/app/controller/class-ms-controller-dialog.php

  1. <?php 
  2. /** 
  3. * This file defines the MS_Controller_Dialog class. 
  4. * 
  5. * @copyright Incsub (http://incsub.com/) 
  6. * 
  7. * @license http://opensource.org/licenses/GPL-2.0 GNU General Public License, version 2 (GPL-2.0) 
  8. * 
  9. * This program is free software; you can redistribute it and/or modify 
  10. * it under the terms of the GNU General Public License, version 2, as 
  11. * published by the Free Software Foundation. 
  12. * 
  13. * This program is distributed in the hope that it will be useful,  
  14. * but WITHOUT ANY WARRANTY; without even the implied warranty of 
  15. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 
  16. * GNU General Public License for more details. 
  17. * 
  18. * You should have received a copy of the GNU General Public License 
  19. * along with this program; if not, write to the Free Software 
  20. * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,  
  21. * MA 02110-1301 USA 
  22. * 
  23. */ 
  24.  
  25. /** 
  26. * Controller to manage Membership popup dialogs. 
  27. * 
  28. * @since 1.0.0 
  29. * 
  30. * @package Membership2 
  31. * @subpackage Controller 
  32. * 
  33. * @return object 
  34. */ 
  35. class MS_Controller_Dialog extends MS_Controller { 
  36.  
  37. /** 
  38. * Prepare the Dialog manager. 
  39. * 
  40. * @since 1.0.0 
  41. * @access public 
  42. */ 
  43. public function __construct() { 
  44. parent::__construct(); 
  45.  
  46. // Listen to Ajax requests that want to display a popup. 
  47. $this->add_ajax_action( 'ms_dialog', 'ajax_dialog' ); 
  48.  
  49. // Listen to Ajax requests that submit form data. 
  50. $this->add_ajax_action( 'ms_submit', 'ajax_submit' ); 
  51.  
  52. // Login. 
  53. $this->add_ajax_action( 'ms_login', 'ajax_login', false, true ); 
  54. $this->add_ajax_action( 'ms_lostpass', 'ajax_lostpass', false, true ); 
  55.  
  56. /** 
  57. * Ajax handler. Returns the HTML code of an popup dialog. 
  58. * The process is terminated after this handler. 
  59. * 
  60. * @since 1.0.0 
  61. * @access public 
  62. */ 
  63. public function ajax_dialog() { 
  64. $data = ''; 
  65.  
  66. if ( isset( $_REQUEST['dialog'] ) ) { 
  67. $dialog = $_REQUEST['dialog']; 
  68. $dlg = MS_Factory::create( 'MS_' . $dialog ); 
  69.  
  70. $dlg->prepare(); 
  71.  
  72. $data = array( 
  73. 'id' => $dialog,  
  74. 'title' => $dlg->title,  
  75. 'content' => $dlg->content,  
  76. 'height' => $dlg->height,  
  77. 'modal' => $dlg->modal,  
  78. ); 
  79.  
  80. $this->respond( $data ); 
  81.  
  82. /** 
  83. * Ajax handler. Handles incoming form data that was submitted via ajax. 
  84. * Typically this form is displayed inside a popup. 
  85. * 
  86. * @since 1.0.0 
  87. * @access public 
  88. */ 
  89. public function ajax_submit() { 
  90. $data = ''; 
  91.  
  92. if ( isset( $_REQUEST['dialog'] ) ) { 
  93. $dialog = $_REQUEST['dialog']; 
  94. $dlg = MS_Factory::create( 'MS_' . $dialog ); 
  95. $data = $dlg->submit(); 
  96.  
  97. $this->respond( $data ); 
  98.  
  99. /** 
  100. * Ajax handler. Used by shortcode `ms-membership-login` to login via ajax. 
  101. * 
  102. * @since 1.0.0 
  103. * @access public 
  104. */ 
  105. public function ajax_login() { 
  106. $resp = array(); 
  107.  
