/**
* Updates an existing comment in the database.
*
* Filters the comment and makes sure certain fields are valid before updating.
*
* @since 0.0.1
*
* @global hqdb $hqdb HiveQueen database abstraction object.
*
* @param array $commentarr Contains information on the comment.
* @return int Comment was updated if value is 1, or was not updated if value is 0.
*/
function hq_update_comment($commentarr)
{
global $hqdb;
// First, get all of the original fields
$comment = get_comment($commentarr['comment_ID'], ARRAY_A);
if (empty($comment)) {
return 0;
}
// Make sure that the comment post ID is valid (if specified).
if (isset($commentarr['comment_post_ID']) && !get_post($commentarr['comment_post_ID'])) {
return 0;
}
// Escape data pulled from DB.
$comment = hq_slash($comment);
$old_status = $comment['comment_approved'];
// Merge old and new fields with new fields overwriting old ones.
$commentarr = array_merge($comment, $commentarr);
$commentarr = hq_filter_comment($commentarr);
// Now extract the merged array.
$data = hq_unslash($commentarr);
/**
* Filter the comment content before it is updated in the database.
*
* @since 0.0.1
*
* @param string $comment_content The comment data.
*/
$data['comment_content'] = apply_filters('comment_save_pre', $data['comment_content']);
$data['comment_date_gmt'] = get_gmt_from_date($data['comment_date']);
if (!isset($data['comment_approved'])) {
$data['comment_approved'] = 1;
} elseif ('hold' == $data['comment_approved']) {
$data['comment_approved'] = 0;
} elseif ('approve' == $data['comment_approved']) {
$data['comment_approved'] = 1;
}
$comment_ID = $data['comment_ID'];
$comment_post_ID = $data['comment_post_ID'];
$keys = array('comment_post_ID', 'comment_content', 'comment_author', 'comment_author_email', 'comment_approved', 'comment_karma', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_type', 'comment_parent', 'user_id');
$data = hq_array_slice_assoc($data, $keys);
$rval = $hqdb->update($hqdb->comments, $data, compact('comment_ID'));
clean_comment_cache($comment_ID);
hq_update_comment_count($comment_post_ID);
/**
* Fires immediately after a comment is updated in the database.
*
* The hook also fires immediately before comment status transition hooks are fired.
*
* @since 0.0.1
*
* @param int $comment_ID The comment ID.
*/
do_action('edit_comment', $comment_ID);
$comment = get_comment($comment_ID);
hq_transition_comment_status($comment->comment_approved, $old_status, $comment);
return $rval;
}
/**
* Retrieve original referer that was posted, if it exists.
*
* @since 0.0.1
*
* @return string|false False if no original referer or original referer if set.
*/
function hq_get_original_referer()
{
if (!empty($_REQUEST['_hq_original_http_referer']) && function_exists('hq_validate_redirect')) {
return hq_validate_redirect(hq_unslash($_REQUEST['_hq_original_http_referer']), false);
}
return false;
}
/**
* Display installer setup form.
*
* @since 2.8.0
*
* @param string|null $error
*/
function display_setup_form($error = null)
{
global $hqdb;
$sql = $hqdb->prepare("SHOW TABLES LIKE %s", $hqdb->esc_like($hqdb->users));
$user_table = $hqdb->get_var($sql) != null;
// Ensure that Blogs appear in search engines by default.
$blog_public = 1;
if (isset($_POST['weblog_title'])) {
$blog_public = isset($_POST['blog_public']);
}
$weblog_title = isset($_POST['weblog_title']) ? trim(hq_unslash($_POST['weblog_title'])) : '';
$user_name = isset($_POST['user_name']) ? trim(hq_unslash($_POST['user_name'])) : '';
$admin_email = isset($_POST['admin_email']) ? trim(hq_unslash($_POST['admin_email'])) : '';
if (!is_null($error)) {
?>
<p class="message"><?php
echo $error;
?>
</p>
<?php
}
?>
<form id="setup" method="post" action="install.php?step=2" novalidate="novalidate">
<table class="form-table">
<tr>
<th scope="row"><label for="weblog_title"><?php
_e('Site Title');
?>
</label></th>
<td><input name="weblog_title" type="text" id="weblog_title" size="25" value="<?php
echo esc_attr($weblog_title);
?>
" /></td>
</tr>
<tr>
<th scope="row"><label for="user_login"><?php
_e('Username');
?>
</label></th>
<td>
<?php
if ($user_table) {
_e('User(s) already exists.');
echo '<input name="user_name" type="hidden" value="admin" />';
} else {
?>
<input name="user_name" type="text" id="user_login" size="25" value="<?php
echo esc_attr(sanitize_user($user_name, true));
?>
" />
<p><?php
_e('Usernames can have only alphanumeric characters, spaces, underscores, hyphens, periods, and the @ symbol.');
?>
</p>
<?php
}
?>
</td>
</tr>
<?php
if (!$user_table) {
?>
<tr class="form-field form-required user-pass1-wrap">
<th scope="row">
<label for="pass1">
<?php
_e('Password');
?>
</label>
</th>
<td>
<div class="">
<?php
$initial_password = isset($_POST['admin_password']) ? stripslashes($_POST['admin_password']) : hq_generate_password(18);
?>
<input type="password" name="admin_password" id="pass1" class="regular-text" autocomplete="off" data-reveal="1" data-pw="<?php
echo esc_attr($initial_password);
?>
" aria-describedby="pass-strength-result" />
<button type="button" class="button button-secondary hq-hide-pw hide-if-no-js" data-start-masked="<?php
echo (int) isset($_POST['admin_password']);
?>
" data-toggle="0" aria-label="<?php
esc_attr_e('Hide password');
?>
">
<span class="dashicons dashicons-hidden"></span>
<span class="text"><?php
_e('Hide');
?>
</span>
</button>
<div id="pass-strength-result" aria-live="polite"></div>
</div>
<p><span class="description important hide-if-no-js">
<strong><?php
_e('Important:');
?>
</strong>
<?php
/* translators: The non-breaking space prevents 1Password from thinking the text "log in" should trigger a password save prompt. */
?>
<?php
_e('You will need this password to log in. Please store it in a secure location.');
?>
</span></p>
</td>
</tr>
<tr class="form-field form-required user-pass2-wrap hide-if-js">
<th scope="row">
<label for="pass2"><?php
_e('Repeat Password');
?>
<span class="description"><?php
_e('(required)');
?>
</span>
</label>
</th>
<td>
<input name="admin_password2" type="password" id="pass2" autocomplete="off" />
</td>
</tr>
<tr class="pw-weak">
<th scope="row"><?php
_e('Confirm Password');
?>
</th>
<td>
<label>
<input type="checkbox" name="pw_weak" class="pw-checkbox" />
<?php
_e('Confirm use of weak password');
?>
</label>
</td>
</tr>
<?php
}
?>
<tr>
<th scope="row"><label for="admin_email"><?php
_e('Your E-mail');
?>
</label></th>
<td><input name="admin_email" type="email" id="admin_email" size="25" value="<?php
echo esc_attr($admin_email);
?>
" />
<p><?php
_e('Double-check your email address before continuing.');
?>
</p></td>
</tr>
<tr>
<th scope="row"><?php
_e('Privacy');
?>
</th>
<td colspan="2"><label><input type="checkbox" name="blog_public" id="blog_public" value="1" <?php
checked($blog_public);
?>
/> <?php
_e('Allow search engines to index this site');
?>
</label></td>
</tr>
</table>
<p class="step"><?php
submit_button(__('Install HiveQueen'), 'large', 'Submit', false, array('id' => 'submit'));
?>
</p>
<input type="hidden" name="language" value="<?php
echo isset($_REQUEST['language']) ? esc_attr($_REQUEST['language']) : '';
?>
" />
</form>
<?php
}
/**
* Insert a user into the database.
