function my_auto_login($fields)
{
/** if you want to send confirmation email the user */
require_once WPMEM_PATH . '/wp-members-email.php';
wpmem_inc_regemail($fields['ID'], $fields['password'], WPMEM_MOD_REG);
/** notify admin of new reg, remove if not notifying admin */
$wpmem_fields = get_option('wpmembers_fields');
//wpmem_notify_admin( $fields['ID'], $wpmem_fields );
/** assemble login credentials */
$creds = array();
$creds['user_login'] = $fields['username'];
$creds['user_password'] = $fields['password'];
$creds['remember'] = true;
/** wp_signon the user and get the $user object */
$user = wp_signon($creds, false);
/** if no error, user is a valid signon. continue */
if (!is_wp_error($user)) {
/** set the auth cookie */
wp_set_auth_cookie($fields['ID'], true);
/** and do the redirect */
wp_redirect($fields['wpmem_reg_url']);
/** wp_redirect requires us to exit() */
exit;
}
}
/**
* Activates a user
*
* If registration is moderated, sets the activated flag
* in the usermeta. Flag prevents login when WPMEM_MOD_REG
* is true (1). Function is fired from bulk user edit or
* user profile update.
*
* @since 2.4
*
* @param int $user_id
* @param bool $chk_pass
* @uses $wpdb WordPress Database object
*/
function wpmem_a_activate_user($user_id, $chk_pass = false)
{
// define new_pass
$new_pass = '';
// If passwords are user defined skip this
if (!$chk_pass) {
// generates a password to send the user
$new_pass = wp_generate_password();
$new_hash = wp_hash_password($new_pass);
// update the user with the new password
global $wpdb;
$wpdb->update($wpdb->users, array('user_pass' => $new_hash), array('ID' => $user_id), array('%s'), array('%d'));
}
// if subscriptions can expire, set the user's expiration date
if (WPMEM_USE_EXP == 1) {
wpmem_set_exp($user_id);
}
// generate and send user approved email to user
require_once WPMEM_PATH . 'wp-members-email.php';
wpmem_inc_regemail($user_id, $new_pass, 2);
// set the active flag in usermeta
update_user_meta($user_id, 'active', 1);
/**
* Fires after the user activation process is complete.
*
* @since 2.8.2
*
* @param int $user_id The user's ID.
*/
do_action('wpmem_user_activated', $user_id);
return;
}
/**
* Register function
*
* Handles registering new users and updating existing users.
*
* @since 2.2.1
*
* @param string $toggle toggles the function between 'register' and 'update'.
* @global int $user_ID
* @global string $wpmem_themsg
* @global array $userdata
* @return string $wpmem_themsg|success|editsuccess
*/
function wpmem_registration($toggle)
{
// get the globals
global $user_ID, $wpmem_themsg, $userdata;
// check the nonce
if (defined('WPMEM_USE_NONCE')) {
if (empty($_POST) || !wp_verify_nonce($_POST['wpmem-form-submit'], 'wpmem-validate-submit')) {
$wpmem_themsg = __('There was an error processing the form.', 'wp-members');
return;
}
}
// is this a registration or a user profile update?
if ($toggle == 'register') {
$fields['username'] = isset($_POST['log']) ? sanitize_user($_POST['log']) : '';
}
// add the user email to the $fields array for _data hooks
$fields['user_email'] = isset($_POST['user_email']) ? $_POST['user_email'] : '';
// build the $fields array from $_POST data
$wpmem_fields = get_option('wpmembers_fields');
foreach ($wpmem_fields as $meta) {
if ($meta[4] == 'y') {
if ($meta[2] != 'password') {
$fields[$meta[2]] = isset($_POST[$meta[2]]) ? sanitize_text_field($_POST[$meta[2]]) : '';
} else {
// we do have password as part of the registration form
$fields['password'] = isset($_POST['password']) ? $_POST['password'] : '';
}
}
}
/**
* Filter the submitted form field date prior to validation.
*
* @since 2.8.2
*
* @param array $fields An array of the posted form field data.
*/
$fields = apply_filters('wpmem_pre_validate_form', $fields);
// check for required fields
$wpmem_fields_rev = array_reverse($wpmem_fields);
foreach ($wpmem_fields_rev as $meta) {
$pass_arr = array('password', 'confirm_password', 'password_confirm');
$pass_chk = $toggle == 'update' && in_array($meta[2], $pass_arr) ? true : false;
if ($meta[5] == 'y' && $pass_chk == false) {
if (!$fields[$meta[2]]) {
$wpmem_themsg = sprintf(__('Sorry, %s is a required field.', 'wp-members'), $meta[1]);
}
}
}
switch ($toggle) {
case "register":
if (is_multisite()) {
// multisite has different requirements
$result = wpmu_validate_user_signup($fields['username'], $fields['user_email']);
$errors = $result['errors'];
if ($errors->errors) {
$wpmem_themsg = $errors->get_error_message();
return $wpmem_themsg;
exit;
}
} else {
if (!$fields['username']) {
$wpmem_themsg = __('Sorry, username is a required field', 'wp-members');
return $wpmem_themsg;
exit;
}
if (!validate_username($fields['username'])) {
$wpmem_themsg = __('The username cannot include non-alphanumeric characters.', 'wp-members');
return $wpmem_themsg;
exit;
}
if (!is_email($fields['user_email'])) {
$wpmem_themsg = __('You must enter a valid email address.', 'wp-members');
return $wpmem_themsg;
exit;
}
if (username_exists($fields['username'])) {
return "user";
exit;
}
if (email_exists($fields['user_email'])) {
return "email";
exit;
}
}
if ($wpmem_themsg) {
return "empty";
exit;
}
// if form contains password and email confirmation, validate that they match
if (array_key_exists('confirm_password', $fields) && $fields['confirm_password'] != $fields['password']) {
$wpmem_themsg = __('Passwords did not match.', 'wp-members');
}
if (array_key_exists('confirm_email', $fields) && $fields['confirm_email'] != $fields['user_email']) {
