AdminNotices.php
5 years ago
AjaxHandler.php
5 years ago
Autologin.php
5 years ago
BuddyPressBbPress.php
5 years ago
EditUserProfile.php
5 years ago
ExtensionManager.php
5 years ago
FileUploader.php
5 years ago
FormPreviewHandler.php
5 years ago
FormRepository.php
5 years ago
FormShortcodeDefaults.php
5 years ago
GDPR.php
5 years ago
GlobalSiteAccess.php
5 years ago
ImageUploader.php
5 years ago
LoginAuth.php
5 years ago
Miscellaneous.php
5 years ago
ModifyRedirectDefaultLinks.php
5 years ago
PPRESS_Session.php
5 years ago
PROFILEPRESS_sql.php
5 years ago
PasswordReset.php
5 years ago
ProfileUrlRewrite.php
5 years ago
RegistrationAuth.php
5 years ago
SendEmail.php
5 years ago
ShortcodeThemeFactory.php
5 years ago
UserAvatar.php
5 years ago
UserSignupLocationListingPage.php
5 years ago
UsernameEmailRestrictLogin.php
5 years ago
WelcomeEmailAfterSignup.php
5 years ago
default-email-template.php
5 years ago
index.php
5 years ago
RegistrationAuth.php
433 lines
| 1 | <?php |
| 2 | |
| 3 | namespace ProfilePress\Core\Classes; |
| 4 | |
| 5 | use ProfilePress\Libsodium\UserModeration\UserModeration; |
| 6 | use ProfilePress\Libsodium\UserModeration\UserModerationNotification; |
| 7 | use WP_Error; |
| 8 | |
| 9 | class RegistrationAuth |
| 10 | { |
| 11 | protected static $registration_form_status; |
| 12 | |
| 13 | public static function is_ajax() |
| 14 | { |
| 15 | return defined('DOING_AJAX') && DOING_AJAX; |
| 16 | } |
| 17 | |
| 18 | /** |
| 19 | * Wrapper function for call to the welcome email class |
| 20 | * |
| 21 | * @param int $user_id |
| 22 | * @param string $password |
| 23 | * @param int $form_id |
| 24 | */ |
| 25 | public static function send_welcome_email($user_id, $password = '', $form_id = '') |
| 26 | { |
| 27 | $status = apply_filters('ppress_activate_send_welcome_email', ppress_get_setting('welcome_message_email_enabled', 'on')); |
| 28 | |
| 29 | if ($status == 'on') { |
| 30 | |
| 31 | do_action('ppress_before_send_welcome_mail', $user_id, $form_id); |
| 32 | |
| 33 | new WelcomeEmailAfterSignup($user_id, $password); |
| 34 | |
| 35 | do_action('ppress_after_send_welcome_mail', $user_id, $form_id); |
| 36 | } |
| 37 | } |
| 38 | |
| 39 | /** |
| 40 | * |
| 41 | * Wrapper function for call to the automatic login after reg function |
| 42 | * |
| 43 | * @param int $user_id |
| 44 | * @param int $form_id |
| 45 | * @param string $redirect redirect url after registration |
| 46 | * |
| 47 | * @return mixed |
| 48 | */ |
| 49 | public static function auto_login_after_reg($user_id, $form_id, $redirect) |
| 50 | { |
| 51 | if ( ! empty($redirect)) { |
| 52 | return Autologin::initialize($user_id, $form_id, $redirect); |
| 53 | } |
| 54 | |
| 55 | $auto_login_option = apply_filters('ppress_activate_auto_login_after_signup', ppress_get_setting('set_auto_login_after_reg', ''), $form_id); |
| 56 | |
| 57 | if ($auto_login_option == 'on') { |
| 58 | return Autologin::initialize($user_id, $form_id); |
| 59 | } |
| 60 | } |
| 61 | |
| 62 | /** |
| 63 | * Perform redirect after registration without logging the user in. |
| 64 | * |
| 65 | * @param int $form_id |
| 66 | * @param string $no_login_redirect URL to redirect to. |
| 67 | * |
| 68 | * @return array |
| 69 | */ |
| 70 | public static function no_login_redirect_after_reg($form_id, $no_login_redirect) |
| 71 | { |
| 72 | esc_url_raw($no_login_redirect); |
| 73 | |