*
* Most of the `$userdata` array fields have filters associated with the values. Exceptions are
* 'ID', 'rich_editing', 'comment_shortcuts', 'admin_color', 'use_ssl',
* 'user_registered', and 'role'. The filters have the prefix 'pre_user_' followed by the field
* name. An example using 'description' would have the filter called, 'pre_user_description' that
* can be hooked into.
*
* @since 0.0.1
*
* @global hqdb $hqdb HiveQueen database object for queries.
*
* @param array|object|HQ_User $userdata {
* An array, object, or HQ_User object of user data arguments.
*
* @type int $ID User ID. If supplied, the user will be updated.
* @type string $user_pass The plain-text user password.
* @type string $user_login The user's login username.
* @type string $user_nicename The URL-friendly user name.
* @type string $user_url The user URL.
* @type string $user_email The user email address.
* @type string $display_name The user's display name.
* Default is the the user's username.
* @type string $nickname The user's nickname.
* Default is the the user's username.
* @type string $first_name The user's first name. For new users, will be used
* to build the first part of the user's display name
* if `$display_name` is not specified.
* @type string $last_name The user's last name. For new users, will be used
* to build the second part of the user's display name
* if `$display_name` is not specified.
* @type string $description The user's biographical description.
* @type string|bool $rich_editing Whether to enable the rich-editor for the user.
* False if not empty.
* @type string|bool $comment_shortcuts Whether to enable comment moderation keyboard
* shortcuts for the user. Default false.
* @type string $admin_color Admin color scheme for the user. Default 'fresh'.
* @type bool $use_ssl Whether the user should always access the admin over
* https. Default false.
* @type string $user_registered Date the user registered. Format is 'Y-m-d H:i:s'.
* @type string|bool $show_admin_bar_front Whether to display the Admin Bar for the user on the
* site's frontend. Default true.
* @type string $role User's role.
* }
* @return int|HQ_Error The newly created user's ID or a HQ_Error object if the user could not
* be created.
*/
function hq_insert_user($userdata)
{
global $hqdb;
if ($userdata instanceof stdClass) {
$userdata = get_object_vars($userdata);
} elseif ($userdata instanceof HQ_User) {
$userdata = $userdata->to_array();
}
// Are we updating or creating?
if (!empty($userdata['ID'])) {
$ID = (int) $userdata['ID'];
$update = true;
$old_user_data = HQ_User::get_data_by('id', $ID);
// hashed in hq_update_user(), plaintext if called directly
$user_pass = $userdata['user_pass'];
} else {
$update = false;
// Hash the password
$user_pass = hq_hash_password($userdata['user_pass']);
}
$sanitized_user_login = sanitize_user($userdata['user_login'], true);
/**
* Filter a username after it has been sanitized.
*
* This filter is called before the user is created or updated.
*
* @since 0.0.1
*
* @param string $sanitized_user_login Username after it has been sanitized.
*/
$pre_user_login = apply_filters('pre_user_login', $sanitized_user_login);
//Remove any non-printable chars from the login string to see if we have ended up with an empty username
$user_login = trim($pre_user_login);
if (empty($user_login)) {
return new HQ_Error('empty_user_login', __('Cannot create a user with an empty login name.'));
}
if (!$update && username_exists($user_login)) {
return new HQ_Error('existing_user_login', __('Sorry, that username already exists!'));
}
// If a nicename is provided, remove unsafe user characters before
// using it. Otherwise build a nicename from the user_login.
if (!empty($userdata['user_nicename'])) {
$user_nicename = sanitize_user($userdata['user_nicename'], true);
} else {
$user_nicename = $user_login;
}
$user_nicename = sanitize_title($user_nicename);
// Store values to save in user meta.
$meta = array();
/**
* Filter a user's nicename before the user is created or updated.
*
* @since 0.0.1
*
* @param string $user_nicename The user's nicename.
*/
$user_nicename = apply_filters('pre_user_nicename', $user_nicename);
$raw_user_url = empty($userdata['user_url']) ? '' : $userdata['user_url'];
/**
* Filter a user's URL before the user is created or updated.
*
* @since 0.0.1
*
* @param string $raw_user_url The user's URL.
*/
$user_url = apply_filters('pre_user_url', $raw_user_url);
$raw_user_email = empty($userdata['user_email']) ? '' : $userdata['user_email'];
/**
* Filter a user's email before the user is created or updated.
*
* @since 0.0.1
*
* @param string $raw_user_email The user's email.
*/
$user_email = apply_filters('pre_user_email', $raw_user_email);
/*
* If there is no update, just check for `email_exists`. If there is an update,
* check if current email and new email are the same, or not, and check `email_exists`
* accordingly.
*/
if ((!$update || !empty($old_user_data) && 0 !== strcasecmp($user_email, $old_user_data->user_email)) && !defined('HQ_IMPORTING') && email_exists($user_email)) {
return new HQ_Error('existing_user_email', __('Sorry, that email address is already used!'));
}
$nickname = empty($userdata['nickname']) ? $user_login : $userdata['nickname'];
/**
* Filter a user's nickname before the user is created or updated.
