/** * initializes and outputs the list for the backend */ public static function initialize() { self::_setup_i18n(); self::$options = Participants_Db::$plugin_options; get_currentuserinfo(); // set up the user settings transient global $user_ID; self::$user_settings = Participants_Db::$prefix . self::$user_settings . '-' . $user_ID; self::set_list_limit(); self::$registration_page_url = get_bloginfo('url') . '/' . (isset(self::$options['registration_page']) ? self::$options['registration_page'] : ''); self::setup_display_columns(); self::$sortables = Participants_Db::get_sortables(); // set up the basic values $default_values = array('search_field' => self::get_admin_user_setting('search_field', 'none'), 'value' => '', 'operator' => self::get_admin_user_setting('search_op', 'LIKE'), 'sortBy' => self::get_admin_user_setting('sort_by', self::$options['admin_default_sort']), 'ascdesc' => self::get_admin_user_setting('sort_order', self::$options['admin_default_sort_order']), 'submit-button' => ''); // merge the defaults with the $_REQUEST array so if there are any new values coming in, they're included self::$filter = shortcode_atts($default_values, $_REQUEST); self::set_admin_user_setting('search_field', self::$filter['search_field']); self::set_admin_user_setting('search_op', self::$filter['operator']); self::set_admin_user_setting('sort_by', self::$filter['sortBy']); self::set_admin_user_setting('sort_order', self::$filter['ascdesc']); //error_log(__METHOD__.' request:'.print_r($_REQUEST,1).' filter:'.print_r(self::$filter,1)); // process delete and items-per-page form submissions self::_process_general(); self::_process_search(self::$filter['submit-button']); if (WP_DEBUG) { error_log(__METHOD__ . ' list query= ' . self::$list_query); } // get the $wpdb object global $wpdb; // get the number of records returned self::$num_records = $wpdb->get_var(str_replace('*', 'COUNT(*)', self::$list_query)); // set the pagination object self::$pagination = new PDb_Pagination(array('link' => self::prepare_page_link($_SERVER['REQUEST_URI']), 'page' => isset($_GET[self::$list_page]) ? $_GET[self::$list_page] : '1', 'size' => self::$page_list_limit, 'total_records' => self::$num_records, 'add_variables' => http_build_query(self::$filter) . '#pdb-list-admin')); // get the records for this page, adding the pagination limit clause self::$participants = $wpdb->get_results(self::$list_query . ' ' . self::$pagination->getLimitSql(), ARRAY_A); // ok, setup finished, start outputting the form // add the top part of the page for the admin self::_admin_top(); // print the sorting/filtering forms self::_sort_filter_forms(); // add the delete and items-per-page controls for the backend self::_general_list_form_top(); // print the main table self::_main_table(); // output the pagination controls echo '<div class="pdb-list">' . self::$pagination->links() . '</div>'; // print the CSV export form (admin users only) if (current_user_can(Participants_Db::$plugin_options['plugin_admin_capability'])) { self::_print_export_form(); } // print the plugin footer Participants_Db::plugin_footer(); }
/** * processes any POST requests * * this is called on the 'init' hook * * @global object $wpdb * @return null */ public static function process_page_request() { $post_sanitize = array('subsource' => FILTER_SANITIZE_STRING, 'action' => FILTER_SANITIZE_STRING, 'pdb_data_keys' => FILTER_SANITIZE_STRING, 'submit_button' => FILTER_SANITIZE_STRING, 'filename' => FILTER_SANITIZE_STRING, 'base_filename' => FILTER_SANITIZE_STRING, 'CSV_type' => FILTER_SANITIZE_STRING, 'include_csv_titles' => FILTER_VALIDATE_BOOLEAN, 'nocookie' => FILTER_VALIDATE_BOOLEAN, 'previous_multipage' => FILTER_SANITIZE_STRING); /* * $post_input is used for control functions, not for the dataset */ $post_input = filter_input_array(INPUT_POST, $post_sanitize); // only process POST arrays from this plugin's pages if (empty($post_input['subsource']) or $post_input['subsource'] != self::PLUGIN_NAME