PluginProbe ʕ •ᴥ•ʔ
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress / 3.1
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress v3.1
4.16.19 4.16.18 4.16.17 4.16.16 trunk 1.0 1.0.1 1.0.2 1.1 1.1.1 1.1.2 1.1.3 1.1.4 1.1.5 1.1.5a 1.1.6 1.1.7 1.2 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.3 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.4 1.4.1 1.4.2 1.5 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.6 1.6.1 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.7 1.7.1 1.7.2 1.8 1.8.1 1.8.10 1.8.2 1.8.3 1.8.4 1.8.5 1.8.6 1.8.7 1.8.8 1.8.9 1.9 1.9.1 1.9.10 1.9.11 1.9.12 1.9.13 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.7 1.9.8 1.9.9 2.1.9 2.2.10 2.2.11 2.2.12 2.2.13 2.2.14 2.2.15 2.2.16 2.2.2 2.2.5 2.2.6 2.2.7 2.2.8 2.2.9 3.0 3.1 3.1.1 3.1.10 3.1.11 3.1.12 3.1.13 3.1.14 3.1.15 3.1.16 3.1.17 3.1.18 3.1.19 3.1.2 3.1.3 3.1.4 3.1.5 3.1.6 3.1.7 3.1.8 3.1.9 3.2.0 3.2.1 3.2.10 3.2.11 3.2.12 3.2.13 3.2.14 3.2.15 3.2.16 3.2.2 3.2.3 3.2.4 3.2.5 3.2.6 3.2.7 3.2.8 3.2.9 4.0.0 4.0.1 4.0.2 4.0.3 4.1.0 4.1.1 4.1.2 4.1.3 4.1.4 4.10.0 4.10.1 4.10.2 4.10.3 4.11.0 4.12.0 4.13.0 4.13.1 4.13.2 4.13.3 4.13.4 4.14.0 4.14.1 4.14.2 4.14.3 4.14.4 4.15.0 4.15.1 4.15.10 4.15.11 4.15.12 4.15.13 4.15.14 4.15.15 4.15.16 4.15.17 4.15.18 4.15.19 4.15.2 4.15.20 4.15.20.1 4.15.21 4.15.22 4.15.23 4.15.24 4.15.25 4.15.3 4.15.4 4.15.5 4.15.6 4.15.7 4.15.8 4.15.9 4.16.0 4.16.1 4.16.10 4.16.11 4.16.12 4.16.13 4.16.14 4.16.15 4.16.2 4.16.3 4.16.4 4.16.5 4.16.6 4.16.7 4.16.8 4.16.9 4.2.0 4.3.0 4.3.1 4.3.2 4.4.0 4.4.1 4.5.0 4.5.1 4.5.2 4.5.3 4.5.4 4.5.5 4.6.0 4.7.0 4.8.0 4.9.0
wp-user-avatar / src / Classes / PasswordReset.php
wp-user-avatar / src / Classes Last commit date
AdminNotices.php 5 years ago AjaxHandler.php 5 years ago Autologin.php 5 years ago BuddyPressBbPress.php 5 years ago EditUserProfile.php 5 years ago ExtensionManager.php 5 years ago FileUploader.php 5 years ago FormPreviewHandler.php 5 years ago FormRepository.php 5 years ago FormShortcodeDefaults.php 5 years ago GDPR.php 5 years ago GlobalSiteAccess.php 5 years ago ImageUploader.php 5 years ago LoginAuth.php 5 years ago Miscellaneous.php 5 years ago ModifyRedirectDefaultLinks.php 5 years ago PPRESS_Session.php 5 years ago PROFILEPRESS_sql.php 5 years ago PasswordReset.php 5 years ago ProfileUrlRewrite.php 5 years ago RegistrationAuth.php 5 years ago SendEmail.php 5 years ago ShortcodeThemeFactory.php 5 years ago UserAvatar.php 5 years ago UserSignupLocationListingPage.php 5 years ago UsernameEmailRestrictLogin.php 5 years ago WelcomeEmailAfterSignup.php 5 years ago default-email-template.php 5 years ago index.php 5 years ago
PasswordReset.php
422 lines
1 <?php
2
3 namespace ProfilePress\Core\Classes;
4
5 use WP_Error;
6
7 class PasswordReset
8 {
9 protected static function is_ajax()
10 {
11 return defined('DOING_AJAX') && DOING_AJAX;
12 }
13
14 /**
15 * Change the password reset title.
