* @package WooCommerce\Classes\
use Automattic\WooCommerce\Enums\OrderStatus;
use Automattic\WooCommerce\Enums\PaymentGatewayFeature;
use Automattic\WooCommerce\Enums\ProductType;
defined( 'ABSPATH' ) || exit;
public static function init() {
add_action( 'template_redirect', array( __CLASS__, 'redirect_reset_password_link' ) );
add_action( 'template_redirect', array( __CLASS__, 'save_address' ) );
add_action( 'template_redirect', array( __CLASS__, 'save_account_details' ) );
add_action( 'wp_loaded', array( __CLASS__, 'checkout_action' ), 20 );
add_action( 'wp_loaded', array( __CLASS__, 'process_login' ), 20 );
add_action( 'wp_loaded', array( __CLASS__, 'process_registration' ), 20 );
add_action( 'wp_loaded', array( __CLASS__, 'process_lost_password' ), 20 );
add_action( 'wp_loaded', array( __CLASS__, 'process_reset_password' ), 20 );
add_action( 'wp_loaded', array( __CLASS__, 'cancel_order' ), 20 );
add_action( 'wp_loaded', array( __CLASS__, 'update_cart_action' ), 20 );
add_action( 'wp_loaded', array( __CLASS__, 'add_to_cart_action' ), 20 );
// May need $wp global to access query vars.
add_action( 'wp', array( __CLASS__, 'pay_action' ), 20 );
add_action( 'wp', array( __CLASS__, 'add_payment_method_action' ), 20 );
add_action( 'wp', array( __CLASS__, 'delete_payment_method_action' ), 20 );
add_action( 'wp', array( __CLASS__, 'set_default_payment_method_action' ), 20 );
* Remove key and user ID (or user login, as a fallback) from query string, set cookie, and redirect to account page to show the form.
public static function redirect_reset_password_link() {
if ( is_account_page() && isset( $_GET['key'] ) && ( isset( $_GET['id'] ) || isset( $_GET['login'] ) ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
// If available, get $user_id from query string parameter for fallback purposes.
if ( isset( $_GET['login'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
$user = get_user_by( 'login', sanitize_user( wp_unslash( $_GET['login'] ) ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
$user_id = $user ? $user->ID : 0;
$user_id = absint( $_GET['id'] ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
// If the reset token is not for the current user, ignore the reset request (don't redirect).
$logged_in_user_id = get_current_user_id();
if ( $logged_in_user_id && $logged_in_user_id !== $user_id ) {
wc_add_notice( __( 'This password reset key is for a different user account. Please log out and try again.', 'woocommerce' ), 'error' );
$action = isset( $_GET['action'] ) ? sanitize_text_field( wp_unslash( $_GET['action'] ) ) : '';
$value = sprintf( '%d:%s', $user_id, wp_unslash( $_GET['key'] ) ); // phpcs:ignore
WC_Shortcode_My_Account::set_reset_password_cookie( $value );
'show-reset-form' => 'true',
* Save and and update a billing or shipping address if the
* form was submitted through the user account page.
public static function save_address() {
$nonce_value = wc_get_var( $_REQUEST['woocommerce-edit-address-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
if ( ! wp_verify_nonce( $nonce_value, 'woocommerce-edit_address' ) ) {
if ( empty( $_POST['action'] ) || 'edit_address' !== $_POST['action'] ) {
$user_id = get_current_user_id();
$customer = new WC_Customer( $user_id );
$address_type = isset( $wp->query_vars['edit-address'] ) ? wc_edit_address_i18n( sanitize_title( $wp->query_vars['edit-address'] ), true ) : 'billing';
if ( ! isset( $_POST[ $address_type . '_country' ] ) ) {
$address = WC()->countries->get_address_fields( wc_clean( wp_unslash( $_POST[ $address_type . '_country' ] ) ), $address_type . '_' );
foreach ( $address as $key => $field ) {
if ( ! isset( $field['type'] ) ) {
if ( 'checkbox' === $field['type'] ) {
$value = (int) isset( $_POST[ $key ] );
$value = isset( $_POST[ $key ] ) ? wc_clean( wp_unslash( $_POST[ $key ] ) ) : '';
// Hook to allow modification of value.