  108. // First check the nonce, if it fails the function will break 
  109. check_ajax_referer( 'ms-ajax-login' ); 
  110.  
  111. /** 
  112. * The login fields have alternative names: 
  113. * - username or log 
  114. * - password or pwd 
  115. * - remember or rememberme 
  116. */ 
  117. lib2()->array->equip_post( 
  118. 'username',  
  119. 'password',  
  120. 'remember',  
  121. 'log',  
  122. 'pwd',  
  123. 'rememberme' 
  124. ); 
  125.  
  126. if ( empty( $_POST['username'] ) && ! empty( $_POST['log'] ) ) { 
  127. $_POST['username'] = $_POST['log']; 
  128. if ( empty( $_POST['password'] ) && ! empty( $_POST['pwd'] ) ) { 
  129. $_POST['password'] = $_POST['pwd']; 
  130. if ( empty( $_POST['remember'] ) && ! empty( $_POST['rememberme'] ) ) { 
  131. $_POST['remember'] = $_POST['rememberme']; 
  132.  
  133. lib2()->array->equip_post( 'username', 'password', 'remember' ); 
  134. lib2()->array->strip_slashes( $_POST, 'password' ); 
  135.  
  136. // Nonce is checked, get the POST data and sign user on 
  137. $info = array( 
  138. 'user_login' => $_POST['username'],  
  139. 'user_password' => $_POST['password'],  
  140. 'remember' => (bool) $_POST['remember'],  
  141. ); 
  142.  
  143. $user_signon = wp_signon( $info, false ); 
  144. if ( is_wp_error( $user_signon ) ) { 
  145. $resp['error'] = __( 'Wrong username or password', MS_TEXT_DOMAIN ); 
  146. } else { 
  147. $member = MS_Factory::load( 'MS_Model_Member', $user_signon->ID ); 
  148.  
  149. // Also used in class-ms-model-member.php (signon_user) 
  150. wp_set_current_user( $member->id ); 
  151. wp_set_auth_cookie( $member->id ); 
  152. do_action( 'wp_login', $member->username, $user_signon ); 
  153. do_action( 'ms_model_member_signon_user', $user_signon, $member ); 
  154.  
  155. $resp['loggedin'] = true; 
  156. $resp['success'] = __( 'Logging in...', MS_TEXT_DOMAIN ); 
  157.  
  158. /** 
  159. * Allows a custom redirection after login. 
  160. * Empty value will use the default redirect option of the login form. 
  161. * 
  162. * @since 1.1.1.2 
  163. */ 
  164. $resp['redirect'] = apply_filters( 'ms-ajax-login-redirect', '', $member ); 
  165.  
  166. $this->respond( $resp ); 
  167.  
  168. /** 
  169. * Ajax handler. Used by shortcode `ms-membership-login` to recover password 
  170. * 
  171. * @since 1.0.0 
  172. * @access public 
  173. */ 
  174. public function ajax_lostpass() { 
  175. global $wpdb, $wp_hasher; 
  176. $resp = array(); 
  177.  
  178. // First check the nonce, if it fails the function will break 
  179. check_ajax_referer( 'ms-ajax-lostpass' ); 
  180.  
  181. // Nonce is checked, get the POST data and sign user on 
  182. $errors = new WP_Error(); 
  183.  
  184. if ( empty( $_POST['user_login'] ) ) { 
  185. $resp['error'] = __( 'Enter a username or e-mail address.', MS_TEXT_DOMAIN ); 
  186. } else if ( strpos( $_POST['user_login'], '@' ) ) { 
  187. $user_data = get_user_by( 'email', trim( $_POST['user_login'] ) ); 
  188. if ( empty( $user_data ) ) { 
  189. $resp['error'] = __( 'There is no user registered with that email address.', MS_TEXT_DOMAIN ); 
  190. } else { 
  191. $login = trim( $_POST['user_login'] ); 
  192. $user_data = get_user_by( 'login', $login ); 
  193.  
  194. do_action( 'lostpassword_post' ); 
  195.  
