/** * Updates an existing comment in the database. * * Filters the comment and makes sure certain fields are valid before updating. * * @since 0.0.1 * * @global hqdb $hqdb HiveQueen database abstraction object. * * @param array $commentarr Contains information on the comment. * @return int Comment was updated if value is 1, or was not updated if value is 0. */ function hq_update_comment($commentarr) { global $hqdb; // First, get all of the original fields $comment = get_comment($commentarr['comment_ID'], ARRAY_A); if (empty($comment)) { return 0; } // Make sure that the comment post ID is valid (if specified). if (isset($commentarr['comment_post_ID']) && !get_post($commentarr['comment_post_ID'])) { return 0; } // Escape data pulled from DB. $comment = hq_slash($comment); $old_status = $comment['comment_approved']; // Merge old and new fields with new fields overwriting old ones. $commentarr = array_merge($comment, $commentarr); $commentarr = hq_filter_comment($commentarr); // Now extract the merged array. $data = hq_unslash($commentarr); /** * Filter the comment content before it is updated in the database. * * @since 0.0.1 * * @param string $comment_content The comment data. */ $data['comment_content'] = apply_filters('comment_save_pre', $data['comment_content']); $data['comment_date_gmt'] = get_gmt_from_date($data['comment_date']); if (!isset($data['comment_approved'])) { $data['comment_approved'] = 1; } elseif ('hold' == $data['comment_approved']) { $data['comment_approved'] = 0; } elseif ('approve' == $data['comment_approved']) { $data['comment_approved'] = 1; } $comment_ID = $data['comment_ID']; $comment_post_ID = $data['comment_post_ID']; $keys = array('comment_post_ID', 'comment_content', 'comment_author', 'comment_author_email', 'comment_approved', 'comment_karma', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_type', 'comment_parent', 'user_id'); $data = hq_array_slice_assoc($data, $keys); $rval = $hqdb->update($hqdb->comments, $data, compact('comment_ID')); clean_comment_cache($comment_ID); hq_update_comment_count($comment_post_ID); /** * Fires immediately after a comment is updated in the database. * * The hook also fires immediately before comment status transition hooks are fired. * * @since 0.0.1 * * @param int $comment_ID The comment ID. */ do_action('edit_comment', $comment_ID); $comment = get_comment($comment_ID); hq_transition_comment_status($comment->comment_approved, $old_status, $comment); return $rval; }
/** * Retrieve original referer that was posted, if it exists. * * @since 0.0.1 * * @return string|false False if no original referer or original referer if set. */ function hq_get_original_referer() { if (!empty($_REQUEST['_hq_original_http_referer']) && function_exists('hq_validate_redirect')) { return hq_validate_redirect(hq_unslash($_REQUEST['_hq_original_http_referer']), false); } return false; }
/** * Display installer setup form. * * @since 2.8.0 * * @param string|null $error */ function display_setup_form($error = null) { global $hqdb; $sql = $hqdb->prepare("SHOW TABLES LIKE %s", $hqdb->esc_like($hqdb->users)); $user_table = $hqdb->get_var($sql) != null; // Ensure that Blogs appear in search engines by default. $blog_public = 1; if (isset($_POST['weblog_title'])) { $blog_public = isset($_POST['blog_public']); } $weblog_title = isset($_POST['weblog_title']) ? trim(hq_unslash($_POST['weblog_title'])) : ''; $user_name = isset($_POST['user_name']) ? trim(hq_unslash($_POST['user_name'])) : ''; $admin_email = isset($_POST['admin_email']) ? trim(hq_unslash($_POST['admin_email'])) : ''; if (!is_null($error)) { ?> <p class="message"><?php echo $error; ?> </p> <?php } ?> <form id="setup" method="post" action="install.php?step=2" novalidate="novalidate"> <table class="form-table"> <tr> <th scope="row"><label for="weblog_title"><?php _e('Site Title'); ?> </label></th> <td><input name="weblog_title" type="text" id="weblog_title" size="25" value="<?php echo esc_attr($weblog_title); ?> " /></td> </tr> <tr> <th scope="row"><label for="user_login"><?php _e('Username'); ?> </label></th> <td> <?php if ($user_table) { _e('User(s) already exists.'); echo '<input name="user_name" type="hidden" value="admin" />'; } else { ?> <input name="user_name" type="text" id="user_login" size="25" value="<?php echo esc_attr(sanitize_user($user_name, true)); ?> " /> <p><?php _e('Usernames can have only alphanumeric characters, spaces, underscores, hyphens, periods, and the @ symbol.'); ?> </p> <?php } ?> </td> </tr> <?php if (!$user_table) { ?> <tr class="form-field form-required user-pass1-wrap"> <th scope="row"> <label for="pass1"> <?php _e('Password'); ?> </label> </th> <td> <div class=""> <?php $initial_password = isset($_POST['admin_password']) ? stripslashes($_POST['admin_password']) : hq_generate_password(18); ?> <input type="password" name="admin_password" id="pass1" class="regular-text" autocomplete="off" data-reveal="1" data-pw="<?php echo esc_attr($initial_password); ?> " aria-describedby="pass-strength-result" /> <button type="button" class="button button-secondary hq-hide-pw hide-if-no-js" data-start-masked="<?php echo (int) isset($_POST['admin_password']); ?> " data-toggle="0" aria-label="<?php esc_attr_e('Hide password'); ?> "> <span class="dashicons dashicons-hidden"></span> <span class="text"><?php _e('Hide'); ?> </span> </button> <div id="pass-strength-result" aria-live="polite"></div> </div> <p><span class="description important hide-if-no-js"> <strong><?php _e('Important:'); ?> </strong> <?php /* translators: The non-breaking space prevents 1Password from thinking the text "log in" should trigger a password save prompt. */ ?> <?php _e('You will need this password to log in. Please store it in a secure location.'); ?> </span></p> </td> </tr> <tr class="form-field form-required user-pass2-wrap hide-if-js"> <th scope="row"> <label for="pass2"><?php _e('Repeat Password'); ?> <span class="description"><?php _e('(required)'); ?> </span> </label> </th> <td> <input name="admin_password2" type="password" id="pass2" autocomplete="off" /> </td> </tr> <tr class="pw-weak"> <th scope="row"><?php _e('Confirm Password'); ?> </th> <td> <label> <input type="checkbox" name="pw_weak" class="pw-checkbox" /> <?php _e('Confirm use of weak password'); ?> </label> </td> </tr> <?php } ?> <tr> <th scope="row"><label for="admin_email"><?php _e('Your E-mail'); ?> </label></th> <td><input name="admin_email" type="email" id="admin_email" size="25" value="<?php echo esc_attr($admin_email); ?> " /> <p><?php _e('Double-check your email address before continuing.'); ?> </p></td> </tr> <tr> <th scope="row"><?php _e('Privacy'); ?> </th> <td colspan="2"><label><input type="checkbox" name="blog_public" id="blog_public" value="1" <?php checked($blog_public); ?> /> <?php _e('Allow search engines to index this site'); ?> </label></td> </tr> </table> <p class="step"><?php submit_button(__('Install HiveQueen'), 'large', 'Submit', false, array('id' => 'submit')); ?> </p> <input type="hidden" name="language" value="<?php echo isset($_REQUEST['language']) ? esc_attr($_REQUEST['language']) : ''; ?> " /> </form> <?php }
