Issues in wsl.user.data.php (master) - Issues in master - miled/wordpress-social-login - Measure and Improve Code Quality continuously with Scrutinizer

Issues (161)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/services/wsl.user.data.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*!
* WordPress Social Login
*
* https://miled.github.io/wordpress-social-login/ | https://github.com/miled/wordpress-social-login
*   (c) 2011-2020 Mohamed Mrassi and contributors | https://wordpress.org/plugins/wordpress-social-login/
*/

/** 
* User data functions (database related)
*
* Notes:
*   1. This entire file will be rewroked in future versions based on a lightweight ORM.
*   2. The current code is loosely commented: functions names should be self-explanatory.
*/

// Exit if accessed directly
if ( !defined( 'ABSPATH' ) ) exit;

// --------------------------------------------------------------------

/**
* Checks whether the given email exists in WordPress users tables.
*
* This function is not loaded by default in wp 3.0
*
* https://core.trac.wordpress.org/browser/tags/4.0/src/wp-includes/user.php#L1565
*/
function wsl_wp_email_exists( $email )
{
	if( function_exists('email_exists') )
	{
		return email_exists( $email );
	}

	if( $user = get_user_by( 'email', $email ) )
	{
		return $user->ID;
	}
}

// --------------------------------------------------------------------

function wsl_get_wordpess_users_count()
{
	global $wpdb;

	$sql = "SELECT COUNT( * ) AS items FROM `$wpdb->users`";           

	return $wpdb->get_var( $sql );
}

// --------------------------------------------------------------------

function wsl_get_wsl_users_count()
{
	global $wpdb;

	$sql = "SELECT COUNT( distinct user_id ) AS items FROM `{$wpdb->prefix}wslusersprofiles`"; 

	return $wpdb->get_var( $sql );
}

// --------------------------------------------------------------------

function wsl_get_user_custom_avatar( $user_id )
{
	$user_avatar = get_user_meta( $user_id, 'wsl_current_user_image', true );

	// prior to 2.2
	if( ! $user_avatar )
	{
		$user_avatar = get_user_meta( $user_id, 'wsl_user_image', true );
	}

	return $user_avatar;
}

// --------------------------------------------------------------------

function wsl_get_stored_hybridauth_user_profiles_count()
{
	global $wpdb;

	$sql = "SELECT COUNT(`id`) FROM `{$wpdb->prefix}wslusersprofiles`"; 

	return $wpdb->get_var( $sql );
}

// --------------------------------------------------------------------

function wsl_get_stored_hybridauth_user_profiles_count_by_provider( $provider )
{
	global $wpdb;

	$sql = "SELECT COUNT(`id`) FROM `{$wpdb->prefix}wslusersprofiles` WHERE provider = %s";

	return $wpdb->get_var( $wpdb->prepare( $sql, $provider ) );
}

// --------------------------------------------------------------------

function wsl_get_stored_hybridauth_user_profiles_count_by_field( $field )
{
	global $wpdb;

	$sql = "SELECT $field, COUNT( * ) AS items FROM `{$wpdb->prefix}wslusersprofiles` GROUP BY $field ORDER BY items DESC";

	return $wpdb->get_results( $sql );
}

// --------------------------------------------------------------------

function wsl_get_stored_hybridauth_user_profiles_grouped_by_user_id( $offset, $limit )
{
	global $wpdb;

	$sql = "SELECT * FROM `{$wpdb->prefix}wslusersprofiles` GROUP BY user_id LIMIT %d, %d";

	return $wpdb->get_results( $wpdb->prepare( $sql, $offset, $limit ) );
}

// --------------------------------------------------------------------

function wsl_get_stored_hybridauth_user_contacts_count_by_user_id( $user_id )
{
	global $wpdb;

	$sql = "SELECT COUNT( * ) FROM `{$wpdb->prefix}wsluserscontacts` where user_id = %d";

	return $wpdb->get_var( $wpdb->prepare( $sql, $user_id ) );
}

// --------------------------------------------------------------------

function wsl_get_stored_hybridauth_user_contacts_by_user_id( $user_id, $offset, $limit )
{
	global $wpdb;

	$sql = "SELECT * FROM `{$wpdb->prefix}wsluserscontacts` where user_id = %d LIMIT %d, %d";

	return $wpdb->get_results( $wpdb->prepare( $sql, $user_id, $offset, $limit ) );
}

