Skip to content

Instantly share code, notes, and snippets.

@purivus-dev

purivus-dev/forgot_password.php

Last active March 12, 2021 20:06
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save purivus-dev/46d9e1e98ee45e9da9afc304b266d9c0 to your computer and use it in GitHub Desktop.
Save purivus-dev/46d9e1e98ee45e9da9afc304b266d9c0 to your computer and use it in GitHub Desktop.
Download ZIP
Pie Register - Premium | Version: 3.6.16 | Bugs in file "forgot_password.php" and "login_form.php"
Raw
forgot_password.php
<?php
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
if(!class_exists("PieRegister")){
require_once(PIEREG_DIR_NAME.'/pie-register.php');
}
function pieResetFormOutput($piereg_widget = false){
$pie_register_base = new PieReg_Base();
/*
* Sanitizing post data
*/
$pie_register_base->pie_post_array = $pie_register_base->piereg_sanitize_post_data_escape( ( (isset($_POST['is_forgot_form']) && !empty($_POST['is_forgot_form'])) ? $_POST : array() ) );
$option = get_option(OPTION_PIE_REGISTER);
$forgot_pass_form = '';
$classes_preset = array( 'piereg_entry-content', 'pieregForgotPassword', 'pieregWrapper' );
$classes = apply_filters( 'pie_register_forgot_pass_container_class', $classes_preset);
$classes = implode( ' ' , $classes );
$forgot_pass_form .= '<div class="'.$classes.'">';
$forgot_pass_form .= '<div id="piereg_forgotpassword">';
$warning = __("Please enter your username or email address. You will receive a link to create a new password via email.",'pie-register');
$success = "";
$error = array();
if(isset($_POST['piereg_reset_password_nonce']) && wp_verify_nonce( $_POST['piereg_reset_password_nonce'], 'piereg_wp_reset_password_nonce' ))
{
if (isset($pie_register_base->pie_post_array['reset_pass']) && trim($pie_register_base->pie_post_array['user_login']) != "")
{
if(isset($option['piereg_security_attempts_forgot_value']) && $option['piereg_security_attempts_forgot_value'] == 1 && $pie_register_base->piereg_pro_is_activate){
global $wpdb;
$table_name = $wpdb->prefix . "pieregister_lockdowns";
$user_ip = $_SERVER['REMOTE_ADDR'];
$user_id = 0;
$release_time = date_i18n('Y-m-d H:i:s', strtotime( ('+'.intval($option['security_attempts_forgot_time'])." minutes"), strtotime(date("Y-m-d H:i:s"))));
$get_results = $wpdb->get_results($wpdb->prepare("SELECT * FROM `".$table_name."` WHERE `user_ip` = %s AND `attempt_from` = 'is_forgot';",$user_ip));
if(isset($wpdb->last_error) && !empty($wpdb->last_error))
{
$this->pr_error_log($wpdb->last_error.($this->get_error_log_info(__FUNCTION__,__LINE__,__FILE__)));
}
$is_security_captcha = 0;
if( (date_i18n("Y-m-d",strtotime($get_results[0]->release_time)) < date_i18n("Y-m-d")) ){
piereg_delete_authentication();
$get_results = $wpdb->get_results($wpdb->prepare("SELECT * FROM `".$table_name."` WHERE `user_ip` = %s AND `attempt_from` = 'is_forgot';",$user_ip));
if(isset($wpdb->last_error) && !empty($wpdb->last_error))
{
$this->pr_error_log($wpdb->last_error.($this->get_error_log_info(__FUNCTION__,__LINE__,__FILE__)));
}
}
if(!empty($get_results)){
if( intval($get_results[0]->login_attempt) < intval($option['security_attempts_forgot']) ){
$login_attempt = intval($get_results[0]->login_attempt) + 1;
if(!$wpdb->query($wpdb->prepare("UPDATE `".$table_name."` SET `user_id`=%d, `login_attempt`=%d, `release_time`=%s WHERE `user_ip` = %s AND `attempt_from` = 'is_forgot'",$user_id,$login_attempt,$release_time,$user_ip)) ){
$this->pr_error_log($wpdb->last_error.($this->get_error_log_info(__FUNCTION__,__LINE__,__FILE__)));
}
}else{
$release_time = $get_results[0]->release_time;
$current_time = date_i18n("Y-m-d H:i:s");
if($current_time >= $release_time){
$release_time = date_i18n('Y-m-d H:i:s', strtotime( ('+'.intval($option['security_attempts_forgot_time'])." minutes"), strtotime(date("Y-m-d H:i:s"))));
if(!$wpdb->query($wpdb->prepare("UPDATE `".$table_name."` SET `user_id`=%d, `release_time`=%s WHERE `user_ip` = %s AND `attempt_from` = 'is_forgot'",$user_id,$release_time,$user_ip)) ){
$this->pr_error_log($wpdb->last_error.($this->get_error_log_info(__FUNCTION__,__LINE__,__FILE__)));
}
}else{
}