$value = apply_filters( 'woocommerce_process_myaccount_field_' . $key, $value );
// Validation: Required fields.
if ( ! empty( $field['required'] ) && empty( $value ) ) {
/* translators: %s: Field name. */
wc_add_notice( sprintf( __( '%s is a required field.', 'woocommerce' ), $field['label'] ), 'error', array( 'id' => $key ) );
if ( ! empty( $value ) ) {
// Validation and formatting rules.
if ( ! empty( $field['validate'] ) && is_array( $field['validate'] ) ) {
foreach ( $field['validate'] as $rule ) {
$country = wc_clean( wp_unslash( $_POST[ $address_type . '_country' ] ) );
$value = wc_format_postcode( $value, $country );
if ( '' !== $value && ! WC_Validation::is_postcode( $value, $country ) ) {
$postcode_validation_notice = __( 'Please enter a valid Eircode.', 'woocommerce' );
$postcode_validation_notice = __( 'Please enter a valid postcode / ZIP.', 'woocommerce' );
wc_add_notice( $postcode_validation_notice, 'error' );
if ( '' !== $value && ! WC_Validation::is_phone( $value ) ) {
/* translators: %s: Phone number. */
wc_add_notice( sprintf( __( '%s is not a valid phone number.', 'woocommerce' ), '<strong>' . $field['label'] . '</strong>' ), 'error' );
$value = strtolower( $value );
if ( ! is_email( $value ) ) {
/* translators: %s: Email address. */
wc_add_notice( sprintf( __( '%s is not a valid email address.', 'woocommerce' ), '<strong>' . $field['label'] . '</strong>' ), 'error' );
// Set prop in customer object.
if ( is_callable( array( $customer, "set_$key" ) ) ) {
$customer->{"set_$key"}( $value );
$customer->update_meta_data( $key, $value );
} catch ( WC_Data_Exception $e ) {
// Set notices. Ignore invalid billing email, since is already validated.
if ( 'customer_invalid_billing_email' !== $e->getErrorCode() ) {
wc_add_notice( $e->getMessage(), 'error' );
* Hook: woocommerce_after_save_address_validation.
* Allow developers to add custom validation logic and throw an error to prevent save.
* @param int $user_id User ID being saved.
* @param string $address_type Type of address; 'billing' or 'shipping'.
* @param array $address The address fields.
* @param WC_Customer $customer The customer object being saved.
do_action( 'woocommerce_after_save_address_validation', $user_id, $address_type, $address, $customer );
if ( 0 < wc_notice_count( 'error' ) ) {
* Hook: woocommerce_customer_save_address.
* Fires after a customer address has been saved.
* @param int $user_id User ID being saved.
* @param string $address_type Type of address; 'billing' or 'shipping'.
* @param array $address The address fields. Since 9.8.0.
* @param WC_Customer $customer The customer object being saved. Since 9.8.0.
do_action( 'woocommerce_customer_save_address', $user_id, $address_type, $address, $customer );
if ( 0 < wc_notice_count( 'error' ) ) {
wc_add_notice( __( 'Address changed successfully.', 'woocommerce' ) );
wp_safe_redirect( wc_get_endpoint_url( 'edit-address', '', wc_get_page_permalink( 'myaccount' ) ) );
* Save the password/account details and redirect back to the my account page.
