CVE-2023-2499: class_rm_user_services.php in custom-registration-form-builder-with-submission-manager/tags/5.2.0.4/services – WordPress Plugin Repository

1<?php23/*4 * To change this license header, choose License Headers in Project Properties.5 * To change this template file, choose Tools | Templates6 * and open the template in the editor.7 */89/**10 * Class responsible for User and Roles related operations11 *12 * @author CMSHelplive13 */14class RM_User_Services extends RM_Services15{1617 public $default_user_roles = array('administrator’, 'editor’, 'author’, 'contributor’, ‘subscriber’);1819 public function get_user_roles() {20 $roles = get_editable_roles();21 $role_names = array();22 foreach ($roles as $key => $role) {23 $role_names[$key] = $role[‘name’];24 }25 return $role_names;26 }27 28 public function add_default_form($form=null,$role=null) {29 if(check_ajax_referer(‘rm_ajax_secure’,’rm_sec_nonce’) && current_user_can(‘manage_options’)) {30 $role =isset($_POST[‘role’])? sanitize_text_field($_POST[‘role’]) : null;31 $form =isset($_POST[‘form’])? sanitize_text_field($_POST[‘form’]) : null;32 if(isset($role) && isset($form)) {33 $gopts= new RM_Options;34 $default_forms=array();35 $opt_default_forms=$gopts->get_value_of(‘rm_option_default_forms’);36 $default_forms= maybe_unserialize($opt_default_forms);37 if(defined(‘REGMAGIC_ADDON’)) {38 $def = $default_forms;39 foreach ($def as $key => $val) {40 if ($val == $form) {41 $default_forms[$key] = null;42 }43 }44 }45 if($form == ‘’) {46 $default_forms[$role]=null;47 $opt_default_forms= maybe_serialize($default_forms);48 $gopts->set_value_of('rm_option_default_forms’,$opt_default_forms);49 echo "";50 die;51 } 52 $default_forms[$role]=$form;53 $opt_default_forms= maybe_serialize($default_forms);54 $gopts->set_value_of('rm_option_default_forms’,$opt_default_forms);55 $forms_options=new RM_Forms;56 $forms_options->load_from_db($form);57 $form_name=$forms_options->get_form_name();58 echo esc_html($form_name);59 die;60 }61 }62 echo "";63 die;64 }6566 // This function creates a copy of the role with a different name67 public function create_role($role_name, $display_name, $capability, $additional_data = null) {68 if(defined(‘REGMAGIC_ADDON’)) {69 $addon_service = new RM_User_Services_Addon();70 return $addon_service->create_role($role_name, $display_name, $capability, $this, $additional_data);71 }72 $role = get_role($capability);73 if (add_role($role_name, $display_name, $role->capabilities) !== null)74 return true;75 else76 return false;77 }7879 public function get_roles_by_status() {80 $roles_data = new stdClass();81 $roles = $this->get_user_roles();82 $custom = array();83 $default = array();84 $linked_form = array();85 foreach ($roles as $key => $role) {86 if (in_array($key, $this->default_user_roles)) {87 $default[$key] = $role;88 $linked_form[$key]=$this->get_linked_forms($key);89 } else {90 $custom[$key] = $role;91 $linked_form[$key]=$this->get_linked_forms($key);92 }93 }94 $roles_data->default = $default;95 $roles_data->custom = $custom;96 $roles_data->linked_forms=$linked_form;97 return $roles_data;98 }99 100 public function get_linked_forms($role) {101 $forms= RM_DBManager::get('FORMS’, array(“default_user_role” => $role), array(“%s”));102 $linked_form=array();103 if($forms != null) {104 foreach($forms as $form) {105 $linked_form[$form->form_id] = $form->form_name;106 }107 }108 return $linked_form;109 }110 111 public function delete($users,$reassign=null) {112 if (is_array($users) && !empty($users)) {113 $curr_user = wp_get_current_user();114 if (isset($curr_user->ID))115 $curr_user_id = $curr_user->ID;116 else117 $curr_user_id = null;118 foreach ($users as $id) {119 if ($curr_user_id != $id){120 wp_delete_user($id,$reassign);121 } 122 }123 }124 }125126 public function activate($users) {127 $user_model= new RM_User;128 if (is_array($users) && !empty($users)) {129 foreach ($users as $id) {130 $user_model->activate_user($id);131 }132 }133 }134135 public function notify_users($users, $type) {136 if (is_array($users) && !empty($users)) {137 //$front_form_service = new RM_Front_Form_Service;138 foreach ($users as $id) {139 $user = get_user_by('id’, $id);140 $params = new stdClass;141 $params->email = $user->user_email; 142 $params->sub_id = get_user_meta($id, 'RM_UMETA_SUB_ID’, true);143 $params->form_id = get_user_meta($id, 'RM_UMETA_FORM_ID’, true);144 RM_Email_Service::notify_user_on_activation($params);145 }146 }147 }148 149 public static function send_email_ajax()150 {151 if (current_user_can(‘manage_options’) && check_ajax_referer( 'rm_send_email_user_view’, ‘rm_ajaxnonce’ ))152 {153 $to = sanitize_email($_POST[‘to’]);154 $sub = sanitize_text_field($_POST[‘sub’]);155 $body = wp_kses_post($_POST[‘body’]);156157 RM_Utilities::quick_email($to, $sub, $body);158 }159 wp_die();160 }161162 public function deactivate_user_by_id($user_id) {163 if(defined(‘REGMAGIC_ADDON’)) {164 $addon_service = new RM_User_Services_Addon();165 return $addon_service->deactivate_user_by_id($user_id, $this);166 }167 $user_model= new RM_User;168 $curr_user = wp_get_current_user();169 if (isset($curr_user->ID))170 $curr_user_id = $curr_user->ID;171 else172 $curr_user_id = null;173 if ($curr_user_id != $user_id)174 $user_model->deactivate_user ($user_id);175 }176177 public function activate_user_by_id($user_id)178 {179 $user_model= new RM_User;180 return $user_model->activate_user($user_id);181 }182183 public function deactivate($users) {184 $user_model= new RM_User;185 if (is_array($users) && !empty($users)) {186 $curr_user = wp_get_current_user();187 if (isset($curr_user->ID))188 $curr_user_id = $curr_user->ID;189 else190 $curr_user_id = null;191 foreach ($users as $id) {192 if ($curr_user_id != $id)193 $user_model->deactivate_user($id);194 }195 }196 }197198 public function delete_roles($roles) {199 if(defined(‘REGMAGIC_ADDON’)) {200 $addon_service = new RM_User_Services_Addon();201 return $addon_service->delete_roles($roles, $this);202 }203 if (is_array($roles) && !empty($roles)) {204 foreach ($roles as $name) {205 $users = $this->get_users_by_role($name);206 foreach ($users as $user) {207 $user->add_role(‘subscriber’);208 }209210 remove_role($name);211 }212 }213 }214215 public function get_users_by_role($role_name) {216 $args = array(‘role’ => $role_name);217 $users = get_users($args);218 return $users;219 }220221 public function get_user_count() {222 $result = count_users();223 $total_users = $result[‘total_users’];224 return $total_users;225 }226227 public function get_users($offset = '’, $number = '’, $search_str = '’, $user_status = 'all’, $interval = 'all’, $sort = 'latest’, $user_ids = array(), $fields_to_return = ‘all’) {228 $args = array(‘number’ => $number, ‘offset’ => $offset, ‘include’ => $user_ids, ‘search’ => ‘*’ . $search_str . ‘*’);229230 if(defined(‘REGMAGIC_ADDON’)) {231 $args[‘fields’] = $fields_to_return;232 }233 234 switch ($user_status) {235 case 'active’:236 $args[‘meta_query’] = array(‘relation’ => 'OR’,237 array(238 ‘key’ => 'rm_user_status’,239 ‘value’ => '1’,240 ‘compare’ => '!=’241 ),242 array(243 ‘key’ => 'rm_user_status’,244 ‘value’ => '1’,245 ‘compare’ => 'NOT EXISTS’246 ));247 break;248249 case 'pending’:250 $args[‘meta_query’] = array(array(251 ‘key’ => 'rm_user_status’,252 ‘value’ => '1’,253 ‘compare’ => '=’254 ));255 break;256 }257258 switch ($interval) {259 case 'today’:260 $args[‘date_query’] = array(array(‘after’ => date('Y-m-d’, strtotime(‘today’)), ‘inclusive’ => true));261 break;262263 case 'week’:264 $args[‘date_query’] = array(array(‘after’ => date('Y-m-d’, strtotime(‘this week’)), ‘inclusive’ => true));265 break;266267 case 'month’:268 $args[‘date_query’] = array(array(‘after’ => 'first day of this month’, ‘inclusive’ => true));269 break;270271 case 'year’:272 $args[‘date_query’] = array(array(‘year’ => date(‘Y’), ‘inclusive’ => true));273 break;274 }275 276 switch ($sort) {277 case 'oldest’:278 $args[‘orderby’] = 'user_registered’;279 $args[‘order’] = 'ASC’;280 break;281282 case '0toz’:283 $args[‘orderby’] = 'display_name’;284 $args[‘order’] = 'ASC’;285 break;286 287 case 'zto0’:288 $args[‘orderby’] = 'display_name’;289 $args[‘order’] = 'DESC’;290 break;291 292 default:293 $args[‘orderby’] = 'user_registered’;294 $args[‘order’] = 'DESC’;295 break;296 }297 298 //echo "Args:<pre>", var_dump($args), "</pre>";299 $users = get_users($args);300301 return $users;302 }303304 public function get_total_user_per_pagination() {305 $total = $this->get_user_count();306 return (int) ($total / 2) + (($total % 2) == 0 ? 