$error[] = '<strong>'.ucwords(__("Error","pie-register")).'</strong>: '.__("We are sorry, but your IP has been blocked due to too many recent failed attempts.",'pie-register');
}
}else{
if(!$wpdb->query($wpdb->prepare("INSERT INTO `".$table_name."` (`user_id`, `login_attempt`, `attempt_from`, `is_security_captcha`, `attempt_time`, `release_time`, `user_ip`) VALUES (%d,%d,%s,%d,%s,%s,%s);",$user_id,1,'is_forgot',$is_security_captcha,date_i18n("Y-m-d H:i:s"),$release_time,$user_ip)) ){
$this->pr_error_log($wpdb->last_error.($this->get_error_log_info(__FUNCTION__,__LINE__,__FILE__)));
}
}
}
if(isset($pie_register_base->pie_post_array['user_login']) and trim($pie_register_base->pie_post_array['user_login']) == ""){
$error[] = '<strong>'.ucwords(__("error","pie-register")).'</strong>: '.__('Invalid Username or Email, try again!','pie-register');
}
$error_found = 0;
if(isset($option['captcha_in_forgot_value']) && $option['captcha_in_forgot_value'] == 1){
if($option['capthca_in_forgot_pass'] == 2){
$invalidcaptchaerror = '<strong>'.ucwords(__("error","pie-register")).'</strong>: '. apply_filters('piereg_forgot_invalid_captcha_error',__('Invalid Captcha','pie-register')); # newlyAddedHookFilter
if(isset($pie_register_base->pie_post_array['piereg_math_captcha_forgot_pass']))
{
$piereg_cookie_array = $_COOKIE['piereg_math_captcha_forgot_password'];
$piereg_cookie_array = explode("|",$piereg_cookie_array);
$cookie_result1 = (intval(base64_decode($piereg_cookie_array[0])) - 12);
$cookie_result2 = (intval(base64_decode($piereg_cookie_array[1])) - 786);
$cookie_result3 = (intval(base64_decode($piereg_cookie_array[2])) + 5);
if( ($cookie_result1 == $cookie_result2) && ($cookie_result3 == $pie_register_base->pie_post_array['piereg_math_captcha_forgot_pass'])){
}
else{
$error[] = $invalidcaptchaerror;
$error_found++;
}
}
elseif(isset($pie_register_base->pie_post_array['piereg_math_captcha_forgot_pass_widget']))
{
$piereg_cookie_array = $_COOKIE['piereg_math_captcha_forgot_password_widget'];
$piereg_cookie_array = explode("|",$piereg_cookie_array);
$cookie_result1 = (intval(base64_decode($piereg_cookie_array[0])) - 12);
$cookie_result2 = (intval(base64_decode($piereg_cookie_array[1])) - 786);
$cookie_result3 = (intval(base64_decode($piereg_cookie_array[2])) + 5);
if( ($cookie_result1 == $cookie_result2) && ($cookie_result3 == $pie_register_base->pie_post_array['piereg_math_captcha_forgot_pass_widget'])){
}
else{
$error[] = $invalidcaptchaerror;
$error_found++;
}
}
else{
$error[] = $invalidcaptchaerror;
$error_found++;
}
}//Validate New Recaptcha
elseif($option['capthca_in_forgot_pass'] == 3){
$settings = get_option(OPTION_PIE_REGISTER);
$privatekey = $settings['captcha_private'];
$captcha = "";
if(isset($_POST['g-recaptcha-response'])){
$captcha=$_POST['g-recaptcha-response'];
}
$response = $pie_register_base->read_file_from_url("https://www.google.com/recaptcha/api/siteverify?secret=".trim($privatekey)."&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);
$resp = json_decode($response,true);
if($resp['success'] == false){
$error[] = '<strong>'.ucwords(__("error","pie-register")).'</strong>: '.apply_filters('piereg_forgot_invalid_captcha_error',__('Invalid Security Code','pie-register')); # newlyAddedHookFilter
$error_found++;
}
}
}
if( $error_found == 0 && (isset($error) && count($error) == 0) ){
global $wpdb,$wp_hasher;
$error = array();
$username = trim($pie_register_base->pie_post_array['user_login']);
$user_exists = false;
// First check by username
if ( username_exists( $username ) ){
$user_exists = true;
$user = get_user_by('login', $username);
}
// Then, by e-mail address
elseif( email_exists($username) ){
$user_exists = true;
//$user = get_user_by_email($username);
$user = get_user_by( 'email', $username );
}
else{
$error[] = apply_filters('piereg_forgot_invalid_user_error',__('If a matching account is found, a link is sent on that email address to reset the password.','pie-register'));
}
if ($user_exists){
$user_login = $user->user_login;
$user_email = $user->user_email;
$allow = apply_filters( 'allow_password_reset', true, $user->ID );
piereg_delete_authentication();
if($allow){
// Generate something random for a key...
