Server IP : 172.67.157.199 / Your IP : 18.216.142.2 [ Web Server : Apache System : Linux b70eb322-3aee-0c53-7c82-0db91281f2c6.secureserver.net 6.1.90-1.el9.elrepo.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 2 12:09:22 EDT 2024 x86_64 User : root ( 0) PHP Version : 8.0.30.2 Disable Function : NONE Domains : 0 Domains MySQL : ON | cURL : ON | WGET : ON | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /var/chroot/var/www/wp-content/plugins/profile-builder/front-end/ |
Upload File : |
<?php if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly add_action( 'init', 'wppb_process_login' ); function wppb_process_login(){ if( !isset($_REQUEST['wppb_login']) ) return; do_action( 'login_init' ); do_action( "login_form_login" ); do_action( 'wppb_process_login_start' ); if( !isset( $_POST['CSRFToken-wppb'] ) || ! wp_verify_nonce( sanitize_text_field( $_POST['CSRFToken-wppb'] ), 'wppb_login' ) ) return; $secure_cookie = ''; // If the user wants ssl but the session is not ssl, force a secure cookie. if ( !empty($_POST['log']) && !force_ssl_admin() ) { $user_name = sanitize_user($_POST['log']); $user = get_user_by( 'login', $user_name ); if ( ! $user && strpos( $user_name, '@' ) ) { $user = get_user_by( 'email', $user_name ); } if ( $user ) { if ( get_user_option('use_ssl', $user->ID) ) { $secure_cookie = true; force_ssl_admin(true); } } } if ( isset( $_REQUEST['redirect_to'] ) ) { $redirect_to = esc_url_raw( $_REQUEST['redirect_to'] ); } $user = wp_signon( array(), $secure_cookie ); if ( empty( $_COOKIE[ LOGGED_IN_COOKIE ] ) ) { if ( headers_sent() ) { /* translators: 1: Browser cookie documentation URL, 2: Support forums URL */ $user = new WP_Error( 'test_cookie', sprintf( __( '<strong>ERROR:</strong> Cookies are blocked due to unexpected output. For help, please see <a href="%1$s">this documentation</a> or try the <a href="%2$s">support forums</a>.', 'profile-builder' ), 'https://codex.wordpress.org/Cookies', 'https://wordpress.org/support/' ) ); } } $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw( $_REQUEST['redirect_to'] ) : ''; /** * Filters the login redirect URL. */ $redirect_to = apply_filters( 'login_redirect', $redirect_to, $requested_redirect_to, $user ); do_action( 'wppb_process_login_end' ); if ( !is_wp_error($user) ) { if ( $redirect_to == 'wp-admin/' || $redirect_to == admin_url() ) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if ( is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin( $user->ID ) ) $redirect_to = user_admin_url(); elseif ( is_multisite() && !$user->has_cap('read') ) $redirect_to = get_dashboard_url( $user->ID ); elseif ( !$user->has_cap('edit_posts') ) $redirect_to = $user->has_cap( 'read' ) ? admin_url( 'profile.php' ) : home_url(); wp_redirect( $redirect_to ); exit(); } wp_safe_redirect($redirect_to); exit(); } else{ wp_safe_redirect($redirect_to); exit(); } } /** * Provides a simple login form * * The login format HTML is echoed by default. Pass a false value for `$echo` to return it instead. * * @param array $args { * Optional. Array of options to control the form output. Default empty array. * * @type bool $echo Whether to display the login form or return the form HTML code. * Default true (echo). * @type string $redirect URL to redirect to. Must be absolute, as in "https://example.com/mypage/". * Default is to redirect back to the request URI. * @type string $form_id ID attribute value for the form. Default 'loginform'. * @type string $label_username Label for the username or email address field. Default 'Username or Email Address'. * @type string $label_username Label for the username or email address field. Default 'Username or Email Address'. * @type string $login_username_input_type Type of input field for the username or email address. * @type string $label_remember Label for the remember field. Default 'Remember Me'. * @type string $label_log_in Label for the submit button. Default 'Log