v4.8.1 #3

Merged
th.guenther merged 14 commits from v4.8.1 into main 2024-08-12 15:51:56 +02:00
10 changed files with 177 additions and 206 deletions
Showing only changes of commit 5e107d36ca - Show all commits

View File

@ -15,43 +15,6 @@ function bdp_update_dashboard_style() {
}
function bdp_add_menu_security() {
$moduleLoad = get_admin_url() . 'admin.php?page=' . BDP_LV_PLUGIN_SLUG . '/modules/index.php&loadmodule=';
}
function bdp_add_menu_contents() {
add_menu_page('Seiten',
'Inhalte',
'edit_posts',
'edit.php?post_type=page',
'',
'dashicons-format-aside',
4
);
add_submenu_page('edit.php?post_type=page',
'media',
'Medienverwaltung',
'edit_posts',
'upload.php'
);
add_submenu_page('edit.php?post_type=page',
'comments',
'Kommentare',
'edit_posts',
'edit-comments.php'
);
add_submenu_page('edit.php?post_type=page',
'Beiträge',
'Beiträge',
'edit_posts',
'edit.php'
);
}
function bdp_add_menu_mein_lv() {
$location = BDP_LV_PLUGIN_DIR . '/modules/';
$mainSlug = $location . 'index.php';
@ -75,90 +38,7 @@ function bdp_add_menu_mein_lv() {
);
}
function bdp_add_menu_setup() {
add_menu_page(
'Benutzer',
'Benutzer-Verwaltung',
'manage_options',
'users.php',
'',
'dashicons-admin-users',
6
);
add_menu_page(
'Allgemeine Einstellungen',
'Webseiten-Setup',
'manage_options',
'options-general.php',
'',
'dashicons-admin-generic',
6
);
add_submenu_page('options-general.php',
'Design-Einstellungen',
'Template bearbeiten',
'manage_options',
'customize.php?return=/wp-admin/'
);
add_submenu_page('options-general.php',
'plugins',
'Erweiterungen',
'manage_options',
'plugins.php'
);
add_submenu_page('options-general.php',
'themes',
'Designs',
'manage_options',
'themes.php'
);
add_submenu_page('options-general.php',
'Sicherheit',
'Webseiten-Sicherheit',
'manage_options',
'site-health.php'
);
}
function bdp_cleanup_menu()
{
global $submenu;
remove_menu_page('edit-comments.php');
remove_menu_page('edit.php');
remove_menu_page('edit.php?post_type=page');
remove_menu_page('upload.php');
remove_menu_page('themes.php');
remove_menu_page('plugins.php');
remove_menu_page('options-general.php');
remove_menu_page('users.php');
remove_menu_page('tools.php');
bdp_add_menu_contents();
bdp_add_menu_setup();
bdp_add_menu_security();
remove_submenu_page('edit.php?post_type=page','post-new.php?post_type=page');
remove_submenu_page('users.php','user-new.php');
remove_submenu_page('users.php','profile.php');
remove_submenu_page('edit.php','post-new.php');
remove_submenu_page('edit.php','edit-tags.php?taxonomy=category');
remove_submenu_page('edit.php','edit-tags.php?taxonomy=post_tag');
}
function bdp_create_menu_structure()
{
add_action('admin_menu', 'bdp_cleanup_menu');
{;
bdp_add_menu_mein_lv();
}

View File

@ -5,64 +5,40 @@
remove_role( 'contributor' ); // Hier 'custom_role_slug' durch den tatsächlichen Slug der zu löschenden Rolle ersetzen
remove_role( 'author' ); // Hier 'custom_role_slug' durch den tatsächlichen Slug der zu löschenden Rolle ersetzen
remove_role( 'editor' ); // Hier 'custom_role_slug' durch den tatsächlichen Slug der zu löschenden Rolle ersetzen
$capabilities = array(
'read' => true, // Die Rolle kann Beiträge lesen
'edit_posts' => true, // Die Rolle kann Beiträge bearbeiten
'delete_posts' => true, // Die Rolle kann Beiträge löschen
'publish_posts' => true, // Die Rolle kann Beiträge veröffentlichen
// Weitere Berechtigungen können nach Bedarf hinzugefügt werden
$role = get_role( 'director' );
if ( null === $role ) {
add_role(
'director',
true === get_option( 'solea_used_for_state', false )
? __( 'State director', 'mareike' )
: __( 'Club director', 'mareike' ),
kompass_get_capa_editor()
);
// Rolle hinzufügen
add_role( 'stafue', 'Stammesführung', kompass_get_capa_stafue() );
add_role( 'grufue', 'Gruppenführung', kompass_get_capa_grufue() );
add_role( 'aktionsleitung', 'Aktionsleitung', kompass_get_capa_aktionsleitung() );
add_role( 'author', 'Redakteur', kompass_get_capa_editor() );
$role = get_role( 'administrator' );
foreach (kompass_get_capa_stafue() as $capability => $value) {
} else {
$role = get_role( 'director' );
foreach ( kompass_get_capa_editor() as $capability => $value ) {
$role->add_cap( $capability );
}
}
function kompass_get_capa_stafue() : array
{
return array_merge(
[
'create_groups' => true,
'delete_groups' => true,
'edit_groups' => true,
'delete_teilis' => true,
'move_teilis' => true,
'create_events' => true,
], kompass_get_capa_aktionsleitung(), kompass_get_capa_grufue(), kompass_get_capa_editor());
add_role( 'author', 'Redakteur', kompass_get_capa_editor() );
$role = get_role( 'user' );
if ( null === $role ) {
add_role(
'user',
'Standardnutzer',
array('read' => true)
);
} else {
foreach ( solea_get_capabilities_user() as $capability => $value ) {
$role->add_cap( 'read' );
}
}
function kompass_get_capa_aktionsleitung() : array
{
return [
'show_bdp' => true,
'create_event_teilis' => true,
'edit_event_teilis' => true,
'delete_event_teilis' => true,
'send_event_mails' => true,
];
}
function kompass_get_capa_grufue() : array
{
return [
'show_bdp' => true,
'show_groups' => true,
'create_teilis' => true,
'edit_teilis' => true,
'send_mails' => true
];
}
function kompass_get_capa_editor() : array
{
return [

