3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
15 * @copyright CiviCRM LLC https://civicrm.org/licensing
19 * WordPress specific stuff goes here
21 class CRM_Utils_System_WordPress
extends CRM_Utils_System_Base
{
24 * Get a normalized version of the wpBasePage.
26 public static function getBasePage() {
27 return strtolower(rtrim(Civi
::settings()->get('wpBasePage'), '/'));
32 public function __construct() {
34 * deprecated property to check if this is a drupal install. The correct method is to have functions on the UF classes for all UF specific
35 * functions and leave the codebase oblivious to the type of CMS
39 $this->is_drupal
= FALSE;
40 $this->is_wordpress
= TRUE;
43 public function initialize() {
45 $this->registerPathVars();
49 * Specify the default computation for various paths/URLs.
51 protected function registerPathVars():void
{
52 $isNormalBoot = function_exists('get_option');
54 // Normal mode - CMS boots first, then calls Civi. "Normal" web pages and newer extern routes.
55 // To simplify the code-paths, some items are re-registered with WP-specific functions.
56 $cmsRoot = function() {
58 'path' => untrailingslashit(ABSPATH
),
62 Civi
::paths()->register('cms', $cmsRoot);
63 Civi
::paths()->register('cms.root', $cmsRoot);
64 Civi
::paths()->register('civicrm.root', function () {
66 'path' => CIVICRM_PLUGIN_DIR
. 'civicrm' . DIRECTORY_SEPARATOR
,
67 'url' => CIVICRM_PLUGIN_URL
. 'civicrm/',
70 Civi
::paths()->register('wp.frontend.base', function () {
72 'url' => home_url('/'),
75 Civi
::paths()->register('wp.frontend', function () {
76 $config = CRM_Core_Config
::singleton();
77 $basepage = get_page_by_path($config->wpBasePage
);
79 'url' => get_permalink($basepage->ID
),
82 Civi
::paths()->register('wp.backend.base', function () {
87 Civi
::paths()->register('wp.backend', function() {
89 'url' => admin_url('admin.php'),
92 Civi
::paths()->register('civicrm.files', function () {
93 $upload_dir = wp_get_upload_dir();
95 $old = CRM_Core_Config
::singleton()->userSystem
->getDefaultFileStorage();
97 'path' => $upload_dir['basedir'] . DIRECTORY_SEPARATOR
. 'civicrm' . DIRECTORY_SEPARATOR
,
98 'url' => $upload_dir['baseurl'] . '/civicrm/',
101 if ($old['path'] === $new['path']) {
105 $oldExists = file_exists($old['path']);
106 $newExists = file_exists($new['path']);
108 if ($oldExists && !$newExists) {
111 elseif (!$oldExists && $newExists) {
114 elseif (!$oldExists && !$newExists) {
115 // neither exists. but that's ok. we're in one of these two cases:
116 // - we're just starting installation... which will get sorted in a moment
117 // when someone calls mkdir().
118 // - we're running a bespoke setup... which will get sorted in a moment
119 // by applying $civicrm_paths.
122 elseif ($oldExists && $newExists) {
123 // situation ambiguous. encourage admin to set value explicitly.
124 if (!isset($GLOBALS['civicrm_paths']['civicrm.files'])) {
125 \Civi
::log()->warning("The system has data from both old+new conventions. Please use civicrm.settings.php to set civicrm.files explicitly.");
132 // Legacy support - only relevant for older extern routes.
134 ->register('wp.frontend.base', function () {
135 return ['url' => rtrim(CIVICRM_UF_BASEURL
, '/') . '/'];
137 ->register('wp.frontend', function () {
138 $config = \CRM_Core_Config
::singleton();
139 $suffix = defined('CIVICRM_UF_WP_BASEPAGE') ? CIVICRM_UF_WP_BASEPAGE
: $config->wpBasePage
;
141 'url' => Civi
::paths()->getVariable('wp.frontend.base', 'url') . $suffix,
144 ->register('wp.backend.base', function () {
145 return ['url' => rtrim(CIVICRM_UF_BASEURL
, '/') . '/wp-admin/'];
147 ->register('wp.backend', function () {
149 'url' => Civi
::paths()->getVariable('wp.backend.base', 'url') . 'admin.php',
158 public function setTitle($title, $pageTitle = NULL) {
163 // FIXME: Why is this global?
164 global $civicrm_wp_title;
165 $civicrm_wp_title = $title;
167 // yes, set page title, depending on context
168 $context = civi_wp()->civicrm_context_get();
172 $template = CRM_Core_Smarty
::singleton();
173 $template->assign('pageTitle', $pageTitle);
178 * Moved from CRM_Utils_System_Base
180 public function getDefaultFileStorage() {
181 // NOTE: On WordPress, this will be circumvented in the future. However,
182 // should retain it to allow transitional/upgrade code determine the old value.
