PluginProbe ʕ •ᴥ•ʔ
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress / 3.1
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress v3.1
4.16.19 4.16.18 4.16.17 4.16.16 trunk 1.0 1.0.1 1.0.2 1.1 1.1.1 1.1.2 1.1.3 1.1.4 1.1.5 1.1.5a 1.1.6 1.1.7 1.2 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.3 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.4 1.4.1 1.4.2 1.5 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.6 1.6.1 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.7 1.7.1 1.7.2 1.8 1.8.1 1.8.10 1.8.2 1.8.3 1.8.4 1.8.5 1.8.6 1.8.7 1.8.8 1.8.9 1.9 1.9.1 1.9.10 1.9.11 1.9.12 1.9.13 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.7 1.9.8 1.9.9 2.1.9 2.2.10 2.2.11 2.2.12 2.2.13 2.2.14 2.2.15 2.2.16 2.2.2 2.2.5 2.2.6 2.2.7 2.2.8 2.2.9 3.0 3.1 3.1.1 3.1.10 3.1.11 3.1.12 3.1.13 3.1.14 3.1.15 3.1.16 3.1.17 3.1.18 3.1.19 3.1.2 3.1.3 3.1.4 3.1.5 3.1.6 3.1.7 3.1.8 3.1.9 3.2.0 3.2.1 3.2.10 3.2.11 3.2.12 3.2.13 3.2.14 3.2.15 3.2.16 3.2.2 3.2.3 3.2.4 3.2.5 3.2.6 3.2.7 3.2.8 3.2.9 4.0.0 4.0.1 4.0.2 4.0.3 4.1.0 4.1.1 4.1.2 4.1.3 4.1.4 4.10.0 4.10.1 4.10.2 4.10.3 4.11.0 4.12.0 4.13.0 4.13.1 4.13.2 4.13.3 4.13.4 4.14.0 4.14.1 4.14.2 4.14.3 4.14.4 4.15.0 4.15.1 4.15.10 4.15.11 4.15.12 4.15.13 4.15.14 4.15.15 4.15.16 4.15.17 4.15.18 4.15.19 4.15.2 4.15.20 4.15.20.1 4.15.21 4.15.22 4.15.23 4.15.24 4.15.25 4.15.3 4.15.4 4.15.5 4.15.6 4.15.7 4.15.8 4.15.9 4.16.0 4.16.1 4.16.10 4.16.11 4.16.12 4.16.13 4.16.14 4.16.15 4.16.2 4.16.3 4.16.4 4.16.5 4.16.6 4.16.7 4.16.8 4.16.9 4.2.0 4.3.0 4.3.1 4.3.2 4.4.0 4.4.1 4.5.0 4.5.1 4.5.2 4.5.3 4.5.4 4.5.5 4.6.0 4.7.0 4.8.0 4.9.0
wp-user-avatar / src / Classes / RegistrationAuth.php
wp-user-avatar / src / Classes Last commit date
AdminNotices.php 5 years ago AjaxHandler.php 5 years ago Autologin.php 5 years ago BuddyPressBbPress.php 5 years ago EditUserProfile.php 5 years ago ExtensionManager.php 5 years ago FileUploader.php 5 years ago FormPreviewHandler.php 5 years ago FormRepository.php 5 years ago FormShortcodeDefaults.php 5 years ago GDPR.php 5 years ago GlobalSiteAccess.php 5 years ago ImageUploader.php 5 years ago LoginAuth.php 5 years ago Miscellaneous.php 5 years ago ModifyRedirectDefaultLinks.php 5 years ago PPRESS_Session.php 5 years ago PROFILEPRESS_sql.php 5 years ago PasswordReset.php 5 years ago ProfileUrlRewrite.php 5 years ago RegistrationAuth.php 5 years ago SendEmail.php 5 years ago ShortcodeThemeFactory.php 5 years ago UserAvatar.php 5 years ago UserSignupLocationListingPage.php 5 years ago UsernameEmailRestrictLogin.php 5 years ago WelcomeEmailAfterSignup.php 5 years ago default-email-template.php 5 years ago index.php 5 years ago
RegistrationAuth.php
433 lines
1 <?php
2
3 namespace ProfilePress\Core\Classes;
4
5 use ProfilePress\Libsodium\UserModeration\UserModeration;
6 use ProfilePress\Libsodium\UserModeration\UserModerationNotification;
7 use WP_Error;
8
9 class RegistrationAuth
10 {
11 protected static $registration_form_status;
12
13 public static function is_ajax()
14 {
15 return defined('DOING_AJAX') && DOING_AJAX;
16 }
17
18 /**
19 * Wrapper function for call to the welcome email class
20 *
21 * @param int $user_id
22 * @param string $password
23 * @param int $form_id
24 */
25 public static function send_welcome_email($user_id, $password = '', $form_id = '')
26 {
27 $status = apply_filters('ppress_activate_send_welcome_email', ppress_get_setting('welcome_message_email_enabled', 'on'));