*
* @since 0.0.1
*
* @param string $nickname The user's nickname.
*/
$meta['nickname'] = apply_filters('pre_user_nickname', $nickname);
$first_name = empty($userdata['first_name']) ? '' : $userdata['first_name'];
/**
* Filter a user's first name before the user is created or updated.
*
* @since 0.0.1
*
* @param string $first_name The user's first name.
*/
$meta['first_name'] = apply_filters('pre_user_first_name', $first_name);
$last_name = empty($userdata['last_name']) ? '' : $userdata['last_name'];
/**
* Filter a user's last name before the user is created or updated.
*
* @since 0.0.1
*
* @param string $last_name The user's last name.
*/
$meta['last_name'] = apply_filters('pre_user_last_name', $last_name);
if (empty($userdata['display_name'])) {
if ($update) {
$display_name = $user_login;
} elseif ($meta['first_name'] && $meta['last_name']) {
/* translators: 1: first name, 2: last name */
$display_name = sprintf(_x('%1$s %2$s', 'Display name based on first name and last name'), $meta['first_name'], $meta['last_name']);
} elseif ($meta['first_name']) {
$display_name = $meta['first_name'];
} elseif ($meta['last_name']) {
$display_name = $meta['last_name'];
} else {
$display_name = $user_login;
}
} else {
$display_name = $userdata['display_name'];
}
/**
* Filter a user's display name before the user is created or updated.
*
* @since 0.0.1
*
* @param string $display_name The user's display name.
*/
$display_name = apply_filters('pre_user_display_name', $display_name);
$description = empty($userdata['description']) ? '' : $userdata['description'];
/**
* Filter a user's description before the user is created or updated.
*
* @since 0.0.1
*
* @param string $description The user's description.
*/
$meta['description'] = apply_filters('pre_user_description', $description);
$meta['rich_editing'] = empty($userdata['rich_editing']) ? 'true' : $userdata['rich_editing'];
$meta['comment_shortcuts'] = empty($userdata['comment_shortcuts']) || 'false' === $userdata['comment_shortcuts'] ? 'false' : 'true';
$admin_color = empty($userdata['admin_color']) ? 'fresh' : $userdata['admin_color'];
$meta['admin_color'] = preg_replace('|[^a-z0-9 _.\\-@]|i', '', $admin_color);
$meta['use_ssl'] = empty($userdata['use_ssl']) ? 0 : $userdata['use_ssl'];
$user_registered = empty($userdata['user_registered']) ? gmdate('Y-m-d H:i:s') : $userdata['user_registered'];
$meta['show_admin_bar_front'] = empty($userdata['show_admin_bar_front']) ? 'true' : $userdata['show_admin_bar_front'];
$user_nicename_check = $hqdb->get_var($hqdb->prepare("SELECT ID FROM {$hqdb->users} WHERE user_nicename = %s AND user_login != %s LIMIT 1", $user_nicename, $user_login));
if ($user_nicename_check) {
$suffix = 2;
while ($user_nicename_check) {
$alt_user_nicename = $user_nicename . "-{$suffix}";
$user_nicename_check = $hqdb->get_var($hqdb->prepare("SELECT ID FROM {$hqdb->users} WHERE user_nicename = %s AND user_login != %s LIMIT 1", $alt_user_nicename, $user_login));
$suffix++;
}
$user_nicename = $alt_user_nicename;
}
$compacted = compact('user_pass', 'user_email', 'user_url', 'user_nicename', 'display_name', 'user_registered');
$data = hq_unslash($compacted);
if ($update) {
if ($user_email !== $old_user_data->user_email) {
$data['user_activation_key'] = '';
}
$hqdb->update($hqdb->users, $data, compact('ID'));
$user_id = (int) $ID;
} else {
$hqdb->insert($hqdb->users, $data + compact('user_login'));
$user_id = (int) $hqdb->insert_id;
}
$user = new HQ_User($user_id);
// Update user meta.
foreach ($meta as $key => $value) {
update_user_meta($user_id, $key, $value);
}
foreach (hq_get_user_contact_methods($user) as $key => $value) {
if (isset($userdata[$key])) {
update_user_meta($user_id, $key, $userdata[$key]);
}
}
if (isset($userdata['role'])) {
$user->set_role($userdata['role']);
} elseif (!$update) {
$user->set_role(get_option('default_role'));
}
//TODO: Goyo no cache
//hq_cache_delete( $user_id, 'users' );
//hq_cache_delete( $user_login, 'userlogins' );
if ($update) {
/**
* Fires immediately after an existing user is updated.
*
* @since 0.0.1
*
* @param int $user_id User ID.
* @param object $old_user_data Object containing user's data prior to update.
*/
do_action('profile_update', $user_id, $old_user_data);
} else {
/**
* Fires immediately after a new user is registered.
*
* @since 0.0.1
*
* @param int $user_id User ID.
*/
do_action('user_register', $user_id);
}
return $user_id;
}
<p><?php
_e('The update process may take a little while, so please be patient.');
?>
</p>
<p class="step"><a class="button button-large" href="upgrade.php?step=1&backto=<?php
echo $goback;
?>
"><?php
_e('Update HiveQueen Database');
?>
</a></p>
<?php
break;
case 1:
hq_upgrade();
$backto = !empty($_GET['backto']) ? hq_unslash(urldecode($_GET['backto'])) : __get_option('home') . '/';
$backto = esc_url($backto);
$backto = hq_validate_redirect($backto, __get_option('home') . '/');
?>
<h2><?php
_e('Update Complete');
?>
</h2>
<p><?php
_e('Your HiveQueen database has been successfully updated!');
?>
</p>
<p class="step"><a class="button button-large" href="<?php
echo $backto;
?>
"><?php
/**
* Display the search query.
*
* A simple wrapper to display the "s" parameter in a GET URI. This function
* should only be used when {@link the_search_query()} cannot.
