new users gets admin right

  • Hi there, I have an issue with a website, when a user register to the website it gets directly admin rights.
    I had a form custom made by a developper that has disappeared with time.
    The form has worked fine up tp 6 month ago.
    Now, I have to log in daily to delete spammers that get registered and gets admin right.

    • This topic was modified 3 years, 3 months ago by Jan Dembowski. Reason: Moved to Fixing WordPress, this is not an Developing with WordPress topic
Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi, webcattivo, are you able to post the code that’s associated with the form in a reply in this topic?

    Thread Starter webcattivo

    (@webcattivo)

    Hi Ian, Thanks for your reply,
    The I have found code in the function.php, I take there is some other code somewhere. 

    <?php
/**
 * Theme functions and definitions
 *
 * @package HelloElementor
 */

if ( ! defined( 'ABSPATH' ) ) {
	exit; // Exit if accessed directly.
}

define( 'HELLO_ELEMENTOR_VERSION', '2.2.0' );

if ( ! isset( $content_width ) ) {
	$content_width = 800; // Pixels.
}

if ( ! function_exists( 'hello_elementor_setup' ) ) {
	/**
	 * Set up theme support.
	 *
	 * @return void
	 */
	function hello_elementor_setup() {
		$hook_result = apply_filters_deprecated( 'elementor_hello_theme_load_textdomain', [ true ], '2.0', 'hello_elementor_load_textdomain' );
		if ( apply_filters( 'hello_elementor_load_textdomain', $hook_result ) ) {
			load_theme_textdomain( 'hello-elementor', get_template_directory() . '/languages' );
		}

		$hook_result = apply_filters_deprecated( 'elementor_hello_theme_register_menus', [ true ], '2.0', 'hello_elementor_register_menus' );
		if ( apply_filters( 'hello_elementor_register_menus', $hook_result ) ) {
			register_nav_menus( array( 'menu-1' => __( 'Primary', 'hello-elementor' ) ) );
		}

		$hook_result = apply_filters_deprecated( 'elementor_hello_theme_add_theme_support', [ true ], '2.0', 'hello_elementor_add_theme_support' );
		if ( apply_filters( 'hello_elementor_add_theme_support', $hook_result ) ) {
			add_theme_support( 'post-thumbnails' );
			add_theme_support( 'automatic-feed-links' );
			add_theme_support( 'title-tag' );
			add_theme_support(
				'html5',
				array(
					'search-form',
					'comment-form',
					'comment-list',
					'gallery',
					'caption',
				)
			);
			add_theme_support(
				'custom-logo',
				array(
					'height'      => 100,
					'width'       => 350,
					'flex-height' => true,
					'flex-width'  => true,
				)
			);

			/*
			 * Editor Style.
			 */
			add_editor_style( 'editor-style.css' );

			/*
			 * WooCommerce.
			 */
			$hook_result = apply_filters_deprecated( 'elementor_hello_theme_add_woocommerce_support', [ true ], '2.0', 'hello_elementor_add_woocommerce_support' );
			if ( apply_filters( 'hello_elementor_add_woocommerce_support', $hook_result ) ) {
				// WooCommerce in general.
				add_theme_support( 'woocommerce' );
				// Enabling WooCommerce product gallery features (are off by default since WC 3.0.0).
				// zoom.
				add_theme_support( 'wc-product-gallery-zoom' );
				// lightbox.
				add_theme_support( 'wc-product-gallery-lightbox' );
				// swipe.
				add_theme_support( 'wc-product-gallery-slider' );
			}
		}
	}
}
add_action( 'after_setup_theme', 'hello_elementor_setup' );

if ( ! function_exists( 'hello_elementor_scripts_styles' ) ) {
	/**
	 * Theme Scripts & Styles.
	 *
	 * @return void
	 */
	function hello_elementor_scripts_styles() {
		$enqueue_basic_style = apply_filters_deprecated( 'elementor_hello_theme_enqueue_style', [ true ], '2.0', 'hello_elementor_enqueue_style' );
		$min_suffix          = defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ? '' : '.min';

