/bp-forums/bbpress/bb-includes/functions.bb-pluggable.php

  1. <?php 
  2.  
  3. if ( !function_exists( 'bb_auth' ) ) : 
  4. function bb_auth( $scheme = 'auth' ) { // Checks if a user has a valid cookie, if not redirects them to the main page 
  5. if ( !bb_validate_auth_cookie( '', $scheme ) ) { 
  6. nocache_headers(); 
  7. if ( 'auth' === $scheme && !bb_is_user_logged_in() ) { 
  8. $protocol = 'http://'; 
  9. if ( is_ssl() ) { 
  10. $protocol = 'https://'; 
  11. wp_redirect( bb_get_uri( 'bb-login.php', array( 'redirect_to' => $protocol . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ), BB_URI_CONTEXT_HEADER + BB_URI_CONTEXT_BB_USER_FORMS ) ); 
  12. } else { 
  13. wp_redirect( bb_get_uri( null, null, BB_URI_CONTEXT_HEADER ) ); 
  14. exit; 
  15. endif; 
  16.  
  17. // $already_md5 variable is deprecated 
  18. if ( !function_exists('bb_check_login') ) : 
  19. function bb_check_login($user, $pass, $already_md5 = false) { 
  20. global $wp_users_object; 
  21.  
  22. if ( !bb_get_option( 'email_login' ) || false === strpos( $user, '@' ) ) { // user_login 
  23. $user = $wp_users_object->get_user( $user, array( 'by' => 'login' ) ); 
  24. } else { // maybe an email 
  25. $email_user = $wp_users_object->get_user( $user, array( 'by' => 'email' ) ); 
  26. $user = $wp_users_object->get_user( $user, array( 'by' => 'login' ) ); 
  27. // 9 cases. each can be FALSE, USER, or WP_ERROR 
  28. if ( 
  29. ( !$email_user && $user ) // FALSE && USER, FALSE && WP_ERROR 
  30. || 
  31. ( is_wp_error( $email_user ) && $user && !is_wp_error( $user ) ) // WP_ERROR && USER 
  32. ) { 
  33. // nope: it really was a user_login 
  34. // [sic]: use $user 
  35. } elseif ( 
  36. ( $email_user && !$user ) // USER && FALSE, WP_ERROR && FALSE 
  37. || 
  38. ( $email_user && !is_wp_error( $email_user ) && is_wp_error( $user ) ) // USER && WP_ERROR 
  39. ) { 
  40. // yup: it was an email 
  41. $user =& $email_user; 
  42. } elseif ( !$email_user && !$user ) { // FALSE && FALSE 
  43. // Doesn't matter what it was: neither worked 
  44. return false; 
  45. } elseif ( is_wp_error( $email_user ) && is_wp_error( $user ) ) { // WP_ERROR && WP_ERROR 
  46. // This can't happen. If it does, let's use the email error. It's probably "multiple matches", so maybe logging in with a username will work 
  47. $user =& $email_user; 
  48. } elseif ( $email_user && $user ) { // USER && USER 
  49. // both are user objects 
  50. if ( $email_user->ID == $user->ID ); // [sic]: they are the same, use $user 
  51. elseif ( bb_check_password($pass, $user->user_pass, $user->ID) ); // [sic]: use $user 
  52. elseif ( bb_check_password($pass, $email_user->user_pass, $email_user->ID) ) 
  53. $user =& $email_user; 
  54. } else { // This can't happen, that's all 9 cases. 
  55. // [sic]: use $user 
  56.  
  57. if ( !$user ) 
  58. return false; 
  59.  
  60. if ( is_wp_error($user) ) 
  61. return $user; 
  62.  
  63. if ( !bb_check_password($pass, $user->user_pass, $user->ID) ) 
  64. return false; 
  65.  
  66. // User is logging in for the first time, update their user_status to normal 
  67. if ( 1 == $user->user_status ) 
  68. bb_update_user_status( $user->ID, 0 ); 
  69.  
  70. return $user; 
  71. endif; 
  72.  
  73. if ( !function_exists('bb_get_current_user') ) : 
  74. function bb_get_current_user() { 
  75. global $wp_auth_object; 
  76. return $wp_auth_object->get_current_user(); 
  77. endif; 
  78.  
  79. if ( !function_exists('bb_set_current_user') ) : 
  80. function bb_set_current_user( $id ) { 
  81. global $wp_auth_object; 
  82. $current_user = $wp_auth_object->set_current_user( $id ); 
  83.  
  84. do_action('bb_set_current_user', isset($current_user->ID) ? $current_user->ID : 0 ); 
  85.  
  86. return $current_user; 
  87. endif; 
  88.  
  89. if ( !function_exists('bb_current_user') ) : 
  90. //This is only used at initialization. Use bb_get_current_user_info() (or $bb_current_user global if really needed) to grab user info. 
  91. function bb_current_user() { 
  92. if (BB_INSTALLING) 
  93. return false; 
  94.  
