10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1565 from ultimatemember/fix/force_set_status

Browse Source 
Avoid using force set user status (#1564 duplicate)
This commit is contained in:
Mykyta Synelnikov
2024-10-14 12:55:03 +03:00
committed by GitHub
parent c9d2841067 1cbbb70a03
commit 820e7b0c56
19 changed files with 211 additions and 215 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/admin/class-admin.php
+7
View File
@@ -1532,6 +1532,13 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
$sanitized[ $k ] = absint( $v );
}
break;
case 'empty_absint':
if ( is_array( $v ) ) {
$sanitized[ $k ] = array_map( 'absint', $v );
} else {
$sanitized[ $k ] = ( '' !== $v ) ? absint( $v ) : '';
}
break;
case 'key':
if ( is_array( $v ) ) {
$sanitized[ $k ] = array_map( 'sanitize_key', $v );
includes/admin/class-secure.php
+2 -1
View File
@@ -150,6 +150,7 @@ if ( ! class_exists( 'um\admin\Secure' ) ) {
}
// Restore Account Status.
if ( isset( $metadata['account_status'] ) ) {
// Force update of the user status without email notifications.
UM()->common()->users()->set_status( $user_id, $metadata['account_status'] );
}
@@ -327,7 +328,7 @@ if ( ! class_exists( 'um\admin\Secure' ) ) {
if ( 'account_status' === $column_name ) {
um_fetch_user( $user_id );
$is_blocked = um_user( 'um_user_blocked' );
$account_status = um_user( 'account_status' );
$account_status = UM()->common()->users()->get_status( $user_id );
if ( ! empty( $is_blocked ) && in_array( $account_status, array( 'rejected', 'inactive' ), true ) ) {
$datetime = um_user( 'um_user_blocked__timestamp' );
$val .= '<div><small>' . esc_html__( 'Blocked Due to Suspicious Activity', 'ultimate-member' ) . '</small></div>';
includes/admin/core/class-admin-settings.php
+1 -1
View File
@@ -769,7 +769,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
'sanitize' => 'bool',
),
'activation_link_expiry_time' => array(
'sanitize' => 'absint',
'sanitize' => 'empty_absint',
),
'account_tab_password' => array(
'sanitize' => 'bool',
includes/admin/templates/role/register.php
+112 -104
View File
@@ -1,113 +1,121 @@
<?php if ( ! defined( 'ABSPATH' ) ) exit; ?>
<?php
/**
* @var array $object Role object
*/
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
$role_data = $object['data'];
?>
<div class="um-admin-metabox">
<?php $role = $object['data'];
UM()->admin_forms( array(
'class' => 'um-role-register um-half-column',
'prefix_id' => 'role',
'fields' => array(
array(
'id' => '_um_status',
'type' => 'select',
'label' => __( 'Registration Status', 'ultimate-member' ),
'tooltip' => __( 'Select the status you would like this user role to have after they register on your site', 'ultimate-member' ),
'value' => ! empty( $role['_um_status'] ) ? __( $role['_um_status'] , 'ultimate-member' ) : array(),
'options' => array(
'approved' => __( 'Auto Approve', 'ultimate-member' ),
'checkmail' => __( 'Require Email Activation', 'ultimate-member' ),
'pending' => __( 'Require Admin Review', 'ultimate-member' )
<?php
UM()->admin_forms(
array(
'class' => 'um-role-register um-half-column',
'prefix_id' => 'role',
'fields' => array(
array(
'id' => '_um_status',
'type' => 'select',
'label' => __( 'Registration Status', 'ultimate-member' ),
'tooltip' => __( 'Select the status you would like this user role to have after they register on your site', 'ultimate-member' ),
'value' => ! empty( $role_data['_um_status'] ) ? $role_data['_um_status'] : array(),
'options' => array(
'approved' => __( 'Auto Approve', 'ultimate-member' ),
'checkmail' => __( 'Require Email Activation', 'ultimate-member' ),
'pending' => __( 'Require Admin Review', 'ultimate-member' ),
),
),
),
array(
'id' => '_um_auto_approve_act',
'type' => 'select',
'label' => __( 'Action to be taken after registration', 'ultimate-member' ),
'tooltip' => __( 'Select what action is taken after a person registers on your site. Depending on the status you can redirect them to their profile, a custom url or show a custom message', 'ultimate-member' ),
'value' => ! empty( $role['_um_auto_approve_act'] ) ? __( $role['_um_auto_approve_act'], 'ultimate-member' ) : array(),
'options' => array(
'redirect_profile' => __( 'Redirect to profile', 'ultimate-member' ),
'redirect_url' => __( 'Redirect to URL', 'ultimate-member' ),
array(
'id' => '_um_auto_approve_act',
'type' => 'select',
'label' => __( 'Action to be taken after registration', 'ultimate-member' ),
'tooltip' => __( 'Select what action is taken after a person registers on your site. Depending on the status you can redirect them to their profile, a custom url or show a custom message', 'ultimate-member' ),
'value' => ! empty( $role_data['_um_auto_approve_act'] ) ? $role_data['_um_auto_approve_act'] : array(),
