/**
  * Processes contact form via ajax request.
  *
  * @todo add security precautions to filter out potential SQL injections or bad data (such as account escalation)
  * @version 1.0
  * Copyright 2011 Andy Potanin, Usability Dynamics, Inc.  <*****@*****.**>
  */
 function process_crm_message()
 {
     global $wp_crm;
     //** Server seems to return nothing somethines, adding space in beginning seems to solve */
     /** This needs to be removed - it causes a warning when the header items are set later in the code, when then causes the form NOT to work echo ' '; */
     //** watch for spam */
     if (!empty($_REQUEST['comment']) || !empty($_REQUEST['email']) || !empty($_REQUEST['name']) || !empty($_REQUEST['url'])) {
         die(json_encode(array('success' => 'false', 'message' => __('If you see this message, WP-CRM through you were a robot.  Please contact admin if you do not think are you one.', 'wp_crm'))));
     }
     $data = $_REQUEST['wp_crm'];
     $crm_action = $_REQUEST['crm_action'];
     if (empty($data)) {
         die;
     }
     //** Some other security */
     if (isset($data['user_data']['user_id'])) {
         //** Fail - user_id will never be passed in this manner unless somebody is screwing around */
         die(json_encode(array('success' => 'false', 'message' => __('Form could not be submitted.', 'wp_crm'))));
     }
     $md5_form_slug = $_REQUEST['form_slug'];
     $associated_object = $_REQUEST['associated_object'];
     foreach ($wp_crm['wp_crm_contact_system_data'] as $form_slug => $form_data) {
         if ($md5_form_slug == md5($form_slug)) {
             $confirmed_form_slug = $form_slug;
             $confirmed_form_data = $form_data;
             continue;
         }
     }
     if (!$confirmed_form_slug) {
         die;
     }
     if (isset($data['user_id'])) {
         //** User ID was passsed. Verify that current user is logged in */
         $current_user = wp_get_current_user();
         if (0 == $current_user->ID || $data['user_id'] != $current_user->ID) {
             //** User ID not found, or passed doesn't match. Either way, fail with ambigous messages.
             die(json_encode(array('success' => 'false', 'message' => __('Form could not be submitted.', 'wp_crm'))));
         } else {
             //** We have User ID, we are updating an existing profile */
             $data['user_data']['user_id']['default'][] = $current_user->ID;
         }
     }
     //** Get required fields */
     foreach ($wp_crm['data_structure']['attributes'] as $field_slug => $field_data) {
         if ($field_data['required']) {
             $required_fields[] = $field_slug;
         }
     }
     $check_fields = apply_filters('wp_crm_distinct_user_fields', array('user_email'));
     //** Do not check any fields if nothing to check */
     foreach ($data['user_data'] as $field_slug => $field_data) {
         foreach ($field_data as $value) {
             $value = WP_CRM_F::get_first_value($value);
             //** Check for completion */
             if ($wp_crm['data_structure']['attributes'][$field_slug]['required']) {
                 $error = apply_filters('wp_crm_contact_form_data_validation', false, array('field' => $field_slug, 'value' => $value));
                 if ($error) {
                     $bad_fields[$field_slug] = $error;
                     continue;
                 }
                 if (empty($value)) {
                     $bad_fields[$field_slug] = sprintf(__('%1s cannot be empty.', 'wp_crm'), $wp_crm['data_structure']['attributes'][$field_slug]['title']);
                 }
             }
             //** Check for data conlicts */
             if (is_array($check_fields) && in_array($field_slug, $check_fields)) {
                 //** Current field needs to be checked to avoid conflict */
                 if ($conflict_user_id = WP_CRM_F::check_data_field($field_slug, $value)) {
                     if ($data['user_data']['user_id']['default'][0] != $conflict_user_id) {
                         $bad_fields[$field_slug] = sprintf(__('This %1s belongs to a registered user, please login.', 'wp_crm'), $wp_crm['data_structure']['attributes'][$field_slug]['title']);
                     }
                 }
             }
         }
     }
     //** If this is a validation request, we check to make sure everything is good */
     if ($crm_action == 'system_validate') {
         if ($bad_fields) {
             die(json_encode(array('success' => true, 'validation_passed' => false, 'bad_fields' => $bad_fields)));
         } else {
             die(json_encode(array('success' => true, 'validation_passed' => true)));
         }
     }
     if ($bad_fields) {
         die(json_encode(array('success' => 'false', 'bad_fields' => $bad_fields, 'message' => __('Form could not be submitted. Please make sure you have entered your information properly.', 'wp_crm'))));
     }
     $user_data = @wp_crm_save_user_data($data['user_data'], 'default_role=' . $wp_crm['configuration']['new_contact_role'] . '&use_global_messages=false&match_login=true&no_redirect=true&return_detail=true');
     if (!$user_data) {
         if ($confirmed_form_data['message_field'] == 'on') {
             //** If contact form includes a message, notify that message could not be sent */
             die(json_encode(array('success' => 'false', 'message' => __('Message could not be sent. Please make sure you have entered your information properly.', 'wp_crm'))));
         } else {
             //** If contact form DOES NOT include a message, notify that it could not be submitted */
             die(json_encode(array('success' => 'false', 'message' => __('Form could not be submitted. Please make sure you have entered your information properly.', 'wp_crm'))));
         }
     } else {
         $user_id = $user_data['user_id'];
         if ($user_data['new_user']) {
             //** Log in DB that this account was created automatically via contact form */
             update_user_meta($user_id, 'wpc_cm_generated_account', true);
         }
     }
     $message = WP_CRM_F::get_first_value($_REQUEST['wp_crm']['user_data']['message_field']);
     if ($confirmed_form_data['notify_with_blank_message'] != 'on' && empty($message)) {
         //** No message submitted */
     } else {
         if (empty($message)) {
             $message = __(' -- No message. -- ', 'wp_crm');
         }
         //** Message is submitted. Do stuff. */
         $message_id = class_contact_messages::insert_message($user_id, $message, $confirmed_form_slug);
         $associated_object = !empty($associated_object) ? $associated_object : false;
         if ($associated_object) {
             class_contact_messages::insert_message_meta($message_id, 'associated_object', $associated_object);
         }
         //** Build default notification arguments */
         foreach ($wp_crm['data_structure']['attributes'] as $attribute => $attribute_data) {
             $notification_info[$attribute] = wp_crm_get_value($attribute, $user_id);
         }
         $notification_info['message_content'] = stripslashes($message);
         $notification_info['trigger_action'] = $confirmed_form_data['title'];
         $notification_info['profile_link'] = admin_url("admin.php?page=wp_crm_add_new&user_id={$user_id}");
         /** Add extra filters */
         $maybe_notification_info = apply_filters('wp_crm_notification_info', $notification_info, $associated_object);
         //** Make sure our array wasn't overwritten by a poorly written hooked in function, it shuold never be blank */
         if (!empty($maybe_notification_info) || !is_array($maybe_notification_info)) {
             $notification_info = $maybe_notification_info;
         }
         //** Pass the trigger and array of notification arguments to sender function */
         wp_crm_send_notification($confirmed_form_slug, $notification_info);
     }
     $result = array('success' => 'true', 'message' => $data['success_message']);
     if (current_user_can('manage_options')) {
         $result['user_id'] = $user_id;
     }
     echo json_encode($result);
     die;
 }
 /**
  * Primary function for updating user profiles on back-end.
