Пример #1
0
/**
 * Update a comment with values provided in $_POST.
 *
 * @since 0.0.1
 */
function edit_comment()
{
    if (!current_user_can('edit_comment', (int) $_POST['comment_ID'])) {
        hq_die(__('You are not allowed to edit comments on this post.'));
    }
    if (isset($_POST['newcomment_author'])) {
        $_POST['comment_author'] = $_POST['newcomment_author'];
    }
    if (isset($_POST['newcomment_author_email'])) {
        $_POST['comment_author_email'] = $_POST['newcomment_author_email'];
    }
    if (isset($_POST['newcomment_author_url'])) {
        $_POST['comment_author_url'] = $_POST['newcomment_author_url'];
    }
    if (isset($_POST['comment_status'])) {
        $_POST['comment_approved'] = $_POST['comment_status'];
    }
    if (isset($_POST['content'])) {
        $_POST['comment_content'] = $_POST['content'];
    }
    if (isset($_POST['comment_ID'])) {
        $_POST['comment_ID'] = (int) $_POST['comment_ID'];
    }
    foreach (array('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit) {
        if (!empty($_POST['hidden_' . $timeunit]) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit]) {
            $_POST['edit_date'] = '1';
            break;
        }
    }
    if (!empty($_POST['edit_date'])) {
        $aa = $_POST['aa'];
        $mm = $_POST['mm'];
        $jj = $_POST['jj'];
        $hh = $_POST['hh'];
        $mn = $_POST['mn'];
        $ss = $_POST['ss'];
        $jj = $jj > 31 ? 31 : $jj;
        $hh = $hh > 23 ? $hh - 24 : $hh;
        $mn = $mn > 59 ? $mn - 60 : $mn;
        $ss = $ss > 59 ? $ss - 60 : $ss;
        $_POST['comment_date'] = "{$aa}-{$mm}-{$jj} {$hh}:{$mn}:{$ss}";
    }
    hq_update_comment($_POST);
}
Пример #2
0
/**
 * Load custom DB error or display HiveQueen DB error.
 *
 * If a file exists in the hq-content directory named db-error.php, then it will
 * be loaded instead of displaying the WordPress DB error. If it is not found,
 * then the WordPress DB error will be displayed instead.
 *
 * The HiveQueen DB error sets the HTTP status header to 500 to try to prevent
 * search engines from caching the message. Custom DB messages should do the
 * same.
 *
 * @since 0.0.1
 *
 * @global hqdb $hqdb HiveQueen database abstraction object.
 */
function dead_db()
{
    global $hqdb;
    hq_load_translations_early();
    // Load custom DB error template, if present.
    if (file_exists(HQ_CONTENT_DIR . '/db-error.php')) {
        require_once HQ_CONTENT_DIR . '/db-error.php';
        die;
    }
    // If installing or in the admin, provide the verbose message.
    if (defined('HQ_INSTALLING') || defined('HQ_ADMIN')) {
        hq_die($hqdb->error);
    }
    // Otherwise, be terse.
    status_header(500);
    nocache_headers();
    header('Content-Type: text/html; charset=utf-8');
    ?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"<?php 
    if (is_rtl()) {
        echo ' dir="rtl"';
    }
    ?>
>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title><?php 
    _e('Database Error');
    ?>
</title>

</head>
<body>
        <h1><?php 
    _e('Error establishing a database connection');
    ?>
</h1>
</body>
</html>
<?php 
    die;
}
Пример #3
0
} elseif (file_exists(dirname(ABSPATH) . '/hq-config.php') && !file_exists(dirname(ABSPATH) . '/hq-settings.php')) {
    /** The config file resides one level above ABSPATH but is not part of another install */
    require_once dirname(ABSPATH) . '/hq-config.php';
} else {
    // A config file doesn't exist
    define('HQINC', 'hq-includes');
    require_once ABSPATH . HQINC . '/load.php';
    // Standardize $_SERVER variables across setups.
    hq_fix_server_vars();
    require_once ABSPATH . HQINC . '/functions.php';
    $path = hq_guess_url() . '/hq-admin/setup-config.php';
    /*
     * We're going to redirect to setup-config.php. While this shouldn't result
     * in an infinite loop, that's a silly thing to assume, don't you think? If
     * we're traveling in circles, our last-ditch effort is "Need more help?"
