class-wc-form-handler.php — WooCommerce 10.8.1

woocommerce / includes / class-wc-form-handler.php

woocommerce / includes Last commit date

class-wc-form-handler.php

1242 lines

1	<?php
2	/**
3	* Handle frontend forms.
4	*
5	* @package WooCommerce\Classes\
6	*/
7
8	use Automattic\WooCommerce\Enums\OrderStatus;
9	use Automattic\WooCommerce\Enums\PaymentGatewayFeature;
10	use Automattic\WooCommerce\Enums\ProductType;
11
12	defined( 'ABSPATH' ) \|\| exit;
13
14	/**
15	* WC_Form_Handler class.
16	*/
17	class WC_Form_Handler {
18
19	/**
20	* Hook in methods.
21	*/
22	public static function init() {
23	add_action( 'template_redirect', array( __CLASS__, 'redirect_reset_password_link' ) );
24	add_action( 'template_redirect', array( __CLASS__, 'save_address' ) );
25	add_action( 'template_redirect', array( __CLASS__, 'save_account_details' ) );
26	add_action( 'wp_loaded', array( __CLASS__, 'checkout_action' ), 20 );
27	add_action( 'wp_loaded', array( __CLASS__, 'process_login' ), 20 );
28	add_action( 'wp_loaded', array( __CLASS__, 'process_registration' ), 20 );
29	add_action( 'wp_loaded', array( __CLASS__, 'process_lost_password' ), 20 );
30	add_action( 'wp_loaded', array( __CLASS__, 'process_reset_password' ), 20 );
31	add_action( 'wp_loaded', array( __CLASS__, 'cancel_order' ), 20 );
32	add_action( 'wp_loaded', array( __CLASS__, 'update_cart_action' ), 20 );
33	add_action( 'wp_loaded', array( __CLASS__, 'add_to_cart_action' ), 20 );
34
35	// May need $wp global to access query vars.
36	add_action( 'wp', array( __CLASS__, 'pay_action' ), 20 );
37	add_action( 'wp', array( __CLASS__, 'add_payment_method_action' ), 20 );
38	add_action( 'wp', array( __CLASS__, 'delete_payment_method_action' ), 20 );
39	add_action( 'wp', array( __CLASS__, 'set_default_payment_method_action' ), 20 );
40	}
41
42	/**
43	* Remove key and user ID (or user login, as a fallback) from query string, set cookie, and redirect to account page to show the form.
44	*/
45	public static function redirect_reset_password_link() {
46	if ( is_account_page() && isset( $_GET['key'] ) && ( isset( $_GET['id'] ) \|\| isset( $_GET['login'] ) ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
47
48	// If available, get $user_id from query string parameter for fallback purposes.
49	if ( isset( $_GET['login'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
50	$user = get_user_by( 'login', sanitize_user( wp_unslash( $_GET['login'] ) ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
51	$user_id = $user ? $user->ID : 0;
52	} else {
53	$user_id = absint( $_GET['id'] ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
54	}
55
56	// If the reset token is not for the current user, ignore the reset request (don't redirect).
57	$logged_in_user_id = get_current_user_id();
58	if ( $logged_in_user_id && $logged_in_user_id !== $user_id ) {
59	wc_add_notice( __( 'This password reset key is for a different user account. Please log out and try again.', 'woocommerce' ), 'error' );
60	return;
61	}
62
63	$action = isset( $_GET['action'] ) ? sanitize_text_field( wp_unslash( $_GET['action'] ) ) : '';
64	$value = sprintf( '%d:%s', $user_id, wp_unslash( $_GET['key'] ) ); // phpcs:ignore
65	WC_Shortcode_My_Account::set_reset_password_cookie( $value );
66	wp_safe_redirect(
67	add_query_arg(
68	array(
69	'show-reset-form' => 'true',
70	'action' => $action,
71	),
72	wc_lostpassword_url()
73	)
74	);
75	exit;
76	}
77	}
78
79	/**
80	* Save and and update a billing or shipping address if the
81	* form was submitted through the user account page.
82	*/
83	public static function save_address() {
84	global $wp;
85
86	$nonce_value = wc_get_var( $_REQUEST['woocommerce-edit-address-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
87
88	if ( ! wp_verify_nonce( $nonce_value, 'woocommerce-edit_address' ) ) {
89	return;
90	}
91
92	if ( empty( $_POST['action'] ) \|\| 'edit_address' !== $_POST['action'] ) {
93	return;
94	}
95
96	wc_nocache_headers();
97
98	$user_id = get_current_user_id();
99
100	if ( $user_id <= 0 ) {
101	return;
102	}
103
104	$customer = new WC_Customer( $user_id );
105
106	if ( ! $customer ) {
107	return;
108	}
109
110	$address_type = isset( $wp->query_vars['edit-address'] ) ? wc_edit_address_i18n( sanitize_title( $wp->query_vars['edit-address'] ), true ) : 'billing';
111
112	if ( ! isset( $_POST[ $address_type . '_country' ] ) ) {
113	return;
114	}
115
116	$address = WC()->countries->get_address_fields( wc_clean( wp_unslash( $_POST[ $address_type . '_country' ] ) ), $address_type . '_' );
117
118	foreach ( $address as $key => $field ) {
119	if ( ! isset( $field['type'] ) ) {
120	$field['type'] = 'text';
121	}
122
123	// Get Value.
124	if ( 'checkbox' === $field['type'] ) {
125	$value = (int) isset( $_POST[ $key ] );
126	} else {
127	$value = isset( $_POST[ $key ] ) ? wc_clean( wp_unslash( $_POST[ $key ] ) ) : '';
128	}
129
130	// Hook to allow modification of value.
131	$value = apply_filters( 'woocommerce_process_myaccount_field_' . $key, $value );
132
133	// Validation: Required fields.
134	if ( ! empty( $field['required'] ) && empty( $value ) ) {
135	/* translators: %s: Field name. */
136	wc_add_notice( sprintf( __( '%s is a required field.', 'woocommerce' ), $field['label'] ), 'error', array( 'id' => $key ) );
137	}
138
139	if ( ! empty( $value ) ) {
140	// Validation and formatting rules.
