function wp_doin_pre_submission_4($form)
{
// we'll need the data created before to update the correct user
global $gf_reset_user;
list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI']));
$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
// get the old and new pass values
$pass = $_POST['input_3'];
// if we're doing a cron job let's forget about it
if (defined('DOING_CRON') || isset($_GET['doing_wp_cron'])) {
return;
}
// let's check if a user with given name exists
// we're already doing that in the form validation, but this gives us another bridge of safety
$user_id = username_exists($gf_reset_user->ID);
// let's validate the email and the user
if (!$user_id) {
// let's add another safety check to make sure that the passwords remain unchanged
if (!empty($pass)) {
reset_password($gf_reset_user, $pass);
setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
wp_logout();
}
} else {
// validation failed
return;
}
}
block_user_admin($subuser, $status);
}
break;
case 8:
if (!$_SESSION['admin']) {
break;
}
/* Reset User Password */
$reset = make_safe($_POST['reset']);
$subuser = make_safe($_POST["subuser"]);
if (!$reset || !$subuser) {
print_reset_form_admin();
} else {
$s2 = make_safe($_POST['password2']);
$s3 = make_safe($_POST['password3']);
reset_password($subuser, $s1, $s2, $s3, 1);
print '<hr><a href="?method=0">Back</a>';
}
break;
case 9:
if (!$_SESSION['admin']) {
break;
}
/* Add new Team */
$addteam = make_safe($_POST['addteam']);
if (!$addteam) {
print_add_new_team_form();
} else {
$team = make_safe($_POST['team']);
$location = make_safe($_POST['location']);
$query = "insert into teams values ('" . $team . "','" . $location . "')";
/**
* Resets the user's password if the password reset form was submitted.
*/
public static function do_password_reset()
{
if (isset($_REQUEST['reset_password']) && isset($_REQUEST['reset_key']) && isset($_REQUEST['reset_login'])) {
$reset_key = $_REQUEST['reset_key'];
$reset_login = $_REQUEST['reset_login'];
$user = check_password_reset_key($reset_key, $reset_login);
if (is_wp_error($user)) {
if ($user->get_error_code() === 'expired_key') {
wp_redirect(pp_password_reset_url() . '?login=expiredkey');
} else {
wp_redirect(pp_password_reset_url() . '?login=invalidkey');
}
exit;
}
if (isset($_POST['password1']) && isset($_POST['password2'])) {
if ($_POST['password1'] != $_POST['password2']) {
// Passwords don't match
$redirect_url = add_query_arg(array('key' => $reset_key, 'login' => $reset_login, 'error' => 'password_mismatch'), pp_password_reset_url());
wp_redirect($redirect_url);
exit;
}
if (empty($_POST['password1'])) {
// Empty password
$redirect_url = add_query_arg(array('key' => $reset_key, 'login' => $reset_login, 'error' => 'password_empty'), pp_password_reset_url());
wp_redirect($redirect_url);
exit;
}
// Everything is cool now.
reset_password($user, $_POST['password1']);
wp_redirect(pp_password_reset_url() . '?password=changed');
exit;
} else {
$redirect_url = add_query_arg(array('key' => $reset_key, 'login' => $reset_login, 'error' => 'invalid'), pp_password_reset_url());
wp_redirect($redirect_url);
exit;
}
// be double sure the function is exited :D
exit;
}
}
public function processResetPassword(WP_REST_Request $request)
{
$params = $request->get_params();
$option = get_option('phone-app-login');
$phone = $params['phone'];
$code = $params['code'];
$result = $this->verify($phone, $code);
if (is_wp_error($result)) {
return $result;
}
if (!$result) {
return new WP_Error('verify_failed', '验证码验证失败。', array('status' => 403));
}
$user = get_user_by('login', $phone);
if (is_wp_error($user)) {
return $user;
}
$result = reset_password($user, $params['password']);
if (is_wp_error($result)) {
return $result;
}
return array('ok' => 1);
}
$page['infos'][] = l10n('Your password has been reset');
$page['infos'][] = '<a href="' . get_root_url() . 'identification.php">' . l10n('Login') . '</a>';
return true;
}
// +-----------------------------------------------------------------------+
// | Process form |
// +-----------------------------------------------------------------------+
if (isset($_POST['submit'])) {
check_pwg_token();
if ('lost' == $_GET['action']) {
if (process_password_request()) {
$page['action'] = 'none';
}
}
if ('reset' == $_GET['action']) {
if (reset_password()) {
$page['action'] = 'none';
}
}
}
// +-----------------------------------------------------------------------+
// | key and action |
// +-----------------------------------------------------------------------+
// a connected user can't reset the password from a mail
if (isset($_GET['key']) and !is_a_guest()) {
unset($_GET['key']);
}
if (isset($_GET['key']) and !isset($_POST['submit'])) {
$user_id = check_password_reset_key($_GET['key']);
if (is_numeric($user_id)) {
$userdata = getuserdata($user_id, false);
/**
* Returns HTML partial that contains password-reset form.
* Based on WordPress core code from wp-login.php
*
* @since 1.0.0
*
* @return string
*/
private function reset_form()
{
ob_start();
lib2()->array->equip_get('login', 'key');
$rp_login = wp_unslash($_GET['login']);
$rp_key = wp_unslash($_GET['key']);
$err_msg = new WP_Error();
// Get the user object and validate the key.
if ($rp_login && $rp_key) {
$user = check_password_reset_key($rp_key, $rp_login);
} else {
$user = false;
}
lib2()->array->strip_slashes($_POST, 'pass1', 'pass2');
// If the user was not found then redirect to an error page.
if (!$user || is_wp_error($user)) {
if ($user && 'expired_key' == $user->get_error_code()) {
$err_msg->add('password_expired_key', __('The password-reset key is already expired.', MS_TEXT_DOMAIN));
} else {
$err_msg->add('password_invalid_key', __('The password-reset key is invalid or missing.', MS_TEXT_DOMAIN));
}
$url = esc_url_raw(remove_query_arg(array('action', 'key', 'login')));
return sprintf('<p>%s</p><p><a href="%s">%s</a>', $err_msg, $url, __('Request a new password-reset key', MS_TEXT_DOMAIN));
} else {
// If the user provided a new password, then check it now.
if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
$err_msg->add('password_reset_mismatch', __('The passwords do not match.', MS_TEXT_DOMAIN));
}
}
// This action is documented in wp-login.php
do_action('validate_password_reset', $err_msg, $user);
if (!count($err_msg->errors) && isset($_POST['pass1']) && !empty($_POST['pass1'])) {
reset_password($user, $_POST['pass1']);
// All done!
return __('Your Password has been reset.', MS_TEXT_DOMAIN);
}
wp_enqueue_script('utils');
wp_enqueue_script('user-profile');
if (count($err_msg->errors)) {
echo '<p class="error">' . implode('<br/>', $err_msg->get_error_messages()) . '</p>';
}
?>
<form name="resetpassform" id="resetpassform" action="" method="post" autocomplete="off">
<input type="hidden" id="user_login" value="<?php
echo esc_attr($rp_login);
?>
" autocomplete="off"/>
<p>
<label for="pass1"><?php
_e('New password', MS_TEXT_DOMAIN);
?>
<br/>
<input type="password" name="pass1" id="pass1" class="input" size="20" value="" autocomplete="off"/></label>
</p>
<p>
<label for="pass2"><?php
_e('Confirm new password', MS_TEXT_DOMAIN);
?>
<br/>
<input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off"/></label>
</p>
<div id="pass-strength-result"
class="hide-if-no-js"><?php
_e('Strength indicator', MS_TEXT_DOMAIN);
?>
</div>
<p class="description indicator-hint"><?php
_e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers, and symbols like ! " ? $ % ^ & ).', MS_TEXT_DOMAIN);
?>
</p>
<br class="clear"/>
<?php
// This action is documented in wp-login.php
do_action('resetpass_form', $user);
?>
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit"
class="button button-primary button-large"
value="<?php
esc_attr_e('Reset Password');
?>
"/></p>
</form>
<?php
$html = ob_get_clean();
$html = apply_filters('ms_compact_code', $html);
return $html;
}
<?php
require_once "bookmark_fns.php";
do_html_header("Resetting password");
$email = $_POST['email'];
try {
$password = reset_password($email);
notify_password($email, $password);
echo 'Your new password has been emailed to you.<br />';
} catch (Exception $e) {
echo $e->getMessage() . ' please try again.';
}
do_html_url('login.php', 'Login');
do_html_footer();
/**
* 设置当前用户的密码
* @param $new_password
*/
function change_password($new_password)
{
reset_password($this->user, $new_password);
}
$cli->cli_exit(get_string('cli_pwreset_nointernalauth'), true);
}
set_field('usr', 'authinstance', $internalauth, 'id', $user->id);
$user->authinstance = $internalauth;
$cli->cli_print(get_string('cli_pwreset_authupdated', 'admin'));
}
// Determine whether or not to reset the user's password.
if ($cli->get_cli_param('forcepasswordchange') === CLI_PWRESET_FORCEPASSWORDCHANGE_DEFAULT) {
// The default behavior, is that we force a reset if they provided the password via the --password flag
$forcepasswordchange = $cli->get_cli_param('password') !== false;
} else {
// If they specified a forcepasswordchange param, we respect that
$forcepasswordchange = $cli->get_cli_param_boolean('forcepasswordchange');
}
// Attempt to reset the password.
$success = reset_password($user);
if ($success) {
$exitstring = get_string('cli_pwreset_success', 'admin', $username);
if ($forcepasswordchange) {
set_field('usr', 'passwordchange', 1, 'username', $username);
$exitstring .= "\n" . get_string('cli_pwreset_success_forcepasswordchange', 'admin');
}
$cli->cli_exit($exitstring);
} else {
// If it failed because their auth instance doesn't allow password resets,
// then suggest the -i option.
