Esempio n. 1
0
 public static function process()
 {
     $output = [];
     theme_features::check_referer();
     theme_features::check_nonce();
     $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : null;
     $user_id = isset($_REQUEST['user-id']) ? (int) $_REQUEST['user-id'] : null;
     switch ($type) {
         case 'follow':
             $output['count'] = self::set_follow($user_id);
             $output['code'] = 'followed';
             $output['msg'] = ___('Follow success.');
             $output['status'] = 'success';
             break;
         case 'unfollow':
             $output['count'] = self::set_follow($user_id);
             $output['code'] = 'followed';
             $output['msg'] = ___('Unfollow success.');
             $output['status'] = 'success';
             break;
         default:
             $output['status'] = 'error';
             $output['code'] = 'unkown_param';
             $output['msg'] = ___('Unkown param.');
     }
     die(theme_features::json_format($output));
 }
Esempio n. 2
0
 public static function process()
 {
     $output = [];
     theme_features::check_referer();
     theme_features::check_nonce();
     $type = isset($_GET['type']) && is_string($_GET['type']) ? $_GET['type'] : null;
     $post_id = isset($_POST['post-id']) && is_numeric($_POST['post-id']) ? (int) $_POST['post-id'] : null;
     if (!$post_id) {
         $output['status'] = 'error';
         $output['code'] = 'invaild_post_id';
         $output['msg'] = ___('Invaild post id param.');
         die(theme_features::json_format($output));
     }
     $post = theme_cache::get_post($post_id);
     if (!$post || $post->post_type !== 'post') {
         die(theme_features::json_format(['status' => 'error', 'code' => 'post_not_exist', 'msg' => ___('Post does not exist.')]));
     }
     /**
      * check user logged
      */
     if (!theme_cache::is_user_logged_in()) {
         $output['status'] = 'error';
         $output['code'] = 'need_login';
         $output['msg'] = '<a href="' . wp_login_url(theme_cache::get_permalink($post->ID)) . '" title="' . ___('Go to log-in') . '">' . ___('Sorry, please log-in.') . '</a>';
         die(theme_features::json_format($output));
     }
     $rater_id = theme_cache::get_current_user_id();
     switch ($type) {
         /**
          * incr point
          */
         case 'incr':
             /**
              * points
              */
             $points = isset($_POST['points']) && is_numeric($_POST['points']) ? (int) $_POST['points'] : null;
             if (!in_array($points, self::get_point_values())) {
                 $output['status'] = 'error';
                 $output['code'] = 'invaild_point_value';
                 $output['msg'] = ___('Invaild point value.');
                 die(theme_features::json_format($output));
             }
             /**
              * incr post raters
              */
             $post_raters = self::incr_post_raters($post_id, $rater_id, $points);
             if ($post_raters !== true) {
                 die(theme_features::json_format($post_raters));
             } else {
                 /**
                  * incr post points
                  */
                 $points_count = self::incr_post_points_count($post_id, $points);
                 if (!$points_count) {
                     $output['status'] = 'error';
                     $output['code'] = 'error_incr_points_count';
                     $output['msg'] = ___('Sorry, system can not increase post points count.');
                     die(theme_features::json_format($output));
                 }
                 /**
                  * incr rater posts
                  */
                 $rater_posts = self::incr_rater_posts($post_id, $rater_id, $points);
                 if ($rater_posts !== true) {
                     $output['status'] = 'error';
                     $output['code'] = 'error_incr_rater_posts';
                     $output['msg'] = ___('System can not increase rater posts.');
                     die(theme_features::json_format($output));
                 }
                 /**
                  * increase post author points
                  */
                 theme_custom_point::incr_user_points($post->post_author, $points);
                 /**
                  * add point history for rater
                  */
                 self::add_history_for_rater($post_id, $rater_id, $points);
                 /**
                  * add point history for post author
                  */
                 self::add_history_for_post_author($post_id, $rater_id, $points);
                 /**
                  * decrease rater points
                  */
                 theme_custom_point::decr_user_points($rater_id, $points);
                 /**
                  * success
                  */
                 $output['status'] = 'success';
                 $output['points'] = (int) self::get_post_points_count($post_id);
                 $output['msg'] = ___('Operation successful, thank you for your participation.');
                 die(theme_features::json_format($output));
             }
             break;
         default:
             $output['status'] = 'error';
             $output['code'] = 'invaild_type';
             $output['msg'] = ___('Invaild type param.');
             die(theme_features::json_format($output));
     }
     die(theme_features::json_format($output));
 }
Esempio n. 3
0
 public static function process()
 {
     theme_features::check_referer();
     theme_features::check_nonce();
     $output = [];
     $type = isset($_REQUEST['type']) && is_string($_REQUEST['type']) ? $_REQUEST['type'] : null;
     $target_id = isset($_REQUEST['target']) && is_numeric($_REQUEST['target']) ? $_REQUEST['target'] : null;
     switch ($type) {
         case 'get-target':
             /**
              * check login
              */
             $current_user_id = self::check_login();
             /**
              * check times
              */
             self::check_max_times();
             /**
              * get target
              */
             $target = self::check_target($target_id);
             $output = ['status' => 'success', 'points' => theme_custom_point::get_point($target_id), 'avatar' => theme_cache::get_avatar_url($target_id), 'name' => esc_html($target->display_name), 'msg' => ___('Target locked, bomb is ready.')];
             die(theme_features::json_format($output));
             /**
              * bomb
              */
         /**
          * bomb
          */
         case 'bomb':
             /**
              * check login
              */
             $current_user_id = self::check_login();
             /**
              * check times
              */
             self::check_max_times();
             /**
              * get target
              */
             $target = self::check_target($target_id);
             /**
              * check points
              */
             $points = isset($_REQUEST['points']) && is_numeric($_REQUEST['points']) ? $_REQUEST['points'] : null;
             if (!$points || !in_array($points, self::get_point_values())) {
                 die(theme_features::json_format(['status' => 'error', 'code' => 'invaild_point_value', 'msg' => ___('Sorry, the point value is invaild.'), 'points' => self::get_point_values()]));