or empty($post_input['action'])) { return; } // add a filter to check the submission before anything is done with it $check = true; self::set_filter('check_submission', $check); if ($check === false) { return; } // error_log( __METHOD__.' post:'.print_r( $_POST, true ) ); /* * the originating page for a multipage form is saved in a session value * * if this is an empty string, it is assumed the submission was not part of a multipage form series */ self::$session->set('previous_multipage', $post_input['previous_multipage']); /* * get the defined columns for the submitting shortcode (if any) * * this is needed so that validation will be performed on the expected list * of fields, not just what's found in the POST array */ $columns = false; if (!empty($post_input['pdb_data_keys'])) { $columns = self::get_data_key_columns($post_input['pdb_data_keys']); } /* * instantiate the validation object if we need to. This is necessary * because another script can instantiate the object in order to add a * feedback message * * we don't validate administrators in the admin */ if (!is_object(self::$validation_errors)) { if (Participants_Db::is_form_validated()) { self::$validation_errors = new PDb_FormValidation(); } } switch ($post_input['action']) { case 'update': case 'insert': /* * we are here for one of these cases: * a) we're adding a new record in the admin * b) a user is updating their record on the frontend * c) an admin is updating a record * * signups are processed in the case 'signup' section * * set the raw post array filters. We pass in the $_POST array, expecting * a possibly altered copy of it to be returned * * filter: pdb-before_submit_update * filter: pdb-before_submit_add */ $post_data = self::set_filter('before_submit_' . ($post_input['action'] === 'insert' ? 'add' : 'update'), $_POST); if (isset($_POST['id'])) { $id = filter_input(INPUT_POST, 'id', FILTER_VALIDATE_INT, array('options' => array('min_range' => 1))); } elseif (isset($_GET['id'])) { $id = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT, array('options' => array('min_range' => 1))); } else { $id = false; } $participant_id = self::process_form($post_data, $post_input['action'], $id, $columns); if (false === $participant_id) { // we have errors; go back to form and show errors return; } /* * set the stored record hook. * * hook: pdb-after_submit_update * hook: pdb-after_submit_add */ $wp_hook = self::$prefix . 'after_submit_' . ($post_input['action'] == 'insert' ? 'add' : 'update'); do_action($wp_hook, self::get_participant($participant_id)); /* * if we are submitting from the frontend, set the feedback message and * send the update notification */ if (!is_admin()) { /* * if the user is an admin, the validation object won't be instantiated, * so we do that here so the feedback message can be shown. */ if (!is_object(self::$validation_errors)) { self::$validation_errors = new PDb_FormValidation(); } self::$validation_errors->add_error('', self::$plugin_options['record_updated_message']); if (self::$plugin_options['send_record_update_notify_email'] && Participants_Db::$session->get('form_status') !== 'multipage') { $sent = wp_mail(self::$plugin_options['email_signup_notify_addresses'], self::proc_tags(self::$plugin_options['record_update_email_subject'], $participant_id, 'all'), self::proc_tags(self::$plugin_options['record_update_email_body'], $participant_id, 'all'), self::$email_headers); } /* * if the "thanks page" is defined as another page, save the ID in a session variable and move to that page. */ if (isset($post_data['thanks_page']) && $post_data['thanks_page'] != $_SERVER['REQUEST_URI']) { self::$session->set('pdbid', $post_data['id']); $redirect = $post_input['action'] == 'insert' ? $post_data['thanks_page'] : self::add_uri_conjunction($post_data['thanks_page']) . 'action=update'; wp_redirect($redirect); exit; } return; } // redirect according to which submit button was used switch ($post_input['submit_button']) { case self::$i18n['apply']: $redirect = get_admin_url() . 