'options' => array(
'redirect_profile' => __( 'Redirect to profile', 'ultimate-member' ),
'redirect_url' => __( 'Redirect to URL', 'ultimate-member' ),
),
'conditional' => array( '_um_status', '=', 'approved' ),
),
'conditional' => array( '_um_status', '=', 'approved' )
),
array(
'id' => '_um_auto_approve_url',
'type' => 'text',
'label' => __( 'Set Custom Redirect URL', 'ultimate-member' ),
'value' => ! empty( $role['_um_auto_approve_url'] ) ? __( $role['_um_auto_approve_url'], 'ultimate-member' ) : '',
'conditional' => array( '_um_auto_approve_act', '=', 'redirect_url' )
),
array(
'id' => '_um_login_email_activate',
'type' => 'checkbox',
'label' => __( 'Login user after validating the activation link?', 'ultimate-member' ),
'tooltip' => __( 'Login the user after validating the activation link', 'ultimate-member' ),
'value' => ! empty( $role['_um_login_email_activate'] ) ? __( $role['_um_login_email_activate'], 'ultimate-member' ) : 0,
'conditional' => array( '_um_status', '=', 'checkmail' )
),
array(
'id' => '_um_checkmail_action',
'type' => 'select',
'label' => __( 'Action to be taken after registration', 'ultimate-member' ),
'tooltip' => __( 'Select what action is taken after a person registers on your site. Depending on the status you can redirect them to their profile, a custom url or show a custom message', 'ultimate-member' ),
'value' => ! empty( $role['_um_checkmail_action'] ) ? __( $role['_um_checkmail_action'], 'ultimate-member' ) : array(),
'options' => array(
'show_message' => __( 'Show custom message', 'ultimate-member' ),
'redirect_url' => __( 'Redirect to URL', 'ultimate-member' ),
array(
'id' => '_um_auto_approve_url',
'type' => 'text',
'label' => __( 'Set Custom Redirect URL', 'ultimate-member' ),
'value' => ! empty( $role_data['_um_auto_approve_url'] ) ? $role_data['_um_auto_approve_url'] : '',
'conditional' => array( '_um_auto_approve_act', '=', 'redirect_url' ),
),
'conditional' => array( '_um_status', '=', 'checkmail' )
),
array(
'id' => '_um_checkmail_message',
'type' => 'textarea',
'label' => __( 'Personalize the custom message', 'ultimate-member' ),
'value' => ! empty( $role['_um_checkmail_message'] ) ? __( $role['_um_checkmail_message'], 'ultimate-member' ) : __('Thank you for registering. Before you can login we need you to activate your account by clicking the activation link in the email we just sent you.','ultimate-member'),
'conditional' => array( '_um_checkmail_action', '=', 'show_message' )
),
array(
'id' => '_um_checkmail_url',
'type' => 'text',
'label' => __( 'Set Custom Redirect URL', 'ultimate-member' ),
'value' => ! empty( $role['_um_checkmail_url'] ) ? __( $role['_um_checkmail_url'], 'ultimate-member' ) : '',
'conditional' => array( '_um_checkmail_action', '=', 'redirect_url' )
),
array(
'id' => '_um_url_email_activate',
'type' => 'text',
'label' => __( 'URL redirect after email activation', 'ultimate-member' ),
'tooltip' => __( 'If you want users to go to a specific page other than login page after email activation, enter the URL here.', 'ultimate-member' ),
'value' => ! empty( $role['_um_url_email_activate'] ) ? __( $role['_um_url_email_activate'], 'ultimate-member' ) : '',
'conditional' => array( '_um_status', '=', 'checkmail' ),
),
array(
'id' => '_um_pending_action',
'type' => 'select',
'label' => __( 'Action to be taken after registration', 'ultimate-member' ),
'tooltip' => __( 'Select what action is taken after a person registers on your site. Depending on the status you can redirect them to their profile, a custom url or show a custom message', 'ultimate-member' ),
'value' => ! empty( $role['_um_pending_action'] ) ? __( $role['_um_pending_action'], 'ultimate-member' ) : array(),
'options' => array(
'show_message' => __( 'Show custom message', 'ultimate-member' ),
'redirect_url' => __( 'Redirect to URL', 'ultimate-member' ),
array(
'id' => '_um_checkmail_action',
'type' => 'select',
'label' => __( 'Action to be taken after registration', 'ultimate-member' ),
'tooltip' => __( 'Select what action is taken after a person registers on your site. Depending on the status you can redirect them to their profile, a custom url or show a custom message', 'ultimate-member' ),
'value' => ! empty( $role_data['_um_checkmail_action'] ) ? $role_data['_um_checkmail_action'] : array(),
'options' => array(
'show_message' => __( 'Show custom message', 'ultimate-member' ),
'redirect_url' => __( 'Redirect to URL', 'ultimate-member' ),
),
'conditional' => array( '_um_status', '=', 'checkmail' ),
),
array(
'id' => '_um_checkmail_message',
'type' => 'textarea',
'label' => __( 'Personalize the custom message', 'ultimate-member' ),
