WP-Members Membership Plugin

Version Description

Add [memberships] shortcode for admin notification email; this will include a list of memberships for the user in admin notification.
Move password reset link actions to template_redirect action. This should resolve issues that occur when multiple instances of the_content are run (i.e. the appearance of an invalid key message upon completing the password reset).

Release Info

Developer	cbutlerjr
Plugin	WP-Members Membership Plugin
Version	3.4.3.2
Comparing to
See all releases

Code changes from version 3.4.3.1 to 3.4.3.2

Files changed (6) hide show

includes/class-wp-members-forms.php +1 -1
includes/class-wp-members-products.php +27 -0
includes/class-wp-members-pwd-reset.php +98 -76
includes/class-wp-members.php +2 -3
readme.txt +6 -1
wp-members.php +2 -2

includes/class-wp-members-forms.php CHANGED Viewed

	@@ -750,7 +750,7 @@ class WP_Members_Forms {
750	}
751
752	// Build hidden fields, filter, and add to the form.
753	- if ( 'set_password_from_key' == wpmem_get( 'a', false, 'request' ) && ~~false == wpmem_get(~~ '~~formsubmit~~', ~~false~~ ) ) {
754	$hidden['action'] = wpmem_form_field( array( 'name' => 'a', 'type' => 'hidden', 'value' => 'set_password_from_key' ) );
755	$hidden['key'] = wpmem_form_field( array( 'name' => 'key', 'type' => 'hidden', 'value' => sanitize_text_field( wpmem_get( 'key', null, 'request' ) ) ) );
756	$hidden['login'] = wpmem_form_field( array( 'name' => 'login', 'type' => 'hidden', 'value' => sanitize_user( wpmem_get( 'login', null, 'request' ) ) ) );


750	}
751
752	// Build hidden fields, filter, and add to the form.
753	+ if ( 'set_password_from_key' == wpmem_get( 'a', false, 'request' ) && 'login' != $action ) {
754	$hidden['action'] = wpmem_form_field( array( 'name' => 'a', 'type' => 'hidden', 'value' => 'set_password_from_key' ) );
755	$hidden['key'] = wpmem_form_field( array( 'name' => 'key', 'type' => 'hidden', 'value' => sanitize_text_field( wpmem_get( 'key', null, 'request' ) ) ) );
756	$hidden['login'] = wpmem_form_field( array( 'name' => 'login', 'type' => 'hidden', 'value' => sanitize_user( wpmem_get( 'login', null, 'request' ) ) ) );

includes/class-wp-members-products.php CHANGED Viewed

@@ -97,6 +97,7 @@ class WP_Members_Products {
             		add_filter( 'wpmem_securify',               array( $this, 'product_access' ) );
             		add_filter( 'wpmem_product_restricted_msg', array( $this, 'apply_custom_access_message' ), 10, 2 );
             		add_filter( 'wpmem_restricted_msg',         array( $this, 'apply_custom_access_message' ), 10, 4 );
+            	}
             	/**
@@ -544,4 +545,30 @@ class WP_Members_Products {
             		return $new_value;
+            	}
+            }


97	add_filter( 'wpmem_securify', array( $this, 'product_access' ) );
98	add_filter( 'wpmem_product_restricted_msg', array( $this, 'apply_custom_access_message' ), 10, 2 );
99	add_filter( 'wpmem_restricted_msg', array( $this, 'apply_custom_access_message' ), 10, 4 );
100	+ add_filter( 'wpmem_email_shortcodes', array( $this, 'email_shortcodes' ), 10, 3 );
101	}
102
103	/**

545
546	return $new_value;
547	}
548	+
549	+ /**
550	+ * Adds [user_memberships] shortcode for use in the admin email
551	+ *
552	+ * @since 3.4.4
553	+ *
554	+ * @param array $shortcodes
555	+ * @param string $tag
556	+ * @param int $user_id
557	+ * @return array $shortcodes
558	+ */
559	+ function email_shortcodes( $shortcodes, $tag, $user_id ) {
560	+ global $wpmem;
561	+ if ( 'notify' == $tag ) {
562	+ $user_memberships = wpmem_get_user_memberships( $user_id );
563	+ $site_memberships = wpmem_get_memberships();
564	+ $email_memberships = ( $wpmem->email->html ) ? '<p><ul>' : "";
565	+ foreach ( $user_memberships as $meta_key => $membership ) {
566	+ $email_memberships .= ( $wpmem->email->html ) ? "<li>" . $site_memberships[ $meta_key ]['title'] . '</li>' : $site_memberships[ $meta_key ]['title'] . "\r\n";
567	+ }
568	+ $email_memberships .= ( $wpmem->email->html ) ? '</ul>' : "";
569	+
570	+ $shortcodes['memberships'] = $email_memberships;
571	+ }
572	+ return $shortcodes;
573	+ }
574	}

