/bp-forums/bbpress/bb-includes/functions.bb-pluggable.php

  1. <?php 
  2.  
  3. if ( !function_exists( 'bb_auth' ) ) : 
  4. function bb_auth( $scheme = 'auth' ) { // Checks if a user has a valid cookie, if not redirects them to the main page 
  5.   if ( !bb_validate_auth_cookie( '', $scheme ) ) { 
  6.       nocache_headers(); 
  7.       if ( 'auth' === $scheme && !bb_is_user_logged_in() ) { 
  8.           $protocol = 'http://'; 
  9.           if ( is_ssl() ) { 
  10.               $protocol = 'https://'; 
  12.           wp_redirect( bb_get_uri( 'bb-login.php', array( 'redirect_to' => $protocol . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ), BB_URI_CONTEXT_HEADER + BB_URI_CONTEXT_BB_USER_FORMS ) ); 
  13.       } else { 
  14.           wp_redirect( bb_get_uri( null, null, BB_URI_CONTEXT_HEADER ) ); 
  16.       exit; 
  19. endif; 
  20.  
  21. // $already_md5 variable is deprecated 
  22. if ( !function_exists('bb_check_login') ) : 
  23. function bb_check_login($user, $pass, $already_md5 = false) { 
  24.   global $wp_users_object; 
  25.  
  26.   if ( !bb_get_option( 'email_login' ) || false === strpos( $user, '@' ) ) { // user_login 
  27.       $user = $wp_users_object->get_user( $user, array( 'by' => 'login' ) ); 
  28.   } else { // maybe an email 
  29.       $email_user = $wp_users_object->get_user( $user, array( 'by' => 'email' ) ); 
  30.       $user = $wp_users_object->get_user( $user, array( 'by' => 'login' ) ); 
  31.       // 9 cases.  each can be FALSE, USER, or WP_ERROR 
  32.       if ( 
  33.           ( !$email_user && $user ) // FALSE && USER, FALSE && WP_ERROR 
  34.       || 
  35.           ( is_wp_error( $email_user ) && $user && !is_wp_error( $user ) ) // WP_ERROR && USER 
  36.  ) { 
  37.           // nope: it really was a user_login 
  38.           // [sic]: use $user 
  39.       } elseif ( 
  40.           ( $email_user && !$user ) // USER && FALSE, WP_ERROR && FALSE 
  41.       || 
  42.           ( $email_user && !is_wp_error( $email_user ) && is_wp_error( $user ) ) // USER && WP_ERROR 
  43.  ) { 
  44.           // yup: it was an email 
  45.           $user =& $email_user; 
  46.       } elseif ( !$email_user && !$user ) { // FALSE && FALSE 
  47.           // Doesn't matter what it was: neither worked 
  48.           return false; 
  49.       } elseif ( is_wp_error( $email_user ) && is_wp_error( $user ) ) { // WP_ERROR && WP_ERROR 
  50.           // This can't happen.  If it does, let's use the email error.  It's probably "multiple matches", so maybe logging in with a username will work 
  51.           $user =& $email_user; 
  52.       } elseif ( $email_user && $user ) { // USER && USER 
  53.           // both are user objects 
  54.           if ( $email_user->ID == $user->ID ); // [sic]: they are the same, use $user 
  55.           elseif ( bb_check_password($pass, $user->user_pass, $user->ID) ); // [sic]: use $user 
  56.           elseif ( bb_check_password($pass, $email_user->user_pass, $email_user->ID) ) 
  57.               $user =& $email_user; 
  58.       } else { // This can't happen, that's all 9 cases. 
  59.           // [sic]: use $user 
  62.  
  63.   if ( !$user ) 
  64.       return false; 
  65.  
  66.   if ( is_wp_error($user) ) 
  67.       return $user; 
  68.    
  69.   if ( !bb_check_password($pass, $user->user_pass, $user->ID) ) 
  70.       return false; 
  71.  
  72.   // User is logging in for the first time, update their user_status to normal 
  73.   if ( 1 == $user->user_status ) 
  74.       bb_update_user_status( $user->ID, 0 ); 
  75.    
  76.   return $user; 
  78. endif; 
  79.  
  80. if ( !function_exists('bb_get_current_user') ) : 
  81. function bb_get_current_user() { 
  82.   global $wp_auth_object; 
  83.   return $wp_auth_object->get_current_user(); 
  85. endif; 
  86.  
  87. if ( !function_exists('bb_set_current_user') ) : 
  88. function bb_set_current_user( $id ) { 
  89.   global $wp_auth_object; 
  90.   $current_user = $wp_auth_object->set_current_user( $id ); 
  91.    
  92.   do_action('bb_set_current_user', isset($current_user->ID) ? $current_user->ID : 0 ); 
  93.    
  94.   return $current_user; 
  96. endif; 
  97.  
  98. if ( !function_exists('bb_current_user') ) : 
  99. //This is only used at initialization.  Use bb_get_current_user_info() (or $bb_current_user global if really needed) to grab user info. 
  100. function bb_current_user() { 
  101.   if (BB_INSTALLING) 
  102.       return false; 
  103.  
