pluggable.php

Revision 1139, 24.0 kB (checked in by donncha, 1 year ago)
Merge with WordPress? 2.3.1

Line
1	<?php
2
3	/* These functions can be replaced via plugins. They are loaded after
4	plugins are loaded. */
5
6	if ( !function_exists('set_current_user') ) :
7	function set_current_user($id, $name = '') {
8	return wp_set_current_user($id, $name);
9	}
10	endif;
11
12	if ( !function_exists('wp_set_current_user') ) :
13	function wp_set_current_user($id, $name = '') {
14	global $current_user;
15
16	if ( isset($current_user) && ($id == $current_user->ID) )
17	return $current_user;
18
19	$current_user = new WP_User($id, $name);
20
21	setup_userdata($current_user->ID);
22
23	do_action('set_current_user');
24
25	return $current_user;
26	}
27	endif;
28
29	if ( !function_exists('wp_get_current_user') ) :
30	function wp_get_current_user() {
31	global $current_user;
32
33	get_currentuserinfo();
34
35	return $current_user;
36	}
37	endif;
38
39	if ( !function_exists('get_currentuserinfo') ) :
40	function get_currentuserinfo() {
41	global $current_user;
42
43	if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
44	return false;
45
46	if ( ! empty($current_user) )
47	return;
48
49	if ( empty($_COOKIE[USER_COOKIE]) \|\| empty($_COOKIE[PASS_COOKIE]) \|\|
50	!wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) {
51	wp_set_current_user(0);
52	return false;
53	}
54
55	$user_login = $_COOKIE[USER_COOKIE];
56	wp_set_current_user(0, $user_login);
57	}
58	endif;
59
60	if ( !function_exists('get_userdata') ) :
61	function get_userdata( $user_id ) {
62	global $wpdb, $cache_userdata;
63	$user_id = abs(intval($user_id));
64	if ( $user_id == 0 )
65	return false;
66
67	$user = wp_cache_get($user_id, 'users');
68	$user_level = $wpdb->base_prefix . $wpdb->blogid . '_user_level';
69	if ( $user && is_site_admin( $user->user_login ) ) {
70	$user->$user_level = 10;
71	$user->user_level = 10;
72	$cap_key = $wpdb->prefix . 'capabilities';
73	$user->{$cap_key} = array( 'administrator' => '1' );
74	return $user;
75	} elseif ( $user ) {
76	return $user;
77	}
78
79	if ( !$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID = '$user_id' LIMIT 1") )
80	return false;
81
82	$wpdb->hide_errors();
83	$metavalues = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'");
84	$wpdb->show_errors();
85
86	if ($metavalues) {
87	foreach ( $metavalues as $meta ) {
88	$value = maybe_unserialize($meta->meta_value);
89	$user->{$meta->meta_key} = $value;
90
91	// We need to set user_level from meta, not row
92	if ( $wpdb->prefix . 'user_level' == $meta->meta_key )
93	$user->user_level = $meta->meta_value;
94	} // end foreach
95	} //end if
96
97	// For backwards compat.
