public static function process()
{
$output = [];
theme_features::check_referer();
theme_features::check_nonce();
$type = isset($_REQUEST['type']) ? $_REQUEST['type'] : null;
$user_id = isset($_REQUEST['user-id']) ? (int) $_REQUEST['user-id'] : null;
switch ($type) {
case 'follow':
$output['count'] = self::set_follow($user_id);
$output['code'] = 'followed';
$output['msg'] = ___('Follow success.');
$output['status'] = 'success';
break;
case 'unfollow':
$output['count'] = self::set_follow($user_id);
$output['code'] = 'followed';
$output['msg'] = ___('Unfollow success.');
$output['status'] = 'success';
break;
default:
$output['status'] = 'error';
$output['code'] = 'unkown_param';
$output['msg'] = ___('Unkown param.');
}
die(theme_features::json_format($output));
}
public static function process()
{
$output = [];
theme_features::check_referer();
theme_features::check_nonce();
$type = isset($_GET['type']) && is_string($_GET['type']) ? $_GET['type'] : null;
$post_id = isset($_POST['post-id']) && is_numeric($_POST['post-id']) ? (int) $_POST['post-id'] : null;
if (!$post_id) {
$output['status'] = 'error';
$output['code'] = 'invaild_post_id';
$output['msg'] = ___('Invaild post id param.');
die(theme_features::json_format($output));
}
$post = theme_cache::get_post($post_id);
if (!$post || $post->post_type !== 'post') {
die(theme_features::json_format(['status' => 'error', 'code' => 'post_not_exist', 'msg' => ___('Post does not exist.')]));
}
/**
* check user logged
*/
if (!theme_cache::is_user_logged_in()) {
$output['status'] = 'error';
$output['code'] = 'need_login';
$output['msg'] = '<a href="' . wp_login_url(theme_cache::get_permalink($post->ID)) . '" title="' . ___('Go to log-in') . '">' . ___('Sorry, please log-in.') . '</a>';
die(theme_features::json_format($output));
}
$rater_id = theme_cache::get_current_user_id();
switch ($type) {
/**
* incr point
*/
case 'incr':
/**
* points
*/
$points = isset($_POST['points']) && is_numeric($_POST['points']) ? (int) $_POST['points'] : null;
if (!in_array($points, self::get_point_values())) {
$output['status'] = 'error';
$output['code'] = 'invaild_point_value';
$output['msg'] = ___('Invaild point value.');
die(theme_features::json_format($output));
}
/**
* incr post raters
*/
$post_raters = self::incr_post_raters($post_id, $rater_id, $points);
if ($post_raters !== true) {
die(theme_features::json_format($post_raters));
} else {
/**
* incr post points
*/
$points_count = self::incr_post_points_count($post_id, $points);
if (!$points_count) {
$output['status'] = 'error';
$output['code'] = 'error_incr_points_count';
$output['msg'] = ___('Sorry, system can not increase post points count.');
die(theme_features::json_format($output));
}
/**
* incr rater posts
*/
$rater_posts = self::incr_rater_posts($post_id, $rater_id, $points);
if ($rater_posts !== true) {
$output['status'] = 'error';
$output['code'] = 'error_incr_rater_posts';
$output['msg'] = ___('System can not increase rater posts.');
die(theme_features::json_format($output));
}
/**
* increase post author points
*/
theme_custom_point::incr_user_points($post->post_author, $points);
/**
* add point history for rater
*/
self::add_history_for_rater($post_id, $rater_id, $points);
/**
* add point history for post author
*/
self::add_history_for_post_author($post_id, $rater_id, $points);
/**
* decrease rater points
*/
theme_custom_point::decr_user_points($rater_id, $points);
/**
* success
*/
$output['status'] = 'success';
$output['points'] = (int) self::get_post_points_count($post_id);
$output['msg'] = ___('Operation successful, thank you for your participation.');
die(theme_features::json_format($output));
}
break;
default:
$output['status'] = 'error';
$output['code'] = 'invaild_type';
$output['msg'] = ___('Invaild type param.');
die(theme_features::json_format($output));
}
die(theme_features::json_format($output));
}
public static function process()
{
theme_features::check_referer();
theme_features::check_nonce();
$output = [];
$type = isset($_REQUEST['type']) && is_string($_REQUEST['type']) ? $_REQUEST['type'] : null;
$target_id = isset($_REQUEST['target']) && is_numeric($_REQUEST['target']) ? $_REQUEST['target'] : null;
switch ($type) {
case 'get-target':
/**
* check login
*/
$current_user_id = self::check_login();
/**
* check times
*/
self::check_max_times();
/**
* get target
*/
$target = self::check_target($target_id);
$output = ['status' => 'success', 'points' => theme_custom_point::get_point($target_id), 'avatar' => theme_cache::get_avatar_url($target_id), 'name' => esc_html($target->display_name), 'msg' => ___('Target locked, bomb is ready.')];
die(theme_features::json_format($output));
/**
* bomb
*/
/**
* bomb
*/
case 'bomb':
/**
* check login
*/
$current_user_id = self::check_login();
/**
* check times
*/
self::check_max_times();
/**
* get target
*/
$target = self::check_target($target_id);
/**
* check points
*/
$points = isset($_REQUEST['points']) && is_numeric($_REQUEST['points']) ? $_REQUEST['points'] : null;
if (!$points || !in_array($points, self::get_point_values())) {
die(theme_features::json_format(['status' => 'error', 'code' => 'invaild_point_value', 'msg' => ___('Sorry, the point value is invaild.'), 'points' => self::get_point_values()]));
}
/**
* check target points
