| [ Index ] |
PHP Cross Reference of BuddyPress |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * BuddyPress Members Filters. 4 * 5 * Filters specific to the Members component. 6 * 7 * @package BuddyPress 8 * @subpackage MembersFilters 9 * @since 1.5.0 10 */ 11 12 // Exit if accessed directly. 13 defined( 'ABSPATH' ) || exit; 14 15 /** 16 * Escape commonly used fullname output functions. 17 */ 18 add_filter( 'bp_displayed_user_fullname', 'esc_html' ); 19 add_filter( 'bp_get_loggedin_user_fullname', 'esc_html' ); 20 21 // Filter the user registration URL to point to BuddyPress's registration page. 22 add_filter( 'register_url', 'bp_get_signup_page' ); 23 24 /** 25 * Load additional sign-up sanitization filters on bp_loaded. 26 * 27 * These are used to prevent XSS in the BuddyPress sign-up process. You can 28 * unhook these to allow for customization of your registration fields; 29 * however, it is highly recommended that you leave these in place for the 30 * safety of your network. 31 * 32 * @since 1.5.0 33 */ 34 function bp_members_signup_sanitization() { 35 36 // Filters on sign-up fields. 37 $fields = array ( 38 'bp_get_signup_username_value', 39 'bp_get_signup_email_value', 40 'bp_get_signup_with_blog_value', 41 'bp_get_signup_blog_url_value', 42 'bp_get_signup_blog_title_value', 43 'bp_get_signup_blog_privacy_value', 44 'bp_get_signup_avatar_dir_value', 45 ); 46 47 // Add the filters to each field. 48 foreach( $fields as $filter ) { 49 add_filter( $filter, 'esc_html', 1 ); 50 add_filter( $filter, 'wp_filter_kses', 2 ); 51 add_filter( $filter, 'stripslashes', 3 ); 52 } 53 54 // Sanitize email. 55 add_filter( 'bp_get_signup_email_value', 'sanitize_email' ); 56 } 57 add_action( 'bp_loaded', 'bp_members_signup_sanitization' ); 58 59 /** 60 * Make sure the username is not the blog slug in case of root profile & subdirectory blog. 61 * 62 * If BP_ENABLE_ROOT_PROFILES is defined & multisite config is set to subdirectories, 63 * then there is a chance site.url/username == site.url/blogslug. If so, user's profile 64 * is not reachable, instead the blog is displayed. This filter makes sure the signup username 65 * is not the same than the blog slug for this particular config. 66 * 67 * @since 2.1.0 68 * 69 * @param array $illegal_names Array of illiegal names. 70 * @return array $illegal_names 71 */ 72 function bp_members_signup_with_subdirectory_blog( $illegal_names = array() ) { 73 if ( ! bp_core_enable_root_profiles() ) { 74 return $illegal_names; 75 } 76 77 if ( is_network_admin() && isset( $_POST['blog'] ) ) { 78 $blog = $_POST['blog']; 79 $domain = ''; 80 81 if ( preg_match( '|^([a-zA-Z0-9-])$|', $blog['domain'] ) ) { 82 $domain = strtolower( $blog['domain'] ); 83 } 84 85 if ( username_exists( $domain ) ) { 86 $illegal_names[] = $domain; 87 } 88 89 } else { 90 $illegal_names[] = buddypress()->signup->username; 91 } 92 93 return $illegal_names; 94 } 95 add_filter( 'subdirectory_reserved_names', 'bp_members_signup_with_subdirectory_blog', 10, 1 ); 96 97 /** 98 * Filter the user profile URL to point to BuddyPress profile edit. 99 * 100 * @since 1.6.0 101 * 102 * @param string $url WP profile edit URL. 103 * @param int $user_id ID of the user. 104 * @param string $scheme Scheme to use. 105 * @return string 106 */ 107 function bp_members_edit_profile_url( $url, $user_id, $scheme = 'admin' ) { 108 109 // If xprofile is active, use profile domain link. 110 if ( ! is_admin() && bp_is_active( 'xprofile' ) ) { 111 $profile_link = trailingslashit( bp_core_get_user_domain( $user_id ) . bp_get_profile_slug() . '/edit' ); 112 113 } else { 114 // Default to $url. 115 $profile_link = $url; 116 } 117 118 /** 119 * Filters the user profile URL to point to BuddyPress profile edit. 120 * 121 * @since 1.5.2 122 * 123 * @param string $url WP profile edit URL. 124 * @param int $user_id ID of the user. 125 * @param string $scheme Scheme to use. 126 */ 127 return apply_filters( 'bp_members_edit_profile_url', $profile_link, $url, $user_id, $scheme ); 128 } 129 add_filter( 'edit_profile_url', 'bp_members_edit_profile_url', 10, 3 ); 130 131 /** 132 * Filter the bp_user_can value to determine what the user can do in the members component. 