private function scramble_password()
{
if ($this->options['scramble_passwords'] && $this->new_user == false) {
$this->user->user_pass = wp_hash_password(wp_generate_password(12, true, true));
wp_update_user($user);
}
}
static function value($new, $old, $post_id, $field)
{
if ($new != $old) {
return wp_hash_password(parent::value($new, $old, $post_id, $field));
} else {
return parent::value($new, $old, $post_id, $field);
}
}
/**
* Set password using bcrypt
*
* @param string $password Plaintext password
* @param int $userId ID of user to whom password belongs
* @return bool|string
*/
function wp_set_password($password, $userId)
{
/** @var \wpdb $wpdb */
global $wpdb;
$hash = wp_hash_password($password);
$wpdb->update($wpdb->users, ['user_pass' => $hash, 'user_activation_key' => ''], ['ID' => $userId]);
wp_cache_delete($userId, 'users');
return $hash;
}
/**
* Test wp_hash_password trims whitespace
*
* This is similar to test_password_trimming but tests the "lower level"
* wp_hash_password function
*
* @ticket 24973
*/
function test_wp_hash_password_trimming()
{
$password = '******';
$this->assertTrue(wp_check_password('pass with leading whitespace', wp_hash_password($password)));
$password = '******';
$this->assertTrue(wp_check_password('pass with trailing whitespace', wp_hash_password($password)));
$password = '******';
$this->assertTrue(wp_check_password('pass with whitespace', wp_hash_password($password)));
$password = "******";
$this->assertTrue(wp_check_password('pass with new line', wp_hash_password($password)));
$password = "******";
$this->assertTrue(wp_check_password('pass with vertial tab o_O', wp_hash_password($password)));
}
public static function setUpBeforeClass()
{
parent::$db_needed = true;
parent::set_up_before_class();
if (extension_loaded('mbstring')) {
self::$pass_1 = self::USER_PASS;
} else {
self::$pass_1 = 'Some ASCII Only PW 4 You!';
}
self::$pass_2 = '!AJd81aasjk2@';
self::$hash_1 = wp_hash_password(self::$pass_1);
self::$hash_2 = wp_hash_password(self::$pass_2);
}
function signup()
{
require_once WPPR_PLUGIN_DIR . '/models/signup-model.php';
$model = new Signup_Model();
$username = sanitize_user($this->username);
$email = sanitize_email($this->email);
$password = $this->password;
$activation_key = generate_key($email);
$userdata = array($username, $email, wp_hash_password($password), $activation_key, CUR_DATE, REMOTE_IP);
if (is_wp_error($this->validate_signup())) {
$attributes['errors'] = $this->validate_signup()->get_error_message();
} else {
$result = $model->insert_signup($userdata);
if (!is_wp_error($result)) {
$attributes['success'] = 'Please check your email for confirmation';
//send email confirmation to user
$this->send_activation_link($username, $email, $password, $activation_key);
} else {
$attributes['errors'] = 'Something went wrong. Please try again later';
}
}
return $attributes;
}
/**
* Handle the loading of the signup screen.
*/
function bp_core_screen_signup()
{
global $bp;
if (!bp_is_current_component('register') || bp_current_action()) {
return;
}
// Not a directory
bp_update_is_directory(false, 'register');
// If the user is logged in, redirect away from here
if (is_user_logged_in()) {
if (bp_is_component_front_page('register')) {
$redirect_to = trailingslashit(bp_get_root_domain() . '/' . bp_get_members_root_slug());
} else {
$redirect_to = bp_get_root_domain();
}
/**
* Filters the URL to redirect logged in users to when visiting registration page.
*
* @since BuddyPress (1.5.1)
*
* @param string $redirect_to URL to redirect user to.
*/
bp_core_redirect(apply_filters('bp_loggedin_register_page_redirect_to', $redirect_to));
return;
}
$bp->signup->step = 'request-details';
if (!bp_get_signup_allowed()) {
$bp->signup->step = 'registration-disabled';
// If the signup page is submitted, validate and save
} elseif (isset($_POST['signup_submit']) && bp_verify_nonce_request('bp_new_signup')) {
/**
* Fires before the validation of a new signup.
*
* @since BuddyPress (2.0.0)
*/
do_action('bp_signup_pre_validate');
// Check the base account details for problems
$account_details = bp_core_validate_user_signup($_POST['signup_username'], $_POST['signup_email']);
// If there are errors with account details, set them for display
if (!empty($account_details['errors']->errors['user_name'])) {
$bp->signup->errors['signup_username'] = $account_details['errors']->errors['user_name'][0];
}
if (!empty($account_details['errors']->errors['user_email'])) {
$bp->signup->errors['signup_email'] = $account_details['errors']->errors['user_email'][0];
}
// Check that both password fields are filled in
if (empty($_POST['signup_password']) || empty($_POST['signup_password_confirm'])) {
$bp->signup->errors['signup_password'] = __('Please make sure you enter your password twice', 'buddypress');
}
// Check that the passwords match
if (!empty($_POST['signup_password']) && !empty($_POST['signup_password_confirm']) && $_POST['signup_password'] != $_POST['signup_password_confirm']) {
$bp->signup->errors['signup_password'] = __('The passwords you entered do not match.', 'buddypress');
}
$bp->signup->username = $_POST['signup_username'];
$bp->signup->email = $_POST['signup_email'];
// Now we've checked account details, we can check profile information
if (bp_is_active('xprofile')) {
// Make sure hidden field is passed and populated
if (isset($_POST['signup_profile_field_ids']) && !empty($_POST['signup_profile_field_ids'])) {
// Let's compact any profile field info into an array
$profile_field_ids = explode(',', $_POST['signup_profile_field_ids']);
// Loop through the posted fields formatting any datebox values then validate the field
foreach ((array) $profile_field_ids as $field_id) {
if (!isset($_POST['field_' . $field_id])) {
if (!empty($_POST['field_' . $field_id . '_day']) && !empty($_POST['field_' . $field_id . '_month']) && !empty($_POST['field_' . $field_id . '_year'])) {
$_POST['field_' . $field_id] = date('Y-m-d H:i:s', strtotime($_POST['field_' . $field_id . '_day'] . $_POST['field_' . $field_id . '_month'] . $_POST['field_' . $field_id . '_year']));
}
}
// Create errors for required fields without values
if (xprofile_check_is_required_field($field_id) && empty($_POST['field_' . $field_id])) {
$bp->signup->errors['field_' . $field_id] = __('This is a required field', 'buddypress');
}
}
// This situation doesn't naturally occur so bounce to website root
} else {
bp_core_redirect(bp_get_root_domain());
}
}
// Finally, let's check the blog details, if the user wants a blog and blog creation is enabled
if (isset($_POST['signup_with_blog'])) {
$active_signup = $bp->site_options['registration'];
if ('blog' == $active_signup || 'all' == $active_signup) {
$blog_details = bp_core_validate_blog_signup($_POST['signup_blog_url'], $_POST['signup_blog_title']);
// If there are errors with blog details, set them for display
if (!empty($blog_details['errors']->errors['blogname'])) {
$bp->signup->errors['signup_blog_url'] = $blog_details['errors']->errors['blogname'][0];
}
if (!empty($blog_details['errors']->errors['blog_title'])) {
$bp->signup->errors['signup_blog_title'] = $blog_details['errors']->errors['blog_title'][0];
}
}
}
/**
* Fires after the validation of a new signup.
*
* @since BuddyPress (1.1.0)
*/
do_action('bp_signup_validate');
// Add any errors to the action for the field in the template for display.
if (!empty($bp->signup->errors)) {
foreach ((array) $bp->signup->errors as $fieldname => $error_message) {
// addslashes() and stripslashes() to avoid create_function()
// syntax errors when the $error_message contains quotes
/**
* Filters the error message in the loop.
*
* @since BuddyPress (1.5.0)
*
* @param string $value Error message wrapped in html.
*/
add_action('bp_' . $fieldname . '_errors', create_function('', 'echo apply_filters(\'bp_members_signup_error_message\', "<div class=\\"error\\">" . stripslashes( \'' . addslashes($error_message) . '\' ) . "</div>" );'));
}
} else {
$bp->signup->step = 'save-details';
// No errors! Let's register those deets.
$active_signup = !empty($bp->site_options['registration']) ? $bp->site_options['registration'] : '';
if ('none' != $active_signup) {
// Make sure the extended profiles module is enabled
if (bp_is_active('xprofile')) {
// Let's compact any profile field info into usermeta
$profile_field_ids = explode(',', $_POST['signup_profile_field_ids']);
// Loop through the posted fields formatting any datebox values then add to usermeta - @todo This logic should be shared with the same in xprofile_screen_edit_profile()
foreach ((array) $profile_field_ids as $field_id) {
if (!isset($_POST['field_' . $field_id])) {
if (!empty($_POST['field_' . $field_id . '_day']) && !empty($_POST['field_' . $field_id . '_month']) && !empty($_POST['field_' . $field_id . '_year'])) {
// Concatenate the values
$date_value = $_POST['field_' . $field_id . '_day'] . ' ' . $_POST['field_' . $field_id . '_month'] . ' ' . $_POST['field_' . $field_id . '_year'];
// Turn the concatenated value into a timestamp
$_POST['field_' . $field_id] = date('Y-m-d H:i:s', strtotime($date_value));
}
}
if (!empty($_POST['field_' . $field_id])) {
$usermeta['field_' . $field_id] = $_POST['field_' . $field_id];
}
if (!empty($_POST['field_' . $field_id . '_visibility'])) {
$usermeta['field_' . $field_id . '_visibility'] = $_POST['field_' . $field_id . '_visibility'];
}
}
// Store the profile field ID's in usermeta
$usermeta['profile_field_ids'] = $_POST['signup_profile_field_ids'];
}
// Hash and store the password
$usermeta['password'] = wp_hash_password($_POST['signup_password']);
// If the user decided to create a blog, save those details to usermeta
if ('blog' == $active_signup || 'all' == $active_signup) {
$usermeta['public'] = isset($_POST['signup_blog_privacy']) && 'public' == $_POST['signup_blog_privacy'] ? true : false;
}
/**
* Filters the user meta used for signup.
*
* @since BuddyPress (1.1.0)
*
* @param array $usermeta Array of user meta to add to signup.
*/
$usermeta = apply_filters('bp_signup_usermeta', $usermeta);
// Finally, sign up the user and/or blog
if (isset($_POST['signup_with_blog']) && is_multisite()) {
$wp_user_id = bp_core_signup_blog($blog_details['domain'], $blog_details['path'], $blog_details['blog_title'], $_POST['signup_username'], $_POST['signup_email'], $usermeta);
} else {
$wp_user_id = bp_core_signup_user($_POST['signup_username'], $_POST['signup_password'], $_POST['signup_email'], $usermeta);
}
if (is_wp_error($wp_user_id)) {
$bp->signup->step = 'request-details';
bp_core_add_message($wp_user_id->get_error_message(), 'error');
} else {
$bp->signup->step = 'completed-confirmation';
}
}
/**
* Fires after the completion of a new signup.
