projects / civicrm-core.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Various phpdoc fixes
[civicrm-core.git] / CRM / Utils / System / WordPress.php
CommitLineData
6a488035
TO		 1<?php
2/*
3 +--------------------------------------------------------------------+
bc77d7c0 4 | Copyright CiviCRM LLC. All rights reserved. |
6a488035 5 | |
bc77d7c0
TO		 6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
6a488035 9 +--------------------------------------------------------------------+
d25dd0ee 10 */
6a488035
TO		 11
12/**
13 *
14 * @package CRM
ca5cec67 15 * @copyright CiviCRM LLC https://civicrm.org/licensing
6a488035
TO		 16 */
17
18/**
19 * WordPress specific stuff goes here
20 */
21class CRM_Utils_System_WordPress extends CRM_Utils_System_Base {
6714d8d2 22
11eed110
TO		 23 /**
24 * Get a normalized version of the wpBasePage.
25 */
26 public static function getBasePage() {
1e2423ed 27 return strtolower(rtrim(Civi::settings()->get('wpBasePage'), '/'));
11eed110
TO		 28 }
29
bb3a214a 30 /**
bb3a214a 31 */
00be9182 32 public function __construct() {
4caaa696
EM		 33 /**
34 * deprecated property to check if this is a drupal install. The correct method is to have functions on the UF classes for all UF specific
35 * functions and leave the codebase oblivious to the type of CMS
36 * @deprecated
37 * @var bool
38 */
6a488035 39 $this->is_drupal = FALSE;
fe17e8d1 40 $this->is_wordpress = TRUE;
6a488035
TO		 41 }
42
9509977f
TO		 43 public function initialize() {
44 parent::initialize();
45 $this->registerPathVars();
46 }
47
48 /**
49 * Specify the default computation for various paths/URLs.
50 */
51 protected function registerPathVars():void {
716bdc94
TO		 52 $isNormalBoot = function_exists('get_option');
53 if ($isNormalBoot) {
54 // Normal mode - CMS boots first, then calls Civi. "Normal" web pages and newer extern routes.
55 // To simplify the code-paths, some items are re-registered with WP-specific functions.
56 $cmsRoot = function() {
9509977f 57 return [
716bdc94
TO		 58 'path' => untrailingslashit(ABSPATH),
59 'url' => home_url(),
9509977f 60 ];
716bdc94
TO		 61 };
62 Civi::paths()->register('cms', $cmsRoot);
63 Civi::paths()->register('cms.root', $cmsRoot);
716bdc94
TO		 64 Civi::paths()->register('civicrm.root', function () {
65 return [
66 'path' => CIVICRM_PLUGIN_DIR . 'civicrm' . DIRECTORY_SEPARATOR,
67 'url' => CIVICRM_PLUGIN_URL . 'civicrm/',
68 ];
69 });
70 Civi::paths()->register('wp.frontend.base', function () {
71 return [
72 'url' => home_url('/'),
73 ];
74 });
75 Civi::paths()->register('wp.frontend', function () {
76 $config = CRM_Core_Config::singleton();
77 $basepage = get_page_by_path($config->wpBasePage);
78 return [
79 'url' => get_permalink($basepage->ID),
80 ];
81 });
82 Civi::paths()->register('wp.backend.base', function () {
83 return [
84 'url' => admin_url(),
85 ];
86 });
87 Civi::paths()->register('wp.backend', function() {
88 return [
89 'url' => admin_url('admin.php'),
90 ];
91 });
ad428bcd
SL		 92 Civi::paths()->register('civicrm.files', function () {
93 $upload_dir = wp_get_upload_dir();
94
95 $old = CRM_Core_Config::singleton()->userSystem->getDefaultFileStorage();
96 $new = [
97 'path' => $upload_dir['basedir'] . DIRECTORY_SEPARATOR . 'civicrm' . DIRECTORY_SEPARATOR,
98 'url' => $upload_dir['baseurl'] . '/civicrm/',
99 ];
100
101 if ($old['path'] === $new['path']) {
102 return $new;
103 }
104
105 $oldExists = file_exists($old['path']);
106 $newExists = file_exists($new['path']);
107
108 if ($oldExists && !$newExists) {
109 return $old;
110 }
111 elseif (!$oldExists && $newExists) {
112 return $new;
113 }
114 elseif (!$oldExists && !$newExists) {
115 // neither exists. but that's ok. we're in one of these two cases:
116 // - we're just starting installation... which will get sorted in a moment
117 // when someone calls mkdir().
118 // - we're running a bespoke setup... which will get sorted in a moment
119 // by applying $civicrm_paths.
120 return $new;
121 }
122 elseif ($oldExists && $newExists) {
123 // situation ambiguous. encourage admin to set value explicitly.
124 if (!isset($GLOBALS['civicrm_paths']['civicrm.files'])) {
125 \Civi::log()->warning("The system has data from both old+new conventions. Please use civicrm.settings.php to set civicrm.files explicitly.");
126 }
127 return $new;
128 }
129 });
716bdc94
TO		 130 }
131 else {
132 // Legacy support - only relevant for older extern routes.
133 Civi::paths()
134 ->register('wp.frontend.base', function () {
135 return ['url' => rtrim(CIVICRM_UF_BASEURL, '/') . '/'];
136 })
137 ->register('wp.frontend', function () {
138 $config = \CRM_Core_Config::singleton();
139 $suffix = defined('CIVICRM_UF_WP_BASEPAGE') ? CIVICRM_UF_WP_BASEPAGE : $config->wpBasePage;
140 return [
141 'url' => Civi::paths()->getVariable('wp.frontend.base', 'url') . $suffix,
142 ];
143 })
144 ->register('wp.backend.base', function () {
145 return ['url' => rtrim(CIVICRM_UF_BASEURL, '/') . '/wp-admin/'];
146 })
147 ->register('wp.backend', function () {
148 return [
149 'url' => Civi::paths()->getVariable('wp.backend.base', 'url') . 'admin.php',
150 ];
151 });
152 }
9509977f
TO		 153 }
154
6a488035 155 /**
17f443df 156 * @inheritDoc
6a488035 157 */
00be9182 158 public function setTitle($title, $pageTitle = NULL) {
6a488035
TO		 159 if (!$pageTitle) {
160 $pageTitle = $title;
161 }
1beae3b1 162
17f443df
CW		 163 // FIXME: Why is this global?
164 global $civicrm_wp_title;
165 $civicrm_wp_title = $title;
1beae3b1 166
17f443df
CW		 167 // yes, set page title, depending on context
168 $context = civi_wp()->civicrm_context_get();
169 switch ($context) {
170 case 'admin':
171 case 'shortcode':
172 $template = CRM_Core_Smarty::singleton();
173 $template->assign('pageTitle', $pageTitle);
6a488035
TO		 174 }
175 }
176
7ba2c8ad
KC		 177 /**
178 * Moved from CRM_Utils_System_Base
179 */
180 public function getDefaultFileStorage() {
4db100ce
TO		 181 // NOTE: On WordPress, this will be circumvented in the future. However,
182 // should retain it to allow transitional/upgrade code determine the old value.
