/**
* Authenticate user to NXTClass using OpenID.
*
* @param mixed $user authenticated user object, or nxt_Error or null
*/
function openid_authenticate($user)
{
if (array_key_exists('openid_identifier', $_POST) && $_POST['openid_identifier']) {
$redirect_to = array_key_exists('redirect_to', $_REQUEST) ? $_REQUEST['redirect_to'] : null;
openid_start_login($_POST['openid_identifier'], 'login', $redirect_to);
// if we got this far, something is wrong
global $error;
$error = openid_message();
$user = new nxt_Error('openid_login_error', $error);
} else {
if (array_key_exists('finish_openid', $_REQUEST)) {
$identity_url = $_REQUEST['identity_url'];
if (!nxt_verify_nonce($_REQUEST['_nxtnonce'], 'openid_login_' . md5($identity_url))) {
$user = new nxt_Error('openid_login_error', 'Error during OpenID authentication. Please try again. (invalid nonce)');
}
if ($identity_url) {
$user_id = get_user_by_openid($identity_url);
if ($user_id) {
$user = new nxt_User($user_id);
} else {
$user = new nxt_Error('openid_registration_closed', __('Your have entered a valid OpenID, but this site is not currently accepting new accounts.', 'openid'));
}
} else {
if (array_key_exists('openid_error', $_REQUEST)) {
$user = new nxt_Error('openid_login_error', htmlentities2($_REQUEST['openid_error']));
}
}
}
}
return $user;
}
/**
* bibs_screen()
*
* Hooks into courseware_below_* for handling bibs screen
*/
function bibs_screen($vars)
{
global $bp;
$nonce_name = 'bibs';
$nonce_delete_name = 'delete_bib';
$nonce_edit_name = 'edit_bib';
// Are we dealing with courses or assignments?
if (isset($vars['assignment'])) {
$post_id = $vars['assignment']->ID;
} elseif (isset($vars['course'])) {
$post_id = $vars['course']->ID;
} else {
$post_id = null;
}
if ($post_id) {
$this->current_parent = $post_id;
}
$is_nonce = isset($_POST['_nxtnonce']) ? nxt_verify_nonce($_POST['_nxtnonce'], $nonce_name) : false;
if ($is_nonce && isset($_POST['bib'])) {
if (!$this->has_bib_caps($bp->loggedin_user->id) && !is_super_admin()) {
$vars['die'] = __('BuddyPress Courseware Error while forbidden user tried to add bibliography entries.', 'bpsp');
return $vars;
}
// Add an existing bib
if (isset($_POST['bib']['existing']) && !empty($_POST['bib']['existing'])) {
$data = $this->get_bib($_POST['bib']['existing']);
if ($this->add_bib($data, false, $post_id)) {
$vars['message'] = __('Bibliography added', 'bpsp');
} else {
$vars['error'] = __('Bibliography could not be added', 'bpsp');
}
} elseif (!empty($_POST['bib']['www']['title']) && !empty($_POST['bib']['www']['url'])) {
if ($this->add_www($_POST['bib']['www'], $post_id)) {
$vars['message'] = __('Entry added', 'bpsp');
} else {
$vars['error'] = __('Entry could not be added', 'bpsp');
}
} elseif (!empty($_POST['bib']['book'])) {
if ($this->add_book($_POST['bib']['book'], $post_id)) {
$vars['message'] = __('Book added', 'bpsp');
} else {
$vars['error'] = __('Book could not be added', 'bpsp');
}
} else {
$vars['error'] = __('No bibliography entry could be added.', 'bpsp');
}
}
if (isset($vars['course']) && $vars['course']->ID) {
$this->current_parent = $vars['course']->ID;
}
if (isset($vars['assignment']) && $vars['assignment']->ID) {
$this->current_parent = $vars['assignment']->ID;
}
$vars['has_bibs'] = true;
$vars['post_id'] = $this->current_parent;
$vars['has_bib_caps'] = $this->has_bib_caps($bp->loggedin_user->id);
$vars['bibs'] = $this->has_bibs($this->current_parent);
$vars['bibdb'] = $this->load_bibs(true);
$vars['bibs_nonce'] = nxt_nonce_field($nonce_name, '_nxtnonce', true, false);
$vars['bibs_delete_permalink'] = $vars['current_uri'] . '/delete_bibliography';
$vars['bibs_edit_permalink'] = $vars['current_uri'] . '/edit_bibliography';
$vars['bibs_delete_uri'] = add_query_arg('_nxtnonce', nxt_create_nonce($nonce_delete_name), $vars['bibs_delete_permalink']);
$vars['bibs_edit_uri'] = $vars['current_uri'] . '/edit_bibliography';
return $vars;
}
/**
* edit_course_screen( $vars )
*
* Hooks into courses_screen_handler
* Edit course screen
*
* @param Array $vars a set of variables received for this screen template
* @return Array $vars a set of variable passed to this screen template
*/
function edit_course_screen($vars)
{
global $bp;
$nonce_name = 'edit_course';
$updated_course_id = false;
$old_course = $this->is_course($this->current_course);
$old_course->terms = nxt_get_object_terms($old_course->ID, 'group_id');
if (!$this->has_course_caps($bp->loggedin_user->id) || !is_super_admin() && $bp->groups->current_group->id != $old_course->terms[0]->name) {
$vars['die'] = __('BuddyPress Courseware Error while forbidden user tried to update the course.', 'bpsp');
return $vars;
}
// Update course
if (isset($_POST['course']) && $_POST['course']['object'] == 'group' && isset($_POST['_nxtnonce'])) {
$updated_course = $_POST['course'];