     */
    if (false === strpos($_SERVER['REQUEST_URI'], 'setup-config')) {
        header('Location: ' . $path);
        exit;
    }
    define('HQ_CONTENT_DIR', ABSPATH . 'hq-content');
    require_once ABSPATH . HQINC . '/version.php';
    hq_check_php_mysql_versions();
    hq_load_translations_early();
    // Die with an error message
    $die = __("There doesn't seem to be a <code>hq-config.php</code> file. I need this before we can get started.") . '</p>';
    $die .= '<p>' . __("Need more help? <a href='https://codex.wordpress.org/Editing_hq-config.php'>We got it</a>.") . '</p>';
    $die .= '<p>' . __("You can create a <code>hq-config.php</code> file through a web interface, but this doesn't work for all server setups. The safest way is to manually create the file.") . '</p>';
    $die .= '<p><a href="' . $path . '" class="button button-large">' . __("Create a Configuration File") . '</a>';
    hq_die($die, __('HiveQueen &rsaquo; Error'));
}
Пример #4
0
 /**
  * Verifies the AJAX request to prevent processing requests external of the blog.
  *
  * @since 0.0.1
  *
  * @param int|string   $action    Action nonce.
  * @param false|string $query_arg Optional. Key to check for the nonce in `$_REQUEST` (since 2.5). If false,
  *                                `$_REQUEST` values will be evaluated for '_ajax_nonce', and '_hqnonce'
  *                                (in that order). Default false.
  * @param bool         $die       Optional. Whether to die early when the nonce cannot be verified.
  *                                Default true.
  * @return false|int False if the nonce is invalid, 1 if the nonce is valid and generated between
  *                   0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
  */
 function check_ajax_referer($action = -1, $query_arg = false, $die = true)
 {
     $nonce = '';
     if ($query_arg && isset($_REQUEST[$query_arg])) {
         $nonce = $_REQUEST[$query_arg];
     } elseif (isset($_REQUEST['_ajax_nonce'])) {
         $nonce = $_REQUEST['_ajax_nonce'];
     } elseif (isset($_REQUEST['_hqnonce'])) {
         $nonce = $_REQUEST['_hqnonce'];
     }
     $result = hq_verify_nonce($nonce, $action);
     if ($die && false === $result) {
         if (defined('DOING_AJAX') && DOING_AJAX) {
             hq_die(-1);
         } else {
             die('-1');
         }
     }
     /**
      * Fires once the AJAX request has been validated or not.
      *
      * @since 0.0.1
      *
      * @param string    $action The AJAX nonce action.
      * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between
      *                          0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
      */
     do_action('check_ajax_referer', $action, $result);
     return $result;
 }
Пример #5
0
        do_action('load-' . $plugin_page);
        if (!isset($_GET['noheader'])) {
            require_once ABSPATH . 'hq-admin/admin-header.php';
        }
        if (file_exists(HQMU_PLUGIN_DIR . "/{$plugin_page}")) {
            include HQMU_PLUGIN_DIR . "/{$plugin_page}";
        } else {
            include HQ_PLUGIN_DIR . "/{$plugin_page}";
        }
    }
    include ABSPATH . 'hq-admin/admin-footer.php';
    exit;
} elseif (isset($_GET['import'])) {
    $importer = $_GET['import'];
    if (!current_user_can('import')) {
        hq_die(__('You are not allowed to import.'));
    }
    if (validate_file($importer)) {
        hq_redirect(admin_url('import.php?invalid=' . $importer));
        exit;
    }
    if (!isset($hq_importers[$importer]) || !is_callable($hq_importers[$importer][2])) {
        hq_redirect(admin_url('import.php?invalid=' . $importer));
        exit;
    }
    /**
     * Fires before an importer screen is loaded.
