From e434c1858cc88805f8524b0252d90acd33c77509 Mon Sep 17 00:00:00 2001
From: jaswsinc <jas@wsharks.com>
Date: Thu, 27 Aug 2015 03:43:42 -0800
Subject: [PATCH] Bug fix in wp-login.php handling. See: websharks/s2member#689

---
 .../includes/classes/email-configs.inc.php    |  10 +-
 .../includes/classes/registrations.inc.php    | 119 +++++++++++-------
 2 files changed, 80 insertions(+), 49 deletions(-)

diff --git a/s2member/includes/classes/email-configs.inc.php b/s2member/includes/classes/email-configs.inc.php
index c24e3a4e..76ebe67b 100644
--- a/s2member/includes/classes/email-configs.inc.php
+++ b/s2member/includes/classes/email-configs.inc.php
@@ -200,7 +200,8 @@ public static function reset_pass_resend_new_user_notification ($user_id = 0, $u
 
 						if ($user_id && ($user = new WP_User ($user_id)) && !empty($user->ID) && ($user_id = $user->ID) && $notify)
 							{
-								$user_pass = $user_pass ? $user_pass : wp_generate_password();
+								remove_filter('random_password', 'c_ws_plugin__s2member_registrations::generate_password');
+								$user_pass = $user_pass ? $user_pass : wp_generate_password(); // ↑ Make sure it's w/o filter.
 								wp_set_password($user_pass, $user_id);
 
 								$return = c_ws_plugin__s2member_email_configs::new_user_notification($user_id, $user_pass, $notify, $user_email);
@@ -240,6 +241,10 @@ public static function new_user_notification ($user_id = 0, $user_pass = '', $no
 								c_ws_plugin__s2member_email_configs::email_config_release ();
 
 								if (in_array('user', $notify, true)
+
+									// Exclude custom password generated via `wp-login.php` or BP.
+									&& empty($GLOBALS['ws_plugin__s2member_custom_wp_login_bp_password'])
+
 									&&  ( // One of these conditions must be true.
 											($user_pass && stripos($GLOBALS['WS_PLUGIN__']['s2member']['o']['new_user_email_message'], '%%user_pass%%') !== false)
 										 || ($is_gte_wp43 && stripos($GLOBALS['WS_PLUGIN__']['s2member']['o']['new_user_email_message'], '%%wp_set_pass_url%%') !== false)
@@ -248,7 +253,8 @@ public static function new_user_notification ($user_id = 0, $user_pass = '', $no
 									) {
 										if($is_gte_wp43 && stripos($GLOBALS['WS_PLUGIN__']['s2member']['o']['new_user_email_message'], '%%wp_set_pass_url%%') !== false)
 											{
-												$user_activation_key = wp_generate_password(20, false);
+												remove_filter('random_password', 'c_ws_plugin__s2member_registrations::generate_password');
+												$user_activation_key = wp_generate_password(20, false); // ↑ Make sure it's w/o filter.
 												do_action('retrieve_password_key', $user->user_login, $user_activation_key);
 
 												if(!class_exists('PasswordHash'))
diff --git a/s2member/includes/classes/registrations.inc.php b/s2member/includes/classes/registrations.inc.php
index 316daec9..e57c15fa 100644
--- a/s2member/includes/classes/registrations.inc.php
+++ b/s2member/includes/classes/registrations.inc.php
@@ -28,47 +28,74 @@
 	class c_ws_plugin__s2member_registrations
 	{
 		/**
-		 * Filters WordPress randomly generated Passwords.
+		 * Custom password; else randomly generated password.
 		 *
-		 * Also captures Passwords generated by WordPress
-		 * *(with a global var)*, for internal use.
+		 * @package s2Member\Registrations
+		 * @since 150826
+		 *
+		 * @param string $password Expects plain text pass.
+		 *
+		 * @return string Password.
+		 */
+		public static function maybe_custom_pass(&$password)
+		{
+			$GLOBALS['ws_plugin__s2member_custom_password'] = ''; // Initialize.
+			$password                                       = trim(stripslashes((string)$password));
+
+			if($password && $GLOBALS['WS_PLUGIN__']['s2member']['o']['custom_reg_password'])
+				{
+					$GLOBALS['ws_plugin__s2member_custom_password']         = $password;
+					return ($GLOBALS['ws_plugin__s2member_plain_text_pass'] = $GLOBALS['ws_plugin__s2member_custom_password']);
+				}
+			if($password && c_ws_plugin__s2member_utils_conds::pro_is_installed() && c_ws_plugin__s2member_pro_remote_ops::is_remote_op('create_user'))
+				{
+					$GLOBALS['ws_plugin__s2member_custom_password']         = $password;
+					return ($GLOBALS['ws_plugin__s2member_plain_text_pass'] = $GLOBALS['ws_plugin__s2member_custom_password']);
+				}
+			return ($GLOBALS['ws_plugin__s2member_plain_text_pass'] = wp_generate_password());
+		}
+
+		/**
+		 * Filters WordPress-generated passwords.
+		 *
+		 * This can ONLY be fired through `/wp-login.php` on the front-side.
+		 *   Or through `/register` via BuddyPress.
 		 *
 		 * @package s2Member\Registrations
 		 * @since 3.5
 		 *
 		 * @attaches-to ``add_filter('random_password');``
 		 *
-		 * @param string $password Expects a plain text Password passed through by the Filter.
+		 * @param string $password Expects a plain text password passed through by the filter.
 		 *
-		 * @return string Password, possibly assigned through s2Member Custom Registration/Profile Field input.
+		 * @return string Plain text password value.
 		 */
 		public static function generate_password($password = '')
 		{
+			static $did_generate_password = false; // Once only.
+
 			foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
 			do_action('ws_plugin__s2member_before_generate_password', get_defined_vars());
 			unset($__refs, $__v); // Housekeeping.
 