$wpmem_themsg = __('Emails did not match.', 'wp-members');
}
$wpmem_captcha = get_option('wpmembers_captcha');
// get the captcha settings (api keys)
if (WPMEM_CAPTCHA == 1 && $wpmem_captcha['recaptcha']) {
// if captcha is on, check the captcha
if ($wpmem_captcha['recaptcha']['public'] && $wpmem_captcha['recaptcha']['private']) {
// if there is no api key, the captcha never displayed to the end user
if (!$_POST["recaptcha_response_field"]) {
// validate for empty captcha field
$wpmem_themsg = __('You must complete the CAPTCHA form.', 'wp-members');
return "empty";
exit;
}
}
// check to see if the recaptcha library has already been loaded by another plugin
if (!function_exists('_recaptcha_qsencode')) {
require_once 'lib/recaptchalib.php';
}
$publickey = $wpmem_captcha['recaptcha']['public'];
$privatekey = $wpmem_captcha['recaptcha']['private'];
// the response from reCAPTCHA
$resp = null;
// the error code from reCAPTCHA, if any
$error = null;
if ($_POST["recaptcha_response_field"]) {
$resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// set the error code so that we can display it
global $wpmem_captcha_err;
$wpmem_captcha_err = $resp->error;
$wpmem_captcha_err = wpmem_get_captcha_err($wpmem_captcha_err);
return "captcha";
exit;
}
}
// end check recaptcha
} elseif (WPMEM_CAPTCHA == 2) {
if (defined('REALLYSIMPLECAPTCHA_VERSION')) {
/** Validate Really Simple Captcha */
$wpmem_captcha = new ReallySimpleCaptcha();
// This variable holds the CAPTCHA image prefix, which corresponds to the correct answer
$wpmem_captcha_prefix = isset($_POST['captcha_prefix']) ? $_POST['captcha_prefix'] : '';
// This variable holds the CAPTCHA response, entered by the user
$wpmem_captcha_code = isset($_POST['captcha_code']) ? $_POST['captcha_code'] : '';
// Check CAPTCHA validity
$wpmem_captcha_correct = $wpmem_captcha->check($wpmem_captcha_prefix, $wpmem_captcha_code) ? true : false;
// clean up the tmp directory
$wpmem_captcha->remove($wpmem_captcha_prefix);
$wpmem_captcha->cleanup();
// If CAPTCHA validation fails (incorrect value entered in CAPTCHA field), return an error
if (!$wpmem_captcha_correct) {
$wpmem_themsg = wpmem_get_captcha_err('really-simple');
return "empty";
exit;
}
}
}
// check for user defined password
$fields['password'] = !isset($_POST['password']) ? wp_generate_password() : $_POST['password'];
// add for _data hooks
$fields['user_registered'] = gmdate('Y-m-d H:i:s');
$fields['user_role'] = get_option('default_role');
$fields['wpmem_reg_ip'] = $_SERVER['REMOTE_ADDR'];
$fields['wpmem_reg_url'] = $_REQUEST['redirect_to'];
/**
* these native fields are not installed by default, but if they
* are added, use the $_POST value - otherwise, default to username.
* value can be filtered with wpmem_register_data
*/
$fields['user_nicename'] = isset($_POST['user_nicename']) ? sanitize_title($_POST['user_nicename']) : $fields['username'];
$fields['display_name'] = isset($_POST['display_name']) ? sanitize_user($_POST['display_name']) : $fields['username'];
$fields['nickname'] = isset($_POST['nickname']) ? sanitize_user($_POST['nickname']) : $fields['username'];
/**
* Filter registration data after validation before data insertion.
*
* @since 2.8.2
*
* @param array $fields An array of the registration field data.
*/
$fields = apply_filters('wpmem_register_data', $fields);
/**
* Fires before any insertion/emails.
*
* This action is the final step in pre registering a user. This
* can be used for attaching custom validation to the registration
* process. It cannot be used for changing any user registration
* data. Use the wpmem_register_data filter for that.
*
* @since 2.7.2
*
* @param array $fields The user's submitted registration data.
*/
do_action('wpmem_pre_register_data', $fields);
// if the _pre_register_data hook sends back an error message
if ($wpmem_themsg) {
return $wpmem_themsg;
}
// main new user fields are ready
$new_user_fields = array('user_pass' => $fields['password'], 'user_login' => $fields['username'], 'user_nicename' => $fields['user_nicename'], 'user_email' => $fields['user_email'], 'display_name' => $fields['display_name'], 'nickname' => $fields['nickname'], 'user_registered' => $fields['user_registered'], 'role' => $fields['user_role']);
// get any excluded meta fields
$excluded_meta = wpmem_get_excluded_meta('register');
// user_url, first_name, last_name, description, jabber, aim, yim
$new_user_fields_meta = array('user_url', 'first_name', 'last_name', 'description', 'jabber', 'aim', 'yim');
foreach ($wpmem_fields as $meta) {
if (in_array($meta[2], $new_user_fields_meta)) {
if ($meta[4] == 'y' && !in_array($meta[2], $excluded_meta)) {
$new_user_fields[$meta[2]] = $fields[$meta[2]];
}
}
}
// inserts to wp_users table
$fields['ID'] = wp_insert_user($new_user_fields);
// set remaining fields to wp_usermeta table
foreach ($wpmem_fields as $meta) {
// if the field is not excluded, update accordingly
if (!in_array($meta[2], $excluded_meta) && !in_array($meta[2], $new_user_fields_meta)) {
if ($meta[4] == 'y' && $meta[2] != 'user_email') {
update_user_meta($fields['ID'], $meta[2], $fields[$meta[2]]);
}
}
}
// capture IP address of user at registration
update_user_meta($fields['ID'], 'wpmem_reg_ip', $fields['wpmem_reg_ip']);
// store the registration url
update_user_meta($fields['ID'], 'wpmem_reg_url', $fields['wpmem_reg_url']);
// set user expiration, if used
if (WPMEM_USE_EXP == 1 && WPMEM_MOD_REG != 1) {
wpmem_set_exp($fields['ID']);
}
/**
* Fires after user insertion but before email.
