PluginProbe ʕ •ᴥ•ʔ
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress / trunk
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress vtrunk
4.16.18 4.16.17 4.16.16 trunk 1.0 1.0.1 1.0.2 1.1 1.1.1 1.1.2 1.1.3 1.1.4 1.1.5 1.1.5a 1.1.6 1.1.7 1.2 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.3 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.4 1.4.1 1.4.2 1.5 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.6 1.6.1 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.7 1.7.1 1.7.2 1.8 1.8.1 1.8.10 1.8.2 1.8.3 1.8.4 1.8.5 1.8.6 1.8.7 1.8.8 1.8.9 1.9 1.9.1 1.9.10 1.9.11 1.9.12 1.9.13 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.7 1.9.8 1.9.9 2.1.9 2.2.10 2.2.11 2.2.12 2.2.13 2.2.14 2.2.15 2.2.16 2.2.2 2.2.5 2.2.6 2.2.7 2.2.8 2.2.9 3.0 3.1 3.1.1 3.1.10 3.1.11 3.1.12 3.1.13 3.1.14 3.1.15 3.1.16 3.1.17 3.1.18 3.1.19 3.1.2 3.1.3 3.1.4 3.1.5 3.1.6 3.1.7 3.1.8 3.1.9 3.2.0 3.2.1 3.2.10 3.2.11 3.2.12 3.2.13 3.2.14 3.2.15 3.2.16 3.2.2 3.2.3 3.2.4 3.2.5 3.2.6 3.2.7 3.2.8 3.2.9 4.0.0 4.0.1 4.0.2 4.0.3 4.1.0 4.1.1 4.1.2 4.1.3 4.1.4 4.10.0 4.10.1 4.10.2 4.10.3 4.11.0 4.12.0 4.13.0 4.13.1 4.13.2 4.13.3 4.13.4 4.14.0 4.14.1 4.14.2 4.14.3 4.14.4 4.15.0 4.15.1 4.15.10 4.15.11 4.15.12 4.15.13 4.15.14 4.15.15 4.15.16 4.15.17 4.15.18 4.15.19 4.15.2 4.15.20 4.15.20.1 4.15.21 4.15.22 4.15.23 4.15.24 4.15.25 4.15.3 4.15.4 4.15.5 4.15.6 4.15.7 4.15.8 4.15.9 4.16.0 4.16.1 4.16.10 4.16.11 4.16.12 4.16.13 4.16.14 4.16.15 4.16.2 4.16.3 4.16.4 4.16.5 4.16.6 4.16.7 4.16.8 4.16.9 4.2.0 4.3.0 4.3.1 4.3.2 4.4.0 4.4.1 4.5.0 4.5.1 4.5.2 4.5.3 4.5.4 4.5.5 4.6.0 4.7.0 4.8.0 4.9.0
wp-user-avatar / src / Classes / PasswordReset.php
wp-user-avatar / src / Classes Last commit date
Installer 3 years ago AdminNotices.php 1 month ago AjaxHandler.php 1 year ago Autologin.php 9 months ago BlockRegistrations.php 10 months ago BuddyPressBbPress.php 3 years ago DisableConcurrentLogins.php 2 years ago EditUserProfile.php 5 months ago ExtensionManager.php 1 month ago FileUploader.php 3 months ago FormPreviewHandler.php 5 months ago FormRepository.php 1 year ago FormShortcodeDefaults.php 1 month ago GDPR.php 3 years ago Geolocation.php 3 years ago GlobalSiteAccess.php 3 years ago ImageUploader.php 1 year ago LoginAuth.php 1 year ago Miscellaneous.php 3 years ago ModifyRedirectDefaultLinks.php 5 months ago PPRESS_Session.php 1 year ago PROFILEPRESS_sql.php 1 year ago PasswordReset.php 1 year ago ProfileUrlRewrite.php 4 years ago RegistrationAuth.php 1 week ago SendEmail.php 3 years ago ShortcodeThemeFactory.php 5 years ago UserAvatar.php 1 year ago UserSignupLocationListingPage.php 3 years ago UsernameEmailRestrictLogin.php 4 years ago WPProfileFieldParserTrait.php 1 year ago WelcomeEmailAfterSignup.php 1 year ago default-email-template.php 1 year ago index.php 3 years ago
PasswordReset.php
423 lines
1 <?php
2
3 namespace ProfilePress\Core\Classes;
4
5 use WP_Error;
6
7 class PasswordReset
8 {
9 /**
10 * Change the password reset title.
