From b3247cef8de5f7ac2186afe79e750f026550e15d Mon Sep 17 00:00:00 2001 From: Sapayth Hossain Date: Thu, 21 Mar 2024 01:25:08 +0600 Subject: [PATCH 1/2] fix: conflict with WC Stripe Gateway plugin --- includes/Free/Simple_Login.php | 152 +++++++++++++++++++-------------- 1 file changed, 86 insertions(+), 66 deletions(-) diff --git a/includes/Free/Simple_Login.php b/includes/Free/Simple_Login.php index bb4270886..029f1c4e0 100644 --- a/includes/Free/Simple_Login.php +++ b/includes/Free/Simple_Login.php @@ -410,105 +410,125 @@ public function login_form() { return ob_get_clean(); } + /** + * Remove selected cookie to have consistency with the login nonce. + * fixes WooCommerce Stripe Gateway plugin conflict + * + * @since WPUF_SINCE + * + * @return void + */ + public function unset_logged_in_cookie() { + if ( isset( $_COOKIE[ LOGGED_IN_COOKIE ] ) ) { + unset( $_COOKIE[ LOGGED_IN_COOKIE ] ); + } + } + /** * Process login form * * @return void */ public function process_login() { - if ( ! empty( $_POST['wpuf_login'] ) && ! empty( $_POST['wpuf-login-nonce'] ) ) { - $creds = []; + if ( empty( $_POST['wpuf_login'] ) || empty( $_POST['wpuf-login-nonce'] ) ) { + return; + } - $nonce = sanitize_key( wp_unslash( $_POST['wpuf-login-nonce'] ) ); + // unset the specific cookie to fix WooCommerce Stripe Gateway plugin conflict + add_action( 'set_logged_in_cookie', [ $this, 'unset_logged_in_cookie' ], 11 ); - if ( isset( $nonce ) && ! wp_verify_nonce( $nonce, 'wpuf_login_action' ) ) { - $this->login_errors[] = __( 'Nonce is invalid', 'wp-user-frontend' ); + $creds = []; - return; - } + $nonce = sanitize_key( wp_unslash( $_POST['wpuf-login-nonce'] ) ); - $log = isset( $_POST['log'] ) ? esc_attr( wp_unslash( $_POST['log'] ) ) : ''; - $pwd = isset( $_POST['pwd'] ) ? trim( $_POST['pwd'] ) : ''; - // $g_recaptcha_response = isset( $_POST['g-recaptcha-response'] ) ? sanitize_text_field( wp_unslash( $_POST['g-recaptcha-response'] ) ) : ''; - - $validation_error = new WP_Error(); - $validation_error = apply_filters( 'wpuf_process_login_errors', $validation_error, $log, $pwd ); + if ( isset( $nonce ) && ! wp_verify_nonce( $nonce, 'wpuf_login_action' ) ) { + $this->login_errors[] = __( 'Nonce is invalid', 'wp-user-frontend' ); - if ( $validation_error->get_error_code() ) { - $this->login_errors[] = $validation_error->get_error_message(); + return; + } - return; - } + $log = isset( $_POST['log'] ) ? sanitize_text_field( wp_unslash( $_POST['log'] ) ) : ''; + // phpcs:ignore WordPress.Security.ValidatedSanitizedInput + $pwd = isset( $_POST['pwd'] ) ? sanitize_text_field( wp_unslash( trim( $_POST['pwd'] ) ) ) : ''; + // $g_recaptcha_response = isset( $_POST['g-recaptcha-response'] ) ? sanitize_text_field( wp_unslash( $_POST['g-recaptcha-response'] ) ) : ''; - if ( empty( $log ) ) { - $this->login_errors[] = __( 'Username is required.', 'wp-user-frontend' ); + $validation_error = new WP_Error(); + $validation_error = apply_filters( 'wpuf_process_login_errors', $validation_error, $log, $pwd ); - return; - } + if ( $validation_error->get_error_code() ) { + $this->login_errors[] = $validation_error->get_error_message(); - if ( empty( $pwd ) ) { - $this->login_errors[] = __( 'Password is required.', 'wp-user-frontend' ); + return; + } - return; - } + if ( empty( $log ) ) { + $this->login_errors[] = __( 'Username is required.', 'wp-user-frontend' ); - if ( isset( $_POST['g-recaptcha-response'] ) ) { - if ( empty( $_POST['g-recaptcha-response'] ) ) { - $this->login_errors[] = __( 'Empty reCaptcha Field', 'wp-user-frontend' ); - return; - } else { - $no_captcha = 