*
* @since 2.7.2
*
* @param array $fields The user's submitted registration data.
*/
do_action('wpmem_post_register_data', $fields);
require_once 'wp-members-email.php';
// if this was successful, and you have email properly
// configured, send a notification email to the user
wpmem_inc_regemail($fields['ID'], $fields['password'], WPMEM_MOD_REG, $wpmem_fields, $fields);
// notify admin of new reg, if needed;
if (WPMEM_NOTIFY_ADMIN == 1) {
wpmem_notify_admin($fields['ID'], $wpmem_fields);
}
/**
* Fires after registration is complete.
*
* @since 2.7.1
*/
do_action('wpmem_register_redirect');
// successful registration message
return "success";
exit;
break;
case "update":
if ($wpmem_themsg) {
return "updaterr";
exit;
}
// doing a check for existing email is not the same as a new reg. check first to
// see if it's different, then check if it is a valid address and it exists.
global $current_user;
get_currentuserinfo();
if ($fields['user_email'] != $current_user->user_email) {
if (email_exists($fields['user_email'])) {
return "email";
exit;
}
if (!is_email($fields['user_email'])) {
$wpmem_themsg = __('You must enter a valid email address.', 'wp-members');
return "updaterr";
exit;
}
}
// if form includes email confirmation, validate that they match
if (array_key_exists('confirm_email', $fields) && $fields['confirm_email'] != $fields['user_email']) {
$wpmem_themsg = __('Emails did not match.', 'wp-members');
}
// add the user_ID to the fields array
$fields['ID'] = $user_ID;
/**
* Filter registration data after validation before data insertion.
*
* @since 2.8.2
*
* @param array $fields An array of the registration field data.
*/
$fields = apply_filters('wpmem_register_data', $fields);
/**
* Fires before data insertion.
*
* This action is the final step in pre updating a user. This
* can be used for attaching custom validation to the update
* process. It cannot be used for changing any user update
* data. Use the wpmem_register_data filter for that.
*
* @since 2.7.2
*
* @param array $fields The user's submitted update data.
*/
do_action('wpmem_pre_update_data', $fields);
// if the _pre_update_data hook sends back an error message
// @todo - double check this. it should probably return "updaterr" and the hook should globalize wpmem_themsg
if ($wpmem_themsg) {
return $wpmem_themsg;
}
// a list of fields that can be updated by wp_update_user
$native_fields = array('user_nicename', 'user_url', 'user_email', 'display_name', 'nickname', 'first_name', 'last_name', 'description', 'role', 'jabber', 'aim', 'yim');
$native_update = array('ID' => $user_ID);
foreach ($wpmem_fields as $meta) {
// if the field is not excluded, update accordingly
if (!in_array($meta[2], wpmem_get_excluded_meta('update'))) {
switch ($meta[2]) {
// if the field can be updated by wp_update_user
case in_array($meta[2], $native_fields):
$fields[$meta[2]] = isset($fields[$meta[2]]) ? $fields[$meta[2]] : '';
//wp_update_user( array( 'ID' => $user_ID, $meta[2] => $fields[$meta[2]] ) );
$native_update[$meta[2]] = $fields[$meta[2]];
break;
// if the field is password
// if the field is password
case 'password':
// do nothing...
break;
// everything else goes into wp_usermeta
// everything else goes into wp_usermeta
default:
if ($meta[4] == 'y') {
update_user_meta($user_ID, $meta[2], $fields[$meta[2]]);
}
break;
}
}
}
// update wp_update_user fields
wp_update_user($native_update);
/**
* Fires at the end of user update data insertion.
*
* @since 2.7.2
*
* @param array $fields The user's submitted registration data.
*/
do_action('wpmem_post_update_data', $fields);
return "editsuccess";
exit;
break;
}
}
/**
* Register function.
*
* Handles registering new users and updating existing users.
*
* @since 2.2.1
*
* @param string $toggle toggles the function between 'register' and 'update'.
* @global int $user_ID
* @global string $wpmem_themsg
* @global array $userdata
* @return string $wpmem_themsg|success|editsuccess
*/
function wpmem_registration($toggle)
{
// Get the globals.
global $user_ID, $wpmem, $wpmem_themsg, $userdata;
// Check the nonce.
if (defined('WPMEM_USE_NONCE')) {
if (empty($_POST) || !wp_verify_nonce($_POST['wpmem-form-submit'], 'wpmem-validate-submit')) {
$wpmem_themsg = __('There was an error processing the form.', 'wp-members');
return;
}
}
// Is this a registration or a user profile update?
if ($toggle == 'register') {
$fields['username'] = isset($_POST['log']) ? sanitize_user($_POST['log']) : '';
}
// Add the user email to the $fields array for _data hooks.
$fields['user_email'] = isset($_POST['user_email']) ? $_POST['user_email'] : '';
// Build the $fields array from $_POST data.
$wpmem_fields = $wpmem->fields;
// get_option( 'wpmembers_fields' );
foreach ($wpmem_fields as $meta) {
if ($meta[4] == 'y') {
if ($meta[2] != 'password') {
$fields[$meta[2]] = isset($_POST[$meta[2]]) ? sanitize_text_field($_POST[$meta[2]]) : '';
} else {
// We do have password as part of the registration form.
$fields['password'] = isset($_POST['password']) ? $_POST['password'] : '';
}
}
}
/**
* Filter the submitted form field date prior to validation.
*
* @since 2.8.2
*
* @param array $fields An array of the posted form field data.
