function fep_createPage_action()
{
if (isset($_POST['fep-create-page'])) {
$titlePre = wp_strip_all_tags($_POST['fep-create-page-title']);
$title = utf8_encode($titlePre);
$slugPre = wp_strip_all_tags($_POST['fep-create-page-slug']);
$slug = utf8_encode($slugPre);
delete_transient('fep_page_id');
if (fep_page_id() != '') {
echo "<div id='message' class='error'><p>" . sprintf(__("Already created page <a href='%s'>%s </a> for \"Front End PM\". Please use that page instead!", 'fep'), get_permalink(fep_page_id()), get_the_title(fep_page_id())) . "</p></div>";
return;
}
if (!$title) {
echo "<div id='message' class='error'><p>" . __("You must enter a valid Title!", 'fep') . "</p></div>";
return;
}
// Check if a form has been sent
if (!fep_verify_nonce($_POST['token'], 'fep-create-page')) {
echo "<div id='message' class='error'><p>" . __("Invalid Token. Please try again!", 'fep') . "</p></div>";
return;
}
$fep_page = array('post_title' => $title, 'post_name' => $slug, 'post_content' => '[front-end-pm]', 'post_status' => 'publish', 'post_type' => 'page');
$pageID = wp_insert_post($fep_page);
if ($pageID == 0) {
echo "<div id='message' class='error'><p>" . __("Something wrong.Please try again to create page!", 'fep') . "</p></div>";
return;
} else {
echo "<div id='message' class='updated'><p>" . sprintf(__("Page <a href='%s'>%s </a> for \"Front End PM\" successfully created!", 'fep'), get_permalink($pageID), get_the_title($pageID)) . "</p></div>";
set_transient('fep_page_id', $pageID, 60 * 60 * 24);
return;
}
}
}
function delete()
{
global $wpdb, $user_ID;
$delID = isset($_GET['id']) ? absint($_GET['id']) : 0;
if (current_user_can('manage_options') && fep_verify_nonce($_GET['token'], 'announcement')) {
do_action('fep_announcement_before_delete', $delID);
$wpdb->query($wpdb->prepare("DELETE FROM " . FEP_MESSAGES_TABLE . " WHERE id = %d", $delID));
$wpdb->query($wpdb->prepare("DELETE FROM " . FEP_META_TABLE . " WHERE message_id = %d", $delID));
delete_transient("fep_announcements_with_seen");
delete_transient("fep_announcements_with_deleted");
echo '<div id="fep-success">' . __("Announcement successfully Deleted.", 'fep') . ' </div>';
return true;
} elseif (!current_user_can('manage_options') && fep_verify_nonce($_GET['token'], 'announcement')) {
if (!$this->is_seen($delID)) {
echo '<div id="fep-error">' . __("Something wrong. Please try again.", 'fep') . ' </div>';
return false;
}
$userDel = $wpdb->get_row($wpdb->prepare("SELECT meta_id, field_value FROM " . FEP_META_TABLE . " WHERE message_id = %d AND field_name = %s LIMIT 1", $delID, 'announcement_deleted_user_id'));
$user_array = maybe_unserialize($userDel->field_value);
if (is_array($user_array)) {
$user_array[] = $user_ID;
} else {
$user_array = array($user_ID);
}
sort($user_array);
$serialized_value = maybe_serialize(array_unique($user_array));
if ($userDel) {
$result = $wpdb->update(FEP_META_TABLE, array('field_value' => $serialized_value), array('meta_id' => $userDel->meta_id), array('%s'), array('%d'));
} else {
$result = $wpdb->insert(FEP_META_TABLE, array('message_id' => $delID, 'field_name' => 'announcement_deleted_user_id', 'field_value' => $serialized_value), array('%d', '%s', '%s'));
}
if ($result) {
delete_transient("fep_announcements_with_deleted");
echo '<div id="fep-success">' . __("Announcement successfully Deleted.", 'fep') . ' </div>';
return true;
}
} else {
echo '<div id="fep-error">' . __("Something wrong. Please try again.", 'fep') . ' </div>';
return false;
}
}
function delete()
{
global $wpdb;
$delID = absint($_GET['id']);
if (!fep_verify_nonce($_GET['token'], 'delete_message_admin')) {
echo "<div id='fep-error'>" . __("Invalid Token!", 'fep') . "</div>";
return;
}
if (0 == $delID) {
echo "<div id='fep-error'>" . __("Invalid message id!", 'fep') . "</div>";
return;
}
if (current_user_can('manage_options')) {
$ids = $wpdb->get_col($wpdb->prepare("SELECT id FROM " . FEP_MESSAGES_TABLE . " WHERE id = %d OR parent_id = %d", $delID, $delID));
$id = implode(',', $ids);