*/
$target_points = theme_custom_point::get_point($target_id);
if ($points > $target_points) {
die(theme_features::json_format(['status' => 'error', 'code' => 'target_points_not_enough', 'msg' => sprintf(___('Sorry, the target %s is not enough to bear your bomb.'), theme_custom_point::get_point_name())]));
}
/**
* check attacker points
*/
$attacker_id = theme_cache::get_current_user_id();
$attacker_points = theme_custom_point::get_point($attacker_id);
if ($points > $attacker_points) {
die(theme_features::json_format(['status' => 'error', 'code' => 'attacker_points_not_enough', 'msg' => sprintf(___('Sorry, your %s is not enough to bomb target.'), theme_custom_point::get_point_name())]));
}
/**
* pass
*/
$says = isset($_REQUEST['says']) && is_string($_REQUEST['says']) ? mb_substr($_REQUEST['says'], 0, 30) : false;
/**
* define $hit
*/
$hit = false;
if (mt_rand(0, 100) <= self::get_victory_percent()) {
$hit = true;
}
/**
* define data
*/
$data = ['attacker-id' => $current_user_id, 'target-id' => $target_id, 'says' => $says, 'points' => $points, 'hit' => $hit];
/** add history for target */
self::add_history_for_target($data);
/** add history for attacker */
self::add_history_for_attacker($data);
//self::add_noti_for_target($current_user_id,$target_id,$points,$hit);
/**
* new target points
*/
$target_extra_points = self::get_extra_points_for_target($hit, $points);
$new_target_points = $target_points + $target_extra_points;
/**
* new attacker points
*/
$attacker_extra_points = self::get_extra_points_for_attacker($hit, $points);
$new_attacker_points = $attacker_points + $attacker_extra_points;
/** update attacker points */
theme_custom_point::update_user_points($attacker_id, $new_attacker_points);
/** update target points */
theme_custom_point::update_user_points($target_id, $new_target_points);
$target_name = '<a href="' . theme_cache::get_author_posts_url($target_id) . '" target="_blank" class="author">' . esc_html($target->display_name) . '</a>';
/**
* hit target
*/
if ($hit) {
$output['msg'] = sprintf(___('Bombing successfully! Your bomb hit %1$s, you got %2$s %3$s. Target remaining %4$s %3$s.'), $target_name, '<strong class="plus">+' . $attacker_extra_points . '</strong>', theme_custom_point::get_point_name(), $new_target_points);
/**
* miss target
*/
} else {
$output['msg'] = sprintf(___('Unlucky! %1$s miss your attack, you lost %2$s %3$s and remaining %4$s %3$s.'), $target_name, '<strong class="mins">' . $attacker_extra_points . '</strong>', theme_custom_point::get_point_name(), $new_attacker_points);
}
$output['hit'] = $hit;
$output['status'] = 'success';
/**
* set times
*/
self::set_times(self::get_times() + 1);
die(theme_features::json_format($output));
default:
die(theme_features::json_format(['status' => 'error', 'code' => 'invaild_type_param', 'msg' => ___('Sorry, type param is invaild.')]));
}
}
public static function process()
{
$output = [];
theme_features::check_referer();
theme_features::check_nonce();
$type = isset($_REQUEST['type']) && is_string($_REQUEST['type']) ? $_REQUEST['type'] : null;
$user = isset($_POST['user']) && is_array($_POST['user']) ? $_POST['user'] : null;
/**
* get current
*/
global $current_user;
get_currentuserinfo();
switch ($type) {
/**
* settings
*/
case 'settings':
/**
* check point is enough
*/
if (class_exists('theme_custom_point')) {
/** get current user points */
$user_points = theme_custom_point::get_point($current_user->ID);
if ($user_points - abs(theme_custom_point::get_point_value('save-' . $type)) < 0) {
die(theme_features::json_format(['status' => 'error', 'code' => 'not_enough_point', 'msg' => ___('Sorry, your points are not enough to modify settings.')]));
}
}
if (empty($_POST['user']) || !is_array($_POST['user'])) {
$output['status'] = 'error';
$output['code'] = 'invaild_param';
$output['msg'] = ___('Invaild param.');
die(theme_features::json_format($output));
}
$nickname = isset($user['nickname']) && is_string($user['nickname']) ? trim($user['nickname']) : null;
if (empty($nickname)) {
$output['status'] = 'error';
$output['code'] = 'invaild_nickname';
$output['msg'] = ___('Invaild nickname.');
die(theme_features::json_format($output));
}
$url = isset($user['url']) && is_string($user['url']) ? esc_url($user['url']) : null;
$des = isset($user['description']) && is_string($user['description']) ? $user['description'] : null;
$user_id = wp_update_user(array('ID' => $current_user->ID, 'user_url' => $url, 'nickname' => $nickname, 'description' => $des, 'display_name' => $nickname));
if (is_wp_error($user_id)) {
$output['status'] = 'error';
$output['code'] = $user_id->get_error_code();
$output['msg'] = $user_id->get_error_message();
die(theme_features::json_format($output));
} else {
/**
* add point history
*/
if (class_exists('theme_custom_point')) {
$meta = ['type' => 'save-' . $type, 'points' => 0 - abs(theme_custom_point::get_point_value('save-' . $type)), 'timestamp' => current_time('timestamp')];
add_user_meta($current_user->ID, theme_custom_point::$user_meta_key['history'], $meta);
/**
* update points
*/
update_user_meta($current_user->ID, theme_custom_point::$user_meta_key['point'], $user_points - abs(theme_custom_point::get_point_value('save-' . $type)));
/**
* feelback
*/
