Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-2499: class_rm_user_services.php in custom-registration-form-builder-with-submission-manager/tags/5.2.0.4/services – WordPress Plugin Repository

The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.

CVE
#windows#google#js#java#wordpress#php#oauth#auth#ssl

1<?php23/*4 * To change this license header, choose License Headers in Project Properties.5 * To change this template file, choose Tools | Templates6 * and open the template in the editor.7 */89/**10 * Class responsible for User and Roles related operations11 *12 * @author CMSHelplive13 */14class RM_User_Services extends RM_Services15{1617 public $default_user_roles = array('administrator’, 'editor’, 'author’, 'contributor’, ‘subscriber’);1819 public function get_user_roles() {20 $roles = get_editable_roles();21 $role_names = array();22 foreach ($roles as $key => $role) {23 $role_names[$key] = $role[‘name’];24 }25 return $role_names;26 }27 28 public function add_default_form($form=null,$role=null) {29 if(check_ajax_referer(‘rm_ajax_secure’,’rm_sec_nonce’) && current_user_can(‘manage_options’)) {30 $role =isset($_POST[‘role’])? sanitize_text_field($_POST[‘role’]) : null;31 $form =isset($_POST[‘form’])? sanitize_text_field($_POST[‘form’]) : null;32 if(isset($role) && isset($form)) {33 $gopts= new RM_Options;34 $default_forms=array();35 $opt_default_forms=$gopts->get_value_of(‘rm_option_default_forms’);36 $default_forms= maybe_unserialize($opt_default_forms);37 if(defined(‘REGMAGIC_ADDON’)) {38 $def = $default_forms;39 foreach ($def as $key => $val) {40 if ($val == $form) {41 $default_forms[$key] = null;42 }43 }44 }45 if($form == ‘’) {46 $default_forms[$role]=null;47 $opt_default_forms= maybe_serialize($default_forms);48 $gopts->set_value_of('rm_option_default_forms’,$opt_default_forms);49 echo "";50 die;51 } 52 $default_forms[$role]=$form;53 $opt_default_forms= maybe_serialize($default_forms);54 $gopts->set_value_of('rm_option_default_forms’,$opt_default_forms);55 $forms_options=new RM_Forms;56 $forms_options->load_from_db($form);57 $form_name=$forms_options->get_form_name();58 echo esc_html($form_name);59 die;60 }61 }62 echo "";63 die;64 }6566 // This function creates a copy of the role with a different name67 public function create_role($role_name, $display_name, $capability, $additional_data = null) {68 if(defined(‘REGMAGIC_ADDON’)) {69 $addon_service = new RM_User_Services_Addon();70 return $addon_service->create_role($role_name, $display_name, $capability, $this, $additional_data);71 }72 $role = get_role($capability);73 if (add_role($role_name, $display_name, $role->capabilities) !== null)74 return true;75 else76 return false;77 }7879 public function get_roles_by_status() {80 $roles_data = new stdClass();81 $roles = $this->get_user_roles();82 $custom = array();83 $default = array();84 $linked_form = array();85 foreach ($roles as $key => $role) {86 if (in_array($key, $this->default_user_roles)) {87 $default[$key] = $role;88 $linked_form[$key]=$this->get_linked_forms($key);89 } else {90 $custom[$key] = $role;91 $linked_form[$key]=$this->get_linked_forms($key);92 }93 }94 $roles_data->default = $default;95 $roles_data->custom = $custom;96 $roles_data->linked_forms=$linked_form;97 return $roles_data;98 }99 100 public function get_linked_forms($role) {101 $forms= RM_DBManager::get('FORMS’, array(“default_user_role” => $role), array(“%s”));102 $linked_form=array();103 if($forms != null) {104 foreach($forms as $form) {105 $linked_form[$form->form_id] = $form->form_name;106 }107 }108 return $linked_form;109 }110 111 public function delete($users,$reassign=null) {112 if (is_array($users) && !empty($users)) {113 $curr_user = wp_get_current_user();114 if (isset($curr_user->ID))115 $curr_user_id = $curr_user->ID;116 else117 $curr_user_id = null;118 foreach ($users as $id) {119 if ($curr_user_id != $id){120 wp_delete_user($id,$reassign);121 } 122 }123 }124 }125126 public function activate($users) {127 $user_model= new RM_User;128 if (is_array($users) && !empty($users)) {129 foreach ($users as $id) {130 $user_model->activate_user($id);131 }132 }133 }134135 public function notify_users($users, $type) {136 if (is_array($users) && !empty($users)) {137 //$front_form_service = new RM_Front_Form_Service;138 foreach ($users as $id) {139 $user = get_user_by('id’, $id);140 $params = new stdClass;141 $params->email = $user->user_email; 142 $params->sub_id = get_user_meta($id, 'RM_UMETA_SUB_ID’, true);143 $params->form_id = get_user_meta($id, 'RM_UMETA_FORM_ID’, true);144 RM_Email_Service::notify_user_on_activation($params);145 }146 }147 }148 149 public static function send_email_ajax()150 {151 if (current_user_can(‘manage_options’) && check_ajax_referer( 'rm_send_email_user_view’, ‘rm_ajaxnonce’ ))152 {153 $to = sanitize_email($_POST[‘to’]);154 $sub = sanitize_text_field($_POST[‘sub’]);155 $body = wp_kses_post($_POST[‘body’]);156157 RM_Utilities::quick_email($to, $sub, $body);158 }159 wp_die();160 }161162 public function deactivate_user_by_id($user_id) {163 if(defined(‘REGMAGIC_ADDON’)) {164 $addon_service = new RM_User_Services_Addon();165 return $addon_service->deactivate_user_by_id($user_id, $this);166 }167 $user_model= new RM_User;168 $curr_user = wp_get_current_user();169 if (isset($curr_user->ID))170 $curr_user_id = $curr_user->ID;171 else172 $curr_user_id = null;173 if ($curr_user_id != $user_id)174 $user_model->deactivate_user ($user_id);175 }176177 public function activate_user_by_id($user_id)178 {179 $user_model= new RM_User;180 return $user_model->activate_user($user_id);181 }182183 public function deactivate($users) {184 $user_model= new RM_User;185 if (is_array($users) && !empty($users)) {186 $curr_user = wp_get_current_user();187 if (isset($curr_user->ID))188 $curr_user_id = $curr_user->ID;189 else190 $curr_user_id = null;191 foreach ($users as $id) {192 if ($curr_user_id != $id)193 $user_model->deactivate_user($id);194 }195 }196 }197198 public function delete_roles($roles) {199 if(defined(‘REGMAGIC_ADDON’)) {200 $addon_service = new RM_User_Services_Addon();201 return $addon_service->delete_roles($roles, $this);202 }203 if (is_array($roles) && !empty($roles)) {204 foreach ($roles as $name) {205 $users = $this->get_users_by_role($name);206 foreach ($users as $user) {207 $user->add_role(‘subscriber’);208 }209210 remove_role($name);211 }212 }213 }214215 public function get_users_by_role($role_name) {216 $args = array(‘role’ => $role_name);217 $users = get_users($args);218 return $users;219 }220221 public function get_user_count() {222 $result = count_users();223 $total_users = $result[‘total_users’];224 return $total_users;225 }226227 public function get_users($offset = '’, $number = '’, $search_str = '’, $user_status = 'all’, $interval = 'all’, $sort = 'latest’, $user_ids = array(), $fields_to_return = ‘all’) {228 $args = array(‘number’ => $number, ‘offset’ => $offset, ‘include’ => $user_ids, ‘search’ => ‘*’ . $search_str . ‘*’);229230 if(defined(‘REGMAGIC_ADDON’)) {231 $args[‘fields’] = $fields_to_return;232 }233 234 switch ($user_status) {235 case 'active’:236 $args[‘meta_query’] = array(‘relation’ => 'OR’,237 array(238 ‘key’ => 'rm_user_status’,239 ‘value’ => '1’,240 ‘compare’ => '!=’241 ),242 array(243 ‘key’ => 'rm_user_status’,244 ‘value’ => '1’,245 ‘compare’ => 'NOT EXISTS’246 ));247 break;248249 case 'pending’:250 $args[‘meta_query’] = array(array(251 ‘key’ => 'rm_user_status’,252 ‘value’ => '1’,253 ‘compare’ => '=’254 ));255 break;256 }257258 switch ($interval) {259 case 'today’:260 $args[‘date_query’] = array(array(‘after’ => date('Y-m-d’, strtotime(‘today’)), ‘inclusive’ => true));261 break;262263 case 'week’:264 $args[‘date_query’] = array(array(‘after’ => date('Y-m-d’, strtotime(‘this week’)), ‘inclusive’ => true));265 break;266267 case 'month’:268 $args[‘date_query’] = array(array(‘after’ => 'first day of this month’, ‘inclusive’ => true));269 break;270271 case 'year’:272 $args[‘date_query’] = array(array(‘year’ => date(‘Y’), ‘inclusive’ => true));273 break;274 }275 276 switch ($sort) {277 case 'oldest’:278 $args[‘orderby’] = 'user_registered’;279 $args[‘order’] = 'ASC’;280 break;281282 case '0toz’:283 $args[‘orderby’] = 'display_name’;284 $args[‘order’] = 'ASC’;285 break;286 287 case 'zto0’:288 $args[‘orderby’] = 'display_name’;289 $args[‘order’] = 'DESC’;290 break;291 292 default:293 $args[‘orderby’] = 'user_registered’;294 $args[‘order’] = 'DESC’;295 break;296 }297 298 //echo "Args:<pre>", var_dump($args), "</pre>";299 $users = get_users($args);300301 return $users;302 }303304 public function get_total_user_per_pagination() {305 $total = $this->get_user_count();306 return (int) ($total / 2) + (($total % 2) == 0 ? 