133 * 134 * @since 8.0.0 135 * 136 * @param bool $retval Whether or not the current user has the capability. 137 * @param int $user_id User ID. 138 * @param string $capability The capability being checked for. 139 * @param int $site_id Site ID. Defaults to the BP root blog. 140 * @param array $args Array of extra arguments passed. 141 * 142 * @return bool 143 */ 144 function bp_members_user_can_filter( $retval, $user_id, $capability, $site_id, $args = array() ) { 145 146 switch ( $capability ) { 147 case 'bp_members_manage_membership_requests': 148 $retval = bp_user_can( $user_id, 'bp_moderate' ); 149 break; 150 151 case 'bp_members_send_invitation': 152 if ( is_user_logged_in() && bp_get_members_invitations_allowed() ) { 153 $retval = true; 154 } 155 break; 156 157 case 'bp_members_receive_invitation': 158 if ( bp_get_members_invitations_allowed() ) { 159 $retval = true; 160 // The invited user must not already be a member of the network. 161 if ( empty( $args['invitee_email'] ) || false !== get_user_by( 'email', $args['invitee_email'] ) ) { 162 $retval = false; 163 } 164 // The invited user must not have opted out from being contacted from this site. 165 if ( bp_user_has_opted_out( $args['invitee_email'] ) ) { 166 $retval = false; 167 } 168 } 169 break; 170 171 case 'bp_members_invitations_view_screens': 172 $retval = bp_get_members_invitations_allowed() && ( bp_user_can( $user_id, 'bp_members_send_invitation' ) || bp_members_invitations_user_has_sent_invites( $user_id ) ); 173 break; 174 175 case 'bp_members_invitations_view_send_screen': 176 $retval = is_user_logged_in() && bp_get_members_invitations_allowed(); 177 break; 178 } 179 180 return $retval; 181 } 182 add_filter( 'bp_user_can', 'bp_members_user_can_filter', 10, 5 ); 183 184 /** 185 * Do not allow the new user to change the email address 186 * if they are accepting a community invitation. 187 * 188 * @since 8.0.0 189 * 190 * @param array $attributes The field attributes. 191 * @param string $name The field name. 192 * 193 * @return array $attributes The field attributes. 194 */ 195 function bp_members_invitations_make_registration_email_input_readonly_if_invite( $attributes, $name ) { 196 if ( 'email' === $name && bp_get_members_invitations_allowed() ) { 197 $invite = bp_get_members_invitation_from_request(); 198 if ( $invite->id ) { 199 $attributes['readonly'] = 'readonly'; 200 } 201 } 202 return $attributes; 203 } 204 add_filter( 'bp_get_form_field_attributes', 'bp_members_invitations_make_registration_email_input_readonly_if_invite', 10, 2 ); 205 206 /** 207 * Provide a more-specific welcome message if the new user 208 * is accepting a network invitation. 209 * 210 * @since 8.0.0 211 * 212 * @return string $message The message text. 213 */ 214 function bp_members_invitations_get_registration_welcome_message() { 215 $message = ''; 216 if ( ! bp_get_members_invitations_allowed() ) { 217 return $message; 218 } 219 220 $invite = bp_get_members_invitation_from_request(); 221 if ( ! $invite->id || ! $invite->invitee_email ) { 222 return $message; 223 } 224 225 // Check if the user is already a site member. 226 $maybe_user = get_user_by( 'email', $invite->invitee_email ); 227 228 // This user is already a member 229 if ( $maybe_user ) { 230 $message = sprintf( 231 /* translators: %s: The log in link `<a href="login_url">log in</a>` */ 232 esc_html__( 'Welcome! You are already a member of this site. Please %s to continue.', 'buddypress' ), 233 sprintf( 234 '<a href="%1$s">%2$s</a>', 235 esc_url( wp_login_url( bp_get_root_domain() ) ), 236 esc_html__( 'log in', 'buddypress' ) 237 ) 238 ); 239 240 // This user can register! 241 } else { 242 243 // Fetch the display names of all inviters to personalize the welcome message. 