perrybutler · evaldobarbosa · Sep 23, 2015 · Sep 23, 2015
diff --git a/login-facebook.php b/login-facebook.php
@@ -175,12 +175,13 @@ function get_oauth_identity($wpoa) {
 	// parse and return the user's oauth identity:
 	$oauth_identity = array();
 	$oauth_identity['provider'] = $_SESSION['WPOA']['PROVIDER'];
-	$oauth_identity['id'] = $result_obj['id']; // PROVIDER SPECIFIC: this is how Facebook returns the user's unique id
+	$oauth_identity = array_merge($oauth_identity,$result_obj);
+	//$oauth_identity['id'] = $result_obj['id']; // PROVIDER SPECIFIC: this is how Facebook returns the user's unique id
 	//$oauth_identity['email'] = $result_obj['email']; //PROVIDER SPECIFIC: this is how Facebook returns the email address
 	if (!$oauth_identity['id']) {
 		$wpoa->wpoa_end_login("Sorry, we couldn't log you in. User identity was not found. Please notify the admin or try again later.");
 	}
 	return $oauth_identity;
 }
 # END OF AUTHENTICATION FLOW HELPER FUNCTIONS #
-?>
+?>
diff --git a/register.php b/register.php
@@ -1 +1,94 @@
-<?php// TODO: very important that we sanitize all $_POST variables here before using them!// TODO: this doesn't call wpoa_end_login() which might result in the LAST_URL not being cleared...global $wpdb;// initiate the user session:session_start();// prevent users from registering if the option is turned off in the dashboard:if (!get_option("users_can_register")) {	$_SESSION["WPOA"]["RESULT"] = "Sorry, user registration is disabled at this time. Your account could not be registered. Please notify the admin or try again later.";	header("Location: " . $_SESSION["WPOA"]["LAST_URL"]);	exit;}// registration was initiated from an oauth provider, set the username and password automatically.if ($_SESSION["WPOA"]["USER_ID"] != "") {	$username = uniqid('', true);	$password = wp_generate_password();}// registration was initiated from the standard sign up form, set the username and password that was requested by the user.if ( $_SESSION["WPOA"]["USER_ID"] == "" ) {	// this registration was initiated from the standard Registration page, create account and login the user automatically	$username = $_POST['identity'];	$password = $_POST['password'];}// now attempt to generate the user and get the user id:$user_id = wp_create_user( $username, $password, $username ); // we use wp_create_user instead of wp_insert_user so we can handle the error when the user being registered already exists// check if the user was actually created:if (is_wp_error($user_id)) {	// there was an error during registration, redirect and notify the user:	$_SESSION["WPOA"]["RESULT"] = $user_id->get_error_message();	header("Location: " . $_SESSION["WPOA"]["LAST_URL"]);	exit;}// now try to update the username to something more permanent and recognizable:$username = "user" . $user_id;$update_username_result = $wpdb->update($wpdb->users, array('user_login' => $username, 'user_nicename' => $username, 'display_name' => $username), array('ID' => $user_id));$update_nickname_result = update_user_meta($user_id, 'nickname', $username);// apply the custom default user role:$role = get_option('wpoa_new_user_role');$update_role_result = wp_update_user(array('ID' => $user_id, 'role' => $role));// proceed if no errors were detected:if ($update_username_result == false || $update_nickname_result == false) {	// there was an error during registration, redirect and notify the user:	$_SESSION["WPOA"]["RESULT"] = "Could not rename the username during registration. Please contact an admin or try again later.";	header("Location: " . $_SESSION["WPOA"]["LAST_URL"]); exit;}elseif ($update_role_result == false) {	// there was an error during registration, redirect and notify the user:	$_SESSION["WPOA"]["RESULT"] = "Could not assign default user role during registration. Please contact an admin or try again later.";	header("Location: " . $_SESSION["WPOA"]["LAST_URL"]); exit;}else {	// registration was successful, the user account was created, proceed to login the user automatically...	// associate the wordpress user account with the now-authenticated third party account:	$this->wpoa_link_account($user_id);	// attempt to login the new user (this could be error prone):	$creds = array();	$creds['user_login'] = $username;	$creds['user_password'] = $password;	$creds['remember'] = true;	$user = wp_signon( $creds, false );	// send a notification e-mail to the admin and the new user (we can also build our own email if necessary):	if (!get_option('wpoa_suppress_welcome_email')) {		//wp_mail($username, "New User Registration", "Thank you for registering!\r\nYour username: " . $username . "\r\nYour password: " . $password, $headers);		wp_new_user_notification( $user_id, $password );	}	// finally redirect the user back to the page they were on and notify them of successful registration:	$_SESSION["WPOA"]["RESULT"] = "You have been registered successfully!";	header("Location: " . $_SESSION["WPOA"]["LAST_URL"]); exit;}?>
+<?php
+
+// TODO: very important that we sanitize all $_POST variables here before using them!