28
29 if ($status == 'on') {
30
31 do_action('ppress_before_send_welcome_mail', $user_id, $form_id);
32
33 new WelcomeEmailAfterSignup($user_id, $password);
34
35 do_action('ppress_after_send_welcome_mail', $user_id, $form_id);
36 }
37 }
38
39 /**
40 *
41 * Wrapper function for call to the automatic login after reg function
42 *
43 * @param int $user_id
44 * @param int $form_id
45 * @param string $redirect redirect url after registration
46 *
47 * @return mixed
48 */
49 public static function auto_login_after_reg($user_id, $form_id, $redirect)
50 {
51 if ( ! empty($redirect)) {
52 return Autologin::initialize($user_id, $form_id, $redirect);
53 }
54
55 $auto_login_option = apply_filters('ppress_activate_auto_login_after_signup', ppress_get_setting('set_auto_login_after_reg', ''), $form_id);
56
57 if ($auto_login_option == 'on') {
58 return Autologin::initialize($user_id, $form_id);
59 }
60 }
61
62 /**
63 * Perform redirect after registration without logging the user in.
64 *
65 * @param int $form_id
66 * @param string $no_login_redirect URL to redirect to.
67 *
68 * @return array
69 */
70 public static function no_login_redirect_after_reg($form_id, $no_login_redirect)
71 {
72 esc_url_raw($no_login_redirect);
73
74 do_action('ppress_before_no_login_redirect_after_reg', $no_login_redirect, $form_id);
75 if (self::is_ajax()) {
76 // we are returning array to uniquely identify redirect.
77 return [$no_login_redirect];
78 }
79
80 wp_safe_redirect($no_login_redirect);
81 exit;
82 }
83
84 /**
85 * Register new users
86 *
87 * @param array $post user form submitted data
88 * @param int $form_id Registration builder ID
89 * @param array $files Handle for global $_FILES
90 * @param string $redirect URL to redirect to after registration.
91 *
92 * @return string
93 */
94 public static function register_new_user($post, $form_id = 0, $redirect = '', $is_melange = false, $no_login_redirect = '')
95 {
96 $files = $_FILES;
97
98 // create an array of acceptable userdata for use by wp_insert_user
99 $valid_userdata = array(
100 'reg_username',
101 'reg_password',
102 'reg_password2',
103 'reg_email2',
104 'reg_password_present',
105 'reg_email',
106 'reg_website',
107 'reg_nickname',
108 'reg_display_name',
109 'reg_first_name',
110 'reg_last_name',
111 'reg_bio',
112 'reg_select_role',
113 );
114
115 // get the data for userdata
116 $segregated_userdata = array();
117
118 // loop over the $_POST data and create an array of the wp_insert_user userdata
119 foreach ($post as $key => $value) {
120 if ($key == 'reg_submit') {
121 continue;
122 }
123
124 if (in_array($key, $valid_userdata)) {
125 $segregated_userdata[$key] = sanitize_text_field($value);
126 }
127 }
128
129 $email = isset($segregated_userdata['reg_email']) ? $segregated_userdata['reg_email'] : '';
130
131 $email2 = isset($segregated_userdata['reg_email2']) ? $segregated_userdata['reg_email2'] : null;
132
133 // get convert the form post data to userdata for use by wp_insert_users
134 $username = isset($segregated_userdata['reg_username']) ? $segregated_userdata['reg_username'] : '';
135
136 // Handle username creation when username requirement is disabled.
137 if (ppress_is_signup_form_username_disabled($form_id, $is_melange)) {
138 $username = sanitize_user(current(explode('@', $email)), true);
139 // Ensure username is unique.
