($_POST['customer']['email']))
         {
             $this->form_error = 'Email address is already registered with another user.';
             return false;                 
         }
     }
     if ($this->show_billing)
     {
         if (empty($_POST['billing']['address']))
         {
             $this->form_error = 'Street address is required.';
             return false;                
         }
         if (empty($_POST['billing']['city']))
         {
             $this->form_error = 'City is required.';
             return false;                
         }
         if (empty($_POST['billing']['state']))
         {
             $this->form_error = 'State is required.';
             return false;                
         }
         if (empty($_POST['billing']['postcode']))
         {
             $this->form_error = 'Postcode is required.';
             return false;                
         }
     }
     
     $customer_data = $_POST['customer'];
     
     $ecart_customer = new Customer();
     $ecart_customer->updates($customer_data);
     
     if ($this->ecart_account_type == 'wordpress') 
     {
         $ecart_customer->create_wpuser(); // not logged in, create new account
         $customer_data['wpuser'] = $ecart_customer->wpuser;
         unset($ecart_customer->password);
         if ($Errors->exist(ECART_ERR)) 
         {
             $ecart_error = $Errors->get(ECART_ERR);
             $this->form_error = implode(', ', $ecart_error[0]->messages);
             return false;
         }
     }
     else
     {       
         $ecart_customer->password = wp_hash_password($data['password']);
     }        
     $ecart_customer->save();
     
     if ($Errors->exist(ECART_ERR)) 
     {
         $ecart_error = $Errors->get(ECART_ERR);
         $this->form_error = implode(', ', $ecart_error[0]->messages);
         return false;
     }                
     if ($this->show_billing)
     {
         $billing_data = $_POST['billing'];
         $ecart_billing = new Billing();  
         $ecart_billing->updates($billing_data);
         $ecart_billing->customer = $ecart_customer->id;
         $ecart_billing->save();
     }        
     
     return $customer_data;
 }
Exemplo n.º 29
0
/**
 * Update a user in the database.
 *
 * It is possible to update a user's password by specifying the 'user_pass'
 * value in the $userdata parameter array.
 *
 * If current user's password is being updated, then the cookies will be
 * cleared.
 *
 * @since 2.0.0
 *
 * @see wp_insert_user() For what fields can be set in $userdata.
 *
 * @param mixed $userdata An array of user data or a user object of type stdClass or WP_User.
 * @return int|WP_Error The updated user's ID or a WP_Error object if the user could not be updated.
 */
function wp_update_user($userdata)
{
    if ($userdata instanceof stdClass) {
        $userdata = get_object_vars($userdata);
    } elseif ($userdata instanceof WP_User) {
        $userdata = $userdata->to_array();
    }
    $ID = isset($userdata['ID']) ? (int) $userdata['ID'] : 0;
    if (!$ID) {
        return new WP_Error('invalid_user_id', __('Invalid user ID.'));
    }
    // First, get all of the original fields
    $user_obj = get_userdata($ID);
    if (!$user_obj) {
        return new WP_Error('invalid_user_id', __('Invalid user ID.'));
    }
    $user = $user_obj->to_array();
    // Add additional custom fields
    foreach (_get_additional_user_keys($user_obj) as $key) {
        $user[$key] = get_user_meta($ID, $key, true);
    }
    // Escape data pulled from DB.
    $user = add_magic_quotes($user);
    if (!empty($userdata['user_pass']) && $userdata['user_pass'] !== $user_obj->user_pass) {
        // If password is changing, hash it now
        $plaintext_pass = $userdata['user_pass'];
        $userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
        /**
         * Filter whether to send the password change email.
         *
         * @since 4.3.0
         *
         * @see wp_insert_user() For `$user` and `$userdata` fields.
         *
         * @param bool  $send     Whether to send the email.
         * @param array $user     The original user array.
         * @param array $userdata The updated user array.
         *
         */
        $send_password_change_email = apply_filters('send_password_change_email', true, $user, $userdata);
    }
    if (isset($userdata['user_email']) && $user['user_email'] !== $userdata['user_email']) {
        /**
         * Filter whether to send the email change email.
         *
         * @since 4.3.0
         *
         * @see wp_insert_user() For `$user` and `$userdata` fields.
         *
         * @param bool  $send     Whether to send the email.
         * @param array $user     The original user array.
         * @param array $userdata The updated user array.
         *
         */
        $send_email_change_email = apply_filters('send_email_change_email', true, $user, $userdata);
    }
    wp_cache_delete($user['user_email'], 'useremail');
    // Merge old and new fields with new fields overwriting old ones.
    $userdata = array_merge($user, $userdata);
    $user_id = wp_insert_user($userdata);
    if (!is_wp_error($user_id)) {
        $blog_name = wp_specialchars_decode(get_option('blogname'));
        if (!empty($send_password_change_email)) {
            /* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */
            $pass_change_text = __('Hi ###USERNAME###,

This notice confirms that your password was changed on ###SITENAME###.

