- review login form and submission data. optimized submission;

This commit is contained in:
Mykyta Synelnikov
2023-06-30 15:56:30 +03:00
parent 58c53ca179
commit 71f2360694
6 changed files with 504 additions and 448 deletions
+232 -140
View File
@@ -55,6 +55,15 @@ if ( ! class_exists( 'um\core\Form' ) ) {
*/
public $all_fields = array();
/**
* Whitelisted usermeta that can be stored when UM Form is submitted.
*
* @since 2.6.7
*
* @var array
*/
private $usermeta_whitelist = array();
/**
* Form constructor.
*/
@@ -401,7 +410,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
} else {
$http_post = 'POST';
}
// Handles Register, Profile and Login forms.
if ( $http_post && ! is_admin() && isset( $_POST['form_id'] ) && is_numeric( $_POST['form_id'] ) ) {
$this->form_id = absint( $_POST['form_id'] );
@@ -414,185 +423,268 @@ if ( ! class_exists( 'um\core\Form' ) ) {
return;
}
$this->form_data = UM()->query()->post_data( $this->form_id );
// Verified that form_id is right and UM form is published. Then get form data.
$this->form_data = UM()->query()->post_data( $this->form_id );
// Checking the form custom fields. Form without custom fields is invalid.
if ( ! array_key_exists( 'mode', $this->form_data ) ) {
return;
}
// Checking the form custom fields. Form without custom fields is invalid.
if ( ! array_key_exists( 'custom_fields', $this->form_data ) ) {
return;
}
$custom_fields = maybe_unserialize( $this->form_data['custom_fields'] );
if ( ! is_array( $custom_fields ) || empty( $custom_fields ) ) {
return;
}
$field_types_without_metakey = UM()->builtin()->get_fields_without_metakey();
foreach ( $custom_fields as $cf_k => $cf_data ) {
if ( ! array_key_exists( 'type', $cf_data ) || in_array( $cf_data['type'], $field_types_without_metakey, true ) ) {
unset( $custom_fields[ $cf_k ] );
}
if ( ! array_key_exists( 'metakey', $cf_data ) || empty( $cf_data['metakey'] ) ) {
unset( $custom_fields[ $cf_k ] );
}
}
$cf_metakeys = array_column( $custom_fields, 'metakey' );
$all_cf_metakeys = $cf_metakeys;
// The '_um_last_login' cannot be updated through UM form.
$cf_metakeys = array_values( array_diff( $cf_metakeys, array( 'role_select', 'role_radio', 'role', '_um_last_login' ) ) );
if ( 'register' === $this->form_data['mode'] ) {
$cf_metakeys[] = 'submitted';
}
/**
* UM hook
* Fires before UM login, registration or profile form submission.
*
* @type action
* @title um_before_submit_form_post
* @description Before submit form
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_before_submit_form_post', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_before_submit_form_post', 'my_before_submit_form_post', 10, 1 );
* function my_run_ajax_function( $post ) {
* @since 1.3.x
* @hook um_before_submit_form_post
*
* @param {array} $post $_POST submission array. Deprecated since 2.0.
* @param {object} $this UM()->form() class instance. Since 2.6.7
*
* @example <caption>Make any custom action before UM login, registration or profile form submission.</caption>
* function my_custom_before_submit_form_post( $um_form_obj ) {
* // your code here
* }
* ?>
* add_action( 'um_before_submit_form_post', 'my_custom_before_submit_form_post' );
*/
do_action( 'um_before_submit_form_post' );
do_action( 'um_before_submit_form_post', $this );
/* save entire form as global */
/**
* UM hook
* Filters $_POST submitted data by the UM login, registration or profile form.
*
* @type filter
* @title um_submit_post_form
* @description Change submitted data on form submit
* @input_vars
* [{"var":"$data","type":"array","desc":"Submitted data"}]
* @change_log
* ["Since: 2.0"]
* @usage
* <?php add_filter( 'um_submit_post_form', 'function_name', 10, 1 ); ?>
* @example
* <?php
* add_filter( 'um_submit_post_form', 'my_submit_post_form', 10, 1 );
* function my_submit_post_form( $data ) {
* // your code here
* return $data;
* @param {array} $_post Submitted data. Already un-slashed by `wp_unslash()`.
*
* @return {array} Submitted data.
*
* @since 1.3.x
* @hook um_submit_post_form
*
* @example <caption>Extends $_POST data.</caption>
* function my_submit_post_form( $_post ) {
* $_post['some_key'] = 'some value';
* return $_post;
* }
* ?>
* add_filter( 'um_submit_post_form', 'my_submit_post_form' );
*/
$this->post_form = apply_filters( 'um_submit_post_form', wp_unslash( $_POST ) );
// Validate form submission by honeypot.
if ( isset( $this->post_form[ UM()->honeypot ] ) && '' !== $this->post_form[ UM()->honeypot ] ) {
// High level escape if hacking.
wp_die( esc_html__( 'Hello, spam bot!', 'ultimate-member' ) );
}
$this->post_form = $this->beautify( $this->post_form );
$this->post_form = $this->sanitize( $this->post_form );
$this->post_form['submitted'] = $this->post_form;
$this->post_form = array_merge( $this->form_data, $this->post_form );
$this->post_form = $this->beautify( $this->post_form );
// Validate and filter 'role' submitted data to avoid handling roles with admin privileges.