183
8ce9d9d6
TO		 184 $config = CRM_Core_Config::singleton();
185 $cmsUrl = CRM_Utils_System::languageNegotiationURL($config->userFrameworkBaseURL, FALSE, TRUE);
186 $cmsPath = $this->cmsRootPath();
187 $filesPath = CRM_Utils_File::baseFilePath();
188 $filesRelPath = CRM_Utils_File::relativize($filesPath, $cmsPath);
189 $filesURL = rtrim($cmsUrl, '/') . '/' . ltrim($filesRelPath, ' /');
be2fb01f 190 return [
8ce9d9d6
TO		 191 'url' => CRM_Utils_File::addTrailingSlash($filesURL, '/'),
192 'path' => CRM_Utils_File::addTrailingSlash($filesPath),
be2fb01f 193 ];
8ce9d9d6
TO		 194 }
195
196 /**
197 * Determine the location of the CiviCRM source tree.
198 *
199 * @return array
200 * - url: string. ex: "http://example.com/sites/all/modules/civicrm"
201 * - path: string. ex: "/var/www/sites/all/modules/civicrm"
202 */
203 public function getCiviSourceStorage() {
7ba2c8ad 204 global $civicrm_root;
7ba2c8ad 205
8ce9d9d6
TO		 206 // Don't use $config->userFrameworkBaseURL; it has garbage on it.
207 // More generally, we shouldn't be using $config here.
208 if (!defined('CIVICRM_UF_BASEURL')) {
209 throw new RuntimeException('Undefined constant: CIVICRM_UF_BASEURL');
7ba2c8ad 210 }
8ce9d9d6
TO		 211
212 $cmsPath = $this->cmsRootPath();
213
214 // $config = CRM_Core_Config::singleton();
215 // overkill? // $cmsUrl = CRM_Utils_System::languageNegotiationURL($config->userFrameworkBaseURL, FALSE, TRUE);
216 $cmsUrl = CIVICRM_UF_BASEURL;
217 if (CRM_Utils_System::isSSL()) {
218 $cmsUrl = str_replace('http://', 'https://', $cmsUrl);
7ba2c8ad 219 }
d8182404 220 $civiRelPath = CRM_Utils_File::relativize(realpath($civicrm_root), realpath($cmsPath));
8ce9d9d6 221 $civiUrl = rtrim($cmsUrl, '/') . '/' . ltrim($civiRelPath, ' /');
be2fb01f 222 return [
8ce9d9d6
TO		 223 'url' => CRM_Utils_File::addTrailingSlash($civiUrl, '/'),
224 'path' => CRM_Utils_File::addTrailingSlash($civicrm_root),
be2fb01f 225 ];
7ba2c8ad
KC		 226 }
227
6a488035 228 /**
17f443df 229 * @inheritDoc
6a488035 230 */
00be9182 231 public function appendBreadCrumb($breadCrumbs) {
6a488035
TO		 232 $breadCrumb = wp_get_breadcrumb();
233
234 if (is_array($breadCrumbs)) {
235 foreach ($breadCrumbs as $crumbs) {
236 if (stripos($crumbs['url'], 'id%%')) {
be2fb01f 237 $args = ['cid', 'mid'];
6a488035
TO		 238 foreach ($args as $a) {
239 $val = CRM_Utils_Request::retrieve($a, 'Positive', CRM_Core_DAO::$_nullObject,
240 FALSE, NULL, $_GET
241 );
242 if ($val) {
243 $crumbs['url'] = str_ireplace("%%{$a}%%", $val, $crumbs['url']);
244 }
245 }
246 }
247 $breadCrumb[] = "<a href=\"{$crumbs['url']}\">{$crumbs['title']}</a>";
248 }
249 }
250
251 $template = CRM_Core_Smarty::singleton();
252 $template->assign_by_ref('breadcrumb', $breadCrumb);
253 wp_set_breadcrumb($breadCrumb);
254 }
255
256 /**
17f443df 257 * @inheritDoc
6a488035 258 */
00be9182 259 public function resetBreadCrumb() {
be2fb01f 260 $bc = [];
6a488035
TO		 261 wp_set_breadcrumb($bc);
262 }
263
264 /**
17f443df 265 * @inheritDoc
6a488035 266 */
00be9182 267 public function addHTMLHead($head) {
6a488035
TO		 268 static $registered = FALSE;
269 if (!$registered) {
270 // front-end view
be2fb01f 271 add_action('wp_head', [__CLASS__, '_showHTMLHead']);
6a488035 272 // back-end views
be2fb01f 273 add_action('admin_head', [__CLASS__, '_showHTMLHead']);
227d65b7 274 $registered = TRUE;
6a488035 275 }
be2fb01f 276 CRM_Core_Region::instance('wp_head')->add([
6a488035 277 'markup' => $head,
be2fb01f 278 ]);
6a488035
TO		 279 }
280
17f443df 281 /**
fe482240 282 * WP action callback.
17f443df 283 */
00be9182 284 public static function _showHTMLHead() {
6a488035
TO		 285 $region = CRM_Core_Region::instance('wp_head', FALSE);
286 if ($region) {
287 echo $region->render('');
288 }
289 }
290
291 /**
17f443df 292 * @inheritDoc
6a488035 293 */
00be9182 294 public function mapConfigToSSL() {
6a488035
TO		 295 global $base_url;
296 $base_url = str_replace('http://', 'https://', $base_url);
297 }
298
299 /**
17f443df 300 * @inheritDoc
6a488035 301 */
408b79bf 302 public function url(
6a488035
TO		 303 $path = NULL,
304 $query = NULL,
305 $absolute = FALSE,
306 $fragment = NULL,
6a488035 307 $frontend = FALSE,
8de2a34e
SL		 308 $forceBackend = FALSE,
309 $htmlize = TRUE
6a488035 310 ) {
353ffa53
TO		 311 $config = CRM_Core_Config::singleton();
312 $script = '';
c80e2dbf 313 $separator = '&';
887f5d81 314 $fragment = isset($fragment) ? ('#' . $fragment) : '';
6a488035 315 $path = CRM_Utils_String::stripPathChars($path);
df17aa21 316 $basepage = FALSE;
6a488035 317
cd95cfbe
CW		 318 // FIXME: Why bootstrap in url()?
319 // Generally want to define 1-2 strategic places to put bootstrap.
6a488035 320 if (!function_exists('get_option')) {
d8182404 321 $this->loadBootStrap();
6a488035 322 }
df17aa21 323
cd95cfbe 324 // When on the front-end.
6a488035 325 if ($config->userFrameworkFrontend) {
cd95cfbe
CW		 326
327 // Try and find the "calling" page/post.
df17aa21 328 global $post;
cd95cfbe
CW		 329 if ($post) {
330 $script = get_permalink($post->ID);
331 if ($config->wpBasePage == $post->post_name) {
332 $basepage = TRUE;
6a488035
TO		 333 }
334 }
cd95cfbe 335
6a488035 336 }
cd95cfbe 337 else {
6a488035 338
cd95cfbe
CW		 339 // Get the Base Page URL for building front-end URLs.
340 if ($frontend && !$forceBackend) {
341 $script = $this->getBasePageUrl();
342 $basepage = TRUE;
343 }
887f5d81 344
887f5d81
TO		 345 }
346
cd95cfbe
CW		 347 // Get either the relative Base Page URL or the relative Admin Page URL.