  95. return bb_get_current_user(); 
  96. endif; 
  97.  
  98. if ( !function_exists('bb_is_user_authorized') ) : 
  99. function bb_is_user_authorized() { 
  100. return bb_is_user_logged_in(); 
  101. endif; 
  102.  
  103. if ( !function_exists('bb_is_user_logged_in') ) : 
  104. function bb_is_user_logged_in() { 
  105. $current_user = bb_get_current_user(); 
  106.  
  107. if ( empty($current_user) ) 
  108. return false; 
  109.  
  110. return true; 
  111. endif; 
  112.  
  113. if ( !function_exists('bb_login') ) : 
  114. function bb_login( $login, $password, $remember = false ) { 
  115. $user = bb_check_login( $login, $password ); 
  116. if ( $user && !is_wp_error( $user ) ) { 
  117. bb_set_auth_cookie( $user->ID, $remember ); 
  118. do_action('bb_user_login', (int) $user->ID ); 
  119.  
  120. return $user; 
  121. endif; 
  122.  
  123. if ( !function_exists('bb_logout') ) : 
  124. function bb_logout() { 
  125. bb_clear_auth_cookie(); 
  126.  
  127. do_action('bb_user_logout'); 
  128. endif; 
  129.  
  130. if ( !function_exists( 'bb_validate_auth_cookie' ) ) : 
  131. function bb_validate_auth_cookie( $cookie = '', $scheme = 'auth' ) { 
  132. global $wp_auth_object; 
  133. if ( empty($cookie) && $scheme == 'auth' ) { 
  134. if ( is_ssl() ) { 
  135. $scheme = 'secure_auth'; 
  136. } else { 
  137. $scheme = 'auth'; 
  138. return $wp_auth_object->validate_auth_cookie( $cookie, $scheme ); 
  139. endif; 
  140.  
  141. if ( !function_exists( 'bb_set_auth_cookie' ) ) : 
  142. function bb_set_auth_cookie( $user_id, $remember = false, $schemes = false ) { 
  143. global $wp_auth_object; 
  144.  
  145. if ( $remember ) { 
  146. $expiration = $expire = time() + 1209600; 
  147. } else { 
  148. $expiration = time() + 172800; 
  149. $expire = 0; 
  150.  
  151. if ( true === $schemes ) { 
  152. $schemes = array( 'secure_auth', 'logged_in' ); 
  153. } elseif ( !is_array( $schemes ) ) { 
  154. $schemes = array(); 
  155. if ( force_ssl_login() || force_ssl_admin() ) { 
  156. $schemes[] = 'secure_auth'; 
  157. if ( !( force_ssl_login() && force_ssl_admin() ) ) { 
  158. $schemes[] = 'auth'; 
  159. $schemes[] = 'logged_in'; 
  160. $schemes = array_unique( $schemes ); 
  161.  
  162. foreach ( $schemes as $scheme ) { 
  163. $wp_auth_object->set_auth_cookie( $user_id, $expiration, $expire, $scheme ); 
  164. endif; 
  165.  
  166. if ( !function_exists('bb_clear_auth_cookie') ) : 
  167. function bb_clear_auth_cookie() { 
  168. global $bb, $wp_auth_object; 
  169.  
  170. $wp_auth_object->clear_auth_cookie(); 
  171.  
  172. // Old cookies 
  173. setcookie($bb->authcookie, ' ', time() - 31536000, $bb->cookiepath, $bb->cookiedomain); 
  174. setcookie($bb->authcookie, ' ', time() - 31536000, $bb->sitecookiepath, $bb->cookiedomain); 
  175.  
  176. // Even older cookies 
  177. setcookie($bb->usercookie, ' ', time() - 31536000, $bb->cookiepath, $bb->cookiedomain); 
  178. setcookie($bb->usercookie, ' ', time() - 31536000, $bb->sitecookiepath, $bb->cookiedomain); 
  179. setcookie($bb->passcookie, ' ', time() - 31536000, $bb->cookiepath, $bb->cookiedomain); 
  180. setcookie($bb->passcookie, ' ', time() - 31536000, $bb->sitecookiepath, $bb->cookiedomain); 
  181. endif; 
  182.  
  183. if ( !function_exists('wp_redirect') ) : // [WP11537] 
  184. /** 
  185. * Redirects to another page, with a workaround for the IIS Set-Cookie bug. 
  186. * 
  187. * @link http://support.microsoft.com/kb/q176113/ 
  188. * @since 1.5.1 
  189. * @uses apply_filters() Calls 'wp_redirect' hook on $location and $status. 
  190. * 
  191. * @param string $location The path to redirect to 
  192. * @param int $status Status code to use 
  193. * @return bool False if $location is not set 
  194. */ 
  195. function wp_redirect($location, $status = 302) { 
  196. global $is_IIS; 
  197.  
  198. $location = apply_filters('wp_redirect', $location, $status); 
  199. $status = apply_filters('wp_redirect_status', $status, $location); 
  200.  