// Remove role from post_form at first if role ! empty and there aren't custom fields with role name
if ( ! empty( $_POST['role'] ) ) {
if ( ! isset( $this->form_data['custom_fields'] ) || ! strstr( $this->form_data['custom_fields'], 'role_' ) ) {
$maybe_set_default_role = true;
if ( array_key_exists( 'role', $this->post_form ) ) {
if ( 'login' === $this->form_data['mode'] ) {
unset( $this->post_form['role'] );
unset( $this->post_form['submitted']['role'] );
}
}
// Secure sanitize of the submitted data
if ( ! empty( $this->post_form ) ) {
$this->post_form = $this->clean_submitted_data( $this->post_form );
}
if ( ! empty( $this->post_form['submitted'] ) ) {
$this->post_form['submitted'] = $this->clean_submitted_data( $this->post_form['submitted'] );
}
// set default role from settings on registration form
if ( isset( $this->post_form['mode'] ) && 'register' === $this->post_form['mode'] ) {
$role = $this->assigned_role( $this->form_id );
$this->post_form['role'] = $role;
}
if ( isset( $this->form_data['custom_fields'] ) && strstr( $this->form_data['custom_fields'], 'role_' ) ) { // Secure selected role
if ( ! empty( $_POST['role'] ) ) {
$custom_field_roles = $this->custom_field_roles( $this->form_data['custom_fields'] );
if ( ! empty( $custom_field_roles ) ) {
if ( is_array( $_POST['role'] ) ) {
$role = current( $_POST['role'] );
$role = sanitize_key( $role );
} else {
$role = sanitize_key( $_POST['role'] );
}
global $wp_roles;
$exclude_roles = array_diff( array_keys( $wp_roles->roles ), UM()->roles()->get_editable_user_roles() );
if ( ! empty( $role ) &&
( ! in_array( $role, $custom_field_roles, true ) || in_array( $role, $exclude_roles, true ) ) ) {
wp_die( esc_html__( 'This is not possible for security reasons.', 'ultimate-member' ) );
}
$this->post_form['role'] = $role;
$this->post_form['submitted']['role'] = $role;
} else {
} else {
$form_has_role_field = count( array_intersect( $all_cf_metakeys, array( 'role_select', 'role_radio' ) ) ) > 0;
if ( ! $form_has_role_field ) {
unset( $this->post_form['role'] );
unset( $this->post_form['submitted']['role'] );
} else {
$custom_field_roles = $this->custom_field_roles( $this->form_data['custom_fields'] );
if ( ! empty( $custom_field_roles ) ) {
if ( is_array( $this->post_form['role'] ) ) {
$role = current( $this->post_form['role'] );
$role = sanitize_key( $role );
} else {
$role = sanitize_key( $this->post_form['role'] );
}
global $wp_roles;
$exclude_roles = array_diff( array_keys( $wp_roles->roles ), UM()->roles()->get_editable_user_roles() );
if ( ! empty( $role ) &&
( ! in_array( $role, $custom_field_roles, true ) || in_array( $role, $exclude_roles, true ) ) ) {
// High level escape if hacking.
wp_die( esc_html__( 'This is not possible for security reasons.', 'ultimate-member' ) );
}
// set default role for registration form if custom field hasn't proper value
if ( isset( $this->post_form['mode'] ) && 'register' === $this->post_form['mode'] ) {
$role = $this->assigned_role( $this->form_id );
$this->post_form['role'] = $role;
$maybe_set_default_role = false;
}
}
}
}
/**
* UM hook
*
* @type filter
* @title um_submit_form_data
* @description Change submitted data on form submit
* @input_vars
* [{"var":"$data","type":"array","desc":"Submitted data"},
* {"var":"$mode","type":"string","desc":"Form mode"}]
* @change_log
* ["Since: 2.0"]
* @usage
* <?php add_filter( 'um_submit_form_data', 'function_name', 10, 2 ); ?>
* @example
* <?php
* add_filter( 'um_submit_form_data', 'my_submit_form_data', 10, 2 );
* function my_submit_form_data( $data ) {
* // your code here
* return $data;
* }
* ?>
*/
$this->post_form = apply_filters( 'um_submit_form_data', $this->post_form, $this->post_form['mode'] );
$this->post_form = $this->sanitize( $this->post_form );
$this->post_form['submitted'] = $this->post_form;
// Set default role from settings on registration form. It has been made after defined 'submitted' because predefined role isn't a submitted field.
if ( $maybe_set_default_role && 'register' === $this->form_data['mode'] ) {
$role = $this->assigned_role( $this->form_id );
$this->post_form['role'] = $role;
}
// @todo REMOVE THAT !!! AND SEPARATE FORM DATA AND SUBMISSION DATA. MAY AFFECT TO EXTENSIONS
$this->post_form = array_merge( $this->form_data, $this->post_form );
// Remove role from post_form at first if role ! empty and there aren't custom fields with role name
// if ( ! empty( $this->post_form['role'] ) ) {
// if ( ! strstr( $this->form_data['custom_fields'], 'role_' ) ) {
// unset( $this->post_form['role'] );
// //unset( $this->post_form['submitted']['role'] );
// }
// }
// Secure sanitize of the submitted data
// if ( ! empty( $this->post_form ) ) {
// $this->post_form = $this->clean_submitted_data( $this->post_form );
// }
// if ( ! empty( $this->post_form['submitted'] ) ) {
// $this->post_form['submitted'] = $this->clean_submitted_data( $this->post_form['submitted'] );
// }
// if ( isset( $this->form_data['custom_fields'] ) && strstr( $this->form_data['custom_fields'], 'role_' ) ) { // Secure selected role
// if ( ! empty( $_POST['role'] ) ) {
// $custom_field_roles = $this->custom_field_roles( $this->form_data['custom_fields'] );
//
// if ( ! empty( $custom_field_roles ) ) {
// if ( is_array( $_POST['role'] ) ) {
// $role = current( $_POST['role'] );
// $role = sanitize_key( $role );
// } else {
// $role = sanitize_key( $_POST['role'] );
// }
//
// global $wp_roles;
// $exclude_roles = array_diff( array_keys( $wp_roles->roles ), UM()->roles()->get_editable_user_roles() );
//
// if ( ! empty( $role ) &&
// ( ! in_array( $role, $custom_field_roles, true ) || in_array( $role, $exclude_roles, true ) ) ) {
// wp_die( esc_html__( 'This is not possible for security reasons.', 'ultimate-member' ) );
// }
//
// $this->post_form['role'] = $role;
// $this->post_form['submitted']['role'] = $role;
// } else {
// unset( $this->post_form['role'] );
// unset( $this->post_form['submitted']['role'] );
//
// // set default role for registration form if custom field hasn't proper value
// if ( 'register' === $this->form_data['mode'] ) {
// $role = $this->assigned_role( $this->form_id );
// $this->post_form['role'] = $role;
// }
// }
// }
// }
/**
* Filters $_POST submitted data by the UM login, registration or profile form.
