core/um-form.php

<?php

class UM_Form {

	public $form_suffix;

	function __construct() {

		$this->post_form = null;

		$this->form_suffix = null;

		$this->errors = null;

		$this->processing = null;

		add_action('init', array(&$this, 'form_init'), 2);

		add_action('init', array(&$this, 'field_declare'), 10);

	}

	/***
	***	@add errors
	***/
	function add_error( $key, $error ) {
		if ( !isset( $this->errors[$key] ) ){
			$this->errors[$key] = $error;
		}
	}

	/***
	***	@has error
	***/
	function has_error( $key ) {
		if ( isset($this->errors[$key]) )
			return true;
		return false;
	}

	/***
	***	@declare all fields
	***/
	function field_declare(){
		global $ultimatemember;
		if ( isset( $ultimatemember->builtin->custom_fields ) ) {
			$this->all_fields = $ultimatemember->builtin->custom_fields;
		} else {
			$this->all_fields = null;
		}
	}

	/***
	***	@Checks that we've a form
	***/
	function form_init(){
		global $ultimatemember;

		if ( isset( $_SERVER['REQUEST_METHOD'] ) ) {
			$http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
		} else {
			$http_post = 'POST';
		}


		if ( $http_post && !is_admin() && isset( $_POST['form_id'] ) && is_numeric($_POST['form_id']) ) {

			$this->form_id = $_POST['form_id'];
			$this->form_status = get_post_status( $this->form_id );
			

			if ( $this->form_status == 'publish' ) {

				/* save entire form as global */
				$this->post_form = $_POST;

				$this->post_form = $this->beautify( $this->post_form );

				$this->form_data = $ultimatemember->query->post_data( $this->form_id );
				
				$this->post_form['submitted'] = $this->post_form;

				$this->post_form = array_merge( $this->form_data, $this->post_form );
				
				$role = $this->assigned_role( $this->form_id );

				if( $role && isset( $this->form_data['custom_fields'] ) && ! strstr( $this->form_data['custom_fields'], 'role_' ) ){ // has assigned role.  Validate non-global forms
					if ( isset( $this->form_data['role'] ) && ( (boolean) $this->form_data['role'] ) && isset(  $_POST['role']  ) && $_POST['role'] != $role ) {
						wp_die( __( 'This is not possible for security reasons.','ultimatemember') );
					} else {
						if ( isset( $_POST['role'] ) ) {
							if ( $role != $_POST['role'] ) {
									wp_die( __( 'This is not possible for security reasons.','ultimatemember') );
							}
						}
					}
				}

				if ( isset( $_POST[ $ultimatemember->honeypot ] ) && $_POST[ $ultimatemember->honeypot ] != '' ){
					wp_die('Hello, spam bot!');
				}

				if ( !in_array( $this->form_data['mode'], array('login') ) ) {

					$form_timestamp  = trim($_POST['timestamp']);
					$live_timestamp  = current_time( 'timestamp' );

					if ( $form_timestamp == '' && um_get_option('enable_timebot') == 1 )
						wp_die( __('Hello, spam bot!') );

					if ( !current_user_can('manage_options') && $live_timestamp - $form_timestamp < 6 && um_get_option('enable_timebot') == 1  )
						wp_die( __('Whoa, slow down! You\'re seeing this message because you tried to submit a form too fast and we think you might be a spam bot. If you are a real human being please wait a few seconds before submitting the form. Thanks!') );

				}

				/* Continue based on form mode - pre-validation */
		
				do_action('um_submit_form_errors_hook', $this->post_form );

				do_action("um_submit_form_{$this->post_form['mode']}", $this->post_form );

			}

		}

	}

	/***
	***	@Beautify form data
	***/
	function beautify( $form ){

		if (isset($form['form_id'])){

			$this->form_suffix = '-' . $form['form_id'];

			$this->processing = $form['form_id'];

			foreach($form as $key => $value){
				if (strstr($key, $this->form_suffix) ) {
					$a_key = str_replace( $this->form_suffix, '', $key);
					$form[$a_key] = $value;
					unset($form[$key]);
				}
			}

