PluginProbe ʕ •ᴥ•ʔ
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress / 3.1
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress v3.1
4.16.19 4.16.18 4.16.17 4.16.16 trunk 1.0 1.0.1 1.0.2 1.1 1.1.1 1.1.2 1.1.3 1.1.4 1.1.5 1.1.5a 1.1.6 1.1.7 1.2 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.3 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.4 1.4.1 1.4.2 1.5 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.6 1.6.1 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.7 1.7.1 1.7.2 1.8 1.8.1 1.8.10 1.8.2 1.8.3 1.8.4 1.8.5 1.8.6 1.8.7 1.8.8 1.8.9 1.9 1.9.1 1.9.10 1.9.11 1.9.12 1.9.13 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.7 1.9.8 1.9.9 2.1.9 2.2.10 2.2.11 2.2.12 2.2.13 2.2.14 2.2.15 2.2.16 2.2.2 2.2.5 2.2.6 2.2.7 2.2.8 2.2.9 3.0 3.1 3.1.1 3.1.10 3.1.11 3.1.12 3.1.13 3.1.14 3.1.15 3.1.16 3.1.17 3.1.18 3.1.19 3.1.2 3.1.3 3.1.4 3.1.5 3.1.6 3.1.7 3.1.8 3.1.9 3.2.0 3.2.1 3.2.10 3.2.11 3.2.12 3.2.13 3.2.14 3.2.15 3.2.16 3.2.2 3.2.3 3.2.4 3.2.5 3.2.6 3.2.7 3.2.8 3.2.9 4.0.0 4.0.1 4.0.2 4.0.3 4.1.0 4.1.1 4.1.2 4.1.3 4.1.4 4.10.0 4.10.1 4.10.2 4.10.3 4.11.0 4.12.0 4.13.0 4.13.1 4.13.2 4.13.3 4.13.4 4.14.0 4.14.1 4.14.2 4.14.3 4.14.4 4.15.0 4.15.1 4.15.10 4.15.11 4.15.12 4.15.13 4.15.14 4.15.15 4.15.16 4.15.17 4.15.18 4.15.19 4.15.2 4.15.20 4.15.20.1 4.15.21 4.15.22 4.15.23 4.15.24 4.15.25 4.15.3 4.15.4 4.15.5 4.15.6 4.15.7 4.15.8 4.15.9 4.16.0 4.16.1 4.16.10 4.16.11 4.16.12 4.16.13 4.16.14 4.16.15 4.16.2 4.16.3 4.16.4 4.16.5 4.16.6 4.16.7 4.16.8 4.16.9 4.2.0 4.3.0 4.3.1 4.3.2 4.4.0 4.4.1 4.5.0 4.5.1 4.5.2 4.5.3 4.5.4 4.5.5 4.6.0 4.7.0 4.8.0 4.9.0
wp-user-avatar / src / Classes / EditUserProfile.php
wp-user-avatar / src / Classes Last commit date
AdminNotices.php 5 years ago AjaxHandler.php 5 years ago Autologin.php 5 years ago BuddyPressBbPress.php 5 years ago EditUserProfile.php 5 years ago ExtensionManager.php 5 years ago FileUploader.php 5 years ago FormPreviewHandler.php 5 years ago FormRepository.php 5 years ago FormShortcodeDefaults.php 5 years ago GDPR.php 5 years ago GlobalSiteAccess.php 5 years ago ImageUploader.php 5 years ago LoginAuth.php 5 years ago Miscellaneous.php 5 years ago ModifyRedirectDefaultLinks.php 5 years ago PPRESS_Session.php 5 years ago PROFILEPRESS_sql.php 5 years ago PasswordReset.php 5 years ago ProfileUrlRewrite.php 5 years ago RegistrationAuth.php 5 years ago SendEmail.php 5 years ago ShortcodeThemeFactory.php 5 years ago UserAvatar.php 5 years ago UserSignupLocationListingPage.php 5 years ago UsernameEmailRestrictLogin.php 5 years ago WelcomeEmailAfterSignup.php 5 years ago default-email-template.php 5 years ago index.php 5 years ago
EditUserProfile.php
468 lines
1 <?php
2
3 namespace ProfilePress\Core\Classes;
4
5 class EditUserProfile
6 {
7 public static function is_ajax()
8 {
9 return defined('DOING_AJAX') && DOING_AJAX;
10 }
11
12 public static function get_success_message($form_id = 0, $is_melange = false)
13 {
14 $success_message = FormRepository::get_form_meta($form_id, FormRepository::EDIT_PROFILE_TYPE, FormRepository::SUCCESS_MESSAGE);
15
16 if ($is_melange) {
17 $success_message = FormRepository::get_form_meta($form_id, FormRepository::EDIT_PROFILE_TYPE, FormRepository::MELANGE_EDIT_PROFILE_SUCCESS_MESSAGE);
18 }
19
20 if (FormRepository::is_drag_drop($form_id, FormRepository::EDIT_PROFILE_TYPE)) {
21 // Drag and drop do not allow the use of div wrapper. only the message to be shown is entered.