'admin.php?page=' . self::PLUGIN_NAME . '-edit_participant&id=' . $participant_id; break; case self::$i18n['next']: $get_id = $post_input['action'] == 'update' ? '&id=' . self::next_id($participant_id) : ''; $redirect = get_admin_url() . 'admin.php?page=' . self::PLUGIN_NAME . '-edit_participant' . $get_id; break; case self::$i18n['previous']: $get_id = $post_input['action'] == 'update' ? '&id=' . self::next_id($participant_id, false) : ''; $redirect = get_admin_url() . 'admin.php?page=' . self::PLUGIN_NAME . '-edit_participant' . $get_id; break; case self::$i18n['submit']: default: $redirect = get_admin_url() . 'admin.php?page=' . self::PLUGIN_NAME; } wp_redirect($redirect); exit; case 'output CSV': $csv_role = Participants_Db::plugin_setting_is_true('editor_allowed_csv_export') ? 'editor' : 'admin'; if (!Participants_Db::current_user_has_plugin_role($csv_role, 'csv export')) { die; } $header_row = array(); $title_row = array(); $data = array(); $filename = !empty($post_input['filename']) ? $post_input['filename'] : ''; switch ($post_input['CSV_type']) { // create a blank data array case 'blank': // add the header row foreach (self::get_column_atts('CSV') as $column) { $header_row[] = $column->name; } $data[] = $header_row; $i = 2; // number of blank rows to create while ($i > 0) { $data[] = array_fill_keys($header_row, ''); $i--; } break; case 'participant list': global $wpdb; $import_columns = ''; foreach (self::get_column_atts('CSV') as $column) { $import_columns .= sprintf('`%s`,', $column->name); $header_row[] = $column->name; $title_row[] = $column->title; } $data['header'] = $header_row; if ($post_input['include_csv_titles']) { $data['titles'] = $title_row; } global $current_user; $query = get_transient(Participants_Db::$prefix . 'admin_list_query' . $current_user->ID); if ($query) { $query = str_replace('*', ' ' . trim($import_columns, ',') . ' ', $query); $data += self::_prepare_CSV_rows($wpdb->get_results($query, ARRAY_A)); } break; } // CSV type if (!empty($filename)) { $base_filename = substr($filename, 0, strpos($filename, PDb_List_Admin::filename_datestamp() . '.csv')); /* * @version 1.6 * base filename is now saved as a preference */ global $user_ID; PDb_List_Admin::$user_settings = Participants_Db::$prefix . PDb_List_Admin::$user_settings . '-' . $user_ID; PDb_List_Admin::set_admin_user_setting('csv_base_filename', $base_filename); // create a file pointer connected to the output stream $output = fopen('php://output', 'w'); //header('Content-type: application/csv'); // some sources say it should be this header('Content-Type: text/csv; charset=utf-8'); header("Cache-Control: no-store, no-cache"); header('Content-Disposition: attachment; filename="' . $filename . '"'); // output the data lines foreach ($data as $line) { fputcsv($output, $line, ',', self::$CSV_enclosure); } fclose($output); // we must terminate the script to prevent additional output being added to the CSV file exit; } return $data; case 'retrieve': if (self::nonce_check(filter_input(INPUT_POST, 'session_hash', FILTER_SANITIZE_STRING), self::$main_submission_nonce_key)) { self::_process_retrieval(); } return; case 'signup': if (!self::nonce_check(filter_input(INPUT_POST, 'session_hash', FILTER_SANITIZE_STRING), self::$main_submission_nonce_key)) { return; } $_POST['private_id'] = ''; $columns[] = 'private_id'; /* * route the $_POST data through a callback if defined * * filter: pdb-before_submit_signup */ $post_data = self::set_filter('before_submit_signup', $_POST); /* * the signup form should update the current record if it is revisited during a multipage form session */ $submit_action = 'insert'; if (self::$session->get('pdbid') !== false) { $submit_action = 'update'; } // submit the data $post_data['id'] = self::process_form($post_data, $submit_action, self::$session->get('pdbid'), $columns); if (false !== $post_data['id']) { /* * hook: pdb-after_submit_signup */ $wp_hook = self::$prefix . 'after_submit_signup'; do_action($wp_hook, self::get_participant($post_data['id'])); $redirect = $post_data['thanks_page']; self::$session->set('pdbid', $post_data['id']); wp_redirect($redirect); exit; } return; } // $_POST['action'] }