348 $base = $this->getBaseUrl($absolute, $frontend, $forceBackend);
349
350 // Overwrite base URL if we already have a front-end URL.
351 if (!$forceBackend && $script != '') {
887f5d81 352 $base = $script;
6a488035
TO		 353 }
354
be2fb01f 355 $queryParts = [];
cd95cfbe 356 $admin_request = ((is_admin() && !$frontend) || $forceBackend);
df17aa21 357
df17aa21 358 if (
cd95cfbe 359 // If not using Clean URLs.
df17aa21 360 !$config->cleanURL
cd95cfbe
CW		 361 // Or requesting an admin URL.
362 || $admin_request
363 // Or this is a Shortcode.
df17aa21
CW		 364 || (!$basepage && $script != '')
365 ) {
366
cd95cfbe
CW		 367 // Build URL according to pre-existing logic.
368 if (!empty($path)) {
25bd5735 369 // Admin URLs still need "page=CiviCRM", front-end URLs do not.
cd95cfbe 370 if ($admin_request) {
25bd5735
CW		 371 $queryParts[] = 'page=CiviCRM';
372 }
373 else {
374 $queryParts[] = 'civiwp=CiviCRM';
375 }
cdef34e0 376 $queryParts[] = 'q=' . rawurlencode($path);
df17aa21 377 }
ffa62912 378 if (!empty($query)) {
df17aa21
CW		 379 $queryParts[] = $query;
380 }
381
cd95cfbe
CW		 382 // Append our query parts, taking Permlink Structure into account.
383 if (get_option('permalink_structure') == '' && !$admin_request) {
384 $final = $base . $separator . implode($separator, $queryParts) . $fragment;
385 }
386 else {
387 $final = $base . '?' . implode($separator, $queryParts) . $fragment;
388 }
df17aa21 389
887f5d81 390 }
df17aa21
CW		 391 else {
392
cd95cfbe
CW		 393 // Build Clean URL.
394 if (!empty($path)) {
df17aa21
CW		 395 $base = trailingslashit($base) . str_replace('civicrm/', '', $path) . '/';
396 }
cd95cfbe 397 if (!empty($query)) {
df17aa21
CW		 398 $query = ltrim($query, '=?&');
399 $queryParts[] = $query;
400 }
401
402 if (!empty($queryParts)) {
403 $final = $base . '?' . implode($separator, $queryParts) . $fragment;
404 }
405 else {
406 $final = $base . $fragment;
407 }
408
6a488035
TO		 409 }
410
df17aa21 411 return $final;
887f5d81
TO		 412 }
413
bb3a214a 414 /**
cd95cfbe 415 * Get either the relative Base Page URL or the relative Admin Page URL.
f553d1ea 416 *
cd95cfbe
CW		 417 * @param bool $absolute
418 * Whether to force the output to be an absolute link beginning with http(s).
419 * @param bool $frontend
420 * True if this link should be to the CMS front end.
421 * @param bool $forceBackend
422 * True if this link should be to the CMS back end.
bb3a214a
EM		 423 *
424 * @return mixed|null|string
425 */
cd95cfbe 426 public function getBaseUrl($absolute, $frontend, $forceBackend) {
353ffa53 427 $config = CRM_Core_Config::singleton();
6a488035 428 if ((is_admin() && !$frontend) || $forceBackend) {
f553d1ea 429 return Civi::paths()->getUrl('[wp.backend]/.', $absolute ? 'absolute' : 'relative');
6a488035 430 }
f553d1ea
KC		 431 else {
432 return Civi::paths()->getUrl('[wp.frontend]/.', $absolute ? 'absolute' : 'relative');
36b820ae 433 }
01aca362 434 }
6a488035 435
cd95cfbe
CW		 436 /**
437 * Get the URL of the WordPress Base Page.
438 *
439 * @return string|bool
440 * The Base Page URL, or false on failure.
441 */
442 public function getBasePageUrl() {
443 static $basepage_url = '';
444 if ($basepage_url === '') {
445
446 // Get the Base Page config setting.
447 $config = CRM_Core_Config::singleton();
448 $basepage_slug = $config->wpBasePage;
449
450 // Did we get a value?
451 if (!empty($basepage_slug)) {
452
453 // Query for our Base Page.
454 $pages = get_posts([
455 'post_type' => 'page',
456 'name' => strtolower($basepage_slug),
457 'post_status' => 'publish',
458 'posts_per_page' => 1,
459 ]);
460
461 // Find the Base Page object and set the URL.
462 if (!empty($pages) && is_array($pages)) {
463 $basepage = array_pop($pages);
464 if ($basepage instanceof WP_Post) {
465 $basepage_url = get_permalink($basepage->ID);
466 }
467 }
468
469 }
470
471 }
472
473 return $basepage_url;
474 }
475
476 /**
477 * @inheritDoc
478 */
479 public function getNotifyUrl(
480 $path = NULL,
481 $query = NULL,
482 $absolute = FALSE,
483 $fragment = NULL,
484 $frontend = FALSE,
485 $forceBackend = FALSE,
486 $htmlize = TRUE
487 ) {
488 $config = CRM_Core_Config::singleton();
489 $separator = '&';
490 $fragment = isset($fragment) ? ('#' . $fragment) : '';
491 $path = CRM_Utils_String::stripPathChars($path);
492 $queryParts = [];
493
494 // Get the Base Page URL.
495 $base = $this->getBasePageUrl();
496
497 // If not using Clean URLs.
498 if (!$config->cleanURL) {
499
500 // Build URL according to pre-existing logic.
501 if (!empty($path)) {
502 $queryParts[] = 'civiwp=CiviCRM';
503 $queryParts[] = 'q=' . rawurlencode($path);
504 }
505 if (!empty($query)) {
506 $queryParts[] = $query;
507 }
508
509 // Append our query parts, taking Permlink Structure into account.
510 if (get_option('permalink_structure') == '') {
511 $final = $base . $separator . implode($separator, $queryParts) . $fragment;
512 }
513 else {
514 $final = $base . '?' . implode($separator, $queryParts) . $fragment;
515 }
516
517 }
518 else {
519
520 // Build Clean URL.
