// keep only numeric, commas or decimal values
$postvals['cp_price'] = empty($_POST['cp_price']) ? '' : appthemes_clean_price($_POST['cp_price']);
if (isset($postvals['cp_currency']) && !empty($postvals['cp_currency'])) {
$price_curr = $postvals['cp_currency'];
} else {
$price_curr = $cp_options->curr_symbol;
}
// keep only values and insert/strip commas if needed
if (!empty($_POST['tags_input'])) {
$postvals['tags_input'] = appthemes_clean_tags($_POST['tags_input']);
$_POST['tags_input'] = $postvals['tags_input'];
}
// store the user IP address, ID for later
$postvals['cp_sys_userIP'] = appthemes_get_ip();
$postvals['user_id'] = $current_user->ID;
$ad_pack_id = isset($_POST['ad_pack_id']) ? appthemes_numbers_only($_POST['ad_pack_id']) : false;
if ($ad_pack_id) {
$postvals['pack_duration'] = cp_get_ad_pack_length($ad_pack_id);
}
$coupon = false;
if (cp_payments_is_enabled()) {
// see if the featured ad checkbox has been checked
if (isset($_POST['featured_ad'])) {
$postvals['featured_ad'] = $_POST['featured_ad'];
// get the featured ad price into the array
$postvals['cp_sys_feat_price'] = $cp_options->sys_feat_price;
}
// calculate the ad listing fee and put into a variable
$postvals['cp_sys_ad_listing_fee'] = cp_ad_listing_fee($_POST['cat'], $ad_pack_id, $postvals['cp_price'], $price_curr);
// calculate the total cost of the ad
if (isset($postvals['cp_sys_feat_price'])) {
<?php
/*
* Template Name: User Edit Item
*
* This template must be assigned to the edit-item page
* in order for it to work correctly
*
*/
global $wpdb;
$debugOn = array();
$current_user = wp_get_current_user();
// grabs the user info and puts into vars
// get the ad id from the querystring.
$aid = appthemes_numbers_only($_GET['aid']);
// make sure the ad id is legit otherwise set it to zero which will return no results
if (!empty($aid)) {
$aid = $aid;
} else {
$aid = '0';
}
// select post information and also category with joins.
// filtering based off current user id which prevents people from trying to hack other peoples ads
$sql = $wpdb->prepare("SELECT wposts.*, {$wpdb->term_taxonomy}.term_id " . "FROM {$wpdb->posts} wposts " . "LEFT JOIN {$wpdb->term_relationships} ON({$aid} = {$wpdb->term_relationships}.object_id) " . "LEFT JOIN {$wpdb->term_taxonomy} ON({$wpdb->term_relationships}.term_taxonomy_id = {$wpdb->term_taxonomy}.term_taxonomy_id) " . "LEFT JOIN {$wpdb->terms} ON({$wpdb->term_taxonomy}.term_id = {$wpdb->terms}.term_id) " . "WHERE ID = %s AND {$wpdb->term_taxonomy}.taxonomy = '" . APP_TAX_CAT . "' " . "AND post_author = %s", $aid, $current_user->ID);
// pull ad fields from db
$getad = $wpdb->get_row($sql);
?>
<script type='text/javascript'>
// <![CDATA[
<img src="<?php
echo appthemes_locate_template_uri('images/step1.gif');
?>
" alt="" class="stepimg" />
<?php
// display the custom message
cp_display_message('membership_form_help');
if (isset($_GET['membership']) && $_GET['membership'] == 'required') {
?>
<p class="info">
<?php
if (!empty($_GET['cat']) && $_GET['cat'] != 'all') {
$category_id = appthemes_numbers_only($_GET['cat']);
$category = get_term_by('term_id ', $category_id, APP_TAX_CAT);
if ($category) {
$term_link = html('a', array('href' => get_term_link($category, APP_TAX_CAT), 'title' => $category->name), $category->name);
printf(__('Membership is currently required in order to post to category %s.', APP_TD), $term_link);
}
} else {
_e('Membership is currently required.', APP_TD);
}
?>
</p>
<?php
}
?>
static function process_actions()
{
global $current_user;
$allowed_actions = array('pause', 'restart', 'delete', 'setSold', 'unsetSold');
if (!isset($_GET['action']) || !in_array($_GET['action'], $allowed_actions)) {
return;
}
if (!isset($_GET['aid']) || !is_numeric($_GET['aid'])) {
return;
}
$d = trim($_GET['action']);
$post_id = appthemes_numbers_only($_GET['aid']);
// make sure ad exist
$post = get_post($post_id);
if (!$post || $post->post_type != APP_POST_TYPE) {
return;
}
// make sure author matches
if ($post->post_author != $current_user->ID) {
return;
}
$expire_time = strtotime(get_post_meta($post->ID, 'cp_sys_expire_date', true));
$is_expired = current_time('timestamp') > $expire_time && $post->post_status == 'draft';
$is_pending = $post->post_status == 'pending';