140 $append = 1;
141 $o_username = $username;
142 while (username_exists($username)) {
143 $username = $o_username . $append;
144 $append++;
145 }
146 }
147
148 $username = apply_filters('ppress_registration_username_value', $username);
149
150 $password = apply_filters('ppress_registration_password_value', isset($segregated_userdata['reg_password']) ? $segregated_userdata['reg_password'] : '');
151
152 $flag_to_send_password_reset = false;
153
154 // if the reg_password field isn't present in registration, generate a password for the user and set a flag to send a password reset message
155 if (empty($password) && (empty($segregated_userdata['reg_password_present']) || $segregated_userdata['reg_password_present'] != 'true')) {
156 $password = wp_generate_password(24);
157 $flag_to_send_password_reset = apply_filters('ppress_enable_auto_send_password_reset_flag', true);
158 }
159
160 $password2 = isset($segregated_userdata['reg_password2']) ? $segregated_userdata['reg_password2'] : null;
161 $website = isset($segregated_userdata['reg_website']) ? $segregated_userdata['reg_website'] : '';
162 $nickname = isset($segregated_userdata['reg_nickname']) ? $segregated_userdata['reg_nickname'] : '';
163 $display_name = isset($segregated_userdata['reg_display_name']) ? $segregated_userdata['reg_display_name'] : '';
164 $first_name = isset($segregated_userdata['reg_first_name']) ? $segregated_userdata['reg_first_name'] : '';
165 $last_name = isset($segregated_userdata['reg_last_name']) ? $segregated_userdata['reg_last_name'] : '';
166 $bio = isset($segregated_userdata['reg_bio']) ? $segregated_userdata['reg_bio'] : '';
167 $role = isset($segregated_userdata['reg_select_role']) ? $segregated_userdata['reg_select_role'] : '';
168
169 // real uer data
170 $real_userdata = array(
171 'user_login' => $username,
172 'user_pass' => $password,
173 'user_email' => apply_filters('ppress_registration_email_value', $email),
174 'user_url' => apply_filters('ppress_registration_website_value', $website),
175 'nickname' => apply_filters('ppress_registration_nickname_value', $nickname),
176 'display_name' => apply_filters('ppress_registration_display_name_value', $display_name),
177 'first_name' => apply_filters('ppress_registration_first_name_value', $first_name),
178 'last_name' => apply_filters('ppress_registration_last_name_value', $last_name),
179 'description' => apply_filters('ppress_registration_bio_value', $bio),
180 );
181
182 if ( ! empty($role)) {
183 // acceptable defined roles in reg-select-role shortcode.
184 $accepted_role = (array)self::acceptable_defined_roles($form_id);
185
186 if ($role != 'administrator' && in_array($role, $accepted_role)) {
187 $real_userdata['role'] = $role;
188 }
189 } else {
190 if ( ! empty($builder_role)) {
191 $builder_role = FormRepository::get_form_meta($form_id, FormRepository::REGISTRATION_TYPE, FormRepository::REGISTRATION_USER_ROLE);
192 // only set user role if the registration form has one set
193 // otherwise no role is set for the user thus wp_insert_user will use the default user role set in Settings > General
194 $real_userdata['role'] = $builder_role;
195 }
196 }
197
198 /* start filter Hook */
199 $reg_errors = new WP_Error();
200
201 // --------START --------- validation for required fields ----------------------//
202 // loop through required fields and throw error if any is empty
203 if ( ! empty($_POST['required-fields']) && is_array($_POST['required-fields'])) {
204 foreach ($_POST['required-fields'] as $key => $value) {
205
206 if (empty($_POST[$key]) && empty($_FILES[$key])) {
207 $reg_errors->add('required_field_empty', sprintf(__('%s field is required', 'wp-user-avatar'), $value));
208 // stop looping if a required field is found empty.