public static function save_account_details() {
$nonce_value = wc_get_var( $_REQUEST['save-account-details-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
if ( ! wp_verify_nonce( $nonce_value, 'save_account_details' ) ) {
if ( empty( $_POST['action'] ) || 'save_account_details' !== $_POST['action'] ) {
$user_id = get_current_user_id();
$account_first_name = ! empty( $_POST['account_first_name'] ) ? wc_clean( wp_unslash( $_POST['account_first_name'] ) ) : '';
$account_last_name = ! empty( $_POST['account_last_name'] ) ? wc_clean( wp_unslash( $_POST['account_last_name'] ) ) : '';
$account_display_name = ! empty( $_POST['account_display_name'] ) ? wc_clean( wp_unslash( $_POST['account_display_name'] ) ) : '';
$account_email = ! empty( $_POST['account_email'] ) ? wc_clean( wp_unslash( $_POST['account_email'] ) ) : '';
$pass_cur = ! empty( $_POST['password_current'] ) ? $_POST['password_current'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
$pass1 = ! empty( $_POST['password_1'] ) ? $_POST['password_1'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
$pass2 = ! empty( $_POST['password_2'] ) ? $_POST['password_2'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
$current_user = get_user_by( 'id', $user_id );
$current_first_name = $current_user->first_name;
$current_last_name = $current_user->last_name;
$current_email = $current_user->user_email;
$user->first_name = $account_first_name;
$user->last_name = $account_last_name;
$user->display_name = $account_display_name;
// Prevent display name to be changed to email.
if ( is_email( $account_display_name ) ) {
wc_add_notice( __( 'Display name cannot be changed to email address due to privacy concern.', 'woocommerce' ), 'error' );
// Handle required fields.
$required_fields = apply_filters(
'woocommerce_save_account_details_required_fields',
'account_first_name' => __( 'First name', 'woocommerce' ),
'account_last_name' => __( 'Last name', 'woocommerce' ),
'account_display_name' => __( 'Display name', 'woocommerce' ),
'account_email' => __( 'Email address', 'woocommerce' ),
foreach ( $required_fields as $field_key => $field_name ) {
if ( empty( $_POST[ $field_key ] ) ) {
/* translators: %s: Field name. */
wc_add_notice( sprintf( __( '%s is a required field.', 'woocommerce' ), '<strong>' . esc_html( $field_name ) . '</strong>' ), 'error', array( 'id' => $field_key ) );
$account_email = sanitize_email( $account_email );
if ( ! is_email( $account_email ) ) {
wc_add_notice( __( 'Please provide a valid email address.', 'woocommerce' ), 'error' );
} elseif ( email_exists( $account_email ) && $account_email !== $current_user->user_email ) {
wc_add_notice( __( 'This email address is already registered.', 'woocommerce' ), 'error' );
$user->user_email = $account_email;
if ( ! empty( $pass_cur ) && empty( $pass1 ) && empty( $pass2 ) ) {
wc_add_notice( __( 'Please fill out all password fields.', 'woocommerce' ), 'error' );
} elseif ( ! empty( $pass1 ) && empty( $pass_cur ) ) {
wc_add_notice( __( 'Please enter your current password.', 'woocommerce' ), 'error' );
} elseif ( ! empty( $pass1 ) && empty( $pass2 ) ) {
wc_add_notice( __( 'Please re-enter your password.', 'woocommerce' ), 'error' );
} elseif ( ( ! empty( $pass1 ) || ! empty( $pass2 ) ) && $pass1 !== $pass2 ) {
wc_add_notice( __( 'New passwords do not match.', 'woocommerce' ), 'error' );
} elseif ( ! empty( $pass1 ) && ! wp_check_password( $pass_cur, $current_user->user_pass, $current_user->ID ) ) {
wc_add_notice( __( 'Your current password is incorrect.', 'woocommerce' ), 'error' );
if ( $pass1 && $save_pass ) {
$user->user_pass = $pass1;
// Allow plugins to return their own errors.
$errors = new WP_Error();
do_action_ref_array( 'woocommerce_save_account_details_errors', array( &$errors, &$user ) );
if ( $errors->get_error_messages() ) {
foreach ( $errors->get_error_messages() as $error ) {
wc_add_notice( $error, 'error' );
if ( wc_notice_count( 'error' ) === 0 ) {
// Update customer object to keep data in sync.
