/** * Updates the user's password with a new encrypted one. * * For integration with other applications, this function can be overwritten to * instead use the other package password checking algorithm. * * @since 2.5 * @uses $nxtdb NXTClass database object for queries * @uses nxt_hash_password() Used to encrypt the user's password before passing to the database * * @param string $password The plaintext new user password * @param int $user_id User ID */ function nxt_set_password($password, $user_id) { global $nxtdb; $hash = nxt_hash_password($password); $nxtdb->update($nxtdb->users, array('user_pass' => $hash, 'user_activation_key' => ''), array('ID' => $user_id)); nxt_cache_delete($user_id, 'users'); }
function bp_core_screen_signup() { global $bp, $nxtdb; if (!bp_is_current_component('register')) { return; } // Not a directory bp_update_is_directory(false, 'register'); // If the user is logged in, redirect away from here if (is_user_logged_in()) { if (bp_is_component_front_page('register')) { $redirect_to = bp_get_root_domain() . '/' . bp_get_members_root_slug(); } else { $redirect_to = bp_get_root_domain(); } bp_core_redirect(apply_filters('bp_loggedin_register_page_redirect_to', $redirect_to)); return; } $bp->signup->step = 'request-details'; if (!bp_get_signup_allowed()) { $bp->signup->step = 'registration-disabled'; } elseif (isset($_POST['signup_submit'])) { // Check the nonce check_admin_referer('bp_new_signup'); // Check the base account details for problems $account_details = bp_core_validate_user_signup($_POST['signup_username'], $_POST['signup_email']); // If there are errors with account details, set them for display if (!empty($account_details['errors']->errors['user_name'])) { $bp->signup->errors['signup_username'] = $account_details['errors']->errors['user_name'][0]; } if (!empty($account_details['errors']->errors['user_email'])) { $bp->signup->errors['signup_email'] = $account_details['errors']->errors['user_email'][0]; } // Check that both password fields are filled in if (empty($_POST['signup_password']) || empty($_POST['signup_password_confirm'])) { $bp->signup->errors['signup_password'] = __('Please make sure you enter your password twice', 'buddypress'); } // Check that the passwords match if (!empty($_POST['signup_password']) && !empty($_POST['signup_password_confirm']) && $_POST['signup_password'] != $_POST['signup_password_confirm']) { $bp->signup->errors['signup_password'] = __('The passwords you entered do not match.', 'buddypress'); } $bp->signup->username = $_POST['signup_username']; $bp->signup->email = $_POST['signup_email']; // Now we've checked account details, we can check profile information if (bp_is_active('xprofile')) { // Make sure hidden field is passed and populated if (isset($_POST['signup_profile_field_ids']) && !empty($_POST['signup_profile_field_ids'])) { // Let's compact any profile field info into an array $profile_field_ids = explode(',', $_POST['signup_profile_field_ids']); // Loop through the posted fields formatting any datebox values then validate the field foreach ((array) $profile_field_ids as $field_id) { if (!isset($_POST['field_' . $field_id])) { if (!empty($_POST['field_' . $field_id . '_day']) && !empty($_POST['field_' . $field_id . '_month']) && !empty($_POST['field_' . $field_id . '_year'])) { $_POST['field_' . $field_id] = date('Y-m-d H:i:s', strtotime($_POST['field_' . $field_id . '_day'] . $_POST['field_' . $field_id . '_month'] . $_POST['field_' . $field_id . '_year'])); } } // Create errors for required fields without values if (xprofile_check_is_required_field($field_id) && empty($_POST['field_' . $field_id])) { $bp->signup->errors['field_' . $field_id] = __('This is a required field', 'buddypress'); } } // This situation doesn't naturally occur so bounce to website root } else { bp_core_redirect(bp_get_root_domain()); } } // Finally, let's check the blog details, if the user wants a blog and blog creation is enabled if (isset($_POST['signup_with_blog'])) { $active_signup = $bp->site_options['registration']; if ('blog' == $active_signup || 'all' == $active_signup) { $blog_details = bp_core_validate_blog_signup($_POST['signup_blog_url'], $_POST['signup_blog_title']); // If there are errors with blog details, set them for display if (!empty($blog_details['errors']->errors['blogname'])) { $bp->signup->errors['signup_blog_url'] = $blog_details['errors']->errors['blogname'][0]; } if (!empty($blog_details['errors']->errors['blog_title'])) { $bp->signup->errors['signup_blog_title'] = $blog_details['errors']->errors['blog_title'][0]; } } } do_action('bp_signup_validate'); // Add any errors to the action for the field in the template for display. if (!empty($bp->signup->errors)) { foreach ((array) $bp->signup->errors as $fieldname => $error_message) { // addslashes() and stripslashes() to avoid create_function() // syntax errors when the $error_message contains quotes add_action('bp_' . $fieldname . '_errors', create_function('', 'echo apply_filters(\'bp_members_signup_error_message\', "<div class=\\"error\\">" . stripslashes( \'' . addslashes($error_message) . '\' ) . "</div>" );')); } } else { $bp->signup->step = 'save-details'; // No errors! Let's register those deets. $active_signup = !empty($bp->site_options['registration']) ? $bp->site_options['registration'] : ''; if ('none' != $active_signup) { // Let's compact any profile field info into usermeta $profile_field_ids = explode(',', $_POST['signup_profile_field_ids']); // Loop through the posted fields formatting any datebox values then add to usermeta foreach ((array) $profile_field_ids as $field_id) { if (!isset($_POST['field_' . $field_id])) { if (isset($_POST['field_' . $field_id . '_day'])) { $_POST['field_' . $field_id] = date('Y-m-d H:i:s', strtotime($_POST['field_' . $field_id . '_day'] . $_POST['field_' . $field_id . '_month'] . $_POST['field_' . $field_id . '_year'])); } } if (!empty($_POST['field_' . $field_id])) { $usermeta['field_' . $field_id] = $_POST['field_' . $field_id]; } } // Store the profile field ID's in usermeta $usermeta['profile_field_ids'] = $_POST['signup_profile_field_ids']; // Hash and store the password $usermeta['password'] = nxt_hash_password($_POST['signup_password']); // If the user decided to create a blog, save those details to usermeta if ('blog' == $active_signup || 'all' == $active_signup) { $usermeta['public'] = isset($_POST['signup_blog_privacy']) && 'public' == $_POST['signup_blog_privacy'] ? true : false; } $usermeta = apply_filters('bp_signup_usermeta', $usermeta); // Finally, sign up the user and/or blog if (isset($_POST['signup_with_blog']) && is_multisite()) { $nxt_user_id = bp_core_signup_blog($blog_details['domain'], $blog_details['path'], $blog_details['blog_title'], $_POST['signup_username'], $_POST['signup_email'], $usermeta); } else { $nxt_user_id = bp_core_signup_user($_POST['signup_username'], $_POST['signup_password'], $_POST['signup_email'], $usermeta); } if (is_nxt_error($nxt_user_id)) { $bp->signup->step = 'request-details'; bp_core_add_message(strip_tags($nxt_user_id->get_error_message()), 'error'); } else { $bp->signup->step = 'completed-confirmation'; } } do_action('bp_complete_signup'); } } do_action('bp_core_screen_signup'); bp_core_load_template(apply_filters('bp_core_template_register', 'registration/register')); }
/** * Update an user in the database. * * It is possible to update a user's password by specifying the 'user_pass' * value in the $userdata parameter array. * * If $userdata does not contain an 'ID' key, then a new user will be created * and the new user's ID will be returned. * * If current user's password is being updated, then the cookies will be * cleared. * * @since 2.0.0 * @see nxt_insert_user() For what fields can be set in $userdata * @uses nxt_insert_user() Used to update existing user or add new one if user doesn't exist already * * @param array $userdata An array of user data. * @return int The updated user's ID. */ function nxt_update_user($userdata) { $ID = (int) $userdata['ID']; // First, get all of the original fields $user_obj = get_userdata($ID); $user = get_object_vars($user_obj->data); // Add additional custom fields foreach (_get_additional_user_keys($user_obj) as $key) { $user[$key] = get_user_meta($ID, $key, true); } // Escape data pulled from DB. $user = add_magic_quotes($user); // If password is changing, hash it now. if (!empty($userdata['user_pass'])) { $plaintext_pass = $userdata['user_pass']; $userdata['user_pass'] = nxt_hash_password($userdata['user_pass']); } nxt_cache_delete($user['user_email'], 'useremail'); // Merge old and new fields with new fields overwriting old ones. $userdata = array_merge($user, $userdata); $user_id = nxt_insert_user($userdata); // Update the cookies if the password changed. $current_user = nxt_get_current_user(); if ($current_user->ID == $ID) { if (isset($plaintext_pass)) { nxt_clear_auth_cookie(); nxt_set_auth_cookie($ID); } } return $user_id; }
function queue_user($user_login, $user_pass, $user_email, $user_meta = '') { $sql = $this->db->prepare("INSERT INTO {$this->user_queue} (user_login, user_pass, user_email, user_timestamp, user_meta) VALUES "); $sql .= $this->db->prepare("( %s, %s, %s, %d, %s )", $user_login, nxt_hash_password($user_pass), $user_email, time(), serialize($user_meta)); $sql .= $this->db->prepare(" ON DUPLICATE KEY UPDATE user_timestamp = %d", time()); if ($this->db->query($sql)) { return $this->db->insert_id; } else { return new nxt_Error('queueerror', __('Could not create your user account.', 'membership')); } }