Builder
4 weeks ago
MyAccount
3 weeks ago
EditProfileTag.php
1 year ago
FormProcessor.php
1 year ago
FrontendProfileTag.php
1 year ago
Init.php
3 years ago
LoginFormTag.php
2 years ago
MelangeTag.php
1 year ago
MemberDirectoryTag.php
1 year ago
MembershipShortcodes.php
1 year ago
PasswordResetTag.php
4 weeks ago
RegistrationFormTag.php
1 year ago
index.php
5 years ago
FormProcessor.php
330 lines
| 1 | <?php |
| 2 | |
| 3 | namespace ProfilePress\Core\ShortcodeParser; |
| 4 | |
| 5 | use ProfilePress\Core\Classes\EditUserProfile; |
| 6 | use ProfilePress\Core\Classes\LoginAuth; |
| 7 | use ProfilePress\Core\Classes\PasswordReset; |
| 8 | use ProfilePress\Core\Classes\RegistrationAuth; |
| 9 | use ProfilePress\Core\Membership\Models\Customer\CustomerFactory; |
| 10 | use ProfilePress\Core\Membership\Repositories\SubscriptionRepository; |
| 11 | |
| 12 | class FormProcessor |
| 13 | { |
| 14 | /** |
| 15 | * When a password reset form is submitted to generate a reset key to be emailed, |
| 16 | * it holds both success and error message. |
| 17 | * |
| 18 | * @var array |
| 19 | */ |
| 20 | public $password_reset_form_error = []; |
| 21 | |
| 22 | public $login_form_error = []; |
| 23 | |
| 24 | public $edit_profile_form_error = []; |
| 25 | |
| 26 | public $registration_form_error = []; |
| 27 | |
| 28 | public $is_2fa = []; |
| 29 | |
| 30 | public $myac_change_password_error = ''; |
| 31 | |
| 32 | public static function set_global_state($key, $value, $form_id = false) |
| 33 | { |
| 34 | $GLOBALS['pp_form_processor_' . $key] = $value; |
| 35 | |
| 36 | if ($form_id) { |
| 37 | $GLOBALS['pp_form_processor_form_id_' . $key] = $form_id; |
| 38 | } |
| 39 | } |
| 40 | |
| 41 | public static function get_global_state_error($key) |
| 42 | { |
| 43 | return isset($GLOBALS['pp_form_processor_' . $key]) ? $GLOBALS['pp_form_processor_' . $key] : false; |
| 44 | } |
| 45 | |
| 46 | public function restore_form_error($key) |
| 47 | { |
| 48 | $form_id = isset($GLOBALS['pp_form_processor_form_id_' . $key]) ? $GLOBALS['pp_form_processor_form_id_' . $key] : false; |
| 49 | |
| 50 | if ($form_id) { |
| 51 | $this->$key = []; |
| 52 | |
| 53 | return $this->$key[$form_id] = self::get_global_state_error($key); |
| 54 | } |
| 55 | |
| 56 | return $this->$key = self::get_global_state_error($key); |
| 57 | } |
| 58 | |
| 59 | /** |
| 60 | * @return string|void |
| 61 | */ |
| 62 | public function process_myaccount_change_password() |
| 63 | { |
| 64 | if (ppressPOST_var('ppmyac_form_action') != 'changePassword') return; |
| 65 | |
| 66 | if ( ! ppress_verify_nonce()) return; |
| 67 | |
| 68 | $user = wp_get_current_user(); |
| 69 | |
| 70 | $current_password = $_POST['password_current']; |
| 71 | $new_password = $_POST['password_new']; |
| 72 | $new_password_confirm = $_POST['password_confirm_new']; |
| 73 | |
| 74 | if ($new_password !== $new_password_confirm) { |
| 75 | return $this->myac_change_password_error = esc_html__('Passwords do not match.', 'wp-user-avatar'); |
| 76 | } |
| 77 | |
| 78 | if ($user instanceof \WP_User && wp_check_password($current_password, $user->data->user_pass, $user->ID) && is_user_logged_in()) { |