0 : 1);307 }308309 public function get_all_user_data($page = '1’, $number = '20’, $search_str = ‘’, $user_status = ‘all’, $interval = ‘all’, $sort = ‘latest’, $user_ids = array()) {310 $offset = ($page * $number) - $number;311 $all_user_info = $this->get_users($offset, $number, $search_str, $user_status, $interval, $sort, $user_ids);312 $all_user_data = array();313314 foreach ($all_user_info as $user) {315316 $tmpuser = new stdClass();317 $user_info = get_userdata($user->ID);318 $is_disabled = (int) get_user_meta($user->ID, ‘rm_user_status’, true);319 $tmpuser->ID = $user->ID;320321 if (empty($user_info->display_name))322 $tmpuser->first_name = $user_info->first_name;323 else324 $tmpuser->first_name = $user_info->display_name;325326 if (isset($user_info->user_email))327 $tmpuser->user_email = $user_info->user_email;328 else329 $tmpuser->user_email = ‘’;330331 if ($is_disabled == 1)332 $tmpuser->user_status = RM_UI_Strings::get(‘LABEL_DEACTIVATED’);333 else334 $tmpuser->user_status = RM_UI_Strings::get(‘LABEL_ACTIVATED’);335336 $tmpuser->date = $user_info->user_registered;337338 $all_user_data[] = $tmpuser;339 }340341 return $all_user_data;342 }343344 public function get_user_by($field, $value) {345 $user = get_user_by($field, $value);346 return $user;347 }348349 public function login($request) {350 global $user;351 $credentials = array();352 $credentials[‘user_login’] = $request->req[‘username’];353 $credentials[‘user_password’] = $request->req[‘pwd’];354 if (isset($request->req[‘remember’]))355 $credentials[‘remember’] = true;356 else357 $credentials[‘remember’] = false;358359 //require_once(ABSPATH . ‘wp-load.php’);360 //require_once(ABSPATH . ‘wp-includes/pluggable.php’);361 $user = wp_signon($credentials, is_ssl());362 if(!is_wp_error($user)){363 do_action(‘rm_user_signon’,$user);364 }365 else366 {367 do_action(‘rm_user_signon_failure’,$credentials);368 }369 return $user;370 }371 372 public function google_login_html() {373 if(defined(‘REGMAGIC_ADDON’)) {374 $addon_service = new RM_User_Services_Addon();375 return $addon_service->google_login_html($this);376 }377 }378 379 public function google_login_callback($token) {380 if(defined(‘REGMAGIC_ADDON’)) {381 $addon_service = new RM_User_Services_Addon();382 return $addon_service->google_login_callback($this,$token);383 }384 }385 386 public function linkedin_login_html() {387 if(defined(‘REGMAGIC_ADDON’)) {388 $addon_service = new RM_User_Services_Addon();389 return $addon_service->linkedin_login_html($this);390 }391 }392 393 public function instagram_login_html() {394 if(defined(‘REGMAGIC_ADDON’)) {395 $addon_service = new RM_User_Services_Addon();396 return $addon_service->instagram_login_html($this);397 }398 }399 400 public function twitter_login_html() {401 if(defined(‘REGMAGIC_ADDON’)) {402 $addon_service = new RM_User_Services_Addon();403 return $addon_service->twitter_login_html($this);404 }405 }406 407 public function windows_login_html() {408 if(defined(‘REGMAGIC_ADDON’)) {409 $addon_service = new RM_User_Services_Addon();410 return $addon_service->windows_login_html($this);411 }412 }413414 public function facebook_login_html() {415 if(!RM_Utilities::is_ssl()){416 return;417 }418419 $gopts = new RM_Options;420 if ($gopts->get_value_of(‘enable_facebook’) == ‘yes’) {421 $fb_app_id = $gopts->get_value_of(‘facebook_app_id’);422 $fb_app_secret = $gopts->get_value_of(‘facebook_app_secret’);423 if (!$fb_app_id || !$fb_app_secret)424 return;425 426 return “<pre class=’rm-pre-wrapper-for-script-tags’><script>427 function checkLoginState() {428 FB.getLoginStatus(function(response) {429 if (response.status === ‘connected’) {430 greet(response.authResponse.accessToken);431 }432 else {433 FB.login(function(response) {434 var token = response.authResponse.accessToken;435FB.api('/me’,{fields: 'first_name,email’}, function (response) {436 handle_data('’,response.first_name,’facebook’,token);437438439});440}, {scope: 'email’});441 }442});443 }444function greet(accessToken) {445FB.api('/me’,{fields: 'first_name,email’}, function (response) {446 handle_data('’,response.first_name,’facebook’,accessToken);447448449});450}451 window.fbAsyncInit = function() {452 FB.init({453 appId : '” . $fb_app_id . "’,454 cookie : true, // enable cookies to allow the server to access 455 // the session456 xfbml : true, // parse social plugins on this page457 version : ‘v2.5’ // use graph api version 2.5458 });459460 };461462 // Load the SDK asynchronously463 (function(d, s, id) {464 var js, fjs = d.getElementsByTagName(s)[0];465 if (d.getElementById(id)) return;466 js = d.createElement(s); js.id = id;467 js.src = ‘//connect.facebook.net/en_US/sdk.js’;468 fjs.parentNode.insertBefore(js, fjs);469 }(document, ‘script’, ‘facebook-jssdk’));470471 // Here we run a very simple test of the Graph API after login is472 // successful. See statusChangeCallback() for when this call is made.473 474</script></pre>475476<!