PluginProbe ʕ •ᴥ•ʔ
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress / 3.2.10
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress v3.2.10
4.16.18 4.16.17 4.16.16 trunk 1.0 1.0.1 1.0.2 1.1 1.1.1 1.1.2 1.1.3 1.1.4 1.1.5 1.1.5a 1.1.6 1.1.7 1.2 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.3 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.4 1.4.1 1.4.2 1.5 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.6 1.6.1 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.7 1.7.1 1.7.2 1.8 1.8.1 1.8.10 1.8.2 1.8.3 1.8.4 1.8.5 1.8.6 1.8.7 1.8.8 1.8.9 1.9 1.9.1 1.9.10 1.9.11 1.9.12 1.9.13 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.7 1.9.8 1.9.9 2.1.9 2.2.10 2.2.11 2.2.12 2.2.13 2.2.14 2.2.15 2.2.16 2.2.2 2.2.5 2.2.6 2.2.7 2.2.8 2.2.9 3.0 3.1 3.1.1 3.1.10 3.1.11 3.1.12 3.1.13 3.1.14 3.1.15 3.1.16 3.1.17 3.1.18 3.1.19 3.1.2 3.1.3 3.1.4 3.1.5 3.1.6 3.1.7 3.1.8 3.1.9 3.2.0 3.2.1 3.2.10 3.2.11 3.2.12 3.2.13 3.2.14 3.2.15 3.2.16 3.2.2 3.2.3 3.2.4 3.2.5 3.2.6 3.2.7 3.2.8 3.2.9 4.0.0 4.0.1 4.0.2 4.0.3 4.1.0 4.1.1 4.1.2 4.1.3 4.1.4 4.10.0 4.10.1 4.10.2 4.10.3 4.11.0 4.12.0 4.13.0 4.13.1 4.13.2 4.13.3 4.13.4 4.14.0 4.14.1 4.14.2 4.14.3 4.14.4 4.15.0 4.15.1 4.15.10 4.15.11 4.15.12 4.15.13 4.15.14 4.15.15 4.15.16 4.15.17 4.15.18 4.15.19 4.15.2 4.15.20 4.15.20.1 4.15.21 4.15.22 4.15.23 4.15.24 4.15.25 4.15.3 4.15.4 4.15.5 4.15.6 4.15.7 4.15.8 4.15.9 4.16.0 4.16.1 4.16.10 4.16.11 4.16.12 4.16.13 4.16.14 4.16.15 4.16.2 4.16.3 4.16.4 4.16.5 4.16.6 4.16.7 4.16.8 4.16.9 4.2.0 4.3.0 4.3.1 4.3.2 4.4.0 4.4.1 4.5.0 4.5.1 4.5.2 4.5.3 4.5.4 4.5.5 4.6.0 4.7.0 4.8.0 4.9.0
wp-user-avatar / src / ShortcodeParser / FormProcessor.php
wp-user-avatar / src / ShortcodeParser Last commit date
Builder 4 years ago MyAccount 4 years ago EditProfileTag.php 5 years ago FormProcessor.php 4 years ago FrontendProfileTag.php 4 years ago LoginFormTag.php 4 years ago MelangeTag.php 4 years ago MemberDirectoryTag.php 4 years ago PasswordResetTag.php 4 years ago RegistrationFormTag.php 4 years ago index.php 5 years ago
FormProcessor.php
299 lines
1 <?php
2
3 namespace ProfilePress\Core\ShortcodeParser;
4
5 use ProfilePress\Core\Classes\EditUserProfile;
6 use ProfilePress\Core\Classes\LoginAuth;
7 use ProfilePress\Core\Classes\PasswordReset;
8 use ProfilePress\Core\Classes\RegistrationAuth;
9
10 class FormProcessor
11 {
12 /**
13 * When a password reset form is submitted to generate a reset key to be emailed,
14 * it holds both success and error message.