'value' => ! empty( $role_data['_um_checkmail_message'] ) ? $role_data['_um_checkmail_message'] : __( 'Thank you for registering. Before you can login we need you to activate your account by clicking the activation link in the email we just sent you.', 'ultimate-member' ),
'conditional' => array( '_um_checkmail_action', '=', 'show_message' ),
),
array(
'id' => '_um_checkmail_url',
'type' => 'text',
'label' => __( 'Set Custom Redirect URL', 'ultimate-member' ),
'value' => ! empty( $role_data['_um_checkmail_url'] ) ? $role_data['_um_checkmail_url'] : '',
'conditional' => array( '_um_checkmail_action', '=', 'redirect_url' ),
),
array(
'id' => '_um_login_email_activate',
'type' => 'checkbox',
'label' => __( 'Login user after validating the activation link?', 'ultimate-member' ),
'tooltip' => __( 'Login the user after validating the activation link', 'ultimate-member' ),
'value' => ! empty( $role_data['_um_login_email_activate'] ) ? $role_data['_um_login_email_activate'] : 0,
'conditional' => array( '_um_status', '=', 'checkmail' ),
),
array(
'id' => '_um_url_email_activate',
'type' => 'text',
'label' => __( 'URL redirect after email activation', 'ultimate-member' ),
'tooltip' => __( 'If you want users to go to a specific page other than login page after email activation, enter the URL here.', 'ultimate-member' ),
'value' => ! empty( $role_data['_um_url_email_activate'] ) ? $role_data['_um_url_email_activate'] : '',
'conditional' => array( '_um_status', '=', 'checkmail' ),
),
array(
'id' => '_um_pending_action',
'type' => 'select',
'label' => __( 'Action to be taken after registration', 'ultimate-member' ),
'tooltip' => __( 'Select what action is taken after a person registers on your site. Depending on the status you can redirect them to their profile, a custom url or show a custom message', 'ultimate-member' ),
'value' => ! empty( $role_data['_um_pending_action'] ) ? $role_data['_um_pending_action'] : array(),
'options' => array(
'show_message' => __( 'Show custom message', 'ultimate-member' ),
'redirect_url' => __( 'Redirect to URL', 'ultimate-member' ),
),
'conditional' => array( '_um_status', '=', 'pending' ),
),
array(
'id' => '_um_pending_message',
'type' => 'textarea',
'label' => __( 'Personalize the custom message', 'ultimate-member' ),
'value' => ! empty( $role_data['_um_pending_message'] ) ? $role_data['_um_pending_message'] : __( 'Thank you for applying for membership to our site. We will review your details and send you an email letting you know whether your application has been successful or not.', 'ultimate-member' ),
'conditional' => array( '_um_pending_action', '=', 'show_message' ),
),
array(
'id' => '_um_pending_url',
'type' => 'text',
'label' => __( 'Set Custom Redirect URL', 'ultimate-member' ),
'conditional' => array( '_um_pending_action', '=', 'redirect_url' ),
'value' => ! empty( $role_data['_um_pending_url'] ) ? $role_data['_um_pending_url'] : '',
),
'conditional' => array( '_um_status', '=', 'pending' )
),
array(
'id' => '_um_pending_message',
'type' => 'textarea',
'label' => __( 'Personalize the custom message', 'ultimate-member' ),
'value' => ! empty( $role['_um_pending_message'] ) ? __( $role['_um_pending_message'], 'ultimate-member' ) : __('Thank you for applying for membership to our site. We will review your details and send you an email letting you know whether your application has been successful or not.','ultimate-member'),
'conditional' => array( '_um_pending_action', '=', 'show_message' )
),
array(
'id' => '_um_pending_url',
'type' => 'text',
'label' => __( 'Set Custom Redirect URL', 'ultimate-member' ),
'conditional' => array( '_um_pending_action', '=', 'redirect_url' ),
'value' => ! empty( $role['_um_pending_url'] ) ? __( $role['_um_pending_url'], 'ultimate-member' ) : '',
),
)
) )->render_form(); ?>
)->render_form();
?>
</div>
includes/common/class-secure.php
+4 -2
View File
@@ -106,7 +106,7 @@ if ( ! class_exists( 'um\common\Secure' ) ) {
$banned_profile_links = '';
foreach ( $user_ids as $uid ) {
um_fetch_user( $uid );
$banned_profile_links .= UM()->user()->get_profile_link( $uid ) . ' ' . um_user( 'account_status' ) . '<br />';
$banned_profile_links .= UM()->user()->get_profile_link( $uid ) . ' ' . UM()->common()->users()->get_status( $uid ) . '<br />';
}
um_reset_user();
@@ -221,18 +221,20 @@ if ( ! class_exists( 'um\common\Secure' ) ) {
'submitted' => ! empty( UM()->form()->post_form ) ? UM()->form()->post_form : '',
'roles' => $user->roles,
'user_agent' => $user_agent,
'account_status' => um_user( 'status' ),
'account_status' => UM()->common()->users()->get_status( $user->ID ),
);
update_user_meta( $user->ID, 'um_user_blocked__metadata', $captured );
$user->remove_all_caps();
$user->update_user_level_from_caps();
// Force update of the user status without email notifications.
