Skip to content

Commit

Permalink
Bug fix in wp-login.php handling. See: #689
Browse files Browse the repository at this point in the history
  • Loading branch information
jaswsinc committed Aug 27, 2015
1 parent 0798506 commit e434c18
Show file tree
Hide file tree
Showing 2 changed files with 80 additions and 49 deletions.
10 changes: 8 additions & 2 deletions s2member/includes/classes/email-configs.inc.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -200,7 +200,8 @@ public static function reset_pass_resend_new_user_notification ($user_id = 0, $u

if ($user_id && ($user = new WP_User ($user_id)) && !empty($user->ID) && ($user_id = $user->ID) && $notify)
{
$user_pass = $user_pass ? $user_pass : wp_generate_password();
remove_filter('random_password', 'c_ws_plugin__s2member_registrations::generate_password');
$user_pass = $user_pass ? $user_pass : wp_generate_password(); // ↑ Make sure it's w/o filter.
wp_set_password($user_pass, $user_id);

$return = c_ws_plugin__s2member_email_configs::new_user_notification($user_id, $user_pass, $notify, $user_email);
Expand Down Expand Up @@ -240,6 +241,10 @@ public static function new_user_notification ($user_id = 0, $user_pass = '', $no
c_ws_plugin__s2member_email_configs::email_config_release ();

if (in_array('user', $notify, true)

// Exclude custom password generated via `wp-login.php` or BP.
&& empty($GLOBALS['ws_plugin__s2member_custom_wp_login_bp_password'])

&& ( // One of these conditions must be true.
($user_pass && stripos($GLOBALS['WS_PLUGIN__']['s2member']['o']['new_user_email_message'], '%%user_pass%%') !== false)
|| ($is_gte_wp43 && stripos($GLOBALS['WS_PLUGIN__']['s2member']['o']['new_user_email_message'], '%%wp_set_pass_url%%') !== false)
Expand All @@ -248,7 +253,8 @@ public static function new_user_notification ($user_id = 0, $user_pass = '', $no
) {
if($is_gte_wp43 && stripos($GLOBALS['WS_PLUGIN__']['s2member']['o']['new_user_email_message'], '%%wp_set_pass_url%%') !== false)
{
$user_activation_key = wp_generate_password(20, false);
remove_filter('random_password', 'c_ws_plugin__s2member_registrations::generate_password');
$user_activation_key = wp_generate_password(20, false); // ↑ Make sure it's w/o filter.
do_action('retrieve_password_key', $user->user_login, $user_activation_key);

if(!class_exists('PasswordHash'))
Expand Down
119 changes: 72 additions & 47 deletions s2member/includes/classes/registrations.inc.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,47 +28,74 @@
class c_ws_plugin__s2member_registrations
{
/**
* Filters WordPress randomly generated Passwords.
* Custom password; else randomly generated password.
*
* Also captures Passwords generated by WordPress
* *(with a global var)*, for internal use.
* @package s2Member\Registrations
* @since 150826
*
* @param string $password Expects plain text pass.
*
* @return string Password.
*/
public static function maybe_custom_pass(&$password)
{
$GLOBALS['ws_plugin__s2member_custom_password'] = ''; // Initialize.
$password = trim(stripslashes((string)$password));

if($password && $GLOBALS['WS_PLUGIN__']['s2member']['o']['custom_reg_password'])
{
$GLOBALS['ws_plugin__s2member_custom_password'] = $password;
return ($GLOBALS['ws_plugin__s2member_plain_text_pass'] = $GLOBALS['ws_plugin__s2member_custom_password']);
}
if($password && c_ws_plugin__s2member_utils_conds::pro_is_installed() && c_ws_plugin__s2member_pro_remote_ops::is_remote_op('create_user'))
{
$GLOBALS['ws_plugin__s2member_custom_password'] = $password;
return ($GLOBALS['ws_plugin__s2member_plain_text_pass'] = $GLOBALS['ws_plugin__s2member_custom_password']);
}
return ($GLOBALS['ws_plugin__s2member_plain_text_pass'] = wp_generate_password());
}

/**
* Filters WordPress-generated passwords.
*
* This can ONLY be fired through `/wp-login.php` on the front-side.
* Or through `/register` via BuddyPress.
*
* @package s2Member\Registrations
* @since 3.5
*
* @attaches-to ``add_filter('random_password');``
*
* @param string $password Expects a plain text Password passed through by the Filter.
* @param string $password Expects a plain text password passed through by the filter.
*
* @return string Password, possibly assigned through s2Member Custom Registration/Profile Field input.
* @return string Plain text password value.
*/
public static function generate_password($password = '')
{
static $did_generate_password = false; // Once only.

foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
do_action('ws_plugin__s2member_before_generate_password', get_defined_vars());
unset($__refs, $__v); // Housekeeping.