// --------------------------------------------------------------------

function wsl_get_stored_hybridauth_user_id_by_provider_and_provider_uid( $provider, $provider_uid )
{
	global $wpdb;

	$sql = "SELECT user_id FROM `{$wpdb->prefix}wslusersprofiles` WHERE provider = %s AND identifier = %s";

	return $wpdb->get_var( $wpdb->prepare( $sql, $provider, $provider_uid ) );
}

// --------------------------------------------------------------------

function wsl_get_stored_hybridauth_user_id_by_email_verified( $email_verified )
{
	global $wpdb;

	$sql = "SELECT user_id FROM `{$wpdb->prefix}wslusersprofiles` WHERE emailverified = %s";

	return $wpdb->get_var( $wpdb->prepare( $sql, $email_verified ) );
}

// --------------------------------------------------------------------

function wsl_get_stored_hybridauth_user_profile_by_provider_and_provider_uid( $provider, $provider_uid )

{
	global $wpdb;

	$sql = "SELECT * FROM `{$wpdb->prefix}wslusersprofiles` WHERE provider = %s AND identifier = %s";

	return $wpdb->get_results( $wpdb->prepare( $sql, $provider, $provider_uid ) );
}

// --------------------------------------------------------------------

function wsl_get_stored_hybridauth_user_profile_id_by_provider_and_provider_uid( $provider, $provider_uid )

{
	global $wpdb;

	$sql = "SELECT id FROM `{$wpdb->prefix}wslusersprofiles` WHERE provider = '%s' AND identifier = '%s'";

	return $wpdb->get_results( $wpdb->prepare( $sql, $provider, $provider_uid ) );
}

// --------------------------------------------------------------------

function wsl_get_stored_hybridauth_user_profiles_by_user_id( $user_id )
{
	global $wpdb;

	$sql = "SELECT * FROM `{$wpdb->prefix}wslusersprofiles` where user_id = %d order by provider";

	return $wpdb->get_results( $wpdb->prepare( $sql, $user_id ) );
}

// --------------------------------------------------------------------

function wsl_store_hybridauth_user_profile( $user_id, $provider, $profile )
{
	global $wpdb;
	
	$wpdb->show_errors(); 

	$sql = "SELECT id, object_sha FROM `{$wpdb->prefix}wslusersprofiles` where user_id = %d and provider = %s and identifier = %s";
	
	$rs  = $wpdb->get_results( $wpdb->prepare( $sql, $user_id, $provider, $profile->identifier ) );

	// we only sotre the user profile if it has changed since last login.
	$object_sha = sha1( serialize( $profile ) );

	// checksum
	if( ! empty( $rs ) && $rs[0]->object_sha == $object_sha )
	{
		return;
	}

	$table_data = array(
		"id"         => null,
		"user_id"    => $user_id,
		"provider"   => $provider,
		"object_sha" => $object_sha
	);

	if(  ! empty( $rs ) )
	{
		$table_data['id'] = $rs[0]->id;
	}

	$fields = array( 
		'identifier', 
		'profileurl', 
		'websiteurl', 
		'photourl', 
		'displayname', 
		'description', 
		'firstname', 
		'lastname', 
		'gender', 
		'language', 
		'age', 
		'birthday', 
		'birthmonth', 
		'birthyear', 
		'email', 
		'emailverified', 
		'phone', 
		'address', 
		'country', 
		'region', 
		'city', 
		'zip'
	);

	foreach( $profile as $key => $value )
	{
		$key = strtolower($key);

		if( in_array( $key, $fields ) )
		{
			$table_data[ $key ] = (string) $value;
		}
	}

	$wpdb->replace( "{$wpdb->prefix}wslusersprofiles", $table_data ); 

	return $wpdb->insert_id;
}

// --------------------------------------------------------------------

function wsl_store_hybridauth_user_contacts( $user_id, $provider, $adapter )
{
	// component contact should be enabled
	if( ! wsl_is_component_enabled( 'contacts' ) )
	{
		return;
	}

