Diff: STRATO-apps/wordpress_03/app/wp-content/plugins/bdthemes-element-pack/modules/user-login/module.php
Keine Baseline-Datei – Diff nur gegen leer.
1
-
1
+
<?php
2
+
namespace ElementPack\Modules\UserLogin;
3
+
4
+
use ElementPack\Base\Element_Pack_Module_Base;
5
+
6
+
if ( ! defined( 'ABSPATH' ) )
7
+
exit; // Exit if accessed directly
8
+
9
+
class Module extends Element_Pack_Module_Base {
10
+
11
+
protected $fb_app_id;
12
+
protected $fb_app_secret;
13
+
protected $go_client_id;
14
+
15
+
public function get_name() {
16
+
return 'user-login';
17
+
}
18
+
19
+
public function get_widgets() {
20
+
21
+
$widgets = [
22
+
'User_Login',
23
+
];
24
+
25
+
return $widgets;
26
+
}
27
+
28
+
/**
29
+
* Constructor.
30
+
*/
31
+
public function __construct() {
32
+
parent::__construct();
33
+
34
+
$options = get_option( 'element_pack_api_settings' );
35
+
$this->fb_app_id = ( isset( $options['facebook_app_id'] ) && ! empty( $options['facebook_app_id'] ) ) ? sanitize_text_field( $options['facebook_app_id'] ) : '';
36
+
$this->fb_app_secret = ( isset( $options['facebook_app_secret'] ) && ! empty( $options['facebook_app_secret'] ) ) ? sanitize_text_field( $options['facebook_app_secret'] ) : '';
37
+
$this->go_client_id = ( isset( $options['google_client_id'] ) && ! empty( $options['google_client_id'] ) ) ? sanitize_text_field( $options['google_client_id'] ) : '';
38
+
39
+
add_action( 'wp_ajax_element_pack_social_facebook_login', array( $this, 'get_facebook_data' ) );
40
+
add_action( 'wp_ajax_nopriv_element_pack_social_facebook_login', array( $this, 'get_facebook_data' ) );
41
+
42
+
add_action( 'wp_ajax_element_pack_social_google_login', array( $this, 'get_google_data' ) );
43
+
add_action( 'wp_ajax_nopriv_element_pack_social_google_login', array( $this, 'get_google_data' ) );
44
+
45
+
add_action( 'elementor/frontend/before_register_scripts', [ $this, 'register_site_scripts' ] );
46
+
47
+
48
+
add_action( 'wp_head', array( $this, 'init_facebook' ) );
49
+
add_action( 'wp_ajax_nopriv_element_pack_ajax_login', [ $this, "element_pack_ajax_login" ] );
50
+
51
+
}
52
+
53
+
public function element_pack_ajax_login() {
54
+
// First check the nonce, if it fails the function will break
55
+
check_ajax_referer( 'ajax-login-nonce', 'bdt-user-login-sc' );
56
+
57
+
/** Recaptcha*/
58
+
$post_id = isset( $_REQUEST['page_id'] ) ? (int) $_REQUEST['page_id'] : 0;
59
+
$widget_id = isset( $_REQUEST['widget_id'] ) ? $_REQUEST['widget_id'] : 0;
60
+
61
+
$result = $this->get_widget_settings( $post_id, $widget_id );
62
+
63
+
if ( isset( $result['show_recaptcha_checker'] ) && $result['show_recaptcha_checker'] == 'yes' ) {
64
+
$gRecaptcha = isset( $_REQUEST['g-recaptcha-response'] ) ? esc_textarea( sanitize_text_field( wp_unslash( $_REQUEST['g-recaptcha-response'] ) ) ) : '';
65
+
66
+
if ( ! apply_filters( 'element_pack_google_recaptcha_validation', $gRecaptcha ) ) {
67
+
echo wp_json_encode( [ 'loggedin' => false, 'message' => esc_html__( 'reCAPTCHA is invalid!', 'bdthemes-element-pack' ) ] );
68
+
exit;
69
+
}
70
+
71
+
}
72
+
73
+
// Nonce is checked, get the POST data and sign user on
74
+
$access_info = [];
75
+
$access_info['user_login'] = ! empty( $_POST['user_login'] ) ? sanitize_text_field( wp_unslash( $_POST['user_login'] ) ) : "";
76
+
/**
77
+
* Do not sanitize password field
78
+
*/
79
+
