' . esc_attr( $errmsg ) . '
'; } self::form_field(); } /** * Main verification function. Return if a submission is allowed or not. * * @param boolean $response - Current response. * @return bool - Was request valid? */ public static function verify( $response = false, $is_fallback_challenge = false ) { $verify = C4WP_Method_Loader::method_verify( C4WP_Method_Loader::get_currently_selected_method( true, false ), $response, $is_fallback_challenge ); return $verify; } /** * Verify a login attempt. * * @param WP_User $user - User object. * @param string $username - Login username. * @param string $password - Login password. * @return WP_User|WP_Error - Always return the user, WP Error otherwise. */ public static function login_verify( $user, $username = '', $password = '' ) { global $wpdb; if ( ! $username ) { return $user; } // Bail if a rest request. if ( self::is_rest_request() ) { return $user; } $show_captcha = self::show_login_captcha(); if ( ! isset( $_POST['c4wp_ajax_flag'] ) ) { // phpcs:ignore if ( $show_captcha && ! self::verify() ) { return new \WP_Error( 'c4wp_error', self::add_error_to_mgs() ); } } return $user; } /** * Checks if the current authentication request is RESTy or a custom URL where it should not load. * * @return boolean - Was a rest request? */ public static function is_rest_request() { if ( defined( 'REST_REQUEST' ) && REST_REQUEST || isset( $_GET['rest_route'] ) && strpos( sanitize_text_field( wp_unslash( $_GET['rest_route'] ) ), '/', 0 ) === 0 ) { return true; } global $wp_rewrite; if ( null === $wp_rewrite ) { $wp_rewrite = new \WP_Rewrite(); // phpcs:ignore } $rest_url = wp_parse_url( trailingslashit( rest_url() ) ); $current_url = wp_parse_url( add_query_arg( array() ) ); // If no path to check, return. if ( ! isset( $current_url['path'] ) || ! isset( $rest_url['path'] ) ) { return apply_filters( 'c4wp_is_rest_request_no_path_found', false ); } $is_rest = strpos( $current_url['path'], $rest_url['path'], 0 ) === 0; return $is_rest; } /** * Verify a registration attempt. * * @param WP_Error $errors - Current error array. * @param string $sanitized_user_login - Current user login. * @param string $user_email - User email address. * @return WP_Error - Error array with ours added, if applicable. */ public static function registration_verify( $errors, $sanitized_user_login, $user_email ) { if ( ! self::verify() ) { $errors->add( 'c4wp_error', self::add_error_to_mgs() ); } return $errors; } /** * Verify a new user signup on a multisite network. * * @param array $result - Error array. * @return array $result - Error array with ours added, if applicable. */ public static function ms_form_field_verify( $result ) { if ( isset( $_POST['stage'] ) && 'validate-user-signup' === $_POST['stage'] && ! self::verify() ) { // phpcs:ignore $result['errors']->add( 'c4wp_error', C4WP_Functions::c4wp_get_option( 'error_message' ) ); } return $result; } /** * Verify a new user signup on a WPMU form. * * @param array $result - Error array. * @return array $result - Error array with ours added, if applicable. */ public static function ms_blog_verify( $result ) { if ( ! self::verify() ) { $result['errors']->add( 'c4wp_error', C4WP_Functions::c4wp_get_option( 'error_message' ) ); } return $result; } /** * Verify lost password form submissin. * * @param WP_Error $result - Current errors. * @param int $user_id - User ID. * @return WP_Error - Error array with ours added, if applicable. */ public static function lostpassword_verify( $result, $user_id ) { // Allow admins to send reset links. if ( current_user_can( 'manage_options' ) && isset( $_REQUEST['action'] ) && in_array( wp_unslash( $_REQUEST['action'] ), array( 'resetpassword', 'send-password-reset' ), true ) ) { return $result; } if ( ! self::verify() ) { $result->add( 'c4wp_error', self::add_error_to_mgs() ); } return $result; } /** * Verify password reset submissions. * * @param WP_Error $errors - Current errors. * @param WP_User $user - User object. * @return WP_Error|WP_User - User object or error. */ public static function reset_password_verify( $errors, $user ) { // Allow admins to send reset links. if ( current_user_can( 'manage_options' ) && isset( $_REQUEST['action'] ) && in_array( wp_unslash( $_REQUEST['action'] ), array( 'resetpassword', 'send-password-reset' ), true ) ) { return $errors; } if ( ! isset( $_POST['c4wp_ajax_flag'] ) ) { // phpcs:ignore if ( ! self::verify() ) { $errors->add( 'c4wp_error', self::add_error_to_mgs() ); } } return $errors; } /** * Verify comment submissions. * * @param array $commentdata - Submitted data. * @return array - New comment data. */ public static function comment_verify( $commentdata ) { if ( ! isset( $_POST['c4wp_ajax_flag'] ) ) { // phpcs:ignore if ( ! self::verify() ) { wp_die( '' . wp_kses_post( self::add_error_to_mgs() ) . '
', esc_html__( 'Comment Submission Failure' ), array( 'response' => 403, 'back_link' => true, ) ); } } return $commentdata; } /** * Very comment in WP 4.9 and older. * * @param bool $approved - Approval currently. * @returnb ool $approved - Our approval. */ public static function comment_verify_490( $approved ) { if ( ! isset( $_POST['c4wp_ajax_flag'] ) ) { // phpcs:ignore if ( ! self::verify() ) { return new \WP_Error( 'c4wp_error', self::add_error_to_mgs(), 403 ); } } return $approved; } /** * Checks if the current page load is actually an iframe found in the new customizer/widgets areas within WP 5.8+. * * @return bool */ public static function check_should_js_embed() { // Ensure we dont load inside an iframe/preview. if ( isset( $_GET['legacy-widget-preview'] ) || isset( $_GET['customize_messenger_channel'] ) ) { return false; } return true; } /** * Auto detects language if applicable, otherwise returns the users desired language from the settings. * * @return string */ public static function determine_captcha_language() { $language = trim( C4WP_Functions::c4wp_get_option( 'language' ) ); /* @free:start */ $lang = '&hl=' . $language; /* @free:end */ return $lang; } } //END CLASS } //ENDIF