Skip to:
Content

BuddyPress.org

Changeset 6072


Ignore:
Timestamp:
06/11/2012 09:20:17 PM (12 years ago)
Author:
boonebgorges
Message:

Cleans up the authentication checks for spammers and inactive users

  • Saves a lookup by examining the $auth_obj passed from the 'authenticate' hook instead of looking the user up by $username, in both bp_core_boot_spammer() and bp_core_signup_disable_inactive()
  • Updates documentation for the relevant functions

Fixes #4245
Props r-a-y

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-members/bp-members-functions.php

    r6049 r6072  
    847847 * redirect them to the home page and stop them from logging in.
    848848 *
    849  * @package BuddyPress Core
    850  * @param $auth_obj The WP authorization object
    851  * @param $username The username of the user logging in.
    852  * @uses get_user_by() Get the userdata object for a user based on their username
    853  * @uses bp_core_redirect() Safe redirect to a page
    854  * @return $auth_obj If the user is not a spammer, return the authorization object
    855  */
    856 function bp_core_boot_spammer( $auth_obj, $username ) {
    857 
    858     if ( !$user = get_user_by( 'login', $username ) )
    859         return $auth_obj;
    860 
    861     if ( ( is_multisite() && (int) $user->spam ) || 1 == (int) $user->user_status )
     849 * @param obj $user Either the WP_User object or the WP_Error object
     850 * @return obj If the user is not a spammer, return the WP_User object. Otherwise a new WP_Error object.
     851 *
     852 * @since 1.1.2
     853 */
     854function bp_core_boot_spammer( $user ) {
     855    // check to see if the $user has already failed logging in, if so return $user as-is
     856    if ( is_wp_error( $user ) || empty( $user ) )
     857        return $user;
     858
     859    // the user exists; now do a check to see if the user is a spammer
     860    // if the user is a spammer, stop them in their tracks!
     861    if ( is_a( $user, 'WP_User' ) && ( ( is_multisite() && (int) $user->spam ) || 1 == $user->user_status ) )
    862862        return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Your account has been marked as a spammer.', 'buddypress' ) );
    863     else
    864         return $auth_obj;
    865 }
    866 add_filter( 'authenticate', 'bp_core_boot_spammer', 30, 2 );
     863
     864    // user is good to go!
     865    return $user;
     866}
     867add_filter( 'authenticate', 'bp_core_boot_spammer', 30 );
    867868
    868869/**
     
    12721273}
    12731274
    1274 // Stop user accounts logging in that have not been activated (user_status = 2)
    1275 function bp_core_signup_disable_inactive( $auth_obj, $username ) {
    1276     global $wpdb;
    1277 
    1278     if ( !$user_id = bp_core_get_userid( $username ) )
    1279         return $auth_obj;
    1280 
    1281     $user_status = (int) $wpdb->get_var( $wpdb->prepare( "SELECT user_status FROM $wpdb->users WHERE ID = %d", $user_id ) );
    1282 
    1283     if ( 2 == $user_status )
     1275/**
     1276 * Stop user accounts logging in that have not been activated yet (user_status = 2).
     1277 *
     1278 * Note: This is only applicable for single site WordPress installs.
     1279 * Multisite has their own DB table - 'wp_signups' - dedicated for unactivated users.
     1280 * See {@link wpmu_signup_user()} and {@link wpmu_validate_user_signup()}.
     1281 *
     1282 * @param obj $user Either the WP_User object or the WP_Error object
     1283 * @return obj If the user is not a spammer, return the WP_User object. Otherwise a new WP_Error object.
     1284 *
     1285 * @since 1.2.2
     1286 */
     1287function bp_core_signup_disable_inactive( $user ) {
     1288    // check to see if the $user has already failed logging in, if so return $user as-is
     1289    if ( is_wp_error( $user ) || empty( $user ) )
     1290        return $user;
     1291
     1292    // the user exists; now do a check to see if the user has activated their account or not
     1293    // NOTE: this is only applicable for single site WordPress installs!
     1294    // if unactivated, stop the login now!
     1295    if ( is_a( $user, 'WP_User' ) && 2 == $user->user_status )
    12841296        return new WP_Error( 'bp_account_not_activated', __( '<strong>ERROR</strong>: Your account has not been activated. Check your email for the activation link.', 'buddypress' ) );
    1285     else
    1286         return $auth_obj;
    1287 }
    1288 add_filter( 'authenticate', 'bp_core_signup_disable_inactive', 30, 2 );
    1289 
    1290 // Kill the wp-signup.php if custom registration signup templates are present
     1297
     1298    // user has activated their account! all clear!
     1299    return $user;
     1300}
     1301add_filter( 'authenticate', 'bp_core_signup_disable_inactive', 30 );
     1302
     1303/**
     1304 * Kill the wp-signup.php if custom registration signup templates are present
     1305 */
    12911306function bp_core_wpsignup_redirect() {
    12921307    $action = !empty( $_GET['action'] ) ? $_GET['action'] : '';
Note: See TracChangeset for help on using the changeset viewer.