$GLOBALS['ws_plugin__s2member_generate_password_input'] = $password; // Before filtering.
$ci = $GLOBALS['WS_PLUGIN__']['s2member']['o']['ruris_case_sensitive'] ? '' : 'i';

if($GLOBALS['WS_PLUGIN__']['s2member']['o']['custom_reg_password'] || (c_ws_plugin__s2member_utils_conds::pro_is_installed() && c_ws_plugin__s2member_pro_remote_ops::is_remote_op('create_user')))
{
if($GLOBALS['WS_PLUGIN__']['s2member']['o']['custom_reg_password'] && !empty($_POST['ws_plugin__s2member_custom_reg_field_user_pass1']))
{
if(($custom = trim(stripslashes((string)$_POST['ws_plugin__s2member_custom_reg_field_user_pass1']))))
$password = $custom; // Yes, use s2Member custom Password supplied by User.
}
else if($GLOBALS['WS_PLUGIN__']['s2member']['o']['custom_reg_password'] && !empty($GLOBALS['ws_plugin__s2member_registration_vars']) && !empty($GLOBALS['ws_plugin__s2member_registration_vars']['ws_plugin__s2member_custom_reg_field_user_pass1']))
if(!$did_generate_password && !is_admin() && (preg_match('/\/wp-login\.php/'.$ci, $_SERVER['REQUEST_URI']) || (c_ws_plugin__s2member_utils_conds::bp_is_installed() && bp_is_register_page())))
{
if(($custom = trim((string)$GLOBALS['ws_plugin__s2member_registration_vars']['ws_plugin__s2member_custom_reg_field_user_pass1'])))
$password = $custom; // Yes, use s2Member custom Password supplied by User.
}
else if(c_ws_plugin__s2member_utils_conds::pro_is_installed() && c_ws_plugin__s2member_pro_remote_ops::is_remote_op('create_user') && !empty($GLOBALS['ws_plugin__s2member_generate_password_return']))
{
if(($custom = trim(stripslashes((string)$GLOBALS['ws_plugin__s2member_generate_password_return']))))
$password = $custom; // Yes, use s2Member custom Password supplied by Remote Op.
$GLOBALS['ws_plugin__s2member_custom_wp_login_bp_password'] = false; // Initialize.

if(!empty($_POST['ws_plugin__s2member_custom_reg_field_user_pass1']) && preg_match('/\/wp-login\.php/'.$ci, $_SERVER['REQUEST_URI']))
{
$password = self::maybe_custom_pass($_POST['ws_plugin__s2member_custom_reg_field_user_pass1']);
$GLOBALS['ws_plugin__s2member_custom_wp_login_bp_password'] = !empty($GLOBALS['ws_plugin__s2member_custom_password']) && $password === $GLOBALS['ws_plugin__s2member_custom_password'];
}
$GLOBALS['ws_plugin__s2member_plain_text_wp_login_bp_pass'] = $password; // Plain-text password.
$GLOBALS['ws_plugin__s2member_plain_text_pass'] = $password; // Plain-text password.

remove_filter('random_password', 'c_ws_plugin__s2member_registrations::generate_password');
$did_generate_password = true; // One time only.
}
}
return apply_filters('ws_plugin__s2member_generate_password', ($GLOBALS['ws_plugin__s2member_generate_password_return'] = $password), get_defined_vars());
return apply_filters('ws_plugin__s2member_generate_password', $password, get_defined_vars());
}

/**
Expand All @@ -93,7 +120,7 @@ public static function custom_registration_field_errors($errors = NULL, $user_lo
{
foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
do_action('ws_plugin__s2member_before_custom_registration_field_errors', get_defined_vars());
unset($__refs, $__v);
unset($__refs, $__v); // Housekeeping.

