PATH:
home
/
centosnipponia
/
public_html
/
nipponiacar
/
wp-content
/
plugins
/
kirki
/
ComponentLibrary
/
controller
<?php namespace KirkiComponentLib\Controller; if ( ! defined( 'ABSPATH' ) ) { exit; // Exit if accessed directly. } use Kirki\HelperFunctions; use WP_REST_Server; use WP_REST_Controller; use WP_REST_Response; class CompLibFormHandler extends WP_REST_Controller { protected $namespace = KIRKI_COMPONENT_LIBRARY_APP_PREFIX . '/v1'; public function __construct() { $this->init_rest_api_endpoint( 'kirki-login', WP_REST_Server::CREATABLE, array( $this, 'handle_login' ) ); $this->init_rest_api_endpoint( 'kirki-register', WP_REST_Server::CREATABLE, array( $this, 'handle_register' ) ); $this->init_rest_api_endpoint( 'kirki-forgot-password', WP_REST_Server::CREATABLE, array( $this, 'handle_forgot_password' ) ); $this->init_rest_api_endpoint( 'kirki-change-password', WP_REST_Server::CREATABLE, array( $this, 'handle_change_password' ) ); $this->init_rest_api_endpoint( 'kirki-retrieve-username', WP_REST_Server::CREATABLE, array( $this, 'handle_retrieve_username' ) ); $this->init_rest_api_endpoint( 'kirki-comment', WP_REST_Server::CREATABLE, array( $this, 'handle_post_comment' ) ); } public function init_rest_api_endpoint( $endpoint, $methods, $callback ) { add_action( 'rest_api_init', function () use ( $endpoint, $methods, $callback ) { register_rest_route( $this->namespace, '/' . $endpoint, array( array( 'methods' => $methods, 'callback' => $callback, 'permission_callback' => array( $this, 'get_item_permissions_check' ), 'args' => $this->get_endpoint_args_for_item_schema( $methods ), ), 'schema' => array( $this, 'get_item_schema' ), ) ); } ); } public function get_item_permissions_check( $request ) { return true; } private function wp_unique_username( $username, $suffix = 1 ) { $original_username = $username; while ( username_exists( $username ) ) { $username = sprintf( '%s_%d', $original_username, $suffix++ ); } return $username; } public function handle_post_comment( $request ) { $form_data = $request->get_body_params(); $transiet_name = $this->validate_nonce( 'kirki-comment' ); $name = isset( $form_data['name'] ) ? sanitize_text_field( $form_data['name'] ) : ''; $email = isset( $form_data['email'] ) ? sanitize_email( $form_data['email'] ) : ''; $comment = isset( $form_data['comment'] ) ? sanitize_text_field( $form_data['comment'] ) : ''; $post_id = isset( $form_data['post_id'] ) ? sanitize_text_field( $form_data['post_id'] ) : 0; $comment_parent = isset( $form_data['comment_parent'] ) ? sanitize_text_field( $form_data['comment_parent'] ) : 0; $date = gmdate( 'Y-m-d H:i:s' ); $user_id = get_current_user_id(); $user = get_user_by( 'ID', $user_id ); if ( $user ) { $name = $user->get( 'display_name' ); $email = $user->get( 'user_email' ); } $existing_comment_id = isset( $form_data['comment_id'] ) ? sanitize_text_field( $form_data['comment_id'] ) : 0; $is_edit = 0 == $existing_comment_id ? false : true; $collection_type = isset( $form_data['collection_type'] ) ? sanitize_text_field( $form_data['collection_type'] ) : ''; global $wpdb; if ( $is_edit ) { $wpdb->update( $wpdb->comments, array( 'comment_content' => $comment, 'comment_date' => $date, 'comment_date_gmt' => get_gmt_from_date( $date ), ), array( 'comment_ID' => $existing_comment_id ) ); apply_filters( 'kirki_comment_added-' . $collection_type, array( 'comment_ID' => $existing_comment_id, 'user_id' => $user_id, 'form_data' => $form_data, ) ); } else { $comment_data = array( 