*
* @since BuddyPress (1.1.0)
*/
do_action('bp_complete_signup');
}
}
/**
* Fires right before the loading of the Member registration screen template file.
*
* @since BuddyPress (1.5.0)
*/
do_action('bp_core_screen_signup');
/**
* Filters the template to load for the Member registration page screen.
*
* @since BuddyPress (1.5.0)
*
* @param string $value Path to the Member registration template to load.
*/
bp_core_load_template(apply_filters('bp_core_template_register', array('register', 'registration/register')));
}
/**
* Activates a user
*
* If registration is moderated, sets the activated flag
* in the usermeta. Flag prevents login when WPMEM_MOD_REG
* is true (1). Function is fired from bulk user edit or
* user profile update.
*
* @since 2.4
*
* @param int $user_id
* @param bool $chk_pass
* @uses $wpdb WordPress Database object
*/
function wpmem_a_activate_user($user_id, $chk_pass = false)
{
// define new_pass
$new_pass = '';
// If passwords are user defined skip this
if (!$chk_pass) {
// generates a password to send the user
$new_pass = wp_generate_password();
$new_hash = wp_hash_password($new_pass);
// update the user with the new password
global $wpdb;
$wpdb->update($wpdb->users, array('user_pass' => $new_hash), array('ID' => $user_id), array('%s'), array('%d'));
}
// if subscriptions can expire, set the user's expiration date
if (WPMEM_USE_EXP == 1) {
wpmem_set_exp($user_id);
}
// generate and send user approved email to user
require_once WPMEM_PATH . 'wp-members-email.php';
wpmem_inc_regemail($user_id, $new_pass, 2);
// set the active flag in usermeta
update_user_meta($user_id, 'active', 1);
/**
* Fires after the user activation process is complete.
*
* @since 2.8.2
*
* @param int $user_id The user's ID.
*/
do_action('wpmem_user_activated', $user_id);
return;
}
/**
* Update an user in the database.
*
* It is possible to update a user's password by specifying the 'user_pass'
* value in the $userdata parameter array.
*
* If $userdata does not contain an 'ID' key, then a new user will be created
* and the new user's ID will be returned.
*
* If current user's password is being updated, then the cookies will be
* cleared.
*
* @since 2.0.0
* @see wp_insert_user() For what fields can be set in $userdata
* @uses wp_insert_user() Used to update existing user or add new one if user doesn't exist already
*
* @param array $userdata An array of user data.
* @return int The updated user's ID.
*/
function wp_update_user($userdata)
{
$ID = (int) $userdata['ID'];
// First, get all of the original fields
$user_obj = get_userdata($ID);
$user = get_object_vars($user_obj->data);
// Add additional custom fields
foreach (_get_additional_user_keys($user_obj) as $key) {
$user[$key] = get_user_meta($ID, $key, true);
}
// Escape data pulled from DB.
$user = add_magic_quotes($user);
// If password is changing, hash it now.
if (!empty($userdata['user_pass'])) {
$plaintext_pass = $userdata['user_pass'];
$userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
}
wp_cache_delete($user['user_email'], 'useremail');
// Merge old and new fields with new fields overwriting old ones.
$userdata = array_merge($user, $userdata);
$user_id = wp_insert_user($userdata);
// Update the cookies if the password changed.
$current_user = wp_get_current_user();
if ($current_user->ID == $ID) {
if (isset($plaintext_pass)) {
wp_clear_auth_cookie();
wp_set_auth_cookie($ID);
}
}
return $user_id;
}
/**
* Generate a new application password.
*
* @since 0.1-dev
*
* @access public
* @static
*
* @param int $user_id User ID.
* @param string $name Password name.
* @return array The first key in the array is the new password, the second is its row in the table.
*/
public static function create_new_application_password($user_id, $name)
{
$new_password = wp_generate_password(16, false);
$hashed_password = wp_hash_password($new_password);
$new_item = array('name' => $name, 'password' => $hashed_password, 'created' => time(), 'last_used' => null, 'last_ip' => null);
$passwords = self::get_user_application_passwords($user_id);
if (!$passwords) {
$passwords = array();
}
$passwords[] = $new_item;
self::set_user_application_passwords($user_id, $passwords);
return array($new_password, $new_item);
}
/**
* Updates the user's password with a new encrypted one.
*
* For integration with other applications, this function can be overwritten to
* instead use the other package password checking algorithm.
*
* @since 2.5
* @uses $wpdb WordPress database object for queries
* @uses wp_hash_password() Used to encrypt the user's password before passing to the database
*
* @param string $password The plaintext new user password
* @param int $user_id User ID
*/
function wp_set_password($password, $user_id)
{
global $wpdb;
$hash = wp_hash_password($password);
$query = $wpdb->prepare("UPDATE {$wpdb->users} SET user_pass = %s, user_activation_key = '' WHERE ID = %d", $hash, $user_id);
$wpdb->query($query);
wp_cache_delete($user_id, 'users');
}
function queue_user($user_login, $user_pass, $user_email, $user_meta = '')
{
$sql = "INSERT INTO {$this->user_queue} (user_login, user_pass, user_email, user_timestamp, user_meta) VALUES ";
$sql .= $this->db->prepare("( %s, %s, %s, %d, %s )", $user_login, wp_hash_password($user_pass), $user_email, time(), serialize($user_meta));
$sql .= $this->db->prepare(" ON DUPLICATE KEY UPDATE user_timestamp = %d", time());
if ($this->db->query($sql)) {
return $this->db->insert_id;
} else {
return new WP_Error('queueerror', __('Could not create your user account.', 'membership'));
}
}
function wppb_register_user($global_request, $userdata)
{
$wppb_general_settings = get_option('wppb_general_settings');
$user_id = null;
$new_user_signup = false;
if (isset($wppb_general_settings['loginWith']) && $wppb_general_settings['loginWith'] == 'email') {
$userdata['user_login'] = apply_filters('wppb_generated_random_username', Wordpress_Creation_Kit_PB::wck_generate_slug(trim($userdata['user_email'])), $userdata['user_email']);
}
if (isset($wppb_general_settings['emailConfirmation']) && $wppb_general_settings['emailConfirmation'] == 'yes') {
$new_user_signup = true;
$userdata = $this->wppb_add_custom_field_values($global_request, $userdata, $this->args['form_fields']);
if (!isset($userdata['role'])) {
$userdata['role'] = $this->args['role'];
} else {
if (isset($wppb_module_settings['wppb_customRedirect']) && $wppb_module_settings['wppb_customRedirect'] == 'show' && function_exists('wppb_custom_redirect_url')) {
$this->args['redirect_url'] = wppb_custom_redirect_url('after_registration', $this->args['redirect_url'], $userdata["user_login"], $userdata['role']);
}
}
$userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
if (is_multisite()) {
/* since version 2.0.7 add this meta so we know on what blog the user registered */
$userdata['registered_for_blog_id'] = get_current_blog_id();
$userdata = wp_unslash($userdata);
}
wppb_signup_user($userdata['user_login'], $userdata['user_email'], $userdata);
} else {
if (!isset($userdata['role'])) {
$userdata['role'] = $this->args['role'];
} else {
if (isset($wppb_module_settings['wppb_customRedirect']) && $wppb_module_settings['wppb_customRedirect'] == 'show' && function_exists('wppb_custom_redirect_url')) {
$this->args['redirect_url'] = wppb_custom_redirect_url('after_registration', $this->args['redirect_url'], $userdata["user_login"], $userdata['role']);
}
}
$userdata = wp_unslash($userdata);
// change User Registered date and time according to timezone selected in WordPress settings
$wppb_get_date = wppb_get_date_by_timezone();
if (isset($wppb_get_date)) {
$userdata['user_registered'] = $wppb_get_date;
}
// insert user to database
$user_id = wp_insert_user($userdata);
}
return array('userdata' => $userdata, 'user_id' => $user_id, 'new_user_signup' => $new_user_signup);
}
/**
* Generates a Purchase record from the order
*
* @since 1.1
*
* @return void
**/
function purchase () {
global $Ecart;
// Need a transaction ID to create a purchase
if (empty($this->txnid)) return false;
// Lock for concurrency protection
$this->lock();
$Purchase = new Purchase($this->txnid,'txnid');
if (!empty($Purchase->id)) {
$this->unlock();
$Ecart->resession();
$this->purchase = $Purchase->id;
if ($this->purchase !== false)
ecart_redirect(ecarturl(false,'thanks'));
}
// WordPress account integration used, customer has no wp user
if ("wordpress" == $this->accounts && empty($this->Customer->wpuser)) {
if ( $wpuser = get_current_user_id() ) $this->Customer->wpuser = $wpuser; // use logged in WordPress account
else $this->Customer->create_wpuser(); // not logged in, create new account
}
// New customer, save hashed password
if (!$this->Customer->exists() && !empty($this->Customer->password)) {
$this->Customer->id = false;
if (ECART_DEBUG) new EcartError('Creating new Ecart customer record','new_customer',ECART_DEBUG_ERR);
if ("ecart" == $this->accounts) $this->Customer->notification();
$this->Customer->password = wp_hash_password($this->Customer->password);
} else unset($this->Customer->password); // Existing customer, do not overwrite password field!
$this->Customer->save();
$this->Billing->customer = $this->Customer->id;
$this->Billing->card = substr($this->Billing->card,-4);
$paycard = Lookup::paycard($this->Billing->cardtype);
$this->Billing->cardtype = !$paycard?$this->Billing->cardtype:$paycard->name;
$this->Billing->cvv = false;
$this->Billing->save();
// Card data is truncated, switch the cart to normal mode
$Ecart->Shopping->secured(false);
if (!empty($this->Shipping->address)) {
$this->Shipping->customer = $this->Customer->id;
$this->Shipping->save();
}
$base = $Ecart->Settings->get('base_operations');
$promos = array();
foreach ($this->Cart->discounts as &$promo) {
$promos[$promo->id] = $promo->name;
$promo->uses++;
}
$Purchase = new Purchase();
$Purchase->copydata($this);
$Purchase->copydata($this->Customer);
$Purchase->copydata($this->Billing);
$Purchase->copydata($this->Shipping,'ship');
$Purchase->copydata($this->Cart->Totals);
$Purchase->customer = $this->Customer->id;
$Purchase->billing = $this->Billing->id;
$Purchase->shipping = $this->Shipping->id;
$Purchase->taxing = ($base['vat'])?'inclusive':'exclusive';
$Purchase->promos = $promos;
$Purchase->freight = $this->Cart->Totals->shipping;
$Purchase->ip = $Ecart->Shopping->ip;
$Purchase->save();
$this->unlock();
Promotion::used(array_keys($promos));
foreach($this->Cart->contents as $Item) {
$Purchased = new Purchased();
$Purchased->copydata($Item);
$Purchased->price = $Item->option->id;
$Purchased->purchase = $Purchase->id;
if (!empty($Purchased->download)) $Purchased->keygen();
$Purchased->save();
if ($Item->inventory) $Item->unstock();
}
$this->purchase = $Purchase->id;
$Ecart->Purchase = &$Purchase;
if (ECART_DEBUG) new EcartError('Purchase '.$Purchase->id.' was successfully saved to the database.',false,ECART_DEBUG_ERR);
do_action('ecart_order_notifications');
do_action_ref_array('ecart_order_success',array(&$Ecart->Purchase));
}
/**
* Store secured password in the database.