includes/class-wp-members-pwd-reset.php CHANGED Viewed

@@ -12,10 +12,11 @@ class WP_Members_Pwd_Reset {
+            	 *
             	 * @since 3.3.5
             	 */
-            -
            	public  $form_submitted_key_not_found;
-            -
            	public  $form_load_key_not_found;
             	public  $key_is_expired;
             	private $reset_key;
             	/**
             	 * Meta containers
@@ -33,10 +34,10 @@ class WP_Members_Pwd_Reset {
             	function __construct() {
             		$defaults = array(
-            -
            			'form_submitted_key_not_found' => __( "Sorry, no password reset key was found. Please check your email and try again.", 'wp-members' ),
-            -
            			'form_load_key_not_found'      => __( "Sorry, no password reset key was found. Please check your email and try again.", 'wp-members' ),
-            -
            			'key_is_expired'               => __( "Sorry, the password reset key is expired.", 'wp-members' ),
-            -
            			'request_new_key'              => __( "Request a new reset key.", 'wp-members' ),
             		);
             		/**
@@ -45,7 +46,7 @@ class WP_Members_Pwd_Reset {
             		 * @since 3.3.8
+            		 *
             		 * @param array $defaults {
-            -
            		 *
             		 * }
             		 */
             		$defaults = apply_filters( 'wpmem_pwd_reset_default_dialogs', $defaults );
@@ -55,79 +56,35 @@ class WP_Members_Pwd_Reset {
+            		}
             		add_filter( 'wpmem_email_filter', array( $this, 'add_reset_key_to_email' ), 10, 3 );
             		add_filter( 'the_content',        array( $this, 'display_content'        ), 100 );
+            	}
-            -
            	/**
-            -
            	 * Add reset key to the email.
-            -
            	 *
-            -
            	 * @since 3.3.5
-            -
            	 *
-            -
            	 * @param  array  $arr
-            -
            	 * @param  array  $wpmem_fields
-            -
            	 * @param  array  $field_data
-            -
            	 * @return array  $arr
-            -
            	 */
-            -
            	function add_reset_key_to_email( $arr, $wpmem_fields, $field_data ) {
-            -
-            -
            		if ( $arr['toggle'] == 'repass' ) {
-            -
-            -
            			$user = get_user_by( 'ID', $arr['user_id'] );
-            -
-            -
            			// Get the stored key.
-            -
            			$key = get_password_reset_key( $user );
-            -
            			$query_args = array(
-            -
            				'a'     => $this->form_action,
-            -
            				'key'   => $key,
-            -
            				'login' => $user->user_login,
-            -
            			);
-            -
-            -
            			// urlencode, primarily for user_login with a space.
-            -
            			$query_args = array_map( 'rawurlencode', $query_args );
-            -
-            -
            			// Generate reset link.
-            -
            			$link = add_query_arg( $query_args, trailingslashit( wpmem_profile_url() ) );
-            -
-            -
            			// Does email body have the [reset_link] shortcode?
-            -
            			if ( strpos( $arr['body'], '[reset_link]' ) ) {
-            -
            				$arr['body'] = str_replace( '[reset_link]', $link, $arr['body'] );
-            -
            			} else {
-            -
            				// Add text and link to the email body.
-            -
            				$arr['body'] = $arr['body'] . "\r\n"
-            -
            					. $link;
-            -
            			}
-            -
            		}
-            -
            		return $arr;
-            -
            	}
-            -
-            -
            	/**
-            -
            	 * Display page content to user.
-            -
            	 *
-            -
            	 * @since 3.3.5
-            -
            	 *
-            -
            	 * @param  string  $content
-            -
            	 * @return string  $content
-            -
            	 */
-            -
            	function display_content( $content ) {
-            -
             		global $wpmem;
             		if ( ! is_user_logged_in() && $this->form_action == wpmem_get( 'a', false, 'request' ) && ! is_admin() ) {
             			// Define variables
-            -
            			$result  = '';
             			$user_id = false;
             			$msg     = '';
             			$form    = '';
             			// Check for key.
-            -
            			$key        = sanitize_text_field( wpmem_get( 'key',   false, 'request' ) );
-            -
            			$user_login = sanitize_text_field( wpmem_get( 'login', false, 'request' ) );
-            -
            			$pass1      = wpmem_get( 'pass1', false );
-            -
            			$pass2      = wpmem_get( 'pass2', false );
-            -
             			// Set an error container.
             			$errors = new WP_Error();
-            -
             			/**
             			 * Validate the key.
+            			 *
@@ -144,12 +101,12 @@ class WP_Members_Pwd_Reset {
             			 * @param string The user login.
             			 * @return WP_User|WP_Error WP_User object on success, WP_Error object for invalid or expired keys (invalid_key|expired_key).
             			 */
-            -
            			$user = check_password_reset_key( $key, $user_login );
-            -
             			if ( $user->has_errors() ) {
-            -
            				$errors->add( 'user_not_found', $this->form_load_key_not_found );
+            			}
-            -
             			// Validate
             			if ( 1 == wpmem_get( 'formsubmit' ) && false !== wpmem_get( 'a', false, $this->form_action ) ) {
@@ -181,18 +138,83 @@ class WP_Members_Pwd_Reset {
             				if ( 'invalid_key' == $user->get_error_code() ) {
             					// If somehow the form was submitted but the key not found.
-            -
            					$pwd_reset_link = wpmem_profile_url( 'pwdreset' );
-            -
            					$msg = wpmem_get_display_message( 'invalid_key', $this->form_submitted_key_not_found . '<br /><a href="' . $pwd_reset_link . '">' . $this->request_new_key . '</a>' );
-            -
            					$form = '';
             				} else {
             					$form = wpmem_change_password_form();
+            				}
+            			}
-            -
            			$content = $msg . $form;
+            		}
-            -
-            -
            		return $content;
+            	}
+            }


