Skip to:
Content

BuddyPress.org

Ticket #4245: 4245.01.patch

File 4245.01.patch, 4.2 KB (added by r-a-y, 12 years ago)
  • bp-members/bp-members-functions.php

    add_action( 'pre_user_login', 'bp_core_strip_username_spaces' ); 
    846846 * When a user logs in, check if they have been marked as a spammer. If yes then simply
    847847 * redirect them to the home page and stop them from logging in.
    848848 *
    849  * @package BuddyPress Core
    850  * @param $auth_obj The WP authorization object
    851  * @param $username The username of the user logging in.
    852  * @uses get_user_by() Get the userdata object for a user based on their username
    853  * @uses bp_core_redirect() Safe redirect to a page
    854  * @return $auth_obj If the user is not a spammer, return the authorization object
     849 * @param obj $user Either the WP_User object or the WP_Error object
     850 * @return obj If the user is not a spammer, return the WP_User object. Otherwise a new WP_Error object.
     851 *
     852 * @since 1.1.2
    855853 */
    856 function bp_core_boot_spammer( $auth_obj, $username ) {
    857 
    858         if ( !$user = get_user_by( 'login', $username ) )
    859                 return $auth_obj;
    860 
    861         if ( ( is_multisite() && (int) $user->spam ) || 1 == (int) $user->user_status )
     854function bp_core_boot_spammer( $user ) {
     855        // check to see if the $user has already failed logging in, if so return $user as-is
     856        if ( is_wp_error( $user ) || empty( $user ) )
     857                return $user;
     858
     859        // the user exists; now do a check to see if the user is a spammer
     860        // if the user is a spammer, stop them in their tracks!
     861        if ( is_a( $user, 'WP_User' ) && ( ( is_multisite() && (int) $user->spam ) || 1 == $user->user_status ) )
    862862                return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Your account has been marked as a spammer.', 'buddypress' ) );
    863         else
    864                 return $auth_obj;
     863
     864        // user is good to go!
     865        return $user;
    865866}
    866 add_filter( 'authenticate', 'bp_core_boot_spammer', 30, 2 );
     867add_filter( 'authenticate', 'bp_core_boot_spammer', 30 );
    867868
    868869/**
    869870 * Deletes usermeta for the user when the user is deleted.
    function bp_core_signup_send_validation_email( $user_id, $user_email, $key ) { 
    12711272        do_action( 'bp_core_sent_user_validation_email', $subject, $message, $user_id, $user_email, $key );
    12721273}
    12731274
    1274 // Stop user accounts logging in that have not been activated (user_status = 2)
    1275 function bp_core_signup_disable_inactive( $auth_obj, $username ) {
    1276         global $wpdb;
    1277 
    1278         if ( !$user_id = bp_core_get_userid( $username ) )
    1279                 return $auth_obj;
    1280 
    1281         $user_status = (int) $wpdb->get_var( $wpdb->prepare( "SELECT user_status FROM $wpdb->users WHERE ID = %d", $user_id ) );
    1282 
    1283         if ( 2 == $user_status )
     1275/**
     1276 * Stop user accounts logging in that have not been activated yet (user_status = 2).
     1277 *
     1278 * Note: This is only applicable for single site WordPress installs.
     1279 * Multisite has their own DB table - 'wp_signups' - dedicated for unactivated users.
     1280 * See {@link wpmu_signup_user()} and {@link wpmu_validate_user_signup()}.
     1281 *
     1282 * @param obj $user Either the WP_User object or the WP_Error object
     1283 * @return obj If the user is not a spammer, return the WP_User object. Otherwise a new WP_Error object.
     1284 *
     1285 * @since 1.2.2
     1286 */
     1287function bp_core_signup_disable_inactive( $user ) {
     1288        // check to see if the $user has already failed logging in, if so return $user as-is
     1289        if ( is_wp_error( $user ) || empty( $user ) )
     1290                return $user;
     1291
     1292        // the user exists; now do a check to see if the user has activated their account or not
     1293        // NOTE: this is only applicable for single site WordPress installs!
     1294        // if unactivated, stop the login now!
     1295        if ( is_a( $user, 'WP_User' ) && 2 == $user->user_status )
    12841296                return new WP_Error( 'bp_account_not_activated', __( '<strong>ERROR</strong>: Your account has not been activated. Check your email for the activation link.', 'buddypress' ) );
    1285         else
    1286                 return $auth_obj;
     1297
     1298        // user has activated their account! all clear!
     1299        return $user;
    12871300}
    1288 add_filter( 'authenticate', 'bp_core_signup_disable_inactive', 30, 2 );
     1301add_filter( 'authenticate', 'bp_core_signup_disable_inactive', 30 );
    12891302
    1290 // Kill the wp-signup.php if custom registration signup templates are present
     1303/**
     1304 * Kill the wp-signup.php if custom registration signup templates are present
     1305 */
    12911306function bp_core_wpsignup_redirect() {
    12921307        $action = !empty( $_GET['action'] ) ? $_GET['action'] : '';
    12931308