/**
* Handles resetting the user's password.
*
* @uses $wpdb WordPress Database object
*
* @param string $key Hash to validate sending user's password
* @return bool|WP_Error
*/
function hma_override_reset_password($key, $login)
{
global $wpdb;
$key = preg_replace('/[^a-z0-9]/i', '', $key);
if (empty($key) || !is_string($key)) {
hm_error_message('The key you provided was invalid', 'lost-password');
return new WP_Error('invalid_key', __('Invalid key'));
}
if (empty($login) || !is_string($login)) {
hm_error_message('The key you provided was invalid', 'lost-password');
return new WP_Error('invalid_key', __('Invalid key'));
}
$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM {$wpdb->users} WHERE user_activation_key = %s AND user_login = %s", $key, $login));
if (empty($user)) {
hm_error_message('The key you provided was invalid', 'lost-password');
return new WP_Error('invalid_key', __('Invalid key'));
}
// Generate something random for a password...
$new_pass = wp_generate_password();
do_action('password_reset', $user, $new_pass);
wp_set_password($new_pass, $user->ID);
update_user_meta($user->ID, 'default_password_nag', true);
//Set up the Password change nag.
$message = sprintf(__('Username: %s'), $user->user_login) . "\r\n";
$message .= sprintf(__('Password: %s'), $new_pass) . "\r\n";
$message .= site_url('wp-login.php', 'login') . "\r\n";
// The blogname option is escaped with esc_html on the way into the database in sanitize_option
// we want to reverse this for the plain text arena of emails.
$blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
$title = sprintf(__('[%s] Your new password'), $blogname);
$title = apply_filters('password_reset_title', $title);
$message = apply_filters('password_reset_message', $message, $new_pass);
if ($message && !wp_mail($user->user_email, $title, $message)) {
die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>');
}
wp_password_change_notification($user);
return true;
}
/**
* Process the edit profile form submission
*
* @return null
*/
function hma_profile_submitted()
{
check_admin_referer('hma_profile_submitted');
$current_user = wp_get_current_user();
// check the user is logged in
if (!is_user_logged_in()) {
return;
}
// Loop through all data and only user user_* fields or fields which have been registered using hma_register_profile_field
foreach ($_POST as $key => $value) {
if (!hma_is_profile_field($key) && hma_custom_profile_fields() || !hma_custom_profile_fields() && strpos($key, 'user_') !== 0) {
continue;
}
$user_data[$key] = is_string($value) ? esc_attr($value) : array_map('esc_attr', $value);
}
// Check that the passwords match if they were $_POST'd
if (!empty($_POST['user_pass']) && isset($_POST['user_pass2']) && $_POST['user_pass'] !== $_POST['user_pass2']) {
hm_error_message('The passwords you entered do not match', 'update-user');
return;
}
if (!empty($_POST['user_pass'])) {
$user_data['user_pass'] = esc_attr($_POST['user_pass']);
}
if (!empty($_POST['user_email'])) {
$user_data['user_email'] = esc_attr($_POST['user_email']);
}
$user_data['ID'] = $current_user->ID;
if (isset($_POST['first_name'])) {
$user_data['first_name'] = esc_attr($_POST['first_name']);
}
if (isset($_POST['last_name'])) {
$user_data['last_name'] = esc_attr($_POST['last_name']);
}
if (isset($_POST['nickname'])) {
$user_data['nickname'] = esc_attr($_POST['nickname']);
}
$user_data['user_login'] = $current_user->user_login;
if (isset($_POST['description'])) {
$user_data['description'] = esc_attr($_POST['description']);
}
if (isset($_POST['display_name'])) {
$name = trim($_POST['display_name']);
$match = preg_match_all('/([\\S^\\,]*)/', esc_attr($_POST['display_name']), $matches);
foreach (array_filter((array) $matches[0]) as $match) {
$name = trim(str_replace($match, $user_data[$match], $name));
}
$user_data['display_name'] = $name;
