diff --git a/wp-content/themes/cosmopet/functions.php b/wp-content/themes/cosmopet/functions.php index de347d2..d0d6129 100644 --- a/wp-content/themes/cosmopet/functions.php +++ b/wp-content/themes/cosmopet/functions.php @@ -647,43 +647,48 @@ add_action('wp_ajax_send_code', 'send_code'); add_action('wp_ajax_nopriv_send_code', 'send_code'); function send_code() { - $email = $_POST['email']; - + $email = sanitize_email($_POST['email']); + if (!is_email($email)) { + wp_die(json_encode(['status' => 'error', 'text' => 'Invalid email'])); + } + // Generate a random 4-digit code - $string = rand(1234, 9999); - $ciphering = "AES-128-CTR"; - $options = 0; - $iv = '1234567891011121'; - $encryption = openssl_encrypt($string, $ciphering, SECRET, $options, $iv); - - // Store encrypted code in a cookie for 5 minutes - setcookie('login_code', $encryption, time() + 60 * 5, '/'); - - // Prepare email content based on language - if (function_exists('pll_current_language') && pll_current_language() === 'ru') { - $subject = "Проверочный код Cosmopet -" . $string; - $message = "Привет, это Cosmopet.\n -Держите проверочный код!\n -" . $string; + $code = sprintf("%04d", mt_rand(1000, 9999)); + + // Store code in a secure session for 5 minutes + session_start(); + $_SESSION['login_code'] = [ + 'code' => $code, + 'email' => $email, + 'expires' => time() + (5 * 60) + ]; + session_write_close(); + + // Prepare email content + $language = function_exists('pll_current_language') ? pll_current_language() : 'en'; + if ($language === 'ru') { + $subject = "Проверочный код Cosmopet - $code"; + $message = "Привет, это Cosmopet.\nВаш проверочный код: $code\nДействителен 5 минут."; } else { - $subject = "Cosmopet Verification Code -" . $string; - $message = "Hello, this is CosmoPet.\n -Here's your verification code!\n -" . $string; + $subject = "Cosmopet Verification Code - $code"; + $message = "Hello, this is CosmoPet.\nYour verification code: $code\nValid for 5 minutes."; } - - // Remove email filters for consistent sending - remove_all_filters('wp_mail_from'); - remove_all_filters('wp_mail_from_name'); + + // Configure email headers $headers = array( 'From: Cosmopet ', - 'content-type: text/html; charset=utf-8', + 'content-type: text/plain; charset=utf-8', + 'Reply-To: pro@cosmopet.shop', ); - // Send email - wp_mail($email, $subject, $message, $headers); - - wp_die(); + // Send email with fallback logging + $sent = wp_mail($email, $subject, $message, $headers); + if ($sent) { + wp_die(json_encode(['status' => 'success', 'message' => 'Code sent'])); + } else { + error_log("Email failed to send to $email. Error: " . json_encode(error_get_last())); + wp_die(json_encode(['status' => 'error', 'text' => 'Failed to send code'])); + } } /** @@ -693,85 +698,64 @@ Here's your verification code!\n add_action('wp_ajax_check_code', 'check_code'); add_action('wp_ajax_nopriv_check_code', 'check_code'); -function check_code() { +function check_code() { header("Content-Type: application/json"); - $code = $_POST['code']; - $email = $_POST['email']; - - // Generate a random 12-character password - $alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890@#!