16 *
17 * @param \WP_User $user_data
18 * @param string $key
19 *
20 * @return string
21 */
22 public static function reset_email_title($user_data, $key)
23 {
24 $default_title = sprintf(__('[%s] Password Reset'), ppress_site_title());
25
26 return apply_filters(
27 'ppress_retrieve_password_title',
28 self::parse_placeholders(
29 ppress_get_setting('password_reset_email_subject', $default_title, true),
30 $user_data, $key
31 )
32 );
33 }
34
35 /**
36 * Return the formatted password reset message.
37 *
38 * @param string $content
39 * @param \WP_User $user_data username
40 * @param string $key activation key
41 *
42 * @return string
43 */
44 protected static function parse_placeholders($content, $user_data, $key)
45 {
46 $user_email = $user_data->user_email;
47
48 $user_login = $user_data->user_login;
49
50 $search = apply_filters('ppress_password_reset_placeholder_search', [
51 '{{username}}',
52 '{{password_reset_link}}',
53 '{{email}}',
54 '{{site_title}}'
55 ],
56 $user_data, $key
57 );
58
59 $replace = apply_filters('ppress_password_reset_placeholder_replace', [
60 $user_login,
61 ppress_get_do_password_reset_url($user_login, $key),
62 $user_email,
63 ppress_site_title()
64 ],
65 $user_data, $key
66 );
67
68 return str_replace($search, $replace, $content);
69 }
70
71 /**
72 * Callback function for filter
73 *
74 * @param string $user_data
75 * @param $key
76 *
77 * @return string formatted message for use by the password reset form
78 */
79 protected static function reset_email_message($user_data, $key)
80 {
81 $message = apply_filters('ppress_retrieve_password_message',
82 ppress_get_setting('password_reset_email_content', ppress_password_reset_content_default(), true)
83 );
84
85 return wp_specialchars_decode(self::parse_placeholders($message, $user_data, $key));
86 }
87
88 /**
89 * Does the heavy lifting of resetting password
90 *
91 * @param $user_login string username or email
92 *
93 * @return bool|WP_Error
94 */
95 public static function retrieve_password_func($user_login)
96 {
97 $errors = new WP_Error();
98
99 if (ppress_get_setting('password_reset_email_enabled', 'on') !== 'on') {
100 $errors->add('password_reset_email_disabled', esc_html__('<strong>ERROR</strong>: Password reset email is disabled.', 'wp-user-avatar'));
101 } else {
102
103 $_POST['user_login'] = $user_login;
104
105 if (empty($_POST['user_login'])) {
106 $errors->add('empty_username', esc_html__('<strong>ERROR</strong>: Enter a username or e-mail address.', 'wp-user-avatar'));
107 } else {
108
109 if (strpos($_POST['user_login'], '@')) {
110 $user_data = get_user_by('email', trim($_POST['user_login']));
111 if ( ! $user_data) {
112 $errors->add('invalid_email', esc_html__('<strong>ERROR</strong>: There is no user registered with that email address.', 'wp-user-avatar'));
113 }
114 } else {
115 $login = trim($_POST['user_login']);
116 $user_data = get_user_by('login', $login);
117 }
118
119 if ( ! $user_data) {
120 $errors->add('invalidcombo', esc_html__('<strong>ERROR</strong>: Invalid username or e-mail.', 'wp-user-avatar'));
121 }
122 }
123 }
124
125 do_action('lostpassword_post', $errors, $user_data);
126
127 if ($errors->get_error_code()) {
128 return $errors;
129 }
130
131 $user_email = $user_data->user_email;
132
133 $key = get_password_reset_key($user_data);
134
135 if (is_wp_error($key)) return $key;
136
137 $title = self::reset_email_title($user_data, $key);
138
139 $message = self::reset_email_message($user_data, $key);
140
141 return ppress_send_email($user_email, wp_specialchars_decode($title), $message);
142 }
143
144 /**
145 * The error or success message received from the retrieve_password_func
146 *
147 * @param string $user_login username/email
148 * @param int|null $form_id password_reset id
149 * @param string $is_melange is this melange
150 *
151 * @return string|array
152 */
153 public static function password_reset_status($user_login, $form_id = null, $is_melange = '')
154 {
155 /**
156 * Fires before password reset is processed
157 *
158 * @param string $user_login username/email
159 * @param int $form_id password reset builder ID
160 */
161 do_action('ppress_before_password_reset', $user_login, $form_id);
162
163 /** filter to validate additional password field */
164 $password_reset_validation = apply_filters('ppress_password_reset_validation', '', $form_id);