$output['points'] = 0 - abs(theme_custom_point::get_point_value('save-' . $type));
}
$output['status'] = 'success';
$output['msg'] = ___('Your settings have been saved.');
die(theme_features::json_format($output));
}
break;
/**
* pwd
*/
/**
* pwd
*/
case 'pwd':
/**
* twice pwd
*/
$new_pwd_1 = isset($user['new-pwd-1']) && is_string($user['new-pwd-1']) ? trim($user['new-pwd-1']) : null;
$new_pwd_2 = isset($user['new-pwd-2']) && is_string($user['new-pwd-2']) ? trim($user['new-pwd-2']) : null;
if (empty($new_pwd_1) || $new_pwd_1 !== $new_pwd_2) {
$output['status'] = 'error';
$output['code'] = 'invaild_pwd_twice';
$output['msg'] = ___('Password invaild twice.');
die(theme_features::json_format($output));
}
/**
* old pwd
*/
$old_pwd = isset($user['old-pwd']) && is_string($user['old-pwd']) ? trim($user['old-pwd']) : null;
if (empty($old_pwd) || !wp_check_password($old_pwd, $current_user->user_pass, $current_user->ID)) {
$output['status'] = 'error';
$output['code'] = 'invaild_old_pwd';
$output['msg'] = ___('Invaild current password.');
die(theme_features::json_format($output));
}
/**
* change password
*/
wp_update_user(array('ID' => $current_user->ID, 'user_pass' => $new_pwd_1));
/**
* set current, relogin
*/
wp_set_current_user($current_user->ID);
wp_set_auth_cookie($current_user->ID);
$output['status'] = 'success';
$output['msg'] = ___('Your new password has been saved.');
$output['redirect'] = theme_cache::home_url();
die(theme_features::json_format($output));
break;
/**
* avatar
*/
/**
* avatar
*/
case 'avatar':
/**
* check point is enough
*/
if (class_exists('theme_custom_point')) {
/** get current user points */
$user_points = theme_custom_point::get_point($current_user->ID);
if ($user_points - abs(theme_custom_point::get_point_value('save-' . $type)) < 0) {
die(theme_features::json_format(['status' => 'error', 'code' => 'not_enough_point', 'msg' => ___('Sorry, your points are not enough to modify avatar.')]));
}
}
$base64 = isset($_POST['b4']) && is_string($_POST['b4']) ? explode(',', $_POST['b4']) : null;
if (!isset($base64[0]) && strpos($base64[0], 'jpeg') === false) {
$output['status'] = 'error';
$output['code'] = 'invaild_format';
$output['msg'] = ___('Sorry, your file is invaild format, please check it again.');
die(theme_features::json_format($output));
}
$wp_uplaod_dir = wp_upload_dir();
$filename = $current_user->ID . '.jpg';
$filesub_url = '/avatar/' . $filename;
$timestamp = '?v=' . $_SERVER['REQUEST_TIME'];
if (!is_dir($wp_uplaod_dir['basedir'] . '/avatar')) {
mkdir($wp_uplaod_dir['basedir'] . '/avatar', 0755, true);
}
$filepath = $wp_uplaod_dir['basedir'] . $filesub_url;
$fileurl = $wp_uplaod_dir['baseurl'] . $filesub_url . $timestamp;
$file_contents = file_put_contents($filepath, base64_decode($base64[1]));
if ($file_contents === false) {
$output['status'] = 'error';
$output['code'] = 'can_not_write_file';
$output['msg'] = ___('Sorry, system can not write file, please try again later or contact the administrator.');
die(theme_features::json_format($output));
} else {
/**
* add point history
*/
if (class_exists('theme_custom_point')) {
$meta = ['type' => 'save-' . $type, 'points' => 0 - abs(theme_custom_point::get_point_value('save-' . $type)), 'timestamp' => current_time('timestamp')];
add_user_meta($current_user->ID, theme_custom_point::$user_meta_key['history'], $meta);
/**
* update points
*/
update_user_meta($current_user->ID, theme_custom_point::$user_meta_key['point'], $user_points - abs(theme_custom_point::get_point_value('save-' . $type)));
/**
* feelback
*/
$output['points'] = 0 - abs(theme_custom_point::get_point_value('save-' . $type));
}
/**
* update user meta for avatar
*/
$avatar_meta_key = class_exists('theme_custom_avatar') ? theme_custom_avatar::$user_meta_key['avatar'] : 'avatar';
update_user_meta($current_user->ID, $avatar_meta_key, $filesub_url . $timestamp);
$output['status'] = 'success';
$output['avatar-url'] = $fileurl;
$output['msg'] = ___('Congratulation! Your avatar has been updated. Page is redirecting, please wait...');
die(theme_features::json_format($output));
}
break;
default:
$output['status'] = 'error';
$output['code'] = 'invaild_type_param';
$output['msg'] = ___('Sorry, the type param is invaild.');
die(theme_features::json_format($output));
}
}
public static function process()
{
theme_features::check_referer();
theme_features::check_nonce();
$output = [];
/**
* Check the ajax comment post
*/
if (isset($_POST['comment_post_ID']) && is_string($_POST['comment_post_ID'])) {
$comment_post_ID = (int) $_POST['comment_post_ID'];
do_action('pre_comment_on_post', $comment_post_ID);
global $wp_query, $comment, $comments, $post, $wpdb;
$user = wp_get_current_user();
/**
* Define comment values
*/
$comment_author = isset($_POST['author']) && is_string($_POST['author']) ? trim($_POST['author']) : null;
$comment_author_email = isset($_POST['email']) && is_string($_POST['email']) && is_email($_POST['email']) ? trim($_POST['email']) : null;
$comment_author_url = isset($_POST['url']) && is_string($_POST['url']) ? trim($_POST['url']) : null;
$comment_content = isset($_POST['comment']) && is_string($_POST['comment']) ? trim($_POST['comment']) : null;
$comment_parent = isset($_POST['comment_parent']) && is_numeric($_POST['comment_parent']) ? $_POST['comment_parent'] : null;