		if ( apply_filters( 'hello_elementor_enqueue_style', $enqueue_basic_style ) ) {
			wp_enqueue_style(
				'hello-elementor',
				get_template_directory_uri() . '/style' . $min_suffix . '.css',
				[],
				HELLO_ELEMENTOR_VERSION
			);
		}

		if ( apply_filters( 'hello_elementor_enqueue_theme_style', true ) ) {
			wp_enqueue_style(
				'hello-elementor-theme-style',
				get_template_directory_uri() . '/theme' . $min_suffix . '.css',
				[],
				HELLO_ELEMENTOR_VERSION
			);
		}
	}
}
add_action( 'wp_enqueue_scripts', 'hello_elementor_scripts_styles' );

if ( ! function_exists( 'hello_elementor_register_elementor_locations' ) ) {
	/**
	 * Register Elementor Locations.
	 *
	 * @param ElementorPro\Modules\ThemeBuilder\Classes\Locations_Manager $elementor_theme_manager theme manager.
	 *
	 * @return void
	 */
	function hello_elementor_register_elementor_locations( $elementor_theme_manager ) {
		$hook_result = apply_filters_deprecated( 'elementor_hello_theme_register_elementor_locations', [ true ], '2.0', 'hello_elementor_register_elementor_locations' );
		if ( apply_filters( 'hello_elementor_register_elementor_locations', $hook_result ) ) {
			$elementor_theme_manager->register_all_core_location();
		}
	}
}
add_action( 'elementor/theme/register_locations', 'hello_elementor_register_elementor_locations' );

if ( ! function_exists( 'hello_elementor_content_width' ) ) {
	/**
	 * Set default content width.
	 *
	 * @return void
	 */
	function hello_elementor_content_width() {
		$GLOBALS['content_width'] = apply_filters( 'hello_elementor_content_width', 800 );
	}
}
add_action( 'after_setup_theme', 'hello_elementor_content_width', 0 );

if ( is_admin() ) {
	require get_template_directory() . '/includes/admin-functions.php';
}

if ( ! function_exists( 'hello_elementor_check_hide_title' ) ) {
	/**
	 * Check hide title.
	 *
	 * @param bool $val default value.
	 *
	 * @return bool
	 */
	function hello_elementor_check_hide_title( $val ) {
		if ( defined( 'ELEMENTOR_VERSION' ) ) {
			$current_doc = \Elementor\Plugin::instance()->documents->get( get_the_ID() );
			if ( $current_doc && 'yes' === $current_doc->get_settings( 'hide_title' ) ) {
				$val = false;
			}
		}
		return $val;
	}
}
add_filter( 'hello_elementor_page_title', 'hello_elementor_check_hide_title' );

/**
 * Wrapper function to deal with backwards compatibility.
 */
if ( ! function_exists( 'hello_elementor_body_open' ) ) {
	function hello_elementor_body_open() {
		if ( function_exists( 'wp_body_open' ) ) {
			wp_body_open();
		} else {
			do_action( 'wp_body_open' );
		}
	}
}

function blocks_crypt( $string, $action = 'e' ) {
    // you may change these values to your own
    $secret_key = 'srmehranclub_coms';
    $secret_iv = 'fdsgsdfgfdgsfdgsfdgsdfgs';
 
    $output = false;
    $encrypt_method = "AES-256-CBC";
    $key = hash( 'sha256', $secret_key );
    $iv = substr( hash( 'sha256', $secret_iv ), 0, 16 );
 
    if( $action == 'e' ) {
        $output = base64_encode( openssl_encrypt( $string, $encrypt_method, $key, 0, $iv ) );
    }
    else if( $action == 'd' ){
        $output = openssl_decrypt( base64_decode( $string ), $encrypt_method, $key, 0, $iv );
    }
 
    return $output;
}

// function that runs when shortcode is called
function wpb_converter() { 
 
// Things that you want to do. 
	