/** * Insert a user into the database. * * Most of the `$userdata` array fields have filters associated with the values. Exceptions are * 'ID', 'rich_editing', 'comment_shortcuts', 'admin_color', 'use_ssl', * 'user_registered', and 'role'. The filters have the prefix 'pre_user_' followed by the field * name. An example using 'description' would have the filter called, 'pre_user_description' that * can be hooked into. * * @since 0.0.1 * * @global hqdb $hqdb HiveQueen database object for queries. * * @param array|object|HQ_User $userdata { * An array, object, or HQ_User object of user data arguments. * * @type int $ID User ID. If supplied, the user will be updated. * @type string $user_pass The plain-text user password. * @type string $user_login The user's login username. * @type string $user_nicename The URL-friendly user name. * @type string $user_url The user URL. * @type string $user_email The user email address. * @type string $display_name The user's display name. * Default is the the user's username. * @type string $nickname The user's nickname. * Default is the the user's username. * @type string $first_name The user's first name. For new users, will be used * to build the first part of the user's display name * if `$display_name` is not specified. * @type string $last_name The user's last name. For new users, will be used * to build the second part of the user's display name * if `$display_name` is not specified. * @type string $description The user's biographical description. * @type string|bool $rich_editing Whether to enable the rich-editor for the user. * False if not empty. * @type string|bool $comment_shortcuts Whether to enable comment moderation keyboard * shortcuts for the user. Default false. * @type string $admin_color Admin color scheme for the user. Default 'fresh'. * @type bool $use_ssl Whether the user should always access the admin over * https. Default false. * @type string $user_registered Date the user registered. Format is 'Y-m-d H:i:s'. * @type string|bool $show_admin_bar_front Whether to display the Admin Bar for the user on the * site's frontend. Default true. * @type string $role User's role. * } * @return int|HQ_Error The newly created user's ID or a HQ_Error object if the user could not * be created. */ function hq_insert_user($userdata) { global $hqdb; if ($userdata instanceof stdClass) { $userdata = get_object_vars($userdata); } elseif ($userdata instanceof HQ_User) { $userdata = $userdata->to_array(); } // Are we updating or creating? if (!empty($userdata['ID'])) { $ID = (int) $userdata['ID']; $update = true; $old_user_data = HQ_User::get_data_by('id', $ID); // hashed in hq_update_user(), plaintext if called directly $user_pass = $userdata['user_pass']; } else { $update = false; // Hash the password $user_pass = hq_hash_password($userdata['user_pass']); } $sanitized_user_login = sanitize_user($userdata['user_login'], true); /** * Filter a username after it has been sanitized. * * This filter is called before the user is created or updated. * * @since 0.0.1 * * @param string $sanitized_user_login Username after it has been sanitized. */ $pre_user_login = apply_filters('pre_user_login', $sanitized_user_login); //Remove any non-printable chars from the login string to see if we have ended up with an empty username $user_login = trim($pre_user_login); if (empty($user_login)) { return new HQ_Error('empty_user_login', __('Cannot create a user with an empty login name.')); } if (!$update && username_exists($user_login)) { return new HQ_Error('existing_user_login', __('Sorry, that username already exists!')); } // If a nicename is provided, remove unsafe user characters before // using it. Otherwise build a nicename from the user_login. if (!empty($userdata['user_nicename'])) { $user_nicename = sanitize_user($userdata['user_nicename'], true); } else { $user_nicename = $user_login; } $user_nicename = sanitize_title($user_nicename); // Store values to save in user meta. $meta = array(); /** * Filter a user's nicename before the user is created or updated. * * @since 0.0.1 * * @param string $user_nicename The user's nicename. */ $user_nicename = apply_filters('pre_user_nicename', $user_nicename); $raw_user_url = empty($userdata['user_url']) ? '' : $userdata['user_url']; /** * Filter a user's URL before the user is created or updated. * * @since 0.0.1 * * @param string $raw_user_url The user's URL. */ $user_url = apply_filters('pre_user_url', $raw_user_url); $raw_user_email = empty($userdata['user_email']) ? '' : $userdata['user_email']; /** * Filter a user's email before the user is created or updated. * * @since 0.0.1 * * @param string $raw_user_email The user's email. */ $user_email = apply_filters('pre_user_email', $raw_user_email); /* * If there is no update, just check for `email_exists`. If there is an update, * check if current email and new email are the same, or not, and check `email_exists` * accordingly. */ if ((!$update || !empty($old_user_data) && 0 !== strcasecmp($user_email, $old_user_data->user_email)) && !defined('HQ_IMPORTING') && email_exists($user_email)) { return new HQ_Error('existing_user_email', __('Sorry, that email address is already used!')); } $nickname = empty($userdata['nickname']) ? $user_login : $userdata['nickname']; /** * Filter a user's nickname before the user is created or updated. * * @since 0.0.1 * * @param string $nickname The user's nickname. */ $meta['nickname'] = apply_filters('pre_user_nickname', $nickname); $first_name = empty($userdata['first_name']) ? '' : $userdata['first_name']; /** * Filter a user's first name before the user is created or updated. * * @since 0.0.1 * * @param string $first_name The user's first name. */ $meta['first_name'] = apply_filters('pre_user_first_name', $first_name); $last_name = empty($userdata['last_name']) ? '' : $userdata['last_name']; /** * Filter a user's last name before the user is created or updated. * * @since 0.0.1 * * @param string $last_name The user's last name. */ $meta['last_name'] = apply_filters('pre_user_last_name', $last_name); if (empty($userdata['display_name'])) { if ($update) { $display_name = $user_login; } elseif ($meta['first_name'] && $meta['last_name']) { /* translators: 1: first name, 2: last name */ $display_name = sprintf(_x('%1$s %2$s', 'Display name based on first name and last name'), $meta['first_name'], $meta['last_name']); } elseif ($meta['first_name']) { $display_name = $meta['first_name']; } elseif ($meta['last_name']) { $display_name = $meta['last_name']; } else { $display_name = $user_login; } } else { $display_name = $userdata['display_name']; } /** * Filter a user's display name before the user is created or updated. * * @since 0.0.1 * * @param string $display_name The user's display name. */ $display_name = apply_filters('pre_user_display_name', $display_name); $description = empty($userdata['description']) ? '' : $userdata['description']; /** * Filter a user's description before the user is created or updated. * * @since 0.0.1 * * @param string $description The user's description. */ $meta['description'] = apply_filters('pre_user_description', $description); $meta['rich_editing'] = empty($userdata['rich_editing']) ? 'true' : $userdata['rich_editing']; $meta['comment_shortcuts'] = empty($userdata['comment_shortcuts']) || 'false' === $userdata['comment_shortcuts'] ? 'false' : 'true'; $admin_color = empty($userdata['admin_color']) ? 'fresh' : $userdata['admin_color']; $meta['admin_color'] = preg_replace('|[^a-z0-9 _.\\-@]|i', '', $admin_color); $meta['use_ssl'] = empty($userdata['use_ssl']) ? 