kawaiipunk/laipower
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

installed plugin Easy Digital Downloads version 3.1.0.3

Browse Source
This commit is contained in:
KawaiiPunk
2022-11-27 15:03:07 +00:00
committed by Gitium
parent 555673545b
commit c5dce2cec6
1200 changed files with 238970 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

221
wp-content/plugins/easy-digital-downloads/includes/users/login.php Normal file
View File

@ -0,0 +1,221 @@
<?php
/**
* Login Functions
*
* @package EDD
* @subpackage Functions/Login
* @copyright Copyright (c) 2018, Easy Digital Downloads, LLC
* @license http://opensource.org/licenses/gpl-2.0.php GNU Public License
* @since 1.0
*/
// Exit if accessed directly
defined( 'ABSPATH' ) || exit;
/**
* While loading the template, see if an error was set for a filed login attempt and set the proper
* HTTP status code if there was a failed login attempt.
*
* @since 2.9.24
*
* @return void
*/
function edd_login_error_check() {
$errors = edd_get_errors();
if ( ! empty( $errors ) ) {
if ( array_key_exists( 'edd_invalid_login', $errors ) ) {
status_header( 401 );
}
}
}
add_action( 'template_redirect', 'edd_login_error_check', 10 );
/**
* Login Form
*
* @since 1.0
* @global $post
* @param string $redirect Redirect page URL
* @return string Login form
*/
function edd_login_form( $redirect = '' ) {
global $edd_login_redirect;
if ( empty( $redirect ) ) {
$redirect = edd_get_current_page_url();
}
$edd_login_redirect = $redirect;
ob_start();
edd_get_template_part( 'shortcode', 'login' );
return apply_filters( 'edd_login_form', ob_get_clean() );
}
/**
* Process Login Form
*
* @since 1.0
* @since 2.9.24 No longer does validation which would prevent bruteforce detection plugins to be able to integrate.
*
* @param array $data Data sent from the login form
* @return void
*/
function edd_process_login_form( $data ) {
if ( ! empty( $data['edd_login_nonce'] ) && wp_verify_nonce( $data['edd_login_nonce'], 'edd-login-nonce' ) ) {
$login = isset( $data['edd_user_login'] ) ? $data['edd_user_login'] : '';
$pass = isset( $data['edd_user_pass'] ) ? $data['edd_user_pass'] : '';
$rememberme = isset( $data['rememberme'] );
$user = edd_log_user_in( 0, $login, $pass, $rememberme );
// Wipe these variables so they aren't anywhere in the submitted format any longer.
$login = null;
$pass = null;
$data['edd_user_login'] = null;
$data['edd_user_pass'] = null;
// Check for errors and redirect if none present.
$errors = edd_get_errors();
if ( ! $errors ) {
// First check to see if we're processing a login from a file download that required a login.
$download_require_login_redirect = EDD()->session->get( 'edd_require_login_to_download_redirect' );
if ( ! empty( $download_require_login_redirect ) ) {
$redirect_for_download = edd_get_file_download_login_redirect( $download_require_login_redirect );
wp_safe_redirect( esc_url( $redirect_for_download ) );
}
$default_redirect_url = $data['edd_redirect'];
if ( has_filter( 'edd_login_redirect' ) ) {
$user_id = $user instanceof WP_User ? $user->ID : false;
/**
* Filters the URL to which users are redirected to after logging in.
*
* @since 1.0
* @param string $default_redirect_url The URL to which to redirect after logging in.
* @param int|false User ID. false if no ID is available.
*/
wp_redirect( esc_url_raw( apply_filters( 'edd_login_redirect', $default_redirect_url, $user_id ) ) );
} else {
wp_safe_redirect( esc_url_raw( $default_redirect_url ) );
}
edd_die();
}
}
}
add_action( 'edd_user_login', 'edd_process_login_form' );
/**
* Log User In
*
* @since 1.0
* @since 2.9.24 Uses the wp_signon function instead of all the additional checks which can bypass hooks in core.