'comment_post_ID' => $post_id, 'user_id' => $user_id, 'comment_author' => $name, 'comment_author_email' => $email, 'comment_content' => $comment, 'comment_parent' => $comment_parent, 'comment_approved' => 1, 'comment_date' => $date, 'comment_date_gmt' => get_gmt_from_date( $date ), ); $comment_data = apply_filters( 'kirki_comment-' . $collection_type, $comment_data ); $wpdb->insert( $wpdb->comments, $comment_data ); $comment_id = (int) $wpdb->insert_id; apply_filters( 'kirki_comment_added-' . $collection_type, array( 'comment_ID' => $comment_id, 'user_id' => $user_id, 'form_data' => $form_data, ) ); } // Check if the comment was added successfully. if ( $comment_id ) { $response = array( 'message' => 'Comment Added', ); delete_transient( $transiet_name ); return new WP_REST_Response( $response, 200 ); } else { $response = array( 'message' => 'Invalid form data', ); return new WP_REST_Response( $response, 400 ); } } public function handle_login( $request ) { $form_data = $request->get_body_params(); $transiet_name = $this->validate_nonce( 'kirki-login' ); $username = isset( $form_data['username'] ) ? sanitize_text_field( $form_data['username'] ) : ''; $password = isset( $form_data['password'] ) ? sanitize_text_field( $form_data['password'] ) : ''; $email = isset( $form_data['email'] ) ? sanitize_email( $form_data['email'] ) : ''; if ( strlen( $username ) === 0 && isset( $form_data['email'] ) && strlen( $email ) > 0 ) { $user = get_user_by( 'email', $email ); if ( $user ) { $username = $user->get( 'user_login' ); } else { $response = array( 'message' => 'User not found', ); return new WP_REST_Response( $response, 404 ); } } if ( isset( $username ) && strlen( $username ) > 0 && isset( $password ) && strlen( $password ) > 0 ) { $user = wp_signon( array( 'user_login' => $username, 'user_password' => $password, 'remember' => true, ) ); if ( is_wp_error( $user ) ) { $response = array( 'message' => $user->errors[ array_key_first( $user->errors ) ], ); return new WP_REST_Response( $response, 500 ); } $response = array( 'message' => 'User logged in', 'user' => array( 'username' => $user->get( 'user_login' ), 'id' => $user->get( 'ID' ), 'display_name' => $user->get( 'display_name' ), 'email' => $user->get( 'user_email' ), 'user_type' => $user->get( 'user_type' ), ), ); delete_transient( $transiet_name ); return new WP_REST_Response( $response, 200 ); } $response = array( 'message' => 'Invalid form data', ); return new WP_REST_Response( $response, 400 ); } public function handle_register( $request ) { $can_register = get_option( 'users_can_register' ); if ( $can_register !== '1' ) { $response = array( 'message' => 'User not allowed to register', ); return new WP_REST_Response( $response, 500 ); }; $form_data = $request->get_body_params(); $transiet_name = $this->validate_nonce( 'kirki-register' ); $username = isset( $form_data['username'] ) ? sanitize_text_field( $form_data['username'] ) : ''; $email = isset( $form_data['email'] ) ? sanitize_email( $form_data['email'] ) : ''; $password = isset( $form_data['password'] ) ? sanitize_text_field( $form_data['password'] ) : ''; if ( strlen( $email ) > 0 && strlen( $username ) === 0 ) { preg_match( '/^(.*?)@/', $email, $matches ); $username = $this->wp_unique_username( $matches[1] ); } $user_data = array( 'user_login' => $username, 'user_email' => $email, 'user_pass' => $password, 'meta_input' => array(), ); foreach ( $form_data as $name => $value ) { if ( $name !== 'username' && $name !== 'email' && $name !