–477 Below we include the Login Button social plugin. This button uses478 the JavaScript SDK to present a graphical Login button that triggers479 the FB.login() function when clicked.480–>481<div class=’rm-facebook-login rm-third-party-login’><input class=’rm-third-party-login-btn’ type=’button’ onclick=’checkLoginState()' value=’".__(‘Sign in with Facebook’,’custom-registration-form-builder-with-submission-manager’)."’ /><span><svg aria-hidden=’true’ data-prefix=’fab’ data-icon=’facebook-f’ class=’svg-inline–fa fa-facebook-f fa-w-9’ role=’img’ xmlns=’http://www.w3.org/2000/svg’ viewbox=’0 0 264 512’><path fill=’#fff’ d=’M76.7 512V283H0v-91h76.7v-71.7C76.7 42.4 124.3 0 193.8 0c33.3 0 61.9 2.5 70.2 3.6V85h-48.2c-37.8 0-45.1 18-45.1 44.3V192H256l-11.7 91h-73.6v229’></path></svg></span> </div>";482 // return ‘<div class="facebook_login"><a href="’ . htmlspecialchars($loginUrl) . '">Log in with Facebook!</a></div>’;483 }484 }485 486 public function facebook_login_callback_old() {487 488 global $rm_env_requirements;489490 if (!($rm_env_requirements & RM_REQ_EXT_CURL))491 return;492493 global $rm_fb_sdk_req;494 495 $gopts = new RM_Options;496 $fb_app_id = $gopts->get_value_of(‘facebook_app_id’);497 $fb_app_secret = $gopts->get_value_of(‘facebook_app_secret’);498499 if (!$fb_app_id || !$fb_app_secret)500 return;501 502 if ($rm_fb_sdk_req === RM_FB_SDK_REQ_OK)503 {504 $fb = new Facebook\Facebook(array(505 ‘app_id’ => $fb_app_id,506 ‘app_secret’ => $fb_app_secret,507 ‘default_graph_version’ => 'v2.2’,508 ));509510 $helper = $fb->getRedirectLoginHelper();511 try512 {513 $accessToken = $helper->getAccessToken();514 } catch (Facebook\Exceptions\FacebookResponseException $e)515 {516 // When Graph returns an error517 echo 'Graph returned an error: ' . wp_kses_post($e->getMessage());518 exit;519 } catch (Facebook\Exceptions\FacebookSDKException $e)520 {521 // When validation fails or other local issues522 echo 'Facebook SDK returned an error: ' . wp_kses_post($e->getMessage());523 exit;524 }525526 if (!isset($accessToken))527 {528 if ($helper->getError())529 {530 header(‘HTTP/1.0 401 Unauthorized’);531 echo "Error: " . wp_kses_post($helper->getError()) . "\n";532 echo "Error Code: " . wp_kses_post($helper->getErrorCode()) . "\n";533 echo "Error Reason: " . wp_kses_post($helper->getErrorReason()) . "\n";534 echo "Error Description: " . wp_kses_post($helper->getErrorDescription()) . "\n";535 } else536 {537 header(‘HTTP/1.0 400 Bad Request’);538 echo 'Bad request’;539 }540 exit;541 }542543 // Logged in544 // echo '<h3>Access Token</h3>’;545 //var_dump($accessToken->getValue());546 // The OAuth 2.0 client handler helps us manage access tokens547 $oAuth2Client = $fb->getOAuth2Client();548549 // Get the access token metadata from /debug_token550 $tokenMetadata = $oAuth2Client->debugToken($accessToken);551552 //echo '<h3>Metadata</h3>’;553 //var_dump($tokenMetadata);554 // Validation (these will throw FacebookSDKException’s when they fail)555556 $tokenMetadata->validateAppId($fb_app_id); // Replace {app-id} with your app id557 // If you know the user ID this access token belongs to, you can validate it here558 //$tokenMetadata->validateUserId(‘123’);559 $tokenMetadata->validateExpiration();560561 if (!