* It's un-slashed by `wp_unslash()`, beautified and sanitized. `role` attribute is filtered by possible role.
* `submitted` key is added by code and contains summary of submission.
*
* Internal Ultimate Member callbacks (Priority -> Callback name -> Excerpt):
* 9 - `um_submit_form_data_trim_fields()` maybe over-functionality and can be removed.
* 10 - `um_submit_form_data_role_fields()` important for conditional logic based on role fields in form.
*
* @param {array} $_post Submitted data.
* @param {string} $mode Form mode. login||register||profile
* @param {array} $all_cf_metakeys Form's metakeys. Since 2.6.7.
*
* @return {array} Submitted data.
*
* @since 1.3.x
* @hook um_submit_form_data
*
* @example <caption>Extends UM form submitted data.</caption>
* function my_submit_form_data( $_post, $mode, $all_cf_metakeys ) {
* $_post['some_key'] = 'some value';
* return $_post;
* }
* add_filter( 'um_submit_form_data', 'my_submit_form_data', 10, 3 );
*/
$this->post_form = apply_filters( 'um_submit_form_data', $this->post_form, $this->form_data['mode'], $all_cf_metakeys );
/* Continue based on form mode - pre-validation */
/**
* UM hook
* Fires for validation UM login, registration or profile form submission.
*
* @type action
* @title um_submit_form_errors_hook
* @description Action on submit form
* @input_vars
* [{"var":"$post","type":"int","desc":"Post data"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_submit_form_errors_hook', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_submit_form_errors_hook', 'my_submit_form_errors', 10, 1 );
* function my_submit_form_errors( $post ) {
* Internal Ultimate Member callbacks (Priority -> Callback name -> Excerpt):
* 10 - `um_submit_form_errors_hook()` All form validation handlers.
* 20 - `um_recaptcha_validate()` reCAPTCHA form validation handlers. um-recaptcha extension.
*
* @since 1.3.x
* @hook um_submit_form_errors_hook
*
* @param {array} $post $_POST Submission array.
* @param {array} $form_data UM form data. Since 2.6.7
*
* @example <caption>Make any common validation action here.</caption>
* function my_custom_before_submit_form_post( $post, $form_data ) {
* // your code here
* }
* ?>
* add_action( 'um_submit_form_errors_hook', 'my_custom_submit_form_errors_hook', 10, 2 );
*/
do_action( 'um_submit_form_errors_hook', $this->post_form );
do_action( 'um_submit_form_errors_hook', $this->post_form, $this->form_data );
if ( 'login' !== $this->form_data['mode'] ) {
var_dump( $this->post_form );
var_dump( $this->form_data );
var_dump( '------------------------------------------------------------' );
var_dump( $all_cf_metakeys );
var_dump( $cf_metakeys );
exit;
}
/* Continue based on form mode - store data. */
/**
* UM hook
* Fires for make main actions on UM login, registration or profile form submission.
*
* @type action
* @title um_submit_form_{$mode}
* @description Action on submit form
* @input_vars
* [{"var":"$post","type":"int","desc":"Post data"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_submit_form_{$mode}', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_submit_form_{$mode}', 'my_submit_form', 10, 1 );
* function my_submit_form( $post ) {
* Internal Ultimate Member callbacks (Priority -> Callback name -> Excerpt):
* ### um_submit_form_login:
* * 1 - `UM()->login()->verify_nonce()` Verify nonce.
* * 10 - `um_submit_form_login()` Login form main handler.
* ### um_submit_form_register:
* ### um_submit_form_profile:
*
* @since 1.3.x
* @hook um_submit_form_errors_hook
*
* @param {array} $post $_POST Submission array.
* @param {array} $form_data UM form data. Since 2.6.7
*
* @example <caption>Make any custom action.</caption>
* function my_custom_before_submit_form_post( $post, $form_data ) {
* // your code here
* }
* ?>
* add_action( 'um_submit_form_errors_hook', 'my_custom_submit_form_errors_hook', 10, 2 );
*/
do_action( "um_submit_form_{$this->post_form['mode']}", $this->post_form );
do_action( "um_submit_form_{$this->post_form['mode']}", $this->post_form, $this->form_data );
}
}
@@ -716,7 +808,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
)
),
' /'
);
);
}
}
}
+34 -51
View File
@@ -1,13 +1,12 @@
<?php
namespace um\core;
if ( ! defined( 'ABSPATH' ) ) exit;
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
if ( ! class_exists( 'um\core\Login' ) ) {
/**
* Class Login
*
@@ -15,73 +14,57 @@ if ( ! class_exists( 'um\core\Login' ) ) {
*/
class Login {
/**
* @var string
*/
public $auth_id = '';
/**
* Logged-in user ID
* Login constructor.
*/
var $auth_id = '';
/**
* Register constructor.
*/
function __construct() {
add_action( 'um_after_login_fields', array( $this, 'add_nonce' ) );
add_action( 'um_submit_form_login', array( $this, 'verify_nonce' ), 1, 1 );
public function __construct() {
add_action( 'um_after_login_fields', array( $this, 'add_nonce' ) );
add_action( 'um_submit_form_login', array( $this, 'verify_nonce' ), 1, 2 );
}
/**
* Add registration form notice
*/
function add_nonce() {
public function add_nonce() {
wp_nonce_field( 'um_login_form' );
}
/**
* Verify nonce handler
*
* @param $args
*
* @return mixed
* @param array $args
* @param array $form_data
*/
function verify_nonce( $args ) {
public function verify_nonce( $args, $form_data ) {
/**
* UM hook
* Filters allow nonce verifying while UM Login submission.