184 $config = CRM_Core_Config
::singleton();
185 $cmsUrl = CRM_Utils_System
::languageNegotiationURL($config->userFrameworkBaseURL
, FALSE, TRUE);
186 $cmsPath = $this->cmsRootPath();
187 $filesPath = CRM_Utils_File
::baseFilePath();
188 $filesRelPath = CRM_Utils_File
::relativize($filesPath, $cmsPath);
189 $filesURL = rtrim($cmsUrl, '/') . '/' . ltrim($filesRelPath, ' /');
191 'url' => CRM_Utils_File
::addTrailingSlash($filesURL, '/'),
192 'path' => CRM_Utils_File
::addTrailingSlash($filesPath),
197 * Determine the location of the CiviCRM source tree.
200 * - url: string. ex: "http://example.com/sites/all/modules/civicrm"
201 * - path: string. ex: "/var/www/sites/all/modules/civicrm"
203 public function getCiviSourceStorage() {
204 global $civicrm_root;
206 // Don't use $config->userFrameworkBaseURL; it has garbage on it.
207 // More generally, we shouldn't be using $config here.
208 if (!defined('CIVICRM_UF_BASEURL')) {
209 throw new RuntimeException('Undefined constant: CIVICRM_UF_BASEURL');
212 $cmsPath = $this->cmsRootPath();
214 // $config = CRM_Core_Config::singleton();
215 // overkill? // $cmsUrl = CRM_Utils_System::languageNegotiationURL($config->userFrameworkBaseURL, FALSE, TRUE);
216 $cmsUrl = CIVICRM_UF_BASEURL
;
217 if (CRM_Utils_System
::isSSL()) {
218 $cmsUrl = str_replace('http://', 'https://', $cmsUrl);
220 $civiRelPath = CRM_Utils_File
::relativize(realpath($civicrm_root), realpath($cmsPath));
221 $civiUrl = rtrim($cmsUrl, '/') . '/' . ltrim($civiRelPath, ' /');
223 'url' => CRM_Utils_File
::addTrailingSlash($civiUrl, '/'),
224 'path' => CRM_Utils_File
::addTrailingSlash($civicrm_root),
231 public function appendBreadCrumb($breadCrumbs) {
232 $breadCrumb = wp_get_breadcrumb();
234 if (is_array($breadCrumbs)) {
235 foreach ($breadCrumbs as $crumbs) {
236 if (stripos($crumbs['url'], 'id%%')) {
237 $args = ['cid', 'mid'];
238 foreach ($args as $a) {
239 $val = CRM_Utils_Request
::retrieve($a, 'Positive', CRM_Core_DAO
::$_nullObject,
243 $crumbs['url'] = str_ireplace("%%{$a}%%", $val, $crumbs['url']);
247 $breadCrumb[] = "<a href=\"{$crumbs['url']}\">{$crumbs['title']}</a>";
251 $template = CRM_Core_Smarty
::singleton();
252 $template->assign_by_ref('breadcrumb', $breadCrumb);
253 wp_set_breadcrumb($breadCrumb);
259 public function resetBreadCrumb() {
261 wp_set_breadcrumb($bc);
267 public function addHTMLHead($head) {
268 static $registered = FALSE;
271 add_action('wp_head', [__CLASS__
, '_showHTMLHead']);
273 add_action('admin_head', [__CLASS__
, '_showHTMLHead']);
276 CRM_Core_Region
::instance('wp_head')->add([
282 * WP action callback.
284 public static function _showHTMLHead() {
285 $region = CRM_Core_Region
::instance('wp_head', FALSE);
287 echo $region->render('');
294 public function mapConfigToSSL() {
296 $base_url = str_replace('http://', 'https://', $base_url);
308 $forceBackend = FALSE,
311 $config = CRM_Core_Config
::singleton();
314 $fragment = isset($fragment) ?
('#' . $fragment) : '';
315 $path = CRM_Utils_String
::stripPathChars($path);
318 // FIXME: Why bootstrap in url()?
319 // Generally want to define 1-2 strategic places to put bootstrap.
320 if (!function_exists('get_option')) {
321 $this->loadBootStrap();
324 // When on the front-end.
325 if ($config->userFrameworkFrontend
) {
327 // Try and find the "calling" page/post.
330 $script = get_permalink($post->ID
);
331 if ($config->wpBasePage
== $post->post_name
) {
339 // Get the Base Page URL for building front-end URLs.
340 if ($frontend && !$forceBackend) {
341 $script = $this->getBasePageUrl();
347 // Get either the relative Base Page URL or the relative Admin Page URL.
348 $base = $this->getBaseUrl($absolute, $frontend, $forceBackend);
350 // Overwrite base URL if we already have a front-end URL.
351 if (!$forceBackend && $script != '') {
356 $admin_request = ((is_admin() && !$frontend) ||
$forceBackend);
359 // If not using Clean URLs.
