function escape_any_xss($formdata) { $formdata_array = explode('~', $formdata); $formdata_array_count = count($formdata_array); $clean_formdata = ''; for ($i = 0; $i < $formdata_array_count; $i++) { $elemnts = explode('^', $formdata_array[$i]); $type = $elemnts[0]; $element_name = $elemnts[1]; $value = $elemnts[2]; $value = wpbc_clean_parameter($value); // convert to new value $clean_formdata .= $type . '^' . $element_name . '^' . $value . '~'; } $clean_formdata = substr($clean_formdata, 0, -1); $clean_formdata = str_replace('%', '%', $clean_formdata); // clean any % from the form, because otherwise, there is problems with SQL prepare function return $clean_formdata; }
function wpdev_get_args_from_request_in_bk_listing() { //debuge($_REQUEST); $num_per_page_check = get_bk_option('bookings_num_per_page'); if (empty($num_per_page_check)) { $num_per_page_check = '10'; update_bk_option('bookings_num_per_page', $num_per_page_check); } $args = array('wh_booking_type' => isset($_REQUEST['wh_booking_type']) ? wpbc_clean_parameter($_REQUEST['wh_booking_type']) : '', 'wh_approved' => isset($_REQUEST['wh_approved']) ? wpbc_clean_parameter($_REQUEST['wh_approved']) : '', 'wh_booking_id' => isset($_REQUEST['wh_booking_id']) ? wpbc_clean_parameter($_REQUEST['wh_booking_id']) : '', 'wh_is_new' => isset($_REQUEST['wh_is_new']) ? wpbc_clean_parameter($_REQUEST['wh_is_new']) : '', 'wh_pay_status' => isset($_REQUEST['wh_pay_status']) ? wpbc_clean_parameter($_REQUEST['wh_pay_status']) : '', 'wh_keyword' => isset($_REQUEST['wh_keyword']) ? wpbc_clean_parameter($_REQUEST['wh_keyword']) : '', 'wh_booking_date' => isset($_REQUEST['wh_booking_date']) ? wpbc_clean_parameter($_REQUEST['wh_booking_date']) : '', 'wh_booking_date2' => isset($_REQUEST['wh_booking_date2']) ? wpbc_clean_parameter($_REQUEST['wh_booking_date2']) : '', 'wh_modification_date' => isset($_REQUEST['wh_modification_date']) ? wpbc_clean_parameter($_REQUEST['wh_modification_date']) : '', 'wh_modification_date2' => isset($_REQUEST['wh_modification_date2']) ? wpbc_clean_parameter($_REQUEST['wh_modification_date2']) : '', 'wh_cost' => isset($_REQUEST['wh_cost']) ? wpbc_clean_parameter($_REQUEST['wh_cost']) : '', 'wh_cost2' => isset($_REQUEST['wh_cost2']) ? wpbc_clean_parameter($_REQUEST['wh_cost2']) : '', 'or_sort' => isset($_REQUEST['or_sort']) ? wpbc_clean_parameter($_REQUEST['or_sort']) : get_bk_option('booking_sort_order'), 'page_num' => isset($_REQUEST['page_num']) ? wpbc_clean_parameter($_REQUEST['page_num']) : '1', 'page_items_count' => isset($_REQUEST['page_items_count']) ? wpbc_clean_parameter($_REQUEST['page_items_count']) : $num_per_page_check); //debuge($args, $_REQUEST['wh_booking_type'] ); return $args; }
function wpbc_add_new_booking($params, $is_edit_booking = false) { if ($is_edit_booking !== false) { // Edit booking $booking_id = $is_edit_booking['booking_id']; $bktype = $is_edit_booking['booking_type']; } else { // New booking if (!isset($params["bktype"])) { return false; } else { $bktype = intval($params["bktype"]); } if ($bktype == 0) { return false; } // Error: Unknown booking resources } make_bk_action('check_multiuser_params_for_client_side', $bktype); // Activate working with specific user in WP MU //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // Define init variables //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// global $wpdb; $formdata = escape_any_xss($params["form"]); $my_modification_date = "'" . date_i18n('Y-m-d H:i:s') . "'"; // Localize booking modification date //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // Get Dates //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// $dates_in_diff_formats = wpbc_get_dates_in_diff_formats($params["dates"], $bktype, $formdata); //debuge($dates_in_diff_formats); $str_dates__dd_mm_yyyy = $dates_in_diff_formats['string']; // $my_dates = $dates_in_diff_formats['array']; $start_time = $dates_in_diff_formats['start_time']; $end_time = $dates_in_diff_formats['end_time']; //Here we need to check for double booking for the same sessions if (!