$access_info['user_password'] = ! empty( $_POST['user_password'] ) ? $_POST['user_password'] : "";
80
+
$access_info['remember'] = ! empty( $_POST['rememberme'] ) ? true : false;
81
+
$user_signon = wp_signon( $access_info, false );
82
+
83
+
if ( ! is_wp_error( $user_signon ) ) {
84
+
echo wp_json_encode( [ 'loggedin' => true, 'message' => esc_html__( 'Login successful, Redirecting...', 'bdthemes-element-pack' ) ] );
85
+
} else {
86
+
echo wp_json_encode( [ 'loggedin' => false, 'message' => esc_html__( 'Oops! Wrong username or password!', 'bdthemes-element-pack' ) ] );
87
+
}
88
+
89
+
die();
90
+
}
91
+
92
+
public function register_site_scripts() {
93
+
wp_register_script( 'ep-google-login', 'https://apis.google.com/js/api:client.js', [ 'jquery' ], null, true );
94
+
95
+
}
96
+
97
+
public function init_facebook() {
98
+
if ( strlen( $this->fb_app_id ) > 10 && ! is_user_logged_in() ) :
99
+
?>
100
+
<script>
101
+
window.fbAsyncInit = function () {
102
+
FB.init({
103
+
appId: '<?php echo esc_html( $this->fb_app_id ) ?>',
104
+
autoLogAppEvents: true,
105
+
xfbml: true,
106
+
version: 'v5.0'
107
+
});
108
+
};
109
+
110
+
(function (d, s, id) {
111
+
var js, fjs = d.getElementsByTagName(s)[0];
112
+
if (d.getElementById(id)) { return; }
113
+
js = d.createElement(s); js.id = id;
114
+
js.src = "https://connect.facebook.net/en_US/sdk.js";
115
+
fjs.parentNode.insertBefore(js, fjs);
116
+
}(document, 'script', 'facebook-jssdk'));
117
+
</script>
118
+
<?php endif;
119
+
}
120
+
121
+
/**
122
+
* Get Google Form Data via AJAX call.
123
+
* return void
124
+
*/
125
+
public function get_google_data() {
126
+
127
+
$data = array();
128
+
$response = array();
129
+
$user_data = array();
130
+
$result = '';
131
+
132
+
if ( isset( $_POST['id_token'] ) ) {
133
+
134
+
$id_token = filter_input( INPUT_POST, 'id_token', FILTER_SANITIZE_STRING );
135
+
$google_client_id = $this->go_client_id;
136
+
$googleUserdata = $this->verify_google_data( $id_token, $google_client_id );
137
+
138
+
$name = isset( $googleUserdata['name'] ) ? sanitize_text_field( $googleUserdata['name'] ) : '';
139
+
$email = isset( $googleUserdata['email'] ) ? sanitize_email( $googleUserdata['email'] ) : '';
140
+
$should_send_email = apply_filters( 'elementor_pack_send_mail_create_user', 0 );
141
+
142
+
// Check if email is verified with Google.
143
+
if ( empty( $googleUserdata ) || ( $googleUserdata['aud'] !== $google_client_id ) || ( isset( $googleUserdata['email'] ) && $googleUserdata['email'] !== $email ) ) {
144
+
wp_send_json_error(
145
+
array(
146
+
'error' => esc_attr_x( 'Unauthorized access', 'User Login and Register', 'bdthemes-element-pack' ),
147
+
)
148
+
);
149
+
}
150
+
151
+
$user_data = get_user_by( 'email', $email );
152
+
153
+
$response['username'] = $name;
154
+
155
+
if ( ! empty( $user_data ) && false !== $user_data ) {
156
+
157
+
$user_ID = $user_data->ID;
158
+
$user_email = $user_data->user_email;
159
+
wp_set_auth_cookie( $user_ID );
160
+
wp_set_current_user( $user_ID, $name );
161
+
do_action( 'wp_login', $user_data->user_login, $user_data );
162
+
$response['success'] = true;
163
+
164
+
} else {
165
+
166
+
$password = wp_generate_password( 12, true, false );
167
+
168
+
if ( username_exists( $name ) ) {
169
+
// Generate something unique to append to the username in case of a conflict with another user.