361 // Or requesting an admin URL.
363 // Or this is a Shortcode.
364 ||
(!$basepage && $script != '')
367 // Build URL according to pre-existing logic.
369 // Admin URLs still need "page=CiviCRM", front-end URLs do not.
370 if ($admin_request) {
371 $queryParts[] = 'page=CiviCRM';
374 $queryParts[] = 'civiwp=CiviCRM';
376 $queryParts[] = 'q=' . rawurlencode($path);
378 if (!empty($query)) {
379 $queryParts[] = $query;
382 // Append our query parts, taking Permlink Structure into account.
383 if (get_option('permalink_structure') == '' && !$admin_request) {
384 $final = $base . $separator . implode($separator, $queryParts) . $fragment;
387 $final = $base . '?' . implode($separator, $queryParts) . $fragment;
395 $base = trailingslashit($base) . str_replace('civicrm/', '', $path) . '/';
397 if (!empty($query)) {
398 $query = ltrim($query, '=?&');
399 $queryParts[] = $query;
402 if (!empty($queryParts)) {
403 $final = $base . '?' . implode($separator, $queryParts) . $fragment;
406 $final = $base . $fragment;
415 * Get either the relative Base Page URL or the relative Admin Page URL.
417 * @param bool $absolute
418 * Whether to force the output to be an absolute link beginning with http(s).
419 * @param bool $frontend
420 * True if this link should be to the CMS front end.
421 * @param bool $forceBackend
422 * True if this link should be to the CMS back end.
424 * @return mixed|null|string
426 public function getBaseUrl($absolute, $frontend, $forceBackend) {
427 $config = CRM_Core_Config
::singleton();
428 if ((is_admin() && !$frontend) ||
$forceBackend) {
429 return Civi
::paths()->getUrl('[wp.backend]/.', $absolute ?
'absolute' : 'relative');
432 return Civi
::paths()->getUrl('[wp.frontend]/.', $absolute ?
'absolute' : 'relative');
437 * Get the URL of the WordPress Base Page.
439 * @return string|bool
440 * The Base Page URL, or false on failure.
442 public function getBasePageUrl() {
443 static $basepage_url = '';
444 if ($basepage_url === '') {
446 // Get the Base Page config setting.
447 $config = CRM_Core_Config
::singleton();
448 $basepage_slug = $config->wpBasePage
;
450 // Did we get a value?
451 if (!empty($basepage_slug)) {
453 // Query for our Base Page.
455 'post_type' => 'page',
456 'name' => strtolower($basepage_slug),
457 'post_status' => 'publish',
458 'posts_per_page' => 1,
461 // Find the Base Page object and set the URL.
462 if (!empty($pages) && is_array($pages)) {
463 $basepage = array_pop($pages);
464 if ($basepage instanceof WP_Post
) {
465 $basepage_url = get_permalink($basepage->ID
);
473 return $basepage_url;
479 public function getNotifyUrl(
485 $forceBackend = FALSE,
488 $config = CRM_Core_Config
::singleton();
490 $fragment = isset($fragment) ?
('#' . $fragment) : '';
491 $path = CRM_Utils_String
::stripPathChars($path);
494 // Get the Base Page URL.
495 $base = $this->getBasePageUrl();
497 // If not using Clean URLs.
498 if (!$config->cleanURL
) {
500 // Build URL according to pre-existing logic.
502 $queryParts[] = 'civiwp=CiviCRM';
503 $queryParts[] = 'q=' . rawurlencode($path);
505 if (!empty($query)) {
506 $queryParts[] = $query;
509 // Append our query parts, taking Permlink Structure into account.
510 if (get_option('permalink_structure') == '') {
511 $final = $base . $separator . implode($separator, $queryParts) . $fragment;
514 $final = $base . '?' . implode($separator, $queryParts) . $fragment;
522 $base = trailingslashit($base) . str_replace('civicrm/', '', $path) . '/';
524 if (!empty($query)) {
525 $query = ltrim($query, '=?&');
526 $queryParts[] = $query;
529 if (!empty($queryParts)) {
530 $final = $base . '?' . implode($separator, $queryParts) . $fragment;
533 $final = $base . $fragment;
544 public function authenticate($name, $password, $loadCMSBootstrap = FALSE, $realPath = NULL) {
545 $config = CRM_Core_Config
::singleton();
547 if ($loadCMSBootstrap) {
548 $config->userSystem
->loadBootStrap([
554 $user = wp_authenticate($name, $password);
555 if (is_a($user, 'WP_Error')) {
559 // TODO: need to change this to make sure we matched only one row
561 CRM_Core_BAO_UFMatch
::synchronizeUFMatch($user->data
, $user->data
->ID
, $user->data
->user_email
, 'WordPress');
562 $contactID = CRM_Core_BAO_UFMatch
::getContactId($user->data
->ID
);
566 return [$contactID, $user->data
->ID
, mt_rand()];
570 * FIXME: Do something
572 * @param string $message
574 public function setMessage($message) {
578 * @param \string $user
582 public function loadUser($user) {
583 $userdata = get_user_by('login', $user);
584 if (!$userdata->data
->ID
) {
588 $uid = $userdata->data
->ID
;
589 wp_set_current_user($uid);
590 $contactID = CRM_Core_BAO_UFMatch
::getContactId($uid);
592 // lets store contact id and user id in session
593 $session = CRM_Core_Session
::singleton();
594 $session->set('ufID', $uid);
595 $session->set('userID', $contactID);
600 * FIXME: Use CMS-native approach
601 * @throws \CRM_Core_Exception
603 public function permissionDenied() {
605 throw new CRM_Core_Exception(ts('You do not have permission to access this page.'));
609 * Determine the native ID of the CMS user.