$is_edit_booking && !wpbc_check_if_dates_free($bktype, $formdata, $dates_in_diff_formats, $start_time, $end_time)) { die; } $my_check_in_date = explode('-', $dates_in_diff_formats['array'][0]); $my_check_in_date_sql = sprintf("%04d-%02d-%02d %02d:%02d:%02d", $my_check_in_date[0], $my_check_in_date[1], $my_check_in_date[2], $start_time[0], $start_time[1], $start_time[2]); if (empty($str_dates__dd_mm_yyyy)) { ?> <script type="text/javascript"> if ( jQuery('#submiting<?php echo $bktype; ?> ' ).length ) { document.getElementById('submiting<?php echo $bktype; ?> ').innerHTML = '<div style="height:20px;width:100%;text-align:center;margin:15px auto;"><?php bk_error('Error! No Dates', __FILE__, __LINE__); ?> </div>'; } </script> <?php die('Error! No Dates'); } $auto_approve_new_bookings_is_active = trim(get_bk_option('booking_auto_approve_new_bookings_is_active')); $is_approved_dates = $auto_approve_new_bookings_is_active == 'On' ? '1' : '0'; // // Auto Approve booking from Booking > Add booking page for single booking resources // $admin_uri = ltrim( str_replace( get_site_url( null, '', 'admin' ), '', admin_url('admin.php?') ), '/' ) ; // if ( strpos( $_SERVER['HTTP_REFERER'], $admin_uri ) !== false ) // $is_approved_dates = '1'; $additional_fields = $additional_fields_vlaues = ''; if (isset($params["sync_gid"])) { $additional_fields = ", sync_gid"; $additional_fields_vlaues = ", '" . wpbc_clean_parameter($params["sync_gid"]) . "'"; } if ($is_edit_booking === false) { //////////////////////////////////////////////////////////////////////////// // Add new booking //////////////////////////////////////////////////////////////////////////// $sql_insertion = "INSERT INTO {$wpdb->prefix}booking (form, booking_type, modification_date, sort_date{$additional_fields}) VALUES ('{$formdata}', {$bktype}, {$my_modification_date}, '{$my_check_in_date_sql}' {$additional_fields_vlaues})"; if (false === $wpdb->query($sql_insertion)) { ?> <script type="text/javascript"> if ( jQuery('#submiting<?php echo $bktype; ?> ' ).length ) { document.getElementById('submiting<?php echo $bktype; ?> ').innerHTML = '<div style="height:20px;width:100%;text-align:center;margin:15px auto;"><?php bk_error('Error during inserting into DB', __FILE__, __LINE__); ?> </div>'; }</script> <?php die('Error during inserting into DB'); } $booking_id = (int) $wpdb->insert_id; // Get ID of booking } else { //////////////////////////////////////////////////////////////////////////// // Edit booking //////////////////////////////////////////////////////////////////////////// $update_sql = "UPDATE {$wpdb->prefix}booking AS bk SET bk.form='{$formdata}', bk.booking_type={$bktype}, bk.modification_date={$my_modification_date}, sort_date='{$my_check_in_date_sql}' WHERE bk.booking_id={$booking_id};"; if (false === $wpdb->query($update_sql)) { ?> <script type="text/javascript"> if ( jQuery('#submiting<?php echo $bktype; ?> ' ).length ) { document.getElementById('submiting<?php echo $bktype; ?> ').innerHTML = '<div style="height:20px;width:100%;text-align:center;margin:15px auto;"><?php bk_error('Error during updating exist booking in DB', __FILE__, __LINE__); ?