  201. if ( !$location ) // allows the wp_redirect filter to cancel a redirect 
  202. return false; 
  203.  
  204. $location = wp_sanitize_redirect($location); 
  205.  
  206. if ( $is_IIS ) { 
  207. header("Refresh: 0;url=$location"); 
  208. } else { 
  209. if ( php_sapi_name() != 'cgi-fcgi' ) 
  210. status_header($status); // This causes problems on IIS and some FastCGI setups 
  211. header("Location: $location"); 
  212. endif; 
  213.  
  214. if ( !function_exists('wp_sanitize_redirect') ) : // [WP11537] 
  215. /** 
  216. * Sanitizes a URL for use in a redirect. 
  217. * 
  218. * @since 2.3 
  219. * 
  220. * @return string redirect-sanitized URL 
  221. **/ 
  222. function wp_sanitize_redirect($location) { 
  223. $location = preg_replace('|[^a-z0-9-~+_.?#=&;, /:%!]|i', '', $location); 
  224. $location = wp_kses_no_null($location); 
  225.  
  226. // remove %0d and %0a from location 
  227. $strip = array('%0d', '%0a'); 
  228. $found = true; 
  229. while($found) { 
  230. $found = false; 
  231. foreach( (array) $strip as $val ) { 
  232. while(strpos($location, $val) !== false) { 
  233. $found = true; 
  234. $location = str_replace($val, '', $location); 
  235. return $location; 
  236. endif; 
  237.  
  238. if ( !function_exists('bb_safe_redirect') ) : // based on [WP6145] (home is different) 
  239. /** 
  240. * Performs a safe (local) redirect, using wp_redirect(). 
  241. * 
  242. * Checks whether the $location is using an allowed host, if it has an absolute 
  243. * path. A plugin can therefore set or remove allowed host(s) to or from the 
  244. * list. 
  245. * 
  246. * If the host is not allowed, then the redirect is to the site url 
  247. * instead. This prevents malicious redirects which redirect to another host,  
  248. * but only used in a few places. 
  249. * 
  250. * @uses apply_filters() Calls 'allowed_redirect_hosts' on an array containing 
  251. * bbPress host string and $location host string. 
  252. * 
  253. * @return void Does not return anything 
  254. **/ 
  255. function bb_safe_redirect( $location, $status = 302 ) { 
  256.  
  257. // Need to look at the URL the way it will end up in wp_redirect() 
  258. $location = wp_sanitize_redirect($location); 
  259.  
  260. // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//' 
  261. if ( substr($location, 0, 2) == '//' ) 
  262. $location = 'http:' . $location; 
  263.  
  264. // In php 5 parse_url may fail if the URL query part contains http://, bug #38143 
  265. $test = ( $cut = strpos($location, '?') ) ? substr( $location, 0, $cut ) : $location; 
  266.  
  267. $lp = parse_url($test); 
  268. $bp = parse_url(bb_get_uri()); 
  269.  
  270. $allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($bp['host']), isset($lp['host']) ? $lp['host'] : ''); 
  271.  
  272. if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($bp['host'])) ) 
  273. $location = bb_get_uri(null, null, BB_URI_CONTEXT_HEADER); 
  274.  
  275. return wp_redirect($location, $status); 
  276. endif; 
  277.  
  278. if ( !function_exists('bb_nonce_tick') ) : 
  279. /** 
  280. * Get the time-dependent variable for nonce creation. 
  281. * 
  282. * A nonce has a lifespan of two ticks. Nonces in their second tick may be 
  283. * updated, e.g. by autosave. 
  284. * 
  285. * @since 1.0 
  286. * 
  287. * @return int 
  288. */ 
  289. function bb_nonce_tick() { 
  290. $nonce_life = apply_filters('bb_nonce_life', 86400); 
  291.  
  292. return ceil(time() / ( $nonce_life / 2 )); 
  293. endif; 
  294.  
  295. if ( !function_exists('bb_verify_nonce') ) : 
  296. /** 
  297. * Verify that correct nonce was used with time limit. 
  298. * 
  299. * The user is given an amount of time to use the token, so therefore, since the 
  300. * UID and $action remain the same, the independent variable is the time. 
  301. * 
  302. * @param string $nonce Nonce that was used in the form to verify 
  303. * @param string|int $action Should give context to what is taking place and be the same when nonce was created. 
  304. * @return bool Whether the nonce check passed or failed. 
  305. */ 
  306. function bb_verify_nonce($nonce, $action = -1) { 
  307. $user = bb_get_current_user(); 
  308. $uid = (int) $user->ID; 
  309.  
  310. $i = bb_nonce_tick(); 
  311.  
  312. // Nonce generated 0-12 hours ago 
  313. if ( substr(bb_hash($i . $action . $uid, 'nonce'), -12, 10) == $nonce ) 
  314. return 1; 
  315. // Nonce generated 12-24 hours ago 
  316. if ( substr(bb_hash(($i - 1) . $action . $uid, 'nonce'), -12, 10) == $nonce ) 
  317. return 2; 
  318. // Invalid nonce 
  319. return false; 
  320. endif; 
  321.  