In'. * @type string $id_username ID attribute value for the username field. Default 'user_login'. * @type string $id_password ID attribute value for the password field. Default 'user_pass'. * @type string $id_remember ID attribute value for the remember field. Default 'rememberme'. * @type string $id_submit ID attribute value for the submit button. Default 'wp-submit'. * @type bool $remember Whether to display the "rememberme" checkbox in the form. * @type string $value_username Default value for the username field. Default empty. * @type bool $value_remember Whether the "Remember Me" checkbox should be checked by default. * Default false (unchecked). * * } * @return string|void String when retrieving. */ function wppb_login_form( $args = array() ) { $default_redirect = ''; if( isset( $_SERVER['HTTP_HOST'] ) && isset( $_SERVER['REQUEST_URI'] ) ) $default_redirect = esc_url_raw( ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); $defaults = array( 'echo' => true, // Default 'redirect' value takes the user back to the request URI. 'redirect' => $default_redirect, 'form_id' => 'wppb-loginform', 'label_username' => __( 'Username or Email Address', 'profile-builder' ), 'login_username_input_type' => 'text', 'label_password' => __( 'Password', 'profile-builder' ), 'label_remember' => __( 'Remember Me', 'profile-builder' ), 'label_log_in' => __( 'Log In', 'profile-builder' ), 'id_username' => 'user_login', 'id_password' => 'user_pass', 'id_remember' => 'rememberme', 'id_submit' => 'wp-submit', 'remember' => true, 'value_username' => '', // Set 'value_remember' to true to default the "Remember me" checkbox to checked. 'value_remember' => false, ); /** * Filters the default login form output arguments. */ $args = wp_parse_args( $args, apply_filters( 'login_form_defaults', $defaults ) ); /** * Filters content to display at the top of the login form. */ $login_form_top = apply_filters( 'login_form_top', '', $args ); /** * Filters content to display in the middle of the login form. */ $login_form_middle = apply_filters( 'login_form_middle', '', $args ); /** * Filters content to display at the bottom of the login form. */ $login_form_bottom = apply_filters( 'login_form_bottom', '', $args ); if( in_the_loop() ) $form_location = 'page'; else $form_location = 'widget'; // if an error is being shown pass the original referer forward if( isset( $_GET['wppb_referer_url'] ) ){ $wppb_referer_url = esc_url_raw ( $_GET['wppb_referer_url'] ); } else { $wppb_referer_url = esc_url_raw ( isset( $_SERVER['HTTP_REFERER'] ) ? $_SERVER['HTTP_REFERER'] : '' ); } $form = ' <form name="' . $args['form_id'] . '" id="' . $args['form_id'] . '" action="'. esc_url( wppb_curpageurl() ) .'" method="post"> ' . $login_form_top . ' <p class="wppb-form-field login-username'. apply_filters( 'wppb_login_field_extra_css_class', '', $args['id_username']) .'"> <label for="' . esc_attr( $args['id_username'] ) . '">' . esc_html( $args['label_username'] ) . '</label> <input type="' . esc_attr( $args['login_username_input_type'] ) . '" name="log" id="' . esc_attr( $args['id_username'] ) . '" class="input" value="' . esc_attr( $args['value_username'] ) . '" size="20" /> </p> <p class="wppb-form-field login-password'. apply_filters( 'wppb_login_field_extra_css_class', '', $args['id_password']) .'"> <label for="' . esc_attr( $args['id_password'] ) . '">' . esc_html( $args['label_password'] ) . '</label> <input type="password" name="pwd" id="' . esc_attr( $args['id_password'] ) . '" class="input" value="" size="20" '. apply_filters( 'wppb_login_password_extra_attributes', '' ) .'/>'; /* add the HTML for the visibility toggle */ $form .= wppb_password_visibility_toggle_html(); $form .