*
* @param int $user_id User ID
* @param string $user_login Username
* @param string $user_pass Password
* @param boolean $remember Remember me
* @return void
*/
function edd_log_user_in( $user_id, $user_login, $user_pass, $remember = false ) {
$credentials = array(
'user_login' => $user_login,
'user_password' => $user_pass,
'remember' => $remember,
);
$user = wp_signon( $credentials );
if ( ! $user instanceof WP_User ) {
edd_set_error(
'edd_invalid_login',
sprintf(
/* translators: %1$s Opening anchor tag, do not translate. %2$s Closing anchor tag, do not translate. */
__( 'Invalid username or password. %1$sReset Password%2$s', 'easy-digital-downloads' ),
'<a href="' . esc_url( edd_get_lostpassword_url() ) . '">',
'</a>'
)
);
} else {
// Since wp_signon doesn't set the current user, we need to do this.
wp_set_current_user( $user->ID );
do_action( 'edd_log_user_in', $user_id, $user_login, $user_pass );
}
return $user;
}
add_filter( 'login_url', 'edd_update_login_url', 10, 3 );
/**
* If a login page has been set in the EDD settings,
* update the WordPress login URL.
*
* @param string $url
* @return string
*/
function edd_update_login_url( $url, $redirect_to, $force_reauth ) {
// Don't change the login URL if the request is an admin request.
if ( is_admin() ) {
return $url;
}
// Get the login page URL and return the default if it's not set.
$login_url = edd_get_login_page_uri();
if ( ! $login_url ) {
return $url;
}
if ( ! empty( $redirect ) ) {
$login_url = add_query_arg( 'redirect_to', urlencode( $redirect ), $login_url );
}
if ( $force_reauth ) {
$login_url = add_query_arg( 'reauth', '1', $login_url );
}
return $login_url;
}
/**
* Helper function to get the EDD login page URI.
*
* @return false|string
*/
function edd_get_login_page_uri() {
$login_page = edd_get_option( 'login_page', false );
return $login_page ? get_permalink( $login_page ) : false;
}
/**
* Generate a redirect URL that is used when file downloads require the user to be logged in.
*
* By default uses the homepage, appends a nonce, and an action, and returns a Nonce'd URL
*
* @since 3.1
*
* @param array $redirect_data The data stored for this specific redirect URL.
*
* @return string The URL to use in the redirect process of logging in to download the file.
*/
function edd_get_file_download_login_redirect( $redirect_data ) {
$login_redirect_page_id = edd_get_option( 'login_redirect_page', false );
$redirect_base = ! empty( $login_redirect_page_id ) ? get_permalink( $login_redirect_page_id ) : home_url();
$token = \EDD\Utils\Tokenizer::tokenize( $redirect_data );
$redirect_for_download = add_query_arg(
array(
'edd_action' => 'process_file_download_after_login',
'_token' => $token,
),
apply_filters( 'edd_get_file_download_login_redirect_base', $redirect_base )
);
return $redirect_for_download;
}

280
wp-content/plugins/easy-digital-downloads/includes/users/lost-password.php Normal file
View File

@ -0,0 +1,280 @@
<?php
/**
* Lost Password Functions
*
* @package EDD
* @subpackage Functions/Login
* @copyright Copyright (c) 2022, Easy Digital Downloads, LLC
* @license https://opensource.org/licenses/gpl-2.0.php GNU Public License
* @since 1.0
*/
// Exit if accessed directly
defined( 'ABSPATH' ) || exit;
add_filter( 'wp_login_errors', 'edd_login_register_error_message', 10, 2 );
/**
* Changes the WordPress login confirmation message when using EDD's reset password link.
*
* @since 2.10
* @param object \WP_Error $errors
* @param string $redirect
* @return void
*/
function edd_login_register_error_message( $errors, $redirect ) {
$redirect_url = EDD()->session->get( 'edd_forgot_password_redirect' );
if ( empty( $redirect_url ) ) {
return $errors;
}
$message = sprintf(
/* translators: %s: Link to the referring page. */
__( 'Follow the instructions in the confirmation email you just received, then <a href="%s">return to what you were doing</a>.', 'easy-digital-downloads' ),
esc_url( $redirect_url )
);
$errors->remove( 'confirm' );
$errors->add(
'confirm',
apply_filters(
'edd_login_register_error_message',
$message,
$redirect_url
),
'message'
);
EDD()->session->set( 'edd_forgot_password_redirect', null );
return $errors;
}
/**
* Gets the lost password URL, customized for EDD. Using this allows the password
* reset form to redirect to the login screen with the EDD custom confirmation message.