$key = wp_generate_password( 20, false );
do_action( 'retrieve_password_key', $user_login, $key );
if ( empty( $wp_hasher ) ) {
require_once ABSPATH . WPINC . '/class-phpass.php';
$wp_hasher = new PasswordHash( 8, true );
}
$hashed = time() . ':' . $wp_hasher->HashPassword( $key );
// Now insert the new md5 key into the db
$wpdb->update($wpdb->users, array('user_activation_key' => $hashed), array('user_login' => $user_login));
$message_temp = "";
if($option['user_formate_email_forgot_password_notification'] == "0"){
$message_temp = nl2br(strip_tags($option['user_message_email_forgot_password_notification']));
}else{
$message_temp = $option['user_message_email_forgot_password_notification'];
}
$message = $pie_register_base->filterEmail($message_temp,$user->user_login, '',$key );
$from_name = $option['user_from_name_forgot_password_notification'];
$from_email = $option['user_from_email_forgot_password_notification'];
$reply_email = $option['user_to_email_forgot_password_notification'];
$subject = html_entity_decode($option['user_subject_email_forgot_password_notification'],ENT_COMPAT,"UTF-8");
$subject = $pie_register_base->filterSubject($user->user_login,$subject);
//Headers
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=UTF-8' . "\r\n";
if(!empty($from_email) && filter_var($from_email,FILTER_VALIDATE_EMAIL))//Validating From
$headers .= "From: ".$from_name." <".$from_email."> \r\n";
if($reply_email){
$headers .= "Reply-To: {$reply_email}\r\n";
$headers .= "Return-Path: {$reply_email}\r\n";
}else{
$headers .= "Reply-To: {$from_email}\r\n";
$headers .= "Return-Path: {$from_email}\r\n";
}
//send email meassage
if ( (isset($option['user_enable_forgot_password_notification']) && $option['user_enable_forgot_password_notification'] == 1) && FALSE == wp_mail($user_email, $subject, $message,$headers)){
$error[] = '<strong>'.ucwords(__("error","pie-register")).'</strong>: '.__('The e-mail could not be sent. Please contact site administrator.','pie-register') ;
$pie_register_base->pr_error_log("'The e-mail could not be sent. Possible reason: mail() function may have disabled by your host.'".($pie_register_base->get_error_log_info(__FUNCTION__,__LINE__,__FILE__)));
}
unset($key);
unset($hashed);
unset($_POST['user_login']);
unset($pie_register_base->pie_post_array['user_login']);
}else{
$error[] = apply_filters('piereg_password_reset_not_allowed_text',__("Password reset is not allowed for this user","pie-register"));
}
if (count($error) == 0 )
{
$obj_pie_class = new PieRegister();
$obj_pie_class->set_pr_stats("forgot","used");
$success = apply_filters("piereg_message_will_be_sent_to_your_email",__('If a matching account is found, a link is sent on that email address to reset the password.','pie-register'));
}
}
}
}
}
$forgot_pass_form .='<div id="piereg_login">';
if ( (isset($error) && is_array($error) && count($error) == 0) && !empty($success) ) {
$forgot_pass_form .= '<div class="alert"><p class="piereg_message">';
$forgot_pass_form .= $success;
$forgot_pass_form .= '</p></div>';
} else if (isset($error) && is_array($error) && count($error) > 0 ) { // hardcoded here, Bug of Piereg
$forgot_pass_form .= '<div class="alert alert-danger"><p class="piereg_login_error">';/*'<div class="alert"><p class="piereg_message">';*/
$forgot_pass_form .= $error[0];
$forgot_pass_form .= '</p></div>';
} elseif($warning) {
$forgot_pass_form .= '<div class="alert alert-warning"><p class="piereg_warning fp_desc">'.$warning.'</p></div>';
}
if(file_exists( (get_stylesheet_directory()."/pie-register/pie_register_template/reset_password/reset_password_form_template.php"))){
require_once(get_stylesheet_directory()."/pie-register/pie_register_template/reset_password/reset_password_form_template.php");
}
else{
require_once(dirname(__FILE__)."/pie_register_template/reset_password/reset_password_form_template.php");
}
$reset_form = new Reset_pass_form_template($option);
$forgot_pass_form = apply_filters( 'pie_register_forgot_pass_output_before', __($forgot_pass_form,"pie-register") );
$forgot_pass_form .= '<form method="post" action="'.htmlentities($_SERVER['REQUEST_URI']).'" id="piereg_lostpasswordform">';
$forgot_pass_form .= $reset_form->add_email_or_username();
if( function_exists( 'wp_nonce_field' ))
$forgot_pass_form .= wp_nonce_field( 'piereg_wp_reset_password_nonce','piereg_reset_password_nonce', true, false);
$forgot_pass_form .= '<input type="hidden" value="" name="redirect_to">';
$forgot_pass_form .= '<input type="hidden" value="1" name="is_forgot_form">';
global $piereg_math_captcha_forgot_pass,$piereg_math_captcha_forgot_pass_widget;
