%PDF- %PDF-
Direktori : /var/www/html/higroup/wp-content/plugins/user-registration/includes/ |
Current File : /var/www/html/higroup/wp-content/plugins/user-registration/includes/class-ur-email-confirmation.php |
<?php /** * User Registration Email Confirmation. * * @class UR_Email_Confirmation * @since 1.1.5 * @package UserRegistration/Classes * @category Class * @author WPEverest */ if ( ! defined( 'ABSPATH' ) ) { exit; } /** * Class UR_Email_Confirmation */ class UR_Email_Confirmation { public function __construct() { if ( is_admin() ) { add_filter( 'manage_users_columns', array( $this, 'add_column_head' ) ); add_filter( 'user_row_actions', array( $this, 'create_quick_links' ), 10, 2 ); add_action( 'load-users.php', array( $this, 'trigger_query_actions' ) ); } add_filter( 'allow_password_reset', array( $this, 'allow_password_reset' ), 10, 2 ); add_action( 'user_registration_after_register_user_action', array( $this, 'set_email_status' ), 9, 3 ); add_action( 'template_redirect', array( $this, 'check_token_before_authenticate' ), 30, 2 ); add_action( 'wp_authenticate', array( $this, 'check_token_before_authenticate' ), 40, 2 ); } /** * Create two quick links Approve and Deny for each user in the users list * * @param $actions * @param $user * * @return array */ public function create_quick_links( $actions, $user ) { $resend_verification_link = add_query_arg( array( 'action' => 'resend_verification', 'user' => $user->ID, ) ); $resend_verification_link = remove_query_arg( array( 'new_role' ), $resend_verification_link ); $resend_verification_link = wp_nonce_url( $resend_verification_link, 'ur_user_change_email_status' ); $verify_link = add_query_arg( array( 'action' => 'verify', 'user' => $user->ID, ) ); $verify_link = remove_query_arg( array( 'new_role' ), $verify_link ); $verify_link = wp_nonce_url( $verify_link, 'ur_user_change_email_status' ); $unverify_link = add_query_arg( array( 'action' => 'unverify', 'user' => $user->ID, ) ); $unverify_link = remove_query_arg( array( 'new_role' ), $unverify_link ); $unverify_link = wp_nonce_url( $unverify_link, 'ur_user_change_email_status' ); $resend_verification_action = '<a href="' . esc_url( $resend_verification_link ) . '">' . _x( 'Resend Verification', 'The action on users list page', 'user-registration' ) . '</a>'; $verify_action = '<a style="color:#086512" href="' . esc_url( $verify_link ) . '">' . _x( 'Verify', 'The action on users list page', 'user-registration' ) . '</a>'; $unverify_action = '<a style="color:#e20707" href="' . esc_url( $unverify_link ) . '">' . _x( 'Unverify', 'The action on users list page', 'user-registration' ) . '</a>'; if ( current_user_can( 'edit_user' ) ) { $get_user_status = get_user_meta( $user->ID, 'ur_confirm_email', true ); if ( '0' === $get_user_status ) { $actions['ur_user_verify_action'] = $verify_action; $actions['ur_user_resend_verification_action'] = $resend_verification_action; } elseif ( '1' === $get_user_status ) { $actions['ur_user_unverify_action'] = $unverify_action; } } return $actions; } /** * Trigger the action query and check if some users have been verified or unverified */ public function trigger_query_actions() { $resend_verification_sent = isset( $_REQUEST['resend_verification_sent'] ) ? sanitize_key( $_REQUEST['resend_verification_sent'] ) : false; if($resend_verification_sent){ add_action( 'admin_notices', array( $this, 'ur_admin_notice_resend_verification_sent' ) ); } $user_id = absint( isset( $_GET['user'] ) ? $_GET['user'] : 0 ); $action = isset( $_REQUEST['action'] ) ? sanitize_key( $_REQUEST['action'] ) : false; $mode = isset( $_POST['mode'] ) ? $_POST['mode'] : false; // If this is a multisite, bulk request, stop now! if ( 'list' == $mode ) { return; } if ( ! empty( $action ) && in_array( $action, array( 'verify', 'unverify', 'resend_verification' ) ) && ! isset( $_GET['new_role'] ) ) { check_admin_referer( 'ur_user_change_email_status' ); $redirect = admin_url( 