1; - $invisible_captcha = 0; - Render_Form::init()->validate_re_captcha( $no_captcha, $invisible_captcha ); - } - } + return; + } - if ( is_email( $log ) && apply_filters( 'wpuf_get_username_from_email', true ) ) { - $user = get_user_by( 'email', $log ); + if ( empty( $pwd ) ) { + $this->login_errors[] = __( 'Password is required.', 'wp-user-frontend' ); - if ( isset( $user->user_login ) ) { - $creds['user_login'] = $user->user_login; - } else { - $this->login_errors[] = '' . __( 'Error', 'wp-user-frontend' ) . ': ' . __( 'A user could not be found with this email address.', 'wp-user-frontend' ); + return; + } - return; - } + if ( isset( $_POST['g-recaptcha-response'] ) ) { + if ( empty( $_POST['g-recaptcha-response'] ) ) { + $this->login_errors[] = __( 'Empty reCaptcha Field', 'wp-user-frontend' ); + return; } else { - $creds['user_login'] = $log; + $no_captcha = 1; + $invisible_captcha = 0; + Render_Form::init()->validate_re_captcha( $no_captcha, $invisible_captcha ); } + } - $creds['user_password'] = $pwd; - $creds['remember'] = isset( $_POST['rememberme'] ) ? sanitize_text_field( wp_unslash( $_POST['rememberme'] ) ) : ''; + if ( is_email( $log ) && apply_filters( 'wpuf_get_username_from_email', true ) ) { + $user = get_user_by( 'email', $log ); if ( isset( $user->user_login ) ) { - $validate = wp_authenticate_email_password( null, trim( $log ), $creds['user_password'] ); + $creds['user_login'] = $user->user_login; + } else { + $this->login_errors[] = '' . __( 'Error', 'wp-user-frontend' ) . ': ' . __( 'A user could not be found with this email address.', 'wp-user-frontend' ); - if ( is_wp_error( $validate ) ) { - $this->login_errors[] = $validate->get_error_message(); - return; - } + return; } + } else { + $creds['user_login'] = $log; + } - $secure_cookie = is_ssl() ? true : false; - $user = wp_signon( apply_filters( 'wpuf_login_credentials', $creds ), $secure_cookie ); + $creds['user_password'] = $pwd; + $creds['remember'] = isset( $_POST['rememberme'] ) ? sanitize_text_field( wp_unslash( $_POST['rememberme'] ) ) : ''; - //try with old implementation, which is wrong but we must support that - if ( is_wp_error( $user ) ) { - $creds['user_login'] = sanitize_text_field( wp_unslash( $_POST['log'] ) ); - $creds['user_password'] = sanitize_text_field( wp_unslash( $_POST['pwd'] ) ); + if ( isset( $user->user_login ) ) { + $validate = wp_authenticate_email_password( null, trim( $log ), $creds['user_password'] ); - $user = wp_signon( apply_filters( 'wpuf_login_credentials', $creds ), $secure_cookie ); + if ( is_wp_error( $validate ) ) { + $this->login_errors[] = $validate->get_error_message(); + return; } + } - if ( is_wp_error( $user ) ) { - $this->login_errors[] = $user->get_error_message(); + $secure_cookie = is_ssl() ? true : false; + $user = wp_signon( apply_filters( 'wpuf_login_credentials', $creds ), $secure_cookie ); - return; - } else { - $redirect = $this->login_redirect(); - wp_redirect( apply_filters( 'wpuf_login_redirect', $redirect, $user ) ); - exit; - } + //try with old implementation, which is wrong but we must support that + if ( is_wp_error( $user ) ) { + $creds['user_login'] = sanitize_text_field( wp_unslash( $_POST['log'] ) ); + $creds['user_password'] = sanitize_text_field( wp_unslash( $_POST['pwd'] ) ); + + $user = wp_signon( apply_filters( 'wpuf_login_credentials', $creds ), $secure_cookie ); + } + + if ( is_wp_error( $user ) ) { + $this->login_errors[] = $user->get_error_message(); + + return; + } else { + $redirect = $this->login_redirect(); + wp_safe_redirect( apply_filters( 'wpuf_login_redirect', $redirect, $user ) ); + exit; } } From c7d59e2c9a47203b881455e7663b43bb593644ee Mon Sep 17 00:00:00 2001 From: Sapayth Hossain Date: Tue, 23 Apr 2024 11:51:34 +0600 Subject: [PATCH 2/2] fix: if captcha turned off --- includes/Free/Simple_Login.php | 64 +++++++--------------------------- 1 file changed, 12 insertions(+), 52 deletions(-) diff --git a/includes/Free/Simple_Login.php b/includes/Free/Simple_Login.php index a5e527ed4..32ff95cc6 100644 --- a/includes/Free/Simple_Login.php +++ b/includes/Free/Simple_Login.php @@ -447,41 +447,6 @@ public function process_login() { return; } - $log = isset( $_POST['log'] ) ? sanitize_text_field( wp_unslash( $_POST['log'] ) ) : ''; - // phpcs:ignore WordPress.Security.ValidatedSanitizedInput - $pwd = isset( $_POST['pwd'] ) ? sanitize_text_field( wp_unslash( trim( $_POST['pwd'] ) ) ) : ''; - // $g_recaptcha_response = isset( $_POST['g-recaptcha-response'] ) ? sanitize_text_field( wp_unslash( $_POST['g-recaptcha-response'] ) ) : ''; - - $validation_error = new WP_Error(); - $validation_error = apply_filters( 'wpuf_process_login_errors', $validation_error, $log, $pwd ); - - if ( $validation_error->get_error_code() ) { - $this->login_errors[] = $validation_error->get_error_message(); - - return; - } - - if ( empty( $log ) ) { - $this->login_errors[] = __( 'Username is required.', 'wp-user-frontend' ); - - return; - } - - if ( empty( $pwd ) ) { - $this->login_errors[] = __( 'Password is required.', 'wp-user-frontend' ); - - return; - } - - if ( empty( $_POST['g-recaptcha-response'] ) ) { - $this->login_errors[] = __( 'Empty reCaptcha Field', 'wp-user-frontend' ); - return; - } else { - $no_captcha = 1; - $invisible_captcha = 0; - Render_Form::init()->validate_re_captcha( $no_captcha, $invisible_captcha ); - } - $log = isset( $_POST['log'] ) ? esc_attr( wp_unslash( $_POST['log'] ) ) : ''; $pwd = isset( $_POST['pwd'] ) ? trim( $_POST['pwd'] ) : ''; // $g_recaptcha_response = isset( $_POST['g-recaptcha-response'] ) ? sanitize_text_field( wp_unslash( $_POST['g-recaptcha-response'] ) ) : ''; @@ -507,6 +472,17 @@ public function process_login() { return; } + if ( isset( $_POST['g-recaptcha-response'] ) ) { + if ( empty( $_POST['g-recaptcha-response'] ) ) { + $this->login_errors[] = __( 'Empty reCaptcha Field', 'wp-user-frontend' ); + return; + } else { + $no_captcha = 1; + $invisible_captcha = 0; + Render_Form::init()->validate_re_captcha( $no_captcha, $invisible_captcha ); + } + } + if ( is_email( $log ) && apply_filters( 'wpuf_get_username_from_email', true ) ) { $user = get_user_by( 'email', $log ); @@ -528,22 +504,6 @@ public function process_login() { return; } } else { - $no_captcha = 1; - $invisible_captcha = 0; - Render_Form::init()->validate_re_captcha( $no_captcha, $invisible_captcha ); - } - - if ( is_email( $log ) && apply_filters( 'wpuf_get_username_from_email', true ) ) { - $user = get_user_by( 'email', $log ); - - if ( isset( $user->user_login ) ) { - $creds['user_login'] = $user->user_login; - } else { - $this->login_errors[] = '' . __( 'Error', 'wp-user-frontend' ) . ': ' . __( 'A user could not be found with this email address.', 'wp-user-frontend' ); - - return; - } - } else { $creds['user_login'] = $log; } @@ -965,7 +925,7 @@ public function activation_user_registration() { $pack_id = ! empty( $_GET['pack_id'] ) ? sanitize_key( wp_unslash( $_GET['pack_id'] ) ) : ''; if ( $autologin_after_registration === 'on' - && $pack_id !== null && is_integer( (int) $pack_id ) ) { + && $pack_id !== null && is_integer( (int) $pack_id ) ) { wp_set_current_user( $user_id ); wp_set_auth_cookie( $user_id ); }