$output['status'] = 'success';
kses_remove_filters();
/**
* If logged
*/
if ($user->exists()) {
if (empty($use->nickname)) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
} else {
if (empty($user->display_name)) {
$user->display_name = $user->display_name;
}
}
$comment_author = wp_slash($user->display_name);
$comment_author_email = wp_slash($user->user_email);
$comment_author_url = wp_slash($user->user_url);
$user_id = $user->ID;
//if(theme_cache::current_user_can('unfiltered_html')){
// if ( ! isset( $_POST['_wp_unfiltered_html_comment'] )
// || ! wp_verify_nonce( $_POST['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID )
// ) {
//kses_remove_filters(); // start with a clean slate
//kses_init_filters(); // set up the filters
// }
//}
/**
* If not login, just visitor
*/
} else {
if ((int) theme_cache::get_option('comment_registration') === 1) {
$output['status'] = 'error';
$output['msg'] = ___('Sorry, you must be logged in to post a comment.');
die(theme_features::json_format($output));
}
}
/**
* Check required
*/
if (theme_cache::get_option('require_name_email') && !$user->exists()) {
if (empty($comment_author)) {
$output['status'] = 'error';
$output['code'] = 'invaild_name';
$output['msg'] = ___('Error: please fill your name.');
die(theme_features::json_format($output));
} else {
if (!$comment_author_email) {
$output['status'] = 'error';
$output['code'] = 'invaild_email';
$output['msg'] = ___('Error: please enter a valid email address.');
die(theme_features::json_format($output));
}
}
}
/**
* If no comment content
*/
if (empty($comment_content)) {
$output['status'] = 'error';
$output['code'] = 'invaild_content';
$output['msg'] = ___('Error: please type a comment.');
die(theme_features::json_format($output));
}
/**
* Compact the information
*/
$comment_type = null;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_id');
/**
* Insert new comment and get the comment ID
*/
$comment_id = wp_new_comment($commentdata);
/**
* Get new comment and set cookie
*/
$comment = get_comment($comment_id);
$post = theme_cache::get_post($comment_post_ID);
/**
* hook
*/
do_action('after_theme_comment_ajax', $comment, $post);
do_action('set_comment_cookies', $comment, $user);
/**
* set cookie
*/
wp_set_comment_cookies($comment, $user);
/**
* Class style
*/
$comment_depth = 1;
$tmp_c = $comment;
while ($tmp_c->comment_parent != 0) {
$comment_depth++;
$tmp_c = get_comment($tmp_c->comment_parent);
}
/**
* Check if no error
*/
if ($output['status'] === 'success') {
$content = wp_list_comments(['type' => 'comment', 'callback' => 'theme_functions::theme_comment', 'echo' => false], [$comment]);
/**
* Check if Reply comment
*/
if ($comment_parent != 0) {
$output['comment_parent'] = $comment_parent;
$output['comment'] = '<ul id="children-' . $comment->comment_ID . '" class="children">' . $content . '</ul>';
} else {
$output['comment'] = $content;
}
$output['msg'] = ___('Commented successfully, thank you!');
$output['post_id'] = $comment_post_ID;
die(theme_features::json_format($output));
}
}
/**
* type
*/
$type = isset($_GET['type']) && is_string($_GET['type']) ? $_GET['type'] : null;
switch ($type) {
case 'get-comments':
/**
* comments page
*/
$cpage = isset($_GET['cpage']) && is_numeric($_GET['cpage']) ? $_GET['cpage'] : 1;
/**
* post id
*/
$post_id = isset($_GET['post-id']) && is_numeric($_GET['post-id']) ? $_GET['post-id'] : null;
if (!$post_id) {
$output['status'] = 'error';
$output['code'] = 'invaild_post_id';
$output['msg'] = ___('Post ID is invaild.');
die(theme_features::json_format($output));
}
global $post;
/**
* check post exists
*/
$post = theme_cache::get_post($post_id);
if (!$post || $post->post_type !== 'post' && $post->post_type !== 'page') {
$output['status'] = 'error';
$output['code'] = 'invaild_post';
$output['msg'] = ___('Post is not exist.');
die(theme_features::json_format($output));
}
setup_postdata($post);
$comments_str = self::get_comments_list($post_id, $cpage);
//var_dump($comments_str);
$output['status'] = 'success';
$output['msg'] = ___('Data sent.');
if ($cpage > 0) {
$output['pagination'] = theme_functions::get_comment_pagination(['cpaged' => $cpage]);
} else {
$output['pagination'] = theme_functions::get_comment_pagination(['cpaged' => 999]);
}
$output['comments'] = $comments_str;
$output['debug'] = ['cpage' => $cpage];
break;
}
die(theme_features::json_format($output));
}
public static function process()
{
theme_features::check_nonce();
theme_features::check_referer();
$output = [];
$type = isset($_REQUEST['type']) && is_string($_REQUEST['type']) ? $_REQUEST['type'] : null;
$user = isset($_POST['user']) && is_array($_POST['user']) ? $_POST['user'] : false;
$email = isset($user['email']) && is_email($user['email']) ? $user['email'] : null;
$pwd = isset($user['pwd']) && is_string($user['pwd']) ? $user['pwd'] : null;
switch ($type) {
/**
* login
*/
case 'login':
$output = self::user_login(array('email' => $email, 'pwd' => $pwd, 'remember' => isset($user['remember']) ? true : false));
if ($output['status'] === 'success') {
$output['msg'] = self::get_options('lang-login-success');
} else {
die(theme_features::json_format($output));
}
break;
/**
* register
*/
/**
* register
*/
case 'register':
/**
* check can register
*/