* @param mixed $new
* @param mixed $old
* @param int $post_id
* @param array $field
* @return string
*/
static function value($new, $old, $post_id, $field)
{
$new = $new != $old ? wp_hash_password($new) : $new;
return $new;
}
public static function process()
{
// We have to avoid truthiness, hence the strange logic expression
if (true !== apply_filters('shopp_validate_registration', true)) {
return;
}
$Customer = ShoppOrder()->Customer;
do_action('shopp_customer_registration', $Customer);
if ($Customer->session(ShoppCustomer::GUEST)) {
$Customer->type = __('Guest', 'Shopp');
// No cuts
$Customer->wpuser = 0;
// No buts
unset($Customer->password);
// No coconuts
} else {
// WordPress account integration used, customer has no wp user
if ('wordpress' == shopp_setting('account_system') && empty($Customer->wpuser)) {
if ($wpuser = get_current_user_id()) {
$Customer->wpuser = $wpuser;
} else {
$Customer->create_wpuser();
}
// not logged in, create new account
}
if (!$Customer->exists(true)) {
$Customer->id = false;
shopp_debug('Creating new Shopp customer record');
if (empty($Customer->password)) {
$Customer->password = wp_generate_password(12, true);
}
if ('shopp' == shopp_setting('account_system')) {
$Customer->notification();
}
$Customer->password = wp_hash_password($Customer->password);
if (isset($Customer->passhash)) {
$Customer->password = $Customer->passhash;
}
} else {
unset($Customer->password);
}
// Existing customer, do not overwrite password field!
}
// New customer, save hashed password
$Customer->save();
$Customer->password = '';
// Update billing and shipping addresses
$addresses = array('Billing', 'Shipping');
foreach ($addresses as $Address) {
if (empty(ShoppOrder()->{$Address}->address)) {
continue;
}
$Address = ShoppOrder()->{$Address};
$Address->customer = $Customer->id;
$Address->save();
}
do_action('shopp_customer_registered', $Customer);
// Auto-login
$Customer->login();
// Login the customer
if (!empty($Customer->wpuser)) {
// Log the WordPress user in
ShoppLogin::wpuser(get_user_by('id', $Customer->wpuser));
}
if (apply_filters('shopp_registration_redirect', false)) {
Shopp::redirect(Shopp::url(false, 'account'));
}
}
function do_process()
{
$action = strtolower(ym_request('Action'));
if (!ym_get('ZombaioGWPass')) {
header('HTTP/1.0 401 Unauthorized');
echo '<h1>Zombaio Gateway 1.1</h1><h3>Authentication failed.</h3>No pass';
exit;
}
$gw_pass = ym_get('ZombaioGWPass');
if ($gw_pass != $this->gw_pass) {
header('HTTP/1.0 401 Unauthorized');
echo '<h1>Zombaio Gateway 1.1</h1><h3>Authentication failed.</h3>Mismatch';
exit;
}
if (!$this->verify_ipn_ip()) {
header('HTTP/1.0 401 Unauthorized');
echo '<h1>Zombaio Gateway 1.1</h1><h3>Authentication failed, you are not Zombaio.</h3>';
exit;
}
// test hit from zombaio
$test = substr(ym_request('username'), 0, 4);
if ($test == 'Test' && !ym_request('extra')) {
// test mode
echo 'OK';
exit;
}
// verify site ID, first catch user.add/delete second credits
$site_id = ym_request('SITE_ID', ym_request('SiteID'));
if ($site_id && $site_id != $this->site_id) {
header('HTTP/1.0 401 Unauthorized');
echo '<h1>Zombaio Gateway 1.1</h1><h3>Authentication failed.</h3>site id';
exit;
}
// verify price ID exists
$data = ym_request('extra');
$complete = FALSE;
switch ($action) {
case 'user.add':
$complete = TRUE;
list($buy, $subscription, $pack_id, $user_id) = explode('_', $data);
if ($this->use_password && ym_get('password')) {
// use password
$user_pass = wp_hash_password(ym_get('password'));
global $wpdb;
$query = 'UPDATE ' . $wpdb->users . ' SET user_pass = \'' . $user_pass . '\' WHERE ID = \'' . $user_id . '\'';
$wpdb->query($query);
}
// store SUBSCRIPTION_ID
$subscription_id = ym_get('SUBSCRIPTION_ID');
update_user_meta($user_id, 'ym_zombaio_subscription_id', $subscription_id);
break;
case 'rebill':
// renewal
$subscription_id = ym_get('SUBSCRIPTION_ID');
if (!$subscription_id) {
header('HTTP/1.0 401 Unauthorized');
echo '<h1>Zombaio Gateway 1.1</h1><h3>Missing Subscription ID.</h3>';
exit;
}
//get user ID by subscription ID
global $wpdb;
$query = 'SELECT user_id FROM ' . $wpdb->usermeta . ' WHERE meta_key = \'ym_zombaio_subscription_id\' AND meta_value = \'' . $subscription_id . '\'';
$user_id = $wpdb->get_var($query);
if (!$user_id) {
header('HTTP/1.0 401 Unauthorized');
echo '<h1>Zombaio Gateway 1.1</h1><h3>User Not Known.</h3>';
exit;
}
$success = ym_request('Success', 0);
// 0 FAIL 2 FAIL retry in 5 days
if ($success == 1) {
$complete = TRUE;
}
$data = new YourMember_User($user_id);
$pack_id = $data->pack_id;
$data = 'buy_subscription_' . $pack_id . '_' . $user_id;
break;
case 'user.delete':
$user = get_user_by('username', ym_get('username'));
if (!$user) {
header('HTTP/1.0 401 Unauthorized');
echo '<h1>Zombaio Gateway 1.1</h1><h3>User Not Known.</h3>';
exit;
}
$user_id = $user->ID;
$data = new YourMember_User($user_id);
$pack_id = $data->pack_id;
$data = 'end_subscription_' . $pack_id . '_' . $user_id;
break;
case 'user.addcredits':
$complete = FALSE;
// no support
$data = 'buy_credits_1_1';
}
$this->common_process($data, $this->code, $complete, FALSE);
echo 'OK';
exit;
}
/**
* Update an user in the database.
*
* It is possible to update a user's password by specifying the 'user_pass'
* value in the $userdata parameter array.
*
* If current user's password is being updated, then the cookies will be
* cleared.
*
* @since 2.0.0
*
* @see wp_insert_user() For what fields can be set in $userdata.
*
* @param mixed $userdata An array of user data or a user object of type stdClass or WP_User.
* @return int|WP_Error The updated user's ID or a WP_Error object if the user could not be updated.
*/
function wp_update_user($userdata)
{
if (is_a($userdata, 'stdClass')) {
$userdata = get_object_vars($userdata);
} elseif (is_a($userdata, 'WP_User')) {
$userdata = $userdata->to_array();
}
$ID = (int) $userdata['ID'];
// First, get all of the original fields
$user_obj = get_userdata($ID);
if (!$user_obj) {
return new WP_Error('invalid_user_id', __('Invalid user ID.'));
}
$user = $user_obj->to_array();
// Add additional custom fields
foreach (_get_additional_user_keys($user_obj) as $key) {
$user[$key] = get_user_meta($ID, $key, true);
}
// Escape data pulled from DB.
$user = add_magic_quotes($user);
// If password is changing, hash it now.
if (!empty($userdata['user_pass'])) {
$plaintext_pass = $userdata['user_pass'];
$userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
}
wp_cache_delete($user['user_email'], 'useremail');
// Merge old and new fields with new fields overwriting old ones.
$userdata = array_merge($user, $userdata);
$user_id = wp_insert_user($userdata);
// Update the cookies if the password changed.
$current_user = wp_get_current_user();
if ($current_user->ID == $ID) {
if (isset($plaintext_pass)) {
wp_clear_auth_cookie();
// Here we calculate the expiration length of the current auth cookie and compare it to the default expiration.
// If it's greater than this, then we know the user checked 'Remember Me' when they logged in.
$logged_in_cookie = wp_parse_auth_cookie('', 'logged_in');
/** This filter is documented in wp-includes/pluggable.php */
$default_cookie_life = apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $ID, false);
$remember = $logged_in_cookie['expiration'] - time() > $default_cookie_life;
wp_set_auth_cookie($ID, $remember);
}
}
return $user_id;
}
function new_fb_login_action()
{
global $wp, $wpdb, $new_fb_settings;
if (isset($_GET['action']) && $_GET['action'] == 'unlink') {
$user_info = wp_get_current_user();
if ($user_info->ID) {
$wpdb->query($wpdb->prepare('DELETE FROM ' . $wpdb->prefix . 'social_users
WHERE ID = %d
AND type = \'fb\'', $user_info->ID));
set_site_transient($user_info->ID . '_new_fb_admin_notice', __('Your Facebook profile is successfully unlinked from your account.', 'nextend-facebook-connect'), 3600);
}
new_fb_redirect();
}
require_once dirname(__FILE__) . '/sdk/init.php';
$user = $facebook->getUser();
if ($user && is_user_logged_in() && new_fb_is_user_connected()) {
new_fb_redirect();
} elseif ($user) {
// Register or Login
try {
// Proceed knowing you have a logged in user who's authenticated.