$accessToken->isLongLived())562 {563 // Exchanges a short-lived access token for a long-lived one564 try565 {566 $accessToken2 = $oAuth2Client->getLongLivedAccessToken($accessToken);567 } catch (Facebook\Exceptions\FacebookSDKException $e)568 {569 echo "<p>Error getting long-lived access token: " . wp_kses_post($helper->getMessage()) . "</p>\n\n";570 exit;571 }572573 //echo '<h3>Long-lived</h3>’;574 //var_dump($accessToken2->getValue());575 }576577578579 //$_SESSION[‘fb_access_token’] = (string) $accessToken;580581582583 try584 {585 // Returns a `Facebook\FacebookResponse` object586 $response = $fb->get('/me?fields=id,name,email,first_name,last_name’, (string) $accessToken);587 } catch (Facebook\Exceptions\FacebookResponseException $e)588 {589 echo 'Graph returned an error: ' . wp_kses_post($e->getMessage());590 exit;591 } catch (Facebook\Exceptions\FacebookSDKException $e)592 {593 echo 'Facebook SDK returned an error: ' . wp_kses_post($e->getMessage());594 exit;595 }596597 $user = $response->getGraphUser();598599 //var_dump($user->getFirstName());600 $user_name = $user->getName();601 $user_email = $user->getEmail();602 $user_name = $user->getName();603 $user_fname = $user->getFirstName();604 $user_lname = $user->getLastName();605 $redirection_post = $gopts->get_value_of(‘post_submission_redirection_url’);606607 if (email_exists($user_email))608 { // user is a member609 $user = get_user_by('email’, $user_email);610611 $user_id = $user->ID;612 613 $is_disabled = (int) get_user_meta($user_id, 'rm_user_status’, true);614 615 if(!$is_disabled)616 wp_set_auth_cookie($user_id, true);617 618 } else619 { // this user is a guest620 $random_password = wp_generate_password(10, false);621622 $user_id = wp_create_user($user_email, $random_password, $user_email);623624 if (!is_wp_error($user_id))625 {626 if (function_exists(‘is_multisite’) && is_multisite())627 add_user_to_blog(get_current_blog_id(), $user_id, get_option(‘default_role’));628629 update_user_meta($user_id, 'avatar_image’, ‘https://graph.facebook.com/’ . $user->getId() . ‘/picture?type=large’);630631 wp_update_user(array(632 ‘ID’ => $user_id,633 ‘display_name’ => $user_name,634 ‘first_name’ => $user_fname,635 ‘last_name’ => $user_lname636 ));637 638 //varify auto approval setting639 $auto_approval = $gopts->get_value_of(‘user_auto_approval’);640641 if($auto_approval == ‘yes’)642 {643 wp_set_auth_cookie($user_id, true);644 }645 else //Deactivate the user646 {647 update_user_meta($user_id, 'rm_user_status’, ‘1’);648 }649 }650 }651 } else652 {653 $fb = new Facebook(array(654 ‘appId’ => $fb_app_id,655 ‘secret’ => $fb_app_secret656 ));657658 $user = $fb->getUser();659660 if ($user)661 {662 $user_profile = $fb->api(‘/me?fields=id,name,email,first_name,last_name’);663 if (isset($user_profile[‘email’]))664 {665 $user_email = $user_profile[‘email’];666 $redirection_post = $gopts->get_value_of(‘post_submission_redirection_url’);667668 if (email_exists($user_email))669 { // user is a member670 $user = get_user_by('email’, $user_email);671 $user_id = $user->ID;672 $is_disabled = (int) get_user_meta($user_id, 'rm_user_status’, true);673 if(!$is_disabled)674 wp_set_auth_cookie($user_id, true);675 } else676 { // this user is a guest677 $random_password = wp_generate_password(10, false);678679 $user_id = wp_create_user($user_email, $random_password, $user_email);680 if (!is_wp_error($user_id))681 { 682683 if (function_exists(‘is_multisite’) && is_multisite())684 add_user_to_blog(get_current_blog_id(), $user_id, ‘subscriber’);685686 update_user_meta($user_id, 'avatar_image’, ‘https://graph.facebook.com/’ . $user_profile[‘id’] . ‘/picture?type=large’);687688 wp_update_user(array(689 ‘ID’ => $user_id,690 ‘display_name’ => $user_profile[‘name’],691 ‘first_name’ => $user_profile[‘first_name’],692 ‘last_name’ => $user_profile[‘last_name’]693 ));694 //varify auto approval setting695 $auto_approval = $gopts->get_value_of(‘user_auto_approval’);696697 if($auto_approval == ‘yes’)698 {699 wp_set_auth_cookie($user_id, true);700 }701 else //Deactivate the user702 {703 update_user_meta($user_id, 'rm_user_status’, ‘1’);704 }705 }706 }707 } else708 die(‘Error: Unable to fetch email address from Facebbok.’);709 }710 }711712 $rdrto = RM_Utilities::after_login_redirect($user);713 714 if(!$rdrto)715 $rdrto = apply_filters( 'login_redirect’, $redirect_to, "", $user );716717 if(!