if (!theme_cache::get_option('users_can_register')) {
die(theme_features::json_format(['status' => 'error', 'code' => 'users_can_not_register', 'msg' => ___('Sorry, it is not the time, the site is temporarily closed registration.')]));
}
/**
* nickname
*/
$user['nickname'] = isset($user['nickname']) && is_string($user['nickname']) ? filter_blank($user['nickname']) : false;
if (mb_strlen($user['nickname']) < self::$min_display_name_length) {
$output['status'] = 'error';
$output['code'] = 'invalid_nickname';
$output['msg'] = sprintf(___('Sorry, you nick name is invalid, at least %d characters in length, please try again.'), self::$min_display_name_length);
die(theme_features::json_format($output));
}
/**
* pwd
*/
if (mb_strlen($pwd) < self::$min_pwd_length) {
$output['status'] = 'error';
$output['code'] = 'invalid_pwd';
$output['msg'] = sprintf(___('Sorry, you password is invalid, at least %d characters in length, please try again.'), self::$min_pwd_length);
die(theme_features::json_format($output));
}
/**
* email
*/
if (!$email) {
$output['status'] = 'error';
$output['code'] = 'invalid_email';
$output['msg'] = ___('Sorry, your email address is invalid, please check it and try again.');
die(theme_features::json_format($output));
}
/**
* check display_name repeat
*/
$exists_users = array_filter(get_users(['meta_key' => 'display_name', 'meta_value' => $user['nickname']]));
if (count($exists_users) >= 1) {
$output['status'] = 'error';
$output['code'] = 'duplicate_display_name';
$output['msg'] = ___('Sorry, the nickname has been used, please change another one.');
die(theme_features::json_format($output));
}
/******************
* PASS
*****************/
$output = self::user_register(array('email' => $email, 'pwd' => $pwd, 'nickname' => $user['nickname'], 'remember' => true));
if ($output['status'] === 'success') {
// $output['redirect'] =
$output['msg'] = ___('Register successfully, page is refreshing, please wait...');
}
break;
/**
* lost-password
*/
/**
* lost-password
*/
case 'recover':
if (!$email) {
$output['status'] = 'error';
$output['code'] = 'invalid_email';
$output['msg'] = ___('Sorry, your email address is invalid, please check it and try again.');
die(theme_features::json_format($output));
}
/**
* check the email is exist
*/
$user_id = email_exists($email);
if (!$user_id) {
$output['status'] = 'error';
$output['code'] = 'email_not_exist';
$output['msg'] = ___('Sorry, the email does not exist.');
die(theme_features::json_format($output));
}
/**
* create and encode code
*/
$user = get_userdata($user_id);
$encode_arr = array('user_id' => $user_id, 'user_email' => $user->user_email);
$encode_str = json_encode($encode_arr);
$encode = base64_encode(authcode($encode_str, 'encode', AUTH_KEY, 7200));
$callback_url = esc_url(add_query_arg(['token' => $encode], self::get_tabs('reset')['url']));
$content = '
<h3>' . sprintf(___('Dear %s!'), esc_html($user->display_name)) . '</h3>
<p>
' . sprintf(___('You are receiving this email because you forgot your password. We already made an address for your account, you can access this address ( %s ) to log-in and change your password in 3 hours.'), '<a href="' . $callback_url . '" target="_blank">' . $callback_url . '</a>') . '
</p>
<p>' . sprintf(___('-- From %s'), '<a href="' . theme_cache::home_url() . '" target="_blank">' . theme_cache::get_bloginfo('name') . '</a>') . '</p>
';
$title = ___('You are applying to reset your password.');
$headers = ['Content-Type: text/html; charset=UTF-8'];
$wp_mail = wp_mail($user->user_email, $title, $content, $headers);
/**
* check wp_mail is success or not
*/
if ($wp_mail === true) {
update_user_meta($user_id, '_tmp_lost_pwd', 1);
$output['status'] = 'success';
$output['msg'] = ___('Success, we sent an email that includes how to retrieve your password, please check it out in 3 hours.');
} else {
$output['status'] = 'error';
$output['code'] = 'server_error';
$output['detial'] = $wp_mail['msg'];
$output['msg'] = ___('Error, server can not send email, please contact the administrator.');
}
break;
/**
* reset
*/
/**
* reset
*/
case 'reset':
if (!$user) {
$output['status'] = 'error';
$output['code'] = 'invalid_param';
$output['msg'] = ___('Sorry, the param is invalid.');
die(theme_features::json_format($output));
}
$token = isset($user['token']) && is_string($user['token']) ? $user['token'] : false;
if (!$token) {
$output['status'] = 'error';
$output['code'] = 'invaild_token';
$output['msg'] = ___('Sorry, the token is invaild.');
die(theme_features::json_format($output));
}
/** pwd again */
$pwd_again = isset($user['pwd-again']) && is_string($user['pwd-again']) ? $user['pwd-again'] : null;
if (empty($pwd) || $pwd !== $pwd_again) {
$output['status'] = 'error';
$output['code'] = 'invalid_twice_pwd';
$output['msg'] = ___('Sorry, twice password is invaild, please try again.');
die(theme_features::json_format($output));
}
/** decode token */
$token_decode = self::get_decode_token($token);
if (!$token_decode) {
$output['status'] = 'error';
$output['code'] = 'expired_token';
$output['msg'] = ___('Sorry, the token is expired.');
die(theme_features::json_format($output));
}
$token_user_id = isset($token_decode['user_id']) && is_numeric($token_decode['user_id']) ? $token_decode['user_id'] : null;