98	if ( isset($user->first_name) )
99	$user->user_firstname = $user->first_name;
100	if ( isset($user->last_name) )
101	$user->user_lastname = $user->last_name;
102	if ( isset($user->description) )
103	$user->user_description = $user->description;
104
105	if( is_site_admin( $user->user_login ) == true ) {
106	$user->user_level = 10;
107	$cap_key = $wpdb->prefix . 'capabilities';
108	$user->{$cap_key} = array( 'administrator' => '1' );
109	}
110
111	wp_cache_add($user_id, $user, 'users');
112	wp_cache_add($user->user_login, $user_id, 'userlogins');
113	return $user;
114	}
115	endif;
116
117	if ( !function_exists('update_user_cache') ) :
118	function update_user_cache() {
119	return true;
120	}
121	endif;
122
123	if ( !function_exists('get_userdatabylogin') ) :
124	function get_userdatabylogin($user_login) {
125	global $wpdb;
126	$user_login = sanitize_user( $user_login );
127
128	if ( empty( $user_login ) )
129	return false;
130
131	$user_id = wp_cache_get($user_login, 'userlogins');
132	$userdata = wp_cache_get($user_id, 'users');
133
134	if( $userdata && is_site_admin( $user_login ) == true ) {
135	$userdata->user_level = 10;
136	$cap_key = $wpdb->prefix . 'capabilities';
137	$userdata->{$cap_key} = array( 'administrator' => '1' );
138	return $userdata;
139	} elseif( $userdata )
140	return $userdata;
141
142	$user_login = $wpdb->escape($user_login);
143
144	if ( !$user_ID = $wpdb->get_var("SELECT ID FROM $wpdb->users WHERE user_login = '$user_login'") )
145	return false;
146
147	$user = get_userdata($user_ID);
148	if( is_site_admin( $user_login ) == true ) {
149	$user->user_level = 10;
150	$cap_key = $wpdb->prefix . 'capabilities';
151	$user->{$cap_key} = array( 'administrator' => '1' );
152	}
153	return $user;
154	}
155	endif;
156
157	if ( !function_exists( 'wp_mail' ) ) :
158	function wp_mail( $to, $subject, $message, $headers = '' ) {
159	// Compact the input, apply the filters, and extract them back out
160	extract( apply_filters( 'wp_mail', compact( 'to', 'subject', 'message', 'headers' ) ) );
161
162	global $phpmailer;
163
164	// (Re)create it, if it's gone missing
165	if ( !is_object( $phpmailer ) \|\| !is_a( $phpmailer, 'PHPMailer' ) ) {
166	require_once ABSPATH . WPINC . '/class-phpmailer.php';
167	require_once ABSPATH . WPINC . '/class-smtp.php';
168	$phpmailer = new PHPMailer();
169	}
170
171	// Headers
172	if ( empty( $headers ) ) {
173	$headers = array();
174	} elseif ( !is_array( $headers ) ) {
175	// Explode the headers out, so this function can take both
176	// string headers and an array of headers.
177	$tempheaders = (array) explode( "\n", $headers );
178	$headers = array();
179
180	// If it's actually got contents
181	if ( !empty( $tempheaders ) ) {
182	// Iterate through the raw headers
183	foreach ( $tempheaders as $header ) {
184	if ( strpos($header, ':') === false )
185	continue;
186	// Explode them out
187	list( $name, $content ) = explode( ':', trim( $header ), 2 );
188
189	// Cleanup crew
190	$name = trim( $name );
191	$content = trim( $content );
192
193	// Mainly for legacy -- process a From: header if it's there
194	if ( 'from' == strtolower($name) ) {
195	if ( strpos($content, '<' ) !== false ) {
196	// So... making my life hard again?
197	$from_name = substr( $content, 0, strpos( $content, '<' ) - 1 );
198	$from_name = str_replace( '"', '', $from_name );
199	$from_name = trim( $from_name );
200
201	$from_email = substr( $content, strpos( $content, '<' ) + 1 );
202	$from_email = str_replace( '>', '', $from_email );
203	$from_email = trim( $from_email );
204	} else {
205	$from_name = trim( $content );
206	}
207	} elseif ( 'content-type' == strtolower($name) ) {
208	if ( strpos( $content,';' ) !== false ) {
209	list( $type, $charset ) = explode( ';', $content );
210	$content_type = trim( $type );
211	$charset = trim( str_replace( array( 'charset=', '"' ), '', $charset ) );
212	} else {
213	$content_type = trim( $content );
214	}
215	} else {
216	// Add it to our grand headers array
217	$headers[trim( $name )] = trim( $content );
218	}
219	}
220	}
221	}
222
223	// Empty out the values that may be set
224	$phpmailer->ClearAddresses();
225	$phpmailer->ClearAllRecipients();
226	$phpmailer->ClearAttachments();
227	$phpmailer->ClearBCCs();
228	$phpmailer->ClearCCs();
229	$phpmailer->ClearCustomHeaders();
230	$phpmailer->ClearReplyTos();
231
232	// From email and name
233	// If we don't have a name from the input headers
234	if ( !isset( $from_name ) ) {
235	$from_name = 'WordPress';
236	}
237
238	// If we don't have an email from the input headers
239	if ( !isset( $from_email ) ) {
240	// Get the site domain and get rid of www.
