View GitHub Repository geodirectory

Schedule Inspection
Subscribe
Passed
Pull Request — master (#230)
by Kiran
11:37
created
Status
Category
Toggle Patches
geodirectory-templates/login_frm.php 1 patch
Spacing   +3 added lines, -3 removed lines patch added patch discarded remove patch 
@@ -49,13 +49,13 @@
 
 block discarded – undo
49 49 
     </h4>
50 50 
     <?php
51 51 
     if (isset($_REQUEST['emsg']) && $_REQUEST['emsg'] == 'fw') {
52 
-        echo "<p class=\"error_msg\"> " . INVALID_USER_FPW_MSG . " </p>";
52 
+        echo "<p class=\"error_msg\"> ".INVALID_USER_FPW_MSG." </p>";
53 53 
     } elseif (isset($_REQUEST['logemsg']) && $_REQUEST['logemsg'] == 1) {
54 
-        echo "<p class=\"error_msg\"> " . INVALID_USER_PW_MSG . " </p>";
54 
+        echo "<p class=\"error_msg\"> ".INVALID_USER_PW_MSG." </p>";
55 55 
     }
56 56
57 57 
     if (isset($_REQUEST['checkemail']) && $_REQUEST['checkemail'] == 'confirm')
58 
-        echo '<p class="sucess_msg">' . PW_SEND_CONFIRM_MSG . '</p>';
58 
+        echo '<p class="sucess_msg">'.PW_SEND_CONFIRM_MSG.'</p>';
59 59
60 60 
     ?>
61 61 
     <form name="cus_loginform" id="cus_loginform" action="<?php echo esc_url(geodir_curPageURL()); ?>"
Please login to merge, or discard this patch.
geodirectory-functions/signup_function.php 2 patches
Indentation   +612 added lines, -612 removed lines patch added patch discarded remove patch 
@@ -17,18 +17,18 @@  discard block
 
 block discarded – undo
17 17 
  */
18 18 
 function geodir_is_login($redirect = false)
19 19 
 {
20 
-    global $current_user;
21 
-    if (!$current_user->ID) {
22 
-        if ($redirect) {
23 
-            ?>
20 
+	global $current_user;
21 
+	if (!$current_user->ID) {
22 
+		if ($redirect) {
23 
+			?>
24 24 
             <script type="text/javascript">
25 25 
                 window.location.href = '<?php echo geodir_login_url();?>';
26 26 
             </script>
27 27 
         <?php
28 
-        } else
29 
-            return false;
30 
-    } else
31 
-        return true;
28 
+		} else
29 
+			return false;
30 
+	} else
31 
+		return true;
32 32 
 }
33 33
34 34 
 /**

@@ -42,25 +42,25 @@  discard block
 
 block discarded – undo
42 42 
 {
43 43
44 44 
 // Redirect to https login if forced to use SSL
45 
-    if (force_ssl_admin() && !is_ssl()) {
46 
-        if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) {
47 
-            wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
48 
-            exit();
49 
-        } else {
50 
-            wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
51 
-            exit();
52 
-        }
53 
-    }
54 
-
55 
-    /**
56 
-     * Filter the login message.
57 
-     *
58 
-     * @since 1.0.0
59 
-     *
60 
-     * @param string $message Login message.
61 
-     */
62 
-    $message = apply_filters('login_message', $message);
63 
-    if (!empty($message)) echo $message . "\n";
45 
+	if (force_ssl_admin() && !is_ssl()) {
46 
+		if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) {
47 
+			wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
48 
+			exit();
49 
+		} else {
50 
+			wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
51 
+			exit();
52 
+		}
53 
+	}
54 
+
55 
+	/**
56 
+	 * Filter the login message.
57 
+	 *
58 
+	 * @since 1.0.0
59 
+	 *
60 
+	 * @param string $message Login message.
61 
+	 */
62 
+	$message = apply_filters('login_message', $message);
63 
+	if (!empty($message)) echo $message . "\n";
64 64
65 65 
 }
66 66 
 

@@ -73,59 +73,59 @@  discard block
 
 block discarded – undo
73 73 
  */
74 74 
 function geodir_get_site_email_id()
75 75 
 {
76 
-    if (get_option('site_email')) {
76 
+	if (get_option('site_email')) {
77 77
78 
-        return get_option('site_email');
78 
+		return get_option('site_email');
79 79
80 
-    } else {
80 
+	} else {
81 81
82 
-        return get_option('admin_email');
82 
+		return get_option('admin_email');
83 83
84 
-    }
84 
+	}
85 85
86 86 
 }
87 87
88 88
89 89 
 if (!function_exists('get_site_emailName')) {
90 
-    /**
91 
-     * Get site name for sending emails.
92 
-     *
93 
-     * @since 1.0.0
94 
-     * @package GeoDirectory
95 
-     * @return string Site name.
96 
-     */
97 
-    function get_site_emailName()
90 
+	/**
91 
+	 * Get site name for sending emails.
92 
+	 *
93 
+	 * @since 1.0.0
94 
+	 * @package GeoDirectory
95 
+	 * @return string Site name.
96 
+	 */
97 
+	function get_site_emailName()
98 98
99 
-    {
99 
+	{
100 100
101 
-        if (get_option('site_email_name')) {
101 
+		if (get_option('site_email_name')) {
102 102
103 
-            return stripslashes(get_option('site_email_name'));
103 
+			return stripslashes(get_option('site_email_name'));
104 104
105 
-        } else {
105 
+		} else {
106 106
107 
-            return stripslashes(get_option('blogname'));
107 
+			return stripslashes(get_option('blogname'));
108 108
109 
-        }
109 
+		}
110 110
111 
-    }
111 
+	}
112 112 
 }
113 113
114 114 
 if (!function_exists('is_allow_user_register')) {
115 
-    /**
116 
-     * Checks whether the site allowing user registration or not.
117 
-     *
118 
-     * @since 1.0.0
119 
-     * @package GeoDirectory
120 
-     * @return bool|string
121 
-     */
122 
-    function is_allow_user_register()
115 
+	/**
116 
+	 * Checks whether the site allowing user registration or not.
117 
+	 *
118 
+	 * @since 1.0.0
119 
+	 * @package GeoDirectory
120 
+	 * @return bool|string
121 
+	 */
122 
+	function is_allow_user_register()
123 123
124 
-    {
124 
+	{
125 125
126 
-        return get_option('users_can_register');
126 
+		return get_option('users_can_register');
127 127
128 
-    }
128 
+	}
129 129 
 }
130 130
131 131 
 /**