		}

		return $form;
	}

	/***
	***	@Display Form Type as Text
	***/
	function display_form_type($mode, $post_id){
		$output = null;
		switch($mode){
			case 'login':
				$output = 'Login';
				break;
			case 'profile':
				$output = 'Profile';
				break;
			case 'register':
				$output = 'Register';
				break;
		}
		return $output;
	}

	function assigned_role( $post_id ){

		$register_use_globals = get_post_meta( $post_id, '_um_register_use_globals', true);
		
		if( $register_use_globals == 1 ){
			$role = um_get_option('default_role');
		}else if( $register_use_globals == 0 ){
			$role = get_post_meta( $post_id, '_um_register_role', true );
		}

		if( ! $role ){
			$role = false;
		}
		return $role;
	}
}
first sync 2014-12-15 22:38:07 +02:00			`<?php`

			`class UM_Form {`

			`public $form_suffix;`
Fix invalid role 2016-01-31 11:31:46 -08:00
first sync 2014-12-15 22:38:07 +02:00			`function __construct() {`
Fix invalid role 2016-01-31 11:31:46 -08:00
first sync 2014-12-15 22:38:07 +02:00			`$this->post_form = null;`

			`$this->form_suffix = null;`
Fix invalid role 2016-01-31 11:31:46 -08:00
first sync 2014-12-15 22:38:07 +02:00			`$this->errors = null;`
Fix invalid role 2016-01-31 11:31:46 -08:00
Update 1.1.6 2015-04-07 20:10:23 +02:00			`$this->processing = null;`
Fix invalid role 2016-01-31 11:31:46 -08:00
Added Login Checks 2014-12-30 20:18:29 +02:00			`add_action('init', array(&$this, 'form_init'), 2);`
Fix invalid role 2016-01-31 11:31:46 -08:00
first sync 2014-12-15 22:38:07 +02:00			`add_action('init', array(&$this, 'field_declare'), 10);`
Fix invalid role 2016-01-31 11:31:46 -08:00
first sync 2014-12-15 22:38:07 +02:00			`}`
Fix invalid role 2016-01-31 11:31:46 -08:00
first sync 2014-12-15 22:38:07 +02:00			`/***`
			`*** @add errors`
			`***/`
			`function add_error( $key, $error ) {`
			`if ( !isset( $this->errors[$key] ) ){`
			`$this->errors[$key] = $error;`
			`}`
			`}`
Fix invalid role 2016-01-31 11:31:46 -08:00
first sync 2014-12-15 22:38:07 +02:00			`/***`
			`*** @has error`
			`***/`
			`function has_error( $key ) {`
			`if ( isset($this->errors[$key]) )`
			`return true;`
			`return false;`
			`}`
Fix invalid role 2016-01-31 11:31:46 -08:00
first sync 2014-12-15 22:38:07 +02:00			`/***`
			`*** @declare all fields`
			`***/`
			`function field_declare(){`
			`global $ultimatemember;`
Fix for cronjobs and WP-CLI issues 2015-12-16 16:44:07 +02:00			`if ( isset( $ultimatemember->builtin->custom_fields ) ) {`
			`$this->all_fields = $ultimatemember->builtin->custom_fields;`
			`} else {`
			`$this->all_fields = null;`
			`}`
first sync 2014-12-15 22:38:07 +02:00			`}`
Fix invalid role 2016-01-31 11:31:46 -08:00
first sync 2014-12-15 22:38:07 +02:00			`/***`
			`*** @Checks that we've a form`
			`***/`
			`function form_init(){`
			`global $ultimatemember;`
Fix invalid role 2016-01-31 11:31:46 -08:00
Update 1.3.29 2015-11-05 19:51:31 +08:00			`if ( isset( $_SERVER['REQUEST_METHOD'] ) ) {`
			`$http_post = ('POST' == $_SERVER['REQUEST_METHOD']);`
			`} else {`
			`$http_post = 'POST';`
			`}`
Fix invalid role 2016-01-31 11:31:46 -08:00
Fix role validation on register submission 2016-02-19 11:32:27 +08:00
Version 1.0.40 2015-02-04 20:31:39 +02:00			`if ( $http_post && !is_admin() && isset( $_POST['form_id'] ) && is_numeric($_POST['form_id']) ) {`
Update 1.2.93 2015-05-05 18:06:39 +03:00
first sync 2014-12-15 22:38:07 +02:00			`$this->form_id = $_POST['form_id'];`
			`$this->form_status = get_post_status( $this->form_id );`
Add braces 2016-03-08 22:50:11 +08:00
Fix invalid role 2016-01-31 11:31:46 -08:00
first sync 2014-12-15 22:38:07 +02:00			`if ( $this->form_status == 'publish' ) {`