*
* @since 0.0.1
*/
function _admin_search_query()
{
echo isset($_REQUEST['s']) ? esc_attr(hq_unslash($_REQUEST['s'])) : '';
}
* $pagenow is set in vars.php
* $hq_importers is sometimes set in hq-admin/includes/import.php
* The remaining variables are imported as globals elsewhere, declared as globals here
*
* @global string $pagenow
* @global array $hq_importers
* @global string $hook_suffix
* @global string $plugin_page
* @global string $typenow
* @global string $taxnow
*/
global $pagenow, $hq_importers, $hook_suffix, $plugin_page, $typenow, $taxnow;
$page_hook = null;
$editing = false;
if (isset($_GET['page'])) {
$plugin_page = hq_unslash($_GET['page']);
$plugin_page = plugin_basename($plugin_page);
}
if (isset($_REQUEST['post_type']) && post_type_exists($_REQUEST['post_type'])) {
$typenow = $_REQUEST['post_type'];
} else {
$typenow = '';
}
if (isset($_REQUEST['taxonomy']) && taxonomy_exists($_REQUEST['taxonomy'])) {
$taxnow = $_REQUEST['taxonomy'];
} else {
$taxnow = '';
}
if (HQ_NETWORK_ADMIN) {
require ABSPATH . 'hq-admin/network/menu.php';
} elseif (HQ_USER_ADMIN) {
/**
* Delete metadata for the specified object.
*
* @since 0.0.1
*
* @global hqdb $hqdb HiveQueen database abstraction object.
*
* @param string $meta_type Type of object metadata is for (e.g., comment, post, or user)
* @param int $object_id ID of the object metadata is for
* @param string $meta_key Metadata key
* @param mixed $meta_value Optional. Metadata value. Must be serializable if non-scalar. If specified, only delete
* metadata entries with this value. Otherwise, delete all entries with the specified meta_key.
* Pass `null, `false`, or an empty string to skip this check. (For backward compatibility,
* it is not possible to pass an empty string to delete those entries with an empty string
* for a value.)
* @param bool $delete_all Optional, default is false. If true, delete matching metadata entries for all objects,
* ignoring the specified object_id. Otherwise, only delete matching metadata entries for
* the specified object_id.
* @return bool True on successful delete, false on failure.
*/
function delete_metadata($meta_type, $object_id, $meta_key, $meta_value = '', $delete_all = false)
{
global $hqdb;
if (!$meta_type || !$meta_key || !is_numeric($object_id) && !$delete_all) {
return false;
}
$object_id = absint($object_id);
if (!$object_id && !$delete_all) {
return false;
}
$table = _get_meta_table($meta_type);
if (!$table) {
return false;
}
$type_column = sanitize_key($meta_type . '_id');
$id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
// expected_slashed ($meta_key)
$meta_key = hq_unslash($meta_key);
$meta_value = hq_unslash($meta_value);
/**
* Filter whether to delete metadata of a specific type.
*
* The dynamic portion of the hook, `$meta_type`, refers to the meta
* object type (comment, post, or user). Returning a non-null value
* will effectively short-circuit the function.
*
* @since 0.0.1
*
* @param null|bool $delete Whether to allow metadata deletion of the given type.
* @param int $object_id Object ID.
* @param string $meta_key Meta key.
* @param mixed $meta_value Meta value. Must be serializable if non-scalar.
* @param bool $delete_all Whether to delete the matching metadata entries
* for all objects, ignoring the specified $object_id.
* Default false.
*/
$check = apply_filters("delete_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $delete_all);
if (null !== $check) {
return (bool) $check;
}
$_meta_value = $meta_value;
$meta_value = maybe_serialize($meta_value);
$query = $hqdb->prepare("SELECT {$id_column} FROM {$table} WHERE meta_key = %s", $meta_key);
if (!$delete_all) {
$query .= $hqdb->prepare(" AND {$type_column} = %d", $object_id);
}
if ('' !== $meta_value && null !== $meta_value && false !== $meta_value) {
$query .= $hqdb->prepare(" AND meta_value = %s", $meta_value);
}
$meta_ids = $hqdb->get_col($query);
if (!count($meta_ids)) {
return false;
}
if ($delete_all) {
$object_ids = $hqdb->get_col($hqdb->prepare("SELECT {$type_column} FROM {$table} WHERE meta_key = %s", $meta_key));
}
/**
* Fires immediately before deleting metadata of a specific type.
*
* The dynamic portion of the hook, `$meta_type`, refers to the meta
* object type (comment, post, or user).
*
* @since 0.0.1
*
* @param array $meta_ids An array of metadata entry IDs to delete.
* @param int $object_id Object ID.
* @param string $meta_key Meta key.
* @param mixed $meta_value Meta value.
*/
do_action("delete_{$meta_type}_meta", $meta_ids, $object_id, $meta_key, $_meta_value);
// Old-style action.
if ('post' == $meta_type) {
/**
* Fires immediately before deleting metadata for a post.
*
* @since 0.0.1
*
* @param array $meta_ids An array of post metadata entry IDs to delete.
*/
do_action('delete_postmeta', $meta_ids);
}
$query = "DELETE FROM {$table} WHERE {$id_column} IN( " . implode(',', $meta_ids) . " )";
$count = $hqdb->query($query);
if (!$count) {
return false;
}
//TODO: Goyo no cache
//if ( $delete_all ) {
// foreach ( (array) $object_ids as $o_id ) {
// hq_cache_delete($o_id, $meta_type . '_meta');
// }
//} else {
// hq_cache_delete($object_id, $meta_type . '_meta');
//}
/**
* Fires immediately after deleting metadata of a specific type.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta
* object type (comment, post, or user).
*
* @since 0.0.1
*
* @param array $meta_ids An array of deleted metadata entry IDs.
* @param int $object_id Object ID.
* @param string $meta_key Meta key.
* @param mixed $meta_value Meta value.
*/
do_action("deleted_{$meta_type}_meta", $meta_ids, $object_id, $meta_key, $_meta_value);
// Old-style action.
if ('post' == $meta_type) {
/**
* Fires immediately after deleting metadata for a post.
*
* @since 0.0.1
*
* @param array $meta_ids An array of deleted post metadata entry IDs.
*/
do_action('deleted_postmeta', $meta_ids);
}
return true;
}
/**
* Generate a session token and attach session information to it.
*
* A session token is a long, random string. It is used in a cookie
* link that cookie to an expiration time and to ensure the cookie
* becomes invalidated upon logout.
*
* This function generates a token and stores it with the associated
* expiration time (and potentially other session information via the
* `attach_session_information` filter).
*
* @since 0.0.1
* @access public
*
* @param int $expiration Session expiration timestamp.
* @return string Session token.
*/
public final function create($expiration)
{
/**
* Filter the information attached to the newly created session.
*
* Could be used in the future to attach information such as
* IP address or user agent to a session.