141	if ( ! empty( $field['validate'] ) && is_array( $field['validate'] ) ) {
142	foreach ( $field['validate'] as $rule ) {
143	switch ( $rule ) {
144	case 'postcode':
145	$country = wc_clean( wp_unslash( $_POST[ $address_type . '_country' ] ) );
146	$value = wc_format_postcode( $value, $country );
147
148	if ( '' !== $value && ! WC_Validation::is_postcode( $value, $country ) ) {
149	switch ( $country ) {
150	case 'IE':
151	$postcode_validation_notice = __( 'Please enter a valid Eircode.', 'woocommerce' );
152	break;
153	default:
154	$postcode_validation_notice = __( 'Please enter a valid postcode / ZIP.', 'woocommerce' );
155	}
156	wc_add_notice( $postcode_validation_notice, 'error' );
157	}
158	break;
159	case 'phone':
160	if ( '' !== $value && ! WC_Validation::is_phone( $value ) ) {
161	/* translators: %s: Phone number. */
162	wc_add_notice( sprintf( __( '%s is not a valid phone number.', 'woocommerce' ), '<strong>' . $field['label'] . '</strong>' ), 'error' );
163	}
164	break;
165	case 'email':
166	$value = strtolower( $value );
167
168	if ( ! is_email( $value ) ) {
169	/* translators: %s: Email address. */
170	wc_add_notice( sprintf( __( '%s is not a valid email address.', 'woocommerce' ), '<strong>' . $field['label'] . '</strong>' ), 'error' );
171	}
172	break;
173	}
174	}
175	}
176	}
177
178	try {
179	// Set prop in customer object.
180	if ( is_callable( array( $customer, "set_$key" ) ) ) {
181	$customer->{"set_$key"}( $value );
182	} else {
183	$customer->update_meta_data( $key, $value );
184	}
185	} catch ( WC_Data_Exception $e ) {
186	// Set notices. Ignore invalid billing email, since is already validated.
187	if ( 'customer_invalid_billing_email' !== $e->getErrorCode() ) {
188	wc_add_notice( $e->getMessage(), 'error' );
189	}
190	}
191	}
192
193	/**
194	* Hook: woocommerce_after_save_address_validation.
195	*
196	* Allow developers to add custom validation logic and throw an error to prevent save.
197	*
198	* @since 3.6.0
199	* @param int $user_id User ID being saved.
200	* @param string $address_type Type of address; 'billing' or 'shipping'.
201	* @param array $address The address fields.
202	* @param WC_Customer $customer The customer object being saved.
203	*/
204	do_action( 'woocommerce_after_save_address_validation', $user_id, $address_type, $address, $customer );
205
206	if ( 0 < wc_notice_count( 'error' ) ) {
207	return;
208	}
209
210	$customer->save();
211
212	/**
213	* Hook: woocommerce_customer_save_address.
214	*
215	* Fires after a customer address has been saved.
216	*
217	* @since 3.6.0
218	* @param int $user_id User ID being saved.
219	* @param string $address_type Type of address; 'billing' or 'shipping'.
220	* @param array $address The address fields. Since 9.8.0.
221	* @param WC_Customer $customer The customer object being saved. Since 9.8.0.
222	*/
223	do_action( 'woocommerce_customer_save_address', $user_id, $address_type, $address, $customer );
224
225	if ( 0 < wc_notice_count( 'error' ) ) {
226	return;
227	}
228
229	wc_add_notice( __( 'Address changed successfully.', 'woocommerce' ) );
230	wp_safe_redirect( wc_get_endpoint_url( 'edit-address', '', wc_get_page_permalink( 'myaccount' ) ) );
231	exit;
232	}
233
234	/**
235	* Save the password/account details and redirect back to the my account page.
236	*/
237	public static function save_account_details() {
238	$nonce_value = wc_get_var( $_REQUEST['save-account-details-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
239
240	if ( ! wp_verify_nonce( $nonce_value, 'save_account_details' ) ) {
241	return;
242	}
243
244	if ( empty( $_POST['action'] ) \|\| 'save_account_details' !== $_POST['action'] ) {
245	return;
246	}
247
248	wc_nocache_headers();
249
250	$user_id = get_current_user_id();
251
252	if ( $user_id <= 0 ) {
253	return;
254	}
255
256	$account_first_name = ! empty( $_POST['account_first_name'] ) ? wc_clean( wp_unslash( $_POST['account_first_name'] ) ) : '';
257	$account_last_name = ! empty( $_POST['account_last_name'] ) ? wc_clean( wp_unslash( $_POST['account_last_name'] ) ) : '';
258	$account_display_name = ! empty( $_POST['account_display_name'] ) ? wc_clean( wp_unslash( $_POST['account_display_name'] ) ) : '';
259	$account_email = ! empty( $_POST['account_email'] ) ? wc_clean( wp_unslash( $_POST['account_email'] ) ) : '';
260	$pass_cur = ! empty( $_POST['password_current'] ) ? $_POST['password_current'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
261	$pass1 = ! empty( $_POST['password_1'] ) ? $_POST['password_1'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
262	$pass2 = ! empty( $_POST['password_2'] ) ? $_POST['password_2'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
263	$save_pass = true;
264
265	// Current user data.
266	$current_user = get_user_by( 'id', $user_id );
267	$current_first_name = $current_user->first_name;
268	$current_last_name = $current_user->last_name;
269	$current_email = $current_user->user_email;
270
271	// New user data.
272	$user = new stdClass();
273	$user->ID = $user_id;
274	$user->first_name = $account_first_name;
275	$user->last_name = $account_last_name;
276	$user->display_name = $account_display_name;
277
278	// Prevent display name to be changed to email.
279	if ( is_email( $account_display_name ) ) {
280	wc_add_notice( __( 'Display name cannot be changed to email address due to privacy concern.', 'woocommerce' ), 'error' );
281	}
282
283	// Handle required fields.
284	$required_fields = apply_filters(
285	'woocommerce_save_account_details_required_fields',
286	array(
287	'account_first_name' => __( 'First name', 'woocommerce' ),
288	'account_last_name' => __( 'Last name', 'woocommerce' ),
289	'account_display_name' => __( 'Display name', 'woocommerce' ),
290	'account_email' => __( 'Email address', 'woocommerce' ),
291	)
292	);
293
294	foreach ( $required_fields as $field_key => $field_name ) {
295	if ( empty( $_POST[ $field_key ] ) ) {
296	/* translators: %s: Field name. */
297	wc_add_notice( sprintf( __( '%s is a required field.', 'woocommerce' ), '<strong>' . esc_html( $field_name ) . '</strong>' ), 'error', array( 'id' => $field_key ) );
298	}
299	}
300
301	if ( $account_email ) {
302	$account_email = sanitize_email( $account_email );
303	if ( ! is_email( $account_email ) ) {
304	wc_add_notice( __( 'Please provide a valid email address.', 'woocommerce' ), 'error' );
305	} elseif ( email_exists( $account_email ) && $account_email !== $current_user->user_email ) {
306	wc_add_notice( __( 'This email address is already registered.', 'woocommerce' ), 'error' );
307	}
308	$user->user_email = $account_email;
309	}
310
311	if ( ! empty( $pass_cur ) && empty( $pass1 ) && empty( $pass2 ) ) {
312	wc_add_notice( __( 'Please fill out all password fields.', 'woocommerce' ), 'error' );
313	$save_pass = false;
314	} elseif ( ! empty( $pass1 ) && empty( $pass_cur ) ) {
315	wc_add_notice( __( 'Please enter your current password.', 'woocommerce' ), 'error' );
316	$save_pass = false;
317	} elseif ( ! empty( $pass1 ) && empty( $pass2 ) ) {
318	wc_add_notice( __( 'Please re-enter your password.', 'woocommerce' ), 'error' );
319	$save_pass = false;
320	} elseif ( ( ! empty( $pass1 ) \|\| ! empty( $pass2 ) ) && $pass1 !== $pass2 ) {
321	wc_add_notice( __( 'New passwords do not match.', 'woocommerce' ), 'error' );
322	$save_pass = false;
323	} elseif ( ! empty( $pass1 ) && ! wp_check_password( $pass_cur, $current_user->user_pass, $current_user->ID ) ) {
324	wc_add_notice( __( 'Your current password is incorrect.', 'woocommerce' ), 'error' );
325	$save_pass = false;
326	}
327
328	if ( $pass1 && $save_pass ) {
329	$user->user_pass = $pass1;
330	}
331
332	// Allow plugins to return their own errors.