+// TODO: this doesn't call wpoa_end_login() which might result in the LAST_URL not being cleared...
+
+global $wpdb;
+
+// initiate the user session:
+session_start();
+
+// prevent users from registering if the option is turned off in the dashboard:
+if (!get_option("users_can_register")) {
+	$_SESSION["WPOA"]["RESULT"] = "Sorry, user registration is disabled at this time. Your account could not be registered. Please notify the admin or try again later.";
+	header("Location: " . $_SESSION["WPOA"]["LAST_URL"]);
+	exit;
+}
+
+// registration was initiated from an oauth provider, set the username and password automatically.
+if ($_SESSION["WPOA"]["USER_ID"] != "") {
+	$username = uniqid('', true);
+	$password = wp_generate_password();
+}
+
+// registration was initiated from the standard sign up form, set the username and password that was requested by the user.
+if ( $_SESSION["WPOA"]["USER_ID"] == "" ) {
+	// this registration was initiated from the standard Registration page, create account and login the user automatically
+	$username = $_POST['identity'];
+	$password = $_POST['password'];
+}
+
+// now attempt to generate the user and get the user id:
+$user_id = wp_create_user( $username, $password, $username ); // we use wp_create_user instead of wp_insert_user so we can handle the error when the user being registered already exists
+
+// check if the user was actually created:
+if (is_wp_error($user_id)) {
+	// there was an error during registration, redirect and notify the user:
+	$_SESSION["WPOA"]["RESULT"] = $user_id->get_error_message();
+	header("Location: " . $_SESSION["WPOA"]["LAST_URL"]);
+	exit;
+}
+
+// now try to update the username to something more permanent and recognizable:
+$username = "user" . $user_id;
+$update_username_result = $wpdb->update(
+	$wpdb->users, 
+	array(
+		'user_login' => $oauth_identity["email"], 
+		'user_nicename' => $oauth_identity["name"], 
+		'user_email' => $oauth_identity["email"], 
+		'user_url' => $oauth_identity["link"], 
+		'display_name' => $oauth_identity["first_name"]
+	), 
+	array('ID' => $user_id)
+);
+$update_nickname_result = update_user_meta($user_id, 'nickname', $oauth_identity["name"]);
+update_user_meta($user_id, 'user_url', $oauth_identity["link"]);
+update_user_meta($user_id, 'first_name', $oauth_identity["first_name"]);
+update_user_meta($user_id, 'last_name', $oauth_identity["last_name"]);
+
+// apply the custom default user role:
+$role = get_option('wpoa_new_user_role');
+$update_role_result = wp_update_user(array('ID' => $user_id, 'role' => $role));
+
+// proceed if no errors were detected:
+if ($update_username_result == false || $update_nickname_result == false) {
+	// there was an error during registration, redirect and notify the user:
+	$_SESSION["WPOA"]["RESULT"] = "Could not rename the username during registration. Please contact an admin or try again later.";
+	header("Location: " . $_SESSION["WPOA"]["LAST_URL"]); exit;
+}
+elseif ($update_role_result == false) {
+	// there was an error during registration, redirect and notify the user:
+	$_SESSION["WPOA"]["RESULT"] = "Could not assign default user role during registration. Please contact an admin or try again later.";
+	header("Location: " . $_SESSION["WPOA"]["LAST_URL"]); exit;
+}
+else {
+	// registration was successful, the user account was created, proceed to login the user automatically...
+	// associate the wordpress user account with the now-authenticated third party account:
+	$this->wpoa_link_account($user_id);
+	// attempt to login the new user (this could be error prone):
+	$creds = array();
+	$creds['user_login'] = $username;
+	$creds['user_password'] = $password;
+	$creds['remember'] = true;
+	$user = wp_signon( $creds, false );
+	// send a notification e-mail to the admin and the new user (we can also build our own email if necessary):
+	if (!get_option('wpoa_suppress_welcome_email')) {
+		//wp_mail($username, "New User Registration", "Thank you for registering!\r\nYour username: " . $username . "\r\nYour password: " . $password, $headers);
+		wp_new_user_notification( $user_id, $password );
+	}
+	// finally redirect the user back to the page they were on and notify them of successful registration:
+	$_SESSION["WPOA"]["RESULT"] = "You have been registered successfully!";
+	header("Location: " . $_SESSION["WPOA"]["LAST_URL"]); exit;
+}
+?>