*
* @since 0.0.1
*
* @param array $session Array of extra data.
* @param int $user_id User ID.
*/
$session = apply_filters('attach_session_information', array(), $this->user_id);
$session['expiration'] = $expiration;
// IP address.
if (!empty($_SERVER['REMOTE_ADDR'])) {
$session['ip'] = $_SERVER['REMOTE_ADDR'];
}
// User-agent.
if (!empty($_SERVER['HTTP_USER_AGENT'])) {
$session['ua'] = hq_unslash($_SERVER['HTTP_USER_AGENT']);
}
// Timestamp
$session['login'] = time();
$token = hq_generate_password(43, false, false);
$this->update($token, $session);
return $token;
}
/**
* Retrieve a list of pages.
*
* @global hqdb $hqdb HiveQueen database abstraction object.
*
* @since 0.0.1
*
* @param array|string $args {
* Optional. Array or string of arguments to retrieve pages.
*
* @type int $child_of Page ID to return child and grandchild pages of.
* Default 0, or no restriction.
* @type string $sort_order How to sort retrieved pages. Accepts 'ASC', 'DESC'. Default 'ASC'.
* @type string $sort_column What columns to sort pages by, comma-separated. Accepts 'post_author',
* 'post_date', 'post_title', 'post_name', 'post_modified', 'menu_order',
* 'post_modified_gmt', 'post_parent', 'ID', 'rand', 'comment_count'.
* 'post_' can be omitted for any values that start with it.
* Default 'post_title'.
* @type bool $hierarchical Whether to return pages hierarchically. Default true.
* @type array $exclude Array of page IDs to exclude. Default empty array.
* @type array $include Array of page IDs to include. Cannot be used with `$child_of`,
* `$parent`, `$exclude`, `$meta_key`, `$meta_value`, or `$hierarchical`.
* Default empty array.
* @type string $meta_key Only include pages with this meta key. Default empty.
* @type string $meta_value Only include pages with this meta value. Requires `$meta_key`.
* Default empty.
* @type string $authors A comma-separated list of author IDs. Default empty.
* @type int $parent Page ID to return direct children of. `$hierarchical` must be false.
* Default -1, or no restriction.
* @type string|array $exclude_tree Comma-separated string or array of page IDs to exclude.
* Default empty array.
* @type int $number The number of pages to return. Default 0, or all pages.
* @type int $offset The number of pages to skip before returning. Requires `$number`.
* Default 0.
* @type string $post_type The post type to query. Default 'page'.
* @type string $post_status A comma-separated list of post status types to include.
* Default 'publish'.
* }
* @return array|false List of pages matching defaults or `$args`.
*/
function get_pages($args = array())
{
global $hqdb;
$defaults = array('child_of' => 0, 'sort_order' => 'ASC', 'sort_column' => 'post_title', 'hierarchical' => 1, 'exclude' => array(), 'include' => array(), 'meta_key' => '', 'meta_value' => '', 'authors' => '', 'parent' => -1, 'exclude_tree' => array(), 'number' => '', 'offset' => 0, 'post_type' => 'page', 'post_status' => 'publish');
$r = hq_parse_args($args, $defaults);
$number = (int) $r['number'];
$offset = (int) $r['offset'];
$child_of = (int) $r['child_of'];
$hierarchical = $r['hierarchical'];
$exclude = $r['exclude'];
$meta_key = $r['meta_key'];
$meta_value = $r['meta_value'];
$parent = $r['parent'];
$post_status = $r['post_status'];
// Make sure the post type is hierarchical.
$hierarchical_post_types = get_post_types(array('hierarchical' => true));
if (!in_array($r['post_type'], $hierarchical_post_types)) {
return false;
}
if ($parent > 0 && !$child_of) {
$hierarchical = false;
}
// Make sure we have a valid post status.
if (!is_array($post_status)) {
$post_status = explode(',', $post_status);
}
if (array_diff($post_status, get_post_stati())) {
return false;
}
// $args can be whatever, only use the args defined in defaults to compute the key.
$key = md5(serialize(hq_array_slice_assoc($r, array_keys($defaults))));
$last_changed = hq_cache_get('last_changed', 'posts');
if (!$last_changed) {
$last_changed = microtime();
hq_cache_set('last_changed', $last_changed, 'posts');
}
$cache_key = "get_pages:{$key}:{$last_changed}";
if ($cache = hq_cache_get($cache_key, 'posts')) {
// Convert to HQ_Post instances.
$pages = array_map('get_post', $cache);
/** This filter is documented in hq-includes/post.php */
$pages = apply_filters('get_pages', $pages, $r);
return $pages;
}
$inclusions = '';
if (!empty($r['include'])) {
$child_of = 0;
//ignore child_of, parent, exclude, meta_key, and meta_value params if using include
$parent = -1;
$exclude = '';
$meta_key = '';
$meta_value = '';
$hierarchical = false;
$incpages = hq_parse_id_list($r['include']);
if (!empty($incpages)) {
$inclusions = ' AND ID IN (' . implode(',', $incpages) . ')';
}
}
$exclusions = '';
if (!empty($exclude)) {
$expages = hq_parse_id_list($exclude);
if (!empty($expages)) {
$exclusions = ' AND ID NOT IN (' . implode(',', $expages) . ')';
}
}
$author_query = '';
if (!empty($r['authors'])) {
$post_authors = preg_split('/[\\s,]+/', $r['authors']);
if (!empty($post_authors)) {
foreach ($post_authors as $post_author) {
//Do we have an author id or an author login?