=' </p> ' . $login_form_middle . ' ' . ( $args['remember'] ? '<p class="wppb-form-field login-remember"><input name="rememberme" type="checkbox" id="' . esc_attr( $args['id_remember'] ) . '" value="forever"' . ( $args['value_remember'] ? ' checked="checked"' : '' ) . ' /><label for="' . esc_attr( $args['id_remember'] ) . '">' . esc_html( $args['label_remember'] ) . '</label></p>' : '' ) . ' <p class="login-submit"> <input type="submit" name="wp-submit" id="' . esc_attr( $args['id_submit'] ) . '" class="'. esc_attr( apply_filters( 'wppb_login_submit_class', "button button-primary" ) ) . '" value="' . esc_attr( $args['label_log_in'] ) . '" /> <input type="hidden" name="redirect_to" value="' . esc_url( $args['redirect'] ) . '" /> </p> <input type="hidden" name="wppb_login" value="true"/> <input type="hidden" name="wppb_form_location" value="'. esc_attr( $form_location ) .'"/> <input type="hidden" name="wppb_request_url" value="'. esc_url( wppb_curpageurl() ).'"/> <input type="hidden" name="wppb_lostpassword_url" value="'.esc_url( $args['lostpassword_url'] ).'"/> <input type="hidden" name="wppb_redirect_priority" value="'. esc_attr( isset( $args['redirect_priority'] ) ? $args['redirect_priority'] : '' ) .'"/> <input type="hidden" name="wppb_referer_url" value="'. esc_url( $wppb_referer_url ) .'"/> '. wp_nonce_field( 'wppb_login', 'CSRFToken-wppb', true, false ) .' <input type="hidden" name="wppb_redirect_check" value="true"/> ' . $login_form_bottom . ' </form>'; if ( $args['echo'] ) echo $form; /* phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped */ /* escaped above */ else return $form; } // when email login is enabled we need to change the post data for the username function wppb_change_login_with_email(){ if( !empty( $_POST['log'] ) ){ // only do this for our form if( isset( $_POST['wppb_login'] ) ){ global $wpdb, $_POST, $wp_version; // apply filter to allow stripping slashes if necessary $_POST['log'] = apply_filters( 'wppb_before_processing_email_from_forms', sanitize_text_field( $_POST['log'] ) ); /* since version 4.5 there is in the core the option to login with email so we don't need the bellow code but for backward compatibility we will keep it */ if( version_compare( $wp_version, '4.5.0' ) >= 0 && apply_filters( 'wppb_allow_login_with_username_when_is_set_to_email', false ) ) return; $wppb_generalSettings = get_option( 'wppb_general_settings' ); // if this setting is active, the posted username is, in fact the user's email if( isset( $wppb_generalSettings['loginWith'] ) && ( $wppb_generalSettings['loginWith'] == 'email' ) ){ if( !is_email( $_POST['log'] ) && !apply_filters( 'wppb_allow_login_with_username_when_is_set_to_email', false ) ){ $_POST['log'] = 'this_is_an_invalid_email' . time(); } else { $username = $wpdb->get_var($wpdb->prepare("SELECT user_login FROM $wpdb->users WHERE user_email= %s LIMIT 1", sanitize_email($_POST['log']))); if (!empty($username)) $_POST['log'] = $username; else { // if we don't have a username for the email entered we can't have an empty username because we will receive a field empty error $_POST['log'] = 'this_is_an_invalid_email' . time(); } } } // if this setting is active, the posted username is, in fact the user's email or username if( isset( $wppb_generalSettings['loginWith'] ) && ( $wppb_generalSettings['loginWith'] == 'usernameemail' ) ) { if( is_email( $_POST['log'] ) ) { $username = $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM $wpdb->users WHERE user_email= %s LIMIT 1", sanitize_email( $_POST['log'] ) ) ); // the username can have the format of an email address, so if we can't find a user that has an account with the detected email, we set the username as that email if( empty( $username ) ) $username = sanitize_user( $_POST['log'] ); } else { $username = sanitize_user( $_POST['log'] ); } if( !empty( $username ) ) $_POST['log'] = $username; else { // if we don't have a username for the email entered we can't have an empty username because we will receive a field empty error $_POST['log'] = 'this_is_an_invalid_email'.time(); } } } } } add_action( 'login_init', 'wppb_change_login_with_email' ); function wppb_resend_confirmation_email() { if( !isset( $_GET['wppb-action'] ) || $_GET['wppb-action'] != 'resend_email_confirmation' || !isset( $_GET['email'] )) return; $user_email = base64_decode( sanitize_text_field( $_GET['email'] )); $transient_check_key = Wordpress_Creation_Kit_PB::wck_generate_slug( $user_email ); $transient_check = get_transient('wppb_confirmation_email_already_sent_'.