| 79 | $updated_user_id = wp_update_user([ |
| 80 | 'ID' => $user->ID, |
| 81 | 'user_pass' => $new_password, |
| 82 | ]); |
| 83 | |
| 84 | do_action('ppress_myaccount_after_password_change'); |
| 85 | |
| 86 | if (is_wp_error($updated_user_id)) { |
| 87 | return $this->myac_change_password_error = $updated_user_id->get_error_message(); |
| 88 | } |
| 89 | |
| 90 | wp_safe_redirect(esc_url_raw(add_query_arg('edit', 'true'))); |
| 91 | exit; |
| 92 | } |
| 93 | |
| 94 | $this->myac_change_password_error = __('The password you entered is incorrect.', 'wp-user-avatar'); |
| 95 | } |
| 96 | |
| 97 | /** |
| 98 | * @return string|void |
| 99 | */ |
| 100 | public function process_myaccount_delete_account() |
| 101 | { |
| 102 | if (ppressPOST_var('ppmyac_form_action') != 'deleteAccount') return; |
| 103 | |
| 104 | if ( ! ppress_verify_nonce()) return; |
| 105 | |
| 106 | $user = wp_get_current_user(); |
| 107 | |
| 108 | if ($user instanceof \WP_User && wp_check_password($_POST['password'], $user->user_pass, $user->ID) && is_user_logged_in()) { |
| 109 | |
| 110 | do_action('ppress_myaccount_before_delete_user', $user->ID); |
| 111 | |
| 112 | if (is_multisite()) { |
| 113 | |
| 114 | if ( ! function_exists('wpmu_delete_user')) { |
| 115 | require_once ABSPATH . 'wp-admin/includes/ms.php'; |
| 116 | } |
| 117 | |
| 118 | wpmu_delete_user($user->ID); |
| 119 | |
| 120 | } else { |
| 121 | |
| 122 | if ( ! function_exists('wp_delete_user')) { |
| 123 | require_once ABSPATH . 'wp-admin/includes/user.php'; |
| 124 | } |
| 125 | |
| 126 | wp_delete_user($user->ID); |
| 127 | } |
| 128 | |
| 129 | wp_safe_redirect(home_url()); |
| 130 | exit; |
| 131 | } |
| 132 | } |
| 133 | |
| 134 | public function process_edit_profile_form() |
| 135 | { |
| 136 | // check if the page being viewed contains the "edit profile" shortcode. if true, redirect to login page |
| 137 | if (ppress_post_content_has_shortcode('profilepress-edit-profile')) { |
| 138 | if ( ! is_user_logged_in()) { |
| 139 | nocache_headers(); |
| 140 | wp_safe_redirect(ppress_login_url()); |
| 141 | exit; |
| 142 | } |
| 143 | } |
| 144 | |
| 145 | if (isset($_POST['eup_remove_avatar']) && $_POST['eup_remove_avatar'] == 'removed') { |
| 146 | EditUserProfile::remove_user_avatar(); |
| 147 | } |
| 148 | |
| 149 | if (isset($_POST['eup_remove_cover_image']) && $_POST['eup_remove_cover_image'] == 'removed') { |
| 150 | EditUserProfile::remove_user_cover_image(); |
| 151 | } |
| 152 | |
| 153 | if (isset($_POST['eup_submit'])) { |
| 154 | $state_key = 'edit_profile_form_error'; |
| 155 | |
| 156 | if (self::get_global_state_error($state_key)) { |
| 157 | return $this->restore_form_error($state_key); |
| 158 | } |
| 159 | |
| 160 | $form_id = absint(ppressPOST_var('pp_melange_id', ($_POST['editprofile_form_id'] ?? ''), true)); |
| 161 | |
| 162 | $redirect = ppressPOST_var('editprofile_redirect', '', true); |
| 163 | |
| 164 | if ( ! empty($_POST['melange_redirect'])) { |
| 165 | $redirect = esc_url_raw($_POST['melange_redirect']); |
| 166 | } |
| 167 | |
| 168 | $is_melange = isset($_POST['is_melange']) && $_POST['is_melange'] == 'true'; |
| 169 | |