333	$errors = new WP_Error();
334	do_action_ref_array( 'woocommerce_save_account_details_errors', array( &$errors, &$user ) );
335
336	if ( $errors->get_error_messages() ) {
337	foreach ( $errors->get_error_messages() as $error ) {
338	wc_add_notice( $error, 'error' );
339	}
340	}
341
342	if ( wc_notice_count( 'error' ) === 0 ) {
343	wp_update_user( $user );
344
345	// Update customer object to keep data in sync.
346	try {
347	$customer = new WC_Customer( $user->ID );
348
349	// Keep billing data in sync if data changed.
350	if ( isset( $user->user_email ) && is_email( $user->user_email ) && $current_email !== $user->user_email ) {
351	$customer->set_billing_email( $user->user_email );
352	}
353
354	if ( $current_first_name !== $user->first_name ) {
355	$customer->set_billing_first_name( $user->first_name );
356	}
357
358	if ( $current_last_name !== $user->last_name ) {
359	$customer->set_billing_last_name( $user->last_name );
360	}
361
362	$customer->save();
363	} catch ( WC_Data_Exception $e ) {
364	// These error messages are already translated.
365	wc_add_notice( $e->getMessage(), 'error' );
366	} catch ( \Exception $e ) {
367	wc_add_notice(
368	sprintf(
369	/* translators: %s: Error message. */
370	__( 'An error occurred while saving account details: %s', 'woocommerce' ),
371	esc_html( $e->getMessage() )
372	),
373	'error'
374	);
375	}
376
377	/**
378	* Hook: woocommerce_save_account_details.
379	*
380	* @since 3.6.0
381	* @param int $user_id User ID being saved.
382	*/
383	do_action( 'woocommerce_save_account_details', $user->ID );
384
385	// Notices are checked here so that if something created a notice during the save hooks above, the redirect will not happen.
386	if ( 0 === wc_notice_count( 'error' ) ) {
387	wc_add_notice( __( 'Account details changed successfully.', 'woocommerce' ) );
388	wp_safe_redirect( wc_get_endpoint_url( 'edit-account', '', wc_get_page_permalink( 'myaccount' ) ) );
389	exit;
390	}
391	}
392	}
393
394	/**
395	* Process the checkout form.
396	*/
397	public static function checkout_action() {
398	if ( isset( $_POST['woocommerce_checkout_place_order'] ) \|\| isset( $_POST['woocommerce_checkout_update_totals'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
399	wc_nocache_headers();
400
401	if ( WC()->cart->is_empty() ) {
402	wp_safe_redirect( wc_get_cart_url() );
403	exit;
404	}
405
406	wc_maybe_define_constant( 'WOOCOMMERCE_CHECKOUT', true );
407
408	WC()->checkout()->process_checkout();
409	}
410	}
411
412	/**
413	* Process the pay form.
414	*
415	* @throws Exception On payment error.
416	*/
417	public static function pay_action() {
418	global $wp;
419
420	if ( isset( $_POST['woocommerce_pay'], $_GET['key'] ) ) {
421	wc_nocache_headers();
422
423	$nonce_value = wc_get_var( $_REQUEST['woocommerce-pay-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
424
425	if ( ! wp_verify_nonce( $nonce_value, 'woocommerce-pay' ) ) {
426	return;
427	}
428
429	ob_start();
430
431	// Pay for existing order.
432	$order_key = wp_unslash( $_GET['key'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
433	$order_id = absint( $wp->query_vars['order-pay'] );
434	$order = wc_get_order( $order_id );
435
436	if ( $order_id === $order->get_id() && hash_equals( $order->get_order_key(), $order_key ) && $order->needs_payment() ) {
437
438	do_action( 'woocommerce_before_pay_action', $order );
439
440	WC()->customer->set_props(
441	array(
442	'billing_country' => $order->get_billing_country() ? $order->get_billing_country() : null,
443	'billing_state' => $order->get_billing_state() ? $order->get_billing_state() : null,
444	'billing_postcode' => $order->get_billing_postcode() ? $order->get_billing_postcode() : null,
445	'billing_city' => $order->get_billing_city() ? $order->get_billing_city() : null,
446	)
447	);
448	WC()->customer->save();
449
450	if ( ! empty( $_POST['terms-field'] ) && empty( $_POST['terms'] ) ) {
451	wc_add_notice( __( 'Please read and accept the terms and conditions to proceed with your order.', 'woocommerce' ), 'error' );
452	return;
453	}
454
455	// Update payment method.
456	if ( $order->needs_payment() ) {
457	try {
458	$payment_method_id = isset( $_POST['payment_method'] ) ? wc_clean( wp_unslash( $_POST['payment_method'] ) ) : false;
459
460	if ( ! $payment_method_id ) {
461	throw new Exception( __( 'Invalid payment method.', 'woocommerce' ) );
462	}
463
464	$available_gateways = WC()->payment_gateways->get_available_payment_gateways();
465	$payment_method = isset( $available_gateways[ $payment_method_id ] ) ? $available_gateways[ $payment_method_id ] : false;
466
467	if ( ! $payment_method ) {
468	throw new Exception( __( 'Invalid payment method.', 'woocommerce' ) );
469	}
470
471	$order->set_payment_method( $payment_method );
472	$order->save();
473
474	$payment_method->validate_fields();
475
476	if ( 0 === wc_notice_count( 'error' ) ) {
477
478	$result = $payment_method->process_payment( $order_id );
479
480	// Redirect to success/confirmation/payment page.
481	if ( isset( $result['result'] ) && 'success' === $result['result'] ) {
482	$result['order_id'] = $order_id;
483
484	$result = apply_filters( 'woocommerce_payment_successful_result', $result, $order_id );
485
486	wp_redirect( $result['redirect'] ); //phpcs:ignore WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
487	exit;
488	}
489	}
490	} catch ( Exception $e ) {
491	wc_add_notice( $e->getMessage(), 'error' );
492	}
493	} else {
494	// No payment was required for order.