  104.   return bb_get_current_user(); 
  106. endif; 
  107.  
  108. if ( !function_exists('bb_is_user_authorized') ) : 
  109. function bb_is_user_authorized() { 
  110.   return bb_is_user_logged_in(); 
  112. endif; 
  113.  
  114. if ( !function_exists('bb_is_user_logged_in') ) : 
  115. function bb_is_user_logged_in() { 
  116.   $current_user = bb_get_current_user(); 
  117.  
  118.   if ( empty($current_user) ) 
  119.       return false; 
  120.    
  121.   return true; 
  123. endif; 
  124.  
  125. if ( !function_exists('bb_login') ) : 
  126. function bb_login( $login, $password, $remember = false ) { 
  127.   $user = bb_check_login( $login, $password ); 
  128.   if ( $user && !is_wp_error( $user ) ) { 
  129.       bb_set_auth_cookie( $user->ID, $remember ); 
  130.       do_action('bb_user_login', (int) $user->ID ); 
  132.    
  133.   return $user; 
  135. endif; 
  136.  
  137. if ( !function_exists('bb_logout') ) : 
  138. function bb_logout() { 
  139.   bb_clear_auth_cookie(); 
  140.    
  141.   do_action('bb_user_logout'); 
  143. endif; 
  144.  
  145. if ( !function_exists( 'bb_validate_auth_cookie' ) ) : 
  146. function bb_validate_auth_cookie( $cookie = '', $scheme = 'auth' ) { 
  147.   global $wp_auth_object; 
  148.   if ( empty($cookie) && $scheme == 'auth' ) { 
  149.       if ( is_ssl() ) { 
  150.           $scheme = 'secure_auth'; 
  151.       } else { 
  152.           $scheme = 'auth'; 
  155.   return $wp_auth_object->validate_auth_cookie( $cookie, $scheme ); 
  157. endif; 
  158.  
  159. if ( !function_exists( 'bb_set_auth_cookie' ) ) : 
  160. function bb_set_auth_cookie( $user_id, $remember = false, $schemes = false ) { 
  161.   global $wp_auth_object; 
  162.  
  163.   if ( $remember ) { 
  164.       $expiration = $expire = time() + 1209600; 
  165.   } else { 
  166.       $expiration = time() + 172800; 
  167.       $expire = 0; 
  169.  
  170.   if ( true === $schemes ) { 
  171.       $schemes = array( 'secure_auth', 'logged_in' ); 
  172.   } elseif ( !is_array( $schemes ) ) { 
  173.       $schemes = array(); 
  174.       if ( force_ssl_login() || force_ssl_admin() ) { 
  175.           $schemes[] = 'secure_auth'; 
  177.       if ( !( force_ssl_login() && force_ssl_admin() ) ) { 
  178.           $schemes[] = 'auth'; 
  180.       $schemes[] = 'logged_in'; 
  182.   $schemes = array_unique( $schemes ); 
  183.  
  184.   foreach ( $schemes as $scheme ) { 
  185.       $wp_auth_object->set_auth_cookie( $user_id, $expiration, $expire, $scheme ); 
  188. endif; 
  189.  
  190. if ( !function_exists('bb_clear_auth_cookie') ) : 
  191. function bb_clear_auth_cookie() { 
  192.   global $bb, $wp_auth_object; 
  193.    
  194.   $wp_auth_object->clear_auth_cookie(); 
  195.    
  196.   // Old cookies 
  197.   setcookie($bb->authcookie, ' ', time() - 31536000, $bb->cookiepath, $bb->cookiedomain); 
  198.   setcookie($bb->authcookie, ' ', time() - 31536000, $bb->sitecookiepath, $bb->cookiedomain); 
  199.    
  200.   // Even older cookies 
  201.   setcookie($bb->usercookie, ' ', time() - 31536000, $bb->cookiepath, $bb->cookiedomain); 
  202.   setcookie($bb->usercookie, ' ', time() - 31536000, $bb->sitecookiepath, $bb->cookiedomain); 
  203.   setcookie($bb->passcookie, ' ', time() - 31536000, $bb->cookiepath, $bb->cookiedomain); 
  204.   setcookie($bb->passcookie, ' ', time() - 31536000, $bb->sitecookiepath, $bb->cookiedomain); 
  206. endif; 
  207.  
  208. if ( !function_exists('wp_redirect') ) : // [WP11537] 
  209. /** 
  210.  * Redirects to another page, with a workaround for the IIS Set-Cookie bug. 
  211.  * 
  212.  * @link http://support.microsoft.com/kb/q176113/ 
  213.  * @since 1.5.1 
  214.  * @uses apply_filters() Calls 'wp_redirect' hook on $location and $status. 
  215.  * 
  216.  * @param string $location The path to redirect to 
  217.  * @param int $status Status code to use 
  218.  * @return bool False if $location is not set 
  219.  */ 
  220. function wp_redirect($location, $status = 302) { 
  221.   global $is_IIS; 
  222.  
  223.   $location = apply_filters('wp_redirect', $location, $status); 
  224.   $status = apply_filters('wp_redirect_status', $status, $location); 
  225.  