611 * @param string $username
615 public function getUfId($username) {
616 $userdata = get_user_by('login', $username);
617 if (!$userdata->data
->ID
) {
620 return $userdata->data
->ID
;
626 public function logout() {
632 wp_redirect(wp_login_url());
638 public function getUFLocale() {
639 // Bail early if method is called when WordPress isn't bootstrapped.
640 // Additionally, the function checked here is located in pluggable.php
641 // and is required by wp_get_referer() - so this also bails early if it is
642 // called too early in the request lifecycle.
643 // @see https://core.trac.wordpress.org/ticket/25294
644 if (!function_exists('wp_validate_redirect')) {
648 // Default to WordPress User locale.
649 $locale = get_user_locale();
651 // Is this a "back-end" AJAX call?
653 if (wp_doing_ajax() && FALSE !== strpos(wp_get_referer(), admin_url())) {
657 // Ignore when in WordPress admin or it's a "back-end" AJAX call.
658 if (!(is_admin() ||
$is_backend)) {
660 // Reaching here means it is very likely to be a front-end context.
662 // Default to WordPress locale.
663 $locale = get_locale();
665 // Maybe override with the locale that Polylang reports.
666 if (function_exists('pll_current_language')) {
667 $pll_locale = pll_current_language('locale');
668 if (!empty($pll_locale)) {
669 $locale = $pll_locale;
673 // Maybe override with the locale that WPML reports.
674 elseif (defined('ICL_LANGUAGE_CODE')) {
675 $languages = apply_filters('wpml_active_languages', NULL);
676 foreach ($languages as $language) {
677 if ($language['active']) {
678 $locale = $language['default_locale'];
684 // TODO: Set locale for other WordPress plugins.
685 // @see https://wordpress.org/plugins/tags/multilingual/
686 // A hook would be nice here.
690 if (!empty($locale)) {
691 // If for some reason only we get a language code, convert it to a locale.
692 if (2 === strlen($locale)) {
693 $locale = CRM_Core_I18n_PseudoConstant
::longForShort($locale);
705 public function setUFLocale($civicrm_language) {
706 // TODO (probably not possible with WPML?)
711 * Load wordpress bootstrap.
713 * @param array $params
714 * Optional credentials
715 * - name: string, cms username
716 * - pass: string, cms password
717 * @param bool $loadUser
718 * @param bool $throwError
719 * @param mixed $realPath
722 * @throws \CRM_Core_Exception
724 public function loadBootStrap($params = [], $loadUser = TRUE, $throwError = TRUE, $realPath = NULL) {
725 global $wp, $wp_rewrite, $wp_the_query, $wp_query, $wpdb, $current_site, $current_blog, $current_user;
727 $name = $params['name'] ??
NULL;
728 $pass = $params['pass'] ??
NULL;
730 if (!defined('WP_USE_THEMES')) {
731 define('WP_USE_THEMES', FALSE);
734 $cmsRootPath = $this->cmsRootPath();
736 throw new CRM_Core_Exception("Could not find the install directory for WordPress");
738 $path = Civi
::settings()->get('wpLoadPhp');
742 elseif (file_exists($cmsRootPath . DIRECTORY_SEPARATOR
. 'wp-load.php')) {
743 require_once $cmsRootPath . DIRECTORY_SEPARATOR
. 'wp-load.php';
746 throw new CRM_Core_Exception("Could not find the bootstrap file for WordPress");
748 $wpUserTimezone = get_option('timezone_string');
749 if ($wpUserTimezone) {
750 date_default_timezone_set($wpUserTimezone);
751 CRM_Core_Config
::singleton()->userSystem
->setMySQLTimeZone();
753 require_once $cmsRootPath . DIRECTORY_SEPARATOR
. 'wp-includes/pluggable.php';
754 $uid = $params['uid'] ??
NULL;
756 $name = $name ?
$name : trim(CRM_Utils_Array
::value('name', $_REQUEST));
757 $pass = $pass ?