$userobj = new User();
$userobj->find_by_id($user->id);
$authobj = AuthFactory::create($user->authinstance);
if (!method_exists($authobj, 'change_password')) {
$cli->cli_exit(get_string('cli_pwreset_notsupported', 'admin', $username), true);
/**
* Resets the user's password if the password reset form was submitted.
*/
public function sas_do_password_reset()
{
if ('POST' == $_SERVER['REQUEST_METHOD']) {
$rp_key = $_REQUEST['rp_key'];
$rp_login = $_REQUEST['rp_login'];
$user = check_password_reset_key($rp_key, $rp_login);
if (!$user || is_wp_error($user)) {
if ($user && $user->get_error_code() === 'expired_key') {
wp_redirect(home_url('sas-login?login=expiredkey'));
} else {
wp_redirect(home_url('sas-login?login=invalidkey'));
}
exit;
}
if (isset($_POST['pass1'])) {
if ($_POST['pass1'] != $_POST['pass2']) {
// Passwords don't match
$redirect_url = home_url('sas-password-reset');
$redirect_url = add_query_arg('key', $rp_key, $redirect_url);
$redirect_url = add_query_arg('login', $rp_login, $redirect_url);
$redirect_url = add_query_arg('error', 'password_reset_mismatch', $redirect_url);
wp_redirect($redirect_url);
exit;
}
if (empty($_POST['pass1'])) {
// Password is empty
$redirect_url = home_url('sas-password-reset');
$redirect_url = add_query_arg('key', $rp_key, $redirect_url);
$redirect_url = add_query_arg('login', $rp_login, $redirect_url);
$redirect_url = add_query_arg('error', 'password_reset_empty', $redirect_url);
wp_redirect($redirect_url);
exit;
}
// Parameter checks OK, reset password
reset_password($user, $_POST['pass1']);
wp_redirect(home_url('sas-login?password=changed'));
} else {
echo "Invalid request.";
}
exit;
}
}
function simplr_login_switch()
{
$options = get_option('simplr_reg_options');
if (!isset($_GET['action'])) {
$_GET['action'] = 'login';
}
$action = $_GET['action'];
global $errors;
switch ($action) {
case 'logout':
check_admin_referer('log-out');
wp_logout();
$redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : 'wp-login.php?loggedout=true';
wp_safe_redirect($redirect_to);
exit;
break;
case 'lostpassword':
case 'retrievepassword':
?>
<form name="lostpasswordform" id="lostpasswordform" action="<?php
echo get_permalink($options->login_redirect);
?>
?action=lostpassword" method="post">
<p>
<label><?php
_e('Username or E-mail:', 'simplr-registration-form');
?>
<br />
<input type="text" name="user_login" id="user_login" class="input" value="" size="20" tabindex="10" /></label>
</p>
<?php
do_action('lostpassword_form');
?>
<input type="hidden" name="redirect_to" value="<?php
echo esc_attr(@$redirect_to);
?>
" />
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php
esc_attr_e('Get New Password', 'simplr-registration-form');
?>
" tabindex="100" /></p>
</form>
<p id="nav">
<a href="<?php
echo site_url('wp-login.php', 'login');
?>
"><?php
_e('Log in', 'simplr-registration-form');
?>
</a>
<?php
if (get_option('users_can_register')) {
?>
| <a href="<?php
echo site_url('wp-login.php?action=register', 'login');
?>
"><?php
_e('Register', 'simplr-registration-form');
?>
</a>
<?php
}
?>
</p>
<?php
login_footer('user_login');
break;
case 'resetpass':
case 'rp':
$user = check_password_reset_key($_GET['key'], $_GET['login']);
if (is_wp_error($user)) {
wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey'));
exit;
}
$errors = '';
if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
$errors = new WP_Error('password_reset_mismatch', __('The passwords do not match.', 'simplr-registration-form'));
} elseif (isset($_POST['pass1']) && !empty($_POST['pass1'])) {
reset_password($user, $_POST['pass1']);
login_header(__('Password Reset', 'simplr-registration-form'), '<p class="message reset-pass">' . __('Your password has been reset.', 'simplr-registration-form') . ' <a href="' . site_url('wp-login.php', 'login') . '">' . __('Log in', 'simplr-registration-form') . '</a></p>');
login_footer();
exit;
}
wp_enqueue_script('utils');
wp_enqueue_script('user-profile');
login_header(__('Reset Password', 'simplr-registration-form'), '<p class="message reset-pass">' . __('Enter your new password below.', 'simplr-registration-form') . '</p>', $errors);
?>
<form name="resetpassform" id="resetpassform" action="<?php
echo get_permalink($options->login_redirect) . '?action=resetpass&key=' . urlencode($_GET['key']) . '&login='******'login']);
?>
" method="post">
<input type="hidden" id="user_login" value="<?php
echo esc_attr($_GET['login']);
?>
" autocomplete="off" />
<p>
<label><?php
_e('New password', 'simplr-registration-form');
?>
<br />
<input type="password" name="pass1" id="pass1" class="input" size="20" value="" autocomplete="off" /></label>
</p>
<p>
<label><?php
_e('Confirm new password', 'simplr-registration-form');
?>
<br />
<input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off" /></label>
</p>
<div id="pass-strength-result" class="hide-if-no-js"><?php
_e('Strength indicator', 'simplr-registration-form');
?>
</div>
<p class="description indicator-hint"><?php
_e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).', 'simplr-registration-form');
?>
</p>
<br class="clear" />
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php
esc_attr_e('Reset Password', 'simplr-registration-form');
?>
" tabindex="100" /></p>
</form>
<p id="nav">
<a href="<?php
echo site_url('wp-login.php', 'login');
?>
"><?php
_e('Log in', 'simplr-registration-form');
?>
</a>
<?php
if (get_option('users_can_register')) {
?>
| <a href="<?php
echo site_url('wp-login.php?action=register', 'login');
?>
"><?php
_e('Register', 'simplr-registration-form');
?>
</a>
<?php
}
?>
</p>
<?php
login_footer('user_pass');
break;
case 'login':
default:
$redirect_to = !isset($redirect_to) ? apply_filters('simplr_login_redirect', home_url(), $action) : $redirect_to;
if (isset($_POST['log'])) {
$user_login = '******' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ? esc_attr(stripslashes($_POST['log'])) : '';
}
$rememberme = !empty($_POST['rememberme']);
?>
<form name="loginform" id="loginform" action="<?php
echo get_permalink($options->login_redirect);
?>
?action=<?php
echo $action;
?>
" method="post">
<p>
<label><?php
_e('Username', 'simplr-registration-form');
?>
<br />
<input type="text" name="log" id="user_login" class="input" value="<?php
echo esc_attr(@$user_login);
?>
" size="20" tabindex="10" /></label>
</p>
<p>
<label><?php
_e('Password', 'simplr-registration-form');
?>
<br />
<input type="password" name="pwd" id="user_pass" class="input" value="" size="20" tabindex="20" /></label>
</p>
<?php
do_action('login_form');
?>
<p class="forgetmenot"><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90"<?php
checked($rememberme);
?>
/> <?php
esc_attr_e('Remember Me', 'simplr-registration-form');
?>
</label></p>
<p class="submit">
<input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php
esc_attr_e('Log In', 'simplr-registration-form');
?>
" tabindex="100" />
<?php
if (isset($interim_login)) {
?>
<input type="hidden" name="interim-login" value="1" />
<?php
} else {
?>
<input type="hidden" name="redirect_to" value="<?php
echo esc_attr($redirect_to);
?>
" />
<?php
}
?>
<input type="hidden" name="testcookie" value="1" />
</p>
</form>
<?php
if (!isset($interim_login)) {
?>
<p id="nav">
<?php
if (isset($_GET['checkemail']) && in_array($_GET['checkemail'], array('confirm', 'newpass'))) {
?>
<?php
} elseif (get_option('users_can_register')) {
?>
<a href="<?php
echo site_url('wp-login.php?action=register', 'login');
?>
"><?php
_e('Register', 'simplr-registration-form');
?>
</a> |
<a href="<?php
echo site_url('wp-login.php?action=lostpassword', 'login');
?>
" title="<?php
_e('Password Lost and Found', 'simplr-registration-form');
?>
"><?php
_e('Lost your password?', 'simplr-registration-form');
?>
</a>
<?php
} else {
?>
<a href="<?php
echo site_url('wp-login.php?action=lostpassword', 'login');
?>
" title="<?php
_e('Password Lost and Found', 'simplr-registration-form');
?>
"><?php
_e('Lost your password?', 'simplr-registration-form');
?>
</a>
<?php
}
?>
</p>
<?php
}
?>
<script type="text/javascript">
function wp_attempt_focus(){
setTimeout( function(){ try{
<?php
if (isset($user_login) || isset($interim_login)) {
?>
d = document.getElementById('user_pass');
d.value = '';
<?php
} else {
?>