$token_user_email = isset($token_decode['user_email']) && is_email($token_decode['user_email']) ? $token_decode['user_email'] : null;
/** check token email is match post email */
if (!$token_user_email) {
$output['status'] = 'error';
$output['code'] = 'token_email_not_match';
$output['msg'] = ___('Sorry, the token email and you account email do not match.');
die(theme_features::json_format($output));
}
/** check post email exists */
$user_id = (int) email_exists($token_user_email);
if ($user_id != $token_decode['user_id']) {
$output['status'] = 'error';
$output['code'] = 'email_not_exist';
$output['msg'] = ___('Sorry, your account email is not exist.');
die(theme_features::json_format($output));
}
/** check user already apply to recover password */
if (!get_user_meta($user_id, '_tmp_recover_pwd', true)) {
$output['status'] = 'error';
$output['code'] = 'not_apply_recover';
$output['msg'] = ___('Sorry, the user do not apply recover yet.');
}
/** all ok, just set new password */
delete_user_meta($user_id, '_tmp_recover_pwd');
wp_set_password($pwd, $user_id);
wp_set_current_user($user_id);
wp_set_auth_cookie($user_id, true);
$output['status'] = 'success';
$output['redirect'] = theme_cache::home_url();
$output['msg'] = ___('Congratulation, your account has been recovered! Password has been updated. Redirecting home page, please wait...');
break;
default:
$output['status'] = 'error';
$output['code'] = 'invalid_type';
$output['msg'] = ___('Invalid type.');
}
die(theme_features::json_format($output));
}
public static function process()
{
theme_features::check_referer();
$type = isset($_REQUEST['type']) && is_string($_REQUEST['type']) ? $_REQUEST['type'] : false;
$current_user_id = theme_cache::get_current_user_id();
switch ($type) {
/**
* backend create db table
*/
case 'create-db':
if (!theme_cache::current_user_can('manage_options')) {
die(___('Sorry, your permission is not enough to create database table.'));
}
//die(theme_features::json_format([
// 'status' => 'error',
// 'code' => 'invaild_permission',
// 'msg' => ___('Sorry, your permission is not enough to create database table.'),
//]));
if (self::has_table()) {
die(___('Sorry, the database table already exists.'));
}
//die(theme_features::json_format([
// 'status' => 'error',
// 'code' => 'exists_table',
// 'msg' => ___('Sorry, the database table already exists.'),
//]));
self::create_db_table();
theme_options::set_options(__CLASS__, ['db-version' => self::$db_version]);
header('location: ' . theme_options::get_url() . '&' . __CLASS__);
die;
//die(theme_features::json_format([
// 'status' => 'success',
// 'msg' => ___('Database table has been created.'),
//]));
/**
* get-userdata
*/
//die(theme_features::json_format([
// 'status' => 'success',
// 'msg' => ___('Database table has been created.'),
//]));
/**
* get-userdata
*/
case 'get-userdata':
/** nonce */
theme_features::check_nonce();
/**
* uid
*/
$uid = isset($_REQUEST['uid']) && is_numeric($_REQUEST['uid']) ? $_REQUEST['uid'] : false;
/**
* get userdata
*/
$user = self::check_uid($uid);
/** add user to lists */
self::add_list($current_user_id, $user->ID);
die(theme_features::json_format(['status' => 'success', 'name' => esc_html($user->display_name), 'avatar' => get_avatar_url($user->ID), 'msg' => ___('User data loaded, you can send P.M. now.'), 'url' => theme_cache::get_author_posts_url($user->ID)]));
/**
* remove user lists
*/
/**
* remove user lists
*/
case 'remove-dialog':
$receiver_uid = isset($_REQUEST['uid']) && is_numeric($_REQUEST['uid']) ? (int) $_REQUEST['uid'] : false;
$receiver = self::check_uid($receiver_uid);
$status = self::remove_list($current_user_id, $receiver->ID);
if ($status) {
die(theme_features::json_format(['status' => 'success', 'code' => 'removed']));
}
die(theme_features::json_format(['status' => 'error', 'code' => 'remove_fail']));
/**
* send
*/
/**
* send
*/
case 'send':
/** nonce */
theme_features::check_nonce();
$receiver_uid = isset($_REQUEST['uid']) && is_numeric($_REQUEST['uid']) ? $_REQUEST['uid'] : false;
$receiver = self::check_uid($receiver_uid);
/** check content */
$content = isset($_REQUEST['content']) && is_string($_REQUEST['content']) ? trim($_REQUEST['content']) : false;
if ($content != '') {
$content = fliter_script(strip_tags($content, '<a><b><strong><em><i><del>'));
}
if (trim($content) == '') {
die(theme_features::json_format(['status' => 'error', 'code' => 'empty_content', 'msg' => ___('Sorry, message content is null, please try again.')]));
}
/** pass */
$pm_id = self::insert_pm(['pm_author' => $current_user_id, 'pm_receiver' => $receiver->ID, 'pm_content' => $content]);
if (!$pm_id) {
die(theme_features::json_format(['status' => 'error', 'code' => 'can_not_create_pm', 'msg' => ___('Sorry, system can not create the private message, please try again later.')]));
}
/** get pm */
$pm = self::get_pm($pm_id);
/** add list for author */
self::add_list($current_user_id, $pm->pm_receiver);
/** add list for receiver */
self::add_list($pm->pm_receiver, $current_user_id);
die(theme_features::json_format(['status' => 'success', 'pm' => ['pm_receiver' => self::get_niceid($pm->pm_receiver), 'pm_author' => self::get_niceid($pm->pm_author), 'pm_date' => current_time('Y/m/d H:i:s'), 'pm_content' => $pm->pm_content, 'url' => theme_cache::get_author_posts_url($pm->pm_receiver)], 'msg' => ___('Message sent.')]));