*
* @type filter
* @title um_login_allow_nonce_verification
* @description Enable/Disable nonce verification of login
* @input_vars
* [{"var":"$allow_nonce","type":"bool","desc":"Enable nonce"}]
* @change_log
* ["Since: 2.0"]
* @usage
* <?php add_filter( 'um_login_allow_nonce_verification', 'function_name', 10, 1 ); ?>
* @example
* <?php
* add_filter( 'um_login_allow_nonce_verification', 'my_login_allow_nonce_verification', 10, 1 );
* function my_login_allow_nonce_verification( $allow_nonce ) {
* // your code here
* return $allow_nonce;
* }
* ?>
* @param {bool} $allow_nonce Is allowed verify nonce on login. By default, allowed = `true`.
* @param {array} $form_data Form's metakeys. Since 2.6.7.
*
* @return {bool} Is allowed verify.
*
* @since 2.0
* @hook um_login_allow_nonce_verification
*
* @example <caption>Disable verifying nonce on the login page.</caption>
* add_filter( 'um_login_allow_nonce_verification', '__return_false' );
*/
$allow_nonce_verification = apply_filters( 'um_login_allow_nonce_verification', true );
if ( ! $allow_nonce_verification ) {
return $args;
$allow_nonce_verification = apply_filters( 'um_login_allow_nonce_verification', true, $form_data );
if ( ! $allow_nonce_verification ) {
return;
}
if ( ! wp_verify_nonce( $args['_wpnonce'], 'um_login_form' ) || empty( $args['_wpnonce'] ) || ! isset( $args['_wpnonce'] ) ) {
$url = apply_filters( 'um_login_invalid_nonce_redirect_url', add_query_arg( [ 'err' => 'invalid_nonce' ] ) );
exit( wp_redirect( $url ) );
if ( empty( $args['_wpnonce'] ) || ! wp_verify_nonce( $args['_wpnonce'], 'um_login_form' ) ) {
$url = apply_filters( 'um_login_invalid_nonce_redirect_url', add_query_arg( array( 'err' => 'invalid_nonce' ) ) );
wp_safe_redirect( $url );
exit;
}
return $args;
}
}
}
}
+128 -152
View File
@@ -1,12 +1,14 @@
<?php if ( ! defined( 'ABSPATH' ) ) exit;
<?php
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
/**
* Error handling: blocked emails
*
* @param $args
* @param $submitted_data
*/
function um_submit_form_errors_hook__blockedemails( $args ) {
function um_submit_form_errors_hook__blockedemails( $submitted_data ) {
$emails = UM()->options()->get( 'blocked_emails' );
if ( ! $emails ) {
return;
@@ -15,41 +17,39 @@ function um_submit_form_errors_hook__blockedemails( $args ) {
$emails = strtolower( $emails );
$emails = array_map( 'rtrim', explode( "\n", $emails ) );
if ( isset( $args['user_email'] ) && is_email( $args['user_email'] ) ) {
if ( in_array( strtolower( $args['user_email'] ), $emails ) ) {
if ( isset( $submitted_data['user_email'] ) && is_email( $submitted_data['user_email'] ) ) {
if ( in_array( strtolower( $submitted_data['user_email'] ), $emails ) ) {
exit( wp_redirect( esc_url( add_query_arg( 'err', 'blocked_email' ) ) ) );
}
$domain = explode( '@', $args['user_email'] );
$check_domain = str_replace( $domain[0], '*', $args['user_email'] );
$domain = explode( '@', $submitted_data['user_email'] );
$check_domain = str_replace( $domain[0], '*', $submitted_data['user_email'] );
if ( in_array( strtolower( $check_domain ), $emails ) ) {
exit( wp_redirect( esc_url( add_query_arg( 'err', 'blocked_domain' ) ) ) );
}
}
if ( isset( $args['username'] ) && is_email( $args['username'] ) ) {
if ( in_array( strtolower( $args['username'] ), $emails ) ) {
if ( isset( $submitted_data['username'] ) && is_email( $submitted_data['username'] ) ) {
if ( in_array( strtolower( $submitted_data['username'] ), $emails ) ) {
exit( wp_redirect( esc_url( add_query_arg( 'err', 'blocked_email' ) ) ) );
}
$domain = explode( '@', $args['username'] );
$check_domain = str_replace( $domain[0], '*', $args['username'] );
$domain = explode( '@', $submitted_data['username'] );
$check_domain = str_replace( $domain[0], '*', $submitted_data['username'] );
if ( in_array( strtolower( $check_domain ), $emails ) ) {
exit( wp_redirect( esc_url( add_query_arg( 'err', 'blocked_domain' ) ) ) );
}
}
}
add_action( 'um_submit_form_errors_hook__blockedemails', 'um_submit_form_errors_hook__blockedemails', 10 );
add_action( 'um_submit_form_errors_hook__blockedemails', 'um_submit_form_errors_hook__blockedemails' );
/**
* Error handling: blocked IPs
*
* @param $args
* Error handling: blocked IPs.
*/
function um_submit_form_errors_hook__blockedips( $args ) {
function um_submit_form_errors_hook__blockedips() {
$ips = UM()->options()->get( 'blocked_ips' );
if ( ! $ips ) {
return;
@@ -65,7 +65,7 @@ function um_submit_form_errors_hook__blockedips( $args ) {
}
}
}
add_action( 'um_submit_form_errors_hook__blockedips', 'um_submit_form_errors_hook__blockedips', 10 );
add_action( 'um_submit_form_errors_hook__blockedips', 'um_submit_form_errors_hook__blockedips' );
/**
@@ -79,8 +79,6 @@ function um_submit_form_errors_hook__blockedwords( $args ) {
return;
}
$form_id = $args['form_id'];
$mode = $args['mode'];
$fields = unserialize( $args['custom_fields'] );
$words = strtolower( $words );
@@ -99,155 +97,137 @@ add_action( 'um_submit_form_errors_hook__blockedwords', 'um_submit_form_errors_h
/**
* Error handling
* UM login|register|profile form error handling.