			`/* save entire form as global */`
			`$this->post_form = $_POST;`
Fix invalid role 2016-01-31 11:31:46 -08:00
first sync 2014-12-15 22:38:07 +02:00			`$this->post_form = $this->beautify( $this->post_form );`
Added password reset limit and other fixes 2016-01-30 02:18:32 +02:00
first sync 2014-12-15 22:38:07 +02:00			`$this->form_data = $ultimatemember->query->post_data( $this->form_id );`
Fix role validation on register submission 2016-02-19 11:32:27 +08:00
first sync 2014-12-15 22:38:07 +02:00			`$this->post_form['submitted'] = $this->post_form;`
Fix invalid role 2016-01-31 11:31:46 -08:00
first sync 2014-12-15 22:38:07 +02:00			`$this->post_form = array_merge( $this->form_data, $this->post_form );`
Fix role validation on register submission 2016-02-19 11:32:27 +08:00
Fix form role and validation 2016-02-19 19:18:04 +08:00			`$role = $this->assigned_role( $this->form_id );`
Validate roles for forms without custom fields 2016-02-20 16:14:40 +08:00
			`if( $role && isset( $this->form_data['custom_fields'] ) && ! strstr( $this->form_data['custom_fields'], 'role_' ) ){ // has assigned role. Validate non-global forms`
Fix form security validation 2016-02-20 15:47:27 +08:00			`if ( isset( $this->form_data['role'] ) && ( (boolean) $this->form_data['role'] ) && isset( $_POST['role'] ) && $_POST['role'] != $role ) {`
			`wp_die( __( 'This is not possible for security reasons.','ultimatemember') );`
Added password reset limit and other fixes 2016-01-30 02:18:32 +02:00			`} else {`
Validate roles for forms without custom fields 2016-02-20 16:14:40 +08:00			`if ( isset( $_POST['role'] ) ) {`
			`if ( $role != $_POST['role'] ) {`
Fix form security validation 2016-02-20 15:47:27 +08:00			`wp_die( __( 'This is not possible for security reasons.','ultimatemember') );`
Fix php notice 2016-01-30 16:15:05 +02:00			`}`
Added password reset limit and other fixes 2016-01-30 02:18:32 +02:00			`}`
			`}`
			`}`
Validate roles for forms without custom fields 2016-02-20 16:14:40 +08:00
Add braces 2016-03-08 22:50:11 +08:00			`if ( isset( $_POST[ $ultimatemember->honeypot ] ) && $_POST[ $ultimatemember->honeypot ] != '' ){`
first sync 2014-12-15 22:38:07 +02:00			`wp_die('Hello, spam bot!');`
Add braces 2016-03-08 22:50:11 +08:00			`}`
Update 1.2.93 2015-05-05 18:06:39 +03:00
first sync 2014-12-15 22:38:07 +02:00			`if ( !in_array( $this->form_data['mode'], array('login') ) ) {`
Fix invalid role 2016-01-31 11:31:46 -08:00
first sync 2014-12-15 22:38:07 +02:00			`$form_timestamp = trim($_POST['timestamp']);`
Update 1.0.56 2015-02-15 20:31:41 +02:00			`$live_timestamp = current_time( 'timestamp' );`
Fix invalid role 2016-01-31 11:31:46 -08:00
Update 1.0.76 2015-03-07 13:07:49 +02:00			`if ( $form_timestamp == '' && um_get_option('enable_timebot') == 1 )`
first sync 2014-12-15 22:38:07 +02:00			`wp_die( __('Hello, spam bot!') );`