$is_nonce = nxt_verify_nonce($_POST['_nxtnonce'], $nonce_name);
if (true != $is_nonce) {
$vars['message'] = __('Nonce Error while editing a course.', 'bpsp');
} else {
if (isset($updated_course['title']) && isset($updated_course['content']) && isset($updated_course['group_id'])) {
$updated_course['title'] = strip_tags($updated_course['title']);
$updated_course_id = nxt_update_post(array('ID' => $old_course->ID, 'post_title' => $updated_course['title'], 'post_content' => $updated_course['content']));
if ($updated_course_id) {
$vars['message'] = __('New course was updated.', 'bpsp');
} else {
$vars['error'] = __('New course could not be updated.', 'bpsp');
}
}
}
}
$vars['name'] = 'edit_course';
$vars['group_id'] = $bp->groups->current_group->id;
$vars['user_id'] = $bp->loggedin_user->id;
$vars['course'] = $this->is_course($updated_course_id);
$vars['course_edit_uri'] = $vars['current_uri'] . '/course/edit/';
$vars['course_permalink'] = $vars['current_uri'] . '/course';
$vars['nonce'] = nxt_nonce_field($nonce_name, '_nxtnonce', true, false);
$vars['trail'] = array(__('Editing Course: ', 'bpsp') . $vars['course']->post_title => $vars['course']->permalink);
return $vars;
}
// Renew a free level on this subscription
$sub_id = (int) $_POST['subscription'];
$user = (int) $_POST['user'];
$level = (int) $_POST['level'];
if (nxt_verify_nonce($_REQUEST['_nxtnonce'], 'renew-sub_' . $sub_id) && $user == $member->ID) {
$member->record_active_payment($sub_id, $level, time());
}
//update_user_meta( $member->ID, '_membership_last_upgraded', time());
break;
case 'upgradesolo':
// Upgrade a solo subscription
$sub_id = (int) $_POST['subscription'];
$user = (int) $_POST['user'];
$fromsub_id = (int) $_POST['fromsub_id'];
$gateway = $_POST['gateway'];
if (nxt_verify_nonce($_REQUEST['_nxtnonce'], 'upgrade-sub_' . $sub_id) && $user == $member->ID) {
// Join the new subscription
$member->create_subscription($sub_id, $gateway);
// Remove the old subscription
$member->drop_subscription($fromsub_id);
// Timestamp the update
update_user_meta($user, '_membership_last_upgraded', time());
}
break;
}
}
$rels = $member->get_relationships();
foreach ((array) $rels as $rel) {
$sub = new M_Subscription($rel->sub_id);
$nextlevel = $sub->get_next_level($rel->level_id, $rel->order_instance);
if (!empty($rel->usinggateway) && $rel->usinggateway != 'admin') {
<?php
if (isset($_GET['error'])) {
if (isset($_GET['main'])) {
$errmsg = __('You cannot delete a plugin while it is active on the main site.');
} elseif (isset($_GET['charsout'])) {
$errmsg = sprintf(__('The plugin generated %d characters of <strong>unexpected output</strong> during activation. If you notice “headers already sent” messages, problems with syndication feeds or other issues, try deactivating or removing this plugin.'), $_GET['charsout']);
} else {
$errmsg = __('Plugin could not be activated because it triggered a <strong>fatal error</strong>.');
}
?>
<div id="message" class="updated"><p><?php
echo $errmsg;
?>
</p>
<?php
if (!isset($_GET['main']) && !isset($_GET['charsout']) && nxt_verify_nonce($_GET['_error_nonce'], 'plugin-activation-error_' . $plugin)) {
?>
<iframe style="border:0" width="100%" height="70px" src="<?php
echo 'plugins.php?action=error_scrape&plugin=' . esc_attr($plugin) . '&_nxtnonce=' . esc_attr($_GET['_error_nonce']);
?>
"></iframe>
<?php
}
?>
</div>
<?php
} elseif (isset($_GET['deleted'])) {
$delete_result = get_transient('plugins_delete_result_' . $user_ID);
delete_transient('plugins_delete_result');
//Delete it once we're done.
if (is_nxt_error($delete_result)) {
<?php
global $profileuser, $user_id, $user;
if (isset($_POST['action']) && $_POST['action'] == 'update') {
if (nxt_verify_nonce($_REQUEST['_nxtnonce'], 'update-user_' . $user_id)) {
$msg = __('Your details have been updated.', 'membership');
$user = array('ID' => $_POST['user_id'], 'first_name' => $_POST['first_name'], 'last_name' => $_POST['last_name'], 'nickname' => $_POST['nickname'], 'display_name' => $_POST['display_name'], 'user_email' => $_POST['email'], 'user_url' => $_POST['url']);
if (!empty($_POST['pass1'])) {
if ($_POST['pass1'] == $_POST['pass2']) {
$user['user_pass'] = $_POST['pass1'];
} else {
$msg = __('Your password settings do not match', 'membership');
}
}
$errors = edit_user($user['ID']);
$profileuser = get_user_to_edit($user_id);
if (isset($errors) && is_nxt_error($errors)) {
$msg = implode("</p>\n<p>", $errors->get_error_messages());
}
} else {
$msg = __('Your details could not be updated.', 'membership');
}
do_action('edit_user_profile_update', $user_id);
}
?>
<div id="account-form">
<div class="formleft">
<?php
if (!empty($msg)) {
?>
/**
* import_gradebook_screen( $vars )
*
* Hooks into screen_handler
* Imports a CSV file data into the gradebook_screen(). It doesn't save anything!
