PluginProbe ʕ •ᴥ•ʔ
GiveWP – Donation Plugin and Fundraising Platform / 2.9.2
GiveWP – Donation Plugin and Fundraising Platform v2.9.2
4.16.3 4.16.2 4.16.1 4.16.0 4.15.5 4.15.4 4.15.3 4.15.2 4.15.1 4.15.0 2.3.0 2.3.1 2.3.2 2.30.0 2.31.0 2.31.1 2.32.0 2.33.0 2.33.1 2.33.2 2.33.3 2.33.4 2.33.5 2.4.0 2.4.1 2.4.2 2.4.3 2.4.4 2.4.5 2.4.6 2.4.7 2.5.0 2.5.1 2.5.10 2.5.11 2.5.12 2.5.13 2.5.2 2.5.3 2.5.4 2.5.5 2.5.6 2.5.7 2.5.8 2.5.9 2.6.0 2.6.1 2.6.2 2.6.3 2.7.0 2.7.1 2.7.2 2.7.3 2.7.4 2.7.5 2.8.0 2.8.1 2.9.0 2.9.1 2.9.2 2.9.3 2.9.4 2.9.5 2.9.6 2.9.7 3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.1.0 3.1.1 3.1.2 3.10.0 3.11.0 3.12.0 3.12.1 3.12.2 3.12.3 3.13.0 3.14.0 3.14.1 3.14.2 3.15.0 3.15.1 3.16.0 3.16.1 3.16.2 3.16.3 3.16.4 3.16.5 3.17.0 3.17.1 3.17.2 3.18.0 3.19.0 3.19.1 3.19.2 3.19.3 3.19.4 3.2.0 3.2.1 3.2.2 3.20.0 3.21.0 3.21.1 3.22.0 3.22.1 3.22.2 3.3.0 3.3.1 3.4.0 3.4.1 3.4.2 3.5.0 3.5.1 3.6.0 3.6.1 3.6.2 3.7.0 3.8.0 3.9.0 4.0.0 4.1.0 4.1.1 4.10.0 4.10.1 4.11.0 4.12.0 4.13.0 4.13.1 4.13.2 4.14.0 4.14.1 4.14.2 4.14.3 4.14.4 4.14.5 4.14.6 4.2.0 4.2.1 4.3.0 4.3.1 4.3.2 4.4.0 4.5.0 4.6.1 4.7.0 4.7.1 4.8.0 4.8.1 4.9.0 trunk 1.9.0 2.0.0 2.0.1 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.0.7 2.1.0 2.1.1 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 2.1.8 2.10.0 2.10.1 2.10.2 2.10.3 2.10.4 2.11.0 2.11.1 2.11.2 2.11.3 2.12.0 2.12.1 2.12.2 2.12.3 2.13.0 2.13.1 2.13.2 2.13.3 2.13.4 2.14.0 2.15.0 2.16.0 2.16.1 2.17.0 2.17.1 2.17.3 2.18.0 2.18.1 2.19.1 2.19.2 2.19.3 2.19.4 2.19.5 2.19.6 2.19.7 2.19.8 2.2.0 2.2.1 2.2.2 2.2.3 2.2.4 2.2.5 2.2.6 2.20.0 2.20.1 2.20.2 2.21.0 2.21.1 2.21.2 2.21.3 2.21.4 2.22.0 2.22.1 2.22.2 2.22.3 2.23.0 2.23.1 2.23.2 2.24.0 2.24.1 2.24.2 2.25.0 2.25.1 2.25.2 2.25.3 2.26.0 2.27.0 2.27.1 2.27.2 2.27.3 2.28.0 2.29.0 2.29.1 2.29.2
give / includes / class-give-email-access.php
give / includes Last commit date
admin 5 years ago api 5 years ago database 6 years ago deprecated 5 years ago donors 5 years ago emails 6 years ago forms 5 years ago frontend 6 years ago gateways 5 years ago libraries 6 years ago payments 5 years ago actions.php 6 years ago ajax-functions.php 5 years ago class-give-async-process.php 6 years ago class-give-background-updater.php 6 years ago class-give-cache-setting.php 5 years ago class-give-cache.php 6 years ago class-give-cli-commands.php 6 years ago class-give-comment.php 6 years ago class-give-cron.php 6 years ago class-give-donate-form.php 6 years ago class-give-donor.php 6 years ago class-give-email-access.php 6 years ago class-give-license-handler.php 5 years ago class-give-logging.php 6 years ago class-give-readme-parser.php 6 years ago class-give-roles.php 6 years ago class-give-scripts.php 5 years ago class-give-session.php 5 years ago class-give-stats.php 6 years ago class-give-template-loader.php 6 years ago class-give-tooltips.php 6 years ago class-give-translation.php 6 years ago class-notices.php 5 