11 *
12 * @param \WP_User $user_data
13 * @param string $key
14 *
15 * @return string
16 */
17 public static function reset_email_title($user_data, $key)
18 {
19 $default_title = sprintf(__('[%s] Password Reset'), ppress_site_title());
20
21 return apply_filters(
22 'ppress_retrieve_password_title',
23 self::parse_placeholders(
24 ppress_get_setting('password_reset_email_subject', $default_title, true),
25 $user_data, $key
26 )
27 );
28 }
29
30 /**
31 * Return the formatted password reset message.
32 *
33 * @param string $content
34 * @param \WP_User $user_data username
35 * @param string $key activation key
36 *
37 * @return string
38 */
39 protected static function parse_placeholders($content, $user_data, $key)
40 {
41 $user_email = $user_data->user_email;
42
43 $user_login = $user_data->user_login;
44
45 $search = apply_filters('ppress_password_reset_placeholder_search', [
46 '{{username}}',
47 '{{password_reset_link}}',
48 '{{email}}',
49 '{{site_title}}'
50 ],
51 $user_data, $key
52 );
53
54 $replace = apply_filters('ppress_password_reset_placeholder_replace', [
55 $user_login,
56 ppress_get_do_password_reset_url($user_login, $key),
57 $user_email,
58 ppress_site_title()
59 ],
60 $user_data, $key
61 );
62
63 return str_replace($search, $replace, $content);
64 }
65
66 /**
67 * Callback function for filter
68 *
69 * @param mixed $user_data
70 * @param $key
71 *
72 * @return string formatted message for use by the password reset form
73 */
74 protected static function reset_email_message($user_data, $key)
75 {
76 $message = apply_filters('ppress_retrieve_password_message',
77 ppress_get_setting('password_reset_email_content', ppress_password_reset_content_default(), true)
78 );
79
80 return wp_specialchars_decode(self::parse_placeholders($message, $user_data, $key));
81 }
82
83 /**
84 * Does the heavy lifting of resetting password
85 *
86 * @param $user_login string username or email
87 *
88 * @return bool|WP_Error
89 */
90 public static function retrieve_password_func($user_login)
91 {
92 $errors = new WP_Error();
93
94 if (ppress_get_setting('password_reset_email_enabled', 'on') !== 'on') {
95 $errors->add('password_reset_email_disabled', esc_html__('<strong>ERROR</strong>: Password reset email is disabled.', 'wp-user-avatar'));
96 } else {
97
98 $_POST['user_login'] = $user_login;
99
100 if (empty($_POST['user_login'])) {
101 $errors->add('empty_username', esc_html__('<strong>ERROR</strong>: Enter a username or e-mail address.', 'wp-user-avatar'));
102 } else {
103
104 if (strpos($_POST['user_login'], '@')) {
105 $user_data = get_user_by('email', trim($_POST['user_login']));
106 if ( ! $user_data) {
107 $errors->add('invalid_email', esc_html__('<strong>ERROR</strong>: There is no user registered with that email address.', 'wp-user-avatar'));
108 }
109 } else {
110 $login = trim($_POST['user_login']);
111 $user_data = get_user_by('login', $login);
112 }
113
114 if ( ! $user_data) {
115 $errors->add('invalidcombo', esc_html__('<strong>ERROR</strong>: Invalid username or e-mail.', 'wp-user-avatar'));
116 }
117 }
118 }
119
120 do_action('lostpassword_post', $errors, $user_data);
121
122 if ($errors->get_error_code()) {
123 return $errors;
124 }
125
126 $user_email = $user_data->user_email;
127
128 $key = get_password_reset_key($user_data);
129
130 if (is_wp_error($key)) return $key;
131
132 $title = self::reset_email_title($user_data, $key);
133
134 $message = self::reset_email_message($user_data, $key);
135
136 return ppress_send_email($user_email, wp_specialchars_decode($title), $message);
137 }
138
139 /**
140 * The error or success message received from the retrieve_password_func
141 *
142 * @param string $user_login username/email
143 * @param int|null $form_id password_reset id
144 * @param string $is_melange is this melange
145 *
146 * @return string|array
147 */
148 public static function password_reset_status($user_login, $form_id = null, $is_melange = '')
149 {
150 /**
151 * Fires before password reset is processed
152 *
153 * @param string $user_login username/email
154 * @param int $form_id password reset builder ID
155 */
156 do_action('ppress_before_password_reset', $user_login, $form_id);
157
158 /** filter to validate additional password field */
159 $password_reset_validation = apply_filters('ppress_password_reset_validation', '', $form_id);
160