	// check if import is enabled for the given provider
	if(
		! (
			get_option( 'wsl_settings_contacts_import_facebook' )  == 1 && strtolower( $provider ) == "facebook"   ||
			get_option( 'wsl_settings_contacts_import_google' )    == 1 && strtolower( $provider ) == "google"     ||
			get_option( 'wsl_settings_contacts_import_twitter' )   == 1 && strtolower( $provider ) == "twitter"    ||
			get_option( 'wsl_settings_contacts_import_linkedin' )  == 1 && strtolower( $provider ) == "linkedin"   || 
			get_option( 'wsl_settings_contacts_import_live' )      == 1 && strtolower( $provider ) == "live"       ||
			get_option( 'wsl_settings_contacts_import_vkontakte' ) == 1 && strtolower( $provider ) == "vkontakte"
		)
	)
	{
		return;
	}

	global $wpdb;

	$user_contacts = null;

	// we only import contacts once
	$sql = "SELECT COUNT(`id`) FROM {$wpdb->prefix}wsluserscontacts WHERE user_id = %d AND provider = %s ";

	$nb_contacts = $wpdb->get_var( $wpdb->prepare( $sql, $user_id, $provider ) );

	if( $nb_contacts )
	{
		return;
	}

	// attempt to grab the user's friends list via social network api
	try
	{
		$user_contacts = $adapter->getUserContacts();
	}
	catch( Exception $e )
	{ 
		// well.. we can't do much.
	}

	if( ! $user_contacts )
	{
		return;
	}

	foreach( $user_contacts as $contact )
	{
		$wpdb->insert(
			"{$wpdb->prefix}wsluserscontacts", 
				array( 
					"user_id"     => $user_id,
					"provider"    => $provider,
					"identifier"  => $contact->identifier,
					"full_name"   => $contact->displayName,
					"email"       => $contact->email,
					"profile_url" => $contact->profileURL,
					"photo_url"   => $contact->photoURL,
				)
			); 
	}
}

// --------------------------------------------------------------------

function wsl_buddypress_xprofile_mapping( $user_id, $provider, $hybridauth_user_profile )
{
	// component Buddypress should be enabled
	if( ! wsl_is_component_enabled( 'buddypress' ) )
	{
		return;
	}

	do_action('bp_setup_globals');

	// make sure buddypress is loaded. 
	// > is this a legit way to check?
	if( ! function_exists( 'xprofile_set_field_data' ) )
	{
		return;
	}

	// check if profiles mapping is enabled
	$wsl_settings_buddypress_enable_mapping = get_option( 'wsl_settings_buddypress_enable_mapping' );
	
	if( $wsl_settings_buddypress_enable_mapping != 1 )
	{
		return;
	}

	// get current mapping
	$wsl_settings_buddypress_xprofile_map = get_option( 'wsl_settings_buddypress_xprofile_map' );

	$hybridauth_fields = array(  
		'identifier'   ,
		'profileURL'   ,
		'webSiteURL'   ,
		'photoURL'     ,
		'displayName'  ,
		'description'  ,
		'firstName'    ,
		'lastName'     ,
		'gender'       ,
		'language'     ,
		'age'          ,
		'birthDay'     ,
		'birthMonth'   ,
		'birthYear'    ,
		'email'        , 
		'phone'        ,
		'address'      ,
		'country'      ,
		'region'       ,
		'city'         ,
		'zip'          ,
	);
	
	$hybridauth_user_profile = (array) $hybridauth_user_profile;

	// all check: start mapping process
	if( $wsl_settings_buddypress_xprofile_map )
	{
		foreach( $wsl_settings_buddypress_xprofile_map as $buddypress_field_id => $field_name )
		{
			// if data can be found in hybridauth profile
			if( in_array( $field_name, $hybridauth_fields ) )
			{
				$value = $hybridauth_user_profile[ $field_name ];

				xprofile_set_field_data( $buddypress_field_id, $user_id, $value );
			}

			// if eq provider
			if( $field_name == 'provider' )
			{
				xprofile_set_field_data( $buddypress_field_id, $user_id, $provider );
			}