-			$GLOBALS['ws_plugin__s2member_generate_password_input'] = $password; // Before filtering.
+			$ci = $GLOBALS['WS_PLUGIN__']['s2member']['o']['ruris_case_sensitive'] ? '' : 'i';
 
-			if($GLOBALS['WS_PLUGIN__']['s2member']['o']['custom_reg_password'] || (c_ws_plugin__s2member_utils_conds::pro_is_installed() && c_ws_plugin__s2member_pro_remote_ops::is_remote_op('create_user')))
-			{
-				if($GLOBALS['WS_PLUGIN__']['s2member']['o']['custom_reg_password'] && !empty($_POST['ws_plugin__s2member_custom_reg_field_user_pass1']))
-				{
-					if(($custom = trim(stripslashes((string)$_POST['ws_plugin__s2member_custom_reg_field_user_pass1']))))
-						$password = $custom; // Yes, use s2Member custom Password supplied by User.
-				}
-				else if($GLOBALS['WS_PLUGIN__']['s2member']['o']['custom_reg_password'] && !empty($GLOBALS['ws_plugin__s2member_registration_vars']) && !empty($GLOBALS['ws_plugin__s2member_registration_vars']['ws_plugin__s2member_custom_reg_field_user_pass1']))
+			if(!$did_generate_password && !is_admin() && (preg_match('/\/wp-login\.php/'.$ci, $_SERVER['REQUEST_URI']) || (c_ws_plugin__s2member_utils_conds::bp_is_installed() && bp_is_register_page())))
 				{
-					if(($custom = trim((string)$GLOBALS['ws_plugin__s2member_registration_vars']['ws_plugin__s2member_custom_reg_field_user_pass1'])))
-						$password = $custom; // Yes, use s2Member custom Password supplied by User.
-				}
-				else if(c_ws_plugin__s2member_utils_conds::pro_is_installed() && c_ws_plugin__s2member_pro_remote_ops::is_remote_op('create_user') && !empty($GLOBALS['ws_plugin__s2member_generate_password_return']))
-				{
-					if(($custom = trim(stripslashes((string)$GLOBALS['ws_plugin__s2member_generate_password_return']))))
-						$password = $custom; // Yes, use s2Member custom Password supplied by Remote Op.
+					$GLOBALS['ws_plugin__s2member_custom_wp_login_bp_password'] = false; // Initialize.
+
+					if(!empty($_POST['ws_plugin__s2member_custom_reg_field_user_pass1']) && preg_match('/\/wp-login\.php/'.$ci, $_SERVER['REQUEST_URI']))
+						{
+							$password = self::maybe_custom_pass($_POST['ws_plugin__s2member_custom_reg_field_user_pass1']);
+							$GLOBALS['ws_plugin__s2member_custom_wp_login_bp_password'] = !empty($GLOBALS['ws_plugin__s2member_custom_password']) && $password === $GLOBALS['ws_plugin__s2member_custom_password'];
+						}
+					$GLOBALS['ws_plugin__s2member_plain_text_wp_login_bp_pass'] = $password; // Plain-text password.
+					$GLOBALS['ws_plugin__s2member_plain_text_pass']             = $password; // Plain-text password.
+
+					remove_filter('random_password', 'c_ws_plugin__s2member_registrations::generate_password');
+					$did_generate_password = true; // One time only.
 				}
-			}
-			return apply_filters('ws_plugin__s2member_generate_password', ($GLOBALS['ws_plugin__s2member_generate_password_return'] = $password), get_defined_vars());
+			return apply_filters('ws_plugin__s2member_generate_password', $password, get_defined_vars());
 		}
 
 		/**
@@ -93,7 +120,7 @@ public static function custom_registration_field_errors($errors = NULL, $user_lo
 		{
 			foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
 			do_action('ws_plugin__s2member_before_custom_registration_field_errors', get_defined_vars());
-			unset($__refs, $__v);
+			unset($__refs, $__v); // Housekeeping.
 