Update 1.2.92 2015-05-02 02:49:05 +03:00			`if ( !current_user_can('manage_options') && $live_timestamp - $form_timestamp < 6 && um_get_option('enable_timebot') == 1 )`
Password reset feature and code changes 2014-12-22 01:45:24 +02:00			`wp_die( __('Whoa, slow down! You\'re seeing this message because you tried to submit a form too fast and we think you might be a spam bot. If you are a real human being please wait a few seconds before submitting the form. Thanks!') );`
first sync 2014-12-15 22:38:07 +02:00
			`}`
Fix invalid role 2016-01-31 11:31:46 -08:00
first sync 2014-12-15 22:38:07 +02:00			`/* Continue based on form mode - pre-validation */`
Add braces 2016-03-08 22:50:11 +08:00
Release 1.0.0 2015-01-18 18:20:34 +02:00			`do_action('um_submit_form_errors_hook', $this->post_form );`
Added Login Checks 2014-12-30 20:18:29 +02:00
Login Process 2014-12-22 15:09:14 +02:00			`do_action("um_submit_form_{$this->post_form['mode']}", $this->post_form );`
first sync 2014-12-15 22:38:07 +02:00
			`}`
Fix invalid role 2016-01-31 11:31:46 -08:00
first sync 2014-12-15 22:38:07 +02:00			`}`

			`}`
Fix invalid role 2016-01-31 11:31:46 -08:00
first sync 2014-12-15 22:38:07 +02:00			`/***`
			`*** @Beautify form data`
			`***/`
			`function beautify( $form ){`
Fix invalid role 2016-01-31 11:31:46 -08:00
first sync 2014-12-15 22:38:07 +02:00			`if (isset($form['form_id'])){`
Fix invalid role 2016-01-31 11:31:46 -08:00
first sync 2014-12-15 22:38:07 +02:00			`$this->form_suffix = '-' . $form['form_id'];`
Fix invalid role 2016-01-31 11:31:46 -08:00
Update 1.1.6 2015-04-07 20:10:23 +02:00			`$this->processing = $form['form_id'];`
Fix invalid role 2016-01-31 11:31:46 -08:00
first sync 2014-12-15 22:38:07 +02:00			`foreach($form as $key => $value){`
			`if (strstr($key, $this->form_suffix) ) {`
			`$a_key = str_replace( $this->form_suffix, '', $key);`
			`$form[$a_key] = $value;`
			`unset($form[$key]);`
			`}`
			`}`
Fix invalid role 2016-01-31 11:31:46 -08:00
first sync 2014-12-15 22:38:07 +02:00			`}`
Fix invalid role 2016-01-31 11:31:46 -08:00
first sync 2014-12-15 22:38:07 +02:00			`return $form;`
			`}`
Fix invalid role 2016-01-31 11:31:46 -08:00
first sync 2014-12-15 22:38:07 +02:00			`/***`
			`*** @Display Form Type as Text`
			`***/`
			`function display_form_type($mode, $post_id){`
			`$output = null;`
			`switch($mode){`
			`case 'login':`
			`$output = 'Login';`
			`break;`
			`case 'profile':`
			`$output = 'Profile';`
			`break;`
			`case 'register':`
			`$output = 'Register';`
			`break;`
			`}`
			`return $output;`
			`}`
Fix invalid role 2016-01-31 11:31:46 -08:00
Fix form role and validation 2016-02-19 19:18:04 +08:00			`function assigned_role( $post_id ){`
Validate roles for forms without custom fields 2016-02-20 16:14:40 +08:00
			`$register_use_globals = get_post_meta( $post_id, '_um_register_use_globals', true);`

			`if( $register_use_globals == 1 ){`
			`$role = um_get_option('default_role');`
			`}else if( $register_use_globals == 0 ){`
			`$role = get_post_meta( $post_id, '_um_register_role', true );`
			`}`
Fix form role and validation 2016-02-19 19:18:04 +08:00
			`if( ! $role ){`
Fix form security validation 2016-02-20 15:47:27 +08:00			`$role = false;`
Fix form role and validation 2016-02-19 19:18:04 +08:00			`}`
			`return $role;`
			`}`
Fix invalid role 2016-01-31 11:31:46 -08:00			`}`