			// if eq birthDate
			if( $field_name == 'birthDate' )
			{
				$value = 
					str_pad( (int) $hybridauth_user_profile[ 'birthYear'  ], 4, '0', STR_PAD_LEFT )
					. '-' . 
					str_pad( (int) $hybridauth_user_profile[ 'birthMonth' ], 2, '0', STR_PAD_LEFT )
					. '-' . 
					str_pad( (int) $hybridauth_user_profile[ 'birthDay'   ], 2, '0', STR_PAD_LEFT )
					. ' 00:00:00';

				xprofile_set_field_data( $buddypress_field_id, $user_id, $value );
			}
		}
	}
}

// --------------------------------------------------------------------

function wsl_delete_stored_hybridauth_user_data( $user_id )
{
	global $wpdb;

	$sql = "DELETE FROM `{$wpdb->prefix}wslusersprofiles` where user_id = %d";
	$wpdb->query( $wpdb->prepare( $sql, $user_id ) );

	$sql = "DELETE FROM `{$wpdb->prefix}wsluserscontacts` where user_id = %d";
	$wpdb->query( $wpdb->prepare( $sql, $user_id ) );

	delete_user_meta( $user_id, 'wsl_current_provider'   );
	delete_user_meta( $user_id, 'wsl_current_user_image' );
}

add_action( 'delete_user', 'wsl_delete_stored_hybridauth_user_data' );