$ci = $GLOBALS['WS_PLUGIN__']['s2member']['o']['ruris_case_sensitive'] ? '' : 'i';

Expand Down Expand Up @@ -128,7 +155,7 @@ public static function custom_registration_field_errors_4bp()
{
foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
do_action('ws_plugin__s2member_before_custom_registration_field_errors_4bp', get_defined_vars());
unset($__refs, $__v);
unset($__refs, $__v); // Housekeeping.

if(!is_admin() && c_ws_plugin__s2member_utils_conds::bp_is_installed() && bp_is_register_page())
if(in_array('registration', $GLOBALS['WS_PLUGIN__']['s2member']['o']['custom_reg_fields_4bp']))
Expand Down Expand Up @@ -167,7 +194,7 @@ public static function ms_validate_user_signup($result = array())
{
foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
do_action('ws_plugin__s2member_before_ms_validate_user_signup', get_defined_vars());
unset($__refs, $__v);
unset($__refs, $__v); // Housekeeping.

$ci = $GLOBALS['WS_PLUGIN__']['s2member']['o']['ruris_case_sensitive'] ? '' : 'i';

Expand All @@ -185,7 +212,7 @@ public static function ms_validate_user_signup($result = array())
}
foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
do_action('ws_plugin__s2member_during_ms_validate_user_signup', get_defined_vars());
unset($__refs, $__v);
unset($__refs, $__v); // Housekeeping.
}
return apply_filters('ws_plugin__s2member_ms_validate_user_signup', $result, get_defined_vars());
}
Expand Down Expand Up @@ -245,7 +272,7 @@ public static function ms_process_signup_meta($meta = array())

foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
do_action('ws_plugin__s2member_before_ms_process_signup_meta', get_defined_vars());
unset($__refs, $__v);
unset($__refs, $__v); // Housekeeping.

$ci = $GLOBALS['WS_PLUGIN__']['s2member']['o']['ruris_case_sensitive'] ? '' : 'i';

Expand Down Expand Up @@ -289,7 +316,7 @@ public static function ms_activate_existing_user($_error = NULL, $vars = array()
{
foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
do_action('ws_plugin__s2member_before_ms_activate_existing_user', get_defined_vars());
unset($__refs, $__v);
unset($__refs, $__v); // Housekeeping.

extract($vars); // Extract all variables from ``wpmu_activate_signup()`` function.

Expand Down Expand Up @@ -335,7 +362,7 @@ public static function configure_user_on_ms_user_activation($user_id = '', $pass

foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
do_action('ws_plugin__s2member_before_configure_user_on_ms_user_activation', get_defined_vars());
unset($__refs, $__v);
unset($__refs, $__v); // Housekeeping.

$ci = $GLOBALS['WS_PLUGIN__']['s2member']['o']['ruris_case_sensitive'] ? '' : 'i';

Expand Down Expand Up @@ -373,7 +400,7 @@ public static function configure_user_on_ms_blog_activation($blog_id = '', $user
{
foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
do_action('ws_plugin__s2member_before_configure_user_on_ms_blog_activation', get_defined_vars());
unset($__refs, $__v);
unset($__refs, $__v); // Housekeeping.

$ci = $GLOBALS['WS_PLUGIN__']['s2member']['o']['ruris_case_sensitive'] ? '' : 'i';

Expand All @@ -397,7 +424,7 @@ public static function bp_user_activation($user_id)
{
foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
do_action('ws_plugin__s2member_before_bp_user_activation', get_defined_vars());
unset($__refs, $__v);
unset($__refs, $__v); // Housekeeping.

if(is_multisite() || !$user_id) return; // Nothing to do.

Expand Down Expand Up @@ -439,7 +466,7 @@ public static function ms_register_existing_user($errors = NULL, $user_login = '
{
foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
do_action('ws_plugin__s2member_before_ms_register_existing_user', get_defined_vars());
unset($__refs, $__v);
unset($__refs, $__v); // Housekeeping.