*
* @param $args
* @param array $submitted_data
* @param array $form_data
*/
function um_submit_form_errors_hook( $args ) {
$mode = $args['mode'];
function um_submit_form_errors_hook( $submitted_data, $form_data ) {
$mode = $form_data['mode'];
/**
* UM hook
* Fires for validation blocked IPs when UM login, registration or profile form has been submitted.
*
* @type action
* @title um_submit_form_errors_hook__blockedips
* @description Submit form validation
* @input_vars
* [{"var":"$args","type":"array","desc":"Form Arguments"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_submit_form_errors_hook__blockedips', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_submit_form_errors_hook__blockedips', 'my_submit_form_errors_hook__blockedips', 10, 1 );
* function my_submit_form_errors_hook__blockedips( $args ) {
* Internal Ultimate Member callbacks (Priority -> Callback name -> Excerpt):
* 10 - `um_submit_form_errors_hook__blockedips()` Native validation handlers.
*
* @since 1.3.x
* @hook um_submit_form_errors_hook__blockedips
*
* @param {array} $submitted_data $_POST Submission array.
* @param {array} $form_data UM form data. Since 2.6.7
*
* @example <caption>Make any common validation action here.</caption>
* function my_submit_form_errors_hook__blockedips( $post, $form_data ) {
* // your code here
* }
* ?>
* add_action( 'um_submit_form_errors_hook__blockedips', 'my_submit_form_errors_hook__blockedips', 10, 2 );
*/
do_action( 'um_submit_form_errors_hook__blockedips', $args );
do_action( 'um_submit_form_errors_hook__blockedips', $submitted_data, $form_data );
/**
* UM hook
* Fires for validation blocked email addresses when UM login, registration or profile form has been submitted.
*
* @type action
* @title um_submit_form_errors_hook__blockedemails
* @description Submit form validation
* @input_vars
* [{"var":"$args","type":"array","desc":"Form Arguments"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_submit_form_errors_hook__blockedemails', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_submit_form_errors_hook__blockedemails', 'my_submit_form_errors_hook__blockedemails', 10, 1 );
* function my_submit_form_errors_hook__blockedemails( $args ) {
* Internal Ultimate Member callbacks (Priority -> Callback name -> Excerpt):
* 10 - `um_submit_form_errors_hook__blockedemails()` Native validation handlers.
*
* @since 1.3.x
* @hook um_submit_form_errors_hook__blockedemails
*
* @param {array} $submitted_data $_POST Submission array.
* @param {array} $form_data UM form data. Since 2.6.7
*
* @example <caption>Make any common validation action here.</caption>
* function my_submit_form_errors_hook__blockedemails( $post, $form_data ) {
* // your code here
* }
* ?>
* add_action( 'um_submit_form_errors_hook__blockedemails', 'my_submit_form_errors_hook__blockedemails', 10, 2 );
*/
do_action( 'um_submit_form_errors_hook__blockedemails', $args );
if ( $mode == 'register' ) {
do_action( 'um_submit_form_errors_hook__blockedemails', $submitted_data, $form_data );
if ( 'login' === $mode ) {
/**
* UM hook
* Fires for login form validation when it has been submitted.
*
* @type action
* @title um_submit_form_errors_hook__registration
* @description Submit registration form validation
* @input_vars
* [{"var":"$args","type":"array","desc":"Form Arguments"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_submit_form_errors_hook__registration', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_submit_form_errors_hook__registration', 'my_submit_form_errors_registration', 10, 1 );
* function my_submit_form_errors_registration( $args ) {
* Internal Ultimate Member callbacks (Priority -> Callback name -> Excerpt):
* 10 - `um_submit_form_errors_hook_login()` Native login validation handlers.
*
* @since 1.3.x
* @hook um_submit_form_errors_hook_login
*
* @param {array} $submitted_data $_POST Submission array.
* @param {array} $form_data UM form data. Since 2.6.7
*
* @example <caption>Make any common validation action here.</caption>
* function my_submit_form_errors_hook_login( $post, $form_data ) {
* // your code here
* }
* ?>
* add_action( 'um_submit_form_errors_hook_login', 'my_submit_form_errors_hook_login', 10, 2 );
*/
do_action( 'um_submit_form_errors_hook__registration', $args );
} elseif ( $mode == 'profile' ) {
do_action( 'um_submit_form_errors_hook_login', $submitted_data, $form_data );
/**
* UM hook
* Fires for login form validation when it has been submitted.
*
* @type action
* @title um_submit_form_errors_hook__registration
* @description Submit registration form validation
* @input_vars
* [{"var":"$args","type":"array","desc":"Form Arguments"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_submit_form_errors_hook__registration', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_submit_form_errors_hook__profile', 'my_submit_form_errors_hook__profile', 10, 1 );
* function my_submit_form_errors_registration( $args ) {
* Internal Ultimate Member callbacks (Priority -> Callback name -> Excerpt):
* 9999 - `um_submit_form_errors_hook_logincheck()` Native login validation handlers.
*
* @since 1.3.x
* @hook um_submit_form_errors_hook_logincheck
*
* @param {array} $submitted_data $_POST Submission array.