// --------------------------------------------------------------------
?>



1		<?php
2		/*!
3		* WordPress Social Login
4		*
5		* https://miled.github.io/wordpress-social-login/ \| https://github.com/miled/wordpress-social-login
6		* (c) 2011-2020 Mohamed Mrassi and contributors \| https://wordpress.org/plugins/wordpress-social-login/
7		*/
8
9		/**
10		* User data functions (database related)
11		*
12		* Notes:
13		* 1. This entire file will be rewroked in future versions based on a lightweight ORM.
14		* 2. The current code is loosely commented: functions names should be self-explanatory.
15		*/
16
17		// Exit if accessed directly
18		if ( !defined( 'ABSPATH' ) ) exit;
19
20		// --------------------------------------------------------------------
21
22		/**
23		* Checks whether the given email exists in WordPress users tables.
24		*
25		* This function is not loaded by default in wp 3.0
26		*
27		* https://core.trac.wordpress.org/browser/tags/4.0/src/wp-includes/user.php#L1565
28		*/
29		function wsl_wp_email_exists( $email )
30		{
31		if( function_exists('email_exists') )
32		{
33		return email_exists( $email );
34		}
35
36		if( $user = get_user_by( 'email', $email ) )
37		{
38		return $user->ID;
39		}
40		}
41
42		// --------------------------------------------------------------------
43
44		function wsl_get_wordpess_users_count()
45		{
46		global $wpdb;
47
48		$sql = "SELECT COUNT( * ) AS items FROM `$wpdb->users`";
49
50		return $wpdb->get_var( $sql );
51		}
52
53		// --------------------------------------------------------------------
54
55		function wsl_get_wsl_users_count()
56		{
57		global $wpdb;
58
59		$sql = "SELECT COUNT( distinct user_id ) AS items FROM `{$wpdb->prefix}wslusersprofiles`";
60
61		return $wpdb->get_var( $sql );
62		}
63
64		// --------------------------------------------------------------------
65
66		function wsl_get_user_custom_avatar( $user_id )
67		{
68		$user_avatar = get_user_meta( $user_id, 'wsl_current_user_image', true );
69
70		// prior to 2.2
71		if( ! $user_avatar )
72		{
73		$user_avatar = get_user_meta( $user_id, 'wsl_user_image', true );
74		}
75
76		return $user_avatar;
77		}
78
79		// --------------------------------------------------------------------
80
81		function wsl_get_stored_hybridauth_user_profiles_count()
82		{
83		global $wpdb;
84
85		$sql = "SELECT COUNT(`id`) FROM `{$wpdb->prefix}wslusersprofiles`";
86
87		return $wpdb->get_var( $sql );
88		}
89
90		// --------------------------------------------------------------------
91
92		function wsl_get_stored_hybridauth_user_profiles_count_by_provider( $provider )
93		{
94		global $wpdb;
95
96		$sql = "SELECT COUNT(`id`) FROM `{$wpdb->prefix}wslusersprofiles` WHERE provider = %s";
97
98		return $wpdb->get_var( $wpdb->prepare( $sql, $provider ) );
99		}
100
101		// --------------------------------------------------------------------
102
103		function wsl_get_stored_hybridauth_user_profiles_count_by_field( $field )
104		{
105		global $wpdb;
106
107		$sql = "SELECT $field, COUNT( * ) AS items FROM `{$wpdb->prefix}wslusersprofiles` GROUP BY $field ORDER BY items DESC";
108
109		return $wpdb->get_results( $sql );
110		}
111
112		// --------------------------------------------------------------------
113
114		function wsl_get_stored_hybridauth_user_profiles_grouped_by_user_id( $offset, $limit )
115		{
116		global $wpdb;
117
118		$sql = "SELECT * FROM `{$wpdb->prefix}wslusersprofiles` GROUP BY user_id LIMIT %d, %d";
119
120		return $wpdb->get_results( $wpdb->prepare( $sql, $offset, $limit ) );
121		}
122
123		// --------------------------------------------------------------------
124
125		function wsl_get_stored_hybridauth_user_contacts_count_by_user_id( $user_id )
126		{
127		global $wpdb;
128
129		$sql = "SELECT COUNT( * ) FROM `{$wpdb->prefix}wsluserscontacts` where user_id = %d";
130
131		return $wpdb->get_var( $wpdb->prepare( $sql, $user_id ) );
132		}
133
134		// --------------------------------------------------------------------
135
136		function wsl_get_stored_hybridauth_user_contacts_by_user_id( $user_id, $offset, $limit )
137		{
138		global $wpdb;
139
140		$sql = "SELECT * FROM `{$wpdb->prefix}wsluserscontacts` where user_id = %d LIMIT %d, %d";
141
142		return $wpdb->get_results( $wpdb->prepare( $sql, $user_id, $offset, $limit ) );
143		}
144
145		// --------------------------------------------------------------------
146
147		function wsl_get_stored_hybridauth_user_id_by_provider_and_provider_uid( $provider, $provider_uid )
148		{
149		global $wpdb;
150
151		$sql = "SELECT user_id FROM `{$wpdb->prefix}wslusersprofiles` WHERE provider = %s AND identifier = %s";
152
153		return $wpdb->get_var( $wpdb->prepare( $sql, $provider, $provider_uid ) );
154		}
155
156		// --------------------------------------------------------------------
157