@@ -138,107 +138,107 @@  discard block
 
 block discarded – undo
138 138 
  */
139 139 
 function geodir_retrieve_password()
140 140 
 {
141 
-    global $wpdb;
142 
-
143 
-    $errors = new WP_Error();
144 
-    if (empty($_POST['user_login']) && empty($_POST['user_email']))
145 
-        $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.', 'geodirectory'));
146 
-
147 
-    if (strpos($_POST['user_login'], '@')) {
148 
-        //$user_data = get_user_by_email(trim($_POST['user_login']));
149 
-        $user_data = get_user_by('email', trim($_POST['user_login']));
150 
-        if (empty($user_data))
151 
-            $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.', 'geodirectory'));
152 
-    } else {
153 
-        $login = trim($_POST['user_login']);
154 
-        $user_data = get_user_by('email', $login);
155 
-    }
156 
-
157 
-    /**
158 
-     * Called in the geodir_retrieve_password() function before any errors are set or any emails are sent.
159 
-     *
160 
-     * @since 1.0.0
161 
-     */
162 
-    do_action('lostpassword_post');
163 
-
164 
-    if ($errors->get_error_code())
165 
-        return $errors;
166 
-
167 
-    if (!$user_data) {
168 
-        $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.', 'geodirectory'));
169 
-        return $errors;
170 
-    }
171 
-
172 
-    // redefining user_login ensures we return the right case in the email
173 
-    $user_login = $user_data->user_login;
174 
-    $user_email = $user_data->user_email;
175 
-
176 
-    /**
177 
-     * Called in the geodir_retrieve_password() function before any emails are sent.
178 
-     *
179 
-     * @since 1.0.0
180 
-     * @param string $user_login The users username.
181 
-     */
182 
-    do_action('retrieve_password', $user_login);
183 
-
184 
-    ////////////////////////////////////
185 
-    $user_email = isset($_POST['user_email']) ? $_POST['user_email'] : '';
186 
-    $user_login = $_POST['user_login'];
187 
-
188 
-    $user = $wpdb->get_row(
189 
-        $wpdb->prepare(
190 
-            "SELECT * FROM $wpdb->users WHERE user_login like %s or user_email like %s",
191 
-            array($user_login, $user_login)
192 
-        )
193 
-    );
194 
-
195 
-    if (empty($user))
196 
-        return new WP_Error('invalid_key', __('Invalid key', 'geodirectory'));
197 
-
198 
-    $new_pass = wp_generate_password(12, false);
199 
-
200 
-    /**
201 
-     * Called in the geodir_retrieve_password() function before any emails are sent.
202 
-     *
203 
-     * @since 1.0.0
204 
-     * @param object $user The user object.
205 
-     * @param string $new_pass The new pass being sent to the user.
206 
-     */
207 
-    do_action('password_reset', $user, $new_pass);
208 
-
209 
-    wp_set_password($new_pass, $user->ID);
210 
-    update_user_meta($user->ID, 'default_password_nag', true); //Set up the Password change nag.
211 
-    $message = '<p><b>' . __('Your login Information :', 'geodirectory') . '</b></p>';
212 
-    $message .= '<p>' . sprintf(__('Username: %s', 'geodirectory'), $user->user_login) . "</p>";
213 
-    $message .= '<p>' . sprintf(__('Password: %s', 'geodirectory'), $new_pass) . "</p>";
214 
-    //$message .= '<p>You can login to : <a href="'.home_url().'/?ptype=login' . "\">Login</a> or the URL is :  ".home_url()."/?ptype=login</p>";
215 
-    //$message .= '<p>Thank You,<br> '.get_option('blogname').'</p>';
216 
-    $user_email = $user_data->user_email;
217 
-    $user_name = geodir_get_client_name($user->ID);
218 
-    $fromEmail = geodir_get_site_email_id();
219 
-    $fromEmailName = get_site_emailName();
220 
-    $title = sprintf(__('[%s] Your new password', 'geodirectory'), get_option('blogname'));
221 
-    /**
222 
-     * Filter the password reset email subject part.
223 
-     *
224 
-     * @since 1.0.0
225 
-     *
226 
-     * @param string $title Password reset email subject.
227 
-     */
228 
-    $title = apply_filters('password_reset_title', $title);
229 
-    /**
230 
-     * Filter the password reset email message part.
231 
-     *
232 
-     * @since 1.0.0
233 
-     *
234 
-     * @param string $message Password reset email message.
235 
-     * @param string $new_pass The new password string.
236 
-     */
237 
-    $message = apply_filters('password_reset_message', $message, $new_pass);
238 
-    //geodir_sendEmail($fromEmail,$fromEmailName,$user_email,$user_name,$title,$message,$extra='');///forgot password email
239 
-    geodir_sendEmail($fromEmail, $fromEmailName, $user_email, $user_name, $title, $message, $extra = '', 'forgot_password', $post_id = '', $user->ID);///forgot password email
240 
-
241 
-    return true;
141 
+	global $wpdb;
142 
+
143 
+	$errors = new WP_Error();
144 
+	if (empty($_POST['user_login']) && empty($_POST['user_email']))
145 
+		$errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.', 'geodirectory'));
146 
+
147 
+	if (strpos($_POST['user_login'], '@')) {
148 
+		//$user_data = get_user_by_email(trim($_POST['user_login']));
149 
+		$user_data = get_user_by('email', trim($_POST['user_login']));
150 
+		if (empty($user_data))
151 
+			$errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.', 'geodirectory'));
152 
+	} else {
153 
+		$login = trim($_POST['user_login']);
154 
+		$user_data = get_user_by('email', $login);
155 
+	}
156 
+
157 
+	/**
158 
+	 * Called in the geodir_retrieve_password() function before any errors are set or any emails are sent.
159 
+	 *
160 
+	 * @since 1.0.0
161 
+	 */
162 
+	do_action('lostpassword_post');
163 
+
164 
+	if ($errors->get_error_code())
165 
+		return $errors;
166 
+
167 
+	if (!$user_data) {
168 
+		$errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.', 'geodirectory'));
169 
+		return $errors;
170 
+	}
171 
+
172 
+	// redefining user_login ensures we return the right case in the email
173 
+	$user_login = $user_data->user_login;
174 
+	$user_email = $user_data->user_email;
175 
+
176 
+	/**
177 
+	 * Called in the geodir_retrieve_password() function before any emails are sent.
178 
+	 *
179 
+	 * @since 1.0.0
180 
+	 * @param string $user_login The users username.
181 
+	 */
182 
+	do_action('retrieve_password', $user_login);
183 
+
184 
+	////////////////////////////////////
185 
+	$user_email = isset($_POST['user_email']) ? $_POST['user_email'] : '';
186 
+	$user_login = $_POST['user_login'];
187 
+
188 
+	$user = $wpdb->get_row(
189 
+		$wpdb->prepare(
190 
+			"SELECT * FROM $wpdb->users WHERE user_login like %s or user_email like %s",
191 
+			array($user_login, $user_login)
192 
+		)
193 
+	);
194 
+
195 
+	if (empty($user))
196 
+		return new WP_Error('invalid_key', __('Invalid key', 'geodirectory'));
197 
+
198 
+	$new_pass = wp_generate_password(12, false);
199 
+
200 
+	/**
201 
+	 * Called in the geodir_retrieve_password() function before any emails are sent.
202 
+	 *
203 
+	 * @since 1.0.0
204 
+	 * @param object $user The user object.
205 
+	 * @param string $new_pass The new pass being sent to the user.
206 
+	 */
207 
+	do_action('password_reset', $user, $new_pass);
208 
+
209 
+	wp_set_password($new_pass, $user->ID);
210 
+	update_user_meta($user->ID, 'default_password_nag', true); //Set up the Password change nag.
211 
+	$message = '<p><b>' . __('Your login Information :', 'geodirectory') . '</b></p>';
212 
+	$message .= '<p>' . sprintf(__('Username: %s', 'geodirectory'), $user->user_login) . "</p>";
213 
+	$message .= '<p>' . sprintf(__('Password: %s', 'geodirectory'), $new_pass) . "</p>";
214 
+	//$message .= '<p>You can login to : <a href="'.home_url().'/?ptype=login' . "\">Login</a> or the URL is :  ".home_url()."/?ptype=login</p>";
215 
+	//$message .= '<p>Thank You,<br> '.get_option('blogname').'</p>';
216 
+	$user_email = $user_data->user_email;
217 
+	$user_name = geodir_get_client_name($user->ID);
218 
+	$fromEmail = geodir_get_site_email_id();
219 
+	$fromEmailName = get_site_emailName();
220 
+	$title = sprintf(__('[%s] Your new password', 'geodirectory'), get_option('blogname'));
221 
+	/**
222 
+	 * Filter the password reset email subject part.
223 
+	 *
224 
+	 * @since 1.0.0
225 
+	 *
226 
+	 * @param string $title Password reset email subject.
227 
+	 */
228 
+	$title = apply_filters('password_reset_title', $title);
229 
+	/**
230 
+	 * Filter the password reset email message part.
231 
+	 *
232 
+	 * @since 1.0.0
233 
+	 *
234 
+	 * @param string $message Password reset email message.
235 
+	 * @param string $new_pass The new password string.
236 
+	 */
237 
+	$message = apply_filters('password_reset_message', $message, $new_pass);
238 
+	//geodir_sendEmail($fromEmail,$fromEmailName,$user_email,$user_name,$title,$message,$extra='');///forgot password email
239 
+	geodir_sendEmail($fromEmail, $fromEmailName, $user_email, $user_name, $title, $message, $extra = '', 'forgot_password', $post_id = '', $user->ID);///forgot password email
240 
+
241 
+	return true;
242 242 
 }
243 243
244 244 
 /**

