Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
0.00% |
0 / 59 |
|
0.00% |
0 / 3 |
CRAP | |
0.00% |
0 / 1 |
The_Newsletter_Plugin | |
0.00% |
0 / 59 |
|
0.00% |
0 / 3 |
90 | |
0.00% |
0 / 1 |
__construct | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
is_querystring_valid | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
get_wp_user_array | |
0.00% |
0 / 57 |
|
0.00% |
0 / 1 |
56 |
1 | <?php |
2 | |
3 | namespace BrianHenryIE\WP_Autologin_URLs\API\Integrations; |
4 | |
5 | use BrianHenryIE\WP_Autologin_URLs\API\User_Finder_Interface; |
6 | use Newsletter; |
7 | use NewsletterStatistics; |
8 | use Psr\Log\LoggerAwareInterface; |
9 | use Psr\Log\LoggerAwareTrait; |
10 | use Psr\Log\LoggerInterface; |
11 | use WP_User; |
12 | |
13 | /** |
14 | * The $_GET data is coming from links clicked outside WordPress; it will not have a nonce. |
15 | * |
16 | * phpcs:disable WordPress.Security.NonceVerification.Recommended |
17 | */ |
18 | class The_Newsletter_Plugin implements User_Finder_Interface, LoggerAwareInterface { |
19 | use LoggerAwareTrait; |
20 | |
21 | public function __construct( LoggerInterface $logger ) { |
22 | $this->setLogger( $logger ); |
23 | } |
24 | |
25 | /** |
26 | * Determine is the querystring needed for this integration present. |
27 | */ |
28 | public function is_querystring_valid(): bool { |
29 | return isset( $_GET['nltr'] ); |
30 | } |
31 | |
32 | /** |
33 | * Check is the URL a tracking URL for The Newsletter Plugin and if so, log in the user being tracked. |
34 | * |
35 | * @hooked plugins_loaded |
36 | * |
37 | * @see https://wordpress.org/plugins/newsletter/ |
38 | * @see NewsletterStatistics::hook_wp_loaded() |
39 | * |
40 | * @return array{source:string, wp_user:WP_User|null, user_data?:array<string,string>} |
41 | */ |
42 | public function get_wp_user_array(): array { |
43 | |
44 | $result = array(); |
45 | $result['source'] = 'The Newsletter Plugin'; |
46 | $result['wp_user'] = null; |
47 | $result['user_data'] = array(); |
48 | |
49 | if ( ! isset( $_GET['nltr'] ) ) { |
50 | return $result; |
51 | } |
52 | |
53 | if ( ! class_exists( NewsletterStatistics::class ) ) { |
54 | $this->logger->debug( '`nltr` querystring parameter set but `NewsletterStatistics` class not found.' ); |
55 | return $result; |
56 | } |
57 | |
58 | // This code mostly lifted from Newsletter plugin. |
59 | |
60 | $input = filter_var( wp_unslash( $_GET['nltr'] ), FILTER_SANITIZE_STRIPPED ); |
61 | if ( false === $input ) { |
62 | return $result; |
63 | } |
64 | |
65 | // phpcs:disable WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode |
66 | $nltr_param = base64_decode( $input ); |
67 | |
68 | // e.g. "1;2;https://example.org;;0bda890bd176d3e219614dde964cb07f". |
69 | |
70 | $parts = explode( ';', $nltr_param ); |
71 | $email_id = (int) array_shift( $parts ); |
72 | $user_id = (int) array_shift( $parts ); |
73 | $signature = array_pop( $parts ); |
74 | $anchor = array_pop( $parts ); |
75 | |
76 | $url = implode( ';', $parts ); |
77 | |
78 | $key = NewsletterStatistics::instance()->options['key']; |
79 | |
80 | $verified = ( md5( $email_id . ';' . $user_id . ';' . $url . ';' . $anchor . $key ) === $signature ); |
81 | |
82 | if ( ! $verified ) { |
83 | $this->logger->debug( |
84 | 'Could not verify Newsletter URL: ' . $nltr_param, |
85 | array( |
86 | 'nltr_param' => $nltr_param, |
87 | 'email_id' => $email_id, |
88 | 'user_id' => $user_id, |
89 | 'signature' => $signature, |
90 | 'anchor' => $anchor, |
91 | 'url' => $url, |
92 | 'key' => $key, |
93 | ) |
94 | ); |
95 | return $result; |
96 | } |
97 | // TODO: ban IP for repeated abuse. |
98 | |
99 | $tnp_user = Newsletter::instance()->get_user( $user_id ); |
100 | |
101 | if ( is_null( $tnp_user ) ) { |
102 | $this->logger->info( 'No user object returned for Newsletter user ' . $tnp_user ); |
103 | return $result; |
104 | } |
105 | |
106 | $user_email_address = $tnp_user->email; |
107 | |
108 | $wp_user = get_user_by( 'email', $user_email_address ); |
109 | |
110 | if ( $wp_user instanceof WP_User ) { |
111 | |
112 | $this->logger->info( "User `wp_user:{$wp_user->ID}` found from `tnp_user:{$tnp_user->id}` via Newsletter URL." ); |
113 | |
114 | $result['wp_user'] = $wp_user; |
115 | |
116 | } else { |
117 | |
118 | // We have their email address but they have no account, record the |
119 | // email address for WooCommerce UX and abandoned cart. |
120 | $user_info = array( |
121 | 'email' => $user_email_address, |
122 | 'first_name' => $tnp_user->name, |
123 | 'last_name' => $tnp_user->surname, |
124 | ); |
125 | |
126 | $result['user_data'] = $user_info; |
127 | |
128 | $this->logger->debug( |
129 | 'No wp_user found for Newsletter user', |
130 | array( |
131 | 'result' => $result, |
132 | ) |
133 | ); |
134 | } |
135 | |
136 | return $result; |
137 | } |
138 | } |