| 170 | $response = EditUserProfile::process_func($form_id, $redirect, $is_melange); |
| 171 | |
| 172 | if ( ! empty($response)) { |
| 173 | if ( ! $form_id) { |
| 174 | self::set_global_state($state_key, $response); |
| 175 | $this->edit_profile_form_error = $response; |
| 176 | } else { |
| 177 | self::set_global_state($state_key, $response, $form_id); |
| 178 | $this->edit_profile_form_error[$form_id] = $response; |
| 179 | } |
| 180 | } |
| 181 | } |
| 182 | } |
| 183 | |
| 184 | public function process_registration_form() |
| 185 | { |
| 186 | if (isset($_POST['reg_submit'])) { |
| 187 | $state_key = 'registration_form_error'; |
| 188 | |
| 189 | if (self::get_global_state_error($state_key)) { |
| 190 | return $this->restore_form_error($state_key); |
| 191 | } |
| 192 | |
| 193 | $form_id = absint(ppressPOST_var('pp_melange_id', $_POST['signup_form_id'] ?? '', true)); |
| 194 | |
| 195 | $redirect = ppressPOST_var('signup_redirect', '', true); |
| 196 | if ( ! empty($_POST['melange_redirect'])) { |
| 197 | $redirect = sanitize_text_field($_POST['melange_redirect']); |
| 198 | } |
| 199 | |
| 200 | $no_login_redirect = ! empty($_POST['signup_no_login_redirect']) ? sanitize_text_field($_POST['signup_no_login_redirect']) : ''; |
| 201 | |
| 202 | $is_melange = isset($_POST['is_melange']) && $_POST['is_melange'] == 'true'; |
| 203 | |
| 204 | $response = RegistrationAuth::register_new_user($_POST, $form_id, $redirect, $is_melange, $no_login_redirect); |
| 205 | |
| 206 | if ( ! empty($response)) { |
| 207 | $response = wp_kses_post(html_entity_decode($response)); |
| 208 | |
| 209 | $this->registration_form_error[$form_id] = $response; |
| 210 | |
| 211 | self::set_global_state($state_key, $response, $form_id); |
| 212 | |
| 213 | if (strpos($response, 'profilepress-reg-status success') !== false) { |
| 214 | // clears form after registration |
| 215 | $_POST = []; |
| 216 | } |
| 217 | } |
| 218 | } |
| 219 | } |
| 220 | |
| 221 | public function process_login_form() |
| 222 | { |
| 223 | if (isset($_GET['pp-sl-error']) && ! empty($_GET['pp-sl-error'])) { |
| 224 | $error = esc_html__('Authentication failed. Please try again', 'wp-user-avatar'); |
| 225 | |
| 226 | if ($_GET['pp-sl-error'] != 'true') { |
| 227 | $error = sanitize_text_field(rawurldecode($_GET['pp-sl-error'])); |
| 228 | } |
| 229 | |
| 230 | $this->login_form_error = '<div class="profilepress-login-status">' . $error . '</div>'; |
| 231 | } |
| 232 | |
| 233 | if (isset($_POST['login_submit'])) { |
| 234 | $state_key = 'login_form_error'; |
| 235 | |
| 236 | if (self::get_global_state_error($state_key)) { |
| 237 | return $this->restore_form_error($state_key); |
| 238 | } |
| 239 | |
| 240 | $username = trim($_POST['login_username']); |
| 241 | $password = $_POST['login_password']; |
| 242 | $remember_login = sanitize_text_field($_POST['login_remember'] ?? ''); |
| 243 | |
| 244 | $form_id = absint(! empty($_POST['pp_melange_id']) ? $_POST['pp_melange_id'] : ($_POST['login_form_id'] ?? '')); |
| 245 | |
| 246 | $redirect = ! empty($_POST['login_redirect']) ? sanitize_text_field($_POST['login_redirect']) : ''; |
| 247 | if ( ! empty($_POST['melange_redirect'])) { |