521 if (!empty($path)) {
522 $base = trailingslashit($base) . str_replace('civicrm/', '', $path) . '/';
523 }
524 if (!empty($query)) {
525 $query = ltrim($query, '=?&');
526 $queryParts[] = $query;
527 }
528
529 if (!empty($queryParts)) {
530 $final = $base . '?' . implode($separator, $queryParts) . $fragment;
531 }
532 else {
533 $final = $base . $fragment;
534 }
535
536 }
537
538 return $final;
539 }
540
6a488035 541 /**
17f443df 542 * @inheritDoc
6a488035 543 */
00be9182 544 public function authenticate($name, $password, $loadCMSBootstrap = FALSE, $realPath = NULL) {
6a488035
TO		 545 $config = CRM_Core_Config::singleton();
546
547 if ($loadCMSBootstrap) {
9ba02e3e
TO		 548 $config->userSystem->loadBootStrap([
549 'name' => $name,
550 'pass' => $password,
551 ]);
6a488035
TO		 552 }
553
554 $user = wp_authenticate($name, $password);
555 if (is_a($user, 'WP_Error')) {
556 return FALSE;
557 }
558
17f443df 559 // TODO: need to change this to make sure we matched only one row
6a488035
TO		 560
561 CRM_Core_BAO_UFMatch::synchronizeUFMatch($user->data, $user->data->ID, $user->data->user_email, 'WordPress');
562 $contactID = CRM_Core_BAO_UFMatch::getContactId($user->data->ID);
563 if (!$contactID) {
564 return FALSE;
565 }
be2fb01f 566 return [$contactID, $user->data->ID, mt_rand()];
6a488035
TO		 567 }
568
569 /**
17f443df 570 * FIXME: Do something
ea3ddccf 571 *
572 * @param string $message
6a488035 573 */
00be9182 574 public function setMessage($message) {
6a488035
TO		 575 }
576
bb3a214a 577 /**
b596c3e9 578 * @param \string $user
ea3ddccf 579 *
580 * @return bool
bb3a214a 581 */
e7292422 582 public function loadUser($user) {
b596c3e9 583 $userdata = get_user_by('login', $user);
584 if (!$userdata->data->ID) {
7ca9cd52 585 return FALSE;
b596c3e9 586 }
587
588 $uid = $userdata->data->ID;
589 wp_set_current_user($uid);
590 $contactID = CRM_Core_BAO_UFMatch::getContactId($uid);
591
592 // lets store contact id and user id in session
593 $session = CRM_Core_Session::singleton();
594 $session->set('ufID', $uid);
595 $session->set('userID', $contactID);
e7292422 596 return TRUE;
6a488035
TO		 597 }
598
17f443df
CW		 599 /**
600 * FIXME: Use CMS-native approach
309310bf 601 * @throws \CRM_Core_Exception
17f443df 602 */
00be9182 603 public function permissionDenied() {
34d96c0a 604 status_header(403);
309310bf 605 throw new CRM_Core_Exception(ts('You do not have permission to access this page.'));
6a488035
TO		 606 }
607
8ee9bea9
SL		 608 /**
609 * Determine the native ID of the CMS user.
610 *
611 * @param string $username
e97c66ff 612 *
613 * @return int|null
8ee9bea9
SL		 614 */
615 public function getUfId($username) {
616 $userdata = get_user_by('login', $username);
617 if (!$userdata->data->ID) {
618 return NULL;
619 }
620 return $userdata->data->ID;
621 }
622
17f443df
CW		 623 /**
624 * @inheritDoc
625 */
00be9182 626 public function logout() {
6a488035
TO		 627 // destroy session
628 if (session_id()) {
629 session_destroy();
630 }
631 wp_logout();
632 wp_redirect(wp_login_url());
633 }
634
6a488035 635 /**
17f443df 636 * @inheritDoc
6a488035 637 */
00be9182 638 public function getUFLocale() {
742eb5c6
CW		 639 // Bail early if method is called when WordPress isn't bootstrapped.
640 // Additionally, the function checked here is located in pluggable.php
641 // and is required by wp_get_referer() - so this also bails early if it is
642 // called too early in the request lifecycle.
643 // @see https://core.trac.wordpress.org/ticket/25294
644 if (!function_exists('wp_validate_redirect')) {
645 return NULL;
cba2601a 646 }
742eb5c6
CW		 647
648 // Default to WordPress User locale.
649 $locale = get_user_locale();
650
651 // Is this a "back-end" AJAX call?
652 $is_backend = FALSE;
653 if (wp_doing_ajax() && FALSE !== strpos(wp_get_referer(), admin_url())) {
654 $is_backend = TRUE;
19780d2b 655 }
742eb5c6
CW		 656
657 // Ignore when in WordPress admin or it's a "back-end" AJAX call.
658 if (!(is_admin() || $is_backend)) {
659
660 // Reaching here means it is very likely to be a front-end context.
661
662 // Default to WordPress locale.
663 $locale = get_locale();
664
665 // Maybe override with the locale that Polylang reports.
666 if (function_exists('pll_current_language')) {
667 $pll_locale = pll_current_language('locale');
668 if (!empty($pll_locale)) {
669 $locale = $pll_locale;
670 }
671 }
672
673 // Maybe override with the locale that WPML reports.
674 elseif (defined('ICL_LANGUAGE_CODE')) {
675 $languages = apply_filters('wpml_active_languages', NULL);
676 foreach ($languages as $language) {
677 if ($language['active']) {
678 $locale = $language['default_locale'];
679 break;
680 }
681 }
682 }
683
684 // TODO: Set locale for other WordPress plugins.
685 // @see https://wordpress.org/plugins/tags/multilingual/
686 // A hook would be nice here.
687
2c3d151b 688 }
19780d2b 689
742eb5c6
CW		 690 if (!empty($locale)) {
691 // If for some reason only we get a language code, convert it to a locale.
692 if (2 === strlen($locale)) {
693 $locale = CRM_Core_I18n_PseudoConstant::longForShort($locale);
694 }
695 return $locale;
0db6c3e1
TO		 696 }
697 else {
19780d2b
DL		 698 return NULL;
699 }
6a488035
TO		 700 }
701
fd1f3a26
SV		 702 /**
703 * @inheritDoc
704 */
705 public function setUFLocale($civicrm_language) {
706 // TODO (probably not possible with WPML?)
707 return TRUE;
708 }
709
6a488035 710 /**
fe482240 711 * Load wordpress bootstrap.