$transient_check_key); if ( $transient_check === false ) { if ( !isset( $_GET['_wpnonce'] ) || !wp_verify_nonce(sanitize_text_field( $_GET['_wpnonce'] ), 'wppb_confirmation_url_nonce' )) return; include_once(plugin_dir_path(__FILE__) . '../features/email-confirmation/email-confirmation.php'); if ( file_exists( WPPB_PLUGIN_DIR . '/assets/lib/class-mustache-templates/class-mustache-templates.php' ) ) include_once( WPPB_PLUGIN_DIR . '/assets/lib/class-mustache-templates/class-mustache-templates.php' ); global $wpdb; $sql_result = $wpdb->get_row( $wpdb->prepare("SELECT * FROM " . $wpdb->base_prefix . "signups WHERE user_email = %s", $user_email ), ARRAY_A ); // if the email address exists in wp_signups table, resend Confirmation Email and redirect to display notification if ( $sql_result ) { wppb_signup_user_notification( sanitize_text_field( $sql_result['user_login'] ), sanitize_email( $sql_result['user_email'] ), $sql_result['activation_key'], $sql_result['meta'] ); $transient_key = Wordpress_Creation_Kit_PB::wck_generate_slug( $user_email ); set_transient('wppb_confirmation_email_already_sent_' . $transient_key, true, 900 ); $error_string = '<strong>' . __( 'SUCCESS: ', 'profile-builder') . '</strong>' . sprintf( __( 'Activation email sent to %s', 'profile-builder' ), $user_email ); $wppb_success_message_nonce = wp_create_nonce( 'wppb_login_error_'.$error_string); $current_url = wppb_curpageurl(); $arr_params = array('loginerror' => urlencode(base64_encode($error_string)), '_wpnonce' => $wppb_success_message_nonce, 'request_form_location' => 'page', 'wppb_message_type' => 'success'); $redirect_to = add_query_arg($arr_params, $current_url); wp_safe_redirect($redirect_to); exit(); } } } add_action('init', 'wppb_resend_confirmation_email'); function wppb_change_error_message($error_message) { $wppb_generalSettings = get_option( 'wppb_general_settings' ); if (empty( $wppb_generalSettings['emailConfirmation'] ) || $wppb_generalSettings['emailConfirmation'] !== 'yes') return $error_message; if( isset( $_REQUEST['log'] ) ){ global $wpdb; $check_user = sanitize_text_field( $_REQUEST['log'] ); if ( is_email( $check_user )) $sql_result = $wpdb->get_row( $wpdb->prepare("SELECT * FROM " . $wpdb->base_prefix . "signups WHERE user_email = %s", sanitize_email( $check_user )), ARRAY_A ); else { $sql_result = $wpdb->get_row( $wpdb->prepare("SELECT * FROM " . $wpdb->base_prefix . "signups WHERE user_login = %s", sanitize_user( $check_user )), ARRAY_A ); if ( $sql_result ) $check_user = $sql_result['user_email']; } // if the email address exists in wp_signups table, display message and link to resend Confirmation Email if ( isset($sql_result) ) { $confirmation_url_nonce = wp_create_nonce( 'wppb_confirmation_url_nonce' ); $current_url = strtok( wppb_curpageurl(), '?' ); $arr_params = array('email' => base64_encode( $check_user ), 'wppb-action' => 'resend_email_confirmation', '_wpnonce' => $confirmation_url_nonce); $confirmation_url = add_query_arg($arr_params, $current_url); $error_message = '<strong>' . __('ERROR: ', 'profile-builder') . '</strong>' . sprintf( __( 'You need to confirm your Email Address before logging in! </br>To resend the Confirmation Email %1$sclick here%2$s.', 'profile-builder' ), '<a href="' . esc_url( $confirmation_url ) . '" title="Resend Confirmation Email">', '</a>' ); } } return $error_message; } add_filter('wppb_login_invalid_username_error_message', 'wppb_change_error_message'); /** * Remove email login when username login is selected * inspiration from https://wordpress.org/plugins/no-login-by-email-address/ */ $wppb_generalSettings = get_option( 'wppb_general_settings' ); if( isset( $wppb_generalSettings['loginWith'] ) && ( $wppb_generalSettings['loginWith'] == 'username' ) ) { function wppb_login_username_label() { add_filter('gettext', 'wppb_login_username_label_change', 20, 3); function wppb_login_username_label_change($translated_text, $text, $domain) { if ($text === 'Username or Email') { $translated_text = __( 'Username', 'profile-builder' ); } return $translated_text; } } add_action('login_head', 'wppb_login_username_label'); /** * Filter wp_login_form username default * */ function wppb_change_login_username_label($defaults) { $defaults['label_username'] = __( 'Username', 'profile-builder' ); return $defaults; } add_filter('login_form_defaults', 'wppb_change_login_username_label'); /** * Remove email/password authentication * */ remove_filter('authenticate', 'wp_authenticate_email_password', 20); } // login redirect filter. used to redirect from wp-login.php if it errors out function wppb_login_redirect( $redirect_to, $requested_redirect_to, $user ){ // custom redirect after login on default wp login form if( ! isset( $_POST['wppb_login'] ) && ! is_wp_error( $user ) ) { $original_redirect_to = $redirect_to; // we don't have an error make sure to remove the error from the query arg $redirect_to = remove_query_arg( 'loginerror', $redirect_to ); // CHECK FOR REDIRECT $redirect_to = wppb_get_redirect_url( 'normal', 'after_login', $redirect_to, $user ); $redirect_to = apply_filters( 'wppb_after_login_redirect_url', $redirect_to ); if ( $redirect_to === '' ){ $redirect_to = $original_redirect_to; } } // if login action initialized by our form if( isset( $_POST['wppb_login'] ) ){ if( is_wp_error( $user ) ) { // if we don't have a successful login we must redirect to the url of the form, so make sure this happens if( isset( $_POST['wppb_request_url'] ) ) $redirect_to = esc_url_raw( $_POST['wppb_request_url'] ); if( isset( $_POST['wppb_form_location'] ) ) $request_form_location = sanitize_text_field( $_POST['wppb_form_location'] ); $error_string = $user->get_error_message(); $wppb_generalSettings = get_option('wppb_general_settings'); if (isset($wppb_generalSettings['loginWith'])) { $lost_pass_url = site_url('/wp-login.php?action=lostpassword'); // if the Login shortcode has a lostpassword argument set, give the lost password error link that value if (!empty($_POST['wppb_lostpassword_url'])) { $lost_pass_url = esc_url_raw( $_POST['wppb_lostpassword_url'] ); if ( wppb_check_missing_http( $lost_pass_url ) ) $lost_pass_url = "http://" . $lost_pass_url; } //apply filter to allow changing Lost your Password link $lost_pass_url = apply_filters('wppb_pre_login_url_filter', $lost_pass_url); /* start building the error string */ if( in_array( $user->get_error_code(), array( 'empty_username', 'empty_password', 'invalid_username', 'incorrect_password' ) ) ) $error_string = '<strong>' . __('ERROR: ', 'profile-builder') . '</strong>'; if ( $user->get_error_code() == 'empty_password' ) { $error_string .= __( 'The password field is empty.', 'profile-builder' ) . ' '; } if ($user->get_error_code() == 'incorrect_password') { $error_string .= __('The password you entered is incorrect.', 'profile-builder') . ' '; } if ( $user->get_error_code() == 'empty_username' ) { if ($wppb_generalSettings['loginWith'] == 'email')// if login with email is enabled change the word username with email $error_string .= __('The email field is empty.', 'profile-builder') . ' '; else if( $wppb_generalSettings['loginWith'] == 'usernameemail' )// if login with username and email is enabled change the word username with username or email $error_string .= __('The username/email field is empty', 'profile-builder') . ' '; else $error_string .= __('The username field is empty', 'profile-builder') . ' '; } if ($user->get_error_code() == 'invalid_username') { if ($wppb_generalSettings['loginWith'] == 'email')// if login with email is enabled change the word username with email $error_string .