12	*
13	* @since 3.3.5
14	*/
15	+ public $invalid_key;
16	+ public $invalid_user;
17	public $key_is_expired;
18	private $reset_key;
19	+ private $content = false;
20
21	/**
22	* Meta containers

34	function __construct() {
35
36	$defaults = array(
37	+ 'invalid_key' => __( "Invalid key." ),
38	+ 'invalid_user' => __( "Invalid user.", 'wp-members' ),
39	+ 'key_is_expired' => __( "Sorry, the password reset key is expired.", 'wp-members' ),
40	+ 'request_new_key' => __( "Request a new reset key.", 'wp-members' ),
41	);
42
43	/**

46	* @since 3.3.8
47	*
48	* @param array $defaults {
49	+ *
50	* }
51	*/
52	$defaults = apply_filters( 'wpmem_pwd_reset_default_dialogs', $defaults );

56	}
57
58	add_filter( 'wpmem_email_filter', array( $this, 'add_reset_key_to_email' ), 10, 3 );
59	+ add_action( 'template_redirect', array( $this, 'handle_reset' ), 20 );
60	add_filter( 'the_content', array( $this, 'display_content' ), 100 );
61	}
62
63	+ function handle_reset() {



















































64	global $wpmem;
65
66	if ( ! is_user_logged_in() && $this->form_action == wpmem_get( 'a', false, 'request' ) && ! is_admin() ) {
67	// Define variables
68	+ $result = false;
69	$user_id = false;
70	$msg = '';
71	$form = '';
72
73	// Check for key.
74	+ $key = sanitize_text_field( wpmem_get( 'key', false, 'request' ) );
75	+ $login = sanitize_text_field( wpmem_get( 'login', false, 'request' ) );
76	+ $pass1 = wpmem_get( 'pass1', false );
77	+ $pass2 = wpmem_get( 'pass2', false );
78	+
79	+ // Check the user. get_user_by() will return false if user_login does not exist.
80	+ $is_user = get_user_by( 'login', $login );
81	+ if ( false == $is_user ) {
82	+ $this->content = $this->error_msg( 'invalid_user', $this->invalid_user );
83	+ }
84	+
85	// Set an error container.
86	$errors = new WP_Error();
87	+
88	/**
89	* Validate the key.
90	*