*
* @since 2.10
* @return string
*/
function edd_get_lostpassword_url() {
$login_page_uri = edd_get_login_page_uri();
if ( empty( $login_page_uri ) ) {
return add_query_arg(
array(
'edd_forgot_password' => 'confirm',
),
wp_lostpassword_url()
);
}
return add_query_arg( 'action', 'lostpassword', $login_page_uri );
}
/**
* Gets the password reset link for a user.
*
* @param WP_User $user
* @return false|string
*/
function edd_get_password_reset_link( $user ) {
$key = get_password_reset_key( $user );
if ( is_wp_error( $key ) ) {
return false;
}
return add_query_arg(
array(
'action' => 'rp',
'key' => rawurlencode( $key ),
'login' => rawurlencode( $user->user_login ),
),
wp_login_url()
);
}
add_action( 'lostpassword_form', 'edd_set_lostpassword_session' );
/**
* Sets a session value for the lost password redirect URI.
*
* @since 3.0.2
* @return void
*/
function edd_set_lostpassword_session() {
if ( ! empty( $_GET['edd_forgot_password'] ) && 'confirm' === $_GET['edd_forgot_password'] ) {
$url = wp_validate_redirect(
wp_get_referer(),
edd_get_checkout_uri()
);
EDD()->session->set( 'edd_forgot_password_redirect', $url );
}
}
add_action( 'edd_user_lost_password', 'edd_handle_lost_password_request' );
/**
* Handles the lost password request from the EDD lost password block.
*
* @since 3.1
* @param array $data
* @return void
*/
function edd_handle_lost_password_request( $data ) {
if ( 'POST' === $_SERVER['REQUEST_METHOD'] ) {
$errors = retrieve_password();
if ( ! is_wp_error( $errors ) ) {
edd_set_success( 'checkemail', __( 'You did it! Check your email for instructions on resetting your password.', 'easy-digital-downloads' ) );
} else {
$error_code = $errors->get_error_code();
$message = $errors->get_error_message( $error_code );
if ( $message ) {
// WP_Error messages include "Error:" so we remove that here to prevent duplication.
$message = explode( ':', $message );
$message = ! empty( $message[1] ) ? trim( $message[1] ) : trim( $message[0] );
edd_set_error( $id, $message );
}
}
}
edd_redirect( remove_query_arg( 'action', wp_get_referer() ) );
}
add_filter( 'retrieve_password_message', 'edd_retrieve_password_message', 10, 4 );
/**
* Filters the email message sent when a password reset has been requested.
*
* @since 3.1
* @param string $message The email message.
* @param string $key The activation key.
* @param string $user_login The username for the user.
* @param WP_User $user_data WP_User object.
* @return string
*/
function edd_retrieve_password_message( $message, $key, $user_login, $user_data ) {
if ( empty( $_POST['edd_action'] ) || 'user_lost_password' !== $_POST['edd_action'] ) {
return $message;
}
if ( empty( $_POST['edd_lost-password_nonce'] ) || ! wp_verify_nonce( $_POST['edd_lost-password_nonce'], 'edd-lost-password-nonce' ) ) {
return $message;
}
if ( is_multisite() ) {
$site_name = get_network()->site_name;
} else {
/*
* The blogname option is escaped with esc_html on the way into the database
* in sanitize_option. We want to reverse this for the plain text arena of emails.
