of active members. */ return apply_filters( 'bp_core_get_active_member_count', $count ); } /** * Update the spam status of the member on multisite configs. * * @since 5.0.0 * * @param int $user_id The user ID to spam or ham. * @param int $value 0 to mark the user as `ham`, 1 to mark as `spam`. * @return bool True if the spam status of the member changed. * False otherwise. */ function bp_core_update_member_status( $user_id = 0, $value = 0 ) { if ( ! is_multisite() || ! $user_id ) { return false; } /** * The `update_user_status()` function is deprecated since WordPress 5.3.0. * Continue to use it if WordPress current major version is lower than 5.3. */ if ( bp_get_major_wp_version() < 5.3 ) { return update_user_status( $user_id, 'spam', $value ); } // Otherwise use the replacement function. $user = wp_update_user( array( 'ID' => $user_id, 'spam' => $value, ) ); if ( is_wp_error( $user ) ) { return false; } return true; } /** * Process a spammed or unspammed user. * * This function is called from three places: * * - in bp_settings_action_capabilities() (from the front-end) * - by bp_core_mark_user_spam_admin() (from wp-admin) * - bp_core_mark_user_ham_admin() (from wp-admin) * * @since 1.6.0 * * @global wpdb $wpdb WordPress database object. * * @param int $user_id The ID of the user being spammed/hammed. * @param string $status 'spam' if being marked as spam, 'ham' otherwise. * @param bool $do_wp_cleanup Optional. True to force the cleanup of WordPress content * and status, otherwise false. Generally, this should * only be false if WordPress is expected to have * performed this cleanup independently, as when hooked * to 'make_spam_user'. * @return bool True on success, false on failure. */ function bp_core_process_spammer_status( $user_id, $status, $do_wp_cleanup = true ) { global $wpdb; // Bail if no user ID. if ( empty( $user_id ) ) { return; } // Bail if user ID is super admin. if ( is_super_admin( $user_id ) ) { return; } // Get the functions file. if ( is_multisite() ) { require_once( ABSPATH . 'wp-admin/includes/ms.php' ); } $is_spam = ( 'spam' == $status ); // Only you can prevent infinite loops. remove_action( 'make_spam_user', 'bp_core_mark_user_spam_admin' ); remove_action( 'make_ham_user', 'bp_core_mark_user_ham_admin' ); // Force the cleanup of WordPress content and status for multisite configs. if ( $do_wp_cleanup ) { // Mark blogs as spam if the user is the sole admin of a site. if ( is_multisite() ) { /* * No native function to fetch a user's blogs by role, so do it manually. * * This logic is mostly copied from get_blogs_of_user(). */ $meta = get_user_meta( $user_id ); foreach ( $meta as $key => $val ) { if ( 'capabilities' !== substr( $key, -12 ) ) { continue; } if ( $wpdb->base_prefix && 0 !== strpos( $key, $wpdb->base_prefix ) ) { continue; } $site_id = str_replace( array( $wpdb->base_prefix, '_capabilities' ), '', $key ); if ( ! is_numeric( $site_id ) ) { continue; } $site_id = (int) $site_id; // Do not mark the main or current root blog as spam. if ( 1 === $site_id || bp_get_root_blog_id() === $site_id ) { continue; } // Now, do check for administrator role. $role = maybe_unserialize( $val ); if ( empty( $role['administrator'] ) ) { continue; } // Check if the site has more than 1 admin. If so, bail. $counts = count_users( 'time', $site_id ); if ( empty( $counts['avail_roles']['administrator'] ) || $counts['avail_roles']['administrator'] > 1 ) { continue; } // Now we can spam the blog. update_blog_status( $site_id, 'spam', $is_spam ); } } // Finally, mark this user as a spammer. bp_core_update_member_status( $user_id, $is_spam ); } // Update the user status. $wpdb->update( $wpdb->users, array( 'user_status' => $is_spam ), array( 'ID' => $user_id ) ); // Clean user cache. clean_user_cache( $user_id ); if ( ! is_multisite() ) { // Call multisite actions in single site mode for good measure. if ( true === $is_spam ) { /** * Fires at end of processing spammer in Dashboard if not multisite and user is spam. * * @since 1.5.0 * * @param int $value user ID. */ do_action( 'make_spam_user', $user_id ); } else { /** * Fires at end of processing spammer in Dashboard if not multisite and user is not spam. * * @since 1.5.0 * * @param int $value user ID. */ do_action( 'make_ham_user', $user_id ); } } // Hide this user's activity. if ( ( true === $is_spam ) && bp_is_active( 'activity' ) ) { bp_activity_hide_user_activity( $user_id ); } // We need a special hook for is_spam so that components can delete data at spam time. if ( true === $is_spam ) { /** * Fires at the end of the process spammer process if the user is spam. * * @since 1.5.0 * * @param int $value Displayed user ID. */ do_action( 'bp_make_spam_user', $user_id ); } else { /** * Fires at the end of the process spammer process if the user is not spam. * * @since 1.5.0 * * @param int $value Displayed user ID. */ do_action( 'bp_make_ham_user', $user_id ); } /** * Fires at the end of the process for hanlding spammer status. * * @since 1.5.5 * * @param int $user_id ID of the processed user. * @param bool $is_spam The determined spam status of processed user. */ do_action( 'bp_core_process_spammer_status', $user_id, $is_spam ); // Put things back how we found them. add_action( 'make_spam_user', 'bp_core_mark_user_spam_admin' ); add_action( 'make_ham_user', 'bp_core_mark_user_ham_admin' ); return true; } /** * Hook to WP's make_spam_user and run our custom BP spam functions. * * @since 1.6.0 * * @param int $user_id The user ID passed from the make_spam_user hook. */ function bp_core_mark_user_spam_admin( $user_id ) { bp_core_process_spammer_status( $user_id, 'spam', false ); } add_action( 'make_spam_user', 'bp_core_mark_user_spam_admin' ); /** * Hook to WP's make_ham_user and run our custom BP spam functions. * * @since 1.6.0 * * @param int $user_id The user ID passed from the make_ham_user hook. */ function bp_core_mark_user_ham_admin( $user_id ) { bp_core_process_spammer_status( $user_id, 'ham', false ); } add_action( 'make_ham_user', 'bp_core_mark_user_ham_admin' ); /** * Check whether a user has been marked as a spammer. * * @since 1.6.0 * * @global BP_Core_Members_Template $members_template The Members template loop class. * * @param int $user_id The ID for the user. * @return bool True if spammer, otherwise false. */ function bp_is_user_spammer( $user_id = 0 ) { // No user to check. if ( empty( $user_id ) ) { return false; } $bp = buddypress(); // Assume user is not spam. $is_spammer = false; // Setup our user. $user = false; // Get locally-cached data if available. switch ( $user_id ) { case bp_loggedin_user_id() : $user = ! empty( $bp->loggedin_user->userdata ) ? $bp->loggedin_user->userdata : false; break; case bp_displayed_user_id() : $user = ! empty( $bp->displayed_user->userdata ) ? $bp->displayed_user->userdata : false; break; case bp_get_member_user_id() : global $members_template; $user = isset( $members_template ) && isset( $members_template->member ) ? $members_template->member : false; break; } // Manually get userdata if still empty. if ( empty( $user ) ) { $user = get_userdata( $user_id ); } // No user found. if ( empty( $user ) ) { $is_spammer = false; // User found. } else { // Check if spam. if ( !empty( $user->spam ) ) { $is_spammer = true; } if ( 1 == $user->user_status ) { $is_spammer = true; } } /** * Filters whether a user is marked as a spammer. * * @since 1.6.0 * * @param bool $is_spammer Whether or not user is marked as spammer. * @param \WP_User $user The user to which we are acting on. */ return apply_filters( 'bp_is_user_spammer', (bool) $is_spammer, $user ); } /** * Check whether a user has been marked as deleted. * * @since 1.6.0 * * @param int $user_id The ID for the user. * @return bool True if deleted, otherwise false. */ function bp_is_user_deleted( $user_id = 0 ) { // No user to check. if ( empty( $user_id ) ) { return false; } $bp = buddypress(); // Assume user is not deleted. $is_deleted = false; // Setup our user. $user = false; // Get locally-cached data if available. switch ( $user_id ) { case bp_loggedin_user_id() : $user = ! empty( $bp->loggedin_user->userdata ) ? $bp->loggedin_user->userdata : false; break; case bp_displayed_user_id() : $user = ! empty( $bp->displayed_user->userdata ) ? $bp->displayed_user->userdata : false; break; } // Manually get userdata if still empty. if ( empty( $user ) ) { $user = get_userdata( $user_id ); } // No user found. if ( empty( $user ) ) { $is_deleted = true; // User found. } else { // Check if deleted. if ( !empty( $user->deleted ) ) { $is_deleted = true; } if ( 2 == $user->user_status ) { $is_deleted = true; } } /** * Filters whether a user is marked as deleted. * * @since 1.6.0 * * @param bool $is_deleted Whether or not user is marked as deleted. * @param \WP_User $user The user to which we are acting on. */ return apply_filters( 'bp_is_user_deleted', (bool) $is_deleted, $user ); } /** * Check whether a user is "active", ie neither deleted nor spammer. * * @since 1.6.0 * * @param int $user_id Optional. The user ID to check. * @return bool True if active, otherwise false. */ function bp_is_user_active( $user_id = 0 ) { // Default to current user. if ( empty( $user_id ) && is_user_logged_in() ) { $user_id = bp_loggedin_user_id(); } // No user to check. if ( empty( $user_id ) ) { return false; } // Check spam. if ( bp_is_user_spammer( $user_id ) ) { return false; } // Check deleted. if ( bp_is_user_deleted( $user_id ) ) { return false; } // Assume true if not spam or deleted. return true; } /** * Check whether user is not active. * * @since 1.6.0 * * @param int $user_id Optional. The user ID to check. * @return bool True if inactive, otherwise false. */ function bp_is_user_inactive( $user_id = 0 ) { // Return the inverse of active. return ! bp_is_user_active( $user_id ); } /** * Update a user's last activity. * * @since 1.9.0 * @since 7.0.0 Backward compatibility usermeta mirroring is only allowed if the * legacy user query is enabled. * * @param int $user_id Optional. ID of the user being updated. * @param string $time Optional. Time of last activity, in 'Y-m-d H:i:s' format. * @return bool True on success, false on failure. */ function bp_update_user_last_activity( $user_id = 0, $time = '' ) { // Fall back on current user. if ( empty( $user_id ) ) { $user_id = bp_loggedin_user_id(); } // Bail if the user id is 0, as there's nothing to update. if ( empty( $user_id ) ) { return false; } // Fall back on current time. if ( empty( $time ) ) { $time = bp_core_current_time(); } /** This filter is documented in bp_core_get_users() */ $use_legacy_query = apply_filters( 'bp_use_legacy_user_query', false, __FUNCTION__, [ 'user_id' => $user_id ] ); /* * As of BuddyPress 2.0, last_activity is no longer stored in usermeta. * However, we mirror it there for backward compatibility. Do not use! * * As of BuddyPress 7.0, mirroring is only allowed if the legacy user * query is enabled. */ if ( $use_legacy_query ) { remove_filter( 'update_user_metadata', '_bp_update_user_meta_last_activity_warning', 