*
* @param Array $vars a set of variables received for this screen template
* @return Array $vars a set of variable passed to this screen template
*/
function import_gradebook_screen($vars)
{
$is_nonce = nxt_verify_nonce($_POST['_nxtnonce'], 'gradebook_import_nonce');
if (!$is_nonce) {
$vars['die'] = __('BuddyPress Courseware Nonce Error while importing gradebook.', 'bpsp');
return $this->gradebook_screen($vars);
}
$grades = array();
if (isset($_FILES['csv_filename']) && !empty($_FILES['csv_filename'])) {
require_once 'parseCSV.class.php';
// Load CSV parser
$csv = new parseCSV();
$csv->auto($_FILES['csv_filename']['tmp_name']);
foreach ($csv->data as $grade) {
$id = bp_core_get_userid_from_nicename($grade['uid']);
if ($id) {
$grades[$id] = $grade;
}
}
if (count($csv->data) == count($grades)) {
$vars['message'] = __('Data imported successfully, but it is not saved yet! Save this form changes to keep the data.', 'bpsp');
} else {
$vars['error'] = __('File data contains error or entries from other gradebook. Please check again.', 'bpsp');
}
}
$vars['grades'] = $grades;
$vars['assignment_permalink'] = $vars['assignment_permalink'] . '/gradebook';
unset($_POST);
return $this->gradebook_screen($vars);
}
/**
* edit_assignment_screen( $vars )
*
* Hooks into screen_handler
* Edit assignment screen
*
* @param Array $vars a set of variables received for this screen template
* @return Array $vars a set of variable passed to this screen template
*/
function edit_assignment_screen($vars)
{
global $bp;
$nonce_name = 'edit_assignment';
$updated_assignment_id = $this->current_assignment;
$old_assignment = $this->is_assignment($this->current_assignment);
if (!$this->has_assignment_caps($bp->loggedin_user->id) && !is_super_admin() || $bp->loggedin_user->id != $old_assignment->post_author) {
$vars['die'] = __('BuddyPress Courseware Error while forbidden user tried to update the assignment.', 'bpsp');
return $vars;
}
// Update assignment
if (isset($_POST['assignment']) && $_POST['assignment']['object'] == 'group' && BPSP_Lectures::is_lecture($_POST['assignment']['lecture_id']) && isset($_POST['_nxtnonce'])) {
$updated_assignment = $_POST['assignment'];
$is_nonce = nxt_verify_nonce($_POST['_nxtnonce'], $nonce_name);
if (true != $is_nonce) {
$vars['error'] = __('Nonce Error while editing the assignment.', 'bpsp');
} else {
if (isset($updated_assignment['title']) && isset($updated_assignment['content']) && isset($updated_assignment['course_id']) && is_numeric($updated_assignment['group_id'])) {
$updated_assignment['title'] = strip_tags($updated_assignment['title']);
$updated_assignment_id = nxt_update_post(array('ID' => $old_assignment->ID, 'post_title' => $updated_assignment['title'], 'post_content' => $updated_assignment['content']));
if (is_object($updated_assignment_id) && isset($updated_assignment_id->ID)) {
$updated_assignment_id = $updated_assignment_id->ID;
}
if ($updated_assignment_id) {
nxt_set_post_terms($updated_assignment_id, $updated_assignment['course_id'], 'course_id');
if (strtotime($updated_assignment['due_date'])) {
update_post_meta($updated_assignment_id, 'due_date', $updated_assignment['due_date'], $old_assignment->due_date);
}
if (isset($updated_assignment['lecture_id'])) {
update_post_meta($updated_assignment_id, 'lecture_id', $updated_assignment['lecture_id']);
}
// Save the formbuilder
if (isset($updated_assignment['form']) && !empty($updated_assignment['form'])) {
$this->frmb->load_serialized($updated_assignment['form']);
if ($this->frmb->get_data()) {
update_post_meta($updated_assignment_id, 'form_data', $this->frmb->get_data(), $old_assignment->form_data);
}
}
$vars['message'] = __('Assignment was updated.', 'bpsp');
do_action('courseware_assignment_activity', $this->is_assignment($updated_assignment_id), 'update');
} else {
$vars['error'] = __('Assignment could not be updated.', 'bpsp');
}
}
}
}
$vars['name'] = 'edit_assignment';
$vars['group_id'] = $bp->groups->current_group->id;
$vars['user_id'] = $bp->loggedin_user->id;
$vars['lecture_id'] = get_post_meta(isset($new_assignment_id) ? $new_assignment_id : $old_assignment->ID, 'lecture_id', true);
$vars['lectures'] = BPSP_Lectures::has_lectures($bp->groups->current_group->id);
$vars['assignment'] = $this->is_assignment($updated_assignment_id);
$vars['assignment_edit_uri'] = $vars['current_uri'] . '/assignment/' . $this->current_assignment->post_name . '/edit/';
$vars['assignment_delete_uri'] = $vars['current_uri'] . '/assignment/' . $this->current_assignment->post_name . '/delete/';
$vars['assignment_permalink'] = $vars['current_uri'] . '/assignment/' . $this->current_assignment->post_name;
$vars['nonce'] = nxt_nonce_field($nonce_name, '_nxtnonce', true, false);
$vars['delete_nonce'] = add_query_arg('_nxtnonce', nxt_create_nonce('delete_assignment'), $vars['assignment_delete_uri']);
$vars['trail'] = array($vars['assignment']->lecture->post_title => $vars['assignment']->lecture->permalink, __('Editing Assignment: ') . $vars['assignment']->post_title => $vars['assignment']->permalink);
return $vars;
}
/**
* edit_schedule_screen( $vars )
*
* Hooks into screen_handler
* Edit schedule screen
*
* @param Array $vars a set of variables received for this screen template
* @return Array $vars a set of variable passed to this screen template
*/
function edit_schedule_screen($vars)
{
global $bp;
$nonce_name = 'edit_schedule';
$old_schedule = $this->is_schedule($this->current_schedule);
