Issues in user-functions.php (master) - Issues in master - ravinderk/Give - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4335)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/user-functions.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * User Functions
 *
 * Functions related to users / donors
 *
 * @package     Give
 * @subpackage  Functions
 * @copyright   Copyright (c) 2016, GiveWP
 * @license     https://opensource.org/licenses/gpl-license GNU Public License
 * @since       1.0
 */

// Exit if accessed directly.
if ( ! defined( 'ABSPATH' ) ) {
	exit;
}

/**
 * Get Users Donations
 *
 * Retrieves a list of all donations by a specific user.
 *
 * @param int    $user       User ID or email address.
 * @param int    $number     Number of donations to retrieve.
 * @param bool   $pagination Enable/Disable Pagination.
 * @param string $status     Donation Status.
 *
 * @since  1.0
 *
 * @return bool|array List of all user donations.
 */
function give_get_users_donations( $user = 0, $number = 20, $pagination = false, $status = 'complete' ) {

	if ( empty( $user ) ) {
		$user = get_current_user_id();
	}

	if ( 0 === $user && ! Give()->email_access->token_exists ) {
		return false;
	}

	$status = ( 'complete' === $status ) ? 'publish' : $status;
	$paged = 1;

	if ( $pagination ) {
		if ( get_query_var( 'paged' ) ) {
			$paged = get_query_var( 'paged' );
		} elseif ( get_query_var( 'page' ) ) {
			$paged = get_query_var( 'page' );
		}
	}

	$args = apply_filters( 'give_get_users_donations_args', array(
		'user'    => $user,
		'number'  => $number,
		'status'  => $status,
		'orderby' => 'date',
	) );

	if ( $pagination ) {
		$args['page'] = $paged;
	} else {
		$args['nopaging'] = true;
	}

	$by_user_id = is_numeric( $user ) ? true : false;
	$donor   = new Give_Donor( $user, $by_user_id );

	if ( ! empty( $donor->payment_ids ) ) {

		unset( $args['user'] );
		$args['post__in'] = array_map( 'absint', explode( ',', $donor->payment_ids ) );

	}

	$donations = give_get_payments( apply_filters( 'give_get_users_donations_args', $args ) );

	// No donations.
	if ( ! $donations ) {

		return false;
	}

	return $donations;
}

/**
 * Get Users Donations
 *
 * Returns a list of unique donation forms given to by a specific user.
 *
 * @param int    $user   User ID or email address
 * @param string $status Donation Status.
 *
 * @since 1.0
 *
 * @return bool|object List of unique forms donated by user
 */
function give_get_users_completed_donations( $user = 0, $status = 'complete' ) {
	if ( empty( $user ) ) {
		$user = get_current_user_id();
	}

	if ( empty( $user ) ) {
		return false;
	}

	$by_user_id = is_numeric( $user ) ? true : false;

	$donor = new Give_Donor( $user, $by_user_id );

	if ( empty( $donor->payment_ids ) ) {
		return false;
	}

	// Get all the items donated.
	$payment_ids    = array_reverse( explode( ',', $donor->payment_ids ) );
	$limit_payments = apply_filters( 'give_users_completed_donations_payments', 50 );
	if ( ! empty( $limit_payments ) ) {
		$payment_ids = array_slice( $payment_ids, 0, $limit_payments );
	}
	$donation_data = array();
	foreach ( $payment_ids as $payment_id ) {
		$donation_data[] = give_get_payment_meta( $payment_id );
	}

	if ( empty( $donation_data ) ) {
		return false;
	}

	// Grab only the post ids "form_id" of the forms donated on this order.
	$completed_donations_ids = array();
	foreach ( $donation_data as $donation_meta ) {
		$completed_donations_ids[] = isset( $donation_meta['form_id'] ) ? $donation_meta['form_id'] : '';
	}

	if ( empty( $completed_donations_ids ) ) {
		return false;
	}

	// Only include each donation once.
	$form_ids = array_unique( $completed_donations_ids );

	// Make sure we still have some products and a first item.
	if ( empty( $form_ids ) || ! isset( $form_ids[0] ) ) {
		return false;
	}

	$post_type = get_post_type( $form_ids[0] );

	$args = apply_filters( 'give_get_users_completed_donations_args', array(
		'include'        => $form_ids,
		'post_type'      => $post_type,
		'posts_per_page' => - 1,
	) );

	return apply_filters( 'give_users_completed_donations_list', get_posts( $args ) );
}


/**
 * Has donations
 *
 * Checks to see if a user has donated to at least one form.
 *
 * @param int $user_id The ID of the user to check.
 *
 * @access public
 * @since  1.0
 *
 * @return bool True if has donated, false other wise.
 */
function give_has_donations( $user_id = null ) {
	if ( empty( $user_id ) ) {
		$user_id = get_current_user_id();
	}

	if ( give_get_users_donations( $user_id, 1 ) ) {
		return true; // User has at least one donation.
	}