$customer = new WC_Customer( $user->ID );
// Keep billing data in sync if data changed.
if ( isset( $user->user_email ) && is_email( $user->user_email ) && $current_email !== $user->user_email ) {
$customer->set_billing_email( $user->user_email );
if ( $current_first_name !== $user->first_name ) {
$customer->set_billing_first_name( $user->first_name );
if ( $current_last_name !== $user->last_name ) {
$customer->set_billing_last_name( $user->last_name );
} catch ( WC_Data_Exception $e ) {
// These error messages are already translated.
wc_add_notice( $e->getMessage(), 'error' );
} catch ( \Exception $e ) {
/* translators: %s: Error message. */
__( 'An error occurred while saving account details: %s', 'woocommerce' ),
esc_html( $e->getMessage() )
* Hook: woocommerce_save_account_details.
* @param int $user_id User ID being saved.
do_action( 'woocommerce_save_account_details', $user->ID );
// Notices are checked here so that if something created a notice during the save hooks above, the redirect will not happen.
if ( 0 === wc_notice_count( 'error' ) ) {
wc_add_notice( __( 'Account details changed successfully.', 'woocommerce' ) );
wp_safe_redirect( wc_get_endpoint_url( 'edit-account', '', wc_get_page_permalink( 'myaccount' ) ) );
* Process the checkout form.
public static function checkout_action() {
if ( isset( $_POST['woocommerce_checkout_place_order'] ) || isset( $_POST['woocommerce_checkout_update_totals'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
if ( WC()->cart->is_empty() ) {
wp_safe_redirect( wc_get_cart_url() );
wc_maybe_define_constant( 'WOOCOMMERCE_CHECKOUT', true );
WC()->checkout()->process_checkout();
* @throws Exception On payment error.
public static function pay_action() {
if ( isset( $_POST['woocommerce_pay'], $_GET['key'] ) ) {
$nonce_value = wc_get_var( $_REQUEST['woocommerce-pay-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
if ( ! wp_verify_nonce( $nonce_value, 'woocommerce-pay' ) ) {
// Pay for existing order.
$order_key = wp_unslash( $_GET['key'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
$order_id = absint( $wp->query_vars['order-pay'] );
$order = wc_get_order( $order_id );
if ( $order_id === $order->get_id() && hash_equals( $order->get_order_key(), $order_key ) && $order->needs_payment() ) {
do_action( 'woocommerce_before_pay_action', $order );
WC()->customer->set_props(
'billing_country' => $order->get_billing_country() ? $order->get_billing_country() : null,
'billing_state' => $order->get_billing_state() ? $order->get_billing_state() : null,
'billing_postcode' => $order->get_billing_postcode() ? $order->get_billing_postcode() : null,
'billing_city' => $order->get_billing_city() ? $order->get_billing_city() : null,
if ( ! empty( $_POST['terms-field'] ) && empty( $_POST['terms'] ) ) {
wc_add_notice( __( 'Please read and accept the terms and conditions to proceed with your order.', 'woocommerce' ), 'error' );
// Update payment method.
if ( $order->needs_payment() ) {
$payment_method_id = isset( $_POST['payment_method'] ) ? wc_clean( wp_unslash( $_POST['payment_method'] ) ) : false;
if ( ! $payment_method_id ) {
throw new Exception( __( 'Invalid payment method.', 'woocommerce' ) );
$available_gateways = WC()->payment_gateways->get_available_payment_gateways();
$payment_method = isset( $available_gateways[ $payment_method_id ] ) ? $available_gateways[ $payment_method_id ] : false;
if ( ! $payment_method ) {
throw new Exception( __( 'Invalid payment method.', 'woocommerce' ) );
$order->set_payment_method( $payment_method );
$payment_method->validate_fields();
if ( 0 === wc_notice_count( 'error' ) ) {
$result = $payment_method->process_payment( $order_id );
// Redirect to success/confirmation/payment page.
if ( isset( $result['result'] ) && 'success' === $result['result'] ) {
$result['order_id'] = $order_id;
$result = apply_filters( 'woocommerce_payment_successful_result', $result, $order_id );
wp_redirect( $result['redirect'] ); //phpcs:ignore WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
} catch ( Exception $e ) {
wc_add_notice( $e->getMessage(), 'error' );
// No payment was required for order.
$order->payment_complete();
wp_safe_redirect( $order->get_checkout_order_received_url() );
do_action( 'woocommerce_after_pay_action', $order );
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
