Diff: STRATO-apps/wordpress_03/app/wp-content/plugins/tutor/classes/FormHandler.php

Keine Baseline-Datei – Diff nur gegen leer.
Baseline Vorherige Version
Zur Liste
1 -
1 + <?php
2 + /**
3 + * Manage Form
4 + *
5 + * @package Tutor
6 + * @author Themeum <support@themeum.com>
7 + * @link https://themeum.com
8 + * @since 1.4.3
9 + */
10 +
11 + namespace TUTOR;
12 +
13 + if ( ! defined( 'ABSPATH' ) ) {
14 + exit;
15 + }
16 +
17 + /**
18 + * FormHandler class
19 + *
20 + * @since 1.4.3
21 + */
22 + class FormHandler {
23 +
24 + /**
25 + * Constructor
26 + *
27 + * @since 1.4.3
28 + * @return void
29 + */
30 + public function __construct() {
31 + add_action( 'tutor_action_tutor_retrieve_password', array( $this, 'tutor_retrieve_password' ) );
32 + add_action( 'tutor_action_tutor_process_reset_password', array( $this, 'tutor_process_reset_password' ) );
33 +
34 + add_action( 'tutor_reset_password_notification', array( $this, 'reset_password_notification' ), 10, 2 );
35 + add_filter( 'tutor_lostpassword_url', array( $this, 'lostpassword_url' ) );
36 + }
37 +
38 + /**
39 + * Retrieve Password
40 + *
41 + * @since 1.4.3
42 + * @return void|bool
43 + */
44 + public function tutor_retrieve_password() {
45 + tutils()->checking_nonce();
46 +
47 + /**
48 + * To check spam or other logic before form process.
49 + *
50 + * @since 2.1.10
51 + */
52 + $before_form_process = apply_filters( 'tutor_before_retrieve_password_form_process', null );
53 + if ( is_wp_error( $before_form_process ) ) {
54 + tutor_flash_set( 'danger', $before_form_process->get_error_message() );
55 + return false;
56 + }
57 +
58 + //phpcs:ignore WordPress.Security.NonceVerification.Missing
59 + $login = sanitize_user( tutils()->array_get( 'user_login', $_POST ) );
60 +
61 + if ( empty( $login ) ) {
62 + tutor_flash_set( 'danger', __( 'Enter a username or email address.', 'tutor' ) );
63 + return false;
64 + } else {
65 + // Check on username first, as customers can use emails as usernames.
66 + $user_data = get_user_by( 'login', $login );
67 + }
68 +
69 + // If no user found, check if it login is email and lookup user based on email.
70 + if ( ! $user_data && is_email( $login ) && apply_filters( 'tutor_get_username_from_email', true ) ) {
71 + $user_data = get_user_by( 'email', $login );
72 + }
73 +
74 + $errors = new \WP_Error();
75 +
76 + do_action( 'lostpassword_post', $errors );
77 +
78 + if ( $errors->get_error_code() ) {
79 + tutor_flash_set( 'danger', $errors->get_error_message() );
80 + return false;
81 + }
82 +
83 + if ( ! $user_data ) {
84 + tutor_flash_set( 'danger', __( 'Invalid username or email.', 'tutor' ) );
85 + return false;
86 + }
87 +
88 + if ( is_multisite() && ! is_user_member_of_blog( $user_data->ID, get_current_blog_id() ) ) {
89 + tutor_flash_set( 'danger', __( 'Invalid username or email.', 'tutor' ) );
90 + return false;
91 + }
92 +
93 + // Redefining user_login ensures we return the right case in the email.
94 + $user_login = $user_data->user_login;
95 +
96 + do_action( 'retrieve_password', $user_login );
97 +
98 + $allow = apply_filters( 'allow_password_reset', true, $user_data->ID );
99 +
100 + if ( ! $allow ) {
101 + tutor_flash_set( 'danger', __( 'Password reset is not allowed for this user', 'tutor' ) );
102 + return false;
103 + } elseif ( is_wp_error( $allow ) ) {
104 + tutor_flash_set( 'danger', $allow->get_error_message() );
105 + return false;
106 + }
107 +
108 + // Get password reset key (function introduced in WordPress 4.4).
109 + $key = get_password_reset_key( $user_data );
110 +
111 + // Send email notification.
112 + do_action( 'tutor_reset_password_notification', $user_login, $key );
113 + }
114 +
115 + /**
116 + * Send notification for rest password
117 + *
118 + * @since 1.4.3
119 + *
120 + * @param string $user_login username.
121 + * @param string $reset_key reset key.