0 : $userdata['use_ssl']; $user_registered = empty($userdata['user_registered']) ? gmdate('Y-m-d H:i:s') : $userdata['user_registered']; $meta['show_admin_bar_front'] = empty($userdata['show_admin_bar_front']) ? 'true' : $userdata['show_admin_bar_front']; $user_nicename_check = $hqdb->get_var($hqdb->prepare("SELECT ID FROM {$hqdb->users} WHERE user_nicename = %s AND user_login != %s LIMIT 1", $user_nicename, $user_login)); if ($user_nicename_check) { $suffix = 2; while ($user_nicename_check) { $alt_user_nicename = $user_nicename . "-{$suffix}"; $user_nicename_check = $hqdb->get_var($hqdb->prepare("SELECT ID FROM {$hqdb->users} WHERE user_nicename = %s AND user_login != %s LIMIT 1", $alt_user_nicename, $user_login)); $suffix++; } $user_nicename = $alt_user_nicename; } $compacted = compact('user_pass', 'user_email', 'user_url', 'user_nicename', 'display_name', 'user_registered'); $data = hq_unslash($compacted); if ($update) { if ($user_email !== $old_user_data->user_email) { $data['user_activation_key'] = ''; } $hqdb->update($hqdb->users, $data, compact('ID')); $user_id = (int) $ID; } else { $hqdb->insert($hqdb->users, $data + compact('user_login')); $user_id = (int) $hqdb->insert_id; } $user = new HQ_User($user_id); // Update user meta. foreach ($meta as $key => $value) { update_user_meta($user_id, $key, $value); } foreach (hq_get_user_contact_methods($user) as $key => $value) { if (isset($userdata[$key])) { update_user_meta($user_id, $key, $userdata[$key]); } } if (isset($userdata['role'])) { $user->set_role($userdata['role']); } elseif (!$update) { $user->set_role(get_option('default_role')); } //TODO: Goyo no cache //hq_cache_delete( $user_id, 'users' ); //hq_cache_delete( $user_login, 'userlogins' ); if ($update) { /** * Fires immediately after an existing user is updated. * * @since 0.0.1 * * @param int $user_id User ID. * @param object $old_user_data Object containing user's data prior to update. */ do_action('profile_update', $user_id, $old_user_data); } else { /** * Fires immediately after a new user is registered. * * @since 0.0.1 * * @param int $user_id User ID. */ do_action('user_register', $user_id); } return $user_id; }
<p><?php _e('The update process may take a little while, so please be patient.'); ?> </p> <p class="step"><a class="button button-large" href="upgrade.php?step=1&backto=<?php echo $goback; ?> "><?php _e('Update HiveQueen Database'); ?> </a></p> <?php break; case 1: hq_upgrade(); $backto = !empty($_GET['backto']) ? hq_unslash(urldecode($_GET['backto'])) : __get_option('home') . '/'; $backto = esc_url($backto); $backto = hq_validate_redirect($backto, __get_option('home') . '/'); ?> <h2><?php _e('Update Complete'); ?> </h2> <p><?php _e('Your HiveQueen database has been successfully updated!'); ?> </p> <p class="step"><a class="button button-large" href="<?php echo $backto; ?> "><?php
/** * Display the search query. * * A simple wrapper to display the "s" parameter in a GET URI. This function * should only be used when {@link the_search_query()} cannot. * * @since 0.0.1 */ function _admin_search_query() { echo isset($_REQUEST['s']) ? esc_attr(hq_unslash($_REQUEST['s'])) : ''; }
* $pagenow is set in vars.php * $hq_importers is sometimes set in hq-admin/includes/import.php * The remaining variables are imported as globals elsewhere, declared as globals here * * @global string $pagenow * @global array $hq_importers * @global string $hook_suffix * @global string $plugin_page * @global string $typenow * @global string $taxnow */ global $pagenow, $hq_importers, $hook_suffix, $plugin_page, $typenow, $taxnow; $page_hook = null; $editing = false; if (isset($_GET['page'])) { $plugin_page = hq_unslash($_GET['page']); $plugin_page = plugin_basename($plugin_page); } if (isset($_REQUEST['post_type']) && post_type_exists($_REQUEST['post_type'])) { $typenow = $_REQUEST['post_type']; } else { $typenow = ''; } if (isset($_REQUEST['taxonomy']) && taxonomy_exists($_REQUEST['taxonomy'])) { $taxnow = $_REQUEST['taxonomy']; } else { $taxnow = ''; } if (HQ_NETWORK_ADMIN) { require ABSPATH . 'hq-admin/network/menu.php'; } elseif (HQ_USER_ADMIN) {
/** * Delete metadata for the specified object. * * @since 0.0.1 * * @global hqdb $hqdb HiveQueen database abstraction object. * * @param string $meta_type Type of object metadata is for (e.g., comment, post, or user) * @param int $object_id ID of the object metadata is for * @param string $meta_key Metadata key * @param mixed $meta_value Optional. Metadata value. Must be serializable if non-scalar. If specified, only delete * metadata entries with this value. Otherwise, delete all entries with the specified meta_key. * Pass `null, `false`, or an empty string to skip this check. (For backward compatibility, * it is not possible to pass an empty string to delete those entries with an empty string * for a value.) * @param bool $delete_all Optional, default is false. If true, delete matching metadata entries for all objects, * ignoring the specified object_id. Otherwise, only delete matching metadata entries for * the specified object_id. * @return bool True on successful delete, false on failure. */ function delete_metadata($meta_type, $object_id, $meta_key, $meta_value = '', $delete_all = false) { global $hqdb; if (!$meta_type || !$meta_key || !is_numeric($object_id) && !$delete_all) { return false; } $object_id = absint($object_id); if (!$object_id && !$delete_all) { return false; } $table = _get_meta_table($meta_type); if (!$table) { return false; } $type_column = sanitize_key($meta_type . '_id'); $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; // expected_slashed ($meta_key) $meta_key = hq_unslash($meta_key); $meta_value = hq_unslash($meta_value); /** * Filter whether to delete metadata of a specific type. * * The dynamic portion of the hook, `$meta_type`, refers to the meta * object type (comment, post, or user). Returning a non-null value * will effectively short-circuit the function. * * @since 0.0.1 * * @param null|bool $delete Whether to allow metadata deletion of the given type. * @param int $object_id Object ID. * @param string $meta_key Meta key. * @param mixed $meta_value Meta value. Must be serializable if non-scalar. * @param bool $delete_all Whether to delete the matching metadata entries * for all objects, ignoring the specified $object_id. * Default false. */ $check = apply_filters("delete_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $delete_all); if (null !== $check) { return (bool) $check; } $_meta_value = $meta_value; $meta_value = maybe_serialize($meta_value); $query = $hqdb->prepare("SELECT {$id_column} FROM {$table} WHERE meta_key = %s", $meta_key); if (!$delete_all) { $query .= $hqdb->prepare(" AND {$type_column} = %d", $object_id); } if ('' !== $meta_value && null !== $meta_value && false !== $meta_value) { $query .= $hqdb->prepare(" AND meta_value = %s", $meta_value); } $meta_ids = $hqdb->get_col($query); if (!count($meta_ids)) { return false; } if ($delete_all) { $object_ids = $hqdb->get_col($hqdb->prepare("SELECT {$type_column} FROM {$table} WHERE meta_key = %s", $meta_key)); } /** * Fires immediately before deleting metadata of a specific type. * * The dynamic portion of the hook, `$meta_type`, refers to the meta * object type (comment, post, or user). * * @since 0.0.1 * * @param array $meta_ids An array of metadata entry IDs to delete. * @param int $object_id Object ID. * @param string $meta_key Meta key. * @param mixed $meta_value Meta value. */ do_action("delete_{$meta_type}_meta", $meta_ids, $object_id, $meta_key, $_meta_value); // Old-style action. if ('post' == $meta_type) { /** * Fires immediately before deleting metadata for a post. * * @since 0.0.1 * * @param array $meta_ids An array of post metadata entry IDs to delete. */ do_action('delete_postmeta', $meta_ids); } $query = "DELETE FROM {$table} WHERE {$id_column} IN( " . implode(',', $meta_ids) . " )"; $count = $hqdb->query($query); if (!