     *
     * The dynamic portion of the hook name, `$importer`, refers to the importer slug.
     *
     * @since 0.0.1
Пример #6
0
 /**
  * Handle an Image upload for the background image.
  *
  * @since 0.0.1
  */
 public function handle_upload()
 {
     if (empty($_FILES)) {
         return;
     }
     check_admin_referer('custom-background-upload', '_hqnonce-custom-background-upload');
     $overrides = array('test_form' => false);
     $uploaded_file = $_FILES['import'];
     $hq_filetype = hq_check_filetype_and_ext($uploaded_file['tmp_name'], $uploaded_file['name']);
     if (!hq_match_mime_types('image', $hq_filetype['type'])) {
         hq_die(__('The uploaded file is not a valid image. Please try again.'));
     }
     $file = hq_handle_upload($uploaded_file, $overrides);
     if (isset($file['error'])) {
         hq_die($file['error']);
     }
     $url = $file['url'];
     $type = $file['type'];
     $file = $file['file'];
     $filename = basename($file);
     // Construct the object array
     $object = array('post_title' => $filename, 'post_content' => $url, 'post_mime_type' => $type, 'guid' => $url, 'context' => 'custom-background');
     // Save the data
     $id = hq_insert_attachment($object, $file);
     // Add the meta-data
     hq_update_attachment_metadata($id, hq_generate_attachment_metadata($id, $file));
     update_post_meta($id, '_hq_attachment_is_custom_background', get_option('stylesheet'));
     set_theme_mod('background_image', esc_url_raw($url));
     $thumbnail = hq_get_attachment_image_src($id, 'thumbnail');
     set_theme_mod('background_image_thumb', esc_url_raw($thumbnail[0]));
     /** This action is documented in hq-admin/custom-header.php */
     do_action('hq_create_file_in_uploads', $file, $id);
     // For replication
     $this->updated = true;
 }
Пример #7
0
/**
 * Set the database table prefix and the format specifiers for database
 * table columns.
 *
 * Columns not listed here default to `%s`.
 *
 * @since 0.0.1
 * @access private
 *
 * @global hqdb   $hqdb         The HiveQueen database class.
 * @global string $table_prefix The database table prefix.
 */
function hq_set_hqdb_vars()
{
    global $hqdb, $table_prefix;
    if (!empty($hqdb->error)) {
        dead_db();
    }
    //TODO: Redefine db
    /*
    $hqdb->field_types = array( 'post_author' => '%d', 'post_parent' => '%d', 'menu_order' => '%d', 'term_id' => '%d', 'term_group' => '%d', 'term_taxonomy_id' => '%d',
            'parent' => '%d', 'count' => '%d','object_id' => '%d', 'term_order' => '%d', 'ID' => '%d', 'comment_ID' => '%d', 'comment_post_ID' => '%d', 'comment_parent' => '%d',
            'user_id' => '%d', 'link_id' => '%d', 'link_owner' => '%d', 'link_rating' => '%d', 'option_id' => '%d', 'blog_id' => '%d', 'meta_id' => '%d', 'post_id' => '%d',
            'user_status' => '%d', 'umeta_id' => '%d', 'comment_karma' => '%d', 'comment_count' => '%d',
            // multisite:
            'active' => '%d', 'cat_id' => '%d', 'deleted' => '%d', 'lang_id' => '%d', 'mature' => '%d', 'public' => '%d', 'site_id' => '%d', 'spam' => '%d',
    );
    */
    $hqdb->field_types = array('menu_order' => '%d', 'term_id' => '%d', 'term_group' => '%d', 'parent' => '%d', 'count' => '%d', 'object_id' => '%d', 'term_order' => '%d', 'ID' => '%d', 'user_id' => '%d', 'option_id' => '%d', 'user_status' => '%d');
    $prefix = $hqdb->set_prefix($table_prefix);
    if (is_hq_error($prefix)) {