22 // so here, we are wrapping it in edit profile status div.
23 if ( ! empty($success_message)) {
24 $success_message = '<div class="profilepress-edit-profile-status success">' . $success_message . '</div>';
25 }
26 }
27
28 $success_message = ! empty($success_message) ? $success_message : '<div class="profilepress-edit-profile-status success">' . esc_html__('Account was updated successfully.', 'wp-user-avatar') . '</div>';
29
30 return apply_filters('ppress_edit_profile_success_message', $success_message);
31 }
32
33 /**
34 * @param array $post_data $_POST data
35 *
36 * @param int $is_melange
37 *
38 * @return mixed|void the edit profile response be it error or success message
39 */
40 public static function process_func($form_id, $redirect, $is_melange = false)
41 {
42 $success_message = self::get_success_message($form_id, $is_melange);
43
44 $edit_profile_response = self::update_user_profile($form_id, $redirect);
45
46 if ( ! empty($edit_profile_response) && self::is_ajax()) {
47 $ajax_response = [];
48
49 if (is_string($edit_profile_response)) {
50 $ajax_response['message'] = '<div class="profilepress-edit-profile-status">' . $edit_profile_response . '</div>';
51 }
52
53 if (is_array($edit_profile_response) && $edit_profile_response['status'] == 'success') {
54 $ajax_response['message'] = html_entity_decode($success_message);
55
56 if ( ! empty($edit_profile_response['avatar_url'])) {
57 $ajax_response['avatar_url'] = $edit_profile_response['avatar_url'];
58 }
59
60 if ( ! empty($edit_profile_response['cover_image_url'])) {
61 $ajax_response['cover_image_url'] = $edit_profile_response['cover_image_url'];
62 }
63 }
64
65 if ( ! empty($redirect)) {
66 $ajax_response['redirect'] = esc_url_raw($redirect);
67 }
68
69 return $ajax_response;
70 }
71
72 if ( ! empty($edit_profile_response)) {
73 return '<div class="profilepress-edit-profile-status">' . $edit_profile_response . '</div>';
74 }
75 }
76
77 public static function get_current_user_id()
78 {
79 return get_current_user_id();
80 }
81
82 /**
83 * Update user profile.
84 *
85 * @param int $form_id ID of edit profile form
86 * @param string $redirect URL to redirect to after edit profile.
87 *
88 * @return mixed
89 */
90 public static function update_user_profile($form_id, $redirect = '')
91 {
92 if (self::is_ajax()) {
93 ppress_verify_ajax_nonce();
94 } else {
95 ppress_verify_nonce();
96 }
97
98 $post = $_POST;
99
100 $old_user_data = get_userdata(self::get_current_user_id());
101
102 /* Validate and add custom validation to edit profile */
103 $validation_errors = apply_filters('ppress_edit_profile_validation', '', $form_id);
104
105 if (is_wp_error($validation_errors)) {
106 return $validation_errors->get_error_message();
107 }
108
109 // create an array of acceptable userdata for use by wp_update_user
110 $valid_userdata = array(
111 'eup_username',
112 'eup_password',
113 'eup_email',
114 'eup_email2',
115 'eup_website',
116 'eup_nickname',
117 'eup_display_name',
118 'eup_first_name',
119 'eup_last_name',
120 'eup_bio'
121 );
122
123 if (isset($post['eup_email']) && ! is_email($post['eup_email'])) {
124 return esc_html__('Email address is invalid. Please try again', 'wp-user-avatar');
125 }
126
127 if (isset($post['eup_email2']) && ! is_email($post['eup_email2'])) {
128 return esc_html__('Email address confirmation is invalid. Please try again', 'wp-user-avatar');
129 }
130
131 if (isset($post['eup_email2']) && ($post['eup_email'] != $post['eup_email2'])) {
132 return esc_html__('Email addresses do not match. Please try again', 'wp-user-avatar');
133 }
134
135 if (isset($post['eup_password2'])) {
136
137 // if set to true, empty password and empty confirm password field will cause password not to be changed.