	// User has never donated anything.
	return false;
}


/**
 * Get Donation Status for User.
 *
 * Retrieves the donation count and the total amount spent for a specific user.
 *
 * @param int|string $user The ID or email of the donor to retrieve stats for.
 *
 * @access public
 * @since  1.0
 *
 * @return array
 */
function give_get_donation_stats_by_user( $user = '' ) {

	$field = '';

	if ( is_email( $user ) ) {
		$field = 'email';
	} elseif ( is_numeric( $user ) ) {
		$field = 'user_id';
	}

	$stats    = array();
	$donor = Give()->donors->get_donor_by( $field, $user );

	if ( $donor ) {
		$donor = new Give_Donor( $donor->id );
		$stats['purchases']   = absint( $donor->purchase_count );
		$stats['total_spent'] = give_maybe_sanitize_amount( $donor->get_total_donation_amount() );
	}

	/**
	 * Filter the donation stats.
	 *
	 * @since 1.7
	 */
	$stats = (array) apply_filters( 'give_donation_stats_by_user', $stats, $user );

	return $stats;
}


/**
 * Count number of donations of a donor.
 *
 * Returns total number of donations a donor has made.
 *
 * @param int|string $user The ID or email of the donor.
 *
 * @access public
 * @since  1.0
 *
 * @return int The total number of donations.
 */
function give_count_donations_of_donor( $user = null ) {

	// Logged in?
	if ( empty( $user ) ) {
		$user = get_current_user_id();
	}

	// Email access?
	if ( empty( $user ) && Give()->email_access->token_email ) {
		$user = Give()->email_access->token_email;
	}

	$stats = ! empty( $user ) ? give_get_donation_stats_by_user( $user ) : false;

	return isset( $stats['purchases'] ) ? $stats['purchases'] : 0;
}

/**
 * Calculates the total amount spent by a user.
 *
 * @param int|string $user The ID or email of the donor.
 *
 * @access public
 * @since  1.0
 *
 * @return float The total amount the user has spent
 */
function give_donation_total_of_user( $user = null ) {

	$stats = give_get_donation_stats_by_user( $user );

	return $stats['total_spent'];
}


/**
 * Validate a potential username.
 *
 * @param string $username The username to validate.
 * @param int    $form_id  Donation Form ID.
 *
 * @since 1.0
 *
 * @return bool
 */
function give_validate_username( $username, $form_id = 0 ) {
	$valid = true;

	// Validate username.
	if ( ! empty( $username ) ) {

		// Sanitize username.
		$sanitized_user_name = sanitize_user( $username, false );

		// We have an user name, check if it already exists.
		if ( username_exists( $username ) ) {
			// Username already registered.
			give_set_error( 'username_unavailable', __( 'Username already taken.', 'give' ) );
			$valid = false;

			// Check if it's valid.
		} elseif ( $sanitized_user_name !== $username ) {
			// Invalid username.
			if ( is_multisite() ) {
				give_set_error( 'username_invalid', __( 'Invalid username. Only lowercase letters (a-z) and numbers are allowed.', 'give' ) );
				$valid = false;
			} else {
				give_set_error( 'username_invalid', __( 'Invalid username.', 'give' ) );
				$valid = false;
			}
		}
	} else {
		// Username is empty.
		give_set_error( 'username_empty', __( 'Enter a username.', 'give' ) );
		$valid = false;

		// Check if guest checkout is disable for form.
		if ( $form_id && give_logged_in_only( $form_id ) ) {
			give_set_error( 'registration_required', __( 'You must register or login to complete your donation.', 'give' ) );
			$valid = false;
		}
	}

	/**
	 * Filter the username validation result.
	 *
	 * @param bool   $valid    Username is valid or not.
	 * @param string $username Username to check.
	 * @param bool   $form_id  Donation Form ID.
	 *
	 * @since 1.8
	 */
	$valid = (bool) apply_filters( 'give_validate_username', $valid, $username, $form_id );

	return $valid;
}


/**
 * Validate user email.
 *
 * @param string $email                User email.
 * @param bool   $registering_new_user Flag to check user register or not.
 *
 * @since 1.8
 *
 * @return bool
 */
function give_validate_user_email( $email, $registering_new_user = false ) {
	$valid = true;

	if ( empty( $email ) ) {
		// No email.
		give_set_error( 'email_empty', __( 'Enter an email.', 'give' ) );
		$valid = false;

	} elseif ( email_exists( $email ) ) {
		// Email already exists.
		give_set_error( 'email_exists', __( 'Email already exists.', 'give' ) );
		$valid = false;

	} elseif ( ! is_email( $email ) ) {
		// Validate email.
		give_set_error( 'email_invalid', __( 'Invalid email.', 'give' ) );
		$valid = false;