/** @var $ms_errors WP_Error Reference for IDEs. This is needed below. */
$ci = $GLOBALS['WS_PLUGIN__']['s2member']['o']['ruris_case_sensitive'] ? '' : 'i';
Expand All @@ -456,13 +483,11 @@ public static function ms_register_existing_user($errors = NULL, $user_login = '

if(empty($other_important_errors_exist)) // Only if/when NO other important errors exist already.
{
$user_pass = wp_generate_password(); // A new Password for this User/Member will be generated now.
$user_pass = wp_generate_password(); // Generate password for this user.
$has_custom_password = !empty($GLOBALS['ws_plugin__s2member_custom_password'])
&& $user_pass === $GLOBALS['ws_plugin__s2member_custom_password'];
c_ws_plugin__s2member_registrations::ms_create_existing_user($user_login, $user_email, $user_pass, $user_id);

$GLOBALS['ws_plugin__s2member_generate_password_input'] = $GLOBALS['ws_plugin__s2member_generate_password_return'] = null;
$has_custom_password = isset($GLOBALS['ws_plugin__s2member_generate_password_input'], $GLOBALS['ws_plugin__s2member_generate_password_return'])
&& $GLOBALS['ws_plugin__s2member_generate_password_input'] !== $GLOBALS['ws_plugin__s2member_generate_password_return'];

update_user_option($user_id, 'default_password_nag', $has_custom_password ? false : true, true);

if (version_compare(get_bloginfo('version'), '4.3', '>='))
Expand Down Expand Up @@ -506,7 +531,7 @@ public static function ms_create_existing_user($user_login = '', $user_email = '
{
foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
do_action('ws_plugin__s2member_before_ms_create_existing_user', get_defined_vars());
unset($__refs, $__v);
unset($__refs, $__v); // Housekeeping.

if(is_multisite()) // This event should ONLY be processed with Multisite Networking.
{
Expand Down Expand Up @@ -554,7 +579,7 @@ public static function configure_user_registration($user_id = '', $password = ''

foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
do_action('ws_plugin__s2member_before_configure_user_registration', get_defined_vars());
unset($__refs, $__v);
unset($__refs, $__v); // Housekeeping.

// With Multisite Networking, we need this to run on `user_register` ahead of `wpmu_activate_[user|blog]`.
if(!isset ($email_config) && ($email_config = TRUE)) // Anytime this routine is fired; we configure email.
Expand Down Expand Up @@ -650,8 +675,8 @@ public static function configure_user_registration($user_id = '', $password = ''
$name = trim($fname.' '.$lname); // Both names.

if(!($pass = $password)) // Try s2Member's generator.
if(!empty($GLOBALS['ws_plugin__s2member_generate_password_return']))
$pass = (string)$GLOBALS['ws_plugin__s2member_generate_password_return'];
if(!empty($GLOBALS['ws_plugin__s2member_plain_text_pass']))
$pass = (string)$GLOBALS['ws_plugin__s2member_plain_text_pass'];

if(!$pass) // Also try BuddyPress Password.
if(!empty($_pmr['signup_password'])) // BuddyPress?
Expand Down Expand Up @@ -825,8 +850,8 @@ public static function configure_user_registration($user_id = '', $password = ''
$name = trim($fname.' '.$lname); // Both names.

if(!($pass = $password)) // Try s2Member's generator.
if(!empty($GLOBALS['ws_plugin__s2member_generate_password_return']))
$pass = (string)$GLOBALS['ws_plugin__s2member_generate_password_return'];
if(!empty($GLOBALS['ws_plugin__s2member_plain_text_pass']))
$pass = (string)$GLOBALS['ws_plugin__s2member_plain_text_pass'];

if(!$pass) // Also try BuddyPress Password.
if(!empty($_pmr['signup_password'])) // BuddyPress?
Expand Down Expand Up @@ -966,8 +991,8 @@ public static function configure_user_registration($user_id = '', $password = ''
$name = trim($fname.' '.$lname); // Both names.

if(!($pass = $password)) // Try s2Member's generator.
if(!empty($GLOBALS['ws_plugin__s2member_generate_password_return']))
$pass = (string)$GLOBALS['ws_plugin__s2member_generate_password_return'];
if(!empty($GLOBALS['ws_plugin__s2member_plain_text_pass']))
$pass = (string)$GLOBALS['ws_plugin__s2member_plain_text_pass'];

if(!$pass) // Also try the `Users → Add New` form.
if(!empty($_pmr['pass1'])) // Field in `/user-new.php`.
Expand Down Expand Up @@ -1213,7 +1238,7 @@ public static function configure_user_registration($user_id = '', $password = ''
}
foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
do_action('ws_plugin__s2member_after_configure_user_registration', get_defined_vars());
unset($__refs, $__v);
unset($__refs, $__v); // Housekeeping.
}
}
}

0 comments on commit e434c18

Please sign in to comment.