if (0 == intval($post_author)) {
$post_author = get_user_by('login', $post_author);
if (empty($post_author)) {
continue;
}
if (empty($post_author->ID)) {
continue;
}
$post_author = $post_author->ID;
}
if ('' == $author_query) {
$author_query = $hqdb->prepare(' post_author = %d ', $post_author);
} else {
$author_query .= $hqdb->prepare(' OR post_author = %d ', $post_author);
}
}
if ('' != $author_query) {
$author_query = " AND ({$author_query})";
}
}
}
$join = '';
$where = "{$exclusions} {$inclusions} ";
if ('' !== $meta_key || '' !== $meta_value) {
$join = " LEFT JOIN {$hqdb->postmeta} ON ( {$hqdb->posts}.ID = {$hqdb->postmeta}.post_id )";
// meta_key and meta_value might be slashed
$meta_key = hq_unslash($meta_key);
$meta_value = hq_unslash($meta_value);
if ('' !== $meta_key) {
$where .= $hqdb->prepare(" AND {$hqdb->postmeta}.meta_key = %s", $meta_key);
}
if ('' !== $meta_value) {
$where .= $hqdb->prepare(" AND {$hqdb->postmeta}.meta_value = %s", $meta_value);
}
}
if (is_array($parent)) {
$post_parent__in = implode(',', array_map('absint', (array) $parent));
if (!empty($post_parent__in)) {
$where .= " AND post_parent IN ({$post_parent__in})";
}
} elseif ($parent >= 0) {
$where .= $hqdb->prepare(' AND post_parent = %d ', $parent);
}
if (1 == count($post_status)) {
$where_post_type = $hqdb->prepare("post_type = %s AND post_status = %s", $r['post_type'], reset($post_status));
} else {
$post_status = implode("', '", $post_status);
$where_post_type = $hqdb->prepare("post_type = %s AND post_status IN ('{$post_status}')", $r['post_type']);
}
$orderby_array = array();
$allowed_keys = array('author', 'post_author', 'date', 'post_date', 'title', 'post_title', 'name', 'post_name', 'modified', 'post_modified', 'modified_gmt', 'post_modified_gmt', 'menu_order', 'parent', 'post_parent', 'ID', 'rand', 'comment_count');
foreach (explode(',', $r['sort_column']) as $orderby) {
$orderby = trim($orderby);
if (!in_array($orderby, $allowed_keys)) {
continue;
}
switch ($orderby) {
case 'menu_order':
break;
case 'ID':
$orderby = "{$hqdb->posts}.ID";
break;
case 'rand':
$orderby = 'RAND()';
break;
case 'comment_count':
$orderby = "{$hqdb->posts}.comment_count";
break;
default:
if (0 === strpos($orderby, 'post_')) {
$orderby = "{$hqdb->posts}." . $orderby;
} else {
$orderby = "{$hqdb->posts}.post_" . $orderby;
}
}
$orderby_array[] = $orderby;
}
$sort_column = !empty($orderby_array) ? implode(',', $orderby_array) : "{$hqdb->posts}.post_title";
$sort_order = strtoupper($r['sort_order']);
if ('' !== $sort_order && !in_array($sort_order, array('ASC', 'DESC'))) {
$sort_order = 'ASC';
}
$query = "SELECT * FROM {$hqdb->posts} {$join} WHERE ({$where_post_type}) {$where} ";
$query .= $author_query;
$query .= " ORDER BY " . $sort_column . " " . $sort_order;
if (!empty($number)) {
$query .= ' LIMIT ' . $offset . ',' . $number;
}
$pages = $hqdb->get_results($query);
if (empty($pages)) {
/** This filter is documented in hq-includes/post.php */
$pages = apply_filters('get_pages', array(), $r);
return $pages;
}
// Sanitize before caching so it'll only get done once.
$num_pages = count($pages);
for ($i = 0; $i < $num_pages; $i++) {
$pages[$i] = sanitize_post($pages[$i], 'raw');
}
// Update cache.
update_post_cache($pages);
if ($child_of || $hierarchical) {
$pages = get_page_children($child_of, $pages);
}
if (!empty($r['exclude_tree'])) {
$exclude = hq_parse_id_list($r['exclude_tree']);
foreach ($exclude as $id) {
$children = get_page_children($id, $pages);
foreach ($children as $child) {
$exclude[] = $child->ID;
}
}
$num_pages = count($pages);
for ($i = 0; $i < $num_pages; $i++) {
if (in_array($pages[$i]->ID, $exclude)) {
unset($pages[$i]);
}
}
}
$page_structure = array();
foreach ($pages as $page) {
$page_structure[] = $page->ID;
}
hq_cache_set($cache_key, $page_structure, 'posts');
// Convert to HQ_Post instances
$pages = array_map('get_post', $pages);
/**
* Filter the retrieved list of pages.
*
* @since 0.0.1
*
* @param array $pages List of pages to retrieve.
* @param array $r Array of get_pages() arguments.
*/
return apply_filters('get_pages', $pages, $r);
}
/**
* Send additional HTTP headers for caching, content type, etc.
*
* Sets the X-Pingback header, 404 status (if 404), Content-type. If showing
* a feed, it will also send last-modified, etag, and 304 status if needed.
*
* @since 0.0.1
*/
public function send_headers()
{
$headers = array('X-Pingback' => get_bloginfo('pingback_url'));
$status = null;
$exit_required = false;
if (is_user_logged_in()) {
$headers = array_merge($headers, hq_get_nocache_headers());
}
if (!empty($this->query_vars['error'])) {
$status = (int) $this->query_vars['error'];
if (404 === $status) {
if (!is_user_logged_in()) {
$headers = array_merge($headers, hq_get_nocache_headers());
}
$headers['Content-Type'] = get_option('html_type') . '; charset=' . get_option('blog_charset');
} elseif (in_array($status, array(403, 500, 502, 503))) {
$exit_required = true;
}
} elseif (empty($this->query_vars['feed'])) {
$headers['Content-Type'] = get_option('html_type') . '; charset=' . get_option('blog_charset');
} else {
// We're showing a feed, so HQ is indeed the only thing that last changed
//TODO: Goyo no commnets
//if ( !empty($this->query_vars['withcomments'])
// || false !== strpos( $this->query_vars['feed'], 'comments-' )
// || ( empty($this->query_vars['withoutcomments'])
// && ( !empty($this->query_vars['p'])
// || !empty($this->query_vars['name'])
// || !empty($this->query_vars['page_id'])
// || !empty($this->query_vars['pagename'])
// || !empty($this->query_vars['attachment'])
// || !empty($this->query_vars['attachment_id'])
// )
// )
//)
// $hq_last_modified = mysql2date('D, d M Y H:i:s', get_lastcommentmodified('GMT'), 0).' GMT';
//else
$hq_last_modified = mysql2date('D, d M Y H:i:s', get_lastpostmodified('GMT'), 0) . ' GMT';
$hq_etag = '"' . md5($hq_last_modified) . '"';
$headers['Last-Modified'] = $hq_last_modified;
$headers['ETag'] = $hq_etag;
// Support for Conditional GET
if (isset($_SERVER['HTTP_IF_NONE_MATCH'])) {
$client_etag = hq_unslash($_SERVER['HTTP_IF_NONE_MATCH']);
} else {
$client_etag = false;
}
$client_last_modified = empty($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? '' : trim($_SERVER['HTTP_IF_MODIFIED_SINCE']);
// If string is empty, return 0. If not, attempt to parse into a timestamp
$client_modified_timestamp = $client_last_modified ? strtotime($client_last_modified) : 0;
// Make a timestamp for our most recent modification...