> </div>'; }</script> <?php die('Error during updating exist booking in DB'); } // Check if dates already aproved or no $slct_sql = "SELECT approved FROM {$wpdb->prefix}bookingdates WHERE booking_id IN ({$booking_id}) LIMIT 0,1"; $slct_sql_results = $wpdb->get_results($slct_sql); if (count($slct_sql_results) > 0) { $is_approved_dates = $slct_sql_results[0]->approved; } $delete_sql = "DELETE FROM {$wpdb->prefix}bookingdates WHERE booking_id IN ({$booking_id})"; if (false === $wpdb->query($delete_sql)) { ?> <script type="text/javascript"> if ( jQuery('#submiting<?php echo $bktype; ?> ' ).length ) { document.getElementById('submiting<?php echo $bktype; ?> ').innerHTML = '<div style="height:20px;width:100%;text-align:center;margin:15px auto;"><?php bk_error('Error during updating exist booking for deleting dates in DB', __FILE__, __LINE__); ?> </div>'; }</script> <?php die('Error during updating exist booking for deleting dates in DB'); } } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // Update the Hash and Cost of the booking make_bk_action('wpbc_update_booking_hash', $booking_id, $bktype); make_bk_action('wpdev_booking_post_inserted', $booking_id, $bktype, $str_dates__dd_mm_yyyy, array($start_time, $end_time), $formdata); //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// $insert = wpbc_get_SQL_to_insert_dates($dates_in_diff_formats, $is_approved_dates, $booking_id); if (!empty($insert)) { if (false === $wpdb->query("INSERT INTO {$wpdb->prefix}bookingdates (booking_id, booking_date, approved) VALUES " . $insert)) { ?> <script type="text/javascript"> if ( jQuery('#submiting<?php echo $bktype; ?> ' ).length ) { document.getElementById('submiting<?php echo $bktype; ?> ').innerHTML = '<div style="height:20px;width:100%;text-align:center;margin:15px auto;"><?php bk_error('Error during inserting into BD - Dates', __FILE__, __LINE__); ?> </div>'; }</script> <?php die('Error during inserting into BD - Dates'); } } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if (isset($params["is_send_emeils"])) { $is_send_emeils = $params["is_send_emeils"]; } else { $is_send_emeils = 1; } if ($is_edit_booking === false) { if ($is_send_emeils != 0) { sendNewBookingEmails($booking_id, $bktype, $formdata); } if (isset($params["is_show_payment_form"]) && $params["is_show_payment_form"] == 1) { do_action('wpdev_new_booking', $booking_id, $bktype, $str_dates__dd_mm_yyyy, array($start_time, $end_time), $formdata); } else { do_action('wpbc_update_cost_of_new_booking', $booking_id, $bktype, $str_dates__dd_mm_yyyy, array($start_time, $end_time), $formdata); } // wpbc_integrate_MailChimp($formdata, $bktype); if ($auto_approve_new_bookings_is_active == 'On' && $is_send_emeils != 0) { sendApproveEmails($booking_id, 1); } } else { if ($is_send_emeils != 0) { sendModificationEmails($booking_id, $bktype, $formdata); } $admin_uri = ltrim(str_replace(get_site_url(null, '', 'admin'), '', admin_url('admin.php?')), '/'); if (strpos($_SERVER['HTTP_REFERER'], $admin_uri) === false) { if (isset($params["is_show_payment_form"]) && $params["is_show_payment_form"] == 1) { do_action('wpdev_new_booking', $booking_id, $bktype, $str_dates__dd_mm_yyyy, array($start_time, $end_time), $formdata); } else { do_action('wpbc_update_cost_of_new_booking', $booking_id, $bktype, $str_dates__dd_mm_yyyy, array($start_time, $end_time), $formdata); } } } // Re-Update booking resource TYPE if its needed here if (isset($params["skip_page_checking_for_updating"])) { $skip_page_checking_for_updating = (bool) $params["skip_page_checking_for_updating"]; } else { $skip_page_checking_for_updating = true; } make_bk_action('wpdev_booking_reupdate_bk_type_to_childs', $booking_id, $bktype, $str_dates__dd_mm_yyyy, array($start_time, $end_time), $formdata, $skip_page_checking_for_updating); make_bk_action('finish_check_multiuser_params_for_client_side', $bktype); // Deactivate working with specific user in WP MU return $booking_id; }