6a488035 712 *
9ba02e3e
TO		 713 * @param array $params
714 * Optional credentials
715 * - name: string, cms username
716 * - pass: string, cms password
6714d8d2
SL		 717 * @param bool $loadUser
718 * @param bool $throwError
719 * @param mixed $realPath
f4aaa82a
EM		 720 *
721 * @return bool
309310bf 722 * @throws \CRM_Core_Exception
6a488035 723 */
be2fb01f 724 public function loadBootStrap($params = [], $loadUser = TRUE, $throwError = TRUE, $realPath = NULL) {
05fcde76 725 global $wp, $wp_rewrite, $wp_the_query, $wp_query, $wpdb, $current_site, $current_blog, $current_user;
6a488035 726
9c1bc317
CW		 727 $name = $params['name'] ?? NULL;
728 $pass = $params['pass'] ?? NULL;
9ba02e3e 729
7a44e49f 730 if (!defined('WP_USE_THEMES')) {
c5f77355 731 define('WP_USE_THEMES', FALSE);
7a44e49f 732 }
6a488035
TO		 733
734 $cmsRootPath = $this->cmsRootPath();
735 if (!$cmsRootPath) {
309310bf 736 throw new CRM_Core_Exception("Could not find the install directory for WordPress");
6a488035 737 }
aaffa79f 738 $path = Civi::settings()->get('wpLoadPhp');
b299b1cc 739 if (!empty($path)) {
35da5d8d 740 require_once $path;
b299b1cc
KC		 741 }
742 elseif (file_exists($cmsRootPath . DIRECTORY_SEPARATOR . 'wp-load.php')) {
35da5d8d 743 require_once $cmsRootPath . DIRECTORY_SEPARATOR . 'wp-load.php';
b299b1cc
KC		 744 }
745 else {
309310bf 746 throw new CRM_Core_Exception("Could not find the bootstrap file for WordPress");
35da5d8d 747 }
6491539b
DL		 748 $wpUserTimezone = get_option('timezone_string');
749 if ($wpUserTimezone) {
750 date_default_timezone_set($wpUserTimezone);
751 CRM_Core_Config::singleton()->userSystem->setMySQLTimeZone();
752 }
e7292422 753 require_once $cmsRootPath . DIRECTORY_SEPARATOR . 'wp-includes/pluggable.php';
9c1bc317 754 $uid = $params['uid'] ?? NULL;
17763922
WA		 755 if (!$uid) {
756 $name = $name ? $name : trim(CRM_Utils_Array::value('name', $_REQUEST));
757 $pass = $pass ? $pass : trim(CRM_Utils_Array::value('pass', $_REQUEST));
758 if ($name) {
d8182404 759 $uid = wp_authenticate($name, $pass);
17763922
WA		 760 if (!$uid) {
761 if ($throwError) {
762 echo '<br />Sorry, unrecognized username or password.';
763 exit();
764 }
765 return FALSE;
766 }
767 }
768 }
fe1e7958 769 if ($uid) {
a4111333
CW		 770 if ($uid instanceof WP_User) {
771 $account = wp_set_current_user($uid->ID);
c5f77355
CW		 772 }
773 else {
a4111333
CW		 774 $account = wp_set_current_user($uid);
775 }
fe1e7958 776 if ($account && $account->data->ID) {
777 global $user;
778 $user = $account;
779 return TRUE;
780 }
781 }
e7292422 782 return TRUE;
6a488035
TO		 783 }
784
bb3a214a 785 /**
a2f24340 786 * @param string $dir
bb3a214a
EM		 787 *
788 * @return bool
789 */
00be9182 790 public function validInstallDir($dir) {
dfbcf0b7 791 $includePath = "$dir/wp-includes";
468176f6 792 if (@file_exists("$includePath/version.php")) {
dfbcf0b7
DL		 793 return TRUE;
794 }
795 return FALSE;
796 }
797
bb3a214a
EM		 798 /**
799 * Determine the location of the CMS root.
800 *
72b3a70c
CW		 801 * @return string|NULL
802 * local file system path to CMS root, or NULL if it cannot be determined
bb3a214a 803 */
00be9182 804 public function cmsRootPath() {
02bfbc78
CW		 805
806 // Return early if the path is already set.
a93a0366
TO		 807 global $civicrm_paths;
808 if (!empty($civicrm_paths['cms.root']['path'])) {
809 return $civicrm_paths['cms.root']['path'];
810 }
811
02bfbc78 812 // Return early if constant has been defined.
dfbcf0b7
DL		 813 if (defined('CIVICRM_CMSDIR')) {
814 if ($this->validInstallDir(CIVICRM_CMSDIR)) {
02bfbc78 815 return CIVICRM_CMSDIR;
dfbcf0b7 816 }
6a488035 817 }
02bfbc78
CW		 818
819 // Return early if path to wp-load.php can be retrieved from settings.
820 $setting = Civi::settings()->get('wpLoadPhp');
821 if (!empty($setting)) {
57811df8
KC		 822 $path = str_replace('wp-load.php', '', $setting);
823 $cmsRoot = rtrim($path, '/\\');
02bfbc78
CW		 824 if ($this->validInstallDir($cmsRoot)) {
825 return $cmsRoot;
826 }
827 }
828
829 /*
830 * Keep previous logic as fallback of last resort.
831 *
832 * At some point, it would be good to remove this because there are serious
833 * problems in correctly locating WordPress in this manner. In summary, it
834 * is impossible to do so reliably.
835 *
836 * @see https://github.com/civicrm/civicrm-wordpress/pull/63#issuecomment-61792328
837 * @see https://github.com/civicrm/civicrm-core/pull/11086#issuecomment-335454992
838 */
839 $cmsRoot = $valid = NULL;
840
841 $pathVars = explode('/', str_replace('\\', '/', $_SERVER['SCRIPT_FILENAME']));
842
843 // Might be Windows installation.
844 $firstVar = array_shift($pathVars);
845 if ($firstVar) {
846 $cmsRoot = $firstVar;
847 }
848
849 // Start with CMS dir search.
850 foreach ($pathVars as $var) {
851 $cmsRoot .= "/$var";
852 if ($this->validInstallDir($cmsRoot)) {
853 // Stop as we found bootstrap.
854 $valid = TRUE;
855 break;
856 }
6a488035
TO		 857 }
858
859 return ($valid) ? $cmsRoot : NULL;
860 }
861
bb3a214a 862 /**
17f443df 863 * @inheritDoc
bb3a214a 864 */
00be9182 865 public function createUser(&$params, $mail) {
be2fb01f 866 $user_data = [
6a488035 867 'ID' => '',
6a488035
TO		 868 'user_login' => $params['cms_name'],
869 'user_email' => $params[$mail],
870 'nickname' => $params['cms_name'],
871 'role' => get_option('default_role'),
be2fb01f 872 ];
4bee1744
CW		 873
874 // If there's a password add it, otherwise generate one.
875 if (!empty($params['cms_pass'])) {
876 $user_data['user_pass'] = $params['cms_pass'];
877 }
878 else {
879 $user_data['user_pass'] = wp_generate_password(12, FALSE);;
880 }
881
882 // Assign WordPress User "name" field(s).
6a488035
TO		 883 if (isset($params['contactID'])) {
884 $contactType = CRM_Contact_BAO_Contact::getContactType($params['contactID']);
885 if ($contactType == 'Individual') {
886 $user_data['first_name'] = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact',
887 $params['contactID'], 'first_name'
888 );
889 $user_data['last_name'] = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact',
890 $params['contactID'], 'last_name'
891 );
892 }
4bee1744
CW		 893 if ($contactType == 'Organization') {
894 $user_data['first_name'] = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact',
895 $params['contactID'], 'organization_name'
896 );
897 }
898 if ($contactType == 'Household') {
899 $user_data['first_name'] = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact',
900 $params['contactID'], 'household_name'
901 );
902 }
6a488035
TO		 903 }
904
4bee1744
CW		 905 /**
906 * Broadcast that CiviCRM is about to create a WordPress User.
907 *
908 * @since 5.37
909 */
910 do_action('civicrm_pre_create_user');
911
912 // Remove the CiviCRM-WordPress listeners.
633d5122 913 $this->hooks_core_remove();
6a488035 914
4bee1744
CW		 915 // Now go ahead and create a WordPress User.
916 $uid = wp_insert_user($user_data);
6a488035 917
4bee1744
CW		 918 /*
919 * Call wp_signon if we aren't already logged in.
920 * For example, we might be creating a new user from the Contact record.
921 */
633d5122 922 if (!current_user_can('create_users')) {
4bee1744
CW		 923 $creds = [];
924 $creds['user_login'] = $params['cms_name'];
4fc945ae 925 $creds['user_password'] = $user_data['user_pass'];
4bee1744 926 $creds['remember'] = TRUE;
4fc945ae
DH		 927
928 // @todo handle a wp_signon failure
633d5122
ML		 929 wp_signon($creds, FALSE);
930 }
931
4bee1744 932 // Fire the new user action. Sends notification email by default.
633d5122 933 do_action('register_new_user', $uid);
4bee1744
CW		 934
935 // Restore the CiviCRM-WordPress listeners.
