projects / civicrm-core.git / blob
? search:


0963d01df0645e046dd4c0837bac79cc55a36806
[civicrm-core.git] / CRM / Utils / System / WordPress.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
5 | |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
10 */
11
12 /**
13 *
14 * @package CRM
15 * @copyright CiviCRM LLC https://civicrm.org/licensing
16 */
17
18 /**
19 * WordPress specific stuff goes here
20 */
21 class CRM_Utils_System_WordPress extends CRM_Utils_System_Base {
22
23 /**
24 * Get a normalized version of the wpBasePage.
25 */
26 public static function getBasePage() {
27 return strtolower(rtrim(Civi::settings()->get('wpBasePage'), '/'));
28 }
29
30 /**
31 */
32 public function __construct() {
33 /**
34 * deprecated property to check if this is a drupal install. The correct method is to have functions on the UF classes for all UF specific
35 * functions and leave the codebase oblivious to the type of CMS
36 * @deprecated
37 * @var bool
38 */
39 $this->is_drupal = FALSE;
40 $this->is_wordpress = TRUE;
41 }
42
43 public function initialize() {
44 parent::initialize();
45 $this->registerPathVars();
46 }
47
48 /**
49 * Specify the default computation for various paths/URLs.
50 */
51 protected function registerPathVars():void {
52 $isNormalBoot = function_exists('get_option');
53 if ($isNormalBoot) {
54 // Normal mode - CMS boots first, then calls Civi. "Normal" web pages and newer extern routes.
55 // To simplify the code-paths, some items are re-registered with WP-specific functions.
56 $cmsRoot = function() {
57 return [
58 'path' => untrailingslashit(ABSPATH),
59 'url' => home_url(),
60 ];
61 };
62 Civi::paths()->register('cms', $cmsRoot);
63 Civi::paths()->register('cms.root', $cmsRoot);
64 Civi::paths()->register('civicrm.root', function () {
65 return [
66 'path' => CIVICRM_PLUGIN_DIR . 'civicrm' . DIRECTORY_SEPARATOR,
67 'url' => CIVICRM_PLUGIN_URL . 'civicrm/',
68 ];
69 });
70 Civi::paths()->register('wp.frontend.base', function () {
71 return [
72 'url' => home_url('/'),
73 ];
74 });
75 Civi::paths()->register('wp.frontend', function () {
76 $config = CRM_Core_Config::singleton();
77 $basepage = get_page_by_path($config->wpBasePage);
78 return [
79 'url' => get_permalink($basepage->ID),
80 ];
81 });
82 Civi::paths()->register('wp.backend.base', function () {
83 return [
84 'url' => admin_url(),
85 ];
86 });
87 Civi::paths()->register('wp.backend', function() {
88 return [
89 'url' => admin_url('admin.php'),
90 ];
91 });
92 Civi::paths()->register('civicrm.files', function () {
93 $upload_dir = wp_get_upload_dir();
94
95 $old = CRM_Core_Config::singleton()->userSystem->getDefaultFileStorage();
96 $new = [
97 'path' => $upload_dir['basedir'] . DIRECTORY_SEPARATOR . 'civicrm' . DIRECTORY_SEPARATOR,
98 'url' => $upload_dir['baseurl'] . '/civicrm/',
99 ];
100
101 if ($old['path'] === $new['path']) {
102 return $new;
103 }
104
105 $oldExists = file_exists($old['path']);
106 $newExists = file_exists($new['path']);
107
108 if ($oldExists && !$newExists) {
109 return $old;
110 }
111 elseif (!$oldExists && $newExists) {
112 return $new;
113 }
114 elseif (!$oldExists && !$newExists) {
115 // neither exists. but that's ok. we're in one of these two cases:
116 // - we're just starting installation... which will get sorted in a moment
117 // when someone calls mkdir().
118 // - we're running a bespoke setup... which will get sorted in a moment
119 // by applying $civicrm_paths.
120 return $new;
121 }
122 elseif ($oldExists && $newExists) {
123 // situation ambiguous. encourage admin to set value explicitly.
124 if (!isset($GLOBALS['civicrm_paths']['civicrm.files'])) {
125 \Civi::log()->warning("The system has data from both old+new conventions. Please use civicrm.settings.php to set civicrm.files explicitly.");
126 }
127 return $new;
128 }
129 });
130 }
131 else {
132 // Legacy support - only relevant for older extern routes.
133 Civi::paths()
134 ->register('wp.frontend.base', function () {
135 return ['url' => rtrim(CIVICRM_UF_BASEURL, '/') . '/'];
136 })
137 ->register('wp.frontend', function () {
138 $config = \CRM_Core_Config::singleton();
139 $suffix = defined('CIVICRM_UF_WP_BASEPAGE') ? CIVICRM_UF_WP_BASEPAGE : $config->wpBasePage;
140 return [
141 'url' => Civi::paths()->getVariable('wp.frontend.base', 'url') . $suffix,
142 ];
143 })
144 ->register('wp.backend.base', function () {
145 return ['url' => rtrim(CIVICRM_UF_BASEURL, '/') . '/wp-admin/'];
146 })
147 ->register('wp.backend', function () {
148 return [
149 'url' => Civi::paths()->getVariable('wp.backend.base', 'url') . 'admin.php',
150 ];
151 });
152 }
153 }
154
155 /**
156 * @inheritDoc
157 */
158 public function setTitle($title, $pageTitle = NULL) {
159 if (!$pageTitle) {
160 $pageTitle = $title;
161 }
162
163 // FIXME: Why is this global?