$rdrto || $rdrto == “__current_url”) {718 $rdrto = "";719 }720 721 $after_login_url = $rdrto;722 RM_Utilities::redirect($after_login_url);723 }724725 public function set_user_role($user_id, $role)726 {727 $user = new WP_User($user_id);728 $user->set_role($role);729 do_action('rm_user_role_assigned’, $user_id);730 }731732 public function reset_user_password($pass, $conf, $user_id) {733 if ($pass && $conf && $user_id) {734 if ($pass === $conf) {735 wp_set_password($pass, $user_id);736 }737 } else {738 throw new InvalidArgumentException("Invalid Argument Supplied in " . __CLASS__ . ‘::’ . __FUNCTION__);739 }740 }741742 public function create_user_activation_link($user_id) {743 if ((int) $user_id) {744 $pass = wp_generate_password(10, false);745 $activation_code = md5($pass);746747 if (!update_user_meta($user_id, 'rm_activation_code’, $activation_code))748 return false;749750 $user_data_obj = new stdClass();751 $user_data_obj->user_id = $user_id;752 $user_data_obj->activation_code = $activation_code;753754 $user_data_json = json_encode($user_data_obj);755756 $user_data_enc = urlencode(RM_Utilities::enc_str($user_data_json));757758 $user_activation_link = admin_url(‘admin-ajax.php’) . ‘?action=rm_activate_user&user=’ . $user_data_enc;759 760 return $user_activation_link;761 }762763 return false;764 }765 766 public function social_login_using_email($user_email = null, $user_fname = null, $type = null, $token = null) {767 $user_email = isset($_POST[‘email’]) ? sanitize_email($_POST[‘email’]) : $user_email;768 $user_fname = isset($_POST[‘first_name’]) ? sanitize_text_field($_POST[‘first_name’]) : $user_fname;769 $type = isset($_POST[‘type’]) ? sanitize_text_field($_POST[‘type’]) : $type;770 $login_success = false;771 $resp = array(‘code’ => 'denied’, ‘msg’ => ‘’);772 switch ($type) {773 case 'facebook’:774 $accessToken = sanitize_text_field($_POST[‘token’]);775 if(empty($accessToken))776 break;777778 $gopts = new RM_Options;779 $fb_app_id = $gopts->get_value_of(‘facebook_app_id’);780 $fb_app_secret = $gopts->get_value_of(‘facebook_app_secret’);781782 $response = wp_remote_get('https://graph.facebook.com/v2.12/me?fields=email&access_token=’.$accessToken);783 $response = json_decode(wp_remote_retrieve_body($response));784785 if(is_object($response) && isset($response->email)) {786 $user_email = $response->email;787 $login_success = true;788 }789 break;790 case 'google’:791 $login_success = $this->google_login_callback(sanitize_text_field($_POST[‘token’]));792 break;793 case 'instagram’:794 $response = wp_remote_get('https://graph.instagram.com/v12.0/me?fields=id,username&access_token=’.sanitize_text_field($_POST[‘token’]));795 $response = json_decode(wp_remote_retrieve_body($response));796 if(isset($response->username)) {797 $user_email = $response->username;798 $user_fname = '’;799 $login_success = true;800 }801 break;802 default:803 break;804 }805 if($login_success) {806 $resp[‘code’] = 'allowed’;807 } else {808 $resp[‘msg’] = __(‘Request denied’,’custom-registration-form-builder-with-submission-manager’);809 echo wp_kses_post(json_encode($resp)); die;810 }811 $user_model = new RM_User;812 $gopts = new RM_Options;813 $login_service = new RM_Login_Service();814 $user = $user_email;815 if ($user_email != null) {816 if (email_exists($user_email)) { // user is a member817 $user = get_user_by('email’, $user_email);818 $user_id = (int) $user->data->ID;819 $is_disabled = (int) get_user_meta($user_id, 'rm_user_status’, true);820821 if (!$is_disabled){822 //$login_service->insert_login_log(array(‘email’=>$user->user_email,’ip’=> $_SERVER[‘REMOTE_ADDR’],’time’=> current_time(‘timestamp’),’status’=>1,’type’=>’social:’.$type,’result’=>’success’));823 $login_service->insert_login_log(array('email’=>$user->user_email,’username_used’=>$user_email,’ip’=> $_SERVER[‘REMOTE_ADDR’],’time’=> current_time(‘timestamp’),’status’=>1,’type’=>’social’,’result’=>’success’,’social_type’=>$type));824 wp_set_auth_cookie($user_id, true);825 }826 else {827 $login_service->insert_login_log(array('email’=>$user->user_email,’username_used’=>$user_email,’ip’=> $_SERVER[‘REMOTE_ADDR’],’time’=> current_time(‘timestamp’),’status’=>0,’type’=>’social’,’result’=>’failure’,’social_type’=>$type));828 $resp[‘code’] = 'denied’;829 $resp[‘msg’] = RM_UI_Strings::get(“RM_SOCIAL_ERR_ACC_UNAPPROVED”); //"Please wait for admin’s approval before you can log in";830 }831 } else if (username_exists($user_email)) {832 $user = get_user_by('login’, $user_email);833 $user_id = (int) $user->data->ID;834 $is_disabled = (int) get_user_meta($user_id, ‘rm_user_status’, true);835 $username_used=’’;836 if($type==’instagram’){837 $username_used= $user_email;838 }839 if (!