633d5122
ML		 936 $this->hooks_core_add();
937
4bee1744
CW		 938 /**
939 * Broadcast that CiviCRM has creates a WordPress User.
940 *
941 * @since 5.37
942 */
943 do_action('civicrm_post_create_user');
944
6a488035
TO		 945 return $uid;
946 }
947
f4aaa82a 948 /**
17f443df 949 * @inheritDoc
6a488035 950 */
00be9182 951 public function updateCMSName($ufID, $ufName) {
6a488035
TO		 952 // CRM-10620
953 if (function_exists('wp_update_user')) {
353ffa53 954 $ufID = CRM_Utils_Type::escape($ufID, 'Integer');
6a488035
TO		 955 $ufName = CRM_Utils_Type::escape($ufName, 'String');
956
be2fb01f 957 $values = ['ID' => $ufID, 'user_email' => $ufName];
481a74f4
TO		 958 if ($ufID) {
959 wp_update_user($values);
6a488035
TO		 960 }
961 }
962 }
963
bb3a214a 964 /**
c490a46a 965 * @param array $params
a2f24340 966 * @param array $errors
bb3a214a
EM		 967 * @param string $emailName
968 */
00be9182 969 public function checkUserNameEmailExists(&$params, &$errors, $emailName = 'email') {
6a488035
TO		 970 $config = CRM_Core_Config::singleton();
971
353ffa53
TO		 972 $dao = new CRM_Core_DAO();
973 $name = $dao->escape(CRM_Utils_Array::value('name', $params));
6a488035
TO		 974 $email = $dao->escape(CRM_Utils_Array::value('mail', $params));
975
a7488080 976 if (!empty($params['name'])) {
6a488035
TO		 977 if (!validate_username($params['name'])) {
978 $errors['cms_name'] = ts("Your username contains invalid characters");
979 }
980 elseif (username_exists(sanitize_user($params['name']))) {
be2fb01f 981 $errors['cms_name'] = ts('The username %1 is already taken. Please select another username.', [1 => $params['name']]);
6a488035
TO		 982 }
983 }
984
a7488080 985 if (!empty($params['mail'])) {
6a488035 986 if (!is_email($params['mail'])) {
ba0f343d 987 $errors[$emailName] = ts("Your email is invalid");
6a488035
TO		 988 }
989 elseif (email_exists($params['mail'])) {
db18d815 990 $errors[$emailName] = ts('The email address %1 already has an account associated with it. <a href="%2">Have you forgotten your password?</a>',
be2fb01f 991 [1 => $params['mail'], 2 => wp_lostpassword_url()]
6a488035
TO		 992 );
993 }
994 }
995 }
996
997 /**
17f443df 998 * @inheritDoc
6a488035
TO		 999 */
1000 public function isUserLoggedIn() {
1001 $isloggedIn = FALSE;
1002 if (function_exists('is_user_logged_in')) {
1003 $isloggedIn = is_user_logged_in();
1004 }
1005
1006 return $isloggedIn;
1007 }
1008
8caad0ce 1009 /**
1010 * @inheritDoc
1011 */
1012 public function isUserRegistrationPermitted() {
1013 if (!get_option('users_can_register')) {
1014 return FALSE;
1015 }
1016 return TRUE;
1017 }
1018
63df6889
HD		 1019 /**
1020 * @inheritDoc
1021 */
1a6630be 1022 public function isPasswordUserGenerated() {
633d5122 1023 return FALSE;
63df6889
HD		 1024 }
1025
bb3a214a
EM		 1026 /**
1027 * @return mixed
1028 */
00be9182 1029 public function getLoggedInUserObject() {
2b617cb0 1030 if (function_exists('is_user_logged_in') &&
353ffa53
TO		 1031 is_user_logged_in()
1032 ) {
2b617cb0
EM		 1033 global $current_user;
1034 }
1035 return $current_user;
1036 }
353ffa53 1037
6a488035 1038 /**
17f443df 1039 * @inheritDoc
6a488035
TO		 1040 */
1041 public function getLoggedInUfID() {
1042 $ufID = NULL;
2b617cb0 1043 $current_user = $this->getLoggedInUserObject();
2e1f50d6 1044 return $current_user->ID ?? NULL;
2b617cb0
EM		 1045 }
1046
1047 /**
17f443df 1048 * @inheritDoc
2b617cb0 1049 */
00be9182 1050 public function getLoggedInUniqueIdentifier() {
2b617cb0
EM		 1051 $user = $this->getLoggedInUserObject();
1052 return $this->getUniqueIdentifierFromUserObject($user);
6a488035
TO		 1053 }
1054
32998c82
EM		 1055 /**
1056 * Get User ID from UserFramework system (Joomla)
77855840
TO		 1057 * @param object $user
1058 * Object as described by the CMS.
72b3a70c
CW		 1059 *
1060 * @return int|null
32998c82 1061 */
00be9182 1062 public function getUserIDFromUserObject($user) {
32998c82
EM		 1063 return !empty($user->ID) ? $user->ID : NULL;
1064 }
1065
2b617cb0 1066 /**
17f443df 1067 * @inheritDoc
2b617cb0 1068 */
00be9182 1069 public function getUniqueIdentifierFromUserObject($user) {
2b617cb0
EM		 1070 return empty($user->user_email) ? NULL : $user->user_email;
1071 }
1072
6a488035 1073 /**
17f443df 1074 * @inheritDoc
6a488035
TO		 1075 */
1076 public function getLoginURL($destination = '') {
7cecea88 1077 return wp_login_url($destination);
6a488035
TO		 1078 }
1079
bb3a214a 1080 /**
ad37ac8e 1081 * @param \CRM_Core_Form $form
1082 *
1083 * @return NULL|string
bb3a214a 1084 */
6a488035 1085 public function getLoginDestination(&$form) {
7cecea88
AS		 1086 $args = NULL;
1087
1088 $id = $form->get('id');
1089 if ($id) {
1090 $args .= "&id=$id";
1091 }
1092 else {
1093 $gid = $form->get('gid');
1094 if ($gid) {
1095 $args .= "&gid=$gid";
1096 }
1097 else {
1098 // Setup Personal Campaign Page link uses pageId
1099 $pageId = $form->get('pageId');
1100 if ($pageId) {
1101 $component = $form->get('component');
1102 $args .= "&pageId=$pageId&component=$component&action=add";
1103 }
1104 }
1105 }
1106
1107 $destination = NULL;
1108 if ($args) {
1109 // append destination so user is returned to form they came from after login
1110 $destination = CRM_Utils_System::url(CRM_Utils_System::currentPath(), 'reset=1' . $args);
1111 }
1112 return $destination;
6a488035
TO		 1113 }
1114
1115 /**
17f443df 1116 * @inheritDoc
6a488035 1117 */
00be9182 1118 public function getVersion() {
6a488035
TO		 1119 if (function_exists('get_bloginfo')) {
1120 return get_bloginfo('version', 'display');
1121 }
1122 else {
1123 return 'Unknown';
1124 }
1125 }
6491539b
DL		 1126
1127 /**
17f443df 1128 * @inheritDoc
6491539b 1129 */
00be9182 1130 public function getTimeZoneString() {
6491539b
DL		 1131 return get_option('timezone_string');
1132 }
59f97da6
EM		 1133
1134 /**
17f443df 1135 * @inheritDoc
59f97da6 1136 */
00be9182 1137 public function getUserRecordUrl($contactID) {
59f97da6 1138 $uid = CRM_Core_BAO_UFMatch::getUFId($contactID);
353ffa53 1139 if (CRM_Core_Session::singleton()
6714d8d2 1140 ->get('userID') == $contactID || CRM_Core_Permission::checkAnyPerm(['cms:administer users'])
353ffa53 1141 ) {
59f97da6
EM		 1142 return CRM_Core_Config::singleton()->userFrameworkBaseURL . "wp-admin/user-edit.php?user_id=" . $uid;
1143 }
1144 }
96025800 1145
469d8dab
CW		 1146 /**
1147 * Append WP js to coreResourcesList.