10 ); remove_filter( 'get_user_metadata', '_bp_get_user_meta_last_activity_warning', 10 ); bp_update_user_meta( $user_id, 'last_activity', $time ); add_filter( 'update_user_metadata', '_bp_update_user_meta_last_activity_warning', 10, 4 ); add_filter( 'get_user_metadata', '_bp_get_user_meta_last_activity_warning', 10, 4 ); } return BP_Core_User::update_last_activity( $user_id, $time ); } /** * Backward compatibility for 'last_activity' usermeta fetching. * * In BuddyPress 2.0, user last_activity data was moved out of usermeta. For * backward compatibility, we continue to mirror the data there. This function * serves two purposes: it warns plugin authors of the change, and it returns * the data from the proper location. * * @since 2.0.0 * @since 2.9.3 Added the `$single` parameter. * * @access private For internal use only. * * @param null $retval Null retval value. * @param int $object_id ID of the user. * @param string $meta_key Meta key being fetched. * @param bool $single Whether a single key is being fetched (vs an array). * @return string|null */ function _bp_get_user_meta_last_activity_warning( $retval, $object_id, $meta_key, $single ) { static $warned = false; if ( 'last_activity' === $meta_key ) { // Don't send the warning more than once per pageload. if ( false === $warned ) { _doing_it_wrong( 'get_user_meta( $user_id, \'last_activity\' )', __( 'User last_activity data is no longer stored in usermeta. Use bp_get_user_last_activity() instead.', 'buddypress' ), '2.0.0' ); $warned = true; } $user_last_activity = bp_get_user_last_activity( $object_id ); if ( $single ) { return $user_last_activity; } else { return array( $user_last_activity ); } } return $retval; } add_filter( 'get_user_metadata', '_bp_get_user_meta_last_activity_warning', 10, 4 ); /** * Backward compatibility for 'last_activity' usermeta setting. * * In BuddyPress 2.0, user last_activity data was moved out of usermeta. For * backward compatibility, we continue to mirror the data there. This function * serves two purposes: it warns plugin authors of the change, and it updates * the data in the proper location. * * @since 2.0.0 * * @access private For internal use only. * * @param int $meta_id ID of the just-set usermeta row. * @param int $object_id ID of the user. * @param string $meta_key Meta key being fetched. * @param string $meta_value Active time. */ function _bp_update_user_meta_last_activity_warning( $meta_id, $object_id, $meta_key, $meta_value ) { if ( 'last_activity' === $meta_key ) { _doing_it_wrong( 'update_user_meta( $user_id, \'last_activity\' )', __( 'User last_activity data is no longer stored in usermeta. Use bp_update_user_last_activity() instead.', 'buddypress' ), '2.0.0' ); bp_update_user_last_activity( $object_id, $meta_value ); } } add_filter( 'update_user_metadata', '_bp_update_user_meta_last_activity_warning', 10, 4 ); /** * Get the last activity for a given user. * * @since 1.9.0 * * @param int $user_id The ID of the user. * @return string Time of last activity, in 'Y-m-d H:i:s' format, or an empty * string if none is found. */ function bp_get_user_last_activity( $user_id = 0 ) { $activity = ''; $last_activity = BP_Core_User::get_last_activity( $user_id ); if ( ! empty( $last_activity[ $user_id ] ) ) { $activity = $last_activity[ $user_id ]['date_recorded']; } /** * Filters the last activity for a given user. * * @since 1.9.0 * * @param string $activity Time of last activity, in 'Y-m-d H:i:s' format or * an empty string if none found. * @param int $user_id ID of the user being checked. */ return apply_filters( 'bp_get_user_last_activity', $activity, $user_id ); } /** * Migrate last_activity data from the usermeta table to the activity table. * * Generally, this function is only run when BP is upgraded to 2.0. It can also * be called directly from the BuddyPress Tools panel. * * @since 2.0.0 * @global wpdb $wpdb WordPress database object. * * @return bool */ function bp_last_activity_migrate() { global $wpdb; $bp = buddypress(); // Wipe out existing last_activity data in the activity table - // this helps to prevent duplicates when pulling from the usermeta // table. $wpdb->query( $wpdb->prepare( "DELETE FROM {$bp->members->table_name_last_activity} WHERE component = %s AND type = 'last_activity'", $bp->members->id ) ); $sql = "INSERT INTO {$bp->members->table_name_last_activity} (`user_id`, `component`, `type`, `action`, `content`, `primary_link`, `item_id`, `date_recorded` ) ( SELECT user_id, '{$bp->members->id}' as component, 'last_activity' as type, '' as action, '' as content, '' as primary_link, 0 as item_id, meta_value AS date_recorded FROM {$wpdb->usermeta} WHERE meta_key = 'last_activity' );"; return $wpdb->query( $sql ); } /** * Process account deletion requests. * * Primarily used for self-deletions, as requested through Settings. * * @since 1.0.0 * * @param int $user_id Optional. ID of the user to be deleted. Default: the * logged-in user. * @return bool True on success, false on failure. */ function bp_core_delete_account( $user_id = 0 ) { // Use logged in user ID if none is passed. if ( empty( $user_id ) ) { $user_id = bp_loggedin_user_id(); } // Site admins cannot be deleted. if ( is_super_admin( $user_id ) ) { return false; } // Extra checks if user is not deleting themselves. if ( bp_loggedin_user_id() !== absint( $user_id ) ) { // Bail if current user cannot delete any users. if ( ! bp_current_user_can( 'delete_users' ) ) { return false; } // Bail if current user cannot delete this user. if ( ! current_user_can_for_blog( bp_get_root_blog_id(), 'delete_user', $user_id ) ) { return false; } } /** * Fires before the processing of an account deletion. * * @since 1.6.0 * * @param int $user_id ID of the user account being deleted. */ do_action( 'bp_core_pre_delete_account', $user_id ); // Specifically handle multi-site environment. if ( is_multisite() ) { require_once( ABSPATH . '/wp-admin/includes/ms.php' ); require_once( ABSPATH . '/wp-admin/includes/user.php' ); $retval = wpmu_delete_user( $user_id ); // Single site user deletion. } else { require_once( ABSPATH . '/wp-admin/includes/user.php' ); $retval = wp_delete_user( $user_id ); } /** * Fires after the deletion of an account. * * @since 1.6.0 * * @param int $user_id ID of the user account that was deleted. */ do_action( 'bp_core_deleted_account', $user_id ); return $retval; } /** * Determines whether user data should be removed on the 'delete_user' hook. * * WordPress's 'delete_user' hook is ambiguous: on a standard installation, it means that a user * account is being removed from the system, while on Multisite it simply means the user is * being removed from a specific site (ie its roles are being revoked). As a rule, this means * that BuddyPress should remove user data on the delete_user hook only on non-Multisite * installations - only when the user account is being removed altogether. However, this behavior * can be filtered in a global, per-user, or per-component fashion. * * @since 6.0.0 * * @param string $data_type Type of data to be removed. * @param int $user_id ID of the user, as passed to 'delete_user'. * @return bool */ function bp_remove_user_data_on_delete_user_hook( $component, $user_id ) { $remove = ! is_multisite(); /** * Filters whether to remove user data on the 'delete_user' hook. * * @param bool $remove Whether data should be removed. * @param string $data_type Type of data to be removed. * @param int $user_id ID of the user, as passed to 'delete_user'. */ return apply_filters( 'bp_remove_user_data_on_delete_user_hook', $remove, $component, $user_id ); } /** * Delete a user's avatar when the user is deleted. * * @since 1.9.0 * * @param int $user_id ID of the user who is about to be deleted. * @return bool True on success, false on failure. */ function bp_core_delete_avatar_on_user_delete( $user_id ) { return bp_core_delete_existing_avatar( array( 'item_id' => $user_id, 'object' => 'user', ) ); } add_action( 'wpmu_delete_user', 'bp_core_delete_avatar_on_user_delete' ); /** * Deletes last_activity data on the 'delete_user' hook. * * @since 6.0.0 * * @param int $user_id The ID of the deleted user. */ function bp_core_delete_avatar_on_delete_user( $user_id ) { if ( ! bp_remove_user_data_on_delete_user_hook( 'avatar', $user_id ) ) { return; } bp_core_delete_avatar_on_user_delete( $user_id ); } add_action( 'delete_user', 'bp_core_delete_avatar_on_delete_user' ); /** * Multibyte-safe ucfirst() support. * * Uses multibyte functions when available on the PHP build. * * @since 1.0.0 * * @param string $str String to be upper-cased. * @return string */ function bp_core_ucfirst( $str ) { if ( function_exists( 'mb_strtoupper' ) && function_exists( 'mb_substr' ) ) { $fc = mb_strtoupper( mb_substr( $str, 0, 1 ) ); return $fc.mb_substr( $str, 1 ); } else { return ucfirst( $str ); } } /** * Prevent spammers from logging in. * * When a user logs in, check if they have been marked as a spammer. If yes * then simply redirect them to the home page and stop them from logging in. * * @since 1.1.2 * * @param WP_User|WP_Error $user Either the WP_User object or the WP_Error * object, as passed to the 'authenticate' filter. * @return WP_User|WP_Error If the user is not a spammer, return the WP_User * object. Otherwise a new WP_Error object. */ function bp_core_boot_spammer( $user ) { // Check to see if the $user has already failed logging in, if so return $user as-is. if ( is_wp_error( $user ) || empty( $user ) ) { return $user; } // The user exists; now do a check to see if the user is a spammer // if the user is a spammer, stop them in their tracks! if ( is_a( $user, 'WP_User' ) && ( ( is_multisite() && (int) $user->spam ) || 1 == $user->user_status ) ) { return new WP_Error( 'invalid_username', __( 'Error: Your account has been marked as a spammer.', 'buddypress' ) ); } // User is good to go! return $user; } add_filter( 'authenticate', 'bp_core_boot_spammer', 30 ); /** * Delete last_activity data for the user when the user is deleted. * * @since 1.0.0 * * @param int $user_id The user ID for the user to delete usermeta for. */ function bp_core_remove_data( $user_id ) { // Remove last_activity data. BP_Core_User::delete_last_activity( $user_id ); // Flush the cache to remove the user from all cached objects. wp_cache_flush(); } add_action( 'wpmu_delete_user', 'bp_core_remove_data' ); add_action( 'bp_make_spam_user', 'bp_core_remove_data' ); /** * Deletes last_activity data on the 'delete_user' hook. * * @since 6.0.0 * * @param int $user_id The ID of the deleted user. */ function bp_core_remove_data_on_delete_user( $user_id ) { if ( ! bp_remove_user_data_on_delete_user_hook( 'last_activity', $user_id ) ) { return; } bp_core_remove_data( $user_id ); } add_action( 'delete_user', 'bp_core_remove_data_on_delete_user' ); /** * Check whether the logged-in user can edit settings for the displayed user. * * @since 1.5.0 * * @return bool True if editing is allowed, otherwise false. */ function bp_core_can_edit_settings() { $status = false; if ( bp_is_my_profile() ) { $status = true; } elseif ( is_super_admin( bp_displayed_user_id() ) && ! is_super_admin() ) { $status = false; } elseif ( bp_current_user_can( 'bp_moderate' ) || current_user_can( 'edit_users' ) ) { $status = true; } /** * Filters the status of whether the logged-in user can edit settings for the displayed user or not. * * @since 2.8.0 * * @param bool True if editing is allowed, otherwise false. */ return apply_filters( 'bp_core_can_edit_settings', $status ); } /** Sign-up *******************************************************************/ /** * Flush illegal names by getting and setting 'illegal_names' site option. * * @since 1.2.5 */ function bp_core_flush_illegal_names() { $illegal_names = get_site_option( 'illegal_names' ); update_site_option( 'illegal_names', $illegal_names ); } /** * Add BuddyPress-specific items to the illegal_names array. * * @since 1.2.7 * * @param array|string $value Illegal names as being saved defined in * Multisite settings. * @return array Merged and unique array of illegal names. */ function bp_core_get_illegal_names( $value = '' ) { // Make sure $value is array. if ( empty( $value ) ) { $db_illegal_names = array(); } if ( is_array( $value ) ) { $db_illegal_names = $value; } elseif ( is_string( $value ) ) { $db_illegal_names = explode( ' ', $value ); } // Add the core components' slugs to the banned list even if their components aren't active. $bp_component_slugs = array( 'groups', 'members', 'forums', 'blogs', 'activity', 'profile', 'friends', 'search', 'settings', 'notifications', 'register', 'activate', ); // @todo replace slug constants with custom slugs. $slug_constants = array( 'BP_FORUMS_SLUG', 'BP_SEARCH_SLUG', ); foreach ( $slug_constants as $constant ) { if ( defined( $constant ) ) { $bp_component_slugs[] = constant( $constant ); } } /** * Filters the array of default illegal usernames. * * @since 1.2.2 * * @param array $value Merged and unique array of illegal usernames. */ $filtered_illegal_names = apply_filters( 'bp_core_illegal_usernames', array_merge( array( 'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator' ), $bp_component_slugs ) ); /** * Filters the list of illegal usernames from WordPress. * * @since 3.0 * * @param array Array of illegal usernames. */ $wp_filtered_illegal_names = apply_filters( 'illegal_user_logins', array() ); // First merge BuddyPress illegal names. $bp_merged_names = array_merge( (array) $filtered_illegal_names, (array) $db_illegal_names ); // Then merge WordPress and BuddyPress illegal names. $merged_names = array_merge( (array) $wp_filtered_illegal_names, (array) $bp_merged_names ); // Remove duplicates. $illegal_names = array_unique( (array) $merged_names ); /** * Filters the array of default illegal names. * * @since 1.2.5 * * @param array $value Merged and unique array of illegal names. */ return apply_filters( 'bp_core_illegal_names', $illegal_names ); } add_filter( 'pre_update_site_option_illegal_names', 'bp_core_get_illegal_names' ); /** * Check that an email address is valid for use. * * Performs the following checks: * - Is the email address well-formed? * - Is the email address already used? * - If there are disallowed email domains, is the current domain among them? * - If there's an email domain whitelest, is the current domain on it? * * @since 1.6.2 * * @param string $user_email The email being checked. * @return bool|array True if the address passes all checks; otherwise an array * of error codes. */ function bp_core_validate_email_address( $user_email ) { $errors = array(); $user_email = sanitize_email( $user_email ); // Is the email well-formed? if ( ! is_email( $user_email ) ) { $errors['invalid'] = 1; } // Is the email on the Banned Email Domains list? // Note: This check only works on Multisite. if ( function_exists( 'is_email_address_unsafe' ) && is_email_address_unsafe( $user_email ) ) { $errors['domain_banned'] = 1; } // Is the email on the Limited Email Domains list? // Note: This check only works on Multisite. $limited_email_domains = get_site_option( 'limited_email_domains' ); if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) { $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) ); if ( ! in_array( $emaildomain, $limited_email_domains ) ) { $errors['domain_not_allowed'] = 1; } } // Is the email alreday in use? if ( email_exists( $user_email ) ) { $errors['in_use'] = 1; } $retval = ! empty( $errors ) ? $errors : true; return $retval; } /** * Add the appropriate errors to a WP_Error object, given results of a validation test. * * Functions like bp_core_validate_email_address() return a structured array * of error codes. bp_core_add_validation_error_messages() takes this array and * parses, adding the appropriate error messages to the WP_Error object. * * @since 1.7.0 * * @see bp_core_validate_email_address() * * @param WP_Error $errors WP_Error object. * @param array $validation_results The return value of a validation function * like bp_core_validate_email_address(). */ function bp_core_add_validation_error_messages( WP_Error $errors, $validation_results ) { if ( ! empty( $validation_results['invalid'] ) ) { $errors->add( 'user_email', __( 'Please check your email address.', 'buddypress' ) ); } if ( ! empty( $validation_results['domain_banned'] ) ) { $errors->add( 'user_email', __( 'Sorry, that email address is not allowed!', 'buddypress' ) ); } if ( ! empty( $validation_results['domain_not_allowed'] ) ) { $errors->add( 'user_email', __( 'Sorry, that email address is not allowed!', 'buddypress' ) ); } if ( ! empty( $validation_results['in_use'] ) ) { $errors->add( 'user_email', __( 'Sorry, that email address is already used!', 'buddypress' ) ); } } /** * Validate a user name and email address when creating a new user. * * @since 1.2.2 * * @param string $user_name Username to validate. * @param string $user_email Email address to validate. * @return array Results of user validation including errors, if any. */ function bp_core_validate_user_signup( $user_name, $user_email ) { // Make sure illegal names include BuddyPress slugs and values. bp_core_flush_illegal_names(); // WordPress Multisite has its own validation. Use it, so that we // properly mirror restrictions on username, etc. if ( function_exists( 'wpmu_validate_user_signup' ) ) { $result = wpmu_validate_user_signup( $user_name, $user_email ); // When not running Multisite, we perform our own validation. What // follows reproduces much of the logic of wpmu_validate_user_signup(), // minus the multisite-specific restrictions on user_login. } else { $errors = new WP_Error(); /** * Filters the username before being validated. * * @since 1.5.5 * * @param string $user_name Username to validate. */ $user_name = apply_filters( 'pre_user_login', $user_name ); // User name can't be empty. if ( empty( $user_name ) ) { $errors->add( 'user_name', __( 'Please enter a username', 'buddypress' ) ); } // User name can't be on the list of illegal names. $illegal_names = get_site_option( 'illegal_names' ); if ( in_array( $user_name, (array) $illegal_names ) ) { $errors->add( 'user_name', __( 'That username is not allowed', 'buddypress' ) ); } // User name must pass WP's validity check. if ( ! validate_username( $user_name ) ) { $errors->add( 'user_name', __( 'Usernames can contain only letters, numbers, ., -, and @', 'buddypress' ) ); } // Minimum of 4 characters. if ( strlen( $user_name ) < 4 ) { $errors->add( 'user_name', __( 'Username must be at least 4 characters', 'buddypress' ) ); } // No underscores. @todo Why not? if ( false !== strpos( ' ' . $user_name, '_' ) ) { $errors->add( 'user_name', __( 'Sorry, usernames may not contain the character "_"!', 'buddypress' ) ); } // No usernames that are all numeric. @todo Why? $match = array(); preg_match( '/[0-9]*/', $user_name, $match ); if ( $match[0] == $user_name ) { $errors->add( 'user_name', __( 'Sorry, usernames must have letters too!', 'buddypress' ) ); } // Check into signups. $signups = BP_Signup::get( array( 'user_login' => $user_name, ) ); $signup = isset( $signups['signups'] ) && ! empty( $signups['signups'][0] ) ? $signups['signups'][0] : false; // Check if the username has been used already. if ( username_exists( $user_name ) || ! empty( $signup ) ) { $errors->add( 'user_name', __( 'Sorry, that username already exists!', 'buddypress' ) ); } // Validate the email address and process the validation results into // error messages. $validate_email = bp_core_validate_email_address( $user_email ); bp_core_add_validation_error_messages( $errors, $validate_email ); // Assemble the return array. $result = array( 'user_name' => $user_name, 'user_email' => $user_email, 'errors' => $errors, ); // Apply WPMU legacy filter. $result = apply_filters( 'wpmu_validate_user_signup', $result ); } /** * Filters the result of the user signup validation. * * @since 1.2.2 * * @param array $result Results of user validation including errors, if any. */ return apply_filters( 'bp_core_validate_user_signup', $result ); } /** * Validate a user password. * * @since 7.0.0 * * @param string $pass The password. * @param string $confirm_pass The confirmed password. * @param null|WP_User $userdata Null or the userdata object when a member updates their password from front-end. * @return WP_Error A WP error object possibly containing error messages. */ function bp_members_validate_user_password( $pass, $confirm_pass, $userdata = null ) { $errors = new WP_Error(); if ( ! $pass || ! $confirm_pass ) { $errors->add( 'missing_user_password', __( 'Please make sure you enter your password twice', 'buddypress' ) ); } if ( $pass && $confirm_pass && $pass !