	} elseif ( $registering_new_user ) {

		// If donor email is not primary.
		if ( ! email_exists( $email ) && give_donor_email_exists( $email ) && give_is_additional_email( $email ) ) {
			// Check if email exists.
			give_set_error( 'email_used', __( 'The email address provided is already active for another user.', 'give' ) );
			$valid = false;
		}
	}

	/**
	 * Filter the email validation result.
	 *
	 * @param bool   $valid                Email is valid or not.
	 * @param string $email                Email to check.
	 * @param bool   $registering_new_user Registering New or Existing User.
	 *
	 * @since 1.8
	 */
	$valid = (bool) apply_filters( 'give_validate_user_email', $valid, $email, $registering_new_user );

	return $valid;
}

/**
 * Validate password.
 *
 * @param string $password             Password to Validate.
 * @param string $confirm_password     Password to Confirm Validation.
 * @param bool   $registering_new_user Registering New or Existing User.
 *
 * @since 1.8
 *
 * @return bool
 */
function give_validate_user_password( $password = '', $confirm_password = '', $registering_new_user = false ) {
	$valid = true;

	// Passwords Validation For New Donors Only.
	if ( $registering_new_user ) {
		// Password or confirmation missing.
		if ( ! $password ) {
			// The password is invalid.
			give_set_error( 'password_empty', __( 'Enter a password.', 'give' ) );
			$valid = false;
		} elseif ( ! $confirm_password ) {
			// Confirmation password is invalid.
			give_set_error( 'confirmation_empty', __( 'Enter the password confirmation.', 'give' ) );
			$valid = false;
		}
	}
	// Passwords Validation For New Donors as well as Existing Donors.
	if ( $password || $confirm_password ) {
		if ( strlen( $password ) < 6 || strlen( $confirm_password ) < 6 ) {
			// Seems Weak Password.
			give_set_error( 'password_weak', __( 'Passwords should have at least 6 characters.', 'give' ) );
			$valid = false;
		}
		if ( $password && $confirm_password ) {
			// Verify confirmation matches.
			if ( $password !== $confirm_password ) {
				// Passwords do not match.
				give_set_error( 'password_mismatch', __( 'Passwords you entered do not match. Please try again.', 'give' ) );
				$valid = false;
			}
		}
	}

	/**
	 * Filter the password validation result.
	 *
	 * @param bool   $valid                Password is Valid or not.
	 * @param string $password             Password to check validation.
	 * @param string $confirm_password     Password to confirm validation.
	 * @param bool   $registering_new_user Registering New or Existing User.
	 *
	 * @since 1.8
	 */
	$valid = (bool) apply_filters( 'give_validate_user_email', $valid, $password, $confirm_password, $registering_new_user );

	return $valid;
}

/**
 * Counts the total number of donors.
 *
 * @access public
 * @since  1.0
 *
 * @return int The total number of donors.
 */
function give_count_total_donors() {
	return Give()->donors->count();
}

/**
 * Returns the saved address for a donor
 *
 * @access public
 * @since  1.0
 *
 * @param int/null $donor_id Donor ID.
 * @param array $args         {
 *
 * @type bool   $by_user_id   Flag to validate find donor by donor ID or user ID
 * @type string $address_type Optional. Which type of donor address this function will return.
 * }
 *
 * @return array The donor's address, if any
 */
function give_get_donor_address( $donor_id = null, $args = array() ) {
	$default_args = array(
		'by_user_id'   => false,
		'address_type' => 'billing',
	);

	$default_address = array(
		'line1'   => '',
		'line2'   => '',
		'city'    => '',
		'state'   => '',
		'country' => '',
		'zip'     => '',
	);

	$address = array();
	$args    = wp_parse_args( $args, $default_args );

	// Set user id if donor is empty.
	if ( empty( $donor_id ) ) {
		$donor_id           = get_current_user_id();
		$args['by_user_id'] = true;
	}

	// Backward compatibility.
	if ( ! give_has_upgrade_completed( 'v20_upgrades_user_address' ) && $by_user_id ) {
		return wp_parse_args(
			(array) get_user_meta( $donor_id, '_give_user_address', true ),
			$default_address
		);
	}

