function ct_ajax_submit_review() { global $wpdb; $result_json = array('success' => 0, 'result' => '', 'title' => ''); if (!isset($_POST['_wpnonce']) || !wp_verify_nonce($_POST['_wpnonce'], 'post-' . $_POST['post_id'])) { $result_json['success'] = 0; $result_json['result'] = esc_html__('Sorry, your nonce did not verify.', 'citytours'); wp_send_json($result_json); } $fields = array('post_id', 'booking_no', 'pin_code', 'review_text', 'review_rating'); //validation $data = array(); foreach ($fields as $field) { $data[$field] = isset($_POST[$field]) ? sanitize_text_field($_POST[$field]) : ''; } $order = new CT_Hotel_Order($data['booking_no'], $data['pin_code']); if (!($order_data = $order->get_order_info())) { $result_json['success'] = 0; $result_json['result'] = esc_html__('Wrong Booking Number and Pin Code.', 'citytours'); wp_send_json($result_json); } if (!is_array($order_data) || $order_data['status'] == 'cancelled') { $result_json['success'] = 0; $result_json['title'] = esc_html__('Sorry, You cannot leave a rating.', 'citytours'); $result_json['result'] = esc_html__('You cancelled your booking, so cannot leave a rating.', 'citytours'); wp_send_json($result_json); } if (empty($order_data['date_to']) && ct_strtotime($order_data['date_from']) > ct_strtotime(date("Y-m-d")) || ct_strtotime($order_data['date_to']) > ct_strtotime(date("Y-m-d"))) { $result_json['success'] = 0; $result_json['title'] = esc_html__('Sorry, You cannot leave a rating before travel.', 'citytours'); $result_json['result'] = esc_html__('You can leave a review after travel.', 'citytours'); wp_send_json($result_json); } $data['post_id'] = $order_data['post_id']; $data['reviewer_name'] = $order_data['first_name'] . ' ' . $order_data['last_name']; $data['reviewer_email'] = $order_data['email']; $data['reviewer_ip'] = $_SERVER['REMOTE_ADDR']; $data['review_rating_detail'] = serialize($_POST['review_rating_detail']); $data['review_rating'] = array_sum($_POST['review_rating_detail']) / count($_POST['review_rating_detail']); $data['date'] = date('Y-m-d H:i:s'); $data['status'] = 'pending'; if (is_user_logged_in()) { $data['user_id'] = get_current_user_id(); } if (!($review_data = $wpdb->get_row($wpdb->prepare('SELECT * FROM ' . CT_REVIEWS_TABLE . ' WHERE booking_no=%d AND pin_code=%d', $data['booking_no'], $data['pin_code']), ARRAY_A))) { if ($wpdb->insert(CT_REVIEWS_TABLE, $data)) { $result_json['success'] = 1; $result_json['title'] = esc_html__('Thank you! Your review has been submitted successfully.', 'citytours'); $result_json['result'] = esc_html__('Your review has been submitted.', 'citytours'); } else { $result_json['success'] = 0; $result_json['title'] = esc_html__('Sorry, An error occurred while add review.', 'citytours'); $result_json['result'] = esc_html__('Please try again after a while.', 'citytours'); } } else { if ($wpdb->update(CT_REVIEWS_TABLE, $data, array('booking_no' => $data['booking_no'], 'pin_code' => $data['pin_code']))) { $result_json['success'] = 1; $result_json['title'] = esc_html__('Thank you! Your review has been submitted successfully.', 'citytours'); $result_json['result'] = esc_html__('You can change your review anytime.', 'citytours'); ct_review_calculate_rating($data['post_id']); } else { $result_json['success'] = 0; $result_json['title'] = esc_html__('Sorry, An error occurred while add review.', 'citytours'); $result_json['result'] = esc_html__('Please try again after a while.', 'citytours'); } } wp_send_json($result_json); }
function process_bulk_action() { global $wpdb; //Detect when a bulk action is being triggered... if (isset($_POST['_wpnonce']) && !empty($_POST['_wpnonce'])) { $nonce = filter_input(INPUT_POST, '_wpnonce', FILTER_SANITIZE_STRING); $action = 'bulk-' . $this->_args['plural']; if (!wp_verify_nonce($nonce, $action)) { wp_die('Sorry, your nonce did not verify'); } } $sql = ''; $status = 'pending'; switch ($this->current_action()) { //wp_redirect( admin_url( 'admin.php?page=reviews&bulk_delete=true') ); case 'bulk_movetrash': //status will be 2 $status = 'trashed'; case 'bulk_approve': //status will be 1 $status = 'approved'; case 'bulk_unapprove': case 'bulk_untrash': //status will be 0 $status = 'pending'; case 'bulk_delete': $selected_ids = $_GET[$this->_args['singular']]; $how_many = count($selected_ids); $placeholders = array_fill(0, $how_many, '%d'); $format = implode(', ', $placeholders); if ($this->current_action() == "bulk_delete") { $sql = sprintf('DELETE FROM %1$s WHERE id IN (%2$s)', CT_REVIEWS_TABLE, "{$format}"); } else { $sql = sprintf('UPDATE %1$s SET status="%2$s" WHERE id IN (%3$s)', CT_REVIEWS_TABLE, esc_sql($status), "{$format}"); } $wpdb->query($wpdb->prepare($sql, $selected_ids)); /* calculate post rating */ $sql = sprintf('SELECT post_id FROM %1$s WHERE id IN (%2$s)', CT_REVIEWS_TABLE, "{$format}"); $post_ids = $wpdb->get_col($wpdb->prepare($sql, $selected_ids)); foreach ($post_ids as $post_id) { ct_review_calculate_rating($post_id); } wp_redirect($_SERVER[HTTP_REFERER]); } }