$old_schedule->terms = nxt_get_object_terms($old_schedule->ID, 'group_id');
if (!$this->has_schedule_caps($bp->loggedin_user->id) || !is_super_admin() && $bp->groups->current_group->id != $old_schedule->terms[0]->name) {
$vars['die'] = __('BuddyPress Courseware Error while forbidden user tried to update the schedule.', 'bpsp');
return $vars;
}
// Update schedule
if (isset($_POST['schedule']) && $_POST['schedule']['object'] == 'group' && isset($_POST['_nxtnonce'])) {
if (empty($_POST['schedule']['desc']) || empty($_POST['schedule']['start_date'])) {
$vars['error'] = __('New schedule could not be added. Missing description and/or start date.', 'bpsp');
$_POST = null;
return $this->edit_schedule_screen($vars);
}
$updated_schedule = $_POST['schedule'];
if (isset($updated_schedule['end_date']) && !empty($updated_schedule['end_date'])) {
$valid_dates = $this->datecheck($updated_schedule['start_date'], $updated_schedule['end_date']);
} else {
$valid_dates = true;
}
$is_nonce = nxt_verify_nonce($_POST['_nxtnonce'], $nonce_name);
if (true != $is_nonce) {
$vars['error'] = __('Nonce Error while editing a schedule.', 'bpsp');
} else {
if (!empty($updated_schedule['group_id']) && $valid_dates) {
$updated_schedule_id = nxt_update_post(array('ID' => $old_schedule->ID, 'post_title' => sanitize_text_field($updated_schedule['title']), 'post_content' => sanitize_text_field($updated_schedule['desc'])));
if ($updated_schedule_id) {
if (!empty($updated_schedule['course_id']) && BPSP_Courses::is_course($updated_schedule['course_id'])) {
nxt_set_post_terms($updated_schedule_id, $updated_schedule['course_id'], 'course_id');
} elseif (empty($updated_schedule['course_id'])) {
nxt_set_post_terms($updated_schedule_id, '', 'course_id');
}
update_post_meta($updated_schedule_id, 'start_date', $updated_schedule['start_date'], $old_schedule->start_date);
update_post_meta($updated_schedule_id, 'end_date', $updated_schedule['end_date'], $old_schedule->end_date);
if (isset($updated_schedule['lecture_id'])) {
update_post_meta($updated_schedule_id, 'lecture_id', $updated_schedule['lecture_id']);
}
if (!empty($updated_schedule['location'])) {
if ($old_schedule->location) {
update_post_meta($updated_schedule_id, 'location', $updated_schedule['location'], $old_schedule->location);
} else {
add_post_meta($updated_schedule_id, 'location', $updated_schedule['location']);
}
}
$vars['message'] = __('Schedule was updated.', 'bpsp');
} else {
$vars['error'] = __('Schedule could not be updated.', 'bpsp');
}
}
}
}
$vars['name'] = 'edit_schedule';
$vars['group_id'] = $bp->groups->current_group->id;
$vars['course_id'] = $this->current_course->ID;
$vars['lecture_id'] = get_post_meta($old_schedule->ID, 'lecture_id', true);
$vars['user_id'] = $bp->loggedin_user->id;
$vars['lectures'] = BPSP_Lectures::has_lectures($bp->groups->current_group->id);
$vars['schedule'] = $this->is_schedule($old_schedule->ID);
$vars['schedule_edit_uri'] = $vars['current_uri'] . '/schedule/' . $this->current_schedule . '/edit';
$vars['schedule_delete_uri'] = $vars['current_uri'] . '/schedule/' . $this->current_schedule . '/delete';
$vars['schedule_delete_title'] = __('Delete Course', 'bpsp');
$vars['schedule_permalink'] = $vars['current_uri'] . '/schedule/' . $this->current_schedule;
$vars['nonce'] = nxt_nonce_field($nonce_name, '_nxtnonce', true, false);
$vars['delete_nonce'] = add_query_arg('_nxtnonce', nxt_create_nonce('delete_schedule'), $vars['schedule_delete_uri']);
$vars['trail'] = array($vars['schedule']->lecture->post_title => $vars['schedule']->lecture->permalink, __('Editing Schedule: ', 'bpsp') . $vars['schedule']->post_title => $vars['schedule']->permalink);
return $vars;
}
$content = esc_textarea($content);
if (isset($_GET['a'])) {
?>
<div id="message" class="updated"><p><?php
_e('File edited successfully.');
?>
</p></div>
<?php
} elseif (isset($_GET['phperror'])) {
?>
<div id="message" class="updated"><p><?php
_e('This plugin has been deactivated because your changes resulted in a <strong>fatal error</strong>.');
?>
</p>
<?php
if (nxt_verify_nonce($_GET['_error_nonce'], 'plugin-activation-error_' . $file)) {
?>
<iframe style="border:0" width="100%" height="70px" src="<?php
bloginfo('nxturl');
?>
/nxt-admin/plugins.php?action=error_scrape&plugin=<?php
echo esc_attr($file);
?>
&_nxtnonce=<?php
echo esc_attr($_GET['_error_nonce']);
?>
"></iframe>
<?php
}
?>
</div>
public function file_editor()
{
$files = $this->get_writable_files();
if (isset($_POST['file']) && !isset($files[$_POST['file']])) {
echo '<div class="error"><p>' . __('Invalid file!') . '</p></div>';
return;
}
if (isset($_POST['file'])) {
$file = $_POST['file'];
} else {
$keys = array_keys($files);
$file = $keys[0];
unset($keys);
}
if (isset($_POST['newcontent'])) {
if (!nxt_verify_nonce($_POST['csrf_ckeditor-for-nxtclass'], 'ckeditor_create_nonce_file_editor') || empty($_POST['_nxt_http_referer']) || isset($_SERVER['HTTP_REFERER']) && !strstr($_SERVER['HTTP_REFERER'], $_POST['_nxt_http_referer'])) {
nxt_die("You do not have sufficient permissions to access this page.");
}
$fp = fopen($files[$file], 'w');
$content = stripslashes($_POST['newcontent']);
fwrite($fp, stripslashes($_POST['newcontent']));
echo '<div class="updated"><p>' . __('Configuration updated!') . '</p></div>';
} else {
$fp = fopen($files[$file], 'r');
$content = fread($fp, filesize($files[$file]));
}
fclose($fp);
include 'includes/file_editor.php';
}
/**
* Verifies the AJAX request to prevent processing requests external of the blog.
