public function index() { $model = $this->load->model('pad_model'); if ($row = $model->get_pemda()) { $ta = date('Y'); $sess_data = array('pad_tahun_anggaran' => $ta, 'pad_pemda_daerah' => $row->daerah, 'pad_pemda_alamat' => $row->alamat, 'pad_pemda_alamat_lengkap' => $row->alamat_lengkap, 'pad_pemda_telp' => $row->telp, 'pad_pemda_fax' => $row->fax, 'pad_pemda_website' => $row->website, 'pad_pemda_email' => $row->email, 'pad_pemda_nama' => $row->pemda_nama, 'pad_pemda_singkatan' => $row->pemda_nama_singkat, 'pad_pemda_type' => $row->type, 'pad_pemda_kepala' => $row->kepala_nama, 'pad_pemda_jabatan' => $row->jabatan, 'pad_pemda_ibukota' => $row->ibukota, 'pad_pemda_unitid' => $row->ppkd_id, 'pad_reklame_id' => $row->reklame_id, 'pad_air_tanah_id' => $row->airtanah_id, 'pad_dok_self_id' => $row->self_dok_id, 'pad_dok_office_id' => $row->office_dok_id, 'pad_hiburan_id' => $row->hiburan_id, 'pad_ppj_id' => $row->ppj_id, 'pad_hotel_id' => $row->hotel_id, 'pad_walet_id' => $row->walet_id, 'pad_restauran_id' => $row->restauran_id, 'pad_parkir_id' => $row->parkir_id, 'pad_surat_no' => $row->surat_no, 'pad_ijin_kd' => $row->ijin_kd, 'pad_reklame_kd' => $row->reklame_kd, 'pad_air_tanah_kd' => $row->airtanah_kd, 'pad_parkir_kd' => $row->parkir_kd, 'pad_ppj_kd' => $row->ppj_kd, 'pad_hiburan_kd' => $row->hiburan_kd, 'pad_hotel_kd' => $row->hotel_kd, 'pad_restauran_kd' => $row->restauran_kd, 'pad_spt_date' => $row->tgl_spt, 'pad_spt_due_date' => $row->tgl_jatuhtempo_self, 'pad_spt_denda' => $row->spt_denda, 'pad_bunga' => $row->pad_bunga, 'pad_ppkd_id' => $row->ppkd_id); $this->session->set_userdata($sess_data); } $data['current'] = 'beranda'; $data['apps'] = $this->apps_model->get_active_only(); if (!wp_login()) { $this->load->view('vmain', $data); } else { $this->load->view('wp/vmenu', $data); } }
function get_currentuserinfo() { // Use HTTP auth instead of cookies global $current_user; if (!empty($current_user)) { return; } // Some apache versions prepend "REDIRECT_" to server variable name, according to http://www.besthostratings.com/articles/http-auth-php-cgi.html if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) { $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; } // Workaround for HTTP Authentication with PHP running as CGI (htaccess rule copies authentication data into HTTP_AUTHORIZATION) if (isset($_SERVER['HTTP_AUTHORIZATION'])) { $ha = base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)); list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', $ha); unset($ha); } if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || !wp_login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) { header('WWW-Authenticate: Basic realm="' . get_bloginfo('name') . '"'); header('HTTP/1.0 401 Unauthorized'); scoper_load_textdomain(); // otherwise this is only loaded for wp-admin die(__('Access denied: Incorrect credentials supplied.', 'scoper')); } $user_login = $_SERVER['PHP_AUTH_USER']; wp_set_current_user(0, $user_login); }
public function mylogin($login, $pass) { $result = wp_login($login, $pass, 'test'); if (!$result) { return false; } var_dump($result); $this->login = $login; $this->logining(); return true; }
function sptpd_get_cu($customer_id, $usaha_id = '') { // terlanjur sayang $qry = "select cu.id customer_usaha_id, cu.customer_id, cu.usaha_id, get_npwpd(c.id, true) as npwpd, get_npwpd(c.id, false) as npwpd2, c.nama as customernm,\r\n\t\t\tcu.konterid, cu.air_zona_id, cu.air_manfaat_id , u.so, cu.def_pajak_id,\r\n\t\t\tcast(u.nama||' ('||cu.konterid||' | '||coalesce(cu.opnm,u.nama)||')' as character varying) as usahanm,\r\n \r\n c.wpnama, c.wpalamat\r\n\r\n\t\t\tfrom pad_customer_usaha cu\r\n\t\t\tinner join pad_customer c on cu.customer_id=c.id\r\n\t\t\tinner join pad_usaha u on cu.usaha_id=u.id\r\n\t\t\twhere cu.customer_id = ?"; if (wp_login() && empty($usaha_id)) { $qry .= "and u.id not in (" . pad_reklame_id() . ", " . pad_air_tanah_id() . ") "; } if (wp_login() && !empty($usaha_id)) { $qry .= "and u.id in ({$usaha_id}) "; } $qry .= "order by c.rp,c.pb,c.formno, cu.usaha_id, cu.konterid"; $query = $this->db_pad->query($qry, array($customer_id)); if ($query->num_rows() !== 0) { return $query->result(); } else { return FALSE; } }
function ProjectTheme_do_login_scr() { /*do_action( 'login_enqueue_scripts' ); do_action( 'login_head' ); do_action('login_footer'); */ global $wpdb, $error, $wp_query, $current_theme_locale_name; if (!is_array($wp_query->query_vars)) { $wp_query->query_vars = array(); } $action = $_REQUEST['action']; $error = ''; nocache_headers(); header('Content-Type: ' . get_bloginfo('html_type') . '; charset=' . get_bloginfo('charset')); if (defined('RELOCATE')) { // Move flag is set if (isset($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) { $_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF']); } $schema = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ? 'https://' : 'http://'; if (dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_settings('siteurl')) { update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'])); } } do_action('login_init'); do_action('login_form_' . $action); switch ($_REQUEST["action"]) { //logout case "logout": wp_clearcookie(); session_start(); $sessions->destroy_all(); /*session_start(); if(isset($vstrsnln_blog_id)) { unset( $vstrsnln_blog_id); session_destroy(); } */ if (get_option("jk_logout_redirect_to")) { $redirect_to = get_option("jk_logout_redirect_to"); } else { $redirect_to = "wp-login.php"; } do_action('wp_logout'); nocache_headers(); if (isset($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; } wp_redirect(get_bloginfo('siteurl')); exit; break; //lost lost password //lost lost password case 'lostpassword': case 'retrievepassword': $http_post = 'POST' == $_SERVER['REQUEST_METHOD']; if ($http_post) { $errors = my_retrieve_password(); if (!is_wp_error($errors)) { $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm'; wp_safe_redirect($redirect_to); exit; } } if (isset($_GET['error']) && 'invalidkey' == $_GET['error']) { $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.')); } $redirect_to = apply_filters('lostpassword_redirect', !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : ''); do_action('lost_password'); $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : ''; get_header(); ?> <div class="page_heading_me"> <div class="page_heading_me_inner"> <div class="mm_inn"><?php printf(__("Retrieve Password - %s", $current_theme_locale_name), get_bloginfo('name')); ?> </div> </div> </div> <!-- ########## --> <div id="main_wrapper"> <div id="main" class="wrapper"><div class="padd10"> <div class="my_box3"> <div class="padd10"> <div class="box_content"> <div class="login-submit-form"> <form name="lostpass" action="<?php echo esc_url(site_url('wp-login.php?action=lostpassword', 'login_post')); ?> " method="post" id="loginform"> <p><?php _e('Please enter your information here. We will send you a new password.', $current_theme_locale_name); ?> </p> <?php if ($errors) { echo "<div class='errrs'>" . $errors->get_error_message() . "</div>"; } ?> <input type="hidden" name="action" value="retrievepassword" /> <p> <label><?php _e('Username or Email:', $current_theme_locale_name); ?> </label> <input type="text" class="do_input" name="user_login" id="user_login" value="" size="30" tabindex="1" /> </p> <?php do_action('lostpassword_form'); ?> <p><label> </label> <input type="submit" name="submit" id="submit" value="<?php _e('Retrieve Password', $current_theme_locale_name); ?> " class="submit_bottom" tabindex="3" /> </p> </form> <script type="text/javascript"> $(function() { // gather all inputs of selected types var inputs = $('#user_tp, #user_email, #user_login, #log, #login_password, #rememberme, #submits, .green_btn'), inputTo; // bind on keydown inputs.on('keydown', function(e) { // if we pressed the tab if (e.keyCode == 9 || e.which == 9) { alert('tab'); // prevent default tab action e.preventDefault(); if (e.shiftKey) { // get previous input based on the current input inputTo = inputs.get(inputs.index(this) - 1); } else { // get next input based on the current input inputTo = inputs.get(inputs.index(this) + 1); } // move focus to inputTo, otherwise focus first input if (inputTo) { inputTo.focus(); } else { inputs[0].focus(); } } }); }); </script> </div> <ul id="logins"> <li><a href="<?php bloginfo('home'); ?> /" title="<?php _e('Are you lost?', $current_theme_locale_name); ?> ">« <?php _e('Home', $current_theme_locale_name); ?> </a></li> <?php if (get_settings('users_can_register')) { ?> <li><a href="<?php bloginfo('wpurl'); ?> /wp-login.php?action=register"><?php _e('Register', $current_theme_locale_name); ?> </a></li> <?php } ?> <li><a href="<?php bloginfo('wpurl'); ?> /wp-login.php"><?php _e('Login', $current_theme_locale_name); ?> </a></li> </ul> </div> </div> </div> </div></div></div> <?php get_footer(); die; break; case 'retrievepassword2': get_header(); $user_data = get_userdatabylogin($_POST['user_login']); // redefining user_login ensures we return the right case in the email $user_login = $user_data->user_login; $user_email = $user_data->user_email; if (!$user_email || $user_email != $_POST['email']) { ?> <div class="my_box3"> <div class="padd10"> <div class="box_title"><?php _e("Retrieve Error", $current_theme_locale_name); ?> - <?php echo get_bloginfo('name'); ?> </div> <div class="box_content"> <br/><br/> <?php echo sprintf(__('Sorry, that user does not seem to exist in our database. Perhaps you have the wrong username or e-mail address? <a href="%s">Try again</a>.', $current_theme_locale_name), 'wp-login.php?action=lostpassword'); ?