$count) { return false; } //TODO: Goyo no cache //if ( $delete_all ) { // foreach ( (array) $object_ids as $o_id ) { // hq_cache_delete($o_id, $meta_type . '_meta'); // } //} else { // hq_cache_delete($object_id, $meta_type . '_meta'); //} /** * Fires immediately after deleting metadata of a specific type. * * The dynamic portion of the hook name, `$meta_type`, refers to the meta * object type (comment, post, or user). * * @since 0.0.1 * * @param array $meta_ids An array of deleted metadata entry IDs. * @param int $object_id Object ID. * @param string $meta_key Meta key. * @param mixed $meta_value Meta value. */ do_action("deleted_{$meta_type}_meta", $meta_ids, $object_id, $meta_key, $_meta_value); // Old-style action. if ('post' == $meta_type) { /** * Fires immediately after deleting metadata for a post. * * @since 0.0.1 * * @param array $meta_ids An array of deleted post metadata entry IDs. */ do_action('deleted_postmeta', $meta_ids); } return true; }
/** * Generate a session token and attach session information to it. * * A session token is a long, random string. It is used in a cookie * link that cookie to an expiration time and to ensure the cookie * becomes invalidated upon logout. * * This function generates a token and stores it with the associated * expiration time (and potentially other session information via the * `attach_session_information` filter). * * @since 0.0.1 * @access public * * @param int $expiration Session expiration timestamp. * @return string Session token. */ public final function create($expiration) { /** * Filter the information attached to the newly created session. * * Could be used in the future to attach information such as * IP address or user agent to a session. * * @since 0.0.1 * * @param array $session Array of extra data. * @param int $user_id User ID. */ $session = apply_filters('attach_session_information', array(), $this->user_id); $session['expiration'] = $expiration; // IP address. if (!empty($_SERVER['REMOTE_ADDR'])) { $session['ip'] = $_SERVER['REMOTE_ADDR']; } // User-agent. if (!empty($_SERVER['HTTP_USER_AGENT'])) { $session['ua'] = hq_unslash($_SERVER['HTTP_USER_AGENT']); } // Timestamp $session['login'] = time(); $token = hq_generate_password(43, false, false); $this->update($token, $session); return $token; }
/** * Retrieve a list of pages. * * @global hqdb $hqdb HiveQueen database abstraction object. * * @since 0.0.1 * * @param array|string $args { * Optional. Array or string of arguments to retrieve pages. * * @type int $child_of Page ID to return child and grandchild pages of. * Default 0, or no restriction. * @type string $sort_order How to sort retrieved pages. Accepts 'ASC', 'DESC'. Default 'ASC'. * @type string $sort_column What columns to sort pages by, comma-separated. Accepts 'post_author', * 'post_date', 'post_title', 'post_name', 'post_modified', 'menu_order', * 'post_modified_gmt', 'post_parent', 'ID', 'rand', 'comment_count'. * 'post_' can be omitted for any values that start with it. * Default 'post_title'. * @type bool $hierarchical Whether to return pages hierarchically. Default true. * @type array $exclude Array of page IDs to exclude. Default empty array. * @type array $include Array of page IDs to include. Cannot be used with `$child_of`, * `$parent`, `$exclude`, `$meta_key`, `$meta_value`, or `$hierarchical`. * Default empty array. * @type string $meta_key Only include pages with this meta key. Default empty. * @type string $meta_value Only include pages with this meta value. Requires `$meta_key`. * Default empty. * @type string $authors A comma-separated list of author IDs. Default empty. * @type int $parent Page ID to return direct children of. `$hierarchical` must be false. * Default -1, or no restriction. * @type string|array $exclude_tree Comma-separated string or array of page IDs to exclude. * Default empty array. * @type int $number The number of pages to return. Default 0, or all pages. * @type int $offset The number of pages to skip before returning. Requires `$number`. * Default 0. * @type string $post_type The post type to query. Default 'page'. * @type string $post_status A comma-separated list of post status types to include. * Default 'publish'. * } * @return array|false List of pages matching defaults or `$args`. */ function get_pages($args = array()) { global $hqdb; $defaults = array('child_of' => 0, 'sort_order' => 'ASC', 'sort_column' => 'post_title', 'hierarchical' => 1, 'exclude' => array(), 'include' => array(), 'meta_key' => '', 'meta_value' => '', 'authors' => '', 'parent' => -1, 'exclude_tree' => array(), 'number' => '', 'offset' => 0, 'post_type' => 'page', 'post_status' => 'publish'); $r = hq_parse_args($args, $defaults); $number = (int) $r['number']; $offset = (int) $r['offset']; $child_of = (int) $r['child_of']; $hierarchical = $r['hierarchical']; $exclude = $r['exclude']; $meta_key = $r['meta_key']; $meta_value = $r['meta_value']; $parent = $r['parent']; $post_status = $r['post_status']; // Make sure the post type is hierarchical. $hierarchical_post_types = get_post_types(array('hierarchical' => true)); if (!in_array($r['post_type'], $hierarchical_post_types)) { return false; } if ($parent > 0 && !$child_of) { $hierarchical = false; } // Make sure we have a valid post status. if (!is_array($post_status)) { $post_status = explode(',', $post_status); } if (array_diff($post_status, get_post_stati())) { return false; } // $args can be whatever, only use the args defined in defaults to compute the key. $key = md5(serialize(hq_array_slice_assoc($r, array_keys($defaults)))); $last_changed = hq_cache_get('last_changed', 'posts'); if (!$last_changed) { $last_changed = microtime(); hq_cache_set('last_changed', $last_changed, 'posts'); } $cache_key = "get_pages:{$key}:{$last_changed}"; if ($cache = hq_cache_get($cache_key, 'posts')) { // Convert to HQ_Post instances. $pages = array_map('get_post', $cache); /** This filter is documented in hq-includes/post.php */ $pages = apply_filters('get_pages', $pages, $r); return $pages; } $inclusions = ''; if (!empty($r['include'])) { $child_of = 0; //ignore child_of, parent, exclude, meta_key, and meta_value params if using include $parent = -1; $exclude = ''; $meta_key = ''; $meta_value = ''; $hierarchical = false; $incpages = hq_parse_id_list($r['include']); if (!empty($incpages)) { $inclusions = ' AND ID IN (' . implode(',', $incpages) . ')'; } } $exclusions = ''; if (!empty($exclude)) { $expages = hq_parse_id_list($exclude); if (!empty($expages)) { $exclusions = ' AND ID NOT IN (' . implode(',', $expages) . ')'; } } $author_query = ''; if (!empty($r['authors'])) { $post_authors = preg_split('/[\\s,]+/', $r['authors']); if (!empty($post_authors)) { foreach ($post_authors as $post_author) { //Do we have an author id or an author login? if (0 == intval($post_author)) { $post_author = get_user_by('login', $post_author); if (empty($post_author)) { continue; } if (empty($post_author->ID)) { continue; } $post_author = $post_author->ID; } if ('' == $author_query) { $author_query = $hqdb->prepare(' post_author = %d ', $post_author); } else { $author_query .