()'; - $pass = array(); - $alphaLength = strlen($alphabet) - 1; - for ($i = 0; $i < 12; $i++) { - $n = rand(0, $alphaLength); - $pass[] = $alphabet[$n]; - } - $pass = implode($pass); - - // Check if verification code cookie exists - if (isset($_COOKIE['login_code'])) { - $string = $_COOKIE['login_code']; - $ciphering = "AES-128-CTR"; - $options = 0; - $iv = '1234567891011121'; - $decryption = openssl_decrypt($string, $ciphering, SECRET, $options, $iv); - - if ($decryption === $code) { + $code = sanitize_text_field($_POST['code']); + $email = sanitize_email($_POST['email']); + + session_start(); + if (isset($_SESSION['login_code']) && is_array($_SESSION['login_code'])) { + $stored_data = $_SESSION['login_code']; + if ($stored_data['email'] === $email && $stored_data['code'] === $code && $stored_data['expires'] > time()) { + // Generate a random password + $password = wp_generate_password(12, true, false); + if (email_exists($email)) { // Log in existing user - $user_id = get_user_by('login', $email)->ID; - if (empty($user_id)) { - $user_id = get_user_by('email', $email)->ID; - } - wp_set_password($pass, $user_id); - wp_signon( - array( - 'user_login' => $email, - 'user_password' => $pass, - 'remember' => 'on', - ) - ); - - echo json_encode(array( - 'status' => 'success_auth' - )); - if (function_exists('update_field')) { - update_field('activated', true, 'user_' . $user_id); // Requires ACF + $user = get_user_by('email', $email); + wp_set_password($password, $user->ID); + $login = wp_signon([ + 'user_login' => $email, + 'user_password' => $password, + 'remember' => true + ]); + + if (!is_wp_error($login)) { + // Redirect to admin dashboard + update_user_meta($user->ID, 'activated', true); + wp_die(json_encode(['status' => 'success_auth', 'redirect' => admin_url()])); } - exit(); } else { // Register new user - $user_id = wp_create_user($email, $pass, $email); - wp_update_user([ - 'ID' => $user_id, - 'user_email' => $email - ]); - - wp_set_auth_cookie($user_id, true); - echo json_encode(array( - 'status' => 'success_reg' - )); - if (function_exists('update_field')) { - update_field('activated', true, 'user_' . $user_id); // Requires ACF + $user_id = wp_create_user($email, $password, $email); + if (!is_wp_error($user_id)) { + wp_update_user([ + 'ID' => $user_id, + 'display_name' => $email + ]); + $login = wp_signon([ + 'user_login' => $email, + 'user_password' => $password, + 'remember' => true + ]); + + if (!is_wp_error($login)) { + update_user_meta($user_id, 'activated', true); + wp_die(json_encode(['status' => 'success_reg', 'redirect' => admin_url()])); + } } - exit(); } - } else { - echo json_encode(array( - 'status' => 'error', - 'text' => esc_html__('Invalid code', 'woodmart') - )); - exit(); } - } else { - echo json_encode(array( - 'status' => 'error', - 'text' => esc_html__('The code hasexpired', 'woodmart') - )); - exit(); } - wp_die(); + + // Cleanup expired session data + if (isset($_SESSION['login_code']) && $stored_data['expires'] <= time()) { + unset($_SESSION['login_code']); + } + session_write_close(); + + wp_die(json_encode(['status' => 'error', 'text' => 'Invalid or expired code'])); } /** diff --git a/wp-content/themes/cosmopet/modules/footer/assets/js/footer.js b/wp-content/themes/cosmopet/modules/footer/assets/js/footer.js index bb24a06..d362208 100644 --- a/wp-content/themes/cosmopet/modules/footer/assets/js/footer.js +++ b/wp-content/themes/cosmopet/modules/footer/assets/js/footer.js @@ -758,20 +758,20 @@ initCounters() // counter // checkbox -let checkbox = document.querySelectorAll('.checkbox'); - -checkbox.forEach(e => { - e.onclick = function (event) { - let input = e.querySelector('.checkbox__input'); - - if (!e.classList.contains('active')) { - input.checked = 1; - }else{ - input.checked = 0; - } - e.classList.toggle('active'); - } -}) +// let checkbox = document.querySelectorAll('.checkbox'); + +// checkbox.forEach(e => { +// e.onclick = function (event) { +// let input = e.querySelector('.checkbox__input'); + +// if (!e.classList.contains('active')) { +// input.checked = 1; +// }else{ +// input.checked = 0; +// } +// e.classList.toggle('active'); +// } +// }) // checkbox