* @param {array} $form_data UM form data. Since 2.6.7
*
* @example <caption>Make any common validation action here.</caption>
* function my_submit_form_errors_hook_logincheck( $post, $form_data ) {
* // your code here
* }
* ?>
* add_action( 'um_submit_form_errors_hook_logincheck', 'my_submit_form_errors_hook_logincheck', 10, 2 );
*/
do_action( 'um_submit_form_errors_hook__profile', $args );
} elseif ( $mode == 'login' ) {
/**
* UM hook
*
* @type action
* @title um_submit_form_errors_hook_login
* @description Submit login form validation
* @input_vars
* [{"var":"$args","type":"array","desc":"Form Arguments"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_submit_form_errors_hook_login', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_submit_form_errors_hook_login', 'my_submit_form_errors_hook_login', 10, 1 );
* function my_submit_form_errors_hook_login( $args ) {
* // your code here
* }
* ?>
*/
do_action( 'um_submit_form_errors_hook_login', $args );
/**
* UM hook
*
* @type action
* @title um_submit_form_errors_hook_logincheck
* @description Submit login form validation
* @input_vars
* [{"var":"$args","type":"array","desc":"Form Arguments"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_submit_form_errors_hook_logincheck', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_submit_form_errors_hook_logincheck', 'my_submit_form_errors_hook_logincheck', 10, 1 );
* function my_submit_form_errors_hook_logincheck( $args ) {
* // your code here
* }
* ?>
*/
do_action( 'um_submit_form_errors_hook_logincheck', $args );
}
if ( $mode != 'login' ) {
do_action( 'um_submit_form_errors_hook_logincheck', $submitted_data, $form_data );
// ------ Reviewed. --------- //
} else {
if ( 'register' === $mode ) {
/**
* UM hook
*
* @type action
* @title um_submit_form_errors_hook__registration
* @description Submit registration form validation
* @input_vars
* [{"var":"$args","type":"array","desc":"Form Arguments"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_submit_form_errors_hook__registration', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_submit_form_errors_hook__registration', 'my_submit_form_errors_registration', 10, 1 );
* function my_submit_form_errors_registration( $args ) {
* // your code here
* }
* ?>
*/
do_action( 'um_submit_form_errors_hook__registration', $submitted_data, $form_data );
} elseif ( 'profile' === $mode ) {
/**
* UM hook
*
* @type action
* @title um_submit_form_errors_hook__registration
* @description Submit registration form validation
* @input_vars
* [{"var":"$args","type":"array","desc":"Form Arguments"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_submit_form_errors_hook__registration', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_submit_form_errors_hook__profile', 'my_submit_form_errors_hook__profile', 10, 1 );
* function my_submit_form_errors_registration( $args ) {
* // your code here
* }
* ?>
*/
do_action( 'um_submit_form_errors_hook__profile', $submitted_data, $form_data );
}
/**
* UM hook
@@ -268,9 +248,7 @@ function um_submit_form_errors_hook( $args ) {
* }
* ?>
*/
do_action( 'um_submit_form_errors_hook__blockedwords', $args );
do_action( 'um_submit_form_errors_hook__blockedwords', $submitted_data, $form_data );
/**
* UM hook
*
@@ -290,12 +268,10 @@ function um_submit_form_errors_hook( $args ) {
* }
* ?>
*/
do_action( 'um_submit_form_errors_hook_', $args );
do_action( 'um_submit_form_errors_hook_', $submitted_data, $form_data );
}
}
add_action( 'um_submit_form_errors_hook', 'um_submit_form_errors_hook', 10 );
add_action( 'um_submit_form_errors_hook', 'um_submit_form_errors_hook', 10, 2 );
/**
+72 -84
View File
@@ -4,57 +4,51 @@ if ( ! defined( 'ABSPATH' ) ) {
}
/**
* Error procesing hook for login
* Error processing hook for login.
*
* @param $args
* @param $submitted_data
*/
function um_submit_form_errors_hook_login( $args ) {
$is_email = false;
function um_submit_form_errors_hook_login( $submitted_data ) {
$user_password = $submitted_data['user_password'];
$form_id = $args['form_id'];
$mode = $args['mode'];
$user_password = $args['user_password'];
if ( isset( $args['username'] ) && $args['username'] == '' ) {
if ( isset( $submitted_data['username'] ) && $submitted_data['username'] == '' ) {
UM()->form()->add_error( 'username', __( 'Please enter your username or email', 'ultimate-member' ) );
}
if ( isset( $args['user_login'] ) && $args['user_login'] == '' ) {
if ( isset( $submitted_data['user_login'] ) && $submitted_data['user_login'] == '' ) {
UM()->form()->add_error( 'user_login', __( 'Please enter your username', 'ultimate-member' ) );
}
if ( isset( $args['user_email'] ) && $args['user_email'] == '' ) {
if ( isset( $submitted_data['user_email'] ) && $submitted_data['user_email'] == '' ) {
UM()->form()->add_error( 'user_email', __( 'Please enter your email', 'ultimate-member' ) );
}
if ( isset( $args['username'] ) ) {
$authenticate = $args['username'];
if ( isset( $submitted_data['username'] ) ) {
$authenticate = $submitted_data['username'];
$field = 'username';
if ( is_email( $args['username'] ) ) {
$is_email = true;
$data = get_user_by('email', $args['username'] );
if ( is_email( $submitted_data['username'] ) ) {
$data = get_user_by('email', $submitted_data['username'] );
$user_name = isset( $data->user_login ) ? $data->user_login : null;
} else {
$user_name = $args['username'];
$user_name = $submitted_data['username'];
}
} elseif ( isset( $args['user_email'] ) ) {
$authenticate = $args['user_email'];
} elseif ( isset( $submitted_data['user_email'] ) ) {
$authenticate = $submitted_data['user_email'];
$field = 'user_email';
$is_email = true;
$data = get_user_by('email', $args['user_email'] );
$data = get_user_by('email', $submitted_data['user_email'] );
$user_name = isset( $data->user_login ) ? $data->user_login : null;
} else {
$field = 'user_login';
$user_name = $args['user_login'];
$authenticate = $args['user_login'];
$user_name = $submitted_data['user_login'];
$authenticate = $submitted_data['user_login'];