	$donor = new Give_Donor( $donor_id, (bool) $args['by_user_id'] );

	if (
		! $donor->id ||
		empty( $donor->address ) ||
		! array_key_exists( $args['address_type'], $donor->address )
	) {
		return $default_address;
	}

	switch ( true ) {
		case is_string( end( $donor->address[ $args['address_type'] ] ) ):
			$address = wp_parse_args( $donor->address[ $args['address_type'] ], $default_address );
			break;

		case is_array( end( $donor->address[ $args['address_type'] ] ) ):
			$address = wp_parse_args( array_shift( $donor->address[ $args['address_type'] ] ), $default_address );
			break;
	}

	return $address;
}

/**
 * Give New User Notification
 *
 * Sends the new user notification email when a user registers within the donation form
 *
 * @param int   $donation_id   Donation ID.
 * @param array $donation_data An Array of Donation Data.
 *
 * @access public
 * @since  1.0
 *
 * @return void
 */
function give_new_user_notification( $donation_id = 0, $donation_data = array() ) {
	// Bailout.
	if (
		empty( $donation_id )
		|| empty( $donation_data )
		|| ! isset( $_POST['give_create_account'] )
		|| 'on' !== give_clean( $_POST['give_create_account'] )
	) {
		return;
	}

	// For backward compatibility
	$user = get_user_by( 'ID', $donation_data['user_info']['id'] );

	$donation_data['user_info'] = array_merge(
		$donation_data['user_info'],
		array(
			'user_id'    => $donation_data['user_info']['id'],
			'user_first' => $donation_data['user_info']['first_name'],
			'user_last'  => $donation_data['user_info']['last_name'],
			'user_email' => $donation_data['user_info']['email'],
			'user_login' => $user->user_login,
		)
	);

	do_action( 'give_new-donor-register_email_notification', $donation_data['user_info']['id'], $donation_data['user_info'], $donation_id );
	do_action( 'give_donor-register_email_notification', $donation_data['user_info']['id'], $donation_data['user_info'], $donation_id );
}

add_action( 'give_insert_payment', 'give_new_user_notification', 10, 2 );


/**
 * Get Donor Name By
 *
 * Retrieves the donor name based on the id and the name of the user or donation
 *
 * @param int    $id   The ID of donation or donor.
 * @param string $from From will be a string to be passed as donation or donor.
 *
 * @access public
 * @since  1.8.9
 *
 * @return string
 */
function give_get_donor_name_by( $id = 0, $from = 'donation' ) {

	// ID shouldn't be empty.
	if ( empty( $id ) ) {
		return '';
	}

	$name         = '';
	$title_prefix = '';

	switch ( $from ) {

		case 'donation':
			$title_prefix  = give_get_meta( $id, '_give_payment_donor_title_prefix', true );
			$first_name    = give_get_meta( $id, '_give_donor_billing_first_name', true );
			$last_name     = give_get_meta( $id, '_give_donor_billing_last_name', true );

			$name = "{$first_name} {$last_name}";

			break;

		case 'donor':
			$name         = Give()->donors->get_column( 'name', $id );
			$title_prefix = Give()->donor_meta->get_meta( $id, '_give_donor_title_prefix', true );

			break;

	}

	// If title prefix is set then prepend it to name.
	$name = give_get_donor_name_with_title_prefixes( $title_prefix, $name );

	return $name;

}

/**
 * Checks whether the given donor email exists in users as well as additional_email of donors.
 *
 * @param string $email Donor Email.
 *
 * @since 1.8.9
 *
 * @return boolean  The user's ID on success, and false on failure.
 */
function give_donor_email_exists( $email ) {
	if ( Give()->donors->get_donor_by( 'email', $email ) ) {
		return true;
	}
	return false;
}

/**
 * This function will check whether the donor email is primary or additional.
 *
 * @param string $email Donor Email.
 *
 * @since 1.8.13
 *
 * @return bool
 */
function give_is_additional_email( $email ) {
	global $wpdb;

	$meta_table = Give()->donor_meta->table_name;
	$meta_type  = Give()->donor_meta->meta_type;
	$donor_id   = $wpdb->get_var( $wpdb->prepare( "SELECT {$meta_type}_id FROM {$meta_table} WHERE meta_key = 'additional_email' AND meta_value = %s LIMIT 1", $email ) );