  226.   if ( !$location ) // allows the wp_redirect filter to cancel a redirect 
  227.       return false; 
  228.  
  229.   $location = wp_sanitize_redirect($location); 
  230.  
  231.   if ( $is_IIS ) { 
  232.       header("Refresh: 0;url=$location"); 
  233.   } else { 
  234.       if ( php_sapi_name() != 'cgi-fcgi' ) 
  235.           status_header($status); // This causes problems on IIS and some FastCGI setups 
  236.       header("Location: $location"); 
  239. endif; 
  240.  
  241. if ( !function_exists('wp_sanitize_redirect') ) : // [WP11537] 
  242. /** 
  243.  * Sanitizes a URL for use in a redirect. 
  244.  * 
  245.  * @since 2.3 
  246.  * 
  247.  * @return string redirect-sanitized URL 
  248.  **/ 
  249. function wp_sanitize_redirect($location) { 
  250.   $location = preg_replace('|[^a-z0-9-~+_.?#=&;, /:%!]|i', '', $location); 
  251.   $location = wp_kses_no_null($location); 
  252.  
  253.   // remove %0d and %0a from location 
  254.   $strip = array('%0d', '%0a'); 
  255.   $found = true; 
  256.   while($found) { 
  257.       $found = false; 
  258.       foreach( (array) $strip as $val ) { 
  259.           while(strpos($location, $val) !== false) { 
  260.               $found = true; 
  261.               $location = str_replace($val, '', $location); 
  265.   return $location; 
  267. endif; 
  268.  
  269. if ( !function_exists('bb_safe_redirect') ) : // based on [WP6145] (home is different) 
  270. /** 
  271.  * Performs a safe (local) redirect, using wp_redirect(). 
  272.  * 
  273.  * Checks whether the $location is using an allowed host, if it has an absolute 
  274.  * path. A plugin can therefore set or remove allowed host(s) to or from the 
  275.  * list. 
  276.  * 
  277.  * If the host is not allowed, then the redirect is to the site url 
  278.  * instead. This prevents malicious redirects which redirect to another host,  
  279.  * but only used in a few places. 
  280.  * 
  281.  * @uses apply_filters() Calls 'allowed_redirect_hosts' on an array containing 
  282.  *        bbPress host string and $location host string. 
  283.  * 
  284.  * @return void Does not return anything 
  285.  **/ 
  286. function bb_safe_redirect( $location, $status = 302 ) { 
  287.  
  288.   // Need to look at the URL the way it will end up in wp_redirect() 
  289.   $location = wp_sanitize_redirect($location); 
  290.  
  291.   // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//' 
  292.   if ( substr($location, 0, 2) == '//' ) 
  293.       $location = 'http:' . $location; 
  294.  
  295.   // In php 5 parse_url may fail if the URL query part contains http://, bug #38143 
  296.   $test = ( $cut = strpos($location, '?') ) ? substr( $location, 0, $cut ) : $location; 
  297.  
  298.   $lp = parse_url($test); 
  299.   $bp = parse_url(bb_get_uri()); 
  300.  
  301.   $allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($bp['host']), isset($lp['host']) ? $lp['host'] : ''); 
  302.  
  303.   if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($bp['host'])) ) 
  304.       $location = bb_get_uri(null, null, BB_URI_CONTEXT_HEADER); 
  305.  
  306.   return wp_redirect($location, $status); 
  308. endif; 
  309.  
  310. if ( !function_exists('bb_nonce_tick') ) : 
  311. /** 
  312.  * Get the time-dependent variable for nonce creation. 
  313.  * 
  314.  * A nonce has a lifespan of two ticks. Nonces in their second tick may be 
  315.  * updated, e.g. by autosave. 
  316.  * 
  317.  * @since 1.0 
  318.  * 
  319.  * @return int 
  320.  */ 
  321. function bb_nonce_tick() { 
  322.   $nonce_life = apply_filters('bb_nonce_life', 86400); 
  323.  
  324.   return ceil(time() / ( $nonce_life / 2 )); 
  326. endif; 
  327.  
  328. if ( !function_exists('bb_verify_nonce') ) : 
  329. /** 
  330.  * Verify that correct nonce was used with time limit. 
  331.  * 
  332.  * The user is given an amount of time to use the token, so therefore, since the 
  333.  * UID and $action remain the same, the independent variable is the time. 
  334.  * 
  335.  * @param string $nonce Nonce that was used in the form to verify 
  336.  * @param string|int $action Should give context to what is taking place and be the same when nonce was created. 
  337.  * @return bool Whether the nonce check passed or failed. 
  338.  */ 
  339. function bb_verify_nonce($nonce, $action = -1) { 
  340.   $user = bb_get_current_user(); 
  341.   $uid = (int) $user->ID; 
  342.  
  343.   $i = bb_nonce_tick(); 
  344.  
  345.   // Nonce generated 0-12 hours ago 
  346.   if ( substr(bb_hash($i . $action . $uid, 'nonce'), -12, 10) == $nonce ) 
  347.       return 1; 
  348.   // Nonce generated 12-24 hours ago 
  349.   if ( substr(bb_hash(($i - 1) . $action . $uid, 'nonce'), -12, 10) == $nonce ) 
  350.       return 2; 
  351.   // Invalid nonce 
  352.   return false; 
  354. endif; 
  355.  
