Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
03/11/2010 04:52:34 PM (14 years ago)
Author:
apeatling
Message:

Fixes #2149, fixed inconsistencies between single WP and WPMU with registration and activation. Single WP users must now activate their accounts and confirm they are using a valid email.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/1.2/bp-core/bp-core-signup.php

    r2829 r2832  
    11<?php
     2
     3/********************************************************************************
     4 * Screen Functions
     5 *
     6 * Screen functions are the controllers of BuddyPress. They will execute when their
     7 * specific URL is caught. They will first save or manipulate data using business
     8 * functions, then pass on the user to a template file.
     9 */
    210
    311function bp_core_screen_signup() {
     
    1119        bp_core_redirect( $bp->root_domain );
    1220
    13     /***
    14      * For backwards compatibility with the old pre 1.1 two theme system, skip this screen function
    15      * if the user is using the old two theme method.
    16      */
    17     if ( file_exists( WP_CONTENT_DIR . '/bp-themes' ) )
    18         return false;
    19 
    2021    /* If signups are disabled, just re-direct */
    2122    if ( !bp_get_signup_allowed() )
     
    3334
    3435        /* Check the base account details for problems */
    35         $account_details = wpmu_validate_user_signup( $_POST['signup_username'], $_POST['signup_email'] );
     36        $account_details = bp_core_validate_user_signup( $_POST['signup_username'], $_POST['signup_email'] );
    3637
    3738        /* If there are errors with account details, set them for display */
     
    7475
    7576            if ( 'blog' == $active_signup || 'all' == $active_signup ) {
    76                 $blog_details = wpmu_validate_blog_signup( $_POST['signup_blog_url'], $_POST['signup_blog_title'] );
     77                $blog_details = bp_core_validate_blog_signup( $_POST['signup_blog_url'], $_POST['signup_blog_title'] );
    7778
    7879                /* If there are errors with blog details, set them for display */
     
    126127                $usermeta = apply_filters( 'bp_signup_usermeta', $usermeta );
    127128
    128                 /* Finally, sign up the user and/or blog*/
     129                /* Finally, sign up the user and/or blog */
    129130                if ( isset( $_POST['signup_with_blog'] ) && bp_core_is_multisite() )
    130                     wpmu_signup_blog( $blog_details['domain'], $blog_details['path'], $blog_details['blog_title'], $_POST['signup_username'], $_POST['signup_email'], $usermeta );
     131                    bp_core_signup_blog( $blog_details['domain'], $blog_details['path'], $blog_details['blog_title'], $_POST['signup_username'], $_POST['signup_email'], $usermeta );
    131132                else {
    132133                    bp_core_signup_user( $_POST['signup_username'], $_POST['signup_password'], $_POST['signup_email'], $usermeta );
     
    159160                $bp->signup->avatar_dir = wp_hash( $bp->signup->key );
    160161            }
    161         } else
    162             $bp->signup->avatar_dir = wp_hash( $bp->signup->username );
     162        } else {
     163            $user_id = bp_core_get_userid( $_POST['signup_username'] );
     164            $bp->signup->avatar_dir = wp_hash( $user_id );
     165        }
    163166
    164167        /* Pass the file to the avatar upload handler */
     