= $hqdb->prepare(' OR post_author = %d ', $post_author); } } if ('' != $author_query) { $author_query = " AND ({$author_query})"; } } } $join = ''; $where = "{$exclusions} {$inclusions} "; if ('' !== $meta_key || '' !== $meta_value) { $join = " LEFT JOIN {$hqdb->postmeta} ON ( {$hqdb->posts}.ID = {$hqdb->postmeta}.post_id )"; // meta_key and meta_value might be slashed $meta_key = hq_unslash($meta_key); $meta_value = hq_unslash($meta_value); if ('' !== $meta_key) { $where .= $hqdb->prepare(" AND {$hqdb->postmeta}.meta_key = %s", $meta_key); } if ('' !== $meta_value) { $where .= $hqdb->prepare(" AND {$hqdb->postmeta}.meta_value = %s", $meta_value); } } if (is_array($parent)) { $post_parent__in = implode(',', array_map('absint', (array) $parent)); if (!empty($post_parent__in)) { $where .= " AND post_parent IN ({$post_parent__in})"; } } elseif ($parent >= 0) { $where .= $hqdb->prepare(' AND post_parent = %d ', $parent); } if (1 == count($post_status)) { $where_post_type = $hqdb->prepare("post_type = %s AND post_status = %s", $r['post_type'], reset($post_status)); } else { $post_status = implode("', '", $post_status); $where_post_type = $hqdb->prepare("post_type = %s AND post_status IN ('{$post_status}')", $r['post_type']); } $orderby_array = array(); $allowed_keys = array('author', 'post_author', 'date', 'post_date', 'title', 'post_title', 'name', 'post_name', 'modified', 'post_modified', 'modified_gmt', 'post_modified_gmt', 'menu_order', 'parent', 'post_parent', 'ID', 'rand', 'comment_count'); foreach (explode(',', $r['sort_column']) as $orderby) { $orderby = trim($orderby); if (!in_array($orderby, $allowed_keys)) { continue; } switch ($orderby) { case 'menu_order': break; case 'ID': $orderby = "{$hqdb->posts}.ID"; break; case 'rand': $orderby = 'RAND()'; break; case 'comment_count': $orderby = "{$hqdb->posts}.comment_count"; break; default: if (0 === strpos($orderby, 'post_')) { $orderby = "{$hqdb->posts}." . $orderby; } else { $orderby = "{$hqdb->posts}.post_" . $orderby; } } $orderby_array[] = $orderby; } $sort_column = !empty($orderby_array) ? implode(',', $orderby_array) : "{$hqdb->posts}.post_title"; $sort_order = strtoupper($r['sort_order']); if ('' !== $sort_order && !in_array($sort_order, array('ASC', 'DESC'))) { $sort_order = 'ASC'; } $query = "SELECT * FROM {$hqdb->posts} {$join} WHERE ({$where_post_type}) {$where} "; $query .= $author_query; $query .= " ORDER BY " . $sort_column . " " . $sort_order; if (!empty($number)) { $query .= ' LIMIT ' . $offset . ',' . $number; } $pages = $hqdb->get_results($query); if (empty($pages)) { /** This filter is documented in hq-includes/post.php */ $pages = apply_filters('get_pages', array(), $r); return $pages; } // Sanitize before caching so it'll only get done once. $num_pages = count($pages); for ($i = 0; $i < $num_pages; $i++) { $pages[$i] = sanitize_post($pages[$i], 'raw'); } // Update cache. update_post_cache($pages); if ($child_of || $hierarchical) { $pages = get_page_children($child_of, $pages); } if (!empty($r['exclude_tree'])) { $exclude = hq_parse_id_list($r['exclude_tree']); foreach ($exclude as $id) { $children = get_page_children($id, $pages); foreach ($children as $child) { $exclude[] = $child->ID; } } $num_pages = count($pages); for ($i = 0; $i < $num_pages; $i++) { if (in_array($pages[$i]->ID, $exclude)) { unset($pages[$i]); } } } $page_structure = array(); foreach ($pages as $page) { $page_structure[] = $page->ID; } hq_cache_set($cache_key, $page_structure, 'posts'); // Convert to HQ_Post instances $pages = array_map('get_post', $pages); /** * Filter the retrieved list of pages. * * @since 0.0.1 * * @param array $pages List of pages to retrieve. * @param array $r Array of get_pages() arguments. */ return apply_filters('get_pages', $pages, $r); }
/** * Send additional HTTP headers for caching, content type, etc. * * Sets the X-Pingback header, 404 status (if 404), Content-type. If showing * a feed, it will also send last-modified, etag, and 304 status if needed. * * @since 0.0.1 */ public function send_headers() { $headers = array('X-Pingback' => get_bloginfo('pingback_url')); $status = null; $exit_required = false; if (is_user_logged_in()) { $headers = array_merge($headers, hq_get_nocache_headers()); } if (!empty($this->query_vars['error'])) { $status = (int) $this->query_vars['error']; if (404 === $status) { if (!is_user_logged_in()) { $headers = array_merge($headers, hq_get_nocache_headers()); } $headers['Content-Type'] = get_option('html_type') . '; charset=' . get_option('blog_charset'); } elseif (in_array($status, array(403, 500, 502, 503))) { $exit_required = true; } } elseif (empty($this->query_vars['feed'])) { $headers['Content-Type'] = get_option('html_type') . '; charset=' . get_option('blog_charset'); } else { // We're showing a feed, so HQ is indeed the only thing that last changed //TODO: Goyo no commnets //if ( !empty($this->query_vars['withcomments']) // || false !== strpos( $this->query_vars['feed'], 'comments-' ) // || ( empty($this->query_vars['withoutcomments']) // && ( !empty($this->query_vars['p']) // || !empty($this->query_vars['name']) // || !empty($this->query_vars['page_id']) // || !empty($this->query_vars['pagename']) // || !empty($this->query_vars['attachment']) // || !empty($this->query_vars['attachment_id']) // ) // ) //) // $hq_last_modified = mysql2date('D, d M Y H:i:s', get_lastcommentmodified('GMT'), 0).' GMT'; //else $hq_last_modified = mysql2date('D, d M Y H:i:s', get_lastpostmodified('GMT'), 0) . ' GMT'; $hq_etag = '"' . md5($hq_last_modified) . '"'; $headers['Last-Modified'] = $hq_last_modified; $headers['ETag'] = $hq_etag; // Support for Conditional GET if (isset($_SERVER['HTTP_IF_NONE_MATCH'])) { $client_etag = hq_unslash($_SERVER['HTTP_IF_NONE_MATCH']); } else { $client_etag = false; } $client_last_modified = empty($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? '' : trim($_SERVER['HTTP_IF_MODIFIED_SINCE']); // If string is empty, return 0. If not, attempt to parse into a timestamp $client_modified_timestamp = $client_last_modified ? strtotime($client_last_modified) : 0; // Make a timestamp for our most recent modification... $hq_modified_timestamp = strtotime($hq_last_modified); if ($client_last_modified && $client_etag ? $client_modified_timestamp >= $hq_modified_timestamp && $client_etag == $hq_etag : $client_modified_timestamp >= $hq_modified_timestamp || $client_etag == $hq_etag) { $status = 304; $exit_required = true; } } /** * Filter the HTTP headers before they're sent to the browser. * * @since 0.0.1 * * @param array $headers The list of headers to be sent. * @param HQ $this Current HiveQueen environment instance. */ $headers = apply_filters('hq_headers', $headers, $this); if (!empty($status)) { status_header($status); } // If Last-Modified is set to false, it should not be sent (no-cache situation). if (isset($headers['Last-Modified']) && false === $headers['Last-Modified']) { unset($headers['Last-Modified']); // In PHP 5.3+, make sure we are not sending a Last-Modified header. if (function_exists('header_remove')) { @header_remove('Last-Modified'); } else { // In PHP 5.2, send an empty Last-Modified header, but only as a foreach (headers_list() as $header) { if (0 === stripos($header, 'Last-Modified')) { $headers['Last-Modified'] = ''; break; } } } } foreach ((array) $headers as $name => $field_value) { @header("{$name}: {$field_value}"); } if ($exit_required) { exit; } /** * Fires once the requested HTTP headers for caching, content type, etc. have been sent. * * @since 0.0.1 * * @param HQ &$this Current HiveQueen environment instance (passed by reference). */ do_action_ref_array('send_headers', array(&$this)); }