| 248 | $redirect = sanitize_text_field($_POST['melange_redirect']); |
| 249 | } |
| 250 | |
| 251 | $login_status = LoginAuth::login_auth($username, $password, $remember_login, $form_id, $redirect); |
| 252 | |
| 253 | $login_error = ''; |
| 254 | |
| 255 | if (is_wp_error($login_status)) { |
| 256 | if ($login_status->get_error_code() == 'pp2fa_auth_code_invalid') { |
| 257 | self::set_global_state('is_2fa', true, $form_id); |
| 258 | } |
| 259 | |
| 260 | $login_error = '<div class="profilepress-login-status">'; |
| 261 | $login_error .= $login_status->get_error_message(); |
| 262 | $login_error .= '</div>'; |
| 263 | } |
| 264 | |
| 265 | if ( ! empty($login_error)) { |
| 266 | $this->login_form_error = []; |
| 267 | $this->login_form_error[$form_id] = $login_error; |
| 268 | |
| 269 | self::set_global_state($state_key, $login_error, $form_id); |
| 270 | } |
| 271 | } |
| 272 | } |
| 273 | |
| 274 | public function process_password_reset_form() |
| 275 | { |
| 276 | $parsed_error = PasswordReset::parse_password_reset_error_codes(); |
| 277 | |
| 278 | if ( ! empty($parsed_error)) { |
| 279 | $this->password_reset_form_error = $parsed_error; |
| 280 | } |
| 281 | |
| 282 | if ( ! isset($_POST['password_reset_submit']) || empty($_POST['password_reset_submit'])) return; |
| 283 | |
| 284 | $state_key = 'password_reset_form_error'; |
| 285 | |
| 286 | if (self::get_global_state_error($state_key)) { |
| 287 | return $this->restore_form_error($state_key); |
| 288 | } |
| 289 | |
| 290 | $form_id = absint(! empty($_POST['pp_melange_id']) ? $_POST['pp_melange_id'] : ($_POST['passwordreset_form_id'] ?? '')); |
| 291 | |
| 292 | $is_melange = isset($_POST['is_melange']) && $_POST['is_melange'] == 'true'; |
| 293 | |
| 294 | $response = PasswordReset::password_reset_status($_POST['user_login'], $form_id, $is_melange); |
| 295 | |
| 296 | if ( ! empty($response)) { |
| 297 | $response = wp_specialchars_decode($response); |
| 298 | |
| 299 | $this->password_reset_form_error = []; |
| 300 | $this->password_reset_form_error[$form_id] = $response; |
| 301 | |
| 302 | self::set_global_state($state_key, $response, $form_id); |
| 303 | } |
| 304 | } |
| 305 | |
| 306 | public function check_password_reset_key() |
| 307 | { |
| 308 | if ( ! isset($_REQUEST['key'], $_REQUEST['login'])) return; |
| 309 | |
| 310 | // Verify key / login combo |
| 311 | $user = check_password_reset_key(sanitize_text_field($_REQUEST['key']), sanitize_text_field($_REQUEST['login'])); |
| 312 | |
| 313 | if ($user && ! is_wp_error($user)) return; |
| 314 | |
| 315 | if ($user && $user->get_error_code() === 'expired_key') { |
| 316 | wp_safe_redirect(ppress_password_reset_url() . '?error=expiredkey'); |
| 317 | exit; |
| 318 | } |
| 319 | |
| 320 | wp_safe_redirect(ppress_password_reset_url() . '?error=invalidkey'); |
| 321 | exit; |
| 322 | } |
| 323 | |
| 324 | public function process_password_reset_handler_form() |
| 325 | { |
| 326 | if (isset($_REQUEST['reset_password'], $_REQUEST['reset_key'], $_REQUEST['reset_login'])) { |
| 327 | PasswordReset::get_instance()->do_password_reset(); |
| 328 | } |
| 329 | } |
| 330 | } |