244 $args = array( 245 'invitee_email' => $invite->invitee_email, 246 'invite_sent' => 'sent', 247 ); 248 249 $all_invites = bp_members_invitations_get_invites( $args ); 250 $inviters = array(); 251 252 foreach ( $all_invites as $inv ) { 253 $inviters[] = bp_core_get_user_displayname( $inv->inviter_id ); 254 } 255 256 if ( ! empty( $inviters ) ) { 257 $message = sprintf( 258 /* translators: %s: The comma separated list of inviters display names */ 259 _n( 'Welcome! You’ve been invited to join the site by the following user: %s.', 'Welcome! You’ve been invited to join the site by the following users: %s.', count( $inviters ), 'buddypress' ), 260 implode( ', ', $inviters ) 261 ); 262 } else { 263 $message = __( 'Welcome! You’ve been invited to join the site. ', 'buddypress' ); 264 } 265 } 266 267 return $message; 268 } 269 270 /** 271 * Provide a more-specific "registration is disabled" message 272 * if registration is available by invitation only. 273 * Also provide failure note if new user is trying to accept 274 * a network invitation but there's a problem. 275 * 276 * @since 8.0.0 277 * 278 * @return string $message The message text. 279 */ 280 function bp_members_invitations_get_modified_registration_disabled_message() { 281 $message = ''; 282 if ( bp_get_members_invitations_allowed() ) { 283 284 $invite = bp_get_members_invitation_from_request(); 285 if ( ! $invite->id || ! $invite->invitee_email ) { 286 return $message; 287 } 288 289 // Check if the user is already a site member. 290 $maybe_user = get_user_by( 'email', $invite->invitee_email ); 291 292 if ( ! $maybe_user ) { 293 $message_parts = array( esc_html__( 'Member registration is allowed by invitation only.', 'buddypress' ) ); 294 295 // Is the user trying to accept an invitation but something is wrong? 296 if ( ! empty( $_GET['inv'] ) ) { 297 $message_parts[] = esc_html__( 'It looks like there is a problem with your invitation. Please try again.', 'buddypress' ); 298 } 299 300 $message = implode( ' ', $message_parts ); 301 } else if ( 'nouveau' === bp_get_theme_package_id() ) { 302 $message = sprintf( 303 /* translators: 1: The log in link `<a href="login_url">log in</a>`. 2: The lost password link `<a href="lost_password_url">log in</a>` */ 304 esc_html__( 'Welcome! You are already a member of this site. Please %1$s to continue. If you have forgotten your password, you can %2$s.', 'buddypress' ), 305 sprintf( 306 '<a href="%1$s">%2$s</a>', 307 esc_url( wp_login_url( bp_get_root_domain() ) ), 308 esc_html__( 'log in', 'buddypress' ) 309 ), 310 sprintf( 311 '<a href="%1$s">%2$s</a>', 312 esc_url( wp_lostpassword_url( bp_get_root_domain() ) ), 313 esc_html__( 'reset it', 'buddypress' ) 314 ) 315 ); 316 } 317 } 318 319 return $message; 320 } 321 322 /** 323 * Sanitize the invitation property output. 324 * 325 * @since 8.0.0 326 * 327 * @param int|string $value The value for the requested property. 328 * @param string $property The name of the requested property. 329 * @param string $context Optional. The context of display. 330 * @return int|string The sanitized value. 331 */ 332 function bp_members_sanitize_invitation_property( $value = '', $property = '', $context = 'html' ) { 333 if ( ! $property ) { 334 return ''; 335 } 336 337 switch ( $property ) { 338 case 'id': 339 case 'user_id': 340 case 'item_id': 341 case 'secondary_item_id': 342 $value = absint( $value ); 343 break; 344 case 'invite_sent': 345 case 'accepted': 346 $value = absint( $value ) ? __( 'Yes', 'buddypress' ) : __( 'No', 'buddypress' ); 347 $value = 'attribute' === $context ? esc_attr( $value ) : esc_html( $value ); 348 break; 349 case 'invitee_email': 350 $value = sanitize_email( $value ); 351 break; 352 case 'content': 353 $value = wp_kses( $value, array() ); 354 $value = wptexturize( $value ); 355 break; 356 case 'date_modified': 357 $value = mysql2date( 'Y/m/d g:i:s a', $value ); 358 $value = 'attribute' === $context ? esc_attr( $value ) : esc_html( $value ); 359 break; 360 361 default: 362 $value = 'attribute' === $context ? esc_attr( $value ) : esc_html( $value ); 363 break; 364 } 365 366 return $value; 367 } 368 add_filter( 'bp_the_members_invitation_property', 'bp_members_sanitize_invitation_property', 10, 3 );
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu Nov 21 01:00:57 2024 | Cross-referenced by PHPXref 0.7.1 |