User class for JSON-API

1. <?php
2. /*
3. Controller name: User
4. Controller description: Methods for user management. Beta.
5.  
6. Code is based on code from wp-login.php.
7. Uses methods from wp-includes/user.php
8.  
9. Also adding code to change contact name and email
10. */
11.  
12. /** changing default wordpres email settings. uncomment to set your own email */
13. // add_filter('wp_mail_from', 'new_mail_from');
14. // add_filter('wp_mail_from_name', 'new_mail_from_name');
15.  
16. // function new_mail_from($old) {
17. //     return 'contact@yoursite.com';
18. // }
19. // function new_mail_from_name($old) {
20. //     return 'Your Site';
21. // }
22.  
23. class JSON_API_User_Controller {
24.  
25.     public function is_user_logged_in() {
26.         $result = $this->get_logged_in_user();
27.        
28.         return $result;
29.     }
30.    
31.     public function get_logged_in_user() {
32.         global $user_ID;
33.        
34.         if (is_user_logged_in()) { // this refers to the global method not local
35.             $loggedIn = (bool) true;
36.         }
37.         else {
38.             $loggedIn = (bool) false;
39.         }
40.        
41.         $avatarURL = get_avatar($user_ID);
42.         $user = get_userdata($user_ID);
43.         $dom = new DOMDocument();
44.         $dom->loadHTML($avatarURL);
45.         $avatarURL = $dom->getElementsByTagName('img')->item(0)->getAttribute('src');
46.        
47.         $result = array(
48.             'id' => $user_ID,
49.             'displayName' => "",
50.             'loggedIn' => $loggedIn,
51.             'avatar' => $avatarURL
52.         );
53.        
54.         if ($user) {
55.             $result['displayName'] = $user->data->display_name;
56.         }
57.        
58.         return $result;
59.     }
60.    
61.     public function logout() {
62.         /*
63.         // from wp-login.php:
64.         check_admin_referer('log-out');
65.         wp_logout();
66.         */
67.    
68.         wp_logout();
69.         wp_set_current_user(0); // force immediate logout
70.        
71.         $results = $this->get_logged_in_user();
72.        
73.         return $results;
74.     }
75.    
76.     public function login() {
77.         global $json_api;
78.        
79.         $secure_cookie = '';
80.         $interim_login = isset($_REQUEST['interim-login']);
81.    
82.         // code from wp-login.php not used at this time
83.         // If the user wants ssl but the session is not ssl, force a secure cookie.
84.         if ( !empty($_POST['log']) && !force_ssl_admin() ) {
85.             $user_name = sanitize_user($_POST['log']);
86.             if ( $user = get_user_by('login', $user_name) ) {
87.                 if ( get_user_option('use_ssl', $user->ID) ) {
88.                     $secure_cookie = true;
89.                     //force_ssl_admin(true);
90.                 }
91.                
92.             }
93.         }
94.        
95.         if ( isset( $_REQUEST['redirect_to'] ) ) {
96.             $redirect_to = $_REQUEST['redirect_to'];
97.             // Redirect to https if user wants ssl
98.             if ( $secure_cookie && false !== strpos($redirect_to, 'wp-admin') ) {
99.                 $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
100.             }
101.         } else {
102.             $redirect_to = admin_url();
103.         }
104.        
105.    
106.         //$reauth = empty($_REQUEST['reauth']) ? false : true;
107.    
108.        
109.         // If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
110.         // cookie and redirect back to the referring non-secure admin page.  This allows logins to always be POSTed over SSL while allowing the user to choose visiting
111.         // the admin via http or https.
112.         if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) ) {
113.             $secure_cookie = false;
114.         }
115.        
116.        
117.         //$user = wp_authenticate_username_password('', $_POST['log'], $_POST['pwd']);
118.         $user = wp_signon('', $secure_cookie);
119.            
120.         if (is_wp_error($user)) {
121.        
122.             // user is an error object
123.             $errors = $user;
124.            
125.             // if both login and password are empty no error is added so we add one now
126.             if (empty($_POST['log']) && empty($_POST['pwd'])) {
127.                 $errors->add('invalid_username', __("The username is empty."));
128.             }
129.            
130.             // Clear errors if loggedout is set.
131.             if ( !empty($_GET['loggedout']) || $reauth ) {
132.                 $errors = new WP_Error();
133.             }
134.        
135.             // If cookies are disabled we can't log in even with a valid user+pass
136.             if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) ) {
137.                 $errors->add('test_cookie', __("Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
138.             }
139.        