$is_disabled){840 $login_service->insert_login_log(array('email’=>$user->user_email,’username_used’=>$user_email,’ip’=> $_SERVER[‘REMOTE_ADDR’],’time’=> current_time(‘timestamp’),’status’=>1,’type’=>’social’,’result’=>’success’,’social_type’=>$type,’username_used’=>$username_used));841 wp_set_auth_cookie($user_id, true);842 }843 else {844 $login_service->insert_login_log(array('email’=>$user->user_email,’username_used’=>$user_email,’ip’=> $_SERVER[‘REMOTE_ADDR’],’time’=> current_time(‘timestamp’),’status’=>0,’type’=>’social’,’result’=>’failure’,’social_type’=>$type,’username_used’=>$username_used));845 $resp[‘code’] = 'denied’;846 $resp[‘msg’] = RM_UI_Strings::get(“RM_SOCIAL_ERR_ACC_UNAPPROVED”); //"Please wait for admin’s approval before you can log in";847 }848 } else { // this user is a guest849 $random_password = wp_generate_password(10, false);850851 $user_id = wp_create_user($user_email, $random_password, $user_email);852 if (!is_wp_error($user_id)) {853 if (function_exists(‘is_multisite’) && is_multisite())854 add_user_to_blog(get_current_blog_id(), $user_id, ‘subscriber’);855856 wp_update_user(array(857 ‘ID’ => $user_id,858 ‘display_name’ => $user_fname,859 ‘first_name’ => $user_fname860 ));861862 //varify auto approval setting863 $auto_approval = $gopts->get_value_of(‘user_auto_approval’);864865 if ($auto_approval == ‘yes’) {866 wp_set_auth_cookie($user_id, true);867 } else { //Deactivate the user868 $user_model->deactivate_user($user_id);869 $user_service = new RM_User_Services;870 $link = $user_service->create_user_activation_link($user_id);871 $user_info = get_userdata($user_id);872 $required_params = new stdClass();873 $required_params->email = $user_email;874 $required_params->username = $user_info->display_name;875 //required_params->form_id= $form_id; 876877 $required_params->link = $link;878879 // ob_start(); var_dump('datas’,$auto_approval,$link,$required_params->email, $required_params->link); $out=ob_get_clean(); error_log($out); 880881 RM_Email_Service::notify_admin_to_activate_user($required_params);882883884885 $resp[‘code’] = 'denied’;886 $resp[‘msg’] = RM_UI_Strings::get(“RM_SOCIAL_ERR_NEW_ACC_UNAPPROVED”); //"Account has been created. Please wait for admin’s approval before you can log in";887 }888889 /* if ($auto_approval != “yes”) {890 $this->deactivate_user_by_id($user_id);891 }892 else{893 $this->activate_user_by_id($user_id);} */894895 /*896 error_log(‘niku’);897 if($auto_approval != “yes”){898899 $link = $this->create_user_activation_link($user_id);900 $required_params = new stdClass();901 $required_params->email = $user;902 // $required_params->form_id= $form_id;903904 $required_params->link = $link;905906 ob_start(); var_dump('datas’,$auto_approval,$link,$required_params->email, $required_params->link); $out=ob_get_clean(); error_log($out);907908 RM_Email_Service::notify_admin_to_activate_user($required_params);909 } */910 }911 }912913 $rdrto = RM_Utilities::after_login_redirect($user);914915 if (!$rdrto)916 $rdrto = apply_filters('login_redirect’, $redirect_to, "", $user);917918 if (!$rdrto || $rdrto == “__current_url”) {919 $rdrto = "";920 }921922 $after_login_url = $rdrto;923 924 if ($resp[‘code’] == ‘allowed’)925 $resp[‘msg’] = $after_login_url;926927 echo wp_kses_post(json_encode($resp));928929 die;930 }931 }932 933 public function social_login_using_email_direct($user_email = null, $user_fname = null, $type = null) {934 $user_email = sanitize_email($user_email);935 $user_fname = sanitize_text_field($user_fname);936 $type = sanitize_text_field($type);937 $user_model = new RM_User;938 $gopts = new RM_Options;939 $login_service = new RM_Login_Service();940 $user = $user_email;941 $resp = array(‘code’ => 'allowed’, ‘msg’ => ‘’);942 if ($user_email != null) {943 if (email_exists($user_email)) { // user is a member944 $user = get_user_by('email’, $user_email);945 $user_id = (int) $user->data->ID;946 $is_disabled = (int) get_user_meta($user_id, 'rm_user_status’, true);947948 if (!$is_disabled){949 //$login_service->insert_login_log(array(‘email’=>$user->user_email,’ip’=> $_SERVER[‘REMOTE_ADDR’],’time’=> current_time(‘timestamp’),’status’=>1,’type’=>’social:’.