Skip to:
Content

BuddyPress.org

Changeset 10938


Ignore:
Timestamp:
07/06/2016 04:39:34 PM (5 years ago)
Author:
imath
Message:

Make sure the password is set to what user chose when signing up with a blog

When signing up, users choose their password and we are hashing them into the meta field of the signups table.
When users activate their accounts, we directly run a query to replace the password automatically generated by WordPress to what the users chose. For the "signup with a blog" case, it appears this is not taking in account because the created users is cached and the xprofile_sync_wp_profile() function is reseting the password to the cached version.
To avoid this, as soon as we run the direct query, we are cleaning the cached object of the created user.

See #7173

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-members/bp-members-functions.php

    r10825 r10938  
    20662066    }
    20672067
    2068     // Update the display_name.
    2069     wp_update_user( array(
    2070         'ID'           => $user_id,
    2071         'display_name' => bp_core_get_user_displayname( $user_id ),
    2072     ) );
    2073 
    2074     // Set the password on multisite installs.
     2068    // Replace the password automatically generated by WordPress by the one the user chose.
    20752069    if ( ! empty( $user['meta']['password'] ) ) {
    20762070        $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->users} SET user_pass = %s WHERE ID = %d", $user['meta']['password'], $user_id ) );
     2071
     2072        /**
     2073         * Make sure to clean the user's cache as we've
     2074         * directly edited the password without using
     2075         * wp_update_user().
     2076         *
     2077         * If we can't use wp_update_user() that's because
     2078         * we already hashed the password at the signup step.
     2079         */
     2080        $uc = wp_cache_get( $user_id, 'users' );
     2081
     2082        if ( ! empty( $uc->ID ) ) {
     2083            clean_user_cache( $uc->ID );
     2084        }
    20772085    }
    20782086
  • trunk/tests/phpunit/testcases/members/functions.php

    r10800 r10938  
    588588        $this->assertSame( bp_get_signup_page(), wp_registration_url() );
    589589    }
     590
     591    /**
     592     * @group bp_core_activate_signup
     593     */
     594    public function test_bp_core_activate_signup_password() {
     595        global $wpdb;
     596
     597
     598        $signups = array( 'no-blog' =>
     599            array( 'signup_id' => $this->factory->signup->create( array(
     600                    'user_login'     => 'noblog',
     601                    'user_email'     => 'noblog@example.com',
     602                    'activation_key' => 'no-blog',
     603                    'meta' => array(
     604                        'field_1' => 'Foo Bar',
     605                        'password' => 'foobar',
     606                    ),
     607            ) ),
     608                'password' => 'foobar',
     609            ),
     610        );
     611
     612        if ( is_multisite() ) {
     613            $signups['ms-blog'] = array( 'signup_id' => $this->factory->signup->create( array(
     614                    'user_login'     => 'msblog',
     615                    'user_email'     => 'msblog@example.com',
     616                    'domain'         => get_current_site()->domain,
     617                    'path'           => get_current_site()->path . 'ms-blog',
     618                    'title'          => 'Ding Dang',
     619                    'activation_key' => 'ms-blog',
     620                    'meta' => array(
     621                        'field_1'  => 'Ding Dang',
     622                        'password' => 'dingdang',
     623                    ),
     624                ) ),
     625                'password' => 'dingdang',
     626            );
     627        }
     628
     629        // Neutralize db errors
     630        $suppress = $wpdb->suppress_errors();
     631
     632        foreach ( $signups as $key => $data ) {
     633            $u = bp_core_activate_signup( $key );
     634
     635            $this->assertEquals( get_userdata( $u )->user_pass, $data['password'] );
     636        }
     637
     638        $wpdb->suppress_errors( $suppress );
     639    }
    590640}
Note: See TracChangeset for help on using the changeset viewer.