140.             // Some parts of this script use the main login form to display a message
141.             if        ( isset($_GET['loggedout']) && TRUE == $_GET['loggedout'] ) {
142.                 $errors->add('loggedout', __('You are now logged out.'), 'message');
143.             }
144.             elseif    ( isset($_GET['registration']) && 'disabled' == $_GET['registration'] ) {
145.                 $errors->add('registerdisabled', __('User registration is currently not allowed.'));
146.             }
147.             elseif    ( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] ) {
148.                 $errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message');
149.             }
150.             elseif    ( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] ) {
151.                 $errors->add('newpass', __('Check your e-mail for your new password.'), 'message');
152.             }
153.             elseif    ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] ) {
154.                 $errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message');
155.             }
156.             elseif    ( $interim_login ) {
157.                 $errors->add('expired', __('Your session has expired. Please log-in again.'), 'message');
158.             }
159.        
160.             // Clear any stale cookies.
161.             if ( $reauth ) {
162.                 wp_clear_auth_cookie();
163.             }
164.            
165.             return $errors;
166.         }
167.    
168.         //if (!$reauth) {
169.             if ( $interim_login ) {
170.                 $message = "Login successful interim";
171.             }
172.             else {
173.                 $message = "Login successful";
174.             }
175.    
176.             if ( ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url() ) ) {
177.                 // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
178.                 if ( is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin( $user->ID ) ) {
179.                     $redirect_to = user_admin_url();
180.                 }
181.                 elseif ( is_multisite() && !$user->has_cap('read') ) {
182.                     $redirect_to = get_dashboard_url( $user->ID );
183.                 }
184.                 elseif ( !$user->has_cap('edit_posts') ) {
185.                     $redirect_to = admin_url('profile.php');
186.                 }
187.             }
188.             //wp_safe_redirect($redirect_to);
189.            
190.             wp_set_current_user( $user->ID );
191.            
192.             $user = $this->get_logged_in_user();
193.            
194.             return $user;
195.         //}
196.        
197.     }
198.    
199.     public function register() {
200.        
201.         if ( is_multisite() ) {
202.             // Multisite uses wp-signup.php
203.             // Mulitsite not implemented at this time
204.             //wp_redirect( apply_filters( 'wp_signup_location', site_url('wp-signup.php') ) );
205.             //exit;
206.            
207.             $error = new WP_Error();
208.             $error->add('multisite_not_supported', __('Multisite is not supported at this time.'));
209.            
210.             return $error;
211.         }
212.  
213.         if (!get_option('users_can_register')) {
214.             $error = new WP_Error();
215.             $error->add('users_cannot_register', __('Registration is not enabled for this site.'));
216.            
217.             return $error;
218.         }
219.  
220.         $user_login = '';
221.         $user_email = '';
222.        
223.        
224.         if ( empty($_POST['username']) || empty($_POST['email']) ) {
225.             $errors = new WP_Error();
226.            
227.             if (empty($_POST['username'])) {
228.                 $errors->add('username_required', __("A username is required."));
229.             }
230.            
231.             if (empty($_POST['email'])) {
232.                 $errors->add('email_required', __("A email is required."));
233.             }
234.        
235.             return $errors;
236.         }
237.        
238.         $user_login = $_POST['username'];
239.         $user_email = $_POST['email'];
240.            
241.         $result = register_new_user($user_login, $user_email);
242.        
243.         if (is_wp_error($result)) {
244.             return $result;
245.         }
246.        
247.         return array(
248.             'id' => $result,
249.             'status' => "ok",
250.             'created' => (bool) true
251.         );
252.        
253.         return $user_login;
254.         return $error;
255.  
256.         //$redirect_to = apply_filters( 'registration_redirect', !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '' );
257.         //login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors);
258.    
259.     }
260.    
261.     public function lost_password() {
262.         global $wpdb, $current_site;
263.  
264.         $errors = new WP_Error();
265.  
266.         if ( empty( $_POST['username'] ) ) {
267.             $errors->add('empty_username', __('Enter a username or e-mail address.'));
268.         }
269.         else if ( strpos( $_POST['username'], '@' ) ) {
270.             $user_data = get_user_by( 'email', trim( $_POST['username'] ) );
271.            
272.             if ( empty( $user_data ) ) {
273.                 $errors->add('invalid_email', __('There is no user registered with that email address.'));
274.             }
275.         }
276.         else {
277.             $login = trim($_POST['username']);
278.             $user_data = get_user_by('login', $login);
279.         }
280.  