165
166 // if the action is contain WP_Error message, set the password response to the object
167 // for reuse further down to return its WP_Error message
168 if (is_wp_error($password_reset_validation) && $password_reset_validation->get_error_code() != '') {
169 $password_reset_response = $password_reset_validation;
170 } else {
171 $password_reset_response = self::retrieve_password_func($user_login);
172 }
173
174 /**
175 * Fires after password reset is processed
176 *
177 * @param string $user_login username/email
178 * @param string $password_reset_response password reset response message
179 */
180 do_action('ppress_after_password_reset', $form_id, $user_login, $password_reset_response);
181
182 // return the response of the password reset process
183 if (is_wp_error($password_reset_response)) {
184 return '<div class="profilepress-reset-status">' . $password_reset_response->get_error_message() . '</div>';
185 }
186
187 do_action('ppress_password_reset_success', $form_id, $user_login, $password_reset_response);
188
189 if ($is_melange) {
190 $success_message = FormRepository::get_form_meta($form_id, FormRepository::MELANGE_TYPE, FormRepository::MELANGE_PASSWORD_RESET_SUCCESS_MESSAGE);
191 } else {
192 $success_message = FormRepository::get_form_meta($form_id, FormRepository::PASSWORD_RESET_TYPE, FormRepository::SUCCESS_MESSAGE);
193 }
194
195 if (FormRepository::is_drag_drop($form_id, FormRepository::PASSWORD_RESET_TYPE)) {
196 // Drag and drop do not allow the use of div wrapper. only the message to be shown is entered.
197 // so here, we are wrapping it in edit profile status div.
198 if ( ! empty($success_message)) {
199 $success_message = "<div class=\"profilepress-reset-status success\">$success_message</div>";
200 }
201 }
202
203 // remove the username/email address after password reset ish is successful.
204 unset($_POST['user_login']);
205
206 $success_msg = ! empty($success_message) ? $success_message : apply_filters('ppress_default_password_reset_text', '<h4>' . esc_html__('Check your email for further instruction.', 'wp-user-avatar') . '</h4>');
207
208 if (self::is_ajax()) return [$success_msg];
209
210 return $success_msg;
211 }
212
213 /**
214 * Resets the user's password if the password reset form was submitted.
215 */
216 public static function do_password_reset()
217 {
218 $reset_key = $_REQUEST['reset_key'];
219 $reset_login = $_REQUEST['reset_login'];
220
221 $user = check_password_reset_key($reset_key, $reset_login);
222
223 if (is_wp_error($user)) {
224 if ($user->get_error_code() === 'expired_key') {
225
226 if (self::is_ajax()) return self::do_password_reset_status_messages('expired_key');
227
228 wp_safe_redirect(ppress_password_reset_url() . '?login=expiredkey');
229 exit;
230 }
231
232 if (self::is_ajax()) return self::do_password_reset_status_messages('expired_key');
233
234 wp_safe_redirect(ppress_password_reset_url() . '?login=invalidkey');
235 exit;
236 }
237
238 if (isset($_POST['password1']) && isset($_POST['password2'])) {
239
240 if ($_POST['password1'] != $_POST['password2']) {
241
242 if (self::is_ajax()) {
243 return self::do_password_reset_status_messages('password_mismatch');
244 }
245
246 // Passwords don't match
247 $redirect_url = add_query_arg(
248 [
249 'key' => $reset_key,
250 'login' => $reset_login,
251 'error' => 'password_mismatch'
252 ],
253 ppress_password_reset_url()
254 );
255
256 wp_safe_redirect($redirect_url);
257 exit;
258 }
259
260 if (empty($_POST['password1'])) {
261
262 if (self::is_ajax()) return self::do_password_reset_status_messages('password_empty');
263
264 // Empty password
265 $redirect_url = add_query_arg(
266 [
267 'key' => $reset_key,
268 'login' => $reset_login,
269 'error' => 'password_empty'
270 ],
271 ppress_password_reset_url()
272 );
273
274 wp_safe_redirect($redirect_url);
275 exit;
276 }
277
278 if (isset($_POST['pp_enforce_password_meter']) && ($_POST['pp_enforce_password_meter'] != '1')) {
279
280 if (self::is_ajax()) return self::do_password_reset_status_messages('weak_password');
281
282 // Empty password
283 $redirect_url = add_query_arg(
284 [
285 'key' => $reset_key,
286 'login' => $reset_login,
287 'error' => 'weak_password'
288 ],
289 ppress_password_reset_url()
290 );
291
292 wp_safe_redirect($redirect_url);
293 exit;
294 }
295
296 // Everything is cool now.
