mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-11 18:56:10 +09:00
- review login form and submission data. optimized submission;
This commit is contained in:
+232
-140
@@ -55,6 +55,15 @@ if ( ! class_exists( 'um\core\Form' ) ) {
|
||||
*/
|
||||
public $all_fields = array();
|
||||
|
||||
/**
|
||||
* Whitelisted usermeta that can be stored when UM Form is submitted.
|
||||
*
|
||||
* @since 2.6.7
|
||||
*
|
||||
* @var array
|
||||
*/
|
||||
private $usermeta_whitelist = array();
|
||||
|
||||
/**
|
||||
* Form constructor.
|
||||
*/
|
||||
@@ -401,7 +410,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
|
||||
} else {
|
||||
$http_post = 'POST';
|
||||
}
|
||||
|
||||
// Handles Register, Profile and Login forms.
|
||||
if ( $http_post && ! is_admin() && isset( $_POST['form_id'] ) && is_numeric( $_POST['form_id'] ) ) {
|
||||
|
||||
$this->form_id = absint( $_POST['form_id'] );
|
||||
@@ -414,185 +423,268 @@ if ( ! class_exists( 'um\core\Form' ) ) {
|
||||
return;
|
||||
}
|
||||
|
||||
$this->form_data = UM()->query()->post_data( $this->form_id );
|
||||
// Verified that form_id is right and UM form is published. Then get form data.
|
||||
|
||||
$this->form_data = UM()->query()->post_data( $this->form_id );
|
||||
|
||||
// Checking the form custom fields. Form without custom fields is invalid.
|
||||
if ( ! array_key_exists( 'mode', $this->form_data ) ) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Checking the form custom fields. Form without custom fields is invalid.
|
||||
if ( ! array_key_exists( 'custom_fields', $this->form_data ) ) {
|
||||
return;
|
||||
}
|
||||
|
||||
$custom_fields = maybe_unserialize( $this->form_data['custom_fields'] );
|
||||
if ( ! is_array( $custom_fields ) || empty( $custom_fields ) ) {
|
||||
return;
|
||||
}
|
||||
|
||||
$field_types_without_metakey = UM()->builtin()->get_fields_without_metakey();
|
||||
foreach ( $custom_fields as $cf_k => $cf_data ) {
|
||||
if ( ! array_key_exists( 'type', $cf_data ) || in_array( $cf_data['type'], $field_types_without_metakey, true ) ) {
|
||||
unset( $custom_fields[ $cf_k ] );
|
||||
}
|
||||
if ( ! array_key_exists( 'metakey', $cf_data ) || empty( $cf_data['metakey'] ) ) {
|
||||
unset( $custom_fields[ $cf_k ] );
|
||||
}
|
||||
}
|
||||
$cf_metakeys = array_column( $custom_fields, 'metakey' );
|
||||
$all_cf_metakeys = $cf_metakeys;
|
||||
|
||||
// The '_um_last_login' cannot be updated through UM form.
|
||||
$cf_metakeys = array_values( array_diff( $cf_metakeys, array( 'role_select', 'role_radio', 'role', '_um_last_login' ) ) );
|
||||
if ( 'register' === $this->form_data['mode'] ) {
|
||||
$cf_metakeys[] = 'submitted';
|
||||
}
|
||||
|
||||
/**
|
||||
* UM hook
|
||||
* Fires before UM login, registration or profile form submission.
|
||||
*
|
||||
* @type action
|
||||
* @title um_before_submit_form_post
|
||||
* @description Before submit form
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage add_action( 'um_before_submit_form_post', 'function_name', 10, 1 );
|
||||
* @example
|
||||
* <?php
|
||||
* add_action( 'um_before_submit_form_post', 'my_before_submit_form_post', 10, 1 );
|
||||
* function my_run_ajax_function( $post ) {
|
||||
* @since 1.3.x
|
||||
* @hook um_before_submit_form_post
|
||||
*
|
||||
* @param {array} $post $_POST submission array. Deprecated since 2.0.
|
||||
* @param {object} $this UM()->form() class instance. Since 2.6.7
|
||||
*
|
||||
* @example <caption>Make any custom action before UM login, registration or profile form submission.</caption>
|
||||
* function my_custom_before_submit_form_post( $um_form_obj ) {
|
||||
* // your code here
|
||||
* }
|
||||
* ?>
|
||||
* add_action( 'um_before_submit_form_post', 'my_custom_before_submit_form_post' );
|
||||
*/
|
||||
do_action( 'um_before_submit_form_post' );
|
||||
do_action( 'um_before_submit_form_post', $this );
|
||||
|
||||
/* save entire form as global */
|
||||
/**
|
||||
* UM hook
|
||||
* Filters $_POST submitted data by the UM login, registration or profile form.
|
||||
*
|
||||
* @type filter
|
||||
* @title um_submit_post_form
|
||||
* @description Change submitted data on form submit
|
||||
* @input_vars
|
||||
* [{"var":"$data","type":"array","desc":"Submitted data"}]
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage
|
||||
* <?php add_filter( 'um_submit_post_form', 'function_name', 10, 1 ); ?>
|
||||
* @example
|
||||
* <?php
|
||||
* add_filter( 'um_submit_post_form', 'my_submit_post_form', 10, 1 );
|
||||
* function my_submit_post_form( $data ) {
|
||||
* // your code here
|
||||
* return $data;
|
||||
* @param {array} $_post Submitted data. Already un-slashed by `wp_unslash()`.
|
||||
*
|
||||
* @return {array} Submitted data.
|
||||
*
|
||||
* @since 1.3.x
|
||||
* @hook um_submit_post_form
|
||||
*
|
||||
* @example <caption>Extends $_POST data.</caption>
|
||||
* function my_submit_post_form( $_post ) {
|
||||
* $_post['some_key'] = 'some value';
|
||||
* return $_post;
|
||||
* }
|
||||
* ?>
|
||||
* add_filter( 'um_submit_post_form', 'my_submit_post_form' );
|
||||
*/
|
||||
$this->post_form = apply_filters( 'um_submit_post_form', wp_unslash( $_POST ) );
|
||||
|
||||
// Validate form submission by honeypot.
|
||||
if ( isset( $this->post_form[ UM()->honeypot ] ) && '' !== $this->post_form[ UM()->honeypot ] ) {
|
||||
// High level escape if hacking.
|
||||
wp_die( esc_html__( 'Hello, spam bot!', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$this->post_form = $this->beautify( $this->post_form );
|
||||
$this->post_form = $this->sanitize( $this->post_form );
|
||||
$this->post_form['submitted'] = $this->post_form;
|
||||
|
||||
$this->post_form = array_merge( $this->form_data, $this->post_form );
|
||||
$this->post_form = $this->beautify( $this->post_form );
|
||||
|
||||
// Validate and filter 'role' submitted data to avoid handling roles with admin privileges.