/** * Displays a form to the user to request for their FTP/SSH details in order * to connect to the filesystem. * * All chosen/entered details are saved, Excluding the Password. * * Hostnames may be in the form of hostname:portnumber (eg: wordpress.org:2467) * to specify an alternate FTP/SSH port. * * Plugins may override this form by returning true|false via the * {@see 'request_filesystem_credentials'} filter. * * @since 0.0.1 * * @todo Properly mark optional arguments as such * * @param string $form_post the URL to post the form to * @param string $type the chosen Filesystem method in use * @param bool $error if the current request has failed to connect * @param string $context The directory which is needed access to, The write-test will be performed on this directory by get_filesystem_method() * @param array $extra_fields Extra POST fields which should be checked for to be included in the post. * @param bool $allow_relaxed_file_ownership Whether to allow Group/World writable. * @return bool False on failure. True on success. */ function request_filesystem_credentials($form_post, $type = '', $error = false, $context = false, $extra_fields = null, $allow_relaxed_file_ownership = false) { /** * Filter the filesystem credentials form output. * * Returning anything other than an empty string will effectively short-circuit * output of the filesystem credentials form, returning that value instead. * * @since 0.0.1 * * @param mixed $output Form output to return instead. Default empty. * @param string $form_post URL to POST the form to. * @param string $type Chosen type of filesystem. * @param bool $error Whether the current request has failed to connect. * Default false. * @param string $context Full path to the directory that is tested for * being writable. * @param bool $allow_relaxed_file_ownership Whether to allow Group/World writable. * @param array $extra_fields Extra POST fields. */ $req_cred = apply_filters('request_filesystem_credentials', '', $form_post, $type, $error, $context, $extra_fields, $allow_relaxed_file_ownership); if ('' !== $req_cred) { return $req_cred; } if (empty($type)) { $type = get_filesystem_method(array(), $context, $allow_relaxed_file_ownership); } if ('direct' == $type) { return true; } if (is_null($extra_fields)) { $extra_fields = array('version', 'locale'); } $credentials = get_option('ftp_credentials', array('hostname' => '', 'username' => '')); // If defined, set it to that, Else, If POST'd, set it to that, If not, Set it to whatever it previously was(saved details in option) $credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? hq_unslash($_POST['hostname']) : $credentials['hostname']); $credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? hq_unslash($_POST['username']) : $credentials['username']); $credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? hq_unslash($_POST['password']) : ''); // Check to see if we are setting the public/private keys for ssh $credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? hq_unslash($_POST['public_key']) : ''); $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? hq_unslash($_POST['private_key']) : ''); // Sanitize the hostname, Some people might pass in odd-data: $credentials['hostname'] = preg_replace('|\\w+://|', '', $credentials['hostname']); //Strip any schemes off if (strpos($credentials['hostname'], ':')) { list($credentials['hostname'], $credentials['port']) = explode(':', $credentials['hostname'], 2); if (!is_numeric($credentials['port'])) { unset($credentials['port']); } } else { unset($credentials['port']); } if (defined('FTP_SSH') && FTP_SSH || defined('FS_METHOD') && 'ssh2' == FS_METHOD) { $credentials['connection_type'] = 'ssh'; } elseif (defined('FTP_SSL') && FTP_SSL && 'ftpext' == $type) { //Only the FTP Extension understands SSL $credentials['connection_type'] = 'ftps'; } elseif (!empty($_POST['connection_type'])) { $credentials['connection_type'] = hq_unslash($_POST['connection_type']); } elseif (!isset($credentials['connection_type'])) { //All else fails (And it's not defaulted to something else saved), Default to FTP $credentials['connection_type'] = 'ftp'; } if (!$error && (!empty($credentials['password']) && !empty($credentials['username']) && !empty($credentials['hostname']) || 'ssh' == $credentials['connection_type'] && !empty($credentials['public_key']) && !empty($credentials['private_key']))) { $stored_credentials = $credentials; if (!empty($stored_credentials['port'])) { //save port as part of hostname to simplify above code. $stored_credentials['hostname'] .= ':' . $stored_credentials['port']; } unset($stored_credentials['password'], $stored_credentials['port'], $stored_credentials['private_key'], $stored_credentials['public_key']); if (!defined('HQ_INSTALLING')) { update_option('ftp_credentials', $stored_credentials); } return $credentials; } $hostname = isset($credentials['hostname']) ? $credentials['hostname'] : ''; $username = isset($credentials['username']) ? $credentials['username'] : ''; $public_key = isset($credentials['public_key']) ? $credentials['public_key'] : ''; $private_key = isset($credentials['private_key']) ? $credentials['private_key'] : ''; $port = isset($credentials['port']) ? $credentials['port'] : ''; $connection_type = isset($credentials['connection_type']) ? $credentials['connection_type'] : ''; if ($error) { $error_string = __('<strong>ERROR:</strong> There was an error connecting to the server, Please verify the settings are correct.'); if (is_hq_error($error)) { $error_string = esc_html($error->get_error_message()); } echo '<div id="message" class="error"><p>' . $error_string . '</p></div>'; } $types = array(); if (extension_loaded('ftp') || extension_loaded('sockets') || function_exists('fsockopen')) { $types['ftp'] = __('FTP'); } if (extension_loaded('ftp')) { //Only this supports FTPS $types['ftps'] = __('FTPS (SSL)'); } if (extension_loaded('ssh2') && function_exists('stream_get_contents')) { $types['ssh'] = __('SSH2'); } /** * Filter the connection types to output to the filesystem credentials form. * * @since 0.0.1 * * @param array $types Types of connections. * @param array $credentials Credentials to connect with. * @param string $type Chosen filesystem method. * @param object $error Error object. * @param string $context Full path to the directory that is tested * for being writable. */ $types = apply_filters('fs_ftp_connection_types', $types, $credentials, $type, $error, $context); ?> <script type="text/javascript"> <!-- jQuery(function($){ jQuery("#ssh").click(function () { jQuery("#ssh_keys").show(); }); jQuery("#ftp, #ftps").click(function () { jQuery("#ssh_keys").hide(); }); jQuery('#request-filesystem-credentials-form input[value=""]:first').focus(); }); --> </script> <form action="<?php echo esc_url($form_post); ?