        hq_load_translations_early();
        hq_die(__('<strong>ERROR</strong>: <code>$table_prefix</code> in <code>hq-config.php</code> can only contain numbers, letters, and underscores.'));
    }
}
Пример #8
0
/**
 * @since 0.0.1
 * @access private
 *
 * @global string $pagenow
 */
function hq_link_manager_disabled_message()
{
    global $pagenow;
    if ('link-manager.php' != $pagenow && 'link-add.php' != $pagenow && 'link.php' != $pagenow) {
        return;
    }
    add_filter('pre_option_link_manager_enabled', '__return_true', 100);
    $really_can_manage_links = current_user_can('manage_links');
    remove_filter('pre_option_link_manager_enabled', '__return_true', 100);
    if ($really_can_manage_links && current_user_can('install_plugins')) {
        $link = network_admin_url('plugin-install.php?tab=search&amp;s=Link+Manager');
        hq_die(sprintf(__('If you are looking to use the link manager, please install the <a href="%s">Link Manager</a> plugin.'), $link));
    }
    hq_die(__('You do not have sufficient permissions to edit the links for this site.'));
}
Пример #9
0
/**
 * Protect HiveQueen special option from being modified.
 *
 * Will die if $option is in protected list. Protected options are 'alloptions'
 * and 'notoptions' options.
 *
 * @since 0.0.1
 *
 * @param string $option Option name.
 */
function hq_protect_special_option($option)
{
    if ('alloptions' === $option || 'notoptions' === $option) {
        hq_die(sprintf(__('%s is a protected HQ option and may not be modified'), esc_html($option)));
    }
}
Пример #10
0
 /**
  * Display the page based on the current step.
  *
  * @since 0.0.1
  */
 public function admin_page()
 {
     if (!current_user_can('edit_theme_options')) {
         hq_die(__('You do not have permission to customize headers.'));
     }
     $step = $this->step();
     if (2 == $step) {
         $this->step_2();
     } elseif (3 == $step) {
         $this->step_3();
     } else {
         $this->step_1();
     }
 }
Пример #11
0
/**
 * Make sure that the file that was requested to edit, is allowed to be edited
 *
 * Function will die if if you are not allowed to edit the file
 *
 * @since 0.0.1
 *
 * @param string $file file the users is attempting to edit
 * @param array $allowed_files Array of allowed files to edit, $file must match an entry exactly
 * @return string|null
 */
function validate_file_to_edit($file, $allowed_files = '')
{
    $code = validate_file($file, $allowed_files);
    if (!$code) {
        return $file;
    }
    switch ($code) {
        case 1:
            hq_die(__('Sorry, that file cannot be edited.'));
            // case 2 :
            // hq_die( __('Sorry, can&#8217;t call files with their real path.' ));
        // case 2 :
        // hq_die( __('Sorry, can&#8217;t call files with their real path.' ));
        case 3:
            hq_die(__('Sorry, that file cannot be edited.'));
    }
}
Пример #12
0
  */
 define('DB_NAME', $dbname);
 define('DB_USER', $uname);
 define('DB_PASSWORD', $pwd);
 define('DB_HOST', $dbhost);
 /**#@-*/
 // Re-construct $hqdb with these new values.
 unset($hqdb);
 require_hq_db();
 /*
  * The hqdb constructor bails when HQ_SETUP_CONFIG is set, so we must
  * fire this manually. We'll fail here if the values are no good.
  */
 $hqdb->db_connect();
 if (!empty($hqdb->error)) {
     hq_die($hqdb->error->get_error_message() . $tryagain_link);
 }
 // Fetch or generate keys and salts.