209 break;
210 }
211 }
212 }
213 // --------END --------- validation for required fields ----------------------//
214
215 if ( ! validate_username($post['reg_username'])) {
216 $reg_errors->add('invalid_username', esc_html__('<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.', 'wp-user-avatar'));
217 }
218
219 if ( ! is_email($real_userdata['user_email'])) {
220 $reg_errors->add('invalid_email', esc_html__('Email address is not valid', 'wp-user-avatar'));
221 }
222
223 if (isset($password2) && ($password != $password2)) {
224 $reg_errors->add('password_mismatch', esc_html__('Passwords do not match', 'wp-user-avatar'));
225 }
226
227 if (isset($email2) && ($email != $email2)) {
228 $reg_errors->add('email_mismatch', esc_html__('Email addresses do not match', 'wp-user-avatar'));
229 }
230
231 if (isset($post['pp_enforce_password_meter']) && ($post['pp_enforce_password_meter'] != '1')) {
232 $reg_errors->add('password_weak', esc_html__('Password is not strong', 'wp-user-avatar'));
233 }
234
235 // get the data for use by update_meta
236 $custom_usermeta = array();
237 // loop over the $_POST data and create an array of the invalid userdata/ custom usermeta
238 foreach ($post as $key => $value) {
239 if ($key == 'reg_submit' || in_array($key, ppress_reserved_field_keys())) continue;
240
241 if ( ! in_array($key, $valid_userdata)) {
242 $custom_usermeta[$key] = is_array($value) ? array_map('sanitize_text_field', $value) : sanitize_text_field($value);
243 }
244 }
245
246 // merge real data(for use by wp_insert_user()) and custom fields data
247 // $real_userdata comes second so custom user meta won't override it.
248 $user_data = array_merge($custom_usermeta, $real_userdata);
249
250 /* Begin Filter Hook */
251 // call validate reg from function
252 $reg_form_errors = apply_filters('ppress_registration_validation', $reg_errors, $form_id, $user_data, $is_melange);
253 if (is_wp_error($reg_form_errors) && $reg_form_errors->get_error_code() != '') {
254 return '<div class="profilepress-reg-status">' . $reg_form_errors->get_error_message() . '</div>';
255 }
256 /* End Filter Hook */
257
258 // --------START --------- validation for file upload ----------------------//
259 $uploads = FileUploader::init();
260 $upload_errors = '';
261 if ( ! empty($uploads)) {
262 foreach ($uploads as $field_key => $uploaded_filename_or_wp_error) {
263 if (is_wp_error($uploads[$field_key])) {
264 $upload_errors .= $uploads[$field_key]->get_error_message() . '<br/>';
265 }
266 }
267
268 if ( ! empty($upload_errors)) {
269 return "<div class='profilepress-reg-status'>$upload_errors</div>";
270 }
271 }
272 // --------END --------- validation for file upload ----------------------//
273
274
275 // --------START --------- validation for avatar upload ----------------------//
276 if (isset($files['reg_avatar']['name']) && ! empty($files['reg_avatar']['name'])) {
277 $upload_avatar = ImageUploader::process($files['reg_avatar']);
278
279 if (is_wp_error($upload_avatar)) {
280 return "<div class='profilepress-reg-status'>" . $upload_avatar->get_error_message() . "</div>";
281 }
282 }
283 // --------END --------- validation for avatar upload ----------------------//
284
285
286 // --------START --------- validation for cover image upload ----------------------//
287 if (isset($files['reg_cover_image']['name']) && ! empty($files['reg_cover_image']['name'])) {
288
289 $upload_cover_image = ImageUploader::process($files['reg_cover_image'], ImageUploader::COVER_IMAGE, PPRESS_COVER_IMAGE_UPLOAD_DIR);
290
291 if (is_wp_error($upload_cover_image)) {
292 return "<div class='profilepress-reg-status'>" . $upload_cover_image->get_error_message() . "</div>";
293 }
294 }
295 // --------END --------- validation for cover image upload ----------------------//
296
297 do_action('ppress_before_registration', $form_id, $user_data);
298
299 // proceed to registration using wp_insert_user method which return the new user id
300 $user_id = wp_insert_user($real_userdata);
301
302 if (is_wp_error($user_id)) {
303 return '<div class="profilepress-reg-status">' . $user_id->get_error_message() . '</div>';
304 }
305
306 // --------START --------- register custom field ----------------------//
307
308 $custom_usermeta['pp_profile_avatar'] = isset($upload_avatar) ? $upload_avatar : null;
309 $custom_usermeta['pp_profile_cover_image'] = isset($upload_cover_image) ? $upload_cover_image : null;
310
311 // if we get to this point, it means the files pass validation defined above.
312 // array of files uploaded. Array key is the "custom field key" and the filename as the array value.