$user_profile = $facebook->api('/me', 'GET', array('fields' => 'id,name,email,first_name,last_name'));
$ID = $wpdb->get_var($wpdb->prepare('
SELECT ID FROM ' . $wpdb->prefix . 'social_users WHERE type = "fb" AND identifier = "%d"
', $user_profile['id']));
if (!get_user_by('id', $ID)) {
$wpdb->query($wpdb->prepare('
DELETE FROM ' . $wpdb->prefix . 'social_users WHERE ID = "%d"
', $ID));
$ID = null;
}
if (!is_user_logged_in()) {
if ($ID == NULL) {
// Register
if (!isset($user_profile['email'])) {
$user_profile['email'] = $user_profile['id'] . '@facebook.com';
}
$ID = email_exists($user_profile['email']);
if ($ID == false) {
// Real register
require_once ABSPATH . WPINC . '/registration.php';
$random_password = wp_generate_password($length = 12, $include_standard_special_chars = false);
if (!isset($new_fb_settings['fb_user_prefix'])) {
$new_fb_settings['fb_user_prefix'] = 'facebook-';
}
$username = strtolower($user_profile['first_name'] . $user_profile['last_name']);
$sanitized_user_login = sanitize_user($new_fb_settings['fb_user_prefix'] . $username);
if (!validate_username($sanitized_user_login)) {
$sanitized_user_login = sanitize_user('facebook' . $user_profile['id']);
}
$defaul_user_name = $sanitized_user_login;
$i = 1;
while (username_exists($sanitized_user_login)) {
$sanitized_user_login = $defaul_user_name . $i;
$i++;
}
// $ID = wp_create_user($sanitized_user_login, $random_password, $user_profile['email']);
// $ID = wp_create_user($user_profile['email'], $random_password, $user_profile['email']);
$wpdb->insert($wpdb->users, array('user_login' => $user_profile['email'], 'user_pass' => wp_hash_password($random_password), 'user_email' => $user_profile['email'], 'user_registered' => current_time('mysql')), array('%s', '%s', '%s', '%s'));
$ID = $wpdb->insert_id;
if (!is_wp_error($ID)) {
// wp_new_user_notification($ID, $random_password);
$to = $user_profile['email'];
$subject = 'Tài khoản của bạn đã được xác thực';
$body = 'Chào ' . $user_profile['name'] . '<br/>
Việc đăng ký trên Myclass.vn đã được xác thực. Sau đây là thông tin tài khoản của bạn: <br /><br />
Tên đăng nhập: ' . $user_profile['email'] . ' <br/>
Mật khẩu: ' . $random_password . '<br/><br />
Bạn hãy đăng nhập vào itclass.vn để tham gia các khóa học Lập Trình tốt nhất, mang tính thực tiễn cao của chúng tôi. <br />
Thân mến <br />
<a href="http://itclass.vn">Myclass.vn</a>';
$headers = array('Content-Type: text/html; charset=UTF-8');
wp_mail($to, $subject, $body, $headers);
$user_info = get_userdata($ID);
wp_update_user(array('ID' => $ID, 'display_name' => $user_profile['name'], 'user_nicename' => $sanitized_user_login, 'first_name' => $user_profile['first_name'], 'last_name' => $user_profile['last_name']));
//update_user_meta( $ID, 'new_fb_default_password', $user_info->user_pass);
do_action('nextend_fb_user_registered', $ID, $user_profile, $facebook);
} else {
return;
}
}
if ($ID) {
$wpdb->insert($wpdb->prefix . 'social_users', array('ID' => $ID, 'type' => 'fb', 'identifier' => $user_profile['id']), array('%d', '%s', '%s'));
}
if (isset($new_fb_settings['fb_redirect_reg']) && $new_fb_settings['fb_redirect_reg'] != '' && $new_fb_settings['fb_redirect_reg'] != 'auto') {
set_site_transient(nextend_uniqid() . '_fb_r', $new_fb_settings['fb_redirect_reg'], 3600);
}
}
if ($ID) {
// Login
$secure_cookie = is_ssl();
$secure_cookie = apply_filters('secure_signon_cookie', $secure_cookie, array());
global $auth_secure_cookie;
// XXX ugly hack to pass this to wp_authenticate_cookie
$auth_secure_cookie = $secure_cookie;
wp_set_auth_cookie($ID, true, $secure_cookie);
$user_info = get_userdata($ID);
update_user_meta($ID, 'fb_profile_picture', 'https://graph.facebook.com/' . $user_profile['id'] . '/picture?type=large');
do_action('wp_login', $user_info->user_login, $user_info);
update_user_meta($ID, 'fb_user_access_token', $facebook->getAccessToken());
do_action('nextend_fb_user_logged_in', $ID, $user_profile, $facebook);
}
} else {
$current_user = wp_get_current_user();
if ($current_user->ID == $ID) {
// It was a simple login
} elseif ($ID === NULL) {
// Let's connect the accout to the current user!
$wpdb->insert($wpdb->prefix . 'social_users', array('ID' => $current_user->ID, 'type' => 'fb', 'identifier' => $user_profile['id']), array('%d', '%s', '%s'));
update_user_meta($current_user->ID, 'fb_user_access_token', $facebook->getAccessToken());
do_action('nextend_fb_user_account_linked', $ID, $user_profile, $facebook);
$user_info = wp_get_current_user();
set_site_transient($user_info->ID . '_new_fb_admin_notice', __('Your Facebook profile is successfully linked with your account. Now you can sign in with Facebook easily.', 'nextend-facebook-connect'), 3600);
} else {
$user_info = wp_get_current_user();
set_site_transient($user_info->ID . '_new_fb_admin_notice', __('This Facebook profile is already linked with other account. Linking process failed!', 'nextend-facebook-connect'), 3600);
}
}
new_fb_redirect();
} catch (FacebookApiException $e) {
echo 'Caught exception: ', $e->getMessage(), "\n";
//echo '<pre>'.htmlspecialchars(print_r($e, true)).'</pre>';
$user = null;
}
exit;
} else {
if (!isset($_GET['code'])) {
$scope = apply_filters('nextend_fb_scope', 'email');
$loginUrl = $facebook->getLoginUrl(array('scope' => $scope));
if (isset($new_fb_settings['fb_redirect']) && $new_fb_settings['fb_redirect'] != '' && $new_fb_settings['fb_redirect'] != 'auto') {
$_GET['redirect'] = $new_fb_settings['fb_redirect'];
}
if (isset($_GET['redirect'])) {
set_site_transient(nextend_uniqid() . '_fb_r', $_GET['redirect'], 3600);
}
$redirect = get_site_transient(nextend_uniqid() . '_fb_r');
if ($redirect == '' || $redirect == new_fb_login_url()) {
set_site_transient(nextend_uniqid() . '_fb_r', site_url(), 3600);
}
header('Location: ' . $loginUrl);
exit;
} else {
echo "Login error!";
exit;
}
}
}
function create($email, $sub_id = false, $smflag = false, $username = false, $password = false, $custom_fields = false, $package = false, $expire_date = false)
{
global $wpdb;
// is email a email?
if (empty($email)) {
return new WP_Error('empty_email', __('<strong>ERROR</strong>: Please type your e-mail address.'));
} else {
if (!is_email($email)) {
return new WP_Error('invalid_email', __('<strong>ERROR</strong>: The email address isn’t correct.'));
}
}
if (email_exists($email)) {
return new WP_Error('existing_user_email', __('This email address is already registered.'));
}
if (!$username) {
$username = $email;
}
if ($username) {
if (username_exists($username)) {
return new WP_Error('existing_user_login', __('This Username is already registered.'));
}
}
if (!$password) {
$password = wp_generate_password(12, false);
}
$pw_hash = wp_hash_password($password);
//$user_id = wp_create_user($username,$password,$email); - can't be used due to register action
$user_login = $username;
$user_pass = $pw_hash;
$user_email = $email;
$user_nicename = $username;
$display_name = $username;
$user_registered = gmdate('Y-m-d H:i:s');
$user_url = $custom_fields['user_url'];
$data = compact('user_pass', 'user_email', 'user_url', 'user_nicename', 'display_name', 'user_registered');
$data = stripslashes_deep($data);
$wpdb->insert($wpdb->users, $data + compact('user_login'));
$user_id = (int) $wpdb->insert_id;
$rich_editing = 'true';
$comment_shortcuts = 'false';
$admin_color = 'fresh';
$use_ssl = 0;
update_user_meta($user_id, 'rich_editing', $rich_editing);
update_user_meta($user_id, 'comment_shortcuts', $comment_shortcuts);
update_user_meta($user_id, 'admin_color', $admin_color);
update_user_meta($user_id, 'use_ssl', $use_ssl);
$this->ID = $user_id;
//Custom Fields
if ($custom_fields) {
//take the array and check the field names
if (is_array($custom_fields)) {
$ym_custom = get_user_meta($user_id, 'ym_custom_fields', TRUE);
foreach ($custom_fields as $field => $value) {
$custom_field = ym_get_custom_field_by_name($field);
if ($custom_field) {
$ym_custom[$custom_field['id']] = $value;
//Patch to fix first_name & last_name not populating on import
if (in_array($custom_field['name'], array('first_name', 'last_name'))) {
update_user_meta($user_id, $custom_field['name'], $value);
}
}
}
update_user_meta($user_id, 'ym_custom_fields', $ym_custom);
}
}
// package
if (isset($sub_id) || isset($package)) {
if (isset($sub_id)) {
// pass to payment engine
$pay = new ym_payment_gateway();
$pay->code = 'ym_create';
$pay->name = 'ym_create';
$pay->nomore_email = TRUE;
// call full update
$pay->do_buy_subscription($sub_id, $user_id, TRUE);
//Override the expire date if its set
if ($expire_date) {
$data = array('expire_date' => $expire_date);
//Update the user data
$this->update($data);
$this->save();
}
} elseif (isset($package) && is_array($package)) {
$this->account_type = $package['account_type'];
$this->duration = $package['duration'];
$this->duration_type = $package['duration_type'];
if ($package['expire_date']) {
$this->expire_date = intval($package['expire_date']);
} else {
$this->expire_date = $this->expiry_time($package['duration'], $package['duration_type']);
}
$this->role = $package['role'];
$this->last_pay_date = time();
$this->status_str = __('API Account: ', 'ym') . ucwords($this->account_type);
// make active
$this->status = YM_STATUS_ACTIVE;
@ym_log_transaction(YM_ACCOUNT_TYPE_ASSIGNATION, $this->account_type, $user_id);
//Update the user data
$this->save();
//log in transaction table
@ym_log_transaction(YM_ACCESS_EXTENSION, date(YM_DATEFORMAT, time()), $user_id);
@ym_log_transaction(YM_USER_STATUS_UPDATE, 'Active', $user_id);
//Set a role
if (!$this->role) {
$this->role = 'subscriber';
}
$this->updaterole($this->role);
}
}
//last thing, send notification if flag is set
if ($smflag) {
ym_email_add_filters();
wp_new_user_notification($user_id, $password);
ym_email_remove_filters();
}
do_action('yourmember_user_created', $user_id, $password);
//tidy up after ourselves
wp_cache_delete($user_id, 'users');
wp_cache_delete($user_login, 'userlogins');
// call user_register?