== 'password' && $name !== 'confirm_password' ) { $user_data['meta_input'][ KIRKI_COMPONENT_LIBRARY_APP_PREFIX . '_' . $name ] = $value; } } if ( isset( $username ) && strlen( $username ) > 0 && isset( $email ) && strlen( $email ) > 0 && isset( $password ) && strlen( $password ) > 0 ) { $id = wp_insert_user( $user_data ); if ( is_wp_error( $id ) ) { $response = array( 'message' => $id->errors[ array_key_first( $id->errors ) ], ); return new WP_REST_Response( $response, 500 ); } wp_new_user_notification( $id, null, 'both' ); $response = array( 'message' => 'User created', 'user_id' => $id, ); delete_transient( $transiet_name ); return new WP_REST_Response( $response, 200 ); } $response = array( 'message' => 'Invalid form data', ); return new WP_REST_Response( $response, 400 ); } public function handle_forgot_password( $request ) { $form_data = $request->get_body_params(); $transiet_name = $this->validate_nonce( 'kirki-forgot-password' ); $email = isset( $form_data['email'] ) ? sanitize_email( $form_data['email'] ) : ''; $username = isset( $form_data['username'] ) ? sanitize_text_field( $form_data['username'] ) : ''; if ( strlen( $username ) === 0 && isset( $form_data['email'] ) && strlen( $email ) > 0 ) { $user = get_user_by( 'email', $email ); if ( $user ) { $username = $user->get( 'user_login' ); } else { $response = array( 'message' => 'User not found', ); return new WP_REST_Response( $response, 404 ); } } if ( isset( $username ) && strlen( $username ) > 0 ) { $user = get_user_by( 'login', $username ); if ( ! $user ) { $response = array( 'message' => 'User not found', ); return new WP_REST_Response( $response, 404 ); } $key = get_password_reset_key( $user ); if ( is_wp_error( $key ) ) { $response = array( 'message' => $key->get_error_message(), ); return new WP_REST_Response( $response, 500 ); } // Prepare email content. $url = HelperFunctions::get_utility_page_url( 'reset_password' ); $username = $user->user_login; $chip_data = array( 'username' => $username, 'email' => $email, 'displayname' => $user->display_name, 'sitename' => get_bloginfo( 'name' ), 'reset_link' => "$url?action=rp&key=$key&login=" . rawurlencode( $username ), ); $email_subject = isset( $form_data['emailSubject'] ) ? sanitize_text_field( $form_data['emailSubject'] ) : ''; $email_body = ''; if ( isset( $form_data['emailBody'] ) ) { $email_body = json_decode( $form_data['emailBody'], true ); foreach ( $email_body as $key => $body_data ) { if ( isset( $body_data['type'] ) && isset( $body_data['value'] ) && $body_data['type'] === 'text' ) { $email_body = $email_body . $body_data['value']; } elseif ( isset( $body_data['type'] ) && isset( $body_data['value'] ) && $body_data['type'] === 'chip' ) { $email_body = $email_body . $chip_data[ $body_data['value'] ]; } } } $email_body = nl2br( $email_body ); $headers = array( 'Content-Type: text/html; charset=UTF-8' ); // Send custom email. apply_filters( 'kirki_element_smtp', '' ); $sent = wp_mail( $email, $email_subject, $email_body, $headers ); if ( $sent ) { $response = array( 'message' => 'Email sent', ); delete_transient( $transiet_name ); return new WP_REST_Response( $response, 200 ); } else { $response = array( 'message' => 'Failed to send email', ); return new WP_REST_Response( $response, 500 ); } } $response = array( 'message' => 'Invalid request', ); return new WP_REST_Response( $response, 400 ); } public function handle_change_password( $request ) { $form_data = $request->get_body_params(); $transiet_name = $this->validate_nonce( 