138 if (apply_filters('ppress_allow_empty_password_unchanged', false)) {
139 if ( ! empty($post['eup_password']) && ! empty($post['eup_password2'])) {
140 if (($post['eup_password'] != $post['eup_password2'])) {
141 return esc_html__('Password do not match. Please try again.', 'wp-user-avatar');
142 }
143 }
144 } else {
145 if (empty($post['eup_password']) || empty($post['eup_password2'])) {
146 return esc_html__('Password is empty or do not match. Please try again.', 'wp-user-avatar');
147 }
148
149 if (($post['eup_password'] != $post['eup_password2'])) {
150 return esc_html__('Password do not match. Please try again.', 'wp-user-avatar');
151 }
152 }
153 }
154
155 // get the escaped data for userdata
156 $escaped_post_data = self::escaped_post_data($post);
157
158 // get the data for use by update_user_meta
159 $custom_usermeta = apply_filters('ppress_edit_profile_custom_usermeta', self::custom_usermeta_data($escaped_post_data, $valid_userdata), $form_id);
160
161 // convert the form post data to userdata for use by wp_update_users
162 $real_userdata = array();
163
164 $real_userdata['ID'] = self::get_current_user_id();
165
166 // only process password change if it is specified.
167 if ( ! empty($post['eup_password'])) {
168 // never escape password.
169 $real_userdata['user_pass'] = $post['eup_password'];
170 }
171
172 if (isset($post['eup_email'])) {
173 $real_userdata['user_email'] = $escaped_post_data['eup_email'];
174 }
175
176 if (isset($post['eup_website'])) {
177 $real_userdata['user_url'] = $escaped_post_data['eup_website'];
178 }
179
180 if (isset($post['eup_nickname'])) {
181 $real_userdata['nickname'] = $escaped_post_data['eup_nickname'];
182 }
183
184 if (isset($post['eup_display_name'])) {
185 $real_userdata['display_name'] = $escaped_post_data['eup_display_name'];
186 }
187
188 if (isset($post['eup_first_name'])) {
189 $real_userdata['first_name'] = $escaped_post_data['eup_first_name'];
190 }
191
192 if (isset($post['eup_last_name'])) {
193 $real_userdata['last_name'] = $escaped_post_data['eup_last_name'];
194 }
195
196 if (isset($post['eup_bio'])) {
197 $real_userdata['description'] = $escaped_post_data['eup_bio'];
198 }
199
200 // merge real data(for use by wp_insert_user()) and custom fields data
201 $user_data = apply_filters('ppress_edit_profile_user_data', array_merge($real_userdata, $custom_usermeta), $form_id);
202
203 /**
204 * Fires before profile is updated
205 *
206 * @param $user_data array user_data of user being updated
207 * @param $form_id int builder ID
208 */
209 do_action('ppress_before_profile_update', $user_data, $form_id);
210
211 $ajax_response = array();
212
213 if (isset($_FILES['eup_avatar']['name']) && ! empty($_FILES['eup_avatar']['name'])) {
214 $upload_avatar = ImageUploader::process($_FILES['eup_avatar']);
215
216 if (is_wp_error($upload_avatar)) {
217 return $upload_avatar->get_error_message();
218 }
219
220 // update custom field
221 $custom_usermeta['pp_profile_avatar'] = $upload_avatar;
222
223 /** WP User Avatar Adapter STARTS */
224 self::delete_deprecated_wp_user_avatar_image();
225 /** WP User Avatar Adapter ENDS */
226
227 if (self::is_ajax()) {
228 $ajax_response['avatar_url'] = PPRESS_AVATAR_UPLOAD_URL . $upload_avatar;
229 }
230 }
231
232 if (isset($_FILES['eup_cover_image']['name']) && ! empty($_FILES['eup_cover_image']['name'])) {
233
234 $upload_cover_image = ImageUploader::process($_FILES['eup_cover_image'], ImageUploader::COVER_IMAGE, PPRESS_COVER_IMAGE_UPLOAD_DIR);
235
236 if (is_wp_error($upload_cover_image)) {
237 return $upload_cover_image->get_error_message();
238 }
239
240 $custom_usermeta['pp_profile_cover_image'] = $upload_cover_image;
241
242 if (self::is_ajax()) {
243 $ajax_response['cover_image_url'] = PPRESS_COVER_IMAGE_UPLOAD_URL . $upload_cover_image;
244 }
245 }
246
247 // update file uploads