  322. if ( !function_exists('bb_create_nonce') ) : 
  323. /** 
  324. * Creates a random, one time use token. 
  325. * 
  326. * @since 2.0.4 
  327. * 
  328. * @param string|int $action Scalar value to add context to the nonce. 
  329. * @return string The one use form token 
  330. */ 
  331. function bb_create_nonce($action = -1) { 
  332. $user = bb_get_current_user(); 
  333. $uid = (int) $user->ID; 
  334.  
  335. $i = bb_nonce_tick(); 
  336.  
  337. return substr(bb_hash($i . $action . $uid, 'nonce'), -12, 10); 
  338. endif; 
  339.  
  340. function _bb_get_key( $key, $default_key = false ) 
  341. global $bb_default_secret_key; 
  342.  
  343. if ( defined( $key ) && '' != constant( $key ) && $bb_default_secret_key != constant( $key ) ) { 
  344. return constant( $key ); 
  345.  
  346. return ''; 
  347.  
  348. function _bb_get_salt( $constants, $option = false ) 
  349. if ( !is_array( $constants ) ) { 
  350. $constants = array( $constants ); 
  351.  
  352. foreach ($constants as $constant ) { 
  353. if ( defined( $constant ) ) { 
  354. return constant( $constant ); 
  355.  
  356. if ( !defined( 'BB_INSTALLING' ) || !BB_INSTALLING ) { 
  357. if ( !$option ) { 
  358. $option = strtolower( $constants[0] ); 
  359. $salt = bb_get_option( $option ); 
  360. if ( empty( $salt ) ) { 
  361. $salt = bb_generate_password( 64 ); 
  362. bb_update_option( $option, $salt ); 
  363. return $salt; 
  364.  
  365. return ''; 
  366.  
  367. // Not verbatim WP, constants have different names, uses helper functions. 
  368. if ( !function_exists( 'bb_salt' ) ) : 
  369. /** 
  370. * Get salt to add to hashes to help prevent attacks. 
  371. * 
  372. * @since 0.9 
  373. * @link http://api.wordpress.org/secret-key/1.1/bbpress/ Create a set of keys for bb-config.php 
  374. * @uses _bb_get_key() 
  375. * @uses _bb_get_salt() 
  376. * 
  377. * @return string Salt value for the given scheme 
  378. */ 
  379. function bb_salt( $scheme = 'auth' ) 
  380. // Deprecated 
  381. $secret_key = _bb_get_key( 'BB_SECRET_KEY' ); 
  382.  
  383. switch ($scheme) { 
  384. case 'auth': 
  385. $secret_key = _bb_get_key( 'BB_AUTH_KEY' ); 
  386. $salt = _bb_get_salt( array( 'BB_AUTH_SALT', 'BB_SECRET_SALT' ) ); 
  387. break; 
  388.  
  389. case 'secure_auth': 
  390. $secret_key = _bb_get_key( 'BB_SECURE_AUTH_KEY' ); 
  391. $salt = _bb_get_salt( 'BB_SECURE_AUTH_SALT' ); 
  392. break; 
  393.  
  394. case 'logged_in': 
  395. $secret_key = _bb_get_key( 'BB_LOGGED_IN_KEY' ); 
  396. $salt = _bb_get_salt( 'BB_LOGGED_IN_SALT' ); 
  397. break; 
  398.  
  399. case 'nonce': 
  400. $secret_key = _bb_get_key( 'BB_NONCE_KEY' ); 
  401. $salt = _bb_get_salt( 'BB_NONCE_SALT' ); 
  402. break; 
  403.  
  404. default: 
  405. // ensure each auth scheme has its own unique salt 
  406. $salt = hash_hmac( 'md5', $scheme, $secret_key ); 
  407. break; 
  408.  
  409. return apply_filters( 'salt', $secret_key . $salt, $scheme ); 
  410. endif; 
  411.  
  412. if ( !function_exists( 'bb_hash' ) ) : 
  413. function bb_hash( $data, $scheme = 'auth' ) {  
  414. $salt = bb_salt( $scheme ); 
  415.  
  416. return hash_hmac( 'md5', $data, $salt ); 
  417. endif; 
  418.  
  419. if ( !function_exists( 'bb_hash_password' ) ) : 
  420. function bb_hash_password( $password ) { 
  421. return WP_Pass::hash_password( $password ); 
  422. endif; 
  423.  
  424. if ( !function_exists( 'bb_check_password') ) : 
  425. function bb_check_password( $password, $hash, $user_id = '' ) { 
  426. return WP_Pass::check_password( $password, $hash, $user_id ); 
  427. endif; 
  428.  