|
||||
// Remove role from post_form at first if role ! empty and there aren't custom fields with role name
|
||||
if ( ! empty( $_POST['role'] ) ) {
|
||||
if ( ! isset( $this->form_data['custom_fields'] ) || ! strstr( $this->form_data['custom_fields'], 'role_' ) ) {
|
||||
$maybe_set_default_role = true;
|
||||
if ( array_key_exists( 'role', $this->post_form ) ) {
|
||||
if ( 'login' === $this->form_data['mode'] ) {
|
||||
unset( $this->post_form['role'] );
|
||||
unset( $this->post_form['submitted']['role'] );
|
||||
}
|
||||
}
|
||||
|
||||
// Secure sanitize of the submitted data
|
||||
if ( ! empty( $this->post_form ) ) {
|
||||
$this->post_form = $this->clean_submitted_data( $this->post_form );
|
||||
}
|
||||
if ( ! empty( $this->post_form['submitted'] ) ) {
|
||||
$this->post_form['submitted'] = $this->clean_submitted_data( $this->post_form['submitted'] );
|
||||
}
|
||||
|
||||
// set default role from settings on registration form
|
||||
if ( isset( $this->post_form['mode'] ) && 'register' === $this->post_form['mode'] ) {
|
||||
$role = $this->assigned_role( $this->form_id );
|
||||
$this->post_form['role'] = $role;
|
||||
}
|
||||
|
||||
if ( isset( $this->form_data['custom_fields'] ) && strstr( $this->form_data['custom_fields'], 'role_' ) ) { // Secure selected role
|
||||
|
||||
if ( ! empty( $_POST['role'] ) ) {
|
||||
$custom_field_roles = $this->custom_field_roles( $this->form_data['custom_fields'] );
|
||||
|
||||
if ( ! empty( $custom_field_roles ) ) {
|
||||
if ( is_array( $_POST['role'] ) ) {
|
||||
$role = current( $_POST['role'] );
|
||||
$role = sanitize_key( $role );
|
||||
} else {
|
||||
$role = sanitize_key( $_POST['role'] );
|
||||
}
|
||||
|
||||
global $wp_roles;
|
||||
$exclude_roles = array_diff( array_keys( $wp_roles->roles ), UM()->roles()->get_editable_user_roles() );
|
||||
|
||||
if ( ! empty( $role ) &&
|
||||
( ! in_array( $role, $custom_field_roles, true ) || in_array( $role, $exclude_roles, true ) ) ) {
|
||||
wp_die( esc_html__( 'This is not possible for security reasons.', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$this->post_form['role'] = $role;
|
||||
$this->post_form['submitted']['role'] = $role;
|
||||
} else {
|
||||
} else {
|
||||
$form_has_role_field = count( array_intersect( $all_cf_metakeys, array( 'role_select', 'role_radio' ) ) ) > 0;
|
||||
if ( ! $form_has_role_field ) {
|
||||
unset( $this->post_form['role'] );
|
||||
unset( $this->post_form['submitted']['role'] );
|
||||
} else {
|
||||
$custom_field_roles = $this->custom_field_roles( $this->form_data['custom_fields'] );
|
||||
if ( ! empty( $custom_field_roles ) ) {
|
||||
if ( is_array( $this->post_form['role'] ) ) {
|
||||
$role = current( $this->post_form['role'] );
|
||||
$role = sanitize_key( $role );
|
||||
} else {
|
||||
$role = sanitize_key( $this->post_form['role'] );
|
||||
}
|
||||
|
||||
global $wp_roles;
|
||||
$exclude_roles = array_diff( array_keys( $wp_roles->roles ), UM()->roles()->get_editable_user_roles() );
|
||||
|
||||
if ( ! empty( $role ) &&
|
||||
( ! in_array( $role, $custom_field_roles, true ) || in_array( $role, $exclude_roles, true ) ) ) {
|
||||
// High level escape if hacking.
|
||||
wp_die( esc_html__( 'This is not possible for security reasons.', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
// set default role for registration form if custom field hasn't proper value
|
||||
if ( isset( $this->post_form['mode'] ) && 'register' === $this->post_form['mode'] ) {
|
||||
$role = $this->assigned_role( $this->form_id );
|
||||
$this->post_form['role'] = $role;
|
||||
$maybe_set_default_role = false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* UM hook
|
||||
*
|
||||
* @type filter
|
||||
* @title um_submit_form_data
|
||||
* @description Change submitted data on form submit
|
||||
* @input_vars
|
||||
* [{"var":"$data","type":"array","desc":"Submitted data"},
|
||||
* {"var":"$mode","type":"string","desc":"Form mode"}]
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage
|
||||
* <?php add_filter( 'um_submit_form_data', 'function_name', 10, 2 ); ?>
|
||||
* @example
|
||||
* <?php
|
||||
* add_filter( 'um_submit_form_data', 'my_submit_form_data', 10, 2 );
|
||||
* function my_submit_form_data( $data ) {
|
||||
* // your code here
|
||||
* return $data;
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
$this->post_form = apply_filters( 'um_submit_form_data', $this->post_form, $this->post_form['mode'] );
|
||||
$this->post_form = $this->sanitize( $this->post_form );
|
||||
$this->post_form['submitted'] = $this->post_form;
|
||||
|
||||
// Set default role from settings on registration form. It has been made after defined 'submitted' because predefined role isn't a submitted field.
|
||||
if ( $maybe_set_default_role && 'register' === $this->form_data['mode'] ) {
|
||||
$role = $this->assigned_role( $this->form_id );
|
||||
$this->post_form['role'] = $role;
|
||||
}
|
||||
|
||||
// @todo REMOVE THAT !!! AND SEPARATE FORM DATA AND SUBMISSION DATA. MAY AFFECT TO EXTENSIONS
|
||||
$this->post_form = array_merge( $this->form_data, $this->post_form );
|
||||
|
||||
// Remove role from post_form at first if role ! empty and there aren't custom fields with role name
|
||||
// if ( ! empty( $this->post_form['role'] ) ) {
|
||||
// if ( ! strstr( $this->form_data['custom_fields'], 'role_' ) ) {
|
||||
// unset( $this->post_form['role'] );
|
||||
// //unset( $this->post_form['submitted']['role'] );
|
||||
// }
|
||||
// }
|
||||
|
||||
// Secure sanitize of the submitted data
|
||||
// if ( ! empty( $this->post_form ) ) {
|
||||
// $this->post_form = $this->clean_submitted_data( $this->post_form );
|
||||
// }
|
||||
// if ( ! empty( $this->post_form['submitted'] ) ) {
|
||||
// $this->post_form['submitted'] = $this->clean_submitted_data( $this->post_form['submitted'] );
|
||||
// }
|
||||
|
||||
|
||||
|
||||
// if ( isset( $this->form_data['custom_fields'] ) && strstr( $this->form_data['custom_fields'], 'role_' ) ) { // Secure selected role
|
||||
// if ( ! empty( $_POST['role'] ) ) {
|
||||
// $custom_field_roles = $this->custom_field_roles( $this->form_data['custom_fields'] );
|
||||
//
|
||||
// if ( ! empty( $custom_field_roles ) ) {
|
||||
// if ( is_array( $_POST['role'] ) ) {
|
||||
// $role = current( $_POST['role'] );
|
||||
// $role = sanitize_key( $role );
|
||||
// } else {
|
||||
// $role = sanitize_key( $_POST['role'] );
|
||||
// }
|
||||
//
|
||||
// global $wp_roles;
|
||||
// $exclude_roles = array_diff( array_keys( $wp_roles->roles ), UM()->roles()->get_editable_user_roles() );
|
||||
//
|
||||
// if ( ! empty( $role ) &&
|
||||
// ( ! in_array( $role, $custom_field_roles, true ) || in_array( $role, $exclude_roles, true ) ) ) {
|
||||
// wp_die( esc_html__( 'This is not possible for security reasons.', 'ultimate-member' ) );
|
||||
// }
|
||||
//
|
||||
// $this->post_form['role'] = $role;
|
||||
// $this->post_form['submitted']['role'] = $role;
|
||||
// } else {
|
||||
// unset( $this->post_form['role'] );
|
||||
// unset( $this->post_form['submitted']['role'] );
|
||||
//
|
||||
// // set default role for registration form if custom field hasn't proper value
|
||||
// if ( 'register' === $this->form_data['mode'] ) {
|
||||
// $role = $this->assigned_role( $this->form_id );
|
||||
// $this->post_form['role'] = $role;
|
||||
// }
|
||||
// }
|
||||
// }
|
||||
// }
|
||||
|
||||
/**
|
||||
* Filters $_POST submitted data by the UM login, registration or profile form.
|
||||
* It's un-slashed by `wp_unslash()`, beautified and sanitized. `role` attribute is filtered by possible role.
|
||||
* `submitted` key is added by code and contains summary of submission.
