Function Reference: geodir_user_signup
Summary
Handles user Authentication actions Ex. login, register, logout etc.
Global Values
- $errors
- (object) (required) WordPress Error object.
- Default: None
Package
GeoDirectory
Change Log
Since: 1.0.0
1.5.7 It allows login by email also if site is using SSL.
Actions
‘login_form_.$action’ [Line: 458]
Source File
geodir_user_signup() is located in geodirectory-functions/signup_function.php [Line: 421]
Source Code
function geodir_user_signup()
{
global $errors;
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login';
$errors = new WP_Error();
if (isset($_GET['key']))
$action = 'resetpass';
// validate action so as to default to the login screen
if (!in_array($action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login')) && false === has_filter('login_form_' . $action))
$action = 'login';
nocache_headers();
if (defined('RELOCATE')) { // Move flag is set
if (isset($_SERVER['PATH_INFO']) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']))
$_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF']);
$schema = (isset($_SERVER['HTTPS']) && geodir_strtolower($_SERVER['HTTPS']) == 'on') ? 'https://' : 'http://';
if (dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != home_url())
update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']));
}
//Set a cookie now to see if they are supported by the browser.
//setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
if (SITECOOKIEPATH != COOKIEPATH)
setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
/**
* Allow plugins to override the default actions, and to add extra actions if they want on the register/signin page.
*
* Used dynamic hook login_form_$action
*
* @since 1.0.0
*/
do_action('login_form_' . $action);
$http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
switch ($action):
case 'logout' :
//check_admin_referer('log-out');
wp_logout();
$redirect_to = $_SERVER['HTTP_REFERER'];
//$redirect_to = home_url().'/?ptype=login&loggedout=true';
if (isset($_REQUEST['redirect_to']))
$redirect_to = $_REQUEST['redirect_to'];
$redirect_to = home_url();
wp_safe_redirect($redirect_to);
exit();
break;
case 'lostpassword' :
case 'retrievepassword' :
if ($http_post) {
$errors = geodir_retrieve_password();
$error_message = isset($errors->errors['invalid_email'][0]) ? $errors->errors['invalid_email'][0] : '';
if (!is_wp_error($errors)) {
wp_redirect(geodir_login_url(array('checkemail'=>'confirm')));
gd_die();
} else {
wp_redirect(geodir_login_url(array('forgot' => 1, 'emsg'=>'fw')));
gd_die();
}
}
if (isset($_GET['error']) && 'invalidkey' == $_GET['error']) $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.', 'geodirectory'));
/**
* Called in the geodir_user_signup() function during the lostpassword case.
*
* @since 1.0.0
*/
do_action('lost_password');
$message = '' . ENTER_USER_EMAIL_NEW_PW_MSG . '';
$user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : '';
break;
case 'resetpass' :
case 'rp' :
$errors = reset_password($_GET['key'], $_GET['login']);
if (!is_wp_error($errors)) {
wp_redirect(geodir_login_url(array('checkemail'=>'newpass')));
exit();
}
wp_redirect(geodir_login_url(array('error'=>'invalidkey','action'=>'lostpassword')));
exit();
break;
case 'register' :
############################### fix by Stiofan - HebTech.co.uk ### SECURITY FIX ##############################
if (!get_option('users_can_register')) {
wp_redirect(geodir_login_url(array('emsg'=>'regnewusr')));
exit();
}
############################### fix by Stiofan - HebTech.co.uk ### SECURITY FIX ##############################
global $user_email, $user_fname;
$user_login = '';
$user_email = '';
if ($http_post) {
$user_login = $_POST['user_email'];
$user_email = $_POST['user_email'];
$user_fname = $_POST['user_fname'];
$errors = geodir_register_new_user($user_login, $user_email);
/* display error in registration form */
if (is_wp_error($errors)) {
$error_code = $errors->get_error_code();
$error_message = $errors->get_error_message($error_code);
if (!isset($_POST['user_login']) && ($error_code == 'empty_username' || $error_code == 'invalid_username' || $error_code == 'username_exists')) {
if ($error_code == 'empty_username') {
$error_code = 'empty_email';
} else if ($error_code == 'invalid_username') {
$error_code = 'invalid_email';
} else if ($error_code == 'username_exists') {
$error_code = 'email_exists';
}
$error_message = $errors->get_error_message($error_code);
}
global $geodir_signup_error;
$geodir_signup_error = $error_message;
}
if (!is_wp_error($errors)) {
$_POST['log'] = $user_login;
$_POST['pwd'] = $errors[1];
$_POST['testcookie'] = 1;
$secure_cookie = '';
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log'])) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_user_by('email', $user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
$redirect_to = $_REQUEST['redirect_to'];
if (!isset($_REQUEST['redirect_to']) || $_REQUEST['redirect_to'] == '') {
if (isset($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], home_url())) {
$redirect_to = $_SERVER['HTTP_REFERER'];
} else {
$redirect_to = home_url();
}
}
if (isset($_REQUEST['redirect_add_listing']) && $_REQUEST['redirect_add_listing'] != '') {
$redirect_to = $_REQUEST['redirect_add_listing'];
}
if (!$secure_cookie && is_ssl() && force_ssl_admin() && !force_ssl_admin() && (0 !== strpos($redirect_to, 'https')) && (0 === strpos($redirect_to, 'http')))
$secure_cookie = false;
$user = wp_signon('', $secure_cookie);
$requested_redirect_to = isset($_REQUEST['redirect_add_listing']) && $_REQUEST['redirect_add_listing'] != '' ? $_REQUEST['redirect_add_listing'] : (isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '');
/**
* Filter the login redirect URL.