@@ -253,80 +253,80 @@  discard block
 
 block discarded – undo
253 253 
  */
254 254 
 function geodir_register_new_user($user_login, $user_email)
255 255 
 {
256 
-    global $wpdb;
257 
-    $errors = new WP_Error();
258 
-
259 
-
260 
-    $user_login = sanitize_user($user_login);
261 
-    $user_login = str_replace(",", "", $user_login);
262 
-    $user_email = str_replace(",", "", $user_email);
263 
-    /**
264 
-     * Filter the user registration email.
265 
-     *
266 
-     * @since 1.0.0
267 
-     *
268 
-     * @param string $user_email User registration email.
269 
-     */
270 
-    $user_email = apply_filters('user_registration_email', $user_email);
271 
-
272 
-
273 
-    if (get_option('geodir_allow_cpass')) {
274 
-        $user_pass = $_REQUEST['user_pass'];
275 
-        $user_pass2 = $_REQUEST['user_pass2'];
276 
-        // Check the password
277 
-        if ($user_pass != $user_pass2) {
278 
-            $errors->add('pass_match', __('ERROR: Passwords do not match.', 'geodirectory'));
279 
-        } elseif (strlen($user_pass) < 7) {
280 
-            $errors->add('pass_match', __('ERROR: Password must be 7 characters or more.', 'geodirectory'));
281 
-        }
282 
-    }
283 
-
284 
-    // Check the username
285 
-    if ($user_login == '')
286 
-        $errors->add('empty_username', __('ERROR: Please enter a username.', 'geodirectory'));
287 
-    elseif (!validate_username($user_login)) {
288 
-        $errors->add('invalid_username', __('<strong>ERROR</strong>: This username is invalid.  Please enter a valid username.', 'geodirectory'));
289 
-        $user_login = '';
290 
-    } elseif (username_exists($user_login))
291 
-        $errors->add('username_exists', __('<strong>ERROR</strong>: This username is already registered, please choose another one.', 'geodirectory'));
292 
-
293 
-    // Check the e-mail address
294 
-    if ($user_email == '') {
295 
-        $errors->add('empty_email', __('<strong>ERROR</strong>: Please type your e-mail address.', 'geodirectory'));
296 
-    } elseif (!is_email($user_email)) {
297 
-        $errors->add('invalid_email', __('<strong>ERROR</strong>: The email address isn&#8217;t correct.', 'geodirectory'));
298 
-        $user_email = '';
299 
-    } elseif (email_exists($user_email))
300 
-        $errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.', 'geodirectory'));
301 
-
302 
-    /**
303 
-     * Called when registering a new user.
304 
-     *
305 
-     * This is a WordPress core hook.
306 
-     *
307 
-     * @link https://codex.wordpress.org/Plugin_API/Action_Reference/register_post
308 
-     * @since 1.0.0
309 
-     */
310 
-    do_action('register_post', $user_login, $user_email, $errors);
311 
-    /**
312 
-     * Filter the registration error messages.
313 
-     *
314 
-     * @since 1.0.0
315 
-     *
316 
-     * @param object $errors Registration error messages.
317 
-     */
318 
-    $errors = apply_filters('registration_errors', $errors);
319 
-
320 
-    if ($errors->get_error_code())
321 
-        return $errors;
322 
-
323 
-
324 
-    if (!isset($user_pass) || $user_pass == '') {
325 
-        $user_pass = wp_generate_password(12, false);
326 
-    }
327 
-    $user_id = wp_create_user($user_login, $user_pass, $user_email);
328 
-    $user_web = '';
329 
-    /*$user_add1 = $_POST['user_add1'];
256 
+	global $wpdb;
257 
+	$errors = new WP_Error();
258 
+
259 
+
260 
+	$user_login = sanitize_user($user_login);
261 
+	$user_login = str_replace(",", "", $user_login);
262 
+	$user_email = str_replace(",", "", $user_email);
263 
+	/**
264 
+	 * Filter the user registration email.
265 
+	 *
266 
+	 * @since 1.0.0
267 
+	 *
268 
+	 * @param string $user_email User registration email.
269 
+	 */
270 
+	$user_email = apply_filters('user_registration_email', $user_email);
271 
+
272 
+
273 
+	if (get_option('geodir_allow_cpass')) {
274 
+		$user_pass = $_REQUEST['user_pass'];
275 
+		$user_pass2 = $_REQUEST['user_pass2'];
276 
+		// Check the password
277 
+		if ($user_pass != $user_pass2) {
278 
+			$errors->add('pass_match', __('ERROR: Passwords do not match.', 'geodirectory'));
279 
+		} elseif (strlen($user_pass) < 7) {
280 
+			$errors->add('pass_match', __('ERROR: Password must be 7 characters or more.', 'geodirectory'));
281 
+		}
282 
+	}
283 
+
284 
+	// Check the username
285 
+	if ($user_login == '')
286 
+		$errors->add('empty_username', __('ERROR: Please enter a username.', 'geodirectory'));
287 
+	elseif (!validate_username($user_login)) {
288 
+		$errors->add('invalid_username', __('<strong>ERROR</strong>: This username is invalid.  Please enter a valid username.', 'geodirectory'));
289 
+		$user_login = '';
290 
+	} elseif (username_exists($user_login))
291 
+		$errors->add('username_exists', __('<strong>ERROR</strong>: This username is already registered, please choose another one.', 'geodirectory'));
292 
+
293 
+	// Check the e-mail address
294 
+	if ($user_email == '') {
295 
+		$errors->add('empty_email', __('<strong>ERROR</strong>: Please type your e-mail address.', 'geodirectory'));
296 
+	} elseif (!is_email($user_email)) {
297 
+		$errors->add('invalid_email', __('<strong>ERROR</strong>: The email address isn&#8217;t correct.', 'geodirectory'));
298 
+		$user_email = '';
299 
+	} elseif (email_exists($user_email))
300 
+		$errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.', 'geodirectory'));
301 
+
302 
+	/**
303 
+	 * Called when registering a new user.
304 
+	 *
305 
+	 * This is a WordPress core hook.
306 
+	 *
307 
+	 * @link https://codex.wordpress.org/Plugin_API/Action_Reference/register_post
308 
+	 * @since 1.0.0
309 
+	 */
310 
+	do_action('register_post', $user_login, $user_email, $errors);
311 
+	/**
312 
+	 * Filter the registration error messages.
313 
+	 *
314 
+	 * @since 1.0.0
315 
+	 *
316 
+	 * @param object $errors Registration error messages.
317 
+	 */
318 
+	$errors = apply_filters('registration_errors', $errors);
319 
+
320 
+	if ($errors->get_error_code())
321 
+		return $errors;
322 
+
323 
+
324 
+	if (!isset($user_pass) || $user_pass == '') {
325 
+		$user_pass = wp_generate_password(12, false);
326 
+	}
327 
+	$user_id = wp_create_user($user_login, $user_pass, $user_email);
328 
+	$user_web = '';
329 
+	/*$user_add1 = $_POST['user_add1'];
330 330 
     $user_add2 = $_POST['user_add2'];
331 331 
     $user_city = $_POST['user_city'];
332 332 
     $user_state = $_POST['user_state'];