if($option['capthca_in_forgot_pass'] != 0 && !empty($option['capthca_in_forgot_pass']) && isset($option['captcha_in_forgot_value']) && $option['captcha_in_forgot_value'] == 1){
if($piereg_math_captcha_forgot_pass == false && $piereg_widget == false)
{
if(!empty($option['capthca_in_forgot_pass_label']))
$forgot_pass_form .= $reset_form->add_capthca_label();
$forgot_pass_form .= forgot_pass_captcha($option['capthca_in_forgot_pass'],$piereg_widget);
$piereg_math_captcha_forgot_pass = true;
}elseif($piereg_math_captcha_forgot_pass_widget == false && $piereg_widget == true && isset($option['captcha_in_forgot_value']) && $option['captcha_in_forgot_value'] == 1){
if(!empty($option['capthca_in_forgot_pass_label']))
$forgot_pass_form .= $reset_form->add_capthca_label();
$forgot_pass_form .= forgot_pass_captcha($option['capthca_in_forgot_pass'],$piereg_widget);
$piereg_math_captcha_forgot_pass_widget = true;
}
}
do_action('pieresetpass');
$forgot_pass_form .= $reset_form->add_reset_submit();
if(isset($pagenow)){$pagenow;}else{$pagenow="";}
$forgot_pass_form .= $reset_form->add_register_or_login($pagenow);
$forgot_pass_form .= '
<input type="hidden" name="reset_pass" value="1" />
<input type="hidden" name="user-cookie" value="1" />
</form>';
$forgot_pass_form = apply_filters( 'pie_register_forgot_pass_output_after', __($forgot_pass_form,"pie-register") );
$forgot_pass_form .= '
</div>
</div>
</div>';
return $forgot_pass_form;
}
if(!function_exists("forgot_pass_captcha"))
{
function forgot_pass_captcha($value = 0,$piereg_widget = false){
$option = get_option(OPTION_PIE_REGISTER);
if(file_exists( (get_stylesheet_directory()."/pie-register/pie_register_template/reset_password/reset_password_form_template.php"))){
require_once(get_stylesheet_directory()."/pie-register/pie_register_template/reset_password/reset_password_form_template.php");
}
else{
require_once(dirname(__FILE__)."/pie_register_template/reset_password/reset_password_form_template.php");
}
$reset_form = new Reset_pass_form_template($option);
$output = "";
//Forcefully override the new captcha
if($value == 1) $value = 3;
if($value == 2){ // Math Captcha
$cap_id = "";
if( $piereg_widget ){
$cap_id = "is_forgot_widget";
$cookie = "forgot_password_widget";
}else{
$cap_id = "not_forgot_widget";
$cookie = "forgot_password";
}
$data = "";
$data .='<div class="prMathCaptcha" data-cookiename="'.$cookie.'" id="'.$cap_id.'" style="display:inline-block;">';
$field_id = "";
$mathcapthca_input = $reset_form->add_mathcapthca_input($piereg_widget);
$data .= $mathcapthca_input['data'];
$field_id = $mathcapthca_input['field_id'];
$data .= '</div>';
$output = $data;
}elseif($value == 3 || $value == 1){//New Re-Captcha
$data = "";
$settings = get_option(OPTION_PIE_REGISTER);
$publickey = $settings['captcha_publc'] ;
if($publickey)
{
$cap_id = "";
if( $piereg_widget ){
$cap_id = "is_forgot_widget";
}else{
$cap_id = "not_forgot_widget";
}
$data .= '<div class="piereg_recaptcha_widget_div" id="'.$cap_id.'">';
$data .= '</div>';
}
return $data;
}
return $output;
}
}
function piereg_delete_authentication(){
global $wpdb;
$table_name = $wpdb->prefix . "pieregister_lockdowns";
$user_ip = $_SERVER['REMOTE_ADDR'];
$user_ip = esc_sql($user_ip);
$wpdb->query($wpdb->prepare("DELETE FROM `".$table_name."` WHERE `user_ip` = %s AND `attempt_from` = 'is_forgot'",$user_ip));
if(isset($wpdb->last_error) && !empty($wpdb->last_error)){
$this->pr_error_log($wpdb->last_error.($this->get_error_log_info(__FUNCTION__,__LINE__,__FILE__)));
}
return true;
}
?>
Raw
login_form.php
<?php
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
if(!isset($pagenow)){
global $pagenow;
}
if(!class_exists("PieRegister")){
require_once(PIEREG_DIR_NAME.'/pie-register.php');
}
function pieOutputLoginForm($piereg_widget = false){
if(!isset($pagenow)){
global $pagenow;
}
$pie_register_base = new PieReg_Base();
$option = get_option(OPTION_PIE_REGISTER);
$form_data = "";
$form_data .= '<div class="piereg_container">';
$classes_preset = array( 'piereg_login_container', 'pieregWrapper' );
$classes = apply_filters( 'pie_register_frontend_login_container_class', $classes_preset);
$classes = implode( ' ' , $classes );
$form_data .= '<div class="'.$classes.'">';
$form_data .= '<div class="piereg_login_wrapper">';
//If Registration contanis errors
global $wp_session,$errors;
$error_msg = '';
$newpasspageLock = 0;
if(isset($_GET['payment']) && $_GET['payment'] == "success")
{
$fields = maybe_unserialize(get_option("pie_fields"));
$login_success = apply_filters("piereg_success_message",__( $option['payment_success_msg'], "pie-register" ));
unset($fields);