    185188        else
    186189            bp_core_add_message( __( 'Your new avatar was uploaded successfully', 'buddypress' ) );
    187 
    188         /* If this is a single WP install, move the avatar to the user's folder since there is no activation process to move it. */
    189         if ( !bp_core_is_multisite() ) {
    190             $user_id = bp_core_get_userid( $_POST['signup_username'] );
    191 
    192             if ( !empty( $user_id ) && file_exists( BP_AVATAR_UPLOAD_PATH . '/avatars/signups/' . $_POST['signup_avatar_dir'] ) ) {
    193                 @rename( BP_AVATAR_UPLOAD_PATH . '/avatars/signups/' . $_POST['signup_avatar_dir'], BP_AVATAR_UPLOAD_PATH . '/avatars/' . $user_id );
     190    }
     191    bp_core_load_template( 'registration/register' );
     192}
     193add_action( 'wp', 'bp_core_screen_signup', 3 );
     194
     195function bp_core_screen_activation() {
     196    global $bp, $wpdb;
     197
     198    if ( BP_ACTIVATION_SLUG != $bp->current_component )
     199        return false;
     200
     201    /* Check if an activation key has been passed */
     202    if ( isset( $_GET['key'] ) ) {
     203
     204        require_once( ABSPATH . WPINC . '/registration.php' );
     205
     206        /* Activate the signup */
     207        $user = apply_filters( 'bp_core_activate_account', bp_core_activate_signup( $_GET['key'] ) );
     208
     209        /* If there was errors, add a message and redirect */
     210        if ( $user->errors ) {
     211            bp_core_add_message( __( 'There was an error activating your account, please try again.', 'buddypress' ), 'error' );
     212            bp_core_redirect( $bp->root_domain . '/' . BP_ACTIVATION_SLUG );
     213        }
     214
     215        /* Check for an uploaded avatar and move that to the correct user folder */
     216        if ( bp_core_is_multisite() )
     217            $hashed_key = wp_hash( $_GET['key'] );
     218        else
     219            $hashed_key = wp_hash( $user );
     220
     221        /* Check if the avatar folder exists. If it does, move rename it, move it and delete the signup avatar dir */
     222        if ( file_exists( BP_AVATAR_UPLOAD_PATH . '/avatars/signups/' . $hashed_key ) )
     223            @rename( BP_AVATAR_UPLOAD_PATH . '/avatars/signups/' . $hashed_key, BP_AVATAR_UPLOAD_PATH . '/avatars/' . $user );
     224
     225        bp_core_add_message( __( 'Your account is now active!', 'buddypress' ) );
     226
     227        $bp->activation_complete = true;
     228    }
     229
     230    if ( '' != locate_template( array( 'registration/activate' ), false ) )
     231        bp_core_load_template( apply_filters( 'bp_core_template_activate', 'activate' ) );
     232    else
     233        bp_core_load_template( apply_filters( 'bp_core_template_activate', 'registration/activate' ) );
     234}
     235add_action( 'wp', 'bp_core_screen_activation', 3 );
     236
     237
     238/********************************************************************************
     239 * Business Functions
     240 *
     241 * Business functions are where all the magic happens in BuddyPress. They will
     242 * handle the actual saving or manipulation of information. Usually they will
     243 * hand off to a database class for data access, then return
     244 * true or false on success or failure.
     245 */
     246
     247function bp_core_validate_user_signup( $user_name, $user_email ) {
     248    global $wpdb;
     249
     250    $errors = new WP_Error();
     251    $user_email = sanitize_email( $user_email );
     252
     253    if ( empty( $user_name ) )
     254        $errors->add( 'user_name', __( 'Please enter a username', 'buddypress' ) );
     255
     256    $maybe = array();
     257    preg_match( "/[a-z0-9]+/", $user_name, $maybe );
     258
     259    $db_illegal_names = get_site_option( 'illegal_names' );
     260    $filtered_illegal_names = apply_filters( 'bp_core_illegal_usernames', array( 'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator', BP_GROUPS_SLUG, BP_MEMBERS_SLUG, BP_FORUMS_SLUG, BP_BLOGS_SLUG, BP_REGISTER_SLUG, BP_ACTIVATION_SLUG ) );
     261
     262    $illegal_names = array_merge( (array)$db_illegal_names, (array)$filtered_illegal_names );
     263    update_site_option( 'illegal_names', $illegal_names );
     264
     265    if ( !validate_username( $user_name ) || in_array( $user_name, (array)$illegal_names ) || $user_name != $maybe[0] )
     266        $errors->add( 'user_name', __( 'Only lowercase letters and numbers allowed', 'buddypress' ) );
     267
     268    if( strlen( $user_name ) < 4 )
     269        $errors->add( 'user_name',  __( 'Username must be at least 4 characters', 'buddypress' ) );
     270
     271    if ( strpos( ' ' . $user_name, '_' ) != false )
     272        $errors->add( 'user_name', __( 'Sorry, usernames may not contain the character "_"!', 'buddypress' ) );
     273
     274    /* Is the user_name all numeric? */
     275    $match = array();
     276    preg_match( '/[0-9]*/', $user_name, $match );
     277
     278    if ( $match[0] == $user_name )
     279        $errors->add( 'user_name', __( 'Sorry, usernames must have letters too!', 'buddypress' ) );
     280
     281    if ( !is_email( $user_email ) )
     282        $errors->add( 'user_email', __( 'Please check your email address.', 'buddypress' ) );
     283