== $confirm_pass ) { $errors->add( 'mismatching_user_password', __( 'The passwords you entered do not match.', 'buddypress' ) ); } /** * Filter here to add password validation errors. * * @since 7.0.0 * * @param WP_Error $errors Password validation errors. * @param string $pass The password. * @param string $confirm_pass The confirmed password. * @param null|WP_User $userdata Null or the userdata object when a member updates their password from front-end. */ return apply_filters( 'bp_members_validate_user_password', $errors, $pass, $confirm_pass, $userdata ); } /** * Validate blog URL and title provided at signup. * * @since 1.2.2 * * @todo Why do we have this wrapper? * * @param string $blog_url Blog URL requested during registration. * @param string $blog_title Blog title requested during registration. * @return array */ function bp_core_validate_blog_signup( $blog_url, $blog_title ) { if ( ! is_multisite() || ! function_exists( 'wpmu_validate_blog_signup' ) ) { return false; } /** * Filters the validated blog url and title provided at signup. * * @since 1.2.2 * * @param array $value Array with the new site data and error messages. */ return apply_filters( 'bp_core_validate_blog_signup', wpmu_validate_blog_signup( $blog_url, $blog_title ) ); } /** * Process data submitted at user registration and convert to a signup object. * * @since 1.2.0 * * @todo There appears to be a bug in the return value on success. * * @param string $user_login Login name requested by the user. * @param string $user_password Password requested by the user. * @param string $user_email Email address entered by the user. * @param array $usermeta Miscellaneous metadata about the user (blog-specific * signup data, xprofile data, etc). * @return int|false True on success, WP_Error on failure. */ function bp_core_signup_user( $user_login, $user_password, $user_email, $usermeta ) { $bp = buddypress(); // We need to cast $user_id to pass to the filters. $user_id = false; // Multisite installs have their own install procedure. if ( is_multisite() ) { wpmu_signup_user( $user_login, $user_email, $usermeta ); } else { // Format data. $user_login = preg_replace( '/\s+/', '', sanitize_user( $user_login, true ) ); $user_email = sanitize_email( $user_email ); $activation_key = wp_generate_password( 32, false ); /** * WordPress's default behavior is to create user accounts * immediately at registration time. BuddyPress uses a system * borrowed from WordPress Multisite, where signups are stored * separately and accounts are only created at the time of * activation. For backward compatibility with plugins that may * be anticipating WP's default behavior, BP silently creates * accounts for registrations (though it does not use them). If * you know that you are not running any plugins dependent on * these pending accounts, you may want to save a little DB * clutter by defining setting the BP_SIGNUPS_SKIP_USER_CREATION * to true in your wp-config.php file. */ if ( ! defined( 'BP_SIGNUPS_SKIP_USER_CREATION' ) || ! BP_SIGNUPS_SKIP_USER_CREATION ) { $user_id = BP_Signup::add_backcompat( $user_login, $user_password, $user_email, $usermeta ); if ( is_wp_error( $user_id ) ) { return $user_id; } bp_update_user_meta( $user_id, 'activation_key', $activation_key ); } $args = array( 'user_login' => $user_login, 'user_email' => $user_email, 'activation_key' => $activation_key, 'meta' => $usermeta, ); BP_Signup::add( $args ); /** * Filters if BuddyPress should send an activation key for a new signup. * * @since 1.2.3 * * @param bool $value Whether or not to send the activation key. * @param int $user_id User ID to send activation key to. * @param string $user_email User email to send activation key to. * @param string $activation_key Activation key to be sent. * @param array $usermeta Miscellaneous metadata about the user (blog-specific * signup data, xprofile data, etc). */ if ( apply_filters( 'bp_core_signup_send_activation_key', true, $user_id, $user_email, $activation_key, $usermeta ) ) { $salutation = $user_login; if ( bp_is_active( 'xprofile' ) && isset( $usermeta[ 'field_' . bp_xprofile_fullname_field_id() ] ) ) { $salutation = $usermeta[ 'field_' . bp_xprofile_fullname_field_id() ]; } bp_core_signup_send_validation_email( $user_id, $user_email, $activation_key, $salutation ); } } $bp->signup->username = $user_login; /** * Fires at the end of the process to sign up a user. * * @since 1.2.2 * * @param bool|WP_Error $user_id True on success, WP_Error on failure. * @param string $user_login Login name requested by the user. * @param string $user_password Password requested by the user. * @param string $user_email Email address requested by the user. * @param array $usermeta Miscellaneous metadata about the user (blog-specific * signup data, xprofile data, etc). */ do_action( 'bp_core_signup_user', $user_id, $user_login, $user_password, $user_email, $usermeta ); return $user_id; } /** * Create a blog and user based on data supplied at user registration. * * @since 1.2.2 * * @param string $blog_domain Domain requested by user. * @param string $blog_path Path requested by user. * @param string $blog_title Title as entered by user. * @param string $user_name user_login of requesting user. * @param string $user_email Email address of requesting user. * @param string $usermeta Miscellaneous metadata for the user. * @return bool */ function bp_core_signup_blog( $blog_domain, $blog_path, $blog_title, $user_name, $user_email, $usermeta ) { if ( ! is_multisite() || ! function_exists( 'wpmu_signup_blog' ) ) { return false; } /** * Filters the result of wpmu_signup_blog(). * * This filter provides no value and is retained for * backwards compatibility. * * @since 1.2.2 * * @param void $value */ return apply_filters( 'bp_core_signup_blog', wpmu_signup_blog( $blog_domain, $blog_path, $blog_title, $user_name, $user_email, $usermeta ) ); } /** * Activate a signup, as identified by an activation key. * * @since 1.2.2 * * @global wpdb $wpdb WordPress database object. * * @param string $key Activation key. * @return int|bool User ID on success, false on failure. */ function bp_core_activate_signup( $key ) { global $wpdb; $user = false; // Multisite installs have their own activation routine. if ( is_multisite() ) { $user = wpmu_activate_signup( $key ); // If there were errors, add a message and redirect. if ( ! empty( $user->errors ) ) { return $user; } $user_id = $user['user_id']; } else { $signups = BP_Signup::get( array( 'activation_key' => $key, ) ); if ( empty( $signups['signups'] ) ) { return new WP_Error( 'invalid_key', __( 'Invalid activation key.', 'buddypress' ) ); } $signup = $signups['signups'][0]; if ( $signup->active ) { if ( empty( $signup->domain ) ) { return new WP_Error( 'already_active', __( 'The user is already active.', 'buddypress' ), $signup ); } else { return new WP_Error( 'already_active', __( 'The site is already active.', 'buddypress' ), $signup ); } } // Password is hashed again in wp_insert_user. $password = wp_generate_password( 12, false ); $user_id = username_exists( $signup->user_login ); // Create the user. This should only be necessary if BP_SIGNUPS_SKIP_USER_CREATION is true. if ( ! $user_id ) { $user_id = wp_create_user( $signup->user_login, $password, $signup->user_email ); // Otherwise, update the existing user's status. } elseif ( $key === bp_get_user_meta( $user_id, 'activation_key', true ) || $key === wp_hash( $user_id ) ) { // Change the user's status so they become active. if ( ! $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->users} SET user_status = 0 WHERE ID = %d", $user_id ) ) ) { return new WP_Error( 'invalid_key', __( 'Invalid activation key.', 'buddypress' ) ); } bp_delete_user_meta( $user_id, 'activation_key' ); $user_already_created = true; } else { $user_already_exists = true; } if ( ! $user_id ) { return new WP_Error( 'create_user', __( 'Could not create user', 'buddypress' ), $signup ); } // Fetch the signup so we have the data later on. $signups = BP_Signup::get( array( 'activation_key' => $key, ) ); $signup = isset( $signups['signups'] ) && ! empty( $signups['signups'][0] ) ? $signups['signups'][0] : false; // Activate the signup. BP_Signup::validate( $key ); if ( isset( $user_already_exists ) ) { return new WP_Error( 'user_already_exists', __( 'That username is already activated.', 'buddypress' ), $signup ); } // Set up data to pass to the legacy filter. $user = array( 'user_id' => $user_id, 'password' => isset( $signup->meta['password'] ) ? $signup->meta['password'] : '', 'meta' => $signup->meta, ); /** * Maybe notify the site admin of a new user registration. * * @since 1.2.2 * * @param bool $notification Whether to send the notification or not. */ if ( apply_filters( 'bp_core_send_user_registration_admin_notification', true ) ) { wp_new_user_notification( $user_id ); } if ( isset( $user_already_created ) ) { /** * Fires if the user has already been created. * * @since 1.2.2 * * @param int $user_id ID of the user being checked. * @param string $key Activation key. * @param array $user Array of user data. */ do_action( 'bp_core_activated_user', $user_id, $key, $user ); return $user_id; } } // Set any profile data. if ( bp_is_active( 'xprofile' ) ) { if ( ! empty( $user['meta']['profile_field_ids'] ) ) { $profile_field_ids = explode( ',', $user['meta']['profile_field_ids'] ); foreach( (array) $profile_field_ids as $field_id ) { $current_field = isset( $user['meta']["field_{$field_id}"] ) ? $user['meta']["field_{$field_id}"] : false; if ( ! empty( $current_field ) ) { xprofile_set_field_data( $field_id, $user_id, $current_field ); } /* * Save the visibility level. * * Use the field's default visibility if not present, and 'public' if a * default visibility is not defined. */ $key = "field_{$field_id}_visibility"; if ( isset( $user['meta'][ $key ] ) ) { $visibility_level = $user['meta'][ $key ]; } else { $vfield = xprofile_get_field( $field_id, null, false ); $visibility_level = isset( $vfield->default_visibility ) ? $vfield->default_visibility : 'public'; } xprofile_set_field_visibility_level( $field_id, $user_id, $visibility_level ); } } } // Replace the password automatically generated by WordPress by the one the user chose. if ( ! empty( $user['meta']['password'] ) ) { $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->users} SET user_pass = %s WHERE ID = %d", $user['meta']['password'], $user_id ) ); /** * Make sure to clean the user's cache as we've * directly edited the password without using * wp_update_user(). * * If we can't use wp_update_user() that's because * we already hashed the password at the signup step. */ $uc = wp_cache_get( $user_id, 'users' ); if ( ! empty( $uc->ID ) ) { clean_user_cache( $uc->ID ); } } /** * Fires at the end of the user activation process. * * @since 1.2.2 * * @param int $user_id ID of the user being checked. * @param string $key Activation key. * @param array $user Array of user data. */ do_action( 'bp_core_activated_user', $user_id, $key, $user ); return $user_id; } /** * Add default WordPress role for new signups on the BP root blog. * * @since 3.0.0 * * @param int $user_id The user ID to add the default role for. */ function bp_members_add_role_after_activation( $user_id ) { // Get default role to add. $role = bp_get_option( 'default_role' ); // Multisite. if ( is_multisite() && ! is_user_member_of_blog( $user_id, bp_get_root_blog_id() ) ) { add_user_to_blog( bp_get_root_blog_id(), $user_id, $role ); // Single-site. } elseif ( ! is_multisite() ) { $member = get_userdata( $user_id ); $member->set_role( $role ); } } add_action( 'bp_core_activated_user', 'bp_members_add_role_after_activation', 1 ); /** * Migrate signups from pre-2.0 configuration to wp_signups. * * @since 2.0.1 * * @global wpdb $wpdb WordPress database object. */ function bp_members_migrate_signups() { global $wpdb; $status_2_ids = $wpdb->get_col( "SELECT ID FROM {$wpdb->users} WHERE user_status = '2'" ); if ( ! empty( $status_2_ids ) ) { $signups = get_users( array( 'fields' => array( 'ID', 'user_login', 'user_pass', 'user_registered', 'user_email', 'display_name', ), 'include' => $status_2_ids, ) ); // Fetch activation keys separately, to avoid the all_with_meta // overhead. $status_2_ids_sql = implode( ',', $status_2_ids ); $ak_data = $wpdb->get_results( "SELECT user_id, meta_value FROM {$wpdb->usermeta} WHERE meta_key = 'activation_key' AND user_id IN ({$status_2_ids_sql})" ); // Rekey. $activation_keys = array(); foreach ( $ak_data as $ak_datum ) { $activation_keys[ intval( $ak_datum->user_id ) ] = $ak_datum->meta_value; } unset( $status_2_ids_sql, $status_2_ids, $ak_data ); // Merge. foreach ( $signups as &$signup ) { if ( isset( $activation_keys[ $signup->ID ] ) ) { $signup->activation_key = $activation_keys[ $signup->ID ]; } } // Reset the signup var as we're using it to process the migration. unset( $signup ); } else { return; } foreach ( $signups as $signup ) { $meta = array(); // Rebuild the activation key, if missing. if ( empty( $signup->activation_key ) ) { $signup->activation_key = wp_generate_password( 32, false ); } if ( bp_is_active( 'xprofile' ) ) { $meta['field_1'] = $signup->display_name; } $meta['password'] = $signup->user_pass; $user_login = preg_replace( '/\s+/', '', sanitize_user( $signup->user_login, true ) ); $user_email = sanitize_email( $signup->user_email ); BP_Signup::add( array( 'user_login' => $user_login, 'user_email' => $user_email, 'registered' => $signup->user_registered, 'activation_key' => $signup->activation_key, 'meta' => $meta ) ); // Deleting these options will remove signups from users count. delete_user_option( $signup->ID, 'capabilities' ); delete_user_option( $signup->ID, 'user_level' ); } } /** * Map a user's WP display name to the XProfile fullname field, if necessary. * * This only happens when a user is registered in wp-admin by an administrator; * during normal registration, XProfile data is provided directly by the user. * * @since 1.2.0 * * @param int $user_id ID of the user. * @return bool */ function bp_core_map_user_registration( $user_id ) { // Only map data when the site admin is adding users, not on registration. if ( ! is_admin() ) { return false; } // Add the user's fullname to Xprofile. if ( bp_is_active( 'xprofile' ) ) { $firstname = bp_get_user_meta( $user_id, 'first_name', true ); $lastname = ' ' . bp_get_user_meta( $user_id, 'last_name', true ); $name = $firstname . $lastname; if ( empty( $name ) || ' ' == $name ) { $name = bp_get_user_meta( $user_id, 'nickname', true ); } xprofile_set_field_data( 1, $user_id, $name ); } } add_action( 'user_register', 'bp_core_map_user_registration' ); /** * Get the avatar storage directory for use during registration. * * @since 1.1.0 * * @return string|bool Directory path on success, false on failure. */ function bp_core_signup_avatar_upload_dir() { $bp = buddypress(); if ( empty( $bp->signup->avatar_dir ) ) { return false; } $directory = 'avatars/signups'; $path = bp_core_avatar_upload_path() . '/' . $directory . '/' . $bp->signup->avatar_dir; $newbdir = $path; $newurl = bp_core_avatar_url() . '/' . $directory . '/' . $bp->signup->avatar_dir; $newburl = $newurl; $newsubdir = '/' . $directory . '/' . $bp->signup->avatar_dir; /** * Filters the avatar storage directory for use during registration. * * @since 1.1.1 * * @param array $value Array of path and URL values for created storage directory. */ return apply_filters( 'bp_core_signup_avatar_upload_dir', array( 'path' => $path, 'url' => $newurl, 'subdir' => $newsubdir, 'basedir' => $newbdir, 'baseurl' => $newburl, 'error' => false, ) ); } /** * Send activation email to a newly registered user. * * @since 1.2.2 * @since 2.5.0 Add the $user_login parameter. * @since 5.0.0 Change $user_login parameter to more general $salutation. * * @param int|bool $user_id ID of the new user, false if BP_SIGNUPS_SKIP_USER_CREATION is true. * @param string $user_email Email address of the new user. * @param string $key Activation key. * @param string $salutation Optional. The name to be used as a salutation in the email. */ function bp_core_signup_send_validation_email( $user_id, $user_email, $key, $salutation = '' ) { $args = array( 'tokens' => array( 'activate.url' => esc_url( trailingslashit( bp_get_activation_page() ) . "{$key}/" ), 'key' => $key, 'user.email' => $user_email, 'user.id' => $user_id, ), ); $to = array( array( $user_email => $salutation ) ); bp_send_email( 'core-user-registration', $to, $args ); // Record that the activation email has been sent. $signup = bp_members_get_signup_by( 'activation_key', $key ); if ( $signup ) { $meta = array( 'sent_date' => current_time( 'mysql', true ), 'count_sent' => $signup->count_sent + 1 ); BP_Signup::update( array( 'signup_id' => $signup->id, 'meta' => $meta, ) ); } } /** * Display a "resend email" link when an unregistered user attempts to log in. * * @since 1.2.2 * * @param WP_User|WP_Error|null $user Either the WP_User or the WP_Error object. * @param string $username The inputted, attempted username. * @param string $password The inputted, attempted password. * @return WP_User|WP_Error */ function bp_core_signup_disable_inactive( $user = null, $username = '', $password ='' ) { // Login form not used. if ( empty( $username ) && empty( $password ) ) { return $user; } // An existing WP_User with a user_status of 2 is either a legacy // signup, or is a user created for backward compatibility. See // {@link bp_core_signup_user()} for more details. if ( is_a( $user, 'WP_User' ) && 2 == $user->user_status ) { $user_login = $user->user_login; // If no WP_User is found corresponding to the username, this // is a potential signup. } elseif ( is_wp_error( $user ) && 'invalid_username' == $user->get_error_code() ) { $user_login = $username; // This is an activated user, so bail. } else { return $user; } // Look for the unactivated signup corresponding to the login name. $signup = BP_Signup::get( array( 'user_login' => sanitize_user( $user_login ) ) ); // No signup or more than one, something is wrong. Let's bail. if ( empty( $signup['signups'][0] ) || $signup['total'] > 1 ) { return $user; } // Unactivated user account found! /* * Don't allow users to resend their own activation email * when membership requests are enabled. */ if ( bp_get_membership_requests_required() ) { $error_message = sprintf( '%1$s %2$s', esc_html_x( 'Error:', 'Warning displayed on the WP Login screen', 'buddypress' ), esc_html_x( 'Your membership request has not yet been approved.', 'Error message displayed on the WP Login screen', 'buddypress' ) ); } else { // Set up the feedback message. $signup_id = $signup['signups'][0]->signup_id; $resend_url_params = array( 'action' => 'bp-resend-activation', 'id' => $signup_id, ); $resend_url = wp_nonce_url( add_query_arg( $resend_url_params, wp_login_url() ), 'bp-resend-activation' ); $error_message = sprintf( '%1$s %2$s

%3$s', esc_html_x( 'Error:', 'Warning displayed on the WP Login screen', 'buddypress' ), esc_html_x( 'Your account has not been activated. Check your email for the activation link.', 'Error message displayed on the WP Login screen', 'buddypress' ), sprintf( /* translators: %s: the link to resend the activation email. */ esc_html_x( 'If you have not received an email yet, %s.', 'WP Login screen message', 'buddypress' ), sprintf( '%2$s', esc_url( $resend_url ), esc_html_x( 'click here to resend it', 'Text of the link to resend the activation email', 'buddypress' ) ) ) ); } return new WP_Error( 'bp_account_not_activated', $error_message ); } add_filter( 'authenticate', 'bp_core_signup_disable_inactive', 30, 3 ); /** * On the login screen, resends the activation email for a user. * * @since 2.0.0 * * @global string $error The error message. * * @see bp_core_signup_disable_inactive() */ function bp_members_login_resend_activation_email() { global $error; if ( empty( $_GET['id'] ) || empty( $_GET['_wpnonce'] ) ) { return; } // Verify nonce. if ( ! wp_verify_nonce( $_GET['_wpnonce'], 'bp-resend-activation' ) ) { die( 'Security check' ); } $signup_id = (int) $_GET['id']; // Resend the activation email. // also updates the 'last sent' and '# of emails sent' values. $resend = BP_Signup::resend( array( $signup_id ) ); // Add feedback message. if ( ! empty( $resend['errors'] ) ) { $error = __( 'Error: Your account has already been activated.', 'buddypress' ); } else { $error = __( 'Activation email resent! Please check your inbox or spam folder.', 'buddypress' ); } } add_action( 'login_form_bp-resend-activation', 'bp_members_login_resend_activation_email' ); /** * Redirect away from wp-signup.php if BP registration templates are present. * * @since 1.1.0 */ function bp_core_wpsignup_redirect() { // Bail in admin or if custom signup page is broken. if ( is_admin() || ! bp_has_custom_signup_page() ) { return; } $is_wp_signup = false; if ( ! empty( $_SERVER['SCRIPT_NAME'] ) ) { $script_name_path = wp_parse_url( $_SERVER['SCRIPT_NAME'], PHP_URL_PATH ); if ( 'wp-signup.php' === basename( $script_name_path ) || ( 'wp-login.php' === basename( $script_name_path ) && ! empty( $_GET['action'] ) && 'register' === $_GET['action'] ) ) { $is_wp_signup = true; } } // If this is not wp-signup.php, there's nothing to do here. if ( ! $is_wp_signup ) { return; } /* * We redirect wp-signup.php to the registration page except when it's a site signup. * In that case, redirect to the BP site creation page if available, otherwise allow * access to wp-signup.php. */ $redirect_to = bp_get_signup_page(); $is_site_creation = false; $referer = wp_get_referer(); // A new site is being added. if ( isset( $_POST['stage'] ) && $_POST['stage'] === 'gimmeanotherblog' ) { $is_site_creation = true; // We've arrived at wp-signup.php from my-sites.php. } elseif ( $referer ) { $referer_path = wp_parse_url( $referer, PHP_URL_PATH ); $is_site_creation = false !== strpos( $referer_path, 'wp-admin/my-sites.php' ); } if ( $is_site_creation ) { if ( bp_is_active( 'blogs' ) ) { $url = bp_get_blogs_directory_url( array( 'create_single_item' => 1, ) ); $redirect_to = trailingslashit( $url ); } else { // Perform no redirect in this case. $redirect_to = ''; } } if ( ! $redirect_to ) { return; } bp_core_redirect( $redirect_to ); } add_action( 'bp_init', 'bp_core_wpsignup_redirect' ); /** * Stop a logged-in user who is marked as a spammer. * * When an admin marks a live user as a spammer, that user can still surf * around and cause havoc on the site until that person is logged out. * * This code checks to see if a logged-in user is marked as a spammer. If so, * we redirect the user back to wp-login.php with the 'reauth' parameter. * * This clears the logged-in spammer's cookies and will ask the spammer to * reauthenticate. * * Note: A spammer cannot log back in - {@see bp_core_boot_spammer()}. * * Runs on 'bp_init' at priority 5 so the members component globals are setup * before we do our spammer checks. * * This is important as the $bp->loggedin_user object is setup at priority 4. * * @since 1.8.0 */ function bp_stop_live_spammer() { // If we're on the login page, stop now to prevent redirect loop. $is_login = false; if ( isset( $GLOBALS['pagenow'] ) && ( false !== strpos( $GLOBALS['pagenow'], 'wp-login.php' ) ) ) { $is_login = true; } elseif ( isset( $_SERVER['SCRIPT_NAME'] ) && false !