plugins – template_redirect hooks redirect wrong url – WordPress

Question

I made custom plugin about login, register, and forgot password.

And I give my plugin add_action template_redirect hooks to verify email, when user login and then redirect to homepage, and forgot password.

But I have bugs, I think the template_redirect hooks do not know which is redirect for verify and which is redirect for forgot password.

Please take a look at my code:

this is custom-plugin.php

    <?php
    
    if( ! defined('PLUGIN_PATH') ){
        define('PLUGIN_PATH' , plugin_dir_path(__FILE__));
    }
    
    require_once ABSPATH . 'wp-admin/includes/plugin.php';
    require_once ABSPATH . 'wp-admin/includes/upgrade.php';
    require_once PLUGIN_PATH . 'includes/register.php';
    require_once PLUGIN_PATH . 'includes/login.php';
    require_once PLUGIN_PATH . 'includes/forgot-password.php';
    require_once PLUGIN_PATH . 'includes/change-password.php';
    require_once PLUGIN_PATH . 'includes/functions.php';


    if( ! class_exists('main')){
        class main {
       
            function register(){

                // Start session on init hook.
                add_action( 'init', array('myFunctions','wpse16119876_init_session') );
          
                add_action ('template_redirect', array( 'forgotPasswordForm', 'forgotPassword'));
              
  
                add_action ('template_redirect', array( 'loginForm', 'verify'));
               
                add_action ('template_redirect', array( 'loginForm', 'set_submit_login_func'));
           
               
            }
       

        }

        $main = new main();
        $main->register();
        
       
  

   }

    

    
  ?>

lets assume that I insert SMTP email setting and have the form. I’m only giving functions that have wp_redirect.

And then this is login.php,

<?php
        class loginForm extends registerForm{
    
        public function set_submit_login_func(){
            global $wpdb;
    
            $account = filter_input(INPUT_POST, 'account');
            $password = filter_input(INPUT_POST, 'password');
    
            $users = $wpdb->get_row( $wpdb->prepare("SELECT * FROM {$wpdb->prefix}users WHERE user_email="$account" OR user_login = '$account'", ARRAY_A));
           
            ob_start();
    
            if(isset($_POST["login"])){
                if($users){
                    if($users->user_status == 0){
                        if(wp_check_password($password, $users->user_pass)){
                            $credentials = array(
                                'user_login' => $account,
                                'user_password' => $password
                            );
    
                            wp_signon($credentials, true);
                            wp_redirect(site_url());
                            exit;
                        } else{
                            $_SESSION["message"] = '<div style="background-color: indianred; color: #FFFFFF; line-height: 30px; height: 10%; text-align: center; top: 0px; width: 100%; z-index: 100; margin-bottom: 10px;">Password Salah</div>';
                        }
                    } else{
                        $_SESSION["message"] = '<div style="background-color: indianred; color: #FFFFFF; line-height: 30px; height: 10%; text-align: center; top: 0px; width: 100%; z-index: 100; margin-bottom: 10px;">Akun Belum di Aktifkan!</div>';
                    }
                   
                }else{
                    if($account != ($users->user_email && $user_login)){
                        $_SESSION["message"] = '<div style="background-color: indianred; color: #FFFFFF; line-height: 30px; height: 10%; text-align: center; top: 0px; width: 100%; z-index: 100; margin-bottom: 10px;">Akun Belum Terdaftar!</div>';
                    }
                  
                }
    
            }
            
            session_destroy();
    
            return ob_get_clean(); 
    
        }
    
        
        public function verify(){
        
                global $wpdb;
                
                $email = $_GET["em"];
                $token = $_GET["tk"];
                $url = site_url() .'/login';
                
                $registered_date = date( 'Y-m-d H:i:s', current_time( 'timestamp', 0 ) );  
         
                $users = $wpdb->get_row( $wpdb->prepare("SELECT * FROM {$wpdb->prefix}users WHERE user_email="$email"", ARRAY_A));
         
                if($users){
         
                    $user_token = $wpdb->get_row( $wpdb->prepare("SELECT * FROM {$wpdb->prefix}user_token WHERE token = '$token'", ARRAY_A));
         
                    if($user_token){
                        if(time() - $user_token->date_created < (60*60*24)){
         
                            $wpdb->update($wpdb->prefix . 'users', ["user_status" => 0, "user_registered" => $registered_date], ["user_email" => $email]);
         
                            $wpdb->delete($wpdb->prefix . 'user_token', ['email' => $email]);
         
                            $_SESSION["message"] = '<div style="background-color: darkcyan; color: #FFFFFF; line-height: 30px; height: 10%; text-align: center; top: 0px; width: 100%; z-index: 100; margin-bottom: 10px;">'.$email.'&nbsp'.'telah aktif, silahkan login'.'</div>';
         
                            wp_redirect($url);
                            exit;
         
         
                        }else{
                            $wpdb->delete($wpdb->prefix . 'users', ['user_email' => $email]);
                            $wpdb->delete($wpdb->prefix . 'user_token', ['email' => $email]);
         
         
                            $_SESSION["message"] = '<div style="background-color: indianred; color: #FFFFFF; line-height: 30px; height: 10%; text-align: center; top: 0px; width: 100%; z-index: 100; margin-bottom: 10px;">'.'Aktivasi akun gagal! Token kadaluarsa'.'</div>';
                          