ad37ac8e 1148 *
303017a1 1149 * @param \Civi\Core\Event\GenericHookEvent $e
469d8dab 1150 */
303017a1
CW		 1151 public function appendCoreResources(\Civi\Core\Event\GenericHookEvent $e) {
1152 $e->list[] = 'js/crm.wordpress.js';
469d8dab
CW		 1153 }
1154
03d5592a
CW		 1155 /**
1156 * @inheritDoc
62c20d1e
CW		 1157 */
1158 public function alterAssetUrl(\Civi\Core\Event\GenericHookEvent $e) {
1159 // Set menubar breakpoint to match WP admin theme
1160 if ($e->asset == 'crm-menubar.css') {
1161 $e->params['breakpoint'] = 783;
1162 }
1163 }
1164
633d5122
ML		 1165 /**
1166 * @inheritDoc
1167 */
1168 public function checkPermissionAddUser() {
1169 return current_user_can('create_users');
1170 }
1171
62c20d1e
CW		 1172 /**
1173 * @inheritDoc
03d5592a
CW		 1174 */
1175 public function synchronizeUsers() {
1176 $config = CRM_Core_Config::singleton();
1177 if (PHP_SAPI != 'cli') {
1178 set_time_limit(300);
1179 }
1180 $id = 'ID';
1181 $mail = 'user_email';
1182
1183 $uf = $config->userFramework;
1184 $contactCount = 0;
1185 $contactCreated = 0;
1186 $contactMatching = 0;
1187
5b4ee130
CW		 1188 // Previously used the $wpdb global - which means WordPress *must* be bootstrapped.
1189 $wpUsers = get_users(array(
1190 'blog_id' => get_current_blog_id(),
1191 'number' => -1,
1192 ));
03d5592a 1193
5b4ee130 1194 foreach ($wpUsers as $wpUserData) {
03d5592a
CW		 1195 $contactCount++;
1196 if ($match = CRM_Core_BAO_UFMatch::synchronizeUFMatch($wpUserData,
1197 $wpUserData->$id,
1198 $wpUserData->$mail,
1199 $uf,
1200 1,
1201 'Individual',
1202 TRUE
1203 )
1204 ) {
1205 $contactCreated++;
1206 }
1207 else {
1208 $contactMatching++;
1209 }
5b4ee130
CW		 1210 if (is_object($match)) {
1211 $match->free();
1212 }
03d5592a
CW		 1213 }
1214
be2fb01f 1215 return [
03d5592a
CW		 1216 'contactCount' => $contactCount,
1217 'contactMatching' => $contactMatching,
1218 'contactCreated' => $contactCreated,
be2fb01f 1219 ];
03d5592a
CW		 1220 }
1221
79dd7fe9 1222 /**
46dddc5c
SL		 1223 * Send an HTTP Response base on PSR HTTP RespnseInterface response.
1224 *
1225 * @param \Psr\Http\Message\ResponseInterface $response
79dd7fe9 1226 */
46dddc5c
SL		 1227 public function sendResponse(\Psr\Http\Message\ResponseInterface $response) {
1228 // use WordPress function status_header to ensure 404 response is sent
1229 status_header($response->getStatusCode());
90f6c8df
SL		 1230 foreach ($response->getHeaders() as $name => $values) {
1231 CRM_Utils_System::setHttpHeader($name, implode(', ', (array) $values));
79dd7fe9 1232 }
46dddc5c
SL		 1233 echo $response->getBody();
1234 CRM_Utils_System::civiExit();
79dd7fe9
SL		 1235 }
1236
b07855e9
CW		 1237 /**
1238 * Start a new session if there's no existing session ID.
1239 *
1240 * Checks are needed to prevent sessions being started when not necessary.
1241 */
1242 public function sessionStart() {
1243 $session_id = session_id();
1244
1245 // Check WordPress pseudo-cron.
1246 $wp_cron = FALSE;
1247 if (function_exists('wp_doing_cron') && wp_doing_cron()) {
1248 $wp_cron = TRUE;
1249 }
1250
1251 // Check WP-CLI.
1252 $wp_cli = FALSE;
1253 if (defined('WP_CLI') && WP_CLI) {
1254 $wp_cli = TRUE;
1255 }
1256
1257 // Check PHP on the command line - e.g. `cv`.
1258 $php_cli = TRUE;
1259 if (PHP_SAPI !== 'cli') {
1260 $php_cli = FALSE;
1261 }
1262
1263 // Maybe start session.
1264 if (empty($session_id) && !$wp_cron && !$wp_cli && !$php_cli) {
1265 session_start();
1266 }
1267 }
1268
bef5923d
CW		 1269 /**
1270 * Perform any necessary actions prior to redirecting via POST.
1271 *
1272 * Redirecting via POST means that cookies need to be sent with SameSite=None.
1273 */
1274 public function prePostRedirect() {
1275 // Get User Agent string.
1276 $rawUserAgent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
1277 $userAgent = mb_convert_encoding($rawUserAgent, 'UTF-8');
1278
1279 // Bail early if User Agent does not support `SameSite=None`.
1280 $shouldUseSameSite = CRM_Utils_SameSite::shouldSendSameSiteNone($userAgent);
1281 if (!$shouldUseSameSite) {
1282 return;
1283 }
1284
1285 // Make sure session cookie is present in header.
1286 $cookie_params = session_name() . '=' . session_id() . '; SameSite=None; Secure';
1287 CRM_Utils_System::setHttpHeader('Set-Cookie', $cookie_params);
1288
1289 // Add WordPress auth cookies when user is logged in.
1290 $user = wp_get_current_user();
1291 if ($user->exists()) {
1292 self::setAuthCookies($user->ID, TRUE, TRUE);
1293 }
1294 }
1295
1296 /**
1297 * Explicitly set WordPress authentication cookies.
1298 *
1299 * Chrome 84 introduced a cookie policy change which prevents cookies for the
1300 * session and for WordPress user authentication from being indentified when
1301 * a purchaser returns to the site from PayPal using the "Back to Merchant"
1302 * button.
1303 *
1304 * In order to comply with this policy, cookies need to be sent with their
1305 * "SameSite" attribute set to "None" and with the "Secure" flag set, but this
1306 * isn't possible to do via `wp_set_auth_cookie()` as it stands.
1307 *
1308 * This method is a modified clone of `wp_set_auth_cookie()` which satisfies
1309 * the Chrome policy.
