/** * Determines the receipt visibility status * * @since 1.3.2 * * @param string $payment_key * * @return bool Whether the receipt is visible or not. */ function give_can_view_receipt($payment_key = '') { $return = false; if (empty($payment_key)) { return $return; } global $give_receipt_args; $give_receipt_args['id'] = give_get_purchase_id_by_key($payment_key); $user_id = (int) give_get_payment_user_id($give_receipt_args['id']); $payment_meta = give_get_payment_meta($give_receipt_args['id']); if (is_user_logged_in()) { if ($user_id === (int) get_current_user_id()) { $return = true; } elseif (wp_get_current_user()->user_email === give_get_payment_user_email($give_receipt_args['id'])) { $return = true; } elseif (current_user_can('view_give_sensitive_data')) { $return = true; } } $session = give_get_purchase_session(); if (!empty($session) && !is_user_logged_in()) { if ($session['purchase_key'] === $payment_meta['key']) { $return = true; } } return (bool) apply_filters('give_can_view_receipt', $return, $payment_key); }
/** * Receipt Shortcode. * * Shows a donation receipt. * * @since 1.0 * * @param array $atts Shortcode attributes. * @param string $content * * @return string */ function give_receipt_shortcode($atts, $content = null) { global $give_receipt_args, $payment; $give_receipt_args = shortcode_atts(array('error' => esc_html__('Sorry, you are missing the payment key to view this donation receipt.', 'give'), 'price' => true, 'donor' => true, 'date' => true, 'payment_key' => false, 'payment_method' => true, 'payment_id' => true), $atts, 'give_receipt'); //set $session var $session = give_get_purchase_session(); //set payment key var if (isset($_GET['payment_key'])) { $payment_key = urldecode($_GET['payment_key']); } elseif ($session) { $payment_key = $session['purchase_key']; } elseif ($give_receipt_args['payment_key']) { $payment_key = $give_receipt_args['payment_key']; } $email_access = give_get_option('email_access'); // No payment_key found & Email Access is Turned on: if (!isset($payment_key) && $email_access == 'on' && !Give()->email_access->token_exists) { ob_start(); give_get_template_part('email-login-form'); return ob_get_clean(); } elseif (!isset($payment_key)) { return give_output_error($give_receipt_args['error'], false, 'error'); } $payment_id = give_get_purchase_id_by_key($payment_key); $user_can_view = give_can_view_receipt($payment_key); // Key was provided, but user is logged out. Offer them the ability to login and view the receipt. if (!$user_can_view && $email_access == 'on' && !Give()->email_access->token_exists) { ob_start(); give_get_template_part('email-login-form'); return ob_get_clean(); } elseif (!$user_can_view) { global $give_login_redirect; $give_login_redirect = give_get_current_page_url(); ob_start(); give_output_error(apply_filters('give_must_be_logged_in_error_message', esc_html__('You must be logged in to view this donation payment receipt.', 'give'))); give_get_template_part('shortcode', 'login'); $login_form = ob_get_clean(); return $login_form; } /* * Check if the user has permission to view the receipt. * * If user is logged in, user ID is compared to user ID of ID stored in payment meta * or if user is logged out and purchase was made as a guest, the purchase session is checked for * or if user is logged in and the user can view sensitive shop data. * */ if (!apply_filters('give_user_can_view_receipt', $user_can_view, $give_receipt_args)) { return give_output_error($give_receipt_args['error'], false, 'error'); } ob_start(); give_get_template_part('shortcode', 'receipt'); $display = ob_get_clean(); return $display; }
/** * Receipt Shortcode * * Shows an order receipt. * * @since 1.0 * * @param array $atts Shortcode attributes * @param string $content * * @return string */ function give_receipt_shortcode($atts, $content = null) { global $give_receipt_args, $payment; //set $session var $session = give_get_purchase_session(); //set payment key var if (isset($_GET['payment_key'])) { $payment_key = urldecode($_GET['payment_key']); } elseif ($give_receipt_args['payment_key']) { $payment_key = $give_receipt_args['payment_key']; } else { if ($session) { $payment_key = $session['purchase_key']; } } ob_start(); //Check for payment key if (empty($payment_key)) { ?> <div class="give_errors"> <p class="give_error"><?php echo apply_filters('give_receipt_no_payment_key', __('Sorry, there was a problem identifying this donation. Please contact the site owner for more information.', 'give')); ?