 /* goyo disable:
         $no_api = isset( $_POST['noapi'] );
         if ( ! $no_api ) {
                 $secret_keys = hq_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' );
         }
 
         if ( $no_api || is_hq_error( $secret_keys ) ) {
                 $secret_keys = array();
                 for ( $i = 0; $i < 8; $i++ ) {
                         $secret_keys[] = hq_generate_password( 64, true, true );
                 }
         } else {
                 $secret_keys = explode( "\n", hq_remote_retrieve_body( $secret_keys ) );
Пример #13
0
/**
 * Edit user settings based on contents of $_POST
 *
 * Used on user-edit.php and profile.php to manage and process user options, passwords etc.
 *
 * @since 0.0.1
 *
 * @param int $user_id Optional. User ID.
 * @return int|HQ_Error user id of the updated user
 */
function edit_user($user_id = 0)
{
    $hq_roles = hq_roles();
    $user = new stdClass();
    if ($user_id) {
        $update = true;
        $user->ID = (int) $user_id;
        $userdata = get_userdata($user_id);
        $user->user_login = hq_slash($userdata->user_login);
    } else {
        $update = false;
    }
    if (!$update && isset($_POST['user_login'])) {
        $user->user_login = sanitize_user($_POST['user_login'], true);
    }
    $pass1 = $pass2 = '';
    if (isset($_POST['pass1'])) {
        $pass1 = $_POST['pass1'];
    }
    if (isset($_POST['pass2'])) {
        $pass2 = $_POST['pass2'];
    }
    if (isset($_POST['role']) && current_user_can('edit_users')) {
        $new_role = sanitize_text_field($_POST['role']);
        $potential_role = isset($hq_roles->role_objects[$new_role]) ? $hq_roles->role_objects[$new_role] : false;
        // Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
        // Multisite super admins can freely edit their blog roles -- they possess all caps.
        if (is_multisite() && current_user_can('manage_sites') || $user_id != get_current_user_id() || $potential_role && $potential_role->has_cap('edit_users')) {
            $user->role = $new_role;
        }
        // If the new role isn't editable by the logged-in user die with error
        $editable_roles = get_editable_roles();
        if (!empty($new_role) && empty($editable_roles[$new_role])) {
            hq_die(__('You can&#8217;t give users that role.'));
        }
    }
    if (isset($_POST['email'])) {
        $user->user_email = sanitize_text_field(hq_unslash($_POST['email']));
    }
    if (isset($_POST['url'])) {
        if (empty($_POST['url']) || $_POST['url'] == 'http://') {
            $user->user_url = '';
        } else {
            $user->user_url = esc_url_raw($_POST['url']);
            $protocols = implode('|', array_map('preg_quote', hq_allowed_protocols()));
            $user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://' . $user->user_url;
        }
    }
    if (isset($_POST['first_name'])) {
        $user->first_name = sanitize_text_field($_POST['first_name']);
    }
    if (isset($_POST['last_name'])) {
        $user->last_name = sanitize_text_field($_POST['last_name']);
    }
    if (isset($_POST['nickname'])) {
        $user->nickname = sanitize_text_field($_POST['nickname']);
    }
    if (isset($_POST['display_name'])) {
        $user->display_name = sanitize_text_field($_POST['display_name']);
    }
    if (isset($_POST['description'])) {
        $user->description = trim($_POST['description']);
    }
    foreach (hq_get_user_contact_methods($user) as $method => $name) {
        if (isset($_POST[$method])) {
            $user->{$method} = sanitize_text_field($_POST[$method]);
        }
    }
    if ($update) {
        $user->rich_editing = isset($_POST['rich_editing']) && 'false' == $_POST['rich_editing'] ? 'false' : 'true';
        $user->admin_color = isset($_POST['admin_color']) ? sanitize_text_field($_POST['admin_color']) : 'fresh';
        $user->show_admin_bar_front = isset($_POST['admin_bar_front']) ? 'true' : 'false';
    }
    $user->comment_shortcuts = isset($_POST['comment_shortcuts']) && 'true' == $_POST['comment_shortcuts'] ? 'true' : '';
    $user->use_ssl = 0;
    if (!empty($_POST['use_ssl'])) {
        $user->use_ssl = 1;
    }
    $errors = new HQ_Error();
    /* checking that username has been typed */
    if ($user->user_login == '') {
        $errors->add('user_login', __('<strong>ERROR</strong>: Please enter a username.'));
    }
    /* checking the password has been typed twice */
    /**
     * Fires before the password and confirm password fields are checked for congruity.
