|
|
|
|
@ -647,43 +647,48 @@ add_action('wp_ajax_send_code', 'send_code'); |
|
|
|
|
add_action('wp_ajax_nopriv_send_code', 'send_code'); |
|
|
|
|
|
|
|
|
|
function send_code() { |
|
|
|
|
$email = $_POST['email']; |
|
|
|
|
$email = sanitize_email($_POST['email']); |
|
|
|
|
if (!is_email($email)) { |
|
|
|
|
wp_die(json_encode(['status' => 'error', 'text' => 'Invalid email'])); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// Generate a random 4-digit code |
|
|
|
|
$string = rand(1234, 9999); |
|
|
|
|
$ciphering = "AES-128-CTR"; |
|
|
|
|
$options = 0; |
|
|
|
|
$iv = '1234567891011121'; |
|
|
|
|
$encryption = openssl_encrypt($string, $ciphering, SECRET, $options, $iv); |
|
|
|
|
|
|
|
|
|
// Store encrypted code in a cookie for 5 minutes |
|
|
|
|
setcookie('login_code', $encryption, time() + 60 * 5, '/'); |
|
|
|
|
|
|
|
|
|
// Prepare email content based on language |
|
|
|
|
if (function_exists('pll_current_language') && pll_current_language() === 'ru') { |
|
|
|
|
$subject = "Проверочный код Cosmopet -" . $string; |
|
|
|
|
$message = "Привет, это Cosmopet.\n |
|
|
|
|
Держите проверочный код!\n |
|
|
|
|
" . $string; |
|
|
|
|
$code = sprintf("%04d", mt_rand(1000, 9999)); |
|
|
|
|
|
|
|
|
|
// Store code in a secure session for 5 minutes |
|
|
|
|
session_start(); |
|
|
|
|
$_SESSION['login_code'] = [ |
|
|
|
|
'code' => $code, |
|
|
|
|
'email' => $email, |
|
|
|
|
'expires' => time() + (5 * 60) |
|
|
|
|
]; |
|
|
|
|
session_write_close(); |
|
|
|
|
|
|
|
|
|
// Prepare email content |
|
|
|
|
$language = function_exists('pll_current_language') ? pll_current_language() : 'en'; |
|
|
|
|
if ($language === 'ru') { |
|
|
|
|
$subject = "Проверочный код Cosmopet - $code"; |
|
|
|
|
$message = "Привет, это Cosmopet.\nВаш проверочный код: $code\nДействителен 5 минут."; |
|
|
|
|
} else { |
|
|
|
|
$subject = "Cosmopet Verification Code -" . $string; |
|
|
|
|
$message = "Hello, this is CosmoPet.\n |
|
|
|
|
Here's your verification code!\n |
|
|
|
|
" . $string; |
|
|
|
|
$subject = "Cosmopet Verification Code - $code"; |
|
|
|
|
$message = "Hello, this is CosmoPet.\nYour verification code: $code\nValid for 5 minutes."; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// Remove email filters for consistent sending |
|
|
|
|
remove_all_filters('wp_mail_from'); |
|
|
|
|
remove_all_filters('wp_mail_from_name'); |
|
|
|
|
// Configure email headers |
|
|
|
|
$headers = array( |
|
|
|
|
'From: Cosmopet <pro@cosmopet.shop>', |
|
|
|
|
'content-type: text/html; charset=utf-8', |
|
|
|
|
'content-type: text/plain; charset=utf-8', |
|
|
|
|
'Reply-To: pro@cosmopet.shop', |
|
|
|
|
); |
|
|
|
|
|
|
|
|
|
// Send email |
|
|
|
|
wp_mail($email, $subject, $message, $headers); |
|
|
|
|
|
|
|
|
|
wp_die(); |
|
|
|
|
// Send email with fallback logging |
|
|
|
|
$sent = wp_mail($email, $subject, $message, $headers); |
|
|
|
|
if ($sent) { |
|
|
|
|
wp_die(json_encode(['status' => 'success', 'message' => 'Code sent'])); |
|
|
|
|
} else { |
|
|
|
|
error_log("Email failed to send to $email. Error: " . json_encode(error_get_last())); |
|
|
|
|
wp_die(json_encode(['status' => 'error', 'text' => 'Failed to send code'])); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
@ -696,82 +701,61 @@ add_action('wp_ajax_nopriv_check_code', 'check_code'); |
|
|
|
|
function check_code() { |
|
|
|
|
header("Content-Type: application/json"); |
|
|
|
|
|
|
|
|
|
$code = $_POST['code']; |
|
|
|
|
$email = $_POST['email']; |
|
|
|
|
$code = sanitize_text_field($_POST['code']); |
|
|
|
|
$email = sanitize_email($_POST['email']); |
|
|
|
|
|
|
|
|
|
// Generate a random 12-character password |
|
|
|
|
$alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890@#!()'; |
|
|
|
|
$pass = array(); |
|
|
|
|
$alphaLength = strlen($alphabet) - 1; |
|
|
|
|
for ($i = 0; $i < 12; $i++) { |