	if ( empty( $donor_id ) ) {
		return false;
	}

	return true;
}


1		<?php
2		/**
3		* User Functions
4		*
5		* Functions related to users / donors
6		*
7		* @package Give
8		* @subpackage Functions
9		* @copyright Copyright (c) 2016, GiveWP
10		* @license https://opensource.org/licenses/gpl-license GNU Public License
11		* @since 1.0
12		*/
13
14		// Exit if accessed directly.
15		if ( ! defined( 'ABSPATH' ) ) {
16		exit;
17		}
18
19		/**
20		* Get Users Donations
21		*
22		* Retrieves a list of all donations by a specific user.
23		*
24		* @param int $user User ID or email address.
25		* @param int $number Number of donations to retrieve.
26		* @param bool $pagination Enable/Disable Pagination.
27		* @param string $status Donation Status.
28		*
29		* @since 1.0
30		*
31		* @return bool\|array List of all user donations.
32		*/
33		function give_get_users_donations( $user = 0, $number = 20, $pagination = false, $status = 'complete' ) {
34
35		if ( empty( $user ) ) {
36		$user = get_current_user_id();
37		}
38
39		if ( 0 === $user && ! Give()->email_access->token_exists ) {
40		return false;
41		}
42
43		$status = ( 'complete' === $status ) ? 'publish' : $status;
44		$paged = 1;
45
46		if ( $pagination ) {
47		if ( get_query_var( 'paged' ) ) {
48		$paged = get_query_var( 'paged' );
49		} elseif ( get_query_var( 'page' ) ) {
50		$paged = get_query_var( 'page' );
51		}
52		}
53
54		$args = apply_filters( 'give_get_users_donations_args', array(
55		'user' => $user,
56		'number' => $number,
57		'status' => $status,
58		'orderby' => 'date',
59		) );
60
61		if ( $pagination ) {
62		$args['page'] = $paged;
63		} else {
64		$args['nopaging'] = true;
65		}
66
67		$by_user_id = is_numeric( $user ) ? true : false;
68		$donor = new Give_Donor( $user, $by_user_id );
69
70		if ( ! empty( $donor->payment_ids ) ) {
71
72		unset( $args['user'] );
73		$args['post__in'] = array_map( 'absint', explode( ',', $donor->payment_ids ) );
74
75		}
76
77		$donations = give_get_payments( apply_filters( 'give_get_users_donations_args', $args ) );
78
79		// No donations.
80		if ( ! $donations ) {
		0 ignored issues – show Bug Best Practice introduced 2017-06-06 05:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$donations` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
81		return false;
82		}
83
84		return $donations;
85		}
86
87		/**
88		* Get Users Donations
89		*
90		* Returns a list of unique donation forms given to by a specific user.
91		*
92		* @param int $user User ID or email address
93		* @param string $status Donation Status.
94		*
95		* @since 1.0
96		*
97		* @return bool\|object List of unique forms donated by user
98		*/
99		function give_get_users_completed_donations( $user = 0, $status = 'complete' ) {
100		if ( empty( $user ) ) {
101		$user = get_current_user_id();
102		}
103
104		if ( empty( $user ) ) {
105		return false;
106		}
107
108		$by_user_id = is_numeric( $user ) ? true : false;
109
110		$donor = new Give_Donor( $user, $by_user_id );
111
112		if ( empty( $donor->payment_ids ) ) {
113		return false;
114		}
115
116		// Get all the items donated.
117		$payment_ids = array_reverse( explode( ',', $donor->payment_ids ) );
118		$limit_payments = apply_filters( 'give_users_completed_donations_payments', 50 );
119		if ( ! empty( $limit_payments ) ) {
120		$payment_ids = array_slice( $payment_ids, 0, $limit_payments );
121		}
122		$donation_data = array();
123		foreach ( $payment_ids as $payment_id ) {
124		$donation_data[] = give_get_payment_meta( $payment_id );
125		}
126
127		if ( empty( $donation_data ) ) {
128		return false;
129		}
130
131		// Grab only the post ids "form_id" of the forms donated on this order.
132		$completed_donations_ids = array();
133		foreach ( $donation_data as $donation_meta ) {
134		$completed_donations_ids[] = isset( $donation_meta['form_id'] ) ? $donation_meta['form_id'] : '';
135		}
136
137		if ( empty( $completed_donations_ids ) ) {
138		return false;
139		}
140
141		// Only include each donation once.
142		$form_ids = array_unique( $completed_donations_ids );
143
144		// Make sure we still have some products and a first item.
145		if ( empty( $form_ids ) \|\| ! isset( $form_ids[0] ) ) {
146		return false;
147		}
148
149		$post_type = get_post_type( $form_ids[0] );
150
151		$args = apply_filters( 'give_get_users_completed_donations_args', array(
152		'include' => $form_ids,
153		'post_type' => $post_type,
154		'posts_per_page' => - 1,
155		) );
156
157		return apply_filters( 'give_users_completed_donations_list', get_posts( $args ) );
158		}
159
160
161		/**
162		* Has donations
163		*
164		* Checks to see if a user has donated to at least one form.
165		*
166		* @param int $user_id The ID of the user to check.
167		*
168		* @access public
169		* @since 1.0
170		*
171		* @return bool True if has donated, false other wise.
172		*/
