'', // Single capability or comma-separated multiple capabilities. 'role' => '', // Single role or comma-separated multiple roles. 'user_id' => '', // Single user ID or comma-separated multiple IDs. 'user_name' => '', // Single user name or comma-separated multiple names. 'user_email' => '', // Single user email or comma-separated multiple emails. 'operator' => 'or' // Only the `!` operator is supported for now. Everything else falls back to `or`. ); // Merge the input attributes and the defaults. $attr = shortcode_atts( $defaults, $attr, 'members_access' ); // Get the operator. $operator = strtolower( $attr['operator'] ); // If the current user has the capability, show the content. if ( $attr['capability'] ) { // Get the capabilities. $caps = explode( ',', $attr['capability'] ); if ( '!' === $operator ) return members_current_user_can_any( $caps ) ? '' : do_shortcode( $content ); return members_current_user_can_any( $caps ) ? do_shortcode( $content ) : ''; } // If the current user has the role, show the content. if ( $attr['role'] ) { // Get the roles. $roles = explode( ',', $attr['role'] ); if ( '!' === $operator ) return members_current_user_has_role( $roles ) ? '' : do_shortcode( $content ); return members_current_user_has_role( $roles ) ? do_shortcode( $content ) : ''; } $user_id = 0; $user_name = $user_email = ''; if ( is_user_logged_in() ) { $user = wp_get_current_user(); $user_id = get_current_user_id(); $user_name = $user->user_login; $user_email = $user->user_email; } // If the current user has one of the user ids. if ( $attr['user_id'] ) { // Get the user IDs. $ids = array_map( 'trim', explode( ',', $attr['user_id'] ) ); if ( '!' === $operator ) { return in_array( $user_id, $ids ) ? '' : do_shortcode( $content ); } return in_array( $user_id, $ids ) ? do_shortcode( $content ) : ''; } // If the current user has one of the user names. if ( $attr['user_name'] ) { // Get the user names. $names = array_map( 'trim', explode( ',', $attr['user_name'] ) ); if ( '!' === $operator ) { return in_array( $user_name, $names ) ? '' : do_shortcode( $content ); } return in_array( $user_name, $names ) ? do_shortcode( $content ) : ''; } // If the current user has one of the user emails. if ( $attr['user_email'] ) { // Get the user emails. $emails = array_map( 'trim', explode( ',', $attr['user_email'] ) ); if ( '!' === $operator ) { return in_array( $user_email, $emails ) ? '' : do_shortcode( $content ); } return in_array( $user_email, $emails ) ? do_shortcode( $content ) : ''; } // Return an empty string if we've made it to this point. return ''; } /** * Displays a login form. * * @since 0.1.0 * @access public * @param array $attr Shortcode attributes. * @return string */ function members_login_form_shortcode( $attr = [] ) { // Default attributes $defaults = array( 'echo' => false, 'redirect' => ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], ); // Merge user attributes with defaults $attr = shortcode_atts( $defaults, $attr, 'members_login_form' ); ob_start(); if ( is_user_logged_in() ) { ?>

get_error_code(); if (empty(trim($error_code)) || $error_code == 'incorrect_password' || $error_code == 'invalid_username') { // Don't store specific message, we'll use default in the display function $_SESSION['members_login_error_message'] = __('Invalid username or password.', 'members'); } else { $_SESSION['members_login_error_message'] = $user->get_error_message(); } } // Add login=failed parameter $redirect_to = add_query_arg('login', 'failed', $redirect_to); wp_redirect($redirect_to); exit; } else { // On success, clear any error session data if (!session_id()) { session_start(); } if (isset($_SESSION['members_login_error_message'])) { unset($_SESSION['members_login_error_message']); } if (isset($_POST['redirect_to'])) { return remove_query_arg('login', esc_url($_POST['redirect_to'])); } // On success, return to the redirect_to URL return remove_query_arg('login', $redirect_to); } } /** * Filters the login form bottom output to add a nonce and error message if the login has failed. * This is only added to Members shortcode forms, not all WordPress login forms. * * @since 3.2.18 * * @return string The HTML to output below the login form. */ function members_login_form_bottom() { // Start session if not already started if (!session_id()) { session_start(); } // Add a nonce to verify this is a Members shortcode submission $output = wp_nonce_field( 'members_login_form', 'members_login_nonce', true, false ); if ( isset( $_REQUEST['login'] ) && $_REQUEST['login'] == 'failed' ) { // Get error message from session if (isset($_SESSION['members_login_error_message']) && !empty($_SESSION['members_login_error_message'])) { $error_message = $_SESSION['members_login_error_message']; } else { // Default message if no specific error is found $error_message = __('Invalid username or password.', 'members'); } // Allow specific HTML tags in error messages $allowed_html = array( 'a' => array( 'href' => array(), 'title' => array(), 'target' => array(), 'rel' => array(), 'class' => array(), ), 'br' => array(), 'em' => array(), 'strong' => array(), 'p' => array('class' => array()), 'span' => array('class' => array()), 'div' => array('class' => array()), ); $output .= '

' . wp_kses($error_message, $allowed_html) . '

'; } return $output; }