248 $uploads = FileUploader::init();
249 $upload_errors = '';
250 foreach ($uploads as $field_key => $uploaded_filename_or_wp_error) {
251 if (is_wp_error($uploads[$field_key])) {
252 $upload_errors .= $uploads[$field_key]->get_error_message() . '<br/>';
253 }
254 }
255
256 if ( ! empty($upload_errors)) return $upload_errors;
257
258 // we get the old array of stored file for the user
259 $old = get_user_meta(self::get_current_user_id(), 'pp_uploaded_files', true);
260 $old = ! empty($old) ? $old : array();
261
262 // we loop through the array of newly uploaded files and remove any file (un-setting the file array key)
263 // that isn't be updated i.e if the field is left empty, un-setting it prevent update_user_meta
264 // fom overriding it.
265 // we then merge the old and new uploads before saving the data to user meta table.
266 foreach ($uploads as $key => $value) {
267 if (is_null($value) || empty($value)) {
268 unset($uploads[$key]);
269 }
270 }
271
272 update_user_meta(self::get_current_user_id(), 'pp_uploaded_files', array_merge($old, $uploads));
273
274 if (is_array($custom_usermeta)) {
275
276 $user_id = self::get_current_user_id();
277
278 foreach ($custom_usermeta as $key => $value) {
279
280 update_user_meta($user_id, $key, $value);
281
282 // the 'edit_profile' parameter is used to distinguish it from same action hook in RegistrationAuth
283 do_action('ppress_after_custom_field_update', $key, $value, $user_id, 'edit_profile');
284 }
285 }
286
287 // proceed to profile edit using wp_update_user method which return the new user id
288 $update_user = wp_update_user($real_userdata);
289
290 if (is_wp_error($update_user)) {
291 return $update_user->get_error_message();
292 }
293
294 if ( ! is_wp_error($update_user)) {
295
296 /**
297 * Fires after profile is updated
298 *
299 * @param array $user_data
300 * @param int $form_id
301 * @param \WP_User $old_user_data
302 */
303 do_action('ppress_after_profile_update', $user_data, $form_id, $old_user_data);
304
305 // success flag is used by ajax mode. see self::process_func()
306 if (self::is_ajax()) {
307 $ajax_response['status'] = 'success';
308
309 return $ajax_response;
310 }
311
312 $url = apply_filters('ppress_redirect_after_profile_edit', esc_url_raw(add_query_arg('edit', 'true')));
313
314 if ( ! empty($redirect)) {
315 $url = esc_url_raw($redirect);
316 }
317
318 wp_safe_redirect($url);
319 exit;
320 }
321
322 return esc_html__('Something unexpected happened. Please try again', 'wp-user-avatar');
323 }
324
325 /**
326 * Escaped the POST data
327 *
328 * @param $post_data array raw post data
329 *
330 * @return array
331 */
332 public static function escaped_post_data($post_data)
333 {
334 $escaped_post_data = array();
335
336 foreach ($post_data as $key => $value) {
337 if ($key == 'eup_submit') {
338 continue;
339 }
340
341 if ('eup_bio' == $key) {
342 $escaped_post_data[$key] = wp_kses_post($value);
343 } elseif (is_array($value)) {
344 $escaped_post_data[$key] = array_map('sanitize_text_field', $value);
345 } else {
346 $escaped_post_data[$key] = sanitize_text_field($value);
347 }
348 }
349
350 return $escaped_post_data;
351 }
352
353 /**
354 * @param $post_data array escaped $_POST Data @see self::escaped_post_data
355 *
356 * @param $valid_userdata array userdata valid for wp_update_user
357 *
358 * @return array
359 */
360 public static function custom_usermeta_data($post_data, $valid_userdata)
361 {
362 $custom_usermeta = array();
363
364 foreach ($post_data as $key => $value) {
365 if ($key == 'eup_submit' || in_array($key, ppress_reserved_field_keys())) continue;
366
367 if ( ! in_array($key, $valid_userdata)) {
368 $custom_usermeta[$key] = $value;
369 }
370 }
371
372 return $custom_usermeta;
373 }
374
375 /**
376 * Remove user avatar and redirect. Triggered when JS is disabled.