  356. if ( !function_exists('bb_create_nonce') ) : 
  357. /** 
  358.  * Creates a random, one time use token. 
  359.  * 
  360.  * @since 2.0.4 
  361.  * 
  362.  * @param string|int $action Scalar value to add context to the nonce. 
  363.  * @return string The one use form token 
  364.  */ 
  365. function bb_create_nonce($action = -1) { 
  366.   $user = bb_get_current_user(); 
  367.   $uid = (int) $user->ID; 
  368.  
  369.   $i = bb_nonce_tick(); 
  370.    
  371.   return substr(bb_hash($i . $action . $uid, 'nonce'), -12, 10); 
  373. endif; 
  374.  
  375. function _bb_get_key( $key, $default_key = false ) 
  377.   global $bb_default_secret_key; 
  378.  
  379.   if ( defined( $key ) && '' != constant( $key ) && $bb_default_secret_key != constant( $key ) ) { 
  380.       return constant( $key ); 
  382.  
  383.   return ''; 
  385.  
  386. function _bb_get_salt( $constants, $option = false ) 
  388.   if ( !is_array( $constants ) ) { 
  389.       $constants = array( $constants ); 
  391.  
  392.   foreach ($constants as $constant ) { 
  393.       if ( defined( $constant ) ) { 
  394.           return constant( $constant ); 
  397.  
  398.   if ( !defined( 'BB_INSTALLING' ) || !BB_INSTALLING ) { 
  399.       if ( !$option ) { 
  400.           $option = strtolower( $constants[0] ); 
  402.       $salt = bb_get_option( $option ); 
  403.       if ( empty( $salt ) ) { 
  404.           $salt = bb_generate_password( 64 ); 
  405.           bb_update_option( $option, $salt ); 
  407.       return $salt; 
  409.  
  410.   return ''; 
  412.  
  413. // Not verbatim WP, constants have different names, uses helper functions. 
  414. if ( !function_exists( 'bb_salt' ) ) : 
  415. /** 
  416.  * Get salt to add to hashes to help prevent attacks. 
  417.  * 
  418.  * @since 0.9 
  419.  * @link http://api.wordpress.org/secret-key/1.1/bbpress/ Create a set of keys for bb-config.php 
  420.  * @uses _bb_get_key() 
  421.  * @uses _bb_get_salt() 
  422.  * 
  423.  * @return string Salt value for the given scheme 
  424.  */ 
  425. function bb_salt( $scheme = 'auth' ) 
  427.   // Deprecated 
  428.   $secret_key = _bb_get_key( 'BB_SECRET_KEY' ); 
  429.  
  430.   switch ($scheme) { 
  431.       case 'auth': 
  432.           $secret_key = _bb_get_key( 'BB_AUTH_KEY' ); 
  433.           $salt = _bb_get_salt( array( 'BB_AUTH_SALT', 'BB_SECRET_SALT' ) ); 
  434.           break; 
  435.  
  436.       case 'secure_auth': 
  437.           $secret_key = _bb_get_key( 'BB_SECURE_AUTH_KEY' ); 
  438.           $salt = _bb_get_salt( 'BB_SECURE_AUTH_SALT' ); 
  439.           break; 
  440.  
  441.       case 'logged_in': 
  442.           $secret_key = _bb_get_key( 'BB_LOGGED_IN_KEY' ); 
  443.           $salt = _bb_get_salt( 'BB_LOGGED_IN_SALT' ); 
  444.           break; 
  445.  
  446.       case 'nonce': 
  447.           $secret_key = _bb_get_key( 'BB_NONCE_KEY' ); 
  448.           $salt = _bb_get_salt( 'BB_NONCE_SALT' ); 
  449.           break; 
  450.  
  451.       default: 
  452.           // ensure each auth scheme has its own unique salt 
  453.           $salt = hash_hmac( 'md5', $scheme, $secret_key ); 
  454.           break; 
  456.  
  457.   return apply_filters( 'salt', $secret_key . $salt, $scheme ); 
  459. endif; 
  460.  
  461. if ( !function_exists( 'bb_hash' ) ) : 
  462. function bb_hash( $data, $scheme = 'auth' ) {  
  463.   $salt = bb_salt( $scheme ); 
  464.  
  465.   return hash_hmac( 'md5', $data, $salt ); 
  467. endif; 
  468.  
  469. if ( !function_exists( 'bb_hash_password' ) ) : 
  470. function bb_hash_password( $password ) { 
  471.   return WP_Pass::hash_password( $password ); 
  473. endif; 
  474.  
  475. if ( !function_exists( 'bb_check_password') ) : 
  476. function bb_check_password( $password, $hash, $user_id = '' ) { 
  477.   return WP_Pass::check_password( $password, $hash, $user_id ); 
  479. endif; 
  480.  
  481. if ( !function_exists( 'bb_generate_password' ) ) : 
  482. /** 
  483.  * Generates a random password drawn from the defined set of characters 
  484.  * @return string the password 
  485.  */ 
  486. function bb_generate_password( $length = 12, $special_chars = true ) { 
  487.   return WP_Pass::generate_password( $length, $special_chars ); 
  489. endif; 
  490.  