*/
$fields = apply_filters('wpmem_pre_validate_form', $fields);
// Check for required fields, reverse the array for logical error message order.
$wpmem_fields_rev = array_reverse($wpmem_fields);
foreach ($wpmem_fields_rev as $meta) {
$pass_arr = array('password', 'confirm_password', 'password_confirm');
$pass_chk = $toggle == 'update' && in_array($meta[2], $pass_arr) ? true : false;
if ($meta[5] == 'y' && $pass_chk == false) {
if (!$fields[$meta[2]]) {
$wpmem_themsg = sprintf(__('Sorry, %s is a required field.', 'wp-members'), $meta[1]);
}
}
}
switch ($toggle) {
case "register":
if (is_multisite()) {
// Multisite has different requirements.
$result = wpmu_validate_user_signup($fields['username'], $fields['user_email']);
$errors = $result['errors'];
if ($errors->errors) {
$wpmem_themsg = $errors->get_error_message();
return $wpmem_themsg;
exit;
}
} else {
// Validate username and email fields.
$wpmem_themsg = email_exists($fields['user_email']) ? "email" : $wpmem_themsg;
$wpmem_themsg = username_exists($fields['username']) ? "user" : $wpmem_themsg;
$wpmem_themsg = !is_email($fields['user_email']) ? __('You must enter a valid email address.', 'wp-members') : $wpmem_themsg;
$wpmem_themsg = !validate_username($fields['username']) ? __('The username cannot include non-alphanumeric characters.', 'wp-members') : $wpmem_themsg;
$wpmem_themsg = !$fields['username'] ? __('Sorry, username is a required field', 'wp-members') : $wpmem_themsg;
// If there is an error from username, email, or required field validation, stop registration and return the error.
if ($wpmem_themsg) {
return $wpmem_themsg;
exit;
}
}
// If form contains password and email confirmation, validate that they match.
if (array_key_exists('confirm_password', $fields) && $fields['confirm_password'] != $fields['password']) {
$wpmem_themsg = __('Passwords did not match.', 'wp-members');
}
if (array_key_exists('confirm_email', $fields) && $fields['confirm_email'] != $fields['user_email']) {
$wpmem_themsg = __('Emails did not match.', 'wp-members');
}
// Get the captcha settings (api keys).
$wpmem_captcha = get_option('wpmembers_captcha');
// If captcha is on, check the captcha.
if ($wpmem->captcha == 1 && $wpmem_captcha['recaptcha']) {
// If there is no api key, the captcha never displayed to the end user.
if ($wpmem_captcha['recaptcha']['public'] && $wpmem_captcha['recaptcha']['private']) {
if (!$_POST["recaptcha_response_field"]) {
// validate for empty captcha field
$wpmem_themsg = __('You must complete the CAPTCHA form.', 'wp-members');
return "empty";
exit;
}
}
// Check to see if the recaptcha library has already been loaded by another plugin.
if (!function_exists('_recaptcha_qsencode')) {
require_once WPMEM_PATH . 'lib/recaptchalib.php';
}
$publickey = $wpmem_captcha['recaptcha']['public'];
$privatekey = $wpmem_captcha['recaptcha']['private'];
// The response from reCAPTCHA.
$resp = null;
// The error code from reCAPTCHA, if any.
$error = null;
if ($_POST["recaptcha_response_field"]) {
$resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// Set the error code so that we can display it.
global $wpmem_captcha_err;
$wpmem_captcha_err = $resp->error;
$wpmem_captcha_err = wpmem_get_captcha_err($wpmem_captcha_err);
return "captcha";
exit;
}
}
// End check recaptcha.
} elseif ($wpmem->captcha == 2) {
if (defined('REALLYSIMPLECAPTCHA_VERSION')) {
// Validate Really Simple Captcha.
$wpmem_captcha = new ReallySimpleCaptcha();
// This variable holds the CAPTCHA image prefix, which corresponds to the correct answer.
$wpmem_captcha_prefix = isset($_POST['captcha_prefix']) ? $_POST['captcha_prefix'] : '';
// This variable holds the CAPTCHA response, entered by the user.
$wpmem_captcha_code = isset($_POST['captcha_code']) ? $_POST['captcha_code'] : '';
// Check CAPTCHA validity.
$wpmem_captcha_correct = $wpmem_captcha->check($wpmem_captcha_prefix, $wpmem_captcha_code) ? true : false;
// Clean up the tmp directory.
$wpmem_captcha->remove($wpmem_captcha_prefix);
$wpmem_captcha->cleanup();
// If CAPTCHA validation fails (incorrect value entered in CAPTCHA field), return an error.
if (!$wpmem_captcha_correct) {
$wpmem_themsg = wpmem_get_captcha_err('really-simple');
return "empty";
exit;
}
}
} elseif ($wpmem->captcha == 3 && $wpmem_captcha['recaptcha']) {
// Get the captcha response.
if (isset($_POST['g-recaptcha-response'])) {
$captcha = $_POST['g-recaptcha-response'];
}
// If there is no captcha value, return error.
if (!$captcha) {
$wpmem_themsg = __('You must complete the CAPTCHA form.', 'wp-members');
return "empty";
exit;
}
// We need the private key for validation.
$privatekey = $wpmem_captcha['recaptcha']['private'];
// Validate the captcha.
$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=" . $privatekey . "&response=" . $captcha . "&remoteip=" . $_SERVER['REMOTE_ADDR']);
// Decode the json response.
$response = json_decode($response, true);
// If captcha validation was unsuccessful.
if ($response['success'] == false) {
$wpmem_themsg = __('CAPTCHA was not valid.', 'wp-members');
return "empty";
exit;
}
}
// Check for user defined password.