= __('Invalid email.', 'profile-builder') . ' '; else if( $wppb_generalSettings['loginWith'] == 'usernameemail' )// if login with username and email is enabled change the word username with username or email $error_string .= __('Invalid username or email.', 'profile-builder') . ' '; else $error_string .= __('Invalid username.', 'profile-builder') . ' '; $error_string = apply_filters('wppb_login_invalid_username_error_message', $error_string); } if( $user->get_error_code() == 'incorrect_password' || $user->get_error_code() == 'invalid_username' && empty( $message_check = apply_filters('wppb_login_invalid_username_error_message', '' ))) $error_string .= '<a href="' . esc_url( $lost_pass_url ) . '" title="' . __('Password Lost and Found.', 'profile-builder') . '">' . __('Lost your password?', 'profile-builder') . '</a>'; } // if the error string is empty it means that none of the fields were completed if (empty($error_string) || ( in_array( 'empty_username', $user->get_error_codes() ) && in_array( 'empty_password', $user->get_error_codes() ) ) ) { $error_string = '<strong>' . __('ERROR: ', 'profile-builder') . '</strong>' . __('Both fields are empty.', 'profile-builder') . ' '; $error_string = apply_filters('wppb_login_empty_fields_error_message', $error_string); } $error_string = apply_filters('wppb_login_wp_error_message', $error_string, $user); $wppb_error_string_nonce = wp_create_nonce( 'wppb_login_error_'.$error_string ); // encode the error string and send it as a GET parameter if ( isset($_POST['wppb_referer_url']) && $_POST['wppb_referer_url'] !== '' ) { $arr_params = array('loginerror' => urlencode(base64_encode($error_string)), '_wpnonce' => $wppb_error_string_nonce, 'request_form_location' => $request_form_location, 'wppb_referer_url' => urlencode(esc_url_raw( $_POST['wppb_referer_url'] ))); } else { $arr_params = array('loginerror' => urlencode(base64_encode($error_string)), '_wpnonce' => $wppb_error_string_nonce, 'request_form_location' => $request_form_location); } if ($user->get_error_code() == 'wppb_login_auth') { $arr_params['login_auth'] = 'true'; } $redirect_to = add_query_arg($arr_params, $redirect_to); } else{ // we don't have an error make sure to remove the error from the query arg $redirect_to = remove_query_arg( 'loginerror', $redirect_to ); // CHECK FOR REDIRECT if( isset( $_POST['wppb_redirect_priority'] ) ) $redirect_to = wppb_get_redirect_url( sanitize_text_field( $_POST['wppb_redirect_priority'] ), 'after_login', $redirect_to, $user ); $redirect_to = apply_filters( 'wppb_after_login_redirect_url', $redirect_to ); // This should not be empty, if we don't have a redirect, set it to the current page URL if( empty( $redirect_to ) ) $redirect_to = wppb_curpageurl(); } } // if "wppb_message_type = success" is present the message will show up in a green box instead of red if ( isset( $_GET['wppb_message_type'] ) && $_GET['wppb_message_type'] == 'success' ) $redirect_to = remove_query_arg( 'wppb_message_type', $redirect_to ); return $redirect_to; } add_filter( 'login_redirect', 'wppb_login_redirect', 20, 3 ); /* shortcode function */ function wppb_front_end_login( $atts ){ global $wppb_shortcode_on_front; $wppb_shortcode_on_front = true; global $wppb_login_shortcode_on_front; $wppb_login_shortcode_on_front = true; /* define a global so we now we have the shortcode login present */ global $wppb_login_shortcode; $wppb_login_shortcode = true; $atts = shortcode_atts( array( 'display' => true, 'redirect' => '', 'redirect_url' => '', 'logout_redirect_url' => wppb_curpageurl(), 'redirect_priority' => 'normal', 'register_url' => '', 'lostpassword_url' => '', 'show_2fa_field' => '', 'block' => false, 'ajax' => false, ), $atts, 'wppb-login' ); $display = $atts['display']; $redirect = $atts['redirect']; $redirect_url = $atts['redirect_url']; $logout_redirect_url = $atts['logout_redirect_url']; $redirect_priority = $atts['redirect_priority']; $register_url = $atts['register_url']; $lostpassword_url = $atts['lostpassword_url']; $show_2fa_field = $atts['show_2fa_field']; $block = $atts['block']; $ajax = $atts['ajax']; if( defined( 'WPPB_PAID_PLUGIN_DIR' ) && $ajax === 'true' && file_exists( WPPB_PAID_PLUGIN_DIR . '/features/ajax/assets/forms-ajax-validation.js' ) ) wp_enqueue_script('wppb-forms-ajax-validation-script', WPPB_PAID_PLUGIN_URL . 