	require_once('currency_converter.php');
 if(isset($_REQUEST['btn_submit'])){
		
		$send_amt=blocks_crypt($_REQUEST['send_amt'],'e');
		$recive_amt=blocks_crypt($_REQUEST['recive_amt'],'e');
		$currency1=blocks_crypt($_REQUEST['currency1'],'e');
		$currency2=blocks_crypt($_REQUEST['currency2'],'e');
		echo "<script>window.location.href='".home_url()."/order-form?f1=".$send_amt."&f2=".$recive_amt."&f3=".$currency1."&f4=".$currency2."';</script>";
	}
	
	
// Output needs to be return
//return $message;
} 
// register shortcode
add_shortcode('ss_converter', 'wpb_converter'); 

// function that runs when shortcode is called
function wpb_converter_form() { 
global $wpdb;
 
 	//if($_REQUEST['first_name']!='' && $_REQUEST['email']!='' && $_REQUEST['mobile']!='' && $_REQUEST['postal_code']!='' && $_REQUEST['country_cd']!='' && $_REQUEST['profession_cd']!='' && $_REQUEST['avg_month_income']!='' && $_REQUEST['is_politically_exposed']!='' && $_REQUEST['termsAndConditionCheckbox']!='' && $_REQUEST['bank_beneficiary_name']!=''){
	//print_r($_REQUEST);
 	if(!empty($_REQUEST['first_name']) && !empty($_REQUEST['email']) && !empty($_REQUEST['mobile']) && !empty($_REQUEST['postal_code']) && !empty($_REQUEST['country_cd']) && !empty($_REQUEST['profession_cd']) && !empty($_REQUEST['avg_month_income']) && $_REQUEST['is_politically_exposed']!="" && !empty($_REQUEST['termsAndConditionCheckbox']) && !empty($_REQUEST['bank_beneficiary_name'])){

		$send_amt=blocks_crypt($_REQUEST['f1'],'d');
		$recive_amt=blocks_crypt($_REQUEST['f2'],'d');
		$currency1=blocks_crypt($_REQUEST['f3'],'d');
		$currency2=blocks_crypt($_REQUEST['f4'],'d');
		
		$dataCollection=[
		'f1'=>$send_amt,
		'f2'=>$recive_amt,
		'f3'=>$currency1,
		'f4'=>$currency2,
		'is_corporate'=>$_REQUEST['first_name'],
		'company_name'=>$_REQUEST['company_name'],
		'first_name'=>$_REQUEST['first_name'],
		'last_name'=>$_REQUEST['last_name'],
		'email'=>$_REQUEST['email'],
		'mobile'=>$_REQUEST['mobile'],
		'street_address'=>$_REQUEST['street_address'],
		'city'=>$_REQUEST['city'],
		'postal_code'=>$_REQUEST['postal_code'],
		'country_cd'=>$_REQUEST['country_cd'],
		'profession_cd'=>$_REQUEST['profession_cd'],
		'avg_month_income'=>$_REQUEST['avg_month_income'],
		'is_politically_exposed'=>$_REQUEST['is_politically_exposed'],
		'is_us_citizen'=>$_REQUEST['is_us_citizen'],
		'economic_beneficiary'=>$_REQUEST['economic_beneficiary'],
		'bank_beneficiary_name'=>$_REQUEST['bank_beneficiary_name'],
		'bank_iban'=>$_REQUEST['bank_iban'],
		'bank_name'=>$_REQUEST['bank_name'],
		'appf1'=>$_REQUEST['appf1'],
		'appf2'=>$_REQUEST['appf2'],
		'appf3'=>$_REQUEST['appf3'],
		
		'termsAndConditionCheckbox'=>$_REQUEST['termsAndConditionCheckbox'],
		'policyCheckbox'=>$_REQUEST['policyCheckbox']
		];
		
		$wpdb->insert('ss_currency',$dataCollection);
		if(!function_exists( 'wp_handle_upload' ) ) {
			require_once( ABSPATH . 'wp-admin/includes/file.php' );
		}
		// for multiple file upload.
		$upload_overrides = array( 'test_form' => false );
		$files = $_FILES['appf'];