170
+
$suffix = '-' . zeroise( wp_rand( 0, 9999 ), 4 );
171
+
$name .= $suffix;
172
+
173
+
$user_array = array(
174
+
'user_login' => strtolower( preg_replace( '/\s+/', '', $name ) ),
175
+
'user_pass' => $password,
176
+
'user_email' => $email,
177
+
'first_name' => $googleUserdata['name'],
178
+
);
179
+
$user_array = apply_filters( 'elementor_pack_user_login_insert_user', $user_array );
180
+
$result = wp_insert_user( $user_array );
181
+
} else {
182
+
$user_array = array(
183
+
'user_login' => strtolower( $name ),
184
+
'user_pass' => $password,
185
+
'user_email' => $email,
186
+
'first_name' => $googleUserdata['name'],
187
+
);
188
+
$user_array = apply_filters( 'elementor_pack_user_login_insert_user', $user_array );
189
+
$result = wp_insert_user( $user_array );
190
+
}
191
+
192
+
if ( 1 == $should_send_email ) {
193
+
$this->send_created_user_email( $result, $should_send_email );
194
+
}
195
+
196
+
$user_data = get_user_by( 'email', $email );
197
+
198
+
if ( $user_data ) {
199
+
200
+
$user_ID = $user_data->ID;
201
+
$user_email = $user_data->user_email;
202
+
203
+
$user_meta = array(
204
+
'provider' => 'google',
205
+
);
206
+
207
+
update_user_meta( $user_ID, 'ep_login_form', $user_meta );
208
+
209
+
if ( wp_check_password( $password, $user_data->user_pass, $user_data->ID ) ) {
210
+
211
+
wp_set_auth_cookie( $user_ID );
212
+
wp_set_current_user( $user_ID, $name );
213
+
do_action( 'wp_login', $user_data->user_login, $user_data );
214
+
$response['success'] = true;
215
+
}
216
+
}
217
+
}
218
+
219
+
echo wp_json_encode( $response, true );
220
+
221
+
} else {
222
+
die;
223
+
}
224
+
}
225
+
226
+
/**
227
+
* Get access token info.
228
+
*/
229
+
public function verify_google_data( $id_token, $uae_google_client_id ) {
230
+
231
+
require_once BDTEP_MODULES_PATH . 'user-login/vendor/autoload.php';
232
+
233
+
// Get $id_token via HTTPS POST.
234
+
$client = new \Google_Client( array( 'client_id' => $uae_google_client_id ) ); //PHPCS:ignore:PHPCompatibility.PHP.ShortArray.Found
235
+
$verified_data = $client->verifyIdToken( $id_token );
236
+
237
+
if ( $verified_data ) {
238
+
return $verified_data;
239
+
} else {
240
+
wp_send_json_error(
241
+
array(
242
+
'error' => esc_attr_x( 'Unauthorized access', 'User Login and Register', 'bdthemes-element-pack' ),
243
+
)
244
+
);
245
+
}
246
+
247
+
}
248
+
249
+
public function get_facebook_data() {
250
+
251
+
$data = array();
252
+
$response = array();
253
+
$user_data = array();
254
+
$result = '';
255
+
256
+
if ( isset( $_POST['data'] ) ) {
257
+
258
+
$data = $_POST['data'];
259
+
260
+
$fb_user_id = filter_input( INPUT_POST, 'userID', FILTER_SANITIZE_STRING );
261
+
$access_token = filter_input( INPUT_POST, 'security_string', FILTER_SANITIZE_STRING );
262
+
263
+
$fb_app_id = $this->fb_app_id;
264
+
$fb_app_secret = $this->fb_app_secret;
265
+
266
+
$fbUserData = $this->get_fb_user_info( $access_token, $fb_app_id, $fb_app_secret );
267
+
268
+
if ( empty( $fb_app_id ) || empty( $fb_app_secret ) || empty( $fb_user_id ) || empty( $fbUserData )
269
+
|| ( $fb_user_id !== $fbUserData['data']['user_id'] ) || ( $fb_app_id !== $fbUserData['data']['app_id'] )
270
+
|| ( ! $fbUserData['data']['is_valid'] ) ) {
271
+
272
+
wp_send_json_error( esc_html_x( 'Invalid Authorized Information', 'User Login and Register', 'bdthemes-element-pack' ) );
273
+
274
+
}
275
+
276
+
$name = sanitize_user( $data['name'] );
277
+
$first_name = sanitize_user( $data['first_name'] );
278
+
$last_name = sanitize_user( $data['last_name'] );
279
+
$should_send_email = apply_filters( 'elementor_pack_send_mail_create_user', 0 );
280
+
281
+
282
+
$verified_email = $this->get_fb_user_email( $fbUserData['data']['user_id'], $access_token );
283
+
284
+
if ( isset( $data['email'] ) && is_email( $data['email'] ) ) {
285
+
286
+
if ( $data['email'] === $verified_email['email'] ) {
287
+
$email = sanitize_email( $verified_email['email'] );
288
+
} else {
289
+
wp_send_json_error( esc_html_x( 'Invalid Authorization', 'User Login and Register', 'bdthemes-element-pack' ) );
290
+
}
291
+
} else {
292
+
$email = $fbUserData['data']['user_id'] . '@facebook.com';
293
+
}
294
+
295
+
$user_data = get_user_by( 'email', $email );
296
+
297
+
if ( ! empty( $user_data ) && false !== $user_data ) {
298
+
299
+
$user_ID = $user_data->ID;
300
+
$user_email = $user_data->user_email;
301
+
wp_set_auth_cookie( $user_ID );
302
+
wp_set_current_user( $user_ID, $name );
303
+
do_action( 'wp_login', $user_data->user_login, $user_data );
304
+
305
+
$response['success'] = true;
306
+
307
+
} else {
308
+
309
+
$password = wp_generate_password( 12, true, false );
310
+
311
+
$facebook_array = array(
312
+
'user_login' => $name,
313
+
'user_pass' => $password,
314
+
'user_email' => $email,
315
+
'first_name' => isset( $first_name ) ? $first_name : $name,
316
+
'last_name' => $last_name,
317
+
);
318
+
319
+
if ( username_exists( $name ) ) {
320
+
// Generate something unique to append to the username in case of a conflict with another user.
