/** * tests a private link retrieval submission and send the link or sets an error * * @return null */ private static function _process_retrieval() { /* * we check a transient based on the user's IP; if the user tries more than 3 * times per day to get a private ID, they are blocked for 24 hours */ $max_tries = Participants_Db::current_user_has_plugin_role('admin', 'retrieve link') ? 10000 : 3; // give the plugin admin unlimited tries $transient = self::$prefix . 'retrieve-count-' . str_replace('.', '', $_SERVER['REMOTE_ADDR']); $count = get_transient($transient); if ($count === false) { set_transient($transient, 1, 60 * 60 * 24); } if ($count > $max_tries) { // too many tries, come back tomorrow error_log('Participants Database Plugin: IP blocked for too many retrieval attempts from IP ' . $_SERVER['REMOTE_ADDR'] . ' in 24-hour period.'); return; } $count++; set_transient($transient, $count, 60 * 60 * 24); $column = self::plugin_setting('retrieve_link_identifier', 'email'); if (!isset($_POST[$column]) || empty($_POST[$column])) { self::$validation_errors->add_error($column, 'empty'); return; } // a value was submitted, try to find a record with it //$match_id = self::_get_participant_id_by_term($column, $_POST[$column]); $match_id = self::find_record_match($column, $_POST); if (!is_object(self::$validation_errors)) { self::$validation_errors = new PDb_FormValidation(); } if ($match_id === false) { self::$validation_errors->add_error($column, 'identifier'); return; } else { $participant_values = self::get_participant($match_id); } $retrieve_link_email = new stdClass(); $retrieve_link_email->body_template = self::set_filter('translate_string', self::plugin_setting('retrieve_link_email_body')); $retrieve_link_email->subject = self::set_filter('translate_string', self::plugin_setting('retrieve_link_email_subject')); $retrieve_link_email->recipient = $participant_values[self::plugin_setting('primary_email_address_field', 'email')]; /** * @version 1.6 * * filter pdb-before_send_retrieve_link_email */ self::set_filter('before_send_retrieve_link_email', $retrieve_link_email); if (!empty($retrieve_link_email->recipient)) { $body = self::proc_tags($retrieve_link_email->body_template, $match_id); $sent = wp_mail($retrieve_link_email->recipient, self::proc_tags($retrieve_link_email->subject, $match_id), self::plugin_setting('html_email') ? self::process_rich_text($body) : $body, self::$email_headers); if (false === $sent) { error_log(__METHOD__ . ' sending returned false'); } } else { error_log(__METHOD__ . ' primary email address field undefined'); } if (self::plugin_setting_is_true('send_retrieve_link_notify_email')) { $body = self::proc_tags(self::plugin_setting('retrieve_link_notify_body'), $match_id); $sent = wp_mail(self::plugin_setting('email_signup_notify_addresses'), self::proc_tags(self::plugin_setting('retrieve_link_notify_subject'), $match_id, 'all'), self::plugin_setting('html_email') ? self::process_rich_text($body) : $body, self::$email_headers); } //self::$validation_errors->add_error('', 'success'); $_POST['action'] = 'success'; return; }
?> "> <?php $column_title = str_replace(array('"', "'"), array('"', '''), Participants_Db::set_filter('translate_string', stripslashes($column->title))); if ($options['mark_required_fields'] && $column->validation != 'no') { $column_title = sprintf(Participants_Db::set_filter('translate_string', $options['required_field_marker']), $column_title); } ?> <?php $add_title = ''; $fieldnote_pattern = ' <span class="fieldnote">%s</span>'; if ($column->form_element == 'hidden') { $add_title = sprintf($fieldnote_pattern, __('hidden', 'participants-database')); } elseif (in_array($column->name, $readonly_columns) or $column->form_element == 'timestamp') { $attributes['class'] = 'readonly-field'; if (!Participants_Db::current_user_has_plugin_role('editor', 'readonly access')) { $attributes['readonly'] = 'readonly'; } $add_title = sprintf($fieldnote_pattern, __('read only', 'participants-database')); } ?> <th><?php echo $column_title . $add_title; ?> </th> <td id="<?php echo Participants_Db::$prefix . $column->name; ?> -field" > <?php /*
<?php if (!defined('ABSPATH')) { exit; } if (!Participants_Db::current_user_has_plugin_role('admin', 'upload csv')) { exit; } $CSV_import = new PDb_CSV_Import('csv_file_upload'); $csv_paramdefaults = array('delimiter_character' => 'auto', 'enclosure_character' => 'auto', 'match_field' => Participants_Db::plugin_setting('unique_field'), 'match_preference' => Participants_Db::plugin_setting('unique_email')); $csv_options = get_option(Participants_Db::$prefix . 'csv_import_params'); if ($csv_options === false) { $csv_params = $csv_paramdefaults; } else { $csv_params = array_merge($csv_paramdefaults, $csv_options); } foreach (array_keys($csv_paramdefaults) as $param) { $new_value = ''; if (isset($_POST[$param])) { switch ($param) { case 'enclosure_character': $new_value = str_replace(array('"', "'"), array('"', '''), filter_input(INPUT_POST, 'enclosure_character', FILTER_SANITIZE_STRING)); break; default: $new_value = filter_input(INPUT_POST, $param, FILTER_SANITIZE_STRING); } $csv_params[$param] = $new_value; } } extract($csv_params); update_option(Participants_Db::$prefix . 'csv_import_params', $csv_params);