*/
$site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
}
$message = __( 'Someone has requested a password reset for the following account:', 'easy-digital-downloads' ) . "\r\n\r\n";
/* translators: %s: Site name. */
$message .= sprintf( __( 'Site Name: %s', 'easy-digital-downloads' ), $site_name ) . "\r\n\r\n";
/* translators: %s: User login. */
$message .= sprintf( __( 'Username: %s', 'easy-digital-downloads' ), $user_login ) . "\r\n\r\n";
$message .= __( 'If this was a mistake, ignore this email and nothing will happen.', 'easy-digital-downloads' ) . "\r\n\r\n";
$message .= __( 'To reset your password, visit the following address:', 'easy-digital-downloads' ) . "\r\n\r\n";
$message .= add_query_arg(
array(
'edd_action' => 'password_reset_requested',
'key' => $key,
'login' => rawurlencode( $user_login ),
),
esc_url_raw( $_POST['edd_redirect'] )
);
$message .= "\r\n\r\n";
if ( ! is_user_logged_in() ) {
$requester_ip = $_SERVER['REMOTE_ADDR'];
if ( $requester_ip ) {
$message .= sprintf(
/* translators: %s: IP address of password reset requester. */
__( 'This password reset request originated from the IP address %s.', 'easy-digital-downloads' ),
$requester_ip
) . "\r\n";
}
}
return $message;
}
add_action( 'edd_password_reset_requested', 'edd_validate_password_reset_link' );
/**
* Validates the email link and sends the user to the password reset form upon success.
*
* @since 3.1
* @return void
*/
function edd_validate_password_reset_link() {
list( $rp_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
$redirect = remove_query_arg( array( 'key', 'login', 'edd_action' ), wp_get_referer() );
// Everything is good; move forward with the password reset.
if ( isset( $_GET['key'] ) && isset( $_GET['login'] ) ) {
$value = sprintf( '%s:%s', wp_unslash( $_GET['login'] ), wp_unslash( $_GET['key'] ) );
setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
edd_redirect( add_query_arg( 'action', 'rp', $redirect ) );
}
$user = false;
if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) {
list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 );
$user = check_password_reset_key( $rp_key, $rp_login );
if ( isset( $_POST['pass1'] ) && ! hash_equals( $rp_key, $_POST['rp_key'] ) ) {
$user = false;
}
}
if ( ! $user || is_wp_error( $user ) ) {
setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
if ( $user && $user->get_error_code() === 'expired_key' ) {
edd_set_error( 'expiredkey', __( 'Your password reset link has expired. Please request a new link below.', 'easy-digital-downloads' ) );
} else {
edd_set_error( 'invalidkey', __( 'Your password reset link appears to be invalid. Please request a new link below.', 'easy-digital-downloads' ) );
}
}
// Redirect back to the lost password form instead of the password reset.
edd_redirect( add_query_arg( 'action', 'lostpassword', $redirect ) );
}
add_action( 'edd_user_reset_password', 'edd_validate_password_reset' );
/**
* Validates the password reset and redirects to the login form on success.
*
* @since 3.1
* @param array $data
* @return void
*/
function edd_validate_password_reset( $data ) {
// Check if password is one or all empty spaces.
if ( ! empty( $data['pass1'] ) ) {
$_POST['pass1'] = trim( $data['pass1'] );
}
if ( empty( $data['pass1'] ) ) {
edd_set_error( 'empty_password', __( 'The password cannot be a space or all spaces.', 'easy-digital-downloads' ) );
}
// Check if password fields do not match.
if ( ! empty( $data['pass1'] ) && trim( $data['pass2'] ) !== $data['pass1'] ) {
edd_set_error( 'password_reset_mismatch', __( 'The passwords do not match.', 'easy-digital-downloads' ) );
}
$user = get_user_by( 'login', $data['user_login'] );
if ( ! $user || is_wp_error( $user ) ) {
edd_set_error( 'password_reset_unsuccessful', __( 'Your password could not be reset.', 'easy-digital-downloads' ) );
}
$redirect = remove_query_arg( 'action', $data['edd_redirect'] );
// If no errors were registered then reset the password.