     *
     * @since 0.0.1
     *
     * @param string $user_login The username.
     * @param string &$pass1     The password, passed by reference.
     * @param string &$pass2     The confirmed password, passed by reference.
     */
    do_action_ref_array('check_passwords', array($user->user_login, &$pass1, &$pass2));
    if ($update) {
        if (empty($pass1) && !empty($pass2)) {
            $errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass1'));
        } elseif (!empty($pass1) && empty($pass2)) {
            $errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass2'));
        }
    } else {
        if (empty($pass1)) {
            $errors->add('pass', __('<strong>ERROR</strong>: Please enter your password.'), array('form-field' => 'pass1'));
        } elseif (empty($pass2)) {
            $errors->add('pass', __('<strong>ERROR</strong>: Please enter your password twice.'), array('form-field' => 'pass2'));
        }
    }
    /* Check for "\" in password */
    if (false !== strpos(hq_unslash($pass1), "\\")) {
        $errors->add('pass', __('<strong>ERROR</strong>: Passwords may not contain the character "\\".'), array('form-field' => 'pass1'));
    }
    /* checking the password has been typed twice the same */
    if ($pass1 != $pass2) {
        $errors->add('pass', __('<strong>ERROR</strong>: Please enter the same password in the two password fields.'), array('form-field' => 'pass1'));
    }
    if (!empty($pass1)) {
        $user->user_pass = $pass1;
    }
    if (!$update && isset($_POST['user_login']) && !validate_username($_POST['user_login'])) {
        $errors->add('user_login', __('<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.'));
    }
    if (!$update && username_exists($user->user_login)) {
        $errors->add('user_login', __('<strong>ERROR</strong>: This username is already registered. Please choose another one.'));
    }
    /* checking e-mail address */
    if (empty($user->user_email)) {
        $errors->add('empty_email', __('<strong>ERROR</strong>: Please enter an e-mail address.'), array('form-field' => 'email'));
    } elseif (!is_email($user->user_email)) {
        $errors->add('invalid_email', __('<strong>ERROR</strong>: The email address isn&#8217;t correct.'), array('form-field' => 'email'));
    } elseif (($owner_id = email_exists($user->user_email)) && (!$update || $owner_id != $user->ID)) {
        $errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.'), array('form-field' => 'email'));
    }
    /**
     * Fires before user profile update errors are returned.
     *
     * @since 0.0.1
     *
     * @param array   &$errors An array of user profile update errors, passed by reference.
     * @param bool    $update  Whether this is a user update.
     * @param HQ_User &$user   HQ_User object, passed by reference.