> " method="post"> <div id="request-filesystem-credentials-form" class="request-filesystem-credentials-form"> <h3 id="request-filesystem-credentials-title"><?php _e('Connection Information'); ?> </h3> <p id="request-filesystem-credentials-desc"><?php $label_user = __('Username'); $label_pass = __('Password'); _e('To perform the requested action, HiveQueen needs to access your web server.'); echo ' '; if (isset($types['ftp']) || isset($types['ftps'])) { if (isset($types['ssh'])) { _e('Please enter your FTP or SSH credentials to proceed.'); $label_user = __('FTP/SSH Username'); $label_pass = __('FTP/SSH Password'); } else { _e('Please enter your FTP credentials to proceed.'); $label_user = __('FTP Username'); $label_pass = __('FTP Password'); } echo ' '; } _e('If you do not remember your credentials, you should contact your web host.'); ?> </p> <label for="hostname"> <span class="field-title"><?php _e('Hostname'); ?> </span> <input name="hostname" type="text" id="hostname" aria-describedby="request-filesystem-credentials-desc" class="code" placeholder="<?php esc_attr_e('example: www.wordpress.org'); ?> " value="<?php echo esc_attr($hostname); if (!empty($port)) { echo ":{$port}"; } ?> "<?php disabled(defined('FTP_HOST')); ?> /> </label> <div class="ftp-username"> <label for="username"> <span class="field-title"><?php echo $label_user; ?> </span> <input name="username" type="text" id="username" value="<?php echo esc_attr($username); ?> "<?php disabled(defined('FTP_USER')); ?> /> </label> </div> <div class="ftp-password"> <label for="password"> <span class="field-title"><?php echo $label_pass; ?> </span> <input name="password" type="password" id="password" value="<?php if (defined('FTP_PASS')) { echo '*****'; } ?> "<?php disabled(defined('FTP_PASS')); ?> /> <em><?php if (!defined('FTP_PASS')) { _e('This password will not be stored on the server.'); } ?> </em> </label> </div> <?php if (isset($types['ssh'])) { ?> <h4><?php _e('Authentication Keys'); ?> </h4> <label for="public_key"> <span class="field-title"><?php _e('Public Key:'); ?> </span> <input name="public_key" type="text" id="public_key" aria-describedby="auth-keys-desc" value="<?php echo esc_attr($public_key); ?> "<?php disabled(defined('FTP_PUBKEY')); ?> /> </label> <label for="private_key"> <span class="field-title"><?php _e('Private Key:'); ?> </span> <input name="private_key" type="text" id="private_key" value="<?php echo esc_attr($private_key); ?> "<?php disabled(defined('FTP_PRIKEY')); ?> /> </label> <span id="auth-keys-desc"><?php _e('Enter the location on the server where the public and private keys are located. If a passphrase is needed, enter that in the password field above.'); ?> </span> <?php } ?> <h4><?php _e('Connection Type'); ?> </h4> <fieldset><legend class="screen-reader-text"><span><?php _e('Connection Type'); ?> </span></legend> <?php $disabled = disabled(defined('FTP_SSL') && FTP_SSL || defined('FTP_SSH') && FTP_SSH, true, false); foreach ($types as $name => $text) { ?> <label for="<?php echo esc_attr($name); ?> "> <input type="radio" name="connection_type" id="<?php echo esc_attr($name); ?> " value="<?php echo esc_attr($name); ?> "<?php checked($name, $connection_type); echo $disabled; ?> /> <?php echo $text; ?> </label> <?php } ?> </fieldset> <?php foreach ((array) $extra_fields as $field) { if (isset($_POST[$field])) { echo '<input type="hidden" name="' . esc_attr($field) . '" value="' . esc_attr(hq_unslash($_POST[$field])) . '" />'; } } ?> <p class="request-filesystem-credentials-action-buttons"> <button class="button cancel-button" data-js-action="close" type="button"><?php _e('Cancel'); ?> </button> <?php submit_button(__('Proceed'), 'button', 'upgrade', false); ?> </p> </div> </form> <?php return false; }
" /> <p class="step"><input name="submit" type="submit" value="<?php echo htmlspecialchars(__('Submit'), ENT_QUOTES); ?> " class="button button-large" /></p> </form> <?php break; case 2: load_default_textdomain($language); $GLOBALS['hq_locale'] = new HQ_Locale(); $dbname = trim(hq_unslash($_POST['dbname'])); $uname = trim(hq_unslash($_POST['uname'])); $pwd = trim(hq_unslash($_POST['pwd'])); $dbhost = trim(hq_unslash($_POST['dbhost'])); $prefix = trim(hq_unslash($_POST['prefix'])); $step_1 = 'setup-config.php?step=1'; $install = 'install.php'; if (isset($_REQUEST['noapi'])) { $step_1 .= '&noapi'; } if (!empty($language)) { $step_1 .= '&language=' . $language; $install .= '?language=' . $language; } else { $install .= '?language=en_US'; } $tryagain_link = '</p><p class="step"><a href="' . $step_1 . '" onclick="javascript:history.go(-1);return false;" class="button button-large">' . __('Try again') . '</a>'; if (empty($prefix)) { hq_die(__('<strong>ERROR</strong>: "Table Prefix" must not be empty.' . $tryagain_link)); }
/** * Edit user settings based on contents of $_POST * * Used on user-edit.php and profile.php to manage and process user options, passwords etc. * * @since 0.0.1 * * @param int $user_id Optional. User ID. * @return int|HQ_Error user id of the updated user */ function edit_user($user_id = 0) { $hq_roles = hq_roles(); $user = new stdClass(); if ($user_id) { $update = true; $user->ID = (int) $user_id; $userdata = get_userdata($user_id); $user->user_login = hq_slash($userdata->user_login); } else { $update = false; } if (!$update && isset($_POST['user_login'])) { $user->user_login = sanitize_user($_POST['user_login'], true); } $pass1 = $pass2 = ''; if (isset($_POST['pass1'])) { $pass1 = $_POST['pass1']; } if (isset($_POST['pass2'])) { $pass2 = $_POST['pass2']; } if (isset($_POST['role']) && current_user_can('edit_users')) { $new_role = sanitize_text_field($_POST['role']); $potential_role = isset($hq_roles->role_objects[$new_role]) ? $hq_roles->role_objects[$new_role] : false; // Don't let anyone with 'edit_users' (admins) edit their own role to something without it. // Multisite super admins can freely edit their blog roles -- they possess all caps. if (is_multisite() && current_user_can('manage_sites') || $user_id != get_current_user_id() || $potential_role && $potential_role->has_cap('edit_users')) { $user->role = $new_role; } // If the new role isn't editable by the logged-in user die with error $editable_roles = get_editable_roles(); if (!empty($new_role) && empty($editable_roles[$new_role])) { hq_die(__('You can’t give users that role.')); } } if (isset($_POST['email'])) { $user->user_email = sanitize_text_field(hq_unslash($_POST['email'])); } if (isset($_POST['url'])) { if (empty($_POST['url']) || $_POST['url'] == 'http://') { $user->user_url = ''; } else { $user->user_url = esc_url_raw($_POST['url']); $protocols = implode('|', array_map('preg_quote', hq_allowed_protocols())); $user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://' . $user->user_url; } } if (isset($_POST['first_name'])) { $user->first_name = sanitize_text_field($_POST['first_name']); } if (isset($_POST['last_name'])) { $user->last_name = sanitize_text_field($_POST['last_name']); } if (isset($_POST['nickname'])) { $user->nickname = sanitize_text_field($_POST['nickname']); } if (isset($_POST['display_name'])) { $user->display_name = sanitize_text_field($_POST['display_name']); } if (isset($_POST['description'])) { $user->description = trim($_POST['description']); } foreach (hq_get_user_contact_methods($user) as $method => $name) { if (isset($_POST[$method])) { $user->{$method} = sanitize_text_field($_POST[$method]); } } if ($update) { $user->rich_editing = isset($_POST['rich_editing']) && 'false' == $_POST['rich_editing'] ? 