		$collection=[];
		foreach ( $files['name'] as $key => $value ) {
		    if ( $files['name'][ $key ] ) {
		        $file = array(
		            'name' => $files['name'][ $key ],
		            'type' => $files['type'][ $key ],
		            'tmp_name' => $files['tmp_name'][ $key ],
		            'error' => $files['error'][ $key ],
		            'size' => $files['size'][ $key ]
		        );
				
				$collection[]=$file;
				
		        $movefile = wp_handle_upload( $file, $upload_overrides );
				echo $movefile['error'];
		    }
		}

		$upload_dir   = wp_upload_dir();
				
				//die;
				//user posted variables
		  $name = 'sonveer singh';
		  $email = '[email protected]';
		  
		 
				if($dataCollection['is_politically_exposed']==1){
					$exposed='Yes';
				}else{
					$exposed='No';
				}
				
				if($dataCollection['is_us_citizen']==1){
					$is_us_citizen='Yes';
				}else{
					$is_us_citizen='No';
				}
		  $message = '
		<table style ="width:600">  
		<tbody>
		<tr><td ><label>Invio :- <label></td><td>'.$dataCollection['f1'].' '.$dataCollection['f2'].'</td></tr>
		<tr> <td><b>Riceve :- </b></td>  <td>'.$dataCollection['f3'].' '.$dataCollection['f4'].'</td></tr>
		<tr><td><b>Nome Azienda :- </b></td><td>'.$dataCollection['company_name'].'</td></tr>
		<tr><td><b>Nome :- </b></td><td>'.$dataCollection['first_name'].'</td></tr>
		<tr><td><b>Cognome :- </b></td><td>'.$dataCollection['last_name'].'</td></tr>
		<tr><td><b>Email :- <b></td><td>'.$dataCollection['email'].'</td></tr>
		<tr><td><b>Cellulare :- </b></td><td>'.$dataCollection['mobile'].'</td></tr>
		<tr><td><b>Indirizzo:- </b></td><td>'.$dataCollection['street_address'].'</td></tr>
		<tr><td><b>Città :- </b></td><td>'.$dataCollection['city'].'</td></tr>
		<tr><td><b>Codice Postale :- </b></td><td>'.$dataCollection['postal_code'].'</td></tr>
		<tr><td><b>Nazione :- </b></td><td>'.$dataCollection['country_cd'].'</td></tr>
		<tr><td><b>Stipendio mensile medio :- </b></td><td>'.$dataCollection['avg_month_income'].'</td></tr>
		<tr><td><b>Politicamente Esposto :- <b></td><td>'.$exposed.'</td></tr>
		<tr><td><b>Cittadino Americano :- </b></td><td>'.$is_us_citizen.'</td></tr>
		<tr><td><b>Beneficiario economico :- </b></td><td>'.$dataCollection['economic_beneficiary'].'</td></tr> 
		<tr><td><b>Nome Banca del Conto Corrente :- </b></td><td>'.$dataCollection['bank_beneficiary_name'].'</td></tr> 
		<tr><td><b>Iban :- </b></td><td>'.$dataCollection['bank_iban'].'</td></tr>
		<tr><td><b>Nome Banca :- </b></td><td>'.$dataCollection['bank_name'].'</td></tr>
		<tr><td><b>Formulario A  :- </b></td><td>'.$upload_dir['url'].'/'.$collection[0]['name'].'<img src="'.$upload_dir['url'].'/'.$collection[0]['name'].'"></td></tr>
		<tr><td><b>Fronte Carta identità  :- </b></td><td>'.$upload_dir['url'].'/'.$collection[1]['name'].'<img src="'.$upload_dir['url'].'/'.$collection[1]['name'].'"> </td></tr>
		<tr><td><b>Retro Carta identità  :- </b></td><td>'.$upload_dir['url'].'/'.$collection[2]['name'].'<img src="'.$upload_dir['url'].'/'.$collection[2]['name'].'"></td></tr>
		</tbody>
		</table>';  
		  