             }
             /**
              * check target points
              */
             $target_points = theme_custom_point::get_point($target_id);
             if ($points > $target_points) {
                 die(theme_features::json_format(['status' => 'error', 'code' => 'target_points_not_enough', 'msg' => sprintf(___('Sorry, the target %s is not enough to bear your bomb.'), theme_custom_point::get_point_name())]));
             }
             /**
              * check attacker points
              */
             $attacker_id = theme_cache::get_current_user_id();
             $attacker_points = theme_custom_point::get_point($attacker_id);
             if ($points > $attacker_points) {
                 die(theme_features::json_format(['status' => 'error', 'code' => 'attacker_points_not_enough', 'msg' => sprintf(___('Sorry, your %s is not enough to bomb target.'), theme_custom_point::get_point_name())]));
             }
             /**
              * pass 
              */
             $says = isset($_REQUEST['says']) && is_string($_REQUEST['says']) ? mb_substr($_REQUEST['says'], 0, 30) : false;
             /**
              * define $hit
              */
             $hit = false;
             if (mt_rand(0, 100) <= self::get_victory_percent()) {
                 $hit = true;
             }
             /**
              * define data
              */
             $data = ['attacker-id' => $current_user_id, 'target-id' => $target_id, 'says' => $says, 'points' => $points, 'hit' => $hit];
             /** add history for target */
             self::add_history_for_target($data);
             /** add history for attacker */
             self::add_history_for_attacker($data);
             //self::add_noti_for_target($current_user_id,$target_id,$points,$hit);
             /**
              * new target points
              */
             $target_extra_points = self::get_extra_points_for_target($hit, $points);
             $new_target_points = $target_points + $target_extra_points;
             /**
              * new attacker points
              */
             $attacker_extra_points = self::get_extra_points_for_attacker($hit, $points);
             $new_attacker_points = $attacker_points + $attacker_extra_points;
             /** update attacker points */
             theme_custom_point::update_user_points($attacker_id, $new_attacker_points);
             /** update target points */
             theme_custom_point::update_user_points($target_id, $new_target_points);
             $target_name = '<a href="' . theme_cache::get_author_posts_url($target_id) . '" target="_blank" class="author">' . esc_html($target->display_name) . '</a>';
             /**
              * hit target
              */
             if ($hit) {
                 $output['msg'] = sprintf(___('Bombing successfully! Your bomb hit %1$s, you got %2$s %3$s. Target remaining %4$s %3$s.'), $target_name, '<strong class="plus">+' . $attacker_extra_points . '</strong>', theme_custom_point::get_point_name(), $new_target_points);
                 /**
                  * miss target
                  */
             } else {
                 $output['msg'] = sprintf(___('Unlucky! %1$s miss your attack, you lost %2$s %3$s and remaining %4$s %3$s.'), $target_name, '<strong class="mins">' . $attacker_extra_points . '</strong>', theme_custom_point::get_point_name(), $new_attacker_points);
             }
             $output['hit'] = $hit;
             $output['status'] = 'success';
             /**
              * set times
              */
             self::set_times(self::get_times() + 1);
             die(theme_features::json_format($output));
         default:
             die(theme_features::json_format(['status' => 'error', 'code' => 'invaild_type_param', 'msg' => ___('Sorry, type param is invaild.')]));
     }
 }
Esempio n. 4
0
 public static function process()
 {
     $output = [];
     theme_features::check_referer();
     theme_features::check_nonce();
     $type = isset($_REQUEST['type']) && is_string($_REQUEST['type']) ? $_REQUEST['type'] : null;
     $user = isset($_POST['user']) && is_array($_POST['user']) ? $_POST['user'] : null;
     /**
      * get current
      */
     global $current_user;
     get_currentuserinfo();
     switch ($type) {
         /**
          * settings
          */
         case 'settings':
             /**
              * check point is enough
              */
             if (class_exists('theme_custom_point')) {
                 /** get current user points */
                 $user_points = theme_custom_point::get_point($current_user->ID);
                 if ($user_points - abs(theme_custom_point::get_point_value('save-' . $type)) < 0) {
                     die(theme_features::json_format(['status' => 'error', 'code' => 'not_enough_point', 'msg' => ___('Sorry, your points are not enough to modify settings.')]));
                 }
             }
             if (empty($_POST['user']) || !is_array($_POST['user'])) {
                 $output['status'] = 'error';
                 $output['code'] = 'invaild_param';
                 $output['msg'] = ___('Invaild param.');
                 die(theme_features::json_format($output));
             }
             $nickname = isset($user['nickname']) && is_string($user['nickname']) ? trim($user['nickname']) : null;
             if (empty($nickname)) {
                 $output['status'] = 'error';
                 $output['code'] = 'invaild_nickname';
                 $output['msg'] = ___('Invaild nickname.');
                 die(theme_features::json_format($output));
             }
             $url = isset($user['url']) && is_string($user['url']) ? esc_url($user['url']) : null;
             $des = isset($user['description']) && is_string($user['description']) ? $user['description'] : null;
             $user_id = wp_update_user(array('ID' => $current_user->ID, 'user_url' => $url, 'nickname' => $nickname, 'description' => $des, 'display_name' => $nickname));
             if (is_wp_error($user_id)) {
                 $output['status'] = 'error';
                 $output['code'] = $user_id->get_error_code();
                 $output['msg'] = $user_id->get_error_message();
                 die(theme_features::json_format($output));
             } else {
                 /**
                  * add point history
                  */
                 if (class_exists('theme_custom_point')) {
                     $meta = ['type' => 'save-' . $type, 'points' => 0 - abs(theme_custom_point::get_point_value('save-' . $type)), 'timestamp' => current_time('timestamp')];
                     add_user_meta($current_user->ID, theme_custom_point::$user_meta_key['history'], $meta);
                     /**
                      * update points
                      */
                     update_user_meta($current_user->ID, theme_custom_point::$user_meta_key['point'], $user_points - abs(theme_custom_point::get_point_value('save-' . $type)));
                     /**
                      * feelback
                      */
                     $output['points'] = 0 - abs(theme_custom_point::get_point_value('save-' . $type));
                 }
                 $output['status'] = 'success';
                 $output['msg'] = ___('Your settings have been saved.');
                 die(theme_features::json_format($output));