if ( is_user_logged_in() ) {
UM()->common()->users()->set_status( $user->ID, 'inactive' );
} else {
UM()->common()->users()->set_status( $user->ID, 'rejected' );
}
um_reset_user();
update_user_meta( $user->ID, 'um_user_blocked', 'suspicious_activity' );
update_user_meta( $user->ID, 'um_user_blocked__timestamp', current_time( 'mysql', true ) );
includes/common/class-users.php
+2
View File
@@ -279,6 +279,8 @@ class Users {
* @param {int} $expiration Expiration timestamp. Since 2.8.7.
*/
do_action( 'um_after_user_hash_is_changed', $user_id, $hash, $expiration );
$this->remove_cache( $user_id ); // Don't remove this line. It's required removing cache duplicate for the force case when re-send activation email.
}
/**
includes/core/class-form.php
+5 -4
View File
@@ -682,6 +682,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
/* Continue based on form mode - store data. */
/**
* Fires for make main actions on UM login, registration or profile form submission.
* Where $mode equals login, registration or profile
*
* Internal Ultimate Member callbacks (Priority -> Callback name -> Excerpt):
* ### um_submit_form_login:
@@ -696,16 +697,16 @@ if ( ! class_exists( 'um\core\Form' ) ) {
* * 10 - `um_submit_form_profile()` Profile form main handler.
*
* @since 1.3.x
* @hook um_submit_form_errors_hook
* @hook um_submit_form_{$mode}
*
* @param {array} $post $_POST Submission array.
* @param {array} $form_data UM form data. Since 2.6.7
*
* @example <caption>Make any custom action.</caption>
* function my_custom_before_submit_form_post( $post, $form_data ) {
* @example <caption>Make any custom action on profile submission.</caption>
* function my_custom_submit_form_profile( $post, $form_data ) {
* // your code here
* }
* add_action( 'um_submit_form_errors_hook', 'my_custom_submit_form_errors_hook', 10, 2 );
* add_action( 'um_submit_form_profile', 'my_custom_submit_form_profile', 10, 2 );
*/
do_action( "um_submit_form_{$this->form_data['mode']}", $this->post_form, $this->form_data );
}
includes/core/class-member-directory.php
+2 -2
View File
@@ -2680,8 +2680,8 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
'card_anchor' => esc_html( substr( md5( $user_id ), 10, 5 ) ),
'id' => absint( $user_id ),
'role' => esc_html( um_user( 'role' ) ),
'account_status' => esc_html( um_user( 'account_status' ) ),
'account_status_name' => esc_html( um_user( 'account_status_name' ) ),
'account_status' => esc_html( UM()->common()->users()->get_status( $user_id ) ),
'account_status_name' => esc_html( UM()->common()->users()->get_status( $user_id, 'formatted' ) ),
'cover_photo' => wp_kses( um_user( 'cover_photo', $this->cover_size ), UM()->get_allowed_html( 'templates' ) ),
'display_name' => esc_html( um_user( 'display_name' ) ),
'profile_url' => esc_url( um_user_profile_url() ),
includes/core/class-permalinks.php
+11 -11
View File
@@ -113,16 +113,24 @@ if ( ! class_exists( 'um\core\Permalinks' ) ) {
isset( $_REQUEST['user_id'] ) && is_numeric( $_REQUEST['user_id'] ) ) { // valid token
$user_id = absint( $_REQUEST['user_id'] );
if ( is_user_logged_in() && get_current_user_id() !== $user_id ) {
// Cannot activate another user account. Please log out and try again.
wp_safe_redirect( um_user_profile_url( get_current_user_id() ) );
exit;
}
delete_option( "um_cache_userdata_{$user_id}" );
$account_secret_hash = get_user_meta( $user_id, 'account_secret_hash', true );
if ( empty( $account_secret_hash ) || strtolower( sanitize_text_field( $_REQUEST['hash'] ) ) !== strtolower( $account_secret_hash ) ) {
wp_die( esc_html__( 'This activation link is expired or have already been used.', 'ultimate-member' ) );
wp_safe_redirect( add_query_arg( 'err', 'activation_link_used', um_get_core_page( 'login' ) ) );
exit;
}
$account_secret_hash_expiry = get_user_meta( $user_id, 'account_secret_hash_expiry', true );
if ( ! empty( $account_secret_hash_expiry ) && time() > $account_secret_hash_expiry ) {
wp_die( esc_html__( 'This activation link is expired.', 'ultimate-member' ) );
wp_safe_redirect( add_query_arg( 'err', 'activation_link_expired', um_get_core_page( 'login' ) ) );
exit;
}
$redirect = um_get_core_page( 'login', 'account_active' );
@@ -141,15 +149,7 @@ if ( ! class_exists( 'um\core\Permalinks' ) ) {
// log in automatically
$login = ! empty( $user_role_data['login_email_activate'] ); // Role setting "Login user after validating the activation link?"