years ago country-functions.php 5 years ago currencies-list.php 6 years ago currency-functions.php 6 years ago error-tracking.php 6 years ago filters.php 6 years ago formatting.php 6 years ago install.php 5 years ago login-register.php 6 years ago misc-functions.php 5 years ago plugin-compatibility.php 6 years ago post-types.php 5 years ago price-functions.php 6 years ago process-donation.php 5 years ago setting-functions.php 6 years ago shortcodes.php 6 years ago template-functions.php 6 years ago user-functions.php 6 years ago
class-give-email-access.php
414 lines
1 <?php
2 /**
3 * Email Access
4 *
5 * @package Give
6 * @subpackage Classes/Give_Email_Access
7 * @copyright Copyright (c) 2016, GiveWP
8 * @license https://opensource.org/licenses/gpl-license GNU Public License
9 * @since 1.4
10 */
11
12 // Exit if accessed directly.
13 if ( ! defined( 'ABSPATH' ) ) {
14 exit;
15 }
16
17 /**
18 * Give_Email_Access class
19 *
20 * This class handles email access, allowing donors access to their donation w/o logging in;
21 *
22 * Based on the work from Matt Gibbs - https://github.com/FacetWP/edd-no-logins
23 *
24 * @since 1.0
25 */
26 class Give_Email_Access {
27
28 /**
29 * Token exists
30 *
31 * @since 1.0
32 * @access public
33 *
34 * @var bool
35 */
36 public $token_exists = false;
37
38 /**
39 * Token email
40 *
41 * @since 1.0
42 * @access public
43 *
44 * @var bool
45 */
46 public $token_email = false;
47
48 /**
49 * Token
50 *
51 * @since 1.0
52 * @access public
53 *
54 * @var bool
55 */
56 public $token = false;
57
58 /**
59 * Error
60 *
61 * @since 1.0
62 * @access public
63 *
64 * @var string
65 */
66 public $error = '';
67
68 /**
69 * Verify throttle
70 *
71 * @since 1.0
72 * @access public
73 *
74 * @var
75 */
76 public $verify_throttle;
77
78 /**
79 * Limit throttle
80 *
81 * @since 1.8.17
82 * @access public
83 *
84 * @var
85 */
86 public $limit_throttle;
87
88 /**
89 * Verify expiration
90 *
91 * @since 1.0
92 * @access private
93 *
94 * @var string
95 */
96 private $token_expiration;
97
98 /**
99 * Class Constructor
100 *
101 * Set up the Give Email Access Class.
102 *
103 * @since 1.0
104 * @access public
105 */
106 public function __construct() {
107
108 // Get it started.
109 add_action( 'wp', [ $this, 'setup' ] );
110 }
111
112 /**
113 * Setup hooks
114 *
115 * @since 2.4.0
116 */
117 public function setup() {
118
119 $is_email_access_on_page = apply_filters( 'give_is_email_access_on_page', give_is_success_page() || give_is_history_page() );
120
121 if ( $is_email_access_on_page ) {
122 // Get it started.
123 add_action( 'wp', [ $this, 'init' ], 14 );
124 }
125 }
126
127 /**
128 * Init
129 *
130 * Register defaults and filters
131 *
132 * @since 1.0
133 * @access public
134 *
135 * @return void
136 */
137 public function init() {
138
139 // Bail Out, if user is logged in.
140 if ( is_user_logged_in() ) {
141 return;
142 }
143
144 // Are db columns setup?