             }
             break;
             /**
              * pwd
              */
         /**
          * pwd
          */
         case 'pwd':
             /**
              * twice pwd
              */
             $new_pwd_1 = isset($user['new-pwd-1']) && is_string($user['new-pwd-1']) ? trim($user['new-pwd-1']) : null;
             $new_pwd_2 = isset($user['new-pwd-2']) && is_string($user['new-pwd-2']) ? trim($user['new-pwd-2']) : null;
             if (empty($new_pwd_1) || $new_pwd_1 !== $new_pwd_2) {
                 $output['status'] = 'error';
                 $output['code'] = 'invaild_pwd_twice';
                 $output['msg'] = ___('Password invaild twice.');
                 die(theme_features::json_format($output));
             }
             /**
              * old pwd
              */
             $old_pwd = isset($user['old-pwd']) && is_string($user['old-pwd']) ? trim($user['old-pwd']) : null;
             if (empty($old_pwd) || !wp_check_password($old_pwd, $current_user->user_pass, $current_user->ID)) {
                 $output['status'] = 'error';
                 $output['code'] = 'invaild_old_pwd';
                 $output['msg'] = ___('Invaild current password.');
                 die(theme_features::json_format($output));
             }
             /**
              * change password
              */
             wp_update_user(array('ID' => $current_user->ID, 'user_pass' => $new_pwd_1));
             /**
              * set current, relogin
              */
             wp_set_current_user($current_user->ID);
             wp_set_auth_cookie($current_user->ID);
             $output['status'] = 'success';
             $output['msg'] = ___('Your new password has been saved.');
             $output['redirect'] = theme_cache::home_url();
             die(theme_features::json_format($output));
             break;
             /**
              * avatar
              */
         /**
          * avatar
          */
         case 'avatar':
             /**
              * check point is enough
              */
             if (class_exists('theme_custom_point')) {
                 /** get current user points */
                 $user_points = theme_custom_point::get_point($current_user->ID);
                 if ($user_points - abs(theme_custom_point::get_point_value('save-' . $type)) < 0) {
                     die(theme_features::json_format(['status' => 'error', 'code' => 'not_enough_point', 'msg' => ___('Sorry, your points are not enough to modify avatar.')]));
                 }
             }
             $base64 = isset($_POST['b4']) && is_string($_POST['b4']) ? explode(',', $_POST['b4']) : null;
             if (!isset($base64[0]) && strpos($base64[0], 'jpeg') === false) {
                 $output['status'] = 'error';
                 $output['code'] = 'invaild_format';
                 $output['msg'] = ___('Sorry, your file is invaild format, please check it again.');
                 die(theme_features::json_format($output));
             }
             $wp_uplaod_dir = wp_upload_dir();
             $filename = $current_user->ID . '.jpg';
             $filesub_url = '/avatar/' . $filename;
             $timestamp = '?v=' . $_SERVER['REQUEST_TIME'];
             if (!is_dir($wp_uplaod_dir['basedir'] . '/avatar')) {
                 mkdir($wp_uplaod_dir['basedir'] . '/avatar', 0755, true);
             }
             $filepath = $wp_uplaod_dir['basedir'] . $filesub_url;
             $fileurl = $wp_uplaod_dir['baseurl'] . $filesub_url . $timestamp;
             $file_contents = file_put_contents($filepath, base64_decode($base64[1]));
             if ($file_contents === false) {
                 $output['status'] = 'error';
                 $output['code'] = 'can_not_write_file';
                 $output['msg'] = ___('Sorry, system can not write file, please try again later or contact the administrator.');
                 die(theme_features::json_format($output));
             } else {
                 /**
                  * add point history
                  */
                 if (class_exists('theme_custom_point')) {
                     $meta = ['type' => 'save-' . $type, 'points' => 0 - abs(theme_custom_point::get_point_value('save-' . $type)), 'timestamp' => current_time('timestamp')];
                     add_user_meta($current_user->ID, theme_custom_point::$user_meta_key['history'], $meta);
                     /**
                      * update points
                      */
                     update_user_meta($current_user->ID, theme_custom_point::$user_meta_key['point'], $user_points - abs(theme_custom_point::get_point_value('save-' . $type)));
                     /**
                      * feelback
                      */
                     $output['points'] = 0 - abs(theme_custom_point::get_point_value('save-' . $type));
                 }
                 /**
                  * update user meta for avatar
                  */
                 $avatar_meta_key = class_exists('theme_custom_avatar') ? theme_custom_avatar::$user_meta_key['avatar'] : 'avatar';
                 update_user_meta($current_user->ID, $avatar_meta_key, $filesub_url . $timestamp);
                 $output['status'] = 'success';
                 $output['avatar-url'] = $fileurl;
                 $output['msg'] = ___('Congratulation! Your avatar has been updated. Page is redirecting, please wait...');
                 die(theme_features::json_format($output));
             }
             break;
         default:
             $output['status'] = 'error';
             $output['code'] = 'invaild_type_param';
             $output['msg'] = ___('Sorry, the type param is invaild.');
             die(theme_features::json_format($output));
     }
 }
 public static function process()
 {
     theme_features::check_referer();
     theme_features::check_nonce();
     $output = [];
     /**
      * Check the ajax comment post
      */
     if (isset($_POST['comment_post_ID']) && is_string($_POST['comment_post_ID'])) {
         $comment_post_ID = (int) $_POST['comment_post_ID'];
         do_action('pre_comment_on_post', $comment_post_ID);
         global $wp_query, $comment, $comments, $post, $wpdb;
         $user = wp_get_current_user();
         /**
          * Define comment values
          */
         $comment_author = isset($_POST['author']) && is_string($_POST['author']) ? trim($_POST['author']) : null;
         $comment_author_email = isset($_POST['email']) && is_string($_POST['email']) && is_email($_POST['email']) ? trim($_POST['email']) : null;
         $comment_author_url = isset($_POST['url']) && is_string($_POST['url']) ? trim($_POST['url']) : null;
         $comment_content = isset($_POST['comment']) && is_string($_POST['comment']) ? trim($_POST['comment']) : null;
         $comment_parent = isset($_POST['comment_parent']) && is_numeric($_POST['comment_parent']) ? $_POST['comment_parent'] : null;
         $output['status'] = 'success';
         kses_remove_filters();
         /**
          * If logged
          */
         if ($user->exists()) {
             if (empty($use->nickname)) {
                 if (empty($user->display_name)) {
                     $user->display_name = $user->user_login;
                 }
             } else {
                 if (empty($user->display_name)) {
                     $user->display_name = $user->display_name;