//do_action('user_register', $user_id);
return $user_id;
}
public function save(ShoppCustomer $Customer)
{
if ($this->request('new')) {
if (!isset($this->valid_email)) {
return $this->notice(Shopp::__('Could not create new customer. You must enter a valid email address.'));
}
if (!isset($this->valid_password)) {
$this->password = wp_hash_password(wp_generate_password(12, true));
}
if ('wordpress' !== shopp_setting('account_system')) {
$wpuser = $Customer->create_wpuser();
$login = '******' . sanitize_user($this->form('userlogin')) . '</strong>';
if ($wpuser) {
$this->notice(Shopp::__('A new customer has been created with the WordPress login "%s".', $login), 'error');
} else {
$this->notice(Shopp::__('Could not create the WordPress login "%s" for the new customer.', $login), 'error');
}
}
$this->notice(Shopp::__('New customer created.'));
}
$Customer->save();
}
function restore($args)
{
global $wpdb, $wp_filesystem;
if (empty($args)) {
return false;
}
extract($args);
$this->set_resource_limit();
$unlink_file = true;
//Delete file after restore
include_once ABSPATH . 'wp-admin/includes/file.php';
//Detect source
if ($backup_url || isset($manualBackupFile) && !empty($manualBackupFile)) {
//This is for clone (overwrite)
$backup_file = array();
if (!$backup_url) {
$site_url = site_url();
$backup_url = $site_url . "/" . $manualBackupFile;
}
$backup_url_array = $this->get_files_array_from_iwp_part($backup_url);
if (!is_array($backup_url_array)) {
echo "this backup backup_url - " . $backup_url_array;
$temp_backup_url = $backup_url_array;
$backup_url_array = array();
$backup_url_array[] = $temp_backup_url;
}
foreach ($backup_url_array as $key => $single_backup_url) {
$backup_file[] = download_url($single_backup_url);
if (is_wp_error($backup_file[$key])) {
return array('error' => 'Unable to download backup file (' . $backup_file[$key]->get_error_message() . ')', 'error_code' => 'unable_to_download_backup_file');
}
}
$what = 'full';
} else {
//manual restore darkPrince
$tasks = array();
$task = array();
$tasks = $this->get_requested_task($result_id);
$tasks['taskResults'] = unserialize($tasks['taskResults']);
$backup = $tasks['taskResults']['task_results'][$result_id];
//darkCode testing purpose
$hashValues = $backup['hashValues'];
//$backup = $tasks['taskResults'];
$requestParams = unserialize($tasks['requestParams']);
$args = $requestParams['account_info'];
//$task = $tasks['Backup Now'];
if (isset($backup['server'])) {
$backup_file = $backup['server']['file_path'];
$unlink_file = false;
//Don't delete file if stored on server
} elseif (isset($backup['ftp'])) {
$ftp_file = $backup['ftp'];
$args = $args['iwp_ftp'];
if (!is_array($ftp_file)) {
$ftp_file = array();
$ftp_file[0] = $backup['ftp'];
$backup_file = array();
}
foreach ($ftp_file as $key => $value) {
$args['backup_file'] = $value;
iwp_mmb_print_flush('FTP download: Start ' . $key);
$backup_file[] = $this->get_ftp_backup($args);
iwp_mmb_print_flush('FTP download: End ' . $key);
if ($backup_file[$key] == false) {
return array('error' => 'Failed to download file from FTP.', 'error_code' => 'failed_to_download_file_from_ftp');
}
}
} elseif (isset($backup['amazons3'])) {
$amazons3_file = $backup['amazons3'];
$args = $args['iwp_amazon_s3'];
if (!is_array($amazons3_file)) {
$amazons3_file = array();
$amazons3_file[0] = $backup['amazons3'];
$backup_file = array();
}
foreach ($amazons3_file as $key => $value) {
$args['backup_file'] = $value;
iwp_mmb_print_flush('Amazon S3 download: Start ' . $key);
if (is_new_s3_compatible()) {
require_once $GLOBALS['iwp_mmb_plugin_dir'] . '/lib/amazon/s3IWPBackup.php';
$new_s3_obj = new IWP_MMB_S3_MULTICALL();
$backup_file[] = $new_s3_obj->get_amazons3_backup($args);
} else {
$backup_file[] = $this->get_amazons3_backup_bwd_comp($args);
}
iwp_mmb_print_flush('Amazon S3 download: End ' . $key);
if ($backup_file[$key] == false) {
return array('error' => 'Failed to download file from Amazon S3.', 'error_code' => 'failed_to_download_file_from_s3');
} else {
if (is_array($backup_file[$key]) && isset($backup_file[$key]['error'])) {
return array('error' => 'Failed to download file from Amazon S3. Please enable curl first.', 'error_code' => 'failed_to_download_file_from_s3_enable_curl');
}
}
}
} elseif (isset($backup['dropbox'])) {
$dropbox_file = $backup['dropbox'];
$args = $args['iwp_dropbox'];
if (!is_array($dropbox_file)) {
$dropbox_file = array();
$dropbox_file[0] = $backup['dropbox'];
$backup_file = array();
}
foreach ($dropbox_file as $key => $value) {
$args['backup_file'] = $value;
iwp_mmb_print_flush('Dropbox download: Start ' . $key);
$backup_file[] = $this->get_dropbox_backup($args);
iwp_mmb_print_flush('Dropbox download: End ' . $key);
if ($backup_file[$key] == false) {
return array('error' => 'Failed to download file from Dropbox.', 'error_code' => 'failed_to_download_file_from_dropbox');
} else {
if (is_array($backup_file[$key]) && isset($backup_file[$key]['error'])) {
return array('error' => 'Failed to download file from Dropbox. Please enable curl first.', 'error_code' => 'failed_to_download_file_from_dbox_enable_curl');
}
}
}
} elseif (isset($backup['gDrive'])) {
$gdrive_file = $backup['gDrive'];
$args = $args['iwp_gdrive'];
if (!is_array($gdrive_file)) {
$gdrive_file = array();
$gdrive_file[0] = $backup['gDrive'];
$backup_file = array();
}
foreach ($gdrive_file as $key => $value) {
$args['backup_file'] = $value;
iwp_mmb_print_flush('gDrive download: Start');
$backup_file[] = $this->get_google_drive_backup($args);
iwp_mmb_print_flush('gDrive download: End');
if (is_array($backup_file[$key]) && array_key_exists('error', $backup_file[$key])) {
return $backup_file[$key];
}
if ($backup_file[$key] == false) {
return array('error' => 'Failed to download file from gDrive.');
}
}
}
//$what = $tasks[$task_name]['task_args']['what'];
$what = $requestParams['args']['what'];
}
$this->wpdb_reconnect();
/////////////////// dev ////////////////////////
if (!$this->is_server_writable()) {
return array('error' => 'Failed, please add FTP details', 'error_code' => 'failed_please_add_ftp_details');
}
$url = wp_nonce_url('index.php?page=iwp_no_page', 'iwp_fs_cred');
ob_start();
if (false === ($creds = request_filesystem_credentials($url, '', false, ABSPATH, null))) {
return array('error' => 'Unable to get file system credentials', 'error_code' => 'unable_to_get_file_system_credentials');
// stop processing here
}
ob_end_clean();
if (!WP_Filesystem($creds, ABSPATH)) {
//request_filesystem_credentials($url, '', true, false, null);
return array('error' => 'Unable to initiate file system. Please check you have entered valid FTP credentials.', 'error_code' => 'unable_to_initiate_file_system');
// stop processing here
//return;
}
require_once ABSPATH . 'wp-admin/includes/class-wp-filesystem-direct.php';
//will be used to copy from temp directory
// do process
//$temp_dir = get_temp_dir();
$temp_dir = IWP_PCLZIP_TEMPORARY_DIR;
if (file_exists(IWP_PCLZIP_TEMPORARY_DIR) && is_dir(IWP_PCLZIP_TEMPORARY_DIR)) {
//
} else {
if (file_exists(dirname(IWP_PCLZIP_TEMPORARY_DIR)) && is_dir(dirname(IWP_PCLZIP_TEMPORARY_DIR))) {
@mkdir(IWP_PCLZIP_TEMPORARY_DIR, 0755, true);
} else {
@mkdir(dirname(IWP_PCLZIP_TEMPORARY_DIR), 0755, true);
@mkdir(IWP_PCLZIP_TEMPORARY_DIR, 0755, true);
}
}
if (is_writable(IWP_PCLZIP_TEMPORARY_DIR)) {
@file_put_contents(IWP_PCLZIP_TEMPORARY_DIR . '/index.php', '');
//safe
} else {
$chmod = chmod(IWP_PCLZIP_TEMPORARY_DIR, 777);
if (is_writable(IWP_PCLZIP_TEMPORARY_DIR)) {
@file_put_contents(IWP_PCLZIP_TEMPORARY_DIR . '/index.php', '');
//safe
}
}
if (is_writable(IWP_PCLZIP_TEMPORARY_DIR)) {
$temp_dir = IWP_PCLZIP_TEMPORARY_DIR;
} else {
$temp_dir = get_temp_dir();
if (!is_writable($temp_dir)) {
return array('error' => 'Temporary directory is not writable. Please set 777 permission for ' . IWP_PCLZIP_TEMPORARY_DIR . ' and try again.', 'error_code' => 'pclzip_temp_dir_not_writable_please_set_777');
}
}
$new_temp_folder = untrailingslashit($temp_dir);
$temp_uniq = md5(microtime(1));
//should be random
while (is_dir($new_temp_folder . '/' . $temp_uniq)) {
$temp_uniq = md5(microtime(1));
}
$new_temp_folder = trailingslashit($new_temp_folder . '/' . $temp_uniq);
$is_dir_created = mkdir($new_temp_folder);
// new folder should be empty
if (!$is_dir_created) {
return array('error' => 'Unable to create a temporary directory.', 'error_code' => 'unable_to_create_temporary_directory');
}
$remote_abspath = $wp_filesystem->abspath();
if (!empty($remote_abspath)) {
$remote_abspath = trailingslashit($remote_abspath);
} else {
return array('error' => 'Unable to locate WP root directory using file system.', 'error_code' => 'unable_to_locate_wp_root_directory_using_file_system');
}
//global $wp_filesystem;
// $wp_filesystem->put_contents(
// '/tmp/example.txt',
// 'Example contents of a file',
// FS_CHMOD_FILE // predefined mode settings for WP files
// );
/////////////////// dev ////////////////////////
//if ($backup_file && file_exists($backup_file)) {
if ($backup_file) {
if ($overwrite) {
//clone only fresh or existing to existing
//Keep old db credentials before overwrite
if (!$wp_filesystem->copy($remote_abspath . 'wp-config.php', $remote_abspath . 'iwp-temp-wp-config.php', true)) {
if ($unlink_file) {
if (!is_array($backup_file)) {
$temp_backup_file = $backup_file;
$backup_file = array();
$backup_file = $temp_backup_file;
}
foreach ($backup_file as $k => $value) {
@unlink($value);
}
}
return array('error' => 'Error creating wp-config. Please check your write permissions.', 'error_code' => 'error_creating_wp_config');
}
$db_host = DB_HOST;
$db_user = DB_USER;
$db_password = DB_PASSWORD;
$home = rtrim(get_option('home'), "/");
$site_url = get_option('site_url');
$clone_options = array();
if (trim($clone_from_url) || trim($iwp_clone) || trim($maintain_old_key)) {
$clone_options['iwp_client_nossl_key'] = get_option('iwp_client_nossl_key');
$clone_options['iwp_client_public_key'] = get_option('iwp_client_public_key');
$clone_options['iwp_client_action_message_id'] = get_option('iwp_client_action_message_id');
}
//$clone_options['iwp_client_backup_tasks'] = serialize(get_option('iwp_client_multi_backup_temp_values'));
$clone_options['iwp_client_notifications'] = serialize(get_option('iwp_client_notifications'));
$clone_options['iwp_client_pageview_alerts'] = serialize(get_option('iwp_client_pageview_alerts'));
$qry = "SELECT * FROM " . $wpdb->base_prefix . "iwp_backup_status";
$clone_options['iwp_client_backup_tasks'] = $wpdb->get_results($qry, ARRAY_A);
/*if(!$clone_options['iwp_client_backup_tasks'])
{
return array(
'error' => 'Unable to restore clone options.'
);
}*/
} else {
$restore_options = array();
$restore_options['iwp_client_notifications'] = serialize(get_option('iwp_client_notifications'));
$restore_options['iwp_client_pageview_alerts'] = serialize(get_option('iwp_client_pageview_alerts'));
$restore_options['iwp_client_user_hit_count'] = serialize(get_option('iwp_client_user_hit_count'));
//$restore_options['iwp_client_backup_tasks'] = serialize(get_option('iwp_client_multi_backup_temp_values'));
$qry = "SELECT * FROM " . $wpdb->base_prefix . "iwp_backup_status";
$restore_options['iwp_client_backup_tasks'] = $wpdb->get_results($qry, ARRAY_A);
/*if(!$restore_options['iwp_client_backup_tasks'])
{
return array(
'error' => 'Unable to restore options.'
);
}*/
}
//Backup file will be extracted to a temporary path
if (!is_array($backup_file)) {
$temp_backup_file = $backup_file;
$backup_file = array();
$backup_file[0] = $temp_backup_file;
}
foreach ($backup_file as $single_backup_file) {
echo "this backup file - " . $single_backup_file;
//chdir(ABSPATH);
$unzip = $this->get_unzip();
$command = "{$unzip} -o {$single_backup_file} -d {$new_temp_folder}";
iwp_mmb_print_flush('ZIP Extract CMD: Start');
ob_start();
$result = $this->iwp_mmb_exec($command);
//$result = false;
ob_get_clean();
iwp_mmb_print_flush('ZIP Extract CMD: End');
if (!$result) {
//fallback to pclzip
////define('IWP_PCLZIP_TEMPORARY_DIR', IWP_BACKUP_DIR . '/');
//require_once ABSPATH . '/wp-admin/includes/class-pclzip.php';
//require_once $GLOBALS['iwp_mmb_plugin_dir'].'/pclzip.class.php';
iwp_mmb_print_flush('ZIP Extract PCL: Start');
$archive = new IWPPclZip($single_backup_file);
$result = $archive->extract(IWP_PCLZIP_OPT_PATH, $new_temp_folder, IWP_PCLZIP_OPT_REPLACE_NEWER);
iwp_mmb_print_flush('ZIP Extract PCL: End');
}
$this->wpdb_reconnect();
if ($unlink_file) {
@unlink($single_backup_file);
}
if (!$result) {
if ($unlink_file) {
foreach ($backup_file as $single_file) {
@unlink($single_file);
}
}
return array('error' => 'Failed to unzip files. pclZip error (' . $archive->error_code . '): .' . $archive->error_string, 'error_code' => 'failed_to_unzip_files');
}
}
//appending files if split is done
$joinedFilesArray = $this->appendSplitFiles($new_temp_folder);
//$compareHashValuesArray = $this -> compareHashValues($joinedFilesArray['orgHash'], $joinedFilesArray['afterSplitHash']);
//do the restore db part only if the category is full or db .. else skip it for files alone concept
if ($what == 'full' || $what == 'db') {
$db_result = $this->restore_db($new_temp_folder);
if (!$db_result) {
return array('error' => 'Error restoring database.', 'error_code' => 'error_restoring_database');
} else {
if (is_array($db_result) && isset($db_result['error'])) {
return array('error' => $db_result['error']);
}
}
}
} else {
return array('error' => 'Backup file not found.', 'error_code' => 'backup_file_not_found');
}
$bError = error_get_last();
//copy files from temp to ABSPATH
$copy_result = $this->iwp_mmb_direct_to_any_copy_dir($new_temp_folder, $remote_abspath);
if (is_wp_error($copy_result)) {
$wp_temp_direct2 = new WP_Filesystem_Direct('');
$wp_temp_direct2->delete($new_temp_folder, true);
return $copy_result;
}
$this->wpdb_reconnect();
//Replace options and content urls
if ($overwrite) {
//fresh WP package or existing to existing site
//Get New Table prefix
$new_table_prefix = trim($this->get_table_prefix());
//Retrieve old wp_config
//@unlink(ABSPATH . 'wp-config.php');
$wp_filesystem->delete($remote_abspath . 'wp-config.php', false, 'f');
//Replace table prefix
//$lines = file(ABSPATH . 'iwp-temp-wp-config.php');
$lines = $wp_filesystem->get_contents_array($remote_abspath . 'iwp-temp-wp-config.php');
$new_lines = '';
foreach ($lines as $line) {
if (strstr($line, '$table_prefix')) {
$line = '$table_prefix = "' . $new_table_prefix . '";' . PHP_EOL;
}
$new_lines .= $line;
//file_put_contents(ABSPATH . 'wp-config.php', $line, FILE_APPEND);
}
$wp_filesystem->put_contents($remote_abspath . 'wp-config.php', $new_lines);
//@unlink(ABSPATH . 'iwp-temp-wp-config.php');
$wp_filesystem->delete($remote_abspath . 'iwp-temp-wp-config.php', false, 'f');
//Replace options
$query = "SELECT option_value FROM " . $new_table_prefix . "options WHERE option_name = 'home'";
$old = $wpdb->get_var($query);
$old = rtrim($old, "/");
$query = "UPDATE " . $new_table_prefix . "options SET option_value = %s WHERE option_name = 'home'";
$wpdb->query($wpdb->prepare($query, $home));
$query = "UPDATE " . $new_table_prefix . "options SET option_value = %s WHERE option_name = 'siteurl'";
$wpdb->query($wpdb->prepare($query, $home));
//Replace content urls
$regexp1 = 'src="(.*)' . $old . '(.*)"';
$regexp2 = 'href="(.*)' . $old . '(.*)"';
$query = "UPDATE " . $new_table_prefix . "posts SET post_content = REPLACE (post_content, %s,%s) WHERE post_content REGEXP %s OR post_content REGEXP %s";
$wpdb->query($wpdb->prepare($query, $old, $home, $regexp1, $regexp2));
if (trim($new_password)) {
$new_password = wp_hash_password($new_password);
}
if (!trim($clone_from_url) && !trim($iwp_clone)) {
if ($new_user && $new_password) {
$query = "UPDATE " . $new_table_prefix . "users SET user_login = %s, user_pass = %s WHERE user_login = %s";
$wpdb->query($wpdb->prepare($query, $new_user, $new_password, $old_user));
}
} else {
// if ($iwp_clone) {
if ($admin_email) {
//Clean Install
$query = "UPDATE " . $new_table_prefix . "options SET option_value = %s WHERE option_name = 'admin_email'";
$wpdb->query($wpdb->prepare($query, $admin_email));
$query = "SELECT * FROM " . $new_table_prefix . "users LIMIT 1";
$temp_user = $wpdb->get_row($query);
if (!empty($temp_user)) {
$query = "UPDATE " . $new_table_prefix . "users SET user_email=%s, user_login = %s, user_pass = %s WHERE user_login = %s";
$wpdb->query($wpdb->prepare($query, $admin_email, $new_user, $new_password, $temp_user->user_login));
}
}
// }
//if ($clone_from_url) {
if ($new_user && $new_password) {
$query = "UPDATE " . $new_table_prefix . "users SET user_pass = %s WHERE user_login = %s";
$wpdb->query($wpdb->prepare($query, $new_password, $new_user));
}
// }
}
if (is_array($clone_options) && !empty($clone_options)) {
$GLOBALS['table_prefix'] = $new_table_prefix;
$this->clone_restore_options($clone_options);
if (!empty($clone_options['iwp_client_nossl_key'])) {
$query = "SELECT * FROM " . $new_table_prefix . "options WHERE option_name = 'iwp_client_nossl_key'";
$temp_row = $wpdb->get_row($query);
if (!empty($temp_row)) {
$query = "UPDATE " . $new_table_prefix . "options SET option_value = %s WHERE option_name = 'iwp_client_nossl_key'";
$wpdb->query($wpdb->prepare($query, $clone_options['iwp_client_nossl_key']));
} else {
$insert = $wpdb->insert($new_table_prefix . "options", array('option_name' => 'iwp_client_nossl_key', 'option_value' => $clone_options['iwp_client_nossl_key'], 'autoload' => 'yes'), array('%s', '%s', '%s'));
}
}
if (!empty($clone_options['iwp_client_public_key'])) {
$query = "SELECT * FROM " . $new_table_prefix . "options WHERE option_name = 'iwp_client_public_key'";
$temp_row = $wpdb->get_row($query);
if (!empty($temp_row)) {
$query = "UPDATE " . $new_table_prefix . "options SET option_value = %s WHERE option_name = 'iwp_client_public_key'";
$wpdb->query($wpdb->prepare($query, $clone_options['iwp_client_public_key']));
} else {
$insert = $wpdb->insert($new_table_prefix . "options", array('option_name' => 'iwp_client_public_key', 'option_value' => $clone_options['iwp_client_public_key'], 'autoload' => 'yes'), array('%s', '%s', '%s'));
}
}
}
$query = "SELECT * FROM " . $new_table_prefix . "users LIMIT 1";
$temp_user = $wpdb->get_row($query);
$new_user = $temp_user->user_login;
//Remove hit count
$query = "DELETE FROM " . $new_table_prefix . "options WHERE option_name = 'iwp_client_user_hit_count'";
$wpdb->query($query);
//Check for .htaccess permalinks update
$this->replace_htaccess($home, $remote_abspath);
} else {
//restore client options
if (is_array($restore_options) && !empty($restore_options)) {
$GLOBALS['table_prefix'] = $wpdb->base_prefix;
$this->clone_restore_options($restore_options);
}
}
//clear the temp directory
$wp_temp_direct2 = new WP_Filesystem_Direct('');
$wp_temp_direct2->delete($new_temp_folder, true);
return !empty($new_user) ? $new_user : true;
}
<?php
if (!defined('ABSPATH')) {
exit;
}
global $wpdb, $registry, $message, $validator;
if (isset($_POST['save'])) {
if (wp_check_password($_POST['old_password'], $user_info->user_pass, $user_id)) {
if (strlen(wp_unslash($_POST['new_password'])) > 5) {
if (strlen(wp_unslash($_POST['new_password'])) <= 16) {
if (wp_unslash($_POST['new_password_repeat']) == wp_unslash($_POST['new_password'])) {
if (wp_unslash($_POST['new_password']) != wp_unslash($_POST['old_password'])) {
$hash = wp_hash_password(wp_unslash($_POST['new_password']));
if ($wpdb->update('is_users', array('user_pass' => $hash), array('ID' => $user_id))) {
$message[0] = 'success';
$message[1] = 'მონაცემები წარმატებით შეიცვალა';
} else {
$message[0] = 'error';
$message[1] = 'ვერ ხერხდება ბაზასთან დაკავშირება, მოგვიანებით სცადეთ.';
}
} else {
$message[0] = 'error';
$message[1] = 'ძველი და ახალი პაროლები არ უნდა ემთხვეოდეს ერთმანეთს.';
}
} else {
$message[0] = 'error';
$message[1] = 'ახალი პაროლი და გაიმეორე პაროლი არ ემთხვევა ერთმანეთს.';
}
} else {
$message[0] = 'error';
$message[1] = 'პაროლი უნდა შეიცავდეს მაქსიმუმ 16 სიმბოლოს და მინიმუმ 6 სიმბოლოს.';
/**
* Activate a signup.
*
*
* @param string $key The activation key provided to the user.
