222 lines
6.2 KiB
PHP
222 lines
6.2 KiB
PHP
<?php
|
|
/**
|
|
* Login Functions
|
|
*
|
|
* @package EDD
|
|
* @subpackage Functions/Login
|
|
* @copyright Copyright (c) 2018, Easy Digital Downloads, LLC
|
|
* @license http://opensource.org/licenses/gpl-2.0.php GNU Public License
|
|
* @since 1.0
|
|
*/
|
|
|
|
// Exit if accessed directly
|
|
defined( 'ABSPATH' ) || exit;
|
|
|
|
/**
|
|
* While loading the template, see if an error was set for a filed login attempt and set the proper
|
|
* HTTP status code if there was a failed login attempt.
|
|
*
|
|
* @since 2.9.24
|
|
*
|
|
* @return void
|
|
*/
|
|
function edd_login_error_check() {
|
|
$errors = edd_get_errors();
|
|
if ( ! empty( $errors ) ) {
|
|
if ( array_key_exists( 'edd_invalid_login', $errors ) ) {
|
|
status_header( 401 );
|
|
}
|
|
}
|
|
}
|
|
add_action( 'template_redirect', 'edd_login_error_check', 10 );
|
|
|
|
/**
|
|
* Login Form
|
|
*
|
|
* @since 1.0
|
|
* @global $post
|
|
* @param string $redirect Redirect page URL
|
|
* @return string Login form
|
|
*/
|
|
function edd_login_form( $redirect = '' ) {
|
|
global $edd_login_redirect;
|
|
|
|
if ( empty( $redirect ) ) {
|
|
$redirect = edd_get_current_page_url();
|
|
}
|
|
|
|
$edd_login_redirect = $redirect;
|
|
|
|
ob_start();
|
|
|
|
edd_get_template_part( 'shortcode', 'login' );
|
|
|
|
return apply_filters( 'edd_login_form', ob_get_clean() );
|
|
}
|
|
|
|
/**
|
|
* Process Login Form
|
|
*
|
|
* @since 1.0
|
|
* @since 2.9.24 No longer does validation which would prevent bruteforce detection plugins to be able to integrate.
|
|
*
|
|
* @param array $data Data sent from the login form
|
|
* @return void
|
|
*/
|
|
function edd_process_login_form( $data ) {
|
|
|
|
if ( ! empty( $data['edd_login_nonce'] ) && wp_verify_nonce( $data['edd_login_nonce'], 'edd-login-nonce' ) ) {
|
|
$login = isset( $data['edd_user_login'] ) ? $data['edd_user_login'] : '';
|
|
$pass = isset( $data['edd_user_pass'] ) ? $data['edd_user_pass'] : '';
|
|
$rememberme = isset( $data['rememberme'] );
|
|
|
|
$user = edd_log_user_in( 0, $login, $pass, $rememberme );
|
|
|
|
// Wipe these variables so they aren't anywhere in the submitted format any longer.
|
|
$login = null;
|
|
$pass = null;
|
|
$data['edd_user_login'] = null;
|
|
$data['edd_user_pass'] = null;
|
|
|
|
// Check for errors and redirect if none present.
|
|
$errors = edd_get_errors();
|
|
if ( ! $errors ) {
|
|
// First check to see if we're processing a login from a file download that required a login.
|
|
$download_require_login_redirect = EDD()->session->get( 'edd_require_login_to_download_redirect' );
|
|
if ( ! empty( $download_require_login_redirect ) ) {
|
|
$redirect_for_download = edd_get_file_download_login_redirect( $download_require_login_redirect );
|
|
wp_safe_redirect( esc_url( $redirect_for_download ) );
|
|
}
|
|
|
|
$default_redirect_url = $data['edd_redirect'];
|
|
if ( has_filter( 'edd_login_redirect' ) ) {
|
|
$user_id = $user instanceof WP_User ? $user->ID : false;
|
|
/**
|
|
* Filters the URL to which users are redirected to after logging in.
|
|
*
|
|
* @since 1.0
|
|
* @param string $default_redirect_url The URL to which to redirect after logging in.
|
|
* @param int|false User ID. false if no ID is available.