101	* @param string The user login.
102	* @return WP_User\|WP_Error WP_User object on success, WP_Error object for invalid or expired keys (invalid_key\|expired_key).
103	*/
104	+ $user = check_password_reset_key( $key, $login );
105	+
106	if ( $user->has_errors() ) {
107	+ $this->content = $this->error_msg( 'invalid_key', $this->invalid_key );
108	}
109	+
110	// Validate
111	if ( 1 == wpmem_get( 'formsubmit' ) && false !== wpmem_get( 'a', false, $this->form_action ) ) {
112

138
139	if ( 'invalid_key' == $user->get_error_code() ) {
140	// If somehow the form was submitted but the key not found.
141	+ $this->content = $this->error_msg( 'invalid_key', $this->invalid_key );


142	} else {
143	$form = wpmem_change_password_form();
144	}
145
146	}
147
148	+ $this->content = $msg . $form;
149	}
150	+ }
151	+
152	+ /**
153	+ * Add reset key to the email.
154	+ *
155	+ * @since 3.3.5
156	+ *
157	+ * @param array $arr
158	+ * @param array $wpmem_fields
159	+ * @param array $field_data
160	+ * @return array $arr
161	+ */
162	+ function add_reset_key_to_email( $arr, $wpmem_fields, $field_data ) {
163	+
164	+ if ( $arr['toggle'] == 'repass' ) {
165	+
166	+ $user = get_user_by( 'ID', $arr['user_id'] );
167	+
168	+ // Get the stored key.
169	+ $key = get_password_reset_key( $user );
170	+ $query_args = array(
171	+ 'a' => $this->form_action,
172	+ 'key' => $key,
173	+ 'login' => $user->user_login,
174	+ );
175	+
176	+ // urlencode, primarily for user_login with a space.
177	+ $query_args = array_map( 'rawurlencode', $query_args );
178	+
179	+ // Generate reset link.
180	+ $link = add_query_arg( $query_args, trailingslashit( wpmem_profile_url() ) );
181	+
182	+ // Does email body have the [reset_link] shortcode?
183	+ if ( strpos( $arr['body'], '[reset_link]' ) ) {
184	+ $arr['body'] = str_replace( '[reset_link]', $link, $arr['body'] );
185	+ } else {
186	+ // Add text and link to the email body.
187	+ $arr['body'] = $arr['body'] . "\r\n"
188	+ . $link;
189	+ }
190	+ }
191	+ return $arr;
192	+ }
193	+
194	+ /**
195	+ * Display page content to user.
196	+ *
197	+ * @since 3.3.5
198	+ *
199	+ * @param string $content
200	+ * @return string $content
201	+ */
202	+ function display_content( $content ) {
203	+ return ( false != $this->content ) ? $this->content : $content;
204	+ }
205	+
206	+
207	+ function error_msg( $code, $message ) {
208	+ $error = wpmem_get_display_message( $code, $message . '<br /><a href="' . wpmem_profile_url( 'pwdreset' ) . '">' . $this->request_new_key . '</a>' );
209	+ /**
210	+ * Filters the password reset error message.
211	+ *
212	+ * @since 3.4.4
213	+ *
214	+ * @param string $error The generated HTML error message.
215	+ * @param string $code The error code generated.
216	+ * @param string $message The plain text error message.
217	+ */
218	+ return apply_filters( 'wpmem_pwd_reset_error_msg', $error, $code, $message );
219	}
220	}

includes/class-wp-members.php CHANGED Viewed

	@@ -72,7 +72,6 @@ class WP_Members {
72	*/
73	public $url;
74
75	-
76	/**
77	* Content block settings.
78	*
	@@ -526,9 +525,9 @@ class WP_Members {
526	add_filter( 'get_previous_post_where', array( $this, 'filter_get_adjacent_post_where' ) );
527	add_filter( 'get_next_post_where', array( $this, 'filter_get_adjacent_post_where' ) );
528	add_filter( 'allow_password_reset', array( $this->user, 'no_reset' ) ); // no password reset for non-activated users
529	-
530	// If registration is moderated, check for activation (blocks backend login by non-activated users).
531	- if ( $this->mod_reg ~~== 1~~ ) {
532	add_filter( 'authenticate', array( $this->user, 'check_activated' ), 99, 3 );
533	}
534


72	*/
73	public $url;
74

75	/**
76	* Content block settings.
77	*

525	add_filter( 'get_previous_post_where', array( $this, 'filter_get_adjacent_post_where' ) );
526	add_filter( 'get_next_post_where', array( $this, 'filter_get_adjacent_post_where' ) );
527	add_filter( 'allow_password_reset', array( $this->user, 'no_reset' ) ); // no password reset for non-activated users
528	+
529	// If registration is moderated, check for activation (blocks backend login by non-activated users).
530	+ if ( 1 == $this->mod_reg ) {
531	add_filter( 'authenticate', array( $this->user, 'check_activated' ), 99, 3 );
532	}
533