241	$sitename = strtolower( $_SERVER['SERVER_NAME'] );
242	if ( substr( $sitename, 0, 4 ) == 'www.' ) {
243	$sitename = substr( $sitename, 4 );
244	}
245
246	$from_email = 'wordpress@' . $sitename;
247	}
248
249	// Set the from name and email
250	$phpmailer->From = apply_filters( 'wp_mail_from', $from_email );
251	$phpmailer->Sender = apply_filters( 'wp_mail_from', $from_email );
252	$phpmailer->FromName = apply_filters( 'wp_mail_from_name', $from_name );
253
254	// Set destination address
255	$phpmailer->AddAddress( $to );
256
257	// Set mail's subject and body
258	$phpmailer->Subject = $subject;
259	$phpmailer->Body = $message;
260
261	// Set to use PHP's mail()
262	$phpmailer->IsMail();
263
264	// Set Content-Type and charset
265	// If we don't have a content-type from the input headers
266	if ( !isset( $content_type ) ) {
267	$content_type = 'text/plain';
268	}
269
270	$content_type = apply_filters( 'wp_mail_content_type', $content_type );
271
272	// Set whether it's plaintext or not, depending on $content_type
273	if ( $content_type == 'text/html' ) {
274	$phpmailer->IsHTML( true );
275	} else {
276	$phpmailer->IsHTML( false );
277	}
278
279	// If we don't have a charset from the input headers
280	if ( !isset( $charset ) ) {
281	$charset = get_bloginfo( 'charset' );
282	}
283
284	// Set the content-type and charset
285	$phpmailer->CharSet = apply_filters( 'wp_mail_charset', $charset );
286
287	// Set custom headers
288	if ( !empty( $headers ) ) {
289	foreach ( $headers as $name => $content ) {
290	$phpmailer->AddCustomHeader( sprintf( '%1$s: %2$s', $name, $content ) );
291	}
292	}
293
294	do_action_ref_array( 'phpmailer_init', array( &$phpmailer ) );
295
296	// Send!
297	$result = @$phpmailer->Send();
298
299	return $result;
300	}
301	endif;
302
303	if ( !function_exists('wp_login') ) :
304	function wp_login($username, $password, $already_md5 = false) {
305	global $wpdb, $error, $current_user;
306
307	$username = sanitize_user($username);
308
309	if ( '' == $username )
310	return false;
311
312	if ( '' == $password ) {
313	$error = __('<strong>ERROR</strong>: The password field is empty.');
314	return false;
315	}
316
317	$login = get_userdatabylogin($username);
318	//$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
319
320	if (!$login) {
321	if( is_site_admin( $username ) ) {
322	unset( $login );
323	$userdetails = get_userdatabylogin( $username );
324	$login->user_login = $username;
325	$login->user_pass = $userdetails->user_pass;
326	} else {
327	$admins = get_admin_users_for_domain();
328	reset( $admins );
329	foreach( $admins as $admin ) {
330	if( $admin[ 'user_login' ] == $username ) {
331	unset( $login );
332	$login->user_login = $username;
333	$login->user_pass = $admin[ 'user_pass' ];
334	}
335	}
336	}
337	}
338	if (!$login) {
339	$error = __('<strong>ERROR</strong>: Invalid username.');
340	return false;
341	} else {
342	if( is_site_admin( $username ) == false && ( $primary_blog = get_usermeta( $login->ID, "primary_blog" ) ) ) {
343	$details = get_blog_details( $primary_blog );
344	if( is_object( $details ) && $details->archived == 1 \|\| $details->spam == 1 \|\| $details->deleted == 1 ) {
345	$error = __('<strong>Error</strong>: Blog suspended.');
346	return false;
347	}
348	}
349	// If the password is already_md5, it has been double hashed.
350	// Otherwise, it is plain text.