}
if ( $args['user_password'] == '' ) {
if ( $submitted_data['user_password'] == '' ) {
UM()->form()->add_error( 'user_password', __( 'Please enter your password', 'ultimate-member' ) );
}
$user = get_user_by( 'login', $user_name );
if ( $user && wp_check_password( $args['user_password'], $user->data->user_pass, $user->ID ) ) {
if ( $user && wp_check_password( $submitted_data['user_password'], $user->data->user_pass, $user->ID ) ) {
UM()->login()->auth_id = username_exists( $user_name );
} else {
UM()->form()->add_error( 'user_password', __( 'Password is incorrect. Please try again.', 'ultimate-member' ) );
@@ -67,7 +61,7 @@ function um_submit_form_errors_hook_login( $args ) {
// see WP function wp_authenticate()
$ignore_codes = array( 'empty_username', 'empty_password' );
$user = apply_filters( 'authenticate', null, $authenticate, $args['user_password'] );
$user = apply_filters( 'authenticate', null, $authenticate, $submitted_data['user_password'] );
if ( is_wp_error( $user ) && ! in_array( $user->get_error_code(), $ignore_codes ) ) {
if ( ! empty( $third_party_codes ) && in_array( $user->get_error_code(), $third_party_codes ) ) {
UM()->form()->add_error( $user->get_error_code(), $user->get_error_message() );
@@ -76,7 +70,7 @@ function um_submit_form_errors_hook_login( $args ) {
}
}
$user = apply_filters( 'wp_authenticate_user', $user, $args['user_password'] );
$user = apply_filters( 'wp_authenticate_user', $user, $submitted_data['user_password'] );
if ( is_wp_error( $user ) && ! in_array( $user->get_error_code(), $ignore_codes ) ) {
if ( ! empty( $third_party_codes ) && in_array( $user->get_error_code(), $third_party_codes ) ) {
UM()->form()->add_error( $user->get_error_code(), $user->get_error_message() );
@@ -90,7 +84,7 @@ function um_submit_form_errors_hook_login( $args ) {
do_action( 'wp_login_failed', $user_name, UM()->form()->get_wp_error() );
}
}
add_action( 'um_submit_form_errors_hook_login', 'um_submit_form_errors_hook_login', 10 );
add_action( 'um_submit_form_errors_hook_login', 'um_submit_form_errors_hook_login' );
/**
@@ -123,13 +117,13 @@ function um_display_login_errors( $args ) {
}
add_action( 'um_before_login_fields', 'um_display_login_errors' );
/**
* Login checks thru the frontend login
* Login checks through the frontend login
*
* @param $args
* @param array $submitted_data
* @param array $form_data
*/
function um_submit_form_errors_hook_logincheck( $args ) {
function um_submit_form_errors_hook_logincheck( $submitted_data, $form_data ) {
// Logout if logged in
if ( is_user_logged_in() ) {
wp_logout();
@@ -140,25 +134,23 @@ function um_submit_form_errors_hook_logincheck( $args ) {
$status = um_user( 'account_status' ); // account status
switch ( $status ) {
// If user can't login to site...
// If user can't log in to site...
case 'inactive':
case 'awaiting_admin_review':
case 'awaiting_email_confirmation':
case 'rejected':
um_reset_user();
exit( wp_redirect( add_query_arg( 'err', esc_attr( $status ), UM()->permalinks()->get_current_url() ) ) );
break;
um_reset_user();
wp_safe_redirect( add_query_arg( 'err', esc_attr( $status ), UM()->permalinks()->get_current_url() ) );
exit;
}
if ( isset( $args['form_id'] ) && $args['form_id'] == UM()->shortcodes()->core_login_form() && UM()->form()->errors && ! isset( $_POST[ UM()->honeypot ] ) ) {
exit( wp_redirect( um_get_core_page( 'login' ) ) );
if ( isset( $form_data['form_id'] ) && absint( $form_data['form_id'] ) === absint( UM()->shortcodes()->core_login_form() ) && UM()->form()->errors && ! isset( $_POST[ UM()->honeypot ] ) ) {
wp_safe_redirect( um_get_core_page( 'login' ) );
exit;
}
}
add_action( 'um_submit_form_errors_hook_logincheck', 'um_submit_form_errors_hook_logincheck', 9999 );
add_action( 'um_submit_form_errors_hook_logincheck', 'um_submit_form_errors_hook_logincheck', 9999, 2 );
/**
* Store last login timestamp
@@ -192,13 +184,13 @@ function um_store_lastlogin_timestamp_( $login ) {
add_action( 'wp_login', 'um_store_lastlogin_timestamp_' );
/**
* Login user process
* Login user process.
*
* @param array $args
* @param array $submitted_data
*/
function um_user_login( $args ) {
function um_user_login( $submitted_data ) {
// phpcs:disable WordPress.Security.NonceVerification -- already verified here
$rememberme = ( isset( $_REQUEST['rememberme'], $args['rememberme'] ) && 1 === (int) $args['rememberme'] ) ? 1 : 0;
$rememberme = ( isset( $_REQUEST['rememberme'], $submitted_data['rememberme'] ) && 1 === (int) $submitted_data['rememberme'] ) ? 1 : 0;
// @todo check using the 'deny_admin_frontend_login' option
if ( false !== strrpos( um_user( 'wp_roles' ), 'administrator' ) && ( ! isset( $_GET['provider'] ) && UM()->options()->get( 'deny_admin_frontend_login' ) ) ) {
@@ -224,8 +216,8 @@ function um_user_login( $args ) {
do_action( 'um_on_login_before_redirect', um_user( 'ID' ) );
// Priority redirect from $_GET attribute.
if ( ! empty( $args['redirect_to'] ) ) {
wp_safe_redirect( $args['redirect_to'] );
if ( ! empty( $submitted_data['redirect_to'] ) ) {
wp_safe_redirect( $submitted_data['redirect_to'] );
exit;
}
@@ -277,56 +269,52 @@ add_action( 'um_user_login', 'um_user_login' );
/**
* Form processing
*
* @param $args
* @param array $submitted_data
* @param array $form_data
*/
function um_submit_form_login( $args ) {
function um_submit_form_login( $submitted_data, $form_data ) {
if ( ! isset( UM()->form()->errors ) ) {
/**
* UM hook
* Fires after successful submit login form.
*
* @type action
* @title um_user_login
* @description Hook that runs after successful submit login form
* @input_vars
* [{"var":"$args","type":"array","desc":"Form data"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_user_login', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_user_login', 'my_user_login', 10, 1 );
* function my_user_login( $args ) {
* Internal Ultimate Member callbacks (Priority -> Callback name -> Excerpt):
* * 10 - `um_user_login()` Login form main handler.