'users.php' ); $status = $action; if ( $status == 'verify' ) { update_user_meta( $user_id, 'ur_confirm_email', '1' ); $redirect = add_query_arg( array( 'verified' => 1 ), $redirect ); } elseif ( $status == 'resend_verification' ) { $user = get_user_by( 'id', $user_id ); $form_id = ur_get_form_id_by_userid( $user_id ); $this->set_email_status( array(), $form_id, $user_id ); $attachments = apply_filters( 'user_registration_email_attachment_resending_token', array() ); $name_value = ur_get_user_extra_fields( $user_id ); // Get selected email template id for specific form. $template_id = ur_get_single_post_meta( $form_id, 'user_registration_select_email_template'); UR_Emailer::send_mail_to_user( $user->user_email, $user->user_login, $user_id, '', $name_value, $attachments, $template_id ); $redirect = add_query_arg( array( 'resend_verification_sent' => 1 ), $redirect ); } else { update_user_meta( $user_id, 'ur_confirm_email', '0' ); $redirect = add_query_arg( array( 'unverified' => 1 ), $redirect ); } wp_redirect( $redirect ); exit; } } /** * Admin notice after resend verification email sent. * @since 1.9.4 */ public function ur_admin_notice_resend_verification_sent() { echo '<div class="notice-success notice is-dismissible"><p>' . esc_html__( 'Verification Email Sent Successfully !! ', 'user-registration' ) . '</p></div>'; } /** * Add the column header for the email status column * * @param array $columns * * @return array */ public function add_column_head( $columns ) { if ( ! current_user_can( 'edit_user' ) ) { return $columns; } $the_columns['ur_user_user_status'] = __( 'Status', 'user-registration' ); $newcol = array_slice( $columns, 0, -1 ); $newcol = array_merge( $newcol, $the_columns ); $columns = array_merge( $newcol, array_slice( $columns, 1 ) ); return $columns; } /** * Set the status value for each user in the users list * * @param string $val * @param string $column_name * @param int $user_id * * @return string */ public function add_column_cell( $val, $user_id ) { $token = get_user_meta( $user_id, 'ur_confirm_email_token', true ); if ( '1' === $val ) { $val = __( 'Verified', 'user-registration' ); } elseif ( $val === '0' && isset( $token ) ) { $val = __( 'Pending', 'user-registration' ); } else { $val = '-'; } return $val; } /** * Enqueque CSS to load notice * * @return void */ public function ur_enqueue_script() { wp_register_style( 'user-registration-css', UR()->plugin_url() . '/assets/css/user-registration.css', array(), UR_VERSION ); wp_enqueue_style( 'user-registration-css' ); } // Successful registration message. public function custom_registration_message() { return ur_print_notice( __( 'User successfully registered. Login to continue.', 'user-registration' ) ); } // Token mismatch message. public function custom_registration_error_message() { return ur_print_notice( __( 'Token Mismatch!', 'user-registration' ), 'error' ); } // Token expired message. public function custom_token_expired_message() { return ur_print_notice( __( 'Token Expired . Please request for new verification email.', 'user-registration' ), 'error' ); } // Resend verification email message. public function custom_resend_email_token_message() { return ur_print_notice( __( 'Verification Email Sent!', 'user-registration' ) ); } // Resend verification email error message. public function custom_resend_email_token_error_message() { return ur_print_notice( __( 'User does not exist!', 'user-registration' ), 'error' ); } /** * Compare user token with token in url * * @return void */ public function check_token_before_authenticate() { $user_reg_successful = false; add_action( 'login_enqueue_scripts', array( $this, 'ur_enqueue_script' ), 1 ); // Condition for resending token. if ( isset( $_GET['ur_resend_id'] ) && $_GET['ur_resend_token'] === 'true' ) { if ( empty( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( $_REQUEST['_wpnonce'], 'ur_resend_token' ) ) { die( __( 'Action failed. Please refresh