== strpos( $_SERVER['SCRIPT_NAME'], 'wp-login.php' ) ) { $is_login = true; } if ( $is_login ) { return; } // User isn't logged in, so stop! if ( ! is_user_logged_in() ) { return; } // If spammer, redirect to wp-login.php and reauthorize. if ( bp_is_user_spammer( bp_loggedin_user_id() ) ) { // Setup login args. $args = array( // Custom action used to throw an error message. 'action' => 'bp-spam', // Reauthorize user to login. 'reauth' => 1 ); /** * Filters the url used for redirection for a logged in user marked as spam. * * @since 1.8.0 * * @param string $value URL to redirect user to. */ $login_url = apply_filters( 'bp_live_spammer_redirect', add_query_arg( $args, wp_login_url() ) ); // Redirect user to login page. wp_redirect( $login_url ); die(); } } add_action( 'bp_init', 'bp_stop_live_spammer', 5 ); /** * Show a custom error message when a logged-in user is marked as a spammer. * * @since 1.8.0 * * @global string $error The error message. */ function bp_live_spammer_login_error() { global $error; $error = __( 'Error: Your account has been marked as a spammer.', 'buddypress' ); // Shake shake shake! add_action( 'login_head', 'wp_shake_js', 12 ); } add_action( 'login_form_bp-spam', 'bp_live_spammer_login_error' ); /** * Get the displayed user Object * * @since 2.6.0 * * @return object The displayed user object, null otherwise. */ function bp_get_displayed_user() { $bp = buddypress(); $displayed_user = null; if ( ! empty( $bp->displayed_user->id ) ) { $displayed_user = $bp->displayed_user; } /** * Filters the displayed_user object corresponding to the displayed member. * * @since 2.6.0 * * @param object $displayed_user The displayed_user object. */ return apply_filters( 'bp_get_displayed_user', $displayed_user ); } /** Member Types *************************************************************/ /** * Output the slug of the member type taxonomy. * * @since 2.7.0 */ function bp_member_type_tax_name() { echo bp_get_member_type_tax_name(); } /** * Return the slug of the member type taxonomy. * * @since 2.7.0 * * @return string The unique member taxonomy slug. */ function bp_get_member_type_tax_name() { /** * Filters the slug of the member type taxonomy. * * @since 2.7.0 * * @param string $value Member type taxonomy slug. */ return apply_filters( 'bp_get_member_type_tax_name', 'bp_member_type' ); } /** * Returns labels used by the member type taxonomy. * * @since 7.0.0 * * @return array */ function bp_get_member_type_tax_labels() { /** * Filters Member type taxonomy labels. * * @since 7.0.0 * * @param array $value Associative array (name => label). */ return apply_filters( 'bp_get_member_type_tax_labels', array( // General labels. 'name' => _x( 'Member Types', 'Member type taxonomy name', 'buddypress' ), 'singular_name' => _x( 'Member Type', 'Member type taxonomy singular name', 'buddypress' ), 'search_items' => _x( 'Search Member Types', 'Member type taxonomy search items label', 'buddypress' ), 'popular_items' => _x( 'Popular Member Types', 'Member type taxonomy popular items label', 'buddypress' ), 'all_items' => _x( 'All Member Types', 'Member type taxonomy all items label', 'buddypress' ), 'parent_item' => _x( 'Parent Member Type', 'Member type taxonomy parent item label', 'buddypress' ), 'parent_item_colon' => _x( 'Parent Member Type:', 'Member type taxonomy parent item label', 'buddypress' ), 'edit_item' => _x( 'Edit Member Type', 'Member type taxonomy edit item label', 'buddypress' ), 'view_item' => _x( 'View Member Type', 'Member type taxonomy view item label', 'buddypress' ), 'update_item' => _x( 'Update Member Type', 'Member type taxonomy update item label', 'buddypress' ), 'add_new_item' => _x( 'Add New Member Type', 'Member type taxonomy add new item label', 'buddypress' ), 'new_item_name' => _x( 'New Member Type Name', 'Member type taxonomy new item name label', 'buddypress' ), 'separate_items_with_commas' => _x( 'Separate member types with commas', 'Member type taxonomy separate items with commas label', 'buddypress' ), 'add_or_remove_items' => _x( 'Add or remove member types', 'Member type taxonomy add or remove items label', 'buddypress' ), 'choose_from_most_used' => _x( 'Choose from the most used meber types', 'Member type taxonomy choose from most used label', 'buddypress' ), 'not_found' => _x( 'No member types found.', 'Member type taxonomy not found label', 'buddypress' ), 'no_terms' => _x( 'No member types', 'Member type taxonomy no terms label', 'buddypress' ), 'items_list_navigation' => _x( 'Member Types list navigation', 'Member type taxonomy items list navigation label', 'buddypress' ), 'items_list' => _x( 'Member Types list', 'Member type taxonomy items list label', 'buddypress' ), /* translators: Tab heading when selecting from the most used terms. */ 'most_used' => _x( 'Most Used', 'Member type taxonomy most used items label', 'buddypress' ), 'back_to_items' => _x( '← Back to Member Types', 'Member type taxonomy back to items label', 'buddypress' ), // Specific to BuddyPress. 'bp_type_id_label' => _x( 'Member Type ID', 'BP Member type ID label', 'buddypress' ), 'bp_type_id_description' => _x( 'Enter a lower-case string without spaces or special characters (used internally to identify the member type).', 'BP Member type ID description', 'buddypress' ), 'bp_type_show_in_list' => _x( 'Show on Member', 'BP Member type show in list', 'buddypress' ), ) ); } /** * Returns arguments used by the Member type taxonomy. * * @since 7.0.0 * * @return array */ function bp_get_member_type_tax_args() { /** * Filters Member type taxonomy args. * * @since 7.0.0 * * @param array $value Associative array (key => arg). */ return apply_filters( 'bp_get_member_type_tax_args', array_merge( array( 'description' => _x( 'BuddyPress Member Types', 'Member type taxonomy description', 'buddypress' ), 'labels' => array_merge( bp_get_member_type_tax_labels(), bp_get_taxonomy_common_labels() ), ), bp_get_taxonomy_common_args() ) ); } /** * Extend generic Type metadata schema to match Member Type needs. * * @since 7.0.0 * * @param array $schema The generic Type metadata schema. * @param string $taxonomy The taxonomy name the schema applies to. * @return array The Member Type metadata schema. */ function bp_get_member_type_metadata_schema( $schema = array(), $taxonomy = '' ) { if ( bp_get_member_type_tax_name() === $taxonomy ) { // Directory. if ( isset( $schema['bp_type_has_directory']['description'] ) ) { $schema['bp_type_has_directory']['description'] = __( 'Make a list of members matching this type available on the members directory.', 'buddypress' ); } // Slug. if ( isset( $schema['bp_type_directory_slug']['description'] ) ) { $schema['bp_type_directory_slug']['description'] = __( 'Enter if you want the type slug to be different from its ID.', 'buddypress' ); } // List. $schema['bp_type_show_in_list'] = array( 'description' => __( 'Show where member types may be listed, like in the member header.', 'buddypress' ), 'type' => 'boolean', 'single' => true, 'sanitize_callback' => 'absint', ); } return $schema; } add_filter( 'bp_get_type_metadata_schema', 'bp_get_member_type_metadata_schema', 1, 2 ); /** * Registers the Member type metadata. * * @since 7.0.0 */ function bp_register_member_type_metadata() { $type_taxonomy = bp_get_member_type_tax_name(); foreach ( bp_get_type_metadata_schema( false, $type_taxonomy ) as $meta_key => $meta_args ) { bp_register_type_meta( $type_taxonomy, $meta_key, $meta_args ); } } add_action( 'bp_register_type_metadata', 'bp_register_member_type_metadata' ); /** * Register a member type. * * @since 2.2.0 * * @param string $member_type Unique string identifier for the member type. * @param array $args { * Array of arguments describing the member type. * * @type array $labels { * Array of labels to use in various parts of the interface. * * @type string $name Default name. Should typically be plural. * @type string $singular_name Singular name. * } * @type bool|string $has_directory Whether the member type should have its own type-specific directory. * Pass `true` to use the `$member_type` string as the type's slug. * Pass a string to customize the slug. Pass `false` to disable. * Default: true. * @type bool $show_in_list Whether this member type should be shown in lists rendered by * bp_member_type_list(). Default: false. * @type bool $code Whether this member type is registered using code. Default: true. * @type int $db_id The member type term ID. Default: 0. * } * @return object|WP_Error Member type object on success, WP_Error object on failure. */ function bp_register_member_type( $member_type, $args = array() ) { $bp = buddypress(); if ( isset( $bp->members->types[ $member_type ] ) ) { return new WP_Error( 'bp_member_type_exists', __( 'Member type already exists.', 'buddypress' ), $member_type ); } $r = bp_parse_args( $args, array( 'labels' => array(), 'has_directory' => true, 'show_in_list' => false, 'code' => true, 'db_id' => 0, ), 'register_member_type' ); $member_type = sanitize_key( $member_type ); /** * Filters the list of illegal member type names. * * - 'any' is a special pseudo-type, representing items unassociated with any member type. * - 'null' is a special pseudo-type, representing users without any type. * - '_none' is used internally to denote an item that should not apply to any member types. * * @since 2.4.0 * * @param array $illegal_names Array of illegal names. */ $illegal_names = apply_filters( 'bp_member_type_illegal_names', array( 'any', 'null', '_none' ) ); if ( in_array( $member_type, $illegal_names, true ) ) { return new WP_Error( 'bp_member_type_illegal_name', __( 'You may not register a member type with this name.', 'buddypress' ), $member_type ); } // Store the post type name as data in the object (not just as the array key). $r['name'] = $member_type; // Make sure the relevant labels have been filled in. $default_name = isset( $r['labels']['name'] ) ? $r['labels']['name'] : ucfirst( $r['name'] ); $r['labels'] = array_merge( array( 'name' => $default_name, 'singular_name' => $default_name, ), $r['labels'] ); // Directory slug. if ( $r['has_directory'] ) { // A string value is intepreted as the directory slug. Otherwise fall back on member type. if ( is_string( $r['has_directory'] ) ) { $directory_slug = $r['has_directory']; } else { $directory_slug = $member_type; } // Sanitize for use in URLs. $r['directory_slug'] = sanitize_title( $directory_slug ); $r['has_directory'] = true; } else { $r['directory_slug'] = ''; $r['has_directory'] = false; } // Show the list of member types on front-end (member header, for now). $r['show_in_list'] = (bool) $r['show_in_list']; $bp->members->types[ $member_type ] = $type = (object) $r; /** * Fires after a member type is registered. * * @since 2.2.0 * * @param string $member_type Member type identifier. * @param object $type Member type object. */ do_action( 'bp_registered_member_type', $member_type, $type ); return $type; } /** * Retrieve a member type object by name. * * @since 2.2.0 * * @param string $member_type The name of the member type. * @return object|null A member type object or null if it doesn't exist. */ function bp_get_member_type_object( $member_type ) { $types = bp_get_member_types( array(), 'objects' ); if ( empty( $types[ $member_type ] ) ) { return null; } return $types[ $member_type ]; } /** * Get a list of all registered member type objects. * * @since 2.2.0 * * @see bp_register_member_type() for accepted arguments. * * @param array|string $args Optional. An array of key => value arguments to match against * the member type objects. Default empty array. * @param string $output Optional. The type of output to return. Accepts 'names' * or 'objects'. Default 'names'. * @param string $operator Optional. The logical operation to perform. 