if ( ! is_user_logged_in() && $login ) {
$user = get_userdata( $user_id );
// update wp user
wp_set_current_user( $user_id, $user->user_login );
wp_set_auth_cookie( $user_id );
ob_start();
do_action( 'wp_login', $user->user_login, $user );
ob_end_clean();
UM()->user()->auto_login( $user_id );
}
/**
includes/core/class-user.php
+12 -43
View File
@@ -432,7 +432,7 @@ if ( ! class_exists( 'um\core\User' ) ) {
}
$metakeys = array( 'account_status', 'hide_in_members', 'synced_gravatar_hashed_id', 'synced_profile_photo', 'profile_photo', 'cover_photo', '_um_verified' );
if ( ! in_array( $meta_key, $metakeys ) ) {
if ( ! in_array( $meta_key, $metakeys, true ) ) {
return;
}
@@ -506,7 +506,7 @@ if ( ! class_exists( 'um\core\User' ) ) {
function on_update_usermeta( $meta_id, $object_id, $meta_key, $_meta_value ) {
$metakeys = array( 'account_status', 'hide_in_members', 'synced_gravatar_hashed_id', 'synced_profile_photo', 'profile_photo', 'cover_photo', '_um_verified' );
if ( ! in_array( $meta_key, $metakeys ) ) {
if ( ! in_array( $meta_key, $metakeys, true ) ) {
return;
}
@@ -642,28 +642,22 @@ if ( ! class_exists( 'um\core\User' ) ) {
delete_transient( 'um_count_users_pending_dot' );
}
/**
*
*/
function check_membership() {
public function check_membership() {
if ( ! is_user_logged_in() ) {
return;
}
um_fetch_user( get_current_user_id() );
$status = um_user( 'account_status' );
if ( 'rejected' == $status ) {
if ( UM()->common()->users()->has_status( get_current_user_id(), 'rejected' ) ) {
wp_logout();
session_unset();
exit( wp_redirect( um_get_core_page( 'login' ) ) );
um_safe_redirect( um_get_core_page( 'login' ) );
exit;
}
um_reset_user();
}
/**
* Multisite add existing user
*
@@ -1295,29 +1289,11 @@ if ( ! class_exists( 'um\core\User' ) ) {
$this->usermeta['account_status'][0] = 'approved';
}
if ( $this->usermeta['account_status'][0] == 'approved' ) {
$this->usermeta['account_status_name'][0] = __( 'Approved', 'ultimate-member' );
}
if ( $this->usermeta['account_status'][0] == 'awaiting_email_confirmation' ) {
$this->usermeta['account_status_name'][0] = __( 'Awaiting Email Confirmation', 'ultimate-member' );
}
if ( $this->usermeta['account_status'][0] == 'awaiting_admin_review' ) {
$this->usermeta['account_status_name'][0] = __( 'Pending Review', 'ultimate-member' );
}
if ( $this->usermeta['account_status'][0] == 'rejected' ) {
$this->usermeta['account_status_name'][0] = __( 'Membership Rejected', 'ultimate-member' );
}
if ( $this->usermeta['account_status'][0] == 'inactive' ) {
$this->usermeta['account_status_name'][0] = __( 'Membership Inactive', 'ultimate-member' );
}
$this->usermeta['account_status_name'][0] = UM()->common()->users()->get_status( $this->id, 'formatted' );
// add user meta
foreach ( $this->usermeta as $k => $v ) {
if ( $k == 'display_name' ) {
if ( 'display_name' === $k ) {
continue;
}
$this->profile[ $k ] = $v[0];
@@ -1386,7 +1362,7 @@ if ( ! class_exists( 'um\core\User' ) ) {
<?php UM()->user()->auto_login( 10, true ); ?>
*
*/
function auto_login( $user_id, $rememberme = 0 ) {
public function auto_login( $user_id, $rememberme = 0 ) {
wp_set_current_user( $user_id );
@@ -1619,36 +1595,29 @@ if ( ! class_exists( 'um\core\User' ) ) {
*
* @param bool $send_mail
*/
function delete( $send_mail = true ) {
public function delete( $send_mail = true ) {
$this->send_mail_on_delete = $send_mail;
//don't send email notification to not approved user
if ( 'approved' != um_user( 'account_status' ) ) {
// Don't send email notification to not approved user
if ( ! UM()->common()->users()->has_status( $this->id, 'approved' ) ) {
$this->send_mail_on_delete = false;
}
// remove user
if ( is_multisite() ) {
if ( ! function_exists( 'wpmu_delete_user' ) ) {
require_once ABSPATH . 'wp-admin/includes/ms.php';
}
wpmu_delete_user( $this->id );
} else {
if ( ! function_exists( 'wp_delete_user' ) ) {
require_once ABSPATH . 'wp-admin/includes/user.php';
}
wp_delete_user( $this->id );
}
}
/**
* This method gets a user role in slug format. e.g. member
*
includes/core/rest/class-api-v1.php
+4 -3
View File
@@ -174,7 +174,7 @@ if ( ! class_exists( 'um\core\rest\API_v1' ) ) {
$val->roles = $user->roles;
$val->first_name = um_user( 'first_name' );
$val->last_name = um_user( 'last_name' );
$val->account_status = um_user( 'account_status' );
$val->account_status = UM()->common()->users()->get_status( $user->ID );
$val->profile_pic_original = um_get_user_avatar_url( '', 'original' );
$val->profile_pic_normal = um_get_user_avatar_url( '', 200 );
$val->profile_pic_small = um_get_user_avatar_url( '', 40 );
@@ -239,6 +239,7 @@ if ( ! class_exists( 'um\core\rest\API_v1' ) ) {
switch ( $data ) {
case 'status':
// Force update of the user status without email notifications.