the page and retry.', 'user-registration' ) ); } $output = $this->crypt_the_string( $_GET['ur_resend_id'], 'd' ); $output = explode( '_', $output ); $user_id = absint( $output[0] ); $user = get_user_by( 'id', $user_id ); $form_id = ur_get_form_id_by_userid( $user_id ); if ( $user && 'email_confirmation' === ur_get_single_post_meta( $form_id, 'user_registration_form_setting_login_options', get_option( 'user_registration_general_setting_login_options', 'default' ) ) ) { $this->set_email_status( array(), '', $user_id ); $attachments = apply_filters( 'user_registration_email_attachment_resending_token', array() ); $name_value = ur_get_user_extra_fields( $user_id ); // Get selected email template id for specific form. $template_id = ur_get_single_post_meta( $form_id, 'user_registration_select_email_template'); UR_Emailer::send_mail_to_user( $user->user_email, $user->user_login, $user_id, '', $name_value, $attachments, $template_id ); add_filter( 'login_message', array( $this, 'custom_resend_email_token_message' ) ); add_filter( 'user_registration_login_form_before_notice', array( $this, 'custom_resend_email_token_message' ) ); } else { add_filter( 'login_message', array( $this, 'custom_resend_email_token_error_message' ) ); add_filter( 'user_registration_login_form_before_notice', array( $this, 'custom_resend_email_token_error_message' ) ); } } if ( ! isset( $_GET['ur_token'] ) ) { return; } else { $ur_token = str_split( $_GET['ur_token'], 50 ); $token_string = $ur_token[1]; if ( 2 < count( $ur_token ) ) { unset( $ur_token[0] ); $token_string = join( '', $ur_token ); } $output = $this->crypt_the_string( $token_string, 'd' ); $output = explode( '_', $output ); $user_id = absint( $output[0] ); $user_token = get_user_meta( $user_id, 'ur_confirm_email_token', true ); $form_id = ur_get_form_id_by_userid( $user_id ); // Check if the token matches the token value stored in db. if ( $user_token === $_GET['ur_token'] && 'email_confirmation' === ur_get_single_post_meta( $form_id, 'user_registration_form_setting_login_options', get_option( 'user_registration_general_setting_login_options', 'default' ) ) ) { if ( isset( $output[1]) && time() > ( $output[1] + 60 * 60 * 24 ) ) { add_filter( 'login_message', array( $this, 'custom_token_expired_message' ) ); add_filter( 'user_registration_login_form_before_notice', array( $this, 'custom_token_expired_message' ) ); } else { $user_reg_successful = true; update_user_meta( $user_id, 'ur_confirm_email', 1 ); delete_user_meta( $user_id, 'ur_confirm_email_token' ); add_filter( 'login_message', array( $this, 'custom_registration_message' ) ); add_filter( 'user_registration_login_form_before_notice', array( $this, 'custom_registration_message' ) ); } } else { add_filter( 'login_message', array( $this, 'custom_registration_error_message' ) ); add_filter( 'user_registration_login_form_before_notice', array( $this, 'custom_registration_error_message' ) ); } do_action( 'user_registration_check_token_complete', $user_id, $user_reg_successful ); } } /** * Encrypt/Decrypt the provided string. * Encrypt while setting token and updating to database, decrypt while comparing the stored token. * * @param string $string String to encrypt/decrypt * @param string $action Encrypt/decrypt action. 'e' for encrypt and 'd' for decrypt * @return string Encrypted/Decrypted string. */ public function crypt_the_string( $string, $action = 'e' ) { $secret_key = 'ur_secret_key'; $secret_iv = 'ur_secret_iv'; $output = false; $encrypt_method = 'AES-256-CBC'; $key = hash( 'sha256', $secret_key ); $iv = substr( hash( 'sha256', $secret_iv ), 0, 16 ); if ( $action == 'e' ) { $output = base64_encode( openssl_encrypt( $string, $encrypt_method, $key, 0, $iv ) ); } elseif ( $action == 'd' ) { $output = openssl_decrypt( base64_decode( $string ), $encrypt_method, $key, 0, $iv ); } return $output; } /** * Generate email token for the user. * * @param int $user_id User ID. * @return string Token. */ public function get_token( $user_id ) { $length = 50; $token = ''; $codeAlphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $codeAlphabet .