313 $custom_usermeta['pp_uploaded_files'] = $uploads;
314
315 // if @$user_id is no WP_Error, add the extra user profile field
316 if (is_array($custom_usermeta)) {
317
318 foreach ($custom_usermeta as $key => $value) {
319 if ( ! empty($value)) {
320 update_user_meta($user_id, $key, $value);
321 // the 'edit_profile' parameter is used to distinguish it from same action hook in RegistrationAuth
322 do_action('ppress_after_custom_field_update', $key, $value, $user_id, 'registration');
323 }
324 }
325 }
326 // --------END --------- register custom field ----------------------//
327
328 // if moderation is active, set new registered users as pending
329 if (UserModeration::moderation_is_active()) {
330 UserModeration::make_pending($user_id);
331 }
332
333 if ($flag_to_send_password_reset === true) {
334 PasswordReset::retrieve_password_func($username);
335 }
336
337 // record signup via
338 if ($is_melange) {
339 add_user_meta($user_id, '_pp_signup_melange_via', $form_id);
340 } else {
341 add_user_meta($user_id, '_pp_signup_via', $form_id);
342 }
343
344 // if user moderation is active, send pending notification.
345 if (UserModeration::moderation_is_active()) {
346 UserModerationNotification::pending($user_id);
347 UserModerationNotification::pending_admin_notification($user_id);
348 }
349
350 self::send_welcome_email($user_id, $password, $form_id);
351
352 if (is_int($user_id)) {
353
354 ppress_wp_new_user_notification($user_id, null, 'admin');
355 }
356
357 /**
358 * Fires after a user registration is completed.
359 *
360 * @param int $form_id ID of the registration form.
361 * @param mixed $user_data array of registered user info.
362 * @param int $user_id ID of the registered user.
363 * @param bool $is_melange
364 */
365 do_action('ppress_after_registration', $form_id, $user_data, $user_id, $is_melange);
366 /* End Action Hook */
367
368 if ( ! empty($no_login_redirect)) {
369 $response = self::no_login_redirect_after_reg($form_id, $no_login_redirect);
370 } else {
371 /**
372 * call auto-login
373 *
374 * @param int $user_id registered user ID
375 * @param int $form_id registration form ID
376 * @param string $redirect redirect url after login
377 */
378 $response = self::auto_login_after_reg($user_id, $form_id, $redirect);
379 }
380
381 if (self::is_ajax() && isset($response) && ! empty($response) && is_array($response)) {
382 // $response should be an array containing the url to redirect to.
383 return $response;
384 }
385
386 $success_message = FormRepository::get_form_meta($form_id, FormRepository::REGISTRATION_TYPE, FormRepository::SUCCESS_MESSAGE);
387 if ($is_melange) {
388 $success_message = FormRepository::get_form_meta($form_id, FormRepository::MELANGE_TYPE, FormRepository::MELANGE_REGISTRATION_SUCCESS_MESSAGE);
389 }
390
391 $default_success_message = '<div class="profilepress-reg-status success">' . esc_html__('Registration successful.', 'wp-user-avatar') . '</div>';
392
393 if (FormRepository::is_drag_drop($form_id, FormRepository::REGISTRATION_TYPE)) {
394 // Drag and drop signup pages do not allow the use of div wrapper. only the message to be shown is entered.
395 // so here, we are wrapping it in reg status div.
396 if ( ! empty($success_message)) {
397 $success_message = '<div class="profilepress-reg-status success">' . $success_message . '</div>';
398 }
399 }
400
401 return apply_filters('ppress_registration_success_message', ! empty($success_message) ? $success_message : $default_success_message);
402 }
403
404 /**
405 * Array list of acceptable defined roles.
406 *
407 * @param int $form_id ID of registration form
408 *
409 * @return array
410 */
411 public static function acceptable_defined_roles($form_id)
412 {
413 $registration_structure = FormRepository::get_form_meta($form_id, FormRepository::REGISTRATION_TYPE, FormRepository::FORM_STRUCTURE);
414
415 // find the first occurrence of reg-select-role shortcode.
416 preg_match('/\[reg-select-role.*\]/', $registration_structure, $matches);
417
418 if (empty($matches) || ! isset($matches[0])) return;
419
420 preg_match('/options="([,\s\w]+)"/', $matches[0], $matches2);
421
422 $options = $matches2[1];
423
424 //if no options attribute was found in the shortcode, default to all list of editable roles
425 if (empty($options)) {
426 $acceptable_user_role = array_keys(ppress_get_editable_roles());
427 } else {
428 $acceptable_user_role = array_map('trim', explode(',', $options));
429 }
430
431 return apply_filters('ppress_acceptable_user_role', $acceptable_user_role, $form_id);
432 }
433 }