> <br/><br/> </div></div></div> <?php get_footer(); die; } do_action('retreive_password', $user_login); // Misspelled and deprecated. do_action('retrieve_password', $user_login); // Generate something random for a password... md5'ing current time with a rand salt $key = substr(md5(uniqid(current_time('timestamp', 0))), 0, 50); // now insert the new pass md5'd into the db $wpdb->query("UPDATE {$wpdb->users} SET user_activation_key = '{$key}' WHERE user_login = '******'"); $message = __('Someone has asked to reset the password for the following site and username.', $current_theme_locale_name) . "\r\n\r\n"; $message .= get_option('siteurl') . "\r\n\r\n"; $message .= sprintf(__('Username: %s', $current_theme_locale_name), $user_login) . "\r\n\r\n"; $message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.', $current_theme_locale_name) . "\r\n\r\n"; $message .= get_settings('siteurl') . "/wp-login.php?action=resetpass&key={$key}\r\n"; $m = ProjectTheme_send_email($user_email, sprintf(__('[%s] Password Reset', $current_theme_locale_name), get_settings('blogname')), $message); echo get_option("jk_login_after_head_html"); echo " <div id=\"login\">\n"; if ($m == false) { echo "<h1>" . __("There Was a Problem", $current_theme_locale_name) . "</h1>"; echo '<p>' . __('The e-mail could not be sent.', $current_theme_locale_name) . "<br />\n"; echo __('Possible reason: your host may have disabled the mail() function...', $current_theme_locale_name) . "</p>"; } else { echo "<h1>Success!</h1>"; echo '<p>' . sprintf(__("The e-mail was sent successfully to %s's e-mail address.", $current_theme_locale_name), $user_login) . '<br />'; echo "<a href='wp-login.php' title='" . __('Check your e-mail first, of course', $current_theme_locale_name) . "'>" . __('Click here to login!', $current_theme_locale_name) . '</a></p>'; } echo " </div>\n"; echo '</div></div></div>'; get_footer(); die; break; //reset password //reset password case 'rp': get_header(); //_get_whole_menu(); echo '<div class="my_box3"> <div class="padd10">'; echo " <div id=\"login\">\n"; // Generate something random for a password... md5'ing current time with a rand salt $key = preg_replace('/a-z0-9/i', '', $_GET['key']); if (empty($key)) { _e('<h1>Problem</h1>', $current_theme_locale_name); _e('Sorry, that key does not appear to be valid.', $current_theme_locale_name); echo " </div>\n"; echo '</div></td></tr></table></div></div>'; get_footer(); die; } $user = $wpdb->get_row("SELECT * FROM {$wpdb->users} WHERE user_activation_key = '{$key}'"); if (!$user) { _e('<h1>Problem</h1>', $current_theme_locale_name); _e('Sorry, that key does not appear to be valid.', $current_theme_locale_name); echo " </div>\n"; echo '</div></div>'; get_footer(); die; } do_action('password_reset'); $new_pass = substr(md5(uniqid(current_time('timestamp', 0))), 0, 7); $wpdb->query("UPDATE {$wpdb->users} SET user_pass = MD5('{$new_pass}'), user_activation_key = '' WHERE user_login = '******'"); wp_cache_delete($user->ID, 'users'); wp_cache_delete($user->user_login, 'userlogins'); $message = '<img id="logo" alt="BidQA" src="bidqa.com/wp-content/themes/ProjectTheme/images/logo/imgo.jpeg"><br>We have reset the password for the following account. Please find the new temporary password below (we recommend that you change it once you log in).<br>'; $message .= sprintf(__('Username: %s', $current_theme_locale_name), $user->user_login) . "\r\n<br>"; $message .= sprintf(__('Password: %s', $current_theme_locale_name), $new_pass) . "\r\n<br>"; $message .= get_bloginfo('siteurl') . "/wp-login.php\r\n<br>"; $m = wp_mail($user->user_email, sprintf(__('Your new password', $current_theme_locale_name)), $message); //ProjectTheme_send_email($user->user_email, sprintf(__('Your new password',$current_theme_locale_name) ), $message); if ($m == false) { echo __('<h1>Problem</h1>', $current_theme_locale_name); echo '<p>' . __('The e-mail could not be sent.', $current_theme_locale_name) . "<br />\n"; echo __('Possible reason: your host may have disabled the mail() function...', $current_theme_locale_name) . '</p>'; } else { echo __('<h1>Success!</h1>', $current_theme_locale_name); echo '<p>' . sprintf(__('Your new password is in the mail.', $current_theme_locale_name), $user_login) . '<br />'; echo "<a href='wp-login.php' title='" . __('Check your e-mail first, of course', $current_theme_locale_name) . "'>" . __('Click here to login!', $current_theme_locale_name) . '</a></p>'; // send a copy of password change notification to the admin $message = sprintf(__('Password Lost and Changed for user: %s', $current_theme_locale_name), $user->user_login) . "\r\n"; ProjectTheme_send_email(get_settings('admin_email'), sprintf(__('[%s] Password Lost/Change', $current_theme_locale_name), get_settings('blogname')), $message); } echo " </div>\n"; echo '</div></div></div>'; get_footer(); die; break; //login and default action //login and default action case 'login': default: //check credentials - 99% of this is identical to the normal wordpress login sequence as of 2.0.4 //Any differences will be noted with end of line comments. $user_login = ''; $user_pass = ''; $using_cookie = false; /** * this is what the code was * if ( !isset( $_REQUEST['redirect_to'] ) ) * $redirect_to = 'wp-admin/'; * else * $redirect_to = $_REQUEST['redirect_to']; */ if (!isset($_REQUEST['redirect_to'])) { $redirect_to = get_permalink(get_option('ProjectTheme_my_account_page_id')); } else { $redirect_to = $_REQUEST['redirect_to']; } if (isset($_SESSION['redirect_me_back'])) { $redirect_to = $_SESSION['redirect_me_back']; } if ($_POST) { $user_login = $_POST['log']; $user_login = sanitize_user($user_login); $user_pass = $_POST['pwd']; $rememberme = $_POST['rememberme']; } else { if (function_exists('wp_get_cookie_login')) { $cookie_login = wp_get_cookie_login(); if (!empty($cookie_login)) { $using_cookie = true; $user_login = $cookie_login['login']; $user_pass = $cookie_login['password']; } } elseif (!empty($_COOKIE)) { if (!empty($_COOKIE[USER_COOKIE])) { $user_login = $_COOKIE[USER_COOKIE]; } if (!empty($_COOKIE[PASS_COOKIE])) { $user_pass = $_COOKIE[PASS_COOKIE]; $using_cookie = true; } } } do_action('wp_authenticate', $user_login, $user_pass); if ($user_login && $user_pass) { $user = new WP_User(0, $user_login); // If the user can't edit posts, send them to their profile. //if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' ) ) // $redirect_to = get_settings('siteurl') . '/' . 'my-account'; if (wp_login($user_login, $user_pass, $using_cookie)) { if (!$using_cookie) { wp_setcookie($user_login, $user_pass, false, '', '', $rememberme); } do_action('wp_login', $user_login); wp_redirect($redirect_to); exit; } else { if ($using_cookie) { $error = __('Your session has expired.', $current_theme_locale_name); } } } else { if ($_POST && !$user_login) { $error = __('<strong>Error</strong>: The Username field is empty.', $current_theme_locale_name); } else { if ($_POST && !$user_pass) { $error = __('<strong>Error</strong>: The password field is empty.', $current_theme_locale_name); } } } get_header(); ?> <div class="page_heading_me"> <div class="page_heading_me_inner"> <div class="mm_inn"><?php printf(__("Login - %s", $current_theme_locale_name), get_bloginfo('name')); ?> </div> </div> </div> <!-- ########## --> <div id="main_wrapper"> <div id="main" class="wrapper"><div class="padd10"> <div class="my_box3"> <div class="padd10"> <div class="box_content"> <?php if (isset($_GET['checkemail']) && $_GET['checkemail'] == "confirm") { ?> <div class="check-email-div"><div class="padd10"> <?php _e('We have sent a confirmation message to your email address.<br/> Please follow the instructions in the email and get back to this page.', $current_theme_locale_name); ?> </div></div> <?php } ?> <?php if (!empty($error)) { ?> <div class="error"><ul> <?php echo "<li>{$error}</li>"; ?> </ul> </div> <?php } ?> <div class="login-submit-form"> <form name="loginform" id="loginform" action="<?php echo esc_url(site_url('wp-login.php', 'login_post')); ?> " method="post"> <p><label><?php _e('Username:'******'Password:'******'Keep me logged in', $current_theme_locale_name); ?> </p> <?php do_action('login_form'); ?> <p><label> </label> <input type="submit" class="submit_bottom" name="submits" id="submits" value="<?php _e('Sign in', $current_theme_locale_name); ?> " tabindex="4" /> <input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($redirect_to); ?> " /> </p> </form> <script type="text/javascript"> $(function() { // gather all inputs of selected types var inputs = $('#user_tp, #user_email, #user_login, #log, #login_password, #rememberme, #submits, .green_btn'), inputTo; console.log(inputs); // bind on keydown inputs.on('keydown', function(e) { // if we pressed the tab if (e.keyCode == 9 || e.which == 9) { // prevent default tab action e.preventDefault(); if (e.shiftKey) { // get previous input based on the current input inputTo = inputs.get(inputs.index(this) - 1); } else { // get next input based on the current input inputTo = inputs.get(inputs.index(this) + 1); } // move focus to inputTo, otherwise focus first input if (inputTo) { inputTo.focus(); } else { inputs[0].focus(); } } }); }); </script> <ul id="logins"> <li><a class="green_btn" href="<?php bloginfo('home'); ?> /" title="<?php _e('Are you lost?', $current_theme_locale_name); ?> ">« <?php _e('Home', $current_theme_locale_name); ?> </a></li> <?php if (get_settings('users_can_register')) { ?> <li><a class="green_btn" href="<?php bloginfo('wpurl'); ?> /wp-login.php?action=register"><?php _e('Register', $current_theme_locale_name); ?> </a></li> <?php } ?> <li><a class="green_btn" href="<?php bloginfo('wpurl'); ?> /wp-login.php?action=lostpassword" title="<?php _e('Password Lost and Found', $current_theme_locale_name); ?> "><?php _e('Lost your password?', $current_theme_locale_name); ?> </a></li> </ul> </div> </div> </div> </div> </div> </div> </div> <?php get_footer(); die; break; } }