495	$order->payment_complete();
496	wp_safe_redirect( $order->get_checkout_order_received_url() );
497	exit;
498	}
499
500	do_action( 'woocommerce_after_pay_action', $order );
501
502	}
503	}
504	}
505
506	/**
507	* Process the add payment method form.
508	*/
509	public static function add_payment_method_action() {
510	if ( isset( $_POST['woocommerce_add_payment_method'], $_POST['payment_method'] ) ) {
511	wc_nocache_headers();
512
513	$nonce_value = wc_get_var( $_REQUEST['woocommerce-add-payment-method-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
514
515	if ( ! wp_verify_nonce( $nonce_value, 'woocommerce-add-payment-method' ) ) {
516	return;
517	}
518
519	if ( ! apply_filters( 'woocommerce_add_payment_method_form_is_valid', true ) ) {
520	return;
521	}
522
523	// Test rate limit.
524	$current_user_id = get_current_user_id();
525	$rate_limit_id = 'add_payment_method_' . $current_user_id;
526	$delay = (int) apply_filters( 'woocommerce_payment_gateway_add_payment_method_delay', 20 );
527
528	if ( WC_Rate_Limiter::retried_too_soon( $rate_limit_id ) ) {
529	wc_add_notice(
530	sprintf(
531	/* translators: %d number of seconds */
532	_n(
533	'You cannot add a new payment method so soon after the previous one. Please wait for %d second.',
534	'You cannot add a new payment method so soon after the previous one. Please wait for %d seconds.',
535	$delay,
536	'woocommerce'
537	),
538	$delay
539	),
540	'error'
541	);
542	return;
543	}
544
545	WC_Rate_Limiter::set_rate_limit( $rate_limit_id, $delay );
546
547	ob_start();
548
549	$payment_method_id = wc_clean( wp_unslash( $_POST['payment_method'] ) );
550	$available_gateways = WC()->payment_gateways->get_available_payment_gateways();
551
552	if ( isset( $available_gateways[ $payment_method_id ] ) ) {
553	$gateway = $available_gateways[ $payment_method_id ];
554
555	if ( ! $gateway->supports( PaymentGatewayFeature::ADD_PAYMENT_METHOD ) && ! $gateway->supports( PaymentGatewayFeature::TOKENIZATION ) ) {
556	wc_add_notice( __( 'Invalid payment gateway.', 'woocommerce' ), 'error' );
557	return;
558	}
559
560	$gateway->validate_fields();
561
562	if ( wc_notice_count( 'error' ) > 0 ) {
563	return;
564	}
565
566	$result = $gateway->add_payment_method();
567
568	if ( 'success' === $result['result'] ) {
569	wc_add_notice( __( 'Payment method successfully added.', 'woocommerce' ) );
570	}
571
572	if ( 'failure' === $result['result'] ) {
573	wc_add_notice( __( 'Unable to add payment method to your account.', 'woocommerce' ), 'error' );
574	}
575
576	if ( ! empty( $result['redirect'] ) ) {
577	wp_redirect( $result['redirect'] ); //phpcs:ignore WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
578	exit();
579	}
580	}
581	}
582	}
583
584	/**
585	* Process the delete payment method form.
586	*/
587	public static function delete_payment_method_action() {
588	global $wp;
589
590	if ( isset( $wp->query_vars['delete-payment-method'] ) ) {
591	wc_nocache_headers();
592
593	$token_id = absint( $wp->query_vars['delete-payment-method'] );
594	$token = WC_Payment_Tokens::get( $token_id );
595
596	if ( is_null( $token ) \|\| get_current_user_id() !== $token->get_user_id() \|\| ! isset( $_REQUEST['_wpnonce'] ) \|\| false === wp_verify_nonce( wp_unslash( $_REQUEST['_wpnonce'] ), 'delete-payment-method-' . $token_id ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
597	wc_add_notice( __( 'Invalid payment method.', 'woocommerce' ), 'error' );
598	} else {
599	WC_Payment_Tokens::delete( $token_id );
600	wc_add_notice( __( 'Payment method deleted.', 'woocommerce' ) );
601	}
602
603	wp_safe_redirect( wc_get_account_endpoint_url( 'payment-methods' ) );
604	exit();
605	}
606	}
607
608	/**
609	* Process the delete payment method form.
610	*/
611	public static function set_default_payment_method_action() {
612	global $wp;
613
614	if ( isset( $wp->query_vars['set-default-payment-method'] ) ) {
615	wc_nocache_headers();
616
617	$token_id = absint( $wp->query_vars['set-default-payment-method'] );
618	$token = WC_Payment_Tokens::get( $token_id );
619
620	if ( is_null( $token ) \|\| get_current_user_id() !== $token->get_user_id() \|\| ! isset( $_REQUEST['_wpnonce'] ) \|\| false === wp_verify_nonce( wp_unslash( $_REQUEST['_wpnonce'] ), 'set-default-payment-method-' . $token_id ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
621	wc_add_notice( __( 'Invalid payment method.', 'woocommerce' ), 'error' );
622	} else {
623	WC_Payment_Tokens::set_users_default( $token->get_user_id(), intval( $token_id ) );
624	wc_add_notice( __( 'This payment method was successfully set as your default.', 'woocommerce' ) );
625	}
626
627	wp_safe_redirect( wc_get_account_endpoint_url( 'payment-methods' ) );
628	exit();
629	}
630	}
631
632	/**
633	* Remove from cart/update.
634	*/
635	public static function update_cart_action() {
636	if ( ! ( isset( $_REQUEST['apply_coupon'] ) \|\| isset( $_REQUEST['remove_coupon'] ) \|\| isset( $_REQUEST['remove_item'] ) \|\| isset( $_REQUEST['undo_item'] ) \|\| isset( $_REQUEST['update_cart'] ) \|\| isset( $_REQUEST['proceed'] ) ) ) {
637	return;
638	}
639
640	wc_maybe_define_constant( 'WOOCOMMERCE_CART', true );
641
642	wc_nocache_headers();
643
644	$nonce_value = wc_get_var( $_REQUEST['woocommerce-cart-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
645
646	if ( ! empty( $_POST['apply_coupon'] ) && ! empty( $_POST['coupon_code'] ) ) {
647	WC()->cart->add_discount( wc_format_coupon_code( wp_unslash( $_POST['coupon_code'] ) ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
648
649	} elseif ( isset( $_GET['remove_coupon'] ) ) {
650	WC()->cart->remove_coupon( wc_format_coupon_code( urldecode( wp_unslash( $_GET['remove_coupon'] ) ) ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
651
652	} elseif ( ! empty( $_GET['remove_item'] ) && wp_verify_nonce( $nonce_value, 'woocommerce-cart' ) ) {
653	$cart_item_key = sanitize_text_field( wp_unslash( $_GET['remove_item'] ) );
654	$cart_item = WC()->cart->get_cart_item( $cart_item_key );
655
656	if ( $cart_item ) {
657	$removed = WC()->cart->remove_cart_item( $cart_item_key );
658
659	if ( $removed ) {
660	/**
661	* Fires when a cart item is removed from a user request.
