PluginProbe ʕ •ᴥ•ʔ
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress / 4.16.18
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress v4.16.18
4.16.18 4.16.17 4.16.16 trunk 1.0 1.0.1 1.0.2 1.1 1.1.1 1.1.2 1.1.3 1.1.4 1.1.5 1.1.5a 1.1.6 1.1.7 1.2 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.3 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.4 1.4.1 1.4.2 1.5 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.6 1.6.1 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.7 1.7.1 1.7.2 1.8 1.8.1 1.8.10 1.8.2 1.8.3 1.8.4 1.8.5 1.8.6 1.8.7 1.8.8 1.8.9 1.9 1.9.1 1.9.10 1.9.11 1.9.12 1.9.13 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.7 1.9.8 1.9.9 2.1.9 2.2.10 2.2.11 2.2.12 2.2.13 2.2.14 2.2.15 2.2.16 2.2.2 2.2.5 2.2.6 2.2.7 2.2.8 2.2.9 3.0 3.1 3.1.1 3.1.10 3.1.11 3.1.12 3.1.13 3.1.14 3.1.15 3.1.16 3.1.17 3.1.18 3.1.19 3.1.2 3.1.3 3.1.4 3.1.5 3.1.6 3.1.7 3.1.8 3.1.9 3.2.0 3.2.1 3.2.10 3.2.11 3.2.12 3.2.13 3.2.14 3.2.15 3.2.16 3.2.2 3.2.3 3.2.4 3.2.5 3.2.6 3.2.7 3.2.8 3.2.9 4.0.0 4.0.1 4.0.2 4.0.3 4.1.0 4.1.1 4.1.2 4.1.3 4.1.4 4.10.0 4.10.1 4.10.2 4.10.3 4.11.0 4.12.0 4.13.0 4.13.1 4.13.2 4.13.3 4.13.4 4.14.0 4.14.1 4.14.2 4.14.3 4.14.4 4.15.0 4.15.1 4.15.10 4.15.11 4.15.12 4.15.13 4.15.14 4.15.15 4.15.16 4.15.17 4.15.18 4.15.19 4.15.2 4.15.20 4.15.20.1 4.15.21 4.15.22 4.15.23 4.15.24 4.15.25 4.15.3 4.15.4 4.15.5 4.15.6 4.15.7 4.15.8 4.15.9 4.16.0 4.16.1 4.16.10 4.16.11 4.16.12 4.16.13 4.16.14 4.16.15 4.16.2 4.16.3 4.16.4 4.16.5 4.16.6 4.16.7 4.16.8 4.16.9 4.2.0 4.3.0 4.3.1 4.3.2 4.4.0 4.4.1 4.5.0 4.5.1 4.5.2 4.5.3 4.5.4 4.5.5 4.6.0 4.7.0 4.8.0 4.9.0
wp-user-avatar / src / ShortcodeParser / FormProcessor.php
wp-user-avatar / src / ShortcodeParser Last commit date
Builder 4 weeks ago MyAccount 3 weeks ago EditProfileTag.php 1 year ago FormProcessor.php 1 year ago FrontendProfileTag.php 1 year ago Init.php 3 years ago LoginFormTag.php 2 years ago MelangeTag.php 1 year ago MemberDirectoryTag.php 1 year ago MembershipShortcodes.php 1 year ago PasswordResetTag.php 4 weeks ago RegistrationFormTag.php 1 year ago index.php 5 years ago
FormProcessor.php
330 lines
1 <?php
2
3 namespace ProfilePress\Core\ShortcodeParser;
4
5 use ProfilePress\Core\Classes\EditUserProfile;
6 use ProfilePress\Core\Classes\LoginAuth;
7 use ProfilePress\Core\Classes\PasswordReset;
8 use ProfilePress\Core\Classes\RegistrationAuth;
9 use ProfilePress\Core\Membership\Models\Customer\CustomerFactory;
10 use ProfilePress\Core\Membership\Repositories\SubscriptionRepository;
11
12 class FormProcessor
13 {
14 /**
15 * When a password reset form is submitted to generate a reset key to be emailed,
16 * it holds both success and error message.