                            wp_redirect($url);
                            exit;
                        }
         
                 
                    }else{
                        if(($token != $user_token) === true){
                            $_SESSION["message"] = '<div style="background-color: indianred; color: #FFFFFF; line-height: 30px; height: 10%; text-align: center; top: 0px; width: 100%; z-index: 100; margin-bottom: 10px;">'.'Aktivasi akun gagal! Token salah'.'</div>';
                          
                            wp_redirect($url);    
                            exit;
                 
                        }
                    }
                       
                }else{
         
                    if(($email != $users->user_email) === true){   
                         
                        $_SESSION["message"] = '<div style="background-color: indianred; color: #FFFFFF; line-height: 30px; height: 10%; text-align: center; top: 0px; width: 100%; z-index: 100; margin-bottom: 10px;">'.'Aktivasi akun gagal! Email salah'.'</div>';
                         
                        wp_redirect($url);    
                        exit;
                         
                    }
         
                }
        
                session_destroy();
             
            } 
        
        
        }
?>

this is forgot-password.php

<?php
    class forgotPasswordForm extends loginForm{
    
    
        public function forgotPassword(){
    
            global $wpdb;
    
            $email = $_GET["em"];
            $token = $_GET["tk"];
            $url = site_url() .'/login/forgotpassword';
    
            $other_url = add_query_arg(
                array(
                    'req:em' =>$email,
                    'tk' => $token
                ), site_url().'/changepassword'
            );
    
            
            
            $users = $wpdb->get_row( $wpdb->prepare("SELECT * FROM {$wpdb->prefix}users WHERE user_email="$email"", ARRAY_A));
            
          
            if($users){
                $user_token = $wpdb->get_row( $wpdb->prepare("SELECT * FROM {$wpdb->prefix}user_token WHERE token = '$token'", ARRAY_A));
               
                if($user_token){
                    if(time() - $user_token->date_created < (60*60*24)){
                     
                        $_SESSION["message"] = '<div style="background-color: darkcyan ; color: #FFFFFF; line-height: 30px; height: 10%; text-align: center; top: 0px; width: 100%; z-index: 100; margin-bottom: 10px;">'.'Setel ulang kata sandi: '.$email.'</div>';
        
                        wp_redirect($other_url);
    
                        exit;
    
                    }
                    else{
                        $wpdb->delete($wpdb->prefix . 'user_token', ['email' => $email]);
     
                        $_SESSION["message"] = '<div style="background-color: indianred; color: #FFFFFF; line-height: 30px; height: 10%; text-align: center; top: 0px; width: 100%; z-index: 100; margin-bottom: 10px;">'.'Setel ulang kata sandi gagal! Token kadaluarsa'.'</div>';
                      
                        wp_redirect($url);
                        exit;
                    }
    
                }
                
                else{
                    if($token != $user_token){
                        
                        $_SESSION["message"] = '<div style="background-color: indianred; color: #FFFFFF; line-height: 30px; height: 10%; text-align: center; top: 0px; width: 100%; z-index: 100; margin-bottom: 10px;">'.'Setel ulang kata sandi gagal! Token salah'.'</div>';
                      
                        wp_redirect($url);    
                        exit;
                  
                    }
                }
                   
            }else{
     
                if($email != $users->user_email){   
                    
                    $_SESSION["message"] = '<div style="background-color: indianred; color: #FFFFFF; line-height: 30px; height: 10%; text-align: center; top: 0px; width: 100%; z-index: 100; margin-bottom: 10px;">'.'Setel ulang kata sandi gagal! Email salah'.'</div>';
                    
                    wp_redirect($url); 
                    exit;
            
                }
           
            }
            
    
        }
    
    
    }

?>

and I put sendEmail functions in functions.php

<?php
class myFunctions {


  protected static function _sendEmail($token, $type){

            $sendto = filter_input(INPUT_POST, 'email');
            $sendfrom = 'hendratrisno@gmail.com';
            $headers = array("Content-type:text/html; charset=UTF-8","From: Me Myself <". $sendfrom . ">");
            if($type == 'verify'){
                $sendsub = 'Verify Account';
                $sendmess="Please click to activate your account:<a href="".site_url(). '/login/verify?em='.filter_input(INPUT_POST, 'email'). '&tk='.urlencode_deep($token).'">Activate</a>';
            }
            if($type == 'forgot'){
                $sendsub = 'Reset Password';
                $sendmess="Please click to reset your password:<a href="".site_url(). '/login/forgotpassword?em='.filter_input(INPUT_POST, 'email'). '&tk='.urlencode_deep($token).'">Reset Password</a>';
    
            }
                   
            wp_mail($sendto, $sendsub, $sendmess, $headers);
            
        }




}


?>

and for inheritance, my code like this:

class myFunctions
class registerForm extends myFunctions 
class loginForm extends registerForm
class forgotPasswordForm extends loginForm
class changePasswordForm extends forgotPasswordForm

I hope I can get help to solve this bugs. Thank You!

0
hendra 3 weeks 2021-11-13T04:24:28-05:00 0 Answers 0 views 0

Leave an answer

Browse
Browse