if ( ! edd_get_errors() ) {
reset_password( $user, $data['pass1'] );
edd_set_success( 'password_reset_successful', __( 'Your password was successfully reset.', 'easy-digital-downloads' ) );
// todo: check if this is correct
setcookie( 'wp-resetpass-' . COOKIEHASH, ' ', time() - YEAR_IN_SECONDS, wp_make_link_relative( wp_get_referer() ), COOKIE_DOMAIN, is_ssl(), true );
edd_redirect( $redirect );
}
edd_redirect( add_query_arg( 'action', 'password_reset_unsuccessful', $redirect ) );
}

124
wp-content/plugins/easy-digital-downloads/includes/users/register.php Normal file
View File

@ -0,0 +1,124 @@
<?php
/**
* Register Functions
*
* @package EDD
* @subpackage Functions/Login
* @copyright Copyright (c) 2018, Easy Digital Downloads, LLC
* @license http://opensource.org/licenses/gpl-2.0.php GNU Public License
* @since 1.0
*/
// Exit if accessed directly
defined( 'ABSPATH' ) || exit;
/**
* Registration Form
*
* @since 2.0
* @global $post
* @param string $redirect Redirect page URL
* @return string Register form
*/
function edd_register_form( $redirect = '' ) {
global $edd_register_redirect;
if ( empty( $redirect ) ) {
$redirect = edd_get_current_page_url();
}
$edd_register_redirect = $redirect;
ob_start();
edd_get_template_part( 'shortcode', 'register' );
return apply_filters( 'edd_register_form', ob_get_clean() );
}
/**
* Process Register Form
*
* @since 2.0
* @param array $data Data sent from the register form
* @return void
*/
function edd_process_register_form( $data ) {
if ( is_user_logged_in() ) {
return;
}
if ( empty( $data['edd_register_submit'] ) ) {
return;
}
do_action( 'edd_pre_process_register_form' );
if ( empty( $data['edd_user_login'] ) ) {
edd_set_error( 'empty_username', __( 'Invalid username', 'easy-digital-downloads' ) );
}
if ( username_exists( $data['edd_user_login'] ) ) {
edd_set_error( 'username_unavailable', __( 'Username already taken', 'easy-digital-downloads' ) );
}
if ( ! validate_username( $data['edd_user_login'] ) ) {
edd_set_error( 'username_invalid', __( 'Invalid username', 'easy-digital-downloads' ) );
}
if ( email_exists( $data['edd_user_email'] ) ) {
edd_set_error( 'email_unavailable', __( 'Email address already taken', 'easy-digital-downloads' ) );
}
if ( empty( $data['edd_user_email'] ) || ! is_email( $data['edd_user_email'] ) ) {
edd_set_error( 'email_invalid', __( 'Invalid email', 'easy-digital-downloads' ) );
}
if ( ! empty( $data['edd_payment_email'] ) && $data['edd_payment_email'] != $data['edd_user_email'] && ! is_email( $data['edd_payment_email'] ) ) {
edd_set_error( 'payment_email_invalid', __( 'Invalid payment email', 'easy-digital-downloads' ) );
}
if ( isset( $data['edd_honeypot'] ) && ! empty( $data['edd_honeypot'] ) ) {
edd_set_error( 'invalid_form_data', __( 'Registration form validation failed.', 'easy-digital-downloads' ) );
}
// Check if password is one or all empty spaces.
if ( ! empty( $data['edd_user_pass'] ) ) {
$data['edd_user_pass'] = trim( $data['edd_user_pass'] );
}
if ( empty( $data['edd_user_pass'] ) ) {
edd_set_error( 'empty_password', __( 'The password cannot be a space or all spaces.', 'easy-digital-downloads' ) );
}
// Check if password fields do not match.
if ( ! empty( $data['edd_user_pass'] ) && ( empty( $data['edd_user_pass2'] ) || trim( $data['edd_user_pass2'] ) !== $data['edd_user_pass'] ) ) {
edd_set_error( 'password_mismatch', __( 'The passwords do not match.', 'easy-digital-downloads' ) );
}
do_action( 'edd_process_register_form' );
// Check for errors and redirect if none present.
$errors = edd_get_errors();
if ( empty( $errors ) ) {
$redirect = apply_filters( 'edd_register_redirect', $data['edd_redirect'] );
edd_register_and_login_new_user(
array(
'user_login' => $data['edd_user_login'],
'user_pass' => $data['edd_user_pass'],
'user_email' => $data['edd_user_email'],
'user_registered' => date( 'Y-m-d H:i:s' ),
'role' => get_option( 'default_role' ),
)
);
edd_set_success( 'account_registration_successful', __( 'Your account has been successfully created.', 'easy-digital-downloads' ) );
edd_redirect( $redirect );
}
}
add_action( 'edd_user_register', 'edd_process_register_form' );