$hq_modified_timestamp = strtotime($hq_last_modified);
if ($client_last_modified && $client_etag ? $client_modified_timestamp >= $hq_modified_timestamp && $client_etag == $hq_etag : $client_modified_timestamp >= $hq_modified_timestamp || $client_etag == $hq_etag) {
$status = 304;
$exit_required = true;
}
}
/**
* Filter the HTTP headers before they're sent to the browser.
*
* @since 0.0.1
*
* @param array $headers The list of headers to be sent.
* @param HQ $this Current HiveQueen environment instance.
*/
$headers = apply_filters('hq_headers', $headers, $this);
if (!empty($status)) {
status_header($status);
}
// If Last-Modified is set to false, it should not be sent (no-cache situation).
if (isset($headers['Last-Modified']) && false === $headers['Last-Modified']) {
unset($headers['Last-Modified']);
// In PHP 5.3+, make sure we are not sending a Last-Modified header.
if (function_exists('header_remove')) {
@header_remove('Last-Modified');
} else {
// In PHP 5.2, send an empty Last-Modified header, but only as a
foreach (headers_list() as $header) {
if (0 === stripos($header, 'Last-Modified')) {
$headers['Last-Modified'] = '';
break;
}
}
}
}
foreach ((array) $headers as $name => $field_value) {
@header("{$name}: {$field_value}");
}
if ($exit_required) {
exit;
}
/**
* Fires once the requested HTTP headers for caching, content type, etc. have been sent.
*
* @since 0.0.1
*
* @param HQ &$this Current HiveQueen environment instance (passed by reference).
*/
do_action_ref_array('send_headers', array(&$this));
}
/**
* Displays a form to the user to request for their FTP/SSH details in order
* to connect to the filesystem.
*
* All chosen/entered details are saved, Excluding the Password.
*
* Hostnames may be in the form of hostname:portnumber (eg: wordpress.org:2467)
* to specify an alternate FTP/SSH port.
*
* Plugins may override this form by returning true|false via the
* {@see 'request_filesystem_credentials'} filter.
*
* @since 0.0.1
*
* @todo Properly mark optional arguments as such
*
* @param string $form_post the URL to post the form to
* @param string $type the chosen Filesystem method in use
* @param bool $error if the current request has failed to connect
* @param string $context The directory which is needed access to, The write-test will be performed on this directory by get_filesystem_method()
* @param array $extra_fields Extra POST fields which should be checked for to be included in the post.
* @param bool $allow_relaxed_file_ownership Whether to allow Group/World writable.
* @return bool False on failure. True on success.
*/
function request_filesystem_credentials($form_post, $type = '', $error = false, $context = false, $extra_fields = null, $allow_relaxed_file_ownership = false)
{
/**
* Filter the filesystem credentials form output.
*
* Returning anything other than an empty string will effectively short-circuit
* output of the filesystem credentials form, returning that value instead.
*
* @since 0.0.1
*
* @param mixed $output Form output to return instead. Default empty.
* @param string $form_post URL to POST the form to.
* @param string $type Chosen type of filesystem.
* @param bool $error Whether the current request has failed to connect.
* Default false.
* @param string $context Full path to the directory that is tested for
* being writable.
* @param bool $allow_relaxed_file_ownership Whether to allow Group/World writable.
* @param array $extra_fields Extra POST fields.
*/
$req_cred = apply_filters('request_filesystem_credentials', '', $form_post, $type, $error, $context, $extra_fields, $allow_relaxed_file_ownership);
if ('' !== $req_cred) {
return $req_cred;
}
if (empty($type)) {
$type = get_filesystem_method(array(), $context, $allow_relaxed_file_ownership);
}
if ('direct' == $type) {
return true;
}
if (is_null($extra_fields)) {
$extra_fields = array('version', 'locale');
}
$credentials = get_option('ftp_credentials', array('hostname' => '', 'username' => ''));
// If defined, set it to that, Else, If POST'd, set it to that, If not, Set it to whatever it previously was(saved details in option)
$credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? hq_unslash($_POST['hostname']) : $credentials['hostname']);
$credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? hq_unslash($_POST['username']) : $credentials['username']);
$credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? hq_unslash($_POST['password']) : '');
// Check to see if we are setting the public/private keys for ssh
$credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? hq_unslash($_POST['public_key']) : '');
$credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? hq_unslash($_POST['private_key']) : '');
// Sanitize the hostname, Some people might pass in odd-data:
$credentials['hostname'] = preg_replace('|\\w+://|', '', $credentials['hostname']);
//Strip any schemes off
if (strpos($credentials['hostname'], ':')) {
list($credentials['hostname'], $credentials['port']) = explode(':', $credentials['hostname'], 2);
if (!is_numeric($credentials['port'])) {
unset($credentials['port']);
}
} else {
unset($credentials['port']);
}
if (defined('FTP_SSH') && FTP_SSH || defined('FS_METHOD') && 'ssh2' == FS_METHOD) {
$credentials['connection_type'] = 'ssh';
} elseif (defined('FTP_SSL') && FTP_SSL && 'ftpext' == $type) {
//Only the FTP Extension understands SSL
$credentials['connection_type'] = 'ftps';
} elseif (!empty($_POST['connection_type'])) {
$credentials['connection_type'] = hq_unslash($_POST['connection_type']);
} elseif (!isset($credentials['connection_type'])) {
//All else fails (And it's not defaulted to something else saved), Default to FTP
$credentials['connection_type'] = 'ftp';
}
if (!$error && (!empty($credentials['password']) && !empty($credentials['username']) && !empty($credentials['hostname']) || 'ssh' == $credentials['connection_type'] && !empty($credentials['public_key']) && !empty($credentials['private_key']))) {
$stored_credentials = $credentials;
if (!empty($stored_credentials['port'])) {
//save port as part of hostname to simplify above code.