*
* @since 2.0.3
*
* @param string $action Action nonce
* @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
*/
function check_ajax_referer($action = -1, $query_arg = false, $die = true)
{
if ($query_arg) {
$nonce = $_REQUEST[$query_arg];
} else {
$nonce = isset($_REQUEST['_ajax_nonce']) ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_nxtnonce'];
}
$result = nxt_verify_nonce($nonce, $action);
if ($die && false == $result) {
die('-1');
}
do_action('check_ajax_referer', $action, $result);
return $result;
}
/**
* @since 0.1.0
*/
function members_content_permissions_save_meta($post_id, $post)
{
global $nxt_roles;
/* Verify the nonce. */
if (!isset($_POST['content_permissions_meta_nonce']) || !nxt_verify_nonce($_POST['content_permissions_meta_nonce'], plugin_basename(__FILE__))) {
return false;
}
if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) {
return;
}
if (defined('DOING_AJAX') && DOING_AJAX) {
return;
}
if (defined('DOING_CRON') && DOING_CRON) {
return;
}
/* Get the post type object. */
$post_type = get_post_type_object($post->post_type);
/* Check if the current user has permission to edit the post. */
if (!current_user_can($post_type->cap->edit_post, $post_id)) {
return $post_id;
}
/* Don't save if the post is only a revision. */
if ('revision' == $post->post_type) {
return;
}
$meta_values = get_post_meta($post_id, '_members_access_role', false);
if (isset($_POST['members_access_role']) && is_array($_POST['members_access_role'])) {
foreach ($_POST['members_access_role'] as $role) {
if (!in_array($role, $meta_values)) {
add_post_meta($post_id, '_members_access_role', $role, false);
}
}
foreach ($nxt_roles->role_names as $role => $name) {
if (!in_array($role, $_POST['members_access_role']) && in_array($role, $meta_values)) {
delete_post_meta($post_id, '_members_access_role', $role);
}
}
} elseif (!empty($meta_values)) {
delete_post_meta($post_id, '_members_access_role');
}
$meta = array('_members_access_error' => esc_html($_POST['members_access_error']));
foreach ($meta as $meta_key => $new_meta_value) {
/* Get the meta value of the custom field key. */
$meta_value = get_post_meta($post_id, $meta_key, true);
/* If a new meta value was added and there was no previous value, add it. */
if ($new_meta_value && '' == $meta_value) {
add_post_meta($post_id, $meta_key, $new_meta_value, true);
} elseif ($new_meta_value && $new_meta_value != $meta_value) {
update_post_meta($post_id, $meta_key, $new_meta_value);
} elseif ('' == $new_meta_value && $meta_value) {
delete_post_meta($post_id, $meta_key, $meta_value);
}
}
}
/**
* Loads the create Achievement page. Also implements controller logic.
*
* @global DPA_Achievement_Template $achievements_template Achievements template tag object
* @global nxt_Error $achievements_errors Achievement creation error object
* @global object $bp BuddyPress global settings
* @since 2.0
* @uses DPA_Achievement
*/
function dpa_screen_achievement_create()
{
global $achievements_template, $achievements_errors, $bp, $current_blog;
if (!bp_is_current_component($bp->achievements->slug) || DPA_SLUG_CREATE != $bp->current_action || !dpa_permission_can_user_create()) {
return;
}
$bp->achievements->current_achievement = new DPA_Achievement();
$achievement =& $bp->achievements->current_achievement;
// Has form been submitted?
if (empty($_POST['achievement-create'])) {
$achievement->points = '';
$achievement->action_count = 1;
$achievement->is_active = 1;
do_action('dpa_screen_achievement_create', $achievement);
bp_core_load_template(apply_filters('dpa_screen_achievement_create_template', 'achievements/create'));
return;
}
if (!nxt_verify_nonce($_POST['_nxtnonce'], 'achievement-create')) {
nxt_nonce_ays('');
die;
}
/* We can't use template tags because if the new details fail validation and do not save, the template loop will fetch the old version. */
if ('badge' == stripslashes($_POST['achievement_type'])) {
$achievement->action_count = 1;
$achievement->action_id = -1;
} else {
$achievement->action_count = (int) $_POST['action_count'];
$achievement->action_id = (int) $_POST['action_id'];
}
if (is_multisite() && bp_is_active('blogs')) {
$achievement->site_id = (int) $_POST['site_id'];
} else {
$achievement->site_id = BP_ROOT_BLOG;
}
if (bp_is_active('groups')) {
$achievement->group_id = (int) $_POST['group_id'];
} else {
$achievement->group_id = -1;
}
if (!empty($_POST['is_hidden'])) {
$achievement->is_active = 2;
} elseif (!empty($_POST['is_active'])) {
$achievement->is_active = 1;
} else {
$achievement->is_active = 0;
}
$achievement->name = stripslashes($_POST['name']);
$achievement->description = stripslashes($_POST['description']);
$achievement->points = (int) $_POST['points'];
$achievement->slug = stripslashes($_POST['slug']);
$achievement->picture_id = -1;
// A pictures is chosen on its own page, after creation.