| 74 | do_action('ppress_before_no_login_redirect_after_reg', $no_login_redirect, $form_id); |
| 75 | if (self::is_ajax()) { |
| 76 | // we are returning array to uniquely identify redirect. |
| 77 | return [$no_login_redirect]; |
| 78 | } |
| 79 | |
| 80 | wp_safe_redirect($no_login_redirect); |
| 81 | exit; |
| 82 | } |
| 83 | |
| 84 | /** |
| 85 | * Register new users |
| 86 | * |
| 87 | * @param array $post user form submitted data |
| 88 | * @param int $form_id Registration builder ID |
| 89 | * @param array $files Handle for global $_FILES |
| 90 | * @param string $redirect URL to redirect to after registration. |
| 91 | * |
| 92 | * @return string |
| 93 | */ |
| 94 | public static function register_new_user($post, $form_id = 0, $redirect = '', $is_melange = false, $no_login_redirect = '') |
| 95 | { |
| 96 | $files = $_FILES; |
| 97 | |
| 98 | // create an array of acceptable userdata for use by wp_insert_user |
| 99 | $valid_userdata = array( |
| 100 | 'reg_username', |
| 101 | 'reg_password', |
| 102 | 'reg_password2', |
| 103 | 'reg_email2', |
| 104 | 'reg_password_present', |
| 105 | 'reg_email', |
| 106 | 'reg_website', |
| 107 | 'reg_nickname', |
| 108 | 'reg_display_name', |
| 109 | 'reg_first_name', |
| 110 | 'reg_last_name', |
| 111 | 'reg_bio', |
| 112 | 'reg_select_role', |
| 113 | ); |
| 114 | |
| 115 | // get the data for userdata |
| 116 | $segregated_userdata = array(); |
| 117 | |
| 118 | // loop over the $_POST data and create an array of the wp_insert_user userdata |
| 119 | foreach ($post as $key => $value) { |
| 120 | if ($key == 'reg_submit') { |
| 121 | continue; |
| 122 | } |
| 123 | |
| 124 | if (in_array($key, $valid_userdata)) { |
| 125 | $segregated_userdata[$key] = sanitize_text_field($value); |
| 126 | } |
| 127 | } |
| 128 | |
| 129 | $email = isset($segregated_userdata['reg_email']) ? $segregated_userdata['reg_email'] : ''; |
| 130 | |
| 131 | $email2 = isset($segregated_userdata['reg_email2']) ? $segregated_userdata['reg_email2'] : null; |
| 132 | |
| 133 | // get convert the form post data to userdata for use by wp_insert_users |
| 134 | $username = isset($segregated_userdata['reg_username']) ? $segregated_userdata['reg_username'] : ''; |
| 135 | |
| 136 | // Handle username creation when username requirement is disabled. |
| 137 | if (ppress_is_signup_form_username_disabled($form_id, $is_melange)) { |
| 138 | $username = sanitize_user(current(explode('@', $email)), true); |
| 139 | // Ensure username is unique. |
| 140 | $append = 1; |
| 141 | $o_username = $username; |
| 142 | while (username_exists($username)) { |
| 143 | $username = $o_username . $append; |
| 144 | $append++; |
| 145 | } |
| 146 | } |
| 147 | |
| 148 | $username = apply_filters('ppress_registration_username_value', $username); |
| 149 | |
| 150 | $password = apply_filters('ppress_registration_password_value', isset($segregated_userdata['reg_password']) ? $segregated_userdata['reg_password'] : ''); |
| 151 | |
| 152 | $flag_to_send_password_reset = false; |
| 153 | |
| 154 | // if the reg_password field isn't present in registration, generate a password for the user and set a flag to send a password reset message |
| 155 | if (empty($password) && (empty($segregated_userdata['reg_password_present']) || $segregated_userdata['reg_password_present'] != 'true')) { |
| 156 | $password = wp_generate_password(24); |
| 157 | $flag_to_send_password_reset = apply_filters('ppress_enable_auto_send_password_reset_flag', true); |