*
* @since 1.4.9
* @param string $redirect_to The redirect destination URL.
* @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
* @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise.
*/
$redirect_to = apply_filters('login_redirect', $redirect_to, $requested_redirect_to, $user);
if (!is_wp_error($user)) {
wp_safe_redirect($redirect_to);
exit();
}
exit();
}
}
break;
case 'login' :
default:
$secure_cookie = '';
if (!empty($_POST['log'])) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_user_by('login', $user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
} elseif ($user = get_user_by('email', $user_name)) {
$_POST['log'] = $user->user_login; // If signing in by email, set the username for normal WP login
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
///////////////////////////
if (isset($_REQUEST['redirect_add_listing'])) {
$_REQUEST['redirect_to'] = $_REQUEST['redirect_add_listing'];
}
if (!isset($_REQUEST['redirect_to']) || $_REQUEST['redirect_to'] == '') {
if (is_user_logged_in()) :
$user_ID = !empty($user->ID) ? $user->ID : get_current_user_id();
$post_types = geodir_get_posttypes();
if ( !empty( $_REQUEST['stype'] ) ) {
$dashboard_post_type = sanitize_text_field($_REQUEST['stype']);
} else {
$user_listings = geodir_user_post_listing_count( $user_ID );
if ( !empty( $user_listings ) && $dashboard_post_types = array_keys( $user_listings ) ) {
$dashboard_post_type = $dashboard_post_types[0];
}
}
if ( !( !empty( $dashboard_post_type ) && in_array( $dashboard_post_type, $post_types ) ) ) {
$dashboard_post_type = $post_types[0];
}
$author_link = get_author_posts_url($user_ID);
$default_author_link = geodir_getlink($author_link, array('geodir_dashbord' => 'true', 'stype' => $dashboard_post_type), false);
/**
* Filter the author link.
*
* @since 1.0.0
*
* @param string $default_author_link Default author link.
* @param int $user_ID The user ID.
*/
$default_author_link = apply_filters('geodir_dashboard_author_link', $default_author_link, $user_ID);
$_REQUEST['redirect_to'] = $default_author_link;
else:
$_REQUEST['redirect_to'] = home_url();
endif;
}
if (isset($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin'))
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
} else {
$redirect_to = admin_url();
}
if (!$secure_cookie && is_ssl() && force_ssl_admin() && !force_ssl_admin() && (0 !== strpos($redirect_to, 'https')) && (0 === strpos($redirect_to, 'http')))
$secure_cookie = false;
$user = wp_signon('', $secure_cookie);
/**
* Filter the login redirect URL.
*
* @since 1.4.9
* @param string $redirect_to The redirect destination URL.
* @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise.
*/
$redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
if (is_wp_error($user)) {
if (isset($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], 'ptype=property_submit') && $_POST['log'] != '' && $_POST['pwd'] != '') {
wp_redirect($_SERVER['HTTP_REFERER'] . '&emsg=1');
}
}
if (!is_wp_error($user)) {
// Some servers are not logging the user in properly after wp_signon, se we set the user here.
//wp_set_current_user($user->ID);
//echo '###';exit;
if ($redirect_to) {
wp_redirect($redirect_to);
} else {
wp_redirect(home_url());
}
gd_die();
}
$errors = $user;
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout']))
$errors = new WP_Error();
// If cookies are disabled we can't log in even with a valid user+pass
if (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]))
$errors->add('test_cookie', __("ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.", 'geodirectory'));
// Some parts of this script use the main login form to display a message
if (isset($_GET['loggedout']) && TRUE == $_GET['loggedout']) {
$successmsg = '' . YOU_ARE_LOGED_OUT_MSG . '';
} elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
$successmsg = USER_REG_NOT_ALLOW_MSG;
} elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
$successmsg = EMAIL_CONFIRM_LINK_MSG;
} elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail']) {
$successmsg = NEW_PW_EMAIL_MSG;
} elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
$successmsg = REG_COMPLETE_MSG;
}
if ((isset($_POST['log']) && $_POST['log'] != '' && $errors) || ((!isset($_POST['log']) || $_POST['log'] == '') && isset($_REQUEST['testcookie']) && $_REQUEST['testcookie'])) {
if (isset($_REQUEST['pagetype']) && $_REQUEST['pagetype'] != '') {
wp_redirect($_REQUEST['pagetype'] . '&emsg=1');
} else {
wp_redirect(geodir_login_url(array('logemsg'=>'1','redirect_to'=>urlencode($_REQUEST['redirect_to']))));
}
gd_die();
}
break;
endswitch; // end action switch
}