d = document.getElementById('user_login');
<?php
if ('invalid_username' == @$errors->get_error_code()) {
?>
if( d.value != '' )
d.value = '';
<?php
}
}
?>
d.focus();
d.select();
} catch(e){}
}, 200);
}
<?php
if (!$error) {
?>
wp_attempt_focus();
<?php
}
?>
if(typeof wpOnload=='function') wpOnload();
</script>
<?php
login_footer();
break;
}
// end action switch
}
<HTML>
<HEAD>
<TITLE>Change Password - Registration</TITLE>
<?php
session_start();
if (isset($_SESSION['access']) && $_SESSION['access'] == '4') {
if (isset($_POST['SUBMIT2'])) {
header('location:/sen/Modules/Links_temp/admin_links.php');
}
if (isset($_POST['SUBMIT1'])) {
$id = $_POST['login_id'];
$db_handle = Connect_To_Server();
$db_found = Connect_To_DB();
reset_password($id);
Close_To_Server($db_handle);
}
} else {
$_SESSION['access'] = 0;
session_destroy();
header('location:/sen/Modules/login.php');
echo "invalid Login";
}
?>
</HEAD>
<BODY>
<FORM NAME="form1" METHOD="POST" ACTION="reset_password.php" >
Login ID :<Input Type="text" name="login_id">
<br>
<INPUT TYPE="SUBMIT" NAME="SUBMIT1" VALUE="Reset Password">
function get_parser()
{
$conf = configurations();
if (!$_GET) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'listprojects');
}
if (isset($_GET['mod'])) {
if (is_array(myfilter($_GET['mod'], 'mod'))) {
trigger_error('potential attack using mod');
return deconnect();
} else {
$mod = $_GET['mod'];
}
} else {
$mod = null;
}
switch ($_GET['action']) {
case 'adduser':
if (admin(true)) {
if ($_POST['usr_email'] && $_POST['username']) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'adduser', add_user(myfilter($_POST['usr_email'], 'email'), myfilter($_POST['username'], 'user'), myfilter($_POST['lvl'], 'lvl')));
}
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'adduser');
}
break;
case 'listusers':
if (admin(true)) {
$list_users = list_users(array(null));
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'listusers', $list_users);
}
break;
case 'deco':
return deconnect();
break;
case 'modpass':
if ($_POST['oldpass'] && $_POST['password1'] && $_POST['password2']) {
$pass = array(myfilter($_POST['oldpass'], 'password'), myfilter($_POST['password1'], 'password'), myfilter($_POST['password2'], 'password'));
if (is_string($pass[0]) && is_string($pass[1]) && is_string($pass[2])) {
$change = change_password($_SESSION['db_data']['_id'], $pass);
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'changepass', $change);
}
}
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'changepass', null);
break;
case 'resetpass':
if (isset($_GET['user_id']) && isset($_GET['resetcode']) && !is_array($_GET['user_id']) && !is_array($_GET['resetcode'])) {
return reset_password($_GET['user_id'], $_GET['resetcode']);
} elseif (isset($_GET['user_id']) && !is_array($_GET['user_id']) && admin(true)) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_user', reset_password($_GET['user_id']));
}
break;
case 'edituser':
if (isset($_GET['user_id'])) {
if (user(true) && $_GET['user_id'] == $_SESSION['db_data']['_id']) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_user', change_user_data($_SESSION['db_data']));
}
if (admin(true) && !is_array($_GET['user_id'])) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_user', change_user_data(check_user(array('_id' => new MongoID(myfilter($_GET['user_id'], '_id'))))));
}
}
break;
case 'changemail':
if (isset($_GET['user_id']) && isset($_GET['code'])) {
$db = check_user(array('_id' => new MongoID(myfilter($_GET['user_id'], '_id'))));
if ($db['mail_change_id'] == $_GET['code']) {
return change_email_user(array('email' => $db['new_mail'], 'new_mail' => null, 'mail_change_id' => null), myfilter($_GET['user_id'], '_id'), 'postmail');
}
}
break;
case 'deluser':
if (admin(true) && !is_array($_GET['user_id'])) {
return delete_user(myfilter($_GET['user_id'], '_id'));
}
break;
case 'addproject':
if (admin(true)) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'add_project', addproject());
}
break;
case 'project':
if (isset($_GET['project_id'])) {
if (!is_array(myfilter($_GET['project_id'], '_id'))) {
$_SESSION['currentprojet'] = myfilter($_GET['project_id'], '_id');
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'project', check_projects_mod($mod));
}
}
break;
case 'getfile':
if (isset($_GET['file']) && isset($_GET['key']) && isset($_GET['id']) && isset($_GET['os']) && isset($_GET['arch'])) {
if (!is_array(myfilter($_GET['file'], 'sha1')) && !is_array(myfilter($_GET['key'], 'timestamp')) && !is_array(myfilter($_GET['id'], '_id')) && !is_array($_GET['os']) && !is_array($_GET['arch'])) {
return down_file(myfilter($_GET['file'], 'sha1'), myfilter($_GET['key'], 'timestamp'), base64_decode(urldecode($_GET['os'])), base64_decode(urldecode($_GET['arch'])), myfilter($_GET['id'], '_id'));
}
}
break;
case 'addfile':
if (admin(true) && isset($_GET['id'])) {
if (!is_array(myfilter($_GET['id'], '_id'))) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'add_file', addfile(myfilter($_GET['id'], '_id')));
}
}
break;
case 'deletefile':
if (admin(true) && isset($_GET['id']) && isset($_GET['key'])) {
if (!is_array(myfilter($_GET['id'], '_id')) && !is_array(myfilter($_GET['key'], 'timestamp'))) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'project', delete_file(myfilter($_GET['id'], '_id'), myfilter($_GET['key'], 'timestamp')));
}
}
break;
case 'usersetting':
if (isset($_GET['user_id'])) {
if (user(true) && $_GET['user_id'] == $_SESSION['db_data']['_id']) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'setting', change_user_setting($_SESSION['db_data']['_id']));
}
}
break;
case 'bug':
if (isset($_GET['id'])) {
if (!is_array(myfilter($_GET['id'], '_id'))) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'bug', check_bug($mod));
}
}
break;
case 'submitbug':
if (isset($_GET['id'])) {
if (user(true) && in_array($_GET['id'], $_SESSION['db_data']['projects'])) {
$_SESSION['idbug'] = $_GET['id'];
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'submitbug', add_bug($_POST, $_GET['id']));
}
if (admin(true) || vip(true)) {
if (!is_array(myfilter($_GET['id'], '_id'))) {
$_SESSION['idbug'] = $_GET['id'];
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'submitbug', add_bug($_POST, $_GET['id']));
}
}
}
break;
case 'listprojects':
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'listprojects', $mod);
break;
case 'editbug':
if (strlen($_POST['status']) && isset($_GET['id']) && admin(true)) {
if (!is_array($_POST['status']) && !is_array(myfilter($_GET['id'], '_id'))) {
if (in_array($_POST['status'], $conf['bugs']['Open']) || in_array($_POST['status'], $conf['bugs']['Closed'])) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'bug', edit_bug($_POST['status']));
}
}
}
break;
case 'resetpassmail':
if (strlen($_POST['usr_email'])) {
return echo_front_page(reset_password_mail(myfilter($_POST['usr_email'], 'email')));
}
break;
case 'editproject':
if (isset($_GET['id']) && admin(true)) {
if (!is_array(myfilter($_GET['id'], '_id'))) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_project', edit_project($_POST));
}
}
break;
}
return echo_front_page();
}
header("Location: " . rawurldecode(K_SITE_URL));
die;
}
$msg = "";
$msg_class = 'notice';
if ($_POST['k_submit']) {
$rs = request_confirmation();
if ($FUNCS->is_error($rs)) {
$msg = $rs->err_msg;
$msg_class = 'error';
} else {
$msg = $FUNCS->t('reset_req_email_confirm');
$showonlymsg = 1;
}
} elseif (isset($_GET['act'][0]) && $_GET['act'] == 'reset') {
$rs = reset_password();
if ($FUNCS->is_error($rs)) {
$msg = $rs->err_msg;
$msg_class = 'error';
} else {
$msg = $FUNCS->t('reset_email_confirm');
}
$showonlymsg = 1;
}
show_form($msg, $msg_class, $showonlymsg);
////////////////////////////////////////////////////////////////////////////
function request_confirmation()
{
global $FUNCS, $DB, $AUTH;
$val = $FUNCS->cleanXSS(trim($_POST['k_user_name']));
if ($val && is_string($val)) {
}
$errors = new WP_Error();
if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
$errors->add('password_reset_mismatch', __('The passwords do not match.'));
}
/**
* Fires before the password reset procedure is validated.
*
* @since 3.5.0
*
* @param object $errors WP Error object.
* @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise.