  491. if ( !function_exists('bb_check_admin_referer') ) : 
  492. function bb_check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) { 
  493.   $nonce = ''; 
  494.   if ( isset( $_POST[$query_arg] ) && $_POST[$query_arg] ) { 
  495.       $nonce = $_POST[$query_arg]; 
  496.   } elseif ( isset( $_GET[$query_arg] ) && $_GET[$query_arg] ) { 
  497.       $nonce = $_GET[$query_arg]; 
  499.   if ( !bb_verify_nonce($nonce, $action) ) { 
  500.       bb_nonce_ays($action); 
  501.       die(); 
  503.   do_action('bb_check_admin_referer', $action); 
  505. endif; 
  506.  
  507. if ( !function_exists('bb_check_ajax_referer') ) : 
  508. function bb_check_ajax_referer( $action = -1, $query_arg = false, $die = true ) { 
  509.   $requests = array(); 
  510.   if ( $query_arg ) { 
  511.       $requests[] = $query_arg; 
  513.   $requests[] = '_ajax_nonce'; 
  514.   $requests[] = '_wpnonce'; 
  515.  
  516.   $nonce = ''; 
  517.   foreach ( $requests as $request ) { 
  518.       if ( isset( $_POST[$request] ) && $_POST[$request] ) { 
  519.           $nonce = $_POST[$request]; 
  520.           break; 
  521.       } elseif ( isset( $_GET[$request] ) && $_GET[$request] ) { 
  522.           $nonce = $_GET[$request]; 
  523.           break; 
  526.  
  527.   $result = bb_verify_nonce( $nonce, $action ); 
  528.  
  529.   if ( $die && false == $result ) 
  530.       die('-1'); 
  531.  
  532.   do_action('bb_check_ajax_referer', $action, $result); 
  533.   return $result; 
  535. endif; 
  536.  
  537. if ( !function_exists('bb_break_password') ) : 
  538. function bb_break_password( $user_id ) { 
  539.   global $bbdb; 
  540.   $user_id = (int) $user_id; 
  541.   if ( !$user = bb_get_user( $user_id ) ) 
  542.       return false; 
  543.   $secret = substr(bb_hash( 'bb_break_password' ), 0, 13); 
  544.   if ( false === strpos( $user->user_pass, '---' ) ) 
  545.       return $bbdb->query( $bbdb->prepare( 
  546.           "UPDATE $bbdb->users SET user_pass = CONCAT(user_pass, '---', %s) WHERE ID = %d",  
  547.           $secret, $user_id 
  548.  ) ); 
  549.   else 
  550.       return true; 
  552. endif; 
  553.  
  554. if ( !function_exists('bb_fix_password') ) : 
  555. function bb_fix_password( $user_id ) { 
  556.   global $bbdb; 
  557.   $user_id = (int) $user_id; 
  558.   if ( !$user = bb_get_user( $user_id ) ) 
  559.       return false; 
  560.   if ( false === strpos( $user->user_pass, '---' ) ) 
  561.       return true; 
  562.   else 
  563.       return $bbdb->query( $bbdb->prepare( 
  564.           "UPDATE $bbdb->users SET user_pass = SUBSTRING_INDEX(user_pass, '---', 1) WHERE ID = %d",  
  565.           $user_id 
  566.  ) ); 
  568. endif; 
  569.  
  570. if ( !function_exists('bb_has_broken_pass') ) : 
  571. function bb_has_broken_pass( $user_id = 0 ) { 
  572.   global $bb_current_user; 
  573.   if ( !$user_id ) 
  574.       $user =& $bb_current_user->data; 
  575.   else 
  576.       $user = bb_get_user( $user_id ); 
  577.  
  578.   return ( false !== strpos($user->user_pass, '---' ) ); 
  580. endif; 
  581.  
  582. if ( !function_exists('bb_new_user') ) : 
  583. function bb_new_user( $user_login, $user_email, $user_url, $user_status = 1 ) { 
  584.   global $wp_users_object, $bbdb; 
  585.  
  586.   // is_email check + dns 
  587.   if ( !$user_email = is_email( $user_email ) ) 
  588.       return new WP_Error( 'user_email', __( 'Invalid email address' ), $user_email ); 
  589.  
  590.   if ( !$user_login = sanitize_user( $user_login, true ) ) 
  591.       return new WP_Error( 'user_login', __( 'Invalid username' ), $user_login ); 
  592.    
  593.   // user_status = 1 means the user has not yet been verified 
  594.   $user_status = is_numeric($user_status) ? (int) $user_status : 1; 
  595.   if ( defined( 'BB_INSTALLING' ) ) 
  596.       $user_status = 0; 
  597.    
  598.   $user_nicename = $_user_nicename = bb_user_nicename_sanitize( $user_login ); 
  599.   if ( strlen( $_user_nicename ) < 1 ) 
  600.       return new WP_Error( 'user_login', __( 'Invalid username' ), $user_login ); 
  601.  