122 + *
123 + * @return void
124 + */
125 + public function reset_password_notification( $user_login = '', $reset_key = '' ) {
126 + $this->send_notification( $user_login, $reset_key );
127 +
128 + $html = '<h3>' . __( 'Check your E-Mail', 'tutor' ) . '</h3>';
129 + $html .= '<p> ' . __( "We've sent an email to this account's email address. Click the link in the email to reset your password.", 'tutor' ) . '</p>';
130 + $html .= '<p>' . __( " If you don't see the email, check other places it might be, like your junk, spam, social, promotion or others folders.", 'tutor' ) . '</p>';
131 + tutor_flash_set( 'success', $html );
132 + }
133 +
134 + /**
135 + * Get lost password URL
136 + *
137 + * @since 1.4.3
138 + *
139 + * @param string $url URL.
140 + * @return string
141 + */
142 + public function lostpassword_url( $url ) {
143 + return tutils()->tutor_dashboard_url( 'retrieve-password' );
144 + }
145 +
146 + /**
147 + * Handle reset password request
148 + *
149 + * @since 1.4.3
150 + * @return void|bool
151 + */
152 + public function tutor_process_reset_password() {
153 + tutils()->checking_nonce();
154 +
155 + $reset_key = Input::post( 'reset_key' );
156 + $user_id = Input::post( 'user_id', 0, Input::TYPE_INT );
157 + $password = Input::post( 'password' );
158 + $confirm_password = Input::post( 'confirm_password' );
159 +
160 + $user = get_user_by( 'ID', $user_id );
161 + $user = check_password_reset_key( $reset_key, $user->user_login );
162 +
163 + if ( is_wp_error( $user ) ) {
164 + tutor_flash_set( 'danger', __( 'This key is invalid or has already been used. Please reset your password again if needed.', 'tutor' ) );
165 + return false;
166 + }
167 +
168 + if ( $user instanceof \WP_User ) {
169 + if ( ! $password ) {
170 + tutor_flash_set( 'danger', __( 'Please enter your password.', 'tutor' ) );
171 + return false;
172 + }
173 +
174 + if ( $password !== $confirm_password ) {
175 + tutor_flash_set( 'danger', __( 'Passwords do not match.', 'tutor' ) );
176 + return false;
177 + }
178 +
179 + tutils()->reset_password( $user, $password );
180 +
181 + do_action( 'tutor_user_reset_password', $user );
182 +
183 + // Perform the login.
184 + $creds = array(
185 + 'user_login' => $user->user_login,
186 + 'user_password' => $password,
187 + 'remember' => true,
188 + );
189 + $user = wp_signon( apply_filters( 'tutor_login_credentials', $creds ), is_ssl() );
190 +
191 + do_action( 'tutor_user_reset_password_login', $user );
192 +
193 + wp_safe_redirect( tutor_utils()->tutor_dashboard_url() );
194 + exit;
195 + }
196 + }
197 +
198 + /**
199 + * Send Password Reset E-Mail to user.
200 + * We are sending directly right now, later we will introduce centralised E-Mail notification System...
201 + *
202 + * @since 1.4.3
203 + *
204 + * @param string $user_login login username.
205 + * @param string $reset_key password reset key.
206 + *
207 + * @return void
208 + */
209 + public function send_notification( $user_login, $reset_key ) {
210 +
211 + $user_data = get_user_by( 'login', $user_login );
212 +
213 + $variable = array(
214 + 'user_login' => $user_login,
215 + 'reset_key' => $reset_key,
216 + 'user_id' => $user_data->ID,
217 + );
218 +
219 + $html = tutor_get_template_html( 'email.send-reset-password', $variable );
220 + /* translators: %s: site name */
221 + $subject = sprintf( __( 'Password Reset Request for %s', 'tutor' ), get_option( 'blogname' ) );
222 +
223 + $header = 'Content-Type: text/html' . "\r\n";
224 +
225 + add_filter( 'wp_mail_from', array( $this, 'get_from_address' ) );
226 + add_filter( 'wp_mail_from_name', array( $this, 'get_from_name' ) );
227 +
228 + wp_mail( $user_data->user_email, $subject, $html, $header );
229 +
230 + remove_filter( 'wp_mail_from', array( $this, 'get_from_address' ) );
231 + remove_filter( 'wp_mail_from_name', array( $this, 'get_from_name' ) );
232 + }
233 +
234 + /**
235 + * Get e-mail from address
236 + *
237 + * @since 1.4.3
238 + * @return string
239 + */
240 + public function get_from_address() {
241 + $from_address = get_tutor_option( 'email_from_address' );
242 + $default = ! $from_address ? get_option( 'admin_email' ) : $from_address;
243 + return apply_filters( 'tutor_email_from_address', $default );
244 + }
245 +
246 + /**
247 + * Get e-mail from name
248 + *
249 + * @since 1.4.3
250 + * @return string
251 + */
252 + public function get_from_name() {
253 + $from_name = get_tutor_option( 'email_from_name' );
254 + $default = ! $from_name ? get_option( 'blogname' ) : $from_name;
255 + return apply_filters( 'tutor_email_from_name', $default );
256 + }
257 +
258 + }
259 +