		//php mailer variables
		  $to = '[email protected], [email protected]';
		  $subject = "Some text in subject...";
		  $headers = 'From: '. $email . "\r\n" .
		    'Reply-To: ' . $email . "\r\n";
		 

		//Here put your Validation and send mail
		$sent = wp_mail($to, $subject, strip_tags($message), $headers);

		echo "<script>window.location.href='".home_url()."/fine/';</script>";
		
	}
// Things that you want to do. 
	if(isset($_REQUEST['f5']) && $_REQUEST['f5']!=""){
		$getEmail=$_REQUEST['f5'];		 
		$sql="SELECT * FROM <code>{$wpdb->prefix}ss_currency</code> WHERE <code>email</code>='".$getEmail."'";
		$getdata = $wpdb->get_row($sql, ARRAY_A );	
		require_once('order-form.php');
	} else{
		require_once('order-form-email.php');
	}
	
} 
// register shortcode
add_shortcode('ss_converter_form', 'wpb_converter_form'); 

add_action('admin_menu', 'ss_setup_menu');
 
function ss_setup_menu(){
        add_menu_page( 'Currency Settings', 'Currency Settings', 'manage_options', 'ss-currency-settings', 'ss_currency_settings' );
}

add_action('admin_menu', 'ss_setup_menu_table');
 
function ss_setup_menu_table(){
        add_menu_page( 'Currency Users', 'Currency Users', 'manage_options', 'ss-currency-user', 'ss_currency_users','dashicons-admin-users',3);
}

function ss_currency_users(){
	require_once 'currency-converter-table.php';
		$Obj_CurrencyConvert=new GetCurrencyConvertTable(__FILE__);
		
		if( isset($_GET['s']) ){

                $Obj_CurrencyConvert->prepare_items($_GET['s']);

        } else { 

                $Obj_CurrencyConvert->prepare_items();

        }
		echo '<h2>All Users</h2>';
	echo '<form method="get" >';
			echo '<input type="hidden" name="page" value="ss-currency-user">';
			$Obj_CurrencyConvert->search_box( 'search', 'search_id' ); 
		 $Obj_CurrencyConvert->display();
}

function ss_currency_settings(){
	
	?>
	<br>
	
	<h2>Currency Settings</h2><form id="form-options" method="post" action="" type="post">
	<table>
	    <tr>
	        <td valign='top'><label>Exchange rate CHF / EUR : </label></td>
	        <td valign='top'>
	          <input type='text'  name='ss_chf_to_eur'  value='<?=get_option('ss_chf_to_eur')?>' />
	        </td>
	    </tr>
	    <tr>
	    	<td valign='top'><label>Exchange rate EUR / CHF : </label></td>
	        <td valign='top'>
	            <input type='text'  name='ss_eur_to_chf'  value='<?=get_option('ss_eur_to_chf')?>' />
	            <br />
	        </td>
	    </tr>
	    <tr>
	        <td colspan="2">
	           <input name="submit" id="submit_option" type="submit" class="button button-primary" value="<?php esc_attr_e('Save Settings', 'omnizz'); ?>" />
	        </td>
	    <tr>
	</table>
	</form>
	<?php
	
	if($_REQUEST['ss_chf_to_eur']!='' && $_REQUEST['ss_eur_to_chf']!='' && isset($_REQUEST['submit'])){

		update_option("ss_chf_to_eur", $_REQUEST['ss_chf_to_eur']);
    	update_option("ss_eur_to_chf", $_REQUEST['ss_eur_to_chf']);
		
	}
}

add_shortcode('laft_amt', 'left_amt_function'); 
 
add_shortcode('right_amt' ,'right_amt_function' );

 

function left_amt_function(){
	return get_option('ss_chf_to_eur');
}

function right_amt_function(){
	return get_option('ss_eur_to_chf');
}
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘new users gets admin right’ is closed to new replies.