functions-utils.php 9.64 KB
Newer Older
1
<?php
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
/**
 * Copyright: 2022 (c)Franco (nextime) Lanza <franco@nexlab.it>
 * License: GNU/GPL version 3.0
 *
 * This file is part of SexHackMe Wordpress Plugin.
 *
 * SexHackMe Wordpress Plugin is free software: you can redistribute it and/or modify it 
 * under the terms of the GNU General Public License as published 
 * by the Free Software Foundation, either version 3 of the License, 
 * or (at your option) any later version.
 *
 * SexHackMe Wordpress Plugin is distributed in the hope that it will be useful, 
 * but WITHOUT ANY WARRANTY; without even the implied warranty of 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
 * See the GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License 
 * along with SexHackMe Wordpress Plugin. If not, see <https://www.gnu.org/licenses/>.
 */
21 22 23

namespace wp_SexHackMe;

24 25
// Exit if accessed directly
if ( ! defined( 'ABSPATH' ) ) exit;
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41


if(!function_exists('sexhack_log')){
  function sexhack_log( $message, $dumps=false) {
    if( WP_DEBUG === true ){
      if( is_array( $message ) || is_object( $message ) ){
        error_log( "SexHackMe: ".print_r( $message, true ) );
      } else {
        if($dumps) error_log( "SexHackMe: ".$message." ".str_replace("\n", "", print_r($dumps, TRUE)) );
        else error_log( "SexHackMe: ".$message );
      }
    }
  }
}


42 43 44 45 46 47 48 49
function sanitize_idtype($idt=false)
{
   if((!$idt) || ($idt=='')) $idt='id';

   switch($idt)
   {
      case 'post':
      case 'product':
50 51 52 53
      case 'cat':
      case 'video':
      case 'user':
      case 'tag':
54 55 56
         return $idt."_id";
         break;
      case 'id':
57
      case 'slug':
58 59 60 61 62 63 64
         return $idt;
         break;
      default:
         return false;
   }
} 

65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
function debug_rewrite_rules($matchonly=false) 
{
   $matchonly=true;
   global $wp_rewrite, $wp, $template;
   $i=1;
   if (!empty($wp_rewrite->rules)) {
      foreach($wp_rewrite->rules as $name => $value) {
         if($name==$wp->matched_rule) {
            sexhack_log("MATCHED REWRITE RULE $i!!! NAME: ".$name." , VALUE: ".$value." , REQUEST: ".$wp->request." , MATCHED: ".$wp->matched_query." , TEMPLATE:".$template);
         } else {
            if(!$matchonly) 
               sexhack_log("REWRITE $i: $name -> $value ");
         }
         $i++;
      }
   }
}


function starts_with ($startString, $string)
{
    $len = strlen($startString);
    return (substr($string, 0, $len) === $startString);
}

function dump_rewrite( &$wp ) {
    global $wp_rewrite;

93 94
    ini_set( 'error_reporting', -1 );
    ini_set( 'display_errors', 'On' );
95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118
    echo '<h2>rewrite rules</h2>';
    echo var_export( $wp_rewrite->wp_rewrite_rules(), true );

    echo '<h2>permalink structure</h2>';
    echo var_export( $wp_rewrite->permalink_structure, true );

    echo '<h2>page permastruct</h2>';
    echo var_export( $wp_rewrite->get_page_permastruct(), true );

    echo '<h2>matched rule and query</h2>';
    echo var_export( $wp->matched_rule, true );

    echo '<h2>matched query</h2>';
    echo var_export( $wp->matched_query, true );

    echo '<h2>request</h2>';
    echo var_export( $wp->request, true );

    global $wp_the_query;
    echo '<h2>the query</h2>';
    echo var_export( $wp_the_query, true );
}

function do_dump_rewrite() {
119
   add_action( 'parse_request', 'wp_SexHackMe\sarca' );
120 121 122 123 124 125 126 127 128 129 130 131
}


function get_proto(){
    if(is_ssl()) {
        return 'https://';
    } else {
        return 'http://';
    }
}


132
function send_changepwd_mail($user_login, $baseurl=false){
133
   
134
    global $wpdb, $wp_hasher;
135 136 137
    if(!is_object($user_login)) {
      $user_login = sanitize_text_field($user_login);
      if ( empty( $user_login) ) {
138
        return false;
139
      } else if ( strpos( $user_login, '@' ) ) {
140 141 142
        $user_data = get_user_by( 'email', trim( $user_login ) );
        if ( empty( $user_data ) )
           return false;
143
      } else {
144 145
        $login = trim($user_login);
        $user_data = get_user_by('login', $login);
146
      }
147 148 149
    }
    
    do_action('lostpassword_post');
150
   
151
    if ( !$user_data ) return false;
152
    if ( !is_object($user_data) ) return false;
153 154 155 156 157 158 159 160 161 162 163

    // redefining user_login ensures we return the right case in the email
    $user_login = $user_data->user_login;
    $user_email = $user_data->user_email;
    do_action('retreive_password', $user_login);  // Misspelled and deprecated
    do_action('retrieve_password', $user_login);
    $allow = apply_filters('allow_password_reset', true, $user_data->ID);
    if ( ! $allow )
        return false;
    else if ( is_wp_error($allow) )
        return false;
164