@@ -335,77 +335,77 @@  discard block
 
 block discarded – undo
335 335 
     $user_web = $_POST['user_web'];
336 336 
     $user_phone = $_POST['user_phone'];
337 337 
     $user_twitter = $_POST['user_twitter'];	*/
338 
-    $user_fname = sanitize_user($_POST['user_fname']);
339 
-    $user_fname = str_replace(",", "", $user_fname);
340 
-
341 
-    /**
342 
-     * Filter the submitted user meta.
343 
-     *
344 
-     * @since 1.0.0
345 
-     *
346 
-     * @param int $user_id User ID.
347 
-     */
348 
-    $user_address_info = apply_filters('geodir_manage_user_meta', array(
349 
-        "user_add1" => '',
350 
-        "user_add2" => '',
351 
-        "user_city" => '',
352 
-        "user_state" => '',
353 
-        "user_country" => '',
354 
-        "user_postalcode" => '',
355 
-        "user_phone" => '',
356 
-        "user_twitter" => '',
357 
-        "first_name" => $user_fname,
358 
-        "last_name" => '',
359 
-    ), $user_id);
360 
-    foreach ($user_address_info as $key => $val) {
361 
-        update_user_meta($user_id, $key, $val); // User Address Information Here
362 
-    }
363 
-    //update_user_meta($user_id, 'user_address_info', ($user_address_info)); // User Address Information Here
364 
-    $userName = $user_fname;
365 
-    update_user_meta($user_id, 'first_name', $userName); // User Address Information Here
366 
-    //update_user_meta($user_id, 'last_name', $_POST['user_lname']); // User Address Information Here
367 
-
368 
-    // Changed by vikas sharma to enable all type of characters in author permalink...
369 
-    $user_nicename = sanitize_title($userName);
370 
-
371 
-    $updateUsersql = $wpdb->prepare("update $wpdb->users set user_url=%s, user_nicename=%s, display_name=%s  where ID=%d", array($user_web, $user_nicename, $userName, $user_id));
372 
-
373 
-    $wpdb->query($updateUsersql);
374 
-
375 
-    if (!$user_id) {
376 
-        $errors->add('registerfail', sprintf(__('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !', 'geodirectory'), get_option('admin_email')));
377 
-        return $errors;
378 
-    }
379 
-    global $upload_folder_path;
380 
-
381 
-    if ($user_id) {
382 
-
383 
-        /**
384 
-         * Called after registering a user and before the registration email is sent.
385 
-         *
386 
-         * @since 1.0.0
387 
-         * @param int $user_id The user ID of the registered user.
388 
-         */
389 
-        do_action('geodir_user_register', $user_id);
390 
-        ///////REGISTRATION EMAIL START//////
391 
-        $fromEmail = geodir_get_site_email_id();
392 
-        $fromEmailName = get_site_emailName();
393 
-        $message = __('<p><b>' . __('Your login Information :', 'geodirectory') . '</b></p>
338 
+	$user_fname = sanitize_user($_POST['user_fname']);
339 
+	$user_fname = str_replace(",", "", $user_fname);
340 
+
341 
+	/**
342 
+	 * Filter the submitted user meta.
343 
+	 *
344 
+	 * @since 1.0.0
345 
+	 *
346 
+	 * @param int $user_id User ID.
347 
+	 */
348 
+	$user_address_info = apply_filters('geodir_manage_user_meta', array(
349 
+		"user_add1" => '',
350 
+		"user_add2" => '',
351 
+		"user_city" => '',
352 
+		"user_state" => '',
353 
+		"user_country" => '',
354 
+		"user_postalcode" => '',
355 
+		"user_phone" => '',
356 
+		"user_twitter" => '',
357 
+		"first_name" => $user_fname,
358 
+		"last_name" => '',
359 
+	), $user_id);
360 
+	foreach ($user_address_info as $key => $val) {
361 
+		update_user_meta($user_id, $key, $val); // User Address Information Here
362 
+	}
363 
+	//update_user_meta($user_id, 'user_address_info', ($user_address_info)); // User Address Information Here
364 
+	$userName = $user_fname;
365 
+	update_user_meta($user_id, 'first_name', $userName); // User Address Information Here
366 
+	//update_user_meta($user_id, 'last_name', $_POST['user_lname']); // User Address Information Here
367 
+
368 
+	// Changed by vikas sharma to enable all type of characters in author permalink...
369 
+	$user_nicename = sanitize_title($userName);
370 
+
371 
+	$updateUsersql = $wpdb->prepare("update $wpdb->users set user_url=%s, user_nicename=%s, display_name=%s  where ID=%d", array($user_web, $user_nicename, $userName, $user_id));
372 
+
373 
+	$wpdb->query($updateUsersql);
374 
+
375 
+	if (!$user_id) {
376 
+		$errors->add('registerfail', sprintf(__('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !', 'geodirectory'), get_option('admin_email')));
377 
+		return $errors;
378 
+	}
379 
+	global $upload_folder_path;
380 
+
381 
+	if ($user_id) {
382 
+
383 
+		/**
384 
+		 * Called after registering a user and before the registration email is sent.
385 
+		 *
386 
+		 * @since 1.0.0
387 
+		 * @param int $user_id The user ID of the registered user.
388 
+		 */
389 
+		do_action('geodir_user_register', $user_id);
390 
+		///////REGISTRATION EMAIL START//////
391 
+		$fromEmail = geodir_get_site_email_id();
392 
+		$fromEmailName = get_site_emailName();
393 
+		$message = __('<p><b>' . __('Your login Information :', 'geodirectory') . '</b></p>
394 394 
 <p>' . __('Username:', 'geodirectory') . ' ' . $user_login . '</p>
395 395 
 <p>' . __('Password:', 'geodirectory') . ' ' . $user_pass . '</p>');
396 396
397 
-        /////////////customer email//////////////
398 
-        //geodir_sendEmail($fromEmail,$fromEmailName,$user_email,$userName,$subject,$client_message,$extra='');///To client email
399 
-        geodir_sendEmail($fromEmail, $fromEmailName, $user_email, $userName, '', $message, '', 'registration', '', $user_id);/// registration email
400 
-        //////REGISTRATION EMAIL END////////
401 
-    }
397 
+		/////////////customer email//////////////
398 
+		//geodir_sendEmail($fromEmail,$fromEmailName,$user_email,$userName,$subject,$client_message,$extra='');///To client email
399 
+		geodir_sendEmail($fromEmail, $fromEmailName, $user_email, $userName, '', $message, '', 'registration', '', $user_id);/// registration email
400 
+		//////REGISTRATION EMAIL END////////
401 
+	}
402 402
403 
-    if (get_option('ptthemes_auto_login')) {
404 
-        $errors->add('auto_login', __('<strong>SUCCESS</strong>: Thank you for registering, please check your email for your login details.', 'geodirectory'));
405 
-        return $errors;
406 
-    }
403 
+	if (get_option('ptthemes_auto_login')) {
404 
+		$errors->add('auto_login', __('<strong>SUCCESS</strong>: Thank you for registering, please check your email for your login details.', 'geodirectory'));
405 
+		return $errors;
406 
+	}
407 407
408 
-    return array($user_id, $user_pass);
408 
+	return array($user_id, $user_pass);
409 409 
 }
410 410
411 411 
 /**