297 reset_password($user, $_POST['password1']);
298
299 if (self::is_ajax()) {
300 return [self::do_password_reset_status_messages('changed')];
301 }
302
303 wp_safe_redirect(ppress_password_reset_redirect());
304 exit;
305 }
306
307 if (self::is_ajax()) {
308 return self::do_password_reset_status_messages('invalid');
309 }
310
311 $redirect_url = add_query_arg(
312 [
313 'key' => $reset_key,
314 'login' => $reset_login,
315 'error' => 'invalid'
316 ],
317 ppress_password_reset_url()
318 );
319
320 wp_safe_redirect($redirect_url);
321 exit;
322 }
323
324 /**
325 * Status messages for do password reset.
326 *
327 * @param string $type
328 *
329 * @return string
330 */
331 public static function do_password_reset_status_messages($type)
332 {
333 switch ($type) {
334 case 'expiredkey':
335 case 'invalidkey':
336 $error = apply_filters('ppress_password_reset_invalidkey',
337 esc_html__('Sorry, that key appears to be invalid.', 'wp-user-avatar'));
338 break;
339 case 'password_mismatch':
340 $error = apply_filters('ppress_password_mismatch', esc_html__('Passwords do not match.', 'wp-user-avatar'));
341 break;
342 case 'password_empty':
343 $error = apply_filters('ppress_password_empty', esc_html__('Please enter your password.', 'wp-user-avatar'));
344 break;
345 case 'invalid':
346 $error = apply_filters('ppress_password_reset_invalid', esc_html__('Sorry, that key does not appear to be valid.', 'wp-user-avatar'));
347 break;
348 case 'weak_password':
349 $error = apply_filters('ppress_weak_password', esc_html__('Password is not strong enough.', 'wp-user-avatar'));
350 break;
351 case 'changed':
352 $changed_message = apply_filters('ppress_password_changed_message', esc_html__('You have successfully changed your password'));
353 // we are keeping pp_password_changed to maintain backward compat
354 $error = apply_filters('ppress_password_changed',
355 sprintf('%s <a href="%s">' . esc_html__('Log in', 'wp-user-avatar') . '</a>', $changed_message, ppress_login_url())
356 );
357 break;
358 default:
359 $error = esc_html__('Unexpected error. Please try again.', 'wp-user-avatar');
360 }
361
362 return '<div class="profilepress-reset-status">' . $error . '</div>';
363 }
364
365 /**
366 * Do password reset.
367 *
368 * @return string
369 */
370 public static function parse_password_reset_error_codes()
371 {
372 $error = '';
373
374 if (isset($_REQUEST['login']) && ! empty($_REQUEST['login'])) {
375
376 switch ($_REQUEST['login']) {
377 case 'expiredkey':
378 case 'invalidkey':
379 $error = self::do_password_reset_status_messages('invalidkey');
380 break;
381 }
382 }
383
384 if (isset($_REQUEST['error']) && ! empty($_REQUEST['error'])) {
385
386 switch ($_REQUEST['error']) {
387 case 'password_mismatch':
388 $error = self::do_password_reset_status_messages('password_mismatch');
389 break;
390 case 'password_empty':
391 $error = self::do_password_reset_status_messages('password_empty');
392 break;
393 case 'invalid':
394 $error = self::do_password_reset_status_messages('invalid');
395 break;
396 case 'invalidkey':
397 $error = self::do_password_reset_status_messages('invalidkey');
398 break;
399 case 'weak_password':
400 $error = self::do_password_reset_status_messages('weak_password');
401 break;
402 }
403 }
404
405 if (isset($_REQUEST['password']) && 'changed' == $_REQUEST['password']) {
406 $error = self::do_password_reset_status_messages('changed');
407 }
408
409 return $error;
410 }
411
412 public static function get_instance()
413 {
414 static $instance = null;
415
416 if (is_null($instance)) {
417 $instance = new self();
418 }
419
420 return $instance;
421 }
422 }