|
||||
*
|
||||
* Internal Ultimate Member callbacks (Priority -> Callback name -> Excerpt):
|
||||
* 9 - `um_submit_form_data_trim_fields()` maybe over-functionality and can be removed.
|
||||
* 10 - `um_submit_form_data_role_fields()` important for conditional logic based on role fields in form.
|
||||
*
|
||||
* @param {array} $_post Submitted data.
|
||||
* @param {string} $mode Form mode. login||register||profile
|
||||
* @param {array} $all_cf_metakeys Form's metakeys. Since 2.6.7.
|
||||
*
|
||||
* @return {array} Submitted data.
|
||||
*
|
||||
* @since 1.3.x
|
||||
* @hook um_submit_form_data
|
||||
*
|
||||
* @example <caption>Extends UM form submitted data.</caption>
|
||||
* function my_submit_form_data( $_post, $mode, $all_cf_metakeys ) {
|
||||
* $_post['some_key'] = 'some value';
|
||||
* return $_post;
|
||||
* }
|
||||
* add_filter( 'um_submit_form_data', 'my_submit_form_data', 10, 3 );
|
||||
*/
|
||||
$this->post_form = apply_filters( 'um_submit_form_data', $this->post_form, $this->form_data['mode'], $all_cf_metakeys );
|
||||
/* Continue based on form mode - pre-validation */
|
||||
|
||||
/**
|
||||
* UM hook
|
||||
* Fires for validation UM login, registration or profile form submission.
|
||||
*
|
||||
* @type action
|
||||
* @title um_submit_form_errors_hook
|
||||
* @description Action on submit form
|
||||
* @input_vars
|
||||
* [{"var":"$post","type":"int","desc":"Post data"}]
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage add_action( 'um_submit_form_errors_hook', 'function_name', 10, 1 );
|
||||
* @example
|
||||
* <?php
|
||||
* add_action( 'um_submit_form_errors_hook', 'my_submit_form_errors', 10, 1 );
|
||||
* function my_submit_form_errors( $post ) {
|
||||
* Internal Ultimate Member callbacks (Priority -> Callback name -> Excerpt):
|
||||
* 10 - `um_submit_form_errors_hook()` All form validation handlers.
|
||||
* 20 - `um_recaptcha_validate()` reCAPTCHA form validation handlers. um-recaptcha extension.
|
||||
*
|
||||
* @since 1.3.x
|
||||
* @hook um_submit_form_errors_hook
|
||||
*
|
||||
* @param {array} $post $_POST Submission array.
|
||||
* @param {array} $form_data UM form data. Since 2.6.7
|
||||
*
|
||||
* @example <caption>Make any common validation action here.</caption>
|
||||
* function my_custom_before_submit_form_post( $post, $form_data ) {
|
||||
* // your code here
|
||||
* }
|
||||
* ?>
|
||||
* add_action( 'um_submit_form_errors_hook', 'my_custom_submit_form_errors_hook', 10, 2 );
|
||||
*/
|
||||
do_action( 'um_submit_form_errors_hook', $this->post_form );
|
||||
do_action( 'um_submit_form_errors_hook', $this->post_form, $this->form_data );
|
||||
if ( 'login' !== $this->form_data['mode'] ) {
|
||||
var_dump( $this->post_form );
|
||||
var_dump( $this->form_data );
|
||||
var_dump( '------------------------------------------------------------' );
|
||||
var_dump( $all_cf_metakeys );
|
||||
var_dump( $cf_metakeys );
|
||||
exit;
|
||||
}
|
||||
/* Continue based on form mode - store data. */
|
||||
/**
|
||||
* UM hook
|
||||
* Fires for make main actions on UM login, registration or profile form submission.
|
||||
*
|
||||
* @type action
|
||||
* @title um_submit_form_{$mode}
|
||||
* @description Action on submit form
|
||||
* @input_vars
|
||||
* [{"var":"$post","type":"int","desc":"Post data"}]
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage add_action( 'um_submit_form_{$mode}', 'function_name', 10, 1 );
|
||||
* @example
|
||||
* <?php
|
||||
* add_action( 'um_submit_form_{$mode}', 'my_submit_form', 10, 1 );
|
||||
* function my_submit_form( $post ) {
|
||||
* Internal Ultimate Member callbacks (Priority -> Callback name -> Excerpt):
|
||||
* ### um_submit_form_login:
|
||||
* * 1 - `UM()->login()->verify_nonce()` Verify nonce.
|
||||
* * 10 - `um_submit_form_login()` Login form main handler.
|
||||
* ### um_submit_form_register:
|
||||
* ### um_submit_form_profile:
|
||||
*
|
||||
* @since 1.3.x
|
||||
* @hook um_submit_form_errors_hook
|
||||
*
|
||||
* @param {array} $post $_POST Submission array.
|
||||
* @param {array} $form_data UM form data. Since 2.6.7
|
||||
*
|
||||
* @example <caption>Make any custom action.</caption>
|
||||
* function my_custom_before_submit_form_post( $post, $form_data ) {
|
||||
* // your code here
|
||||
* }
|
||||
* ?>
|
||||
* add_action( 'um_submit_form_errors_hook', 'my_custom_submit_form_errors_hook', 10, 2 );
|
||||
*/
|
||||
do_action( "um_submit_form_{$this->post_form['mode']}", $this->post_form );
|
||||
do_action( "um_submit_form_{$this->post_form['mode']}", $this->post_form, $this->form_data );
|
||||
}
|
||||
}
|
||||
|
||||
@@ -716,7 +808,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
|
||||
)
|
||||
),
|
||||
' /'
|
||||
);
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,13 +1,12 @@
|
||||
<?php
|
||||
namespace um\core;
|
||||
|
||||
|
||||
if ( ! defined( 'ABSPATH' ) ) exit;
|
||||
|
||||
if ( ! defined( 'ABSPATH' ) ) {
|
||||
exit;
|
||||
}
|
||||
|
||||
if ( ! class_exists( 'um\core\Login' ) ) {
|
||||
|
||||
|
||||
/**
|
||||
* Class Login
|
||||
*
|
||||
@@ -15,73 +14,57 @@ if ( ! class_exists( 'um\core\Login' ) ) {
|
||||
*/
|
||||
class Login {
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
public $auth_id = '';
|
||||
|
||||
/**
|
||||
* Logged-in user ID
|
||||
* Login constructor.
|
||||
*/
|
||||
var $auth_id = '';
|
||||
|
||||
|
||||
/**
|
||||
* Register constructor.
|
||||
*/
|
||||
function __construct() {
|
||||
add_action( 'um_after_login_fields', array( $this, 'add_nonce' ) );
|
||||
add_action( 'um_submit_form_login', array( $this, 'verify_nonce' ), 1, 1 );
|
||||
public function __construct() {
|
||||
add_action( 'um_after_login_fields', array( $this, 'add_nonce' ) );
|
||||
add_action( 'um_submit_form_login', array( $this, 'verify_nonce' ), 1, 2 );
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Add registration form notice
|
||||
*/
|
||||
function add_nonce() {
|
||||
public function add_nonce() {
|
||||
wp_nonce_field( 'um_login_form' );
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Verify nonce handler
|
||||
*
|
||||
* @param $args
|
||||
*
|
||||
* @return mixed
|
||||
* @param array $args
|
||||
* @param array $form_data
|
||||
*/
|
||||
function verify_nonce( $args ) {
|
||||
public function verify_nonce( $args, $form_data ) {
|
||||
/**
|
||||
* UM hook
|
||||
* Filters allow nonce verifying while UM Login submission.