  429. if ( !function_exists( 'bb_generate_password' ) ) : 
  430. /** 
  431. * Generates a random password drawn from the defined set of characters 
  432. * @return string the password 
  433. */ 
  434. function bb_generate_password( $length = 12, $special_chars = true ) { 
  435. return WP_Pass::generate_password( $length, $special_chars ); 
  436. endif; 
  437.  
  438. if ( !function_exists('bb_check_admin_referer') ) : 
  439. function bb_check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) { 
  440. $nonce = ''; 
  441. if ( isset( $_POST[$query_arg] ) && $_POST[$query_arg] ) { 
  442. $nonce = $_POST[$query_arg]; 
  443. } elseif ( isset( $_GET[$query_arg] ) && $_GET[$query_arg] ) { 
  444. $nonce = $_GET[$query_arg]; 
  445. if ( !bb_verify_nonce($nonce, $action) ) { 
  446. bb_nonce_ays($action); 
  447. die(); 
  448. do_action('bb_check_admin_referer', $action); 
  449. endif; 
  450.  
  451. if ( !function_exists('bb_check_ajax_referer') ) : 
  452. function bb_check_ajax_referer( $action = -1, $query_arg = false, $die = true ) { 
  453. $requests = array(); 
  454. if ( $query_arg ) { 
  455. $requests[] = $query_arg; 
  456. $requests[] = '_ajax_nonce'; 
  457. $requests[] = '_wpnonce'; 
  458.  
  459. $nonce = ''; 
  460. foreach ( $requests as $request ) { 
  461. if ( isset( $_POST[$request] ) && $_POST[$request] ) { 
  462. $nonce = $_POST[$request]; 
  463. break; 
  464. } elseif ( isset( $_GET[$request] ) && $_GET[$request] ) { 
  465. $nonce = $_GET[$request]; 
  466. break; 
  467.  
  468. $result = bb_verify_nonce( $nonce, $action ); 
  469.  
  470. if ( $die && false == $result ) 
  471. die('-1'); 
  472.  
  473. do_action('bb_check_ajax_referer', $action, $result); 
  474. return $result; 
  475. endif; 
  476.  
  477. if ( !function_exists('bb_break_password') ) : 
  478. function bb_break_password( $user_id ) { 
  479. global $bbdb; 
  480. $user_id = (int) $user_id; 
  481. if ( !$user = bb_get_user( $user_id ) ) 
  482. return false; 
  483. $secret = substr(bb_hash( 'bb_break_password' ), 0, 13); 
  484. if ( false === strpos( $user->user_pass, '---' ) ) 
  485. return $bbdb->query( $bbdb->prepare( 
  486. "UPDATE $bbdb->users SET user_pass = CONCAT(user_pass, '---', %s) WHERE ID = %d",  
  487. $secret, $user_id 
  488. ) ); 
  489. else 
  490. return true; 
  491. endif; 
  492.  
  493. if ( !function_exists('bb_fix_password') ) : 
  494. function bb_fix_password( $user_id ) { 
  495. global $bbdb; 
  496. $user_id = (int) $user_id; 
  497. if ( !$user = bb_get_user( $user_id ) ) 
  498. return false; 
  499. if ( false === strpos( $user->user_pass, '---' ) ) 
  500. return true; 
  501. else 
  502. return $bbdb->query( $bbdb->prepare( 
  503. "UPDATE $bbdb->users SET user_pass = SUBSTRING_INDEX(user_pass, '---', 1) WHERE ID = %d",  
  504. $user_id 
  505. ) ); 
  506. endif; 
  507.  
  508. if ( !function_exists('bb_has_broken_pass') ) : 
  509. function bb_has_broken_pass( $user_id = 0 ) { 
  510. global $bb_current_user; 
  511. if ( !$user_id ) 
  512. $user =& $bb_current_user->data; 
  513. else 
  514. $user = bb_get_user( $user_id ); 
  515.  
  516. return ( false !== strpos($user->user_pass, '---' ) ); 
  517. endif; 
  518.  
  519. if ( !function_exists('bb_new_user') ) : 
  520. function bb_new_user( $user_login, $user_email, $user_url, $user_status = 1 ) { 
  521. global $wp_users_object, $bbdb; 
  522.  
  523. // is_email check + dns 
  524. if ( !$user_email = is_email( $user_email ) ) 
  525. return new WP_Error( 'user_email', __( 'Invalid email address' ), $user_email ); 
  526.  
  527. if ( !$user_login = sanitize_user( $user_login, true ) ) 
  528. return new WP_Error( 'user_login', __( 'Invalid username' ), $user_login ); 
  529.  
  530. // user_status = 1 means the user has not yet been verified 
  531. $user_status = is_numeric($user_status) ? (int) $user_status : 1; 
  532. if ( defined( 'BB_INSTALLING' ) ) 
  533. $user_status = 0; 
  534.  
  535. $user_nicename = $_user_nicename = bb_user_nicename_sanitize( $user_login ); 
  536. if ( strlen( $_user_nicename ) < 1 ) 
  537. return new WP_Error( 'user_login', __( 'Invalid username' ), $user_login ); 
  538.  