View File

@ -0,0 +1,39 @@
<?php
/**
* File: class-extendregistrationform.php
*
*
* @since 2024-07-30
* @license GPL-3.0-or-later
*
* @package mareike/
*/
namespace Bdp\Modules\Registration\Controllers;
class ExtendRegistrationForm {
public static function execute() {
?>
<p>
<label for="first_name">Vorname<br />
<input required style="width: 768px !important;" type="text" name="first_name" id="first_name" class="input" value="<?php echo esc_attr(wp_unslash($_POST['first_name'] ?? '')); ?>" size="25" /></label>
</p>
<p>
<label for="last_name">Nachname<br />
<input required style="width: 768px !important;" type="text" name="last_name" id="last_name" class="input" value="<?php echo esc_attr(wp_unslash($_POST['last_name'] ?? '')); ?>" size="25" /></label>
</p>
<?php
}
public static function error_messages($errors, $sanitized_user_login, $user_email) {
if (empty($_POST['first_name']) || !empty($_POST['first_name']) && trim($_POST['first_name']) == '') {
$errors->add('first_name_error', '<strong>FEHLER</strong>: Der Vorname ist erforderlich.');
}
if (empty($_POST['last_name']) || !empty($_POST['last_name']) && trim($_POST['last_name']) == '') {
$errors->add('last_name_error', '<strong>FEHLER</strong>: DEr Nachname ist erforderlich.');
}
return $errors;
}
}

View File

@ -0,0 +1,76 @@
<?php
/**
* File: class-saveregistration.php
*
*
* @since 2024-07-30
* @license GPL-3.0-or-later
*
* @package mareike/
*/
namespace Bdp\Modules\Registration\Controllers;
use WP_User;
class SaveRegistration {
public static function execute($user_id) {
if (!empty($_POST['first_name'])) {
update_user_meta($user_id, 'first_name', sanitize_text_field($_POST['first_name']));
}
if (!empty($_POST['last_name'])) {
update_user_meta($user_id, 'last_name', sanitize_text_field($_POST['last_name']));
}
// Assign the 'Standarduser' role to the new user
$user = new WP_User($user_id);
$user->set_role('standarduser');
// Send confirmation email
$user = get_userdata($user_id);
$code = sha1($user->user_registered);
update_user_meta($user_id, 'activation_code', $code);
$activation_link = add_query_arg(array('key' => $code, 'user' => $user_id), get_site_url() . '/wp-login.php');
wp_mail($user->user_email, 'Bitte bestätige deine Anmeldung', 'Hallo, bitte bestätige deine Anmeldung über den folgenden Link: ' . $activation_link);
// Notify admin
wp_mail(get_option('admin_email'), 'New User Registration', 'A new user has registered: ' . $user->user_login . PHP_EOL . 'First name:' . $user->first_name . PHP_EOL . 'Last name:' . $user->last_name );
}
public static function activate_user() {
if (isset($_GET['key']) && isset($_GET['user'])) {
$user_id = intval($_GET['user']);
$activation_code = get_user_meta($user_id, 'activation_code', true);
if ($activation_code === $_GET['key']) {
delete_user_meta($user_id, 'activation_code');
wp_redirect(home_url('/wp-login.php?checkemail=registered'));
exit;
}
}
}
public static function check_user_activation($user, $username, $password) {
if (!is_a($user, 'WP_User')) {
return null;
}
$user_id = $user->ID;
$activation_code = get_user_meta($user_id, 'activation_code', true);
if ($activation_code) {
return new WP_Error('not_activated', __('ERROR: You need to activate your account. Please check your email.', 'kompass'));
}
return $user;
}
public static function display_custom_message() {
if (isset($_GET['checkemail']) && $_GET['checkemail'] === 'registered') {
echo '<div class="custom-message" style="text-align:center; margin:20px auto; padding:10px; background-color:#e0f7fa; border:1px solid #00796b; border-radius:5px; max-width:600px;">
<p style="font-size:16px; color:#00796b;">Vielen Dank für deine Registrierung. Bitte überprüfen deine E-Mails, um deine Registrierung zu bestätigen.</p>
</div>';
}
}
}