                 }
             }
             $comment_author = wp_slash($user->display_name);
             $comment_author_email = wp_slash($user->user_email);
             $comment_author_url = wp_slash($user->user_url);
             $user_id = $user->ID;
             //if(theme_cache::current_user_can('unfiltered_html')){
             //	if ( ! isset( $_POST['_wp_unfiltered_html_comment'] )
             //		|| ! wp_verify_nonce( $_POST['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID )
             //	) {
             //kses_remove_filters(); // start with a clean slate
             //kses_init_filters(); // set up the filters
             //	}
             //}
             /**
              * If not login, just visitor
              */
         } else {
             if ((int) theme_cache::get_option('comment_registration') === 1) {
                 $output['status'] = 'error';
                 $output['msg'] = ___('Sorry, you must be logged in to post a comment.');
                 die(theme_features::json_format($output));
             }
         }
         /**
          * Check required 
          */
         if (theme_cache::get_option('require_name_email') && !$user->exists()) {
             if (empty($comment_author)) {
                 $output['status'] = 'error';
                 $output['code'] = 'invaild_name';
                 $output['msg'] = ___('Error: please fill your name.');
                 die(theme_features::json_format($output));
             } else {
                 if (!$comment_author_email) {
                     $output['status'] = 'error';
                     $output['code'] = 'invaild_email';
                     $output['msg'] = ___('Error: please enter a valid email address.');
                     die(theme_features::json_format($output));
                 }
             }
         }
         /**
          * If no comment content
          */
         if (empty($comment_content)) {
             $output['status'] = 'error';
             $output['code'] = 'invaild_content';
             $output['msg'] = ___('Error: please type a comment.');
             die(theme_features::json_format($output));
         }
         /**
          * Compact the information
          */
         $comment_type = null;
         $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_id');
         /**
          * Insert new comment and get the comment ID
          */
         $comment_id = wp_new_comment($commentdata);
         /**
          * Get new comment and set cookie
          */
         $comment = get_comment($comment_id);
         $post = theme_cache::get_post($comment_post_ID);
         /** 
          * hook
          */
         do_action('after_theme_comment_ajax', $comment, $post);
         do_action('set_comment_cookies', $comment, $user);
         /** 
          * set cookie
          */
         wp_set_comment_cookies($comment, $user);
         /**
          * Class style
          */
         $comment_depth = 1;
         $tmp_c = $comment;
         while ($tmp_c->comment_parent != 0) {
             $comment_depth++;
             $tmp_c = get_comment($tmp_c->comment_parent);
         }
         /**
          * Check if no error
          */
         if ($output['status'] === 'success') {
             $content = wp_list_comments(['type' => 'comment', 'callback' => 'theme_functions::theme_comment', 'echo' => false], [$comment]);
             /**
              * Check if Reply comment
              */
             if ($comment_parent != 0) {
                 $output['comment_parent'] = $comment_parent;
                 $output['comment'] = '<ul id="children-' . $comment->comment_ID . '" class="children">' . $content . '</ul>';
             } else {
                 $output['comment'] = $content;
             }
             $output['msg'] = ___('Commented successfully, thank you!');
             $output['post_id'] = $comment_post_ID;
             die(theme_features::json_format($output));
         }
     }
     /**
      * type
      */
     $type = isset($_GET['type']) && is_string($_GET['type']) ? $_GET['type'] : null;
     switch ($type) {
         case 'get-comments':
             /**
              * comments page
              */
             $cpage = isset($_GET['cpage']) && is_numeric($_GET['cpage']) ? $_GET['cpage'] : 1;
             /**
              * post id
              */
             $post_id = isset($_GET['post-id']) && is_numeric($_GET['post-id']) ? $_GET['post-id'] : null;
             if (!$post_id) {
                 $output['status'] = 'error';
                 $output['code'] = 'invaild_post_id';
                 $output['msg'] = ___('Post ID is invaild.');
                 die(theme_features::json_format($output));
             }
             global $post;
             /**
              * check post exists
              */
             $post = theme_cache::get_post($post_id);
             if (!$post || $post->post_type !== 'post' && $post->post_type !== 'page') {
                 $output['status'] = 'error';
                 $output['code'] = 'invaild_post';
                 $output['msg'] = ___('Post is not exist.');
                 die(theme_features::json_format($output));
             }
             setup_postdata($post);
             $comments_str = self::get_comments_list($post_id, $cpage);
             //var_dump($comments_str);
             $output['status'] = 'success';
             $output['msg'] = ___('Data sent.');
             if ($cpage > 0) {
                 $output['pagination'] = theme_functions::get_comment_pagination(['cpaged' => $cpage]);
             } else {
                 $output['pagination'] = theme_functions::get_comment_pagination(['cpaged' => 999]);
             }
             $output['comments'] = $comments_str;
             $output['debug'] = ['cpage' => $cpage];
             break;
     }
     die(theme_features::json_format($output));
 }
Esempio n. 6
0
    public static function process()
    {
        theme_features::check_nonce();
        theme_features::check_referer();
        $output = [];
        $type = isset($_REQUEST['type']) && is_string($_REQUEST['type']) ? $_REQUEST['type'] : null;
        $user = isset($_POST['user']) && is_array($_POST['user']) ? $_POST['user'] : false;
        $email = isset($user['email']) && is_email($user['email']) ? $user['email'] : null;
        $pwd = isset($user['pwd']) && is_string($user['pwd']) ? $user['pwd'] : null;
        switch ($type) {
            /** 
             * login
             */
            case 'login':
                $output = self::user_login(array('email' => $email, 'pwd' => $pwd, 'remember' => isset($user['remember']) ? true : false));
                if ($output['status'] === 'success') {
                    $output['msg'] = self::get_options('lang-login-success');
                } else {
                    die(theme_features::json_format($output));
                }
                break;
                /** 
                 * register
                 */
            /** 
             * register
             */
            case 'register':
                /**
                 * check can register
                 */
                if (!theme_cache::get_option('users_can_register')) {