     */
    do_action_ref_array('user_profile_update_errors', array(&$errors, $update, &$user));
    if ($errors->get_error_codes()) {
        return $errors;
    }
    if ($update) {
        $user_id = hq_update_user($user);
    } else {
        $user_id = hq_insert_user($user);
        hq_new_user_notification($user_id, null, 'both');
    }
    return $user_id;
}
Пример #14
0
        _e('Please provide the following information. Don&#8217;t worry, you can always change these settings later.');
        ?>
</p>

<?php 
        display_setup_form();
        break;
    case 2:
        if (!empty($language) && load_default_textdomain($language)) {
            $loaded_language = $language;
            $GLOBALS['hq_locale'] = new HQ_Locale();
        } else {
            $loaded_language = 'en_US';
        }
        if (!empty($hqdb->error)) {
            hq_die($hqdb->error->get_error_message());
        }
        display_header();
        // Fill in the data we gathered
        $weblog_title = isset($_POST['weblog_title']) ? trim(hq_unslash($_POST['weblog_title'])) : '';
        $user_name = isset($_POST['user_name']) ? trim(hq_unslash($_POST['user_name'])) : '';
        $admin_password = isset($_POST['admin_password']) ? hq_unslash($_POST['admin_password']) : '';
        $admin_password_check = isset($_POST['admin_password2']) ? hq_unslash($_POST['admin_password2']) : '';
        $admin_email = isset($_POST['admin_email']) ? trim(hq_unslash($_POST['admin_email'])) : '';
        $public = isset($_POST['blog_public']) ? (int) $_POST['blog_public'] : 0;
        // Check e-mail address.
        $error = false;
        if (empty($user_name)) {
            // TODO: poka-yoke
            display_setup_form(__('Please provide a valid username.'));
            $error = true;
Пример #15
0
 /**
  * Wraps errors in a nice header and footer and dies.
  *
  * Will not die if hqdb::$show_errors is false.
  *
  * @since 0.0.1
  *
  * @param string $message    The Error message
  * @param string $error_code Optional. A Computer readable string to identify the error.
  * @return false|void
  */
 public function bail($message, $error_code = '500')
 {
     if (!$this->show_errors) {
         if (class_exists('HQ_Error')) {
             $this->error = new HQ_Error($error_code, $message);
         } else {
             $this->error = $message;
         }
         return false;
     }
     hq_die($message);
 }
Пример #16
0
/**
 * Check whether comment flooding is occurring.
 *
 * Won't run, if current user can manage options, so to not block
 * administrators.
 *
 * @since 0.0.1
 *
 * @global hqdb $hqdb HiveQueen database abstraction object.
 *
 * @param string $ip Comment IP.
 * @param string $email Comment author email address.
 * @param string $date MySQL time string.
 */
function check_comment_flood_db($ip, $email, $date)
{
    global $hqdb;
    if (current_user_can('manage_options')) {
        return;
    }
    // don't throttle admins
    $hour_ago = gmdate('Y-m-d H:i:s', time() - HOUR_IN_SECONDS);
    if ($lasttime = $hqdb->get_var($hqdb->prepare("SELECT `comment_date_gmt` FROM `{$hqdb->comments}` WHERE `comment_date_gmt` >= %s AND ( `comment_author_IP` = %s OR `comment_author_email` = %s ) ORDER BY `comment_date_gmt` DESC LIMIT 1", $hour_ago, $ip, $email))) {
        $time_lastcomment = mysql2date('U', $lasttime, false);
        $time_newcomment = mysql2date('U', $date, false);
        /**
         * Filter the comment flood status.
         *
         * @since 0.0.1
         *
         * @param bool $bool             Whether a comment flood is occurring. Default false.
         * @param int  $time_lastcomment Timestamp of when the last comment was posted.
         * @param int  $time_newcomment  Timestamp of when the new comment was posted.
         */
        $flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
        if ($flood_die) {
            /**
             * Fires before the comment flood message is triggered.
             *
             * @since 0.0.1
             *
             * @param int $time_lastcomment Timestamp of when the last comment was posted.
             * @param int $time_newcomment  Timestamp of when the new comment was posted.
             */
            do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment);
            if (defined('DOING_AJAX')) {
                die(__('You are posting comments too quickly. Slow down.'));
            }
            hq_die(__('You are posting comments too quickly. Slow down.'), 429);
        }
    }
}
Пример #17
0
/**
 * Handles sending password retrieval email to user.
 *
 * @global hqdb         $hqdb      HiveQueen database abstraction object.
 * @global PasswordHash $hq_hasher Portable PHP password hashing framework.