$pass : trim(CRM_Utils_Array
::value('pass', $_REQUEST));
759 $uid = wp_authenticate($name, $pass);
762 echo '<br />Sorry, unrecognized username or password.';
770 if ($uid instanceof WP_User
) {
771 $account = wp_set_current_user($uid->ID
);
774 $account = wp_set_current_user($uid);
776 if ($account && $account->data
->ID
) {
790 public function validInstallDir($dir) {
791 $includePath = "$dir/wp-includes";
792 if (@file_exists
("$includePath/version.php")) {
799 * Determine the location of the CMS root.
801 * @return string|NULL
802 * local file system path to CMS root, or NULL if it cannot be determined
804 public function cmsRootPath() {
806 // Return early if the path is already set.
807 global $civicrm_paths;
808 if (!empty($civicrm_paths['cms.root']['path'])) {
809 return $civicrm_paths['cms.root']['path'];
812 // Return early if constant has been defined.
813 if (defined('CIVICRM_CMSDIR')) {
814 if ($this->validInstallDir(CIVICRM_CMSDIR
)) {
815 return CIVICRM_CMSDIR
;
819 // Return early if path to wp-load.php can be retrieved from settings.
820 $setting = Civi
::settings()->get('wpLoadPhp');
821 if (!empty($setting)) {
822 $path = str_replace('wp-load.php', '', $setting);
823 $cmsRoot = rtrim($path, '/\\');
824 if ($this->validInstallDir($cmsRoot)) {
830 * Keep previous logic as fallback of last resort.
832 * At some point, it would be good to remove this because there are serious
833 * problems in correctly locating WordPress in this manner. In summary, it
834 * is impossible to do so reliably.
836 * @see https://github.com/civicrm/civicrm-wordpress/pull/63#issuecomment-61792328
837 * @see https://github.com/civicrm/civicrm-core/pull/11086#issuecomment-335454992
839 $cmsRoot = $valid = NULL;
841 $pathVars = explode('/', str_replace('\\', '/', $_SERVER['SCRIPT_FILENAME']));
843 // Might be Windows installation.
844 $firstVar = array_shift($pathVars);
846 $cmsRoot = $firstVar;
849 // Start with CMS dir search.
850 foreach ($pathVars as $var) {
852 if ($this->validInstallDir($cmsRoot)) {
853 // Stop as we found bootstrap.
859 return ($valid) ?
$cmsRoot : NULL;
865 public function createUser(&$params, $mail) {
868 'user_login' => $params['cms_name'],
869 'user_email' => $params[$mail],
870 'nickname' => $params['cms_name'],
871 'role' => get_option('default_role'),
874 // If there's a password add it, otherwise generate one.
875 if (!empty($params['cms_pass'])) {
876 $user_data['user_pass'] = $params['cms_pass'];
879 $user_data['user_pass'] = wp_generate_password(12, FALSE);;
882 // Assign WordPress User "name" field(s).
883 if (isset($params['contactID'])) {
884 $contactType = CRM_Contact_BAO_Contact
::getContactType($params['contactID']);
885 if ($contactType == 'Individual') {
886 $user_data['first_name'] = CRM_Core_DAO
::getFieldValue('CRM_Contact_DAO_Contact',
887 $params['contactID'], 'first_name'
889 $user_data['last_name'] = CRM_Core_DAO
::getFieldValue('CRM_Contact_DAO_Contact',
890 $params['contactID'], 'last_name'
893 if ($contactType == 'Organization') {
894 $user_data['first_name'] = CRM_Core_DAO
::getFieldValue('CRM_Contact_DAO_Contact',
895 $params['contactID'], 'organization_name'
898 if ($contactType == 'Household') {
899 $user_data['first_name'] = CRM_Core_DAO
::getFieldValue('CRM_Contact_DAO_Contact',
900 $params['contactID'], 'household_name'
906 * Broadcast that CiviCRM is about to create a WordPress User.
910 do_action('civicrm_pre_create_user');
912 // Remove the CiviCRM-WordPress listeners.
913 $this->hooks_core_remove();
915 // Now go ahead and create a WordPress User.
916 $uid = wp_insert_user($user_data);
919 * Call wp_signon if we aren't already logged in.
920 * For example, we might be creating a new user from the Contact record.
922 if (!current_user_can('create_users')) {
924 $creds['user_login'] = $params['cms_name'];
925 $creds['remember'] = TRUE;
926 wp_signon($creds, FALSE);
929 // Fire the new user action. Sends notification email by default.
930 do_action('register_new_user', $uid);
932 // Restore the CiviCRM-WordPress listeners.
933 $this->hooks_core_add();
936 * Broadcast that CiviCRM has creates a WordPress User.