                    die(theme_features::json_format(['status' => 'error', 'code' => 'users_can_not_register', 'msg' => ___('Sorry, it is not the time, the site is temporarily closed registration.')]));
                }
                /**
                 * nickname
                 */
                $user['nickname'] = isset($user['nickname']) && is_string($user['nickname']) ? filter_blank($user['nickname']) : false;
                if (mb_strlen($user['nickname']) < self::$min_display_name_length) {
                    $output['status'] = 'error';
                    $output['code'] = 'invalid_nickname';
                    $output['msg'] = sprintf(___('Sorry, you nick name is invalid, at least %d characters in length, please try again.'), self::$min_display_name_length);
                    die(theme_features::json_format($output));
                }
                /**
                 * pwd
                 */
                if (mb_strlen($pwd) < self::$min_pwd_length) {
                    $output['status'] = 'error';
                    $output['code'] = 'invalid_pwd';
                    $output['msg'] = sprintf(___('Sorry, you password is invalid, at least %d characters in length, please try again.'), self::$min_pwd_length);
                    die(theme_features::json_format($output));
                }
                /**
                 * email 
                 */
                if (!$email) {
                    $output['status'] = 'error';
                    $output['code'] = 'invalid_email';
                    $output['msg'] = ___('Sorry, your email address is invalid, please check it and try again.');
                    die(theme_features::json_format($output));
                }
                /**
                 * check display_name repeat
                 */
                $exists_users = array_filter(get_users(['meta_key' => 'display_name', 'meta_value' => $user['nickname']]));
                if (count($exists_users) >= 1) {
                    $output['status'] = 'error';
                    $output['code'] = 'duplicate_display_name';
                    $output['msg'] = ___('Sorry, the nickname has been used, please change another one.');
                    die(theme_features::json_format($output));
                }
                /******************
                 * PASS
                 *****************/
                $output = self::user_register(array('email' => $email, 'pwd' => $pwd, 'nickname' => $user['nickname'], 'remember' => true));
                if ($output['status'] === 'success') {
                    // $output['redirect'] =
                    $output['msg'] = ___('Register successfully, page is refreshing, please wait...');
                }
                break;
                /** 
                 * lost-password
                 */
            /** 
             * lost-password
             */
            case 'recover':
                if (!$email) {
                    $output['status'] = 'error';
                    $output['code'] = 'invalid_email';
                    $output['msg'] = ___('Sorry, your email address is invalid, please check it and try again.');
                    die(theme_features::json_format($output));
                }
                /** 
                 * check the email is exist
                 */
                $user_id = email_exists($email);
                if (!$user_id) {
                    $output['status'] = 'error';
                    $output['code'] = 'email_not_exist';
                    $output['msg'] = ___('Sorry, the email does not exist.');
                    die(theme_features::json_format($output));
                }
                /** 
                 * create and encode code
                 */
                $user = get_userdata($user_id);
                $encode_arr = array('user_id' => $user_id, 'user_email' => $user->user_email);
                $encode_str = json_encode($encode_arr);
                $encode = base64_encode(authcode($encode_str, 'encode', AUTH_KEY, 7200));
                $callback_url = esc_url(add_query_arg(['token' => $encode], self::get_tabs('reset')['url']));
                $content = '
					<h3>' . sprintf(___('Dear %s!'), esc_html($user->display_name)) . '</h3>
					<p>
						' . sprintf(___('You are receiving this email because you forgot your password. We already made an address for your account, you can access this address ( %s ) to log-in and change your password in 3 hours.'), '<a href="' . $callback_url . '" target="_blank">' . $callback_url . '</a>') . '
					</p>
					<p>' . sprintf(___('-- From %s'), '<a href="' . theme_cache::home_url() . '" target="_blank">' . theme_cache::get_bloginfo('name') . '</a>') . '</p>
				';
                $title = ___('You are applying to reset your password.');
                $headers = ['Content-Type: text/html; charset=UTF-8'];
                $wp_mail = wp_mail($user->user_email, $title, $content, $headers);
                /** 
                 * check wp_mail is success or not
                 */
                if ($wp_mail === true) {
                    update_user_meta($user_id, '_tmp_lost_pwd', 1);
                    $output['status'] = 'success';
                    $output['msg'] = ___('Success, we sent an email that includes how to retrieve your password, please check it out in 3 hours.');
                } else {
                    $output['status'] = 'error';
                    $output['code'] = 'server_error';
                    $output['detial'] = $wp_mail['msg'];
                    $output['msg'] = ___('Error, server can not send email, please contact the administrator.');
                }
                break;
                /** 
                 * reset
                 */
            /** 
             * reset
             */
            case 'reset':
                if (!$user) {
                    $output['status'] = 'error';
                    $output['code'] = 'invalid_param';
                    $output['msg'] = ___('Sorry, the param is invalid.');
                    die(theme_features::json_format($output));
                }
                $token = isset($user['token']) && is_string($user['token']) ? $user['token'] : false;
                if (!$token) {
                    $output['status'] = 'error';
                    $output['code'] = 'invaild_token';
                    $output['msg'] = ___('Sorry, the token is invaild.');
                    die(theme_features::json_format($output));
                }
                /** pwd again */
                $pwd_again = isset($user['pwd-again']) && is_string($user['pwd-again']) ? $user['pwd-again'] : null;
                if (empty($pwd) || $pwd !== $pwd_again) {
                    $output['status'] = 'error';
                    $output['code'] = 'invalid_twice_pwd';
                    $output['msg'] = ___('Sorry, twice password is invaild, please try again.');
                    die(theme_features::json_format($output));
                }
                /** decode token */
                $token_decode = self::get_decode_token($token);
                if (!$token_decode) {
                    $output['status'] = 'error';
                    $output['code'] = 'expired_token';
                    $output['msg'] = ___('Sorry, the token is expired.');
                    die(theme_features::json_format($output));
                }