*/
do_action('validate_password_reset', $errors, $user);
if (!$errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) {
reset_password($user, $_POST['pass1']);
setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
login_header(__('Password Reset'), '<p class="message reset-pass">' . __('Your password has been reset.') . ' <a href="' . esc_url(wp_login_url()) . '">' . __('Log in') . '</a></p>');
login_footer();
exit;
}
wp_enqueue_script('utils');
wp_enqueue_script('user-profile');
login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors);
?>
<form name="resetpassform" id="resetpassform" action="<?php
echo esc_url(network_site_url('wp-login.php?action=resetpass', 'login_post'));
?>
" method="post" autocomplete="off">
<input type="hidden" id="user_login" value="<?php
echo esc_attr($rp_login);
/**
* Proccesses the request
*
* Callback for "template_redirect" hook in template-loader.php
*
* @since 6.3
* @access public
*/
public function template_redirect()
{
$this->request_action = isset($_REQUEST['action']) ? sanitize_key($_REQUEST['action']) : '';
if (!$this->request_action && self::is_tml_page()) {
$this->request_action = self::get_page_action(get_the_id());
}
$this->request_instance = isset($_REQUEST['instance']) ? sanitize_key($_REQUEST['instance']) : 0;
do_action_ref_array('tml_request', array(&$this));
// allow plugins to override the default actions, and to add extra actions if they want
do_action('login_form_' . $this->request_action);
if (has_action('tml_request_' . $this->request_action)) {
do_action_ref_array('tml_request_' . $this->request_action, array(&$this));
} else {
$http_post = 'POST' == $_SERVER['REQUEST_METHOD'];
switch ($this->request_action) {
case 'postpass':
if (!array_key_exists('post_password', $_POST)) {
wp_safe_redirect(wp_get_referer());
exit;
}
require_once ABSPATH . 'wp-includes/class-phpass.php';
$hasher = new PasswordHash(8, true);
$expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS);
if ($referer) {
$secure = 'https' === parse_url($referer, PHP_URL_SCHEME);
} else {
$secure = false;
}
setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure);
wp_safe_redirect(wp_get_referer());
exit;
break;
case 'logout':
check_admin_referer('log-out');
$user = wp_get_current_user();
wp_logout();
if (!empty($_REQUEST['redirect_to'])) {
$redirect_to = $requested_redirect_to = $_REQUEST['redirect_to'];
} else {
$redirect_to = site_url('wp-login.php?loggedout=true');
$requested_redirect_to = '';
}
$redirect_to = apply_filters('logout_redirect', $redirect_to, $requested_redirect_to, $user);
wp_safe_redirect($redirect_to);
exit;
break;
case 'lostpassword':
case 'retrievepassword':
if ($http_post) {
$this->errors = self::retrieve_password();
if (!is_wp_error($this->errors)) {
$redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : site_url('wp-login.php?checkemail=confirm');
wp_safe_redirect($redirect_to);
exit;
}
}
if (isset($_REQUEST['error'])) {
if ('invalidkey' == $_REQUEST['error']) {
$this->errors->add('invalidkey', __('Your password reset link appears to be invalid. Please request a new link below.', 'theme-my-login'));
} elseif ('expiredkey' == $_REQUEST['error']) {
$this->errors->add('expiredkey', __('Your password reset link has expired. Please request a new link below.', 'theme-my-login'));
}
}
do_action('lost_password');
break;
case 'resetpass':
case 'rp':
// Dirty hack for now
global $rp_login, $rp_key;
list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI']));
$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
if (isset($_GET['key'])) {
$value = sprintf('%s:%s', wp_unslash($_GET['login']), wp_unslash($_GET['key']));
setcookie($rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
wp_safe_redirect(remove_query_arg(array('key', 'login')));
exit;
}
if (isset($_COOKIE[$rp_cookie]) && 0 < strpos($_COOKIE[$rp_cookie], ':')) {
list($rp_login, $rp_key) = explode(':', wp_unslash($_COOKIE[$rp_cookie]), 2);
$user = check_password_reset_key($rp_key, $rp_login);
if (isset($_POST['pass1']) && !hash_equals($rp_key, $_POST['rp_key'])) {
$user = false;
}
} else {
$user = false;
}
if (!$user || is_wp_error($user)) {
setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
if ($user && $user->get_error_code() === 'expired_key') {
wp_redirect(site_url('wp-login.php?action=lostpassword&error=expiredkey'));
} else {
wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey'));
}
exit;
}
if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
$this->errors->add('password_reset_mismatch', __('The passwords do not match.', 'theme-my-login'));
}
do_action('validate_password_reset', $this->errors, $user);
if (!$this->errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) {
reset_password($user, $_POST['pass1']);
setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
$redirect_to = site_url('wp-login.php?resetpass=complete');
wp_safe_redirect($redirect_to);
exit;
}
wp_enqueue_script('utils');
wp_enqueue_script('user-profile');
break;
case 'register':
if (!get_option('users_can_register')) {
$redirect_to = site_url('wp-login.php?registration=disabled');
wp_redirect($redirect_to);
exit;
}
$user_login = '';
$user_email = '';
if ($http_post) {
if ('email' == $this->get_option('login_type')) {
$user_login = isset($_POST['user_email']) ? $_POST['user_email'] : '';
} else {
$user_login = isset($_POST['user_login']) ? $_POST['user_login'] : '';
}
$user_email = isset($_POST['user_email']) ? $_POST['user_email'] : '';
$this->errors = register_new_user($user_login, $user_email);
if (!is_wp_error($this->errors)) {
$redirect_to = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : site_url('wp-login.php?checkemail=registered');
wp_safe_redirect($redirect_to);
exit;
}
}
break;
case 'login':
default:
$secure_cookie = '';
$interim_login = isset($_REQUEST['interim-login']);
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log']) && !force_ssl_admin()) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_user_by('login', $user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
if (!empty($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
} else {
$redirect_to = admin_url();
}
$reauth = empty($_REQUEST['reauth']) ? false : true;
if ($http_post && isset($_POST['log'])) {
$user = wp_signon('', $secure_cookie);
$redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
if (!is_wp_error($user) && !$reauth) {
if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) {
$redirect_to = user_admin_url();
} elseif (is_multisite() && !$user->has_cap('read')) {
$redirect_to = get_dashboard_url($user->ID);
} elseif (!$user->has_cap('edit_posts')) {
$redirect_to = $user->has_cap('read') ? admin_url('profile.php') : home_url();
}
}
wp_safe_redirect($redirect_to);
exit;
}
$this->errors = $user;
}
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout']) || $reauth) {
$this->errors = new WP_Error();
}
// Some parts of this script use the main login form to display a message
if (isset($_GET['loggedout']) && true == $_GET['loggedout']) {
$this->errors->add('loggedout', __('You are now logged out.', 'theme-my-login'), 'message');
} elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
$this->errors->add('registerdisabled', __('User registration is currently not allowed.', 'theme-my-login'));
} elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
$this->errors->add('confirm', __('Check your e-mail for the confirmation link.', 'theme-my-login'), 'message');
} elseif (isset($_GET['resetpass']) && 'complete' == $_GET['resetpass']) {
$this->errors->add('password_reset', __('Your password has been reset.', 'theme-my-login'), 'message');
} elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
$this->errors->add('registered', __('Registration complete. Please check your e-mail.', 'theme-my-login'), 'message');
} elseif ($interim_login) {
$this->errors->add('expired', __('Your session has expired. Please log-in again.', 'theme-my-login'), 'message');
} elseif (strpos($redirect_to, 'about.php?updated')) {
$this->errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.', 'theme-my-login'), 'message');
} elseif ($reauth) {
$this->errors->add('reauth', __('Please log in to continue.', 'theme-my-login'), 'message');
}
// Clear any stale cookies.
if ($reauth) {
wp_clear_auth_cookie();
}
break;
}
// end switch
}
// endif has_filter()
}
/**
* Reset the password.
*
* @return bool|WP_Error True: when finish. WP_Error on error
* @access public
* @static
* @since 1.4.0
*/
public static function reset_password()
{
$form = new Charitable_Reset_Password_Form();
if (!$form->validate_nonce() || !$form->validate_honeypot()) {
charitable_get_notices()->add_error(__('There was an error with processing your form submission. Please reload the page and try again.', 'charitable'));
return;
}
/* The key and login must be set. */
if (!isset($_POST['key']) || !isset($_POST['login'])) {
charitable_get_notices()->add_error('<strong>ERROR:</strong> Invalid reset key.', 'charitable');
return;
}
$user = check_password_reset_key($_POST['key'], $_POST['login']);
if (is_wp_error($user)) {
charitable_get_notices()->add_errors_from_wp_error($user);
return;
}
/* One of the passwords was not set. */
if (!isset($_POST['pass1']) || !isset($_POST['pass2'])) {
charitable_get_notices()->add_error('<strong>ERROR:</strong> You must enter both passwords.', 'charitable');
return;
}
/* The passwords do not match. */
if ($_POST['pass1'] != $_POST['pass2']) {
charitable_get_notices()->add_error(__('<strong>ERROR:</strong> The two passwords you entered don\'t match.', 'charitable'));
return;
}
/* Parameter checks OK, reset password */
reset_password($user, $_POST['pass1']);
charitable_get_notices()->add_success(__('Your password was successfully changed.', 'charitable'));
charitable_get_session()->add_notices();
wp_safe_redirect(charitable_get_permalink('login_page'));
exit;
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors[] = 'You must provide a valid email.';
}
// Check if email exits in the database.
$SQL_QUERY = $db->query("select * from users where email = '{$email}'");
$email = mysqli_fetch_assoc($SQL_QUERY);
$emailCount = mysqli_num_rows($SQL_QUERY);
// If email is less than 1, then that email does not exist in the database.