0 : 1);307 }308309 public function get_all_user_data($page = '1’, $number = '20’, $search_str = ‘’, $user_status = ‘all’, $interval = ‘all’, $sort = ‘latest’, $user_ids = array()) {310 $offset = ($page * $number) - $number;311 $all_user_info = $this->get_users($offset, $number, $search_str, $user_status, $interval, $sort, $user_ids);312 $all_user_data = array();313314 foreach ($all_user_info as $user) {315316 $tmpuser = new stdClass();317 $user_info = get_userdata($user->ID);318 $is_disabled = (int) get_user_meta($user->ID, ‘rm_user_status’, true);319 $tmpuser->ID = $user->ID;320321 if (empty($user_info->display_name))322 $tmpuser->first_name = $user_info->first_name;323 else324 $tmpuser->first_name = $user_info->display_name;325326 if (isset($user_info->user_email))327 $tmpuser->user_email = $user_info->user_email;328 else329 $tmpuser->user_email = ‘’;330331 if ($is_disabled == 1)332 $tmpuser->user_status = RM_UI_Strings::get(‘LABEL_DEACTIVATED’);333 else334 $tmpuser->user_status = RM_UI_Strings::get(‘LABEL_ACTIVATED’);335336 $tmpuser->date = $user_info->user_registered;337338 $all_user_data[] = $tmpuser;339 }340341 return $all_user_data;342 }343344 public function get_user_by($field, $value) {345 $user = get_user_by($field, $value);346 return $user;347 }348349 public function login($request) {350 global $user;351 $credentials = array();352 $credentials[‘user_login’] = $request->req[‘username’];353 $credentials[‘user_password’] = $request->req[‘pwd’];354 if (isset($request->req[‘remember’]))355 $credentials[‘remember’] = true;356 else357 $credentials[‘remember’] = false;358359 //require_once(ABSPATH . ‘wp-load.php’);360 //require_once(ABSPATH . ‘wp-includes/pluggable.php’);361 $user = wp_signon($credentials, is_ssl());362 if(!is_wp_error($user)){363 do_action(‘rm_user_signon’,$user);364 }365 else366 {367 do_action(‘rm_user_signon_failure’,$credentials);368 }369 return $user;370 }371 372 public function google_login_html() {373 if(defined(‘REGMAGIC_ADDON’)) {374 $addon_service = new RM_User_Services_Addon();375 return $addon_service->google_login_html($this);376 }377 }378 379 public function google_login_callback($token) {380 if(defined(‘REGMAGIC_ADDON’)) {381 $addon_service = new RM_User_Services_Addon();382 return $addon_service->google_login_callback($this,$token);383 }384 }385 386 public function linkedin_login_html() {387 if(defined(‘REGMAGIC_ADDON’)) {388 $addon_service = new RM_User_Services_Addon();389 return $addon_service->linkedin_login_html($this);390 }391 }392 393 public function instagram_login_html() {394 if(defined(‘REGMAGIC_ADDON’)) {395 $addon_service = new RM_User_Services_Addon();396 return $addon_service->instagram_login_html($this);397 }398 }399 400 public function twitter_login_html() {401 if(defined(‘REGMAGIC_ADDON’)) {402 $addon_service = new RM_User_Services_Addon();403 return $addon_service->twitter_login_html($this);404 }405 }406 407 public function windows_login_html() {408 if(defined(‘REGMAGIC_ADDON’)) {409 $addon_service = new RM_User_Services_Addon();410 return $addon_service->windows_login_html($this);411 }412 }413414 public function facebook_login_html() {415 if(!RM_Utilities::is_ssl()){416 return;417 }418419 $gopts = new RM_Options;420 if ($gopts->get_value_of(‘enable_facebook’) == ‘yes’) {421 $fb_app_id = $gopts->get_value_of(‘facebook_app_id’);422 $fb_app_secret = $gopts->get_value_of(‘facebook_app_secret’);423 if (!$fb_app_id || !$fb_app_secret)424 return;425 426 return “<pre class=’rm-pre-wrapper-for-script-tags’><script>427 function checkLoginState() {428 FB.getLoginStatus(function(response) {429 if (response.status === ‘connected’) {430 greet(response.authResponse.accessToken);431 }432 else {433 FB.login(function(response) {434 var token = response.authResponse.accessToken;435FB.api('/me’,{fields: 'first_name,email’}, function (response) {436 handle_data('’,response.first_name,’facebook’,token);437438439});440}, {scope: 'email’});441 }442});443 }444function greet(accessToken) {445FB.api('/me’,{fields: 'first_name,email’}, function (response) {446 handle_data('’,response.first_name,’facebook’,accessToken);447448449});450}451 window.fbAsyncInit = function() {452 FB.init({453 appId : '” . $fb_app_id . "’,454 cookie : true, // enable cookies to allow the server to access 455 // the session456 xfbml : true, // parse social plugins on this page457 version : ‘v2.5’ // use graph api version 2.5458 });459460 };461462 // Load the SDK asynchronously463 (function(d, s, id) {464 var js, fjs = d.getElementsByTagName(s)[0];465 if (d.getElementById(id)) return;466 js = d.createElement(s); js.id = id;467 js.src = ‘//connect.facebook.net/en_US/sdk.js’;468 fjs.parentNode.insertBefore(js, fjs);469 }(document, ‘script’, ‘facebook-jssdk’));470471 // Here we run a very simple test of the Graph API after login is472 // successful. See statusChangeCallback() for when this call is made.473 474</script></pre>475476<!