165 166
    $key = pms_retrieve_activation_key( $user_login );
    //$key = get_password_reset_key( $user_data );
167 168 169 170 171 172
    do_action( 'retrieve_password_key', $user_login, $key );

    if ( empty( $wp_hasher ) ) {
        require_once ABSPATH . 'wp-includes/class-phpass.php';
        $wp_hasher = new PasswordHash( 8, true );
    }
173 174
    //$hashed = $wp_hasher->HashPassword( $key );    
    //$wpdb->update( $wpdb->users, array( 'user_activation_key' => time().":".$hashed ), array( 'user_login' => $user_login ) );
175 176 177 178 179
    $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
    $message .= network_home_url( '/' ) . "\r\n\r\n";
    $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
    $message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
    $message .= __('To reset your password, visit the following address:') . "\r\n\r\n";
180 181 182 183

    // XXX This is an hardcoded default. Do I really like it that way?
    if(!$baseurl) $baseurl='password-reset';
    $message .= '<' . network_site_url("/$baseurl/?key=$key&loginName=" . rawurlencode($user_login), 'login') . ">\r\n";
184 185 186 187 188 189 190 191 192 193
    //$message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";

    
    // XXX Should we send it with html for the link or can we assume links are ok with mail clients? verify please!
    //add_filter('wp_mail_content_type', function () { return 'text/html'; } );

    // Temporary change the from name and from email
    // XXX Require PMS! do we want it? Should we change with our own for sexhack?
    add_filter( 'wp_mail_from_name', array( 'PMS_Emails', 'pms_email_website_name' ), 20, 1 );
    add_filter( 'wp_mail_from', array( 'PMS_Emails', 'pms_email_website_email' ), 20, 1 );
194 195 196 197 198 199 200 201 202 203 204

    if ( is_multisite() )
        $blogname = $GLOBALS['current_site']->site_name;
    else
        $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);

    $title = sprintf( __('[%s] Password Reset'), $blogname );

    $title = apply_filters('retrieve_password_title', $title);
    $message = apply_filters('retrieve_password_message', $message, $key);

205 206 207 208 209 210

    // add option to store all user $id => $key and timestamp values that reset their passwords every 24 hours
    // XXX Require PMS, shouldn't we use normal wordpress activations keys? See commented parts on user_activation_key here
    if ( false === ( $activation_keys = get_option( 'pms_recover_password_activation_keys' ) ) ) {
         $activation_keys = array();
    }
211 212
    $activation_keys[$user_data->ID]['key'] = $key;
    $activation_keys[$user_data->ID]['time'] = time();
213 214
    update_option( 'pms_recover_password_activation_keys', $activation_keys );

215 216 217
    if ( $message && !wp_mail($user_email, $title, $message) )
        wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') );

218
   
219 220
}

221 222 223 224 225 226 227 228 229 230 231 232 233 234
function sexhack_getURL($url)
{
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36');
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    $out = curl_exec($ch);
    curl_close($ch);
    return $out;
}


function trim_text_preview($text, $len=340, $fill=false)
{
235 236 237 238 239 240
   $min="10";
   if($len < $min) $len=$min;
   if (strlen($text) > $len)
   {
       $offset = ($len - 3) - strlen($text);
       $text = substr($text, 0, strrpos($text, ' ', $offset)) . '...';
241 242 243 244 245 246 247 248 249
   }  
   if($fill)
   {
      $start=strlen($text);
      while($start < $len+1) {
         $start++;
         $text .= "&nbsp";
      }
   }
250
   return $text;
251 252
}

253 254 255 256
function check_url_or_path($url)
{
   if (strncmp($url, "/", 1) === 0)
      return 'path';
257 258
   else if(strncmp($url, 'gdrive://', 9) === 0)
      return 'gdrive';
259 260 261 262 263 264
   else if(filter_var($url, FILTER_VALIDATE_URL))
      return 'uri';

   return false;
}

265 266 267 268 269 270 271 272 273 274 275 276
function uniqidReal($lenght = 13) {
    // uniqid gives 13 chars, but you could adjust it to your needs.
    if (function_exists("random_bytes")) {
        $bytes = random_bytes(ceil($lenght / 2));
    } elseif (function_exists("openssl_random_pseudo_bytes")) {
        $bytes = openssl_random_pseudo_bytes(ceil($lenght / 2));
    } else {
        throw new Exception("no cryptographically secure random function available");
    }
    return substr(bin2hex($bytes), 0, $lenght);
}

277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296
function html2text($html)
{
    // remove comments and any content found in the the comment area (strip_tags only removes the actual tags).
    $plaintext = preg_replace('#<!--.*?-->#s', '', $html);

    // put a space between list items (strip_tags just removes the tags).
    $plaintext = preg_replace('#</li>#', ' </li>', $plaintext);

    // remove all script and style tags
    $plaintext = preg_replace('#<(script|style)\b[^>]*>(.*?)</(script|style)>#is', "", $plaintext);

    // remove br tags (missed by strip_tags)
    $plaintext = preg_replace('#<br[^>]*?>#', " ", $plaintext);

    // remove all remaining html
    $plaintext = strip_tags($plaintext);

    return $plaintext;
}

297 298 299 300 301 302
function checkbox($res)
{
     if($res=="1") return "checked";
}


303
?>