function check_ajax_referer() { $current_name = ''; if ( ( $current = wp_get_current_user() ) && $current->ID ) $current_name = $current->data->user_login; if ( !$current_name ) die('-1'); $cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie foreach ( $cookie as $tasty ) { if ( false !== strpos($tasty, USER_COOKIE) ) $user = substr(strstr($tasty, '='), 1); if ( false !== strpos($tasty, PASS_COOKIE) ) $pass = substr(strstr($tasty, '='), 1); } if ( $current_name != $user || !wp_login( $user, $pass, true ) ) die('-1'); do_action('check_ajax_referer'); }
function authenticate() { $login_data = array(); $already_md5 = false; log_app("authenticate()", print_r($_ENV, true)); // if using mod_rewrite/ENV hack // http://www.besthostratings.com/articles/http-auth-php-cgi.html if (isset($_SERVER['HTTP_AUTHORIZATION'])) { list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); } // If Basic Auth is working... if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { $login_data = array('login' => $_SERVER['PHP_AUTH_USER'], 'password' => $_SERVER['PHP_AUTH_PW']); log_app("Basic Auth", $login_data['login']); } else { // else, do cookie-based authentication if (function_exists('wp_get_cookie_login')) { $login_data = wp_get_cookie_login(); $already_md5 = true; } } // call wp_login and set current user if (!empty($login_data) && wp_login($login_data['login'], $login_data['password'], $already_md5)) { $current_user = new WP_User(0, $login_data['login']); wp_set_current_user($current_user->ID); log_app("authenticate()", $login_data['login']); } }
function wpSignIn($wpUsr, $pass) { // This overrides authentication in wp_check_password() [wp-functions.php] // This is OK to set here, as phpBB has already dealt with integration. // DO NOT define this anywhere else, ever! define('PASSWORD_ALREADY_HASHED', TRUE); global $error; if (function_exists('wp_signon')) { $result = wp_signon(array('user_login' => $wpUsr, 'user_password' => $pass, 'remember' => false)); if (!is_wp_error($result)) { return true; } $error = $result->get_error_message(); } else { if (wp_login($wpUsr, md5($pass), true)) { wp_setcookie($wpUsr, md5($pass), true, '', '', false); do_action('wp_login', $wpUsr); return true; } } return false; }
function check_ajax_referer() { $cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie foreach ( $cookie as $tasty ) { if ( false !== strpos($tasty, USER_COOKIE) ) $user = substr(strstr($tasty, '='), 1); if ( false !== strpos($tasty, PASS_COOKIE) ) $pass = substr(strstr($tasty, '='), 1); } if ( !wp_login( $user, $pass, true ) ) die('-1'); do_action('check_ajax_referer'); }
} if ($password1 != '') { if ($password1 == $password2) { $pwd = wp_hash_password($password1); $sql = "UPDATE ".$wpdb->base_prefix."users SET user_pass = '******' WHERE ID = %d"; if ($wpdb->query( $wpdb->prepare($sql, $pwd, $uid) ) ) { $sql = "SELECT user_login FROM ".$wpdb->base_prefix."users WHERE ID = %d"; $username = $wpdb->get_var($wpdb->prepare($sql, $uid)); $id = $uid; $url = __wps__get_url('profile')."?view=settings&msg=".$pwmsg; wp_login($username, $pwd, true); wp_setcookie($username, $pwd, true); wp_set_current_user($id, $username); $pwmsg = "PASSWORD CHANGED"; } else { $pwmsg = __("Failed to update password, sorry.", WPS_TEXT_DOMAIN); } } else { $pwmsg = __("Passwords different, please try again.", WPS_TEXT_DOMAIN); } } echo $pwmsg;
function set_post_content_13($entry, $form) { //login, set cookies, and set current user $user_pass = md5($entry['2']); wp_login($entry['3'], $user_pass, true); wp_setcookie($entry['3'], $entry['2'], true); wp_set_current_user($user->ID, $user_login); if (isset($_SESSION['returnURL']) && !empty($_SESSION['returnURL'])) { $url = $_SESSION['returnURL']; $_SESSION['returnURL'] == ''; header('Location: ' . $url); } }
function get_cu() { $c_id = $this->uri->segment(4); $cu_id = $this->uri->segment(5); $u_id = $this->uri->segment(6); // param untuk wp_login (opsional di menu default) $model = $this->load->model('pad_model'); if (!wp_login()) { $rows = $model->sptpd_get_cu($c_id); } else { $rows = $model->sptpd_get_cu($c_id); } $usaha = ''; $cu_data = new stdClass(); if ($rows) { $cu_data->customer_id = $rows[0]->customer_id; $cu_data->customernm = $rows[0]->customernm; $cu_data->npwpd = $rows[0]->npwpd; $cu_data->so = $rows[0]->so; $cu_data->konterid = $rows[0]->konterid; $cu_data->air_zona_id = $rows[0]->air_zona_id; $cu_data->air_manfaat_id = $rows[0]->air_manfaat_id; $cu_data->usaha_id = $rows[0]->usaha_id; $selected = "selected"; foreach ($rows as $row) { if ($cu_id == $row->customer_usaha_id) { $cu_data->usaha_id = $row->usaha_id; $usaha .= "<option value={$row->customer_usaha_id} selected>{$row->usahanm}</option>"; } else { $usaha .= "<option value={$row->customer_usaha_id}>{$row->usahanm}</option>"; } } $cu_data->usaha = $usaha; //Get Bulan SPT Pajak yg Terakhir //$cu_id = 10; //$u_id = 49; $month_ini = new DateTime("first day of last month"); $query = $this->db->query("select max(masadari) as max_masa from pad_spt \r\n where customer_id={$c_id} and customer_usaha_id={$cu_id} and pajak_id={$u_id}"); foreach ($query->result() as $row) { $max_masa = $row->max_masa; } $max_masa_f = date('d-m-Y', strtotime($max_masa)); $month_ini_f = $month_ini->format('d-m-Y'); if ($max_masa_f == $month_ini_f) { $cu_data->masadari = $month_ini_f; $cu_data->masapajak_bulan = $month_ini->format('M-Y'); } else { if ($max_masa != '') { $cu_data->masadari = date('d-m-Y', strtotime("{$max_masa} + 1 month")); $cu_data->masapajak_bulan = date('M-Y', strtotime($cu_data->masadari)); } else { $cu_data->masadari = $month_ini_f; $cu_data->masapajak_bulan = $month_ini->format('M-Y'); } } echo json_encode($cu_data); } }
$have_error = true; } if ($_POST['profile_agree'] != "yes") { $error .= __("You must agree to the terms and conditions to register.<br />", rb_login_TEXTDOMAIN); $have_error = true; } // Bug Free! if ($have_error == false) { $new_user = wp_insert_user($userdata); $new_user_type = $_POST['profile_type']; // Model or Client update_user_meta($new_user, 'rb_login_interact_profiletype', $new_user_type); // Log them in if no confirmation required. if ($rb_login_option_registerconfirm == 1) { global $error; $login = wp_login($user_login, $user_pass); $login = wp_signon(array('user_login' => $user_login, 'user_password' => $user_pass, 'remember' => 1), false); } // Notify admin and user wp_new_user_notification($new_user, $user_pass); } // Log them in if no confirmation required. if ($rb_login_option_registerconfirm == 1) { if ($login) { header("Location: " . get_bloginfo("wpurl") . "/dashboard/"); } } } // *************************************************************************************************** // // Prepare Page get_header();
function get_cu() { $c_id = $this->uri->segment(4); $cu_id = $this->uri->segment(5); $u_id = $this->uri->segment(6); // param untuk wp_login (opsional di menu default) $model = $this->load->model('pad_model'); if (!wp_login()) { $rows = $model->sptpd_get_cu($c_id); } else { $rows = $model->sptpd_get_cu($c_id, $u_id); } $usaha = ''; $cu_data = new stdClass(); if ($rows) { $cu_data->customer_id = $rows[0]->customer_id; $cu_data->nama = $rows[0]->nama; $cu_data->npwpd = $rows[0]->npwpd; $cu_data->so = $rows[0]->so; $cu_data->konterid = $rows[0]->konterid; $cu_data->air_zona_id = $rows[0]->air_zona_id; $cu_data->air_manfaat_id = $rows[0]->air_manfaat_id; $cu_data->wpnama = $rows[0]->wpnama; $cu_data->wpalamat = $rows[0]->wpalamat; $selected = "selected"; foreach ($rows as $row) { if ($cu_id == $row->customer_usaha_id) { $usaha .= "<option value={$row->customer_usaha_id} selected>{$row->nama}</option>"; } else { $usaha .= "<option value={$row->customer_usaha_id}>{$row->nama}</option>"; } } $cu_data->usaha = $usaha; echo json_encode($cu_data); } }
function shipme_do_login_scr() { /*do_action( 'login_enqueue_scripts' ); do_action( 'login_head' ); do_action('login_footer'); */ global $wpdb, $error, $wp_query; if (!is_array($wp_query->query_vars)) { $wp_query->query_vars = array(); } $action = $_REQUEST['action']; $error = ''; nocache_headers(); header('Content-Type: ' . get_bloginfo('html_type') . '; charset=' . get_bloginfo('charset')); if (defined('RELOCATE')) { // Move flag is set if (isset($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) { $_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF']); } $schema = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ? 'https://' : 'http://'; if (dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_settings('siteurl')) { update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'])); } } do_action('login_init'); do_action('login_form_' . $action); switch ($_REQUEST["action"]) { //logout case "logout": wp_clearcookie(); if (get_option("jk_logout_redirect_to")) { $redirect_to = get_option("jk_logout_redirect_to"); } else { $redirect_to = "wp-login.php"; } do_action('wp_logout'); nocache_headers(); if (isset($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; } wp_redirect(get_bloginfo('siteurl')); exit; break; //lost lost password //lost lost password case 'lostpassword': case 'retrievepassword': $http_post = 'POST' == $_SERVER['REQUEST_METHOD']; if ($http_post) { $errors = my_retrieve_password(); if (!is_wp_error($errors)) { $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm'; wp_safe_redirect($redirect_to); exit; } } if (isset($_GET['error']) && 'invalidkey' == $_GET['error']) { $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.', 'shipme')); } $redirect_to = apply_filters('lostpassword_redirect', !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : ''); do_action('lost_password'); $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : ''; global $real_ttl; $real_ttl = __("Retrieve Password", 'shipme'); add_filter('wp_title', 'shipme_sitemile_filter_ttl', 10, 3); get_header(); ?