173		function give_has_donations( $user_id = null ) {
174		if ( empty( $user_id ) ) {
175		$user_id = get_current_user_id();
176		}
177
178		if ( give_get_users_donations( $user_id, 1 ) ) {
179		return true; // User has at least one donation.
180		}
181
182		// User has never donated anything.
183		return false;
184		}
185
186
187		/**
188		* Get Donation Status for User.
189		*
190		* Retrieves the donation count and the total amount spent for a specific user.
191		*
192		* @param int\|string $user The ID or email of the donor to retrieve stats for.
193		*
194		* @access public
195		* @since 1.0
196		*
197		* @return array
198		*/
199		function give_get_donation_stats_by_user( $user = '' ) {
200
201		$field = '';
202
203		if ( is_email( $user ) ) {
204		$field = 'email';
205		} elseif ( is_numeric( $user ) ) {
206		$field = 'user_id';
207		}
208
209		$stats = array();
210		$donor = Give()->donors->get_donor_by( $field, $user );
211
212		if ( $donor ) {
213		$donor = new Give_Donor( $donor->id );
214		$stats['purchases'] = absint( $donor->purchase_count );
215		$stats['total_spent'] = give_maybe_sanitize_amount( $donor->get_total_donation_amount() );
216		}
217
218		/**
219		* Filter the donation stats.
220		*
221		* @since 1.7
222		*/
223		$stats = (array) apply_filters( 'give_donation_stats_by_user', $stats, $user );
224
225		return $stats;
226		}
227
228
229		/**
230		* Count number of donations of a donor.
231		*
232		* Returns total number of donations a donor has made.
233		*
234		* @param int\|string $user The ID or email of the donor.
235		*
236		* @access public
237		* @since 1.0
238		*
239		* @return int The total number of donations.
240		*/
241		function give_count_donations_of_donor( $user = null ) {
242
243		// Logged in?
244		if ( empty( $user ) ) {
245		$user = get_current_user_id();
246		}
247
248		// Email access?
249		if ( empty( $user ) && Give()->email_access->token_email ) {
250		$user = Give()->email_access->token_email;
251		}
252
253		$stats = ! empty( $user ) ? give_get_donation_stats_by_user( $user ) : false;
254
255		return isset( $stats['purchases'] ) ? $stats['purchases'] : 0;
256		}
257
258		/**
259		* Calculates the total amount spent by a user.
260		*
261		* @param int\|string $user The ID or email of the donor.
262		*
263		* @access public
264		* @since 1.0
265		*
266		* @return float The total amount the user has spent
267		*/
268		function give_donation_total_of_user( $user = null ) {
269
270		$stats = give_get_donation_stats_by_user( $user );
271
272		return $stats['total_spent'];
273		}
274
275
276		/**
277		* Validate a potential username.
278		*
279		* @param string $username The username to validate.
280		* @param int $form_id Donation Form ID.
281		*
282		* @since 1.0
283		*
284		* @return bool
285		*/
286		function give_validate_username( $username, $form_id = 0 ) {
287		$valid = true;
288
289		// Validate username.
290		if ( ! empty( $username ) ) {
291
292		// Sanitize username.
293		$sanitized_user_name = sanitize_user( $username, false );
294
295		// We have an user name, check if it already exists.
296		if ( username_exists( $username ) ) {
297		// Username already registered.
298		give_set_error( 'username_unavailable', __( 'Username already taken.', 'give' ) );
299		$valid = false;
300
301		// Check if it's valid.
302		} elseif ( $sanitized_user_name !== $username ) {
303		// Invalid username.
304		if ( is_multisite() ) {
305		give_set_error( 'username_invalid', __( 'Invalid username. Only lowercase letters (a-z) and numbers are allowed.', 'give' ) );
306		$valid = false;
307		} else {
308		give_set_error( 'username_invalid', __( 'Invalid username.', 'give' ) );
309		$valid = false;
310		}
311		}
312		} else {
313		// Username is empty.
314		give_set_error( 'username_empty', __( 'Enter a username.', 'give' ) );
315		$valid = false;
316
317		// Check if guest checkout is disable for form.
318		if ( $form_id && give_logged_in_only( $form_id ) ) {
319		give_set_error( 'registration_required', __( 'You must register or login to complete your donation.', 'give' ) );
320		$valid = false;
321		}
322		}
323
324		/**
325		* Filter the username validation result.
326		*
327		* @param bool $valid Username is valid or not.
328		* @param string $username Username to check.
329		* @param bool $form_id Donation Form ID.
330		*
331		* @since 1.8
332		*/
333		$valid = (bool) apply_filters( 'give_validate_username', $valid, $username, $form_id );
334
335		return $valid;
336		}
337
338
339		/**
340		* Validate user email.
341		*
342		* @param string $email User email.
343		* @param bool $registering_new_user Flag to check user register or not.
344		*
345		* @since 1.8
346		*
347		* @return bool
348		*/
349		function give_validate_user_email( $email, $registering_new_user = false ) {
350		$valid = true;
351
352		if ( empty( $email ) ) {