321
+
$suffix = '-' . zeroise( wp_rand( 0, 9999 ), 4 );
322
+
$name .= $suffix;
323
+
324
+
$facebook_array['user_login'] = strtolower( preg_replace( '/\s+/', '', $name ) );
325
+
}
326
+
327
+
$facebook_array = apply_filters( 'elementor_pack_user_login_insert_user', $facebook_array );
328
+
$result = wp_insert_user( $facebook_array );
329
+
330
+
if ( 1 == $should_send_email ) {
331
+
$this->send_created_user_email( $result, $should_send_email );
332
+
}
333
+
334
+
$user_data = get_user_by( 'email', $email );
335
+
336
+
if ( $user_data ) {
337
+
$user_ID = $user_data->ID;
338
+
$user_email = $user_data->user_email;
339
+
340
+
$user_meta = array(
341
+
'provider' => 'facebook',
342
+
);
343
+
344
+
update_user_meta( $user_ID, 'ep_login_form', $user_meta );
345
+
346
+
if ( wp_check_password( $password, $user_data->user_pass, $user_data->ID ) ) {
347
+
wp_set_auth_cookie( $user_ID );
348
+
wp_set_current_user( $user_ID, $name );
349
+
do_action( 'wp_login', $user_data->user_login, $user_data );
350
+
$response['success'] = true;
351
+
}
352
+
}
353
+
}
354
+
355
+
echo wp_json_encode( $response, true );
356
+
} else {
357
+
die;
358
+
}
359
+
}
360
+
361
+
public function get_fb_user_info( $access_token, $uae_facebook_app_id, $uae_facebook_app_secret ) {
362
+
363
+
$fb_url = 'https://graph.facebook.com/oauth/access_token';
364
+
$fb_url = add_query_arg(
365
+
array(
366
+
'client_id' => $uae_facebook_app_id,
367
+
'client_secret' => $uae_facebook_app_secret,
368
+
'grant_type' => 'client_credentials',
369
+
),
370
+
$fb_url
371
+
);
372
+
373
+
$fb_response = wp_remote_get( $fb_url );
374
+
375
+
if ( is_wp_error( $fb_response ) ) {
376
+
wp_send_json_error();
377
+
}
378
+
379
+
$fb_app_response = json_decode( wp_remote_retrieve_body( $fb_response ), true );
380
+
381
+
$app_token = $fb_app_response['access_token'];
382
+
383
+
$url = 'https://graph.facebook.com/debug_token';
384
+
$url = add_query_arg(
385
+
array(
386
+
'input_token' => $access_token,
387
+
'access_token' => $app_token,
388
+
),
389
+
$url
390
+
);
391
+
392
+
$response = wp_remote_get( $url );
393
+
394
+
if ( is_wp_error( $response ) ) {
395
+
wp_send_json_error();
396
+
}
397
+
398
+
return json_decode( wp_remote_retrieve_body( $response ), true );
399
+
}
400
+
401
+
/**
402
+
* Function that retrieves authenticatated Facebook email.
403
+
*/
404
+
public function get_fb_user_email( $user_id, $access_token ) {
405
+
406
+
$fb_email_url = 'https://graph.facebook.com/' . $user_id;
407
+
$fb_email_url = add_query_arg(
408
+
array(
409
+
'fields' => 'email',
410
+
'access_token' => $access_token,
411
+
),
412
+
$fb_email_url
413
+
);
414
+
415
+
$email_response = wp_remote_get( $fb_email_url );
416
+
417
+
if ( is_wp_error( $email_response ) ) {
418
+
wp_send_json_error();
419
+
}
420
+
421
+
return json_decode( wp_remote_retrieve_body( $email_response ), true );
422
+
423
+
}
424
+
425
+
public function send_created_user_email( $result, $notify ) {
426
+
427
+
do_action( 'edit_user_created_user', $result, $notify );
428
+
429
+
}
430
+
431
+
}
432
+