> <div class="container_ship_no_bk margin_top_40"> <ul class="virtual_sidebar"> <li class="widget-container widget_text"><h3 class="widget-title"><?php _e("Retrieve Password", 'shipme'); ?> - <?php echo get_bloginfo('name'); ?> </h3> <div class="my-only-widget-content "> <?php if (isset($errors) && isset($_POST['action'])) { ?> <div class="bam_bam"> <div class="error"> <ul> <?php $me = $errors->get_error_messages(); foreach ($me as $mm) { echo "<li>" . $mm . "</li>"; } ?> </ul> </div> </div> <?php } ?> <div class="login-submit-form"> <form name="lostpass" action="<?php echo esc_url(site_url('wp-login.php?action=lostpassword', 'login_post')); ?> " method="post" id="lostpass"> <p><?php _e('Please enter your information here. We will send you a new password.', 'shipme'); ?> </p> <?php if ($error) { echo "<div id='login_error'>{$error}</div>"; } ?> <input type="hidden" name="action" value="retrievepassword" /> <p> <label><?php _e('Mobile Number or Email:', 'shipme'); ?> </label> <input type="text" class="do_input" name="user_login" id="user_login" value="" size="30" tabindex="1" /> </p> <?php do_action('lostpassword_form'); ?> <p><label> </label> <a href="" class="submit_bottom2" onClick="document.getElementById('lostpass').submit(); return false;"><i class="fa fa-check-circle"></i> <?php _e('Retrieve Password', 'shipme'); ?> </a> </p> </form> </div> <ul id="logins"> <li><a class="green_btn" href="<?php echo esc_url(home_url()); ?> /" title="<?php _e('Are you lost?', 'shipme'); ?> ">« <?php _e('Home', 'shipme'); ?> </a></li> <?php if (get_settings('users_can_register')) { ?> <li><a class="green_btn" href="<?php echo esc_url(site_url()); ?> /wp-login.php?action=register"><?php _e('Register', 'shipme'); ?> </a></li> <?php } ?> <li><a class="green_btn" href="<?php echo esc_url(site_url()); ?> /wp-login.php"><?php _e('Login', 'shipme'); ?> </a></li> </ul> </div> </li> </ul> </div> <?php get_footer(); die; break; case 'retrievepassword2': global $real_ttl; $real_ttl = __("Retrieve Error", 'shipme'); add_filter('wp_title', 'shipme_sitemile_filter_ttl', 10, 3); get_header(); $user_data = get_userdatabylogin($_POST['user_login']); // redefining user_login ensures we return the right case in the email $user_login = $user_data->user_login; $user_email = $user_data->user_email; if (!$user_email || $user_email != $_POST['email']) { ?> <div class="my_box3 breadcrumb-wrap"> <div class="box_title"><?php _e("Retrieve Error", 'shipme'); ?> - <?php echo get_bloginfo('name'); ?> </div> <div class="box_content"> <br/><br/> <?php echo sprintf(__('Sorry, that user does not seem to exist in our database. Perhaps you have the wrong Mobile Number or e-mail address? <a href="%s">Try again</a>.', 'shipme'), 'wp-login.php?action=lostpassword'); ?> <br/><br/> </div></div> <?php get_footer(); die; } do_action('retreive_password', $user_login); // Misspelled and deprecated. do_action('retrieve_password', $user_login); // Generate something random for a password... md5'ing current time with a rand salt $key = substr(md5(uniqid(current_time('timestamp', 0))), 0, 50); // now insert the new pass md5'd into the db $wpdb->query("UPDATE {$wpdb->users} SET user_activation_key = '{$key}' WHERE user_login = '******'"); $message = __('Someone has asked to reset the password for the following site and username.', 'shipme') . "\r\n\r\n"; $message .= get_option('siteurl') . "\r\n\r\n"; $message .= sprintf(__('Mobile Number: %s', 'shipme'), $user_login) . "\r\n\r\n"; $message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.', 'shipme') . "\r\n\r\n"; $message .= get_settings('siteurl') . "/wp-login.php?action=resetpass&key={$key}\r\n"; $m = wp_mail($user_email, sprintf(__('[%s] Password Reset', 'shipme'), get_settings('blogname')), $message); echo get_option("jk_login_after_head_html"); echo " <div id=\"login\">\n"; if ($m == false) { echo "<h1>" . __("There Was a Problem", 'shipme') . "</h1>"; echo '<p>' . __('The e-mail could not be sent.', 'shipme') . "<br />\n"; echo __('Possible reason: your host may have disabled the mail() function...', 'shipme') . "</p>"; } else { echo "<h1>Success!</h1>"; echo '<p>' . sprintf(__("The e-mail was sent successfully to %s's e-mail address.", 'shipme'), $user_login) . '<br />'; echo "<a href='wp-login.php' title='" . __('Check your e-mail first, of course', 'shipme') . "'>" . __('Click here to login!', 'shipme') . '</a></p>'; } echo " </div>\n"; echo '</div></div></div>'; get_footer(); die; break; //reset password //reset password case 'rp': global $real_ttl; $real_ttl = __("Key Not Valid", 'shipme'); add_filter('wp_title', 'shipme_sitemile_filter_ttl', 10, 3); get_header(); //_get_whole_menu(); echo '<div class="my_box3 breadcrumb-wrap"> <div class="padd10">'; echo " <div id=\"login\">\n"; // Generate something random for a password... md5'ing current time with a rand salt $key = preg_replace('/a-z0-9/i', '', $_GET['key']); if (empty($key)) { _e('<h1>Problem</h1>', 'shipme'); _e('Sorry, that key does not appear to be valid.', 'shipme'); echo " </div>\n"; echo '</div></td></tr></table></div></div>'; get_footer(); die; } $user = $wpdb->get_row("SELECT * FROM {$wpdb->users} WHERE user_activation_key = '{$key}'"); if (!$user) { _e('<h1>Problem</h1>', 'shipme'); _e('Sorry, that key does not appear to be valid.', 'shipme'); echo " </div>\n"; echo '</div></div>'; get_footer(); die; } do_action('password_reset'); $new_pass = substr(md5(uniqid(current_time('timestamp', 0))), 0, 7); $wpdb->query("UPDATE {$wpdb->users} SET user_pass = MD5('{$new_pass}'), user_activation_key = '' WHERE user_login = '******'"); wp_cache_delete($user->ID, 'users'); wp_cache_delete($user->user_login, 'userlogins'); $message = sprintf(__('Mobile Number: %s', 'shipme'), $user->user_login) . "\r\n"; $message .= sprintf(__('Password: %s', 'shipme'), $new_pass) . "\r\n"; $message .= get_settings('siteurl') . "/wp-login.php\r\n"; $m = wp_mail($user->user_email, sprintf(__('[%s] Your new password', 'shipme'), get_settings('blogname')), $message); if ($m == false) { echo __('<h1>Problem</h1>', 'shipme'); echo '<p>' . __('The e-mail could not be sent.', 'shipme') . "<br />\n"; echo __('Possible reason: your host may have disabled the mail() function...', 'shipme') . '</p>'; } else { echo __('<h1>Success!</h1>', 'shipme'); echo '<p>' . sprintf(__('Your new password is in the mail.', 'shipme'), $user_login) . '<br />'; echo "<a href='wp-login.php' title='" . __('Check your e-mail first, of course', 'shipme') . "'>" . __('Click here to login!', 'shipme') . '</a></p>'; // send a copy of password change notification to the admin $message = sprintf(__('Password Lost and Changed for user: %s', 'shipme'), $user->user_login) . "\r\n"; wp_mail(get_settings('admin_email'), sprintf(__('[%s] Password Lost/Change', 'shipme'), get_settings('blogname')), $message); } echo " </div>\n"; echo '</div></div></div>'; get_footer(); die; break; //login and default action //login and default action case 'login': default: //check credentials - 99% of this is identical to the normal wordpress login sequence as of 2.0.4 //Any differences will be noted with end of line comments. $user_login = ''; $user_pass = ''; $using_cookie = false; /** * this is what the code was * if ( !isset( $_REQUEST['redirect_to'] ) ) * $redirect_to = 'wp-admin/'; * else * $redirect_to = $_REQUEST['redirect_to']; */ if (empty($_REQUEST['redirect_to'])) { $redirect_to = get_permalink(get_option('shipme_account_page_id')); } else { $redirect_to = $_REQUEST['redirect_to']; } if (empty($redirect_to)) { $redirect_to = get_permalink(get_option('shipme_account_page_id')); } //print_r($_REQUEST); // $redirect_to; //exit; if (isset($_SESSION['redirect_me_back'])) { $redirect_to = $_SESSION['redirect_me_back']; } if ($_POST) { $user_login = $_POST['log']; $user_login = sanitize_user($user_login); $user_pass = $_POST['pwd']; $rememberme = $_POST['rememberme']; } else { if (function_exists('wp_get_cookie_login')) { $cookie_login = wp_get_cookie_login(); if (!empty($cookie_login)) { $using_cookie = true; $user_login = $cookie_login['login']; $user_pass = $cookie_login['password']; } } elseif (!empty($_COOKIE)) { if (!empty($_COOKIE[USER_COOKIE])) { $user_login = $_COOKIE[USER_COOKIE]; } if (!empty($_COOKIE[PASS_COOKIE])) { $user_pass = $_COOKIE[PASS_COOKIE]; $using_cookie = true; } } } do_action('wp_authenticate', $user_login, $user_pass); if ($user_login && $user_pass) { $user = new WP_User(0, $user_login); // If the user can't edit posts, send them to their profile. //if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' ) ) // $redirect_to = get_settings('siteurl') . '/' . 'my-account'; if (wp_login($user_login, $user_pass, $using_cookie)) { if (!$using_cookie) { wp_setcookie($user_login, $user_pass, false, '', '', $rememberme); } do_action('wp_login', $user_login); wp_redirect($redirect_to); exit; } else { if ($using_cookie) { $error = __('Your session has expired.', 'shipme'); } } } else { if ($user_login || $user_pass) { $error = __('<strong>Error</strong>: The password field is empty.', 'shipme'); } } global $real_ttl; $real_ttl = __("Login", 'shipme'); add_filter('wp_title', 'shipme_sitemile_filter_ttl', 10, 3); get_header(); ?> <div class="container_ship_no_bk margin_top_40"> <ul class="virtual_sidebar"> <li class="widget-container widget_text"><h3 class="widget-title"><?php _e("Login", 'shipme'); ?> - <?php echo get_bloginfo('name'); ?> </h3> <div class="my-only-widget-content "> <?php if (isset($_GET['checkemail']) && $_GET['checkemail'] == "confirm") { ?> <div class="check-email-div"><div class="padd10"> <?php _e('We have sent a confirmation message to your email address.<br/> Please follow the instructions in the email and get back to this page.', 'shipme'); ?