15 *
16 * @var array
17 */
18 public $password_reset_form_error = [];
19
20 public $login_form_error = [];
21
22 public $edit_profile_form_error = [];
23
24 public $registration_form_error = [];
25
26 public $is_2fa = [];
27
28 public $myac_change_password_error = '';
29
30 public static function set_global_state($key, $value, $form_id = false)
31 {
32 $GLOBALS['pp_form_processor_' . $key] = $value;
33
34 if ($form_id) {
35 $GLOBALS['pp_form_processor_form_id_' . $key] = $form_id;
36 }
37 }
38
39 public static function get_global_state_error($key)
40 {
41 return isset($GLOBALS['pp_form_processor_' . $key]) ? $GLOBALS['pp_form_processor_' . $key] : false;
42 }
43
44 public function restore_form_error($key)
45 {
46 $form_id = isset($GLOBALS['pp_form_processor_form_id_' . $key]) ? $GLOBALS['pp_form_processor_form_id_' . $key] : false;
47
48 if ($form_id) {
49 $this->$key = [];
50
51 return $this->$key[$form_id] = self::get_global_state_error($key);
52 }
53
54 return $this->$key = self::get_global_state_error($key);
55 }
56
57 /**
58 * @return string|void
59 */
60 public function process_myaccount_change_password()
61 {
62 if ( ! isset($_POST['ppmyac_form_action']) || isset($_POST['ppmyac_form_action']) && $_POST['ppmyac_form_action'] !== 'changePassword') {
63 return;
64 }
65
66 if ( ! ppress_verify_nonce()) return;
67
68 $user = wp_get_current_user();
69
70 $current_password = $_POST['password_current'];
71 $new_password = $_POST['password_new'];
72 $new_password_confirm = $_POST['password_confirm_new'];
73
74 if ($new_password !== $new_password_confirm) {
75 return $this->myac_change_password_error = esc_html__('Passwords do not match.', 'wp-user-avatar');
76 }
77
78 if ($user instanceof \WP_User && wp_check_password($current_password, $user->data->user_pass, $user->ID) && is_user_logged_in()) {
79
80 $updated_user_id = wp_update_user([
81 'ID' => $user->ID,
82 'user_pass' => $new_password,
83 ]);
84
85 do_action('ppress_myaccount_after_password_change');
86
87 if (is_wp_error($updated_user_id)) {
88 return $this->myac_change_password_error = $updated_user_id->get_error_message();
89 }
90
91 wp_safe_redirect(esc_url_raw(add_query_arg('edit', 'true')));
92 exit;
93 }
94
95 $this->myac_change_password_error = __('The password you entered is incorrect.', 'wp-user-avatar');
96 }
97
98 public function process_edit_profile_form()
99 {
100 // check if the page being viewed contains the "edit profile" shortcode. if true, redirect to login page
101 if (ppress_shortcode_exist_in_post('profilepress-edit-profile')) {
102 if ( ! is_user_logged_in()) {
103 nocache_headers();
104 wp_safe_redirect(ppress_login_url());
105 exit;
106 }
107 }
108
109 if (isset($_POST['eup_remove_avatar']) && $_POST['eup_remove_avatar'] == 'removed') {
110 EditUserProfile::remove_user_avatar();
111 }
112
113 if (isset($_POST['eup_remove_cover_image']) && $_POST['eup_remove_cover_image'] == 'removed') {
114 EditUserProfile::remove_user_cover_image();
115 }
116
117 if (isset($_POST['eup_submit'])) {
118
119 $state_key = 'edit_profile_form_error';
120
121 if (self::get_global_state_error($state_key)) {
122 return $this->restore_form_error($state_key);
123 }
124
125 $form_id = absint(ppressPOST_var('pp_melange_id', @$_POST['editprofile_form_id'], true));
126
127 $redirect = ppressPOST_var('editprofile_redirect', '', true);
128
129 if ( ! empty($_POST['melange_redirect'])) {
130 $redirect = esc_url_raw($_POST['melange_redirect']);
131 }
132
133 $is_melange = isset($_POST['is_melange']) && $_POST['is_melange'] == 'true';
134
135 $response = EditUserProfile::process_func($form_id, $redirect, $is_melange);
136
137 if ( ! empty($response)) {
138
139 if ( ! $form_id) {
140 self::set_global_state($state_key, $response);
141 $this->edit_profile_form_error = $response;
142 } else {
143 self::set_global_state($state_key, $response, $form_id);
144 $this->edit_profile_form_error[$form_id] = $response;
145 }
146 }
147 }
148 }
149
150 public function process_registration_form()
151 {
152 if (isset($_POST['reg_submit'])) {
153
154 $state_key = 'registration_form_error';
155
156 if (self::get_global_state_error($state_key)) {
157 return $this->restore_form_error($state_key);
158 }
159
160 $form_id = absint(ppressPOST_var('pp_melange_id', @$_POST['signup_form_id'], true));
161
162 $redirect = ppressPOST_var('signup_redirect', '', true);
163 if ( ! empty($_POST['melange_redirect'])) {
164 $redirect = sanitize_text_field($_POST['melange_redirect']);
