<?php /** * Copyright: 2022 (c)Franco (nextime) Lanza <franco@nexlab.it> * License: GNU/GPL version 3.0 * * This file is part of SexHackMe Wordpress Plugin. * * SexHackMe Wordpress Plugin is free software: you can redistribute it and/or modify it * under the terms of the GNU General Public License as published * by the Free Software Foundation, either version 3 of the License, * or (at your option) any later version. * * SexHackMe Wordpress Plugin is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with SexHackMe Wordpress Plugin. If not, see <https://www.gnu.org/licenses/>. */ namespace wp_SexHackMe; // Exit if accessed directly if ( ! defined( 'ABSPATH' ) ) exit; if(!class_exists('SH_PMS_Support')) { class SH_PMS_Support { public function __construct() { $this->plans = false; } private function set_pms_plans() { $plans = array( 'member' => array(), 'premium'=> array(), 'byid' => array() ); $splans=pms_get_subscription_plans(true); foreach($splans as $splan) { if(intval($splan->price)==0) $plans['member'][] = $splan->id; else $plans['premium'][] = $splan->id; $plans['byid'][$splan->id] = $splan; } $this->plans = $plans; return $plans; } public function refresh_plans() { $this->plans = set_pms_plans(); return $this->plans; } // XXX Here we just return the first "member" (free) plan // if any in our array. // // I should probably make it configurable with an option? // And should not be limited to the free ones? public function get_default_plan() { if(!$this->plans) $this->set_pms_plans(); if(count($this->plans['member']) > 0) { return $this->plans['byid'][$this->plans['member'][0]]; } return false; } public function get_member_plans() { if(!$this->plans) $this->set_pms_plans(); return $this->plans['member']; } public function get_premium_plans() { if(!$this->plans) $this->set_pms_plans(); return $this->plans['premium']; } public function get_plans($pid=false) { if(!$this->plans) $this->set_pms_plans(); if($pid) { if(array_key_exists($pid, $this->plans['byid'])) return $this->plans['byid'][$pid]; return false; } return $this->plans['byid']; } public function is_member($uid='') { return pms_is_member( $uid, $this->get_member_plans() ); } public function is_premium($uid='') { return pms_is_member( $uid, $this->get_premium_plans() ); } } function instance_SH_PMS_Support() { // add $sh_pms global object $GLOBALS['sh_pms'] = new SH_PMS_Support(); // backward compatibility $GLOBALS['sexhack_pms'] = $GLOBALS['sh_pms']; // Do action after instancing the global var to notify is reay do_action('sh_pms_ready'); } // Create the sh_pms object add_action('wp', 'wp_SexHackMe\instance_SH_PMS_Support'); } if(!class_exists('SexhackPmsPasswordDataLeak')) { class SexhackPmsPasswordDataLeak { public function __construct() { add_filter( 'pms_recover_password_message', array($this, "change_recover_form_message") ); add_action( 'init', array($this, 'reset_password_form'), 9); add_action( 'login_form_rp', array( $this, 'redirect_password_reset' ) ); add_action( 'login_form_resetpass', array( $this, 'redirect_password_reset' ) ); } public function change_recover_form_message($string) { // XXX This should be in a template file as a full substitute return str_replace("<br/>", "<br/>If valid, ", $string); } public function redirect_password_reset() { // XXX This should be configurable. wp_redirect( home_url( 'password-reset' ) ); } public function reset_password_form() { /* * Username or Email */ $error=false; if( isset( $_POST['pms_username_email'] ) ) { //Check recover password form nonce; if( !isset( $_POST['pmstkn'] ) || ( !wp_verify_nonce( sanitize_text_field( $_POST['pmstkn'] ), 'pms_recover_password_form_nonce') ) ) return; if( is_email( $_POST['pms_username_email'] ) ) $username_email = sanitize_email( $_POST['pms_username_email'] ); else $username_email = sanitize_text_field( $_POST['pms_username_email'] ); if( empty( $username_email ) ) pms_errors()->add( 'pms_username_email', __( 'Please enter a username or email address.', 'paid-member-subscriptions' ) ); else { $user = ''; // verify if it's a username and a valid one if ( !is_email($username_email) ) { if ( username_exists($username_email) ) { $user = get_user_by('login',$username_email); } else $error=true; } //verify if it's a valid email if ( is_email( $username_email ) ){ if ( email_exists($username_email) ) { $user = get_user_by('email', $username_email); } else $error=true; } } // Extra validation do_action( 'pms_recover_password_form_validation' ); //If entered username or email is valid (no errors), email the password reset confirmation link if ( count( pms_errors()->get_error_codes() ) == 0 && !$error) { // XXX this option? $mailpage = get_option('sexhack_registration_mail_endpoint', false); if($mailpage) { $page = get_page($mailpage); $mailpage = $page->post_name; } send_changepwd_mail($user, $mailpage); } } // isset($_POST[pms_username_email]) unset($_POST['pms_username_email']); } } // Let's create the Fixes new SexhackPmsPasswordDataLeak; } ?>