164 global $civicrm_wp_title;
165 $civicrm_wp_title = $title;
166
167 // yes, set page title, depending on context
168 $context = civi_wp()->civicrm_context_get();
169 switch ($context) {
170 case 'admin':
171 case 'shortcode':
172 $template = CRM_Core_Smarty::singleton();
173 $template->assign('pageTitle', $pageTitle);
174 }
175 }
176
177 /**
178 * Moved from CRM_Utils_System_Base
179 */
180 public function getDefaultFileStorage() {
181 // NOTE: On WordPress, this will be circumvented in the future. However,
182 // should retain it to allow transitional/upgrade code determine the old value.
183
184 $config = CRM_Core_Config::singleton();
185 $cmsUrl = CRM_Utils_System::languageNegotiationURL($config->userFrameworkBaseURL, FALSE, TRUE);
186 $cmsPath = $this->cmsRootPath();
187 $filesPath = CRM_Utils_File::baseFilePath();
188 $filesRelPath = CRM_Utils_File::relativize($filesPath, $cmsPath);
189 $filesURL = rtrim($cmsUrl, '/') . '/' . ltrim($filesRelPath, ' /');
190 return [
191 'url' => CRM_Utils_File::addTrailingSlash($filesURL, '/'),
192 'path' => CRM_Utils_File::addTrailingSlash($filesPath),
193 ];
194 }
195
196 /**
197 * Determine the location of the CiviCRM source tree.
198 *
199 * @return array
200 * - url: string. ex: "http://example.com/sites/all/modules/civicrm"
201 * - path: string. ex: "/var/www/sites/all/modules/civicrm"
202 */
203 public function getCiviSourceStorage() {
204 global $civicrm_root;
205
206 // Don't use $config->userFrameworkBaseURL; it has garbage on it.
207 // More generally, we shouldn't be using $config here.
208 if (!defined('CIVICRM_UF_BASEURL')) {
209 throw new RuntimeException('Undefined constant: CIVICRM_UF_BASEURL');
210 }
211
212 $cmsPath = $this->cmsRootPath();
213
214 // $config = CRM_Core_Config::singleton();
215 // overkill? // $cmsUrl = CRM_Utils_System::languageNegotiationURL($config->userFrameworkBaseURL, FALSE, TRUE);
216 $cmsUrl = CIVICRM_UF_BASEURL;
217 if (CRM_Utils_System::isSSL()) {
218 $cmsUrl = str_replace('http://', 'https://', $cmsUrl);
219 }
220 $civiRelPath = CRM_Utils_File::relativize(realpath($civicrm_root), realpath($cmsPath));
221 $civiUrl = rtrim($cmsUrl, '/') . '/' . ltrim($civiRelPath, ' /');
222 return [
223 'url' => CRM_Utils_File::addTrailingSlash($civiUrl, '/'),
224 'path' => CRM_Utils_File::addTrailingSlash($civicrm_root),
225 ];
226 }
227
228 /**
229 * @inheritDoc
230 */
231 public function appendBreadCrumb($breadCrumbs) {
232 $breadCrumb = wp_get_breadcrumb();
233
234 if (is_array($breadCrumbs)) {
235 foreach ($breadCrumbs as $crumbs) {
236 if (stripos($crumbs['url'], 'id%%')) {
237 $args = ['cid', 'mid'];
238 foreach ($args as $a) {
239 $val = CRM_Utils_Request::retrieve($a, 'Positive', CRM_Core_DAO::$_nullObject,
240 FALSE, NULL, $_GET
241 );
242 if ($val) {
243 $crumbs['url'] = str_ireplace("%%{$a}%%", $val, $crumbs['url']);
244 }
245 }
246 }
247 $breadCrumb[] = "<a href=\"{$crumbs['url']}\">{$crumbs['title']}</a>";
248 }
249 }
250
251 $template = CRM_Core_Smarty::singleton();
252 $template->assign_by_ref('breadcrumb', $breadCrumb);
253 wp_set_breadcrumb($breadCrumb);
254 }
255
256 /**
257 * @inheritDoc
258 */
259 public function resetBreadCrumb() {
260 $bc = [];
261 wp_set_breadcrumb($bc);
262 }
263
264 /**
265 * @inheritDoc
266 */
267 public function addHTMLHead($head) {
268 static $registered = FALSE;
269 if (!$registered) {
270 // front-end view
271 add_action('wp_head', [__CLASS__, '_showHTMLHead']);
272 // back-end views
273 add_action('admin_head', [__CLASS__, '_showHTMLHead']);
274 }
275 CRM_Core_Region::instance('wp_head')->add([
276 'markup' => $head,
277 ]);
278 }
279
280 /**
281 * WP action callback.