| 158 | } |
| 159 | |
| 160 | $password2 = isset($segregated_userdata['reg_password2']) ? $segregated_userdata['reg_password2'] : null; |
| 161 | $website = isset($segregated_userdata['reg_website']) ? $segregated_userdata['reg_website'] : ''; |
| 162 | $nickname = isset($segregated_userdata['reg_nickname']) ? $segregated_userdata['reg_nickname'] : ''; |
| 163 | $display_name = isset($segregated_userdata['reg_display_name']) ? $segregated_userdata['reg_display_name'] : ''; |
| 164 | $first_name = isset($segregated_userdata['reg_first_name']) ? $segregated_userdata['reg_first_name'] : ''; |
| 165 | $last_name = isset($segregated_userdata['reg_last_name']) ? $segregated_userdata['reg_last_name'] : ''; |
| 166 | $bio = isset($segregated_userdata['reg_bio']) ? $segregated_userdata['reg_bio'] : ''; |
| 167 | $role = isset($segregated_userdata['reg_select_role']) ? $segregated_userdata['reg_select_role'] : ''; |
| 168 | |
| 169 | // real uer data |
| 170 | $real_userdata = array( |
| 171 | 'user_login' => $username, |
| 172 | 'user_pass' => $password, |
| 173 | 'user_email' => apply_filters('ppress_registration_email_value', $email), |
| 174 | 'user_url' => apply_filters('ppress_registration_website_value', $website), |
| 175 | 'nickname' => apply_filters('ppress_registration_nickname_value', $nickname), |
| 176 | 'display_name' => apply_filters('ppress_registration_display_name_value', $display_name), |
| 177 | 'first_name' => apply_filters('ppress_registration_first_name_value', $first_name), |
| 178 | 'last_name' => apply_filters('ppress_registration_last_name_value', $last_name), |
| 179 | 'description' => apply_filters('ppress_registration_bio_value', $bio), |
| 180 | ); |
| 181 | |
| 182 | if ( ! empty($role)) { |
| 183 | // acceptable defined roles in reg-select-role shortcode. |
| 184 | $accepted_role = (array)self::acceptable_defined_roles($form_id); |
| 185 | |
| 186 | if ($role != 'administrator' && in_array($role, $accepted_role)) { |
| 187 | $real_userdata['role'] = $role; |
| 188 | } |
| 189 | } else { |
| 190 | if ( ! empty($builder_role)) { |
| 191 | $builder_role = FormRepository::get_form_meta($form_id, FormRepository::REGISTRATION_TYPE, FormRepository::REGISTRATION_USER_ROLE); |
| 192 | // only set user role if the registration form has one set |
| 193 | // otherwise no role is set for the user thus wp_insert_user will use the default user role set in Settings > General |
| 194 | $real_userdata['role'] = $builder_role; |
| 195 | } |
| 196 | } |
| 197 | |
| 198 | /* start filter Hook */ |
| 199 | $reg_errors = new WP_Error(); |
| 200 | |
| 201 | // --------START --------- validation for required fields ----------------------// |
| 202 | // loop through required fields and throw error if any is empty |
| 203 | if ( ! empty($_POST['required-fields']) && is_array($_POST['required-fields'])) { |
| 204 | foreach ($_POST['required-fields'] as $key => $value) { |
| 205 | |
| 206 | if (empty($_POST[$key]) && empty($_FILES[$key])) { |
| 207 | $reg_errors->add('required_field_empty', sprintf(__('%s field is required', 'wp-user-avatar'), $value)); |
| 208 | // stop looping if a required field is found empty. |
| 209 | break; |
| 210 | } |
| 211 | } |
| 212 | } |
| 213 | // --------END --------- validation for required fields ----------------------// |
| 214 | |
| 215 | if ( ! validate_username($post['reg_username'])) { |