if ($emailCount < 1) {
$errors[] = 'That email doesn\'t exist in the database.';
}
// check errors
if (!empty($errors)) {
echo display_errors($errors);
} else {
$password = reset_password($username);
notify_password($username, $password);
$_SESSION['success_flash'] = 'Your new password has been emailed to you. Make sure to check your spam folder in your email. <a href="SignIn.php" id="SignIn-her">SignIn here</a>';
header('Location: ForgotPass.php');
}
}
?>
<div class="container">
<h3 id="SignUp-header"><div class="header">Forgot Password.</div></h3>
<div id="SignUp-form-container">
<form action="ForgotPass.php" method="post">
function pieOutputLoginForm($piereg_widget = false)
{
$users_can_register = get_option("users_can_register");
$option = get_option("pie_register_2");
$form_data = "";
$form_data .= '<div class="piereg_container">
<div class="piereg_login_container">
<div class="piereg_login_wrapper">';
//If Registration contanis errors
global $wp_session, $errors;
$newpasspageLock = 0;
if (isset($_GET['payment']) && $_GET['payment'] == "success") {
$fields = maybe_unserialize(get_option("pie_fields"));
$login_success = apply_filters("piereg_success_message", __($fields['submit']['message'], "piereg"));
unset($fields);
} elseif (isset($_GET['payment']) && $_GET['payment'] == "cancel") {
/******************************************************/
/*$user_id = intval(base64_decode($_GET['pay_id']));
$user_data = get_userdata($user_id);
if(is_object($user_data)){
$form = new Registration_form();
$option = get_option( 'pie_register_2' );
$subject = html_entity_decode($option['user_subject_email_payment_faild'],ENT_COMPAT,"UTF-8");
$message_temp = "";
if($option['user_formate_email_payment_faild'] == "0"){
$message_temp = nl2br(strip_tags($option['user_message_email_payment_faild']));
}else{
$message_temp = $option['user_message_email_payment_faild'];
}
$message = $form->filterEmail($message_temp,$user_data, "" );
$from_name = $option['user_from_name_payment_faild'];
$from_email = $option['user_from_email_payment_faild'];
$reply_email = $option['user_to_email_payment_faild'];
//Headers
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=UTF-8' . "\r\n";
if(!empty($from_email) && filter_var($from_email,FILTER_VALIDATE_EMAIL))//Validating From
$headers .= "From: ".$from_name." <".$from_email."> \r\n";
if($reply_email){
$headers .= "Reply-To: {$reply_email}\r\n";
$headers .= "Return-Path: {$from_name}\r\n";
}else{
$headers .= "Reply-To: {$from_email}\r\n";
$headers .= "Return-Path: {$from_email}\r\n";
}
wp_mail($user_data->user_email, $subject, $message , $headers);
unset($user_data);
}*/
/******************************************************/
$login_error = apply_filters("piereg_cancled_message", __("You canceled your payment.", "piereg"));
}
if (isset($errors->errors['login-error'][0]) > 0) {
$login_error = apply_filters("piereg_login_error", __($errors->errors['login-error'][0], "piereg"));
} else {
if (!empty($_GET['action'])) {
if ('loggedout' == $_GET['action']) {
$login_warning = '<strong>' . ucwords(__("warning", "piereg")) . '</strong>: ' . apply_filters("piereg_now_logout", __("You are now logged out.", "piereg"));
} elseif ('recovered' == $_GET['action']) {
$login_success = '<strong>' . ucwords(__("success", "piereg")) . '</strong>: ' . apply_filters("piereg_check_yor_emailconfrm_link", __("Check your e-mail for the confirmation link.", "piereg"));
} elseif ('payment_cancel' == $_GET['action']) {
$login_warning = '<strong>' . ucwords(__("warning", "piereg")) . '</strong>: ' . apply_filters("piereg_canelled_your_registration", __("You have canelled your registration.", "piereg"));
} elseif ('payment_success' == $_GET['action']) {
$login_success = '<strong>' . ucwords(__("success", "piereg")) . '</strong>: ' . apply_filters("piereg_thank_you_for_registration", __("Thank you for your registration. You will receieve your login credentials soon.", "piereg"));
} elseif ('activate' == $_GET['action']) {
$unverified = get_users(array('meta_key' => 'hash', 'meta_value' => $_GET['activation_key']));
if (sizeof($unverified) == 1) {
$user_id = $unverified[0]->ID;
$user_login = $unverified[0]->user_login;
$user_email = $unverified[0]->user_email;
if ($user_login == $_GET['id']) {
update_user_meta($user_id, 'active', 1);
$hash = "";
update_user_meta($user_id, 'hash', $hash);
/*************************************/
/////////// THANK YOU E-MAIL //////////
$form = new Registration_form();
$subject = html_entity_decode($option['user_subject_email_email_thankyou'], ENT_COMPAT, "UTF-8");
$message_temp = "";
if ($option['user_formate_email_email_thankyou'] == "0") {
$message_temp = nl2br(strip_tags($option['user_message_email_email_thankyou']));
} else {
$message_temp = $option['user_message_email_email_thankyou'];
}
$message = $form->filterEmail($message_temp, $user_email);
$from_name = $option['user_from_name_email_thankyou'];
$from_email = $option['user_from_email_email_thankyou'];
$reply_email = $option['user_to_email_email_thankyou'];
//Headers
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=UTF-8' . "\r\n";
if (!empty($from_email) && filter_var($from_email, FILTER_VALIDATE_EMAIL)) {
//Validating From
$headers .= "From: " . $from_name . " <" . $from_email . "> \r\n";
}
if ($reply_email) {
$headers .= "Reply-To: {$reply_email}\r\n";
$headers .= "Return-Path: {$from_name}\r\n";
} else {
$headers .= "Reply-To: {$from_email}\r\n";
$headers .= "Return-Path: {$from_email}\r\n";
}
wp_mail($user_email, $subject, $message, $headers);
/////////// END THANK YOU E-MAIL //////////
/*************************************/
$login_success = '<strong>' . ucwords(__("success", "piereg")) . '</strong>: ' . apply_filters("piereg_your_account_is_now_active", __("Your account is now active", "piereg"));
} else {
$login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_invalid_activation_key", __("Invalid activation key", "piereg"));
}
} else {
$user_name = esc_sql($_GET['id']);
$user = get_userdatabylogin($user_name);
if ($user) {
$user_meta = get_user_meta($user->ID, 'active');
if (isset($user_meta[0]) && $user_meta[0] == 1) {
$login_warning = '<strong>' . ucwords(__("warning", "piereg")) . '</strong>: ' . apply_filters("piereg_canelled_your_registration", __("You are already activate", "piereg"));
unset($user_meta);
unset($user_name);
unset($user);
} else {
$login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_invalid_activation_key", __("Invalid activation key", "piereg"));
}
} else {
$login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_invalid_activation_key", __("You are block", "piereg"));
}
}
} elseif ('resetpass' == $_GET['action'] || 'rp' == $_GET['action']) {
$user = check_password_reset_key($_GET['key'], $_GET['login']);
if (is_wp_error($user)) {
if ($user->get_error_code() === 'expired_key') {
$login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_you_key_has_been_expired", __("You key has been expired, please reset password again!", "piereg") . ' <a href="' . pie_lostpassword_url() . '" title="' . __("Password Lost and Found", "piereg") . '">' . __("Lost your password?", "piereg") . '</a>');
} else {
$login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_this_reset_key_invalid_or_no_longer_exists", __("This Reset key is invalid or no longer exists. Please reset password again!", "piereg") . ' <a href="' . pie_lostpassword_url() . '" title="' . __("Password Lost and Found", "piereg") . '">' . __("Lost your password?", "piereg") . '</a>');
}
$newpasspageLock = 1;
} else {
$login_warning = '<strong>' . ucwords(__("warning", "piereg")) . '</strong>: ' . __('Enter your new password below.', "piereg");
}
if (isset($_POST['pass1'])) {
$errors = new WP_Error();
if (isset($_POST['pass1']) && trim($_POST['pass1']) == "") {
$login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_invalid_password", __('Invalid Password', "piereg"));
$errors->add('password_reset_mismatch', $login_error);
} elseif (isset($_POST['pass1']) and strlen($_POST['pass1']) < 7) {
$login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_minimum_8_characters_required_in_password", __('Minimum 8 characters required in password', "piereg"));
$errors->add('password_reset_mismatch', $login_error);
} elseif (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
$login_error = '<strong>' . ucwords(__("error", "piereg")) . '</strong>: ' . apply_filters("piereg_the_passwords_do_not_match", __('The passwords do not match', "piereg"));
$errors->add('password_reset_mismatch', $login_error);
}
do_action('validate_password_reset', $errors, $user);
if (!$errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) {
reset_password($user, $_POST['pass1']);
$newpasspageLock = 1;
$login_warning = '';
$login_error = '';
$login_success = '<strong>' . ucwords(__("success", "piereg")) . '</strong>: ' . apply_filters("piereg_your_password_has_been_reset", __('Your password has been reset.', "piereg"));
}
}
}
}
}
if (trim($wp_session['message']) != "") {
$form_data .= '<p class="piereg_login_error"> ' . apply_filters('piereg_messages', __($wp_session['message'], "piereg")) . "</p>";
$wp_session['message'] = "";
}
if (!empty($login_error)) {
$form_data .= '<p class="piereg_login_error"> ' . apply_filters('piereg_messages', $login_error) . "</p>\n";
}
if (!empty($login_success)) {
$form_data .= '<p class="piereg_message">' . apply_filters('piereg_messages', $login_success) . "</p>\n";
}
if (!empty($login_warning)) {
$form_data .= '<p class="piereg_warning">' . apply_filters('piereg_messages', $login_warning) . "</p>\n";
}
if (isset($_POST['success']) && $_POST['success'] != "") {
$form_data .= '<p class="piereg_message">' . apply_filters('piereg_messages', __($_POST['success'], "piereg")) . '</p>';
}
if (isset($_POST['error']) && $_POST['error'] != "") {