UM()->common()->users()->set_status( $id, $value );
$response['success'] = __( 'User status has been changed.', 'ultimate-member' );
break;
@@ -361,7 +362,7 @@ if ( ! class_exists( 'um\core\rest\API_v1' ) ) {
$response['profile_pic_small'] = um_get_user_avatar_url( '', 40 );
break;
case 'status':
$response['status'] = um_user( 'account_status' );
$response['status'] = UM()->common()->users()->get_status( $user->ID );
break;
case 'role':
//get priority role here
@@ -382,7 +383,7 @@ if ( ! class_exists( 'um\core\rest\API_v1' ) ) {
$val->roles = $user->roles;
$val->first_name = um_user( 'first_name' );
$val->last_name = um_user( 'last_name' );
$val->account_status = um_user( 'account_status' );
$val->account_status = UM()->common()->users()->get_status( $user->ID );
$val->profile_pic_original = um_get_user_avatar_url( '', 'original' );
$val->profile_pic_normal = um_get_user_avatar_url( '', 200 );
$val->profile_pic_small = um_get_user_avatar_url( '', 40 );
includes/core/rest/class-api-v2.php
+4 -3
View File
@@ -173,7 +173,7 @@ if ( ! class_exists( 'um\core\rest\API_v2' ) ) {
$val->roles = $user->roles;
$val->first_name = um_user( 'first_name' );
$val->last_name = um_user( 'last_name' );
$val->account_status = um_user( 'account_status' );
$val->account_status = UM()->common()->users()->get_status( $user->ID );
$val->profile_pic_original = um_get_user_avatar_url( '', 'original' );
$val->profile_pic_normal = um_get_user_avatar_url( '', 200 );
$val->profile_pic_small = um_get_user_avatar_url( '', 40 );
@@ -221,6 +221,7 @@ if ( ! class_exists( 'um\core\rest\API_v2' ) ) {
switch ( $data ) {
case 'status':
// Force update of the user status without email notifications.
UM()->common()->users()->set_status( $id, $value );
$response['success'] = __( 'User status has been changed.', 'ultimate-member' );
break;
@@ -325,7 +326,7 @@ if ( ! class_exists( 'um\core\rest\API_v2' ) ) {
$response['profile_pic_small'] = um_get_user_avatar_url( '', 40 );
break;
case 'status':
$response['status'] = um_user( 'account_status' );
$response['status'] = UM()->common()->users()->get_status( $user->ID );
break;
case 'role':
//get priority role here
@@ -346,7 +347,7 @@ if ( ! class_exists( 'um\core\rest\API_v2' ) ) {
$val->roles = $user->roles;
$val->first_name = um_user( 'first_name' );
$val->last_name = um_user( 'last_name' );
$val->account_status = um_user( 'account_status' );
$val->account_status = UM()->common()->users()->get_status( $user->ID );
$val->profile_pic_original = um_get_user_avatar_url( '', 'original' );
$val->profile_pic_normal = um_get_user_avatar_url( '', 200 );
$val->profile_pic_small = um_get_user_avatar_url( '', 40 );
includes/core/um-actions-access.php
+7 -12
View File
@@ -1,5 +1,7 @@
<?php if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
<?php
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
/**
* Profile Access
@@ -7,18 +9,11 @@
* @param int $user_id
*/
function um_access_profile( $user_id ) {
if ( ! um_is_myprofile() && um_is_core_page( 'user' ) && ! current_user_can( 'edit_users' ) ) {
um_fetch_user( $user_id );
$account_status = um_user( 'account_status' );
if ( ! in_array( $account_status, array( 'approved' ) ) ) {
$account_status = UM()->common()->users()->get_status( $user_id );
if ( 'approved' !== $account_status ) {
um_redirect_home();
}
um_reset_user();
}
}
add_action( 'um_access_profile', 'um_access_profile' );
add_action( 'um_access_profile', 'um_access_profile' );
includes/core/um-actions-login.php
+12 -5
View File
@@ -129,17 +129,15 @@ function um_submit_form_errors_hook_logincheck( $submitted_data, $form_data ) {
wp_logout();
}
$user_id = ( isset( UM()->login()->auth_id ) ) ? UM()->login()->auth_id : '';
um_fetch_user( $user_id );
$user_id = isset( UM()->login()->auth_id ) ? UM()->login()->auth_id : '';
$status = um_user( 'account_status' ); // account status
$status = UM()->common()->users()->get_status( $user_id ); // account status
switch ( $status ) {
// If user can't log in to site...