377 */
378 public static function remove_user_avatar()
379 {
380 self::remove_avatar_core();
381
382 wp_safe_redirect(esc_url(add_query_arg('edit', 'true')));
383 exit;
384 }
385
386 /**
387 * Remove user cover image and redirect. Triggered when JS is disabled.
388 */
389 public static function remove_user_cover_image()
390 {
391 self::remove_cover_image();
392 wp_safe_redirect(esc_url(add_query_arg('edit', 'true')));
393 exit;
394 }
395
396 /**
397 * Core function that removes/delete the user's avatar
398 */
399 public static function remove_avatar_core()
400 {
401 $avatar_slug = get_user_meta(self::get_current_user_id(), 'pp_profile_avatar', true);
402
403 do_action('ppress_before_avatar_removal', $avatar_slug);
404
405 unlink(PPRESS_AVATAR_UPLOAD_DIR . $avatar_slug);
406
407 $user_id = self::get_current_user_id();
408
409 // delete the record from DB
410 delete_user_meta($user_id, 'pp_profile_avatar');
411
412 /** WP User Avatar Adapter STARTS */
413 self::delete_deprecated_wp_user_avatar_image();
414 /** WP User Avatar Adapter ENDS */
415
416 do_action('ppress_after_avatar_removal');
417 }
418
419 private static function delete_deprecated_wp_user_avatar_image()
420 {
421 /** WP User Avatar Adapter STARTS */
422 global $wpdb, $blog_id, $post, $wp_user_avatar;
423
424 $user_id = self::get_current_user_id();
425
426 if ( ! $wp_user_avatar->wpua_is_author_or_above()) {
427 // Delete other uploads by user
428 $q = array(
429 'author' => $user_id,
430 'post_type' => 'attachment',
431 'post_status' => 'inherit',
432 'posts_per_page' => '-1',
433 'meta_query' => array(
434 array(
435 'key' => '_wp_attachment_wp_user_avatar',
436 'value' => "",
437 'compare' => '!='
438 )
439 )
440 );
441 $avatars_wp_query = new \WP_Query($q);
442 while ($avatars_wp_query->have_posts()) : $avatars_wp_query->the_post();
443 wp_delete_attachment($post->ID);
444 endwhile;
445 }
446
447 delete_metadata('post', null, '_wp_attachment_wp_user_avatar', $user_id, true);
448 delete_user_meta($user_id, $wpdb->get_blog_prefix($blog_id) . 'user_avatar');
449 /** WP User Avatar Adapter ENDS */
450 }
451
452 /**
453 * Core function that removes/delete the user's cover image
454 */
455 public static function remove_cover_image()
456 {
457 $slug = get_user_meta(self::get_current_user_id(), 'pp_profile_cover_image', true);
458
459 do_action('ppress_before_cover_image_removal', $slug);
460
461 unlink(PPRESS_COVER_IMAGE_UPLOAD_DIR . $slug);
462
463 // delete the record from DB
464 delete_user_meta(self::get_current_user_id(), 'pp_profile_cover_image');
465
466 do_action('ppress_after_cover_image_removal');
467 }
468 }