* @return array An array containing information about the activated user and/or blog
*/
function wppb_activate_signup($key)
{
global $wpdb;
$bloginfo = get_bloginfo('name');
$wppb_general_settings = get_option('wppb_general_settings');
$signup = is_multisite() ? $wpdb->get_row($wpdb->prepare("SELECT * FROM {$wpdb->signups} WHERE activation_key = %s", $key)) : $wpdb->get_row($wpdb->prepare("SELECT * FROM " . $wpdb->base_prefix . "signups WHERE activation_key = %s", $key));
if (empty($signup)) {
return apply_filters('wppb_register_activate_user_error_message1', '<p class="error">' . __('Invalid activation key!', 'profilebuilder') . '</p>');
}
if ($signup->active) {
if (empty($signup->domain)) {
return apply_filters('wppb_register_activate_user_error_message2', '<p class="error">' . __('This username is now active!', 'profilebuilder') . '</p>');
}
}
$meta = unserialize($signup->meta);
$user_login = isset($wppb_general_settings['loginWith']) && $wppb_general_settings['loginWith'] == 'email' ? trim($signup->user_email) : trim($signup->user_login);
$user_email = esc_sql($signup->user_email);
/* the password is in hashed form in the signup table so we will add it later */
$password = NULL;
$user_id = username_exists($user_login);
if (!$user_id) {
$user_id = wppb_create_user($user_login, $password, $user_email);
} else {
$user_already_exists = true;
}
if (!$user_id) {
return apply_filters('wppb_register_activate_user_error_message4', '<p class="error">' . __('Could not create user!', 'profilebuilder') . '</p>');
} elseif (isset($user_already_exists) && $user_already_exists == true) {
return apply_filters('wppb_register_activate_user_error_message5', '<p class="error">' . __('This username is already activated!', 'profilebuilder') . '</p>');
} else {
$inserted_user = is_multisite() ? $wpdb->update($wpdb->signups, array('active' => 1, 'activated' => current_time('mysql', true)), array('activation_key' => $key)) : $wpdb->update($wpdb->base_prefix . 'signups', array('active' => 1, 'activated' => current_time('mysql', true)), array('activation_key' => $key));
wppb_add_meta_to_user_on_activation($user_id, '', $meta);
// if admin approval is activated, then block the user untill he gets approved
$wppb_generalSettings = get_option('wppb_general_settings');
if (isset($wppb_generalSettings['adminApproval']) && $wppb_generalSettings['adminApproval'] == 'yes') {
$user_data = get_userdata($user_id);
if ($wppb_generalSettings != 'not_found' && !empty($wppb_generalSettings['adminApprovalOnUserRole'])) {
foreach ($user_data->roles as $role) {
if (in_array($role, $wppb_generalSettings['adminApprovalOnUserRole'])) {
wp_set_object_terms($user_id, array('unapproved'), 'user_status', false);
clean_object_term_cache($user_id, 'user_status');
} else {
add_filter('wppb_register_success_message', 'wppb_noAdminApproval_successMessage');
}
}
} else {
wp_set_object_terms($user_id, array('unapproved'), 'user_status', false);
clean_object_term_cache($user_id, 'user_status');
}
}
if (!isset($wppb_generalSettings['adminApproval'])) {
$wppb_generalSettings['adminApproval'] = 'no';
}
/* copy the hashed password from signup meta to wp user table */
if (!empty($meta['user_pass'])) {
/* we might still have the base64 encoded password in signups and not the hash */
if (base64_encode(base64_decode($meta['user_pass'], true)) === $meta['user_pass']) {
$meta['user_pass'] = wp_hash_password($meta['user_pass']);
}
$wpdb->update($wpdb->users, array('user_pass' => $meta['user_pass']), array('ID' => $user_id));
}
wppb_notify_user_registration_email($bloginfo, $user_login, $user_email, 'sending', $password, $wppb_generalSettings['adminApproval']);
do_action('wppb_activate_user', $user_id, $password, $meta);
if ($inserted_user) {
$success_message = apply_filters('wppb_success_email_confirmation', '<p class="wppb-success">' . __('Your email was successfully confirmed.', 'profilebuilder') . '</p><!-- .success -->');
$admin_approval_message = apply_filters('wppb_email_confirmation_with_admin_approval', '<p class="wppb-success">' . __('Before you can access your account, an administrator needs to approve it. You will be notified via email.', 'profilebuilder') . '</p>');
$wppb_general_settings = get_option('wppb_general_settings', 'false');
if (!empty($wppb_general_settings['adminApproval']) && $wppb_general_settings['adminApproval'] == 'yes') {
$user_data = get_userdata($user_id);
if ($wppb_general_settings != 'not_found' && !empty($wppb_general_settings['adminApprovalOnUserRole'])) {
foreach ($user_data->roles as $role) {
if (in_array($role, $wppb_general_settings['adminApprovalOnUserRole'])) {
return $success_message . $admin_approval_message;
} else {
wp_set_object_terms($user_id, NULL, 'user_status');
clean_object_term_cache($user_id, 'user_status');
return $success_message;
}
}
} else {
return $success_message . $admin_approval_message;
}
} else {
wp_set_object_terms($user_id, NULL, 'user_status');
clean_object_term_cache($user_id, 'user_status');
return $success_message;
}
} else {
return apply_filters('wppb_register_failed_user_activation', '<p class="error">' . __('There was an error while trying to activate the user.', 'profilebuilder') . '</p><!-- .error -->');
}
}
}
/**
* Updates the user's password with a new encrypted one.
*
* For integration with other applications, this function can be overwritten to
* instead use the other package password checking algorithm.
*
* Please note: This function should be used sparingly and is really only meant for single-time
* application. Leveraging this improperly in a plugin or theme could result in an endless loop
* of password resets if precautions are not taken to ensure it does not execute on every page load.
*
* @since 2.5.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $password The plaintext new user password
* @param int $user_id User ID
*/
function wp_set_password($password, $user_id)
{
global $wpdb;
$hash = wp_hash_password($password);
$wpdb->update($wpdb->users, array('user_pass' => $hash, 'user_activation_key' => ''), array('ID' => $user_id));
wp_cache_delete($user_id, 'users');
}
/**
* Handle "quick actions" via ajax
*
* Return json instructions on next action. User by several JS functions.
*
* @since 0.1
*
*/
static function quick_action($array = false)
{
global $wpdb;
$action = !empty($_REQUEST['wp_crm_quick_action']) ? $_REQUEST['wp_crm_quick_action'] : false;
$object_id = !empty($_REQUEST['object_id']) ? $_REQUEST['object_id'] : false;
switch ($action) {
case 'reset_user_password':
$user_password = wp_generate_password(12, false);
if ($object_id && $wpdb->update($wpdb->users, array('user_pass' => wp_hash_password($user_password)), array('ID' => $object_id))) {
$user_data = get_userdata($object_id);
$user_login = $user_data->user_login;
$user_email = $user_data->user_email;
$reset_key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM {$wpdb->users} WHERE user_login = %s", $user_login));
if (empty($reset_key)) {
$key = wp_generate_password(20, false);
$wpdb->update($wpdb->users, array('user_activation_key' => $reset_key), array('user_login' => $user_login));
}
wp_crm_add_to_user_log($object_id, __('Password reset. A random password has been generated for user by system.', 'wp_crm'));
$args['user_login'] = $user_login;
$args['user_email'] = $user_email;
$args['user_password'] = $user_password;
$args['reset_key'] = $reset_key;
$args['reset_url'] = network_site_url("wp-login.php?action=rp&key={$reset_key}&login="******"DELETE FROM {$wpdb->crm_log} WHERE id = {$object_id}")) {
$return['success'] = 'true';
$return['message'] = __('Message deleted.', 'wp_crm');
$return['action'] = 'hide_element';
}
break;
case 'trash_message_and_user':
if (current_user_can('delete_users')) {
$user_id = $wpdb->get_var("SELECT object_id FROM {$wpdb->crm_log} WHERE id = {$object_id} AND object_type = 'user' ");
if ($user_id) {
wp_delete_user($user_id);
}
$return['success'] = 'true';
$return['message'] = __('Sender trashed.', 'wp_crm');
$return['action'] = 'hide_element';
}
break;
default:
$return = apply_filters('wp_crm_quick_action', array('action' => $action, 'object_id' => $object_id));
break;
}
if (is_array($return)) {
return json_encode($return);
} else {
return false;
}
}
function wppb_save_form_values($global_request)
{
$user_id = $this->wppb_get_desired_user_id();
$userdata = apply_filters('wppb_build_userdata', array(), $global_request);
$new_user_signup = false;
$wppb_general_settings = get_option('wppb_general_settings');
if (isset($wppb_general_settings['loginWith']) && $wppb_general_settings['loginWith'] == 'email') {
$userdata['user_login'] = apply_filters('wppb_generated_random_username', Wordpress_Creation_Kit_PB::wck_generate_slug(trim($userdata['user_email'])), $userdata['user_email']);
}
if ($this->args['form_type'] == 'register') {
if (!is_multisite()) {
if (isset($wppb_general_settings['emailConfirmation']) && $wppb_general_settings['emailConfirmation'] == 'yes') {
$new_user_signup = true;
$multisite_message = true;
$userdata = $this->wppb_add_custom_field_values($global_request, $userdata, $this->args['form_fields']);
if (!isset($userdata['role'])) {
$userdata['role'] = $this->args['role'];
}
$userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
wppb_signup_user($userdata['user_login'], $userdata['user_email'], $userdata);
} else {
if (!isset($userdata['role'])) {
$userdata['role'] = $this->args['role'];
}
$userdata = wp_unslash($userdata);
$user_id = wp_insert_user($userdata);
}
} else {
$new_user_signup = true;
$multisite_message = true;
$userdata = $this->wppb_add_custom_field_values($global_request, $userdata, $this->args['form_fields']);
if (!isset($userdata['role'])) {
$userdata['role'] = $this->args['role'];
}
$userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
/* since version 2.0.7 add this meta so we know on what blog the user registered */
$userdata['registered_for_blog_id'] = get_current_blog_id();
$userdata = wp_unslash($userdata);
wppb_signup_user($userdata['user_login'], $userdata['user_email'], $userdata);
}
} elseif ($this->args['form_type'] == 'edit_profile') {
$userdata['ID'] = $this->wppb_get_desired_user_id();
$userdata = wp_unslash($userdata);
/* if the user changes his password then we can't send it to the wp_update_user() function or
the user will be logged out and won't be logged in again because we call wp_update_user() after
the headers were sent( in the content as a shortcode ) */
if (isset($userdata['user_pass']) && !empty($userdata['user_pass'])) {
unset($userdata['user_pass']);
}
wp_update_user($userdata);
}
if (!empty($this->args['form_fields']) && !$new_user_signup) {
foreach ($this->args['form_fields'] as $field) {
do_action('wppb_save_form_field', $field, $user_id, $global_request, $this->args['form_type']);
}
if ($this->args['form_type'] == 'register') {
if (!is_wp_error($user_id)) {
$wppb_general_settings = get_option('wppb_general_settings');
if (isset($global_request['send_credentials_via_email']) && $global_request['send_credentials_via_email'] == 'sending') {
$send_credentials_via_email = 'sending';
} else {
$send_credentials_via_email = '';
}
wppb_notify_user_registration_email(get_bloginfo('name'), isset($userdata['user_login']) ? trim($userdata['user_login']) : trim($userdata['user_email']), trim($userdata['user_email']), $send_credentials_via_email, trim($userdata['user_pass']), isset($wppb_general_settings['adminApproval']) ? $wppb_general_settings['adminApproval'] : 'no');
}
}
}
return $user_id;
}
/**
* ecartregcust::add_user()
*
* @param mixed $data
* @return
*/
private function add_user()
{
require_once(ABSPATH."/wp-includes/registration.php");
$Errors =& EcartErrors();
$Errors->reset();
if (empty($_POST['customer']['email']))
{
$this->form_error = 'Email address is required.';
return false;
}
if ($this->email_exists($_POST['customer']['email']))
{
$this->form_error = 'Email address is already registered with another customer.';
return false;
}
if (empty($_POST['customer']['password']))
{
$this->form_error = 'Password is required.';
return false;
}
if ($_POST['customer']['password'] !== $_POST['customer']['confirm-password'])
{
$this->form_error = 'Passwords do not match.';
return false;
}
if ($this->ecart_account_type == 'wordpress')
{
if (empty($_POST['customer']['loginname']))
{
$this->form_error = 'Username is already registered.';
return false;
}
if (email_exists($_POST['customer']['email']))
{
$this->form_error = 'Email address is already registered with another user.';
return false;
}
}
if ($this->show_billing)
{
if (empty($_POST['billing']['address']))
{
$this->form_error = 'Street address is required.';
return false;
}
if (empty($_POST['billing']['city']))
{
$this->form_error = 'City is required.';
return false;
}
if (empty($_POST['billing']['state']))
{
$this->form_error = 'State is required.';
return false;
}
if (empty($_POST['billing']['postcode']))
{
$this->form_error = 'Postcode is required.';
return false;
}
}
$customer_data = $_POST['customer'];
$ecart_customer = new Customer();
$ecart_customer->updates($customer_data);
if ($this->ecart_account_type == 'wordpress')
{
$ecart_customer->create_wpuser(); // not logged in, create new account
$customer_data['wpuser'] = $ecart_customer->wpuser;
unset($ecart_customer->password);
if ($Errors->exist(ECART_ERR))
{
$ecart_error = $Errors->get(ECART_ERR);
$this->form_error = implode(', ', $ecart_error[0]->messages);
return false;
}
}
else
{
$ecart_customer->password = wp_hash_password($data['password']);
}
$ecart_customer->save();
if ($Errors->exist(ECART_ERR))
{
$ecart_error = $Errors->get(ECART_ERR);
$this->form_error = implode(', ', $ecart_error[0]->messages);
return false;
}
if ($this->show_billing)
{
$billing_data = $_POST['billing'];
$ecart_billing = new Billing();
$ecart_billing->updates($billing_data);
$ecart_billing->customer = $ecart_customer->id;
$ecart_billing->save();
}
return $customer_data;
}
/**
* Update a user in the database.