> </div></div> <?php } ?> <?php if (!empty($error)) { ?> <div class="bam_bam"><div class="error"><ul> <?php echo "<li>{$error}</li>"; ?> </ul> </div></div> <?php } ?> <div class="login-submit-form"> <form name="loginform" id="loginform" action="<?php echo esc_url(site_url('wp-login.php', 'login_post')); ?> " method="post"> <p><label><?php _e('Mobile Number:', 'shipme'); ?> </label> <input class="do_input" type="text" name="log" id="log" value="<?php echo esc_html(stripslashes($user_login), 1); ?> " size="30" /> </p> <p><label><?php _e('Password:'******'shipme'); ?> </label> <input class="do_input" type="password" name="pwd" id="login_password" value="" size="30" /> </p> <p><label> </label> <input class="do_input" name="rememberme" type="checkbox" id="rememberme" value="true" tabindex="3" /> <?php _e('Keep me logged in', 'shipme'); ?> </p> <?php do_action('login_form'); ?> <input type="hidden" name="testcookie" value="1" /> <p><label> </label> <a href="#" class="submit_bottom2" onClick="document.getElementById('loginform').submit();" ><i class="fa fa-check-circle"></i> <?php _e('Sign in', 'shipme'); ?> </a> <input type="hidden" name="redirect_to" value="<?php echo $_GET['redirect_to']; ?> " /> </p> </form> <ul id="logins"> <li><a class="green_btn" href="<?php echo esc_url(home_url()); ?> /" title="<?php _e('Are you lost?', 'shipme'); ?> ">« <?php _e('Home', 'shipme'); ?> </a></li> <?php if (get_settings('users_can_register')) { ?> <li><a class="green_btn" href="<?php echo esc_url(site_url()); ?> /wp-login.php?action=register"><?php _e('Register', 'shipme'); ?> </a></li> <?php } ?> <!-- <li><a class="green_btn" href="<?php //echo esc_url( site_url() ); ?> /wp-login.php?action=lostpassword" title="<?php //_e('Password Lost and Found','shipme') ?> "><?php _e('Lost your password?', 'shipme'); ?> </a></li>--> </ul> </div> </div> </li> </ul> </div> <?php get_footer(); die; break; } }
function xpress_login(){ global $current_user; global $xoopsModule,$xoopsUser,$xoopsUserIsAdmin; if(is_object($xoopsUser)){ $u_name = $xoopsUser->getVar("uname"); $u_pass_md5 = $xoopsUser->getVar("pass"); if ( ! empty($u_name) && ! empty($u_pass_md5) ) { include_once dirname( __FILE__ ).'/user_sync_xoops.php'; repair_user_meta_prefix(); //Repair when data base prefix is changed on XOOPS side $messege = ''; $ret = user_sync_to_wordpress($xoopsUser->getVar("uid"),$messege); if ($ret){ $user = new WP_User(0, $u_name); if ( wp_login($u_name, $u_pass_md5) ) { wp_setcookie($u_name, $u_pass_md5, true, '', '', false); do_action('wp_login', $u_name); wp_set_current_user($user->ID); return true; } } } } if ( ! empty($current_user) ){ wp_set_current_user(0); wp_logout(); wp_clear_auth_cookie(); } return false; }
/** * Create a new WordPress user with the specified identity URL and user data. * * @param string $identity_url OpenID to associate with the newly * created account * @param array $user_data array of user data */ function openid_create_new_user($identity_url, &$user_data) { global $wpdb; // Identity URL is new, so create a user @include_once( ABSPATH . 'wp-admin/upgrade-functions.php'); // 2.1 @include_once( ABSPATH . WPINC . '/registration-functions.php'); // 2.0.4 // otherwise, try to use preferred username if ( empty($username) && array_key_exists('nickname', $user_data) ) { $username = openid_generate_new_username($user_data['nickname'], false); } // finally, build username from OpenID URL if (empty($username)) { $username = openid_generate_new_username($identity_url); } $user_data['user_login'] = $username; $user_data['user_pass'] = substr( md5( uniqid( microtime() ) ), 0, 7); $user_id = wp_insert_user( $user_data ); if( $user_id ) { // created ok $user_data['ID'] = $user_id; // XXX this all looks redundant, see openid_set_current_user $user = new WP_User( $user_id ); if( ! wp_login( $user->user_login, $user_data['user_pass'] ) ) { openid_message(__('User was created fine, but wp_login() for the new user failed. This is probably a bug.', 'openid')); openid_status('error'); openid_error(openid_message()); return; } // notify of user creation wp_new_user_notification( $user->user_login ); wp_clearcookie(); wp_setcookie( $user->user_login, md5($user->user_pass), true, '', '', true ); // Bind the provided identity to the just-created user openid_add_user_identity($user_id, $identity_url); openid_status('redirect'); if ( !$user->has_cap('edit_posts') ) $redirect_to = '/wp-admin/profile.php'; } else { // failed to create user for some reason. openid_message(__('OpenID authentication successful, but failed to create WordPress user. This is probably a bug.', 'openid')); openid_status('error'); openid_error(openid_message()); } }
function podPress_validateLogin() { global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user; if (defined('XMLRPC_REQUEST') && XMLRPC_REQUEST) { return false; } $http_headers = getallheaders(); if (empty($http_headers['Authorization'])) { if (empty($http_headers['AUTHORIZATION'])) { podPress_requestLogin(); return false; } else { $http_headers['Authorization'] = stripslashes(stripslashes($http_headers['AUTHORIZATION'])); } } switch (PODPRESS_PREMIUM_METHOD) { case 'Digest': $data = podPress_http_digest_parse($http_headers['Authorization']); if (!$data) { die('Wrong Credentials!'); } $x = get_userdatabylogin($data['username']); $A1 = get_usermeta($x->ID, 'premiumcast_creds'); $A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $data['uri']); $valid_response = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $A2); if ($data['response'] == $valid_response) { $user_login = $data['username']; $authresult = wp_login($user_login, md5($x->user_pass), true); } break; case 'Basic': default: $authparts = podPress_http_basic_parse($http_headers['Authorization']); $user_login = $authparts['username']; $authresult = wp_login($user_login, $authparts['passwd']); break; } $podPress_x = $GLOBALS['wp_object_cache']->cache['userlogins'][$user_login]; if (is_object($GLOBALS['wp_object_cache']->cache['userlogins'][$user_login])) { if ($podPress_x->wp_capabilities['premium_subscriber'] != 1 && $podPress_x->wp20_capabilities['premium_subscriber'] != 1) { $authresult = false; } } else { if ($GLOBALS['wp_object_cache']->cache['users'][$podPress_x]->wp_capabilities['premium_subscriber'] != 1 && $GLOBALS['wp_object_cache']->cache['users'][$podPress_x]->wp20_capabilities['premium_subscriber'] != 1) { $authresult = false; } } unset($podPress_x); if (!$authresult) { podPress_requestLogin(); return false; $current_user = new WP_User(0); return false; } $userdata = get_userdatabylogin($user_login); $user_level = $userdata->user_level; $user_ID = $userdata->ID; $user_email = $userdata->user_email; $user_url = $userdata->user_url; $user_pass_md5 = md5($userdata->user_pass); $user_identity = $userdata->display_name; define('PODPRESS_PREMIUMLOGIN', $user_login); define('PODPRESS_PREMIUMID', $userdata->ID); if (empty($current_user)) { $current_user = new WP_User($user_ID); } }
/** * WPMRegisterExisting * Registers existing user to a membership level * @param array $data User data array * @param string $wpm_errmsg Passed by reference, we save the error message here * @param boolean $send_welcome_email True to send registration email or not * @param boolean $notifyadmin True to notify admin via email of this registration * @return integer|boolean User ID on success or false on error */ function WPMRegisterExisting($data, &$wpm_errmsg, $send_welcome_email = true, $notifyadmin = true, $special_bypass = false) { /* include the required WordPress functions */ require_once ABSPATH . 'wp-admin/includes/user.php'; /* load the membership levels */ $wpm_levels = $this->GetOption('wpm_levels'); /* set blacklist to zero */ $blacklist = 0; /* Check if for approval registration */ $is_forapproval = $this->IsForApprovalRegistration($data['wpm_id']); if ($is_forapproval) { $wpm_newid = time(); sleep(1); $pendingstatus = "Registered For Approval"; if ($is_forapproval['name'] == "PinPayments") { $data['sctxnid'] = "SP-" . $data['wpm_id'] . "-" . $wpm_newid; $pendingstatus = "Pin Payments Confirmation"; } $data['wpm_id'] = $is_forapproval["level"]; $registered_by_admin = false; } /* check if the user is valid */ if (true === wlm_admin_in_admin() || true === $special_bypass) { $validuser = username_exists($data['username']); if (!$validuser) { $validuser = email_exists($data['email']); $user_info = get_userdata($validuser); $data['username'] = $user_info->user_login; } $data['password'] = __('Already assigned', 'wishlist-member'); } else { $validuser = wp_login($data['username'], $data['password']); } if ($validuser) { $user = $this->Get_UserData(0, $data['username']); /* check for blacklist status */ $blacklist = $this->CheckBlackList($user->user_email); /* load user's Membership Levels */ $levels = $this->GetMembershipLevels($user->ID); /* check if the member is already registered to the level */ $inlevel = in_array($data['wpm_id'], $levels); /* * if member is already in level, check if he's expired and if so, * check if level is configured to reset registration for expired * level re-registration */ if ($inlevel) { $expired = $this->LevelExpired($data['wpm_id'], $user->ID); $resetexpired = $wpm_levels[$data['wpm_id']]['registrationdatereset'] == 1; /* if expired and level allows re-registration then set inlevel to false */ if ($expired && $resetexpired) { $inlevel = false; } $cancelled = $this->LevelCancelled($data['wpm_id'], $user->ID); $resetcancelled = $wpm_levels[$data['wpm_id']]['uncancelonregistration'] == 1; /* if expired and level allows re-registration then set inlevel to false */ if ($cancelled && $resetcancelled) { $inlevel = false; } $repeat_registration = false; if (defined('WLM_ALLOW_REPEAT_REGISTRATION')) { $inlevel = false; $repeat_registration = true; } } } /* validate if not blacklisted */ if ($blacklist) { switch ($blacklist) { case 1: $wpm_errmsg = $this->GetOption('blacklist_email_message'); break; case 2: $wpm_errmsg = $this->GetOption('blacklist_ip_message'); break; case 3: $wpm_errmsg = $this->GetOption('blacklist_email_ip_message'); break; } return false; } /* validate if a valid user */ if (!