vars = $vars; return $vars; } /** * Validate the API request */ protected function validate_request() { global $wp_query; $this->override = false; // Make sure we have both user and api key if ( ! empty( $wp_query->query_vars['um-api'] ) ) { if ( empty( $wp_query->query_vars['token'] ) || empty( $wp_query->query_vars['key'] ) ) { $this->missing_auth(); } // Retrieve the user by public API key and ensure they exist if ( ! ( $user = $this->get_user( $wp_query->query_vars['key'] ) ) ) { $this->invalid_key(); } else { $token = urldecode( $wp_query->query_vars['token'] ); $secret = get_user_meta( $user, 'um_user_secret_key', true ); $public = urldecode( $wp_query->query_vars['key'] ); if ( hash_equals( md5( $secret . $public ), $token ) ) { $this->is_valid_request = true; } else { $this->invalid_auth(); } } } } /** * Retrieve the user ID based on the public key provided * * @param string $key * * @return bool|mixed|null|string */ public function get_user( $key = '' ) { global $wpdb, $wp_query; if ( empty( $key ) ) { $key = urldecode( $wp_query->query_vars['key'] ); } if ( empty( $key ) ) { return false; } $user = get_transient( md5( 'um_api_user_' . $key ) ); if ( false === $user ) { $user = $wpdb->get_var( $wpdb->prepare( "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = 'um_user_public_key' AND meta_value = %s LIMIT 1", $key ) ); set_transient( md5( 'um_api_user_' . $key ) , $user, DAY_IN_SECONDS ); } if ( $user != null ) { $this->user_id = $user; return $user; } return false; } /** * Process Get users API Request. * * @param array $args * * @return array */ public function get_users( $args ) { $response = array(); $number = array_key_exists( 'number', $args ) && is_numeric( $args['number'] ) ? absint( $args['number'] ) : 10; $orderby = array_key_exists( 'orderby', $args ) ? sanitize_key( $args['orderby'] ) : 'user_registered'; $order = array_key_exists( 'order', $args ) ? sanitize_key( $args['order'] ) : 'desc'; $loop_a = array( 'number' => $number, 'orderby' => $orderby, 'order' => $order, ); if ( array_key_exists( 'include', $args ) ) { $include = explode( ',', sanitize_text_field( $args['include'] ) ); $loop_a['include'] = $include; } if ( array_key_exists( 'exclude', $args ) ) { $exclude = explode( ',', sanitize_text_field( $args['exclude'] ) ); $loop_a['exclude'] = $exclude; } $loop = get_users( $loop_a ); foreach ( $loop as $user ) { unset( $user->data->user_status, $user->data->user_activation_key, $user->data->user_pass ); um_fetch_user( $user->ID ); foreach ( $user as $key => $val ) { if ( 'data' !== $key ) { continue; } $val->roles = $user->roles; $val->first_name = um_user( 'first_name' ); $val->last_name = um_user( 'last_name' ); $val->account_status = UM()->common()->users()->get_status( $user->ID ); $val->profile_pic_original = um_get_user_avatar_url( '', 'original' ); $val->profile_pic_normal = um_get_user_avatar_url( '', 200 ); $val->profile_pic_small = um_get_user_avatar_url( '', 40 ); $val->cover_photo = $this->getsrc( um_user( 'cover_photo', 1000 ) ); /** * Filters the output data for Rest API userdata call. * * @param {mixed} $val User data value. * @param {int} $user_id User ID. * * @return {mixed} User data value. * * @since 2.0 * @hook um_rest_userdata * * @example Force change the output data for Rest API userdata call. * function my_custom_um_rest_userdata( $value, $user_id ) { * // your code here * return $response; * } * add_filter( 'um_rest_userdata', 'my_custom_um_rest_userdata', 10, 2 ); */ $response[ $user->ID ] = apply_filters( 'um_rest_userdata', $val, $user->ID ); } } return $response; } /** * Update user API query * * @param $args * * @return array */ public function update_user( $args ) { $response = array(); $error = array(); if ( empty( $args['id'] ) ) { $error['error'] = __( 'You must provide a user ID', 'ultimate-member' ); return $error; } if ( empty( $args['data'] ) ) { $error['error'] = __( 'You need to provide data to update', 'ultimate-member' ); return $error; } if ( ! array_key_exists( 'value', $args ) ) { $error['error'] = __( 'You need to provide value to update', 'ultimate-member' ); return $error; } $id = absint( $args['id'] ); $data = sanitize_text_field( $args['data'] ); $value = sanitize_text_field( $args['value'] ); um_fetch_user( $id ); switch ( $data ) { case 'status': // Force update of the user status without email notifications. UM()->common()->users()->set_status( $id, $value ); $response['success'] = __( 'User status has been changed.', 'ultimate-member' ); break; case 'role': $wp_user_object = new \WP_User( $id ); $old_roles = $wp_user_object->roles; $wp_user_object->set_role( $value ); /** This action is documented in includes/core/class-user.php */ do_action( 'um_after_member_role_upgrade', array( $value ), $old_roles, $id ); $response['success'] = __( 'User role has been changed.', 'ultimate-member' ); break; default: update_user_meta( $id, $data, $value ); $response['success'] = __( 'User meta has been changed.', 'ultimate-member' ); break; } return $response; } /** * Process delete user via API * * @param $args * * @return array */ public function delete_user( $args ) { $response = array(); $error = array(); if ( empty( $args['id'] ) ) { $error['error'] = __( 'You must provide a user ID', 'ultimate-member' ); return $error; } $id = absint( $args['id'] ); $user = get_userdata( $id ); if ( ! $user ) { $error['error'] = __( 'Invalid user specified', 'ultimate-member' ); return $error; } um_fetch_user( $id ); UM()->user()->delete(); $response['success'] = __( 'User has been successfully deleted.', 'ultimate-member' ); return $response; } /** * Process Get user API Request * * @param $args * * @return array|mixed */ public function get_auser( $args ) { $response = array(); $error = array(); if ( empty( $args['id'] ) ) { $error['error'] = __( 'You must provide a user ID', 'ultimate-member' ); return $error; } $id = absint( $args['id'] ); $user = get_userdata( $id ); if ( ! $user ) { $error['error'] = __( 'Invalid user specified', 'ultimate-member' ); return $error; } unset( $user->data->user_status, $user->data->user_activation_key, $user->data->user_pass ); um_fetch_user( $user->ID ); if ( array_key_exists( 'fields', $args ) ) { $fields = explode( ',', sanitize_text_field( $args['fields'] ) ); $response['ID'] = $user->ID; $response['username'] = $user->user_login; foreach ( $fields as $field ) { switch ( $field ) { default: $profile_data = um_profile( $field ); $response[ $field ] = $profile_data ? $profile_data : ''; /** * Filters the output data for Rest API user authentication call. * * @param {array} $response REST API response. * @param {string} $field Field Options. * @param {int} $user_id User ID. * * @return {array} REST API response. * * @since 2.0 * @hook um_rest_get_auser * * @example Force change the output data for Rest API user authentication call. * function my_custom_um_rest_get_auser( $response, $field, $user_id ) { * // your code here * return $response; * } * add_filter( 'um_rest_get_auser', 'my_custom_um_rest_get_auser', 10, 3 ); */ $response = apply_filters( 'um_rest_get_auser', $response, $field, $user->ID ); break; case 'cover_photo': $response['cover_photo'] = $this->getsrc( um_user( 'cover_photo', 1000 ) ); break; case 'profile_pic': $response['profile_pic_original'] = um_get_user_avatar_url( '', 'original' ); $response['profile_pic_normal'] = um_get_user_avatar_url( '', 200 ); $response['profile_pic_small'] = um_get_user_avatar_url( '', 40 ); break; case 'status': $response['status'] = UM()->common()->users()->get_status( $user->ID ); break; case 'role': //get priority role here $response['role'] = um_user( 'role' ); break; case 'email': case 'user_email': $response['email'] = um_user( 'user_email' ); break; } } } else { foreach ( $user as $key => $val ) { if ( 'data' !== $key ) { continue; } $val->roles = $user->roles; $val->first_name = um_user( 'first_name' ); $val->last_name = um_user( 'last_name' ); $val->account_status = UM()->common()->users()->get_status( $user->ID ); $val->profile_pic_original = um_get_user_avatar_url( '', 'original' ); $val->profile_pic_normal = um_get_user_avatar_url( '', 200 ); $val->profile_pic_small = um_get_user_avatar_url( '', 40 ); $val->cover_photo = $this->getsrc( um_user( 'cover_photo', 1000 ) ); /** This filter is documented in includes/core/rest/class-api-v1.php */ $response = apply_filters( 'um_rest_userdata', $val, $user->ID ); } } return $response; } /** * Get source * * @param $image * * @return string */ public function getsrc( $image ) { if ( preg_match( '/query_vars['format'] ) ? $wp_query->query_vars['format'] : 'json'; /** * Filters the REST API output format. JSON by default. * * @param {string} $format REST API output format. * * @return {string} REST API output format. * * @since 1.3.x * @hook um_api_output_format * * @example Changing the REST API output format. * function my_custom_um_api_output_format( $format ) { * // your code here * $format = 'xml'; * return $format; * } * add_filter( 'um_api_output_format', 'my_custom_um_api_output_format' ); */ return apply_filters( 'um_api_output_format', $format ); } } }