282 */
283 public static function _showHTMLHead() {
284 $region = CRM_Core_Region::instance('wp_head', FALSE);
285 if ($region) {
286 echo $region->render('');
287 }
288 }
289
290 /**
291 * @inheritDoc
292 */
293 public function mapConfigToSSL() {
294 global $base_url;
295 $base_url = str_replace('http://', 'https://', $base_url);
296 }
297
298 /**
299 * @inheritDoc
300 */
301 public function url(
302 $path = NULL,
303 $query = NULL,
304 $absolute = FALSE,
305 $fragment = NULL,
306 $frontend = FALSE,
307 $forceBackend = FALSE,
308 $htmlize = TRUE
309 ) {
310 $config = CRM_Core_Config::singleton();
311 $script = '';
312 $separator = '&';
313 $wpPageParam = '';
314 $fragment = isset($fragment) ? ('#' . $fragment) : '';
315
316 $path = CRM_Utils_String::stripPathChars($path);
317 $basepage = FALSE;
318
319 //this means wp function we are trying to use is not available,
320 //so load bootStrap
321 // FIXME: Why bootstrap in url()? Generally want to define 1-2 strategic places to put bootstrap
322 if (!function_exists('get_option')) {
323 $this->loadBootStrap();
324 }
325
326 if ($config->userFrameworkFrontend) {
327 global $post;
328 if (get_option('permalink_structure') != '') {
329 $script = $post ? get_permalink($post->ID) : "";
330 }
331 if ($post && $config->wpBasePage == $post->post_name) {
332 $basepage = TRUE;
333 }
334 // when shortcode is included in page
335 // also make sure we have valid query object
336 // FIXME: $wpPageParam has no effect and is only set on the *basepage*
337 global $wp_query;
338 if (get_option('permalink_structure') == '' && method_exists($wp_query, 'get')) {
339 if (get_query_var('page_id')) {
340 $wpPageParam = "page_id=" . get_query_var('page_id');
341 }
342 elseif (get_query_var('p')) {
343 // when shortcode is inserted in post
344 $wpPageParam = "p=" . get_query_var('p');
345 }
346 }
347 }
348
349 $base = $this->getBaseUrl($absolute, $frontend, $forceBackend);
350
351 if (!isset($path) && !isset($query)) {
352 // FIXME: This short-circuited codepath is the same as the general one below, except
353 // in that it ignores "permlink_structure" / $wpPageParam / $script . I don't know
354 // why it's different (and I can only find two obvious use-cases for this codepath,
355 // of which at least one looks gratuitous). A more ambitious person would simply remove
356 // this code.
357 return $base . $fragment;
358 }
359
360 if (!$forceBackend && get_option('permalink_structure') != '' && ($wpPageParam || $script != '')) {
361 $base = $script;
362 }
363
364 $queryParts = [];
365
366 if (
367 // not using clean URLs
368 !$config->cleanURL
369 // requesting an admin URL
370 || ((is_admin() && !$frontend) || $forceBackend)
371 // is shortcode
372 || (!$basepage && $script != '')
373 ) {
374
375 // pre-existing logic
376 if (isset($path)) {
377 // Admin URLs still need "page=CiviCRM", front-end URLs do not.
378 if ((is_admin() && !$frontend) || $forceBackend) {
379 $queryParts[] = 'page=CiviCRM';
380 }
381 else {
382 $queryParts[] = 'civiwp=CiviCRM';
383 }
384 $queryParts[] = 'q=' . rawurlencode($path);
385 }
386 if ($wpPageParam) {
387 $queryParts[] = $wpPageParam;
388 }
389 if (!empty($query)) {
390 $queryParts[] = $query;
391 }
392
393 $final = $base . '?' . implode($separator, $queryParts) . $fragment;
394
395 }
396 else {
397
398 // clean URLs
399 if (isset($path)) {
400 $base = trailingslashit($base) . str_replace('civicrm/', '', $path) . '/';
401 }
402 if (isset($query)) {
403 $query = ltrim($query, '=?&');
404 $queryParts[] = $query;
405 }
406
407 if (!empty($queryParts)) {
408 $final = $base . '?' . implode($separator, $queryParts) . $fragment;
409 }
410 else {
411 $final = $base . $fragment;
412 }
413
414 }
415
416 return $final;
417 }
418
419 /**
420 * 27-09-2016
421 * CRM-16421 CRM-17633 WIP Changes to support WP in it's own directory
422 * https://wiki.civicrm.org/confluence/display/CRM/WordPress+installed+in+its+own+directory+issues
423 * For now leave hard coded wp-admin references.