                $token_user_id = isset($token_decode['user_id']) && is_numeric($token_decode['user_id']) ? $token_decode['user_id'] : null;
                $token_user_email = isset($token_decode['user_email']) && is_email($token_decode['user_email']) ? $token_decode['user_email'] : null;
                /** check token email is match post email */
                if (!$token_user_email) {
                    $output['status'] = 'error';
                    $output['code'] = 'token_email_not_match';
                    $output['msg'] = ___('Sorry, the token email and you account email do not match.');
                    die(theme_features::json_format($output));
                }
                /** check post email exists */
                $user_id = (int) email_exists($token_user_email);
                if ($user_id != $token_decode['user_id']) {
                    $output['status'] = 'error';
                    $output['code'] = 'email_not_exist';
                    $output['msg'] = ___('Sorry, your account email is not exist.');
                    die(theme_features::json_format($output));
                }
                /** check user already apply to recover password */
                if (!get_user_meta($user_id, '_tmp_recover_pwd', true)) {
                    $output['status'] = 'error';
                    $output['code'] = 'not_apply_recover';
                    $output['msg'] = ___('Sorry, the user do not apply recover yet.');
                }
                /** all ok, just set new password */
                delete_user_meta($user_id, '_tmp_recover_pwd');
                wp_set_password($pwd, $user_id);
                wp_set_current_user($user_id);
                wp_set_auth_cookie($user_id, true);
                $output['status'] = 'success';
                $output['redirect'] = theme_cache::home_url();
                $output['msg'] = ___('Congratulation, your account has been recovered! Password has been updated. Redirecting home page, please wait...');
                break;
            default:
                $output['status'] = 'error';
                $output['code'] = 'invalid_type';
                $output['msg'] = ___('Invalid type.');
        }
        die(theme_features::json_format($output));
    }
Esempio n. 7
0
 public static function process()
 {
     theme_features::check_referer();
     $type = isset($_REQUEST['type']) && is_string($_REQUEST['type']) ? $_REQUEST['type'] : false;
     $current_user_id = theme_cache::get_current_user_id();
     switch ($type) {
         /**
          * backend create db table
          */
         case 'create-db':
             if (!theme_cache::current_user_can('manage_options')) {
                 die(___('Sorry, your permission is not enough to create database table.'));
             }
             //die(theme_features::json_format([
             //	'status' => 'error',
             //	'code' => 'invaild_permission',
             //	'msg' => ___('Sorry, your permission is not enough to create database table.'),
             //]));
             if (self::has_table()) {
                 die(___('Sorry, the database table already exists.'));
             }
             //die(theme_features::json_format([
             //	'status' => 'error',
             //	'code' => 'exists_table',
             //	'msg' => ___('Sorry, the database table already exists.'),
             //]));
             self::create_db_table();
             theme_options::set_options(__CLASS__, ['db-version' => self::$db_version]);
             header('location: ' . theme_options::get_url() . '&' . __CLASS__);
             die;
             //die(theme_features::json_format([
             //	'status' => 'success',
             //	'msg' => ___('Database table has been created.'),
             //]));
             /**
              * get-userdata
              */
         //die(theme_features::json_format([
         //	'status' => 'success',
         //	'msg' => ___('Database table has been created.'),
         //]));
         /**
          * get-userdata
          */
         case 'get-userdata':
             /** nonce */
             theme_features::check_nonce();
             /**
              * uid
              */
             $uid = isset($_REQUEST['uid']) && is_numeric($_REQUEST['uid']) ? $_REQUEST['uid'] : false;
             /**
              * get userdata
              */
             $user = self::check_uid($uid);
             /** add user to lists */
             self::add_list($current_user_id, $user->ID);
             die(theme_features::json_format(['status' => 'success', 'name' => esc_html($user->display_name), 'avatar' => get_avatar_url($user->ID), 'msg' => ___('User data loaded, you can send P.M. now.'), 'url' => theme_cache::get_author_posts_url($user->ID)]));
             /**
              * remove user lists
              */
         /**
          * remove user lists
          */
         case 'remove-dialog':
             $receiver_uid = isset($_REQUEST['uid']) && is_numeric($_REQUEST['uid']) ? (int) $_REQUEST['uid'] : false;
             $receiver = self::check_uid($receiver_uid);
             $status = self::remove_list($current_user_id, $receiver->ID);
             if ($status) {
                 die(theme_features::json_format(['status' => 'success', 'code' => 'removed']));
             }
             die(theme_features::json_format(['status' => 'error', 'code' => 'remove_fail']));
             /**
              * send
              */
         /**
          * send
          */
         case 'send':
             /** nonce */
             theme_features::check_nonce();
             $receiver_uid = isset($_REQUEST['uid']) && is_numeric($_REQUEST['uid']) ? $_REQUEST['uid'] : false;
             $receiver = self::check_uid($receiver_uid);
             /** check content */
             $content = isset($_REQUEST['content']) && is_string($_REQUEST['content']) ? trim($_REQUEST['content']) : false;
             if ($content != '') {
                 $content = fliter_script(strip_tags($content, '<a><b><strong><em><i><del>'));
             }
             if (trim($content) == '') {
                 die(theme_features::json_format(['status' => 'error', 'code' => 'empty_content', 'msg' => ___('Sorry, message content is null, please try again.')]));
             }
             /** pass */
             $pm_id = self::insert_pm(['pm_author' => $current_user_id, 'pm_receiver' => $receiver->ID, 'pm_content' => $content]);
             if (!$pm_id) {
                 die(theme_features::json_format(['status' => 'error', 'code' => 'can_not_create_pm', 'msg' => ___('Sorry, system can not create the private message, please try again later.')]));
             }
             /** get pm */
             $pm = self::get_pm($pm_id);
             /** add list for author */
             self::add_list($current_user_id, $pm->pm_receiver);
             /** add list for receiver */
             self::add_list($pm->pm_receiver, $current_user_id);
             die(theme_features::json_format(['status' => 'success', 'pm' => ['pm_receiver' => self::get_niceid($pm->pm_receiver), 'pm_author' => self::get_niceid($pm->pm_author), 'pm_date' => current_time('Y/m/d H:i:s'), 'pm_content' => $pm->pm_content, 'url' => theme_cache::get_author_posts_url($pm->pm_receiver)], 'msg' => ___('Message sent.')]));
             /**
              * latest pm id
              */
         /**