  602.   while ( is_numeric($user_nicename) || $existing_user = bb_get_user_by_nicename( $user_nicename ) ) 
  603.       $user_nicename = bb_slug_increment($_user_nicename, $existing_user->user_nicename, 50); 
  604.    
  605.   $user_url = $user_url ? bb_fix_link( $user_url ) : ''; 
  606.  
  607.   $user_pass = bb_generate_password(); 
  608.  
  609.   $user = $wp_users_object->new_user( compact( 'user_login', 'user_email', 'user_url', 'user_nicename', 'user_status', 'user_pass' ) ); 
  610.   if ( is_wp_error($user) ) { 
  611.       if ( 'user_nicename' == $user->get_error_code() ) 
  612.           return new WP_Error( 'user_login', $user->get_error_message() ); 
  613.       return $user; 
  615.  
  616.   if (BB_INSTALLING) { 
  617.       bb_update_usermeta( $user['ID'], $bbdb->prefix . 'capabilities', array('keymaster' => true) ); 
  618.   } else { 
  619.       bb_update_usermeta( $user['ID'], $bbdb->prefix . 'capabilities', array('member' => true) ); 
  620.       bb_send_pass( $user['ID'], $user['plain_pass'] ); 
  622.  
  623.   do_action('bb_new_user', $user['ID'], $user['plain_pass']); 
  624.   return $user['ID']; 
  626. endif; 
  627.  
  628. if ( !function_exists( 'bb_mail' ) ) : 
  629. /** 
  630.  * Send mail, similar to PHP's mail 
  631.  * 
  632.  * A true return value does not automatically mean that the user received the 
  633.  * email successfully. It just only means that the method used was able to 
  634.  * process the request without any errors. 
  635.  * 
  636.  * Using the two 'bb_mail_from' and 'bb_mail_from_name' hooks allow from 
  637.  * creating a from address like 'Name <email@address.com>' when both are set. If 
  638.  * just 'bb_mail_from' is set, then just the email address will be used with no 
  639.  * name. 
  640.  * 
  641.  * The default content type is 'text/plain' which does not allow using HTML. 
  642.  * However, you can set the content type of the email by using the 
  643.  * 'bb_mail_content_type' filter. 
  644.  * 
  645.  * The default charset is based on the charset used on the blog. The charset can 
  646.  * be set using the 'bb_mail_charset' filter. 
  647.  * 
  648.  * @uses apply_filters() Calls 'bb_mail' hook on an array of all of the parameters. 
  649.  * @uses apply_filters() Calls 'bb_mail_from' hook to get the from email address. 
  650.  * @uses apply_filters() Calls 'bb_mail_from_name' hook to get the from address name. 
  651.  * @uses apply_filters() Calls 'bb_mail_content_type' hook to get the email content type. 
  652.  * @uses apply_filters() Calls 'bb_mail_charset' hook to get the email charset 
  653.  * @uses do_action_ref_array() Calls 'bb_phpmailer_init' hook on the reference to 
  654.  *        phpmailer object. 
  655.  * @uses PHPMailer 
  656.  * 
  657.  * @param string $to Email address to send message 
  658.  * @param string $subject Email subject 
  659.  * @param string $message Message contents 
  660.  * @param string|array $headers Optional. Additional headers. 
  661.  * @param string|array $attachments Optional. Files to attach. 
  662.  * @return bool Whether the email contents were sent successfully. 
  663.  */ 
  664. function bb_mail( $to, $subject, $message, $headers = '', $attachments = array() ) { 
  665.   // Compact the input, apply the filters, and extract them back out 
  666.   extract( apply_filters( 'bb_mail', compact( 'to', 'subject', 'message', 'headers', 'attachments' ) ) ); 
  667.  
  668.   if ( !is_array($attachments) ) 
  669.       $attachments = explode( "\n", $attachments ); 
  670.  
  671.   global $bb_phpmailer; 
  672.  
  673.   // (Re)create it, if it's gone missing 
  674.   if ( !is_object( $bb_phpmailer ) || !is_a( $bb_phpmailer, 'PHPMailer' ) ) { 
  675.       require_once BACKPRESS_PATH . 'class.mailer.php'; 
  676.       require_once BACKPRESS_PATH . 'class.mailer-smtp.php'; 
  677.       $bb_phpmailer = new PHPMailer(); 
  679.  
  680.   // Headers 
  681.   if ( empty( $headers ) ) { 
  682.       $headers = array(); 
  683.   } else { 
  684.       if ( !is_array( $headers ) ) { 
  685.           // Explode the headers out, so this function can take both 
  686.           // string headers and an array of headers. 
  687.           $tempheaders = (array) explode( "\n", $headers ); 
  688.       } else { 
  689.           $tempheaders = $headers; 
  691.       $headers = array(); 
  692.  
  693.       // If it's actually got contents 
  694.       if ( !empty( $tempheaders ) ) { 
  695.           // Iterate through the raw headers 
  696.           foreach ( (array) $tempheaders as $header ) { 
  697.               if ( strpos($header, ':') === false ) { 
  698.                   if ( false !== stripos( $header, 'boundary=' ) ) { 
  699.                       $parts = preg_split('/boundary=/i', trim( $header ) ); 
  700.                       $boundary = trim( str_replace( array( "'", '"' ), '', $parts[1] ) ); 
  702.                   continue; 
  704.               // Explode them out 
  705.               list( $name, $content ) = explode( ':', trim( $header ), 2 ); 
  706.  