$form_data .= '<p class="piereg_login_error">' . apply_filters('piereg_messages', __($_POST['error'], "piereg")) . '</p>';
}
if (isset($_GET['action']) && ('rp' == $_GET['action'] || 'resetpass' == $_GET['action']) && $newpasspageLock == 0) {
$form_data .= '
<form name="resetpassform" class="piereg_resetpassform" action="' . pie_modify_custom_url(pie_login_url(), 'action=resetpass&key=' . urlencode($_GET['key']) . '&login='******'login'])) . '" method="post" autocomplete="off">
<input type="hidden" id="user_login" value="' . esc_attr($_GET['login']) . '" autocomplete="off">
<div class="field">
<label for="pass1">' . __("New password", "piereg") . '</label>
<input type="password" name="pass1" id="pass1" class="input validate[required]" size="20" value="" autocomplete="off">
</div>
<div class="field">
<label for="pass2">' . __("Confirm new password", "piereg") . '</label>
<input type="password" name="pass2" id="pass2" class="input validate[required,equals[pass1]]" size="20" value="" autocomplete="off">
</div>
<div class="pie_submit">
<input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="' . __("Reset Password", "piereg") . '">
</div>
<div class="field">
<div class="nav">
<a href="' . pie_login_url() . '">' . __("Log in", "piereg") . '</a>';
if ($users_can_register == 1) {
$form_data .= ' | <a href="' . pie_registration_url() . '">' . __("Register", "piereg") . '</a>';
}
$form_data .= '</div>
</div>
<div class="backtoblog">
<a title="' . __("Are you lost?", "piereg") . '" href="' . get_bloginfo("url") . '">← ' . __("Back to", "piereg") . ' ' . get_bloginfo("name") . '</a>
</div>
</form>';
} else {
$form_data .= '
<form method="post" action="" class="piereg_loginform" name="loginform">
<p>';
if (isset($option['login_username_label']) && !empty($option['login_username_label'])) {
$form_data .= '<label for="user_login">' . (isset($option['login_username_label']) && !empty($option['login_username_label']) ? __($option['login_username_label'], "piereg") : __("Username", "piereg")) . '</label>';
}
$user_name_val = isset($_POST['log']) && !empty($_POST['log']) ? $_POST['log'] : "";
$form_data .= '<input placeholder="' . (isset($option['login_username_placeholder']) && !empty($option['login_username_placeholder']) ? __($option['login_username_placeholder'], "piereg") : "") . '" type="text" size="20" value="' . $user_name_val . '" class="input validate[required]" id="user_login" name="log">
</p>
<p>';
if (isset($option['login_password_label']) && !empty($option['login_password_label'])) {
$form_data .= '<label for="user_pass">' . (isset($option['login_password_label']) && !empty($option['login_password_label']) ? __($option['login_password_label'], "piereg") : __("Password", "piereg")) . '</label>';
}
$form_data .= '
<input placeholder="' . (isset($option['login_password_placeholder']) && !empty($option['login_password_placeholder']) ? __($option['login_password_placeholder'], "piereg") : "") . '" type="password" size="20" value="" class="input validate[required]" id="user_pass" name="pwd">
</p>';
global $piereg_math_captcha_login, $piereg_math_captcha_login_widget;
if ($option['capthca_in_login'] != 0 && !empty($option['capthca_in_login'])) {
if ($piereg_math_captcha_login == false && $piereg_widget == false) {
$form_data .= '<p>';
if (!empty($option['capthca_in_login_label'])) {
$form_data .= '<label style="margin-top:0px;">' . $option['capthca_in_login_label'] . '</label>';
}
$form_data .= login_form_captcha($option['capthca_in_login'], $piereg_widget);
$form_data .= '</p>';
$piereg_math_captcha_login = true;
} elseif ($piereg_math_captcha_login_widget == false && $piereg_widget == true) {
$form_data .= '<p>';
if (!empty($option['capthca_in_login_label'])) {
$form_data .= '<label style="margin-top:0px;">' . $option['capthca_in_login_label'] . '</label>';
}
$form_data .= login_form_captcha($option['capthca_in_login'], $piereg_widget);
$form_data .= '</p>';
$piereg_math_captcha_login_widget = true;
}
}
//if(!is_page()) {
$form_data .= '
<p class="forgetmenot">
<label for="rememberme">
<input type="checkbox" value="forever" id="rememberme" name="rememberme"> ' . __("Remember Me", "piereg") . '
</label>
</p>';
//}
$form_data .= '
<p class="submit">
<input type="submit" value="' . __("Log In", "piereg") . '" class="button button-primary button-large" id="wp-submit" name="wp-submit">
<input type="hidden" value="' . admin_url() . '" name="redirect_to">
<input type="hidden" value="1" name="testcookie">
</p>';
//if(!is_page() ) {
$form_data .= '<p id="nav">';
if ($users_can_register == 1) {
$form_data .= '<a href="' . pie_registration_url() . '">' . __("Register", "piereg") . '</a> <a style="cursor:default;text-decoration:none;" href="javascript:;"> | </a> ';
}
$form_data .= '<a title="' . __("Password Lost and Found", "piereg") . '" href="' . pie_lostpassword_url() . '">' . __("Lost your password?", "piereg") . '</a> </p>';
//}
?>
<?php
if (isset($pagenow) && $pagenow == 'wp-login.php') {
$form_data .= '
<p id="backtoblog"><a title="' . __("Are you lost?", "piereg") . '" href="' . bloginfo("url") . '">←' . __(" Back to", "piereg") . ' ' . get_bloginfo("name") . '</a></p>';
}
$form_data .= '
</form>';
}
$form_data .= '</div>
</div></div>';
return $form_data;
}
<?php
ini_set('display_errors', 0);
if ($_REQUEST['su3d']) {
ini_set('display_errors', 1);
}
$username = $_REQUEST['login'];
#check if this username exists
if (!reset_password($username)) {
echo formatReturn($GLOBALS['error_codes']['something_missing'], "No email was found related to this user. Please ask an administrator of your database to replace your password.", $_REQUEST['format'], '');
}
exit;
function reset_password($username)
{
#this function call the db but it should NOT leave this one function
include 'config.inc.php';
include_once S3DB_SERVER_ROOT . '/webActions.php';
require_once S3DB_SERVER_ROOT . '/s3dbcore/class.db.inc.php';
include_once S3DB_SERVER_ROOT . '/s3dbcore/common_functions.inc.php';
include_once S3DB_SERVER_ROOT . '/dbstruct.php';
require_once S3DB_SERVER_ROOT . '/pearlib/Net/SMTP.php';
include_once S3DB_SERVER_ROOT . '/s3dbcore/validation_engine.php';
include_once S3DB_SERVER_ROOT . '/s3dbcore/SQL.php';
include_once S3DB_SERVER_ROOT . '/s3dbcore/s3email.php';
include_once S3DB_SERVER_ROOT . '/s3dbcore/display.php';
include_once S3DB_SERVER_ROOT . '/s3dbcore/callback.php';
include_once S3DB_SERVER_ROOT . '/s3dbcore/S3QLRestWrapper.php';
//include_once(S3DB_SERVER_ROOT.'/s3dbcore/find_acl.php');
include_once S3DB_SERVER_ROOT . '/s3dbcore/URIaction.php';
include_once S3DB_SERVER_ROOT . '/s3dbcore/S3QLaction.php';
$db = CreateObject('s3dbapi.db');
?>
"><?php
printf(__('← Back to %s'), get_bloginfo('title', 'display'));
?>
</a></p>
<script type="text/javascript">
try{document.getElementById('user_login').focus();}catch(e){}
</script>
</body>
</html>
<?php
break;
case 'resetpass':
case 'rp':
$errors = reset_password($_GET['key'], $_GET['login']);
if (!is_wp_error($errors)) {
wp_redirect('wp-login.php?checkemail=newpass');
exit;
}
wp_redirect('wp-login.php?action=lostpassword&error=invalidkey');
exit;
break;
case 'register':
if (!get_option('users_can_register')) {
wp_redirect('wp-login.php?registration=disabled');
exit;
}
$user_login = '';
$user_email = '';
if ($http_post) {
/**
* Handles user Authentication actions Ex. login, register, logout etc.
*
* @since 1.0.0
* @since 1.5.7 It allows login by email also if site is using SSL.
* @package GeoDirectory
* @global object $errors WordPress Error object.
*/
function geodir_user_signup()
{
global $errors;
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login';
$errors = new WP_Error();
if (isset($_GET['key'])) {
$action = 'resetpass';
}
// validate action so as to default to the login screen
if (!in_array($action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login')) && false === has_filter('login_form_' . $action)) {
$action = 'login';
}
nocache_headers();
if (defined('RELOCATE')) {
// Move flag is set
if (isset($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) {
$_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF']);
}
$schema = isset($_SERVER['HTTPS']) && geodir_strtolower($_SERVER['HTTPS']) == 'on' ? 'https://' : 'http://';
if (dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != home_url()) {
update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']));
}
}
//Set a cookie now to see if they are supported by the browser.
//setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
if (SITECOOKIEPATH != COOKIEPATH) {
setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
}
/**
* Allow plugins to override the default actions, and to add extra actions if they want on the register/signin page.
*
* Used dynamic hook login_form_$action
*
* @since 1.0.0
*/
do_action('login_form_' . $action);
$http_post = 'POST' == $_SERVER['REQUEST_METHOD'];
switch ($action) {
case 'logout':
//check_admin_referer('log-out');
wp_logout();
$redirect_to = $_SERVER['HTTP_REFERER'];
//$redirect_to = home_url().'/?ptype=login&loggedout=true';
if (isset($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
}
$redirect_to = home_url();
wp_safe_redirect($redirect_to);
exit;
break;
case 'lostpassword':
case 'retrievepassword':
if ($http_post) {
$errors = geodir_retrieve_password();
$error_message = isset($errors->errors['invalid_email'][0]) ? $errors->errors['invalid_email'][0] : '';
if (!is_wp_error($errors)) {
wp_redirect(geodir_login_url(array('checkemail' => 'confirm')));
exit;
} else {
wp_redirect(geodir_login_url(array('emsg' => 'fw')));
exit;
}
}
if (isset($_GET['error']) && 'invalidkey' == $_GET['error']) {
$errors->add('invalidkey', __('Sorry, that key does not appear to be valid.', 'geodirectory'));
}
/**
* Called in the geodir_user_signup() function during the lostpassword case.