940 do_action('civicrm_post_create_user');
948 public function updateCMSName($ufID, $ufName) {
950 if (function_exists('wp_update_user')) {
951 $ufID = CRM_Utils_Type
::escape($ufID, 'Integer');
952 $ufName = CRM_Utils_Type
::escape($ufName, 'String');
954 $values = ['ID' => $ufID, 'user_email' => $ufName];
956 wp_update_user($values);
962 * @param array $params
964 * @param string $emailName
966 public function checkUserNameEmailExists(&$params, &$errors, $emailName = 'email') {
967 $config = CRM_Core_Config
::singleton();
969 $dao = new CRM_Core_DAO();
970 $name = $dao->escape(CRM_Utils_Array
::value('name', $params));
971 $email = $dao->escape(CRM_Utils_Array
::value('mail', $params));
973 if (!empty($params['name'])) {
974 if (!validate_username($params['name'])) {
975 $errors['cms_name'] = ts("Your username contains invalid characters");
977 elseif (username_exists(sanitize_user($params['name']))) {
978 $errors['cms_name'] = ts('The username %1 is already taken. Please select another username.', [1 => $params['name']]);
982 if (!empty($params['mail'])) {
983 if (!is_email($params['mail'])) {
984 $errors[$emailName] = "Your email is invaid";
986 elseif (email_exists($params['mail'])) {
987 $errors[$emailName] = ts('The email address %1 already has an account associated with it. <a href="%2">Have you forgotten your password?</a>',
988 [1 => $params['mail'], 2 => wp_lostpassword_url()]
997 public function isUserLoggedIn() {
999 if (function_exists('is_user_logged_in')) {
1000 $isloggedIn = is_user_logged_in();
1009 public function isUserRegistrationPermitted() {
1010 if (!get_option('users_can_register')) {
1019 public function isPasswordUserGenerated() {
1026 public function getLoggedInUserObject() {
1027 if (function_exists('is_user_logged_in') &&
1030 global $current_user;
1032 return $current_user;
1038 public function getLoggedInUfID() {
1040 $current_user = $this->getLoggedInUserObject();
1041 return $current_user->ID ??
NULL;
1047 public function getLoggedInUniqueIdentifier() {
1048 $user = $this->getLoggedInUserObject();
1049 return $this->getUniqueIdentifierFromUserObject($user);
1053 * Get User ID from UserFramework system (Joomla)
1054 * @param object $user
1055 * Object as described by the CMS.
1059 public function getUserIDFromUserObject($user) {
1060 return !empty($user->ID
) ?
$user->ID
: NULL;
1066 public function getUniqueIdentifierFromUserObject($user) {
1067 return empty($user->user_email
) ?
NULL : $user->user_email
;
1073 public function getLoginURL($destination = '') {
1074 return wp_login_url($destination);
1078 * @param \CRM_Core_Form $form
1080 * @return NULL|string
1082 public function getLoginDestination(&$form) {
1085 $id = $form->get('id');
1090 $gid = $form->get('gid');
1092 $args .= "&gid=$gid";
1095 // Setup Personal Campaign Page link uses pageId
1096 $pageId = $form->get('pageId');
1098 $component = $form->get('component');
1099 $args .= "&pageId=$pageId&component=$component&action=add";
1104 $destination = NULL;
1106 // append destination so user is returned to form they came from after login
1107 $destination = CRM_Utils_System
::url(CRM_Utils_System
::currentPath(), 'reset=1' . $args);
1109 return $destination;
1115 public function getVersion() {
1116 if (function_exists('get_bloginfo')) {
1117 return get_bloginfo('version', 'display');
1127 public function getTimeZoneString() {
1128 return get_option('timezone_string');
1134 public function getUserRecordUrl($contactID) {
1135 $uid = CRM_Core_BAO_UFMatch
::getUFId($contactID);
1136 if (CRM_Core_Session
::singleton()
1137 ->get('userID') == $contactID || CRM_Core_Permission
::checkAnyPerm(['cms:administer users'])
1139 return CRM_Core_Config
::singleton()->userFrameworkBaseURL
. "wp-admin/user-edit.php?user_id=" . $uid;
1144 * Append WP js to coreResourcesList.
1146 * @param \Civi\Core\Event\GenericHookEvent $e
1148 public function appendCoreResources(\Civi\Core\Event\GenericHookEvent
$e) {
1149 $e->list[] = 'js/crm.wordpress.js';
1155 public function alterAssetUrl(\Civi\Core\Event\GenericHookEvent
$e) {
1156 // Set menubar breakpoint to match WP admin theme
1157 if ($e->asset
== 'crm-menubar.css') {
1158 $e->params
['breakpoint'] = 783;
1165 public function checkPermissionAddUser() {
1166 return current_user_can('create_users');
1172 public function synchronizeUsers() {
1173 $config = CRM_Core_Config
::singleton();
1174 if (PHP_SAPI
!= 'cli') {
1175 set_time_limit(300);
1178 $mail = 'user_email';
1180 $uf = $config->userFramework
;
1182 $contactCreated = 0;
1183 $contactMatching = 0;
1185 // Previously used the $wpdb global - which means WordPress *must* be bootstrapped.