If you did not change your password, please contact the Site Administrator at
###ADMIN_EMAIL###

This email has been sent to ###EMAIL###

Regards,
All at ###SITENAME###
###SITEURL###');
            $pass_change_email = array('to' => $user['user_email'], 'subject' => __('[%s] Notice of Password Change'), 'message' => $pass_change_text, 'headers' => '');
            /**
             * Filter the contents of the email sent when the user's password is changed.
             *
             * @since 4.3.0
             *
             * @param array $pass_change_email {
             *            Used to build wp_mail().
             *            @type string $to      The intended recipients. Add emails in a comma separated string.
             *            @type string $subject The subject of the email.
             *            @type string $message The content of the email.
             *                The following strings have a special meaning and will get replaced dynamically:
             *                - ###USERNAME###    The current user's username.
             *                - ###ADMIN_EMAIL### The admin email in case this was unexpected.
             *                - ###EMAIL###       The old email.
             *                - ###SITENAME###    The name of the site.
             *                - ###SITEURL###     The URL to the site.
             *            @type string $headers Headers. Add headers in a newline (\r\n) separated string.
             *        }
             * @param array $user     The original user array.
             * @param array $userdata The updated user array.
             *
             */
            $pass_change_email = apply_filters('password_change_email', $pass_change_email, $user, $userdata);
            $pass_change_email['message'] = str_replace('###USERNAME###', $user['user_login'], $pass_change_email['message']);
            $pass_change_email['message'] = str_replace('###ADMIN_EMAIL###', get_option('admin_email'), $pass_change_email['message']);
            $pass_change_email['message'] = str_replace('###EMAIL###', $user['user_email'], $pass_change_email['message']);
            $pass_change_email['message'] = str_replace('###SITENAME###', get_option('blogname'), $pass_change_email['message']);
            $pass_change_email['message'] = str_replace('###SITEURL###', home_url(), $pass_change_email['message']);
            wp_mail($pass_change_email['to'], sprintf($pass_change_email['subject'], $blog_name), $pass_change_email['message'], $pass_change_email['headers']);
        }
        if (!empty($send_email_change_email)) {
            /* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */
            $email_change_text = __('Hi ###USERNAME###,

This notice confirms that your email was changed on ###SITENAME###.

If you did not change your email, please contact the Site Administrator at
###ADMIN_EMAIL###

This email has been sent to ###EMAIL###

Regards,
All at ###SITENAME###
###SITEURL###');
            $email_change_email = array('to' => $user['user_email'], 'subject' => __('[%s] Notice of Email Change'), 'message' => $email_change_text, 'headers' => '');
            /**
             * Filter the contents of the email sent when the user's email is changed.
             *
             * @since 4.3.0
             *
             * @param array $email_change_email {
             *            Used to build wp_mail().
             *            @type string $to      The intended recipients.
             *            @type string $subject The subject of the email.
             *            @type string $message The content of the email.
             *                The following strings have a special meaning and will get replaced dynamically:
             *                - ###USERNAME###    The current user's username.
             *                - ###ADMIN_EMAIL### The admin email in case this was unexpected.
             *                - ###EMAIL###       The old email.
             *                - ###SITENAME###    The name of the site.
             *                - ###SITEURL###     The URL to the site.
             *            @type string $headers Headers.
             *        }
             * @param array $user The original user array.
             * @param array $userdata The updated user array.
             */
            $email_change_email = apply_filters('email_change_email', $email_change_email, $user, $userdata);
            $email_change_email['message'] = str_replace('###USERNAME###', $user['user_login'], $email_change_email['message']);
            $email_change_email['message'] = str_replace('###ADMIN_EMAIL###', get_option('admin_email'), $email_change_email['message']);
            $email_change_email['message'] = str_replace('###EMAIL###', $user['user_email'], $email_change_email['message']);
            $email_change_email['message'] = str_replace('###SITENAME###', get_option('blogname'), $email_change_email['message']);
            $email_change_email['message'] = str_replace('###SITEURL###', home_url(), $email_change_email['message']);
            wp_mail($email_change_email['to'], sprintf($email_change_email['subject'], $blog_name), $email_change_email['message'], $email_change_email['headers']);
        }
    }
    // Update the cookies if the password changed.
    $current_user = wp_get_current_user();
    if ($current_user->ID == $ID) {
        if (isset($plaintext_pass)) {
            wp_clear_auth_cookie();
            // Here we calculate the expiration length of the current auth cookie and compare it to the default expiration.
            // If it's greater than this, then we know the user checked 'Remember Me' when they logged in.
            $logged_in_cookie = wp_parse_auth_cookie('', 'logged_in');
            /** This filter is documented in wp-includes/pluggable.php */
            $default_cookie_life = apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $ID, false);
            $remember = $logged_in_cookie['expiration'] - time() > $default_cookie_life;
            wp_set_auth_cookie($ID, $remember);
        }
    }
    return $user_id;
}
Exemplo n.º 30
0
 /**
  * Run password through wp_hash_password()
  *
  * @param string $username
  * @param string $password
  */
 public function callback_pass($username, $password)
 {
     $user = $this->wpdb->get_row('SELECT * FROM ' . $this->wpdb->users . ' WHERE user_login = "******" AND user_pass = "" LIMIT 1');
     if (!empty($user)) {
         $usermeta = $this->wpdb->get_row('SELECT * FROM ' . $this->wpdb->usermeta . ' WHERE meta_key = "_bbp_password" AND user_id = "' . $user->ID . '" LIMIT 1');
         if (!empty($usermeta)) {
             if ($this->authenticate_pass($password, $usermeta->meta_value)) {
                 $this->wpdb->query('UPDATE ' . $this->wpdb->users . ' ' . 'SET user_pass = "******" ' . 'WHERE ID = "' . $user->ID . '"');
                 $this->wpdb->query('DELETE FROM ' . $this->wpdb->usermeta . ' WHERE meta_key = "_bbp_password" AND user_id = "' . $user->ID . '"');
             }
         }
     }
 }