'or' means only one * element from the array needs to match; 'and' means all elements * must match. Accepts 'or' or 'and'. Default 'and'. * @return array A list of member type names or objects. */ function bp_get_member_types( $args = array(), $output = 'names', $operator = 'and' ) { $bp = buddypress(); $types = $bp->members->types; // Merge with types available into the database. if ( ! isset( $args['code'] ) || true !== $args['code'] ) { $types = bp_get_taxonomy_types( bp_get_member_type_tax_name(), $types ); } $types = array_filter( wp_filter_object_list( $types, $args, $operator ) ); /** * Filters the array of member type objects. * * This filter is run before the $output filter has been applied, so that * filtering functions have access to the entire member type objects. * * @since 2.2.0 * * @param array $types Member type objects, keyed by name. * @param array $args Array of key=>value arguments for filtering. * @param string $operator 'or' to match any of $args, 'and' to require all. */ $types = (array) apply_filters( 'bp_get_member_types', $types, $args, $operator ); if ( $types && 'names' === $output ) { $types = wp_list_pluck( $types, 'name' ); } return $types; } /** * Only gets the member types registered by code. * * @since 7.0.0 * * @return array The member types registered by code. */ function bp_get_member_types_registered_by_code() { return bp_get_member_types( array( 'code' => true, ), 'objects' ); } add_filter( bp_get_member_type_tax_name() . '_registered_by_code', 'bp_get_member_types_registered_by_code' ); /** * Generates missing metadata for a type registered by code. * * @since 7.0.0 * * @return array The member type metadata. */ function bp_set_registered_by_code_member_type_metadata( $metadata = array(), $type = '' ) { $member_type = bp_get_member_type_object( $type ); foreach ( get_object_vars( $member_type ) as $object_key => $object_value ) { if ( 'labels' === $object_key ) { foreach ( $object_value as $label_key => $label_value ) { $metadata[ 'bp_type_' . $label_key ] = $label_value; } } elseif ( ! in_array( $object_key, array( 'name', 'code', 'db_id' ), true ) ) { $metadata[ 'bp_type_' . $object_key ] = $object_value; } } /** * Save metadata into database to avoid generating metadata * each time a type is listed into the Types Admin screen. */ if ( isset( $member_type->db_id ) && $member_type->db_id ) { bp_update_type_metadata( $member_type->db_id, bp_get_member_type_tax_name(), $metadata ); } return $metadata; } add_filter( bp_get_member_type_tax_name() . '_set_registered_by_code_metada', 'bp_set_registered_by_code_member_type_metadata', 10, 2 ); /** * Insert member types registered by code not yet saved into the database as WP Terms. * * @since 7.0.0 */ function bp_insert_member_types_registered_by_code() { $all_types = bp_get_member_types( array(), 'objects' ); $unsaved_types = wp_filter_object_list( $all_types, array( 'db_id' => 0 ), 'and', 'name' ); if ( $unsaved_types ) { foreach ( $unsaved_types as $type_name ) { bp_insert_term( $type_name, bp_get_member_type_tax_name(), array( 'slug' => $type_name, ) ); } } } add_action( bp_get_member_type_tax_name() . '_add_form', 'bp_insert_member_types_registered_by_code', 1 ); /** * Set type for a member. * * @since 2.2.0 * @since 7.0.0 $member_type parameter also accepts an array of member type names. * * @param int $user_id ID of the user. * @param string|array $member_type The member type name or an array of member type names. * @param bool $append Optional. True to append this to existing types for user, * false to replace. Default: false. * @return bool|array $retval See {@see bp_set_object_terms()}. */ function bp_set_member_type( $user_id, $member_type, $append = false ) { // Pass an empty $member_type to remove a user's type. if ( ! empty( $member_type ) ) { $member_types = (array) $member_type; $valid_types = array_filter( array_map( 'bp_get_member_type_object', $member_types ) ); if ( $valid_types ) { $member_type = wp_list_pluck( $valid_types, 'name' ); } else { return false; } } $retval = bp_set_object_terms( $user_id, $member_type, bp_get_member_type_tax_name(), $append ); // Bust the cache if the type has been updated. if ( ! is_wp_error( $retval ) ) { wp_cache_delete( $user_id, 'bp_member_member_type' ); /** * Fires just after a user's member type has been changed. * * @since 2.2.0 * * @param int $user_id ID of the user whose member type has been updated. * @param string|array $member_type The member type name or an array of member type names. * @param bool $append Whether the type is being appended to existing types. */ do_action( 'bp_set_member_type', $user_id, $member_type, $append ); } return $retval; } /** * Remove type for a member. * * @since 2.3.0 * * @param int $user_id ID of the user. * @param string $member_type Member Type. * @return bool|WP_Error */ function bp_remove_member_type( $user_id, $member_type ) { // Bail if no valid member type was passed. if ( empty( $member_type ) || ! bp_get_member_type_object( $member_type ) ) { return false; } // No need to continue if the member doesn't have the type. $existing_types = bp_get_member_type( $user_id, false ); if ( ! is_array( $existing_types ) || ! in_array( $member_type, $existing_types, true ) ) { return false; } $deleted = bp_remove_object_terms( $user_id, $member_type, bp_get_member_type_tax_name() ); // Bust the cache if the type has been removed. if ( ! is_wp_error( $deleted ) ) { wp_cache_delete( $user_id, 'bp_member_member_type' ); /** * Fires just after a user's member type has been removed. * * @since 2.3.0 * * @param int $user_id ID of the user whose member type has been updated. * @param string $member_type Member type. */ do_action( 'bp_remove_member_type', $user_id, $member_type ); } return $deleted; } /** * Get type for a member. * * @since 2.2.0 * @since 7.0.0 Adds the `$use_db` parameter. * * @param int $user_id ID of the user. * @param bool $single Optional. Whether to return a single type string. If multiple types are found * for the user, the oldest one will be returned. Default: true. * @param bool $use_db Optional. Whether to request all member types or only the ones registered by code. * Default: true. * @return string|array|bool On success, returns a single member type (if $single is true) or an array of member * types (if $single is false). Returns false on failure. */ function bp_get_member_type( $user_id, $single = true, $use_db = true ) { $types = wp_cache_get( $user_id, 'bp_member_member_type' ); if ( false === $types ) { $raw_types = bp_get_object_terms( $user_id, bp_get_member_type_tax_name() ); if ( ! is_wp_error( $raw_types ) ) { $types = array(); // Only include currently registered group types. foreach ( $raw_types as $mtype ) { if ( bp_get_member_type_object( $mtype->name ) ) { $types[] = $mtype->name; } } wp_cache_set( $user_id, $types, 'bp_member_member_type' ); } } if ( false === $use_db && $types ) { $registred_by_code = bp_get_member_types_registered_by_code(); $ctype_names = wp_list_pluck( $registred_by_code, 'name' ); $types = array_intersect( $types, $ctype_names ); } $type = false; if ( ! empty( $types ) ) { if ( $single ) { $type = array_pop( $types ); } else { $type = $types; } } /** * Filters a user's member type(s). * * @since 2.2.0 * * @param string|array|bool $type A single member type (if $single is true) or an array of member types * (if $single is false) or false on failure. * @param int $user_id ID of the user. * @param bool $single Whether to return a single type string, or an array. */ return apply_filters( 'bp_get_member_type', $type, $user_id, $single ); } /** * Check whether the given user has a certain member type. * * @since 2.3.0 * * @param int $user_id $user_id ID of the user. * @param string $member_type Member Type. * @return bool Whether the user has the given member type. */ function bp_has_member_type( $user_id, $member_type ) { // Bail if no valid member type was passed. if ( empty( $member_type ) || ! bp_get_member_type_object( $member_type ) ) { return false; } $user_id = (int) $user_id; if ( ! $user_id ) { return false; } // Get all user's member types. $types = bp_get_member_type( $user_id, false ); if ( ! is_array( $types ) ) { return false; } return in_array( $member_type, $types, true ); } /** * Delete a user's member type when the user when the user is deleted. * * @since 2.2.0 * * @param int $user_id ID of the user. * @return bool|array $value See {@see bp_set_member_type()}. */ function bp_remove_member_type_on_user_delete( $user_id ) { return bp_set_member_type( $user_id, '' ); } add_action( 'wpmu_delete_user', 'bp_remove_member_type_on_user_delete' ); /** * Deletes user member type on the 'delete_user' hook. * * @since 6.0.0 * * @param int $user_id The ID of the deleted user. */ function bp_remove_member_type_on_delete_user( $user_id ) { if ( ! bp_remove_user_data_on_delete_user_hook( 'member_type', $user_id ) ) { return; } bp_remove_member_type_on_user_delete( $user_id ); } add_action( 'delete_user', 'bp_remove_member_type_on_delete_user' ); /** * Get the "current" member type, if one is provided, in member directories. * * @since 2.3.0 * * @return string */ function bp_get_current_member_type() { $bp = buddypress(); /** * Filters the "current" member type, if one is provided, in member directories. * * @since 2.3.0 * * @param string $value "Current" member type. */ return apply_filters( 'bp_get_current_member_type', $bp->current_member_type ); } /** * Setup the avatar upload directory for a user. * * @since 6.0.0 * * @param string $directory The root directory name. Optional. * @param int $user_id The user ID. Optional. * @return array Array containing the path, URL, and other helpful settings. */ function bp_members_avatar_upload_dir( $directory = 'avatars', $user_id = 0 ) { // Use displayed user if no user ID was passed. if ( empty( $user_id ) ) { $user_id = bp_displayed_user_id(); } // Failsafe against accidentally nooped $directory parameter. if ( empty( $directory ) ) { $directory = 'avatars'; } $path = bp_core_avatar_upload_path() . '/' . $directory . '/' . $user_id; $newbdir = $path; $newurl = bp_core_avatar_url() . '/' . $directory . '/' . $user_id; $newburl = $newurl; $newsubdir = '/' . $directory . '/' . $user_id; /** * Filters the avatar upload directory for a user. * * @since 6.0.0 * * @param array $value Array containing the path, URL, and other helpful settings. */ return apply_filters( 'bp_members_avatar_upload_dir', array( 