> </p> </div> <?php return ob_get_clean(); //return error } //Set our important payment information variables $give_receipt_args['id'] = give_get_purchase_id_by_key($payment_key); $donor_id = give_get_payment_user_id($give_receipt_args['id']); $payment = get_post($give_receipt_args['id']); $give_receipt_args = shortcode_atts(array('error' => __('Sorry, it appears the viewing window for this donation receipt has expired or you do not have the permission to view this donation receipt.', 'give'), 'price' => true, 'date' => true, 'notes' => true, 'payment_key' => false, 'payment_method' => true, 'payment_id' => true), $atts, 'give_receipt'); //Is registration open? If so, add better error messaging to tell user their session expired if (get_option('users_can_register')) { $email = get_post_meta($payment->ID, '_give_payment_user_email', true); $donation_history = get_permalink(give_get_option('history_page')); $give_receipt_args['error'] .= sprintf(__(' To view your receipt, please <a href="%s">create an account</a> using the following email %s (the email attached to this donation) and visit the <a href="%s">donation history page</a>'), wp_registration_url(), '<strong>' . $email . '</strong>', $donation_history); } /* * Check if the user has permission to view the receipt * * If user is logged in, user ID is compared to user ID of ID stored in payment meta * * Or if user is logged out and donation was made as a guest, the donation session is checked for * * Or if user is logged in and the user can view sensitive donor data */ $user_can_view = is_user_logged_in() && $donor_id == get_current_user_id() || ($donor_id == 0 || $donor_id == '-1') && !is_user_logged_in() && give_get_purchase_session() || current_user_can('view_give_sensitive_data'); if (!apply_filters('give_user_can_view_receipt', $user_can_view, $give_receipt_args)) { ?> <div class="give_errors"> <p class="give_error"><?php echo $give_receipt_args['error']; ?> </p> </div> <?php return ob_get_clean(); // ?> <?php } give_get_template_part('shortcode', 'receipt'); $display = ob_get_clean(); return $display; }
/** * PayPal Success Page * * Shows "Donation Processing" message for PayPal payments that are still pending on site return * * @since 1.0 * * @param $content * * @return string * */ function give_paypal_success_page_content($content) { if (!isset($_GET['payment-id']) && !give_get_purchase_session()) { return $content; } $payment_id = isset($_GET['payment-id']) ? absint($_GET['payment-id']) : false; if (!$payment_id) { $session = give_get_purchase_session(); $payment_id = give_get_purchase_id_by_key($session['purchase_key']); } $payment = get_post($payment_id); if ($payment && 'pending' == $payment->post_status) { // Payment is still pending so show processing indicator to fix the race condition. ob_start(); give_get_template_part('payment', 'processing'); $content = ob_get_clean(); } return $content; }
/** * Receipt Shortcode * * Shows an order receipt. * * @since 1.0 * * @param array $atts Shortcode attributes * @param string $content * * @return string */ function give_receipt_shortcode($atts, $content = null) { global $give_receipt_args, $payment; $give_receipt_args = shortcode_atts(array('error' => __('Sorry, it appears the viewing window for this donation receipt has expired or you do not have the permission to view this donation receipt.', 'give'), 'price' => true, 'date' => true, 'payment_key' => false, 'payment_method' => true, 'payment_id' => true), $atts, 'give_receipt'); //set $session var $session = give_get_purchase_session(); //set payment key var if (isset($_GET['payment_key'])) { $payment_key = urldecode($_GET['payment_key']); } elseif ($session) { $payment_key = $session['purchase_key']; } elseif ($give_receipt_args['payment_key']) { $payment_key = $give_receipt_args['payment_key']; } // No key found if (!isset($payment_key)) { return '<div class="give_errors"><p class="give_error">' . $give_receipt_args['error'] . '</p></div>'; } $payment_id = give_get_purchase_id_by_key($payment_key); $user_can_view = give_can_view_receipt($payment_key); // Key was provided, but user is logged out. Offer them the ability to login and view the receipt if (!$user_can_view && !empty($payment_key) && !is_user_logged_in() && !give_is_guest_payment($payment_id)) { global $give_login_redirect; $give_login_redirect = give_get_current_page_url(); ob_start(); echo '<div class="give_errors"><p class="give_error">' . __('You must be logged in to view this payment receipt.', 'give') . '</p></div>'; give_get_template_part('shortcode', 'login'); $login_form = ob_get_clean(); return $login_form; } /* * Check if the user has permission to view the receipt * * If user is logged in, user ID is compared to user ID of ID stored in payment meta * * Or if user is logged out and purchase was made as a guest, the purchase session is checked for * * Or if user is logged in and the user can view sensitive shop data * */ if (!apply_filters('give_user_can_view_receipt', $user_can_view, $give_receipt_args)) { return '<p class="edd-alert edd-alert-error">' . $give_receipt_args['error'] . '</p>'; } ob_start(); give_get_template_part('shortcode', 'receipt'); $display = ob_get_clean(); return $display; }