$user_data['display_name_preference'] = esc_attr($_POST['display_name']);
}
if (!empty($_FILES['user_avatar']['name'])) {
$user_data['user_avatar'] = esc_attr($_FILES['user_avatar']);
}
$success = hma_update_user_info($user_data);
// Unlink any SSO providers
if (!is_wp_error($success) && !empty($_POST['unlink_sso_providers']) && array_filter((array) $_POST['unlink_sso_providers'])) {
if (empty($user_data['user_pass'])) {
hm_error_message('The social network(s) could not be unlinked because you did not enter your password', 'update-user');
} else {
foreach (array_filter((array) $_POST['unlink_sso_providers']) as $sso_provider_id) {
$sso_provider = hma_get_sso_provider($sso_provider_id);
$sso_provider->unlink();
}
}
}
if ($_POST['redirect_to']) {
$redirect = esc_attr($_POST['redirect_to']);
} elseif ($_POST['referer']) {
$redirect = esc_attr($_POST['referer']);
} elseif (wp_get_referer()) {
$redirect = wp_get_referer();
} else {
$redirect = get_bloginfo('edit_profile_url', 'display');
}
do_action('hma_update_user_profile_completed', $redirect);
wp_redirect(add_query_arg('message', is_wp_error($success) ? $success->get_error_code() : '1', $redirect));
exit;
}
/**
* Link the current Twitter with $this->user
*
* @access public
* @return true | WP_Error on failure
*/
function link()
{
if (!is_user_logged_in()) {
return new WP_Error('user-logged-in');
}
//we are in the popup were (seperate window)
if ($this->usingSession && !empty($_SESSION['twitter_oauth_token'])) {
$this->access_token = $_SESSION['twitter_oauth_token'];
} elseif (!empty($_POST['access_token'])) {
$this->access_token = $this->get_access_token_from_string($_POST['access_token']);
} else {
$this->access_token = unserialize(base64_decode($_COOKIE['twitter_oauth_token']));
setcookie('twitter_oauth_token', '', time() - 100, COOKIEPATH);
}
$info = $this->get_twitter_user_info();
if (!empty($info->error)) {
hm_error_message('There was a problem connecting you with Twitter, please try again.', 'update-user');
return new WP_Error($info->error);
}
//Check if this twitter account has already been connected with an account, if so log them in and dont register
if ($this->_get_user_id_from_sso_id($info->id)) {
hm_error_message('This Twitter account is already linked with another account, please try a different one.', 'update-user');
return new WP_Error('sso-provider-already-linked');
}
update_user_meta(get_current_user_id(), '_twitter_oauth_token', $this->access_token['oauth_token']);
update_user_meta(get_current_user_id(), '_twitter_oauth_token_secret', $this->access_token['oauth_token_secret']);
update_user_meta(get_current_user_id(), '_twitter_access_token', $this->access_token);
update_user_meta(get_current_user_id(), '_twitter_uid', $info->id);
hm_success_message('Successfully connected the Twitter account "' . $info->screen_name . '" with your profile.', 'update-user');
return true;
}
public function login()
{
if (!$this->check_for_provider_logged_in()) {
hm_error_message('You are not logged in to Facebook', 'login');
return new WP_Error('no-logged-in-to-facebook');
}
global $wpdb;
$fb_uid = $this->client->getUser();
$user_id = $wpdb->get_var("SELECT user_id FROM {$wpdb->usermeta} WHERE meta_key = '_fb_uid' AND meta_value = '{$fb_uid}'");
if (!$user_id) {
$fb_info = $this->get_facebook_user_info();
$user_id = $this->_get_user_id_from_sso_id($fb_info['username']);
if (!$user_id) {
hm_error_message('This Facebook account has not been linked to an account on this site.', 'login');
return new WP_Error('facebook-account-not-connected');
}
}
//Update their access token incase it has changed
update_user_meta($user_id, '_fb_access_token', $this->get_access_token_from_cookie_session());
wp_set_auth_cookie($user_id, false);
wp_set_current_user($user_id);
do_action('hma_log_user_in', $user_id);
do_action('hma_login_submitted_success');
return true;
}