662	*
663	* @param string $cart_item_key Cart item key.
664	* @param \WC_Cart $cart Cart object.
665	*
666	* @since 10.6.0
667	*/
668	do_action( 'internal_woocommerce_cart_item_removed_from_user_request', $cart_item_key, WC()->cart );
669	}
670
671	$product = wc_get_product( $cart_item['product_id'] );
672
673	/* translators: %s: Item name. */
674	$item_removed_title = apply_filters( 'woocommerce_cart_item_removed_title', $product ? sprintf( _x( '“%s”', 'Item name in quotes', 'woocommerce' ), $product->get_name() ) : __( 'Item', 'woocommerce' ), $cart_item );
675
676	// Don't show undo link if removed item is out of stock.
677	if ( $product && $product->is_in_stock() && $product->has_enough_stock( $cart_item['quantity'] ) ) {
678	/* Translators: %s Product title. */
679	$removed_notice = sprintf( __( '%s removed.', 'woocommerce' ), $item_removed_title );
680	$removed_notice .= ' <a href="' . esc_url( wc_get_cart_undo_url( $cart_item_key ) ) . '" class="restore-item">' . __( 'Undo?', 'woocommerce' ) . '</a>';
681	} else {
682	/* Translators: %s Product title. */
683	$removed_notice = sprintf( __( '%s removed.', 'woocommerce' ), $item_removed_title );
684	}
685
686	wc_add_notice( $removed_notice, apply_filters( 'woocommerce_cart_item_removed_notice_type', 'success' ) );
687	}
688
689	if ( wp_get_referer() ) {
690	wp_safe_redirect( remove_query_arg( array( 'remove_item', 'add-to-cart', 'added-to-cart', 'order_again', '_wpnonce' ), add_query_arg( 'removed_item', '1', wp_get_referer() ) ) );
691	exit;
692	}
693	} elseif ( ! empty( $_GET['undo_item'] ) && isset( $_GET['_wpnonce'] ) && wp_verify_nonce( $nonce_value, 'woocommerce-cart' ) ) {
694
695	// Undo Cart Item.
696	$cart_item_key = sanitize_text_field( wp_unslash( $_GET['undo_item'] ) );
697
698	WC()->cart->restore_cart_item( $cart_item_key );
699
700	if ( wp_get_referer() ) {
701	wp_safe_redirect( remove_query_arg( array( 'undo_item', '_wpnonce' ), wp_get_referer() ) );
702	exit;
703	}
704	}
705
706	// Update Cart - checks apply_coupon too because they are in the same form.
707	if ( ( ! empty( $_POST['apply_coupon'] ) \|\| ! empty( $_POST['update_cart'] ) \|\| ! empty( $_POST['proceed'] ) ) && wp_verify_nonce( $nonce_value, 'woocommerce-cart' ) ) {
708
709	$cart_updated = false;
710	$cart_totals = isset( $_POST['cart'] ) ? wp_unslash( $_POST['cart'] ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
711
712	if ( ! WC()->cart->is_empty() && is_array( $cart_totals ) ) {
713	foreach ( WC()->cart->get_cart() as $cart_item_key => $values ) {
714
715	$_product = $values['data'];
716
717	// Skip product if no updated quantity was posted.
718	if ( ! isset( $cart_totals[ $cart_item_key ] ) \|\| ! isset( $cart_totals[ $cart_item_key ]['qty'] ) ) {
719	continue;
720	}
721
722	// Sanitize.
723	$quantity = apply_filters( 'woocommerce_stock_amount_cart_item', wc_stock_amount( preg_replace( '/[^0-9\.]/', '', $cart_totals[ $cart_item_key ]['qty'] ) ), $cart_item_key );
724
725	if ( '' === $quantity \|\| $quantity === $values['quantity'] ) {
726	continue;
727	}
728
729	// Update cart validation.
730	$passed_validation = apply_filters( 'woocommerce_update_cart_validation', true, $cart_item_key, $values, $quantity );
731
732	// is_sold_individually.
733	if ( $_product->is_sold_individually() && $quantity > 1 ) {
734	/* Translators: %s Product title. */
735	wc_add_notice( sprintf( __( 'You can only have 1 %s in your cart.', 'woocommerce' ), $_product->get_name() ), 'error' );
736	$passed_validation = false;
737	}
738
739	if ( $passed_validation ) {
740	$old_quantity = $values['quantity'];
741	WC()->cart->set_quantity( $cart_item_key, $quantity, false );
742	$cart_updated = true;
743
744	/**
745	* Fires when a cart item quantity is updated from a user request.
746	*
747	* @param string $cart_item_key Cart item key.
748	* @param int\|float $quantity New quantity.
749	* @param int\|float $old_quantity Old quantity.
750	* @param \WC_Cart $cart Cart object.
751	*
752	* @since 10.6.0
753	*/
754	do_action( 'internal_woocommerce_cart_item_updated_from_user_request', $cart_item_key, $quantity, $old_quantity, WC()->cart );
755	}
756	}
757	}
758
759	// Trigger action - let 3rd parties update the cart if they need to and update the $cart_updated variable.
760	$cart_updated = apply_filters( 'woocommerce_update_cart_action_cart_updated', $cart_updated );
761
762	if ( $cart_updated ) {
763	WC()->cart->calculate_totals();
764	}
765
766	if ( ! empty( $_POST['proceed'] ) ) {
767	wp_safe_redirect( wc_get_checkout_url() );
768	exit;
769	} elseif ( $cart_updated ) {
770	wc_add_notice( __( 'Cart updated.', 'woocommerce' ), apply_filters( 'woocommerce_cart_updated_notice_type', 'success' ) );
771
772	if ( wp_get_referer() ) {
773	wp_safe_redirect( remove_query_arg( array( 'remove_coupon', 'add-to-cart' ), wp_get_referer() ) );
774	exit;
775	}
776	}
777	}
778	}
779
780	/**
781	* Place a previous order again.
782	*
783	* @deprecated 3.5.0 Logic moved to cart session handling.
784	*/
785	public static function order_again() {
786	wc_deprecated_function( 'WC_Form_Handler::order_again', '3.5', 'This method should not be called manually.' );
787	}
788
789	/**
790	* Cancel a pending order.
791	*/
792	public static function cancel_order() {
793	if (
794	isset( $_GET['cancel_order'] ) &&
795	isset( $_GET['order'] ) &&
796	isset( $_GET['order_id'] ) &&
797	( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( wp_unslash( $_GET['_wpnonce'] ), 'woocommerce-cancel_order' ) ) // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
798	) {
799	wc_nocache_headers();
800
801	$order_key = wp_unslash( $_GET['order'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
802	$order_id = absint( $_GET['order_id'] );
803	$order = wc_get_order( $order_id );
804	/**
805	* Filter valid order statuses for cancel.