$achievements_errors = $achievement->save();
if (!is_nxt_error($achievements_errors)) {
$achievements_template->achievement = $achievement;
// Required for dpa_record_activity()
if (1 == $achievement->is_active) {
dpa_record_activity($bp->loggedin_user->id, dpa_format_activity($bp->loggedin_user->id, $achievement->id), $achievement->id, 'achievement_created');
}
bp_core_add_message(__("Achievement created succesfully!", 'dpa'));
do_action('dpa_screen_achievement_create_success', $achievement);
if (dpa_permission_can_user_change_picture()) {
bp_core_redirect(dpa_get_achievements_permalink() . '/' . $achievement->slug . '/' . DPA_SLUG_ACHIEVEMENT_CHANGE_PICTURE);
} else {
bp_core_redirect(dpa_get_achievements_permalink() . '/' . $achievement->slug);
}
} else {
if (!$achievement->points) {
$achievement->points = '';
}
if (!$achievement->action_count) {
$achievement->action_count = '';
}
do_action('dpa_screen_achievement_create_fail', $achievement, $achievements_errors);
bp_core_add_message(__('An error has occurred and the Achievement has not been created. See below for details.', 'dpa'), 'error');
bp_core_load_template(apply_filters('dpa_screen_achievement_create_template', 'achievements/create'));
}
}
<?php
if (!isset($_REQUEST['woo-shortcodes-nonce']) || $_REQUEST['woo-shortcodes-nonce'] == '') {
die('Security check');
}
// Get the path to the root.
$full_path = __FILE__;
$path_bits = explode('nxt-content', $full_path);
$url = $path_bits[0];
// Require NXTClass bootstrap.
require_once $url . '/nxt-load.php';
// Nonce security check.
$nonce = $_REQUEST['woo-shortcodes-nonce'];
if (!nxt_verify_nonce($nonce, 'wooframework-shortcode-generator')) {
die('Security check');
}
$woo_framework_version = get_option('woo_framework_version');
$MIN_VERSION = '2.9';
$meetsMinVersion = version_compare($woo_framework_version, $MIN_VERSION) >= 0;
$woo_framework_path = dirname(__FILE__) . '/../../';
$woo_framework_url = get_template_directory_uri() . '/functions/';
$woo_shortcode_css = $woo_framework_path . 'css/shortcodes.css';
$isWooTheme = file_exists($woo_shortcode_css);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
</head>
<body>
<div id="woo-dialog">
/**
* group_admin_content()
*
* Hooks into bp_before_group_admin_content(), adds Courseware group options
*/
function group_admin_content()
{
global $bp;
$nonce_name = 'courseware_group_option';
if (isset($_POST['save']) && nxt_verify_nonce($_POST['_nxtnonce'], $nonce_name)) {
if (isset($_POST['group_courseware_status']) && !empty($_POST['group_courseware_status'])) {
$post_value = sanitize_key($_POST['group_courseware_status']);
if (groups_update_groupmeta($bp->groups->current_group->id, 'courseware', $post_value)) {
$vars['message'] = __('Group Courseware settings were successfully updated.', 'bpsp');
}
}
if (isset($_POST['responses_courseware_status']) && !empty($_POST['responses_courseware_status'])) {
$post_value = sanitize_key($_POST['responses_courseware_status']);
if (groups_update_groupmeta($bp->groups->current_group->id, 'courseware_responses', $post_value)) {
$vars['message'] = __('Group Courseware responses settings were successfully updated.', 'bpsp');
}
}
}
$vars['name'] = '_group_admin_screen';
$vars['form_nonce'] = nxt_nonce_field($nonce_name, '_nxtnonce', true, false);
$vars['current_status'] = groups_get_groupmeta($bp->groups->current_group->id, 'courseware');
$vars['current_responses_status'] = groups_get_groupmeta($bp->groups->current_group->id, 'courseware_responses');
$this->load_template($vars);
}
function create_new_and_redirect()
{
//echo 'workin?';
if (isset($_GET['new_wiki_page']) && $_GET['new_wiki_page'] == 'true' && nxt_verify_nonce($_GET['nonce'], 'nxtw_new_page_nonce')) {
global $nxt_version;
global $nxtdb;
$new_wiki = array();
$title = strip_tags($_GET['title']);
$pieces = explode(':', $title, 2);
if (count($pieces) == 2) {
list($namespace, $topic) = $pieces;
$namespace = strtolower(preg_replace('/[ -]+/', '-', $namespace));
$parent_id = $nxtdb->get_var('SELECT id FROM `' . $nxtdb->posts . '` WHERE post_name = "' . $namespace . '"');
if ($parent_id) {
$new_wiki['post_parent'] = $parent_id;
}
} else {
$namespace = '';
$topic = $title;
}
$topic = strtolower(preg_replace('/[ -]+/', '-', $topic));
$url = get_option('siteurl') . '/wiki/' . ($namespace ? $namespace . '/' : '') . $topic;
$new_wiki['post_name'] = $topic;
$new_wiki['post_title'] = $title;
$new_wiki['post_content'] = 'Click the "Edit" tab to add content to this page.';
$new_wiki['guid'] = $url;
$new_wiki['post_status'] = 'publish';
if ($nxt_version >= 3.0) {
$new_wiki['post_type'] = 'wiki';
}
$new_wiki_id = nxt_insert_post($new_wiki);
if ($nxt_version <= 3.0) {
update_post_meta($new_wiki_id, '_wiki_page', 1);
}
nxt_redirect($url);
exit;
}
}
/**
* edit_lecture_screen( $vars )
*
* Hooks into screen_handler
* Edit lecture screen
*
* @param Array $vars a set of variables received for this screen template
* @return Array $vars a set of variable passed to this screen template
*/