 			$ci = $GLOBALS['WS_PLUGIN__']['s2member']['o']['ruris_case_sensitive'] ? '' : 'i';
 
@@ -128,7 +155,7 @@ public static function custom_registration_field_errors_4bp()
 		{
 			foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
 			do_action('ws_plugin__s2member_before_custom_registration_field_errors_4bp', get_defined_vars());
-			unset($__refs, $__v);
+			unset($__refs, $__v); // Housekeeping.
 
 			if(!is_admin() && c_ws_plugin__s2member_utils_conds::bp_is_installed() && bp_is_register_page())
 				if(in_array('registration', $GLOBALS['WS_PLUGIN__']['s2member']['o']['custom_reg_fields_4bp']))
@@ -167,7 +194,7 @@ public static function ms_validate_user_signup($result = array())
 		{
 			foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
 			do_action('ws_plugin__s2member_before_ms_validate_user_signup', get_defined_vars());
-			unset($__refs, $__v);
+			unset($__refs, $__v); // Housekeeping.
 
 			$ci = $GLOBALS['WS_PLUGIN__']['s2member']['o']['ruris_case_sensitive'] ? '' : 'i';
 
@@ -185,7 +212,7 @@ public static function ms_validate_user_signup($result = array())
 						}
 					foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
 					do_action('ws_plugin__s2member_during_ms_validate_user_signup', get_defined_vars());
-					unset($__refs, $__v);
+					unset($__refs, $__v); // Housekeeping.
 				}
 			return apply_filters('ws_plugin__s2member_ms_validate_user_signup', $result, get_defined_vars());
 		}
@@ -245,7 +272,7 @@ public static function ms_process_signup_meta($meta = array())
 
 			foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
 			do_action('ws_plugin__s2member_before_ms_process_signup_meta', get_defined_vars());
-			unset($__refs, $__v);
+			unset($__refs, $__v); // Housekeeping.
 
 			$ci = $GLOBALS['WS_PLUGIN__']['s2member']['o']['ruris_case_sensitive'] ? '' : 'i';
 
@@ -289,7 +316,7 @@ public static function ms_activate_existing_user($_error = NULL, $vars = array()
 		{
 			foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
 			do_action('ws_plugin__s2member_before_ms_activate_existing_user', get_defined_vars());
-			unset($__refs, $__v);
+			unset($__refs, $__v); // Housekeeping.
 
 			extract($vars); // Extract all variables from ``wpmu_activate_signup()`` function.
 
@@ -335,7 +362,7 @@ public static function configure_user_on_ms_user_activation($user_id = '', $pass
 
 			foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
 			do_action('ws_plugin__s2member_before_configure_user_on_ms_user_activation', get_defined_vars());
-			unset($__refs, $__v);
+			unset($__refs, $__v); // Housekeeping.
 
 			$ci = $GLOBALS['WS_PLUGIN__']['s2member']['o']['ruris_case_sensitive'] ? '' : 'i';
 
@@ -373,7 +400,7 @@ public static function configure_user_on_ms_blog_activation($blog_id = '', $user
 		{
 			foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
 			do_action('ws_plugin__s2member_before_configure_user_on_ms_blog_activation', get_defined_vars());
-			unset($__refs, $__v);
+			unset($__refs, $__v); // Housekeeping.
 
 			$ci = $GLOBALS['WS_PLUGIN__']['s2member']['o']['ruris_case_sensitive'] ? '' : 'i';
 
@@ -397,7 +424,7 @@ public static function bp_user_activation($user_id)
 		{
 			foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
 			do_action('ws_plugin__s2member_before_bp_user_activation', get_defined_vars());
-			unset($__refs, $__v);
+			unset($__refs, $__v); // Housekeeping.
 
 			if(is_multisite() || !$user_id) return; // Nothing to do.
 
@@ -439,7 +466,7 @@ public static function ms_register_existing_user($errors = NULL, $user_login = '
 		{
 			foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
 			do_action('ws_plugin__s2member_before_ms_register_existing_user', get_defined_vars());
-			unset($__refs, $__v);
+			unset($__refs, $__v); // Housekeeping.
 