| 216 | $reg_errors->add('invalid_username', esc_html__('<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.', 'wp-user-avatar')); |
| 217 | } |
| 218 | |
| 219 | if ( ! is_email($real_userdata['user_email'])) { |
| 220 | $reg_errors->add('invalid_email', esc_html__('Email address is not valid', 'wp-user-avatar')); |
| 221 | } |
| 222 | |
| 223 | if (isset($password2) && ($password != $password2)) { |
| 224 | $reg_errors->add('password_mismatch', esc_html__('Passwords do not match', 'wp-user-avatar')); |
| 225 | } |
| 226 | |
| 227 | if (isset($email2) && ($email != $email2)) { |
| 228 | $reg_errors->add('email_mismatch', esc_html__('Email addresses do not match', 'wp-user-avatar')); |
| 229 | } |
| 230 | |
| 231 | if (isset($post['pp_enforce_password_meter']) && ($post['pp_enforce_password_meter'] != '1')) { |
| 232 | $reg_errors->add('password_weak', esc_html__('Password is not strong', 'wp-user-avatar')); |
| 233 | } |
| 234 | |
| 235 | // get the data for use by update_meta |
| 236 | $custom_usermeta = array(); |
| 237 | // loop over the $_POST data and create an array of the invalid userdata/ custom usermeta |
| 238 | foreach ($post as $key => $value) { |
| 239 | if ($key == 'reg_submit' || in_array($key, ppress_reserved_field_keys())) continue; |
| 240 | |
| 241 | if ( ! in_array($key, $valid_userdata)) { |
| 242 | $custom_usermeta[$key] = is_array($value) ? array_map('sanitize_text_field', $value) : sanitize_text_field($value); |
| 243 | } |
| 244 | } |
| 245 | |
| 246 | // merge real data(for use by wp_insert_user()) and custom fields data |
| 247 | // $real_userdata comes second so custom user meta won't override it. |
| 248 | $user_data = array_merge($custom_usermeta, $real_userdata); |
| 249 | |
| 250 | /* Begin Filter Hook */ |
| 251 | // call validate reg from function |
| 252 | $reg_form_errors = apply_filters('ppress_registration_validation', $reg_errors, $form_id, $user_data, $is_melange); |
| 253 | if (is_wp_error($reg_form_errors) && $reg_form_errors->get_error_code() != '') { |
| 254 | return '<div class="profilepress-reg-status">' . $reg_form_errors->get_error_message() . '</div>'; |
| 255 | } |
| 256 | /* End Filter Hook */ |
| 257 | |
| 258 | // --------START --------- validation for file upload ----------------------// |
| 259 | $uploads = FileUploader::init(); |
| 260 | $upload_errors = ''; |
| 261 | if ( ! empty($uploads)) { |
| 262 | foreach ($uploads as $field_key => $uploaded_filename_or_wp_error) { |
| 263 | if (is_wp_error($uploads[$field_key])) { |
| 264 | $upload_errors .= $uploads[$field_key]->get_error_message() . '<br/>'; |
| 265 | } |
| 266 | } |
| 267 | |
| 268 | if ( ! empty($upload_errors)) { |
| 269 | return "<div class='profilepress-reg-status'>$upload_errors</div>"; |
| 270 | } |
| 271 | } |
| 272 | // --------END --------- validation for file upload ----------------------// |
| 273 | |
| 274 | |
| 275 | // --------START --------- validation for avatar upload ----------------------// |
| 276 | if (isset($files['reg_avatar']['name']) && ! empty($files['reg_avatar']['name'])) { |
| 277 | $upload_avatar = ImageUploader::process($files['reg_avatar']); |
| 278 | |
| 279 | if (is_wp_error($upload_avatar)) { |
| 280 | return "<div class='profilepress-reg-status'>" . $upload_avatar->get_error_message() . "</div>"; |
| 281 | } |
| 282 | } |
| 283 | // --------END --------- validation for avatar upload ----------------------// |
| 284 | |