424 * TODO: remove wp-admin references and replace with admin_url() in the future. Look at best way to get path to admin_url
425 *
426 * @param $absolute
427 * @param $frontend
428 * @param $forceBackend
429 *
430 * @return mixed|null|string
431 */
432 private function getBaseUrl($absolute, $frontend, $forceBackend) {
433 $config = CRM_Core_Config::singleton();
434 if ((is_admin() && !$frontend) || $forceBackend) {
435 return Civi::paths()->getUrl('[wp.backend]/.', $absolute ? 'absolute' : 'relative');
436 }
437 else {
438 return Civi::paths()->getUrl('[wp.frontend]/.', $absolute ? 'absolute' : 'relative');
439 }
440 }
441
442 /**
443 * @inheritDoc
444 */
445 public function authenticate($name, $password, $loadCMSBootstrap = FALSE, $realPath = NULL) {
446 $config = CRM_Core_Config::singleton();
447
448 if ($loadCMSBootstrap) {
449 $config->userSystem->loadBootStrap([
450 'name' => $name,
451 'pass' => $password,
452 ]);
453 }
454
455 $user = wp_authenticate($name, $password);
456 if (is_a($user, 'WP_Error')) {
457 return FALSE;
458 }
459
460 // TODO: need to change this to make sure we matched only one row
461
462 CRM_Core_BAO_UFMatch::synchronizeUFMatch($user->data, $user->data->ID, $user->data->user_email, 'WordPress');
463 $contactID = CRM_Core_BAO_UFMatch::getContactId($user->data->ID);
464 if (!$contactID) {
465 return FALSE;
466 }
467 return [$contactID, $user->data->ID, mt_rand()];
468 }
469
470 /**
471 * FIXME: Do something
472 *
473 * @param string $message
474 */
475 public function setMessage($message) {
476 }
477
478 /**
479 * @param \string $user
480 *
481 * @return bool
482 */
483 public function loadUser($user) {
484 $userdata = get_user_by('login', $user);
485 if (!$userdata->data->ID) {
486 return FALSE;
487 }
488
489 $uid = $userdata->data->ID;
490 wp_set_current_user($uid);
491 $contactID = CRM_Core_BAO_UFMatch::getContactId($uid);
492
493 // lets store contact id and user id in session
494 $session = CRM_Core_Session::singleton();
495 $session->set('ufID', $uid);
496 $session->set('userID', $contactID);
497 return TRUE;
498 }
499
500 /**
501 * FIXME: Use CMS-native approach
502 * @throws \CRM_Core_Exception
503 */
504 public function permissionDenied() {
505 throw new CRM_Core_Exception(ts('You do not have permission to access this page.'));
506 }
507
508 /**
509 * Determine the native ID of the CMS user.
510 *
511 * @param string $username
512 *
513 * @return int|null
514 */
515 public function getUfId($username) {
516 $userdata = get_user_by('login', $username);
517 if (!$userdata->data->ID) {
518 return NULL;
519 }
520 return $userdata->data->ID;
521 }
522
523 /**
524 * @inheritDoc
525 */
526 public function logout() {
527 // destroy session
528 if (session_id()) {
529 session_destroy();
530 }
531 wp_logout();
532 wp_redirect(wp_login_url());
533 }
534
535 /**
536 * @inheritDoc
537 */
538 public function getUFLocale() {
539 // Bail early if method is called when WordPress isn't bootstrapped.
540 // Additionally, the function checked here is located in pluggable.php
541 // and is required by wp_get_referer() - so this also bails early if it is
542 // called too early in the request lifecycle.
543 // @see https://core.trac.wordpress.org/ticket/25294
544 if (!function_exists('wp_validate_redirect')) {
545 return NULL;
546 }
547
548 // Default to WordPress User locale.
549 $locale = get_user_locale();
550
551 // Is this a "back-end" AJAX call?
552 $is_backend = FALSE;
553 if (wp_doing_ajax() && FALSE !== strpos(wp_get_referer(), admin_url())) {
554 $is_backend = TRUE;
555 }
556
557 // Ignore when in WordPress admin or it's a "back-end" AJAX call.
558 if (!(is_admin() || $is_backend)) {
559
560 // Reaching here means it is very likely to be a front-end context.
561
562 // Default to WordPress locale.
563 $locale = get_locale();
564
565 // Maybe override with the locale that Polylang reports.
566 if (function_exists('pll_current_language')) {
567 $pll_locale = pll_current_language('locale');
568 if (!empty($pll_locale)) {
569 $locale = $pll_locale;
570 }
571 }
572
573 // Maybe override with the locale that WPML reports.
574 elseif (defined('ICL_LANGUAGE_CODE')) {
575 $languages = apply_filters('wpml_active_languages', NULL);
576 foreach ($languages as $language) {
577 if ($language['active']) {
578 $locale = $language['default_locale'];
579 break;
580 }
581 }
582 }
583
584 // TODO: Set locale for other WordPress plugins.
585 // @see https://wordpress.org/plugins/tags/multilingual/
586 // A hook would be nice here.
587
588 }
589
590 if (!empty($locale)) {
591 // If for some reason only we get a language code, convert it to a locale.
592 if (2 === strlen($locale)) {
593 $locale = CRM_Core_I18n_PseudoConstant::longForShort($locale);
594 }
595 return $locale;
596 }
597 else {
598 return NULL;
599 }
600 }
601
602 /**
603 * @inheritDoc
604 */
605 public function setUFLocale($civicrm_language) {
606 // TODO (probably not possible with WPML?)
607 return TRUE;
608 }
609
610 /**
611 * Load wordpress bootstrap.