@@ -418,317 +418,317 @@  discard block
 
 block discarded – undo
418 418 
  */
419 419 
 function geodir_user_signup()
420 420 
 {
421 
-    global $errors;
422 
-    $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login';
423 
-
424 
-    $errors = new WP_Error();
425 
-
426 
-    if (isset($_GET['key']))
427 
-        $action = 'resetpass';
428 
-
429 
-    // validate action so as to default to the login screen
430 
-    if (!in_array($action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login')) && false === has_filter('login_form_' . $action))
431 
-        $action = 'login';
432 
-
433 
-    nocache_headers();
434 
-
435 
-    if (defined('RELOCATE')) { // Move flag is set
436 
-        if (isset($_SERVER['PATH_INFO']) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']))
437 
-            $_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF']);
438 
-
439 
-        $schema = (isset($_SERVER['HTTPS']) && geodir_strtolower($_SERVER['HTTPS']) == 'on') ? 'https://' : 'http://';
440 
-        if (dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != home_url())
441 
-            update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']));
442 
-    }
443 
-
444 
-    //Set a cookie now to see if they are supported by the browser.
445 
-    //setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
446 
-    if (SITECOOKIEPATH != COOKIEPATH)
447 
-        setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
448 
-
449 
-    /**
450 
-     * Allow plugins to override the default actions, and to add extra actions if they want on the register/signin page.
451 
-     *
452 
-     * Used dynamic hook login_form_$action
453 
-     *
454 
-     * @since 1.0.0
455 
-     */
456 
-    do_action('login_form_' . $action);
457 
-
458 
-    $http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
459 
-
460 
-    switch ($action):
461 
-
462 
-        case 'logout' :
463 
-            //check_admin_referer('log-out');
464 
-            wp_logout();
465 
-
466 
-            $redirect_to = $_SERVER['HTTP_REFERER'];
467 
-            //$redirect_to = home_url().'/?ptype=login&loggedout=true';
468 
-            if (isset($_REQUEST['redirect_to']))
469 
-                $redirect_to = $_REQUEST['redirect_to'];
470 
-            $redirect_to = home_url();
471 
-            wp_safe_redirect($redirect_to);
472 
-            exit();
473 
-
474 
-            break;
475 
-
476 
-        case 'lostpassword' :
477 
-        case 'retrievepassword' :
478 
-            if ($http_post) {
479 
-                $errors = geodir_retrieve_password();
480 
-                $error_message = isset($errors->errors['invalid_email'][0]) ? $errors->errors['invalid_email'][0] : '';
481 
-                if (!is_wp_error($errors)) {
482 
-                    wp_redirect(geodir_login_url(array('checkemail'=>'confirm')));
483 
-                    gd_die();
484 
-                } else {
485 
-                    wp_redirect(geodir_login_url(array('forgot' => 1, 'emsg'=>'fw')));
486 
-                    gd_die();
487 
-                }
488 
-            }
489 
-            if (isset($_GET['error']) && 'invalidkey' == $_GET['error']) $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.', 'geodirectory'));
490 
-        /**
491 
-         * Called in the geodir_user_signup() function during the lostpassword case.
492 
-         *
493 
-         * @since 1.0.0
494 
-         */
495 
-        do_action('lost_password');
496 
-            $message = '<div class="sucess_msg">' . ENTER_USER_EMAIL_NEW_PW_MSG . '</div>';
497 
-            $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : '';
498 
-
499 
-            break;
500 
-
501 
-        case 'resetpass' :
502 
-        case 'rp' :
503 
-            $errors = reset_password($_GET['key'], $_GET['login']);
504 
-
505 
-            if (!is_wp_error($errors)) {
506 
-                wp_redirect(geodir_login_url(array('checkemail'=>'newpass')));
507 
-                exit();
508 
-            }
509 
-
510 
-            wp_redirect(geodir_login_url(array('error'=>'invalidkey','action'=>'lostpassword')));
511 
-            exit();
512 
-
513 
-            break;
514 
-
515 
-        case 'register' :
516 
-            ############################### fix by Stiofan -  HebTech.co.uk ### SECURITY FIX ##############################
517 
-            if (!get_option('users_can_register')) {
518 
-                wp_redirect(geodir_login_url(array('emsg'=>'regnewusr')));
519 
-                exit();
520 
-            }
521 
-            ############################### fix by Stiofan -  HebTech.co.uk ### SECURITY FIX ##############################
522 
-            global $user_email, $user_fname;
523 
-            $user_login = '';
524 
-            $user_email = '';
525 
-            if ($http_post) {
526 
-                $user_login = $_POST['user_email'];
527 
-                $user_email = $_POST['user_email'];
528 
-                $user_fname = $_POST['user_fname'];
529 
-
530 
-                $errors = geodir_register_new_user($user_login, $user_email);
531 
-
532 
-                /* display error in registration form */
533 
-                if (is_wp_error($errors)) {
534 
-                    $error_code = $errors->get_error_code();
535 
-                    $error_message = $errors->get_error_message($error_code);
536 
-                    if (!isset($_POST['user_login']) && ($error_code == 'empty_username' || $error_code == 'invalid_username' || $error_code == 'username_exists')) {
537 
-                        if ($error_code == 'empty_username') {
538 
-                            $error_code = 'empty_email';
539 
-                        } else if ($error_code == 'invalid_username') {
540 
-                            $error_code = 'invalid_email';
541 
-                        } else if ($error_code == 'username_exists') {
542 
-                            $error_code = 'email_exists';
543 
-                        }
544 
-
545 
-                        $error_message = $errors->get_error_message($error_code);
546 
-                    }
547 
-                    global $geodir_signup_error;
548 
-                    $geodir_signup_error = $error_message;
549 
-                }
550 
-
551 
-                if (!is_wp_error($errors)) {
552 
-                    $_POST['log'] = $user_login;
553 
-                    $_POST['pwd'] = $errors[1];
554 
-                    $_POST['testcookie'] = 1;
555 
-
556 
-                    $secure_cookie = '';
557 
-                    // If the user wants ssl but the session is not ssl, force a secure cookie.
558 
-                    if (!empty($_POST['log'])) {
559 
-                        $user_name = sanitize_user($_POST['log']);
560 
-                        if ($user = get_user_by('email', $user_name)) {
561 
-                            if (get_user_option('use_ssl', $user->ID)) {
562 
-                                $secure_cookie = true;
563 
-                                force_ssl_admin(true);
564 
-                            }
565 
-                        }
566 
-                    }
567 
-
568 
-                    $redirect_to = $_REQUEST['redirect_to'];
569 
-
570 
-                    if (!isset($_REQUEST['redirect_to']) || $_REQUEST['redirect_to'] == '') {
571 
-                        if (isset($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], home_url())) {
572 
-                            $redirect_to = $_SERVER['HTTP_REFERER'];
573 
-                        } else {
574 
-                            $redirect_to = home_url();
575 
-                        }
576 
-
577 
-                    }
578 
-
579 
-                    if (isset($_REQUEST['redirect_add_listing']) && $_REQUEST['redirect_add_listing'] != '') {
580 
-
581 
-                        $redirect_to = $_REQUEST['redirect_add_listing'];
582 
-                    }
583 
-
584 
-
585 
-                    if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && (0 !== strpos($redirect_to, 'https')) && (0 === strpos($redirect_to, 'http')))
586 
-                        $secure_cookie = false;
587 
-
588 
-                    $user = wp_signon('', $secure_cookie);
589 
-
590 
-                    $requested_redirect_to = isset($_REQUEST['redirect_add_listing']) && $_REQUEST['redirect_add_listing'] != '' ? $_REQUEST['redirect_add_listing'] : (isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '');
591 
-                    /**
592 
-                     * Filter the login redirect URL.
593 
-                     *
594 
-                     * @since 1.4.9
595 
-                     * @param string $redirect_to The redirect destination URL.
596 
-                     * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
597 
-                     * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise.
598 
-                     */
599 
-                    $redirect_to = apply_filters('login_redirect', $redirect_to, $requested_redirect_to, $user);
600 
-
601 
-
602 
-                    if (!is_wp_error($user)) {
603 
-                        wp_safe_redirect($redirect_to);
604 
-                        exit();
605 
-                    }
606 
-                    exit();
607 
-                }
608 
-            }
609 
-
610 
-            break;
611 
-
612 
-        case 'login' :
613 
-        default:
614 
-            $secure_cookie = '';
615 
-
616 
-            if (!empty($_POST['log'])) {
