Changeset 5840

Timestamp:

02/25/2012 06:21:27 PM (13 years ago)

Author:

boonebgorges

Message:

Some hardening of the member registration process:

• Ensures that pre_user_login filters are applied before attempting to create a user with wp_insert_user(), so that BP's username validation is the same as WP's, and username_exists() checks are reliable.
• Check to see whether the return value of wp_insert_user() is a WP_Error object before continuing with the registration process.
• Improves error handling during user creation, by correctly parsing WP_Error objects returned from wp_insert_user().

See #3949.

Location:

trunk/bp-members

Files:

• bp-members-functions.php (modified) (2 diffs)
• bp-members-screens.php (modified) (1 diff)

trunk/bp-members/bp-members-functions.php

@@ -949 +949 @@
     $user_email = sanitize_email( $user_email );
 
+    // Apply any user_login filters added by BP or other plugins before validating
+    $user_name = apply_filters( 'pre_user_login', $user_name );
+
     if ( empty( $user_name ) )
         $errors->add( 'user_name', __( 'Please enter a username', 'buddypress' ) );
@@ -1032 +1035 @@
         ) );
 
-        if ( empty( $user_id ) ) {
+        if ( is_wp_error( $user_id ) || empty( $user_id ) ) {
             $errors->add( 'registerfail', sprintf( __('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !', 'buddypress' ), bp_get_option( 'admin_email' ) ) );
             return $errors;

trunk/bp-members/bp-members-screens.php

@@ -189 +189 @@
                 // Finally, sign up the user and/or blog
                 if ( isset( $_POST['signup_with_blog'] ) && is_multisite() )
-                    bp_core_signup_blog( $blog_details['domain'], $blog_details['path'], $blog_details['blog_title'], $_POST['signup_username'], $_POST['signup_email'], $usermeta );
+                    $wp_user_id = bp_core_signup_blog( $blog_details['domain'], $blog_details['path'], $blog_details['blog_title'], $_POST['signup_username'], $_POST['signup_email'], $usermeta );
                 else
-                    bp_core_signup_user( $_POST['signup_username'], $_POST['signup_password'], $_POST['signup_email'], $usermeta );
-
-                $bp->signup->step = 'completed-confirmation';
+                    $wp_user_id = bp_core_signup_user( $_POST['signup_username'], $_POST['signup_password'], $_POST['signup_email'], $usermeta );
+
+                if ( is_wp_error( $wp_user_id ) ) {                 
+                    $bp->signup->step = 'request-details';
+                    bp_core_add_message( $wp_user_id->get_error_message(), 'error' ); 
+                } else {
+                    $bp->signup->step = 'completed-confirmation';
+                }
             }