612 *
613 * @param array $params
614 * Optional credentials
615 * - name: string, cms username
616 * - pass: string, cms password
617 * @param bool $loadUser
618 * @param bool $throwError
619 * @param mixed $realPath
620 *
621 * @return bool
622 * @throws \CRM_Core_Exception
623 */
624 public function loadBootStrap($params = [], $loadUser = TRUE, $throwError = TRUE, $realPath = NULL) {
625 global $wp, $wp_rewrite, $wp_the_query, $wp_query, $wpdb, $current_site, $current_blog, $current_user;
626
627 $name = $params['name'] ?? NULL;
628 $pass = $params['pass'] ?? NULL;
629
630 if (!defined('WP_USE_THEMES')) {
631 define('WP_USE_THEMES', FALSE);
632 }
633
634 $cmsRootPath = $this->cmsRootPath();
635 if (!$cmsRootPath) {
636 throw new CRM_Core_Exception("Could not find the install directory for WordPress");
637 }
638 $path = Civi::settings()->get('wpLoadPhp');
639 if (!empty($path)) {
640 require_once $path;
641 }
642 elseif (file_exists($cmsRootPath . DIRECTORY_SEPARATOR . 'wp-load.php')) {
643 require_once $cmsRootPath . DIRECTORY_SEPARATOR . 'wp-load.php';
644 }
645 else {
646 throw new CRM_Core_Exception("Could not find the bootstrap file for WordPress");
647 }
648 $wpUserTimezone = get_option('timezone_string');
649 if ($wpUserTimezone) {
650 date_default_timezone_set($wpUserTimezone);
651 CRM_Core_Config::singleton()->userSystem->setMySQLTimeZone();
652 }
653 require_once $cmsRootPath . DIRECTORY_SEPARATOR . 'wp-includes/pluggable.php';
654 $uid = $params['uid'] ?? NULL;
655 if (!$uid) {
656 $name = $name ? $name : trim(CRM_Utils_Array::value('name', $_REQUEST));
657 $pass = $pass ? $pass : trim(CRM_Utils_Array::value('pass', $_REQUEST));
658 if ($name) {
659 $uid = wp_authenticate($name, $pass);
660 if (!$uid) {
661 if ($throwError) {
662 echo '<br />Sorry, unrecognized username or password.';
663 exit();
664 }
665 return FALSE;
666 }
667 }
668 }
669 if ($uid) {
670 if ($uid instanceof WP_User) {
671 $account = wp_set_current_user($uid->ID);
672 }
673 else {
674 $account = wp_set_current_user($uid);
675 }
676 if ($account && $account->data->ID) {
677 global $user;
678 $user = $account;
679 return TRUE;
680 }
681 }
682 return TRUE;
683 }
684
685 /**
686 * @param $dir
687 *
688 * @return bool
689 */
690 public function validInstallDir($dir) {
691 $includePath = "$dir/wp-includes";
692 if (@file_exists("$includePath/version.php")) {
693 return TRUE;
694 }
695 return FALSE;
696 }
697
698 /**
699 * Determine the location of the CMS root.
700 *
701 * @return string|NULL
702 * local file system path to CMS root, or NULL if it cannot be determined
703 */
704 public function cmsRootPath() {
705
706 // Return early if the path is already set.
707 global $civicrm_paths;
708 if (!empty($civicrm_paths['cms.root']['path'])) {
709 return $civicrm_paths['cms.root']['path'];
710 }
711
712 // Return early if constant has been defined.
713 if (defined('CIVICRM_CMSDIR')) {
714 if ($this->validInstallDir(CIVICRM_CMSDIR)) {
715 return CIVICRM_CMSDIR;
716 }
717 }
718
719 // Return early if path to wp-load.php can be retrieved from settings.
720 $setting = Civi::settings()->get('wpLoadPhp');
721 if (!empty($setting)) {
722 $path = str_replace('wp-load.php', '', $setting);
723 $cmsRoot = rtrim($path, '/\\');
724 if ($this->validInstallDir($cmsRoot)) {
725 return $cmsRoot;
726 }
727 }
728
729 /*
730 * Keep previous logic as fallback of last resort.
731 *
732 * At some point, it would be good to remove this because there are serious
733 * problems in correctly locating WordPress in this manner. In summary, it
734 * is impossible to do so reliably.
735 *
736 * @see https://github.com/civicrm/civicrm-wordpress/pull/63#issuecomment-61792328
737 * @see https://github.com/civicrm/civicrm-core/pull/11086#issuecomment-335454992
738 */
739 $cmsRoot = $valid = NULL;
740
741 $pathVars = explode('/', str_replace('\\', '/', $_SERVER['SCRIPT_FILENAME']));
742
743 // Might be Windows installation.
744 $firstVar = array_shift($pathVars);
745 if ($firstVar) {
746 $cmsRoot = $firstVar;
747 }
748
749 // Start with CMS dir search.
750 foreach ($pathVars as $var) {
751 $cmsRoot .= "/$var";
752 if ($this->validInstallDir($cmsRoot)) {
753 // Stop as we found bootstrap.