'path' => $path, 'url' => $newurl, 'subdir' => $newsubdir, 'basedir' => $newbdir, 'baseurl' => $newburl, 'error' => false, ) ); } /** * Send welcome email on successful user activation. * * @since 8.0.0 * * @param int $user_id The new user's ID. */ function bp_send_welcome_email( $user_id = 0 ) { if ( ! $user_id ) { return; } $profile_url = bp_members_get_user_url( $user_id ); /** * Use this filter to add/edit/remove tokens to use for your welcome email. * * @since 8.0.0 * * @param array $value An array of BP Email tokens. * @param int $user_id The user ID. */ $welcome_tokens = apply_filters( 'bp_send_welcome_email_tokens', array( 'displayname' => bp_core_get_user_displayname( $user_id ), 'profile.url' => $profile_url, 'lostpassword.url' => wp_lostpassword_url( $profile_url ), ), $user_id ); bp_send_email( 'core-user-activation', $user_id, array( 'tokens' => $welcome_tokens ) ); } add_action( 'bp_core_activated_user', 'bp_send_welcome_email', 10, 1 ); /** * Get invitations to the BP community filtered by arguments. * * @since 8.0.0 * * @param array $args Invitation arguments. See BP_Invitation::get() for list. * @return array $invites Matching BP_Invitation objects. */ function bp_members_invitations_get_invites( $args = array() ) { $invites_class = new BP_Members_Invitation_Manager(); return $invites_class->get_invitations( $args ); } /** * Check whether a user has sent any community invitations. * * @since 8.0.0 * * @param int $user_id ID of user to check for invitations sent by. * Defaults to the current user's ID. * * @return bool $invites True if user has sent invites. */ function bp_members_invitations_user_has_sent_invites( $user_id = 0 ) { if ( 0 === $user_id ) { $user_id = bp_loggedin_user_id(); if ( ! $user_id ) { return false; } } $invites_class = new BP_Members_Invitation_Manager(); $args = array( 'inviter_id' => $user_id, ); return (bool) $invites_class->invitation_exists( $args ); } /** * Invite a user to a BP community. * * @since 8.0.0 * * @param array|string $args { * Array of arguments. * @type int $invitee_email Email address of the user being invited. * @type int $network_id ID of the network to which the user is being invited. * @type int $inviter_id Optional. ID of the inviting user. Default: * ID of the logged-in user. * @type string $date_modified Optional. Modified date for the invitation. * Default: current date/time. * @type string $content Optional. Message to invitee. * @type bool $send_invite Optional. Whether the invitation should be * sent now. Default: false. * } * @return bool True on success, false on failure. */ function bp_members_invitations_invite_user( $args = array() ) { $r = bp_parse_args( $args, array( 'invitee_email' => '', 'network_id' => get_current_network_id(), 'inviter_id' => bp_loggedin_user_id(), 'date_modified' => bp_core_current_time(), 'content' => '', 'send_invite' => 0, ), 'members_invitations_invite_user' ); $inv_args = array( 'invitee_email' => $r['invitee_email'], 'item_id' => $r['network_id'], 'inviter_id' => $r['inviter_id'], 'date_modified' => $r['date_modified'], 'content' => $r['content'], 'send_invite' => $r['send_invite'], ); // Create the invitataion. $invites_class = new BP_Members_Invitation_Manager(); $created = $invites_class->add_invitation( $inv_args ); /** * Fires after the creation of a new network invite. * * @since 8.0.0 * * @param array $r Array of parsed arguments for the network invite. * @param int|bool $created The ID of the invitation or false if it couldn't be created. */ do_action( 'bp_members_invitations_invite_user', $r, $created ); return $created; } /** * Resend a membership invitation email by id. * * @since 8.0.0 * * @param int $id ID of the invitation to resend. * @return bool True on success, false on failure. */ function bp_members_invitation_resend_by_id( $id = 0 ) { // Find the invitation before resending it. $existing_invite = new BP_Invitation( $id ); $invites_class = new BP_Members_Invitation_Manager(); $success = $invites_class->send_invitation_by_id( $id ); if ( ! $success ) { return $success; } /** * Fires after the re-sending of a network invite. * * @since 8.0.0 * * @param BP_Invitation $existing_invite The invitation that was resent. */ do_action( 'bp_members_invitations_resend_invitation', $existing_invite ); return $success; } /** * Delete a membership invitation by id. * * @since 8.0.0 * * @param int $id ID of the invitation to delete. * @return int|bool Number of rows deleted on success, false on failure. */ function bp_members_invitations_delete_by_id( $id = 0 ) { // Find the invitation before deleting it. $existing_invite = new BP_Invitation( $id ); $invites_class = new BP_Members_Invitation_Manager(); $success = $invites_class->delete_by_id( $id ); if ( ! $success ) { return $success; } // Run a different action depending on the status of the invite. if ( ! $existing_invite->invite_sent ) { /** * Fires after the deletion of an unsent community invite. * * @since 8.0.0 * * @param BP_Invitation $existing_invite The invitation to be deleted. */ do_action( 'bp_members_invitations_canceled_invitation', $existing_invite ); } else if ( ! $existing_invite->accepted ) { /** * Fires after the deletion of a sent, but not yet accepted, community invite. * * @since 8.0.0 * * @param BP_Invitation $existing_invite The invitation to be deleted. */ do_action( 'bp_members_invitations_revoked_invitation', $existing_invite ); } else { /** * Fires after the deletion of a sent and accepted community invite. * * @since 8.0.0 * * @param BP_Invitation $existing_invite The invitation to be deleted. */ do_action( 'bp_members_invitations_deleted_invitation', $existing_invite ); } return $success; } /** * Delete a membership invitation. * * @since 8.0.0 * * @param intring $args { * Array of arguments. * @type int|array $id Id(s) of the invitation(s) to remove. * @type int $invitee_email Email address of the user being invited. * @type int $network_id ID of the network to which the user is being invited. * @type int $inviter_id ID of the inviting user. * @type int $accepted Whether the invitation has been accepted yet. * @type int $invite_sent Whether the invitation has been sent yet. * } * @return bool True if all were deleted. */ function bp_members_invitations_delete_invites( $args = array() ) { $r = bp_parse_args( $args, array( 'id' => false, 'invitee_email' => '', 'network_id' => get_current_network_id(), 'inviter_id' => null, 'accepted' => null, 'invite_sent' => null, ), 'members_invitations_delete_invites' ); $inv_args = array( 'id' => $r['id'], 'invitee_email' => $r['invitee_email'], 'item_id' => $r['network_id'], 'inviter_id' => $r['inviter_id'], 'accepted' => $r['accepted'], 'invite_sent' => $r['invite_sent'], ); // Find the invitation(s). $invites = bp_members_invitations_get_invites( $inv_args ); $total_count = count( $invites ); // Loop through, deleting each invitation. $deleted = 0; foreach ( $invites as $invite ) { $success = bp_members_invitations_delete_by_id( $invite->id ); if ( $success ) { $deleted++; } } return $deleted === $total_count; } /** * Get hash based on details of a membership invitation and the inviter. * * @since 8.0.0 * * @param BP_Invitation $invitation Invitation to create hash from. * * @return string $hash Calculated sha1 hash. */ function bp_members_invitations_get_hash( $invitation ) { $hash = false; if ( ! empty( $invitation->id ) ) { $inviter_ud = get_userdata( $invitation->inviter_id ); if ( $inviter_ud ) { /* * Use some inviter details as part of the hash so that invitations from * users who are subsequently marked as spam will be invalidated. */ $hash = wp_hash( "{$invitation->inviter_id}:{$invitation->invitee_email}:{$inviter_ud->user_status}:{$inviter_ud->user_registered}" ); } } // If there's a problem, return a string that will change and thus fail. if ( ! $hash ) { $hash = wp_generate_password( 32, false ); } /** * Filters the hash calculated by the invitation details. * * @since 8.0.0 * * @param string $hash Calculated sha1 hash. * @param BP_Invitation $invitation Invitation hash was created from. */ return apply_filters( 'bp_members_invitations_get_hash', $hash, $invitation ); } /** * Get the current invitation specified by the $_GET parameters. * * @since 8.0.0 * * @return BP_Invitation $invite Invitation specified by the $_GET parameters. */ function bp_get_members_invitation_from_request() { $invites_class = new BP_Members_Invitation_Manager(); $invite = $invites_class->get_by_id( 0 ); if ( bp_get_members_invitations_allowed() && ! empty( $_GET['inv'] ) ) { // Check to make sure the passed hash matches a calculated hash. $maybe_invite = $invites_class->get_by_id( absint( $_GET['inv'] ) ); $hash = bp_members_invitations_get_hash( $maybe_invite ); if ( $_GET['ih'] === $hash ) { $invite = $maybe_invite; } } /** * Filters the invitation specified by the $_GET parameters. * * @since 8.0.0 * * @param BP_Invitation $invite Invitation specified by the $_GET parameters. */ return apply_filters( 'bp_get_members_invitation_from_request', $invite ); } /** * Get WP_User object corresponding to a record in the signups table. * * @since 10.0.0 * * @param string $field Which fields to search by. Possible values are * activation_key, user_email, id. * @param string $value Value to search by. * @return bool|BP_Signup $signup Found signup, returns first found * if more than one is found. */ function bp_members_get_signup_by( $field = 'activation_key', $value = '' ) { switch ( $field ) { case 'activation_key': case 'user_email': $key = $field; break; case 'id': default: $key = 'include'; break; } $signups = BP_Signup::get( array( $key => $value, ) ); if ( ! empty( $signups['signups'] ) ) { $signup = current( $signups['signups'] ); } else { $signup = false; } return $signup; } /** * Are site creation requests currently enabled? * * @since 10.0.0 * * @return bool Whether site requests are currently enabled. */ function bp_members_site_requests_enabled() { $matches = array( 'blog', 'all' ); return is_multisite() && in_array( bp_core_get_root_option( 'registration' ), $matches, true ); } /** * Returns the strength score a password needs to have to be used by a member. * * Score => Allowed Strength. * 0 => any passwords. * 1 => at least short passwords. * 2 => at least weak passwords. * 3 => at least good passwords. * 4 => at least strong passwords. * * @since 10.0.0 * * @return int the strength score a password needs to have to be used by a member. */ function bp_members_user_pass_required_strength() { $default_strength = 0; if ( defined( 'BP_MEMBERS_REQUIRED_PASSWORD_STRENGTH' ) && BP_MEMBERS_REQUIRED_PASSWORD_STRENGTH ) { $default_strength = (int) BP_MEMBERS_REQUIRED_PASSWORD_STRENGTH; } /** * Filter here to raise the strength score user passwords need to reach to be allowed. * * @since 10.0.0 * * @param int $default_strength The strength score user passwords need to reach to be allowed. */ return (int) apply_filters( 'bp_members_user_pass_required_strength', $default_strength ); }