–477 Below we include the Login Button social plugin. This button uses478 the JavaScript SDK to present a graphical Login button that triggers479 the FB.login() function when clicked.480–>481<div class=’rm-facebook-login rm-third-party-login’><input class=’rm-third-party-login-btn’ type=’button’ onclick=’checkLoginState()' value=’".__(‘Sign in with Facebook’,’custom-registration-form-builder-with-submission-manager’)."’ /><span><svg aria-hidden=’true’ data-prefix=’fab’ data-icon=’facebook-f’ class=’svg-inline–fa fa-facebook-f fa-w-9’ role=’img’ xmlns=’http://www.w3.org/2000/svg’ viewbox=’0 0 264 512’><path fill=’#fff’ d=’M76.7 512V283H0v-91h76.7v-71.7C76.7 42.4 124.3 0 193.8 0c33.3 0 61.9 2.5 70.2 3.6V85h-48.2c-37.8 0-45.1 18-45.1 44.3V192H256l-11.7 91h-73.6v229’></path></svg></span> </div>";482 // return ‘<div class="facebook_login"><a href="’ . htmlspecialchars($loginUrl) . '">Log in with Facebook!</a></div>’;483 }484 }485 486 public function facebook_login_callback_old() {487 488 global $rm_env_requirements;489490 if (!($rm_env_requirements & RM_REQ_EXT_CURL))491 return;492493 global $rm_fb_sdk_req;494 495 $gopts = new RM_Options;496 $fb_app_id = $gopts->get_value_of(‘facebook_app_id’);497 $fb_app_secret = $gopts->get_value_of(‘facebook_app_secret’);498499 if (!$fb_app_id || !$fb_app_secret)500 return;501 502 if ($rm_fb_sdk_req === RM_FB_SDK_REQ_OK)503 {504 $fb = new Facebook\Facebook(array(505 ‘app_id’ => $fb_app_id,506 ‘app_secret’ => $fb_app_secret,507 ‘default_graph_version’ => 'v2.2’,508 ));509510 $helper = $fb->getRedirectLoginHelper();511 try512 {513 $accessToken = $helper->getAccessToken();514 } catch (Facebook\Exceptions\FacebookResponseException $e)515 {516 // When Graph returns an error517 echo 'Graph returned an error: ' . wp_kses_post($e->getMessage());518 exit;519 } catch (Facebook\Exceptions\FacebookSDKException $e)520 {521 // When validation fails or other local issues522 echo 'Facebook SDK returned an error: ' . wp_kses_post($e->getMessage());523 exit;524 }525526 if (!isset($accessToken))527 {528 if ($helper->getError())529 {530 header(‘HTTP/1.0 401 Unauthorized’);531 echo "Error: " . wp_kses_post($helper->getError()) . "\n";532 echo "Error Code: " . wp_kses_post($helper->getErrorCode()) . "\n";533 echo "Error Reason: " . wp_kses_post($helper->getErrorReason()) . "\n";534 echo "Error Description: " . wp_kses_post($helper->getErrorDescription()) . "\n";535 } else536 {537 header(‘HTTP/1.0 400 Bad Request’);538 echo 'Bad request’;539 }540 exit;541 }542543 // Logged in544 // echo '<h3>Access Token</h3>’;545 //var_dump($accessToken->getValue());546 // The OAuth 2.0 client handler helps us manage access tokens547 $oAuth2Client = $fb->getOAuth2Client();548549 // Get the access token metadata from /debug_token550 $tokenMetadata = $oAuth2Client->debugToken($accessToken);551552 //echo '<h3>Metadata</h3>’;553 //var_dump($tokenMetadata);554 // Validation (these will throw FacebookSDKException’s when they fail)555556 $tokenMetadata->validateAppId($fb_app_id); // Replace {app-id} with your app id557 // If you know the user ID this access token belongs to, you can validate it here558 //$tokenMetadata->validateUserId(‘123’);559 $tokenMetadata->validateExpiration();560561 if (!