/app/controller/class-ms-controller-dialog.php

  1. <?php 
  2. /** 
  3. * Controller to manage Membership popup dialogs. 
  4. * 
  5. * @since 1.0.0 
  6. * 
  7. * @package Membership2 
  8. * @subpackage Controller 
  9. * 
  10. * @return object 
  11. */ 
  12. class MS_Controller_Dialog extends MS_Controller { 
  13.  
  14. /** 
  15. * Prepare the Dialog manager. 
  16. * 
  17. * @since 1.0.0 
  18. * @internal 
  19. */ 
  20. public function __construct() { 
  21. parent::__construct(); 
  22.  
  23. // Listen to Ajax requests that want to display a popup. 
  24. $this->add_ajax_action( 'ms_dialog', 'ajax_dialog' ); 
  25.  
  26. // Listen to Ajax requests that submit form data. 
  27. $this->add_ajax_action( 'ms_submit', 'ajax_submit' ); 
  28.  
  29. // Login. For IE this hook is listening to guests + logged in users. 
  30. /** 
  31. * This is moved to main plugin file to avoid IE11 and EDGE browser issue 
  32. */ 
  33. //$this->add_ajax_action( 'ms_login', 'ajax_login', true, true ); 
  34. $this->add_ajax_action( 'ms_lostpass', 'ajax_lostpass', true, true ); 
  35.  
  36. /** 
  37. * Ajax handler. Returns the HTML code of an popup dialog. 
  38. * The process is terminated after this handler. 
  39. * 
  40. * @since 1.0.0 
  41. * @internal 
  42. */ 
  43. public function ajax_dialog() { 
  44. $data = ''; 
  45.  
  46. if ( isset( $_REQUEST['dialog'] ) ) { 
  47. $dialog = $_REQUEST['dialog']; 
  48. $dlg = MS_Factory::create( 'MS_' . $dialog ); 
  49.  
  50. $dlg->prepare(); 
  51.  
  52. $data = array( 
  53. 'id' => $dialog,  
  54. 'title' => $dlg->title,  
  55. 'content' => $dlg->content,  
  56. 'height' => $dlg->height,  
  57. 'width' => $dlg->width,  
  58. 'modal' => $dlg->modal,  
  59. ); 
  60.  
  61. $this->respond( $data ); 
  62.  
  63. /** 
  64. * Ajax handler. Handles incoming form data that was submitted via ajax. 
  65. * Typically this form is displayed inside a popup. 
  66. * 
  67. * @since 1.0.0 
  68. * @internal 
  69. */ 
  70. public function ajax_submit() { 
  71. $data = ''; 
  72.  
  73. if ( isset( $_REQUEST['dialog'] ) ) { 
  74. $dialog = $_REQUEST['dialog']; 
  75. $dlg = MS_Factory::create( 'MS_' . $dialog ); 
  76. $data = $dlg->submit(); 
  77.  
  78. $this->respond( $data ); 
  79.  
  80. /** 
  81. * Ajax handler. Used by shortcode `ms-membership-login` to login via ajax. 
  82. * 
  83. * @since 1.0.0 
  84. * @internal 
  85. */ 
  86. public function ajax_login() { 
  87. $resp = array(); 
  88.  
  89. // First check the nonce, if it fails the function will break 
  90. check_ajax_referer( 'ms-ajax-login' ); 
  91.  
  92. /** 
  93. * The login fields have alternative names: 
  94. * - username or log 
  95. * - password or pwd 
  96. * - remember or rememberme 
  97. */ 
  98. lib3()->array->equip_post( 
  99. 'username',  
  100. 'password',  
  101. 'remember',  
  102. 'log',  
  103. 'pwd',  
  104. 'rememberme' 
  105. ); 
  106.  
  107. if ( empty( $_POST['username'] ) && ! empty( $_POST['log'] ) ) { 
  108. $_POST['username'] = $_POST['log']; 
  109. if ( empty( $_POST['password'] ) && ! empty( $_POST['pwd'] ) ) { 
  110. $_POST['password'] = $_POST['pwd']; 
  111. if ( empty( $_POST['remember'] ) && ! empty( $_POST['rememberme'] ) ) { 
  112. $_POST['remember'] = $_POST['rememberme']; 
  113.  
  114. lib3()->array->equip_post( 'username', 'password', 'remember' ); 
  115. lib3()->array->strip_slashes( $_POST, 'password' ); 
  116.  
  117. // Nonce is checked, get the POST data and sign user on 
  118. $info = array( 
  119. 'user_login' => $_POST['username'],  
  120. 'user_password' => $_POST['password'],  
  121. 'remember' => (bool) $_POST['remember'],  
  122. ); 
  123.  
  124. $user_signon = wp_signon( $info, false ); 
  125. if ( is_wp_error( $user_signon ) ) { 
  126. $resp['error'] = __( 'Wrong username or password', 'membership2' ); 
  127. } else { 
  128. $member = MS_Factory::load( 'MS_Model_Member', $user_signon->ID ); 
  129.  
  130. // Also used in class-ms-model-member.php (signon_user) 
  131. wp_set_current_user( $member->id ); 
  132. wp_set_auth_cookie( $member->id ); 
  133. do_action( 'wp_login', $member->username, $user_signon ); 
  134. do_action( 'ms_model_member_signon_user', $user_signon, $member ); 
  135.  
  136. $resp['loggedin'] = true; 
  137. $resp['success'] = __( 'Logging in...', 'membership2' ); 
  138.  