754 $valid = TRUE;
755 break;
756 }
757 }
758
759 return ($valid) ? $cmsRoot : NULL;
760 }
761
762 /**
763 * @inheritDoc
764 */
765 public function createUser(&$params, $mail) {
766 $user_data = [
767 'ID' => '',
768 'user_pass' => $params['cms_pass'],
769 'user_login' => $params['cms_name'],
770 'user_email' => $params[$mail],
771 'nickname' => $params['cms_name'],
772 'role' => get_option('default_role'),
773 ];
774 if (isset($params['contactID'])) {
775 $contactType = CRM_Contact_BAO_Contact::getContactType($params['contactID']);
776 if ($contactType == 'Individual') {
777 $user_data['first_name'] = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact',
778 $params['contactID'], 'first_name'
779 );
780 $user_data['last_name'] = CRM_Core_DAO::getFieldValue('CRM_Contact_DAO_Contact',
781 $params['contactID'], 'last_name'
782 );
783 }
784 }
785
786 $uid = wp_insert_user($user_data);
787
788 $creds = [];
789 $creds['user_login'] = $params['cms_name'];
790 $creds['user_password'] = $params['cms_pass'];
791 $creds['remember'] = TRUE;
792 $user = wp_signon($creds, FALSE);
793
794 wp_new_user_notification($uid, $user_data['user_pass']);
795 return $uid;
796 }
797
798 /**
799 * @inheritDoc
800 */
801 public function updateCMSName($ufID, $ufName) {
802 // CRM-10620
803 if (function_exists('wp_update_user')) {
804 $ufID = CRM_Utils_Type::escape($ufID, 'Integer');
805 $ufName = CRM_Utils_Type::escape($ufName, 'String');
806
807 $values = ['ID' => $ufID, 'user_email' => $ufName];
808 if ($ufID) {
809 wp_update_user($values);
810 }
811 }
812 }
813
814 /**
815 * @param array $params
816 * @param $errors
817 * @param string $emailName
818 */
819 public function checkUserNameEmailExists(&$params, &$errors, $emailName = 'email') {
820 $config = CRM_Core_Config::singleton();
821
822 $dao = new CRM_Core_DAO();
823 $name = $dao->escape(CRM_Utils_Array::value('name', $params));
824 $email = $dao->escape(CRM_Utils_Array::value('mail', $params));
825
826 if (!empty($params['name'])) {
827 if (!validate_username($params['name'])) {
828 $errors['cms_name'] = ts("Your username contains invalid characters");
829 }
830 elseif (username_exists(sanitize_user($params['name']))) {
831 $errors['cms_name'] = ts('The username %1 is already taken. Please select another username.', [1 => $params['name']]);
832 }
833 }
834
835 if (!empty($params['mail'])) {
836 if (!is_email($params['mail'])) {
837 $errors[$emailName] = "Your email is invaid";
838 }
839 elseif (email_exists($params['mail'])) {
840 $errors[$emailName] = ts('The email address %1 already has an account associated with it. <a href="%2">Have you forgotten your password?</a>',
841 [1 => $params['mail'], 2 => wp_lostpassword_url()]
842 );
843 }
844 }
845 }
846
847 /**
848 * @inheritDoc
849 */
850 public function isUserLoggedIn() {
851 $isloggedIn = FALSE;
852 if (function_exists('is_user_logged_in')) {
853 $isloggedIn = is_user_logged_in();
854 }
855
856 return $isloggedIn;
857 }
858
859 /**
860 * @inheritDoc
861 */
862 public function isUserRegistrationPermitted() {
863 if (!get_option('users_can_register')) {
864 return FALSE;
865 }
866 return TRUE;
867 }
868
869 /**
870 * @inheritDoc
871 */
872 public function isPasswordUserGenerated() {
873 return TRUE;
874 }
875
876 /**
877 * @return mixed
878 */
879 public function getLoggedInUserObject() {
880 if (function_exists('is_user_logged_in') &&
881 is_user_logged_in()
882 ) {
883 global $current_user;
884 }
885 return $current_user;
886 }
887
888 /**
889 * @inheritDoc
890 */
891 public function getLoggedInUfID() {
892 $ufID = NULL;
893 $current_user = $this->getLoggedInUserObject();
894 return $current_user->ID ?? NULL;
895 }
896
897 /**
898 * @inheritDoc
899 */
900 public function getLoggedInUniqueIdentifier() {
901 $user = $this->getLoggedInUserObject();
902 return $this->getUniqueIdentifierFromUserObject($user);
903 }
904
905 /**
906 * Get User ID from UserFramework system (Joomla)
907 * @param object $user
908 * Object as described by the CMS.
909 *
910 * @return int|null
911 */
912 public function getUserIDFromUserObject($user) {
913 return !empty($user->ID) ? $user->ID : NULL;
914 }
915
916 /**
917 * @inheritDoc
918 */
919 public function getUniqueIdentifierFromUserObject($user) {
920 return empty($user->user_email) ? NULL : $user->user_email;
921 }
922
923 /**
924 * @inheritDoc
925 */
926 public function getLoginURL($destination = '') {
927 $config = CRM_Core_Config::singleton();
928 $loginURL = wp_login_url();
929 return $loginURL;
930 }
931
932 /**
933 * FIXME: Do something.
934 *
935 * @param \CRM_Core_Form $form
936 *
937 * @return NULL|string
938 */
939 public function getLoginDestination(&$form) {
940 return NULL;
941 }
942
943 /**
944 * @inheritDoc
945 */
946 public function getVersion() {
947 if (function_exists('get_bloginfo')) {
948 return get_bloginfo('version', 'display');
949 }
950 else {
951 return 'Unknown';
952 }
953 }
954
955 /**
956 * @inheritDoc
957 */
958 public function getTimeZoneString() {
959 return get_option('timezone_string');
960 }
961
962 /**
963 * @inheritDoc
964 */
965 public function getUserRecordUrl($contactID) {
966 $uid = CRM_Core_BAO_UFMatch::getUFId($contactID);
967 if (CRM_Core_Session::singleton()
968 ->get('userID') == $contactID || CRM_Core_Permission::checkAnyPerm(['cms:administer users'])
969 ) {
970 return CRM_Core_Config::singleton()->userFrameworkBaseURL . "wp-admin/user-edit.php?user_id=" . $uid;
971 }
972 }
973
974 /**
975 * Append WP js to coreResourcesList.