$accessToken->isLongLived())562 {563 // Exchanges a short-lived access token for a long-lived one564 try565 {566 $accessToken2 = $oAuth2Client->getLongLivedAccessToken($accessToken);567 } catch (Facebook\Exceptions\FacebookSDKException $e)568 {569 echo "<p>Error getting long-lived access token: " . wp_kses_post($helper->getMessage()) . "</p>\n\n";570 exit;571 }572573 //echo '<h3>Long-lived</h3>’;574 //var_dump($accessToken2->getValue());575 }576577578579 //$_SESSION[‘fb_access_token’] = (string) $accessToken;580581582583 try584 {585 // Returns a `Facebook\FacebookResponse` object586 $response = $fb->get('/me?fields=id,name,email,first_name,last_name’, (string) $accessToken);587 } catch (Facebook\Exceptions\FacebookResponseException $e)588 {589 echo 'Graph returned an error: ' . wp_kses_post($e->getMessage());590 exit;591 } catch (Facebook\Exceptions\FacebookSDKException $e)592 {593 echo 'Facebook SDK returned an error: ' . wp_kses_post($e->getMessage());594 exit;595 }596597 $user = $response->getGraphUser();598599 //var_dump($user->getFirstName());600 $user_name = $user->getName();601 $user_email = $user->getEmail();602 $user_name = $user->getName();603 $user_fname = $user->getFirstName();604 $user_lname = $user->getLastName();605 $redirection_post = $gopts->get_value_of(‘post_submission_redirection_url’);606607 if (email_exists($user_email))608 { // user is a member609 $user = get_user_by('email’, $user_email);610611 $user_id = $user->ID;612 613 $is_disabled = (int) get_user_meta($user_id, 'rm_user_status’, true);614 615 if(!$is_disabled)616 wp_set_auth_cookie($user_id, true);617 618 } else619 { // this user is a guest620 $random_password = wp_generate_password(10, false);621622 $user_id = wp_create_user($user_email, $random_password, $user_email);623624 if (!is_wp_error($user_id))625 {626 if (function_exists(‘is_multisite’) && is_multisite())627 add_user_to_blog(get_current_blog_id(), $user_id, get_option(‘default_role’));628629 update_user_meta($user_id, 'avatar_image’, ‘https://graph.facebook.com/’ . $user->getId() . ‘/picture?type=large’);630631 wp_update_user(array(632 ‘ID’ => $user_id,633 ‘display_name’ => $user_name,634 ‘first_name’ => $user_fname,635 ‘last_name’ => $user_lname636 ));637 638 //varify auto approval setting639 $auto_approval = $gopts->get_value_of(‘user_auto_approval’);640641 if($auto_approval == ‘yes’)642 {643 wp_set_auth_cookie($user_id, true);644 }645 else //Deactivate the user646 {647 update_user_meta($user_id, 'rm_user_status’, ‘1’);648 }649 }650 }651 } else652 {653 $fb = new Facebook(array(654 ‘appId’ => $fb_app_id,655 ‘secret’ => $fb_app_secret656 ));657658 $user = $fb->getUser();659660 if ($user)661 {662 $user_profile = $fb->api(‘/me?fields=id,name,email,first_name,last_name’);663 if (isset($user_profile[‘email’]))664 {665 $user_email = $user_profile[‘email’];666 $redirection_post = $gopts->get_value_of(‘post_submission_redirection_url’);667668 if (email_exists($user_email))669 { // user is a member670 $user = get_user_by('email’, $user_email);671 $user_id = $user->ID;672 $is_disabled = (int) get_user_meta($user_id, 'rm_user_status’, true);673 if(!$is_disabled)674 wp_set_auth_cookie($user_id, true);675 } else676 { // this user is a guest677 $random_password = wp_generate_password(10, false);678679 $user_id = wp_create_user($user_email, $random_password, $user_email);680 if (!is_wp_error($user_id))681 { 682683 if (function_exists(‘is_multisite’) && is_multisite())684 add_user_to_blog(get_current_blog_id(), $user_id, ‘subscriber’);685686 update_user_meta($user_id, 'avatar_image’, ‘https://graph.facebook.com/’ . $user_profile[‘id’] . ‘/picture?type=large’);687688 wp_update_user(array(689 ‘ID’ => $user_id,690 ‘display_name’ => $user_profile[‘name’],691 ‘first_name’ => $user_profile[‘first_name’],692 ‘last_name’ => $user_profile[‘last_name’]693 ));694 //varify auto approval setting695 $auto_approval = $gopts->get_value_of(‘user_auto_approval’);696697 if($auto_approval == ‘yes’)698 {699 wp_set_auth_cookie($user_id, true);700 }701 else //Deactivate the user702 {703 update_user_meta($user_id, 'rm_user_status’, ‘1’);704 }705 }706 }707 } else708 die(‘Error: Unable to fetch email address from Facebbok.’);709 }710 }711712 $rdrto = RM_Utilities::after_login_redirect($user);713 714 if(!$rdrto)715 $rdrto = apply_filters( 'login_redirect’, $redirect_to, "", $user );716717 if(!