17 *
18 * @var array
19 */
20 public $password_reset_form_error = [];
21
22 public $login_form_error = [];
23
24 public $edit_profile_form_error = [];
25
26 public $registration_form_error = [];
27
28 public $is_2fa = [];
29
30 public $myac_change_password_error = '';
31
32 public static function set_global_state($key, $value, $form_id = false)
33 {
34 $GLOBALS['pp_form_processor_' . $key] = $value;
35
36 if ($form_id) {
37 $GLOBALS['pp_form_processor_form_id_' . $key] = $form_id;
38 }
39 }
40
41 public static function get_global_state_error($key)
42 {
43 return isset($GLOBALS['pp_form_processor_' . $key]) ? $GLOBALS['pp_form_processor_' . $key] : false;
44 }
45
46 public function restore_form_error($key)
47 {
48 $form_id = isset($GLOBALS['pp_form_processor_form_id_' . $key]) ? $GLOBALS['pp_form_processor_form_id_' . $key] : false;
49
50 if ($form_id) {
51 $this->$key = [];
52
53 return $this->$key[$form_id] = self::get_global_state_error($key);
54 }
55
56 return $this->$key = self::get_global_state_error($key);
57 }
58
59 /**
60 * @return string|void
61 */
62 public function process_myaccount_change_password()
63 {
64 if (ppressPOST_var('ppmyac_form_action') != 'changePassword') return;
65
66 if ( ! ppress_verify_nonce()) return;
67
68 $user = wp_get_current_user();
69
70 $current_password = $_POST['password_current'];
71 $new_password = $_POST['password_new'];
72 $new_password_confirm = $_POST['password_confirm_new'];
73
74 if ($new_password !== $new_password_confirm) {
75 return $this->myac_change_password_error = esc_html__('Passwords do not match.', 'wp-user-avatar');
76 }
77
78 if ($user instanceof \WP_User && wp_check_password($current_password, $user->data->user_pass, $user->ID) && is_user_logged_in()) {
79 $updated_user_id = wp_update_user([
80 'ID' => $user->ID,
81 'user_pass' => $new_password,
82 ]);
83
84 do_action('ppress_myaccount_after_password_change');
85
86 if (is_wp_error($updated_user_id)) {
87 return $this->myac_change_password_error = $updated_user_id->get_error_message();
88 }
89
90 wp_safe_redirect(esc_url_raw(add_query_arg('edit', 'true')));
91 exit;
92 }
93
94 $this->myac_change_password_error = __('The password you entered is incorrect.', 'wp-user-avatar');
95 }
96
97 /**
98 * @return string|void
99 */
100 public function process_myaccount_delete_account()
101 {
102 if (ppressPOST_var('ppmyac_form_action') != 'deleteAccount') return;
103
104 if ( ! ppress_verify_nonce()) return;
105
106 $user = wp_get_current_user();
107
108 if ($user instanceof \WP_User && wp_check_password($_POST['password'], $user->user_pass, $user->ID) && is_user_logged_in()) {
109
110 do_action('ppress_myaccount_before_delete_user', $user->ID);
111
112 if (is_multisite()) {
113
114 if ( ! function_exists('wpmu_delete_user')) {
115 require_once ABSPATH . 'wp-admin/includes/ms.php';
116 }
117
118 wpmu_delete_user($user->ID);
119
120 } else {
121
122 if ( ! function_exists('wp_delete_user')) {
123 require_once ABSPATH . 'wp-admin/includes/user.php';
124 }
125
126 wp_delete_user($user->ID);
127 }
128
129 wp_safe_redirect(home_url());
130 exit;
131 }
132 }
133
134 public function process_edit_profile_form()
135 {
136 // check if the page being viewed contains the "edit profile" shortcode. if true, redirect to login page
137 if (ppress_post_content_has_shortcode('profilepress-edit-profile')) {
138 if ( ! is_user_logged_in()) {
139 nocache_headers();
140 wp_safe_redirect(ppress_login_url());
141 exit;
142 }
143 }
144
145 if (isset($_POST['eup_remove_avatar']) && $_POST['eup_remove_avatar'] == 'removed') {
146 EditUserProfile::remove_user_avatar();
147 }
148
149 if (isset($_POST['eup_remove_cover_image']) && $_POST['eup_remove_cover_image'] == 'removed') {
150 EditUserProfile::remove_user_cover_image();
151 }
152
153 if (isset($_POST['eup_submit'])) {
154 $state_key = 'edit_profile_form_error';
155
156 if (self::get_global_state_error($state_key)) {
157 return $this->restore_form_error($state_key);
158 }
159
160 $form_id = absint(ppressPOST_var('pp_melange_id', ($_POST['editprofile_form_id'] ?? ''), true));
161
162 $redirect = ppressPOST_var('editprofile_redirect', '', true);
163
164 if ( ! empty($_POST['melange_redirect'])) {
165 $redirect = esc_url_raw($_POST['melange_redirect']);
166 }
167
168 $is_melange = isset($_POST['is_melange']) && $_POST['is_melange'] == 'true';
169
170 $response = EditUserProfile::process_func($form_id, $redirect, $is_melange);
171
172 if ( ! empty($response)) {
173 if ( ! $form_id) {
174 self::set_global_state($state_key, $response);
175 $this->edit_profile_form_error = $response;
176 } else {
177 self::set_global_state($state_key, $response, $form_id);
178 $this->edit_profile_form_error[$form_id] = $response;
179 }
180 }
181 }
182 }
183
184 public function process_registration_form()
185 {
186 if (isset($_POST['reg_submit'])) {