145 $column_exists = Give()->donors->does_column_exist( 'token' );
146 if ( ! $column_exists ) {
147 $this->create_columns();
148 }
149
150 // Timeouts.
151 $this->verify_throttle = apply_filters( 'give_nl_verify_throttle', 300 );
152 $this->limit_throttle = apply_filters( 'give_nl_limit_throttle', 3 );
153 $this->token_expiration = apply_filters( 'give_nl_token_expiration', 7200 );
154
155 // Setup login.
156 $this->check_for_token();
157
158 if ( $this->token_exists ) {
159 add_filter( 'give_user_pending_verification', '__return_false' );
160 add_filter( 'give_get_users_donations_args', [ $this, 'users_donations_args' ] );
161 }
162
163 }
164
165 /**
166 * Prevent email spamming.
167 *
168 * @param int $donor_id Donor ID.
169 *
170 * @since 1.0
171 * @access public
172 *
173 * @return bool
174 */
175 public function can_send_email( $donor_id ) {
176
177 $donor = Give()->donors->get_donor_by( 'id', $donor_id );
178
179 if ( is_object( $donor ) ) {
180
181 $email_throttle_count = (int) give_get_meta( $donor_id, '_give_email_throttle_count', true );
182
183 $cache_key = "give_cache_email_throttle_limit_exhausted_{$donor_id}";
184 if (
185 $email_throttle_count < $this->limit_throttle &&
186 true !== Give_Cache::get( $cache_key )
187 ) {
188 give_update_meta( $donor_id, '_give_email_throttle_count', $email_throttle_count + 1 );
189 } else {
190 give_update_meta( $donor_id, '_give_email_throttle_count', 0 );
191 Give_Cache::set( $cache_key, true, $this->verify_throttle );
192 return false;
193 }
194 }
195
196 return true;
197 }
198
199 /**
200 * Send the user's token
201 *
202 * @param int $donor_id Donor id.
203 * @param string $email Donor email.
204 *
205 * @since 1.0
206 * @access public
207 *
208 * @return bool
209 */
210 public function send_email( $donor_id, $email ) {
211 return apply_filters( 'give_email-access_email_notification', $donor_id, $email );
212 }
213
214 /**
215 * This function is used to fetch the token value from query string or cookies based on availability.
216 *
217 * @since 2.4.1
218 * @access public
219 *
220 * @return string
221 */
222 public function get_token() {
223
224 $token = isset( $_GET['give_nl'] ) ? give_clean( $_GET['give_nl'] ) : '';
225
226 // Check for cookie.
227 if ( empty( $token ) ) {
228 $token = isset( $_COOKIE['give_nl'] ) ? give_clean( $_COOKIE['give_nl'] ) : '';
229 }
230
231 return $token;
232 }
233
234 /**
235 * Has the user authenticated?
236 *
237 * @since 1.0
238 * @access public
239 *
240 * @return bool
241 */
242 public function check_for_token() {
243
244 $token = $this->get_token();
245
246 // Must have a token.
247 if ( ! empty( $token ) ) {
248
249 if ( ! $this->is_valid_token( $token ) ) {
250 if ( ! $this->is_valid_verify_key( $token ) ) {
251 return false;
252 }
253 }
254
255 // Set Receipt Access Session.
256 Give()->session->maybe_start_session();
257 Give()->session->set( 'receipt_access', true );
258 $this->token_exists = true;
259
260 // Set cookie.
261 $lifetime = current_time( 'timestamp' ) + Give()->session->set_expiration_time();
262 @setcookie( 'give_nl', $token, $lifetime, COOKIEPATH, COOKIE_DOMAIN, false );
263
264 return true;
265 }
266 }
267
268 /**
269 * Is this a valid token?
270 *
271 * @since 1.0
272 * @access public
273 *
274 * @param $token string The token.
275 *
276 * @return bool
277 */
278 public function is_valid_token( $token ) {
279
280 global $wpdb;
281
282 // Make sure token isn't expired.