  707.               // Cleanup crew 
  708.               $name = trim( $name ); 
  709.               $content = trim( $content ); 
  710.  
  711.               // Mainly for legacy -- process a From: header if it's there 
  712.               if ( 'from' == strtolower($name) ) { 
  713.                   if ( strpos($content, '<' ) !== false ) { 
  714.                       // So... making my life hard again? 
  715.                       $from_name = substr( $content, 0, strpos( $content, '<' ) - 1 ); 
  716.                       $from_name = str_replace( '"', '', $from_name ); 
  717.                       $from_name = trim( $from_name ); 
  718.  
  719.                       $from_email = substr( $content, strpos( $content, '<' ) + 1 ); 
  720.                       $from_email = str_replace( '>', '', $from_email ); 
  721.                       $from_email = trim( $from_email ); 
  722.                   } else { 
  723.                       $from_email = trim( $content ); 
  725.               } elseif ( 'content-type' == strtolower($name) ) { 
  726.                   if ( strpos( $content, ';' ) !== false ) { 
  727.                       list( $type, $charset ) = explode( ';', $content ); 
  728.                       $content_type = trim( $type ); 
  729.                       if ( false !== stripos( $charset, 'charset=' ) ) { 
  730.                           $charset = trim( str_replace( array( 'charset=', '"' ), '', $charset ) ); 
  731.                       } elseif ( false !== stripos( $charset, 'boundary=' ) ) { 
  732.                           $boundary = trim( str_replace( array( 'BOUNDARY=', 'boundary=', '"' ), '', $charset ) ); 
  733.                           $charset = ''; 
  735.                   } else { 
  736.                       $content_type = trim( $content ); 
  738.               } elseif ( 'cc' == strtolower($name) ) { 
  739.                   $cc = explode(", ", $content); 
  740.               } elseif ( 'bcc' == strtolower($name) ) { 
  741.                   $bcc = explode(", ", $content); 
  742.               } else { 
  743.                   // Add it to our grand headers array 
  744.                   $headers[trim( $name )] = trim( $content ); 
  749.  
  750.   // Empty out the values that may be set 
  751.   $bb_phpmailer->ClearAddresses(); 
  752.   $bb_phpmailer->ClearAllRecipients(); 
  753.   $bb_phpmailer->ClearAttachments(); 
  754.   $bb_phpmailer->ClearBCCs(); 
  755.   $bb_phpmailer->ClearCCs(); 
  756.   $bb_phpmailer->ClearCustomHeaders(); 
  757.   $bb_phpmailer->ClearReplyTos(); 
  758.  
  759.   // From email and name 
  760.   // If we don't have a name from the input headers 
  761.   if ( !isset( $from_name ) ) { 
  762.       $from_name = bb_get_option('name'); 
  764.  
  765.   // If we don't have an email from the input headers 
  766.   if ( !isset( $from_email ) ) { 
  767.       $from_email = bb_get_option('from_email'); 
  769.  
  770.   // If there is still no email address 
  771.   if ( !$from_email ) { 
  772.       // Get the site domain and get rid of www. 
  773.       $sitename = strtolower( $_SERVER['SERVER_NAME'] ); 
  774.       if ( substr( $sitename, 0, 4 ) == 'www.' ) { 
  775.           $sitename = substr( $sitename, 4 ); 
  777.  
  778.       $from_email = 'bbpress@' . $sitename; 
  780.  
  781.   // Plugin authors can override the potentially troublesome default 
  782.   $bb_phpmailer->From = apply_filters( 'bb_mail_from', $from_email ); 
  783.   $bb_phpmailer->FromName = apply_filters( 'bb_mail_from_name', $from_name ); 
  784.  
  785.   // Set destination address 
  786.   $bb_phpmailer->AddAddress( $to ); 
  787.  
  788.   // Set mail's subject and body 
  789.   $bb_phpmailer->Subject = $subject; 
  790.   $bb_phpmailer->Body = $message; 
  791.  
  792.   // Add any CC and BCC recipients 
  793.   if ( !empty($cc) ) { 
  794.       foreach ( (array) $cc as $recipient ) { 
  795.           $bb_phpmailer->AddCc( trim($recipient) ); 
  798.   if ( !empty($bcc) ) { 
  799.       foreach ( (array) $bcc as $recipient) { 
  800.           $bb_phpmailer->AddBcc( trim($recipient) ); 
  803.  
  804.   // Set to use PHP's mail() 
  805.   $bb_phpmailer->IsMail(); 
  806.  
  807.   // Set Content-Type and charset 
  808.   // If we don't have a content-type from the input headers 
  809.   if ( !isset( $content_type ) ) { 
  810.       $content_type = 'text/plain'; 
  812.  
  813.   $content_type = apply_filters( 'bb_mail_content_type', $content_type ); 
  814.  