1310 *
1311 * @see wp_set_auth_cookie()
1312 *
1313 * The $remember parameter increases the time that the cookie will be kept. The
1314 * default the cookie is kept without remembering is two days. When $remember is
1315 * set, the cookies will be kept for 14 days or two weeks.
1316 *
1317 * @param int $user_id The WordPress User ID.
1318 * @param bool $remember Whether to remember the user.
1319 * @param bool|string $secure Whether the auth cookie should only be sent over
1320 * HTTPS. Default is an empty string which means the
1321 * value of `is_ssl()` will be used.
1322 * @param string $token Optional. User's session token to use for this cookie.
1323 */
1324 private function setAuthCookies($user_id, $remember = FALSE, $secure = '', $token = '') {
1325 if ($remember) {
1326 /** This filter is documented in wp-includes/pluggable.php */
1327 $expiration = time() + apply_filters('auth_cookie_expiration', 14 * DAY_IN_SECONDS, $user_id, $remember);
1328
1329 /*
1330 * Ensure the browser will continue to send the cookie after the expiration time is reached.
1331 * Needed for the login grace period in wp_validate_auth_cookie().
1332 */
1333 $expire = $expiration + (12 * HOUR_IN_SECONDS);
1334 }
1335 else {
1336 /** This filter is documented in wp-includes/pluggable.php */
1337 $expiration = time() + apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember);
1338 $expire = 0;
1339 }
1340
1341 if ('' === $secure) {
1342 $secure = is_ssl();
1343 }
1344
1345 // Front-end cookie is secure when the auth cookie is secure and the site's home URL is forced HTTPS.
1346 $secure_logged_in_cookie = $secure && 'https' === parse_url(get_option('home'), PHP_URL_SCHEME);
1347
1348 /** This filter is documented in wp-includes/pluggable.php */
1349 $secure = apply_filters('secure_auth_cookie', $secure, $user_id);
1350
1351 /** This filter is documented in wp-includes/pluggable.php */
1352 $secure_logged_in_cookie = apply_filters('secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure);
1353
1354 if ($secure) {
1355 $auth_cookie_name = SECURE_AUTH_COOKIE;
1356 $scheme = 'secure_auth';
1357 }
1358 else {
1359 $auth_cookie_name = AUTH_COOKIE;
1360 $scheme = 'auth';
1361 }
1362
1363 if ('' === $token) {
1364 $manager = WP_Session_Tokens::get_instance($user_id);
1365 $token = $manager->create($expiration);
1366 }
1367
1368 $auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme, $token);
1369 $logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in', $token);
1370
1371 /** This filter is documented in wp-includes/pluggable.php */
1372 do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme, $token);
1373
1374 /** This filter is documented in wp-includes/pluggable.php */
1375 do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in', $token);
1376
1377 /** This filter is documented in wp-includes/pluggable.php */
1378 if (!apply_filters('send_auth_cookies', TRUE)) {
1379 return;
1380 }
1381
1382 $base_options = [
1383 'expires' => $expire,
1384 'domain' => COOKIE_DOMAIN,
1385 'httponly' => TRUE,
1386 'samesite' => 'None',
1387 ];
1388
1389 self::setAuthCookie($auth_cookie_name, $auth_cookie, $base_options + ['secure' => $secure, 'path' => PLUGINS_COOKIE_PATH]);
1390 self::setAuthCookie($auth_cookie_name, $auth_cookie, $base_options + ['secure' => $secure, 'path' => ADMIN_COOKIE_PATH]);
1391 self::setAuthCookie(LOGGED_IN_COOKIE, $logged_in_cookie, $base_options + ['secure' => $secure_logged_in_cookie, 'path' => COOKIEPATH]);
1392 if (COOKIEPATH != SITECOOKIEPATH) {
1393 self::setAuthCookie(LOGGED_IN_COOKIE, $logged_in_cookie, $base_options + ['secure' => $secure_logged_in_cookie, 'path' => SITECOOKIEPATH]);
1394 }
1395 }
1396
1397 /**
1398 * Set cookie with "SameSite" flag.
1399 *
1400 * The method here is compatible with all versions of PHP. Needed because it
1401 * is only as of PHP 7.3.0 that the setcookie() method supports the "SameSite"
1402 * attribute in its options and will accept "None" as a valid value.
1403 *
a2f24340
BT		 1404 * @param string $name The name of the cookie.
1405 * @param string $value The value of the cookie.
bef5923d
CW		 1406 * @param array $options The header options for the cookie.
1407 */
1408 private function setAuthCookie($name, $value, $options) {
1409 $header = 'Set-Cookie: ';
1410 $header .= rawurlencode($name) . '=' . rawurlencode($value) . '; ';
1411 $header .= 'expires=' . gmdate('D, d-M-Y H:i:s T', $options['expires']) . '; ';
1412 $header .= 'Max-Age=' . max(0, (int) ($options['expires'] - time())) . '; ';
1413 $header .= 'path=' . rawurlencode($options['path']) . '; ';
1414 $header .= 'domain=' . rawurlencode($options['domain']) . '; ';
1415
1416 if (!empty($options['secure'])) {
1417 $header .= 'secure; ';
1418 }
1419 $header .= 'httponly; ';
1420 $header .= 'SameSite=' . rawurlencode($options['samesite']);
1421
1422 header($header, FALSE);
1423 $_COOKIE[$name] = $value;
1424 }
1425
839834b4 1426 /**
1427 * Return the CMS-specific url for its permissions page
1428 * @return array
1429 */
1430 public function getCMSPermissionsUrlParams() {
1431 return ['ufAccessURL' => CRM_Utils_System::url('civicrm/admin/access/wp-permissions', 'reset=1')];
1432 }
1433
633d5122
ML		 1434 /**
1435 * Remove CiviCRM's callbacks.
1436 *
1437 * These may cause recursive updates when creating or editing a WordPress
1438 * user. This doesn't seem to have been necessary in the past, but seems
1439 * to be causing trouble when newer versions of BuddyPress and CiviCRM are
1440 * active.
1441 *
1442 * Based on the civicrm-wp-profile-sync plugin by Christian Wach.
1443 *
1444 * @see self::hooks_core_add()
1445 */
1446 public function hooks_core_remove() {
1447 $civicrm = civi_wp();
1448
1449 // Remove current CiviCRM plugin filters.
1450 remove_action('user_register', [$civicrm->users, 'update_user']);
1451 remove_action('profile_update', [$civicrm->users, 'update_user']);
1452 }
1453
1454 /**
1455 * Add back CiviCRM's callbacks.
1456 * This method undoes the removal of the callbacks above.
1457 *
1458 * @see self::hooks_core_remove()
1459 */
1460 public function hooks_core_add() {
1461 $civicrm = civi_wp();
1462
1463 // Re-add current CiviCRM plugin filters.
1464 add_action('user_register', [$civicrm->users, 'update_user']);
1465 add_action('profile_update', [$civicrm->users, 'update_user']);
1466 }
1467
0e69cbc3 1468 /**
1469 * Depending on configuration, either let the admin enter the password
1470 * when creating a user or let the user do it via email link.
1471 */
1472 public function showPasswordFieldWhenAdminCreatesUser() {
1473 return !$this->isUserRegistrationPermitted();
1474 }
1475
6a488035 1476}