  539. while ( is_numeric($user_nicename) || $existing_user = bb_get_user_by_nicename( $user_nicename ) ) 
  540. $user_nicename = bb_slug_increment($_user_nicename, $existing_user->user_nicename, 50); 
  541.  
  542. $user_url = $user_url ? bb_fix_link( $user_url ) : ''; 
  543.  
  544. $user_pass = bb_generate_password(); 
  545.  
  546. $user = $wp_users_object->new_user( compact( 'user_login', 'user_email', 'user_url', 'user_nicename', 'user_status', 'user_pass' ) ); 
  547. if ( is_wp_error($user) ) { 
  548. if ( 'user_nicename' == $user->get_error_code() ) 
  549. return new WP_Error( 'user_login', $user->get_error_message() ); 
  550. return $user; 
  551.  
  552. if (BB_INSTALLING) { 
  553. bb_update_usermeta( $user['ID'], $bbdb->prefix . 'capabilities', array('keymaster' => true) ); 
  554. } else { 
  555. bb_update_usermeta( $user['ID'], $bbdb->prefix . 'capabilities', array('member' => true) ); 
  556. bb_send_pass( $user['ID'], $user['plain_pass'] ); 
  557.  
  558. do_action('bb_new_user', $user['ID'], $user['plain_pass']); 
  559. return $user['ID']; 
  560. endif; 
  561.  
  562. if ( !function_exists( 'bb_mail' ) ) : 
  563. /** 
  564. * Send mail, similar to PHP's mail 
  565. * 
  566. * A true return value does not automatically mean that the user received the 
  567. * email successfully. It just only means that the method used was able to 
  568. * process the request without any errors. 
  569. * 
  570. * Using the two 'bb_mail_from' and 'bb_mail_from_name' hooks allow from 
  571. * creating a from address like 'Name <email@address.com>' when both are set. If 
  572. * just 'bb_mail_from' is set, then just the email address will be used with no 
  573. * name. 
  574. * 
  575. * The default content type is 'text/plain' which does not allow using HTML. 
  576. * However, you can set the content type of the email by using the 
  577. * 'bb_mail_content_type' filter. 
  578. * 
  579. * The default charset is based on the charset used on the blog. The charset can 
  580. * be set using the 'bb_mail_charset' filter. 
  581. * 
  582. * @uses apply_filters() Calls 'bb_mail' hook on an array of all of the parameters. 
  583. * @uses apply_filters() Calls 'bb_mail_from' hook to get the from email address. 
  584. * @uses apply_filters() Calls 'bb_mail_from_name' hook to get the from address name. 
  585. * @uses apply_filters() Calls 'bb_mail_content_type' hook to get the email content type. 
  586. * @uses apply_filters() Calls 'bb_mail_charset' hook to get the email charset 
  587. * @uses do_action_ref_array() Calls 'bb_phpmailer_init' hook on the reference to 
  588. * phpmailer object. 
  589. * @uses PHPMailer 
  590. * 
  591. * @param string $to Email address to send message 
  592. * @param string $subject Email subject 
  593. * @param string $message Message contents 
  594. * @param string|array $headers Optional. Additional headers. 
  595. * @param string|array $attachments Optional. Files to attach. 
  596. * @return bool Whether the email contents were sent successfully. 
  597. */ 
  598. function bb_mail( $to, $subject, $message, $headers = '', $attachments = array() ) { 
  599. // Compact the input, apply the filters, and extract them back out 
  600. extract( apply_filters( 'bb_mail', compact( 'to', 'subject', 'message', 'headers', 'attachments' ) ) ); 
  601.  
  602. if ( !is_array($attachments) ) 
  603. $attachments = explode( "\n", $attachments ); 
  604.  
  605. global $bb_phpmailer; 
  606.  
  607. // (Re)create it, if it's gone missing 
  608. if ( !is_object( $bb_phpmailer ) || !is_a( $bb_phpmailer, 'PHPMailer' ) ) { 
  609. require_once BACKPRESS_PATH . 'class.mailer.php'; 
  610. require_once BACKPRESS_PATH . 'class.mailer-smtp.php'; 
  611. $bb_phpmailer = new PHPMailer(); 
  612.  
  613. // Headers 
  614. if ( empty( $headers ) ) { 
  615. $headers = array(); 
  616. } else { 
  617. if ( !is_array( $headers ) ) { 
  618. // Explode the headers out, so this function can take both 
  619. // string headers and an array of headers. 
  620. $tempheaders = (array) explode( "\n", $headers ); 
  621. } else { 
  622. $tempheaders = $headers; 
  623. $headers = array(); 
  624.  