'false' : 'true'; $user->admin_color = isset($_POST['admin_color']) ? sanitize_text_field($_POST['admin_color']) : 'fresh'; $user->show_admin_bar_front = isset($_POST['admin_bar_front']) ? 'true' : 'false'; } $user->comment_shortcuts = isset($_POST['comment_shortcuts']) && 'true' == $_POST['comment_shortcuts'] ? 'true' : ''; $user->use_ssl = 0; if (!empty($_POST['use_ssl'])) { $user->use_ssl = 1; } $errors = new HQ_Error(); /* checking that username has been typed */ if ($user->user_login == '') { $errors->add('user_login', __('<strong>ERROR</strong>: Please enter a username.')); } /* checking the password has been typed twice */ /** * Fires before the password and confirm password fields are checked for congruity. * * @since 0.0.1 * * @param string $user_login The username. * @param string &$pass1 The password, passed by reference. * @param string &$pass2 The confirmed password, passed by reference. */ do_action_ref_array('check_passwords', array($user->user_login, &$pass1, &$pass2)); if ($update) { if (empty($pass1) && !empty($pass2)) { $errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass1')); } elseif (!empty($pass1) && empty($pass2)) { $errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass2')); } } else { if (empty($pass1)) { $errors->add('pass', __('<strong>ERROR</strong>: Please enter your password.'), array('form-field' => 'pass1')); } elseif (empty($pass2)) { $errors->add('pass', __('<strong>ERROR</strong>: Please enter your password twice.'), array('form-field' => 'pass2')); } } /* Check for "\" in password */ if (false !== strpos(hq_unslash($pass1), "\\")) { $errors->add('pass', __('<strong>ERROR</strong>: Passwords may not contain the character "\\".'), array('form-field' => 'pass1')); } /* checking the password has been typed twice the same */ if ($pass1 != $pass2) { $errors->add('pass', __('<strong>ERROR</strong>: Please enter the same password in the two password fields.'), array('form-field' => 'pass1')); } if (!empty($pass1)) { $user->user_pass = $pass1; } if (!$update && isset($_POST['user_login']) && !validate_username($_POST['user_login'])) { $errors->add('user_login', __('<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.')); } if (!$update && username_exists($user->user_login)) { $errors->add('user_login', __('<strong>ERROR</strong>: This username is already registered. Please choose another one.')); } /* checking e-mail address */ if (empty($user->user_email)) { $errors->add('empty_email', __('<strong>ERROR</strong>: Please enter an e-mail address.'), array('form-field' => 'email')); } elseif (!is_email($user->user_email)) { $errors->add('invalid_email', __('<strong>ERROR</strong>: The email address isn’t correct.'), array('form-field' => 'email')); } elseif (($owner_id = email_exists($user->user_email)) && (!$update || $owner_id != $user->ID)) { $errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.'), array('form-field' => 'email')); } /** * Fires before user profile update errors are returned. * * @since 0.0.1 * * @param array &$errors An array of user profile update errors, passed by reference. * @param bool $update Whether this is a user update. * @param HQ_User &$user HQ_User object, passed by reference. */ do_action_ref_array('user_profile_update_errors', array(&$errors, $update, &$user)); if ($errors->get_error_codes()) { return $errors; } if ($update) { $user_id = hq_update_user($user); } else { $user_id = hq_insert_user($user); hq_new_user_notification($user_id, null, 'both'); } return $user_id; }
/** * This function inserts/updates links into/in the database. * * @since 0.0.1 * * @global hqdb $hqdb * * @param array $linkdata Elements that make up the link to insert. * @param bool $hq_error Optional. If true return HQ_Error object on failure. * @return int|HQ_Error Value 0 or HQ_Error on failure. The link ID on success. */ function hq_insert_link($linkdata, $hq_error = false) { global $hqdb; $defaults = array('link_id' => 0, 'link_name' => '', 'link_url' => '', 'link_rating' => 0); $args = hq_parse_args($linkdata, $defaults); $r = hq_unslash(sanitize_bookmark($args, 'db')); $link_id = $r['link_id']; $link_name = $r['link_name']; $link_url = $r['link_url']; $update = false; if (!empty($link_id)) { $update = true; } if (trim($link_name) == '') { if (trim($link_url) != '') { $link_name = $link_url; } else { return 0; } } if (trim($link_url) == '') { return 0; } $link_rating = !empty($r['link_rating']) ? $r['link_rating'] : 0; $link_image = !empty($r['link_image']) ? $r['link_image'] : ''; $link_target = !empty($r['link_target']) ? $r['link_target'] : ''; $link_visible = !empty($r['link_visible']) ? $r['link_visible'] : 'Y'; $link_owner = !empty($r['link_owner']) ? $r['link_owner'] : get_current_user_id(); $link_notes = !empty($r['link_notes']) ? $r['link_notes'] : ''; $link_description = !empty($r['link_description']) ? $r['link_description'] : ''; $link_rss = !empty($r['link_rss']) ? $r['link_rss'] : ''; $link_rel = !empty($r['link_rel']) ? $r['link_rel'] : ''; $link_category = !empty($r['link_category']) ? $r['link_category'] : array(); // Make sure we set a valid category if (!is_array($link_category) || 0 == count($link_category)) { $link_category = array(get_option('default_link_category')); } if ($update) { if (false === $hqdb->update($hqdb->links, compact('link_url', 'link_name', 'link_image', 'link_target', 'link_description', 'link_visible', 'link_rating', 'link_rel', 'link_notes', 'link_rss'), compact('link_id'))) { if ($hq_error) { return new HQ_Error('db_update_error', __('Could not update link in the database'), $hqdb->last_error); } else { return 0; } } } else { if (false === $hqdb->insert($hqdb->links, compact('link_url', 'link_name', 'link_image', 'link_target', 'link_description', 'link_visible', 'link_owner', 'link_rating', 'link_rel', 'link_notes', 'link_rss'))) { if ($hq_error) { return new HQ_Error('db_insert_error', __('Could not insert link into the database'), $hqdb->last_error); } else { return 0; } } $link_id = (int) $hqdb->insert_id; } hq_set_link_cats($link_id, $link_category); if ($update) { /** * Fires after a link was updated in the database. * * @since 0.0.1 * * @param int $link_id ID of the link that was updated. */ do_action('edit_link', $link_id); } else { /** * Fires after a link was added to the database. * * @since 0.0.1 * * @param int $link_id ID of the link that was added. */ do_action('add_link', $link_id); } clean_bookmark_cache($link_id); return $link_id; }
/** * Filter the login page errors. * * @since 0.0.1 * * @param object $errors HQ Error object. * @param string $redirect_to Redirect destination URL. */ $errors = apply_filters('hq_login_errors', $errors, $redirect_to); // Clear any stale cookies. if ($reauth) { hq_clear_auth_cookie(); } login_header(__('Log In'), '', $errors); if (isset($_POST['log'])) { $user_login = '******' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ? esc_attr(hq_unslash($_POST['log'])) : ''; } $rememberme = !empty($_POST['rememberme']); if (!empty($errors->errors)) { $aria_describedby_error = ' aria-describedby="login_error"'; } else { $aria_describedby_error = ''; } ?> <form name="loginform" id="loginform" action="<?php echo esc_url(site_url('hq-login.php', 'login_post')); ?> " method="post"> <p> <label for="user_login"><?php