  815.   $bb_phpmailer->ContentType = $content_type; 
  816.  
  817.   // Set whether it's plaintext or not, depending on $content_type 
  818.   if ( $content_type == 'text/html' ) { 
  819.       $bb_phpmailer->IsHTML( true ); 
  821.  
  822.   // If we don't have a charset from the input headers 
  823.   if ( !isset( $charset ) ) { 
  824.       $charset = bb_get_option( 'charset' ); 
  826.  
  827.   // Set the content-type and charset 
  828.   $bb_phpmailer->CharSet = apply_filters( 'bb_mail_charset', $charset ); 
  829.  
  830.   // Set custom headers 
  831.   if ( !empty( $headers ) ) { 
  832.       foreach( (array) $headers as $name => $content ) { 
  833.           $bb_phpmailer->AddCustomHeader( sprintf( '%1$s: %2$s', $name, $content ) ); 
  835.       if ( false !== stripos( $content_type, 'multipart' ) && ! empty($boundary) ) { 
  836.           $bb_phpmailer->AddCustomHeader( sprintf( "Content-Type: %s;\n\t boundary=\"%s\"", $content_type, $boundary ) ); 
  839.  
  840.   if ( !empty( $attachments ) ) { 
  841.       foreach ( $attachments as $attachment ) { 
  842.           $bb_phpmailer->AddAttachment($attachment); 
  845.  
  846.   do_action_ref_array( 'bb_phpmailer_init', array( &$bb_phpmailer ) ); 
  847.  
  848.   // Send! 
  849.   $result = @$bb_phpmailer->Send(); 
  850.  
  851.   return $result; 
  853. endif; 
  854.  
  855. if ( !function_exists( 'bb_get_avatar' ) ) : 
  856. /** 
  857.  * Retrieve the avatar for a user provided a user ID or email address 
  858.  * 
  859.  * @since 0.9 
  860.  * @param int|string $id_or_email A user ID or email address 
  861.  * @param int $size Size of the avatar image 
  862.  * @param string $default URL to a default image to use if no avatar is available 
  863.  * @param string $alt Alternate text to use in image tag. Defaults to blank 
  864.  * @return string <img> tag for the user's avatar 
  865. */ 
  866. function bb_get_avatar( $id_or_email, $size = 80, $default = '', $alt = false ) { 
  867.   if ( !bb_get_option('avatars_show') ) 
  868.       return false; 
  869.  
  870.   if ( false === $alt) 
  871.       $safe_alt = ''; 
  872.   else 
  873.       $safe_alt = esc_attr( $alt ); 
  874.  
  875.   if ( !is_numeric($size) ) 
  876.       $size = 80; 
  877.  
  878.   if ( $email = bb_get_user_email($id_or_email) ) { 
  879.       $class = 'photo '; 
  880.   } else { 
  881.       $class = ''; 
  882.       $email = $id_or_email; 
  884.  
  885.   if ( !$email ) 
  886.       $email = ''; 
  887.  
  888.   if ( empty($default) ) 
  889.       $default = bb_get_option('avatars_default'); 
  890.  
  891.    if ( is_ssl() ) 
  892.       $host = 'https://secure.gravatar.com'; 
  893.   else 
  894.       $host = 'http://www.gravatar.com'; 
  895.  
  896.   switch ($default) { 
  897.       case 'logo': 
  898.           $default = ''; 
  899.           break; 
  900.       case 'blank': 
  901.           $default = bb_get_uri( 'bb-admin/images/blank.gif', null, BB_URI_CONTEXT_IMG_SRC ); 
  902.           break; 
  903.       case 'monsterid': 
  904.       case 'wavatar': 
  905.       case 'identicon': 
  906.       case 'retro': 
  907.           break; 
  908.       case 'default': 
  909.       default: 
  910.           $default = $host . '/avatar/ad516503a11cd5ca435acc9bb6523536?s=' . $size; 
  911.           // ad516503a11cd5ca435acc9bb6523536 == md5('unknown@gravatar.com') 
  912.           break; 
  914.  
  915.   $src = $host . '/avatar/'; 
  916.   $class .= 'avatar avatar-' . $size; 
  917.  
  918.   if ( !empty($email) ) { 
  919.       $src .= md5( strtolower( $email ) ); 
  920.   } else { 
  921.       $src .= 'd41d8cd98f00b204e9800998ecf8427e'; 
  922.       // d41d8cd98f00b204e9800998ecf8427e == md5('') 
  923.       $class .= ' avatar-noemail'; 
  925.  
  926.   $src .= '?s=' . $size; 
  927.   $src .= '&d=' . urlencode( $default ); 
  928.  
  929.   $rating = bb_get_option('avatars_rating'); 
  930.   if ( !empty( $rating ) ) 
  931.       $src .= '&r=' . $rating; 
  932.  
  933.   $avatar = '<img alt="' . $safe_alt . '" src="' . $src . '" class="' . $class . '" style="height:' . $size . 'px; width:' . $size . 'px;" />'; 
  934.  
  935.   return apply_filters('bb_get_avatar', $avatar, $id_or_email, $size, $default, $alt); 
  937. endif; 
.