case 'inactive':
case 'awaiting_admin_review':
case 'awaiting_email_confirmation':
case 'rejected':
um_reset_user();
// Not `um_safe_redirect()` because UM()->permalinks()->get_current_url() is situated on the same host.
wp_safe_redirect( add_query_arg( 'err', esc_attr( $status ), UM()->permalinks()->get_current_url() ) );
exit;
@@ -150,7 +148,6 @@ function um_submit_form_errors_hook_logincheck( $submitted_data, $form_data ) {
wp_safe_redirect( um_get_core_page( 'login' ) );
exit;
}
}
add_action( 'um_submit_form_errors_hook_logincheck', 'um_submit_form_errors_hook_logincheck', 9999, 2 );
@@ -194,6 +191,16 @@ function um_user_login( $submitted_data ) {
// phpcs:disable WordPress.Security.NonceVerification -- already verified here
$rememberme = ( isset( $_REQUEST['rememberme'], $submitted_data['rememberme'] ) && 1 === (int) $submitted_data['rememberme'] ) ? 1 : 0;
$user_id = isset( UM()->login()->auth_id ) ? UM()->login()->auth_id : '';
if ( empty( $user_id ) ) {
// refresh page if the user_id is empty
// Not `um_safe_redirect()` because UM()->permalinks()->get_current_url() is situated on the same host.
wp_safe_redirect( UM()->permalinks()->get_current_url() );
exit;
}
um_fetch_user( $user_id );
// @todo check using the 'deny_admin_frontend_login' option
if ( false !== strrpos( um_user( 'wp_roles' ), 'administrator' ) && ( ! isset( $_GET['provider'] ) && UM()->options()->get( 'deny_admin_frontend_login' ) ) ) {
wp_die( esc_html__( 'This action has been prevented for security measures.', 'ultimate-member' ) );
includes/core/um-actions-misc.php
+6
View File
@@ -176,6 +176,12 @@ function um_add_update_notice( $args ) {
case 'invalid_nonce':
$err = __( 'An error has been encountered. Probably page was cached. Please try again.', 'ultimate-member' );
break;
case 'activation_link_used':
$err = __( 'This activation link is expired or have already been used.', 'ultimate-member' );
break;
case 'activation_link_expired':
$err = __( 'This activation link is expired.', 'ultimate-member' );
break;
}
}
// phpcs:enable WordPress.Security.NonceVerification -- used for echo and already verified here.
includes/core/um-actions-profile.php
+2 -2
View File
@@ -1318,11 +1318,11 @@ function um_profile_header( $args ) {
}
?>
<div class="um-profile-status <?php echo esc_attr( um_user( 'account_status' ) ); ?>">
<div class="um-profile-status <?php echo esc_attr( UM()->common()->users()->get_status( um_user( 'ID' ) ) ); ?>">
<span>
<?php
// translators: %s: profile status.
echo esc_html( sprintf( __( 'This user account status is %s', 'ultimate-member' ), um_user( 'account_status_name' ) ) );
echo esc_html( sprintf( __( 'This user account status is %s', 'ultimate-member' ), UM()->common()->users()->get_status( um_user( 'ID' ), 'formatted' ) ) );
?>
</span>
</div>
includes/core/um-actions-register.php
+11 -19
View File
@@ -58,15 +58,6 @@ function um_after_insert_user( $user_id, $args, $form_data = null ) {
UM()->user()->set_registration_details( $args['submitted'], $args, $form_data );
}
// Set user status.
$status = um_user( 'status' );
if ( empty( $status ) ) {
um_fetch_user( $user_id );
$status = um_user( 'status' );
}
UM()->common()->users()->set_status( $user_id, $status );
// Create user uploads directory.
UM()->uploader()->get_upload_user_base_dir( $user_id, true );
@@ -123,11 +114,12 @@ add_action( 'um_user_register', 'um_after_insert_user', 1, 3 );
*/
function um_send_registration_notification( $user_id ) {
um_fetch_user( $user_id );
$registration_status = um_user( 'status' );
$emails = um_multi_admin_email();
if ( ! empty( $emails ) ) {
foreach ( $emails as $email ) {
if ( 'pending' !== um_user( 'account_status' ) ) {
if ( 'pending' !== $registration_status ) {
UM()->mail()->send( $email, 'notification_new_user', array( 'admin' => true ) );
} else {
UM()->mail()->send( $email, 'notification_review', array( 'admin' => true ) );
@@ -145,7 +137,7 @@ add_action( 'um_registration_complete', 'um_send_registration_notification' );
* @param null|array $form_data
*/
function um_check_user_status( $user_id, $args, $form_data = null ) {
$status = um_user( 'account_status' );
$registration_status = um_user( 'status' );
/**
* Fires after complete UM user registration.