976 *
977 * @param \Civi\Core\Event\GenericHookEvent $e
978 */
979 public function appendCoreResources(\Civi\Core\Event\GenericHookEvent $e) {
980 $e->list[] = 'js/crm.wordpress.js';
981 }
982
983 /**
984 * @inheritDoc
985 */
986 public function alterAssetUrl(\Civi\Core\Event\GenericHookEvent $e) {
987 // Set menubar breakpoint to match WP admin theme
988 if ($e->asset == 'crm-menubar.css') {
989 $e->params['breakpoint'] = 783;
990 }
991 }
992
993 /**
994 * @inheritDoc
995 */
996 public function synchronizeUsers() {
997 $config = CRM_Core_Config::singleton();
998 if (PHP_SAPI != 'cli') {
999 set_time_limit(300);
1000 }
1001 $id = 'ID';
1002 $mail = 'user_email';
1003
1004 $uf = $config->userFramework;
1005 $contactCount = 0;
1006 $contactCreated = 0;
1007 $contactMatching = 0;
1008
1009 // Previously used the $wpdb global - which means WordPress *must* be bootstrapped.
1010 $wpUsers = get_users(array(
1011 'blog_id' => get_current_blog_id(),
1012 'number' => -1,
1013 ));
1014
1015 foreach ($wpUsers as $wpUserData) {
1016 $contactCount++;
1017 if ($match = CRM_Core_BAO_UFMatch::synchronizeUFMatch($wpUserData,
1018 $wpUserData->$id,
1019 $wpUserData->$mail,
1020 $uf,
1021 1,
1022 'Individual',
1023 TRUE
1024 )
1025 ) {
1026 $contactCreated++;
1027 }
1028 else {
1029 $contactMatching++;
1030 }
1031 if (is_object($match)) {
1032 $match->free();
1033 }
1034 }
1035
1036 return [
1037 'contactCount' => $contactCount,
1038 'contactMatching' => $contactMatching,
1039 'contactCreated' => $contactCreated,
1040 ];
1041 }
1042
1043 /**
1044 * Send an HTTP Response base on PSR HTTP RespnseInterface response.
1045 *
1046 * @param \Psr\Http\Message\ResponseInterface $response
1047 */
1048 public function sendResponse(\Psr\Http\Message\ResponseInterface $response) {
1049 // use WordPress function status_header to ensure 404 response is sent
1050 status_header($response->getStatusCode());
1051 foreach ($response->getHeaders() as $name => $values) {
1052 CRM_Utils_System::setHttpHeader($name, implode(', ', (array) $values));
1053 }
1054 echo $response->getBody();
1055 CRM_Utils_System::civiExit();
1056 }
1057
1058 /**
1059 * Start a new session if there's no existing session ID.
1060 *
1061 * Checks are needed to prevent sessions being started when not necessary.
1062 */
1063 public function sessionStart() {
1064 $session_id = session_id();
1065
1066 // Check WordPress pseudo-cron.
1067 $wp_cron = FALSE;
1068 if (function_exists('wp_doing_cron') && wp_doing_cron()) {
1069 $wp_cron = TRUE;
1070 }
1071
1072 // Check WP-CLI.
1073 $wp_cli = FALSE;
1074 if (defined('WP_CLI') && WP_CLI) {
1075 $wp_cli = TRUE;
1076 }
1077
1078 // Check PHP on the command line - e.g. `cv`.
1079 $php_cli = TRUE;
1080 if (PHP_SAPI !== 'cli') {
1081 $php_cli = FALSE;
1082 }
1083
1084 // Maybe start session.
1085 if (empty($session_id) && !$wp_cron && !$wp_cli && !$php_cli) {
1086 session_start();
1087 }
1088 }
1089
1090 /**
1091 * Perform any necessary actions prior to redirecting via POST.
1092 *
1093 * Redirecting via POST means that cookies need to be sent with SameSite=None.
1094 */
1095 public function prePostRedirect() {
1096 // Get User Agent string.
1097 $rawUserAgent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
1098 $userAgent = mb_convert_encoding($rawUserAgent, 'UTF-8');
1099
1100 // Bail early if User Agent does not support `SameSite=None`.
1101 $shouldUseSameSite = CRM_Utils_SameSite::shouldSendSameSiteNone($userAgent);
1102 if (!$shouldUseSameSite) {
1103 return;
1104 }
1105
1106 // Make sure session cookie is present in header.
1107 $cookie_params = session_name() . '=' . session_id() . '; SameSite=None; Secure';
1108 CRM_Utils_System::setHttpHeader('Set-Cookie', $cookie_params);
1109
1110 // Add WordPress auth cookies when user is logged in.
1111 $user = wp_get_current_user();
1112 if ($user->exists()) {
1113 self::setAuthCookies($user->ID, TRUE, TRUE);
1114 }
1115 }
1116
1117 /**
1118 * Explicitly set WordPress authentication cookies.
1119 *
1120 * Chrome 84 introduced a cookie policy change which prevents cookies for the
1121 * session and for WordPress user authentication from being indentified when
1122 * a purchaser returns to the site from PayPal using the "Back to Merchant"
1123 * button.
1124 *
1125 * In order to comply with this policy, cookies need to be sent with their
1126 * "SameSite" attribute set to "None" and with the "Secure" flag set, but this
1127 * isn't possible to do via `wp_set_auth_cookie()` as it stands.
1128 *
1129 * This method is a modified clone of `wp_set_auth_cookie()` which satisfies
1130 * the Chrome policy.
1131 *
1132 * @see wp_set_auth_cookie()
1133 *
1134 * The $remember parameter increases the time that the cookie will be kept. The
1135 * default the cookie is kept without remembering is two days. When $remember is
1136 * set, the cookies will be kept for 14 days or two weeks.