|
||||
*
|
||||
* @type filter
|
||||
* @title um_login_allow_nonce_verification
|
||||
* @description Enable/Disable nonce verification of login
|
||||
* @input_vars
|
||||
* [{"var":"$allow_nonce","type":"bool","desc":"Enable nonce"}]
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage
|
||||
* <?php add_filter( 'um_login_allow_nonce_verification', 'function_name', 10, 1 ); ?>
|
||||
* @example
|
||||
* <?php
|
||||
* add_filter( 'um_login_allow_nonce_verification', 'my_login_allow_nonce_verification', 10, 1 );
|
||||
* function my_login_allow_nonce_verification( $allow_nonce ) {
|
||||
* // your code here
|
||||
* return $allow_nonce;
|
||||
* }
|
||||
* ?>
|
||||
* @param {bool} $allow_nonce Is allowed verify nonce on login. By default, allowed = `true`.
|
||||
* @param {array} $form_data Form's metakeys. Since 2.6.7.
|
||||
*
|
||||
* @return {bool} Is allowed verify.
|
||||
*
|
||||
* @since 2.0
|
||||
* @hook um_login_allow_nonce_verification
|
||||
*
|
||||
* @example <caption>Disable verifying nonce on the login page.</caption>
|
||||
* add_filter( 'um_login_allow_nonce_verification', '__return_false' );
|
||||
*/
|
||||
$allow_nonce_verification = apply_filters( 'um_login_allow_nonce_verification', true );
|
||||
|
||||
if ( ! $allow_nonce_verification ) {
|
||||
return $args;
|
||||
$allow_nonce_verification = apply_filters( 'um_login_allow_nonce_verification', true, $form_data );
|
||||
if ( ! $allow_nonce_verification ) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ( ! wp_verify_nonce( $args['_wpnonce'], 'um_login_form' ) || empty( $args['_wpnonce'] ) || ! isset( $args['_wpnonce'] ) ) {
|
||||
$url = apply_filters( 'um_login_invalid_nonce_redirect_url', add_query_arg( [ 'err' => 'invalid_nonce' ] ) );
|
||||
exit( wp_redirect( $url ) );
|
||||
if ( empty( $args['_wpnonce'] ) || ! wp_verify_nonce( $args['_wpnonce'], 'um_login_form' ) ) {
|
||||
$url = apply_filters( 'um_login_invalid_nonce_redirect_url', add_query_arg( array( 'err' => 'invalid_nonce' ) ) );
|
||||
wp_safe_redirect( $url );
|
||||
exit;
|
||||
}
|
||||
|
||||
return $args;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
+128
-152
@@ -1,12 +1,14 @@
|
||||
<?php if ( ! defined( 'ABSPATH' ) ) exit;
|
||||
|
||||
<?php
|
||||
if ( ! defined( 'ABSPATH' ) ) {
|
||||
exit;
|
||||
}
|
||||
|
||||
/**
|
||||
* Error handling: blocked emails
|
||||
*
|
||||
* @param $args
|
||||
* @param $submitted_data
|
||||
*/
|
||||
function um_submit_form_errors_hook__blockedemails( $args ) {
|
||||
function um_submit_form_errors_hook__blockedemails( $submitted_data ) {
|
||||
$emails = UM()->options()->get( 'blocked_emails' );
|
||||
if ( ! $emails ) {
|
||||
return;
|
||||
@@ -15,41 +17,39 @@ function um_submit_form_errors_hook__blockedemails( $args ) {
|
||||
$emails = strtolower( $emails );
|
||||
$emails = array_map( 'rtrim', explode( "\n", $emails ) );
|
||||
|
||||
if ( isset( $args['user_email'] ) && is_email( $args['user_email'] ) ) {
|
||||
if ( in_array( strtolower( $args['user_email'] ), $emails ) ) {
|
||||
if ( isset( $submitted_data['user_email'] ) && is_email( $submitted_data['user_email'] ) ) {
|
||||
if ( in_array( strtolower( $submitted_data['user_email'] ), $emails ) ) {
|
||||
exit( wp_redirect( esc_url( add_query_arg( 'err', 'blocked_email' ) ) ) );
|
||||
}
|
||||
|
||||
$domain = explode( '@', $args['user_email'] );
|
||||
$check_domain = str_replace( $domain[0], '*', $args['user_email'] );
|
||||
$domain = explode( '@', $submitted_data['user_email'] );
|
||||
$check_domain = str_replace( $domain[0], '*', $submitted_data['user_email'] );
|
||||
|
||||
if ( in_array( strtolower( $check_domain ), $emails ) ) {
|
||||
exit( wp_redirect( esc_url( add_query_arg( 'err', 'blocked_domain' ) ) ) );
|
||||
}
|
||||
}
|
||||
|
||||
if ( isset( $args['username'] ) && is_email( $args['username'] ) ) {
|
||||
if ( in_array( strtolower( $args['username'] ), $emails ) ) {
|
||||
if ( isset( $submitted_data['username'] ) && is_email( $submitted_data['username'] ) ) {
|
||||
if ( in_array( strtolower( $submitted_data['username'] ), $emails ) ) {
|
||||
exit( wp_redirect( esc_url( add_query_arg( 'err', 'blocked_email' ) ) ) );
|
||||
}
|
||||
|
||||
$domain = explode( '@', $args['username'] );
|
||||
$check_domain = str_replace( $domain[0], '*', $args['username'] );
|
||||
$domain = explode( '@', $submitted_data['username'] );
|
||||
$check_domain = str_replace( $domain[0], '*', $submitted_data['username'] );
|
||||
|
||||
if ( in_array( strtolower( $check_domain ), $emails ) ) {
|
||||
exit( wp_redirect( esc_url( add_query_arg( 'err', 'blocked_domain' ) ) ) );
|
||||
}
|
||||
}
|
||||
}
|
||||
add_action( 'um_submit_form_errors_hook__blockedemails', 'um_submit_form_errors_hook__blockedemails', 10 );
|
||||
add_action( 'um_submit_form_errors_hook__blockedemails', 'um_submit_form_errors_hook__blockedemails' );
|
||||
|
||||
|
||||
/**
|
||||
* Error handling: blocked IPs
|
||||
*
|
||||
* @param $args
|
||||
* Error handling: blocked IPs.
|
||||
*/
|
||||
function um_submit_form_errors_hook__blockedips( $args ) {
|
||||
function um_submit_form_errors_hook__blockedips() {
|
||||
$ips = UM()->options()->get( 'blocked_ips' );
|
||||
if ( ! $ips ) {
|
||||
return;
|
||||
@@ -65,7 +65,7 @@ function um_submit_form_errors_hook__blockedips( $args ) {
|
||||
}
|
||||
}
|
||||
}
|
||||
add_action( 'um_submit_form_errors_hook__blockedips', 'um_submit_form_errors_hook__blockedips', 10 );
|
||||
add_action( 'um_submit_form_errors_hook__blockedips', 'um_submit_form_errors_hook__blockedips' );
|
||||
|
||||
|
||||
/**
|
||||
@@ -79,8 +79,6 @@ function um_submit_form_errors_hook__blockedwords( $args ) {
|
||||
return;
|
||||
}
|
||||
|
||||
$form_id = $args['form_id'];
|
||||
$mode = $args['mode'];
|
||||
$fields = unserialize( $args['custom_fields'] );
|
||||
|
||||
$words = strtolower( $words );
|
||||
@@ -99,155 +97,137 @@ add_action( 'um_submit_form_errors_hook__blockedwords', 'um_submit_form_errors_h
|
||||
|
||||
|
||||
/**
|
||||
* Error handling
|
||||
* UM login|register|profile form error handling.
|
||||
*
|
||||
* @param $args
|
||||
* @param array $submitted_data
|
||||
* @param array $form_data
|
||||
*/
|
||||
function um_submit_form_errors_hook( $args ) {
|
||||
$mode = $args['mode'];
|
||||
function um_submit_form_errors_hook( $submitted_data, $form_data ) {
|
||||
$mode = $form_data['mode'];
|
||||
|
||||
/**
|
||||
* UM hook
|
||||
* Fires for validation blocked IPs when UM login, registration or profile form has been submitted.