617 
-                $user_name = sanitize_user($_POST['log']);
618 
-                if ($user = get_user_by('login', $user_name)) {
619 
-
620 
-                    if (get_user_option('use_ssl', $user->ID)) {
621 
-                        $secure_cookie = true;
622 
-                        force_ssl_admin(true);
623 
-                    }
624 
-                } elseif ($user = get_user_by('email', $user_name)) {
625 
-                    $_POST['log'] = $user->user_login; // If signing in by email, set the username for normal WP login
626 
-                    if (get_user_option('use_ssl', $user->ID)) {
627 
-                        $secure_cookie = true;
628 
-                        force_ssl_admin(true);
629 
-                    }
630 
-                }
631 
-            }
632 
-            ///////////////////////////
633 
-            if (isset($_REQUEST['redirect_add_listing'])) {
634 
-                $_REQUEST['redirect_to'] = $_REQUEST['redirect_add_listing'];
635 
-            }
636 
-
637 
-
638 
-            if (!isset($_REQUEST['redirect_to']) || $_REQUEST['redirect_to'] == '') {
639 
-                if (is_user_logged_in()) :
640 
-                    $user_ID = isset($user->ID) ? $user->ID : '';
641 
-                    $author_link = get_author_posts_url($user_ID);
642 
-                    $default_author_link = geodir_getlink($author_link, array('geodir_dashbord' => 'true', 'stype' => 'gd_place'), false);
643 
-
644 
-                    /**
645 
-                     * Filter the author link.
646 
-                     *
647 
-                     * @since 1.0.0
648 
-                     *
649 
-                     * @param string $default_author_link Default author link.
650 
-                     * @param int $user_ID The user ID.
651 
-                     */
652 
-                    $default_author_link = apply_filters('geodir_dashboard_author_link', $default_author_link, $user_ID);
653 
-
654 
-                    $_REQUEST['redirect_to'] = $default_author_link;
655 
-                else:
656 
-                    $_REQUEST['redirect_to'] = home_url();
657 
-                endif;
658 
-
659 
-            }
660 
-            if (isset($_REQUEST['redirect_to'])) {
661 
-                $redirect_to = $_REQUEST['redirect_to'];
662 
-                // Redirect to https if user wants ssl
663 
-                if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin'))
664 
-                    $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
665 
-            } else {
666 
-                $redirect_to = admin_url();
667 
-            }
668 
-
669 
-            if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && (0 !== strpos($redirect_to, 'https')) && (0 === strpos($redirect_to, 'http')))
670 
-                $secure_cookie = false;
671 
-            $user = wp_signon('', $secure_cookie);
672 
-
673 
-
674 
-            /**
675 
-             * Filter the login redirect URL.
676 
-             *
677 
-             * @since 1.4.9
678 
-             * @param string $redirect_to The redirect destination URL.
679 
-             * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise.
680 
-             */
681 
-            $redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
682 
-
683 
-            if (is_wp_error($user)) {
684 
-                if (isset($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], 'ptype=property_submit') && $_POST['log'] != '' && $_POST['pwd'] != '') {
685 
-                    wp_redirect($_SERVER['HTTP_REFERER'] . '&emsg=1');
686 
-                }
687 
-            }
688 
-            if (!is_wp_error($user)) {
689 
-
690 
-                // Some servers are not logging the user in properly after wp_signon, se we set the user here.
691 
-                //wp_set_current_user($user->ID);
692 
-                //echo '###';exit;
693 
-
694 
-                if ($redirect_to) {
695 
-                    wp_redirect($redirect_to);
696 
-                } else {
697 
-                    wp_redirect(home_url());
698 
-                }
699 
-                gd_die();
700 
-            }
701 
-
702 
-            $errors = $user;
703 
-
704 
-            // Clear errors if loggedout is set.
705 
-            if (!empty($_GET['loggedout']))
706 
-                $errors = new WP_Error();
707 
-            // If cookies are disabled we can't log in even with a valid user+pass
708 
-            if (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]))
709 
-                $errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress.", 'geodirectory'));
710 
-
711 
-            // Some parts of this script use the main login form to display a message
712 
-            if (isset($_GET['loggedout']) && TRUE == $_GET['loggedout']) {
713 
-                $successmsg = '<div class="sucess_msg">' . YOU_ARE_LOGED_OUT_MSG . '</div>';
714 
-            } elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
715 
-                $successmsg = USER_REG_NOT_ALLOW_MSG;
716 
-            } elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
717 
-                $successmsg = EMAIL_CONFIRM_LINK_MSG;
718 
-            } elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail']) {
719 
-                $successmsg = NEW_PW_EMAIL_MSG;
720 
-            } elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
721 
-                $successmsg = REG_COMPLETE_MSG;
722 
-            }
723 
-
724 
-            if ((isset($_POST['log']) && $_POST['log'] != '' && $errors) || ((!isset($_POST['log']) || $_POST['log'] == '') && isset($_REQUEST['testcookie']) && $_REQUEST['testcookie'])) {
725 
-                if (isset($_REQUEST['pagetype']) && $_REQUEST['pagetype'] != '') {
726 
-                    wp_redirect($_REQUEST['pagetype'] . '&emsg=1');
727 
-                } else {
728 
-                    wp_redirect(geodir_login_url(array('logemsg'=>'1','redirect_to'=>urlencode($_REQUEST['redirect_to']))));
729 
-                }
730 
-                gd_die();
731 
-            }
732 
-            break;
733 
-    endswitch; // end action switch
421 
+	global $errors;
422 
+	$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login';
423 
+
424 
+	$errors = new WP_Error();
425 
+
426 
+	if (isset($_GET['key']))
427 
+		$action = 'resetpass';
428 
+
429 
+	// validate action so as to default to the login screen
430 
+	if (!in_array($action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login')) && false === has_filter('login_form_' . $action))
431 
+		$action = 'login';
432 
+
433 
+	nocache_headers();
434 
+
435 
+	if (defined('RELOCATE')) { // Move flag is set
436 
+		if (isset($_SERVER['PATH_INFO']) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']))
437 
+			$_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF']);
438 
+
439 
+		$schema = (isset($_SERVER['HTTPS']) && geodir_strtolower($_SERVER['HTTPS']) == 'on') ? 'https://' : 'http://';
440 
+		if (dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != home_url())
441 
+			update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']));
442 
+	}
443 
+
444 
+	//Set a cookie now to see if they are supported by the browser.
445 
+	//setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
446 
+	if (SITECOOKIEPATH != COOKIEPATH)
447 
+		setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
448 
+
449 
+	/**
450 
+	 * Allow plugins to override the default actions, and to add extra actions if they want on the register/signin page.
451 
+	 *
452 
+	 * Used dynamic hook login_form_$action
453 
+	 *
454 
+	 * @since 1.0.0
455 
+	 */
456 
+	do_action('login_form_' . $action);
457 
+
458 
+	$http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
459 
+
460 
+	switch ($action):
461 
+
462 
+		case 'logout' :
463 
+			//check_admin_referer('log-out');
464 
+			wp_logout();
465 
+
466 
+			$redirect_to = $_SERVER['HTTP_REFERER'];
467 
+			//$redirect_to = home_url().'/?ptype=login&loggedout=true';
468 
+			if (isset($_REQUEST['redirect_to']))
469 
+				$redirect_to = $_REQUEST['redirect_to'];
470 
+			$redirect_to = home_url();
471 
+			wp_safe_redirect($redirect_to);
472 
+			exit();
473 
+
474 
+			break;
475 
+
476 
+		case 'lostpassword' :
477 
+		case 'retrievepassword' :
478 
+			if ($http_post) {
479 
+				$errors = geodir_retrieve_password();
480 
+				$error_message = isset($errors->errors['invalid_email'][0]) ? $errors->errors['invalid_email'][0] : '';
481 
+				if (!is_wp_error($errors)) {
482 
+					wp_redirect(geodir_login_url(array('checkemail'=>'confirm')));
483 
+					gd_die();
484 
+				} else {
485 
+					wp_redirect(geodir_login_url(array('forgot' => 1, 'emsg'=>'fw')));
486 
+					gd_die();
487 
+				}
488 
+			}
489 
+			if (isset($_GET['error']) && 'invalidkey' == $_GET['error']) $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.', 'geodirectory'));
490 
+		/**
491 
+		 * Called in the geodir_user_signup() function during the lostpassword case.
492 
+		 *
493 
+		 * @since 1.0.0
494 
+		 */
495 
+		do_action('lost_password');
496 
+			$message = '<div class="sucess_msg">' . ENTER_USER_EMAIL_NEW_PW_MSG . '</div>';
497 
+			$user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : '';
498 
+
499 
+			break;
500 
+
501 
+		case 'resetpass' :
502 
+		case 'rp' :
503 
+			$errors = reset_password($_GET['key'], $_GET['login']);
504 
+
505 
+			if (!is_wp_error($errors)) {
506 