     284    $limited_email_domains = get_site_option( 'limited_email_domains', 'buddypress' );
     285
     286    if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) {
     287        $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) );
     288
     289        if ( in_array( $emaildomain, (array)$limited_email_domains ) == false )
     290            $errors->add( 'user_email', __( 'Sorry, that email address is not allowed!', 'buddypress' ) );
     291    }
     292
     293    /* Check if the username has been used already. */
     294    if ( username_exists( $user_name ) )
     295        $errors->add( 'user_name', __( 'Sorry, that username already exists!', 'buddypress' ) );
     296
     297    /* Check if the email address has been used already. */
     298    if ( email_exists( $user_email ) )
     299        $errors->add( 'user_email', __( 'Sorry, that email address is already used!', 'buddypress' ) );
     300
     301    $result = array( 'user_name' => $user_name, 'user_email' => $user_email, 'errors' => $errors );
     302
     303    /* Apply WPMU legacy filter */
     304    $result = apply_filters( 'wpmu_validate_user_signup', $result );
     305
     306    return apply_filters( 'bp_core_validate_user_signup', $result );
     307}
     308
     309function bp_core_validate_blog_signup( $blog_url, $blog_title ) {
     310    if ( !bp_core_is_multisite() || !function_exists( 'wpmu_validate_blog_signup' ) )
     311        return false;
     312
     313    return apply_filters( 'bp_core_validate_blog_signup', wpmu_validate_blog_signup( $blog_url, $blog_title ) );
     314}
     315
     316function bp_core_signup_user( $user_login, $user_password, $user_email, $usermeta ) {
     317    global $bp, $wpdb;
     318
     319    /* Multisite installs have their own install procedure */
     320    if ( bp_core_is_multisite() ) {
     321        wpmu_signup_user( $user_login, $user_email, $usermeta );
     322
     323    } else {
     324        $errors = new WP_Error();
     325
     326        $user_id = wp_insert_user( array(
     327            'user_login' => $user_login,
     328            'user_pass' => $user_password,
     329            'display_name' => sanitize_title( $user_login ),
     330            'user_email' => $user_email
     331        ) );
     332
     333        if ( !$user_id ) {
     334            $errors->add( 'registerfail', sprintf( __('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !', 'buddypress' ), get_option( 'admin_email' ) ) );
     335            return $errors;
     336        }
     337
     338        /* Update the user status to '2' which we will use as 'not activated' (0 = active, 1 = spam, 2 = not active) */
     339        $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->users SET user_status = 2 WHERE ID = %d", $user_id ) );
     340
     341        /* Set any profile data */
     342        if ( function_exists( 'xprofile_set_field_data' ) ) {
     343            if ( !empty( $usermeta['profile_field_ids'] ) ) {
     344                $profile_field_ids = explode( ',', $usermeta['profile_field_ids'] );
     345
     346                foreach( (array)$profile_field_ids as $field_id ) {
     347                    $current_field = $usermeta["field_{$field_id}"];
     348
     349                    if ( !empty( $current_field ) )
     350                        xprofile_set_field_data( $field_id, $user_id, $current_field );
     351                }
    194352            }
    195353        }
    196354    }
    197     bp_core_load_template( 'registration/register' );
    198 }
    199 add_action( 'wp', 'bp_core_screen_signup', 3 );
    200 
    201 function bp_core_signup_user( $user_login, $user_password, $user_email, $usermeta ) {
    202     global $bp;
    203 
    204     if ( bp_core_is_multisite() )
    205         return wpmu_signup_user( $user_login, $user_email, $usermeta );
    206 
    207     $errors = new WP_Error();
    208 
    209     $user_id = wp_insert_user( array(
    210         'user_login' => $user_login,
    211         'user_pass' => $user_password,
    212         'display_name' => sanitize_title( $user_login ),
    213         'user_email' => $user_email
    214     ) );
    215 
    216     if ( !$user_id ) {
    217         $errors->add('registerfail', sprintf(__('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_option('admin_email')));
    218         return $errors;
    219     }
    220 
    221     /* Update the user_url */
    222     wp_update_user( array( 'ID' => $user_id, 'user_url' => bp_core_get_user_domain( $user_id, sanitize_title( $user_login ), $user_login ) ) );
    223 
    224     /* Set any profile data */
    225     if ( function_exists( 'xprofile_set_field_data' ) ) {
    226         if ( !empty( $usermeta['profile_field_ids'] ) ) {
    227             $profile_field_ids = explode( ',', $usermeta['profile_field_ids'] );
    228 
    229             foreach( (array)$profile_field_ids as $field_id ) {
    230                 $current_field = $usermeta["field_{$field_id}"];
    231 
    232                 if ( !empty( $current_field ) )
    233                     xprofile_set_field_data( $field_id, $user_id, $current_field );
     355    $bp->signup->username = $user_login;
     356
     357    /***
     358     * Now generate an activation key and send an email to the user so they can activate their account
     359     * and validate their email address. Multisite installs send their own email, so this is only for single blog installs.