$fields['password'] = !isset($_POST['password']) ? wp_generate_password() : $_POST['password'];
// Add for _data hooks
$fields['user_registered'] = gmdate('Y-m-d H:i:s');
$fields['user_role'] = get_option('default_role');
$fields['wpmem_reg_ip'] = $_SERVER['REMOTE_ADDR'];
$fields['wpmem_reg_url'] = isset($_REQUEST['wpmem_reg_page']) ? $_REQUEST['wpmem_reg_page'] : $_REQUEST['redirect_to'];
/*
* These native fields are not installed by default, but if they
* are added, use the $_POST value - otherwise, default to username.
* Value can be filtered with wpmem_register_data.
*/
$fields['user_nicename'] = isset($_POST['user_nicename']) ? sanitize_title($_POST['user_nicename']) : $fields['username'];
$fields['display_name'] = isset($_POST['display_name']) ? sanitize_user($_POST['display_name']) : $fields['username'];
$fields['nickname'] = isset($_POST['nickname']) ? sanitize_user($_POST['nickname']) : $fields['username'];
/**
* Filter registration data after validation before data insertion.
*
* @since 2.8.2
*
* @param array $fields An array of the registration field data.
* @param string $toggle A switch to indicate the action (new|edit).
*/
$fields = apply_filters('wpmem_register_data', $fields, 'new');
/**
* Fires before any insertion/emails.
*
* This action is the final step in pre registering a user. This
* can be used for attaching custom validation to the registration
* process. It cannot be used for changing any user registration
* data. Use the wpmem_register_data filter for that.
*
* @since 2.7.2
*
* @param array $fields The user's submitted registration data.
*/
do_action('wpmem_pre_register_data', $fields);
// If the _pre_register_data hook sends back an error message.
if ($wpmem_themsg) {
return $wpmem_themsg;
}
// Main new user fields are ready.
$new_user_fields = array('user_pass' => $fields['password'], 'user_login' => $fields['username'], 'user_nicename' => $fields['user_nicename'], 'user_email' => $fields['user_email'], 'display_name' => $fields['display_name'], 'nickname' => $fields['nickname'], 'user_registered' => $fields['user_registered'], 'role' => $fields['user_role']);
// Get any excluded meta fields.
$excluded_meta = wpmem_get_excluded_meta('register');
// Fields for wp_insert_user: user_url, first_name, last_name, description, jabber, aim, yim.
$new_user_fields_meta = array('user_url', 'first_name', 'last_name', 'description', 'jabber', 'aim', 'yim');
foreach ($wpmem_fields as $meta) {
if (in_array($meta[2], $new_user_fields_meta)) {
if ($meta[4] == 'y' && !in_array($meta[2], $excluded_meta)) {
$new_user_fields[$meta[2]] = $fields[$meta[2]];
}
}
}
// Inserts to wp_users table.
$fields['ID'] = wp_insert_user($new_user_fields);
// Set remaining fields to wp_usermeta table.
foreach ($wpmem_fields as $meta) {
// If the field is not excluded, update accordingly.
if (!in_array($meta[2], $excluded_meta) && !in_array($meta[2], $new_user_fields_meta)) {
if ($meta[4] == 'y' && $meta[2] != 'user_email') {
update_user_meta($fields['ID'], $meta[2], $fields[$meta[2]]);
}
}
}
// Capture IP address of user at registration.
update_user_meta($fields['ID'], 'wpmem_reg_ip', $fields['wpmem_reg_ip']);
// Store the registration url.
update_user_meta($fields['ID'], 'wpmem_reg_url', $fields['wpmem_reg_url']);
// Set user expiration, if used.
if ($wpmem->use_exp == 1 && $wpmem->mod_reg != 1) {
wpmem_set_exp($fields['ID']);
}
/**
* Fires after user insertion but before email.
*
* @since 2.7.2
*
* @param array $fields The user's submitted registration data.
*/
do_action('wpmem_post_register_data', $fields);
require_once WPMEM_PATH . 'inc/email.php';
/*
* If this was successful, and you have email properly
* configured, send a notification email to the user.
*/
wpmem_inc_regemail($fields['ID'], $fields['password'], $wpmem->mod_reg, $wpmem_fields, $fields);
// Notify admin of new reg, if needed.
if ($wpmem->notify == 1) {
wpmem_notify_admin($fields['ID'], $wpmem_fields);
}
/**
* Fires after registration is complete.
*
* @since 2.7.1
*/
do_action('wpmem_register_redirect');
// successful registration message
return "success";
exit;
break;
case "update":
if ($wpmem_themsg) {
return "updaterr";
exit;
}
/*
* Doing a check for existing email is not the same as a new reg. check first to
* see if it's different, then check if it is a valid address and it exists.
*/
global $current_user;
get_currentuserinfo();
if ($fields['user_email'] != $current_user->user_email) {
if (email_exists($fields['user_email'])) {
return "email";
exit;
}
if (!is_email($fields['user_email'])) {
$wpmem_themsg = __('You must enter a valid email address.', 'wp-members');
return "updaterr";
exit;
}
}
// If form includes email confirmation, validate that they match.
if (array_key_exists('confirm_email', $fields) && $fields['confirm_email'] != $fields['user_email']) {
$wpmem_themsg = __('Emails did not match.', 'wp-members');
}
// Add the user_ID to the fields array.
$fields['ID'] = $user_ID;
/**
* Filter registration data after validation before data insertion.
*
* @since 2.8.2
*
* @param array $fields An array of the registration field data.
* @param string $toggle A switch to indicate the action (new|edit).
*/
$fields = apply_filters('wpmem_register_data', $fields, 'edit');
/**
* Fires before data insertion.
*
* This action is the final step in pre updating a user. This
* can be used for attaching custom validation to the update
* process. It cannot be used for changing any user update
* data. Use the wpmem_register_data filter for that.
*
* @since 2.7.2
*
* @param array $fields The user's submitted update data.
*/
do_action('wpmem_pre_update_data', $fields);
/*
* If the _pre_update_data hook sends back an error message.