'features/ajax/assets/forms-ajax-validation.js', array('jquery'), PROFILE_BUILDER_VERSION, true); $wppb_generalSettings = get_option('wppb_general_settings'); // check if the form is being displayed in the Elementor editor $is_elementor_edit_mode_or_divi_ajax = false; if( class_exists ( '\Elementor\Plugin' ) ){ $is_elementor_edit_mode_or_divi_ajax = \Elementor\Plugin::$instance->editor->is_edit_mode(); } if ( is_array( $_POST ) && array_key_exists( 'action', $_POST ) && $_POST['action'] === 'wppb_divi_extension_ajax' ) { $is_elementor_edit_mode_or_divi_ajax = true; } if( !is_user_logged_in() || $is_elementor_edit_mode_or_divi_ajax || $block === 'true' ){ // set up the form arguments $form_args = array( 'echo' => false, 'id_submit' => 'wppb-submit' ); // maybe set up the redirect argument if( ! empty( $redirect ) ) { $redirect_url = $redirect; } if ( ! empty( $redirect_url ) ) { if( $redirect_priority == 'top' ) { $form_args['redirect_priority'] = 'top'; } else { $form_args['redirect_priority'] = 'normal'; } $form_args['redirect'] = trim( $redirect_url ); } $form_args['login_username_input_type'] = 'text'; // change the label argument for username is login with email is enabled if ( isset( $wppb_generalSettings['loginWith'] ) && ( $wppb_generalSettings['loginWith'] == 'email' ) ) { $form_args['label_username'] = __('Email', 'profile-builder'); $form_args['login_username_input_type'] = 'email'; } if ( isset( $wppb_generalSettings['loginWith'] ) && ( $wppb_generalSettings['loginWith'] == 'username' ) ) { $form_args['label_username'] = __('Username', 'profile-builder'); } // change the label argument for username on login with username or email when Username and Email is enabled if ( isset( $wppb_generalSettings['loginWith'] ) && ( $wppb_generalSettings['loginWith'] == 'usernameemail' ) ) $form_args['label_username'] = __( 'Username or Email', 'profile-builder' ); // Check if 2fa is required if( class_exists( 'WPPB_Two_Factor_Authenticator' ) ){ $wppb_auth = new WPPB_Two_Factor_Authenticator; $wppb_two_factor_authentication_settings = get_option( 'wppb_two_factor_authentication_settings', 'not_found' ); if ( ( isset( $_GET['login_auth'] ) && $_GET['login_auth'] === 'true' ) || ( ( isset($wppb_two_factor_authentication_settings['enabled']) && $wppb_two_factor_authentication_settings['enabled'] === 'yes' ) && $show_2fa_field === 'yes' ) ){ add_action( 'login_form_middle', array( $wppb_auth, 'auth_code_field') ); } } // initialize our form variable $login_form = ''; // display our login errors if( ( isset( $_GET['loginerror'] ) || isset( $_POST['loginerror'] ) ) && isset( $_GET['_wpnonce'] ) ){ $error_string = urldecode( base64_decode( isset( $_GET['loginerror'] ) ? sanitize_text_field( $_GET['loginerror'] ) : sanitize_text_field( $_POST['loginerror'] ) ) ); if( wp_verify_nonce( sanitize_text_field( $_GET['_wpnonce'] ), 'wppb_login_error_'. $error_string ) ) { if ( isset( $_GET['wppb_message_type'] ) && $_GET['wppb_message_type'] == 'success' ) $message_type = 'wppb-success'; else $message_type = 'wppb-error'; $loginerror = '<p class="'. $message_type .'">' . wp_kses_post(str_replace( '-wppb-plus-', '+', $error_string)) . '</p><!-- .error -->'; if (isset($_GET['request_form_location'])) { if ($_GET['request_form_location'] === 'widget' && !in_the_loop()) { $login_form .= $loginerror; } elseif ($_GET['request_form_location'] === 'page' && in_the_loop()) { $login_form .