281.         do_action('lostpassword_post');
282.  
283.         if ( $errors->get_error_code() ) {
284.             return $errors;
285.         }
286.  
287.         if ( !$user_data ) {
288.             $errors->add('invalidcombo', __('Invalid username or e-mail.'));
289.             return $errors;
290.         }
291.  
292.         // redefining user_login ensures we return the right case in the email
293.         $user_login = $user_data->user_login;
294.         $user_email = $user_data->user_email;
295.  
296.         do_action('retreive_password', $user_login);  // Misspelled and deprecated
297.         do_action('retrieve_password', $user_login);
298.  
299.         $allow = apply_filters('allow_password_reset', true, $user_data->ID);
300.  
301.         if ( ! $allow ) {
302.             return new WP_Error('no_password_reset', __('Password reset is not allowed for this user'));
303.         }
304.         else if ( is_wp_error($allow) ) {
305.             return $allow;
306.         }
307.  
308.         $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login));
309.        
310.         if ( empty($key) ) {
311.             // Generate something random for a key...
312.             $key = wp_generate_password(20, false);
313.             do_action('retrieve_password_key', $user_login, $key);
314.             // Now insert the new md5 key into the db
315.             $wpdb->update($wpdb->users, array('user_activation_key' => $key), array('user_login' => $user_login));
316.         }
317.        
318.         $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
319.         $message .= network_site_url() . "\r\n\r\n";
320.         //$message .= sprintf(__('Username: %s'), $user_login) . "\r\n";
321.         $message .= sprintf(__('Passkey: %s'), $key) . "\r\n\r\n";
322.         $message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
323.         $message .= __('To reset your password, enter the passkey at the lost password screen.') . "\r\n\r\n";
324.         //$message .= __('To reset your password, visit the following address:') . "\r\n\r\n";
325.         //$message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";
326.  
327.         if ( is_multisite() ) {
328.             $blogname = $GLOBALS['current_site']->site_name;
329.         }
330.         else {
331.             // The blogname option is escaped with esc_html on the way into the database in sanitize_option
332.             // we want to reverse this for the plain text arena of emails.
333.             $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);  
334.         }
335.    
336.         $title = sprintf( __('[%s] Password Reset'), $blogname );
337.  
338.         $title = apply_filters('retrieve_password_title', $title);
339.         $message = apply_filters('retrieve_password_message', $message, $key);
340.  
341.         //global $from_name;
342.         //$from_name = 'Dude';
343.        
344.         if ( $message && !wp_mail($user_email, $title, $message) ) {
345.             $errors->add('email_not_sent', __('The e-mail could not be sent. Possible reason: your host may have disabled the mail() function.'));
346.         }
347.        
348.         $result = array(
349.             'message' => "A message was sent to the email address or user associated with that account.",
350.             'status' => "ok",
351.             'sent' => (bool) true
352.         );
353.        
354.         return $result;
355.     }
356.    
357.     public function reset_password() {
358.         global $wpdb;
359.        
360.         $key = $_GET['key'];
361.         $login = $_GET['login'];
362.         $pass1 = $_POST['pass1'];
363.        
364.         //$user = check_password_reset_key($_GET['key'], $_GET['login']);
365.         // check_password_reset_key - start
366.         $key = preg_replace('/[^a-z0-9]/i', '', $key);
367.  
368.         if ( empty( $key ) || !is_string( $key ) ) {
369.             $errors = new WP_Error('invalid_key', __('Invalid key'));
370.             return $errors;
371.         }
372.  
373.         if ( empty($login) || !is_string($login) ) {
374.             $errors = new WP_Error('invalid_login', __('Invalid login'));
375.             return $errors;
376.         }
377.  
378.         if ( !isset($_POST['pass1']) || empty($_POST['pass1']) ) {
379.             $errors = new WP_Error('password_not_set', __('Password not set'));
380.             return $errors;
381.         }
382.  
383.         $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login));
384.  
385.         if ( empty( $user ) ) {
386.             $errors = new WP_Error('invalid_key', __('Invalid key'));
387.             return $errors;
388.         }
389.        
390.         // check_password_reset_key - end
391.    
392.         if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] ) {
393.             $errors = new WP_Error('password_reset_mismatch', __('The passwords do not match.'));
394.            
395.             return $errors;
396.         }
397.        
398.         reset_password($user, $_POST['pass1']);
399.        
400.         $result = array(
401.             'status' => "ok",
402.             'reset' => (bool) true
403.         );
404.        
405.         return $result;
406.     }
407. }
408.  
409. ?>