161 // if the action is contain WP_Error message, set the password response to the object
162 // for reuse further down to return its WP_Error message
163 if (is_wp_error($password_reset_validation) && $password_reset_validation->get_error_code() != '') {
164 $password_reset_response = $password_reset_validation;
165 } else {
166 $password_reset_response = self::retrieve_password_func($user_login);
167 }
168
169 /**
170 * Fires after password reset is processed
171 *
172 * @param string $user_login username/email
173 * @param string $password_reset_response password reset response message
174 */
175 do_action('ppress_after_password_reset', $form_id, $user_login, $password_reset_response);
176
177 // return the response of the password reset process
178 if (is_wp_error($password_reset_response)) {
179 return '<div class="profilepress-reset-status">' . $password_reset_response->get_error_message() . '</div>';
180 }
181
182 do_action('ppress_password_reset_success', $form_id, $user_login, $password_reset_response);
183
184 if ($is_melange) {
185 $success_message = FormRepository::get_form_meta($form_id, FormRepository::MELANGE_TYPE, FormRepository::MELANGE_PASSWORD_RESET_SUCCESS_MESSAGE);
186 } else {
187 $success_message = FormRepository::get_form_meta($form_id, FormRepository::PASSWORD_RESET_TYPE, FormRepository::SUCCESS_MESSAGE);
188 }
189
190 if (FormRepository::is_drag_drop($form_id, FormRepository::PASSWORD_RESET_TYPE)) {
191 // Drag and drop do not allow the use of div wrapper. only the message to be shown is entered.
192 // so here, we are wrapping it in edit profile status div.
193 if ( ! empty($success_message)) {
194 $success_message = "<div class=\"profilepress-reset-status success\">$success_message</div>";
195 }
196 }
197
198 // remove the username/email address after password reset ish is successful.
199 unset($_POST['user_login']);
200
201 $success_msg = ! empty($success_message) ? $success_message : apply_filters('ppress_default_password_reset_text', '<h4>' . esc_html__('Check your email for further instructions.', 'wp-user-avatar') . '</h4>');
202
203 if (wp_doing_ajax()) return [$success_msg];
204
205 return $success_msg;
206 }
207
208 /**
209 * Resets the user's password if the password reset form was submitted.
210 */
211 public static function do_password_reset()
212 {
213 $reset_key = wp_unslash($_REQUEST['reset_key']);
214 $reset_login = wp_unslash($_REQUEST['reset_login']);
215
216 $user = check_password_reset_key($reset_key, $reset_login);
217
218 if (is_wp_error($user)) {
219 if ($user->get_error_code() === 'expired_key') {
220
221 if (wp_doing_ajax()) return self::do_password_reset_status_messages('expired_key');
222
223 wp_safe_redirect(ppress_password_reset_url() . '?login=expiredkey');
224 exit;
225 }
226
227 if (wp_doing_ajax()) return self::do_password_reset_status_messages('expired_key');
228
229 wp_safe_redirect(ppress_password_reset_url() . '?login=invalidkey');
230 exit;
231 }
232
233 if (isset($_POST['password1']) && isset($_POST['password2'])) {
234
235 if ($_POST['password1'] != $_POST['password2']) {
236
237 if (wp_doing_ajax()) {
238 return self::do_password_reset_status_messages('password_mismatch');
239 }
240
241 // Passwords don't match
242 $redirect_url = add_query_arg(
243 [
244 'key' => $reset_key,
245 'login' => $reset_login,
246 'error' => 'password_mismatch'
247 ],
248 ppress_password_reset_url()
249 );
250
251 wp_safe_redirect($redirect_url);
252 exit;
253 }
254
255 if (empty($_POST['password1'])) {
256
257 if (wp_doing_ajax()) return self::do_password_reset_status_messages('password_empty');
258
259 // Empty password
260 $redirect_url = add_query_arg(
261 [
262 'key' => $reset_key,
263 'login' => $reset_login,
264 'error' => 'password_empty'
265 ],
266 ppress_password_reset_url()
267 );
268
269 wp_safe_redirect($redirect_url);
270 exit;
271 }
272
273 if (isset($_POST['pp_enforce_password_meter']) && ($_POST['pp_enforce_password_meter'] != '1')) {
274
275 if (wp_doing_ajax()) return self::do_password_reset_status_messages('weak_password');
276
277 // Empty password
278 $redirect_url = add_query_arg(
279 [
280 'key' => $reset_key,
281 'login' => $reset_login,
282 'error' => 'weak_password'
283 ],
284 ppress_password_reset_url()
285 );
286
287 wp_safe_redirect($redirect_url);
288 exit;
289 }
290
291 // Everything is cool now.
