Skip to:
Content

BuddyPress.org

Changeset 5841


Ignore:
Timestamp:
02/25/2012 06:25:40 PM (13 years ago)
Author:
boonebgorges
Message:

Some hardening of the member registration process:

  • Ensures that pre_user_login filters are applied before attempting to create a user with wp_insert_user(), so that BP's username validation is the same as WP's, and username_exists() checks are reliable.
  • Check to see whether the return value of wp_insert_user() is a WP_Error object before continuing with the registration process.
  • Improves error handling during user creation, by correctly parsing WP_Error objects returned from wp_insert_user().

See #3949.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/1.5/bp-members/bp-members-signup.php

    r5807 r5841  
    151151                // Finally, sign up the user and/or blog
    152152                if ( isset( $_POST['signup_with_blog'] ) && is_multisite() )
    153                     bp_core_signup_blog( $blog_details['domain'], $blog_details['path'], $blog_details['blog_title'], $_POST['signup_username'], $_POST['signup_email'], $usermeta );
     153                    $wp_user_id = bp_core_signup_blog( $blog_details['domain'], $blog_details['path'], $blog_details['blog_title'], $_POST['signup_username'], $_POST['signup_email'], $usermeta );
    154154                else
    155                     bp_core_signup_user( $_POST['signup_username'], $_POST['signup_password'], $_POST['signup_email'], $usermeta );
    156 
    157                 $bp->signup->step = 'completed-confirmation';
     155                    $wp_user_id = bp_core_signup_user( $_POST['signup_username'], $_POST['signup_password'], $_POST['signup_email'], $usermeta );
     156
     157                if ( is_wp_error( $wp_user_id ) ) {                                   
     158                    $bp->signup->step = 'request-details';
     159                    bp_core_add_message( strip_tags( $wp_user_id->get_error_message() ), 'error' );
     160                } else {
     161                    $bp->signup->step = 'completed-confirmation';
     162                }
    158163            }
    159164
     
    305310    $user_email = sanitize_email( $user_email );
    306311
     312    // Apply any user_login filters added by BP or other plugins before validating
     313    $user_name = apply_filters( 'pre_user_login', $user_name );
     314
    307315    if ( empty( $user_name ) )
    308316        $errors->add( 'user_name', __( 'Please enter a username', 'buddypress' ) );
     
    391399        ) );
    392400
    393         if ( empty( $user_id ) ) {
     401        if ( is_wp_error( $user_id ) || empty( $user_id ) ) {
    394402            $errors->add( 'registerfail', sprintf( __('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !', 'buddypress' ), get_option( 'admin_email' ) ) );
    395403            return $errors;
Note: See TracChangeset for help on using the changeset viewer.