     360     */
     361    if ( !bp_core_is_multisite() ) {
     362        $activation_key = wp_hash( $user_id );
     363        update_usermeta( $user_id, 'activation_key', $activation_key );
     364        bp_core_signup_send_validation_email( $user_id, $activation_key );
     365    }
     366
     367    do_action( 'bp_core_signup_user', $user_id, $user_login, $user_password, $user_email, $usermeta );
     368
     369    return $user_id;
     370}
     371
     372function bp_core_signup_blog( $blog_domain, $blog_path, $blog_title, $user_name, $user_email, $usermeta ) {
     373    if ( !bp_core_is_multisite() || !function_exists( 'wpmu_signup_blog' ) )
     374        return false;
     375
     376    return apply_filters( 'bp_core_signup_blog', wpmu_signup_blog( $blog_domain, $blog_path, $blog_title, $user_name, $user_email, $usermeta ) );
     377}
     378
     379function bp_core_activate_signup( $key ) {
     380    global $wpdb;
     381
     382    $user = false;
     383
     384    /* Multisite installs have their own activation routine */
     385    if ( bp_core_is_multisite() ) {
     386        $user = wpmu_activate_signup( $key );
     387
     388        /* If there was errors, add a message and redirect */
     389        if ( $user->errors ) {
     390            bp_core_add_message( __( 'There was an error activating your account, please try again.', 'buddypress' ), 'error' );
     391            bp_core_redirect( $bp->root_domain . '/' . BP_ACTIVATION_SLUG );
     392        }
     393
     394        $user_id = $user['user_id'];
     395
     396        /* Set any profile data */
     397        if ( function_exists( 'xprofile_set_field_data' ) ) {
     398            if ( !empty( $user['meta']['profile_field_ids'] ) ) {
     399                $profile_field_ids = explode( ',', $user['meta']['profile_field_ids'] );
     400
     401                foreach( (array)$profile_field_ids as $field_id ) {
     402                    $current_field = $user['meta']["field_{$field_id}"];
     403
     404                    if ( !empty( $current_field ) )
     405                        xprofile_set_field_data( $field_id, $user_id, $current_field );
     406                }
    234407            }
    235408        }
    236     }
     409
     410    } else {
     411        /* Get the user_id based on the $key */
     412        $user_id = $wpdb->get_var( $wpdb->prepare( "SELECT user_id FROM $wpdb->usermeta WHERE meta_value = %s", $key ) );
     413
     414        if ( empty( $user_id ) )
     415            return new WP_Error( 'invalid_key', __( 'Invalid activation key', 'buddypress' ) );
     416
     417        /* Change the user's status so they become active */
     418        if ( !$wpdb->query( $wpdb->prepare( "UPDATE $wpdb->users SET user_status = 0 WHERE ID = %d", $user_id ) ) )
     419            return new WP_Error( 'invalid_key', __( 'Invalid activation key', 'buddypress' ) );
     420
     421        /* Notify the site admin of a new user registration */
     422        wp_new_user_notification( $user_id );
     423
     424        /* Remove the activation key meta */
     425        delete_usermeta( $user_id, 'activation_key' );
     426    }
     427
     428    /* Update the user_url and display_name */
     429    wp_update_user( array( 'ID' => $user_id, 'user_url' => bp_core_get_user_domain( $user_id, sanitize_title( $user_login ), $user_login ), 'display_name' => bp_core_get_user_displayname( $user_id ) ) );
    237430
    238431    /* Add a last active entry */
    239432    update_usermeta( $user_id, 'last_activity', gmdate( "Y-m-d H:i:s" ) );
    240433
    241     wp_new_user_notification( $user_id, $user_pass );
     434    /* Set the password on multisite installs */
     435    if ( bp_core_is_multisite() && !empty( $user['meta']['password'] ) )
     436        $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->users SET user_pass = %s WHERE ID = %d", $user['meta']['password'], $user_id ) );
     437
     438    /* Delete the total member cache */
    242439    wp_cache_delete( 'bp_total_member_count', 'bp' );
    243440
    244     $bp->signup->username = $user_login;
    245 
    246     do_action( 'bp_core_signup_user', $user_id, $user_login, $user_password, $user_email, $usermeta );
     441    do_action( 'bp_core_activated_user', $user_id, $key, $user );
    247442
    248443    return $user_id;
    249444}
     445
     446function bp_core_new_user_activity( $user ) {
     447    if ( empty( $user ) || !function_exists( 'bp_activity_add' ) )
     448        return false;
     449
     450    if ( is_array( $user ) )
     451        $user_id = $user['user_id'];
     452    else
     453        $user_id = $user;
     454
     455    if ( empty( $user_id ) )
     456        return false;
     457
     458    $userlink = bp_core_get_userlink( $user_id );
     459
     460    bp_activity_add( array(
     461        'user_id' => $user_id,
     462        'action' => apply_filters( 'bp_core_activity_registered_member_action', sprintf( __( '%s became a registered member', 'buddypress' ), $userlink ), $user_id ),
     463        'component' => 'profile',
     464        'type' => 'new_member'
     465    ) );
     466}
     467add_action( 'bp_core_activated_user', 'bp_core_new_user_activity' );
    250468
    251469function bp_core_map_user_registration( $user_id ) {
     