}elseif(isset($_GET['payment']) && $_GET['payment'] == "cancel"){
# noutusing
/******************************************************/
/*$user_id = intval(base64_decode($_GET['pay_id']));
$user_data = get_userdata($user_id);
if(is_object($user_data)){
$form = new Registration_form();
$option = get_option( 'pie_register_2' );
$subject = html_entity_decode($option['user_subject_email_payment_faild'],ENT_COMPAT,"UTF-8");
$subject = $form->filterSubject($user_data,$subject);
$message_temp = "";
if($option['user_formate_email_payment_faild'] == "0"){
$message_temp = nl2br(strip_tags($option['user_message_email_payment_faild']));
}else{
$message_temp = $option['user_message_email_payment_faild'];
}
$message = $form->filterEmail($message_temp,$user_data, "" );
$from_name = $option['user_from_name_payment_faild'];
$from_email = $option['user_from_email_payment_faild'];
$reply_email = $option['user_to_email_payment_faild'];
//Headers
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=UTF-8' . "\r\n";
if(!empty($from_email) && filter_var($from_email,FILTER_VALIDATE_EMAIL))//Validating From
$headers .= "From: ".$from_name." <".$from_email."> \r\n";
if($reply_email){
$headers .= "Reply-To: {$reply_email}\r\n";
$headers .= "Return-Path: {$from_name}\r\n";
}else{
$headers .= "Reply-To: {$from_email}\r\n";
$headers .= "Return-Path: {$from_email}\r\n";
}
wp_mail($user_data->user_email, $subject, $message , $headers);
unset($user_data);
}*/
/******************************************************/
$login_error = apply_filters("piereg_cancled_message",__("You have cancelled the payment.","pie-register"));
}
if(isset($errors->errors['login-error'][0]) > 0)
{
if(isset($errors->errors['login-error']) && sizeof($errors->errors['login-error']) > 1){
foreach($errors->errors['login-error'] as $error){
$error_msg .= $error."<br />";
}
}else{
$error_msg = $errors->errors['login-error'][0];
}
$login_error = apply_filters("piereg_login_error",__($error_msg,"pie-register"));
$newpasspageLock = 1;
}
elseif(
( isset($_GET['pr_key']) && isset($_GET['pr_invalid_username']) ) &&
( $_GET['pr_key'] != "" && $_GET['pr_invalid_username'] != "" ) &&
( !isset($_REQUEST['action']) || (isset($_REQUEST['action']) && $_REQUEST['action'] != 'pie_login_sms') )
)
{
$pr_error_message = base64_decode(trim($_GET['pr_key']));
if(!empty($pr_error_message))
$login_error = apply_filters("piereg_login_after_registration_error",__($pr_error_message,"pie-register"));
else
$login_error = apply_filters("piereg_login_after_registration_error",__("Invalid username","pie-register"));
}
else if (! empty($_GET['action']) )
{
if ( 'loggedout' == $_GET['action'] )
$login_warning = '<strong>'.ucwords(__("Warning:","pie-register")).'</strong>: '.apply_filters("piereg_now_logout",__("You are now logged out.","pie-register"));
elseif ( 'recovered' == $_GET['action'] )
$login_success = '<strong>'.ucwords(__("success","pie-register")).'</strong>: '.apply_filters("piereg_check_yor_emailconfrm_link",__("Check your e-mail for the confirmation link.","pie-register"));
elseif ( 'payment_cancel' == $_GET['action'] )
$login_warning = '<strong>'.ucwords(__("Warning:","pie-register")).'</strong>: '.apply_filters("piereg_canelled_your_registration",__("You have cancelled the registration.","pie-register"));
elseif ( 'payment_success' == $_GET['action'] )
$login_success = '<strong>'.ucwords(__("success","pie-register")).'</strong>: '.apply_filters("piereg_thank_you_for_registration",__("Thank you for registering. Login credentials will be sent soon.","pie-register"));
elseif ( 'activate' == $_GET['action'] )
{
$unverified = get_users(array('meta_key'=> 'hash','meta_value' => sanitize_key($_GET['activation_key'])));
if(sizeof($unverified )==1)
{
$user_id = $unverified[0]->ID;
$user = new WP_User($user_id);
$user_login = $unverified[0]->user_login;
$user_email = $unverified[0]->user_email;
if($user_login == $_GET['pie_id'])
{
do_action( "piereg_action_hook_before_user_activate", $user_id, $user_login, $user_email ); # newlyAddedHookFilter
update_user_meta( $user_id, 'active', 1);
/*************************************/
/////////// THANK YOU E-MAIL //////////
$form = new Registration_form();
$subject = html_entity_decode($option['user_subject_email_email_thankyou'],ENT_COMPAT,"UTF-8");;
$subject = $form->filterSubject($user_email,$subject);
$message_temp = "";
if($option['user_formate_email_email_thankyou'] == "0"){
$message_temp = nl2br(strip_tags($option['user_message_email_email_thankyou']));
}else{
$message_temp = $option['user_message_email_email_thankyou'];
}
$message = $form->filterEmail($message_temp,$user_email);
$from_name = $option['user_from_name_email_thankyou'];