| 285 | |
| 286 | // --------START --------- validation for cover image upload ----------------------// |
| 287 | if (isset($files['reg_cover_image']['name']) && ! empty($files['reg_cover_image']['name'])) { |
| 288 | |
| 289 | $upload_cover_image = ImageUploader::process($files['reg_cover_image'], ImageUploader::COVER_IMAGE, PPRESS_COVER_IMAGE_UPLOAD_DIR); |
| 290 | |
| 291 | if (is_wp_error($upload_cover_image)) { |
| 292 | return "<div class='profilepress-reg-status'>" . $upload_cover_image->get_error_message() . "</div>"; |
| 293 | } |
| 294 | } |
| 295 | // --------END --------- validation for cover image upload ----------------------// |
| 296 | |
| 297 | do_action('ppress_before_registration', $form_id, $user_data); |
| 298 | |
| 299 | // proceed to registration using wp_insert_user method which return the new user id |
| 300 | $user_id = wp_insert_user($real_userdata); |
| 301 | |
| 302 | if (is_wp_error($user_id)) { |
| 303 | return '<div class="profilepress-reg-status">' . $user_id->get_error_message() . '</div>'; |
| 304 | } |
| 305 | |
| 306 | // --------START --------- register custom field ----------------------// |
| 307 | |
| 308 | $custom_usermeta['pp_profile_avatar'] = isset($upload_avatar) ? $upload_avatar : null; |
| 309 | $custom_usermeta['pp_profile_cover_image'] = isset($upload_cover_image) ? $upload_cover_image : null; |
| 310 | |
| 311 | // if we get to this point, it means the files pass validation defined above. |
| 312 | // array of files uploaded. Array key is the "custom field key" and the filename as the array value. |
| 313 | $custom_usermeta['pp_uploaded_files'] = $uploads; |
| 314 | |
| 315 | // if @$user_id is no WP_Error, add the extra user profile field |
| 316 | if (is_array($custom_usermeta)) { |
| 317 | |
| 318 | foreach ($custom_usermeta as $key => $value) { |
| 319 | if ( ! empty($value)) { |
| 320 | update_user_meta($user_id, $key, $value); |
| 321 | // the 'edit_profile' parameter is used to distinguish it from same action hook in RegistrationAuth |
| 322 | do_action('ppress_after_custom_field_update', $key, $value, $user_id, 'registration'); |
| 323 | } |
| 324 | } |
| 325 | } |
| 326 | // --------END --------- register custom field ----------------------// |
| 327 | |
| 328 | // if moderation is active, set new registered users as pending |
| 329 | if (UserModeration::moderation_is_active()) { |
| 330 | UserModeration::make_pending($user_id); |
| 331 | } |
| 332 | |
| 333 | if ($flag_to_send_password_reset === true) { |
| 334 | PasswordReset::retrieve_password_func($username); |
| 335 | } |
| 336 | |
| 337 | // record signup via |
| 338 | if ($is_melange) { |
| 339 | add_user_meta($user_id, '_pp_signup_melange_via', $form_id); |
| 340 | } else { |
| 341 | add_user_meta($user_id, '_pp_signup_via', $form_id); |
| 342 | } |
| 343 | |
| 344 | // if user moderation is active, send pending notification. |
| 345 | if (UserModeration::moderation_is_active()) { |
| 346 | UserModerationNotification::pending($user_id); |
| 347 | UserModerationNotification::pending_admin_notification($user_id); |
| 348 | } |
| 349 | |
| 350 | self::send_welcome_email($user_id, $password, $form_id); |
| 351 | |
| 352 | if (is_int($user_id)) { |
| 353 | |
| 354 | ppress_wp_new_user_notification($user_id, null, 'admin'); |
| 355 | } |
| 356 | |
| 357 | /** |
| 358 | * Fires after a user registration is completed. |
| 359 | * |