/** * initializes and outputs the list for the backend */ public static function initialize() { self::_setup_i18n(); wp_localize_script(Participants_Db::$prefix . 'list-admin', 'list_adminL10n', array('delete' => self::$i18n['delete_checked'], 'cancel' => self::$i18n['change'], "record" => __("Do you really want to delete the selected record?", 'participants-database'), "records" => __("Do you really want to delete the selected records?", 'participants-database'))); wp_enqueue_script(Participants_Db::$prefix . 'list-admin'); wp_enqueue_script(Participants_Db::$prefix . 'debounce'); get_currentuserinfo(); // set up the user settings transient global $user_ID; self::$user_settings = Participants_Db::$prefix . self::$user_settings . '-' . $user_ID; self::$filter_transient = Participants_Db::$prefix . self::$filter_transient . '-' . $user_ID; self::set_list_limit(); self::$registration_page_url = get_bloginfo('url') . '/' . Participants_Db::plugin_setting('registration_page', ''); self::setup_display_columns(); self::$sortables = Participants_Db::get_field_list(false, false, 'alpha'); // self::$sortables = Participants_Db::get_sortables(false, 'alpha'); // set up the basic values self::$default_filter = array('search' => array(0 => array('search_field' => 'none', 'value' => '', 'operator' => 'LIKE', 'logic' => 'AND')), 'sortBy' => Participants_Db::plugin_setting('admin_default_sort'), 'ascdesc' => Participants_Db::plugin_setting('admin_default_sort_order'), 'list_filter_count' => 1); // merge the defaults with the $_REQUEST array so if there are any new values coming in, they're included self::_update_filter(); // error_log(__METHOD__.' filter:'.print_r(self::$filter,1)); // process delete and items-per-page form submissions self::_process_general(); self::_process_search(); if (WP_DEBUG) { error_log(__METHOD__ . ' list query= ' . self::$list_query); } /* * save the query in a transient so it can be used by the export CSV functionality */ if (Participants_Db::current_user_has_plugin_role('admin', 'csv export')) { global $current_user; set_transient(Participants_Db::$prefix . 'admin_list_query' . $current_user->ID, self::$list_query, 3600 * 24); } // get the $wpdb object global $wpdb; // get the number of records returned self::$num_records = $wpdb->get_var(str_replace('*', 'COUNT(*)', self::$list_query)); // set the pagination object $current_page = filter_input(INPUT_GET, self::$list_page, FILTER_VALIDATE_INT, array('options' => array('default' => 1, 'min_range' => 1))); self::$pagination = new PDb_Pagination(array('link' => self::prepare_page_link($_SERVER['REQUEST_URI']) . '&' . self::$list_page . '=%1$s', 'page' => $current_page, 'size' => self::$page_list_limit, 'total_records' => self::$num_records, 'add_variables' => '#pdb-list-admin')); // get the records for this page, adding the pagination limit clause self::$participants = $wpdb->get_results(self::$list_query . ' ' . self::$pagination->getLimitSql(), ARRAY_A); // ok, setup finished, start outputting the form // add the top part of the page for the admin self::_admin_top(); // print the sorting/filtering forms self::_sort_filter_forms(); // add the delete and items-per-page controls for the backend self::_general_list_form_top(); // print the main table self::_main_table(); // output the pagination controls echo '<div class="pdb-list">' . self::$pagination->links() . '</div>'; // print the CSV export form (authorized users only) $csv_role = Participants_Db::plugin_setting_is_true('editor_allowed_csv_export') ? 'editor' : 'admin'; if (Participants_Db::current_user_has_plugin_role($csv_role, 'csv export')) { self::_print_export_form(); } // print the plugin footer Participants_Db::plugin_footer(); }