 			/** @var $ms_errors WP_Error Reference for IDEs. This is needed below. */
 			$ci = $GLOBALS['WS_PLUGIN__']['s2member']['o']['ruris_case_sensitive'] ? '' : 'i';
@@ -456,13 +483,11 @@ public static function ms_register_existing_user($errors = NULL, $user_login = '
 
 							if(empty($other_important_errors_exist)) // Only if/when NO other important errors exist already.
 							{
-								$user_pass = wp_generate_password(); // A new Password for this User/Member will be generated now.
+								$user_pass = wp_generate_password(); // Generate password for this user.
+								$has_custom_password = !empty($GLOBALS['ws_plugin__s2member_custom_password'])
+													&& $user_pass === $GLOBALS['ws_plugin__s2member_custom_password'];
 								c_ws_plugin__s2member_registrations::ms_create_existing_user($user_login, $user_email, $user_pass, $user_id);
 
-								$GLOBALS['ws_plugin__s2member_generate_password_input'] = $GLOBALS['ws_plugin__s2member_generate_password_return'] = null;
-								$has_custom_password = isset($GLOBALS['ws_plugin__s2member_generate_password_input'], $GLOBALS['ws_plugin__s2member_generate_password_return'])
-									&& $GLOBALS['ws_plugin__s2member_generate_password_input'] !== $GLOBALS['ws_plugin__s2member_generate_password_return'];
-
 								update_user_option($user_id, 'default_password_nag', $has_custom_password ? false : true, true);
 
 								if (version_compare(get_bloginfo('version'), '4.3', '>='))
@@ -506,7 +531,7 @@ public static function ms_create_existing_user($user_login = '', $user_email = '
 		{
 			foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
 			do_action('ws_plugin__s2member_before_ms_create_existing_user', get_defined_vars());
-			unset($__refs, $__v);
+			unset($__refs, $__v); // Housekeeping.
 
 			if(is_multisite()) // This event should ONLY be processed with Multisite Networking.
 			{
@@ -554,7 +579,7 @@ public static function configure_user_registration($user_id = '', $password = ''
 
 			foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
 			do_action('ws_plugin__s2member_before_configure_user_registration', get_defined_vars());
-			unset($__refs, $__v);
+			unset($__refs, $__v); // Housekeeping.
 
 			// With Multisite Networking, we need this to run on `user_register` ahead of `wpmu_activate_[user|blog]`.
 			if(!isset ($email_config) && ($email_config = TRUE)) // Anytime this routine is fired; we configure email.
@@ -650,8 +675,8 @@ public static function configure_user_registration($user_id = '', $password = ''
 											$name = trim($fname.' '.$lname); // Both names.
 
 											if(!($pass = $password)) // Try s2Member's generator.
-												if(!empty($GLOBALS['ws_plugin__s2member_generate_password_return']))
-													$pass = (string)$GLOBALS['ws_plugin__s2member_generate_password_return'];
+												if(!empty($GLOBALS['ws_plugin__s2member_plain_text_pass']))
+													$pass = (string)$GLOBALS['ws_plugin__s2member_plain_text_pass'];
 
 											if(!$pass) // Also try BuddyPress Password.
 												if(!empty($_pmr['signup_password'])) // BuddyPress?
@@ -825,8 +850,8 @@ public static function configure_user_registration($user_id = '', $password = ''
 											$name = trim($fname.' '.$lname); // Both names.
 
 											if(!($pass = $password)) // Try s2Member's generator.
-												if(!empty($GLOBALS['ws_plugin__s2member_generate_password_return']))
-													$pass = (string)$GLOBALS['ws_plugin__s2member_generate_password_return'];
+												if(!empty($GLOBALS['ws_plugin__s2member_plain_text_pass']))
+													$pass = (string)$GLOBALS['ws_plugin__s2member_plain_text_pass'];
 
 											if(!$pass) // Also try BuddyPress Password.
 												if(!empty($_pmr['signup_password'])) // BuddyPress?
@@ -966,8 +991,8 @@ public static function configure_user_registration($user_id = '', $password = ''
 											$name = trim($fname.' '.$lname); // Both names.
 
 											if(!($pass = $password)) // Try s2Member's generator.
-												if(!empty($GLOBALS['ws_plugin__s2member_generate_password_return']))
-													$pass = (string)$GLOBALS['ws_plugin__s2member_generate_password_return'];
+												if(!empty($GLOBALS['ws_plugin__s2member_plain_text_pass']))
+													$pass = (string)$GLOBALS['ws_plugin__s2member_plain_text_pass'];
 
 											if(!$pass) // Also try the `Users → Add New` form.
 												if(!empty($_pmr['pass1'])) // Field in `/user-new.php`.
@@ -1213,7 +1238,7 @@ public static function configure_user_registration($user_id = '', $password = ''
 									}
 			foreach(array_keys(get_defined_vars()) as $__v) $__refs[$__v] =& $$__v;
 			do_action('ws_plugin__s2member_after_configure_user_registration', get_defined_vars());
-			unset($__refs, $__v);
+			unset($__refs, $__v); // Housekeeping.
 		}
 	}
 }