| 360 | * @param int $form_id ID of the registration form. |
| 361 | * @param mixed $user_data array of registered user info. |
| 362 | * @param int $user_id ID of the registered user. |
| 363 | * @param bool $is_melange |
| 364 | */ |
| 365 | do_action('ppress_after_registration', $form_id, $user_data, $user_id, $is_melange); |
| 366 | /* End Action Hook */ |
| 367 | |
| 368 | if ( ! empty($no_login_redirect)) { |
| 369 | $response = self::no_login_redirect_after_reg($form_id, $no_login_redirect); |
| 370 | } else { |
| 371 | /** |
| 372 | * call auto-login |
| 373 | * |
| 374 | * @param int $user_id registered user ID |
| 375 | * @param int $form_id registration form ID |
| 376 | * @param string $redirect redirect url after login |
| 377 | */ |
| 378 | $response = self::auto_login_after_reg($user_id, $form_id, $redirect); |
| 379 | } |
| 380 | |
| 381 | if (self::is_ajax() && isset($response) && ! empty($response) && is_array($response)) { |
| 382 | // $response should be an array containing the url to redirect to. |
| 383 | return $response; |
| 384 | } |
| 385 | |
| 386 | $success_message = FormRepository::get_form_meta($form_id, FormRepository::REGISTRATION_TYPE, FormRepository::SUCCESS_MESSAGE); |
| 387 | if ($is_melange) { |
| 388 | $success_message = FormRepository::get_form_meta($form_id, FormRepository::MELANGE_TYPE, FormRepository::MELANGE_REGISTRATION_SUCCESS_MESSAGE); |
| 389 | } |
| 390 | |
| 391 | $default_success_message = '<div class="profilepress-reg-status success">' . esc_html__('Registration successful.', 'wp-user-avatar') . '</div>'; |
| 392 | |
| 393 | if (FormRepository::is_drag_drop($form_id, FormRepository::REGISTRATION_TYPE)) { |
| 394 | // Drag and drop signup pages do not allow the use of div wrapper. only the message to be shown is entered. |
| 395 | // so here, we are wrapping it in reg status div. |
| 396 | if ( ! empty($success_message)) { |
| 397 | $success_message = '<div class="profilepress-reg-status success">' . $success_message . '</div>'; |
| 398 | } |
| 399 | } |
| 400 | |
| 401 | return apply_filters('ppress_registration_success_message', ! empty($success_message) ? $success_message : $default_success_message); |
| 402 | } |
| 403 | |
| 404 | /** |
| 405 | * Array list of acceptable defined roles. |
| 406 | * |
| 407 | * @param int $form_id ID of registration form |
| 408 | * |
| 409 | * @return array |
| 410 | */ |
| 411 | public static function acceptable_defined_roles($form_id) |
| 412 | { |
| 413 | $registration_structure = FormRepository::get_form_meta($form_id, FormRepository::REGISTRATION_TYPE, FormRepository::FORM_STRUCTURE); |
| 414 | |
| 415 | // find the first occurrence of reg-select-role shortcode. |
| 416 | preg_match('/\[reg-select-role.*\]/', $registration_structure, $matches); |
| 417 | |
| 418 | if (empty($matches) || ! isset($matches[0])) return; |
| 419 | |
| 420 | preg_match('/options="([,\s\w]+)"/', $matches[0], $matches2); |
| 421 | |
| 422 | $options = $matches2[1]; |
| 423 | |
| 424 | //if no options attribute was found in the shortcode, default to all list of editable roles |
| 425 | if (empty($options)) { |
| 426 | $acceptable_user_role = array_keys(ppress_get_editable_roles()); |
| 427 | } else { |
| 428 | $acceptable_user_role = array_map('trim', explode(',', $options)); |
| 429 | } |
| 430 | |
| 431 | return apply_filters('ppress_acceptable_user_role', $acceptable_user_role, $form_id); |
| 432 | } |
| 433 | } |