158		function wsl_get_stored_hybridauth_user_id_by_email_verified( $email_verified )
159		{
160		global $wpdb;
161
162		$sql = "SELECT user_id FROM `{$wpdb->prefix}wslusersprofiles` WHERE emailverified = %s";
163
164		return $wpdb->get_var( $wpdb->prepare( $sql, $email_verified ) );
165		}
166
167		// --------------------------------------------------------------------
168
169	View Code Duplication	function wsl_get_stored_hybridauth_user_profile_by_provider_and_provider_uid( $provider, $provider_uid )
		0 ignored issues – show Duplication introduced 2015-12-02 01:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this This function seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
170		{
171		global $wpdb;
172
173		$sql = "SELECT * FROM `{$wpdb->prefix}wslusersprofiles` WHERE provider = %s AND identifier = %s";
174
175		return $wpdb->get_results( $wpdb->prepare( $sql, $provider, $provider_uid ) );
176		}
177
178		// --------------------------------------------------------------------
179
180	View Code Duplication	function wsl_get_stored_hybridauth_user_profile_id_by_provider_and_provider_uid( $provider, $provider_uid )
		0 ignored issues – show Duplication introduced 2015-12-02 01:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this This function seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
181		{
182		global $wpdb;
183
184		$sql = "SELECT id FROM `{$wpdb->prefix}wslusersprofiles` WHERE provider = '%s' AND identifier = '%s'";
185
186		return $wpdb->get_results( $wpdb->prepare( $sql, $provider, $provider_uid ) );
187		}
188
189		// --------------------------------------------------------------------
190
191		function wsl_get_stored_hybridauth_user_profiles_by_user_id( $user_id )
192		{
193		global $wpdb;
194
195		$sql = "SELECT * FROM `{$wpdb->prefix}wslusersprofiles` where user_id = %d order by provider";
196
197		return $wpdb->get_results( $wpdb->prepare( $sql, $user_id ) );
198		}
199
200		// --------------------------------------------------------------------
201
202		function wsl_store_hybridauth_user_profile( $user_id, $provider, $profile )
203		{
204		global $wpdb;
205
206		$wpdb->show_errors();
207
208		$sql = "SELECT id, object_sha FROM `{$wpdb->prefix}wslusersprofiles` where user_id = %d and provider = %s and identifier = %s";
209
210		$rs = $wpdb->get_results( $wpdb->prepare( $sql, $user_id, $provider, $profile->identifier ) );
211
212		// we only sotre the user profile if it has changed since last login.
213		$object_sha = sha1( serialize( $profile ) );
214
215		// checksum
216		if( ! empty( $rs ) && $rs[0]->object_sha == $object_sha )
217		{
218		return;
219		}
220
221		$table_data = array(
222		"id" => null,
223		"user_id" => $user_id,
224		"provider" => $provider,
225		"object_sha" => $object_sha
226		);
227
228		if( ! empty( $rs ) )
229		{
230		$table_data['id'] = $rs[0]->id;
231		}
232
233		$fields = array(
234		'identifier',
235		'profileurl',
236		'websiteurl',
237		'photourl',
238		'displayname',
239		'description',
240		'firstname',
241		'lastname',
242		'gender',
243		'language',
244		'age',
245		'birthday',
246		'birthmonth',
247		'birthyear',
248		'email',
249		'emailverified',
250		'phone',
251		'address',
252		'country',
253		'region',
254		'city',
255		'zip'
256		);
257
258		foreach( $profile as $key => $value )
259		{
260		$key = strtolower($key);
261
262		if( in_array( $key, $fields ) )
263		{
264		$table_data[ $key ] = (string) $value;
265		}
266		}
267
268		$wpdb->replace( "{$wpdb->prefix}wslusersprofiles", $table_data );
269
270		return $wpdb->insert_id;
271		}
272
273		// --------------------------------------------------------------------
274
275		function wsl_store_hybridauth_user_contacts( $user_id, $provider, $adapter )
276		{
277		// component contact should be enabled
278		if( ! wsl_is_component_enabled( 'contacts' ) )
279		{
280		return;
281		}
282
283		// check if import is enabled for the given provider
284		if(
285		! (
286		get_option( 'wsl_settings_contacts_import_facebook' ) == 1 && strtolower( $provider ) == "facebook" \|\|
287		get_option( 'wsl_settings_contacts_import_google' ) == 1 && strtolower( $provider ) == "google" \|\|
288		get_option( 'wsl_settings_contacts_import_twitter' ) == 1 && strtolower( $provider ) == "twitter" \|\|
289		get_option( 'wsl_settings_contacts_import_linkedin' ) == 1 && strtolower( $provider ) == "linkedin" \|\|
290		get_option( 'wsl_settings_contacts_import_live' ) == 1 && strtolower( $provider ) == "live" \|\|
291		get_option( 'wsl_settings_contacts_import_vkontakte' ) == 1 && strtolower( $provider ) == "vkontakte"
292		)
293		)
294		{
295		return;
296		}
297
298		global $wpdb;
299
300		$user_contacts = null;
301
302		// we only import contacts once
303		$sql = "SELECT COUNT(`id`) FROM {$wpdb->prefix}wsluserscontacts WHERE user_id = %d AND provider = %s ";