$rdrto || $rdrto == “__current_url”) {718 $rdrto = "";719 }720 721 $after_login_url = $rdrto;722 RM_Utilities::redirect($after_login_url);723 }724725 public function set_user_role($user_id, $role)726 {727 $user = new WP_User($user_id);728 $user->set_role($role);729 do_action('rm_user_role_assigned’, $user_id);730 }731732 public function reset_user_password($pass, $conf, $user_id) {733 if ($pass && $conf && $user_id) {734 if ($pass === $conf) {735 wp_set_password($pass, $user_id);736 }737 } else {738 throw new InvalidArgumentException("Invalid Argument Supplied in " . __CLASS__ . ‘::’ . __FUNCTION__);739 }740 }741742 public function create_user_activation_link($user_id) {743 if ((int) $user_id) {744 $pass = wp_generate_password(10, false);745 $activation_code = md5($pass);746747 if (!update_user_meta($user_id, 'rm_activation_code’, $activation_code))748 return false;749750 $user_data_obj = new stdClass();751 $user_data_obj->user_id = $user_id;752 $user_data_obj->activation_code = $activation_code;753754 $user_data_json = json_encode($user_data_obj);755756 $user_data_enc = urlencode(RM_Utilities::enc_str($user_data_json));757758 $user_activation_link = admin_url(‘admin-ajax.php’) . ‘?action=rm_activate_user&user=’ . $user_data_enc;759 760 return $user_activation_link;761 }762763 return false;764 }765 766 public function social_login_using_email($user_email = null, $user_fname = null, $type = null, $token = null) {767 $user_email = isset($_POST[‘email’]) ? sanitize_email($_POST[‘email’]) : $user_email;768 $user_fname = isset($_POST[‘first_name’]) ? sanitize_text_field($_POST[‘first_name’]) : $user_fname;769 $type = isset($_POST[‘type’]) ? sanitize_text_field($_POST[‘type’]) : $type;770 $login_success = false;771 $resp = array(‘code’ => 'denied’, ‘msg’ => ‘’);772 switch ($type) {773 case 'facebook’:774 $accessToken = sanitize_text_field($_POST[‘token’]);775 if(empty($accessToken))776 break;777778 $gopts = new RM_Options;779 $fb_app_id = $gopts->get_value_of(‘facebook_app_id’);780 $fb_app_secret = $gopts->get_value_of(‘facebook_app_secret’);781782 $response = wp_remote_get('https://graph.facebook.com/v2.12/me?fields=email&access_token=’.$accessToken);783 $response = json_decode(wp_remote_retrieve_body($response));784785 if(is_object($response) && isset($response->email)) {786 $user_email = $response->email;787 $login_success = true;788 }789 break;790 case 'google’:791 $login_success = $this->google_login_callback(sanitize_text_field($_POST[‘token’]));792 break;793 case 'instagram’:794 $response = wp_remote_get('https://graph.instagram.com/v12.0/me?fields=id,username&access_token=’.sanitize_text_field($_POST[‘token’]));795 $response = json_decode(wp_remote_retrieve_body($response));796 if(isset($response->username)) {797 $user_email = $response->username;798 $user_fname = '’;799 $login_success = true;800 }801 break;802 default:803 break;804 }805 if($login_success) {806 $resp[‘code’] = 'allowed’;807 } else {808 $resp[‘msg’] = __(‘Request denied’,’custom-registration-form-builder-with-submission-manager’);809 echo wp_kses_post(json_encode($resp)); die;810 }811 $user_model = new RM_User;812 $gopts = new RM_Options;813 $login_service = new RM_Login_Service();814 $user = $user_email;815 if ($user_email != null) {816 if (email_exists($user_email)) { // user is a member817 $user = get_user_by('email’, $user_email);818 $user_id = (int) $user->data->ID;819 $is_disabled = (int) get_user_meta($user_id, 'rm_user_status’, true);820821 if (!$is_disabled){822 //$login_service->insert_login_log(array(‘email’=>$user->user_email,’ip’=> $_SERVER[‘REMOTE_ADDR’],’time’=> current_time(‘timestamp’),’status’=>1,’type’=>’social:’.$type,’result’=>’success’));823 $login_service->insert_login_log(array('email’=>$user->user_email,’username_used’=>$user_email,’ip’=> $_SERVER[‘REMOTE_ADDR’],’time’=> current_time(‘timestamp’),’status’=>1,’type’=>’social’,’result’=>’success’,’social_type’=>$type));824 wp_set_auth_cookie($user_id, true);825 }826 else {827 $login_service->insert_login_log(array('email’=>$user->user_email,’username_used’=>$user_email,’ip’=> $_SERVER[‘REMOTE_ADDR’],’time’=> current_time(‘timestamp’),’status’=>0,’type’=>’social’,’result’=>’failure’,’social_type’=>$type));828 $resp[‘code’] = 'denied’;829 $resp[‘msg’] = RM_UI_Strings::get(“RM_SOCIAL_ERR_ACC_UNAPPROVED”); //"Please wait for admin’s approval before you can log in";830 }831 } else if (username_exists($user_email)) {832 $user = get_user_by('login’, $user_email);833 $user_id = (int) $user->data->ID;834 $is_disabled = (int) get_user_meta($user_id, ‘rm_user_status’, true);835 $username_used=’’;836 if($type==’instagram’){837 $username_used= $user_email;838 }839 if (!