|
|
|
|
$n = rand(0, $alphaLength); |
|
|
|
|
$pass[] = $alphabet[$n]; |
|
|
|
|
} |
|
|
|
|
$pass = implode($pass); |
|
|
|
|
session_start(); |
|
|
|
|
if (isset($_SESSION['login_code']) && is_array($_SESSION['login_code'])) { |
|
|
|
|
$stored_data = $_SESSION['login_code']; |
|
|
|
|
if ($stored_data['email'] === $email && $stored_data['code'] === $code && $stored_data['expires'] > time()) { |
|
|
|
|
// Generate a random password |
|
|
|
|
$password = wp_generate_password(12, true, false); |
|
|
|
|
|
|
|
|
|
// Check if verification code cookie exists |
|
|
|
|
if (isset($_COOKIE['login_code'])) { |
|
|
|
|
$string = $_COOKIE['login_code']; |
|
|
|
|
$ciphering = "AES-128-CTR"; |
|
|
|
|
$options = 0; |
|
|
|
|
$iv = '1234567891011121'; |
|
|
|
|
$decryption = openssl_decrypt($string, $ciphering, SECRET, $options, $iv); |
|
|
|
|
|
|
|
|
|
if ($decryption === $code) { |
|
|
|
|
if (email_exists($email)) { |
|
|
|
|
// Log in existing user |
|
|
|
|
$user_id = get_user_by('login', $email)->ID; |
|
|
|
|
if (empty($user_id)) { |
|
|
|
|
$user_id = get_user_by('email', $email)->ID; |
|
|
|
|
} |
|
|
|
|
wp_set_password($pass, $user_id); |
|
|
|
|
wp_signon( |
|
|
|
|
array( |
|
|
|
|
$user = get_user_by('email', $email); |
|
|
|
|
wp_set_password($password, $user->ID); |
|
|
|
|
$login = wp_signon([ |
|
|
|
|
'user_login' => $email, |
|
|
|
|
'user_password' => $pass, |
|
|
|
|
'remember' => 'on', |
|
|
|
|
) |
|
|
|
|
); |
|
|
|
|
'user_password' => $password, |
|
|
|
|
'remember' => true |
|
|
|
|
]); |
|
|
|
|
|
|
|
|
|
echo json_encode(array( |
|
|
|
|
'status' => 'success_auth' |
|
|
|
|
)); |
|
|
|
|
if (function_exists('update_field')) { |
|
|
|
|
update_field('activated', true, 'user_' . $user_id); // Requires ACF |
|
|
|
|
if (!is_wp_error($login)) { |
|
|
|
|
// Redirect to admin dashboard |
|
|
|
|
update_user_meta($user->ID, 'activated', true); |
|
|
|
|
wp_die(json_encode(['status' => 'success_auth', 'redirect' => admin_url()])); |
|
|
|
|
} |
|
|
|
|
exit(); |
|
|
|
|
} else { |
|
|
|
|
// Register new user |
|
|
|
|
$user_id = wp_create_user($email, $pass, $email); |
|
|
|
|
$user_id = wp_create_user($email, $password, $email); |
|
|
|
|
if (!is_wp_error($user_id)) { |
|
|
|
|
wp_update_user([ |
|
|
|
|
'ID' => $user_id, |
|
|
|
|
'user_email' => $email |
|
|
|
|
'display_name' => $email |
|
|
|
|
]); |
|
|
|
|
$login = wp_signon([ |
|
|
|
|
'user_login' => $email, |
|
|
|
|
'user_password' => $password, |
|
|
|
|
'remember' => true |
|
|
|
|
]); |
|
|
|
|
|
|
|
|
|
wp_set_auth_cookie($user_id, true); |
|
|
|
|
echo json_encode(array( |
|
|
|
|
'status' => 'success_reg' |
|
|
|
|
)); |
|
|
|
|
if (function_exists('update_field')) { |
|
|
|
|
update_field('activated', true, 'user_' . $user_id); // Requires ACF |
|
|
|
|
if (!is_wp_error($login)) { |
|
|
|
|
update_user_meta($user_id, 'activated', true); |
|
|
|
|
wp_die(json_encode(['status' => 'success_reg', 'redirect' => admin_url()])); |
|
|
|
|
} |
|
|
|
|
exit(); |
|
|
|
|
} |
|
|
|
|
} else { |
|
|
|
|
echo json_encode(array( |
|
|
|
|
'status' => 'error', |
|
|
|
|
'text' => esc_html__('Invalid code', 'woodmart') |
|
|
|
|
)); |
|
|
|
|
exit(); |
|
|
|
|
} |
|
|
|
|
} else { |
|
|
|
|
echo json_encode(array( |
|
|
|
|
'status' => 'error', |
|
|
|
|
'text' => esc_html__('The code hasexpired', 'woodmart') |
|
|
|
|
)); |
|
|
|
|
exit(); |
|
|
|
|
} |
|
|
|
|
wp_die(); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// Cleanup expired session data |
|
|
|
|
if (isset($_SESSION['login_code']) && $stored_data['expires'] <= time()) { |
|
|
|
|
unset($_SESSION['login_code']); |
|
|
|
|
} |
|
|
|
|
session_write_close(); |
|
|
|
|
|
|
|
|
|
wp_die(json_encode(['status' => 'error', 'text' => 'Invalid or expired code'])); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
|
