/**

* Include anything we need that relies on admin classes/functions

*/

include_once dirname( __FILE__ ) . '/lib/class-wp-json-authentication-oauth1-listtable.php';

add_users_page(

// Page title

__( 'Registered OAuth Applications', 'json_oauth' ),

// Menu title

_x( 'Applications', 'menu title', 'json_oauth' ),

// Capability

'list_users',

// Menu slug

'json-oauth',

// Callback

'json_oauth_admin_render'

);

$hook = get_plugin_page_hook( 'json-oauth', 'users.php' );

add_action( 'load-' . $hook, 'json_oauth_admin_load' );

global $wp_list_table;

$wp_list_table = new WP_JSON_Authentication_OAuth1_ListTable();

$wp_list_table->prepare_items();

global $wp_list_table;

// ...

?>

<div class="wrap">

<h2>

<?php

esc_html_e( 'Registered OAuth Applications', 'json_oauth' );

if ( current_user_can( 'create_users' ) ): ?>

<a href="<?php echo admin_url( 'admin.php?action=json-oauth-add' ) ?>"

class="add-new-h2"><?php echo esc_html_x( 'Add New', 'application', 'json_oauth' ); ?></a>

<?php

endif;

?>

</h2>

<?php $wp_list_table->views(); ?>

<form action="" method="get">

<?php $wp_list_table->search_box( __( 'Search Applications', 'json_oauth' ), 'json_oauth' ); ?>

<?php $wp_list_table->display(); ?>

</form>

<br class="clear" />

</div>

<?php

$valid = array();

if ( empty( $params['name'] ) ) {

return new WP_Error( 'json_oauth_missing_name', __( 'Consumer name is required' ) );

}

$valid['name'] = wp_filter_post_kses( $params['name'] );

if ( empty( $params['description'] ) ) {

return new WP_Error( 'json_oauth_missing_description', __( 'Consumer description is required' ) );

}

$valid['description'] = wp_filter_post_kses( $params['description'] );

return $valid;

$messages = array();

if ( empty( $consumer ) ) {

$did_action = 'add';

check_admin_referer( 'json-oauth-add' );

}

else {

$did_action = 'edit';

check_admin_referer( 'json-oauth-edit-' . $consumer->ID );

}

// Check that the parameters are correct first

$params = json_oauth_admin_validate_parameters( wp_unslash( $_POST ) );

if ( is_wp_error( $params ) ) {

$messages[] = $params->get_error_message();

return $messages;

}

if ( empty( $consumer ) ) {

$authenticator = new WP_JSON_Authentication_OAuth1();

// Create the consumer

$data = array(

'name' => $params['name'],

'description' => $params['description'],

);

$consumer = $result = $authenticator->add_consumer( $data );

}

else {

// Update the existing consumer post

$data = array(

'ID' => $consumer->ID,

'post_title' => $params['name'],

'post_content' => $params['description'],

);

$result = wp_update_post( $data, true );

}

if ( is_wp_error( $result ) ) {

$messages[] = $result->get_error_message();

return $messages;

}

// Success, redirect to alias page

$location = add_query_arg(

array(

'action' => 'json-oauth-edit',

'id' => $consumer->ID,

'did_action' => $did_action,

'processed' => 1,

'_wpnonce' => wp_create_nonce( 'json-oauth-edit-' . $id ),

),

network_admin_url( 'admin.php' )

);

wp_safe_redirect( $location );

exit;

if ( ! current_user_can( 'edit_users' ) )

wp_die( __( 'You do not have permission to access this page.' ) );

// Are we editing?

$consumer = null;

$form_action = admin_url( 'admin.php?action=json-oauth-add' );

if ( ! empty( $_REQUEST['id'] ) ) {

$id = absint( $_REQUEST['id'] );

$consumer = get_post( $id );

if ( is_wp_error( $consumer ) || empty( $consumer ) ) {

wp_die( __( 'Invalid consumer ID.' ) );

}

$form_action = admin_url( 'admin.php?action=json-oauth-edit' );

}

// Handle form submission

$messages = array();

if ( ! empty( $_POST['submit'] ) ) {

$messages = json_oauth_admin_handle_edit_submit( $consumer );

}

$data = array();

if ( empty( $consumer ) || ! empty( $_POST['_wpnonce'] ) ) {

foreach ( array( 'name', 'description' ) as $key ) {

$data[ $key ] = empty( $_POST[ $key ] ) ? '' : wp_unslash( $_POST[ $key ] );