|
||||
*
|
||||
* @type action
|
||||
* @title um_submit_form_errors_hook__blockedips
|
||||
* @description Submit form validation
|
||||
* @input_vars
|
||||
* [{"var":"$args","type":"array","desc":"Form Arguments"}]
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage add_action( 'um_submit_form_errors_hook__blockedips', 'function_name', 10, 1 );
|
||||
* @example
|
||||
* <?php
|
||||
* add_action( 'um_submit_form_errors_hook__blockedips', 'my_submit_form_errors_hook__blockedips', 10, 1 );
|
||||
* function my_submit_form_errors_hook__blockedips( $args ) {
|
||||
* Internal Ultimate Member callbacks (Priority -> Callback name -> Excerpt):
|
||||
* 10 - `um_submit_form_errors_hook__blockedips()` Native validation handlers.
|
||||
*
|
||||
* @since 1.3.x
|
||||
* @hook um_submit_form_errors_hook__blockedips
|
||||
*
|
||||
* @param {array} $submitted_data $_POST Submission array.
|
||||
* @param {array} $form_data UM form data. Since 2.6.7
|
||||
*
|
||||
* @example <caption>Make any common validation action here.</caption>
|
||||
* function my_submit_form_errors_hook__blockedips( $post, $form_data ) {
|
||||
* // your code here
|
||||
* }
|
||||
* ?>
|
||||
* add_action( 'um_submit_form_errors_hook__blockedips', 'my_submit_form_errors_hook__blockedips', 10, 2 );
|
||||
*/
|
||||
do_action( 'um_submit_form_errors_hook__blockedips', $args );
|
||||
|
||||
|
||||
do_action( 'um_submit_form_errors_hook__blockedips', $submitted_data, $form_data );
|
||||
/**
|
||||
* UM hook
|
||||
* Fires for validation blocked email addresses when UM login, registration or profile form has been submitted.
|
||||
*
|
||||
* @type action
|
||||
* @title um_submit_form_errors_hook__blockedemails
|
||||
* @description Submit form validation
|
||||
* @input_vars
|
||||
* [{"var":"$args","type":"array","desc":"Form Arguments"}]
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage add_action( 'um_submit_form_errors_hook__blockedemails', 'function_name', 10, 1 );
|
||||
* @example
|
||||
* <?php
|
||||
* add_action( 'um_submit_form_errors_hook__blockedemails', 'my_submit_form_errors_hook__blockedemails', 10, 1 );
|
||||
* function my_submit_form_errors_hook__blockedemails( $args ) {
|
||||
* Internal Ultimate Member callbacks (Priority -> Callback name -> Excerpt):
|
||||
* 10 - `um_submit_form_errors_hook__blockedemails()` Native validation handlers.
|
||||
*
|
||||
* @since 1.3.x
|
||||
* @hook um_submit_form_errors_hook__blockedemails
|
||||
*
|
||||
* @param {array} $submitted_data $_POST Submission array.
|
||||
* @param {array} $form_data UM form data. Since 2.6.7
|
||||
*
|
||||
* @example <caption>Make any common validation action here.</caption>
|
||||
* function my_submit_form_errors_hook__blockedemails( $post, $form_data ) {
|
||||
* // your code here
|
||||
* }
|
||||
* ?>
|
||||
* add_action( 'um_submit_form_errors_hook__blockedemails', 'my_submit_form_errors_hook__blockedemails', 10, 2 );
|
||||
*/
|
||||
do_action( 'um_submit_form_errors_hook__blockedemails', $args );
|
||||
|
||||
if ( $mode == 'register' ) {
|
||||
|
||||
do_action( 'um_submit_form_errors_hook__blockedemails', $submitted_data, $form_data );
|
||||
|
||||
if ( 'login' === $mode ) {
|
||||
/**
|
||||
* UM hook
|
||||
* Fires for login form validation when it has been submitted.
|
||||
*
|
||||
* @type action
|
||||
* @title um_submit_form_errors_hook__registration
|
||||
* @description Submit registration form validation
|
||||
* @input_vars
|
||||
* [{"var":"$args","type":"array","desc":"Form Arguments"}]
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage add_action( 'um_submit_form_errors_hook__registration', 'function_name', 10, 1 );
|
||||
* @example
|
||||
* <?php
|
||||
* add_action( 'um_submit_form_errors_hook__registration', 'my_submit_form_errors_registration', 10, 1 );
|
||||
* function my_submit_form_errors_registration( $args ) {
|
||||
* Internal Ultimate Member callbacks (Priority -> Callback name -> Excerpt):
|
||||
* 10 - `um_submit_form_errors_hook_login()` Native login validation handlers.
|
||||
*
|
||||
* @since 1.3.x
|
||||
* @hook um_submit_form_errors_hook_login
|
||||
*
|
||||
* @param {array} $submitted_data $_POST Submission array.
|
||||
* @param {array} $form_data UM form data. Since 2.6.7
|
||||
*
|
||||
* @example <caption>Make any common validation action here.</caption>
|
||||
* function my_submit_form_errors_hook_login( $post, $form_data ) {
|
||||
* // your code here
|
||||
* }
|
||||
* ?>
|
||||
* add_action( 'um_submit_form_errors_hook_login', 'my_submit_form_errors_hook_login', 10, 2 );
|
||||
*/
|
||||
do_action( 'um_submit_form_errors_hook__registration', $args );
|
||||
|
||||
} elseif ( $mode == 'profile' ) {
|
||||
|
||||
|
||||
do_action( 'um_submit_form_errors_hook_login', $submitted_data, $form_data );
|
||||
/**
|
||||
* UM hook
|
||||
* Fires for login form validation when it has been submitted.
|
||||
*
|
||||
* @type action
|
||||
* @title um_submit_form_errors_hook__registration
|
||||
* @description Submit registration form validation
|
||||
* @input_vars
|
||||
* [{"var":"$args","type":"array","desc":"Form Arguments"}]
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage add_action( 'um_submit_form_errors_hook__registration', 'function_name', 10, 1 );
|
||||
* @example
|
||||
* <?php
|
||||
* add_action( 'um_submit_form_errors_hook__profile', 'my_submit_form_errors_hook__profile', 10, 1 );
|
||||
* function my_submit_form_errors_registration( $args ) {
|
||||
* Internal Ultimate Member callbacks (Priority -> Callback name -> Excerpt):
|
||||
* 9999 - `um_submit_form_errors_hook_logincheck()` Native login validation handlers.
|
||||
*
|
||||
* @since 1.3.x
|
||||
* @hook um_submit_form_errors_hook_logincheck
|
||||
*
|
||||
* @param {array} $submitted_data $_POST Submission array.