  625. // If it's actually got contents 
  626. if ( !empty( $tempheaders ) ) { 
  627. // Iterate through the raw headers 
  628. foreach ( (array) $tempheaders as $header ) { 
  629. if ( strpos($header, ':') === false ) { 
  630. if ( false !== stripos( $header, 'boundary=' ) ) { 
  631. $parts = preg_split('/boundary=/i', trim( $header ) ); 
  632. $boundary = trim( str_replace( array( "'", '"' ), '', $parts[1] ) ); 
  633. continue; 
  634. // Explode them out 
  635. list( $name, $content ) = explode( ':', trim( $header ), 2 ); 
  636.  
  637. // Cleanup crew 
  638. $name = trim( $name ); 
  639. $content = trim( $content ); 
  640.  
  641. // Mainly for legacy -- process a From: header if it's there 
  642. if ( 'from' == strtolower($name) ) { 
  643. if ( strpos($content, '<' ) !== false ) { 
  644. // So... making my life hard again? 
  645. $from_name = substr( $content, 0, strpos( $content, '<' ) - 1 ); 
  646. $from_name = str_replace( '"', '', $from_name ); 
  647. $from_name = trim( $from_name ); 
  648.  
  649. $from_email = substr( $content, strpos( $content, '<' ) + 1 ); 
  650. $from_email = str_replace( '>', '', $from_email ); 
  651. $from_email = trim( $from_email ); 
  652. } else { 
  653. $from_email = trim( $content ); 
  654. } elseif ( 'content-type' == strtolower($name) ) { 
  655. if ( strpos( $content, ';' ) !== false ) { 
  656. list( $type, $charset ) = explode( ';', $content ); 
  657. $content_type = trim( $type ); 
  658. if ( false !== stripos( $charset, 'charset=' ) ) { 
  659. $charset = trim( str_replace( array( 'charset=', '"' ), '', $charset ) ); 
  660. } elseif ( false !== stripos( $charset, 'boundary=' ) ) { 
  661. $boundary = trim( str_replace( array( 'BOUNDARY=', 'boundary=', '"' ), '', $charset ) ); 
  662. $charset = ''; 
  663. } else { 
  664. $content_type = trim( $content ); 
  665. } elseif ( 'cc' == strtolower($name) ) { 
  666. $cc = explode(", ", $content); 
  667. } elseif ( 'bcc' == strtolower($name) ) { 
  668. $bcc = explode(", ", $content); 
  669. } else { 
  670. // Add it to our grand headers array 
  671. $headers[trim( $name )] = trim( $content ); 
  672.  
  673. // Empty out the values that may be set 
  674. $bb_phpmailer->ClearAddresses(); 
  675. $bb_phpmailer->ClearAllRecipients(); 
  676. $bb_phpmailer->ClearAttachments(); 
  677. $bb_phpmailer->ClearBCCs(); 
  678. $bb_phpmailer->ClearCCs(); 
  679. $bb_phpmailer->ClearCustomHeaders(); 
  680. $bb_phpmailer->ClearReplyTos(); 
  681.  
  682. // From email and name 
  683. // If we don't have a name from the input headers 
  684. if ( !isset( $from_name ) ) { 
  685. $from_name = bb_get_option('name'); 
  686.  
  687. // If we don't have an email from the input headers 
  688. if ( !isset( $from_email ) ) { 
  689. $from_email = bb_get_option('from_email'); 
  690.  
  691. // If there is still no email address 
  692. if ( !$from_email ) { 
  693. // Get the site domain and get rid of www. 
  694. $sitename = strtolower( $_SERVER['SERVER_NAME'] ); 
  695. if ( substr( $sitename, 0, 4 ) == 'www.' ) { 
  696. $sitename = substr( $sitename, 4 ); 
  697.  
  698. $from_email = 'bbpress@' . $sitename; 
  699.  
  700. // Plugin authors can override the potentially troublesome default 
  701. $bb_phpmailer->From = apply_filters( 'bb_mail_from', $from_email ); 
  702. $bb_phpmailer->FromName = apply_filters( 'bb_mail_from_name', $from_name ); 
  703.  
  704. // Set destination address 
  705. $bb_phpmailer->AddAddress( $to ); 
  706.  
  707. // Set mail's subject and body 
  708. $bb_phpmailer->Subject = $subject; 
  709. $bb_phpmailer->Body = $message; 
  710.  
  711. // Add any CC and BCC recipients 
  712. if ( !empty($cc) ) { 
  713. foreach ( (array) $cc as $recipient ) { 
  714. $bb_phpmailer->AddCc( trim($recipient) ); 
  715. if ( !empty($bcc) ) { 
  716. foreach ( (array) $bcc as $recipient) { 
  717. $bb_phpmailer->AddBcc( trim($recipient) ); 
  718.  
  719. // Set to use PHP's mail() 
  720. $bb_phpmailer->IsMail(); 
  721.  
  722. // Set Content-Type and charset 
  723. // If we don't have a content-type from the input headers 
  724. if ( !isset( $content_type ) ) { 
  725. $content_type = 'text/plain'; 
  726.  
  727. $content_type = apply_filters( 'bb_mail_content_type', $content_type ); 
  728.  