function edit_lecture_screen($vars)
{
global $bp;
$nonce_name = 'edit_lecture';
$updated_lecture_id = $this->current_lecture;
$old_lecture = $this->is_lecture($this->current_lecture);
if (!$this->has_lecture_caps($bp->loggedin_user->id) && $bp->loggedin_user->id != $old_lecture->post_author && $bp->groups->current_group->id != $old_lecture->group[0]->name && !is_super_admin()) {
$vars['die'] = __('BuddyPress Courseware Error while forbidden user tried to update the lecture.', 'bpsp');
return $vars;
}
// Update lecture
if (isset($_POST['lecture']) && $_POST['lecture']['object'] == 'group' && isset($_POST['_nxtnonce'])) {
$updated_lecture = $_POST['lecture'];
$is_nonce = nxt_verify_nonce($_POST['_nxtnonce'], $nonce_name);
if (true != $is_nonce) {
$vars['error'] = __('Nonce Error while editing the lecture.', 'bpsp');
} else {
if (isset($updated_lecture['title']) && isset($updated_lecture['content']) && is_numeric($updated_lecture['group_id'])) {
$updated_lecture['title'] = strip_tags($updated_lecture['title']);
$updated_lecture_id = nxt_update_post(array('ID' => $old_lecture->ID, 'post_title' => $updated_lecture['title'], 'post_content' => $updated_lecture['content'], 'post_parent' => intval($updated_lecture['parent']), 'menu_order' => intval($updated_lecture['order'])));
if ($updated_lecture_id) {
$vars['message'] = __('Lecture was updated.', 'bpsp');
do_action('courseware_lecture_activity', $this->is_lecture($updated_lecture_id), 'update');
} else {
$vars['error'] = __('Lecture could not be updated.', 'bpsp');
}
}
}
}
$vars['name'] = 'edit_lecture';
$vars['group_id'] = $bp->groups->current_group->id;
$vars['user_id'] = $bp->loggedin_user->id;
$vars['lecture'] = $this->is_lecture($updated_lecture_id);
$vars['lectures'] = $this->has_lectures($bp->groups->current_group->id);
$vars['lecture_edit_uri'] = $vars['current_uri'] . '/lecture/' . $this->current_lecture->post_name . '/edit/';
$vars['lecture_delete_uri'] = $vars['current_uri'] . '/lecture/' . $this->current_lecture->post_name . '/delete/';
$vars['lecture_permalink'] = $vars['current_uri'] . '/lecture/' . $this->current_lecture->post_name;
$vars['nonce'] = nxt_nonce_field($nonce_name, '_nxtnonce', true, false);
$vars['delete_nonce'] = add_query_arg('_nxtnonce', nxt_create_nonce('delete_lecture'), $vars['lecture_delete_uri']);
$vars['trail'] = array($this->current_lecture->course->post_title => $this->current_lecture->course->permalink, __('Editing Lecture: ', 'bpsp') . $this->current_lecture->post_title => $this->current_lecture->permalink);
return $vars;
}
function _show_post_preview()
{
if (isset($_GET['preview_id']) && isset($_GET['preview_nonce'])) {
$id = (int) $_GET['preview_id'];
if (false == nxt_verify_nonce($_GET['preview_nonce'], 'post_preview_' . $id)) {
nxt_die(__('You do not have permission to preview drafts.'));
}
add_filter('the_preview', '_set_preview');
}
}
/**
* delete_response_screen( $vars )
*
* Hooks into screen_handler
* Delete response screen
*
* @param Array $vars a set of variables received for this screen template
* @return Array $vars a set of variable passed to this screen template
*/
function delete_response_screen($vars)
{
if (is_object($this->current_response)) {
$response = $this->current_response;
} else {
$response = $this->is_response($this->current_response);
}
$nonce_name = 'response_delete';
$is_nonce = false;
if (isset($_GET['_nxtnonce'])) {
$is_nonce = nxt_verify_nonce($_GET['_nxtnonce'], $nonce_name);
}
if (true != $is_nonce) {
$vars['die'] = __('Nonce Error while deleting the response.', 'bpsp');
return $vars;
}
if ($this->has_response_caps() || is_super_admin()) {
nxt_delete_post($response->ID);
delete_post_meta($this->current_assignment->ID, 'responded_author', $response->post_author);
if (isset($vars['assignment'])) {
$vars = $this->populate_responses($vars);
}
} else {
$vars['die'] = __('BuddyPress Courseware Error while forbidden user tried to delete the response.', 'bpsp');
return $vars;
}
$vars['name'] = 'single_assignment';
$vars['message'] = __('Response deleted successfully.', 'bpsp');
return $vars;
}
require_once "__inc_nxt.php";
require_once "__inc_opts.php";
jfb_debug_checkpoint('start');
//If present, include the Premium addon
@(include_once realpath(dirname(__FILE__)) . "/../nxt-FB-AutoConnect-Premium.php");
if (!defined('JFB_PREMIUM')) {
@(include_once "Premium.php");
}
//Start logging
$browser = jfb_get_browser();
$jfb_log = "Starting login process (Client: " . $_SERVER['REMOTE_ADDR'] . ", Version: {$jfb_version}, Browser: " . $browser['shortname'] . " " . $browser['version'] . " for " . $browser['platform'] . ")\n";
//Run one hook before ANYTHING happens.
do_action('nxtfb_prelogin');
//Check the nonce to make sure this was a valid login attempt (unless the user has disabled nonce checking)
if (!get_option($opt_jfb_disablenonce)) {
if (nxt_verify_nonce($_REQUEST[$jfb_nonce_name], $jfb_nonce_name) != 1) {
//If there's already a user logged in, tell the user and give them a link back to where they were.