if ($d == 'pause' && !$is_expired && !$is_pending) {
wp_update_post(array('ID' => $post->ID, 'post_status' => 'draft'));
appthemes_add_notice('paused', __('Ad has been paused.', APP_TD), 'success');
wp_redirect(CP_DASHBOARD_URL);
exit;
} elseif ($d == 'restart' && !$is_expired && !$is_pending) {
wp_update_post(array('ID' => $post->ID, 'post_status' => 'publish'));
appthemes_add_notice('restarted', __('Ad has been published.', APP_TD), 'success');
wp_redirect(CP_DASHBOARD_URL);
exit;
} elseif ($d == 'delete') {
cp_delete_ad_listing($post->ID);
appthemes_add_notice('deleted', __('Ad has been deleted.', APP_TD), 'success');
wp_redirect(CP_DASHBOARD_URL);
exit;
} elseif ($d == 'setSold') {
update_post_meta($post->ID, 'cp_ad_sold', 'yes');
appthemes_add_notice('marked-sold', __('Ad has been marked as sold.', APP_TD), 'success');
wp_redirect(CP_DASHBOARD_URL);
exit;
} elseif ($d == 'unsetSold') {
update_post_meta($post->ID, 'cp_ad_sold', 'no');
appthemes_add_notice('unmarked-sold', __('Ad has been unmarked as sold.', APP_TD), 'success');
wp_redirect(CP_DASHBOARD_URL);
exit;
}
}
/*
Template Name: Membership Pack Purchases
*/
global $current_user;
$current_user = wp_get_current_user();
if (!isset($errors)) {
$errors = new WP_Error();
}
// get information about current membership
$active_membership = isset($current_user->active_membership_pack) ? get_pack($current_user->active_membership_pack) : false;
//get any existing orders
$cp_user_orders = get_user_orders($current_user->ID);
$cp_user_recent_order = $cp_user_orders ? $cp_user_orders[0] : false;
if (isset($_POST['step1']) || isset($_POST['step2'])) {
if (isset($_POST['pack'])) {
$pack_id = appthemes_numbers_only($_POST['pack']);
$membership = get_pack($pack_id);
if (!$membership) {
$errors->add('invalid-pack-id', __('Choosen membership package does not exist.', APP_TD));
}
} else {
$errors->add('missed-pack', __('You need to choose membership package.', APP_TD));
}
if (!isset($_POST['oid']) || $_POST['oid'] != appthemes_numbers_letters_only($_POST['oid'])) {
$errors->add('invalid-order-id', __('Membership order ID is invalid.', APP_TD));
}
}
?>
<div class="content">
/**
* Deletes all stats for individual listing,
* called via ajax reset-stats action
*
* @return void
*/
public static function ajax_reset_post_stats()
{
if (empty(self::$args) || !current_user_can('manage_options') || !isset($_GET['post_id'])) {
$response = array('success' => false);
die(json_encode($response));
}
$post_id = appthemes_numbers_only($_GET['post_id']);
// delete post stats
self::delete_post_stats($post_id);
// update post meta mirrors to 0 views
update_post_meta($post_id, self::$args['meta_daily'], '0');
update_post_meta($post_id, self::$args['meta_total'], '0');
$response = array('success' => true, 'html' => html('span', array('class' => 'text'), __('Stats have been reset!', APP_TD)));
die(json_encode($response));
}
/**
* Deletes all stats for individual listing,
* called via ajax reset-stats action
*/
function appthemes_reset_stats_ajax()
{
global $wpdb;
if (!current_theme_supports('app-stats') || !current_user_can('manage_options') || !isset($_GET['post_id'])) {
$response = array('success' => false);
die(json_encode($response));
}
$post_id = appthemes_numbers_only($_GET['post_id']);
list($options) = get_theme_support('app-stats');
// empty stats from both tables
$wpdb->query($wpdb->prepare("DELETE FROM {$wpdb->app_stats_daily} WHERE postnum = '%d'", $post_id));
$wpdb->query($wpdb->prepare("DELETE FROM {$wpdb->app_stats_total} WHERE postnum = '%d'", $post_id));
// update post meta mirrors to 0 views
update_post_meta($post_id, $options['meta_daily'], '0');
update_post_meta($post_id, $options['meta_total'], '0');
$response = array('success' => true, 'html' => html('span', array('class' => 'text'), __('Stats has been reseted!', APP_TD)));
die(json_encode($response));
}
/**
* Returns cleaned fields that we expect.
*
* return array
*/
protected function clean_expected_fields()
{
$posted = parent::clean_expected_fields();
foreach ($this->expected_fields() as $field) {
if ($field == 'ad_pack_id') {
$posted[$field] = isset($_POST[$field]) ? $_POST[$field] : '';
$posted[$field] = appthemes_numbers_only($posted[$field]);
}
}
return $posted;
}