    290508}
    291509
     510function bp_core_signup_send_validation_email( $user_id, $key ) {
     511    $activate_url = bp_get_activation_page() ."?key=$key";
     512    $activate_url = clean_url( $activate_url );
     513    $admin_email = get_site_option( "admin_email" );
     514
     515    if ( empty( $admin_email ) )
     516        $admin_email = 'noreply@' . $_SERVER['SERVER_NAME'];
     517
     518    $from_name = ( '' == get_option( 'blogname' ) ) ? 'BuddyPress' : wp_specialchars( get_option( 'blogname' ) );
     519    $message_headers = "MIME-Version: 1.0\n" . "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option( 'blog_charset' ) . "\"\n";
     520    $message = sprintf( __( "Thanks for registering! To complete the activation of your account please click the following link:\n\n%s\n\n", 'buddypress' ), $activate_url );
     521    $subject = '[' . $from_name . '] ' . __( 'Activate Your Account', 'buddypress' );
     522
     523    /* Send the message */
     524    $to = apply_filters( 'bp_core_activation_signup_user_notification_to', $user_email );
     525    $subject = apply_filters( 'bp_core_activation_signup_user_notification_subject', $subject );
     526    $message = apply_filters( 'bp_core_activation_signup_user_notification_message', $message );
     527
     528    wp_mail( $to, $subject, $message, $message_headers );
     529}
     530
     531/* Stop user accounts logging in that have not been activated (user_status = 2) */
     532function bp_core_signup_disable_inactive( $auth_obj, $username ) {
     533    global $bp, $wpdb;
     534
     535    if ( !$user_id = bp_core_get_userid( $username ) )
     536        return $auth_obj;
     537
     538    $user_status = (int) $wpdb->get_var( $wpdb->prepare( "SELECT user_status FROM $wpdb->users WHERE ID = %d", $user_id ) );
     539
     540    if ( 2 == $user_status )
     541        bp_core_redirect( $bp->root_domain );
     542    else
     543        return $auth_obj;
     544}
     545add_filter( 'authenticate', 'bp_core_signup_disable_inactive', 11, 2 );
     546
    292547/* Kill the wp-signup.php if custom registration signup templates are present */
    293548function bp_core_wpsignup_redirect() {
Note: See TracChangeset for help on using the changeset viewer.