283 $expires = date( 'Y-m-d H:i:s', time() - $this->token_expiration );
284
285 $email = $wpdb->get_var(
286 $wpdb->prepare( "SELECT email FROM {$wpdb->donors} WHERE verify_key = %s AND verify_throttle >= %s LIMIT 1", $token, $expires )
287 );
288
289 if ( ! empty( $email ) ) {
290 $this->token_email = $email;
291 $this->token = $token;
292 return true;
293 }
294
295 // Set error only if email access form isn't being submitted.
296 if (
297 ! isset( $_POST['give_email'] ) &&
298 ! isset( $_POST['_wpnonce'] )
299 ) {
300 give_set_error( 'give_email_token_expired', apply_filters( 'give_email_token_expired_message', __( 'Your access token has expired. Please request a new one.', 'give' ) ) );
301 }
302
303 return false;
304
305 }
306
307 /**
308 * Add the verify key to DB
309 *
310 * @param int $donor_id Donor id.
311 * @param string $email Donor email.
312 * @param string $verify_key The verification key.
313 *
314 * @since 1.0
315 * @access public
316 *
317 * @return void
318 */
319 public function set_verify_key( $donor_id, $email, $verify_key ) {
320 global $wpdb;
321
322 $now = date( 'Y-m-d H:i:s' );
323
324 // Insert or update?
325 $row_id = (int) $wpdb->get_var(
326 $wpdb->prepare( "SELECT id FROM {$wpdb->donors} WHERE id = %d LIMIT 1", $donor_id )
327 );
328
329 // Update.
330 if ( ! empty( $row_id ) ) {
331 $wpdb->query(
332 $wpdb->prepare( "UPDATE {$wpdb->donors} SET verify_key = %s, verify_throttle = %s WHERE id = %d LIMIT 1", $verify_key, $now, $row_id )
333 );
334 } // Insert.
335 else {
336 $wpdb->query(
337 $wpdb->prepare( "INSERT INTO {$wpdb->donors} ( verify_key, verify_throttle) VALUES (%s, %s)", $verify_key, $now )
338 );
339 }
340 }
341
342 /**
343 * Is this a valid verify key?
344 *
345 * @since 1.0
346 * @access public
347 *
348 * @param $token string The token.
349 *
350 * @return bool
351 */
352 public function is_valid_verify_key( $token ) {
353 /* @var WPDB $wpdb */
354 global $wpdb;
355
356 // See if the verify_key exists.
357 $row = $wpdb->get_row(
358 $wpdb->prepare( "SELECT id, email FROM {$wpdb->donors} WHERE verify_key = %s LIMIT 1", $token )
359 );
360
361 $now = date( 'Y-m-d H:i:s' );
362
363 // Set token and remove verify key.
364 if ( ! empty( $row ) ) {
365 $wpdb->query(
366 $wpdb->prepare( "UPDATE {$wpdb->donors} SET verify_key = '', token = %s, verify_throttle = %s WHERE id = %d LIMIT 1", $token, $now, $row->id )
367 );
368
369 $this->token_email = $row->email;
370 $this->token = $token;
371
372 return true;
373 }
374
375 return false;
376 }
377
378 /**
379 * Users donations args
380 *
381 * Force Give to find donations by email, not user ID.
382 *
383 * @since 1.0
384 * @access public
385 *
386 * @param $args array User Donations arguments.
387 *
388 * @return mixed
389 */
390 public function users_donations_args( $args ) {
391 $args['user'] = $this->token_email;
392
393 return $args;
394 }
395
396 /**
397 * Create required columns
398 *
399 * Create the necessary columns for email access
400 *
401 * @since 1.0
402 * @access public
403 *
404 * @return void
405 */
406 public function create_columns() {
407
408 global $wpdb;
409
410 // Create columns in donors table.
411 $wpdb->query( "ALTER TABLE {$wpdb->donors} ADD `token` VARCHAR(255) CHARACTER SET utf8 NOT NULL, ADD `verify_key` VARCHAR(255) CHARACTER SET utf8 NOT NULL AFTER `token`, ADD `verify_throttle` DATETIME NOT NULL AFTER `verify_key`" );
412 }
413 }
414