353		// No email.
354		give_set_error( 'email_empty', __( 'Enter an email.', 'give' ) );
355		$valid = false;
356
357		} elseif ( email_exists( $email ) ) {
358		// Email already exists.
359		give_set_error( 'email_exists', __( 'Email already exists.', 'give' ) );
360		$valid = false;
361
362		} elseif ( ! is_email( $email ) ) {
363		// Validate email.
364		give_set_error( 'email_invalid', __( 'Invalid email.', 'give' ) );
365		$valid = false;
366
367		} elseif ( $registering_new_user ) {
368
369		// If donor email is not primary.
370		if ( ! email_exists( $email ) && give_donor_email_exists( $email ) && give_is_additional_email( $email ) ) {
371		// Check if email exists.
372		give_set_error( 'email_used', __( 'The email address provided is already active for another user.', 'give' ) );
373		$valid = false;
374		}
375		}
376
377		/**
378		* Filter the email validation result.
379		*
380		* @param bool $valid Email is valid or not.
381		* @param string $email Email to check.
382		* @param bool $registering_new_user Registering New or Existing User.
383		*
384		* @since 1.8
385		*/
386		$valid = (bool) apply_filters( 'give_validate_user_email', $valid, $email, $registering_new_user );
387
388		return $valid;
389		}
390
391		/**
392		* Validate password.
393		*
394		* @param string $password Password to Validate.
395		* @param string $confirm_password Password to Confirm Validation.
396		* @param bool $registering_new_user Registering New or Existing User.
397		*
398		* @since 1.8
399		*
400		* @return bool
401		*/
402		function give_validate_user_password( $password = '', $confirm_password = '', $registering_new_user = false ) {
403		$valid = true;
404
405		// Passwords Validation For New Donors Only.
406		if ( $registering_new_user ) {
407		// Password or confirmation missing.
408		if ( ! $password ) {
409		// The password is invalid.
410		give_set_error( 'password_empty', __( 'Enter a password.', 'give' ) );
411		$valid = false;
412		} elseif ( ! $confirm_password ) {
413		// Confirmation password is invalid.
414		give_set_error( 'confirmation_empty', __( 'Enter the password confirmation.', 'give' ) );
415		$valid = false;
416		}
417		}
418		// Passwords Validation For New Donors as well as Existing Donors.
419		if ( $password \|\| $confirm_password ) {
420		if ( strlen( $password ) < 6 \|\| strlen( $confirm_password ) < 6 ) {
421		// Seems Weak Password.
422		give_set_error( 'password_weak', __( 'Passwords should have at least 6 characters.', 'give' ) );
423		$valid = false;
424		}
425		if ( $password && $confirm_password ) {
426		// Verify confirmation matches.
427		if ( $password !== $confirm_password ) {
428		// Passwords do not match.
429		give_set_error( 'password_mismatch', __( 'Passwords you entered do not match. Please try again.', 'give' ) );
430		$valid = false;
431		}
432		}
433		}
434
435		/**
436		* Filter the password validation result.
437		*
438		* @param bool $valid Password is Valid or not.
439		* @param string $password Password to check validation.
440		* @param string $confirm_password Password to confirm validation.
441		* @param bool $registering_new_user Registering New or Existing User.
442		*
443		* @since 1.8
444		*/
445		$valid = (bool) apply_filters( 'give_validate_user_email', $valid, $password, $confirm_password, $registering_new_user );
446
447		return $valid;
448		}
449
450		/**
451		* Counts the total number of donors.
452		*
453		* @access public
454		* @since 1.0
455		*
456		* @return int The total number of donors.
457		*/
458		function give_count_total_donors() {
459		return Give()->donors->count();
460		}
461
462		/**
463		* Returns the saved address for a donor
464		*
465		* @access public
466		* @since 1.0
467		*
468		* @param int/null $donor_id Donor ID.
469		* @param array $args {
470		*
471		* @type bool $by_user_id Flag to validate find donor by donor ID or user ID
472		* @type string $address_type Optional. Which type of donor address this function will return.
473		* }
474		*
475		* @return array The donor's address, if any
476		*/
477		function give_get_donor_address( $donor_id = null, $args = array() ) {
478		$default_args = array(
479		'by_user_id' => false,
480		'address_type' => 'billing',
481		);
482
483		$default_address = array(
484		'line1' => '',
485		'line2' => '',
486		'city' => '',
487		'state' => '',
488		'country' => '',
489		'zip' => '',
490		);
491
492		$address = array();
493		$args = wp_parse_args( $args, $default_args );
494
495		// Set user id if donor is empty.
496		if ( empty( $donor_id ) ) {
497		$donor_id = get_current_user_id();
498		$args['by_user_id'] = true;
499		}
500
501		// Backward compatibility.
502	View Code Duplication	if ( ! give_has_upgrade_completed( 'v20_upgrades_user_address' ) && $by_user_id ) {
503		return wp_parse_args(