$validuser) { $wpm_errmsg = __('Invalid username and/or password.', 'wishlist-member'); return false; } /* validate if not in level */ if ($inlevel) { $wpm_errmsg = __('You are already registered to this level.', 'wishlist-member'); return false; } /* validate if reCaptcha is OK */ if (!$this->reCaptchaResponse()) { $wpm_errmsg = __('The reCAPTCHA wasn\'t entered correctly. Go back and try it again', 'wishlist-member'); return false; } /* * we check if there's a "need for admin approval" or "email confirmation" * in the level settings, if yes, then add a flag that will delay member from being added to AR * until all these flags are cleared */ $pendingautoresponder = array(); if ($wpm_levels[$data['wpm_id']]['requireadminapproval'] && !$registered_by_admin) { $pendingautoresponder[] = 'autoresponder_add_pending_admin_approval'; } if ($wpm_levels[$data['wpm_id']]['requireemailconfirmation'] && !$registered_by_admin) { $pendingautoresponder[] = 'autoresponder_add_pending_email_confirmation'; } /* set membership levels */ $levels[] = $data['wpm_id']; $this->SetMembershipLevels($user->ID, $levels, $null, $null, $null, $null, $null, $pendingautoresponder); /* attach transaction_id to user and delete mergewith temporary user */ if ($data['mergewith']) { $mw = $this->Get_UserData($data['mergewith']); if ($mw->data->additional_levels) { $this->Update_UserMeta($user->ID, 'additional_levels', $mw->data->additional_levels); } if ($this->IsPPPLevel($data['wpm_id'])) { $clcntnt = substr($data['wpm_id'], 11); $clmeta = $this->Get_AllContentLevelMeta('U-' . $mw->ID, substr($data['wpm_id'], 11)); if ($clmeta) { foreach ($clmeta as $k => $v) { if (!$this->Add_ContentLevelMeta('U-' . $user->ID, $content_id, $k, $v)) { $this->Update_ContentLevelMeta('U-' . $user->ID, $content_id, $k, $v); } } } } else { foreach ((array) $this->GetMembershipLevelsTxnIDs($mw->ID) as $key => $val) { $this->SetMembershipLevelTxnID($user->ID, $key, $val); } $this->LevelCancelled($data['wpm_id'], $user->ID, false); } //unset($mw); wp_delete_user($data['mergewith']); } else { if ($this->IsPPPLevel($data['wpm_id'])) { $this->AddUserPostTransactionID($user->ID, substr($data['wpm_id'], 11), $data['sctxnid']); } else { if (!$repeat_registration) { $this->SetMembershipLevelTxnID($user->ID, $data['wpm_id'], $data['sctxnid']); } } } /* if expired and level allows re-registration, then reset timestamp */ if ($expired && $resetexpired) { $this->UserLevelTimestamp($user->ID, $data['wpm_id'], time()); } /* if cancelled and level is set to uncancel on re-registration, then uncancel */ if ($cancelled && $resetcancelled) { $txnid = $this->GetMembershipLevelsTxnID($user->ID, $data['wpm_id']); foreach ((array) $this->GetMembershipLevelsTxnIDs($user->ID, $txnid) as $level => $txnid) { $this->LevelCancelled($level, $user->ID, false); } } /* prepare email mergecodes */ $macros = array('[memberlevel]' => trim($wpm_levels[$data['wpm_id']]['name']), '[password]' => $data['password'], '[confirmurl]' => get_bloginfo('url') . '/index.php?wlmconfirm=' . $user->ID . '/' . md5($user->user_email . '__' . $user->user_login . '__' . $data['wpm_id'] . '__' . $this->GetAPIKey())); /* * doing a manual registration so we also * set the level's For Approval status if * the level is configured as such */ $level_for_approval = array((bool) ($wpm_levels[$data['wpm_id']]['requireadminapproval'] and !$registered_by_admin and !$data['mergewith']), (bool) ($wpm_levels[$data['wpm_id']]['requireadminapproval_integrations'] and $data['mergewith'])); if (in_array(true, $level_for_approval)) { $this->LevelForApproval($data['wpm_id'], $user->ID, true); //Send require admin approval email $this->send_email_template('require_admin_approval', $user->ID, $macros); $send_welcome_email = false; } if ($_COOKIE['wishlist_reg_cookie_manual']) { // send confirmation email (if so configured) if ($wpm_levels[$data['wpm_id']]['requireemailconfirmation']) { $this->LevelUnConfirmed($data['wpm_id'], $user->ID, true); $this->send_email_template('email_confirmation', $user->ID, $macros); $send_welcome_email = false; } } if (!is_null($pendingstatus) && !$registered_by_admin) { $this->LevelForApproval($data['wpm_id'], $user->ID, $pendingstatus); } /* add password */ $macros['[password]'] = $data['password']; /* and send the mail */ if ($send_welcome_email) { $this->send_email_template('registration', $user->ID, $macros); } if ($notifyadmin) { if ($this->GetOption('notify_admin_of_newuser')) { $admin_macros = $macros; if ($this->GetOption('mask_passwords_in_emails')) { $admin_macros['[password]'] = '********'; } $this->send_email_template('admin_new_member_notice', $user->ID, $admin_macros, $this->GetOption('newmembernotice_email_recipient')); } } // make sure sequential upgrade is enabled $this->IsSequential($user->ID, true); // delete the registration page security cookie $this->RegistrationCookie('x', $dummy); // wp multisite stuff if (function_exists('add_user_to_blog')) { if (!is_user_member_of_blog($user->ID)) { add_user_to_blog($GLOBALS['blog_id'], $user->ID, $wpm_levels[$data['wpm_id']]['role']); } } if (false === wlm_admin_in_admin()) { /* * we no longer save the password since WLM 2.8 */ // $this->SaveOption('xxxssapxxx-' . $user->ID, $data['password'], true); $this->WPMAutoLogin($user->ID); } /* we're done */ do_action('wishlistmember_user_registered', $user->ID, $data, $mw); return $user->ID; }
function auth_redirect() { // Checks if a user is logged in, if not redirects them to the login page if ( (!empty($_COOKIE['wordpressuser_' . COOKIEHASH]) && !wp_login($_COOKIE['wordpressuser_' . COOKIEHASH], $_COOKIE['wordpresspass_' . COOKIEHASH], true)) || (empty($_COOKIE['wordpressuser_' . COOKIEHASH])) ) { header('Expires: Wed, 11 Jan 1984 05:00:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Cache-Control: no-cache, must-revalidate, max-age=0'); header('Pragma: no-cache'); header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI'])); exit(); } }
function podPress_validateLogin() { global $wp_version, $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user, $podPress; if (defined('XMLRPC_REQUEST') && XMLRPC_REQUEST) { return false; } podPress_var_dump('############### podPress_validateLogin ###############'); $http_headers = getallheaders(); podPress_var_dump('$http_headers'); podPress_var_dump($http_headers); if (empty($http_headers['Authorization'])) { if (empty($http_headers['AUTHORIZATION'])) { if (empty($http_headers['REDIRECT_HTTP_AUTHORIZATION'])) { podPress_requestLogin(); return false; } else { $http_headers['Authorization'] = stripslashes(stripslashes($http_headers['REDIRECT_HTTP_AUTHORIZATION'])); } } else { $http_headers['Authorization'] = stripslashes(stripslashes($http_headers['AUTHORIZATION'])); } } switch ($podPress->settings['premiumMethod']) { case 'Digest': $data = podPress_http_digest_parse($http_headers['Authorization']); if (!$data) { die('Wrong Credentials!'); } if (version_compare($wp_version, '3.3', '>=')) { $x = get_user_by('login', $data['username']); } else { $x = get_userdatabylogin($data['username']); } if (version_compare($wp_version, '3.0', '>=')) { $A1 = get_user_meta($x->ID, 'premiumcast_creds', TRUE); } else { $A1 = get_usermeta($x->ID, 'premiumcast_creds'); } podPress_var_dump('$A1'); podPress_var_dump($A1); $A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $data['uri']); podPress_var_dump('$A2'); podPress_var_dump($_SERVER['REQUEST_METHOD'] . ':' . $data['uri']); podPress_var_dump($A2); $valid_response = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $A2); podPress_var_dump($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $A2); podPress_var_dump('$valid_response'); podPress_var_dump($valid_response); podPress_var_dump($data['response']); if ($data['response'] == $valid_response) { $user_login = $data['username']; $authresult = TRUE; } else { $authresult = FALSE; } break; case 'Basic': default: $authparts = podPress_http_basic_parse($http_headers['Authorization']); $user_login = $authparts['username']; if (version_compare($wp_version, '2.5', '<')) { $authresult = wp_login($user_login, $authparts['passwd']); } else { $creds = array(); $creds['user_login'] = $user_login; $creds['user_password'] = $authparts['passwd']; $creds['remember'] = true; $authresult = wp_signon($creds, false); } break; } podPress_var_dump('$authresult'); podPress_var_dump($authresult); if (isset($GLOBALS['wp_object_cache']->cache['userlogins'][$user_login])) { $podPress_x = $GLOBALS['wp_object_cache']->cache['userlogins'][$user_login]; } else { $podPress_x = 0; } if (is_object($podPress_x)) { if (isset($podPress_x->wp_capabilities['premium_subscriber']) and $podPress_x->wp_capabilities['premium_subscriber'] != 1 and isset($podPress_x->wp20_capabilities['premium_subscriber']) and $podPress_x->wp20_capabilities['premium_subscriber'] != 1) { $authresult = false; } } elseif (isset($GLOBALS['wp_object_cache']->cache['user_meta'][$podPress_x]) and is_array($GLOBALS['wp_object_cache']->cache['user_meta'][$podPress_x]) and is_array($GLOBALS['wp_object_cache']->cache['user_meta'][$podPress_x]['wp_capabilities'])) { podPress_var_dump('user_meta is object'); $user_has_cap = FALSE; foreach ($GLOBALS['wp_object_cache']->cache['user_meta'][$podPress_x]['wp_capabilities'] as $capability_str) { if (FALSE != stristr($capability_str, 'premium_subscriber')) { $user_has_cap = TRUE; break; } } if (FALSE === $user_has_cap) { $authresult = false; } } else { if (isset($GLOBALS['wp_object_cache']->cache['users'][$podPress_x]->wp_capabilities['premium_subscriber']) and $GLOBALS['wp_object_cache']->cache['users'][$podPress_x]->wp_capabilities['premium_subscriber'] != 1 and isset($GLOBALS['wp_object_cache']->cache['users'][$podPress_x]->wp20_capabilities['premium_subscriber']) and $GLOBALS['wp_object_cache']->cache['users'][$podPress_x]->wp20_capabilities['premium_subscriber'] != 1) { $authresult = false; } } unset($podPress_x); podPress_var_dump('$authresult'); podPress_var_dump($authresult); podPress_var_dump(isset($authresult->errors)); if (FALSE === $authresult or TRUE === isset($authresult->errors)) { podPress_requestLogin(); die('401 Unauthorized'); //~ return false; //~ $current_user = new WP_User(0); //~ return false; } if (version_compare($wp_version, '3.3', '>=')) { $userdata = get_user_by('login', $user_login); } else { $userdata = get_userdatabylogin($user_login); } $user_level = $userdata->user_level; $user_ID = $userdata->ID; $user_email = $userdata->user_email; $user_url = $userdata->user_url; $user_pass_md5 = md5($userdata->user_pass); $user_identity = $userdata->display_name; define('PODPRESS_PREMIUMLOGIN', $user_login); define('PODPRESS_PREMIUMID', $userdata->ID); if (empty($current_user)) { $current_user = new WP_User($user_ID); } }