* @todo - double check this. it should probably return "updaterr" and the hook should globalize wpmem_themsg
*/
if ($wpmem_themsg) {
return $wpmem_themsg;
}
// A list of fields that can be updated by wp_update_user.
$native_fields = array('user_nicename', 'user_url', 'user_email', 'display_name', 'nickname', 'first_name', 'last_name', 'description', 'role', 'jabber', 'aim', 'yim');
$native_update = array('ID' => $user_ID);
foreach ($wpmem_fields as $meta) {
// If the field is not excluded, update accordingly.
if (!in_array($meta[2], wpmem_get_excluded_meta('update'))) {
switch ($meta[2]) {
// If the field can be updated by wp_update_user.
case in_array($meta[2], $native_fields):
$fields[$meta[2]] = isset($fields[$meta[2]]) ? $fields[$meta[2]] : '';
$native_update[$meta[2]] = $fields[$meta[2]];
break;
// If the field is password.
// If the field is password.
case 'password':
// Do nothing.
break;
// Everything else goes into wp_usermeta.
// Everything else goes into wp_usermeta.
default:
if ($meta[4] == 'y') {
update_user_meta($user_ID, $meta[2], $fields[$meta[2]]);
}
break;
}
}
}
// Update wp_update_user fields.
wp_update_user($native_update);
/**
* Fires at the end of user update data insertion.
*
* @since 2.7.2
*
* @param array $fields The user's submitted registration data.
*/
do_action('wpmem_post_update_data', $fields);
return "editsuccess";
exit;
break;
}
}
/**
* Resets a forgotten password
*
* @since 2.1
*
* @uses wp_generate_password
* @uses wp_update_user
* @return string value for $wpmem_regchk
*/
function wpmem_reset_password()
{
if (isset($_POST['formsubmit'])) {
/**
* Filter the password reset arguments.
*
* @since 2.7.1
*
* @param array The username and email.
*/
$arr = apply_filters('wpmem_pwdreset_args', array('user' => isset($_POST['user']) ? $_POST['user'] : '', 'email' => isset($_POST['email']) ? $_POST['email'] : ''));
if (!$arr['user'] || !$arr['email']) {
// there was an empty field
return "pwdreseterr";
} else {
if (username_exists($arr['user'])) {
$user = get_user_by('login', $arr['user']);
if (strtolower($user->user_email) !== strtolower($arr['email']) || WPMEM_MOD_REG == 1 && get_user_meta($user->ID, 'active', true) != 1) {
// the username was there, but the email did not match OR the user hasn't been activated
return "pwdreseterr";
} else {
// generate a new password
$new_pass = wp_generate_password();
// update the users password
wp_update_user(array('ID' => $user->ID, 'user_pass' => $new_pass));
// send it in an email
require_once 'wp-members-email.php';
wpmem_inc_regemail($user->ID, $new_pass, 3);
/**
* Password reset action
*
* @since 2.9.0
*
* @param int $user_ID The user's numeric ID
*/
do_action('wpmem_pwd_reset', $user->ID);
return "pwdresetsuccess";
}
} else {
// username did not exist
return "pwdreseterr";
}
}
}
return;
}
/**
* Register function
*
* Handles registering new users and updating existing users.
*
* @since 2.2.1
*
* @uses apply_filters Calls 'wpmem_register_data' filter
* @uses do_action Calls 'wpmem_pre_register_data' action
* @uses do_action Calls 'wpmem_post_register_data' action
* @uses do_action Calls 'wpmem_register_redirect' action
* @uses do_action Calls 'wpmem_pre_update_data' action
* @uses do_action Calls 'wpmem_post_update_data' action
*
* @param string $toggle toggles the function between 'register' and 'update'.
* @global int $user_ID
* @global string $wpmem_themsg
* @global array $userdata
* @return string $wpmem_themsg|success|editsuccess
*/
function wpmem_registration($toggle)
{
// get the globals
global $user_ID, $wpmem_themsg, $userdata;
// check the nonce
if (WPMEM_USE_NONCE == 1) {
if (empty($_POST) || !wp_verify_nonce($_POST['wpmem-form-submit'], 'wpmem-validate-submit')) {
$wpmem_themsg = __('There was an error processing the form.', 'wp-members');
return;
}
}
// is this a registration or a user profile update?