|
|
*/
|
|
wp_redirect( esc_url_raw( apply_filters( 'edd_login_redirect', $default_redirect_url, $user_id ) ) );
|
|
} else {
|
|
wp_safe_redirect( esc_url_raw( $default_redirect_url ) );
|
|
}
|
|
edd_die();
|
|
}
|
|
}
|
|
}
|
|
add_action( 'edd_user_login', 'edd_process_login_form' );
|
|
|
|
/**
|
|
* Log User In
|
|
*
|
|
* @since 1.0
|
|
* @since 2.9.24 Uses the wp_signon function instead of all the additional checks which can bypass hooks in core.
|
|
*
|
|
* @param int $user_id User ID
|
|
* @param string $user_login Username
|
|
* @param string $user_pass Password
|
|
* @param boolean $remember Remember me
|
|
* @return void
|
|
*/
|
|
function edd_log_user_in( $user_id, $user_login, $user_pass, $remember = false ) {
|
|
|
|
$credentials = array(
|
|
'user_login' => $user_login,
|
|
'user_password' => $user_pass,
|
|
'remember' => $remember,
|
|
);
|
|
|
|
$user = wp_signon( $credentials );
|
|
|
|
if ( ! $user instanceof WP_User ) {
|
|
edd_set_error(
|
|
'edd_invalid_login',
|
|
sprintf(
|
|
/* translators: %1$s Opening anchor tag, do not translate. %2$s Closing anchor tag, do not translate. */
|
|
__( 'Invalid username or password. %1$sReset Password%2$s', 'easy-digital-downloads' ),
|
|
'<a href="' . esc_url( edd_get_lostpassword_url() ) . '">',
|
|
'</a>'
|
|
)
|
|
);
|
|
} else {
|
|
// Since wp_signon doesn't set the current user, we need to do this.
|
|
wp_set_current_user( $user->ID );
|
|
|
|
do_action( 'edd_log_user_in', $user_id, $user_login, $user_pass );
|
|
}
|
|
|
|
return $user;
|
|
}
|
|
|
|
add_filter( 'login_url', 'edd_update_login_url', 10, 3 );
|
|
/**
|
|
* If a login page has been set in the EDD settings,
|
|
* update the WordPress login URL.
|
|
*
|
|
* @param string $url
|
|
* @return string
|
|
*/
|
|
function edd_update_login_url( $url, $redirect_to, $force_reauth ) {
|
|
|
|
// Don't change the login URL if the request is an admin request.
|
|
if ( is_admin() ) {
|
|
return $url;
|
|
}
|
|
|
|
// Get the login page URL and return the default if it's not set.
|
|
$login_url = edd_get_login_page_uri();
|
|
if ( ! $login_url ) {
|
|
return $url;
|
|
}
|
|
|
|
if ( ! empty( $redirect ) ) {
|
|
$login_url = add_query_arg( 'redirect_to', urlencode( $redirect ), $login_url );
|
|
}
|
|
if ( $force_reauth ) {
|
|
$login_url = add_query_arg( 'reauth', '1', $login_url );
|
|
}
|
|
|
|
return $login_url;
|
|
}
|
|
|
|
/**
|
|
* Helper function to get the EDD login page URI.
|
|
*
|
|
* @return false|string
|
|
*/
|
|
function edd_get_login_page_uri() {
|
|
$login_page = edd_get_option( 'login_page', false );
|
|
|
|
return $login_page ? get_permalink( $login_page ) : false;
|
|
}
|
|
|
|
/**
|
|
* Generate a redirect URL that is used when file downloads require the user to be logged in.
|
|
*
|
|
* By default uses the homepage, appends a nonce, and an action, and returns a Nonce'd URL
|
|
*
|
|
* @since 3.1
|
|
*
|
|
* @param array $redirect_data The data stored for this specific redirect URL.
|
|
*
|
|
* @return string The URL to use in the redirect process of logging in to download the file.
|
|
*/
|
|
function edd_get_file_download_login_redirect( $redirect_data ) {
|
|
$login_redirect_page_id = edd_get_option( 'login_redirect_page', false );
|
|
$redirect_base = ! empty( $login_redirect_page_id ) ? get_permalink( $login_redirect_page_id ) : home_url();
|
|
|
|
$token = \EDD\Utils\Tokenizer::tokenize( $redirect_data );
|
|
|
|
$redirect_for_download = add_query_arg(
|
|
array(
|
|
'edd_action' => 'process_file_download_after_login',
|
|
'_token' => $token,
|
|
),
|
|
apply_filters( 'edd_get_file_download_login_redirect_base', $redirect_base )
|
|
);
|
|
|
|
return $redirect_for_download;
|
|
}
|