/** * TT New User * Creates a new user with args passed through an array or string of arguments. Passing arguments works the same * as functions such as query_posts(). Params are show as variable names which you must use when passing args * NOTE: wp_nonce_field( 'register' ) must be used on the register form * * @Param: username [string] - The desired username for the new user * @Param: email [string] - The desired email address for the new user * @Param: use_password [bool] [default: false] - Whether to specify a password on registration * @Param: password [string] - If use_password is true, the desired password for the new user * @Param: use_tos [bool] [default: true] - Whether the user needs to accept Terms of Service * @Param: tos [string] - If use_tos is true, the value to the accept Terms of Service checkbox * @Param: unique_email [bool] [default: false] - Set to true if only one username is allowed per email address * @Param: do_redirect [bool] [default: true] Whether to redirect the user after registration is complete * @Param: redirect [string] [default: User Profile Page] - The url to redirect the user to after successful login * @Param: send_email [bool] [default: true] Whether to send an email containing the username and password of the newly registered user * @Param: profile_info [array] [dafault: false] An array containing values to be used in wp_update_user() such as first_name, last_name * @Param: validate [bool] [default: true] * @param: require_verify_email [bool] [default: false] Sends the user an email with a Activate Account link to activate their account * @param: override_nonce [bool] [default: false] Bypasses the nonce check, not recommended in most situations * @return: The ID of the newly registered user [on error returns error string] * @author: Joe Hoyle * @version 1.0 **/ function tja_new_user($args) { //Check the nonce field if ($args['override_nonce'] !== true) { check_admin_referer('register'); } if (is_user_logged_in()) { tj_error_message('You are already logged in', 'register'); return new WP_Error('already-logged-in'); } include_once ABSPATH . '/wp-includes/registration.php'; $checks = array('use_password' => false, 'tos' => '', 'use_tos' => true, 'unique_email' => false, 'do_redirect' => true, 'redirect' => '', 'send_email' => false); $defaults = array('user_login' => '', 'user_email' => '', 'user_pass' => false, 'role' => 'subscriber', 'validate' => true); $original_args = $args; $default_args = array_merge($defaults, $checks); //Strip any tags then may have been put into the array strip_tags((string) $args); $args = wp_parse_args($args, $default_args); extract($args, EXTR_SKIP); $validation = apply_filters('tja_registration_info', $args); unset($args['user_pass2']); unset($user_pass2); if ($validation['status'] === 'error' && $validate == true) { return $validation; } // Merge arrays overwritting defaults, remove any non-standard keys keys with empty values. $user_vars = array_filter(array_intersect_key(array_merge($defaults, $args), $defaults)); //Check for require_verify_email, send email and store temp data if ($require_verify_email) { $original_args['require_verify_email'] = false; $unverified_users = (array) get_option('unverified_users'); $unverified_users[time()] = $original_args; update_option('unverified_users', $unverified_users); $message = "Please click the link below to activate your account for " . get_bloginfo() . "\n \n"; $message .= '<a href="' . get_bloginfo('url') . '/login/?verify_email=' . $user_vars['user_email'] . '&key=' . time() . '">' . get_bloginfo('url') . '/login/?verify_email=' . $user_vars['user_email'] . '&key=' . time() . '</a>'; $headers = 'From: ' . get_bloginfo() . ' <noreply@' . get_bloginfo('url') . '>' . "\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1 \r\n\r\n"; wp_mail($user_vars['user_email'], 'Please activate your account for ' . get_bloginfo(), $message, $headers); return tj_return_success('sent-email-activation', '<p class="message success">You have been sent an activation email, please follow the link in the email sent to ' . $user_vars['user_email'] . '</p>'); } $user_id = wp_insert_user($user_vars); if ($role) { $user = new WP_User($user_id); $user->set_role($role); } // Get any remaining variable that were passed $meta_vars = array_diff_key($original_args, $defaults, $checks); foreach ((array) $meta_vars as $key => $value) { update_usermeta($user_id, $key, $value); } $user = get_userdata($user_id); //Send Notifcation email if specified if ($send_email == true) { $email = tja_email_registration_success($user, $user_pass); } //If they chose a password, login them in if ($use_password == 'true' && $user->ID > 0) { wp_login($user->user_login, $user_pass); wp_clearcookie(); wp_setcookie($user->user_login, $user_pass, false); } //Redirect the user if is set if ($redirect !== '' && $user->ID && $do_redirect == true) { wp_redirect($redirect); } return $user_id; }
/** * Create a new WordPress user with the specified identity URL and user data. * * @param string $identity_url OpenID to associate with the newly * created account * @param array $user_data array of user data */ function openid_create_new_user($identity_url, &$user_data) { global $wpdb; // Identity URL is new, so create a user @(include_once ABSPATH . 'wp-admin/upgrade-functions.php'); // 2.1 @(include_once ABSPATH . WPINC . '/registration-functions.php'); // 2.0.4 // use email address for username if URL is from emailtoid.net $username = $identity_url; if (null != $_SESSION['openid_login_email'] and strpos($username, 'http://emailtoid.net/') == 0) { if ($user_data['user_email'] == NULL) { $user_data['user_email'] = $_SESSION['openid_login_email']; } $username = $_SESSION['openid_login_email']; unset($_SESSION['openid_login_email']); } $user_data['user_login'] = $wpdb->escape(openid_generate_new_username($username)); $user_data['user_pass'] = substr(md5(uniqid(microtime())), 0, 7); $user_id = wp_insert_user($user_data); if ($user_id) { // created ok $user_data['ID'] = $user_id; // XXX this all looks redundant, see openid_set_current_user $user = new WP_User($user_id); if (!wp_login($user->user_login, $user_data['user_pass'])) { openid_message(__('User was created fine, but wp_login() for the new user failed. This is probably a bug.', 'openid')); openid_action('error'); openid_error(openid_message()); return; } // notify of user creation wp_new_user_notification($user->user_login); wp_clearcookie(); wp_setcookie($user->user_login, md5($user->user_pass), true, '', '', true); // Bind the provided identity to the just-created user openid_add_user_identity($user_id, $identity_url); openid_status('redirect'); if (!$user->has_cap('edit_posts')) { $redirect_to = '/wp-admin/profile.php'; } } else { // failed to create user for some reason. openid_message(__('OpenID authentication successful, but failed to create WordPress user. This is probably a bug.', 'openid')); openid_status('error'); openid_error(openid_message()); } }
function auth_redirect() { // Checks if a user is logged in, if not redirects them to the login page if (!empty($_COOKIE[USER_COOKIE]) && !wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) || empty($_COOKIE[USER_COOKIE])) { nocache_headers(); header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI'])); exit; } }
} else { $cookie_login = wp_get_cookie_login(); if (!empty($cookie_login)) { $using_cookie = true; $user_login = $cookie_login['login']; $user_pass = $cookie_login['password']; } } do_action('wp_authenticate', array(&$user_login, &$user_pass)); if ($user_login && $user_pass) { $user = new WP_User(0, $user_login); // If the user can't edit posts, send them to their profile. if (!$user->has_cap('edit_posts') && (empty($redirect_to) || $redirect_to == 'wp-admin/')) { $redirect_to = get_settings('siteurl') . '/wp-admin/profile.php'; } if (wp_login($user_login, $user_pass, $using_cookie)) { if (!$using_cookie) { wp_setcookie($user_login, $user_pass, false, '', '', $rememberme); } do_action('wp_login', $user_login); wp_safe_redirect($redirect_to); exit; } else { if ($using_cookie) { $error = __('Your session has expired.'); } } } else { if ($user_login || $user_pass) { $error = __('<strong>Error</strong>: The password field is empty.'); }