if ($toggle == 'register') {
$fields['username'] = $_POST['log'];
}
// add the user email to the $fields array for _data hooks
$fields['user_email'] = $_POST['user_email'];
// build the $fields array from $_POST data
$wpmem_fields = get_option('wpmembers_fields');
for ($row = 0; $row < count($wpmem_fields); $row++) {
if ($wpmem_fields[$row][4] == 'y') {
if ($wpmem_fields[$row][2] != 'password') {
$fields[$wpmem_fields[$row][2]] = sanitize_text_field($_POST[$wpmem_fields[$row][2]]);
} else {
// we do have password as part of the registration form
$fields['password'] = $_POST['password'];
}
}
}
// filters fields prior to default field validation
$fields = apply_filters('wpmem_pre_validate_form', $fields);
// check for required fields
$wpmem_fields_rev = array_reverse($wpmem_fields);
for ($row = 0; $row < count($wpmem_fields); $row++) {
$pass_chk = $toggle == 'update' && $wpmem_fields_rev[$row][2] == 'password' ? true : false;
if ($wpmem_fields_rev[$row][5] == 'y' && $pass_chk == false) {
if (!$fields[$wpmem_fields_rev[$row][2]]) {
$wpmem_themsg = sprintf(__('Sorry, %s is a required field.', 'wp-members'), $wpmem_fields_rev[$row][1]);
}
}
}
switch ($toggle) {
case "register":
if (!$fields['username']) {
$wpmem_themsg = __('Sorry, username is a required field', 'wp-members');
return $wpmem_themsg;
exit;
}
if (!validate_username($fields['username'])) {
$wpmem_themsg = __('The username cannot include non-alphanumeric characters.', 'wp-members');
return $wpmem_themsg;
exit;
}
if (!is_email($fields['user_email'])) {
$wpmem_themsg = __('You must enter a valid email address.', 'wp-members');
return $wpmem_themsg;
exit;
}
if ($wpmem_themsg) {
return "empty";
exit;
}
if (username_exists($fields['username'])) {
return "user";
exit;
}
if (email_exists($fields['user_email'])) {
return "email";
exit;
}
$wpmem_captcha = get_option('wpmembers_captcha');
// get the captcha settings (api keys)
if (WPMEM_CAPTCHA == 1 && $wpmem_captcha[0] && $wpmem_captcha[1]) {
// if captcha is on, check the captcha
if ($wpmem_captcha[0] && $wpmem_captcha[1]) {
// if there is no api key, the captcha never displayed to the end user
if (!$_POST["recaptcha_response_field"]) {
// validate for empty captcha field
$wpmem_themsg = __('You must complete the CAPTCHA form.', 'wp-members');
return "empty";
exit;
}
}
// check to see if the recaptcha library has already been loaded by another plugin
if (!function_exists('_recaptcha_qsencode')) {
require_once 'lib/recaptchalib.php';
}
$publickey = $wpmem_captcha[0];
$privatekey = $wpmem_captcha[1];
// the response from reCAPTCHA
$resp = null;
// the error code from reCAPTCHA, if any
$error = null;
if ($_POST["recaptcha_response_field"]) {
$resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// set the error code so that we can display it
global $wpmem_captcha_err;
$wpmem_captcha_err = $resp->error;
$wpmem_captcha_err = wpmem_get_captcha_err($wpmem_captcha_err);
return "captcha";
exit;
}
}
// end check recaptcha
}
// check for user defined password
$fields['password'] = !$_POST['password'] ? wp_generate_password() : $_POST['password'];
// add for _data hooks
$fields['user_registered'] = gmdate('Y-m-d H:i:s');
$fields['user_role'] = get_option('default_role');
$fields['wpmem_reg_ip'] = $_SERVER['REMOTE_ADDR'];
$fields['wpmem_reg_url'] = $_REQUEST['redirect_to'];
/**
* these native fields are not installed by default, but if they
* are added, use the $_POST value - otherwise, default to username.
* value can be filtered with wpmem_register_data
*/
$fields['user_nicename'] = isset($_POST['user_nicename']) ? $_POST['user_nicename'] : $fields['username'];
$fields['display_name'] = isset($_POST['display_name']) ? $_POST['display_name'] : $fields['username'];
$fields['nickname'] = isset($_POST['nickname']) ? $_POST['nickname'] : $fields['username'];
// allows all $field values to be filtered
$fields = apply_filters('wpmem_register_data', $fields);
// _data hook is before any insertion/emails
do_action('wpmem_pre_register_data', $fields);
// if the _pre_register_data hook sends back an error message
if ($wpmem_themsg) {
return $wpmem_themsg;
}
// inserts to wp_users table
$fields['ID'] = wp_insert_user(array('user_pass' => $fields['password'], 'user_login' => $fields['username'], 'user_nicename' => $fields['user_nicename'], 'user_email' => $fields['user_email'], 'display_name' => $fields['display_name'], 'nickname' => $fields['nickname'], 'user_registered' => $fields['user_registered'], 'role' => $fields['user_role']));
// set remaining fields to wp_usermeta table
for ($row = 0; $row < count($wpmem_fields); $row++) {
if ($wpmem_fields[$row][2] != 'password') {
if ($wpmem_fields[$row][2] == 'user_url') {
// if the field is user_url, it goes in the wp_users table
wp_update_user(array('ID' => $fields['ID'], 'user_url' => $fields['user_url']));
} else {
if ($wpmem_fields[$row][2] != 'user_email') {
// email is already done above, so if it's not email...
if ($wpmem_fields[$row][4] == 'y') {
// are we using this field?
update_user_meta($fields['ID'], $wpmem_fields[$row][2], $fields[$wpmem_fields[$row][2]]);
}
}
}
}
}
// capture IP address of user at registration
update_user_meta($fields['ID'], 'wpmem_reg_ip', $_SERVER['REMOTE_ADDR']);
// store the registration url
update_user_meta($fields['ID'], 'wpmem_reg_url', $_REQUEST['redirect_to']);
// set user expiration, if used
if (WPMEM_USE_EXP == 1 && WPMEM_MOD_REG != 1) {
wpmem_set_exp($fields['ID']);
}
// _data hook after insertion but before email
do_action('wpmem_post_register_data', $fields);
require_once 'wp-members-email.php';
// if this was successful, and you have email properly
// configured, send a notification email to the user
wpmem_inc_regemail($fields['ID'], $fields['password'], WPMEM_MOD_REG);
// notify admin of new reg, if needed;
if (WPMEM_NOTIFY_ADMIN == 1) {
wpmem_notify_admin($fields['ID'], $wpmem_fields);
}
// add action for redirection
do_action('wpmem_register_redirect');
// successful registration message
return "success";
exit;
break;
case "update":
if ($wpmem_themsg) {
return "updaterr";
exit;
}
// doing a check for existing email is not the same as a new reg.