View File

@ -1,6 +1,4 @@
<?php
add_filter('the_content', ['Calendar', 'printCalendar']);
wp_enqueue_style('bdp_calendar_css', BDP_LV_PLUGIN_URL . '/modules/calendar/assets/calendar.css');
wp_enqueue_script( 'loadCalendar', BDP_LV_PLUGIN_URL . '/modules/calendar/assets/ajaxscript.js');
require_once dirname(__FILE__) . '/classes/Calendar.class.php';

View File

@ -28,6 +28,9 @@ class Calendar
// Der zu ersetzende String
$original_string = '{{calendar}}';
if (str_contains($content,$original_string)) {
wp_enqueue_style('bdp_calendar_css', BDP_LV_PLUGIN_URL . '/modules/calendar/assets/calendar.css');
wp_enqueue_script( 'loadCalendar', BDP_LV_PLUGIN_URL . '/modules/calendar/assets/ajaxscript.js');
$calendar = new Calendar();
// Der Ersatzstring

View File

@ -40,11 +40,27 @@ class MainController
}
public function __construct()
{
global $dbHandler;
global $dbHandler, $wpdb;
$show_menu = false;
foreach ([self::KOMPASS_EVENTS_EVENTS] as $table) {
$sqlTable = $wpdb->prefix . $table;
$sql = "SHOW TABLES LIKE '$sqlTable'";
$result = $wpdb->get_var( $sql );
if ( $result == $sqlTable ) {
$show_menu = true;
}
}
if (!$show_menu) {
return;
}
add_menu_page(
__('Events', BDP_LV_PLUGIN_SLUG),
__('Events', BDP_LV_PLUGIN_SLUG),
__('Events (legacy)', BDP_LV_PLUGIN_SLUG),
__('Events (legacy)', BDP_LV_PLUGIN_SLUG),
'send_mails',
'kompass-events',
[$this, 'router'],

View File

@ -28,7 +28,6 @@ class Security
$loginUrl = get_option('whl_page', null) ?? 'bdp-login';
}
enable_option_rewrite_url($loginUrl);
enable_option_disable_xmlrpc();
enable_option_block_authorscan();
enable_option_block_execution_in_uploads();
@ -83,14 +82,19 @@ class Security
public static function SetPageFilters() {
global $wp;
add_action('template_redirect', [Security::class, 'protectAuthorScan']);
if (null !== is_login_rewritten()) {
if (str_contains($_SERVER['REQUEST_URI'], 'wp-login.php?action=logout')) {
return;
}
add_action('template_redirect', [Security::class, 'protectAuthorScan']);
Security::protectLoginSecurity();
}
}
public static function protectLoginSecurity() {
$hideLogin = is_login_rewritten();

View File

@ -86,12 +86,6 @@ function disable_option_disable_wp_debug() {
WpConfigEditor::updateConfig('WP_DEBUG', 'true');
}
function enable_option_rewrite_url(?string $url = null) {
global $_POST;
$saveUrl = $url ?? $_POST['rewrite_login'];
update_option('kompass_sec_rewrite_login', $saveUrl);
}
function disable_option_rewrite_url() {
update_option('kompass_sec_rewrite_login', null);
}
@ -110,7 +104,6 @@ function kompass_sec_save_settings($settings) {
'option_prohibit_bot_access',
'option_block_directory_listing',
'option_disable_wp_debug',
'option_rewrite_url',
];
$enableSettings = array_intersect($allPossibleSettings, $settings);

View File

@ -98,20 +98,6 @@
</span>
</label>
</div>
<div class="bdp_setting_box">
<input <?php if (null !== is_login_rewritten()) {echo ' checked';} ?> type="checkbox" id="sec_mod_11" name="security_settings[]" value="option_rewrite_url" />
<label for="sec_mod_11">
<?= __('Change Login URL', BDP_LV_PLUGIN_SLUG); ?><br />
<span>
<?= __('Changing the default login URL of WordPress is advisable to enhance the security of your website. By default, WordPress login URLs is /wp-admin or /wp-login.php, which are easily guessed by hackers and facilitate attacks such as brute-force attacks. Changing the login URL to something unique and difficult to guess increases security since potential attackers will struggle to find the correct URL. This can help protect your website from unauthorized access and other malicious activities.', BDP_LV_PLUGIN_SLUG); ?><br />
<label style="font-weight: bold;">
<?= __('Login-URL', BDP_LV_PLUGIN_SLUG) ?>: <?= get_site_url(); ?>/<input style="width: 100px;" class="long_text" type="text" name="rewrite_login" id="rewrite_login" value="<?= is_login_rewritten(); ?>">
</label>
</span>
</label>
</div>
<br /><br />
<input type="submit" class="button" value="<?= __('Save changes', BDP_LV_PLUGIN_SLUG); ?>" />