$type,’result’=>’success’));950 $login_service->insert_login_log(array('email’=>$user->user_email,’username_used’=>$user_email,’ip’=> $_SERVER[‘REMOTE_ADDR’],’time’=> current_time(‘timestamp’),’status’=>1,’type’=>’social’,’result’=>’success’,’social_type’=>$type));951 wp_set_auth_cookie($user_id, true);952 }953 else {954 $login_service->insert_login_log(array('email’=>$user->user_email,’username_used’=>$user_email,’ip’=> $_SERVER[‘REMOTE_ADDR’],’time’=> current_time(‘timestamp’),’status’=>0,’type’=>’social’,’result’=>’failure’,’social_type’=>$type));955 $resp[‘code’] = 'denied’;956 $resp[‘msg’] = RM_UI_Strings::get(“RM_SOCIAL_ERR_ACC_UNAPPROVED”); //"Please wait for admin’s approval before you can log in";957 }958 } else if (username_exists($user_email)) {959 $user = get_user_by('login’, $user_email);960 $user_id = (int) $user->data->ID;961 $is_disabled = (int) get_user_meta($user_id, ‘rm_user_status’, true);962 $username_used=’’;963 if($type==’instagram’){964 $username_used= $user_email;965 }966 if (!$is_disabled){967 $login_service->insert_login_log(array('email’=>$user->user_email,’username_used’=>$user_email,’ip’=> $_SERVER[‘REMOTE_ADDR’],’time’=> current_time(‘timestamp’),’status’=>1,’type’=>’social’,’result’=>’success’,’social_type’=>$type,’username_used’=>$username_used));968 wp_set_auth_cookie($user_id, true);969 }970 else {971 $login_service->insert_login_log(array('email’=>$user->user_email,’username_used’=>$user_email,’ip’=> $_SERVER[‘REMOTE_ADDR’],’time’=> current_time(‘timestamp’),’status’=>0,’type’=>’social’,’result’=>’failure’,’social_type’=>$type,’username_used’=>$username_used));972 $resp[‘code’] = 'denied’;973 $resp[‘msg’] = RM_UI_Strings::get(“RM_SOCIAL_ERR_ACC_UNAPPROVED”); //"Please wait for admin’s approval before you can log in";974 }975 } else { // this user is a guest976 $random_password = wp_generate_password(10, false);977978 $user_id = wp_create_user($user_email, $random_password, $user_email);979 if (!is_wp_error($user_id)) {980 if (function_exists(‘is_multisite’) && is_multisite())981 add_user_to_blog(get_current_blog_id(), $user_id, ‘subscriber’);982983 wp_update_user(array(984 ‘ID’ => $user_id,985 ‘display_name’ => $user_fname,986 ‘first_name’ => $user_fname987 ));988989 //varify auto approval setting990 $auto_approval = $gopts->get_value_of(‘user_auto_approval’);991992 if ($auto_approval == ‘yes’) {993 wp_set_auth_cookie($user_id, true);994 } else { //Deactivate the user995 $user_model->deactivate_user($user_id);996 $user_service = new RM_User_Services;997 $link = $user_service->create_user_activation_link($user_id);998 $user_info = get_userdata($user_id);999 $required_params = new stdClass();1000 $required_params->email = $user_email;1001 $required_params->username = $user_info->display_name;1002 //required_params->form_id= $form_id; 10031004 $required_params->link = $link;10051006 // ob_start(); var_dump('datas’,$auto_approval,$link,$required_params->email, $required_params->link); $out=ob_get_clean(); error_log($out); 10071008 RM_Email_Service::notify_admin_to_activate_user($required_params);1009101010111012 $resp[‘code’] = 'denied’;1013 $resp[‘msg’] = RM_UI_Strings::get(“RM_SOCIAL_ERR_NEW_ACC_UNAPPROVED”); //"Account has been created. Please wait for admin’s approval before you can log in";1014 }10151016 }1017 }10181019 $rdrto = RM_Utilities::after_login_redirect($user);10201021 if (!$rdrto)1022 $rdrto = apply_filters('login_redirect’, $redirect_to, "", $user);10231024 if (!$rdrto || $rdrto == “__current_url”) {1025 $rdrto = "";1026 }10271028 $after_login_url = $rdrto;1029 1030 if ($resp[‘code’] == ‘allowed’) {1031 if(empty($after_login_url))1032 RM_Utilities::redirect(get_permalink());1033 else1034 RM_Utilities::redirect($after_login_url);1035 } else {1036 echo wp_kses_post($resp[‘msg’]);1037 }1038 }1039 }1040 1041 public function get_twitter_keys() {1042 if(defined(‘REGMAGIC_ADDON’)) {1043 $addon_service = new RM_User_Services_Addon();1044 return $addon_service->get_twitter_keys($this);1045 }1046 }10471048 public function get_instagram_user() {1049 if(defined(‘REGMAGIC_ADDON’)) {1050 $addon_service = new RM_User_Services_Addon();1051 return $addon_service->get_instagram_user($this);1052 }1053 }1054 1055 public function auto_login_by_id($user_id){1056 if(defined(‘REGMAGIC_ADDON’)) {1057 $addon_service = new RM_User_Services_Addon();1058 return $addon_service->auto_login_by_id($user_id, $this);1059 }1060 }1061 1062 public function get_user_meta_dropdown(){1063 $metas= array();1064 $rows= RM_DBManager::get_all_user_meta();1065 foreach($rows as $row){1066 array_push($metas,$row->meta_key);1067 }1068 return $metas;1069 }10701071}

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907