806	*
807	* @since 3.5.0
808	*
809	* @param array $valid_statuses Array of valid order statuses for cancel.
810	* @param WC_Order $order Order object.
811	*/
812	$valid_statuses = apply_filters( 'woocommerce_valid_order_statuses_for_cancel', array( OrderStatus::PENDING, OrderStatus::FAILED ), $order );
813	$user_can_cancel = current_user_can( 'cancel_order', $order_id );
814	$order_can_cancel = $order->has_status( $valid_statuses );
815	$redirect = isset( $_GET['redirect'] ) ? wp_unslash( $_GET['redirect'] ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
816
817	if ( $user_can_cancel && $order_can_cancel && $order->get_id() === $order_id && hash_equals( $order->get_order_key(), $order_key ) ) {
818
819	// Cancel the order + restore stock.
820	WC()->session->set( 'order_awaiting_payment', false );
821	$order->update_status( OrderStatus::CANCELLED, __( 'Order cancelled by customer.', 'woocommerce' ) );
822
823	wc_add_notice( apply_filters( 'woocommerce_order_cancelled_notice', __( 'Your order was cancelled.', 'woocommerce' ) ), apply_filters( 'woocommerce_order_cancelled_notice_type', 'notice' ) );
824
825	do_action( 'woocommerce_cancelled_order', $order->get_id() );
826
827	} elseif ( $user_can_cancel && ! $order_can_cancel ) {
828	wc_add_notice( __( 'Your order can no longer be cancelled. Please contact us if you need assistance.', 'woocommerce' ), 'error' );
829	} else {
830	wc_add_notice( __( 'Invalid order.', 'woocommerce' ), 'error' );
831	}
832
833	if ( $redirect ) {
834	wp_safe_redirect( $redirect );
835	exit;
836	}
837	}
838	}
839
840	/**
841	* Add to cart action.
842	*
843	* Checks for a valid request, does validation (via hooks) and then redirects if valid.
844	*
845	* @param bool $url (default: false) URL to redirect to.
846	*/
847	public static function add_to_cart_action( $url = false ) {
848	if ( ! isset( $_REQUEST['add-to-cart'] ) \|\| ! is_numeric( wp_unslash( $_REQUEST['add-to-cart'] ) ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
849	return;
850	}
851
852	wc_nocache_headers();
853
854	$product_id = apply_filters( 'woocommerce_add_to_cart_product_id', absint( wp_unslash( $_REQUEST['add-to-cart'] ) ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
855	$was_added_to_cart = false;
856	$adding_to_cart = wc_get_product( $product_id );
857
858	if ( ! $adding_to_cart ) {
859	return;
860	}
861
862	$add_to_cart_handler = apply_filters( 'woocommerce_add_to_cart_handler', $adding_to_cart->get_type(), $adding_to_cart );
863
864	if ( ProductType::VARIABLE === $add_to_cart_handler \|\| ProductType::VARIATION === $add_to_cart_handler ) {
865	$was_added_to_cart = self::add_to_cart_handler_variable( $product_id );
866	$product_id = ! empty( $_REQUEST['variation_id'] ) ? absint( wp_unslash( $_REQUEST['variation_id'] ) ) : $product_id; // phpcs:ignore WordPress.Security.NonceVerification.Recommended
867	} elseif ( ProductType::GROUPED === $add_to_cart_handler ) {
868	$was_added_to_cart = self::add_to_cart_handler_grouped( $product_id );
869	} elseif ( has_action( 'woocommerce_add_to_cart_handler_' . $add_to_cart_handler ) ) {
870	do_action( 'woocommerce_add_to_cart_handler_' . $add_to_cart_handler, $url ); // Custom handler.
871	} else {
872	$was_added_to_cart = self::add_to_cart_handler_simple( $product_id );
873	}
874
875	// If we added the product to the cart we can now optionally do a redirect.
876	if ( $was_added_to_cart && 0 === wc_notice_count( 'error' ) ) {
877	$quantity = empty( $_REQUEST['quantity'] ) ? 1 : wc_stock_amount( wp_unslash( $_REQUEST['quantity'] ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
878
879	/**
880	* Fires when an item is added to the cart from a user request.
881	*
882	* @param int $product_id Product ID.
883	* @param int\|float $quantity Quantity added to the cart.
884	*
885	* @since 10.6.0
886	*/
887	do_action( 'internal_woocommerce_cart_item_added_from_user_request', $product_id, $quantity );
888
889	$url = apply_filters( 'woocommerce_add_to_cart_redirect', $url, $adding_to_cart );
890
891	if ( $url ) {
892	wp_safe_redirect( $url );
893	exit;
894	} elseif ( 'yes' === get_option( 'woocommerce_cart_redirect_after_add' ) ) {
895	wp_safe_redirect( wc_get_cart_url() );
896	exit;
897	}
898	}
899	}
900
901	/**
902	* Handle adding simple products to the cart.
903	*
904	* @since 2.4.6 Split from add_to_cart_action.
905	* @param int $product_id Product ID to add to the cart.
906	* @return bool success or not
907	*/
908	private static function add_to_cart_handler_simple( $product_id ) {
909	if ( ! WC()->cart ) {
910	wc_doing_it_wrong( __FUNCTION__, 'Cart is not initialized.', '10.5.0' );
911	return false;
912	}
913
914	$quantity = empty( $_REQUEST['quantity'] ) ? 1 : wc_stock_amount( wp_unslash( $_REQUEST['quantity'] ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
915	$passed_validation = apply_filters( 'woocommerce_add_to_cart_validation', true, $product_id, $quantity );
916
917	if ( $passed_validation && false !== WC()->cart->add_to_cart( $product_id, $quantity ) ) {
918	wc_add_to_cart_message( array( $product_id => $quantity ), true );
919	return true;
920	}
921	return false;
922	}
923
924	/**
925	* Handle adding grouped products to the cart.
926	*
927	* @since 2.4.6 Split from add_to_cart_action.
928	* @param int $product_id Product ID to add to the cart.
929	* @return bool success or not
930	*/
931	private static function add_to_cart_handler_grouped( $product_id ) {
932	$was_added_to_cart = false;
933	$added_to_cart = array();
934	$items = isset( $_REQUEST['quantity'] ) && is_array( $_REQUEST['quantity'] ) ? wp_unslash( $_REQUEST['quantity'] ) : array(); // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
935
936	if ( ! empty( $items ) ) {
937	$quantity_set = false;
938
939	foreach ( $items as $item => $quantity ) {
940	$quantity = wc_stock_amount( $quantity );
941	if ( $quantity <= 0 ) {
942	continue;
943	}
944	$quantity_set = true;
945
946	// Add to cart validation.