 *
 * @return bool|HQ_Error True: when finish. HQ_Error on error
 */
function retrieve_password()
{
    global $hqdb, $hq_hasher;
    $errors = new HQ_Error();
    if (empty($_POST['user_login'])) {
        $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.'));
    } elseif (strpos($_POST['user_login'], '@')) {
        $user_data = get_user_by('email', trim($_POST['user_login']));
        if (empty($user_data)) {
            $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.'));
        }
    } else {
        $login = trim($_POST['user_login']);
        $user_data = get_user_by('login', $login);
    }
    /**
     * Fires before errors are returned from a password reset request.
     *
     * @since 0.0.1
     */
    do_action('lostpassword_post');
    if ($errors->get_error_code()) {
        return $errors;
    }
    if (!$user_data) {
        $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.'));
        return $errors;
    }
    // Redefining user_login ensures we return the right case in the email.
    $user_login = $user_data->user_login;
    $user_email = $user_data->user_email;
    /**
     * Fires before a new password is retrieved.
     *
     * @since 0.0.1
     *
     * @param string $user_login The user login name.
     */
    do_action('retreive_password', $user_login);
    /**
     * Fires before a new password is retrieved.
     *
     * @since 0.0.1
     *
     * @param string $user_login The user login name.
     */
    do_action('retrieve_password', $user_login);
    /**
     * Filter whether to allow a password to be reset.
     *
     * @since 0.0.1
     *
     * @param bool true           Whether to allow the password to be reset. Default true.
     * @param int  $user_data->ID The ID of the user attempting to reset a password.
     */
    $allow = apply_filters('allow_password_reset', true, $user_data->ID);
    if (!$allow) {
        return new HQ_Error('no_password_reset', __('Password reset is not allowed for this user'));
    } elseif (is_hq_error($allow)) {
        return $allow;
    }
    // Generate something random for a password reset key.
    $key = hq_generate_password(20, false);
    /**
     * Fires when a password reset key is generated.
     *
     * @since 0.0.1
     *
     * @param string $user_login The username for the user.
     * @param string $key        The generated password reset key.
     */
    do_action('retrieve_password_key', $user_login, $key);
    // Now insert the key, hashed, into the DB.
    if (empty($hq_hasher)) {
        require_once ABSPATH . HQINC . '/class-phpass.php';
        $hq_hasher = new PasswordHash(8, true);
    }
    $hashed = time() . ':' . $hq_hasher->HashPassword($key);
    $hqdb->update($hqdb->users, array('user_activation_key' => $hashed), array('user_login' => $user_login));
    $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
    $message .= network_home_url('/') . "\r\n\r\n";
    $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
    $message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
    $message .= __('To reset your password, visit the following address:') . "\r\n\r\n";
    $message .= '<' . network_site_url("hq-login.php?action=rp&key={$key}&login="******">\r\n";
    //TODO: Goyo no multisite
    //if ( is_multisite() )
    if (false) {
        $blogname = $GLOBALS['current_site']->site_name;
    } else {
        /*
         * The blogname option is escaped with esc_html on the way into the database
         * in sanitize_option we want to reverse this for the plain text arena of emails.
         */
        $blogname = hq_specialchars_decode(get_option('blogname'), ENT_QUOTES);
    }
    $title = sprintf(__('[%s] Password Reset'), $blogname);
    /**
     * Filter the subject of the password reset email.
     *
     * @since 0.0.1
     *
     * @param string $title Default email title.
     */
    $title = apply_filters('retrieve_password_title', $title);
    /**
     * Filter the message body of the password reset mail.
     *
     * @since 0.0.1
     *
     * @param string  $message    Default mail message.
     * @param string  $key        The activation key.
     * @param string  $user_login The username for the user.
     * @param HQ_User $user_data  HQ_User object.
     */
    $message = apply_filters('retrieve_password_message', $message, $key, $user_login, $user_data);
    if ($message && !hq_mail($user_email, hq_specialchars_decode($title), $message)) {
        hq_die(__('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.'));
    }
    return true;
}