laipower/wp-content/plugins/easy-digital-downloads/includes/users/login.php

222 lines
6.2 KiB
PHP

<?php
/**
* Login Functions
*
* @package EDD
* @subpackage Functions/Login
* @copyright Copyright (c) 2018, Easy Digital Downloads, LLC
* @license http://opensource.org/licenses/gpl-2.0.php GNU Public License
* @since 1.0
*/
// Exit if accessed directly
defined( 'ABSPATH' ) || exit;
/**
* While loading the template, see if an error was set for a filed login attempt and set the proper
* HTTP status code if there was a failed login attempt.
*
* @since 2.9.24
*
* @return void
*/
function edd_login_error_check() {
$errors = edd_get_errors();
if ( ! empty( $errors ) ) {
if ( array_key_exists( 'edd_invalid_login', $errors ) ) {
status_header( 401 );
}
}
}
add_action( 'template_redirect', 'edd_login_error_check', 10 );
/**
* Login Form
*
* @since 1.0
* @global $post
* @param string $redirect Redirect page URL
* @return string Login form
*/
function edd_login_form( $redirect = '' ) {
global $edd_login_redirect;
if ( empty( $redirect ) ) {
$redirect = edd_get_current_page_url();
}
$edd_login_redirect = $redirect;
ob_start();
edd_get_template_part( 'shortcode', 'login' );
return apply_filters( 'edd_login_form', ob_get_clean() );
}
/**
* Process Login Form
*
* @since 1.0
* @since 2.9.24 No longer does validation which would prevent bruteforce detection plugins to be able to integrate.
*
* @param array $data Data sent from the login form
* @return void
*/
function edd_process_login_form( $data ) {
if ( ! empty( $data['edd_login_nonce'] ) && wp_verify_nonce( $data['edd_login_nonce'], 'edd-login-nonce' ) ) {
$login = isset( $data['edd_user_login'] ) ? $data['edd_user_login'] : '';
$pass = isset( $data['edd_user_pass'] ) ? $data['edd_user_pass'] : '';
$rememberme = isset( $data['rememberme'] );
$user = edd_log_user_in( 0, $login, $pass, $rememberme );
// Wipe these variables so they aren't anywhere in the submitted format any longer.
$login = null;
$pass = null;
$data['edd_user_login'] = null;
$data['edd_user_pass'] = null;
// Check for errors and redirect if none present.
$errors = edd_get_errors();
if ( ! $errors ) {
// First check to see if we're processing a login from a file download that required a login.
$download_require_login_redirect = EDD()->session->get( 'edd_require_login_to_download_redirect' );
if ( ! empty( $download_require_login_redirect ) ) {
$redirect_for_download = edd_get_file_download_login_redirect( $download_require_login_redirect );
wp_safe_redirect( esc_url( $redirect_for_download ) );
}
$default_redirect_url = $data['edd_redirect'];
if ( has_filter( 'edd_login_redirect' ) ) {
$user_id = $user instanceof WP_User ? $user->ID : false;
/**
* Filters the URL to which users are redirected to after logging in.
*
* @since 1.0
* @param string $default_redirect_url The URL to which to redirect after logging in.
* @param int|false User ID. false if no ID is available.
*/
wp_redirect( esc_url_raw( apply_filters( 'edd_login_redirect', $default_redirect_url, $user_id ) ) );
} else {
wp_safe_redirect( esc_url_raw( $default_redirect_url ) );
}
edd_die();
}
}
}
add_action( 'edd_user_login', 'edd_process_login_form' );
/**
* Log User In
*
* @since 1.0
* @since 2.9.24 Uses the wp_signon function instead of all the additional checks which can bypass hooks in core.
*
* @param int $user_id User ID
* @param string $user_login Username
* @param string $user_pass Password
* @param boolean $remember Remember me
* @return void
*/
function edd_log_user_in( $user_id, $user_login, $user_pass, $remember = false ) {
$credentials = array(
'user_login' => $user_login,
'user_password' => $user_pass,
'remember' => $remember,
);
$user = wp_signon( $credentials );
if ( ! $user instanceof WP_User ) {
edd_set_error(
'edd_invalid_login',
sprintf(
/* translators: %1$s Opening anchor tag, do not translate. %2$s Closing anchor tag, do not translate. */
__( 'Invalid username or password. %1$sReset Password%2$s', 'easy-digital-downloads' ),
'<a href="' . esc_url( edd_get_lostpassword_url() ) . '">',
'</a>'
)
);
} else {
// Since wp_signon doesn't set the current user, we need to do this.
wp_set_current_user( $user->ID );
do_action( 'edd_log_user_in', $user_id, $user_login, $user_pass );
}
return $user;
}
add_filter( 'login_url', 'edd_update_login_url', 10, 3 );
/**
* If a login page has been set in the EDD settings,
* update the WordPress login URL.
*
* @param string $url
* @return string
*/
function edd_update_login_url( $url, $redirect_to, $force_reauth ) {
// Don't change the login URL if the request is an admin request.
if ( is_admin() ) {
return $url;
}
// Get the login page URL and return the default if it's not set.
$login_url = edd_get_login_page_uri();
if ( ! $login_url ) {
return $url;
}
if ( ! empty( $redirect ) ) {
$login_url = add_query_arg( 'redirect_to', urlencode( $redirect ), $login_url );
}
if ( $force_reauth ) {
$login_url = add_query_arg( 'reauth', '1', $login_url );
}
return $login_url;
}
/**
* Helper function to get the EDD login page URI.
*
* @return false|string
*/
function edd_get_login_page_uri() {
$login_page = edd_get_option( 'login_page', false );
return $login_page ? get_permalink( $login_page ) : false;
}
/**
* Generate a redirect URL that is used when file downloads require the user to be logged in.
*
* By default uses the homepage, appends a nonce, and an action, and returns a Nonce'd URL
*
* @since 3.1
*
* @param array $redirect_data The data stored for this specific redirect URL.
*
* @return string The URL to use in the redirect process of logging in to download the file.
*/
function edd_get_file_download_login_redirect( $redirect_data ) {
$login_redirect_page_id = edd_get_option( 'login_redirect_page', false );
$redirect_base = ! empty( $login_redirect_page_id ) ? get_permalink( $login_redirect_page_id ) : home_url();
$token = \EDD\Utils\Tokenizer::tokenize( $redirect_data );
$redirect_for_download = add_query_arg(
array(
'edd_action' => 'process_file_download_after_login',
'_token' => $token,
),
apply_filters( 'edd_get_file_download_login_redirect_base', $redirect_base )
);
return $redirect_for_download;
}