165 }
166
167 $no_login_redirect = ! empty($_POST['signup_no_login_redirect']) ? sanitize_text_field($_POST['signup_no_login_redirect']) : '';
168
169 $is_melange = isset($_POST['is_melange']) && $_POST['is_melange'] == 'true';
170
171 $response = RegistrationAuth::register_new_user($_POST, $form_id, $redirect, $is_melange, $no_login_redirect);
172
173 if ( ! empty($response)) {
174 $response = html_entity_decode($response);
175
176 $this->registration_form_error[$form_id] = $response;
177
178 self::set_global_state($state_key, $response, $form_id);
179
180 if(strpos($response, 'profilepress-reg-status success') !== false) {
181 // clears form after registration
182 $_POST = [];
183 }
184 }
185 }
186 }
187
188 public function process_login_form()
189 {
190 if (isset($_GET['pp-sl-error']) && ! empty($_GET['pp-sl-error'])) {
191 $error = esc_html__('Authentication failed. Please try again', 'wp-user-avatar');
192
193 if ($_GET['pp-sl-error'] != 'true') {
194 $error = sanitize_text_field(rawurldecode($_GET['pp-sl-error']));
195 }
196
197 $this->login_form_error = '<div class="profilepress-login-status">' . $error . '</div>';
198 }
199
200 if (isset($_POST['login_submit'])) {
201
202 $state_key = 'login_form_error';
203
204 if (self::get_global_state_error($state_key)) {
205 return $this->restore_form_error($state_key);
206 }
207
208 $username = trim($_POST['login_username']);
209 $password = $_POST['login_password'];
210 $remember_login = sanitize_text_field(@$_POST['login_remember']);
211
212 $form_id = absint(! empty($_POST['pp_melange_id']) ? $_POST['pp_melange_id'] : @$_POST['login_form_id']);
213
214 $redirect = ! empty($_POST['login_redirect']) ? sanitize_text_field($_POST['login_redirect']) : '';
215 if ( ! empty($_POST['melange_redirect'])) {
216 $redirect = sanitize_text_field($_POST['melange_redirect']);
217 }
218
219 $login_status = LoginAuth::login_auth($username, $password, $remember_login, $form_id, $redirect);
220
221 $login_error = '';
222
223 if (is_wp_error($login_status)) {
224
225 if ($login_status->get_error_code() == 'pp2fa_auth_code_invalid') {
226 self::set_global_state('is_2fa', true, $form_id);
227 }
228
229 $login_error = '<div class="profilepress-login-status">';
230 $login_error .= $login_status->get_error_message();
231 $login_error .= '</div>';
232 }
233
234 if ( ! empty($login_error)) {
235 $this->login_form_error = [];
236 $this->login_form_error[$form_id] = $login_error;
237
238 self::set_global_state($state_key, $login_error, $form_id);
239 }
240 }
241 }
242
243 public function process_password_reset_form()
244 {
245 $parsed_error = PasswordReset::parse_password_reset_error_codes();
246
247 if ( ! empty($parsed_error)) {
248 $this->password_reset_form_error = $parsed_error;
249 }
250
251 if ( ! isset($_POST['password_reset_submit']) || empty($_POST['password_reset_submit'])) return;
252
253 $state_key = 'password_reset_form_error';
254
255 if (self::get_global_state_error($state_key)) {
256 return $this->restore_form_error($state_key);
257 }
258
259 $form_id = absint(! empty($_POST['pp_melange_id']) ? $_POST['pp_melange_id'] : @$_POST['passwordreset_form_id']);
260
261 $is_melange = isset($_POST['is_melange']) && $_POST['is_melange'] == 'true';
262
263 $response = PasswordReset::password_reset_status($_POST['user_login'], $form_id, $is_melange);
264
265 if ( ! empty($response)) {
266 $response = wp_specialchars_decode($response);
267
268 $this->password_reset_form_error = [];
269 $this->password_reset_form_error[$form_id] = $response;
270
271 self::set_global_state($state_key, $response, $form_id);
272 }
273 }
274
275 public function check_password_reset_key()
276 {
277 if ( ! isset($_REQUEST['key'], $_REQUEST['login'])) return;
278
279 // Verify key / login combo
280 $user = check_password_reset_key(sanitize_text_field($_REQUEST['key']), sanitize_text_field($_REQUEST['login']));
281
282 if ($user && ! is_wp_error($user)) return;
283
284 if ($user && $user->get_error_code() === 'expired_key') {
285 wp_safe_redirect(ppress_password_reset_url() . '?error=expiredkey');
286 exit;
287 }
288
289 wp_safe_redirect(ppress_password_reset_url() . '?error=invalidkey');
290 exit;
291 }
292
293 public function process_password_reset_handler_form()
294 {
295 if (isset($_REQUEST['reset_password'], $_REQUEST['reset_key'], $_REQUEST['reset_login'])) {
296 PasswordReset::get_instance()->do_password_reset();
297 }
298 }
299 }