351	if ( ($already_md5 && $login->user_login == $username && md5($login->user_pass) == $password) \|\| ($login->user_login == $username && $login->user_pass == md5($password)) ) {
352	return true;
353	} else {
354	$error = __('<strong>ERROR</strong>: Incorrect password.');
355	$pwd = '';
356	return false;
357	}
358	}
359	}
360	endif;
361
362	if ( !function_exists('is_user_logged_in') ) :
363	function is_user_logged_in() {
364	$user = wp_get_current_user();
365
366	if ( $user->id == 0 )
367	return false;
368
369	return true;
370	}
371	endif;
372
373	if ( !function_exists('auth_redirect') ) :
374	function auth_redirect() {
375	// Checks if a user is logged in, if not redirects them to the login page
376	if ( (!empty($_COOKIE[USER_COOKIE]) &&
377	!wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true)) \|\|
378	(empty($_COOKIE[USER_COOKIE])) ) {
379	nocache_headers();
380	wp_clearcookie();
381
382	wp_redirect(get_option('siteurl') . '/wp-login.php?action=auth&redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
383	exit();
384	}
385	}
386	endif;
387
388	if ( !function_exists('check_admin_referer') ) :
389	function check_admin_referer($action = -1) {
390	$adminurl = strtolower(get_option('siteurl')).'/wp-admin';
391	$referer = strtolower(wp_get_referer());
392	if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
393	!(-1 == $action && strpos($referer, $adminurl) !== false)) {
394	wp_nonce_ays($action);
395	die();
396	}
397	do_action('check_admin_referer', $action);
398	}endif;
399
400	if ( !function_exists('check_ajax_referer') ) :
401	function check_ajax_referer() {
402	$current_name = '';
403	if ( ( $current = wp_get_current_user() ) && $current->ID )
404	$current_name = $current->data->user_login;
405	if ( !$current_name )
406	die('-1');
407
408	$cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie
409	foreach ( $cookie as $tasty ) {
410	if ( false !== strpos($tasty, USER_COOKIE) )
411	$user = substr(strstr($tasty, '='), 1);
412	if ( false !== strpos($tasty, PASS_COOKIE) )
413	$pass = substr(strstr($tasty, '='), 1);
414	}
415
416	if ( $current_name != $user \|\| !wp_login( $user, $pass, true ) )
417	die('-1');
418	do_action('check_ajax_referer');
419	}
420	endif;
421
422	// Cookie safe redirect. Works around IIS Set-Cookie bug.
423	// http://support.microsoft.com/kb/q176113/
424	if ( !function_exists('wp_redirect') ) :
425	function wp_redirect($location, $status = 302) {
426	global $is_IIS;
427
428	$location = apply_filters('wp_redirect', $location, $status);
429
430	if ( !$location ) // allows the wp_redirect filter to cancel a redirect
431	return false;
432
433	$location = wp_sanitize_redirect($location);
434
435	if ( $is_IIS ) {
436	header("Refresh: 0;url=$location");
437	} else {
438	if ( php_sapi_name() != 'cgi-fcgi' )
439	status_header($status); // This causes problems on IIS and some FastCGI setups
440	header("Location: $location");
441	}
442	}
443	endif;
444
445	if ( !function_exists('wp_sanitize_redirect') ) :
446	/**
447	* sanitizes a URL for use in a redirect
448	* @return string redirect-sanitized URL
449	**/
450	function wp_sanitize_redirect($location) {
451	$location = preg_replace('\|[^a-z0-9-~+_.?#=&;,/:%]\|i', '', $location);
452	$location = wp_kses_no_null($location);
453
454	// remove %0d and %0a from location
455	$strip = array('%0d', '%0a');
456	$found = true;
457	while($found) {
458	$found = false;
459	foreach($strip as $val) {
460	while(strpos($location, $val) !== false) {
461	$found = true;
462	$location = str_replace($val, '', $location);
463	}
464	}
465	}
466	return $location;
467	}
468	endif;
469
470	if ( !function_exists('wp_safe_redirect') ) :
471	/**
472	* performs a safe (local) redirect, using wp_redirect()
473	* @return void
474	**/
475	function wp_safe_redirect($location, $status = 302) {
476
477	// Need to look at the URL the way it will end up in wp_redirect()
478	$location = wp_sanitize_redirect($location);
479
480	// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
481	if ( substr($location, 0, 2) == '//' )
482	$location = 'http:' . $location;
483
484	$lp = parse_url($location);
485	$wpp = parse_url(get_option('home'));
486
487	$allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), $lp['host']);
488
489	if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) )
490	$location = get_option('siteurl') . '/wp-admin/';
491
492	wp_redirect($location, $status);
493	}
494	endif;
495