  139. /** 
  140. * Allows a custom redirection after login. 
  141. * Empty value will use the default redirect option of the login form. 
  142. * 
  143. * @since 1.0.0 
  144. */ 
  145. $enforce = false; 
  146. if( isset( $_POST['redirect_to'] ) ) { 
  147. $resp['redirect'] = apply_filters( 'ms-ajax-login-redirect', $_POST['redirect_to'], $member ); 
  148. }else{ 
  149. $resp['redirect'] = apply_filters( 
  150. 'ms_url_after_login',  
  151. $_POST['redirect_to'],  
  152. $enforce 
  153. ); 
  154.  
  155.  
  156. $this->respond( $resp ); 
  157.  
  158. /** 
  159. * Ajax handler. Used by shortcode `ms-membership-login` to recover password 
  160. * 
  161. * @since 1.0.0 
  162. * @internal 
  163. */ 
  164. public function ajax_lostpass() { 
  165. $resp = array(); 
  166.  
  167. // First check the nonce, if it fails the function will break 
  168. check_ajax_referer( 'ms-ajax-lostpass' ); 
  169.  
  170. // Nonce is checked, get the POST data and sign user on 
  171. $errors = new WP_Error(); 
  172.  
  173. if ( empty( $_POST['user_login'] ) ) { 
  174. $resp['error'] = __( 'Enter a username or e-mail address.', 'membership2' ); 
  175. } else if ( strpos( $_POST['user_login'], '@' ) ) { 
  176. $user_data = get_user_by( 'email', trim( $_POST['user_login'] ) ); 
  177. if ( empty( $user_data ) ) { 
  178. $resp['error'] = __( 'There is no user registered with that email address.', 'membership2' ); 
  179. } else { 
  180. $login = trim( $_POST['user_login'] ); 
  181. $user_data = get_user_by( 'login', $login ); 
  182.  
  183. do_action( 'lostpassword_post' ); 
  184.  
  185. if ( ! empty( $resp['error'] ) ) { 
  186. $this->respond( $resp ); 
  187.  
  188. if ( ! $user_data ) { 
  189. $resp['error'] = __( 'Invalid username or e-mail.', 'membership2' ); 
  190. $this->respond( $resp ); 
  191.  
  192. // Redefining user_login ensures we return the right case in the email. 
  193. $user_login = $user_data->user_login; 
  194. $user_email = $user_data->user_email; 
  195.  
  196. do_action( 'retreive_password', $user_login ); // Legacy (misspelled) 
  197. do_action( 'retrieve_password', $user_login ); 
  198.  
  199. $allow = apply_filters( 'allow_password_reset', true, $user_data->ID ); 
  200.  
  201. if ( ! $allow ) { 
  202. $resp['error'] = __( 'Password reset is not allowed for this user', 'membership2' ); 
  203. $this->respond( $resp ); 
  204. } elseif ( is_wp_error( $allow ) ) { 
  205. return $allow; 
  206.  
  207. // Save an event about the password reset; also send the email template. 
  208. $member = MS_Factory::load( 'MS_Model_Member', $user_data->ID ); 
  209. MS_Model_Event::save_event( MS_Model_Event::TYPE_MS_RESETPASSWORD, $member ); 
  210.  
  211. // Send our default email if the user does not have a custom email template in place. 
  212. if ( ! apply_filters( 'ms_sent_reset_password_email', false ) ) { 
  213. // Get a new reset-key. 
  214. $reset = $member->new_password_reset_key(); 
  215.  
  216. $schema = is_ssl() ? 'https' : 'http'; 
  217.  
  218. $message = sprintf( 
  219. __( 'Someone has requested a password reset for the following account: %sIf this was a mistake, just ignore this email and nothing will happen.%s %s', 'membership2' ),  
  220. "\r\n\r\n" . network_home_url( '/', $schema ) . "\r\n\r\n" . 
  221. sprintf( __( 'Username: %s', 'membership2' ), $user_login ) . "\r\n\r\n",  
  222. "\r\n\r\n" . __( 'To reset your password, visit the following address:', 'membership2' ) . "\r\n",  
  223. "\r\n<" . $reset->url . ">\r\n" 
  224. ); 
  225.  
  226. if ( is_multisite() ) { 
  227. $blogname = $GLOBALS['current_site']->site_name; 
  228. } else { 
  229. $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); 
  230.  
  231. $title = sprintf( __( '[%s] Password Reset' ), $blogname ); 
  232.  
  233. $title = apply_filters( 'retrieve_password_title', $title ); 
  234. $message = apply_filters( 'retrieve_password_message', $message, $reset->key, $reset->url ); 
  235.  
  236. if ( $message && ! wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) ) { 
  237. $resp['error'] = __( 'The e-mail could not be sent.' ) . '<br />' . 
  238. __( 'Possible reason: your host may have disabled the mail() function.' ); 
  239. } else { 
  240. $resp['success'] = __( 'Check your e-mail for the confirmation link.', 'membership2' ); 
  241. } else { 
  242. $resp['success'] = __( 'Check your e-mail for the confirmation link.', 'membership2' ); 
  243.  
  244. $this->respond( $resp ); 
  245.  
  246. /** 
  247. * Output Ajax response (in JSON format) and terminate the process. 
  248. * 
  249. * @since 1.0.0 
  250. * 
  251. * @param array $resp The data to output. 
  252. */ 
  253. private function respond( $resp ) { 
  254. echo json_encode( $resp ); 
  255. exit(); 
  256.  
  257. }; 
.