= 'abcdefghijklmnopqrstuvwxyz'; $codeAlphabet .= '0123456789'; $max = strlen( $codeAlphabet ); for ( $i = 0; $i < $length; $i++ ) { $token .= $codeAlphabet[ random_int( 0, $max - 1 ) ]; } $token .= $this->crypt_the_string( $user_id . '_' . time(), 'e' ); return $token; do_action( 'user_registration_get_token' ); } /** * Set the token of the user and update it to usermeta table in database. * * @param array $valid_form_data Form filled data. * @param int $form_id Form ID. * @param int $user_id User ID. */ public function set_email_status( $valid_form_data, $form_id, $user_id ) { $form_id = ( $form_id ) ? $form_id : 0; if ( 'email_confirmation' === ur_get_single_post_meta( $form_id, 'user_registration_form_setting_login_options', get_option( 'user_registration_general_setting_login_options', 'default' ) ) ) { $token = $this->get_token( $user_id ); update_user_meta( $user_id, 'ur_confirm_email', 0 ); update_user_meta( $user_id, 'ur_confirm_email_token', $token ); } } /** * Check the email status during authentication * * @param WP_User $user User instance * @return mixed */ public function check_email_status( WP_User $user, $password ) { $form_id = ur_get_form_id_by_userid( $user->ID ); $general_login_option = get_option( 'user_registration_general_setting_login_options', 'default' ); if ( 'email_confirmation' === ur_get_single_post_meta( $form_id, 'user_registration_form_setting_login_options', $general_login_option ) ) { $email_status = get_user_meta( $user->ID, 'ur_confirm_email', true ); do_action( 'ur_user_before_check_email_status_on_login', $email_status, $user ); $url = ( ! empty( $_SERVER['HTTPS'] ) ) ? 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] : 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; $url = substr( $url, 0, strpos( $url, '?' ) ); $url = wp_nonce_url( $url . '?ur_resend_id=' . $this->crypt_the_string( $user->ID . '_' . time(), 'e' ) . '&ur_resend_token=true', 'ur_resend_token' ); if ( $email_status === '0' ) { $message = '<strong>' . __( 'ERROR:', 'user-registration' ) . '</strong> ' . sprintf( __( 'Your account is still pending approval. Verify your email by clicking on the link sent to your email. %s', 'user-registration' ), '<a id="resend-email" href="' . esc_url( $url ) . '">' . __( 'Resend Verification Link', 'user-registration' ) . '</a>' ); return new WP_Error( 'user_email_not_verified', $message ); } return $user; } return $user; } /** * If the user is not approved, disalow to reset the password fom Lost Passwod form and display an error message * * @param $result * @param $user_id * * @return \WP_Error */ public function allow_password_reset( $result, $user_id ) { $form_id = ur_get_form_id_by_userid( $user_id ); if ( 'email_confirmation' === ur_get_single_post_meta( $form_id, 'user_registration_form_setting_login_options', get_option( 'user_registration_general_setting_login_options', 'default' ) ) ) { $email_status = get_user_meta( $user_id, 'ur_confirm_email', true ); if ( $email_status === '0' ) { $error_message = __( 'Email not verified! Verify your email by clicking on the link sent to your email.', 'user-registration' ); $result = new WP_Error( 'user_email_not_verified', $error_message ); } } return $result; } /** * @deprecated 1.4.0 * @param string $string the string to encrypt/decrypt * @param string $action the action encrypt or decrypt * @return void */ public function my_simple_crypt( $string, $action ) { ur_deprecated_function( 'UR_Email_Confirmation::my_simple_crypt', '1.4.0', 'UR_Email_Confirmation::crypt_the_string' ); } /** * @deprecated 1.4.0 * @param $user_id User's ID. * @return void */ public function getToken( $user_id ) { ur_deprecated_function( 'UR_Email_Confirmation::getToken', '1.4.0', 'UR_Email_Confirmation::get_token' ); } } new UR_Email_Confirmation();