          * latest pm id
          */
         case 'comet':
             /** nonce */
             theme_features::check_nonce();
             $receiver_id = $current_user_id;
             $client_timestamp = isset($_REQUEST['timestamp']) && is_numeric($_REQUEST['timestamp']) ? $_REQUEST['timestamp'] : false;
             /** if not client timestamp, return error */
             if (!$client_timestamp) {
                 die(theme_features::json_format(['status' => 'error', 'code' => 'invaild_timestamp', 'msg' => ___('Sorry, your session is timeout, please refresh page.')]));
             }
             /** set timeout */
             set_time_limit(60);
             /** check new pm for receiver */
             for ($i = 0; $i < self::$comet_timeout; ++$i) {
                 /** have new pm */
                 $timestamp = self::get_timestamp($receiver_id);
                 if ($timestamp <= $client_timestamp) {
                     sleep(1);
                     continue;
                 }
                 /** have new pm, output latest pm */
                 $latest_pm = self::get_pm(self::get_latest_pm_id($receiver_id));
                 /** clear unreads for me */
                 self::clear_unreads($current_user_id);
                 die(theme_features::json_format(['status' => 'success', 'pm' => ['pm_receiver' => self::get_niceid($latest_pm->pm_receiver), 'pm_author' => self::get_niceid($latest_pm->pm_author), 'pm_author_name' => theme_cache::get_the_author_meta('display_name', $latest_pm->pm_author), 'pm_author_avatar' => get_avatar_url($latest_pm->pm_author), 'pm_date' => current_time('Y/m/d H:i:s'), 'pm_content' => $latest_pm->pm_content, 'url' => theme_cache::get_author_posts_url($pm->pm_author)], 'timestamp' => $timestamp]));
             }
             /** timeout msg */
             die(theme_features::json_format(['status' => 'error', 'code' => 'timeout', 'msg' => ___('Timeout')]));
         default:
             die(theme_features::json_format(['status' => 'error', 'code' => 'invaild_type', 'msg' => ___('Sorry, type param is invaild.')]));
     }
 }
 /**
  * Process
  * 
  * 
  * @return 
  * @version 1.0.0
  * 
  */
 public static function process()
 {
     theme_features::check_referer();
     theme_features::check_nonce();
     if (!theme_cache::current_user_can('manage_options')) {
         die;
     }
     $output = [];
     $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : null;
     switch ($type) {
         case 'import':
             $contents = isset($_POST['b64']) && is_string($_POST['b64']) ? json_decode(base64_decode($_POST['b64']), true) : null;
             if (is_array($contents) && !empty($contents)) {
                 set_theme_mod(theme_options::$iden, $contents);
                 $output['status'] = 'success';
                 $output['msg'] = ___('Settings has been restored, refreshing page, please wait...');
                 /**
                  * invalid contents
                  */
             } else {
                 $output['status'] = 'error';
                 $output['msg'] = ___('Invalid content.');
             }
             break;
             /**
              * export
              */
         /**
          * export
          */
         case 'export':
             $contents = base64_encode(json_encode(theme_options::get_options()));
             /**
              * write content to a tmp file
              */
             $tmp = tmpfile();
             $filepath = stream_get_meta_data($tmp)['uri'];
             file_put_contents($filepath, $contents);
             /**
              * output file download
              */
             header('Content-Description: File Transfer');
             header('Content-Type: application/octet-stream');
             header('Expires: 0');
             header('Cache-Control: must-revalidate');
             header('Pragma: public');
             header('Content-Length: ' . filesize($filepath));
             $download_fn = ___('Backup');
             $download_fn .= '-' . theme_cache::get_bloginfo('name');
             $download_fn .= '-' . theme_functions::$iden;
             $download_fn .= '-' . date('Ymd-His') . '.bk';
             header('Content-Disposition: attachment; filename=" ' . $download_fn . '"');
             readfile($filepath);
             die;
     }
     die(theme_features::json_format($output));
 }
Esempio n. 9
0
 public static function process()
 {
     $output = [];
     theme_features::check_referer();
     theme_features::check_nonce();
     $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : null;
     switch ($type) {
         /**
          * case upload
          */
         case 'upload':
             self::process_upload();
             break;
             /**
              * post
              */
         /**
          * post
          */
         case 'post':
             self::process_post();
             break;
         default:
     }
     die(theme_features::json_format($output));
 }
Esempio n. 10
0
 public static function process()
 {
     $output = [];
     theme_features::check_referer();
     theme_features::check_nonce();
     $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : null;
     switch ($type) {
         /**
          * case upload
          */
         case 'add-cover':
             /** 
              * if not image
              */
             $filename = isset($_FILES['img']['name']) ? $_FILES['img']['name'] : null;
             $file_ext = $filename ? array_slice(explode('.', $filename), -1, 1)[0] : null;
             $file_ext = strtolower($file_ext);
             if (!in_array($file_ext, self::$file_exts)) {
                 $output['status'] = 'error';
                 $output['code'] = 'invaild_file_type';
                 $output['msg'] = ___('Invaild file type.');
                 die(theme_features::json_format($output));
             }
             /** rename file name */
             $_FILES['img']['name'] = theme_cache::get_current_user_id() . '-' . current_time('YmdHis') . '-' . rand(100, 999) . '.' . $file_ext;
             /** 
              * pass
              */
             require_once ABSPATH . 'wp-admin/includes/image.php';
             require_once ABSPATH . 'wp-admin/includes/file.php';
             require_once ABSPATH . 'wp-admin/includes/media.php';
             $attach_id = media_handle_upload('img', 0);
             if (is_wp_error($attach_id)) {
                 $output['status'] = 'error';
                 $output['code'] = $attach_id->get_error_code();
                 $output['msg'] = $attach_id->get_error_message();
                 die(theme_features::json_format($output));
             } else {
                 $output['status'] = 'success';
                 $output['thumbnail'] = ['url' => esc_url(self::wp_get_attachment_image_src($attach_id, 'thumbnail')[0])];
                 $output['attach-id'] = $attach_id;
                 $output['msg'] = ___('Upload success.');
                 die(theme_features::json_format($output));
             }
             break;
             /**
              * post
              */
         /**
          * post
          */
         case 'post':
             $clt = isset($_POST['clt']) && is_array($_POST['clt']) ? $_POST['clt'] : null;
             if (is_null_array($clt)) {
                 $output['status'] = 'error';