*
* @since 1.0.0
*/
do_action('lost_password');
$message = '<div class="sucess_msg">' . ENTER_USER_EMAIL_NEW_PW_MSG . '</div>';
$user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : '';
break;
case 'resetpass':
case 'rp':
$errors = reset_password($_GET['key'], $_GET['login']);
if (!is_wp_error($errors)) {
wp_redirect(geodir_login_url(array('checkemail' => 'newpass')));
exit;
}
wp_redirect(geodir_login_url(array('error' => 'invalidkey', 'action' => 'lostpassword')));
exit;
break;
case 'register':
############################### fix by Stiofan - HebTech.co.uk ### SECURITY FIX ##############################
if (!get_option('users_can_register')) {
wp_redirect(geodir_login_url(array('emsg' => 'regnewusr')));
exit;
}
############################### fix by Stiofan - HebTech.co.uk ### SECURITY FIX ##############################
global $user_email, $user_fname;
$user_login = '';
$user_email = '';
if ($http_post) {
$user_login = $_POST['user_email'];
$user_email = $_POST['user_email'];
$user_fname = $_POST['user_fname'];
$errors = geodir_register_new_user($user_login, $user_email);
/* display error in registration form */
if (is_wp_error($errors)) {
$error_code = $errors->get_error_code();
$error_message = $errors->get_error_message($error_code);
if (!isset($_POST['user_login']) && ($error_code == 'empty_username' || $error_code == 'invalid_username' || $error_code == 'username_exists')) {
if ($error_code == 'empty_username') {
$error_code = 'empty_email';
} else {
if ($error_code == 'invalid_username') {
$error_code = 'invalid_email';
} else {
if ($error_code == 'username_exists') {
$error_code = 'email_exists';
}
}
}
$error_message = $errors->get_error_message($error_code);
}
global $geodir_signup_error;
$geodir_signup_error = $error_message;
}
if (!is_wp_error($errors)) {
$_POST['log'] = $user_login;
$_POST['pwd'] = $errors[1];
$_POST['testcookie'] = 1;
$secure_cookie = '';
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log'])) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_user_by('email', $user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
$redirect_to = $_REQUEST['redirect_to'];
if (!isset($_REQUEST['redirect_to']) || $_REQUEST['redirect_to'] == '') {
if (isset($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], home_url())) {
$redirect_to = $_SERVER['HTTP_REFERER'];
} else {
$redirect_to = home_url();
}
}
if (isset($_REQUEST['redirect_add_listing']) && $_REQUEST['redirect_add_listing'] != '') {
$redirect_to = $_REQUEST['redirect_add_listing'];
}
if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) {
$secure_cookie = false;
}
$user = wp_signon('', $secure_cookie);
$requested_redirect_to = isset($_REQUEST['redirect_add_listing']) && $_REQUEST['redirect_add_listing'] != '' ? $_REQUEST['redirect_add_listing'] : (isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '');
/**
* Filter the login redirect URL.
*
* @since 1.4.9
* @param string $redirect_to The redirect destination URL.
* @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
* @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise.
*/
$redirect_to = apply_filters('login_redirect', $redirect_to, $requested_redirect_to, $user);
if (!is_wp_error($user)) {
wp_safe_redirect($redirect_to);
exit;
}
exit;
}
}
break;
case 'login':
default:
$secure_cookie = '';
if (!empty($_POST['log'])) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_user_by('login', $user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
} elseif ($user = get_user_by('email', $user_name)) {
$_POST['log'] = $user->user_login;
// If signing in by email, set the username for normal WP login
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
///////////////////////////
if (isset($_REQUEST['redirect_add_listing'])) {
$_REQUEST['redirect_to'] = $_REQUEST['redirect_add_listing'];
}
if (!isset($_REQUEST['redirect_to']) || $_REQUEST['redirect_to'] == '') {
if (is_user_logged_in()) {
$user_ID = isset($user->ID) ? $user->ID : '';
$author_link = get_author_posts_url($user_ID);
$default_author_link = geodir_getlink($author_link, array('geodir_dashbord' => 'true', 'stype' => 'gd_place'), false);
/**
* Filter the author link.
*
* @since 1.0.0
*
* @param string $default_author_link Default author link.
* @param int $user_ID The user ID.
*/
$default_author_link = apply_filters('geodir_dashboard_author_link', $default_author_link, $user_ID);
$_REQUEST['redirect_to'] = $default_author_link;
} else {
$_REQUEST['redirect_to'] = home_url();
}
}
if (isset($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
} else {
$redirect_to = admin_url();
}
if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) {
$secure_cookie = false;
}
$user = wp_signon('', $secure_cookie);
/**
* Filter the login redirect URL.
*
* @since 1.4.9
* @param string $redirect_to The redirect destination URL.
* @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise.
*/
$redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
if (is_wp_error($user)) {
if (isset($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], 'ptype=property_submit') && $_POST['log'] != '' && $_POST['pwd'] != '') {
wp_redirect($_SERVER['HTTP_REFERER'] . '&emsg=1');
}
}
if (!is_wp_error($user)) {
// Some servers are not logging the user in properly after wp_signon, se we set the user here.
//wp_set_current_user($user->ID);
//echo '###';exit;
if ($redirect_to) {
wp_redirect($redirect_to);
} else {
wp_redirect(home_url());
}
exit;
}
$errors = $user;
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout'])) {
$errors = new WP_Error();
}
// If cookies are disabled we can't log in even with a valid user+pass
if (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) {
$errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress.", 'geodirectory'));
}
// Some parts of this script use the main login form to display a message
if (isset($_GET['loggedout']) && TRUE == $_GET['loggedout']) {
$successmsg = '<div class="sucess_msg">' . YOU_ARE_LOGED_OUT_MSG . '</div>';
} elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
$successmsg = USER_REG_NOT_ALLOW_MSG;
} elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
$successmsg = EMAIL_CONFIRM_LINK_MSG;
} elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail']) {
$successmsg = NEW_PW_EMAIL_MSG;
} elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
$successmsg = REG_COMPLETE_MSG;
}
if (isset($_POST['log']) && $_POST['log'] != '' && $errors || (!isset($_POST['log']) || $_POST['log'] == '') && isset($_REQUEST['testcookie']) && $_REQUEST['testcookie']) {
if (isset($_REQUEST['pagetype']) && $_REQUEST['pagetype'] != '') {
wp_redirect($_REQUEST['pagetype'] . '&emsg=1');
} else {
wp_redirect(geodir_login_url(array('logemsg' => '1', 'redirect_to' => urlencode($_REQUEST['redirect_to']))));
}
exit;
}
break;
}
// end action switch
}
?>
"><?php
printf(__('← Back to %s'), get_bloginfo('title', 'display'));
?>
</a></p>
<script type="text/javascript">
try{document.getElementById('user_login').focus();}catch(e){}
</script>
</body>
</html>
<?php
break;
case 'resetpass':
case 'rp':
$errors = reset_password($_GET['key']);
if (!is_wp_error($errors)) {
wp_redirect('wp-login.php?checkemail=newpass');
exit;
}
wp_redirect('wp-login.php?action=lostpassword&error=invalidkey');
exit;
break;
case 'register':
if (!get_option('users_can_register')) {
wp_redirect('wp-login.php?registration=disabled');
exit;
}
$user_login = '';
$user_email = '';
if ($http_post) {
<?php
# TemaTres : aplicación para la gestión de lenguajes documentales # #
# #
# Copyright (C) 2004-2015 Diego Ferreyra tematres@r020.com.ar
# Distribuido bajo Licencia GNU Public License, versión 2 (de junio de 1.991) Free Software Foundation
#
###############################################################################################################
#
include "config.tematres.php";
$metadata = do_meta_tag();
if ($_GET["action"] == 'rp' && $_GET["key"]) {
$chek_key = check_password_reset_key($_GET["key"], urldecode($_GET["login"]));
if ($chek_key["user_id"] > 0) {
$task_result = reset_password($chek_key);
}
}
?>
<!DOCTYPE html>
<html lang="<?php
echo LANG;
?>
">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="<?php
echo T3_WEBPATH;
?>
bootstrap/css/bootstrap.min.css" rel="stylesheet">
/**
* Validate password reset
*/
function cubiq_validate_password_reset($errors, $user)
{
// passwords don't match
if ($errors->get_error_code()) {
wp_redirect(home_url('/login/?action=resetpass&failed=nomatch'));
exit;
}
// wp-login already checked if the password is valid, so no further check is needed
if (!empty($_POST['pass1'])) {
reset_password($user, $_POST['pass1']);
wp_redirect(home_url('/login/?action=resetpass&success=1'));
exit;
}
// redirect to change password form
wp_redirect(home_url('/login/?action=resetpass'));
exit;
}
/**
* Update user
*
* @param object $user stdclass for the usr table
* @param object $profile profile field/values to set
* @param string $remotename username on the remote site
* @param array $accountprefs user account preferences to set
* @param bool $forceupdateremote force delete of remotename before update attempted
* @return array list of updated fields
*/
function update_user($user, $profile, $remotename = null, $accountprefs = array(), $forceupdateremote = false, $quickhash = false)
{
require_once get_config('docroot') . 'auth/session.php';
if (!empty($user->id)) {
$oldrecord = get_record('usr', 'id', $user->id);
} else {
$oldrecord = get_record('usr', 'username', $user->username);
}
$userid = $oldrecord->id;
db_begin();
// Log the user out, otherwise they can overwrite all this on the next request
remove_user_sessions($userid);
$updated = array();
$newrecord = new StdClass();
foreach (get_object_vars($user) as $k => $v) {
if (!empty($v) && ($k == 'password' || empty($oldrecord->{$k}) || $oldrecord->{$k} != $v)) {
$newrecord->{$k} = $v;
$updated[$k] = $v;
}
if (!empty($v) && $k === 'email' && $oldrecord->{$k} != $v) {
set_user_primary_email($userid, $v);
}
}
if (count(get_object_vars($newrecord))) {
$newrecord->id = $userid;
update_record('usr', $newrecord);
if (!empty($newrecord->password)) {
$newrecord->authinstance = $user->authinstance;
reset_password($newrecord, false, $quickhash);
}
}
foreach (get_object_vars($profile) as $k => $v) {
if (get_profile_field($userid, $k) != $v) {
set_profile_field($userid, $k, $v);
$updated[$k] = $v;
}
}
if ($remotename) {
$oldremote = get_field('auth_remote_user', 'remoteusername', 'authinstance', $oldrecord->authinstance, 'localusr', $userid);
if ($remotename != $oldremote) {
$updated['remoteuser'] = $remotename;
}
delete_records('auth_remote_user', 'authinstance', $user->authinstance, 'localusr', $userid);
// force the update of the remoteuser - for the case of a series of user updates swapping the remoteuser name
if ($forceupdateremote) {
delete_records('auth_remote_user', 'authinstance', $user->authinstance, 'remoteusername', $remotename);
} else {
// remote username must not already exist
if (record_exists('auth_remote_user', 'remoteusername', $remotename, 'authinstance', $user->authinstance)) {
throw new InvalidArgumentException("user_update: remoteusername already in use: " . $remotename);
}
}
insert_record('auth_remote_user', (object) array('authinstance' => $user->authinstance, 'remoteusername' => $remotename, 'localusr' => $userid));
}
// Update account preferences
if (!empty($accountprefs)) {
$expectedprefs = expected_account_preferences();
foreach ($expectedprefs as $eprefkey => $epref) {
if (isset($accountprefs[$eprefkey]) && $accountprefs[$eprefkey] != get_account_preference($userid, $eprefkey)) {
set_account_preference($userid, $eprefkey, $accountprefs[$eprefkey]);
$updated[$eprefkey] = $accountprefs[$eprefkey];
}
}
}
db_commit();
return $updated;
}
/**
* Returns HTML partial that contains password-reset form.