$from_email = $option['user_from_email_email_thankyou'];
$reply_email = $option['user_to_email_email_thankyou'];
//Headers
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=UTF-8' . "\r\n";
if(!empty($from_email) && filter_var($from_email,FILTER_VALIDATE_EMAIL))//Validating From
$headers .= "From: ".$from_name." <".$from_email."> \r\n";
if($reply_email){
$headers .= "Reply-To: {$reply_email}\r\n";
$headers .= "Return-Path: {$reply_email}\r\n";
}else{
$headers .= "Reply-To: {$from_email}\r\n";
$headers .= "Return-Path: {$from_email}\r\n";
}
if( (isset($option['user_enable_email_thankyou']) && $option['user_enable_email_thankyou'] == 1) && !wp_mail($user_email, $subject, $message , $headers)){
$form->pr_error_log("'The e-mail could not be sent. Possible reason: mail() function may have disabled by your host.'".(PieRegister::get_error_log_info(__FUNCTION__,__LINE__,__FILE__)));
}
/*************************************/
$login_success = '<strong>'.ucwords(__("success","pie-register")).'</strong>: '.apply_filters("piereg_your_account_is_now_active",__("Your account is now active","pie-register"));
do_action( "piereg_action_hook_after_user_activate", $user_id, $user_login, $user_email ); # newlyAddedHookFilter
// mailchimp related code within PR
do_action('pireg_after_verification_users', $user);
}
else
{
$login_error = '<strong>'.ucwords(__("error","pie-register")).'</strong>: '.apply_filters("piereg_invalid_activation_key",__("Invalid activation key","pie-register"));
}
}else{
$user_name = esc_sql($_GET['pie_id']);
$user = get_user_by('login',$user_name);
if($user){
$user_meta = get_user_meta( $user->ID, 'active');
if(isset($user_meta[0]) && $user_meta[0] == 1){
$login_warning = '<strong>'.ucwords(__("Warning:","pie-register")).'</strong>: '.apply_filters("piereg_canelled_your_registration",__("This account is already active.","pie-register"));
unset($user_meta);
unset($user_name);
unset($user);
}
else{
$login_error = '<strong>'.ucwords(__("error","pie-register")).'</strong>: '.apply_filters("piereg_invalid_activation_key",__("Invalid activation key","pie-register"));
}
}
else{
$login_error = '<strong>'.ucwords(__("error","pie-register")).'</strong>: '.apply_filters("piereg_invalid_activation_key",__("Invalid activation key","pie-register"));
}
}
}
elseif ( 'resetpass' == $_GET['action'] || 'rp' == $_GET['action'] ){
$user = check_password_reset_key($_GET['key'], $_GET['login']);
if ( is_wp_error($user) ) {
if ( $user->get_error_code() === 'expired_key' )
$login_error = '<strong>'.ucwords(__("error","pie-register")).'</strong>: '.apply_filters("piereg_you_key_has_been_expired",__("This link has expired, please reset the password again.","pie-register").' <a href="'.pie_lostpassword_url().'" title="'.__("Password Lost and Found","pie-register").'">'.__("Lost your password?","pie-register").'</a>');
else
$login_error = '<strong>'.ucwords(__("error","pie-register")).'</strong>: '.apply_filters("piereg_this_reset_key_invalid_or_no_longer_exists",__("Reset key is invalid or has expired.","pie-register").' <a href="'.pie_lostpassword_url().'" title="'.__("Password Lost and Found","pie-register").'">'.__("Lost your password?","pie-register").'</a>');
$newpasspageLock = 1;
}else{
$login_warning = '<strong>'.ucwords(__("Warning:","pie-register")).'</strong>: '.__('Enter the new password below.',"pie-register");
}
if( isset($_POST['pass1'], $_POST['piereg_get_password_nonce']) && wp_verify_nonce( $_POST['piereg_get_password_nonce'], 'piereg_wp_get_password_nonce' ) && !is_wp_error($user)){
$errors = new WP_Error();
if(isset($_POST['pass1']) && trim($_POST['pass1']) == ""){
$login_error = '<strong>'.ucwords(__("error","pie-register")).'</strong>: '.apply_filters("piereg_invalid_password",__( 'Invalid Password',"pie-register" ));
$errors->add( 'password_reset_mismatch',$login_error );
}elseif ( isset($_POST['pass1']) and strlen($_POST['pass1']) < 7 ){
$login_error = '<strong>'.ucwords(__("error","pie-register")).'</strong>: '.apply_filters("piereg_minimum_8_characters_required_in_password",__( 'The password must be at least 8 characters long',"pie-register" ));
$errors->add( 'password_reset_mismatch',$login_error );
}elseif ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] ){
$login_error = '<strong>'.ucwords(__("error","pie-register")).'</strong>: '.apply_filters("piereg_the_passwords_do_not_match",__( 'The passwords do not match',"pie-register"));
$errors->add( 'password_reset_mismatch',$login_error );
}
do_action( 'validate_password_reset', $errors, $user );
if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