304
305		$nb_contacts = $wpdb->get_var( $wpdb->prepare( $sql, $user_id, $provider ) );
306
307		if( $nb_contacts )
308		{
309		return;
310		}
311
312		// attempt to grab the user's friends list via social network api
313		try
314		{
315		$user_contacts = $adapter->getUserContacts();
316		}
317		catch( Exception $e )
318		{
319		// well.. we can't do much.
320		}
321
322		if( ! $user_contacts )
323		{
324		return;
325		}
326
327		foreach( $user_contacts as $contact )
328		{
329		$wpdb->insert(
330		"{$wpdb->prefix}wsluserscontacts",
331		array(
332		"user_id" => $user_id,
333		"provider" => $provider,
334		"identifier" => $contact->identifier,
335		"full_name" => $contact->displayName,
336		"email" => $contact->email,
337		"profile_url" => $contact->profileURL,
338		"photo_url" => $contact->photoURL,
339		)
340		);
341		}
342		}
343
344		// --------------------------------------------------------------------
345
346		function wsl_buddypress_xprofile_mapping( $user_id, $provider, $hybridauth_user_profile )
347		{
348		// component Buddypress should be enabled
349		if( ! wsl_is_component_enabled( 'buddypress' ) )
350		{
351		return;
352		}
353
354		do_action('bp_setup_globals');
355
356		// make sure buddypress is loaded.
357		// > is this a legit way to check?
358		if( ! function_exists( 'xprofile_set_field_data' ) )
359		{
360		return;
361		}
362
363		// check if profiles mapping is enabled
364		$wsl_settings_buddypress_enable_mapping = get_option( 'wsl_settings_buddypress_enable_mapping' );
365
366		if( $wsl_settings_buddypress_enable_mapping != 1 )
367		{
368		return;
369		}
370
371		// get current mapping
372		$wsl_settings_buddypress_xprofile_map = get_option( 'wsl_settings_buddypress_xprofile_map' );
373
374		$hybridauth_fields = array(
375		'identifier' ,
376		'profileURL' ,
377		'webSiteURL' ,
378		'photoURL' ,
379		'displayName' ,
380		'description' ,
381		'firstName' ,
382		'lastName' ,
383		'gender' ,
384		'language' ,
385		'age' ,
386		'birthDay' ,
387		'birthMonth' ,
388		'birthYear' ,
389		'email' ,
390		'phone' ,
391		'address' ,
392		'country' ,
393		'region' ,
394		'city' ,
395		'zip' ,
396		);
397
398		$hybridauth_user_profile = (array) $hybridauth_user_profile;
399
400		// all check: start mapping process
401		if( $wsl_settings_buddypress_xprofile_map )
402		{
403		foreach( $wsl_settings_buddypress_xprofile_map as $buddypress_field_id => $field_name )
404		{
405		// if data can be found in hybridauth profile
406		if( in_array( $field_name, $hybridauth_fields ) )
407		{
408		$value = $hybridauth_user_profile[ $field_name ];
409
410		xprofile_set_field_data( $buddypress_field_id, $user_id, $value );
411		}
412
413		// if eq provider
414		if( $field_name == 'provider' )
415		{
416		xprofile_set_field_data( $buddypress_field_id, $user_id, $provider );
417		}
418
419		// if eq birthDate
420		if( $field_name == 'birthDate' )
421		{
422		$value =
423		str_pad( (int) $hybridauth_user_profile[ 'birthYear' ], 4, '0', STR_PAD_LEFT )
424		. '-' .
425		str_pad( (int) $hybridauth_user_profile[ 'birthMonth' ], 2, '0', STR_PAD_LEFT )
426		. '-' .
427		str_pad( (int) $hybridauth_user_profile[ 'birthDay' ], 2, '0', STR_PAD_LEFT )
428		. ' 00:00:00';
429
430		xprofile_set_field_data( $buddypress_field_id, $user_id, $value );
431		}
432		}
433		}
434		}
435
436		// --------------------------------------------------------------------
437
438		function wsl_delete_stored_hybridauth_user_data( $user_id )
439		{
440		global $wpdb;
441
442		$sql = "DELETE FROM `{$wpdb->prefix}wslusersprofiles` where user_id = %d";
443		$wpdb->query( $wpdb->prepare( $sql, $user_id ) );
444
445		$sql = "DELETE FROM `{$wpdb->prefix}wsluserscontacts` where user_id = %d";
446		$wpdb->query( $wpdb->prepare( $sql, $user_id ) );
447
448		delete_user_meta( $user_id, 'wsl_current_provider' );
449		delete_user_meta( $user_id, 'wsl_current_user_image' );
450		}
451
452		add_action( 'delete_user', 'wsl_delete_stored_hybridauth_user_data' );
453
454		// --------------------------------------------------------------------
455		?>
		0 ignored issues – show Best Practice introduced 2019-01-24 15:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is not recommended to use PHP's closing tag `?>` in files other than templates. Using a closing tag in PHP files that only contain PHP code is not recommended as you might accidentally add whitespace after the closing tag which would then be output by PHP. This can cause severe problems, for example headers cannot be sent anymore. A simple precaution is to leave off the closing tag as it is not required, and it also has no negative effects whatsoever. Loading history...
456

miled / wordpress-social-login

Issues (161)

Security Analysis not enabled

includes/services/wsl.user.data.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like