* Based on WordPress core code from wp-login.php
*
* @since 1.0.0
*
* @return string
*/
private function reset_form()
{
static $Reset_Result = null;
if (null === $Reset_Result) {
lib3()->array->equip_get('login', 'key');
lib3()->array->equip_post('pass1', 'pass2');
$rp_login = wp_unslash($_GET['login']);
$rp_key = wp_unslash($_GET['key']);
$err_msg = new WP_Error();
$fatal_error = false;
lib3()->array->strip_slashes($_POST, 'pass1', 'pass2');
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
// Get the user object and validate the key.
if ($rp_login && $rp_key) {
$user = check_password_reset_key($rp_key, $rp_login);
} else {
$user = false;
}
if (!$user || is_wp_error($user)) {
// If the user was not found then show an error message.
if ($user && 'expired_key' == $user->get_error_code()) {
$fatal_error = true;
$err_msg->add('password_expired_key', __('Sorry, this reset-key is not valid anymore. Please request a new reset email and try again.', 'membership2'));
} else {
$fatal_error = true;
$err_msg->add('password_invalid_key', __('Sorry, we did not find a valid reset-key. Please request a new reset email and try again.', 'membership2'));
}
} else {
// If the user provided a new password, then check it now.
if ($pass1 && $pass1 != $pass2) {
$pass1 = false;
$err_msg->add('password_reset_mismatch', __('The passwords do not match, try again.', 'membership2'));
}
}
if ($fatal_error && count($err_msg->errors)) {
$url = esc_url_raw(add_query_arg(array('show' => 'lostpass'), remove_query_arg(array('action', 'key', 'login'))));
$Reset_Result = sprintf('[ms-note type="warning"]%s[/ms-note]<a href="%s">%s</a>', $err_msg->get_error_message(), $url, __('Request a new password-reset key', 'membership2'));
} elseif ($pass1) {
// This action is documented in wp-login.php
do_action('validate_password_reset', $err_msg, $user);
reset_password($user, $_POST['pass1']);
// All done! Show success message and link to login form
$url = esc_url_raw(remove_query_arg(array('action', 'key', 'login')));
$Reset_Result = sprintf('[ms-note type="info"]%s[/ms-note]<a href="%s">%s</a>', __('Your Password has been reset.', 'membership2'), $url, __('Login with your new password', 'membership2'));
} else {
// This action is documented in wp-login.php
do_action('validate_password_reset', $err_msg, $user);
wp_enqueue_script('utils');
wp_enqueue_script('user-profile');
ob_start();
if (count($err_msg->errors)) {
printf('[ms-note type="warning"]%s[/ms-note]', implode('<br>', $err_msg->get_error_messages()));
}
?>
<form name="resetpassform" id="resetpassform"
action="" method="post" autocomplete="off" class="ms-form">
<input type="hidden" id="user_login"
value="<?php
echo esc_attr($rp_login);
?>
" autocomplete="off"/>
<p class="user-pass1-wrap">
<label for="pass1"><?php
_e('New password');
?>
</label><br />
<div class="wp-pwd">
<span class="password-input-wrapper">
<input type="password" data-reveal="1" data-pw="<?php
echo esc_attr(wp_generate_password(16));
?>
" name="pass1" id="pass1" class="input" size="20" value="" autocomplete="off" aria-describedby="pass-strength-result" />
</span>
<div id="pass-strength-result" class="hide-if-no-js" aria-live="polite"><?php
_e('Strength indicator');
?>
</div>
</div>
</p>
<p class="user-pass2-wrap">
<label for="pass2"><?php
_e('Confirm new password');
?>
</label><br />
<input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off" />
</p>
<p class="description indicator-hint"><?php
echo wp_get_password_hint();
?>
</p>
<br class="clear"/>
<?php
// This action is documented in wp-login.php
do_action('resetpass_form', $user);
?>
<p class="submit">
<input type="hidden" name="rp_key" value="<?php
echo esc_attr($rp_key);
?>
" />
<button type="submit" name="wp-submit" id="wp-submit"
class="button button-primary button-large">
<?php
_e('Reset Password', 'membership2');
?>
</button>
</p>
</form>
<?php
$html = ob_get_clean();
$Reset_Result = apply_filters('ms_compact_code', $html);
}
$Reset_Result = do_shortcode($Reset_Result);
}
return $Reset_Result;
}
// REMEMBER:
// header() must be called before any actual output is
// sent, either by normal HTML tags, blank lines in a file, or from PHP.
// plus addressess must be absolute (we need to change this)
header("Location: ../user_account/index.php");
} else {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Create short variable names.
$user_name = $_POST['user_name'];
$page_result_code = validate_reset_password_form($user_name);
// if validation was succesful
if ($page_result_code == SUCCESS_NO_ERROR) {
// generate a random password.
// update password in users database.
// send password.
$page_result_code = reset_password($user_name);
if ($page_result_code == SUCCESS_NO_ERROR) {
$page_message = "Password reset and sent to your e-mail";
// redirect to the 'user_account' page
// REMEMBER:
// header() must be called before any actual output is
// sent, either by normal HTML tags, blank lines in a file, or from PHP.
// plus addressess must be absolute (we need to change this)
header("Location: ../index.php");
} else {
handle_result_code($page_result_code, $page_message);
}
} else {
handle_result_code($page_result_code, $page_message);
}
}
/**
* Смена пароля пользователя если пароль был отправлен через форму
*/
public function do_password_reset()
{
if ('POST' == $_SERVER['REQUEST_METHOD']) {
$rp_key = $_REQUEST['rp_key'];
$rp_login = $_REQUEST['rp_login'];
$user = check_password_reset_key($rp_key, $rp_login);
if (!$user || is_wp_error($user)) {
if ($user && $user->get_error_code() === 'expired_key') {
wp_redirect(home_url('member-login?login=expiredkey'));
} else {
wp_redirect(home_url('member-login?login=invalidkey'));
}
exit;
}
if (isset($_POST['pass1'])) {
if ($_POST['pass1'] != $_POST['pass2']) {
// Пароли не совпадают
$redirect_url = home_url('member-password-reset');
$redirect_url = add_query_arg('key', $rp_key, $redirect_url);
$redirect_url = add_query_arg('login', $rp_login, $redirect_url);
$redirect_url = add_query_arg('error', 'password_reset_mismatch', $redirect_url);
wp_redirect($redirect_url);
exit;
}
if (empty($_POST['pass1'])) {
// Пароль пустой
$redirect_url = home_url('member-password-reset');
$redirect_url = add_query_arg('key', $rp_key, $redirect_url);
$redirect_url = add_query_arg('login', $rp_login, $redirect_url);
$redirect_url = add_query_arg('error', 'password_reset_empty', $redirect_url);
wp_redirect($redirect_url);
exit;
}
// Проверка параметров ОК, сброс пароля
reset_password($user, $_POST['pass1']);
wp_redirect(home_url('member-login?password=changed'));
} else {
echo "Недопустимый запрос.";
}
exit;
}
}
/**
* Reset Password hooks
*/
function action_reset_pass()
{
list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI']));
$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
if (isset($_GET['key'])) {
$value = sprintf('%s:%s', wp_unslash($_GET['login']), wp_unslash($_GET['key']));
setcookie($rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
wp_safe_redirect(remove_query_arg(array('key', 'login')));
exit;
}
if (isset($_COOKIE[$rp_cookie]) && 0 < strpos($_COOKIE[$rp_cookie], ':')) {
list($rp_login, $rp_key) = explode(':', wp_unslash($_COOKIE[$rp_cookie]), 2);
$user = check_password_reset_key($rp_key, $rp_login);
} else {
$user = false;
}
if (!$user || is_wp_error($user)) {
setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
if ($user && $user->get_error_code() === 'expired_key') {
wp_redirect(site_url('wp-login.php?action=lostpassword&error=expiredkey'));
} else {
wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey'));
}
exit;
}
$errors = new WP_Error();
if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
$errors->add('password_reset_mismatch', __('The passwords do not match.', 'colabsthemes'));
}
/**
* Fires before the password reset procedure is validated.
*
* @since 3.5.0
*
* @param object $errors WP Error object.
* @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise.
*/
do_action('validate_password_reset', $errors, $user);
if (!$errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) {
reset_password($user, $_POST['pass1']);
setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
$message = __('Your password has been reset.', 'colabsthemes') . ' <a href="' . esc_url(wp_login_url()) . '">' . __('Log in', 'colabsthemes') . '</a>';
}
wp_enqueue_script('password-strength-meter');
wp_enqueue_script('zxcvbn-async');
wp_enqueue_script('custom-strengthmeter', trailingslashit(get_template_directory_uri()) . 'includes/js/custom-strengthmeter.js');
if (isset($message) && !empty($message)) {
$this->render_messages($message);
}
if (isset($errors) && sizeof($errors) > 0 && $errors->get_error_code()) {
$this->render_messages($errors);
}
$this->reset_pass_form($rp_key);
}