+				wp_redirect(geodir_login_url(array('checkemail'=>'newpass')));
507 
+				exit();
508 
+			}
509 
+
510 
+			wp_redirect(geodir_login_url(array('error'=>'invalidkey','action'=>'lostpassword')));
511 
+			exit();
512 
+
513 
+			break;
514 
+
515 
+		case 'register' :
516 
+			############################### fix by Stiofan -  HebTech.co.uk ### SECURITY FIX ##############################
517 
+			if (!get_option('users_can_register')) {
518 
+				wp_redirect(geodir_login_url(array('emsg'=>'regnewusr')));
519 
+				exit();
520 
+			}
521 
+			############################### fix by Stiofan -  HebTech.co.uk ### SECURITY FIX ##############################
522 
+			global $user_email, $user_fname;
523 
+			$user_login = '';
524 
+			$user_email = '';
525 
+			if ($http_post) {
526 
+				$user_login = $_POST['user_email'];
527 
+				$user_email = $_POST['user_email'];
528 
+				$user_fname = $_POST['user_fname'];
529 
+
530 
+				$errors = geodir_register_new_user($user_login, $user_email);
531 
+
532 
+				/* display error in registration form */
533 
+				if (is_wp_error($errors)) {
534 
+					$error_code = $errors->get_error_code();
535 
+					$error_message = $errors->get_error_message($error_code);
536 
+					if (!isset($_POST['user_login']) && ($error_code == 'empty_username' || $error_code == 'invalid_username' || $error_code == 'username_exists')) {
537 
+						if ($error_code == 'empty_username') {
538 
+							$error_code = 'empty_email';
539 
+						} else if ($error_code == 'invalid_username') {
540 
+							$error_code = 'invalid_email';
541 
+						} else if ($error_code == 'username_exists') {
542 
+							$error_code = 'email_exists';
543 
+						}
544 
+
545 
+						$error_message = $errors->get_error_message($error_code);
546 
+					}
547 
+					global $geodir_signup_error;
548 
+					$geodir_signup_error = $error_message;
549 
+				}
550 
+
551 
+				if (!is_wp_error($errors)) {
552 
+					$_POST['log'] = $user_login;
553 
+					$_POST['pwd'] = $errors[1];
554 
+					$_POST['testcookie'] = 1;
555 
+
556 
+					$secure_cookie = '';
557 
+					// If the user wants ssl but the session is not ssl, force a secure cookie.
558 
+					if (!empty($_POST['log'])) {
559 
+						$user_name = sanitize_user($_POST['log']);
560 
+						if ($user = get_user_by('email', $user_name)) {
561 
+							if (get_user_option('use_ssl', $user->ID)) {
562 
+								$secure_cookie = true;
563 
+								force_ssl_admin(true);
564 
+							}
565 
+						}
566 
+					}
567 
+
568 
+					$redirect_to = $_REQUEST['redirect_to'];
569 
+
570 
+					if (!isset($_REQUEST['redirect_to']) || $_REQUEST['redirect_to'] == '') {
571 
+						if (isset($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], home_url())) {
572 
+							$redirect_to = $_SERVER['HTTP_REFERER'];
573 
+						} else {
574 
+							$redirect_to = home_url();
575 
+						}
576 
+
577 
+					}
578 
+
579 
+					if (isset($_REQUEST['redirect_add_listing']) && $_REQUEST['redirect_add_listing'] != '') {
580 
+
581 
+						$redirect_to = $_REQUEST['redirect_add_listing'];
582 
+					}
583 
+
584 
+
585 
+					if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && (0 !== strpos($redirect_to, 'https')) && (0 === strpos($redirect_to, 'http')))
586 
+						$secure_cookie = false;
587 
+
588 
+					$user = wp_signon('', $secure_cookie);
589 
+
590 
+					$requested_redirect_to = isset($_REQUEST['redirect_add_listing']) && $_REQUEST['redirect_add_listing'] != '' ? $_REQUEST['redirect_add_listing'] : (isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '');
591 
+					/**
592 
+					 * Filter the login redirect URL.
593 
+					 *
594 
+					 * @since 1.4.9
595 
+					 * @param string $redirect_to The redirect destination URL.
596 
+					 * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
597 
+					 * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise.
598 
+					 */
599 
+					$redirect_to = apply_filters('login_redirect', $redirect_to, $requested_redirect_to, $user);
600 
+
601 
+
602 
+					if (!is_wp_error($user)) {
603 
+						wp_safe_redirect($redirect_to);
604 
+						exit();
605 
+					}
606 
+					exit();
607 
+				}
608 
+			}
609 
+
610 
+			break;
611 
+
612 
+		case 'login' :
613 
+		default:
614 
+			$secure_cookie = '';
615 
+
616 
+			if (!empty($_POST['log'])) {
617 
+				$user_name = sanitize_user($_POST['log']);
618 
+				if ($user = get_user_by('login', $user_name)) {
619 
+
620 
+					if (get_user_option('use_ssl', $user->ID)) {
621 
+						$secure_cookie = true;
622 
+						force_ssl_admin(true);
623 
+					}
624 
+				} elseif ($user = get_user_by('email', $user_name)) {
625 
+					$_POST['log'] = $user->user_login; // If signing in by email, set the username for normal WP login
626 
+					if (get_user_option('use_ssl', $user->ID)) {
627 
+						$secure_cookie = true;
628 
+						force_ssl_admin(true);
629 
+					}
630 
+				}
631 
+			}
632 
+			///////////////////////////
633 
+			if (isset($_REQUEST['redirect_add_listing'])) {
634 
+				$_REQUEST['redirect_to'] = $_REQUEST['redirect_add_listing'];
635 
+			}
636 
+
637 
+
638 
+			if (!isset($_REQUEST['redirect_to']) || $_REQUEST['redirect_to'] == '') {
639 
+				if (is_user_logged_in()) :
640 
+					$user_ID = isset($user->ID) ? $user->ID : '';
641 
+					$author_link = get_author_posts_url($user_ID);
642 
+					$default_author_link = geodir_getlink($author_link, array('geodir_dashbord' => 'true', 'stype' => 'gd_place'), false);
643 
+
644 
+					/**
645 
+					 * Filter the author link.
646 
+					 *
647 
+					 * @since 1.0.0
648 
+					 *
649 
+					 * @param string $default_author_link Default author link.
650 
+					 * @param int $user_ID The user ID.
651 
+					 */
652 
+					$default_author_link = apply_filters('geodir_dashboard_author_link', $default_author_link, $user_ID);
653 
+
654 
+					$_REQUEST['redirect_to'] = $default_author_link;
655 
+				else:
656 
+					$_REQUEST['redirect_to'] = home_url();
657 
+				endif;
658 
+
659 
+			}
660 
+			if (isset($_REQUEST['redirect_to'])) {
661 
+				$redirect_to = $_REQUEST['redirect_to'];
662 
+				// Redirect to https if user wants ssl
663 
+				if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin'))
664 
+					$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
665 
+			} else {
666 
+				$redirect_to = admin_url();
667 
+			}
668 
+
669 
+			if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && (0 !== strpos($redirect_to, 'https')) && (0 === strpos($redirect_to, 'http')))
670 
+				$secure_cookie = false;
671 
+			$user = wp_signon('', $secure_cookie);
672 
+
673 
+
674 
+			/**
675 
+			 * Filter the login redirect URL.
676 
+			 *
677 
+			 * @since 1.4.9
678 
+			 * @param string $redirect_to The redirect destination URL.
679 
+			 * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise.
680 
+			 */
681 
+			$redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
682 
+
683 
+			if (is_wp_error($user)) {
684 
+				if (isset($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], 'ptype=property_submit') && $_POST['log'] != '' && $_POST['pwd'] != '') {
685 
+					wp_redirect($_SERVER['HTTP_REFERER'] . '&emsg=1');
686 
+				}
687 
+			}
688 
+			if (!is_wp_error($user)) {
689 
+
690 
+				// Some servers are not logging the user in properly after wp_signon, se we set the user here.
691 
+				//wp_set_current_user($user->ID);
692 
+				//echo '###';exit;
693 
+
694 
+				if ($redirect_to) {
695 
+					wp_redirect($redirect_to);
696 
+				} else {
697 
+					wp_redirect(home_url());
698 
+				}
699 
+				gd_die();
700 
+			}
701 
+
702 
+			$errors = $user;
703 
+
704 
+			// Clear errors if loggedout is set.
705 
+			if (!empty($_GET['loggedout']))
706 
+				$errors = new WP_Error();
707 
+			// If cookies are disabled we can't log in even with a valid user+pass
708 
+			if (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]))
709 
+				$errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress.", 'geodirectory'));
710 
+
711 
+			// Some parts of this script use the main login form to display a message
712 
+			if (isset($_GET['loggedout']) && TRUE == $_GET['loggedout']) {
713 
+				$successmsg = '<div class="sucess_msg">' . YOU_ARE_LOGED_OUT_MSG . '</div>';
714 
+			} elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
715 
+				$successmsg = USER_REG_NOT_ALLOW_MSG;
716 
+			} elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
717 
+				$successmsg = EMAIL_CONFIRM_LINK_MSG;
718 
+			} elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail']) {
719 
+				$successmsg = NEW_PW_EMAIL_MSG;
720 
+			} elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
721 
+				$successmsg = REG_COMPLETE_MSG;
722 
+			}
723 
+
724 
+			if ((isset($_POST['log']) && $_POST['log'] != '' && $errors) || ((!isset($_POST['log']) || $_POST['log'] == '') && isset($_REQUEST['testcookie']) && $_REQUEST['testcookie'])) {
725 
+				if (isset($_REQUEST['pagetype']) && $_REQUEST['pagetype'] != '') {
726 
+					wp_redirect($_REQUEST['pagetype'] . '&emsg=1');
727 
+				} else {
728 
+					wp_redirect(geodir_login_url(array('logemsg'=>'1','redirect_to'=>urlencode($_REQUEST['redirect_to']))));
729 
+				}
730 
+				gd_die();
731 
+			}
732 
+			break;
733 
+	endswitch; // end action switch
734 734 
 }
735 735 
\ No newline at end of file
Please login to merge, or discard this patch.
Spacing   +21 added lines, -21 removed lines patch added patch discarded remove patch 
@@ -22,7 +22,7 @@  discard block
 