do_action('fep_message_before_delete', $delID, $ids);
$wpdb->query($wpdb->prepare("DELETE FROM " . FEP_MESSAGES_TABLE . " WHERE id = %d OR parent_id = %d", $delID, $delID));
$wpdb->query("DELETE FROM " . FEP_META_TABLE . " WHERE message_id IN ({$id})");
} else {
echo "<div id='fep-error'>" . __("No permission!", 'fep') . "</div>";
return;
}
echo "<div id='fep-success'>" . __("Message was successfully deleted!", 'fep') . "</div>";
return;
}
function fep_download_file()
{
if (!isset($_GET['fepaction']) || $_GET['fepaction'] != 'download') {
return;
}
global $wpdb, $user_ID;
$id = absint($_GET['id']);
if (!fep_verify_nonce($_GET['token'], 'download')) {
wp_die(__('Invalid token', 'fep'));
}
$msgsMeta = $wpdb->get_row($wpdb->prepare("SELECT * FROM " . FEP_META_TABLE . " WHERE meta_id = %d", $id));
if (!$msgsMeta) {
wp_die(__('No attachment found', 'fep'));
}
$message_id = $msgsMeta->message_id;
$unserialized_file = maybe_unserialize($msgsMeta->field_value);
if ($msgsMeta->field_name != 'attachment' || !$unserialized_file['type'] || !$unserialized_file['url'] || !$unserialized_file['file']) {
wp_die(__('Invalid Attachment', 'fep'));
}
$attachment_type = $unserialized_file['type'];
$attachment_url = $unserialized_file['url'];
$attachment_path = $unserialized_file['file'];
$attachment_name = basename($attachment_url);
$msgsInfo = $wpdb->get_row($wpdb->prepare("SELECT from_user, to_user, status FROM " . FEP_MESSAGES_TABLE . " WHERE id = %d", $message_id));
if (!$msgsInfo) {
wp_die(__('Message already deleted', 'fep'));
}
if ($msgsInfo->from_user != $user_ID && $msgsInfo->to_user != $user_ID && $msgsInfo->status != 2 && !current_user_can('manage_options')) {
wp_die(__('No permission', 'fep'));
}
if (!file_exists($attachment_path)) {
$wpdb->query($wpdb->prepare("DELETE FROM " . FEP_META_TABLE . " WHERE meta_id = %d", $id));
wp_die(__('Attachment already deleted', 'fep'));
}
header("Content-Description: File Transfer");
header("Content-Transfer-Encoding: binary");
header("Content-Type: {$attachment_type}", true, 200);
header("Content-Disposition: attachment; filename=\"{$attachment_name}\"");
header("Content-Length: " . filesize($attachment_path));
nocache_headers();
//clean all levels of output buffering
while (ob_get_level()) {
ob_end_clean();
}
readfile($attachment_path);
exit;
}
function delete()
{
global $wpdb, $user_ID;
$delID = absint($_GET['id']);
if (!fep_verify_nonce($_GET['token'], 'delete_message')) {
return "<div id='fep-error'>" . __("Invalid Token!", 'fep') . "</div>";
}
$info = $wpdb->get_row($wpdb->prepare("SELECT from_user, to_user, to_del, from_del FROM " . FEP_MESSAGES_TABLE . " WHERE id = %d", $delID));
if ($info->to_user == $user_ID) {
if ($info->from_del == 0) {
$wpdb->update(FEP_MESSAGES_TABLE, array('to_del' => 1), array('id' => $delID), array('%d'), array('%d'));
} else {
$ids = $wpdb->get_col($wpdb->prepare("SELECT id FROM " . FEP_MESSAGES_TABLE . " WHERE id = %d OR parent_id = %d", $delID, $delID));
$id = implode(',', $ids);
do_action('fep_message_before_delete', $delID, $ids);
$wpdb->query($wpdb->prepare("DELETE FROM " . FEP_MESSAGES_TABLE . " WHERE id = %d OR parent_id = %d", $delID, $delID));
$wpdb->query("DELETE FROM " . FEP_META_TABLE . " WHERE message_id IN ({$id})");
}
} elseif ($info->from_user == $user_ID) {
if ($info->to_del == 0) {
$wpdb->update(FEP_MESSAGES_TABLE, array('from_del' => 1), array('id' => $delID), array('%d'), array('%d'));
} else {
$ids = $wpdb->get_col($wpdb->prepare("SELECT id FROM " . FEP_MESSAGES_TABLE . " WHERE id = %d OR parent_id = %d", $delID, $delID));
$id = implode(',', $ids);
do_action('fep_message_before_delete', $delID, $ids);
$wpdb->query($wpdb->prepare("DELETE FROM " . FEP_MESSAGES_TABLE . " WHERE id = %d OR parent_id = %d", $delID, $delID));
$wpdb->query("DELETE FROM " . FEP_META_TABLE . " WHERE message_id IN ({$id})");
}
} else {
return "<div id='fep-error'>" . __("No permission!", 'fep') . "</div>";
}
return "<div id='fep-success'>" . __("Your message was successfully deleted!", 'fep') . "</div>";
}