292 reset_password($user, $_POST['password1']);
293
294 if (wp_doing_ajax()) {
295 return [self::do_password_reset_status_messages('changed')];
296 }
297
298 nocache_headers();
299 wp_safe_redirect(ppress_password_reset_redirect());
300 exit;
301 }
302
303 if (wp_doing_ajax()) {
304 return self::do_password_reset_status_messages('invalid');
305 }
306
307 $redirect_url = add_query_arg(
308 [
309 'key' => $reset_key,
310 'login' => $reset_login,
311 'error' => 'invalid'
312 ],
313 ppress_password_reset_url()
314 );
315
316 wp_safe_redirect($redirect_url);
317 exit;
318 }
319
320 /**
321 * Status messages for do password reset.
322 *
323 * @param string $type
324 *
325 * @return string
326 */
327 public static function do_password_reset_status_messages($type)
328 {
329 switch ($type) {
330 case 'expiredkey':
331 case 'invalidkey':
332 $error = apply_filters('ppress_password_reset_invalidkey',
333 esc_html__('Sorry, that key appears to be invalid.', 'wp-user-avatar'));
334 break;
335 case 'password_mismatch':
336 $error = apply_filters('ppress_password_mismatch', esc_html__('Passwords do not match.', 'wp-user-avatar'));
337 break;
338 case 'password_empty':
339 $error = apply_filters('ppress_password_empty', esc_html__('Please enter your password.', 'wp-user-avatar'));
340 break;
341 case 'invalid':
342 $error = apply_filters('ppress_password_reset_invalid', esc_html__('Sorry, that key does not appear to be valid.', 'wp-user-avatar'));
343 break;
344 case 'weak_password':
345 $error = apply_filters('ppress_weak_password', esc_html__('Password is not strong enough.', 'wp-user-avatar'));
346 break;
347 case 'changed':
348 $changed_message = apply_filters('ppress_password_changed_message', esc_html__('You have successfully changed your password'));
349 // we are keeping pp_password_changed to maintain backward compat
350 $error = apply_filters('ppress_password_changed',
351 sprintf('%s <a href="%s">' . esc_html__('Log in', 'wp-user-avatar') . '</a>', $changed_message, ppress_login_url())
352 );
353 break;
354 default:
355 $error = esc_html__('Unexpected error. Please try again.', 'wp-user-avatar');
356 }
357
358 if ($type === 'changed') {
359 return '<div class="profilepress-reset-status success">' . $error . '</div>';
360 }
361
362 return '<div class="profilepress-reset-status">' . $error . '</div>';
363 }
364
365 /**
366 * Do password reset.
367 *
368 * @return string
369 */
370 public static function parse_password_reset_error_codes()
371 {
372 $error = '';
373
374 if (isset($_REQUEST['login']) && ! empty($_REQUEST['login'])) {
375
376 switch ($_REQUEST['login']) {
377 case 'expiredkey':
378 case 'invalidkey':
379 $error = self::do_password_reset_status_messages('invalidkey');
380 break;
381 }
382 }
383
384 if (isset($_REQUEST['error']) && ! empty($_REQUEST['error'])) {
385
386 switch ($_REQUEST['error']) {
387 case 'password_mismatch':
388 $error = self::do_password_reset_status_messages('password_mismatch');
389 break;
390 case 'password_empty':
391 $error = self::do_password_reset_status_messages('password_empty');
392 break;
393 case 'invalid':
394 $error = self::do_password_reset_status_messages('invalid');
395 break;
396 case 'invalidkey':
397 $error = self::do_password_reset_status_messages('invalidkey');
398 break;
399 case 'weak_password':
400 $error = self::do_password_reset_status_messages('weak_password');
401 break;
402 }
403 }
404
405 if (isset($_REQUEST['password']) && 'changed' == $_REQUEST['password']) {
406 $error = self::do_password_reset_status_messages('changed');
407 }
408
409 return $error;
410 }
411
412 public static function get_instance()
413 {
414 static $instance = null;
415
416 if (is_null($instance)) {
417 $instance = new self();
418 }
419
420 return $instance;
421 }
422 }
423