= $loginerror; } } } } // build our form $login_form .= '<div id="wppb-login-wrap" class="wppb-user-forms">'; if ( empty( $lostpassword_url ) ) $lostpassword_url = ( !empty( $wppb_generalSettings['lost_password_page'] ) ) ? $wppb_generalSettings['lost_password_page'] : ''; $form_args['lostpassword_url'] = $lostpassword_url; $login_form .= wppb_login_form( apply_filters( 'wppb_login_form_args', $form_args ) ); if ((!empty($register_url)) || (!empty($lostpassword_url))) { $login_form .= '<p class="login-register-lost-password">'; $i = 0; if (!empty($register_url)) { if ( wppb_check_missing_http( $register_url ) ) $register_url = "http://" . $register_url; $login_form .= '<a class="login-register" href="' . esc_url($register_url) . '">'. apply_filters('wppb_login_register_text', __('Register','profile-builder')) .'</a>'; $i++; } if (!empty($lostpassword_url)) { if ($i != 0) $login_form .= '<span class="login-separator"> | </span>'; if ( wppb_check_missing_http( $lostpassword_url ) ) $lostpassword_url = "http://" . $lostpassword_url; $login_form .= '<a class="login-lost-password" href="'. esc_url($lostpassword_url) .'">'. apply_filters('wppb_login_lostpass_text', __('Lost your password?','profile-builder')) .'</a>'; } $login_form .= '</p>'; } $login_form .= apply_filters( 'wppb_login_form_bottom', '', $form_args ); $login_form .= '</div>'; return apply_filters('wppb_login_form_before_content_output', $login_form, $form_args); }else{ $user_ID = get_current_user_id(); $wppb_user = get_userdata( $user_ID ); if( isset( $wppb_generalSettings['loginWith'] ) && ( $wppb_generalSettings['loginWith'] == 'email' ) ) $display_name = $wppb_user->user_email; elseif($wppb_user->display_name !== '') $display_name = $wppb_user->user_login; else $display_name = $wppb_user->display_name; if( isset( $wppb_generalSettings['loginWith'] ) && ( $wppb_generalSettings['loginWith'] == 'usernameemail' ) ) if( $wppb_user->user_login == Wordpress_Creation_Kit_PB::wck_generate_slug( trim( $wppb_user->user_email ) ) ) $display_name = $wppb_user->user_email; elseif($wppb_user->display_name !== '') $display_name = $wppb_user->user_login; else $display_name = $wppb_user->display_name; $logged_in_message = '<p class="wppb-alert">'; // CHECK FOR REDIRECT $logout_redirect_url = wppb_get_redirect_url( $redirect_priority, 'after_logout', $logout_redirect_url, $wppb_user ); $logout_redirect_url = apply_filters( 'wppb_after_logout_redirect_url', $logout_redirect_url ); $logout_url = '<a href="'.wp_logout_url( $logout_redirect_url ).'" class="wppb-logout-url" title="'.__( 'Log out of this account', 'profile-builder' ).'">'. __('Log out »','profile-builder').'</a>'; $logged_in_message .= sprintf(__( 'You are currently logged in as %1$s. %2$s', 'profile-builder' ), $display_name, $logout_url ); $logged_in_message .= '</p><!-- .wppb-alert-->'; return apply_filters( 'wppb_login_message', $logged_in_message, $wppb_user->ID, $display_name ); } } function wppb_login_security_check( $user, $password ) { if( apply_filters( 'wppb_enable_csrf_token_login_form', false ) ){ if (isset($_POST['wppb_login'])) { if (!isset($_POST['CSRFToken-wppb']) || !wp_verify_nonce( sanitize_text_field( $_POST['CSRFToken-wppb'] ), 'wppb_login')) { $errorMessage = __('You are not allowed to do this.', 'profile-builder'); return new WP_Error('wppb_login_csrf_token_error', $errorMessage); } } } return $user; } add_filter( 'wp_authenticate_user', 'wppb_login_security_check', 10, 2 ); // include missing scripts needed on Elementor Pages (Form inside an Elementor Popup) function wppb_login_scripts_and_styles() { if ( is_plugin_active('elementor-pro/elementor-pro.php') && defined( 'WPPB_PAID_PLUGIN_URL' ) ) wp_enqueue_script( 'wppb_elementor_popup_script', WPPB_PAID_PLUGIN_URL . 'features/elementor-pro/assets/js/elementor-popup.js', array('jquery') ); } add_action( 'elementor/frontend/after_enqueue_scripts', 'wppb_login_scripts_and_styles' );