1186 $wpUsers = get_users(array(
1187 'blog_id' => get_current_blog_id(),
1191 foreach ($wpUsers as $wpUserData) {
1193 if ($match = CRM_Core_BAO_UFMatch
::synchronizeUFMatch($wpUserData,
1207 if (is_object($match)) {
1213 'contactCount' => $contactCount,
1214 'contactMatching' => $contactMatching,
1215 'contactCreated' => $contactCreated,
1220 * Send an HTTP Response base on PSR HTTP RespnseInterface response.
1222 * @param \Psr\Http\Message\ResponseInterface $response
1224 public function sendResponse(\Psr\Http\Message\ResponseInterface
$response) {
1225 // use WordPress function status_header to ensure 404 response is sent
1226 status_header($response->getStatusCode());
1227 foreach ($response->getHeaders() as $name => $values) {
1228 CRM_Utils_System
::setHttpHeader($name, implode(', ', (array) $values));
1230 echo $response->getBody();
1231 CRM_Utils_System
::civiExit();
1235 * Start a new session if there's no existing session ID.
1237 * Checks are needed to prevent sessions being started when not necessary.
1239 public function sessionStart() {
1240 $session_id = session_id();
1242 // Check WordPress pseudo-cron.
1244 if (function_exists('wp_doing_cron') && wp_doing_cron()) {
1250 if (defined('WP_CLI') && WP_CLI
) {
1254 // Check PHP on the command line - e.g. `cv`.
1256 if (PHP_SAPI
!== 'cli') {
1260 // Maybe start session.
1261 if (empty($session_id) && !$wp_cron && !$wp_cli && !$php_cli) {
1267 * Perform any necessary actions prior to redirecting via POST.
1269 * Redirecting via POST means that cookies need to be sent with SameSite=None.
1271 public function prePostRedirect() {
1272 // Get User Agent string.
1273 $rawUserAgent = isset($_SERVER['HTTP_USER_AGENT']) ?
$_SERVER['HTTP_USER_AGENT'] : '';
1274 $userAgent = mb_convert_encoding($rawUserAgent, 'UTF-8');
1276 // Bail early if User Agent does not support `SameSite=None`.
1277 $shouldUseSameSite = CRM_Utils_SameSite
::shouldSendSameSiteNone($userAgent);
1278 if (!$shouldUseSameSite) {
1282 // Make sure session cookie is present in header.
1283 $cookie_params = session_name() . '=' . session_id() . '; SameSite=None; Secure';
1284 CRM_Utils_System
::setHttpHeader('Set-Cookie', $cookie_params);
1286 // Add WordPress auth cookies when user is logged in.
1287 $user = wp_get_current_user();
1288 if ($user->exists()) {
1289 self
::setAuthCookies($user->ID
, TRUE, TRUE);
1294 * Explicitly set WordPress authentication cookies.
1296 * Chrome 84 introduced a cookie policy change which prevents cookies for the
1297 * session and for WordPress user authentication from being indentified when
1298 * a purchaser returns to the site from PayPal using the "Back to Merchant"
1301 * In order to comply with this policy, cookies need to be sent with their
1302 * "SameSite" attribute set to "None" and with the "Secure" flag set, but this
1303 * isn't possible to do via `wp_set_auth_cookie()` as it stands.
1305 * This method is a modified clone of `wp_set_auth_cookie()` which satisfies
1306 * the Chrome policy.
1308 * @see wp_set_auth_cookie()
1310 * The $remember parameter increases the time that the cookie will be kept. The
1311 * default the cookie is kept without remembering is two days. When $remember is
1312 * set, the cookies will be kept for 14 days or two weeks.
1314 * @param int $user_id The WordPress User ID.
1315 * @param bool $remember Whether to remember the user.
1316 * @param bool|string $secure Whether the auth cookie should only be sent over
1317 * HTTPS. Default is an empty string which means the
1318 * value of `is_ssl()` will be used.
1319 * @param string $token Optional. User's session token to use for this cookie.
1321 private function setAuthCookies($user_id, $remember = FALSE, $secure = '', $token = '') {
1323 /** This filter is documented in wp-includes/pluggable.php */
1324 $expiration = time() +
apply_filters('auth_cookie_expiration', 14 * DAY_IN_SECONDS
, $user_id, $remember);
1327 * Ensure the browser will continue to send the cookie after the expiration time is reached.
1328 * Needed for the login grace period in wp_validate_auth_cookie().
1330 $expire = $expiration +
(12 * HOUR_IN_SECONDS
);
1333 /** This filter is documented in wp-includes/pluggable.php */
1334 $expiration = time() +
apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS
, $user_id, $remember);
1338 if ('' === $secure) {
1342 // Front-end cookie is secure when the auth cookie is secure and the site's home URL is forced HTTPS.
