WordPress Plugin Changes (#560)

* Major refactoring of WordPress plugin. Removed ancient specialActionHandler method from caller as plugins should use OWA's endpoints.

* Adding prompt to set password for auto-created admin user. Moving reporting access out of WordPRess endpoint and into iFrame.

Co-authored-by: Peter Adams <peter@oncefuture.com>

modules/base/templates/users_change_password.tpl

@@ -17,6 +17,9 @@
                 <INPUT class="owa_largeFormField" type="password" size="20" name="<?php echo $this->getNs();?>password"><BR><BR>
                 <div class="inline_h2">Re-type your Password</div>
                 <INPUT class="owa_largeFormField" type="password" size="20" name="<?php echo $this->getNs();?>password2"><BR><BR>
+                <?php if ( $is_embedded ) {?>
+		        <input type="hidden" name="<?php echo $this->getNs();?>is_embedded" value="<?php echo $is_embedded;?>">                
+                <?php } ?>
                 <input type="hidden" name="<?php echo $this->getNs();?>k" value="<?php echo $key;?>">
                 <input name="<?php echo $this->getNs();?>action" value="base.usersChangePassword" type="hidden">
                 <INPUT class="owa_largeFormField" type="submit" size="" name="<?php echo $this->getNs();?>submit_btn" value="Save Your New Password">

modules/base/usersChangePassword.php

@@ -51,14 +51,21 @@ public function validate()
     }
 
     function action() {
-
-        $auth = &owa_auth::get_instance();
+
+		// needed for old style embedded install migration
+		if ( $this->getParam('is_embedded') ) {
+
+			owa_coreAPI::setSetting('base', 'is_embedded', true);
+		}
+
+
+        $auth = owa_auth::get_instance();
         $status = $auth->authenticateUserTempPasskey($this->params['k']);
 
         // log to event queue
         if ($status === true) {
             $ed = owa_coreAPI::getEventDispatch();
-            $new_password = array('key' => $this->params['k'], 'password' => $this->params['password'], 'ip' => $_SERVER['REMOTE_ADDR']);
+            $new_password = array('key' => $this->params['k'], 'password' => $this->params['password'], 'ip' => $_SERVER['REMOTE_ADDR'], 'user_id' => $auth->u->get('user_id'));
             $ed->log($new_password, 'base.set_password');
             $auth->deleteCredentials();
             $this->setRedirectAction('base.loginForm');

modules/base/usersPasswordEntry.php

@@ -44,7 +44,9 @@ function action() {
 
         $this->set('key', $this->getParam('k'));
         $this->setView('base.usersPasswordEntry');
-        return;
+
+        // needed for old style embedded install migration
+         $this->set('is_embedded', $this->getParam('is_embedded'));
     }
 
 
@@ -74,9 +76,11 @@ function __construct() {
     function render($data) {
 
         $this->t->set_template('wrapper_public.tpl');
+        $this->t->set('page_title', 'OWA Password Entry'); 
         $this->body->set_template('users_change_password.tpl');
         $this->body->set('headline', $this->getMsg(3005));
         $this->body->set('key', $this->get('key'));
+        $this->body->set('is_embedded', $this->get('is_embedded'));
     }
 }
 

modules/base/usersSetPassword.php

@@ -50,16 +50,25 @@ function action() {
         $u = $userManager->updateUserPassword([
             'temp_passkey' => $event->get('key'),
             'password' => $event->get('password'),
+            'user_id'  => $event->get('user_id')
         ]);
+        // needed for migration away from old embedded install model
+        owa_coreAPI::debug('setting migration flag...'. owa_coreAPI::getSetting('base', 'is_embedded') );
+        if ( $u && owa_coreAPI::getSetting('base', 'is_embedded') ) {
+				owa_coreAPI::debug('setting migration flag...');	        
+	        	owa_coreAPI::setSetting('base', 'is_embedded_admin_user_password_reset', true, true);
+		}
 
         if ($u !== false) {
             $data['view'] = 'base.usersSetPassword';
             $data['view_method'] = 'email';
             $data['ip'] = $event->get('ip');
             $data['subject'] = 'Password Change Complete';
             $data['email_address'] = $u->get('email_address');
+
+
         }
-
+        
         return $data;
     }
 

owa_caller.php

@@ -219,41 +219,13 @@ function handleRequest($caller_params = null, $action = '') {
 
     }
 
-    function handleSpecialActionRequest() {
-
-        if(isset($_GET['owa_specialAction'])):
-            $this->e->debug("special action received");
-            echo $this->handleRequestFromUrl();
-            $this->e->debug("special action complete");
-            exit;
-        elseif(isset($_GET['owa_logAction'])):
-            $this->e->debug("log action received");
-            $this->config['delay_first_hit'] = false;
-            $this->c->set('base', 'delay_first_hit', false);
-            echo $this->logEventFromUrl();
-            exit;
-        elseif(isset($_GET['owa_apiAction'])):
-            $this->e->debug("api action received");
-            define('OWA_API', true);
-            // lookup method class
-            echo $this->handleRequest('', 'base.apiRequest');
-            exit;
-        else:
-            owa_coreAPI::debug('hello from special action request method in caller. no action to do.');
-            return;
-        endif;
-
-    }
-
     function __destruct() {
 
         $this->end_time = owa_lib::microtime_float();
         $total_time = $this->end_time - $this->start_time;
         $this->e->debug(sprintf('Total session time: %s',$total_time));
-        $this->e->debug("goodbye from OWA");
+        $this->e->debug("Goodbye from OWA");
         owa_coreAPI::profileDisplay();
-
-        return;
     }
 
     function setSetting($module, $name, $value) {