$is_disabled){840 $login_service->insert_login_log(array('email’=>$user->user_email,’username_used’=>$user_email,’ip’=> $_SERVER[‘REMOTE_ADDR’],’time’=> current_time(‘timestamp’),’status’=>1,’type’=>’social’,’result’=>’success’,’social_type’=>$type,’username_used’=>$username_used));841 wp_set_auth_cookie($user_id, true);842 }843 else {844 $login_service->insert_login_log(array('email’=>$user->user_email,’username_used’=>$user_email,’ip’=> $_SERVER[‘REMOTE_ADDR’],’time’=> current_time(‘timestamp’),’status’=>0,’type’=>’social’,’result’=>’failure’,’social_type’=>$type,’username_used’=>$username_used));845 $resp[‘code’] = 'denied’;846 $resp[‘msg’] = RM_UI_Strings::get(“RM_SOCIAL_ERR_ACC_UNAPPROVED”); //"Please wait for admin’s approval before you can log in";847 }848 } else { // this user is a guest849 $random_password = wp_generate_password(10, false);850851 $user_id = wp_create_user($user_email, $random_password, $user_email);852 if (!is_wp_error($user_id)) {853 if (function_exists(‘is_multisite’) && is_multisite())854 add_user_to_blog(get_current_blog_id(), $user_id, ‘subscriber’);855856 wp_update_user(array(857 ‘ID’ => $user_id,858 ‘display_name’ => $user_fname,859 ‘first_name’ => $user_fname860 ));861862 //varify auto approval setting863 $auto_approval = $gopts->get_value_of(‘user_auto_approval’);864865 if ($auto_approval == ‘yes’) {866 wp_set_auth_cookie($user_id, true);867 } else { //Deactivate the user868 $user_model->deactivate_user($user_id);869 $user_service = new RM_User_Services;870 $link = $user_service->create_user_activation_link($user_id);871 $user_info = get_userdata($user_id);872 $required_params = new stdClass();873 $required_params->email = $user_email;874 $required_params->username = $user_info->display_name;875 //required_params->form_id= $form_id; 876877 $required_params->link = $link;878879 // ob_start(); var_dump('datas’,$auto_approval,$link,$required_params->email, $required_params->link); $out=ob_get_clean(); error_log($out); 880881 RM_Email_Service::notify_admin_to_activate_user($required_params);882883884885 $resp[‘code’] = 'denied’;886 $resp[‘msg’] = RM_UI_Strings::get(“RM_SOCIAL_ERR_NEW_ACC_UNAPPROVED”); //"Account has been created. Please wait for admin’s approval before you can log in";887 }888889 /* if ($auto_approval != “yes”) {890 $this->deactivate_user_by_id($user_id);891 }892 else{893 $this->activate_user_by_id($user_id);} */894895 /*896 error_log(‘niku’);897 if($auto_approval != “yes”){898899 $link = $this->create_user_activation_link($user_id);900 $required_params = new stdClass();901 $required_params->email = $user;902 // $required_params->form_id= $form_id;903904 $required_params->link = $link;905906 ob_start(); var_dump('datas’,$auto_approval,$link,$required_params->email, $required_params->link); $out=ob_get_clean(); error_log($out);907908 RM_Email_Service::notify_admin_to_activate_user($required_params);909 } */910 }911 }912913 $rdrto = RM_Utilities::after_login_redirect($user);914915 if (!$rdrto)916 $rdrto = apply_filters('login_redirect’, $redirect_to, "", $user);917918 if (!$rdrto || $rdrto == “__current_url”) {919 $rdrto = "";920 }921922 $after_login_url = $rdrto;923 924 if ($resp[‘code’] == ‘allowed’)925 $resp[‘msg’] = $after_login_url;926927 echo wp_kses_post(json_encode($resp));928929 die;930 }931 }932 933 public function social_login_using_email_direct($user_email = null, $user_fname = null, $type = null) {934 $user_email = sanitize_email($user_email);935 $user_fname = sanitize_text_field($user_fname);936 $type = sanitize_text_field($type);937 $user_model = new RM_User;938 $gopts = new RM_Options;939 $login_service = new RM_Login_Service();940 $user = $user_email;941 $resp = array(‘code’ => 'allowed’, ‘msg’ => ‘’);942 if ($user_email != null) {943 if (email_exists($user_email)) { // user is a member944 $user = get_user_by('email’, $user_email);945 $user_id = (int) $user->data->ID;946 $is_disabled = (int) get_user_meta($user_id, 'rm_user_status’, true);947948 if (!$is_disabled){949 //$login_service->insert_login_log(array(‘email’=>$user->user_email,’ip’=> $_SERVER[‘REMOTE_ADDR’],’time’=> current_time(‘timestamp’),’status’=>1,’type’=>’social:’.