1343 $secure_logged_in_cookie = $secure && 'https' === parse_url(get_option('home'), PHP_URL_SCHEME
);
1345 /** This filter is documented in wp-includes/pluggable.php */
1346 $secure = apply_filters('secure_auth_cookie', $secure, $user_id);
1348 /** This filter is documented in wp-includes/pluggable.php */
1349 $secure_logged_in_cookie = apply_filters('secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure);
1352 $auth_cookie_name = SECURE_AUTH_COOKIE
;
1353 $scheme = 'secure_auth';
1356 $auth_cookie_name = AUTH_COOKIE
;
1360 if ('' === $token) {
1361 $manager = WP_Session_Tokens
::get_instance($user_id);
1362 $token = $manager->create($expiration);
1365 $auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme, $token);
1366 $logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in', $token);
1368 /** This filter is documented in wp-includes/pluggable.php */
1369 do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme, $token);
1371 /** This filter is documented in wp-includes/pluggable.php */
1372 do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in', $token);
1374 /** This filter is documented in wp-includes/pluggable.php */
1375 if (!apply_filters('send_auth_cookies', TRUE)) {
1380 'expires' => $expire,
1381 'domain' => COOKIE_DOMAIN
,
1383 'samesite' => 'None',
1386 self
::setAuthCookie($auth_cookie_name, $auth_cookie, $base_options +
['secure' => $secure, 'path' => PLUGINS_COOKIE_PATH
]);
1387 self
::setAuthCookie($auth_cookie_name, $auth_cookie, $base_options +
['secure' => $secure, 'path' => ADMIN_COOKIE_PATH
]);
1388 self
::setAuthCookie(LOGGED_IN_COOKIE
, $logged_in_cookie, $base_options +
['secure' => $secure_logged_in_cookie, 'path' => COOKIEPATH
]);
1389 if (COOKIEPATH
!= SITECOOKIEPATH
) {
1390 self
::setAuthCookie(LOGGED_IN_COOKIE
, $logged_in_cookie, $base_options +
['secure' => $secure_logged_in_cookie, 'path' => SITECOOKIEPATH
]);
1395 * Set cookie with "SameSite" flag.
1397 * The method here is compatible with all versions of PHP. Needed because it
1398 * is only as of PHP 7.3.0 that the setcookie() method supports the "SameSite"
1399 * attribute in its options and will accept "None" as a valid value.
1401 * @param $name The name of the cookie.
1402 * @param $value The value of the cookie.
1403 * @param array $options The header options for the cookie.
1405 private function setAuthCookie($name, $value, $options) {
1406 $header = 'Set-Cookie: ';
1407 $header .= rawurlencode($name) . '=' . rawurlencode($value) . '; ';
1408 $header .= 'expires=' . gmdate('D, d-M-Y H:i:s T', $options['expires']) . '; ';
1409 $header .= 'Max-Age=' . max(0, (int) ($options['expires'] - time())) . '; ';
1410 $header .= 'path=' . rawurlencode($options['path']) . '; ';
1411 $header .= 'domain=' . rawurlencode($options['domain']) . '; ';
1413 if (!empty($options['secure'])) {
1414 $header .= 'secure; ';
1416 $header .= 'httponly; ';
1417 $header .= 'SameSite=' . rawurlencode($options['samesite']);
1419 header($header, FALSE);
1420 $_COOKIE[$name] = $value;
1424 * Return the CMS-specific url for its permissions page
1427 public function getCMSPermissionsUrlParams() {
1428 return ['ufAccessURL' => CRM_Utils_System
::url('civicrm/admin/access/wp-permissions', 'reset=1')];
1432 * Remove CiviCRM's callbacks.
1434 * These may cause recursive updates when creating or editing a WordPress
1435 * user. This doesn't seem to have been necessary in the past, but seems
1436 * to be causing trouble when newer versions of BuddyPress and CiviCRM are
1439 * Based on the civicrm-wp-profile-sync plugin by Christian Wach.
1441 * @see self::hooks_core_add()
1443 public function hooks_core_remove() {
1444 $civicrm = civi_wp();
1446 // Remove current CiviCRM plugin filters.
1447 remove_action('user_register', [$civicrm->users
, 'update_user']);
1448 remove_action('profile_update', [$civicrm->users
, 'update_user']);
1452 * Add back CiviCRM's callbacks.
1453 * This method undoes the removal of the callbacks above.
1455 * @see self::hooks_core_remove()
1457 public function hooks_core_add() {
1458 $civicrm = civi_wp();
1460 // Re-add current CiviCRM plugin filters.
1461 add_action('user_register', [$civicrm->users
, 'update_user']);
1462 add_action('profile_update', [$civicrm->users
, 'update_user']);