|
||||
* @param {array} $form_data UM form data. Since 2.6.7
|
||||
*
|
||||
* @example <caption>Make any common validation action here.</caption>
|
||||
* function my_submit_form_errors_hook_logincheck( $post, $form_data ) {
|
||||
* // your code here
|
||||
* }
|
||||
* ?>
|
||||
* add_action( 'um_submit_form_errors_hook_logincheck', 'my_submit_form_errors_hook_logincheck', 10, 2 );
|
||||
*/
|
||||
do_action( 'um_submit_form_errors_hook__profile', $args );
|
||||
|
||||
} elseif ( $mode == 'login' ) {
|
||||
|
||||
|
||||
/**
|
||||
* UM hook
|
||||
*
|
||||
* @type action
|
||||
* @title um_submit_form_errors_hook_login
|
||||
* @description Submit login form validation
|
||||
* @input_vars
|
||||
* [{"var":"$args","type":"array","desc":"Form Arguments"}]
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage add_action( 'um_submit_form_errors_hook_login', 'function_name', 10, 1 );
|
||||
* @example
|
||||
* <?php
|
||||
* add_action( 'um_submit_form_errors_hook_login', 'my_submit_form_errors_hook_login', 10, 1 );
|
||||
* function my_submit_form_errors_hook_login( $args ) {
|
||||
* // your code here
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
do_action( 'um_submit_form_errors_hook_login', $args );
|
||||
|
||||
|
||||
/**
|
||||
* UM hook
|
||||
*
|
||||
* @type action
|
||||
* @title um_submit_form_errors_hook_logincheck
|
||||
* @description Submit login form validation
|
||||
* @input_vars
|
||||
* [{"var":"$args","type":"array","desc":"Form Arguments"}]
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage add_action( 'um_submit_form_errors_hook_logincheck', 'function_name', 10, 1 );
|
||||
* @example
|
||||
* <?php
|
||||
* add_action( 'um_submit_form_errors_hook_logincheck', 'my_submit_form_errors_hook_logincheck', 10, 1 );
|
||||
* function my_submit_form_errors_hook_logincheck( $args ) {
|
||||
* // your code here
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
do_action( 'um_submit_form_errors_hook_logincheck', $args );
|
||||
|
||||
}
|
||||
|
||||
|
||||
if ( $mode != 'login' ) {
|
||||
|
||||
do_action( 'um_submit_form_errors_hook_logincheck', $submitted_data, $form_data );
|
||||
// ------ Reviewed. --------- //
|
||||
} else {
|
||||
if ( 'register' === $mode ) {
|
||||
/**
|
||||
* UM hook
|
||||
*
|
||||
* @type action
|
||||
* @title um_submit_form_errors_hook__registration
|
||||
* @description Submit registration form validation
|
||||
* @input_vars
|
||||
* [{"var":"$args","type":"array","desc":"Form Arguments"}]
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage add_action( 'um_submit_form_errors_hook__registration', 'function_name', 10, 1 );
|
||||
* @example
|
||||
* <?php
|
||||
* add_action( 'um_submit_form_errors_hook__registration', 'my_submit_form_errors_registration', 10, 1 );
|
||||
* function my_submit_form_errors_registration( $args ) {
|
||||
* // your code here
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
do_action( 'um_submit_form_errors_hook__registration', $submitted_data, $form_data );
|
||||
} elseif ( 'profile' === $mode ) {
|
||||
/**
|
||||
* UM hook
|
||||
*
|
||||
* @type action
|
||||
* @title um_submit_form_errors_hook__registration
|
||||
* @description Submit registration form validation
|
||||
* @input_vars
|
||||
* [{"var":"$args","type":"array","desc":"Form Arguments"}]
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage add_action( 'um_submit_form_errors_hook__registration', 'function_name', 10, 1 );
|
||||
* @example
|
||||
* <?php
|
||||
* add_action( 'um_submit_form_errors_hook__profile', 'my_submit_form_errors_hook__profile', 10, 1 );
|
||||
* function my_submit_form_errors_registration( $args ) {
|
||||
* // your code here
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
do_action( 'um_submit_form_errors_hook__profile', $submitted_data, $form_data );
|
||||
}
|
||||
|
||||
/**
|
||||
* UM hook
|
||||
@@ -268,9 +248,7 @@ function um_submit_form_errors_hook( $args ) {
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
do_action( 'um_submit_form_errors_hook__blockedwords', $args );
|
||||
|
||||
|
||||
do_action( 'um_submit_form_errors_hook__blockedwords', $submitted_data, $form_data );
|
||||
/**
|
||||
* UM hook
|
||||
*
|
||||
@@ -290,12 +268,10 @@ function um_submit_form_errors_hook( $args ) {
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
do_action( 'um_submit_form_errors_hook_', $args );
|
||||
|
||||
do_action( 'um_submit_form_errors_hook_', $submitted_data, $form_data );
|
||||
}
|
||||
|
||||
}
|
||||
add_action( 'um_submit_form_errors_hook', 'um_submit_form_errors_hook', 10 );
|
||||
add_action( 'um_submit_form_errors_hook', 'um_submit_form_errors_hook', 10, 2 );
|
||||
|
||||
|
||||
/**
|
||||
|
||||
@@ -4,57 +4,51 @@ if ( ! defined( 'ABSPATH' ) ) {
|
||||
}
|
||||
|
||||
/**
|
||||
* Error procesing hook for login
|
||||
* Error processing hook for login.
|
||||
*
|
||||
* @param $args
|
||||
* @param $submitted_data
|
||||
*/
|
||||
function um_submit_form_errors_hook_login( $args ) {
|
||||
$is_email = false;
|
||||
function um_submit_form_errors_hook_login( $submitted_data ) {
|
||||
$user_password = $submitted_data['user_password'];
|
||||
|
||||
$form_id = $args['form_id'];
|
||||
$mode = $args['mode'];
|
||||
$user_password = $args['user_password'];
|
||||
|
||||
if ( isset( $args['username'] ) && $args['username'] == '' ) {
|
||||
if ( isset( $submitted_data['username'] ) && $submitted_data['username'] == '' ) {
|
||||
UM()->form()->add_error( 'username', __( 'Please enter your username or email', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( isset( $args['user_login'] ) && $args['user_login'] == '' ) {
|
||||
if ( isset( $submitted_data['user_login'] ) && $submitted_data['user_login'] == '' ) {
|
||||
UM()->form()->add_error( 'user_login', __( 'Please enter your username', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( isset( $args['user_email'] ) && $args['user_email'] == '' ) {
|
||||
if ( isset( $submitted_data['user_email'] ) && $submitted_data['user_email'] == '' ) {
|
||||
UM()->form()->add_error( 'user_email', __( 'Please enter your email', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( isset( $args['username'] ) ) {
|
||||
$authenticate = $args['username'];
|
||||
if ( isset( $submitted_data['username'] ) ) {
|
||||
$authenticate = $submitted_data['username'];
|
||||
$field = 'username';
|
||||
if ( is_email( $args['username'] ) ) {
|
||||
$is_email = true;
|
||||
$data = get_user_by('email', $args['username'] );
|
||||
if ( is_email( $submitted_data['username'] ) ) {
|
||||
$data = get_user_by('email', $submitted_data['username'] );
|
||||
$user_name = isset( $data->user_login ) ? $data->user_login : null;
|
||||
} else {
|
||||
$user_name = $args['username'];
|
||||
$user_name = $submitted_data['username'];
|
||||
}
|
||||
} elseif ( isset( $args['user_email'] ) ) {
|
||||
$authenticate = $args['user_email'];
|
||||
} elseif ( isset( $submitted_data['user_email'] ) ) {
|
||||
$authenticate = $submitted_data['user_email'];
|
||||
$field = 'user_email';
|
||||
$is_email = true;
|
||||
$data = get_user_by('email', $args['user_email'] );
|
||||
$data = get_user_by('email', $submitted_data['user_email'] );
|
||||
$user_name = isset( $data->user_login ) ? $data->user_login : null;
|
||||
} else {
|
||||
$field = 'user_login';
|
||||