  729. $bb_phpmailer->ContentType = $content_type; 
  730.  
  731. // Set whether it's plaintext or not, depending on $content_type 
  732. if ( $content_type == 'text/html' ) { 
  733. $bb_phpmailer->IsHTML( true ); 
  734.  
  735. // If we don't have a charset from the input headers 
  736. if ( !isset( $charset ) ) { 
  737. $charset = bb_get_option( 'charset' ); 
  738.  
  739. // Set the content-type and charset 
  740. $bb_phpmailer->CharSet = apply_filters( 'bb_mail_charset', $charset ); 
  741.  
  742. // Set custom headers 
  743. if ( !empty( $headers ) ) { 
  744. foreach( (array) $headers as $name => $content ) { 
  745. $bb_phpmailer->AddCustomHeader( sprintf( '%1$s: %2$s', $name, $content ) ); 
  746. if ( false !== stripos( $content_type, 'multipart' ) && ! empty($boundary) ) { 
  747. $bb_phpmailer->AddCustomHeader( sprintf( "Content-Type: %s;\n\t boundary=\"%s\"", $content_type, $boundary ) ); 
  748.  
  749. if ( !empty( $attachments ) ) { 
  750. foreach ( $attachments as $attachment ) { 
  751. $bb_phpmailer->AddAttachment($attachment); 
  752.  
  753. do_action_ref_array( 'bb_phpmailer_init', array( &$bb_phpmailer ) ); 
  754.  
  755. // Send! 
  756. $result = @$bb_phpmailer->Send(); 
  757.  
  758. return $result; 
  759. endif; 
  760.  
  761. if ( !function_exists( 'bb_get_avatar' ) ) : 
  762. /** 
  763. * Retrieve the avatar for a user provided a user ID or email address 
  764. * 
  765. * @since 0.9 
  766. * @param int|string $id_or_email A user ID or email address 
  767. * @param int $size Size of the avatar image 
  768. * @param string $default URL to a default image to use if no avatar is available 
  769. * @param string $alt Alternate text to use in image tag. Defaults to blank 
  770. * @return string <img> tag for the user's avatar 
  771. */ 
  772. function bb_get_avatar( $id_or_email, $size = 80, $default = '', $alt = false ) { 
  773. if ( !bb_get_option('avatars_show') ) 
  774. return false; 
  775.  
  776. if ( false === $alt) 
  777. $safe_alt = ''; 
  778. else 
  779. $safe_alt = esc_attr( $alt ); 
  780.  
  781. if ( !is_numeric($size) ) 
  782. $size = 80; 
  783.  
  784. if ( $email = bb_get_user_email($id_or_email) ) { 
  785. $class = 'photo '; 
  786. } else { 
  787. $class = ''; 
  788. $email = $id_or_email; 
  789.  
  790. if ( !$email ) 
  791. $email = ''; 
  792.  
  793. if ( empty($default) ) 
  794. $default = bb_get_option('avatars_default'); 
  795.  
  796. if ( is_ssl() ) 
  797. $host = 'https://secure.gravatar.com'; 
  798. else 
  799. $host = 'http://www.gravatar.com'; 
  800.  
  801. switch ($default) { 
  802. case 'logo': 
  803. $default = ''; 
  804. break; 
  805. case 'blank': 
  806. $default = bb_get_uri( 'bb-admin/images/blank.gif', null, BB_URI_CONTEXT_IMG_SRC ); 
  807. break; 
  808. case 'monsterid': 
  809. case 'wavatar': 
  810. case 'identicon': 
  811. case 'retro': 
  812. break; 
  813. case 'default': 
  814. default: 
  815. $default = $host . '/avatar/ad516503a11cd5ca435acc9bb6523536?s=' . $size; 
  816. // ad516503a11cd5ca435acc9bb6523536 == md5('unknown@gravatar.com') 
  817. break; 
  818.  
  819. $src = $host . '/avatar/'; 
  820. $class .= 'avatar avatar-' . $size; 
  821.  
  822. if ( !empty($email) ) { 
  823. $src .= md5( strtolower( $email ) ); 
  824. } else { 
  825. $src .= 'd41d8cd98f00b204e9800998ecf8427e'; 
  826. // d41d8cd98f00b204e9800998ecf8427e == md5('') 
  827. $class .= ' avatar-noemail'; 
  828.  
  829. $src .= '?s=' . $size; 
  830. $src .= '&d=' . urlencode( $default ); 
  831.  
  832. $rating = bb_get_option('avatars_rating'); 
  833. if ( !empty( $rating ) ) 
  834. $src .= '&r=' . $rating; 
  835.  
  836. $avatar = '<img alt="' . $safe_alt . '" src="' . $src . '" class="' . $class . '" style="height:' . $size . 'px; width:' . $size . 'px;" />'; 
  837.  
  838. return apply_filters('bb_get_avatar', $avatar, $id_or_email, $size, $default, $alt); 
  839. endif; 
.