$currUser = nxt_get_current_user();
if ($currUser->ID) {
$msg = "User \"{$currUser->user_login}\" has already logged in via another browser session.\n";
$jfb_log .= $msg;
j_mail("FB Double-Login: "******" -> " . get_bloginfo('name'));
die($msg . "<br /><br /><a href=\"" . $_POST['redirectTo'] . "\">Continue</a>");
}
//If the nonce failed for some other reason, report the error.
$jfb_log .= "nxt: nonce check failed (expected '" . nxt_create_nonce($jfb_nonce_name) . "', received '" . $_REQUEST['_nxtnonce'] . "')\n" . " Original Components) " . get_option($opt_jfb_generated_nonce) . "\n" . " Current Components) " . jfb_debug_nonce_components() . "\n";
if (function_exists('get_plugins')) {
$plugins = get_plugins();
$jfb_log .= " Active Plugins:\n";
foreach ($plugins as $plugin) {
$jfb_log .= " " . $plugin['Name'] . ' ' . $plugin['Version'] . "\n";
/**
* woothemes_metabox_handle function.
*
* @access public
* @return void
*/
function woothemes_metabox_handle()
{
$pID = '';
global $globals, $post;
$woo_metaboxes = get_option('woo_custom_template', array());
$seo_metaboxes = get_option('woo_custom_seo_template', array());
if (!empty($seo_metaboxes) && get_option('seo_woo_hide_fields') != 'true') {
$woo_metaboxes = array_merge((array) $woo_metaboxes, (array) $seo_metaboxes);
}
// Sanitize post ID.
if (isset($_POST['post_ID'])) {
$pID = intval($_POST['post_ID']);
}
// End IF Statement
// Don't continue if we don't have a valid post ID.
if ($pID == 0) {
return;
}
// End IF Statement
$upload_tracking = array();
if (isset($_POST['action']) && $_POST['action'] == 'editpost') {
if (get_post_type() != '' && get_post_type() != 'nav_menu_item' && nxt_verify_nonce($_POST['wooframework-custom-fields-nonce'], 'wooframework-custom-fields')) {
foreach ($woo_metaboxes as $k => $woo_metabox) {
// On Save.. this gets looped in the header response and saves the values submitted
if (isset($woo_metabox['type']) && in_array($woo_metabox['type'], woothemes_metabox_fieldtypes())) {
$var = $woo_metabox['name'];
// Get the current value for checking in the script.
$current_value = '';
$current_value = get_post_meta($pID, $var, true);
if (isset($_POST[$var])) {
// Sanitize the input.
$posted_value = '';
$posted_value = $_POST[$var];
// If it doesn't exist, add the post meta.
if (get_post_meta($pID, $var) == "") {
add_post_meta($pID, $var, $posted_value, true);
} elseif ($posted_value != get_post_meta($pID, $var, true)) {
update_post_meta($pID, $var, $posted_value);
} elseif ($posted_value == "") {
delete_post_meta($pID, $var, get_post_meta($pID, $var, true));
}
// End IF Statement
} elseif (!isset($_POST[$var]) && $woo_metabox['type'] == 'checkbox') {
update_post_meta($pID, $var, 'false');
} else {
delete_post_meta($pID, $var, $current_value);
// Deletes check boxes OR no $_POST
}
// End IF Statement
} else {
if ($woo_metabox['type'] == 'timestamp') {
// Timestamp save logic.
// It is assumed that the data comes back in the following format:
// date: month/day/year
// hour: int(2)
// minute: int(2)
// second: int(2)
$var = $woo_metabox['name'];
// Format the data into a timestamp.
$date = $_POST[$var]['date'];
$hour = $_POST[$var]['hour'];
$minute = $_POST[$var]['minute'];
// $second = $_POST[$var]['second'];
$second = '00';
$day = substr($date, 3, 2);
$month = substr($date, 0, 2);
$year = substr($date, 6, 4);
$timestamp = mktime($hour, $minute, $second, $month, $day, $year);
update_post_meta($pID, $var, $timestamp);
} elseif (isset($woo_metabox['type']) && $woo_metabox['type'] == 'upload') {
// So, the upload inputs will do this rather
$id = $woo_metabox['name'];
$override['action'] = 'editpost';
if (!empty($_FILES['attachement_' . $id]['name'])) {
//New upload
$_FILES['attachement_' . $id]['name'] = preg_replace('/[^a-zA-Z0-9._\\-]/', '', $_FILES['attachement_' . $id]['name']);
$uploaded_file = nxt_handle_upload($_FILES['attachement_' . $id], $override);
$uploaded_file['option_name'] = $woo_metabox['label'];
$upload_tracking[] = $uploaded_file;
update_post_meta($pID, $id, $uploaded_file['url']);
} elseif (empty($_FILES['attachement_' . $id]['name']) && isset($_POST[$id])) {
// Sanitize the input.
$posted_value = '';
$posted_value = $_POST[$id];
update_post_meta($pID, $id, $posted_value);
} elseif ($_POST[$id] == '') {
delete_post_meta($pID, $id, get_post_meta($pID, $id, true));
}
// End IF Statement
}
}
// End IF Statement
// Error Tracking - File upload was not an Image
update_option('woo_custom_upload_tracking', $upload_tracking);
}
// End FOREACH Loop
}
// End IF Statement
}
// End IF Statement
}