$user_name = $args['user_login'];
|
||||
$authenticate = $args['user_login'];
|
||||
$user_name = $submitted_data['user_login'];
|
||||
$authenticate = $submitted_data['user_login'];
|
||||
}
|
||||
|
||||
if ( $args['user_password'] == '' ) {
|
||||
if ( $submitted_data['user_password'] == '' ) {
|
||||
UM()->form()->add_error( 'user_password', __( 'Please enter your password', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$user = get_user_by( 'login', $user_name );
|
||||
if ( $user && wp_check_password( $args['user_password'], $user->data->user_pass, $user->ID ) ) {
|
||||
if ( $user && wp_check_password( $submitted_data['user_password'], $user->data->user_pass, $user->ID ) ) {
|
||||
UM()->login()->auth_id = username_exists( $user_name );
|
||||
} else {
|
||||
UM()->form()->add_error( 'user_password', __( 'Password is incorrect. Please try again.', 'ultimate-member' ) );
|
||||
@@ -67,7 +61,7 @@ function um_submit_form_errors_hook_login( $args ) {
|
||||
// see WP function wp_authenticate()
|
||||
$ignore_codes = array( 'empty_username', 'empty_password' );
|
||||
|
||||
$user = apply_filters( 'authenticate', null, $authenticate, $args['user_password'] );
|
||||
$user = apply_filters( 'authenticate', null, $authenticate, $submitted_data['user_password'] );
|
||||
if ( is_wp_error( $user ) && ! in_array( $user->get_error_code(), $ignore_codes ) ) {
|
||||
if ( ! empty( $third_party_codes ) && in_array( $user->get_error_code(), $third_party_codes ) ) {
|
||||
UM()->form()->add_error( $user->get_error_code(), $user->get_error_message() );
|
||||
@@ -76,7 +70,7 @@ function um_submit_form_errors_hook_login( $args ) {
|
||||
}
|
||||
}
|
||||
|
||||
$user = apply_filters( 'wp_authenticate_user', $user, $args['user_password'] );
|
||||
$user = apply_filters( 'wp_authenticate_user', $user, $submitted_data['user_password'] );
|
||||
if ( is_wp_error( $user ) && ! in_array( $user->get_error_code(), $ignore_codes ) ) {
|
||||
if ( ! empty( $third_party_codes ) && in_array( $user->get_error_code(), $third_party_codes ) ) {
|
||||
UM()->form()->add_error( $user->get_error_code(), $user->get_error_message() );
|
||||
@@ -90,7 +84,7 @@ function um_submit_form_errors_hook_login( $args ) {
|
||||
do_action( 'wp_login_failed', $user_name, UM()->form()->get_wp_error() );
|
||||
}
|
||||
}
|
||||
add_action( 'um_submit_form_errors_hook_login', 'um_submit_form_errors_hook_login', 10 );
|
||||
add_action( 'um_submit_form_errors_hook_login', 'um_submit_form_errors_hook_login' );
|
||||
|
||||
|
||||
/**
|
||||
@@ -123,13 +117,13 @@ function um_display_login_errors( $args ) {
|
||||
}
|
||||
add_action( 'um_before_login_fields', 'um_display_login_errors' );
|
||||
|
||||
|
||||
/**
|
||||
* Login checks thru the frontend login
|
||||
* Login checks through the frontend login
|
||||
*
|
||||
* @param $args
|
||||
* @param array $submitted_data
|
||||
* @param array $form_data
|
||||
*/
|
||||
function um_submit_form_errors_hook_logincheck( $args ) {
|
||||
function um_submit_form_errors_hook_logincheck( $submitted_data, $form_data ) {
|
||||
// Logout if logged in
|
||||
if ( is_user_logged_in() ) {
|
||||
wp_logout();
|
||||
@@ -140,25 +134,23 @@ function um_submit_form_errors_hook_logincheck( $args ) {
|
||||
|
||||
$status = um_user( 'account_status' ); // account status
|
||||
switch ( $status ) {
|
||||
|
||||
// If user can't login to site...
|
||||
// If user can't log in to site...
|
||||
case 'inactive':
|
||||
case 'awaiting_admin_review':
|
||||
case 'awaiting_email_confirmation':
|
||||
case 'rejected':
|
||||
um_reset_user();
|
||||
exit( wp_redirect( add_query_arg( 'err', esc_attr( $status ), UM()->permalinks()->get_current_url() ) ) );
|
||||
break;
|
||||
|
||||
um_reset_user();
|
||||
wp_safe_redirect( add_query_arg( 'err', esc_attr( $status ), UM()->permalinks()->get_current_url() ) );
|
||||
exit;
|
||||
}
|
||||
|
||||
if ( isset( $args['form_id'] ) && $args['form_id'] == UM()->shortcodes()->core_login_form() && UM()->form()->errors && ! isset( $_POST[ UM()->honeypot ] ) ) {
|
||||
exit( wp_redirect( um_get_core_page( 'login' ) ) );
|
||||
if ( isset( $form_data['form_id'] ) && absint( $form_data['form_id'] ) === absint( UM()->shortcodes()->core_login_form() ) && UM()->form()->errors && ! isset( $_POST[ UM()->honeypot ] ) ) {
|
||||
wp_safe_redirect( um_get_core_page( 'login' ) );
|
||||
exit;
|
||||
}
|
||||
|
||||
}
|
||||
add_action( 'um_submit_form_errors_hook_logincheck', 'um_submit_form_errors_hook_logincheck', 9999 );
|
||||
|
||||
add_action( 'um_submit_form_errors_hook_logincheck', 'um_submit_form_errors_hook_logincheck', 9999, 2 );
|
||||
|
||||
/**
|
||||
* Store last login timestamp
|
||||
@@ -192,13 +184,13 @@ function um_store_lastlogin_timestamp_( $login ) {
|
||||
add_action( 'wp_login', 'um_store_lastlogin_timestamp_' );
|
||||
|
||||
/**
|
||||
* Login user process
|
||||
* Login user process.
|
||||
*
|
||||
* @param array $args
|
||||
* @param array $submitted_data
|
||||
*/
|
||||
function um_user_login( $args ) {
|
||||
function um_user_login( $submitted_data ) {
|
||||
// phpcs:disable WordPress.Security.NonceVerification -- already verified here
|
||||
$rememberme = ( isset( $_REQUEST['rememberme'], $args['rememberme'] ) && 1 === (int) $args['rememberme'] ) ? 1 : 0;
|
||||
$rememberme = ( isset( $_REQUEST['rememberme'], $submitted_data['rememberme'] ) && 1 === (int) $submitted_data['rememberme'] ) ? 1 : 0;
|
||||
|
||||
// @todo check using the 'deny_admin_frontend_login' option
|
||||
if ( false !== strrpos( um_user( 'wp_roles' ), 'administrator' ) && ( ! isset( $_GET['provider'] ) && UM()->options()->get( 'deny_admin_frontend_login' ) ) ) {
|
||||
@@ -224,8 +216,8 @@ function um_user_login( $args ) {
|
||||
do_action( 'um_on_login_before_redirect', um_user( 'ID' ) );
|
||||
|
||||
// Priority redirect from $_GET attribute.
|
||||
if ( ! empty( $args['redirect_to'] ) ) {
|
||||
wp_safe_redirect( $args['redirect_to'] );
|
||||
if ( ! empty( $submitted_data['redirect_to'] ) ) {
|
||||
wp_safe_redirect( $submitted_data['redirect_to'] );
|
||||
exit;
|
||||
}
|
||||
|
||||
@@ -277,56 +269,52 @@ add_action( 'um_user_login', 'um_user_login' );
|
||||
/**
|
||||
* Form processing
|
||||
*
|
||||
* @param $args
|
||||
* @param array $submitted_data
|
||||
* @param array $form_data
|
||||
*/
|
||||
function um_submit_form_login( $args ) {
|
||||
|
||||
function um_submit_form_login( $submitted_data, $form_data ) {
|
||||
if ( ! isset( UM()->form()->errors ) ) {
|
||||
/**
|
||||
* UM hook
|
||||
* Fires after successful submit login form.
|
||||
*
|
||||
* @type action
|
||||
* @title um_user_login
|
||||
* @description Hook that runs after successful submit login form
|
||||
* @input_vars
|
||||
* [{"var":"$args","type":"array","desc":"Form data"}]
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage add_action( 'um_user_login', 'function_name', 10, 1 );
|
||||
* @example
|
||||
* <?php
|
||||
* add_action( 'um_user_login', 'my_user_login', 10, 1 );
|
||||
* function my_user_login( $args ) {
|
||||
* Internal Ultimate Member callbacks (Priority -> Callback name -> Excerpt):
|
||||
* * 10 - `um_user_login()` Login form main handler.
|
||||
*
|
||||
* @since 1.3.x
|
||||
* @hook um_user_login
|
||||
*
|
||||
* @param {array} $submitted_data $_POST Submission array.