947	$passed_validation = apply_filters( 'woocommerce_add_to_cart_validation', true, $item, $quantity );
948
949	// Suppress total recalculation until finished.
950	remove_action( 'woocommerce_add_to_cart', array( WC()->cart, 'calculate_totals' ), 20, 0 );
951
952	if ( $passed_validation && false !== WC()->cart->add_to_cart( $item, $quantity ) ) {
953	$was_added_to_cart = true;
954	$added_to_cart[ $item ] = $quantity;
955	}
956
957	add_action( 'woocommerce_add_to_cart', array( WC()->cart, 'calculate_totals' ), 20, 0 );
958	}
959
960	if ( ! $was_added_to_cart && ! $quantity_set ) {
961	wc_add_notice( __( 'Please choose the quantity of items you wish to add to your cart…', 'woocommerce' ), 'error' );
962	} elseif ( $was_added_to_cart ) {
963	wc_add_to_cart_message( $added_to_cart );
964	WC()->cart->calculate_totals();
965	return true;
966	}
967	} elseif ( $product_id ) {
968	/* Link on product archives */
969	wc_add_notice( __( 'Please choose a product to add to your cart…', 'woocommerce' ), 'error' );
970	}
971	return false;
972	}
973
974	/**
975	* Handle adding variable products to the cart.
976	*
977	* @since 2.4.6 Split from add_to_cart_action.
978	* @throws Exception If add to cart fails.
979	* @param int $product_id Product ID to add to the cart.
980	* @return bool success or not
981	*/
982	private static function add_to_cart_handler_variable( $product_id ) {
983	$variation_id = empty( $_REQUEST['variation_id'] ) ? '' : absint( wp_unslash( $_REQUEST['variation_id'] ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
984	$quantity = empty( $_REQUEST['quantity'] ) ? 1 : wc_stock_amount( wp_unslash( $_REQUEST['quantity'] ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
985	$variations = array();
986
987	$product = wc_get_product( $product_id );
988
989	foreach ( $_REQUEST as $key => $value ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
990	if ( 'attribute_' !== substr( $key, 0, 10 ) ) {
991	continue;
992	}
993
994	$variations[ sanitize_title( wp_unslash( $key ) ) ] = wp_unslash( $value );
995	}
996
997	$passed_validation = apply_filters( 'woocommerce_add_to_cart_validation', true, $product_id, $quantity, $variation_id, $variations );
998
999	if ( ! $passed_validation ) {
1000	return false;
1001	}
1002
1003	// Prevent parent variable product from being added to cart.
1004	if ( empty( $variation_id ) && $product && $product->is_type( ProductType::VARIABLE ) ) {
1005	$current_url = isset( $_SERVER['REQUEST_URI'] ) ? wp_parse_url( sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ) ), PHP_URL_PATH ) : '';
1006	$product_url = wp_parse_url( get_permalink( $product_id ), PHP_URL_PATH );
1007	$is_in_product_page = $current_url && $product_url && untrailingslashit( $current_url ) === untrailingslashit( $product_url );
1008
1009	if ( $is_in_product_page ) {
1010	/* translators: 1: product name */
1011	$error_message = sprintf( __( 'Please choose product options for %1$s.', 'woocommerce' ), esc_html( $product->get_name() ) );
1012	} else {
1013	/* translators: 1: product link, 2: product name */
1014	$error_message = sprintf( __( 'Please choose product options by visiting <a href="%1$s" title="%2$s">%2$s</a>.', 'woocommerce' ), esc_url( get_permalink( $product_id ) ), esc_html( $product->get_name() ) );
1015	}
1016
1017	wc_add_notice( $error_message, 'error' );
1018
1019	return false;
1020	}
1021
1022	if ( false !== WC()->cart->add_to_cart( $product_id, $quantity, $variation_id, $variations ) ) {
1023	wc_add_to_cart_message( array( $product_id => $quantity ), true );
1024	return true;
1025	}
1026
1027	return false;
1028	}
1029
1030	/**
1031	* Process the login form.
1032	*
1033	* @throws Exception On login error.
1034	*/
1035	public static function process_login() {
1036
1037	static $valid_nonce = null;
1038
1039	if ( null === $valid_nonce ) {
1040	// The global form-login.php template used `_wpnonce` in template versions < 3.3.0.
1041	$nonce_value = wc_get_var( $_REQUEST['woocommerce-login-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
1042
1043	$valid_nonce = wp_verify_nonce( $nonce_value, 'woocommerce-login' );
1044	}
1045
1046	if ( isset( $_POST['login'], $_POST['username'], $_POST['password'] ) && is_string( $_POST['username'] ) && is_string( $_POST['password'] ) && $valid_nonce ) {
1047
1048	try {
1049	$creds = array(
1050	'user_login' => trim( wp_unslash( $_POST['username'] ) ), // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1051	'user_password' => $_POST['password'], // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
1052	'remember' => isset( $_POST['rememberme'] ), // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1053	);
1054
1055	$validation_error = new WP_Error();
1056	$validation_error = apply_filters( 'woocommerce_process_login_errors', $validation_error, $creds['user_login'], $creds['user_password'] );
1057
1058	if ( $validation_error->get_error_code() ) {
1059	throw new Exception( '<strong>' . __( 'Error:', 'woocommerce' ) . '</strong> ' . $validation_error->get_error_message() );
1060	}
1061
1062	if ( empty( $creds['user_login'] ) ) {
1063	throw new Exception( '<strong>' . __( 'Error:', 'woocommerce' ) . '</strong> ' . __( 'Username is required.', 'woocommerce' ) );
1064	}
1065
1066	// On multisite, ensure user exists on current site, if not add them before allowing login.
1067	if ( is_multisite() ) {
1068	$user_data = get_user_by( is_email( $creds['user_login'] ) ? 'email' : 'login', $creds['user_login'] );
1069
1070	if ( $user_data && ! is_user_member_of_blog( $user_data->ID, get_current_blog_id() ) ) {
1071	add_user_to_blog( get_current_blog_id(), $user_data->ID, 'customer' );
1072	}
1073	}
1074
1075	// Perform the login.
1076	$user = wp_signon( apply_filters( 'woocommerce_login_credentials', $creds ), is_ssl() );
1077
1078	if ( is_wp_error( $user ) ) {
1079	throw new Exception( $user->get_error_message() );
1080	} else {
1081
1082	if ( ! empty( $_POST['redirect'] ) ) {
1083	$redirect = wp_unslash( $_POST['redirect'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1084	} elseif ( wc_get_raw_referer() ) {
1085	$redirect = wc_get_raw_referer();
1086	} else {
1087	$redirect = wc_get_page_permalink( 'myaccount' );
1088	}
1089
1090	$redirect = remove_query_arg( array( 'wc_error', 'password-reset' ), $redirect );
1091
1092	wp_redirect( wp_validate_redirect( apply_filters( 'woocommerce_login_redirect', $redirect, $user ), wc_get_page_permalink( 'myaccount' ) ) ); // phpcs:ignore
1093	exit;
1094	}
1095	} catch ( Exception $e ) {
1096	wc_add_notice( apply_filters( 'login_errors', $e->getMessage() ), 'error' );
1097	do_action( 'woocommerce_login_failed' );
1098	}
1099	}
1100	}
1101
1102	/**
1103	* Handle lost password form.