reset_password($user, $_POST['pass1']);
$newpasspageLock = 1;
$login_warning = '';
$login_error = '';
$login_success = '<strong>'.ucwords(__("success","pie-register")).'</strong>: '.apply_filters("piereg_your_password_has_been_reset",__( 'The password has been reset.' , "pie-register"));
}
}
}
}
if(isset($wp_session['message']) && trim($wp_session['message']) != "" )
{
$form_data .= '<p class="piereg_login_error"> ' . apply_filters('piereg_messages',__($wp_session['message'],"pie-register")) . "</p>";
$wp_session['message'] = "";
}
if ( !empty($login_error) )
$form_data .= '<p class="piereg_login_error"> ' . apply_filters('piereg_messages', $login_error) . "</p>";
if ( !empty($login_success) )
$form_data .= '<p class="piereg_message">' . apply_filters('piereg_messages',$login_success) . "</p>";
if ( !empty($login_warning) )
$form_data .= '<p class="piereg_warning">' . apply_filters('piereg_messages',$login_warning) . "</p>";
if(isset($pie_register_base->pie_post_array['success']) && $pie_register_base->pie_post_array['success'] != "")
$form_data .= '<p class="piereg_message">'.apply_filters('piereg_messages',__($pie_register_base->pie_post_array['success'],"pie-register")).'</p>';
if(isset($pie_register_base->pie_post_array['error']) && $pie_register_base->pie_post_array['error'] != "")
$form_data .= '<p class="piereg_login_error">'.apply_filters('piereg_messages',__($pie_register_base->pie_post_array['error'],"pie-register")).'</p>';
if ( isset($_GET['action']) && ('rp' == $_GET['action'] || 'resetpass' == $_GET['action']) && ($newpasspageLock == 0) ){
if(file_exists( (get_stylesheet_directory()."/pie-register/pie_register_template/reset_password/reset_password_form_template.php"))){
require_once(get_stylesheet_directory()."/pie-register/pie_register_template/reset_password/reset_password_form_template.php");
}
elseif(file_exists(dirname(__FILE__)."/pie_register_template/reset_password/reset_password_form_template.php")){
require_once(dirname(__FILE__)."/pie_register_template/reset_password/reset_password_form_template.php");
}
$r_pass_form = new Reset_pass_form_template($option);
$form_data .= '
<form name="resetpassform" class="piereg_resetpassform" action="'.pie_modify_custom_url(pie_login_url(),'action=resetpass&key=' . urlencode( $_GET['key'] ) . '&login=' . urlencode( $_GET['login'] )).'" method="post" autocomplete="off">
<input type="hidden" id="user_login" value="'.esc_attr( $_GET['login'] ).'" autocomplete="off">';
if( function_exists( 'wp_nonce_field' ))
$form_data .= wp_nonce_field( 'piereg_wp_get_password_nonce','piereg_get_password_nonce', true, false);
$form_data .= $r_pass_form->add_new_confirm_pass();
$form_data .= $r_pass_form->add_submit();
$form_data .= $r_pass_form->add_login_register($pagenow);
$form_data .= '</form>';
}
elseif ( isset($_GET['action'],$_GET['reference_key'],$_GET['security_token']) && $_REQUEST['action'] == 'pie_login_sms' ){
$form_data .= apply_filters("piereg_login_sms_form",$piereg_widget);
}
else{
if(file_exists( (get_stylesheet_directory()."/pie-register/pie_register_template/login/login_form_template.php"))){
require_once(get_stylesheet_directory()."/pie-register/pie_register_template/login/login_form_template.php");
}
elseif(file_exists(dirname(__FILE__)."/pie_register_template/login/login_form_template.php")){
require_once(dirname(__FILE__)."/pie_register_template/login/login_form_template.php");
}
$login_form = new Login_form_template($option);
if( $piereg_widget )
{
$pr_loginform_id = 'piereg_login_form_widget';
}
else{
$pr_loginform_id = 'piereg_login_form';
}
$form_data = apply_filters( 'pie_register_frontend_login_output_before', __($form_data,"pie-register") );
$form_data .= '
<form method="post" id="'.$pr_loginform_id.'" class="piereg_loginform" name="loginform" action="'.htmlentities($_SERVER['REQUEST_URI']).'">';
$form_data .= '<ul id="pie_register">';
$form_data .= '<li class="fields">';
$form_data .= $login_form->add_username();
$form_data .= '</li>';
$form_data .= '<li class="fields">';
$form_data .= $login_form->add_password();
$form_data .= '</li>';
$form_data .= '<li class="fields"><div class="fieldset">';
global $piereg_math_captcha_login,$piereg_math_captcha_login_widget,$wpdb;
$table_name = $wpdb->prefix . "pieregister_lockdowns";
$user_ip = $_SERVER['REMOTE_ADDR'];
$get_results = $wpdb->get_results($wpdb->prepare("SELECT * FROM `".$table_name."` WHERE `user_ip` = %s;",$user_ip));
if(isset($wpdb->last_error) && !empty($wpdb->last_error))
{
PieRegister::pr_error_log($wpdb->last_error.(PieRegister::get_error_log_info(__FUNCTION__,__LINE__,__FILE__)));
}
$is_security_captcha = false;