  196. if ( ! empty( $resp['error'] ) ) { 
  197. $this->respond( $resp ); 
  198.  
  199. if ( ! $user_data ) { 
  200. $resp['error'] = __( 'Invalid username or e-mail.', MS_TEXT_DOMAIN ); 
  201. $this->respond( $resp ); 
  202.  
  203. // Redefining user_login ensures we return the right case in the email. 
  204. $user_login = $user_data->user_login; 
  205. $user_email = $user_data->user_email; 
  206.  
  207. do_action( 'retreive_password', $user_login ); // Legacy (misspelled) 
  208. do_action( 'retrieve_password', $user_login ); 
  209.  
  210. $allow = apply_filters( 'allow_password_reset', true, $user_data->ID ); 
  211.  
  212. if ( ! $allow ) { 
  213. $resp['error'] = __( 'Password reset is not allowed for this user', MS_TEXT_DOMAIN ); 
  214. $this->respond( $resp ); 
  215. else if ( is_wp_error( $allow ) ) { 
  216. return $allow; 
  217.  
  218. // Generate something random for a password reset key. 
  219. $key = wp_generate_password( 20, false ); 
  220.  
  221. do_action( 'retrieve_password_key', $user_login, $key ); 
  222.  
  223. // Now insert the key, hashed, into the DB. 
  224. if ( empty( $wp_hasher ) ) { 
  225. require_once ABSPATH . WPINC . '/class-phpass.php'; 
  226. $wp_hasher = new PasswordHash( 8, true ); 
  227. $hashed = $wp_hasher->HashPassword( $key ); 
  228. $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) ); 
  229.  
  230. MS_Model_Pages::create_missing_pages(); 
  231. $reset_url = MS_Model_Pages::get_page_url( MS_Model_Pages::MS_PAGE_ACCOUNT ); 
  232. $reset_url = esc_url_raw( 
  233. add_query_arg( 
  234. array( 
  235. 'action' => MS_Controller_Frontend::ACTION_VIEW_RESETPASS,  
  236. 'key' => $key,  
  237. 'login' => rawurlencode( $user_login ),  
  238. ),  
  239. $reset_url 
  240. ); 
  241.  
  242. $message = __( 'Someone requested that the password be reset for the following account:' ) . "\r\n\r\n"; 
  243. $message .= network_home_url( '/' ) . "\r\n\r\n"; 
  244. $message .= sprintf( __( 'Username: %s' ), $user_login ) . "\r\n\r\n"; 
  245. $message .= __( 'If this was a mistake, just ignore this email and nothing will happen.' ) . "\r\n\r\n"; 
  246. $message .= __( 'To reset your password, visit the following address:' ) . "\r\n\r\n"; 
  247. $message .= '<' . $reset_url . ">\r\n"; 
  248.  
  249. if ( is_multisite() ) { 
  250. $blogname = $GLOBALS['current_site']->site_name; 
  251. } else { 
  252. $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); 
  253.  
  254. $title = sprintf( __( '[%s] Password Reset' ), $blogname ); 
  255.  
  256. $title = apply_filters( 'retrieve_password_title', $title ); 
  257. $message = apply_filters( 'retrieve_password_message', $message, $key, $reset_url ); 
  258.  
  259. if ( $message && ! wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) ) { 
  260. $resp['error'] = __( 'The e-mail could not be sent.' ) . '<br />' . 
  261. __( 'Possible reason: your host may have disabled the mail() function.' ); 
  262. } else { 
  263. $resp['success'] = __( 'Check your e-mail for the confirmation link.', MS_TEXT_DOMAIN ); 
  264.  
  265. $this->respond( $resp ); 
  266.  
  267. /** 
  268. * Output Ajax response (in JSON format) and terminate the process. 
  269. * 
  270. * @since 1.0.0 
  271. * 
  272. * @param array $resp The data to output. 
  273. */ 
  274. private function respond( $resp ) { 
  275. echo json_encode( $resp ); 
  276. exit(); 
  277.  
  278. }; 
.