|
||||
* @param {array} $form_data UM form data. Since 2.6.7
|
||||
*
|
||||
* @example <caption>Make any custom login action if submission is valid.</caption>
|
||||
* function my_user_login( $submitted_data, $form_data ) {
|
||||
* // your code here
|
||||
* }
|
||||
* ?>
|
||||
* add_action( 'um_user_login', 'my_user_login', 10, 2 );
|
||||
*/
|
||||
do_action( 'um_user_login', $args );
|
||||
do_action( 'um_user_login', $submitted_data, $form_data );
|
||||
}
|
||||
|
||||
/**
|
||||
* UM hook
|
||||
* Fires after submit login form.
|
||||
*
|
||||
* @type action
|
||||
* @title um_user_login_extra_hook
|
||||
* @description Hook that runs after successful submit login form
|
||||
* @input_vars
|
||||
* [{"var":"$args","type":"array","desc":"Form data"}]
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage add_action( 'um_user_login_extra_hook', 'function_name', 10, 1 );
|
||||
* @example
|
||||
* <?php
|
||||
* add_action( 'um_user_login_extra_hook', 'my_user_login_extra', 10, 1 );
|
||||
* function my_user_login_extra( $args ) {
|
||||
* Internal Ultimate Member callbacks (Priority -> Callback name -> Excerpt):
|
||||
* * 10 - um-messaging.
|
||||
*
|
||||
* @since 1.3.x
|
||||
* @hook um_user_login_extra_hook
|
||||
*
|
||||
* @param {array} $submitted_data $_POST Submission array.
|
||||
* @param {array} $form_data UM form data. Since 2.6.7
|
||||
*
|
||||
* @example <caption>Make any custom login action.</caption>
|
||||
* function my_user_login_extra( $submitted_data, $form_data ) {
|
||||
* // your code here
|
||||
* }
|
||||
* ?>
|
||||
* add_action( 'um_user_login_extra_hook', 'my_user_login_extra', 10, 2 );
|
||||
*/
|
||||
do_action( 'um_user_login_extra_hook', $args );
|
||||
do_action( 'um_user_login_extra_hook', $submitted_data, $form_data );
|
||||
}
|
||||
add_action( 'um_submit_form_login', 'um_submit_form_login', 10 );
|
||||
|
||||
add_action( 'um_submit_form_login', 'um_submit_form_login', 10, 2 );
|
||||
|
||||
/**
|
||||
* Show the submit button
|
||||
|
||||
@@ -898,12 +898,13 @@ add_filter( 'um_profile_field_filter_hook__', 'um_profile_field_filter_xss_valid
|
||||
/**
|
||||
* Trim All form POST submitted data
|
||||
*
|
||||
* @todo Maybe deprecate because data is sanitized in earlier code and trim included to `sanitize_text_field()`. Need testing and confirmation.
|
||||
*
|
||||
* @param $post_form
|
||||
* @param $mode
|
||||
*
|
||||
* @return mixed
|
||||
*/
|
||||
function um_submit_form_data_trim_fields( $post_form, $mode ) {
|
||||
function um_submit_form_data_trim_fields( $post_form ) {
|
||||
foreach ( $post_form as $key => $field ) {
|
||||
if ( is_string( $field ) ) {
|
||||
$post_form[ $key ] = trim( $field );
|
||||
@@ -912,30 +913,44 @@ function um_submit_form_data_trim_fields( $post_form, $mode ) {
|
||||
|
||||
return $post_form;
|
||||
}
|
||||
add_filter( 'um_submit_form_data', 'um_submit_form_data_trim_fields', 9, 2 );
|
||||
add_filter( 'um_submit_form_data', 'um_submit_form_data_trim_fields', 9, 1 );
|
||||
|
||||
|
||||
/**
|
||||
* add role_select and role_radio to the $post_form
|
||||
* It is necessary for that if on these fields the conditional logic
|
||||
* @param $post_form array
|
||||
* @param $mode
|
||||
* Add `role_select` and `role_radio` to the $post_form
|
||||
* It is necessary for that if on these fields the conditional logic.
|
||||
*
|
||||
* @return $post_form
|
||||
* @uses hook filters: um_submit_form_data
|
||||
* @param array $post_form
|
||||
* @param string $mode
|
||||
* @param array $all_cf_metakeys
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
function um_submit_form_data_role_fields( $post_form, $mode ) {
|
||||
$custom_fields = unserialize( $post_form['custom_fields'] );
|
||||
if ( ! empty( $post_form['role'] ) && array_key_exists( 'role_select', $custom_fields ) ) {
|
||||
$post_form['role_select'] = $post_form['role'];
|
||||
function um_submit_form_data_role_fields( $post_form, $mode, $all_cf_metakeys ) {
|
||||
if ( 'login' === $mode ) {
|
||||
return $post_form;
|
||||
}
|
||||
if (! empty( $post_form['role'] ) && array_key_exists( 'role_radio', $custom_fields ) ) {
|
||||
$post_form['role_radio'] = $post_form['role'];
|
||||
|
||||
if ( ! array_key_exists( 'role', $post_form ) ) {
|
||||
return $post_form;
|
||||
}
|
||||
|
||||
$role_fields = array( 'role_select', 'role_radio' );
|
||||
|
||||
$form_has_role_field = count( array_intersect( $all_cf_metakeys, $role_fields ) ) > 0;
|
||||
if ( ! $form_has_role_field ) {
|
||||
return $post_form;
|
||||
}
|
||||
|
||||
foreach ( $role_fields as $role_field ) {
|
||||
if ( in_array( $role_field, $all_cf_metakeys, true ) ) {
|
||||
$post_form[ $role_field ] = $post_form['role'];
|
||||
}
|
||||
}
|
||||
|
||||
return $post_form;
|
||||
}
|
||||
add_filter( 'um_submit_form_data', 'um_submit_form_data_role_fields', 10, 2 );
|
||||
add_filter( 'um_submit_form_data', 'um_submit_form_data_role_fields', 10, 3 );
|
||||
|
||||
|
||||
/**
|
||||
|
||||
@@ -43,8 +43,10 @@ add_filter( 'login_message', 'um_custom_wp_err_messages' );
|
||||
*/
|
||||
function um_wp_form_errors_hook_ip_test( $user, $username, $password ) {
|
||||
if ( ! empty( $username ) ) {
|
||||
do_action( 'um_submit_form_errors_hook__blockedips', array() );
|
||||
do_action( 'um_submit_form_errors_hook__blockedemails', array( 'username' => $username ) );
|
||||
/** This action is documented in includes/core/um-actions-form.php */
|
||||
do_action( 'um_submit_form_errors_hook__blockedips', array(), null );
|
||||
/** This action is documented in includes/core/um-actions-form.php */
|
||||
do_action( 'um_submit_form_errors_hook__blockedemails', array( 'username' => $username ), null );
|
||||
}
|
||||
|
||||
return $user;
|
||||
@@ -53,7 +55,7 @@ add_filter( 'authenticate', 'um_wp_form_errors_hook_ip_test', 10, 3 );
|
||||
|
||||
|
||||
/**
|
||||
* Login checks thru the wordpress admin login
|
||||
* Login checks through the WordPress admin login.
|
||||
*
|
||||
* @param $user
|
||||
* @param $username
|
||||
@@ -93,8 +95,8 @@ add_filter( 'authenticate', 'um_wp_form_errors_hook_logincheck', 50, 3 );
|
||||
|
||||
/**
|
||||
* Change lost password url in UM Login form
|
||||
* @param string $lostpassword_url
|
||||
* @return string
|
||||
* @param string $lostpassword_url
|
||||
* @return string
|
||||
*/
|
||||
function um_lostpassword_url( $lostpassword_url ) {
|
||||
|
||||
|
||||
Reference in New Issue
Block a user