$type,’result’=>’success’));950 $login_service->insert_login_log(array('email’=>$user->user_email,’username_used’=>$user_email,’ip’=> $_SERVER[‘REMOTE_ADDR’],’time’=> current_time(‘timestamp’),’status’=>1,’type’=>’social’,’result’=>’success’,’social_type’=>$type));951 wp_set_auth_cookie($user_id, true);952 }953 else {954 $login_service->insert_login_log(array('email’=>$user->user_email,’username_used’=>$user_email,’ip’=> $_SERVER[‘REMOTE_ADDR’],’time’=> current_time(‘timestamp’),’status’=>0,’type’=>’social’,’result’=>’failure’,’social_type’=>$type));955 $resp[‘code’] = 'denied’;956 $resp[‘msg’] = RM_UI_Strings::get(“RM_SOCIAL_ERR_ACC_UNAPPROVED”); //"Please wait for admin’s approval before you can log in";957 }958 } else if (username_exists($user_email)) {959 $user = get_user_by('login’, $user_email);960 $user_id = (int) $user->data->ID;961 $is_disabled = (int) get_user_meta($user_id, ‘rm_user_status’, true);962 $username_used=’’;963 if($type==’instagram’){964 $username_used= $user_email;965 }966 if (!$is_disabled){967 $login_service->insert_login_log(array('email’=>$user->user_email,’username_used’=>$user_email,’ip’=> $_SERVER[‘REMOTE_ADDR’],’time’=> current_time(‘timestamp’),’status’=>1,’type’=>’social’,’result’=>’success’,’social_type’=>$type,’username_used’=>$username_used));968 wp_set_auth_cookie($user_id, true);969 }970 else {971 $login_service->insert_login_log(array('email’=>$user->user_email,’username_used’=>$user_email,’ip’=> $_SERVER[‘REMOTE_ADDR’],’time’=> current_time(‘timestamp’),’status’=>0,’type’=>’social’,’result’=>’failure’,’social_type’=>$type,’username_used’=>$username_used));972 $resp[‘code’] = 'denied’;973 $resp[‘msg’] = RM_UI_Strings::get(“RM_SOCIAL_ERR_ACC_UNAPPROVED”); //"Please wait for admin’s approval before you can log in";974 }975 } else { // this user is a guest976 $random_password = wp_generate_password(10, false);977978 $user_id = wp_create_user($user_email, $random_password, $user_email);979 if (!is_wp_error($user_id)) {980 if (function_exists(‘is_multisite’) && is_multisite())981 add_user_to_blog(get_current_blog_id(), $user_id, ‘subscriber’);982983 wp_update_user(array(984 ‘ID’ => $user_id,985 ‘display_name’ => $user_fname,986 ‘first_name’ => $user_fname987 ));988989 //varify auto approval setting990 $auto_approval = $gopts->get_value_of(‘user_auto_approval’);991992 if ($auto_approval == ‘yes’) {993 wp_set_auth_cookie($user_id, true);994 } else { //Deactivate the user995 $user_model->deactivate_user($user_id);996 $user_service = new RM_User_Services;997 $link = $user_service->create_user_activation_link($user_id);998 $user_info = get_userdata($user_id);999 $required_params = new stdClass();1000 $required_params->email = $user_email;1001 $required_params->username = $user_info->display_name;1002 //required_params->form_id= $form_id; 10031004 $required_params->link = $link;10051006 // ob_start(); var_dump('datas’,$auto_approval,$link,$required_params->email, $required_params->link); $out=ob_get_clean(); error_log($out); 10071008 RM_Email_Service::notify_admin_to_activate_user($required_params);1009101010111012 $resp[‘code’] = 'denied’;1013 $resp[‘msg’] = RM_UI_Strings::get(“RM_SOCIAL_ERR_NEW_ACC_UNAPPROVED”); //"Account has been created. Please wait for admin’s approval before you can log in";1014 }10151016 }1017 }10181019 $rdrto = RM_Utilities::after_login_redirect($user);10201021 if (!$rdrto)1022 $rdrto = apply_filters('login_redirect’, $redirect_to, "", $user);10231024 if (!$rdrto || $rdrto == “__current_url”) {1025 $rdrto = "";1026 }10271028 $after_login_url = $rdrto;1029 1030 if ($resp[‘code’] == ‘allowed’) {1031 if(empty($after_login_url))1032 RM_Utilities::redirect(get_permalink());1033 else1034 RM_Utilities::redirect($after_login_url);1035 } else {1036 echo wp_kses_post($resp[‘msg’]);1037 }1038 }1039 }1040 1041 public function get_twitter_keys() {1042 if(defined(‘REGMAGIC_ADDON’)) {1043 $addon_service = new RM_User_Services_Addon();1044 return $addon_service->get_twitter_keys($this);1045 }1046 }10471048 public function get_instagram_user() {1049 if(defined(‘REGMAGIC_ADDON’)) {1050 $addon_service = new RM_User_Services_Addon();1051 return $addon_service->get_instagram_user($this);1052 }1053 }1054 1055 public function auto_login_by_id($user_id){1056 if(defined(‘REGMAGIC_ADDON’)) {1057 $addon_service = new RM_User_Services_Addon();1058 return $addon_service->auto_login_by_id($user_id, $this);1059 }1060 }1061 1062 public function get_user_meta_dropdown(){1063 $metas= array();1064 $rows= RM_DBManager::get_all_user_meta();1065 foreach($rows as $row){1066 array_push($metas,$row->meta_key);1067 }1068 return $metas;1069 }10701071}