 block discarded – undo
22 22 
         if ($redirect) {
23 23 
             ?>
24 24 
             <script type="text/javascript">
25 
-                window.location.href = '<?php echo geodir_login_url();?>';
25 
+                window.location.href = '<?php echo geodir_login_url(); ?>';
26 26 
             </script>
27 27 
         <?php
28 28 
         } else

@@ -47,7 +47,7 @@  discard block
 
 block discarded – undo
47 47 
             wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
48 48 
             exit();
49 49 
         } else {
50 
-            wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
50 
+            wp_redirect('https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
51 51 
             exit();
52 52 
         }
53 53 
     }

@@ -60,7 +60,7 @@  discard block
 
 block discarded – undo
60 60 
      * @param string $message Login message.
61 61 
      */
62 62 
     $message = apply_filters('login_message', $message);
63 
-    if (!empty($message)) echo $message . "\n";
63 
+    if (!empty($message)) echo $message."\n";
64 64
65 65 
 }
66 66 
 

@@ -208,9 +208,9 @@  discard block
 
 block discarded – undo
208 208
209 209 
     wp_set_password($new_pass, $user->ID);
210 210 
     update_user_meta($user->ID, 'default_password_nag', true); //Set up the Password change nag.
211 
-    $message = '<p><b>' . __('Your login Information :', 'geodirectory') . '</b></p>';
212 
-    $message .= '<p>' . sprintf(__('Username: %s', 'geodirectory'), $user->user_login) . "</p>";
213 
-    $message .= '<p>' . sprintf(__('Password: %s', 'geodirectory'), $new_pass) . "</p>";
211 
+    $message = '<p><b>'.__('Your login Information :', 'geodirectory').'</b></p>';
212 
+    $message .= '<p>'.sprintf(__('Username: %s', 'geodirectory'), $user->user_login)."</p>";
213 
+    $message .= '<p>'.sprintf(__('Password: %s', 'geodirectory'), $new_pass)."</p>";
214 214 
     //$message .= '<p>You can login to : <a href="'.home_url().'/?ptype=login' . "\">Login</a> or the URL is :  ".home_url()."/?ptype=login</p>";
215 215 
     //$message .= '<p>Thank You,<br> '.get_option('blogname').'</p>';
216 216 
     $user_email = $user_data->user_email;

@@ -236,7 +236,7 @@  discard block
 
 block discarded – undo
236 236 
      */
237 237 
     $message = apply_filters('password_reset_message', $message, $new_pass);
238 238 
     //geodir_sendEmail($fromEmail,$fromEmailName,$user_email,$user_name,$title,$message,$extra='');///forgot password email
239 
-    geodir_sendEmail($fromEmail, $fromEmailName, $user_email, $user_name, $title, $message, $extra = '', 'forgot_password', $post_id = '', $user->ID);///forgot password email
239 
+    geodir_sendEmail($fromEmail, $fromEmailName, $user_email, $user_name, $title, $message, $extra = '', 'forgot_password', $post_id = '', $user->ID); ///forgot password email
240 240
241 241 
     return true;
242 242 
 }

@@ -390,13 +390,13 @@  discard block
 
 block discarded – undo
390 390 
         ///////REGISTRATION EMAIL START//////
391 391 
         $fromEmail = geodir_get_site_email_id();
392 392 
         $fromEmailName = get_site_emailName();
393 
-        $message = __('<p><b>' . __('Your login Information :', 'geodirectory') . '</b></p>
394 
-<p>' . __('Username:', 'geodirectory') . ' ' . $user_login . '</p>
395 
-<p>' . __('Password:', 'geodirectory') . ' ' . $user_pass . '</p>');
393 
+        $message = __('<p><b>'.__('Your login Information :', 'geodirectory').'</b></p>
394 
+<p>' . __('Username:', 'geodirectory').' '.$user_login.'</p>
395 
+<p>' . __('Password:', 'geodirectory').' '.$user_pass.'</p>');
396 396
397 397 
         /////////////customer email//////////////
398 398 
         //geodir_sendEmail($fromEmail,$fromEmailName,$user_email,$userName,$subject,$client_message,$extra='');///To client email
399 
-        geodir_sendEmail($fromEmail, $fromEmailName, $user_email, $userName, '', $message, '', 'registration', '', $user_id);/// registration email
399 
+        geodir_sendEmail($fromEmail, $fromEmailName, $user_email, $userName, '', $message, '', 'registration', '', $user_id); /// registration email
400 400 
         //////REGISTRATION EMAIL END////////
401 401 
     }
402 402 
 

@@ -427,7 +427,7 @@  discard block
 
 block discarded – undo
427 427 
         $action = 'resetpass';
428 428
429 429 
     // validate action so as to default to the login screen
430 
-    if (!in_array($action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login')) && false === has_filter('login_form_' . $action))
430 
+    if (!in_array($action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login')) && false === has_filter('login_form_'.$action))
431 431 
         $action = 'login';
432 432
433 433 
     nocache_headers();

@@ -437,8 +437,8 @@  discard block
 
 block discarded – undo
437 437 
             $_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF']);
438 438
439 439 
         $schema = (isset($_SERVER['HTTPS']) && geodir_strtolower($_SERVER['HTTPS']) == 'on') ? 'https://' : 'http://';
440 
-        if (dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != home_url())
441 
-            update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']));
440 
+        if (dirname($schema.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']) != home_url())
441 
+            update_option('siteurl', dirname($schema.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']));
442 442 
     }
443 443
444 444 
     //Set a cookie now to see if they are supported by the browser.

@@ -453,7 +453,7 @@  discard block
 
 block discarded – undo
453 453 
      *
454 454 
      * @since 1.0.0
455 455 
      */
456 
-    do_action('login_form_' . $action);
456 
+    do_action('login_form_'.$action);
457 457
458 458 
     $http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
459 459 
 

@@ -493,7 +493,7 @@  discard block
 
 block discarded – undo
493 493 
          * @since 1.0.0
494 494 
          */
495 495 
         do_action('lost_password');
496 
-            $message = '<div class="sucess_msg">' . ENTER_USER_EMAIL_NEW_PW_MSG . '</div>';
496 
+            $message = '<div class="sucess_msg">'.ENTER_USER_EMAIL_NEW_PW_MSG.'</div>';
497 497 
             $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : '';
498 498
499 499 
             break;

@@ -507,7 +507,7 @@  discard block
 
 block discarded – undo
507 507 
                 exit();
508 508 
             }
509 509
510 
-            wp_redirect(geodir_login_url(array('error'=>'invalidkey','action'=>'lostpassword')));
510 
+            wp_redirect(geodir_login_url(array('error'=>'invalidkey', 'action'=>'lostpassword')));
511 511 
             exit();
512 512
513 513 
             break;

@@ -682,7 +682,7 @@  discard block
 
 block discarded – undo
682 682
683 683 
             if (is_wp_error($user)) {
684 684 
                 if (isset($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], 'ptype=property_submit') && $_POST['log'] != '' && $_POST['pwd'] != '') {
685 
-                    wp_redirect($_SERVER['HTTP_REFERER'] . '&emsg=1');
685 
+                    wp_redirect($_SERVER['HTTP_REFERER'].'&emsg=1');
686 686 
                 }
687 687 
             }
688 688 
             if (!is_wp_error($user)) {

@@ -710,7 +710,7 @@  discard block
 
 block discarded – undo
710 710
711 711 
             // Some parts of this script use the main login form to display a message
712 712 
             if (isset($_GET['loggedout']) && TRUE == $_GET['loggedout']) {
713 
-                $successmsg = '<div class="sucess_msg">' . YOU_ARE_LOGED_OUT_MSG . '</div>';
713 
+                $successmsg = '<div class="sucess_msg">'.YOU_ARE_LOGED_OUT_MSG.'</div>';
714 714 
             } elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
715 715 
                 $successmsg = USER_REG_NOT_ALLOW_MSG;
716 716 
             } elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {

@@ -723,9 +723,9 @@  discard block
 
 block discarded – undo
723 723
724 724 
             if ((isset($_POST['log']) && $_POST['log'] != '' && $errors) || ((!isset($_POST['log']) || $_POST['log'] == '') && isset($_REQUEST['testcookie']) && $_REQUEST['testcookie'])) {
725 725 
                 if (isset($_REQUEST['pagetype']) && $_REQUEST['pagetype'] != '') {
726 
-                    wp_redirect($_REQUEST['pagetype'] . '&emsg=1');
726 
+                    wp_redirect($_REQUEST['pagetype'].'&emsg=1');
727 727 
                 } else {
728 
-                    wp_redirect(geodir_login_url(array('logemsg'=>'1','redirect_to'=>urlencode($_REQUEST['redirect_to']))));
728 
+                    wp_redirect(geodir_login_url(array('logemsg'=>'1', 'redirect_to'=>urlencode($_REQUEST['redirect_to']))));
729 729 
                 }
730 730 
                 gd_die();
731 731 
             }
Please login to merge, or discard this patch.