'kirki-change-password' ); $username = isset( $form_data['username'] ) ? sanitize_text_field( $form_data['username'] ) : ''; $reset_key = isset( $form_data['reset_key'] ) ? sanitize_text_field( $form_data['reset_key'] ) : ''; $new_password = isset( $form_data['new_password'] ) ? sanitize_text_field( $form_data['new_password'] ) : ''; $confirm_password = isset( $form_data['confirm_password'] ) ? sanitize_text_field( $form_data['confirm_password'] ) : ''; if ( empty( $reset_key ) || empty( $username ) || empty( $new_password ) || empty( $confirm_password ) ) { wp_send_json_error( array( 'message' => 'Invalid request.' ), 400 ); exit; } if ( $new_password !== $confirm_password ) { wp_send_json_error( array( 'message' => 'Passwords do not match.' ), 400 ); exit; } $user = check_password_reset_key( $reset_key, $username ); if ( is_wp_error( $user ) ) { wp_send_json_error( array( 'message' => $user->get_error_message() ), 400 ); exit; } wp_set_password( $new_password, $user->ID ); delete_transient( $transiet_name ); wp_send_json_success( array( 'message' => 'Password reset successfully.' ) ); exit; } public function handle_retrieve_username( $request ) { $form_data = $request->get_body_params(); $transiet_name = $this->validate_nonce( 'kirki-retrieve-username' ); $email = isset( $form_data['email'] ) ? sanitize_email( $form_data['email'] ) : ''; if ( empty( $email ) || ! is_email( $email ) ) { wp_send_json_error( array( 'message' => 'Invalid email address.' ), 400 ); exit; } $user = get_user_by( 'email', $email ); if ( ! $user ) { wp_send_json_error( array( 'message' => 'No user found with that email address.' ), 404 ); exit; } $username = $user->user_login; $chip_data = array( 'username' => $username, 'email' => $email, 'displayname' => $user->display_name, 'sitename' => get_bloginfo( 'name' ), ); $email_subject = isset( $form_data['emailSubject'] ) ? sanitize_text_field( $form_data['emailSubject'] ) : ''; $email_body = ''; if ( isset( $form_data['emailBody'] ) ) { $email_body = json_decode( $form_data['emailBody'], true ); foreach ( $email_body as $key => $body_data ) { if ( isset( $body_data['type'] ) && isset( $body_data['value'] ) && $body_data['type'] === 'text' ) { $email_body = $email_body . $body_data['value']; } elseif ( isset( $body_data['type'] ) && isset( $body_data['value'] ) && $body_data['type'] === 'chip' ) { $email_body = $email_body . $chip_data[ $body_data['value'] ]; } } } $email_body = nl2br( $email_body ); $headers = array( 'Content-Type: text/html; charset=UTF-8' ); apply_filters( 'kirki_element_smtp', '' ); $email_sent = wp_mail( $email, $email_subject, $email_body, $headers ); if ( ! $email_sent ) { wp_send_json_error( array( 'message' => 'Failed to send email. Please try again later.' ), 500 ); exit; } delete_transient( $transiet_name ); wp_send_json_success( array( 'message' => 'Username sent to your email address.' ) ); exit; } public function validate_nonce( $element_name ) { $nonce = isset( $_SERVER['HTTP_X_WP_ELEMENT_NONCE'] ) ? sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_WP_ELEMENT_NONCE'] ) ) : null; if ( ! $nonce ) { wp_send_json_error( 'Missing nonce', 400 ); exit; } $action = KIRKI_COMPONENT_LIBRARY_APP_PREFIX . '_' . $element_name; if ( ! wp_verify_nonce( $nonce, $action ) ) { wp_send_json_error( 'Not authorized', 400 ); exit; } return true; } } new CompLibFormHandler();
[+]
..
[-] CompLibFormHandler.php
[edit]
[-] ElementGenerator.php
[edit]
[-] ShowUserMetadata.php
[edit]
[-] .htaccess.disabled
[edit]