// check first to see if it's different, then check if it exists.
global $current_user;
get_currentuserinfo();
if ($fields['user_email'] != $current_user->user_email) {
if (email_exists($fields['user_email'])) {
return "email";
exit;
}
}
// add the user_ID to the fields array
$fields['ID'] = $user_ID;
// allow all $field values to be filtered
$fields = apply_filters('wpmem_register_data', $fields);
// _pre_update_data hook is before data insertion
do_action('wpmem_pre_update_data', $fields);
// if the _pre_update_data hook sends back an error message
if ($wpmem_themsg) {
return $wpmem_themsg;
}
for ($row = 0; $row < count($wpmem_fields); $row++) {
switch ($wpmem_fields[$row][2]) {
case 'user_url':
case 'user_email':
case 'user_nicename':
case 'display_name':
case 'nickname':
wp_update_user(array('ID' => $user_ID, $wpmem_fields[$row][2] => $fields[$wpmem_fields[$row][2]]));
break;
case 'password':
// do nothing...
break;
default:
// everything else goes into wp_usermeta
if ($wpmem_fields[$row][4] == 'y') {
update_user_meta($user_ID, $wpmem_fields[$row][2], $fields[$wpmem_fields[$row][2]]);
}
break;
}
}
// _post_update_data hook is after insertion
do_action('wpmem_post_update_data', $fields);
return "editsuccess";
exit;
break;
}
}
/**
* Resets a forgotten password
*
* @since 2.1
*
* @uses wp_generate_password
* @uses wp_update_user
* @return string value for $wpmem_regchk
*/
function wpmem_reset_password()
{
if (isset($_POST['formsubmit'])) {
$username = $_POST['user'];
$email = $_POST['email'];
if (!$username || !$email) {
// there was an empty field
return "pwdreseterr";
} else {
if (username_exists($username)) {
$user = get_user_by('login', $username);
if (strtolower($user->user_email) !== strtolower($email) || WPMEM_MOD_REG == 1 && get_user_meta($user->ID, 'active', true) != 1) {
// the username was there, but the email did not match OR the user hasn't been activated
return "pwdreseterr";
} else {
// generate a new password
$new_pass = wp_generate_password();
// update the users password
wp_update_user(array('ID' => $user->ID, 'user_pass' => $new_pass));
// send it in an email
require_once 'wp-members-email.php';
wpmem_inc_regemail($user->ID, $new_pass, 3);
return "pwdresetsuccess";
}
} else {
// username did not exist
return "pwdreseterr";
}
}
}
return;
}
/**
* Handles retrieving a forgotten username.
*
* @since 3.0.8
*
* @return string $regchk The regchk value.
*/
function wpmem_retrieve_username()
{
if (isset($_POST['formsubmit'])) {
$email = sanitize_email($_POST['user_email']);
$user = isset($_POST['user_email']) ? get_user_by('email', $email) : false;
if ($user) {
/**
* Load the email functions.
*/
require_once WPMEM_PATH . 'inc/email.php';
// Send it in an email.
wpmem_inc_regemail($user->ID, '', 4);
/**
* Fires after retrieving username.
*
* @since 3.0.8
*
* @param int $user_ID The user's numeric ID.
*/
do_action('wpmem_get_username', $user->ID);
return 'usernamesuccess';
} else {
return 'usernamefailed';
}
}
return;
}
/**
* Resets a forgotten password.
*
* @since 2.1
*
* @uses wp_generate_password
* @uses wp_update_user
* @return string value for $wpmem->regchk
*/
function wpmem_reset_password()
{
global $wpmem;
if (isset($_POST['formsubmit'])) {
/**
* Filter the password reset arguments.
*
* @since 2.7.1
*
* @param array The username and email.
*/
$arr = apply_filters('wpmem_pwdreset_args', array('user' => isset($_POST['user']) ? trim($_POST['user']) : '', 'email' => isset($_POST['email']) ? trim($_POST['email']) : ''));
if (!$arr['user'] || !$arr['email']) {
// There was an empty field.
return "pwdreseterr";
} else {
if (username_exists($arr['user'])) {
$user = get_user_by('login', $arr['user']);
if (strtolower($user->user_email) !== strtolower($arr['email']) || $wpmem->mod_reg == 1 && get_user_meta($user->ID, 'active', true) != 1) {
// The username was there, but the email did not match OR the user hasn't been activated.
return "pwdreseterr";
} else {
// Generate a new password.
$new_pass = wp_generate_password();
// Update the users password.
wp_update_user(array('ID' => $user->ID, 'user_pass' => $new_pass));
// Send it in an email.
require_once WPMEM_PATH . 'inc/email.php';
wpmem_inc_regemail($user->ID, $new_pass, 3);
/**
* Fires after password reset.
*
* @since 2.9.0
*
* @param int $user_ID The user's numeric ID.
* @param string $new_pass The new plain text password.
*/
do_action('wpmem_pwd_reset', $user->ID, $new_pass);
return "pwdresetsuccess";
}
} else {
// Username did not exist.
return "pwdreseterr";
}
}
}
return;
}
/**
* Activates a user.
*
* If registration is moderated, sets the activated flag
* in the usermeta. Flag prevents login when $wpmem->mod_reg
* is true (1). Function is fired from bulk user edit or
* user profile update.
*
* @since 2.4
*
* @param int $user_id
* @param bool $chk_pass
* @uses $wpdb WordPress Database object.
*/
function wpmem_a_activate_user($user_id, $chk_pass = false)
{
global $wpmem;
// Define new_pass.
$new_pass = '';
// If passwords are user defined skip this.
if (!$chk_pass) {
// Generates a password to send the user.
$new_pass = wp_generate_password();
$new_hash = wp_hash_password($new_pass);
// Update the user with the new password.
global $wpdb;
$wpdb->update($wpdb->users, array('user_pass' => $new_hash), array('ID' => $user_id), array('%s'), array('%d'));
}
// If subscriptions can expire, and the user has no expiration date, set one.
if ($wpmem->use_exp == 1 && !get_user_meta($user_id, 'expires', true)) {
if (function_exists('wpmem_set_exp')) {
wpmem_set_exp($user_id);
}
}
// Generate and send user approved email to user.
require_once WPMEM_PATH . '/inc/email.php';
wpmem_inc_regemail($user_id, $new_pass, 2);
// Set the active flag in usermeta.
update_user_meta($user_id, 'active', 1);
/**
* Fires after the user activation process is complete.
*
* @since 2.8.2
*
* @param int $user_id The user's ID.
*/
do_action('wpmem_user_activated', $user_id);
return;
}