*
* @since 1.3.x
* @hook um_user_login
*
* @param {array} $submitted_data $_POST Submission array.
* @param {array} $form_data UM form data. Since 2.6.7
*
* @example <caption>Make any custom login action if submission is valid.</caption>
* function my_user_login( $submitted_data, $form_data ) {
* // your code here
* }
* ?>
* add_action( 'um_user_login', 'my_user_login', 10, 2 );
*/
do_action( 'um_user_login', $args );
do_action( 'um_user_login', $submitted_data, $form_data );
}
/**
* UM hook
* Fires after submit login form.
*
* @type action
* @title um_user_login_extra_hook
* @description Hook that runs after successful submit login form
* @input_vars
* [{"var":"$args","type":"array","desc":"Form data"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_user_login_extra_hook', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_user_login_extra_hook', 'my_user_login_extra', 10, 1 );
* function my_user_login_extra( $args ) {
* Internal Ultimate Member callbacks (Priority -> Callback name -> Excerpt):
* * 10 - um-messaging.
*
* @since 1.3.x
* @hook um_user_login_extra_hook
*
* @param {array} $submitted_data $_POST Submission array.
* @param {array} $form_data UM form data. Since 2.6.7
*
* @example <caption>Make any custom login action.</caption>
* function my_user_login_extra( $submitted_data, $form_data ) {
* // your code here
* }
* ?>
* add_action( 'um_user_login_extra_hook', 'my_user_login_extra', 10, 2 );
*/
do_action( 'um_user_login_extra_hook', $args );
do_action( 'um_user_login_extra_hook', $submitted_data, $form_data );
}
add_action( 'um_submit_form_login', 'um_submit_form_login', 10 );
add_action( 'um_submit_form_login', 'um_submit_form_login', 10, 2 );
/**
* Show the submit button
+31 -16
View File
@@ -898,12 +898,13 @@ add_filter( 'um_profile_field_filter_hook__', 'um_profile_field_filter_xss_valid
/**
* Trim All form POST submitted data
*
* @todo Maybe deprecate because data is sanitized in earlier code and trim included to `sanitize_text_field()`. Need testing and confirmation.
*
* @param $post_form
* @param $mode
*
* @return mixed
*/
function um_submit_form_data_trim_fields( $post_form, $mode ) {
function um_submit_form_data_trim_fields( $post_form ) {
foreach ( $post_form as $key => $field ) {
if ( is_string( $field ) ) {
$post_form[ $key ] = trim( $field );
@@ -912,30 +913,44 @@ function um_submit_form_data_trim_fields( $post_form, $mode ) {
return $post_form;
}
add_filter( 'um_submit_form_data', 'um_submit_form_data_trim_fields', 9, 2 );
add_filter( 'um_submit_form_data', 'um_submit_form_data_trim_fields', 9, 1 );
/**
* add role_select and role_radio to the $post_form
* It is necessary for that if on these fields the conditional logic
* @param $post_form array
* @param $mode
* Add `role_select` and `role_radio` to the $post_form
* It is necessary for that if on these fields the conditional logic.
*
* @return $post_form
* @uses hook filters: um_submit_form_data
* @param array $post_form
* @param string $mode
* @param array $all_cf_metakeys
*
* @return array
*/
function um_submit_form_data_role_fields( $post_form, $mode ) {
$custom_fields = unserialize( $post_form['custom_fields'] );
if ( ! empty( $post_form['role'] ) && array_key_exists( 'role_select', $custom_fields ) ) {
$post_form['role_select'] = $post_form['role'];
function um_submit_form_data_role_fields( $post_form, $mode, $all_cf_metakeys ) {
if ( 'login' === $mode ) {
return $post_form;
}
if (! empty( $post_form['role'] ) && array_key_exists( 'role_radio', $custom_fields ) ) {
$post_form['role_radio'] = $post_form['role'];
if ( ! array_key_exists( 'role', $post_form ) ) {
return $post_form;
}
$role_fields = array( 'role_select', 'role_radio' );
$form_has_role_field = count( array_intersect( $all_cf_metakeys, $role_fields ) ) > 0;
if ( ! $form_has_role_field ) {
return $post_form;
}
foreach ( $role_fields as $role_field ) {
if ( in_array( $role_field, $all_cf_metakeys, true ) ) {
$post_form[ $role_field ] = $post_form['role'];
}
}
return $post_form;
}
add_filter( 'um_submit_form_data', 'um_submit_form_data_role_fields', 10, 2 );
add_filter( 'um_submit_form_data', 'um_submit_form_data_role_fields', 10, 3 );
/**
+7 -5
View File
@@ -43,8 +43,10 @@ add_filter( 'login_message', 'um_custom_wp_err_messages' );
*/
function um_wp_form_errors_hook_ip_test( $user, $username, $password ) {
if ( ! empty( $username ) ) {
do_action( 'um_submit_form_errors_hook__blockedips', array() );
do_action( 'um_submit_form_errors_hook__blockedemails', array( 'username' => $username ) );
/** This action is documented in includes/core/um-actions-form.php */
do_action( 'um_submit_form_errors_hook__blockedips', array(), null );
/** This action is documented in includes/core/um-actions-form.php */
do_action( 'um_submit_form_errors_hook__blockedemails', array( 'username' => $username ), null );
}
return $user;
@@ -53,7 +55,7 @@ add_filter( 'authenticate', 'um_wp_form_errors_hook_ip_test', 10, 3 );
/**
* Login checks thru the wordpress admin login
* Login checks through the WordPress admin login.
*
* @param $user
* @param $username
@@ -93,8 +95,8 @@ add_filter( 'authenticate', 'um_wp_form_errors_hook_logincheck', 50, 3 );
/**
* Change lost password url in UM Login form
* @param string $lostpassword_url
* @return string
* @param string $lostpassword_url
* @return string
*/
function um_lostpassword_url( $lostpassword_url ) {