$security_captcha_login = 0;
if(isset($get_results[0]->is_security_captcha) && $get_results[0]->is_security_captcha == 2){
$is_security_captcha = true;
$security_captcha_login = $option['security_captcha_login'];
}
$capthca_in_login = $option['capthca_in_login'];
if($is_security_captcha){
$capthca_in_login = $security_captcha_login;
}
if($capthca_in_login != 0 && !empty($capthca_in_login) && $option['captcha_in_login_value'] == 1){
$attempts = false;
if($pie_register_base->piereg_pro_is_activate){
if($option['captcha_in_login_attempts'] > 0){
if( count($get_results) > 0 && $option['captcha_in_login_attempts'] <= $get_results[0]->login_attempt){
$attempts = true;
}
}else{
$attempts = true;
}
}else{
$attempts = true;
}
/*if( isset($option['captcha_in_login_attempts']) )
{
if( $option['captcha_in_login_attempts'] > 0 && $pie_register_base->piereg_pro_is_activate ){
if( count($get_results) > 0 && $option['captcha_in_login_attempts'] <= $get_results[0]->login_attempt){
$attempts = true;
}
}elseif( $option['captcha_in_login_attempts'] > 0 && !$pie_register_base->piereg_pro_is_activate ){
$attempts = true;
}elseif( $option['captcha_in_login_attempts'] == 0 && $pie_register_base->piereg_pro_is_activate || !$pie_register_base->piereg_pro_is_activate ){
$attempts = true;
}
}*/
if( $attempts ){
if($piereg_math_captcha_login == false && $piereg_widget == false){
if(!empty($option['capthca_in_login_label']))
$form_data .= $login_form->add_capthca_label();
$form_data .= pie_login_form_captcha($capthca_in_login,$piereg_widget);
$piereg_math_captcha_login = true;
}elseif($piereg_math_captcha_login_widget == false && $piereg_widget == true){
if(!empty($option['capthca_in_login_label']))
$form_data .= $login_form->add_capthca_label();
$form_data .= pie_login_form_captcha($capthca_in_login,$piereg_widget);
$piereg_math_captcha_login_widget = true;
}
}
}
$form_data .= '</div></li>';
$form_data .= '</ul>';
$form_data .= $login_form->add_rememberme();
if( function_exists( 'wp_nonce_field' ))
$form_data .= wp_nonce_field( 'piereg_wp_login_form_nonce','piereg_login_form_nonce', true, false);
$form_data .= $login_form->add_submit();
$form_data .= $login_form->add_register_lostpassword($pagenow);
$form_data .= '
</form>';
$form_data = apply_filters( 'pie_register_frontend_login_output_after', __($form_data,"pie-register") );
}
$form_data .='</div>
</div></div>';
return $form_data;
}
if(!function_exists("pie_login_form_captcha"))
{
function pie_login_form_captcha($value = 0,$piereg_widget = false){
if(file_exists( (get_stylesheet_directory()."/pie-register/pie_register_template/login/login_form_template.php"))){
require_once(get_stylesheet_directory()."/pie-register/pie_register_template/login/login_form_template.php");
}
elseif(file_exists(dirname(__FILE__)."/pie_register_template/login/login_form_template.php")){
require_once(dirname(__FILE__)."/pie_register_template/login/login_form_template.php");
}
if(!isset($option)){
$option = get_option(OPTION_PIE_REGISTER);
}
$login_form = new Login_form_template($option);
$output = "";
if($value == 2){ // Math Captcha
$cap_id = "";
if( $piereg_widget ){
$cap_id = "is_login_widget";
$cookie = 'Login_form_widget';
}else{
$cap_id = "not_login_widget";
$cookie = 'Login_form';
}
$data = "";
$data .='<div class="prMathCaptcha" data-cookiename="'.$cookie.'" id="'.$cap_id.'" style="display:inline-block;">';
$field_id = "";
$math_captcha_field = $login_form->add_mathcaptcha_input($piereg_widget);
$data .= $math_captcha_field['data'];
$field_id = $math_captcha_field['field_id'];
$data .= '</div>';
$output = $data;
}elseif($value == 1 || $value == 3){//Re-Captcha
$data = "";
$settings = get_option(OPTION_PIE_REGISTER);
$publickey = $settings['captcha_publc'] ;
if($publickey)
{
$cap_id = "";
$style_inline = "";
if( $piereg_widget ){
$cap_id = "is_widget";
}else{
$cap_id = "not_widget";
$style_inline = 'style="display:inline-block;"';
}
$data .= '<div '.$style_inline.' class="piereg_recaptcha_widget_div" id="'.$cap_id.'">';
$data .= '</div>';
}
return $data;
}
return $output;
}
}
function pie_update_user_meta_hash() {
$activation_key = isset($_GET['activation_key']) ? $_GET['activation_key'] : "";
$unverified = get_users(array('meta_key'=> 'hash','meta_value' => sanitize_key($activation_key)));
if(sizeof($unverified )==1)
{
$user_id = $unverified[0]->ID;
$user_login = $unverified[0]->user_login;
if( isset($_GET['pie_id']) && $user_login == $_GET['pie_id'])
{
$hash = "";
update_user_meta( $user_id, 'hash', $hash );
}
}
}
add_action('wp_footer','pie_update_user_meta_hash');
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment