function rcl_check_register_captcha($errors)
{
$rcl_captcha = new ReallySimpleCaptcha();
$rcl_captcha_prefix = sanitize_text_field($_POST['rcl_captcha_prefix']);
$rcl_captcha_code = sanitize_text_field($_POST['rcl_captcha_code']);
$rcl_captcha_correct = false;
$rcl_captcha_check = $rcl_captcha->check($rcl_captcha_prefix, $rcl_captcha_code);
$rcl_captcha_correct = $rcl_captcha_check;
$rcl_captcha->remove($rcl_captcha_prefix);
$rcl_captcha->cleanup();
if (!$rcl_captcha_correct) {
$errors = new WP_Error();
$errors->add('rcl_register_captcha', __('Field filled not right CAPTCHA!', 'wp-recall'));
}
return $errors;
}
function mytheme_check_comment_captcha($comment_data)
{
$comment_captcha = new ReallySimpleCaptcha();
$comment_captcha_correct = false;
$comment_captcha_prefix = $_POST['comment_captcha_prefix'];
$comment_captcha_code = $_POST['comment_captcha_code'];
$comment_captcha_check = $comment_captcha->check($comment_captcha_prefix, $comment_captcha_code);
$comment_captcha_correct = $comment_captcha_check;
//clean up
$comment_captcha->remove($_POST['comment_captcha_prefix']);
$comment_captcha->cleanup();
if (!$comment_captcha_correct) {
wp_die('You have entered an incorrect CAPTCHA value. try again.');
break;
}
return $comment_data;
}
public static function get($args = array())
{
global $sb_captcha;
if (empty($sb_captcha) && self::use_captcha()) {
if (!is_array($args)) {
$len = $args;
$args = (array) $args;
$args['len'] = $len;
}
$sb_captcha = new ReallySimpleCaptcha();
$len = isset($args['len']) ? $args['len'] : 4;
$bg = isset($args['bg']) ? (array) $args['bg'] : array();
if (count($bg) > 0) {
$sb_captcha->bg = $bg;
}
$sb_captcha->char_length = $len;
$sb_captcha->cleanup(5);
}
return $sb_captcha;
}
/**
* Register function
*
* Handles registering new users and updating existing users.
*
* @since 2.2.1
*
* @param string $toggle toggles the function between 'register' and 'update'.
* @global int $user_ID
* @global string $wpmem_themsg
* @global array $userdata
* @return string $wpmem_themsg|success|editsuccess
*/
function wpmem_registration($toggle)
{
// get the globals
global $user_ID, $wpmem_themsg, $userdata;
// check the nonce
if (defined('WPMEM_USE_NONCE')) {
if (empty($_POST) || !wp_verify_nonce($_POST['wpmem-form-submit'], 'wpmem-validate-submit')) {
$wpmem_themsg = __('There was an error processing the form.', 'wp-members');
return;
}
}
// is this a registration or a user profile update?
if ($toggle == 'register') {
$fields['username'] = isset($_POST['log']) ? sanitize_user($_POST['log']) : '';
}
// add the user email to the $fields array for _data hooks
$fields['user_email'] = isset($_POST['user_email']) ? $_POST['user_email'] : '';
// build the $fields array from $_POST data
$wpmem_fields = get_option('wpmembers_fields');
foreach ($wpmem_fields as $meta) {
if ($meta[4] == 'y') {
if ($meta[2] != 'password') {
$fields[$meta[2]] = isset($_POST[$meta[2]]) ? sanitize_text_field($_POST[$meta[2]]) : '';
} else {
// we do have password as part of the registration form
$fields['password'] = isset($_POST['password']) ? $_POST['password'] : '';
}
}
}
/**
* Filter the submitted form field date prior to validation.
*
* @since 2.8.2
*
* @param array $fields An array of the posted form field data.
*/
$fields = apply_filters('wpmem_pre_validate_form', $fields);
// check for required fields
$wpmem_fields_rev = array_reverse($wpmem_fields);
foreach ($wpmem_fields_rev as $meta) {
$pass_arr = array('password', 'confirm_password', 'password_confirm');
$pass_chk = $toggle == 'update' && in_array($meta[2], $pass_arr) ? true : false;
if ($meta[5] == 'y' && $pass_chk == false) {
if (!$fields[$meta[2]]) {
$wpmem_themsg = sprintf(__('Sorry, %s is a required field.', 'wp-members'), $meta[1]);
}
}
}
switch ($toggle) {
case "register":
if (is_multisite()) {
// multisite has different requirements
$result = wpmu_validate_user_signup($fields['username'], $fields['user_email']);
$errors = $result['errors'];
if ($errors->errors) {
$wpmem_themsg = $errors->get_error_message();
return $wpmem_themsg;
exit;
}
} else {
if (!$fields['username']) {
$wpmem_themsg = __('Sorry, username is a required field', 'wp-members');
return $wpmem_themsg;
exit;
}
if (!validate_username($fields['username'])) {
$wpmem_themsg = __('The username cannot include non-alphanumeric characters.', 'wp-members');
return $wpmem_themsg;
exit;
}
if (!is_email($fields['user_email'])) {
$wpmem_themsg = __('You must enter a valid email address.', 'wp-members');
return $wpmem_themsg;
exit;
}
if (username_exists($fields['username'])) {
return "user";
exit;
}
if (email_exists($fields['user_email'])) {
return "email";
exit;
}
}
if ($wpmem_themsg) {
return "empty";
exit;
}
// if form contains password and email confirmation, validate that they match
if (array_key_exists('confirm_password', $fields) && $fields['confirm_password'] != $fields['password']) {
$wpmem_themsg = __('Passwords did not match.', 'wp-members');
}
if (array_key_exists('confirm_email', $fields) && $fields['confirm_email'] != $fields['user_email']) {
$wpmem_themsg = __('Emails did not match.', 'wp-members');
}
$wpmem_captcha = get_option('wpmembers_captcha');
// get the captcha settings (api keys)
if (WPMEM_CAPTCHA == 1 && $wpmem_captcha['recaptcha']) {
// if captcha is on, check the captcha
if ($wpmem_captcha['recaptcha']['public'] && $wpmem_captcha['recaptcha']['private']) {
// if there is no api key, the captcha never displayed to the end user
if (!$_POST["recaptcha_response_field"]) {
// validate for empty captcha field
$wpmem_themsg = __('You must complete the CAPTCHA form.', 'wp-members');
return "empty";
exit;
}
}
// check to see if the recaptcha library has already been loaded by another plugin
if (!function_exists('_recaptcha_qsencode')) {
require_once 'lib/recaptchalib.php';
}
$publickey = $wpmem_captcha['recaptcha']['public'];
$privatekey = $wpmem_captcha['recaptcha']['private'];
// the response from reCAPTCHA
$resp = null;
// the error code from reCAPTCHA, if any
$error = null;
if ($_POST["recaptcha_response_field"]) {
$resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// set the error code so that we can display it
global $wpmem_captcha_err;
$wpmem_captcha_err = $resp->error;
$wpmem_captcha_err = wpmem_get_captcha_err($wpmem_captcha_err);
return "captcha";
exit;
}
}
// end check recaptcha
} elseif (WPMEM_CAPTCHA == 2) {
if (defined('REALLYSIMPLECAPTCHA_VERSION')) {
/** Validate Really Simple Captcha */
$wpmem_captcha = new ReallySimpleCaptcha();
// This variable holds the CAPTCHA image prefix, which corresponds to the correct answer
$wpmem_captcha_prefix = isset($_POST['captcha_prefix']) ? $_POST['captcha_prefix'] : '';
// This variable holds the CAPTCHA response, entered by the user
$wpmem_captcha_code = isset($_POST['captcha_code']) ? $_POST['captcha_code'] : '';
// Check CAPTCHA validity
$wpmem_captcha_correct = $wpmem_captcha->check($wpmem_captcha_prefix, $wpmem_captcha_code) ? true : false;
// clean up the tmp directory
$wpmem_captcha->remove($wpmem_captcha_prefix);
$wpmem_captcha->cleanup();
// If CAPTCHA validation fails (incorrect value entered in CAPTCHA field), return an error
if (!$wpmem_captcha_correct) {
$wpmem_themsg = wpmem_get_captcha_err('really-simple');
return "empty";
exit;
}
}
}
// check for user defined password
$fields['password'] = !isset($_POST['password']) ? wp_generate_password() : $_POST['password'];
// add for _data hooks
$fields['user_registered'] = gmdate('Y-m-d H:i:s');
$fields['user_role'] = get_option('default_role');
$fields['wpmem_reg_ip'] = $_SERVER['REMOTE_ADDR'];
$fields['wpmem_reg_url'] = $_REQUEST['redirect_to'];
/**
* these native fields are not installed by default, but if they
* are added, use the $_POST value - otherwise, default to username.
* value can be filtered with wpmem_register_data
*/
$fields['user_nicename'] = isset($_POST['user_nicename']) ? sanitize_title($_POST['user_nicename']) : $fields['username'];
$fields['display_name'] = isset($_POST['display_name']) ? sanitize_user($_POST['display_name']) : $fields['username'];
$fields['nickname'] = isset($_POST['nickname']) ? sanitize_user($_POST['nickname']) : $fields['username'];
/**
* Filter registration data after validation before data insertion.
*
* @since 2.8.2
*
* @param array $fields An array of the registration field data.
*/
$fields = apply_filters('wpmem_register_data', $fields);
/**
* Fires before any insertion/emails.
*
* This action is the final step in pre registering a user. This
* can be used for attaching custom validation to the registration
* process. It cannot be used for changing any user registration
* data. Use the wpmem_register_data filter for that.
*
* @since 2.7.2
*
* @param array $fields The user's submitted registration data.
*/
do_action('wpmem_pre_register_data', $fields);
// if the _pre_register_data hook sends back an error message
if ($wpmem_themsg) {
return $wpmem_themsg;
}
// main new user fields are ready
$new_user_fields = array('user_pass' => $fields['password'], 'user_login' => $fields['username'], 'user_nicename' => $fields['user_nicename'], 'user_email' => $fields['user_email'], 'display_name' => $fields['display_name'], 'nickname' => $fields['nickname'], 'user_registered' => $fields['user_registered'], 'role' => $fields['user_role']);
// get any excluded meta fields
$excluded_meta = wpmem_get_excluded_meta('register');
// user_url, first_name, last_name, description, jabber, aim, yim
$new_user_fields_meta = array('user_url', 'first_name', 'last_name', 'description', 'jabber', 'aim', 'yim');
foreach ($wpmem_fields as $meta) {
if (in_array($meta[2], $new_user_fields_meta)) {
if ($meta[4] == 'y' && !in_array($meta[2], $excluded_meta)) {
$new_user_fields[$meta[2]] = $fields[$meta[2]];
}
}
}
// inserts to wp_users table
$fields['ID'] = wp_insert_user($new_user_fields);
// set remaining fields to wp_usermeta table
foreach ($wpmem_fields as $meta) {
// if the field is not excluded, update accordingly
if (!in_array($meta[2], $excluded_meta) && !in_array($meta[2], $new_user_fields_meta)) {
if ($meta[4] == 'y' && $meta[2] != 'user_email') {
update_user_meta($fields['ID'], $meta[2], $fields[$meta[2]]);
}
}
}
// capture IP address of user at registration
update_user_meta($fields['ID'], 'wpmem_reg_ip', $fields['wpmem_reg_ip']);
// store the registration url
update_user_meta($fields['ID'], 'wpmem_reg_url', $fields['wpmem_reg_url']);
// set user expiration, if used
if (WPMEM_USE_EXP == 1 && WPMEM_MOD_REG != 1) {
wpmem_set_exp($fields['ID']);
}
/**
* Fires after user insertion but before email.
*
* @since 2.7.2
*
* @param array $fields The user's submitted registration data.
*/
do_action('wpmem_post_register_data', $fields);
require_once 'wp-members-email.php';
// if this was successful, and you have email properly
// configured, send a notification email to the user
wpmem_inc_regemail($fields['ID'], $fields['password'], WPMEM_MOD_REG, $wpmem_fields, $fields);
// notify admin of new reg, if needed;
if (WPMEM_NOTIFY_ADMIN == 1) {
wpmem_notify_admin($fields['ID'], $wpmem_fields);
}
/**
* Fires after registration is complete.
*
* @since 2.7.1
*/
do_action('wpmem_register_redirect');
// successful registration message
return "success";
exit;
break;
case "update":
if ($wpmem_themsg) {
return "updaterr";
exit;
}
// doing a check for existing email is not the same as a new reg. check first to
// see if it's different, then check if it is a valid address and it exists.
global $current_user;
get_currentuserinfo();
if ($fields['user_email'] != $current_user->user_email) {
if (email_exists($fields['user_email'])) {
return "email";
exit;
}
if (!is_email($fields['user_email'])) {
$wpmem_themsg = __('You must enter a valid email address.', 'wp-members');
return "updaterr";
exit;
}
}
// if form includes email confirmation, validate that they match
if (array_key_exists('confirm_email', $fields) && $fields['confirm_email'] != $fields['user_email']) {
$wpmem_themsg = __('Emails did not match.', 'wp-members');
}
// add the user_ID to the fields array
$fields['ID'] = $user_ID;
/**
* Filter registration data after validation before data insertion.
*
* @since 2.8.2
*
* @param array $fields An array of the registration field data.
*/
$fields = apply_filters('wpmem_register_data', $fields);
/**
* Fires before data insertion.
*
* This action is the final step in pre updating a user. This
* can be used for attaching custom validation to the update
* process. It cannot be used for changing any user update
* data. Use the wpmem_register_data filter for that.
*
* @since 2.7.2
*
* @param array $fields The user's submitted update data.
*/
do_action('wpmem_pre_update_data', $fields);
// if the _pre_update_data hook sends back an error message
// @todo - double check this. it should probably return "updaterr" and the hook should globalize wpmem_themsg
if ($wpmem_themsg) {
return $wpmem_themsg;
}
// a list of fields that can be updated by wp_update_user
$native_fields = array('user_nicename', 'user_url', 'user_email', 'display_name', 'nickname', 'first_name', 'last_name', 'description', 'role', 'jabber', 'aim', 'yim');
$native_update = array('ID' => $user_ID);
foreach ($wpmem_fields as $meta) {
// if the field is not excluded, update accordingly
if (!in_array($meta[2], wpmem_get_excluded_meta('update'))) {
switch ($meta[2]) {
// if the field can be updated by wp_update_user
case in_array($meta[2], $native_fields):
$fields[$meta[2]] = isset($fields[$meta[2]]) ? $fields[$meta[2]] : '';
//wp_update_user( array( 'ID' => $user_ID, $meta[2] => $fields[$meta[2]] ) );
$native_update[$meta[2]] = $fields[$meta[2]];
break;
// if the field is password
// if the field is password
case 'password':
// do nothing...
break;
// everything else goes into wp_usermeta
// everything else goes into wp_usermeta
default:
if ($meta[4] == 'y') {
update_user_meta($user_ID, $meta[2], $fields[$meta[2]]);
}
break;
}
}
}
// update wp_update_user fields
wp_update_user($native_update);
/**
* Fires at the end of user update data insertion.
*
* @since 2.7.2
*
* @param array $fields The user's submitted registration data.
*/
do_action('wpmem_post_update_data', $fields);
return "editsuccess";
exit;
break;
}
}
/**
* Register function.
*
* Handles registering new users and updating existing users.
*
* @since 2.2.1
*
* @param string $toggle toggles the function between 'register' and 'update'.
* @global int $user_ID
* @global string $wpmem_themsg
* @global array $userdata
* @return string $wpmem_themsg|success|editsuccess
*/
function wpmem_registration($toggle)
{
// Get the globals.
global $user_ID, $wpmem, $wpmem_themsg, $userdata;
// Check the nonce.
if (defined('WPMEM_USE_NONCE')) {
if (empty($_POST) || !wp_verify_nonce($_POST['wpmem-form-submit'], 'wpmem-validate-submit')) {
$wpmem_themsg = __('There was an error processing the form.', 'wp-members');
return;
}
}
// Is this a registration or a user profile update?
if ($toggle == 'register') {
$fields['username'] = isset($_POST['log']) ? sanitize_user($_POST['log']) : '';
}
// Add the user email to the $fields array for _data hooks.
$fields['user_email'] = isset($_POST['user_email']) ? $_POST['user_email'] : '';
// Build the $fields array from $_POST data.
$wpmem_fields = $wpmem->fields;
// get_option( 'wpmembers_fields' );
foreach ($wpmem_fields as $meta) {
if ($meta[4] == 'y') {
if ($meta[2] != 'password') {
$fields[$meta[2]] = isset($_POST[$meta[2]]) ? sanitize_text_field($_POST[$meta[2]]) : '';
} else {
// We do have password as part of the registration form.
$fields['password'] = isset($_POST['password']) ? $_POST['password'] : '';
}
}
}
/**
* Filter the submitted form field date prior to validation.
*
* @since 2.8.2
*
* @param array $fields An array of the posted form field data.
*/
$fields = apply_filters('wpmem_pre_validate_form', $fields);
// Check for required fields, reverse the array for logical error message order.
$wpmem_fields_rev = array_reverse($wpmem_fields);
foreach ($wpmem_fields_rev as $meta) {
$pass_arr = array('password', 'confirm_password', 'password_confirm');
$pass_chk = $toggle == 'update' && in_array($meta[2], $pass_arr) ? true : false;
if ($meta[5] == 'y' && $pass_chk == false) {
if (!$fields[$meta[2]]) {
$wpmem_themsg = sprintf(__('Sorry, %s is a required field.', 'wp-members'), $meta[1]);
}
}
}
switch ($toggle) {
case "register":
if (is_multisite()) {
// Multisite has different requirements.
$result = wpmu_validate_user_signup($fields['username'], $fields['user_email']);
$errors = $result['errors'];
if ($errors->errors) {
$wpmem_themsg = $errors->get_error_message();
return $wpmem_themsg;
exit;
}
} else {
// Validate username and email fields.
$wpmem_themsg = email_exists($fields['user_email']) ? "email" : $wpmem_themsg;
$wpmem_themsg = username_exists($fields['username']) ? "user" : $wpmem_themsg;
$wpmem_themsg = !is_email($fields['user_email']) ? __('You must enter a valid email address.', 'wp-members') : $wpmem_themsg;
$wpmem_themsg = !validate_username($fields['username']) ? __('The username cannot include non-alphanumeric characters.', 'wp-members') : $wpmem_themsg;
$wpmem_themsg = !$fields['username'] ? __('Sorry, username is a required field', 'wp-members') : $wpmem_themsg;
// If there is an error from username, email, or required field validation, stop registration and return the error.
if ($wpmem_themsg) {
return $wpmem_themsg;
exit;
}
}
// If form contains password and email confirmation, validate that they match.
if (array_key_exists('confirm_password', $fields) && $fields['confirm_password'] != $fields['password']) {
$wpmem_themsg = __('Passwords did not match.', 'wp-members');
}
if (array_key_exists('confirm_email', $fields) && $fields['confirm_email'] != $fields['user_email']) {
$wpmem_themsg = __('Emails did not match.', 'wp-members');
}
// Get the captcha settings (api keys).
$wpmem_captcha = get_option('wpmembers_captcha');
// If captcha is on, check the captcha.
if ($wpmem->captcha == 1 && $wpmem_captcha['recaptcha']) {
// If there is no api key, the captcha never displayed to the end user.
if ($wpmem_captcha['recaptcha']['public'] && $wpmem_captcha['recaptcha']['private']) {
if (!$_POST["recaptcha_response_field"]) {
// validate for empty captcha field
$wpmem_themsg = __('You must complete the CAPTCHA form.', 'wp-members');
return "empty";
exit;
}
}
// Check to see if the recaptcha library has already been loaded by another plugin.
if (!function_exists('_recaptcha_qsencode')) {
require_once WPMEM_PATH . 'lib/recaptchalib.php';
}
$publickey = $wpmem_captcha['recaptcha']['public'];
$privatekey = $wpmem_captcha['recaptcha']['private'];
// The response from reCAPTCHA.
$resp = null;
// The error code from reCAPTCHA, if any.
$error = null;
if ($_POST["recaptcha_response_field"]) {
$resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// Set the error code so that we can display it.
global $wpmem_captcha_err;
$wpmem_captcha_err = $resp->error;
$wpmem_captcha_err = wpmem_get_captcha_err($wpmem_captcha_err);
return "captcha";
exit;
}
}
// End check recaptcha.
} elseif ($wpmem->captcha == 2) {
if (defined('REALLYSIMPLECAPTCHA_VERSION')) {
// Validate Really Simple Captcha.
$wpmem_captcha = new ReallySimpleCaptcha();
// This variable holds the CAPTCHA image prefix, which corresponds to the correct answer.
$wpmem_captcha_prefix = isset($_POST['captcha_prefix']) ? $_POST['captcha_prefix'] : '';
// This variable holds the CAPTCHA response, entered by the user.
$wpmem_captcha_code = isset($_POST['captcha_code']) ? $_POST['captcha_code'] : '';
// Check CAPTCHA validity.
$wpmem_captcha_correct = $wpmem_captcha->check($wpmem_captcha_prefix, $wpmem_captcha_code) ? true : false;
// Clean up the tmp directory.
$wpmem_captcha->remove($wpmem_captcha_prefix);
$wpmem_captcha->cleanup();
// If CAPTCHA validation fails (incorrect value entered in CAPTCHA field), return an error.
if (!$wpmem_captcha_correct) {
$wpmem_themsg = wpmem_get_captcha_err('really-simple');
return "empty";
exit;
}
}
} elseif ($wpmem->captcha == 3 && $wpmem_captcha['recaptcha']) {
// Get the captcha response.
if (isset($_POST['g-recaptcha-response'])) {
$captcha = $_POST['g-recaptcha-response'];
}
// If there is no captcha value, return error.
if (!$captcha) {
$wpmem_themsg = __('You must complete the CAPTCHA form.', 'wp-members');
return "empty";
exit;
}
// We need the private key for validation.
$privatekey = $wpmem_captcha['recaptcha']['private'];
// Validate the captcha.
$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=" . $privatekey . "&response=" . $captcha . "&remoteip=" . $_SERVER['REMOTE_ADDR']);
// Decode the json response.
$response = json_decode($response, true);
// If captcha validation was unsuccessful.
if ($response['success'] == false) {
$wpmem_themsg = __('CAPTCHA was not valid.', 'wp-members');
return "empty";
exit;
}
}
// Check for user defined password.
$fields['password'] = !isset($_POST['password']) ? wp_generate_password() : $_POST['password'];
// Add for _data hooks
$fields['user_registered'] = gmdate('Y-m-d H:i:s');
$fields['user_role'] = get_option('default_role');
$fields['wpmem_reg_ip'] = $_SERVER['REMOTE_ADDR'];
$fields['wpmem_reg_url'] = isset($_REQUEST['wpmem_reg_page']) ? $_REQUEST['wpmem_reg_page'] : $_REQUEST['redirect_to'];
/*
* These native fields are not installed by default, but if they
* are added, use the $_POST value - otherwise, default to username.
* Value can be filtered with wpmem_register_data.
*/
$fields['user_nicename'] = isset($_POST['user_nicename']) ? sanitize_title($_POST['user_nicename']) : $fields['username'];
$fields['display_name'] = isset($_POST['display_name']) ? sanitize_user($_POST['display_name']) : $fields['username'];
$fields['nickname'] = isset($_POST['nickname']) ? sanitize_user($_POST['nickname']) : $fields['username'];
/**
* Filter registration data after validation before data insertion.
*
* @since 2.8.2
*
* @param array $fields An array of the registration field data.
* @param string $toggle A switch to indicate the action (new|edit).
*/
$fields = apply_filters('wpmem_register_data', $fields, 'new');
/**
* Fires before any insertion/emails.
*
* This action is the final step in pre registering a user. This
* can be used for attaching custom validation to the registration
* process. It cannot be used for changing any user registration
* data. Use the wpmem_register_data filter for that.
*
* @since 2.7.2
*
* @param array $fields The user's submitted registration data.
*/
do_action('wpmem_pre_register_data', $fields);
// If the _pre_register_data hook sends back an error message.
if ($wpmem_themsg) {
return $wpmem_themsg;
}
// Main new user fields are ready.
$new_user_fields = array('user_pass' => $fields['password'], 'user_login' => $fields['username'], 'user_nicename' => $fields['user_nicename'], 'user_email' => $fields['user_email'], 'display_name' => $fields['display_name'], 'nickname' => $fields['nickname'], 'user_registered' => $fields['user_registered'], 'role' => $fields['user_role']);
// Get any excluded meta fields.
$excluded_meta = wpmem_get_excluded_meta('register');
// Fields for wp_insert_user: user_url, first_name, last_name, description, jabber, aim, yim.
$new_user_fields_meta = array('user_url', 'first_name', 'last_name', 'description', 'jabber', 'aim', 'yim');
foreach ($wpmem_fields as $meta) {
if (in_array($meta[2], $new_user_fields_meta)) {
if ($meta[4] == 'y' && !in_array($meta[2], $excluded_meta)) {
$new_user_fields[$meta[2]] = $fields[$meta[2]];
}
}
}
// Inserts to wp_users table.
$fields['ID'] = wp_insert_user($new_user_fields);
// Set remaining fields to wp_usermeta table.
foreach ($wpmem_fields as $meta) {
// If the field is not excluded, update accordingly.
if (!in_array($meta[2], $excluded_meta) && !in_array($meta[2], $new_user_fields_meta)) {
if ($meta[4] == 'y' && $meta[2] != 'user_email') {
update_user_meta($fields['ID'], $meta[2], $fields[$meta[2]]);
}
}
}
// Capture IP address of user at registration.
update_user_meta($fields['ID'], 'wpmem_reg_ip', $fields['wpmem_reg_ip']);
// Store the registration url.
update_user_meta($fields['ID'], 'wpmem_reg_url', $fields['wpmem_reg_url']);
// Set user expiration, if used.
if ($wpmem->use_exp == 1 && $wpmem->mod_reg != 1) {
wpmem_set_exp($fields['ID']);
}
/**
* Fires after user insertion but before email.
*
* @since 2.7.2
*
* @param array $fields The user's submitted registration data.
*/
do_action('wpmem_post_register_data', $fields);
require_once WPMEM_PATH . 'inc/email.php';
/*
* If this was successful, and you have email properly
* configured, send a notification email to the user.
*/
wpmem_inc_regemail($fields['ID'], $fields['password'], $wpmem->mod_reg, $wpmem_fields, $fields);
// Notify admin of new reg, if needed.
if ($wpmem->notify == 1) {
wpmem_notify_admin($fields['ID'], $wpmem_fields);
}
/**
* Fires after registration is complete.
*
* @since 2.7.1
*/
do_action('wpmem_register_redirect');
// successful registration message
return "success";
exit;
break;
case "update":
if ($wpmem_themsg) {
return "updaterr";
exit;
}
/*
* Doing a check for existing email is not the same as a new reg. check first to
* see if it's different, then check if it is a valid address and it exists.
*/
global $current_user;
get_currentuserinfo();
if ($fields['user_email'] != $current_user->user_email) {
if (email_exists($fields['user_email'])) {
return "email";
exit;
}
if (!is_email($fields['user_email'])) {
$wpmem_themsg = __('You must enter a valid email address.', 'wp-members');
return "updaterr";
exit;
}
}
// If form includes email confirmation, validate that they match.
if (array_key_exists('confirm_email', $fields) && $fields['confirm_email'] != $fields['user_email']) {
$wpmem_themsg = __('Emails did not match.', 'wp-members');
}
// Add the user_ID to the fields array.
$fields['ID'] = $user_ID;
/**
* Filter registration data after validation before data insertion.
*
* @since 2.8.2
*
* @param array $fields An array of the registration field data.
* @param string $toggle A switch to indicate the action (new|edit).
*/
$fields = apply_filters('wpmem_register_data', $fields, 'edit');
/**
* Fires before data insertion.
*
* This action is the final step in pre updating a user. This
* can be used for attaching custom validation to the update
* process. It cannot be used for changing any user update
* data. Use the wpmem_register_data filter for that.
*
* @since 2.7.2
*
* @param array $fields The user's submitted update data.
*/
do_action('wpmem_pre_update_data', $fields);
/*
* If the _pre_update_data hook sends back an error message.
* @todo - double check this. it should probably return "updaterr" and the hook should globalize wpmem_themsg
*/
if ($wpmem_themsg) {
return $wpmem_themsg;
}
// A list of fields that can be updated by wp_update_user.
$native_fields = array('user_nicename', 'user_url', 'user_email', 'display_name', 'nickname', 'first_name', 'last_name', 'description', 'role', 'jabber', 'aim', 'yim');
$native_update = array('ID' => $user_ID);
foreach ($wpmem_fields as $meta) {
// If the field is not excluded, update accordingly.
if (!in_array($meta[2], wpmem_get_excluded_meta('update'))) {
switch ($meta[2]) {
// If the field can be updated by wp_update_user.
case in_array($meta[2], $native_fields):
$fields[$meta[2]] = isset($fields[$meta[2]]) ? $fields[$meta[2]] : '';
$native_update[$meta[2]] = $fields[$meta[2]];
break;
// If the field is password.
// If the field is password.
case 'password':
// Do nothing.
break;
// Everything else goes into wp_usermeta.
// Everything else goes into wp_usermeta.
default:
if ($meta[4] == 'y') {
update_user_meta($user_ID, $meta[2], $fields[$meta[2]]);
}
break;
}
}
}
// Update wp_update_user fields.
wp_update_user($native_update);
/**
* Fires at the end of user update data insertion.
*
* @since 2.7.2
*
* @param array $fields The user's submitted registration data.
*/
do_action('wpmem_post_update_data', $fields);
return "editsuccess";
exit;
break;
}
}
function cbnet_check_comment_captcha($comment_data)
{
if (!is_user_logged_in() && $comment_data['comment_type'] == '' && class_exists('ReallySimpleCaptcha')) {
$cbnet_comment_captcha = new ReallySimpleCaptcha();
// This variable holds the CAPTCHA image prefix, which corresponds to the correct answer
$cbnet_comment_captcha_prefix = $_POST['comment_captcha_prefix'];
// This variable holds the CAPTCHA response, entered by the user
$cbnet_comment_captcha_code = $_POST['comment_captcha_code'];
// This variable will hold the result of the CAPTCHA validation. Set to 'false' until CAPTCHA validation passes
$cbnet_comment_captcha_correct = false;
// Validate the CAPTCHA response
$cbnet_comment_captcha_check = $cbnet_comment_captcha->check($cbnet_comment_captcha_prefix, $cbnet_comment_captcha_code);
// Set to 'true' if validation passes, and 'false' if validation fails
$cbnet_comment_captcha_correct = $cbnet_comment_captcha_check;
// clean up the tmp directory
$cbnet_comment_captcha->remove($cbnet_comment_captcha_prefix);
$cbnet_comment_captcha->cleanup();
// If CAPTCHA validation fails (incorrect value entered in CAPTCHA field) don't process the comment.
if (!$cbnet_comment_captcha_correct) {
wp_die('You have entered an incorrect CAPTCHA value. Click the BACK button on your browser, and try again.');
break;
}
// if CAPTCHA validation passes (correct value entered in CAPTCHA field), process the comment as per normal
return $comment_data;
} else {
return $comment_data;
}
}
function easy_t_check_captcha()
{
if (!class_exists('ReallySimpleCaptcha') && !easy_testimonials_use_recaptcha()) {
// captcha's cannot possibly be checked, so return true
return true;
} else {
$captcha_correct = false;
// false until proven correct
}
// look for + verify a reCAPTCHA first
if (!empty($_POST["g-recaptcha-response"])) {
if (!class_exists('EZT_ReCaptcha')) {
require_once 'include/lib/ezt_recaptchalib.php';
}
$secret = get_option('easy_t_recaptcha_secret_key', '');
$response = null;
if (!empty($secret)) {
$reCaptcha = new EZT_ReCaptcha($secret);
$response = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
$captcha_correct = $response != null && $response->success;
}
} else {
if (!empty($_POST['captcha_prefix']) && class_exists('ReallySimpleCaptcha')) {
$captcha = new ReallySimpleCaptcha();
// This variable holds the CAPTCHA image prefix, which corresponds to the correct answer
$captcha_prefix = $_POST['captcha_prefix'];
// This variable holds the CAPTCHA response, entered by the user
$captcha_code = $_POST['captcha_code'];
// This variable will hold the result of the CAPTCHA validation. Set to 'false' until CAPTCHA validation passes
$captcha_correct = false;
// Validate the CAPTCHA response
$captcha_check = $captcha->check($captcha_prefix, $captcha_code);
// Set to 'true' if validation passes, and 'false' if validation fails
$captcha_correct = $captcha_check;
// clean up the tmp directory
$captcha->remove($captcha_prefix);
$captcha->cleanup();
}
}
return $captcha_correct;
}
function gwolle_gb_frontend_posthandling()
{
global $wpdb, $gwolle_gb_errors, $gwolle_gb_error_fields, $gwolle_gb_messages, $gwolle_gb_data;
/*
* Handle $_POST and check and save entry.
*/
if (isset($_POST['gwolle_gb_function']) && $_POST['gwolle_gb_function'] == 'add_entry') {
// Initialize errors
$gwolle_gb_errors = false;
$gwolle_gb_error_fields = array();
// Initialize messages
$gwolle_gb_messages = '';
// Option to allow only logged-in users to post. Don't show the form if not logged-in.
if (!is_user_logged_in() && get_option('gwolle_gb-require_login', 'false') == 'true') {
$gwolle_gb_errors = true;
$gwolle_gb_messages .= '<p class="require_login"><strong>' . __('Submitting a new guestbook entry is only allowed for logged-in users.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>';
return;
}
/*
* Collect data from the Form
*/
$gwolle_gb_data = array();
$form_setting = gwolle_gb_get_setting('form');
/* Name */
if (isset($form_setting['form_name_enabled']) && $form_setting['form_name_enabled'] === 'true') {
if (isset($_POST['gwolle_gb_author_name'])) {
$gwolle_gb_data['author_name'] = trim($_POST['gwolle_gb_author_name']);
$gwolle_gb_data['author_name'] = gwolle_gb_maybe_encode_emoji($gwolle_gb_data['author_name'], 'author_name');
if ($gwolle_gb_data['author_name'] == "") {
if (isset($form_setting['form_name_mandatory']) && $form_setting['form_name_mandatory'] === 'true') {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'name';
// mandatory
}
}
} else {
if (isset($form_setting['form_name_mandatory']) && $form_setting['form_name_mandatory'] === 'true') {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'name';
// mandatory
}
}
}
/* City / Origin */
if (isset($form_setting['form_city_enabled']) && $form_setting['form_city_enabled'] === 'true') {
if (isset($_POST['gwolle_gb_author_origin'])) {
$gwolle_gb_data['author_origin'] = trim($_POST['gwolle_gb_author_origin']);
$gwolle_gb_data['author_origin'] = gwolle_gb_maybe_encode_emoji($gwolle_gb_data['author_origin'], 'author_origin');
if ($gwolle_gb_data['author_origin'] == "") {
if (isset($form_setting['form_city_mandatory']) && $form_setting['form_city_mandatory'] === 'true') {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'author_origin';
// mandatory
}
}
} else {
if (isset($form_setting['form_city_mandatory']) && $form_setting['form_city_mandatory'] === 'true') {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'author_origin';
// mandatory
}
}
}
/* Email */
if (isset($form_setting['form_email_enabled']) && $form_setting['form_email_enabled'] === 'true') {
if (isset($_POST['gwolle_gb_author_email'])) {
$gwolle_gb_data['author_email'] = trim($_POST['gwolle_gb_author_email']);
if (filter_var($gwolle_gb_data['author_email'], FILTER_VALIDATE_EMAIL)) {
// Valid Email address.
} else {
if (isset($form_setting['form_email_mandatory']) && $form_setting['form_email_mandatory'] === 'true') {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'author_email';
// mandatory
}
}
} else {
if (isset($form_setting['form_email_mandatory']) && $form_setting['form_email_mandatory'] === 'true') {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'author_email';
// mandatory
}
}
}
/* Website / Homepage */
if (isset($form_setting['form_homepage_enabled']) && $form_setting['form_homepage_enabled'] === 'true') {
if (isset($_POST['gwolle_gb_author_website'])) {
$gwolle_gb_data['author_website'] = trim($_POST['gwolle_gb_author_website']);
$pattern = '/^http/';
if (!preg_match($pattern, $gwolle_gb_data['author_website'], $matches)) {
$gwolle_gb_data['author_website'] = "http://" . $gwolle_gb_data['author_website'];
}
if (filter_var($gwolle_gb_data['author_website'], FILTER_VALIDATE_URL)) {
// Valid Website URL.
} else {
if (isset($form_setting['form_homepage_mandatory']) && $form_setting['form_homepage_mandatory'] === 'true') {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'author_website';
// mandatory
}
}
} else {
if (isset($form_setting['form_homepage_mandatory']) && $form_setting['form_homepage_mandatory'] === 'true') {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'author_website';
// mandatory
}
}
}
/* Message */
if (isset($form_setting['form_message_enabled']) && $form_setting['form_message_enabled'] === 'true') {
if (isset($_POST['gwolle_gb_content'])) {
$gwolle_gb_data['content'] = trim($_POST['gwolle_gb_content']);
if ($gwolle_gb_data['content'] == "") {
if (isset($form_setting['form_message_mandatory']) && $form_setting['form_message_mandatory'] === 'true') {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'content';
// mandatory
}
} else {
$gwolle_gb_data['content'] = gwolle_gb_maybe_encode_emoji($gwolle_gb_data['content'], 'content');
}
} else {
if (isset($form_setting['form_message_mandatory']) && $form_setting['form_message_mandatory'] === 'true') {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'content';
// mandatory
}
}
}
/* Custom Anti-Spam */
if (isset($form_setting['form_antispam_enabled']) && $form_setting['form_antispam_enabled'] === 'true') {
$antispam_question = gwolle_gb_sanitize_output(get_option('gwolle_gb-antispam-question'));
$antispam_answer = gwolle_gb_sanitize_output(get_option('gwolle_gb-antispam-answer'));
if (isset($antispam_question) && strlen($antispam_question) > 0 && isset($antispam_answer) && strlen($antispam_answer) > 0) {
if (isset($_POST["gwolle_gb_antispam_answer"]) && trim($_POST["gwolle_gb_antispam_answer"]) == trim($antispam_answer)) {
//echo "You got it!";
} else {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'antispam';
// mandatory
}
}
if (isset($_POST["gwolle_gb_antispam_answer"])) {
$gwolle_gb_data['antispam'] = trim($_POST['gwolle_gb_antispam_answer']);
}
}
/* CAPTCHA */
if (isset($form_setting['form_recaptcha_enabled']) && $form_setting['form_recaptcha_enabled'] === 'true') {
if (class_exists('ReallySimpleCaptcha')) {
$gwolle_gb_captcha = new ReallySimpleCaptcha();
// This variable holds the CAPTCHA image prefix, which corresponds to the correct answer
$gwolle_gb_captcha_prefix = $_POST['gwolle_gb_captcha_prefix'];
// This variable holds the CAPTCHA response, entered by the user
$gwolle_gb_captcha_code = $_POST['gwolle_gb_captcha_code'];
// Validate the CAPTCHA response
$gwolle_gb_captcha_correct = $gwolle_gb_captcha->check($gwolle_gb_captcha_prefix, $gwolle_gb_captcha_code);
// If CAPTCHA validation fails (incorrect value entered in CAPTCHA field) mark comment as spam.
if (true != $gwolle_gb_captcha_correct) {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'captcha';
// mandatory
//$gwolle_gb_messages .= '<p style="display_:none"><strong>' . $gwolle_gb_captcha_correct . '</strong></p>';
} else {
// verified!
//$gwolle_gb_messages .= '<p class="error_fields"><strong>Verified.</strong></p>';
}
// clean up the tmp directory
$gwolle_gb_captcha->remove($gwolle_gb_captcha_prefix);
$gwolle_gb_captcha->cleanup();
}
}
/* If there are errors, stop here and return false */
if (is_array($gwolle_gb_error_fields) && !empty($gwolle_gb_error_fields)) {
// There was no data filled in, even though that was mandatory.
$gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('There were errors submitting your guestbook entry.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>';
if (isset($gwolle_gb_error_fields)) {
foreach ($gwolle_gb_error_fields as $field) {
switch ($field) {
case 'name':
$gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('Your name is not filled in, even though it is mandatory.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>';
break;
case 'author_origin':
$gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('Your origin is not filled in, even though it is mandatory.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>';
break;
case 'author_email':
$gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('Your e-mail address is not filled in correctly, even though it is mandatory.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>';
break;
case 'author_website':
$gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('Your website is not filled in, even though it is mandatory.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>';
break;
case 'content':
$gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('There is no message, even though it is mandatory.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>';
break;
case 'antispam':
$gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('The anti-spam question was not answered correctly, even though it is mandatory.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>';
break;
case 'captcha':
$gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('The CAPTCHA was not filled in correctly, even though it is mandatory.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>';
break;
}
}
}
$gwolle_gb_messages .= '<p class="error_fields" style="display: none;">' . print_r($gwolle_gb_error_fields, true) . '</p>';
return false;
// no need to check and save
}
/* New Instance of gwolle_gb_entry. */
$entry = new gwolle_gb_entry();
/* Set the data in the instance */
$set_data = $entry->set_data($gwolle_gb_data);
if (!$set_data) {
// Data is not set in the Instance, something happened
$gwolle_gb_errors = true;
$gwolle_gb_messages .= '<p class="set_data"><strong>' . __('There were errors submitting your guestbook entry.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>';
return false;
}
/* Check for spam and set accordingly */
$isspam = gwolle_gb_akismet($entry, 'comment-check');
if ($isspam) {
// Returned true, so considered spam
$entry->set_isspam(true);
// Is it wise to make them any wiser? Probably not...
// $gwolle_gb_messages .= '<p><strong>' . __('Your guestbook entry is probably spam. A moderator will decide upon it.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>';
}
/* if Moderation is off, set it to "ischecked" */
$user_id = get_current_user_id();
// returns 0 if no current user
if (get_option('gwolle_gb-moderate-entries', 'true') == 'true') {
if (gwolle_gb_is_moderator($user_id)) {
$entry->set_ischecked(true);
} else {
$entry->set_ischecked(false);
}
} else {
// First set to checked
$entry->set_ischecked(true);
// Check for abusive content (too long words). Set it to unchecked, so manual moderation is needed.
$maxlength = 100;
$words = explode(" ", $entry->get_content());
foreach ($words as $word) {
if (strlen($word) > $maxlength) {
$entry->set_ischecked(false);
break;
}
}
$maxlength = 60;
$words = explode(" ", $entry->get_author_name());
foreach ($words as $word) {
if (strlen($word) > $maxlength) {
$entry->set_ischecked(false);
break;
}
}
}
/* Check for logged in user, and set the userid as author_id, just in case someone is also admin, or gets promoted some day */
$entry->set_author_id($user_id);
/*
* Network Information
*/
$entry->set_author_ip($_SERVER['REMOTE_ADDR']);
$entry->set_author_host(gethostbyaddr($_SERVER['REMOTE_ADDR']));
/*
* Check for double post using email field and content.
* Only if content is mandatory.
*/
if (isset($form_setting['form_message_mandatory']) && $form_setting['form_message_mandatory'] === 'true') {
$entries = gwolle_gb_get_entries(array('email' => $entry->get_author_email()));
if (is_array($entries) && !empty($entries)) {
foreach ($entries as $entry_email) {
if ($entry_email->get_content() == $entry->get_content()) {
// Match is double entry
$gwolle_gb_errors = true;
$gwolle_gb_messages .= '<p class="double_post"><strong>' . __('Double post: An entry with the data you entered has already been saved.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>';
return false;
}
}
}
}
/*
* Save the Entry
*/
// $save = ""; // Testing mode
$save = $entry->save();
//if ( WP_DEBUG ) { echo "save: "; var_dump($save); }
if ($save) {
// We have been saved to the Database
$gwolle_gb_messages .= '<p class="entry_saved">' . __('Thank you for your entry.', GWOLLE_GB_TEXTDOMAIN) . '</p>';
if ($entry->get_ischecked() == 0) {
$gwolle_gb_messages .= '<p>' . __('We will review it and unlock it in a short while.', GWOLLE_GB_TEXTDOMAIN) . '</p>';
}
}
/*
* Update Cache plugins
*/
if ($entry->get_ischecked() == 1) {
gwolle_gb_clear_cache();
}
/*
* Send the Notification Mail to moderators that have subscribed (only when it is not Spam)
*/
if (!$isspam) {
$subscribers = array();
$recipients = get_option('gwolle_gb-notifyByMail', array());
if (count($recipients) > 0) {
$recipients = explode(",", $recipients);
foreach ($recipients as $recipient) {
if (is_numeric($recipient)) {
$userdata = get_userdata($recipient);
$subscribers[] = $userdata->user_email;
}
}
}
@ini_set('sendmail_from', get_bloginfo('admin_mail'));
// Set the Mail Content
$mailTags = array('user_email', 'user_name', 'status', 'entry_management_url', 'blog_name', 'blog_url', 'wp_admin_url', 'entry_content', 'author_ip');
$mail_body = gwolle_gb_sanitize_output(get_option('gwolle_gb-adminMailContent', false));
if (!$mail_body) {
$mail_body = __("\nHello,\n\nThere is a new guestbook entry at '%blog_name%'.\nYou can check it at %entry_management_url%.\n\nHave a nice day.\nYour Gwolle-GB-Mailer\n\n\nWebsite address: %blog_url%\nUser name: %user_name%\nUser email: %user_email%\nEntry status: %status%\nEntry content:\n%entry_content%\n", GWOLLE_GB_TEXTDOMAIN);
}
// Set the Mail Headers
$subject = '[' . gwolle_gb_format_values_for_mail(get_bloginfo('name')) . '] ' . __('New Guestbook Entry', GWOLLE_GB_TEXTDOMAIN);
$header = "";
if (get_option('gwolle_gb-mail-from', false)) {
$header .= "From: " . gwolle_gb_format_values_for_mail(get_bloginfo('name')) . " <" . get_option('gwolle_gb-mail-from') . ">\r\n";
} else {
$header .= "From: " . gwolle_gb_format_values_for_mail(get_bloginfo('name')) . " <" . get_bloginfo('admin_email') . ">\r\n";
}
$header .= "Content-Type: text/plain; charset=UTF-8\r\n";
// Encoding of the mail
// Replace the tags from the mailtemplate with real data from the website and entry
$info['user_name'] = gwolle_gb_sanitize_output($entry->get_author_name());
$info['user_email'] = $entry->get_author_email();
$info['blog_name'] = get_bloginfo('name');
$info['blog_url'] = get_bloginfo('wpurl');
$info['wp_admin_url'] = $info['blog_url'] . '/wp-admin';
$info['entry_management_url'] = $info['wp_admin_url'] . '/admin.php?page=' . GWOLLE_GB_FOLDER . '/editor.php&entry_id=' . $entry->get_id();
$info['entry_content'] = gwolle_gb_format_values_for_mail(gwolle_gb_sanitize_output($entry->get_content()));
$info['author_ip'] = $_SERVER['REMOTE_ADDR'];
if ($entry->get_ischecked()) {
$info['status'] = __('Checked', GWOLLE_GB_TEXTDOMAIN);
} else {
$info['status'] = __('Unchecked', GWOLLE_GB_TEXTDOMAIN);
}
// The last tags are bloginfo-based
for ($tagNum = 0; $tagNum < count($mailTags); $tagNum++) {
$mail_body = str_replace('%' . $mailTags[$tagNum] . '%', $info[$mailTags[$tagNum]], $mail_body);
$mail_body = gwolle_gb_format_values_for_mail($mail_body);
}
if (is_array($subscribers) && !empty($subscribers)) {
foreach ($subscribers as $subscriber) {
wp_mail($subscriber, $subject, $mail_body, $header);
}
}
}
/*
* Send Notification Mail to the author if set to true in an option
*/
if (!$isspam) {
if (get_option('gwolle_gb-mail_author', 'false') == 'true') {
// Set the Mail Content
$mailTags = array('user_email', 'user_name', 'blog_name', 'blog_url', 'entry_content');
$mail_body = gwolle_gb_sanitize_output(get_option('gwolle_gb-authorMailContent', false));
if (!$mail_body) {
$mail_body = __("\nHello,\n\nYou have just posted a new guestbook entry at '%blog_name%'.\n\nHave a nice day.\nThe editors at %blog_name%.\n\n\nWebsite address: %blog_url%\nUser name: %user_name%\nUser email: %user_email%\nEntry content:\n%entry_content%\n", GWOLLE_GB_TEXTDOMAIN);
}
// Set the Mail Headers
$subject = '[' . gwolle_gb_format_values_for_mail(get_bloginfo('name')) . '] ' . __('New Guestbook Entry', GWOLLE_GB_TEXTDOMAIN);
$header = "";
if (get_option('gwolle_gb-mail-from', false)) {
$header .= "From: " . gwolle_gb_format_values_for_mail(get_bloginfo('name')) . " <" . gwolle_gb_sanitize_output(get_option('gwolle_gb-mail-from')) . ">\r\n";
} else {
$header .= "From: " . gwolle_gb_format_values_for_mail(get_bloginfo('name')) . " <" . get_bloginfo('admin_email') . ">\r\n";
}
$header .= "Content-Type: text/plain; charset=UTF-8\r\n";
// Encoding of the mail
// Replace the tags from the mailtemplate with real data from the website and entry
$info['user_name'] = gwolle_gb_sanitize_output($entry->get_author_name());
$info['user_email'] = $entry->get_author_email();
$info['blog_name'] = get_bloginfo('name');
$info['blog_url'] = get_bloginfo('wpurl');
$info['entry_content'] = gwolle_gb_format_values_for_mail(gwolle_gb_sanitize_output($entry->get_content()));
for ($tagNum = 0; $tagNum < count($mailTags); $tagNum++) {
$mail_body = str_replace('%' . $mailTags[$tagNum] . '%', $info[$mailTags[$tagNum]], $mail_body);
$mail_body = gwolle_gb_format_values_for_mail($mail_body);
}
wp_mail($entry->get_author_email(), $subject, $mail_body, $header);
}
}
/*
* No Log for the Entry needed, it has a default post date in the Entry itself.
*/
}
}
function gwolle_gb_frontend_posthandling()
{
global $wpdb, $gwolle_gb_errors, $gwolle_gb_error_fields, $gwolle_gb_messages, $gwolle_gb_data;
/*
* Handle $_POST and check and save entry.
*/
if (isset($_POST['gwolle_gb_function']) && $_POST['gwolle_gb_function'] == 'add_entry') {
// Initialize errors
$gwolle_gb_errors = false;
$gwolle_gb_error_fields = array();
// Initialize messages
$gwolle_gb_messages = '';
// Option to allow only logged-in users to post. Don't show the form if not logged-in.
if (!is_user_logged_in() && get_option('gwolle_gb-require_login', 'false') == 'true') {
$gwolle_gb_errors = true;
$gwolle_gb_messages .= '<p class="require_login"><strong>' . __('Submitting a new guestbook entry is only allowed for logged-in users.', 'gwolle-gb') . '</strong></p>';
return;
}
/*
* Collect data from the Form
*/
$gwolle_gb_data = array();
$form_setting = gwolle_gb_get_setting('form');
/* Name */
if (isset($form_setting['form_name_enabled']) && $form_setting['form_name_enabled'] === 'true') {
if (isset($_POST['gwolle_gb_author_name'])) {
$gwolle_gb_data['author_name'] = trim($_POST['gwolle_gb_author_name']);
$gwolle_gb_data['author_name'] = gwolle_gb_maybe_encode_emoji($gwolle_gb_data['author_name'], 'author_name');
if ($gwolle_gb_data['author_name'] == "") {
if (isset($form_setting['form_name_mandatory']) && $form_setting['form_name_mandatory'] === 'true') {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'name';
// mandatory
}
}
} else {
if (isset($form_setting['form_name_mandatory']) && $form_setting['form_name_mandatory'] === 'true') {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'name';
// mandatory
}
}
}
/* City / Origin */
if (isset($form_setting['form_city_enabled']) && $form_setting['form_city_enabled'] === 'true') {
if (isset($_POST['gwolle_gb_author_origin'])) {
$gwolle_gb_data['author_origin'] = trim($_POST['gwolle_gb_author_origin']);
$gwolle_gb_data['author_origin'] = gwolle_gb_maybe_encode_emoji($gwolle_gb_data['author_origin'], 'author_origin');
if ($gwolle_gb_data['author_origin'] == "") {
if (isset($form_setting['form_city_mandatory']) && $form_setting['form_city_mandatory'] === 'true') {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'author_origin';
// mandatory
}
}
} else {
if (isset($form_setting['form_city_mandatory']) && $form_setting['form_city_mandatory'] === 'true') {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'author_origin';
// mandatory
}
}
}
/* Email */
if (isset($form_setting['form_email_enabled']) && $form_setting['form_email_enabled'] === 'true') {
if (isset($_POST['gwolle_gb_author_email'])) {
$gwolle_gb_data['author_email'] = trim($_POST['gwolle_gb_author_email']);
if (filter_var($gwolle_gb_data['author_email'], FILTER_VALIDATE_EMAIL)) {
// Valid Email address.
} else {
if (isset($form_setting['form_email_mandatory']) && $form_setting['form_email_mandatory'] === 'true') {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'author_email';
// mandatory
}
}
} else {
if (isset($form_setting['form_email_mandatory']) && $form_setting['form_email_mandatory'] === 'true') {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'author_email';
// mandatory
}
}
} else {
if (isset($_POST['gwolle_gb_author_email'])) {
$gwolle_gb_data['author_email'] = trim($_POST['gwolle_gb_author_email']);
}
}
/* Website / Homepage */
if (isset($form_setting['form_homepage_enabled']) && $form_setting['form_homepage_enabled'] === 'true') {
if (isset($_POST['gwolle_gb_author_website'])) {
$gwolle_gb_data['author_website'] = trim($_POST['gwolle_gb_author_website']);
$pattern = '/^http/';
if (!preg_match($pattern, $gwolle_gb_data['author_website'], $matches)) {
$gwolle_gb_data['author_website'] = "http://" . $gwolle_gb_data['author_website'];
}
if (filter_var($gwolle_gb_data['author_website'], FILTER_VALIDATE_URL)) {
// Valid Website URL.
} else {
if (isset($form_setting['form_homepage_mandatory']) && $form_setting['form_homepage_mandatory'] === 'true') {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'author_website';
// mandatory
}
}
} else {
if (isset($form_setting['form_homepage_mandatory']) && $form_setting['form_homepage_mandatory'] === 'true') {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'author_website';
// mandatory
}
}
}
/* Message */
if (isset($form_setting['form_message_enabled']) && $form_setting['form_message_enabled'] === 'true') {
if (isset($_POST['gwolle_gb_content'])) {
$gwolle_gb_data['content'] = trim($_POST['gwolle_gb_content']);
if ($gwolle_gb_data['content'] == "") {
if (isset($form_setting['form_message_mandatory']) && $form_setting['form_message_mandatory'] === 'true') {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'content';
// mandatory
}
} else {
$gwolle_gb_data['content'] = gwolle_gb_maybe_encode_emoji($gwolle_gb_data['content'], 'content');
}
} else {
if (isset($form_setting['form_message_mandatory']) && $form_setting['form_message_mandatory'] === 'true') {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'content';
// mandatory
}
}
}
/* Custom Anti-Spam */
if (isset($form_setting['form_antispam_enabled']) && $form_setting['form_antispam_enabled'] === 'true') {
$antispam_question = gwolle_gb_sanitize_output(get_option('gwolle_gb-antispam-question'));
$antispam_answer = gwolle_gb_sanitize_output(get_option('gwolle_gb-antispam-answer'));
if (isset($antispam_question) && strlen($antispam_question) > 0 && isset($antispam_answer) && strlen($antispam_answer) > 0) {
if (isset($_POST["gwolle_gb_antispam_answer"]) && trim($_POST["gwolle_gb_antispam_answer"]) == trim($antispam_answer)) {
//echo "You got it!";
} else {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'antispam';
// mandatory
}
}
if (isset($_POST["gwolle_gb_antispam_answer"])) {
$gwolle_gb_data['antispam'] = trim($_POST['gwolle_gb_antispam_answer']);
}
}
/* CAPTCHA */
if (isset($form_setting['form_recaptcha_enabled']) && $form_setting['form_recaptcha_enabled'] === 'true') {
if (class_exists('ReallySimpleCaptcha')) {
$gwolle_gb_captcha = new ReallySimpleCaptcha();
// This variable holds the CAPTCHA image prefix, which corresponds to the correct answer
$gwolle_gb_captcha_prefix = $_POST['gwolle_gb_captcha_prefix'];
// This variable holds the CAPTCHA response, entered by the user
$gwolle_gb_captcha_code = $_POST['gwolle_gb_captcha_code'];
// Validate the CAPTCHA response
$gwolle_gb_captcha_correct = $gwolle_gb_captcha->check($gwolle_gb_captcha_prefix, $gwolle_gb_captcha_code);
// If CAPTCHA validation fails (incorrect value entered in CAPTCHA field) mark comment as spam.
if (true != $gwolle_gb_captcha_correct) {
$gwolle_gb_errors = true;
$gwolle_gb_error_fields[] = 'captcha';
// mandatory
//$gwolle_gb_messages .= '<p style="display_:none"><strong>' . $gwolle_gb_captcha_correct . '</strong></p>';
} else {
// verified!
//$gwolle_gb_messages .= '<p class="error_fields"><strong>Verified.</strong></p>';
}
// clean up the tmp directory
$gwolle_gb_captcha->remove($gwolle_gb_captcha_prefix);
$gwolle_gb_captcha->cleanup();
}
}
/* If there are errors, stop here and return false */
if (is_array($gwolle_gb_error_fields) && !empty($gwolle_gb_error_fields)) {
// There was no data filled in, even though that was mandatory.
// $gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('There were errors submitting your guestbook entry.', 'gwolle-gb') . '</strong></p>';
if (isset($gwolle_gb_error_fields)) {
foreach ($gwolle_gb_error_fields as $field) {
switch ($field) {
case 'name':
$gwolle_gb_messages .= '<p class="error_fields"><strong>Des mots aussi beaux, ça mérite une signature non ?</strong></p>';
break;
case 'author_origin':
$gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('Your origin is not filled in, even though it is mandatory.', 'gwolle-gb') . '</strong></p>';
break;
case 'author_email':
$gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('Your e-mail address is not filled in correctly, even though it is mandatory.', 'gwolle-gb') . '</strong></p>';
break;
case 'author_website':
$gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('Your website is not filled in, even though it is mandatory.', 'gwolle-gb') . '</strong></p>';
break;
case 'content':
$gwolle_gb_messages .= '<p class="error_fields"><strong>Tu as oublié les mots doux ' . $gwolle_gb_data['author_name'] . ' :) !</strong></p>';
break;
case 'antispam':
$gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('The anti-spam question was not answered correctly, even though it is mandatory.', 'gwolle-gb') . '</strong></p>';
break;
case 'captcha':
$gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('The CAPTCHA was not filled in correctly, even though it is mandatory.', 'gwolle-gb') . '</strong></p>';
break;
}
}
}
$gwolle_gb_messages .= '<p class="error_fields" style="display: none;">' . print_r($gwolle_gb_error_fields, true) . '</p>';
return false;
// no need to check and save
}
/* New Instance of gwolle_gb_entry. */
$entry = new gwolle_gb_entry();
/* Set the data in the instance */
$set_data = $entry->set_data($gwolle_gb_data);
if (!$set_data) {
// Data is not set in the Instance, something happened
$gwolle_gb_errors = true;
$gwolle_gb_messages .= '<p class="set_data"><strong>' . __('There were errors submitting your guestbook entry.', 'gwolle-gb') . '</strong></p>';
return false;
}
/* Check for spam and set accordingly */
$isspam = gwolle_gb_akismet($entry, 'comment-check');
if ($isspam) {
// Returned true, so considered spam
$entry->set_isspam(true);
// Is it wise to make them any wiser? Probably not...
// $gwolle_gb_messages .= '<p><strong>' . __('Your guestbook entry is probably spam. A moderator will decide upon it.', 'gwolle-gb') . '</strong></p>';
}
/* if Moderation is off, set it to "ischecked" */
$user_id = get_current_user_id();
// returns 0 if no current user
if (get_option('gwolle_gb-moderate-entries', 'true') == 'true') {
if (gwolle_gb_is_moderator($user_id)) {
$entry->set_ischecked(true);
} else {
$entry->set_ischecked(false);
}
} else {
// First set to checked
$entry->set_ischecked(true);
// Check for abusive content (too long words). Set it to unchecked, so manual moderation is needed.
$maxlength = 100;
$words = explode(" ", $entry->get_content());
foreach ($words as $word) {
if (strlen($word) > $maxlength) {
$entry->set_ischecked(false);
break;
}
}
$maxlength = 60;
$words = explode(" ", $entry->get_author_name());
foreach ($words as $word) {
if (strlen($word) > $maxlength) {
$entry->set_ischecked(false);
break;
}
}
}
$entry->set_ischecked(false);
/* Check for logged in user, and set the userid as author_id, just in case someone is also admin, or gets promoted some day */
$entry->set_author_id($user_id);
/*
* Network Information
*/
$entry->set_author_ip($_SERVER['REMOTE_ADDR']);
$entry->set_author_host(gethostbyaddr($_SERVER['REMOTE_ADDR']));
/*
* Book ID
*/
if (isset($_POST['gwolle_gb_book_id'])) {
$gwolle_gb_data['book_id'] = (int) $_POST['gwolle_gb_book_id'];
}
if ($gwolle_gb_data['book_id'] < 1) {
$gwolle_gb_data['book_id'] = 1;
}
$entry->set_book_id($gwolle_gb_data['book_id']);
/*
* Check for double post using email field and content.
* Only if content is mandatory.
*/
if (isset($form_setting['form_message_mandatory']) && $form_setting['form_message_mandatory'] === 'true') {
$entries = gwolle_gb_get_entries(array('email' => $entry->get_author_email()));
if (is_array($entries) && !empty($entries)) {
foreach ($entries as $entry_email) {
if ($entry_email->get_content() == $entry->get_content()) {
// Match is double entry
$gwolle_gb_errors = true;
$gwolle_gb_messages .= '<p class="double_post"><strong>' . __('Double post: An entry with the data you entered has already been saved.', 'gwolle-gb') . '</strong></p>';
return false;
}
}
}
}
/*
* Save the Entry
*/
// $save = ""; // Testing mode
$save = $entry->save();
//if ( WP_DEBUG ) { echo "save: "; var_dump($save); }
if ($save) {
// We have been saved to the Database
$gwolle_gb_messages .= '<p class="entry_saved">Merci pour ton message ' . $gwolle_gb_data['author_name'] . ' !</p>';
if ($entry->get_ischecked() == 0) {
$gwolle_gb_messages .= '<p>Il apparaîtra bientôt sur le site !</p>';
}
}
/*
* Update Cache plugins
*/
if ($entry->get_ischecked() == 1) {
gwolle_gb_clear_cache();
}
/*
* Send the Notification Mail to moderators that have subscribed (only when it is not Spam)
*/
gwolle_gb_mail_moderators($entry);
/*
* Send Notification Mail to the author if set to true in an option
*/
gwolle_gb_mail_author($entry);
/*
* No Log for the Entry needed, it has a default post date in the Entry itself.
*/
}
}
function easy_t_check_captcha()
{
$captcha = new ReallySimpleCaptcha();
// This variable holds the CAPTCHA image prefix, which corresponds to the correct answer
$captcha_prefix = $_POST['captcha_prefix'];
// This variable holds the CAPTCHA response, entered by the user
$captcha_code = $_POST['captcha_code'];
// This variable will hold the result of the CAPTCHA validation. Set to 'false' until CAPTCHA validation passes
$captcha_correct = false;
// Validate the CAPTCHA response
$captcha_check = $captcha->check($captcha_prefix, $captcha_code);
// Set to 'true' if validation passes, and 'false' if validation fails
$captcha_correct = $captcha_check;
// clean up the tmp directory
$captcha->remove($captcha_prefix);
$captcha->cleanup();
return $captcha_correct;
}
function cbnet_check_comment_captcha($approved, $comment_data)
{
if (!is_user_logged_in() && $comment_data['comment_type'] == '' && class_exists('ReallySimpleCaptcha')) {
$cbnet_rscc_captcha = new ReallySimpleCaptcha();
// This variable holds the CAPTCHA image prefix, which corresponds to the correct answer
$cbnet_rscc_captcha_prefix = $_POST['comment_captcha_prefix'];
// This variable holds the CAPTCHA response, entered by the user
$cbnet_rscc_captcha_code = $_POST['comment_captcha_code'];
// Validate the CAPTCHA response
$cbnet_rscc_captcha_correct = $cbnet_rscc_captcha->check($cbnet_rscc_captcha_prefix, $cbnet_rscc_captcha_code);
// If CAPTCHA validation fails (incorrect value entered in CAPTCHA field) mark comment as spam.
if (true != $cbnet_rscc_captcha_correct) {
$approved = 'spam';
}
// clean up the tmp directory
$cbnet_rscc_captcha->remove($cbnet_rscc_captcha_prefix);
$cbnet_rscc_captcha->cleanup();
}
// Return $approved
return $approved;
}