/**
* latest pm id
*/
/**
* latest pm id
*/
case 'comet':
/** nonce */
theme_features::check_nonce();
$receiver_id = $current_user_id;
$client_timestamp = isset($_REQUEST['timestamp']) && is_numeric($_REQUEST['timestamp']) ? $_REQUEST['timestamp'] : false;
/** if not client timestamp, return error */
if (!$client_timestamp) {
die(theme_features::json_format(['status' => 'error', 'code' => 'invaild_timestamp', 'msg' => ___('Sorry, your session is timeout, please refresh page.')]));
}
/** set timeout */
set_time_limit(60);
/** check new pm for receiver */
for ($i = 0; $i < self::$comet_timeout; ++$i) {
/** have new pm */
$timestamp = self::get_timestamp($receiver_id);
if ($timestamp <= $client_timestamp) {
sleep(1);
continue;
}
/** have new pm, output latest pm */
$latest_pm = self::get_pm(self::get_latest_pm_id($receiver_id));
/** clear unreads for me */
self::clear_unreads($current_user_id);
die(theme_features::json_format(['status' => 'success', 'pm' => ['pm_receiver' => self::get_niceid($latest_pm->pm_receiver), 'pm_author' => self::get_niceid($latest_pm->pm_author), 'pm_author_name' => theme_cache::get_the_author_meta('display_name', $latest_pm->pm_author), 'pm_author_avatar' => get_avatar_url($latest_pm->pm_author), 'pm_date' => current_time('Y/m/d H:i:s'), 'pm_content' => $latest_pm->pm_content, 'url' => theme_cache::get_author_posts_url($pm->pm_author)], 'timestamp' => $timestamp]));
}
/** timeout msg */
die(theme_features::json_format(['status' => 'error', 'code' => 'timeout', 'msg' => ___('Timeout')]));
default:
die(theme_features::json_format(['status' => 'error', 'code' => 'invaild_type', 'msg' => ___('Sorry, type param is invaild.')]));
}
}
/**
* Process
*
*
* @return
* @version 1.0.0
*
*/
public static function process()
{
theme_features::check_referer();
theme_features::check_nonce();
if (!theme_cache::current_user_can('manage_options')) {
die;
}
$output = [];
$type = isset($_REQUEST['type']) ? $_REQUEST['type'] : null;
switch ($type) {
case 'import':
$contents = isset($_POST['b64']) && is_string($_POST['b64']) ? json_decode(base64_decode($_POST['b64']), true) : null;
if (is_array($contents) && !empty($contents)) {
set_theme_mod(theme_options::$iden, $contents);
$output['status'] = 'success';
$output['msg'] = ___('Settings has been restored, refreshing page, please wait...');
/**
* invalid contents
*/
} else {
$output['status'] = 'error';
$output['msg'] = ___('Invalid content.');
}
break;
/**
* export
*/
/**
* export
*/
case 'export':
$contents = base64_encode(json_encode(theme_options::get_options()));
/**
* write content to a tmp file
*/
$tmp = tmpfile();
$filepath = stream_get_meta_data($tmp)['uri'];
file_put_contents($filepath, $contents);
/**
* output file download
*/
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($filepath));
$download_fn = ___('Backup');
$download_fn .= '-' . theme_cache::get_bloginfo('name');
$download_fn .= '-' . theme_functions::$iden;
$download_fn .= '-' . date('Ymd-His') . '.bk';
header('Content-Disposition: attachment; filename=" ' . $download_fn . '"');
readfile($filepath);
die;
}
die(theme_features::json_format($output));
}
public static function process()
{
$output = [];
theme_features::check_referer();
theme_features::check_nonce();
$type = isset($_REQUEST['type']) ? $_REQUEST['type'] : null;
switch ($type) {
/**
* case upload
*/
case 'upload':
self::process_upload();
break;
/**
* post
*/
/**
* post
*/
case 'post':
self::process_post();
break;
default:
}
die(theme_features::json_format($output));
}
public static function process()
{
$output = [];
theme_features::check_referer();
theme_features::check_nonce();
$type = isset($_REQUEST['type']) ? $_REQUEST['type'] : null;
switch ($type) {
/**
* case upload
*/
case 'add-cover':
/**
* if not image
*/
$filename = isset($_FILES['img']['name']) ? $_FILES['img']['name'] : null;
$file_ext = $filename ? array_slice(explode('.', $filename), -1, 1)[0] : null;
$file_ext = strtolower($file_ext);
if (!in_array($file_ext, self::$file_exts)) {
$output['status'] = 'error';
$output['code'] = 'invaild_file_type';
$output['msg'] = ___('Invaild file type.');
die(theme_features::json_format($output));
}
/** rename file name */
$_FILES['img']['name'] = theme_cache::get_current_user_id() . '-' . current_time('YmdHis') . '-' . rand(100, 999) . '.' . $file_ext;
/**
* pass
*/
require_once ABSPATH . 'wp-admin/includes/image.php';
require_once ABSPATH . 'wp-admin/includes/file.php';
require_once ABSPATH . 'wp-admin/includes/media.php';
$attach_id = media_handle_upload('img', 0);
if (is_wp_error($attach_id)) {
$output['status'] = 'error';
$output['code'] = $attach_id->get_error_code();
$output['msg'] = $attach_id->get_error_message();
die(theme_features::json_format($output));
} else {
$output['status'] = 'success';
$output['thumbnail'] = ['url' => esc_url(self::wp_get_attachment_image_src($attach_id, 'thumbnail')[0])];
$output['attach-id'] = $attach_id;
$output['msg'] = ___('Upload success.');
die(theme_features::json_format($output));
}
break;
/**
* post
*/
/**
* post
*/
case 'post':
$clt = isset($_POST['clt']) && is_array($_POST['clt']) ? $_POST['clt'] : null;
if (is_null_array($clt)) {
$output['status'] = 'error';