  *
  * Called before hearder on user editing page.
  *
  * @since 0.01
  *
  */
 function wp_crm_save_user_data()
 {
     if (wp_verify_nonce($_REQUEST['wp_crm_update_user'], 'wp_crm_update_user')) {
         $args = $_REQUEST['wp_crm']['args'];
         $user_data = $_REQUEST['wp_crm']['user_data'];
         //** Add extra user_data data */
         $user_data['admin_color'][0]['value'] = $_REQUEST['admin_color'];
         $user_data['show_admin_bar_front'][0]['value'] = $_REQUEST['show_admin_bar_front'];
         $args['admin_save_action'] = true;
         wp_crm_save_user_data($user_data, $args);
     }
 }
Ejemplo n.º 3
0
 /**
  * Handles BP profile saving action
  *
  * @global object $current_user
  * @param int $user_id
  * @param array $posted_field_ids
  * @param array $errors
  * @author korotkov@UD
  */
 static function bp_profile_updated($user_id, $posted_field_ids, $errors)
 {
     global $current_user, $bp;
     if (is_admin()) {
         return;
     }
     //** Get new user_data from POST */
     $user_data = $_REQUEST['wp_crm']['user_data'];
     //** user_id is required */
     $user_data['user_id'][0]['value'] = $user_id;
     //** user_email is required */
     if (!array_key_exists('user_email', $user_data)) {
         $user_data['user_email'][0]['value'] = $current_user->user_email;
     }
     //** Change display name if xprofile full name exists */
     $fullname_field_name = bp_xprofile_fullname_field_name();
     $fullname_field_id = xprofile_get_field_id_from_name($fullname_field_name);
     if (in_array($fullname_field_id, $posted_field_ids)) {
         $display_name = xprofile_get_field_data($fullname_field_name, $user_id);
         $user_data['display_name'] = $display_name;
     }
     //** Save user data */
     $user_id = wp_crm_save_user_data($user_data);
     //** Determine if user changed nicename (display name in URL). peshkov@UD */
     if ($user_id && isset($user_data['user_nicename'])) {
         $user_domain = bp_displayed_user_domain();
         $userdata = get_userdata($user_id);
         $user_nicename = $userdata->data->user_nicename;
         $needle = bp_get_members_root_slug() . '/' . $user_nicename . '/';
         $pos = strpos($user_domain, $needle);
         if ($pos === false) {
             //** Looks like user_nicename was changed so redirect to the new profile's URL. */
             $user_domain = str_replace($bp->displayed_user->userdata->user_nicename, $user_nicename, $user_domain);
             if ($errors) {
                 bp_core_add_message(__('There was a problem updating some of your profile information, please try again.', ud_get_wp_crm()->domain), 'error');
             } else {
                 bp_core_add_message(__('Changes saved.', ud_get_wp_crm()->domain));
             }
             //* Redirect back to the edit screen to display the updates and message */
             bp_core_redirect(trailingslashit($user_domain . $bp->profile->slug . '/edit/group/' . bp_action_variable(1)));
         }
     }
 }
Ejemplo n.º 4
0
 /**
  * Primary function for updating user profiles on back-end.
  *
  * Called before hearder on user editing page.
  *
  * @since 0.01
  *
  */
 static function wp_crm_save_user_data()
 {
     if (!empty($_REQUEST['wp_crm_update_user']) && wp_verify_nonce($_REQUEST['wp_crm_update_user'], 'wp_crm_update_user')) {
         $args = !empty($_REQUEST['wp_crm']['args']) ? $_REQUEST['wp_crm']['args'] : array();
         $user_data = $_REQUEST['wp_crm']['user_data'];
         //** Add extra user_data data */
         $user_data['admin_color'][0]['value'] = $_REQUEST['admin_color'];
         $user_data['show_admin_bar_front'][0]['value'] = $_REQUEST['show_admin_bar_front'];
         $args['admin_save_action'] = true;
         do_action('wp_crm_before_save_user_data', $_REQUEST);
         wp_crm_save_user_data($user_data, $args);
     }
 }