/** * Creates a new user with args passed through an array or string of arguments. * * wp_nonce_field( 'register' ) must be used on the register form * * @param: username [string] - The desired username for the new user * @param: email [string] - The desired email address for the new user * @param: use_password [bool] [default: false] - Whether to specify a password on registration * @param: password [string] - If use_password is true, the desired password for the new user * @param: use_tos [bool] [default: true] - Whether the user needs to accept Terms of Service * @param: tos [string] - If use_tos is true, the value to the accept Terms of Service checkbox * @param: unique_email [bool] [default: false] - Set to true if only one username is allowed per email address * @param: do_redirect [bool] [default: true] Whether to redirect the user after registration is complete * @param: redirect [string] [default: User Profile Page] - The url to redirect the user to after successful login * @param: send_email [bool] [default: true] Whether to send an email containing the username and password of the newly registered user * @param: profile_info [array] [dafault: false] An array containing values to be used in wp_update_user() such as first_name, last_name * @param: validate [bool] [default: true] * @param: require_verify_email [bool] [default: false] Sends the user an email with a Activate Account link to activate their account * @param: override_nonce [bool] [default: false] Bypasses the nonce check, not recommended in most situations * * @return: Int ID, the ID of the newly registered user [on error returns error string] or WP_Error */ function hma_new_user($args) { if (is_user_logged_in()) { hm_error_message('You are already logged in', 'register'); return new WP_Error('already-logged-in'); } $checks = array('use_password' => false, 'tos' => '', 'use_tos' => true, 'unique_email' => false, 'do_redirect' => true, 'do_login' => false, 'redirect' => '', 'send_email' => false, 'override_nonce' => false); $defaults = array('user_login' => '', 'user_email' => '', 'user_pass' => false, 'role' => 'subscriber', 'validate' => true); $original_args = $args; $default_args = array_merge($defaults, $checks); $args = wp_parse_args($args, $default_args); extract($args, EXTR_SKIP); $validation = apply_filters('hma_registration_info', $args); unset($args['user_pass2']); unset($original_args['user_pass2']); unset($user_pass2); if (is_wp_error($validation) && $validate == true) { return $validation; } // Merge arrays overwritting defaults, remove any non-standard keys keys with empty values. $user_vars = array_filter(array('user_login' => $user_login, 'user_pass' => $user_pass, 'user_email' => $user_email, 'display_name' => $display_name)); // Check for require_verify_email, send email and store temp data if ($require_verify_email) { $original_args['require_verify_email'] = false; $unverified_users = (array) get_option('unverified_users'); $unverified_users[time()] = $original_args; update_option('unverified_users', $unverified_users); $message = "Please click the link below to activate your account for " . get_bloginfo() . "\n \n"; $message .= '<a href="' . get_bloginfo('url') . '/login/?verify_email=' . $user_vars['user_email'] . '&key=' . time() . '">' . get_bloginfo('url') . '/login/?verify_email=' . $user_vars['user_email'] . '&key=' . time() . '</a>'; $headers = 'From: ' . get_bloginfo() . ' <noreply@' . get_bloginfo('url') . '>' . "\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1 \r\n\r\n"; wp_mail($user_vars['user_email'], 'Please activate your account for ' . get_bloginfo(), $message, $headers); return hm_return_success('sent-email-activation', '<p class="message success">You have been sent an activation email, please follow the link in the email sent to ' . $user_vars['user_email'] . '</p>'); } $user_id = wp_insert_user($user_vars); if (!$user_id || is_wp_error($user_id)) { return $user_id; } // Setup the users role if ($role) { $user = new WP_User($user_id); $user->set_role($role); } // Get any remaining variable that were passed $meta_vars = array_diff_key($original_args, $defaults, $checks, $user_vars); foreach ((array) $meta_vars as $key => $value) { if (hma_is_profile_field($key) || !hma_custom_profile_fields()) { update_user_meta($user_id, $key, $value); } } $user = get_userdata($user_id); // Send Notifcation email if specified if ($send_email) { $email = hma_email_registration_success($user, $user_pass); } // If they chose a password, login them in if (($use_password == 'true' || $do_login == true) && !empty($user->ID)) { wp_login($user->user_login, $user_pass); wp_clearcookie(); wp_setcookie($user->user_login, $user_pass, false); do_action('wp_login', $user->user_login); wp_set_current_user($user->ID); } // Redirect the user if is set if ($redirect !== '' && !empty($user->ID) && $do_redirect == true) { wp_redirect($redirect); exit; } do_action('hma_registered_user', $user); return $user_id; }
function create_new_user($identity_url, &$oid_user_data) { global $wpdb; // Identity URL is new, so create a user with md5()'d password @(include_once ABSPATH . 'wp-admin/upgrade-functions.php'); // 2.1 @(include_once ABSPATH . WPINC . '/registration-functions.php'); // 2.0.4 $oid_user_data['user_login'] = $wpdb->escape($this->generate_new_username($identity_url)); $oid_user_data['user_pass'] = substr(md5(uniqid(microtime())), 0, 7); $user_id = wp_insert_user($oid_user_data); $this->core->log->debug("wp_create_user( {$oid_user_data} ) returned {$user_id} "); if ($user_id) { // created ok $oid_user_data['ID'] = $user_id; $this->core->log->debug("OpenIDConsumer: Created new user {$user_id} : {$username} and metadata: " . var_export($oid_user_data, true)); $user = new WP_User($user_id); if (!wp_login($user->user_login, $oid_user_data['user_pass'])) { $this->error = 'User was created fine, but wp_login() for the new user failed. ' . 'This is probably a bug.'; $this->action = 'error'; $this->core->log->err($this->error); return; } // notify of user creation wp_new_user_notification($user->user_login); wp_clearcookie(); wp_setcookie($user->user_login, md5($user->user_pass), true, '', '', true); // Bind the provided identity to the just-created user global $userdata; $userdata = get_userdata($user_id); $this->store->insert_identity($identity_url); $this->action = 'redirect'; if (!$user->has_cap('edit_posts')) { $redirect_to = '/wp-admin/profile.php'; } } else { // failed to create user for some reason. $this->error = 'OpenID authentication successful, but failed to create WordPress user. ' . 'This is probably a bug.'; $this->action = 'error'; $this->core->log->error($this->error); } }
<?php require_once '../../../../../../wp-config.php'; // prevent direct access from users not logged in if (!empty($_COOKIE[USER_COOKIE]) && !wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) || empty($_COOKIE[USER_COOKIE])) { nocache_headers(); header('Location: ' . get_settings('siteurl') . '/wp-login.php'); die; } nocache_headers(); $KMConfig = get_settings('king-filemanager'); $MY_DOCUMENT_ROOT = $KMConfig['document_root'] . '/'; //'/www/htdocs/../wp-content/upload'; $MY_BASE_URL = $KMConfig['download_url']; //'http://www.url.de/wp-content/upload'; $MY_URL_TO_OPEN_FILE = $KMConfig['download_url']; //'http://www.url.de/wp-content/upload'; $MY_ALLOW_EXTENSIONS = explode(',', $KMConfig['allowed_ext']); $MY_DENY_EXTENSIONS = explode(',', $KMConfig['deny_ext']); $MY_LIST_EXTENSIONS = explode(',', $KMConfig['allowed_ext']); $MY_MAX_FILE_SIZE = $KMConfig['max_file_size']; $MY_DATETIME_FORMAT = $KMConfig['dateformat']; $MY_LANG = $KMConfig['language']; $MY_CHARSET = get_settings('blog_charset'); //get blog charset $MY_ALLOW_CREATE = true; $MY_ALLOW_DELETE = true; $MY_ALLOW_RENAME = true; $MY_ALLOW_MOVE = true; $MY_ALLOW_UPLOAD = true; $MY_NAME = 'insertfiledialog';
function check_ajax_referer() { $cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie foreach ($cookie as $tasty) { if (false !== strpos($tasty, USER_COOKIE)) { $user = urldecode(substr(strstr($tasty, '='), 1)); } // Nasty double encoding if (false !== strpos($tasty, PASS_COOKIE)) { $pass = urldecode(substr(strstr($tasty, '='), 1)); } } if (wp_login($user, $pass, true)) { return true; } return false; }
function widget_sidebarLogin_check() { // Are we doing a sidebar login action? if ($_POST['sidebarLogin_posted']) { $user_login = ''; $user_pass = ''; $using_cookie = FALSE; if ($_POST) { $user_login = $_POST['log']; $user_login = sanitize_user($user_login); $user_pass = $_POST['pwd']; $rememberme = $_POST['rememberme']; } else { $cookie_login = wp_get_cookie_login(); if (!empty($cookie_login)) { $using_cookie = true; $user_login = $cookie_login['login']; $user_pass = $cookie_login['password']; } } do_action_ref_array('wp_authenticate', array(&$user_login, &$user_pass)); // If cookies are disabled we can't log in even with a valid user+pass if ($_POST && empty($_COOKIE[TEST_COOKIE])) { $errors['test_cookie'] = __('<strong>ERROR</strong>: WordPress requires Cookies but your browser does not support them or they are blocked.'); } if ($user_login && $user_pass && empty($errors)) { $user = new WP_User(0, $user_login); if (wp_login($user_login, $user_pass, $using_cookie)) { if (!$using_cookie) { wp_setcookie($user_login, $user_pass, false, '', '', $rememberme); } do_action('wp_login', $user_login); wp_safe_redirect("http://" . $_SERVER["SERVER_NAME"] . $_SERVER['REQUEST_URI']); exit; } else { if ($using_cookie) { $errors['expiredsession'] = __('Your session has expired.'); } $errors['expiredsession'] = __('<strong>ERROR</strong>: Invalid user or password.'); } } if ($_POST && empty($user_login)) { $errors['user_login'] = __('<strong>ERROR</strong>: The username field is empty.'); } if ($_POST && empty($user_pass)) { $errors['user_pass'] = __('<strong>ERROR</strong>: The password field is empty.'); } $_POST['sbl_errors'] = $errors; $_POST['user_login'] = $user_login; } }