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: cbutlerjr
3	Tags: access, authentication, content, login, member, membership, password, protect, register, registration, restriction, subscriber
4	Requires at least: 4.0
5	Tested up to: 6.0
6	- Stable tag: 3.4.3
7
8	License: GPLv3
9
	@@ -136,6 +136,11 @@ WP-Members 3.4.3 is a minor update. WP-Members 3.4.2.1 is a bug fix release. Bac
136
137	* @todo WP-Members pluggable deprecated for use in theme functions.php (wpmem will be initialized when plugins are loaded). If you have any WP-Members pluggable functions that load in the theme functions.php, you'll need to move these to another location, such as a custom plugin file. Keep in mind, pluggable functions are no longer the preferred way of customizing (and have not been for many years) as most customizations, if not all, can be handled by using the plugin's filter and action hooks.
138





139	= 3.4.3.1 =
140
141	* Moves export class to main user object (previously loaded from admin files). @todo Export class file also remains in admin for backward compatibility if file is called directly.


3	Tags: access, authentication, content, login, member, membership, password, protect, register, registration, restriction, subscriber
4	Requires at least: 4.0
5	Tested up to: 6.0
6	+ Stable tag: 3.4.3.2
7
8	License: GPLv3
9

136
137	* @todo WP-Members pluggable deprecated for use in theme functions.php (wpmem will be initialized when plugins are loaded). If you have any WP-Members pluggable functions that load in the theme functions.php, you'll need to move these to another location, such as a custom plugin file. Keep in mind, pluggable functions are no longer the preferred way of customizing (and have not been for many years) as most customizations, if not all, can be handled by using the plugin's filter and action hooks.
138
139	+ = 3.4.3.2 =
140	+
141	+ * Add [memberships] shortcode for admin notification email; this will include a list of memberships for the user in admin notification.
142	+ * Move password reset link actions to template_redirect action. This should resolve issues that occur when multiple instances of the_content are run (i.e. the appearance of an invalid key message upon completing the password reset).
143	+
144	= 3.4.3.1 =
145
146	* Moves export class to main user object (previously loaded from admin files). @todo Export class file also remains in admin for backward compatibility if file is called directly.

wp-members.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: WP-Members
4	Plugin URI: https://rocketgeek.com
5	Description: WP access restriction and user registration. For more information on plugin features, refer to <a href="https://rocketgeek.com/plugins/wp-members/docs/">the online Users Guide</a>. A <a href="https://rocketgeek.com/plugins/wp-members/quick-start-guide/">Quick Start Guide</a> is also available. WP-Members(tm) is a trademark of butlerblog.com.
6	- Version: 3.4.3.1
7	Author: Chad Butler
8	Author URI: https://butlerblog.com/
9	Text Domain: wp-members
	@@ -58,7 +58,7 @@ if ( ! defined( 'ABSPATH' ) ) {
58	}
59
60	// Initialize constants.
61	- define( 'WPMEM_VERSION', '3.4.3.1' );
62	define( 'WPMEM_DB_VERSION', '2.3.0' );
63	define( 'WPMEM_PATH', plugin_dir_path( __FILE__ ) );
64


3	Plugin Name: WP-Members
4	Plugin URI: https://rocketgeek.com
5	Description: WP access restriction and user registration. For more information on plugin features, refer to <a href="https://rocketgeek.com/plugins/wp-members/docs/">the online Users Guide</a>. A <a href="https://rocketgeek.com/plugins/wp-members/quick-start-guide/">Quick Start Guide</a> is also available. WP-Members(tm) is a trademark of butlerblog.com.
6	+ Version: 3.4.3.2
7	Author: Chad Butler
8	Author URI: https://butlerblog.com/
9	Text Domain: wp-members

58	}
59
60	// Initialize constants.
61	+ define( 'WPMEM_VERSION', '3.4.3.2' );
62	define( 'WPMEM_DB_VERSION', '2.3.0' );
63	define( 'WPMEM_PATH', plugin_dir_path( __FILE__ ) );
64

WP-Members Membership Plugin - Version 3.4.3.2

Version Description

Release Info

Code changes from version 3.4.3.1 to 3.4.3.2