/* * add / edit / delete fields and field groups and their attributes * * * @category * @package WordPress * @author Roland Barker <*****@*****.**> * @copyright 2015 xnau webdesign * @license GPL2 * @version 1.6 * @link http://wordpress.org/extend/plugins/participants-database/ */ if (!defined('ABSPATH')) { die; } if (!Participants_Db::current_user_has_plugin_role('admin', 'manage fields')) { exit; } class PDb_Manage_Fields { /** * @var array translations strings used by this class */ var $i18n; /** * @var array all defined groups */ var $groups; /** * @var array of field attribute names */
/** * initializes and outputs the list for the backend */ public static function initialize() { self::_setup_i18n(); wp_localize_script(Participants_Db::$prefix . 'list-admin', 'list_adminL10n', array('delete' => self::$i18n['delete_checked'], 'cancel' => self::$i18n['change'], "record" => __("Do you really want to delete the selected record?", 'participants-database'), "records" => __("Do you really want to delete the selected records?", 'participants-database'))); wp_enqueue_script(Participants_Db::$prefix . 'list-admin'); wp_enqueue_script(Participants_Db::$prefix . 'debounce'); get_currentuserinfo(); // set up the user settings transient global $user_ID; self::$user_settings = Participants_Db::$prefix . self::$user_settings . '-' . $user_ID; self::$filter_transient = Participants_Db::$prefix . self::$filter_transient . '-' . $user_ID; self::set_list_limit(); self::$registration_page_url = get_bloginfo('url') . '/' . Participants_Db::plugin_setting('registration_page', ''); self::setup_display_columns(); self::$sortables = Participants_Db::get_field_list(false, false, 'alpha'); // self::$sortables = Participants_Db::get_sortables(false, 'alpha'); // set up the basic values self::$default_filter = array('search' => array(0 => array('search_field' => 'none', 'value' => '', 'operator' => 'LIKE', 'logic' => 'AND')), 'sortBy' => Participants_Db::plugin_setting('admin_default_sort'), 'ascdesc' => Participants_Db::plugin_setting('admin_default_sort_order'), 'list_filter_count' => 1); // merge the defaults with the $_REQUEST array so if there are any new values coming in, they're included self::_update_filter(); // error_log(__METHOD__.' filter:'.print_r(self::$filter,1)); // process delete and items-per-page form submissions self::_process_general(); self::_process_search(); if (WP_DEBUG) { error_log(__METHOD__ . ' list query= ' . self::$list_query); } /* * save the query in a transient so it can be used by the export CSV functionality */ if (Participants_Db::current_user_has_plugin_role('admin', 'csv export')) { global $current_user; set_transient(Participants_Db::$prefix . 'admin_list_query' . $current_user->ID, self::$list_query, 3600 * 24); } // get the $wpdb object global $wpdb; // get the number of records returned self::$num_records = $wpdb->get_var(str_replace('*', 'COUNT(*)', self::$list_query)); // set the pagination object $current_page = filter_input(INPUT_GET, self::$list_page, FILTER_VALIDATE_INT, array('options' => array('default' => 1, 'min_range' => 1))); self::$pagination = new PDb_Pagination(array('link' => self::prepare_page_link($_SERVER['REQUEST_URI']) . '&' . self::$list_page . '=%1$s', 'page' => $current_page, 'size' => self::$page_list_limit, 'total_records' => self::$num_records, 'add_variables' => '#pdb-list-admin')); // get the records for this page, adding the pagination limit clause self::$participants = $wpdb->get_results(self::$list_query . ' ' . self::$pagination->getLimitSql(), ARRAY_A); // ok, setup finished, start outputting the form // add the top part of the page for the admin self::_admin_top(); // print the sorting/filtering forms self::_sort_filter_forms(); // add the delete and items-per-page controls for the backend self::_general_list_form_top(); // print the main table self::_main_table(); // output the pagination controls echo '<div class="pdb-list">' . self::$pagination->links() . '</div>'; // print the CSV export form (authorized users only) $csv_role = Participants_Db::plugin_setting_is_true('editor_allowed_csv_export') ? 'editor' : 'admin'; if (Participants_Db::current_user_has_plugin_role($csv_role, 'csv export')) { self::_print_export_form(); } // print the plugin footer Participants_Db::plugin_footer(); }