}

}

else {

$data['name'] = $consumer->post_title;

$data['description'] = $consumer->post_content;

}

// Header time!

global $title, $parent_file, $submenu_file;

$title = $consumer ? __( 'Edit Consumer' ) : __( 'Add Consumer' );

$parent_file = 'users.php';

$submenu_file = 'json-oauth';

include( ABSPATH . 'wp-admin/admin-header.php' );

?>

<div class="wrap">

<h2 id="edit-site"><?php echo esc_html( $title ) ?></h2>

<?php

if ( ! empty( $messages ) ) {

foreach ( $messages as $msg )

echo '<div id="message" class="updated"><p>' . $msg . '</p></div>';

}

?>

<form method="post" action="<?php echo esc_url( $form_action ) ?>">

<table class="form-table">

<tr>

<th scope="row">

<label for="oauth-name"><?php echo esc_html_x( 'Consumer Name', 'field name' ) ?></label>

</th>

<td>

<input type="text" class="regular-text"

name="name" id="oauth-name"

value="<?php echo esc_attr( $data['name'] ) ?>" />

</td>

</tr>

<tr>

<th scope="row">

<label for="oauth-description"><?php echo esc_html_x( 'Description', 'field name' ) ?></label>

</th>

<td>

<textarea class="regular-text" name="description" id="oauth-description"

cols="30" rows="5" style="width: 500px"><?php echo esc_textarea( $data['description'] ) ?></textarea>

</td>

</tr>

</table>

<?php

if ( empty( $consumer ) ) {

wp_nonce_field( 'json-oauth-add' );

submit_button( __( 'Add Consumer' ) );

}

else {

echo '<input type="hidden" name="id" value="' . esc_attr( $consumer->ID ) . '" />';

wp_nonce_field( 'json-oauth-edit-' . $consumer->ID );

submit_button( __( 'Save Consumer' ) );

}

?>

</form>

</div>

<?php

include(ABSPATH . 'wp-admin/admin-footer.php');

global $wpdb;

$results = $wpdb->get_col( "SELECT option_value FROM {$wpdb->options} WHERE option_name LIKE 'oauth1_access_%'", 0 );

$results = array_map( 'unserialize', $results );

$approved = array_filter( $results, function ( $row ) use ( $user ) {

return $row['user'] === $user->ID;

} );

$authenticator = new WP_JSON_Authentication_OAuth1();

?>

<table class="form-table">

<tbody>

<tr>

<th scope="row"><?php _e( 'Authorized Applications', 'json_oauth' ) ?></th>

<td>

<?php if ( ! empty( $approved ) ): ?>

<table class="widefat sessions-table">

<thead>

<tr>

<th scope="col"><?php _e( 'Application Name', 'wpsm' ); ?></th>

</tr>

</thead>

<tbody>

<?php foreach ( $approved as $row ): ?>

<?php

$application = $authenticator->get_consumer( $row['consumer'] );

?>

<tr>

<td><?php echo esc_html( $application->post_title ) ?></td>

<td><button class="button" name="oauth_revoke" value="<?php echo esc_attr( $row['key'] ) ?>"><?php esc_html_e( 'Revoke', 'json_oauth' ) ?></button>

</tr>

<?php endforeach ?>

</tbody>

</table>

<?php else: ?>

<p class="description"><?php esc_html_e( 'No applications authorized.' ) ?></p>

<?php endif ?>

</td>

</tr>

</tbody>

</table>

<?php

global $pagenow;

if ( $pagenow !== 'profile.php' && $pagenow !== 'user-edit.php' ) {

return;

}

if ( ! empty( $_GET['oauth_revoked'] ) ) {

echo '<div id="message" class="updated"><p>' . __( 'Token revoked.' ) . '</p></div>';

}

if ( ! empty( $_GET['oauth_revocation_failed'] ) ) {

echo '<div id="message" class="updated"><p>' . __( 'Unable to revoke token.' ) . '</p></div>';

}

if ( empty( $_POST['oauth_revoke'] ) ) {

return;

}

$key = wp_unslash( $_POST['oauth_revoke'] );

$authenticator = new WP_JSON_Authentication_OAuth1();

$result = $authenticator->revoke_access_token( $key );

if ( is_wp_error( $result ) ) {

$redirect = add_query_arg( 'oauth_revocation_failed', true, get_edit_user_link( $user_id ) );

}

else {

$redirect = add_query_arg( 'oauth_revoked', $key, get_edit_user_link( $user_id ) );

}

wp_redirect($redirect);

exit;