                 $output['code'] = 'invaild_ctb_param';
                 $output['msg'] = ___('Invaild collection param.');
                 die(theme_features::json_format($output));
             }
             /**
              * get posts
              */
             $posts = isset($clt['posts']) && is_array($clt['posts']) ? $clt['posts'] : null;
             if (empty($posts)) {
                 $output['status'] = 'error';
                 $output['code'] = 'invaild_posts';
                 $output['msg'] = ___('Sorry, posts can not be empty.');
                 die(theme_features::json_format($output));
             }
             /**
              * post title
              */
             $post_title = isset($clt['post-title']) && is_string($clt['post-title']) ? esc_html(trim($clt['post-title'])) : null;
             if (empty($post_title)) {
                 $output['status'] = 'error';
                 $output['code'] = 'invaild_post_title';
                 $output['msg'] = ___('Please write the post title.');
                 die(theme_features::json_format($output));
             }
             /**
              * check thumbnail cover
              */
             $thumbnail_id = isset($clt['thumbnail-id']) && is_numeric($clt['thumbnail-id']) ? (int) $clt['thumbnail-id'] : null;
             if (empty($thumbnail_id)) {
                 $output['status'] = 'error';
                 $output['code'] = 'invaild_thumbnail_id';
                 $output['msg'] = ___('Please set an image as post thumbnail');
                 die(theme_features::json_format($output));
             }
             /**
              * post content
              */
             $post_content = isset($clt['post-content']) && is_string($clt['post-content']) ? strip_tags(trim($clt['post-content']), '<del><a><b><strong><em><i>') : null;
             if (empty($post_content)) {
                 $output['status'] = 'error';
                 $output['code'] = 'invaild_post_content';
                 $output['msg'] = ___('Please explain why you recommend this collection.');
                 die(theme_features::json_format($output));
             }
             /**
              * get posts template
              */
             $post_content = '<p>' . $post_content . '</p>' . self::get_preview($posts);
             /**
              * tags
              */
             $tags = isset($clt['tags']) && is_array($clt['tags']) ? $clt['tags'] : [];
             if (!empty($tags)) {
                 $tags = array_map(function ($tag) {
                     if (!is_string($tag)) {
                         return null;
                     }
                     return $tag;
                 }, $tags);
             }
             /**
              * post status
              */
             if (theme_cache::current_user_can('moderate_comments')) {
                 $post_status = 'publish';
             } else {
                 $post_status = 'pending';
             }
             /**
              * insert
              */
             $post_id = wp_insert_post(array('post_title' => $post_title, 'post_content' => fliter_script($post_content), 'post_status' => $post_status, 'post_author' => theme_cache::get_current_user_id(), 'post_category' => (array) self::get_options('cats'), 'tags_input' => $tags), true);
             if (is_wp_error($post_id)) {
                 $output['status'] = 'error';
                 $output['code'] = $post_id->get_error_code();
                 $output['msg'] = $post_id->get_error_message();
             } else {
                 /** set post thumbnail */
                 set_post_thumbnail($post_id, $thumbnail_id);
                 /**
                  * pending status
                  */
                 if ($post_status === 'pending') {
                     $output['status'] = 'success';
                     $output['msg'] = sprintf(___('Your collection submitted successful, it will be published after approve in a while. Thank you very much! How about %s again?'), '<a href="' . self::get_tabs('collection')['url'] . '">' . ___('write a new collection') . '</a>');
                     die(theme_features::json_format($output));
                 } else {
                     $output['status'] = 'success';
                     $output['msg'] = sprintf(___('Congratulation! Your post has been published. You can %s or %s.'), '<a href="' . theme_cache::get_permalink($post_id) . '" title="' . theme_cache::get_the_title($post_id) . '">' . ___('View it now') . '</a>', '<a href="' . self::get_tabs('collection')['url'] . '">' . ___('countinue to write a new collection') . '</a>');
                     /**
                      * add point
                      */
                     if (class_exists('theme_custom_point')) {
                         $post_publish_point = theme_custom_point::get_point_value('post-publish');
                         $output['point'] = array('value' => $post_publish_point, 'detail' => ___('Post published'));
                     }
                     die(theme_features::json_format($output));
                 }
             }
             break;
             /**
              * get post
              */
         /**
          * get post
          */
         case 'get-post':
             $post_id = isset($_REQUEST['post-id']) && is_numeric($_REQUEST['post-id']) ? $_REQUEST['post-id'] : null;
             if (!$post_id) {
                 $output['status'] = 'error';
                 $output['code'] = 'invaild_post_id';
                 $output['msg'] = ___('Sorry, the post id is invaild.');
                 die(theme_features::json_format($output));
             }
             global $post;
             $post = theme_cache::get_post($post_id);
             if (!$post || $post->post_type !== 'post') {
                 $output['status'] = 'error';
                 $output['code'] = 'post_not_exist';
                 $output['msg'] = ___('Sorry, the post do not exist, please type another post ID.');
                 //echo(json_encode($output));
                 die(theme_features::json_format($output));
             }
             setup_postdata($post);
             $output = ['status' => 'success', 'msg' => ___('Finished get the post data.'), 'thumbnail' => ['url' => theme_functions::get_thumbnail_src($post_id), 'size' => [theme_functions::$thumbnail_size[1], theme_functions::$thumbnail_size[2]]], 'title' => theme_cache::get_the_title($post_id), 'excerpt' => html_minify(str_sub(strip_tags(trim($post->post_content)), 120, '...'))];
             wp_reset_postdata();
             die(theme_features::json_format($output));
     }
     die(theme_features::json_format($output));
 }
Esempio n. 11
0
 public static function process()
 {
     $output = [];
     theme_features::check_referer();
     theme_features::check_nonce();
     $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : null;
     die(theme_features::json_format($output));
 }
Esempio n. 12
0
 public static function process_cb()
 {
     theme_features::check_nonce('nonce');
     /** 
      * sina set-auth
      */
     if (isset($_GET['sina']) && $_GET['sina'] === 'set-auth') {
         self::open_sign_sina();
         /** 
          * qq
          */
     } else {
         if (isset($_GET['qq']) && $_GET['qq'] === 'set-auth') {
             self::open_sign_qq();
         }
     }
     die;
 }