504		(array) get_user_meta( $donor_id, '_give_user_address', true ),
505		$default_address
506		);
507		}
508
509		$donor = new Give_Donor( $donor_id, (bool) $args['by_user_id'] );
510
511		if (
512		! $donor->id \|\|
513		empty( $donor->address ) \|\|
514		! array_key_exists( $args['address_type'], $donor->address )
515		) {
516		return $default_address;
517		}
518
519		switch ( true ) {
520		case is_string( end( $donor->address[ $args['address_type'] ] ) ):
521		$address = wp_parse_args( $donor->address[ $args['address_type'] ], $default_address );
522		break;
523
524	View Code Duplication	case is_array( end( $donor->address[ $args['address_type'] ] ) ):
525		$address = wp_parse_args( array_shift( $donor->address[ $args['address_type'] ] ), $default_address );
526		break;
527		}
528
529		return $address;
530		}
531
532		/**
533		* Give New User Notification
534		*
535		* Sends the new user notification email when a user registers within the donation form
536		*
537		* @param int $donation_id Donation ID.
538		* @param array $donation_data An Array of Donation Data.
539		*
540		* @access public
541		* @since 1.0
542		*
543		* @return void
544		*/
545		function give_new_user_notification( $donation_id = 0, $donation_data = array() ) {
546		// Bailout.
547		if (
548		empty( $donation_id )
549		\|\| empty( $donation_data )
550		\|\| ! isset( $_POST['give_create_account'] )
551		\|\| 'on' !== give_clean( $_POST['give_create_account'] )
552		) {
553		return;
554		}
555
556		// For backward compatibility
557		$user = get_user_by( 'ID', $donation_data['user_info']['id'] );
558
559		$donation_data['user_info'] = array_merge(
560		$donation_data['user_info'],
561		array(
562		'user_id' => $donation_data['user_info']['id'],
563		'user_first' => $donation_data['user_info']['first_name'],
564		'user_last' => $donation_data['user_info']['last_name'],
565		'user_email' => $donation_data['user_info']['email'],
566		'user_login' => $user->user_login,
567		)
568		);
569
570		do_action( 'give_new-donor-register_email_notification', $donation_data['user_info']['id'], $donation_data['user_info'], $donation_id );
571		do_action( 'give_donor-register_email_notification', $donation_data['user_info']['id'], $donation_data['user_info'], $donation_id );
572		}
573
574		add_action( 'give_insert_payment', 'give_new_user_notification', 10, 2 );
575
576
577		/**
578		* Get Donor Name By
579		*
580		* Retrieves the donor name based on the id and the name of the user or donation
581		*
582		* @param int $id The ID of donation or donor.
583		* @param string $from From will be a string to be passed as donation or donor.
584		*
585		* @access public
586		* @since 1.8.9
587		*
588		* @return string
589		*/
590		function give_get_donor_name_by( $id = 0, $from = 'donation' ) {
591
592		// ID shouldn't be empty.
593		if ( empty( $id ) ) {
594		return '';
595		}
596
597		$name = '';
598		$title_prefix = '';
599
600		switch ( $from ) {
601
602		case 'donation':
603		$title_prefix = give_get_meta( $id, '_give_payment_donor_title_prefix', true );
604		$first_name = give_get_meta( $id, '_give_donor_billing_first_name', true );
605		$last_name = give_get_meta( $id, '_give_donor_billing_last_name', true );
606
607		$name = "{$first_name} {$last_name}";
608
609		break;
610
611		case 'donor':
612		$name = Give()->donors->get_column( 'name', $id );
613		$title_prefix = Give()->donor_meta->get_meta( $id, '_give_donor_title_prefix', true );
614
615		break;
616
617		}
618
619		// If title prefix is set then prepend it to name.
620		$name = give_get_donor_name_with_title_prefixes( $title_prefix, $name );
621
622		return $name;
623
624		}
625
626		/**
627		* Checks whether the given donor email exists in users as well as additional_email of donors.
628		*
629		* @param string $email Donor Email.
630		*
631		* @since 1.8.9
632		*
633		* @return boolean The user's ID on success, and false on failure.
634		*/
635		function give_donor_email_exists( $email ) {
636		if ( Give()->donors->get_donor_by( 'email', $email ) ) {
637		return true;
638		}
639		return false;
640		}
641
642		/**
643		* This function will check whether the donor email is primary or additional.
644		*
645		* @param string $email Donor Email.
646		*
647		* @since 1.8.13
648		*
649		* @return bool
650		*/
651		function give_is_additional_email( $email ) {
652		global $wpdb;
653
654		$meta_table = Give()->donor_meta->table_name;
655		$meta_type = Give()->donor_meta->meta_type;
656		$donor_id = $wpdb->get_var( $wpdb->prepare( "SELECT {$meta_type}_id FROM {$meta_table} WHERE meta_key = 'additional_email' AND meta_value = %s LIMIT 1", $email ) );
657
658		if ( empty( $donor_id ) ) {
659		return false;
660		}
661
662		return true;
663		}
664

ravinderk / Give

Issues (4335)

Security Analysis not enabled

includes/user-functions.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like