1104	*/
1105	public static function process_lost_password() {
1106	if ( isset( $_POST['wc_reset_password'], $_POST['user_login'] ) ) {
1107	$nonce_value = wc_get_var( $_REQUEST['woocommerce-lost-password-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
1108
1109	if ( ! wp_verify_nonce( $nonce_value, 'lost_password' ) ) {
1110	return;
1111	}
1112
1113	$success = WC_Shortcode_My_Account::retrieve_password();
1114
1115	// If successful, redirect to my account with query arg set.
1116	if ( $success ) {
1117	wp_safe_redirect( add_query_arg( 'reset-link-sent', 'true', wc_get_account_endpoint_url( 'lost-password' ) ) );
1118	exit;
1119	}
1120	}
1121	}
1122
1123	/**
1124	* Handle reset password form.
1125	*/
1126	public static function process_reset_password() {
1127	$nonce_value = wc_get_var( $_REQUEST['woocommerce-reset-password-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
1128
1129	if ( ! wp_verify_nonce( $nonce_value, 'reset_password' ) ) {
1130	return;
1131	}
1132
1133	$posted_fields = array( 'wc_reset_password', 'password_1', 'password_2', 'reset_key', 'reset_login' );
1134
1135	foreach ( $posted_fields as $field ) {
1136	if ( ! isset( $_POST[ $field ] ) ) {
1137	return;
1138	}
1139
1140	if ( in_array( $field, array( 'password_1', 'password_2' ), true ) ) {
1141	// Don't unslash password fields
1142	// @see https://github.com/woocommerce/woocommerce/issues/23922.
1143	$posted_fields[ $field ] = $_POST[ $field ]; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
1144	} else {
1145	$posted_fields[ $field ] = wp_unslash( $_POST[ $field ] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1146	}
1147	}
1148
1149	$user = WC_Shortcode_My_Account::check_password_reset_key( $posted_fields['reset_key'], $posted_fields['reset_login'] );
1150
1151	if ( $user instanceof WP_User ) {
1152	if ( empty( $posted_fields['password_1'] ) ) {
1153	wc_add_notice( __( 'Please enter your password.', 'woocommerce' ), 'error' );
1154	}
1155
1156	if ( $posted_fields['password_1'] !== $posted_fields['password_2'] ) {
1157	wc_add_notice( __( 'Passwords do not match.', 'woocommerce' ), 'error' );
1158	}
1159
1160	$errors = new WP_Error();
1161
1162	do_action( 'validate_password_reset', $errors, $user );
1163
1164	wc_add_wp_error_notices( $errors );
1165
1166	if ( 0 === wc_notice_count( 'error' ) ) {
1167	WC_Shortcode_My_Account::reset_password( $user, $posted_fields['password_1'] );
1168
1169	do_action( 'woocommerce_customer_reset_password', $user );
1170
1171	wp_safe_redirect( add_query_arg( 'password-reset', 'true', wc_get_page_permalink( 'myaccount' ) ) );
1172	exit;
1173	}
1174	}
1175	}
1176
1177	/**
1178	* Process the registration form.
1179	*
1180	* @throws Exception On registration error.
1181	*/
1182	public static function process_registration() {
1183	$nonce_value = isset( $_POST['_wpnonce'] ) ? wp_unslash( $_POST['_wpnonce'] ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1184	$nonce_value = isset( $_POST['woocommerce-register-nonce'] ) ? wp_unslash( $_POST['woocommerce-register-nonce'] ) : $nonce_value; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1185
1186	if ( isset( $_POST['register'], $_POST['email'] ) && wp_verify_nonce( $nonce_value, 'woocommerce-register' ) ) {
1187	$username = 'no' === get_option( 'woocommerce_registration_generate_username' ) && isset( $_POST['username'] ) ? wp_unslash( $_POST['username'] ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1188	$password = 'no' === get_option( 'woocommerce_registration_generate_password' ) && isset( $_POST['password'] ) ? $_POST['password'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
1189	$email = wp_unslash( $_POST['email'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1190
1191	try {
1192	$validation_error = new WP_Error();
1193	$validation_error = apply_filters( 'woocommerce_process_registration_errors', $validation_error, $username, $password, $email );
1194	$validation_errors = $validation_error->get_error_messages();
1195
1196	if ( 1 === count( $validation_errors ) ) {
1197	throw new Exception( $validation_error->get_error_message() );
1198	} elseif ( $validation_errors ) {
1199	foreach ( $validation_errors as $message ) {
1200	wc_add_notice( '<strong>' . __( 'Error:', 'woocommerce' ) . '</strong> ' . $message, 'error' );
1201	}
1202	throw new Exception();
1203	}
1204
1205	$new_customer = wc_create_new_customer( sanitize_email( $email ), wc_clean( $username ), $password );
1206
1207	if ( is_wp_error( $new_customer ) ) {
1208	throw new Exception( $new_customer->get_error_message() );
1209	}
1210
1211	if ( 'yes' === get_option( 'woocommerce_registration_generate_password' ) ) {
1212	wc_add_notice( __( 'Your account was created successfully and a password has been sent to your email address.', 'woocommerce' ) );
1213	} else {
1214	wc_add_notice( __( 'Your account was created successfully. Your login details have been sent to your email address.', 'woocommerce' ) );
1215	}
1216
1217	// Only redirect after a forced login - otherwise output a success notice.
1218	if ( apply_filters( 'woocommerce_registration_auth_new_customer', true, $new_customer ) ) {
1219	wc_set_customer_auth_cookie( $new_customer );
1220
1221	if ( ! empty( $_POST['redirect'] ) ) {
1222	$redirect = wp_sanitize_redirect( wp_unslash( $_POST['redirect'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1223	} elseif ( wc_get_raw_referer() ) {
1224	$redirect = wc_get_raw_referer();
1225	} else {
1226	$redirect = wc_get_page_permalink( 'myaccount' );
1227	}
1228
1229	wp_redirect( wp_validate_redirect( apply_filters( 'woocommerce_registration_redirect', $redirect ), wc_get_page_permalink( 'myaccount' ) ) ); //phpcs:ignore WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
1230	exit;
1231	}
1232	} catch ( Exception $e ) {
1233	if ( $e->getMessage() ) {
1234	wc_add_notice( '<strong>' . __( 'Error:', 'woocommerce' ) . '</strong> ' . $e->getMessage(), 'error' );
1235	}
1236	}
1237	}
1238	}
1239	}
1240
1241	WC_Form_Handler::init();
1242