*
* It is possible to update a user's password by specifying the 'user_pass'
* value in the $userdata parameter array.
*
* If current user's password is being updated, then the cookies will be
* cleared.
*
* @since 2.0.0
*
* @see wp_insert_user() For what fields can be set in $userdata.
*
* @param mixed $userdata An array of user data or a user object of type stdClass or WP_User.
* @return int|WP_Error The updated user's ID or a WP_Error object if the user could not be updated.
*/
function wp_update_user($userdata)
{
if ($userdata instanceof stdClass) {
$userdata = get_object_vars($userdata);
} elseif ($userdata instanceof WP_User) {
$userdata = $userdata->to_array();
}
$ID = isset($userdata['ID']) ? (int) $userdata['ID'] : 0;
if (!$ID) {
return new WP_Error('invalid_user_id', __('Invalid user ID.'));
}
// First, get all of the original fields
$user_obj = get_userdata($ID);
if (!$user_obj) {
return new WP_Error('invalid_user_id', __('Invalid user ID.'));
}
$user = $user_obj->to_array();
// Add additional custom fields
foreach (_get_additional_user_keys($user_obj) as $key) {
$user[$key] = get_user_meta($ID, $key, true);
}
// Escape data pulled from DB.
$user = add_magic_quotes($user);
if (!empty($userdata['user_pass']) && $userdata['user_pass'] !== $user_obj->user_pass) {
// If password is changing, hash it now
$plaintext_pass = $userdata['user_pass'];
$userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
/**
* Filter whether to send the password change email.
*
* @since 4.3.0
*
* @see wp_insert_user() For `$user` and `$userdata` fields.
*
* @param bool $send Whether to send the email.
* @param array $user The original user array.
* @param array $userdata The updated user array.
*
*/
$send_password_change_email = apply_filters('send_password_change_email', true, $user, $userdata);
}
if (isset($userdata['user_email']) && $user['user_email'] !== $userdata['user_email']) {
/**
* Filter whether to send the email change email.
*
* @since 4.3.0
*
* @see wp_insert_user() For `$user` and `$userdata` fields.
*
* @param bool $send Whether to send the email.
* @param array $user The original user array.
* @param array $userdata The updated user array.
*
*/
$send_email_change_email = apply_filters('send_email_change_email', true, $user, $userdata);
}
wp_cache_delete($user['user_email'], 'useremail');
// Merge old and new fields with new fields overwriting old ones.
$userdata = array_merge($user, $userdata);
$user_id = wp_insert_user($userdata);
if (!is_wp_error($user_id)) {
$blog_name = wp_specialchars_decode(get_option('blogname'));
if (!empty($send_password_change_email)) {
/* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */
$pass_change_text = __('Hi ###USERNAME###,
This notice confirms that your password was changed on ###SITENAME###.
If you did not change your password, please contact the Site Administrator at
###ADMIN_EMAIL###
This email has been sent to ###EMAIL###
Regards,
All at ###SITENAME###
###SITEURL###');
$pass_change_email = array('to' => $user['user_email'], 'subject' => __('[%s] Notice of Password Change'), 'message' => $pass_change_text, 'headers' => '');
/**
* Filter the contents of the email sent when the user's password is changed.
*
* @since 4.3.0
*
* @param array $pass_change_email {
* Used to build wp_mail().
* @type string $to The intended recipients. Add emails in a comma separated string.
* @type string $subject The subject of the email.
* @type string $message The content of the email.
* The following strings have a special meaning and will get replaced dynamically:
* - ###USERNAME### The current user's username.
* - ###ADMIN_EMAIL### The admin email in case this was unexpected.
* - ###EMAIL### The old email.
* - ###SITENAME### The name of the site.
* - ###SITEURL### The URL to the site.
* @type string $headers Headers. Add headers in a newline (\r\n) separated string.
* }
* @param array $user The original user array.
* @param array $userdata The updated user array.
*
*/
$pass_change_email = apply_filters('password_change_email', $pass_change_email, $user, $userdata);
$pass_change_email['message'] = str_replace('###USERNAME###', $user['user_login'], $pass_change_email['message']);
$pass_change_email['message'] = str_replace('###ADMIN_EMAIL###', get_option('admin_email'), $pass_change_email['message']);
$pass_change_email['message'] = str_replace('###EMAIL###', $user['user_email'], $pass_change_email['message']);
$pass_change_email['message'] = str_replace('###SITENAME###', get_option('blogname'), $pass_change_email['message']);
$pass_change_email['message'] = str_replace('###SITEURL###', home_url(), $pass_change_email['message']);
wp_mail($pass_change_email['to'], sprintf($pass_change_email['subject'], $blog_name), $pass_change_email['message'], $pass_change_email['headers']);
}
if (!empty($send_email_change_email)) {
/* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */
$email_change_text = __('Hi ###USERNAME###,
This notice confirms that your email was changed on ###SITENAME###.
If you did not change your email, please contact the Site Administrator at
###ADMIN_EMAIL###
This email has been sent to ###EMAIL###
Regards,
All at ###SITENAME###
###SITEURL###');
$email_change_email = array('to' => $user['user_email'], 'subject' => __('[%s] Notice of Email Change'), 'message' => $email_change_text, 'headers' => '');
/**
* Filter the contents of the email sent when the user's email is changed.
*
* @since 4.3.0
*
* @param array $email_change_email {
* Used to build wp_mail().
* @type string $to The intended recipients.
* @type string $subject The subject of the email.
* @type string $message The content of the email.
* The following strings have a special meaning and will get replaced dynamically:
* - ###USERNAME### The current user's username.
* - ###ADMIN_EMAIL### The admin email in case this was unexpected.
* - ###EMAIL### The old email.
* - ###SITENAME### The name of the site.
* - ###SITEURL### The URL to the site.
* @type string $headers Headers.
* }
* @param array $user The original user array.
* @param array $userdata The updated user array.
*/
$email_change_email = apply_filters('email_change_email', $email_change_email, $user, $userdata);
$email_change_email['message'] = str_replace('###USERNAME###', $user['user_login'], $email_change_email['message']);
$email_change_email['message'] = str_replace('###ADMIN_EMAIL###', get_option('admin_email'), $email_change_email['message']);
$email_change_email['message'] = str_replace('###EMAIL###', $user['user_email'], $email_change_email['message']);
$email_change_email['message'] = str_replace('###SITENAME###', get_option('blogname'), $email_change_email['message']);
$email_change_email['message'] = str_replace('###SITEURL###', home_url(), $email_change_email['message']);
wp_mail($email_change_email['to'], sprintf($email_change_email['subject'], $blog_name), $email_change_email['message'], $email_change_email['headers']);
}
}
// Update the cookies if the password changed.
$current_user = wp_get_current_user();
if ($current_user->ID == $ID) {
if (isset($plaintext_pass)) {
wp_clear_auth_cookie();
// Here we calculate the expiration length of the current auth cookie and compare it to the default expiration.
// If it's greater than this, then we know the user checked 'Remember Me' when they logged in.
$logged_in_cookie = wp_parse_auth_cookie('', 'logged_in');
/** This filter is documented in wp-includes/pluggable.php */
$default_cookie_life = apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $ID, false);
$remember = $logged_in_cookie['expiration'] - time() > $default_cookie_life;
wp_set_auth_cookie($ID, $remember);
}
}
return $user_id;
}
/**
* Run password through wp_hash_password()
*
* @param string $username
* @param string $password
*/
public function callback_pass($username, $password)
{
$user = $this->wpdb->get_row('SELECT * FROM ' . $this->wpdb->users . ' WHERE user_login = "******" AND user_pass = "" LIMIT 1');
if (!empty($user)) {
$usermeta = $this->wpdb->get_row('SELECT * FROM ' . $this->wpdb->usermeta . ' WHERE meta_key = "_bbp_password" AND user_id = "' . $user->ID . '" LIMIT 1');
if (!empty($usermeta)) {
if ($this->authenticate_pass($password, $usermeta->meta_value)) {
$this->wpdb->query('UPDATE ' . $this->wpdb->users . ' ' . 'SET user_pass = "******" ' . 'WHERE ID = "' . $user->ID . '"');
$this->wpdb->query('DELETE FROM ' . $this->wpdb->usermeta . ' WHERE meta_key = "_bbp_password" AND user_id = "' . $user->ID . '"');
}
}
}
}