187 $state_key = 'registration_form_error';
188
189 if (self::get_global_state_error($state_key)) {
190 return $this->restore_form_error($state_key);
191 }
192
193 $form_id = absint(ppressPOST_var('pp_melange_id', $_POST['signup_form_id'] ?? '', true));
194
195 $redirect = ppressPOST_var('signup_redirect', '', true);
196 if ( ! empty($_POST['melange_redirect'])) {
197 $redirect = sanitize_text_field($_POST['melange_redirect']);
198 }
199
200 $no_login_redirect = ! empty($_POST['signup_no_login_redirect']) ? sanitize_text_field($_POST['signup_no_login_redirect']) : '';
201
202 $is_melange = isset($_POST['is_melange']) && $_POST['is_melange'] == 'true';
203
204 $response = RegistrationAuth::register_new_user($_POST, $form_id, $redirect, $is_melange, $no_login_redirect);
205
206 if ( ! empty($response)) {
207 $response = wp_kses_post(html_entity_decode($response));
208
209 $this->registration_form_error[$form_id] = $response;
210
211 self::set_global_state($state_key, $response, $form_id);
212
213 if (strpos($response, 'profilepress-reg-status success') !== false) {
214 // clears form after registration
215 $_POST = [];
216 }
217 }
218 }
219 }
220
221 public function process_login_form()
222 {
223 if (isset($_GET['pp-sl-error']) && ! empty($_GET['pp-sl-error'])) {
224 $error = esc_html__('Authentication failed. Please try again', 'wp-user-avatar');
225
226 if ($_GET['pp-sl-error'] != 'true') {
227 $error = sanitize_text_field(rawurldecode($_GET['pp-sl-error']));
228 }
229
230 $this->login_form_error = '<div class="profilepress-login-status">' . $error . '</div>';
231 }
232
233 if (isset($_POST['login_submit'])) {
234 $state_key = 'login_form_error';
235
236 if (self::get_global_state_error($state_key)) {
237 return $this->restore_form_error($state_key);
238 }
239
240 $username = trim($_POST['login_username']);
241 $password = $_POST['login_password'];
242 $remember_login = sanitize_text_field($_POST['login_remember'] ?? '');
243
244 $form_id = absint(! empty($_POST['pp_melange_id']) ? $_POST['pp_melange_id'] : ($_POST['login_form_id'] ?? ''));
245
246 $redirect = ! empty($_POST['login_redirect']) ? sanitize_text_field($_POST['login_redirect']) : '';
247 if ( ! empty($_POST['melange_redirect'])) {
248 $redirect = sanitize_text_field($_POST['melange_redirect']);
249 }
250
251 $login_status = LoginAuth::login_auth($username, $password, $remember_login, $form_id, $redirect);
252
253 $login_error = '';
254
255 if (is_wp_error($login_status)) {
256 if ($login_status->get_error_code() == 'pp2fa_auth_code_invalid') {
257 self::set_global_state('is_2fa', true, $form_id);
258 }
259
260 $login_error = '<div class="profilepress-login-status">';
261 $login_error .= $login_status->get_error_message();
262 $login_error .= '</div>';
263 }
264
265 if ( ! empty($login_error)) {
266 $this->login_form_error = [];
267 $this->login_form_error[$form_id] = $login_error;
268
269 self::set_global_state($state_key, $login_error, $form_id);
270 }
271 }
272 }
273
274 public function process_password_reset_form()
275 {
276 $parsed_error = PasswordReset::parse_password_reset_error_codes();
277
278 if ( ! empty($parsed_error)) {
279 $this->password_reset_form_error = $parsed_error;
280 }
281
282 if ( ! isset($_POST['password_reset_submit']) || empty($_POST['password_reset_submit'])) return;
283
284 $state_key = 'password_reset_form_error';
285
286 if (self::get_global_state_error($state_key)) {
287 return $this->restore_form_error($state_key);
288 }
289
290 $form_id = absint(! empty($_POST['pp_melange_id']) ? $_POST['pp_melange_id'] : ($_POST['passwordreset_form_id'] ?? ''));
291
292 $is_melange = isset($_POST['is_melange']) && $_POST['is_melange'] == 'true';
293
294 $response = PasswordReset::password_reset_status($_POST['user_login'], $form_id, $is_melange);
295
296 if ( ! empty($response)) {
297 $response = wp_specialchars_decode($response);
298
299 $this->password_reset_form_error = [];
300 $this->password_reset_form_error[$form_id] = $response;
301
302 self::set_global_state($state_key, $response, $form_id);
303 }
304 }
305
306 public function check_password_reset_key()
307 {
308 if ( ! isset($_REQUEST['key'], $_REQUEST['login'])) return;
309
310 // Verify key / login combo
311 $user = check_password_reset_key(sanitize_text_field($_REQUEST['key']), sanitize_text_field($_REQUEST['login']));
312
313 if ($user && ! is_wp_error($user)) return;
314
315 if ($user && $user->get_error_code() === 'expired_key') {
316 wp_safe_redirect(ppress_password_reset_url() . '?error=expiredkey');
317 exit;
318 }
319
320 wp_safe_redirect(ppress_password_reset_url() . '?error=invalidkey');
321 exit;
322 }
323
324 public function process_password_reset_handler_form()
325 {
326 if (isset($_REQUEST['reset_password'], $_REQUEST['reset_key'], $_REQUEST['reset_login'])) {
327 PasswordReset::get_instance()->do_password_reset();
328 }
329 }
330 }