Fix registering members from frontend again

eme-formfields.php

@@ -372,7 +372,7 @@ function eme_formfields_edit_layout( $field_id = 0, $message = '', $t_formfield
 	if ( eme_is_multifield( $formfield['field_type'] ) ) {
 		$value = str_replace( '||', "\n", eme_esc_html( $formfield['field_values'] ) );
 		// textarea should always start with a newline, but this causes an empty first line to be removed, so we add an extra newline
-			$layout .= "<td><textarea name='field_values' id='field_values'>\n$value</textarea>";
+		$layout .= "<td><textarea name='field_values' id='field_values'>\n$value</textarea>";
 	} else {
 		$layout .= "<td><input name='field_values' id='field_values' type='text' value='" . eme_esc_html( $formfield['field_values'] ) . "' size='40'>";
 	}
@@ -388,7 +388,7 @@ function eme_formfields_edit_layout( $field_id = 0, $message = '', $t_formfield
 	if ( eme_is_multifield( $formfield['field_type'] ) ) {
 		$value = str_replace( '||', "\n", eme_esc_html( $formfield['field_tags'] ) );
 		// textarea should always start with a newline, but this causes an empty first line to be removed, so we add an extra newline
-			$layout .= "<td><textarea name='field_tags' id='field_tags'>\n$value</textarea>";
+		$layout .= "<td><textarea name='field_tags' id='field_tags'>\n$value</textarea>";
 	} else {
 		$layout .= "<td><input name='field_tags' id='field_tags' type='text' value='" . eme_esc_html( $formfield['field_tags'] ) . "' size='40'>";
 	}
@@ -403,7 +403,7 @@ function eme_formfields_edit_layout( $field_id = 0, $message = '', $t_formfield
 	if ( eme_is_multifield( $formfield['field_type'] ) ) {
 		$value = str_replace( '||', "\n", eme_esc_html( $formfield['admin_values'] ) );
 		// textarea should always start with a newline, but this causes an empty first line to be removed, so we add an extra newline
-			$layout .= "<td><textarea name='admin_values' id='admin_values'>\n$value</textarea>";
+		$layout .= "<td><textarea name='admin_values' id='admin_values'>\n$value</textarea>";
 	} else {
 		$layout .= "<td><input name='admin_values' id='admin_values' type='text' value='" . eme_esc_html( $formfield['admin_values'] ) . "' size='40'>";
 	}
@@ -417,7 +417,7 @@ function eme_formfields_edit_layout( $field_id = 0, $message = '', $t_formfield
 	if ( eme_is_multifield( $formfield['field_type'] ) ) {
 		$value = str_replace( '||', "\n", eme_esc_html( $formfield['admin_tags'] ) );
 		// textarea should always start with a newline, but this causes an empty first line to be removed, so we add an extra newline
-			$layout .= "<td><textarea name='admin_tags' id='admin_tags'>\n$value</textarea>";
+		$layout .= "<td><textarea name='admin_tags' id='admin_tags'>\n$value</textarea>";
 	} else {
 		$layout .= "<td><input name='admin_tags' id='admin_tags' type='text' value='" . eme_esc_html( $formfield['admin_tags'] ) . "' size='40'>";
 	}

eme-members.php

@@ -812,13 +812,6 @@ function eme_add_update_member( $member_id = 0, $send_mail = 1 ) {
 	$payment_id    = 0;
 	$membership_id = 0;
 	$transfer      = 0;
-	if ( ! current_user_can( get_option( 'eme_cap_edit_members' ) ) ) {
-		$res = [
-			0 => __( 'You have no right to manage members!', 'events-made-easy' ),
-			1 => 0
-		];
-		return $res;
-	}
 	if ( ! empty( $_POST['membership_id'] ) ) {
 		$membership_id = intval( $_POST['membership_id'] );
 	} else {
@@ -1645,7 +1638,11 @@ function eme_member_form( $member, $membership_id, $from_backend = 0 ) {
 	if ( ! $from_backend ) {
 		$form_html  = "<noscript><div class='eme-noscriptmsg'>" . __( 'Javascript is required for this form to work properly', 'events-made-easy' ) . "</div></noscript>
 		<div id='eme-member-addmessage-ok-$form_id' class='eme-message-success eme-member-message eme-member-message-success eme-hidden'></div><div id='eme-member-addmessage-error-$form_id' class='eme-message-error eme-member-message eme-member-message-error eme-hidden'></div><div id='div_eme-payment-form-$form_id' class='eme-payment-form'></div><div id='div_eme-member-form-$form_id' style='display: none' class='eme-showifjs'><form name='eme-member-form' id='$form_id' method='post' $form_class action='#'>";
-		$form_html .= wp_nonce_field( 'eme_frontend', 'eme_frontend_nonce', false, false );
+		if (empty($member['member_id'])) {
+			$form_html .= wp_nonce_field( 'eme_frontend', 'eme_frontend_nonce', false, false );
+		} else {
+			$form_html .= wp_nonce_field( 'eme_frontend '.$member['member_id'], 'eme_frontend_nonce', false, false );
+		}
 		$form_html .= "<span id='honeypot_check'><input type='text' name='honeypot_check' value='' autocomplete='off'></span>";
 	}
 	$form_html .= "<input type='hidden' id='membership_id' name='membership_id' value='$membership_id'>";
@@ -4462,7 +4459,9 @@ function eme_add_member_ajax() {
 		}
 	}
 
-	if ( ! isset( $_POST['eme_frontend_nonce'] ) || ! wp_verify_nonce( eme_sanitize_request($_POST['eme_frontend_nonce']), 'eme_frontend' ) ) {
+	if ( ! isset( $_POST['eme_frontend_nonce'] ) || 
+	     ( isset( $_POST['member_id'] ) && ! wp_verify_nonce( eme_sanitize_request($_POST['eme_frontend_nonce']), 'eme_frontend '.intval($_POST['member_id']) ) ) ||
+	     ( !isset( $_POST['member_id'] ) && ! wp_verify_nonce( eme_sanitize_request($_POST['eme_frontend_nonce']), 'eme_frontend') ) ) {
 		$form_html = __( "Form tampering detected. If you believe you've received this message in error please contact the site owner.", 'events-made-easy' );
 		echo wp_json_encode(
 			[

readme.txt

@@ -98,8 +98,9 @@ Events list and calendars can be added to your blogs through widgets, shortcodes
 See the FAQ section at the [Official site](https://www.e-dynamics.be/wordpress/).
 
 == Changelog ==
-= 2.4.18 (2023//) =
+= 2.4.18 (2023/12/10) =
 * Fix a php warning
+* Fix registering members from frontend again
 
 = 2.4.17 (2023/12/07) =
 * Documented #_YOUNGPENDINGSEATS and #_YOUNGPENDINGSEATS{xx}