$output['code'] = 'invaild_ctb_param';
$output['msg'] = ___('Invaild collection param.');
die(theme_features::json_format($output));
}
/**
* get posts
*/
$posts = isset($clt['posts']) && is_array($clt['posts']) ? $clt['posts'] : null;
if (empty($posts)) {
$output['status'] = 'error';
$output['code'] = 'invaild_posts';
$output['msg'] = ___('Sorry, posts can not be empty.');
die(theme_features::json_format($output));
}
/**
* post title
*/
$post_title = isset($clt['post-title']) && is_string($clt['post-title']) ? esc_html(trim($clt['post-title'])) : null;
if (empty($post_title)) {
$output['status'] = 'error';
$output['code'] = 'invaild_post_title';
$output['msg'] = ___('Please write the post title.');
die(theme_features::json_format($output));
}
/**
* check thumbnail cover
*/
$thumbnail_id = isset($clt['thumbnail-id']) && is_numeric($clt['thumbnail-id']) ? (int) $clt['thumbnail-id'] : null;
if (empty($thumbnail_id)) {
$output['status'] = 'error';
$output['code'] = 'invaild_thumbnail_id';
$output['msg'] = ___('Please set an image as post thumbnail');
die(theme_features::json_format($output));
}
/**
* post content
*/
$post_content = isset($clt['post-content']) && is_string($clt['post-content']) ? strip_tags(trim($clt['post-content']), '<del><a><b><strong><em><i>') : null;
if (empty($post_content)) {
$output['status'] = 'error';
$output['code'] = 'invaild_post_content';
$output['msg'] = ___('Please explain why you recommend this collection.');
die(theme_features::json_format($output));
}
/**
* get posts template
*/
$post_content = '<p>' . $post_content . '</p>' . self::get_preview($posts);
/**
* tags
*/
$tags = isset($clt['tags']) && is_array($clt['tags']) ? $clt['tags'] : [];
if (!empty($tags)) {
$tags = array_map(function ($tag) {
if (!is_string($tag)) {
return null;
}
return $tag;
}, $tags);
}
/**
* post status
*/
if (theme_cache::current_user_can('moderate_comments')) {
$post_status = 'publish';
} else {
$post_status = 'pending';
}
/**
* insert
*/
$post_id = wp_insert_post(array('post_title' => $post_title, 'post_content' => fliter_script($post_content), 'post_status' => $post_status, 'post_author' => theme_cache::get_current_user_id(), 'post_category' => (array) self::get_options('cats'), 'tags_input' => $tags), true);
if (is_wp_error($post_id)) {
$output['status'] = 'error';
$output['code'] = $post_id->get_error_code();
$output['msg'] = $post_id->get_error_message();
} else {
/** set post thumbnail */
set_post_thumbnail($post_id, $thumbnail_id);
/**
* pending status
*/
if ($post_status === 'pending') {
$output['status'] = 'success';
$output['msg'] = sprintf(___('Your collection submitted successful, it will be published after approve in a while. Thank you very much! How about %s again?'), '<a href="' . self::get_tabs('collection')['url'] . '">' . ___('write a new collection') . '</a>');
die(theme_features::json_format($output));
} else {
$output['status'] = 'success';
$output['msg'] = sprintf(___('Congratulation! Your post has been published. You can %s or %s.'), '<a href="' . theme_cache::get_permalink($post_id) . '" title="' . theme_cache::get_the_title($post_id) . '">' . ___('View it now') . '</a>', '<a href="' . self::get_tabs('collection')['url'] . '">' . ___('countinue to write a new collection') . '</a>');
/**
* add point
*/
if (class_exists('theme_custom_point')) {
$post_publish_point = theme_custom_point::get_point_value('post-publish');
$output['point'] = array('value' => $post_publish_point, 'detail' => ___('Post published'));
}
die(theme_features::json_format($output));
}
}
break;
/**
* get post
*/
/**
* get post
*/
case 'get-post':
$post_id = isset($_REQUEST['post-id']) && is_numeric($_REQUEST['post-id']) ? $_REQUEST['post-id'] : null;
if (!$post_id) {
$output['status'] = 'error';
$output['code'] = 'invaild_post_id';
$output['msg'] = ___('Sorry, the post id is invaild.');
die(theme_features::json_format($output));
}
global $post;
$post = theme_cache::get_post($post_id);
if (!$post || $post->post_type !== 'post') {
$output['status'] = 'error';
$output['code'] = 'post_not_exist';
$output['msg'] = ___('Sorry, the post do not exist, please type another post ID.');
//echo(json_encode($output));
die(theme_features::json_format($output));
}
setup_postdata($post);
$output = ['status' => 'success', 'msg' => ___('Finished get the post data.'), 'thumbnail' => ['url' => theme_functions::get_thumbnail_src($post_id), 'size' => [theme_functions::$thumbnail_size[1], theme_functions::$thumbnail_size[2]]], 'title' => theme_cache::get_the_title($post_id), 'excerpt' => html_minify(str_sub(strip_tags(trim($post->post_content)), 120, '...'))];
wp_reset_postdata();
die(theme_features::json_format($output));
}
die(theme_features::json_format($output));
}
public static function process()
{
$output = [];
theme_features::check_referer();
theme_features::check_nonce();
$type = isset($_REQUEST['type']) ? $_REQUEST['type'] : null;
die(theme_features::json_format($output));
}
public static function process_cb()
{
theme_features::check_nonce('nonce');
/**
* sina set-auth
*/
if (isset($_GET['sina']) && $_GET['sina'] === 'set-auth') {
self::open_sign_sina();
/**
* qq
*/
} else {
if (isset($_GET['qq']) && $_GET['qq'] === 'set-auth') {
self::open_sign_qq();
}
}
die;
}