* Where $status can be equal to 'approved', 'checkmail' or 'pending'.
@@ -175,7 +167,7 @@ function um_check_user_status( $user_id, $args, $form_data = null ) {
* }
* add_action( 'um_post_registration_pending_hook', 'my_um_post_registration', 10, 3 );
*/
do_action( "um_post_registration_{$status}_hook", $user_id, $args, $form_data );
do_action( "um_post_registration_{$registration_status}_hook", $user_id, $args, $form_data );
if ( is_null( $form_data ) || is_admin() ) {
return;
@@ -210,9 +202,9 @@ function um_check_user_status( $user_id, $args, $form_data = null ) {
* }
* add_action( 'track_pending_user_registration', 'my_um_post_registration', 10, 3 );
*/
do_action( "track_{$status}_user_registration", $user_id, $args, $form_data );
do_action( "track_{$registration_status}_user_registration", $user_id, $args, $form_data );
if ( 'approved' === $status ) {
if ( 'approved' === $registration_status ) {
// Check if user is logged in because there can be the customized way when through 'um_registration_for_loggedin_users' hook the registration is enabled for the logged-in users (e.g. Administrator).
if ( ! is_user_logged_in() ) {
// Custom way if 'um_registration_for_loggedin_users' hook after custom callbacks returns true. Then don't make auto-login because user is already logged-in.
@@ -255,7 +247,7 @@ function um_check_user_status( $user_id, $args, $form_data = null ) {
} else {
um_fetch_user( $user_id ); // required because there can be empty um_user.
if ( 'redirect_url' === um_user( $status . '_action' ) && '' !== um_user( $status . '_url' ) ) {
if ( 'redirect_url' === um_user( $registration_status . '_action' ) && '' !== um_user( $registration_status . '_url' ) ) {
/**
* Filters the redirect URL for pending user after registration.
*
@@ -275,13 +267,13 @@ function um_check_user_status( $user_id, $args, $form_data = null ) {
* }
* add_filter( 'um_registration_pending_user_redirect', 'my_registration_pending_user_redirect', 10, 3 );
*/
$redirect_url = apply_filters( 'um_registration_pending_user_redirect', um_user( $status . '_url' ), $status, um_user( 'ID' ) );
$redirect_url = apply_filters( 'um_registration_pending_user_redirect', um_user( $registration_status . '_url' ), $registration_status, $user_id );
um_safe_redirect( $redirect_url );
}
if ( 'show_message' === um_user( $status . '_action' ) && '' !== um_user( $status . '_message' ) ) {
if ( 'show_message' === um_user( $registration_status . '_action' ) && '' !== um_user( $registration_status . '_message' ) ) {
$url = UM()->permalinks()->get_current_url();
$url = add_query_arg( 'message', esc_attr( $status ), $url );
$url = add_query_arg( 'message', esc_attr( $registration_status ), $url );
// Add only priority role to URL.
$url = add_query_arg( 'um_role', esc_attr( um_user( 'role' ) ), $url );
$url = add_query_arg( 'um_form_id', esc_attr( $form_data['form_id'] ), $url );
@@ -305,7 +297,7 @@ function um_check_user_status( $user_id, $args, $form_data = null ) {
* }
* add_filter( 'um_registration_show_message_redirect_url', 'my_um_registration_show_message_redirect_url', 10, 4 );
*/
$url = apply_filters( 'um_registration_show_message_redirect_url', $url, $status, um_user( 'ID' ), $form_data );
$url = apply_filters( 'um_registration_show_message_redirect_url', $url, $registration_status, $user_id, $form_data );
// Not `um_safe_redirect()` because UM()->permalinks()->get_current_url() is situated on the same host.
wp_safe_redirect( $url );
exit;
includes/core/um-filters-login.php
+1 -2
View File
@@ -66,8 +66,7 @@ function um_wp_form_errors_hook_logincheck( $user ) {
}
if ( isset( $user->ID ) ) {
um_fetch_user( $user->ID );
$status = um_user( 'account_status' );
$status = UM()->common()->users()->get_status( $user->ID );
$error = null;
switch ( $status ) {
includes/frontend/class-secure.php
+6 -1
View File
@@ -142,7 +142,12 @@ if ( ! class_exists( 'um\frontend\Secure' ) ) {
*/
public function login_validate_expired_pass() {
if ( UM()->options()->get( 'display_login_form_notice' ) ) {
$expired_password_reset = get_user_meta( um_user( 'ID' ), 'um_secure_has_reset_password', true );
$user_id = isset( UM()->login()->auth_id ) ? UM()->login()->auth_id : '';
if ( empty( $user_id ) ) {
return;
}
$expired_password_reset = get_user_meta( $user_id, 'um_secure_has_reset_password', true );
if ( ! $expired_password_reset ) {
$login_url = add_query_arg( 'notice', 'expired_password', um_get_core_page( 'login' ) );
// Not `um_safe_redirect()` because predefined login page is situated on the same host.