1137 *
1138 * @param int $user_id The WordPress User ID.
1139 * @param bool $remember Whether to remember the user.
1140 * @param bool|string $secure Whether the auth cookie should only be sent over
1141 * HTTPS. Default is an empty string which means the
1142 * value of `is_ssl()` will be used.
1143 * @param string $token Optional. User's session token to use for this cookie.
1144 */
1145 private function setAuthCookies($user_id, $remember = FALSE, $secure = '', $token = '') {
1146 if ($remember) {
1147 /** This filter is documented in wp-includes/pluggable.php */
1148 $expiration = time() + apply_filters('auth_cookie_expiration', 14 * DAY_IN_SECONDS, $user_id, $remember);
1149
1150 /*
1151 * Ensure the browser will continue to send the cookie after the expiration time is reached.
1152 * Needed for the login grace period in wp_validate_auth_cookie().
1153 */
1154 $expire = $expiration + (12 * HOUR_IN_SECONDS);
1155 }
1156 else {
1157 /** This filter is documented in wp-includes/pluggable.php */
1158 $expiration = time() + apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember);
1159 $expire = 0;
1160 }
1161
1162 if ('' === $secure) {
1163 $secure = is_ssl();
1164 }
1165
1166 // Front-end cookie is secure when the auth cookie is secure and the site's home URL is forced HTTPS.
1167 $secure_logged_in_cookie = $secure && 'https' === parse_url(get_option('home'), PHP_URL_SCHEME);
1168
1169 /** This filter is documented in wp-includes/pluggable.php */
1170 $secure = apply_filters('secure_auth_cookie', $secure, $user_id);
1171
1172 /** This filter is documented in wp-includes/pluggable.php */
1173 $secure_logged_in_cookie = apply_filters('secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure);
1174
1175 if ($secure) {
1176 $auth_cookie_name = SECURE_AUTH_COOKIE;
1177 $scheme = 'secure_auth';
1178 }
1179 else {
1180 $auth_cookie_name = AUTH_COOKIE;
1181 $scheme = 'auth';
1182 }
1183
1184 if ('' === $token) {
1185 $manager = WP_Session_Tokens::get_instance($user_id);
1186 $token = $manager->create($expiration);
1187 }
1188
1189 $auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme, $token);
1190 $logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in', $token);
1191
1192 /** This filter is documented in wp-includes/pluggable.php */
1193 do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme, $token);
1194
1195 /** This filter is documented in wp-includes/pluggable.php */
1196 do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in', $token);
1197
1198 /** This filter is documented in wp-includes/pluggable.php */
1199 if (!apply_filters('send_auth_cookies', TRUE)) {
1200 return;
1201 }
1202
1203 $base_options = [
1204 'expires' => $expire,
1205 'domain' => COOKIE_DOMAIN,
1206 'httponly' => TRUE,
1207 'samesite' => 'None',
1208 ];
1209
1210 self::setAuthCookie($auth_cookie_name, $auth_cookie, $base_options + ['secure' => $secure, 'path' => PLUGINS_COOKIE_PATH]);
1211 self::setAuthCookie($auth_cookie_name, $auth_cookie, $base_options + ['secure' => $secure, 'path' => ADMIN_COOKIE_PATH]);
1212 self::setAuthCookie(LOGGED_IN_COOKIE, $logged_in_cookie, $base_options + ['secure' => $secure_logged_in_cookie, 'path' => COOKIEPATH]);
1213 if (COOKIEPATH != SITECOOKIEPATH) {
1214 self::setAuthCookie(LOGGED_IN_COOKIE, $logged_in_cookie, $base_options + ['secure' => $secure_logged_in_cookie, 'path' => SITECOOKIEPATH]);
1215 }
1216 }
1217
1218 /**
1219 * Set cookie with "SameSite" flag.
1220 *
1221 * The method here is compatible with all versions of PHP. Needed because it
1222 * is only as of PHP 7.3.0 that the setcookie() method supports the "SameSite"
1223 * attribute in its options and will accept "None" as a valid value.
1224 *
1225 * @param $name The name of the cookie.
1226 * @param $value The value of the cookie.
1227 * @param array $options The header options for the cookie.
1228 */
1229 private function setAuthCookie($name, $value, $options) {
1230 $header = 'Set-Cookie: ';
1231 $header .= rawurlencode($name) . '=' . rawurlencode($value) . '; ';
1232 $header .= 'expires=' . gmdate('D, d-M-Y H:i:s T', $options['expires']) . '; ';
1233 $header .= 'Max-Age=' . max(0, (int) ($options['expires'] - time())) . '; ';
1234 $header .= 'path=' . rawurlencode($options['path']) . '; ';
1235 $header .= 'domain=' . rawurlencode($options['domain']) . '; ';
1236
1237 if (!empty($options['secure'])) {
1238 $header .= 'secure; ';
1239 }
1240 $header .= 'httponly; ';
1241 $header .= 'SameSite=' . rawurlencode($options['samesite']);
1242
1243 header($header, FALSE);
1244 $_COOKIE[$name] = $value;
1245 }
1246
1247 /**
1248 * Return the CMS-specific url for its permissions page
1249 * @return array
1250 */
1251 public function getCMSPermissionsUrlParams() {
1252 return ['ufAccessURL' => CRM_Utils_System::url('civicrm/admin/access/wp-permissions', 'reset=1')];
1253 }
1254
1255 }