$stored_credentials['hostname'] .= ':' . $stored_credentials['port'];
}
unset($stored_credentials['password'], $stored_credentials['port'], $stored_credentials['private_key'], $stored_credentials['public_key']);
if (!defined('HQ_INSTALLING')) {
update_option('ftp_credentials', $stored_credentials);
}
return $credentials;
}
$hostname = isset($credentials['hostname']) ? $credentials['hostname'] : '';
$username = isset($credentials['username']) ? $credentials['username'] : '';
$public_key = isset($credentials['public_key']) ? $credentials['public_key'] : '';
$private_key = isset($credentials['private_key']) ? $credentials['private_key'] : '';
$port = isset($credentials['port']) ? $credentials['port'] : '';
$connection_type = isset($credentials['connection_type']) ? $credentials['connection_type'] : '';
if ($error) {
$error_string = __('<strong>ERROR:</strong> There was an error connecting to the server, Please verify the settings are correct.');
if (is_hq_error($error)) {
$error_string = esc_html($error->get_error_message());
}
echo '<div id="message" class="error"><p>' . $error_string . '</p></div>';
}
$types = array();
if (extension_loaded('ftp') || extension_loaded('sockets') || function_exists('fsockopen')) {
$types['ftp'] = __('FTP');
}
if (extension_loaded('ftp')) {
//Only this supports FTPS
$types['ftps'] = __('FTPS (SSL)');
}
if (extension_loaded('ssh2') && function_exists('stream_get_contents')) {
$types['ssh'] = __('SSH2');
}
/**
* Filter the connection types to output to the filesystem credentials form.
*
* @since 0.0.1
*
* @param array $types Types of connections.
* @param array $credentials Credentials to connect with.
* @param string $type Chosen filesystem method.
* @param object $error Error object.
* @param string $context Full path to the directory that is tested
* for being writable.
*/
$types = apply_filters('fs_ftp_connection_types', $types, $credentials, $type, $error, $context);
?>
<script type="text/javascript">
<!--
jQuery(function($){
jQuery("#ssh").click(function () {
jQuery("#ssh_keys").show();
});
jQuery("#ftp, #ftps").click(function () {
jQuery("#ssh_keys").hide();
});
jQuery('#request-filesystem-credentials-form input[value=""]:first').focus();
});
-->
</script>
<form action="<?php
echo esc_url($form_post);
?>
" method="post">
<div id="request-filesystem-credentials-form" class="request-filesystem-credentials-form">
<h3 id="request-filesystem-credentials-title"><?php
_e('Connection Information');
?>
</h3>
<p id="request-filesystem-credentials-desc"><?php
$label_user = __('Username');
$label_pass = __('Password');
_e('To perform the requested action, HiveQueen needs to access your web server.');
echo ' ';
if (isset($types['ftp']) || isset($types['ftps'])) {
if (isset($types['ssh'])) {
_e('Please enter your FTP or SSH credentials to proceed.');
$label_user = __('FTP/SSH Username');
$label_pass = __('FTP/SSH Password');
} else {
_e('Please enter your FTP credentials to proceed.');
$label_user = __('FTP Username');
$label_pass = __('FTP Password');
}
echo ' ';
}
_e('If you do not remember your credentials, you should contact your web host.');
?>
</p>
<label for="hostname">
<span class="field-title"><?php
_e('Hostname');
?>
</span>
<input name="hostname" type="text" id="hostname" aria-describedby="request-filesystem-credentials-desc" class="code" placeholder="<?php
esc_attr_e('example: www.wordpress.org');
?>
" value="<?php
echo esc_attr($hostname);
if (!empty($port)) {
echo ":{$port}";
}
?>
"<?php
disabled(defined('FTP_HOST'));
?>
/>
</label>
<div class="ftp-username">
<label for="username">
<span class="field-title"><?php
echo $label_user;
?>
</span>
<input name="username" type="text" id="username" value="<?php
echo esc_attr($username);
?>
"<?php
disabled(defined('FTP_USER'));
?>
/>
</label>
</div>
<div class="ftp-password">
<label for="password">
<span class="field-title"><?php
echo $label_pass;
?>
</span>
<input name="password" type="password" id="password" value="<?php
if (defined('FTP_PASS')) {
echo '*****';
}
?>
"<?php
disabled(defined('FTP_PASS'));
?>
/>
<em><?php
if (!defined('FTP_PASS')) {
_e('This password will not be stored on the server.');
}
?>
</em>
</label>
</div>
<?php
if (isset($types['ssh'])) {
?>
<h4><?php
_e('Authentication Keys');
?>
</h4>
<label for="public_key">
<span class="field-title"><?php
_e('Public Key:');
?>
</span>
<input name="public_key" type="text" id="public_key" aria-describedby="auth-keys-desc" value="<?php
echo esc_attr($public_key);
?>
"<?php
disabled(defined('FTP_PUBKEY'));
?>
/>
</label>
<label for="private_key">
<span class="field-title"><?php
_e('Private Key:');
?>
</span>
<input name="private_key" type="text" id="private_key" value="<?php
echo esc_attr($private_key);
?>
"<?php
disabled(defined('FTP_PRIKEY'));
?>
/>
</label>
<span id="auth-keys-desc"><?php
_e('Enter the location on the server where the public and private keys are located. If a passphrase is needed, enter that in the password field above.');
?>
</span>
<?php
}
?>
<h4><?php
_e('Connection Type');
?>
</h4>
<fieldset><legend class="screen-reader-text"><span><?php
_e('Connection Type');
?>
</span></legend>
<?php
$disabled = disabled(defined('FTP_SSL') && FTP_SSL || defined('FTP_SSH') && FTP_SSH, true, false);
foreach ($types as $name => $text) {
?>
<label for="<?php
echo esc_attr($name);
?>
">
<input type="radio" name="connection_type" id="<?php
echo esc_attr($name);
?>
" value="<?php
echo esc_attr($name);
?>
"<?php
checked($name, $connection_type);
echo $disabled;
?>
/>
<?php
echo $text;
?>
</label>
<?php
}
?>
</fieldset>
<?php
foreach ((array) $extra_fields as $field) {
if (isset($_POST[$field])) {
echo '<input type="hidden" name="' . esc_attr($field) . '" value="' . esc_attr(hq_unslash($_POST[$field])) . '" />';
}
}
?>
<p class="request-filesystem-credentials-action-buttons">
<button class="button cancel-button" data-js-action="close" type="button"><?php
_e('Cancel');
?>
</button>
<?php
submit_button(__('Proceed'), 'button', 'upgrade', false);
?>
</p>
</div>
</form>
<?php
return false;
}
" />
<p class="step"><input name="submit" type="submit" value="<?php
echo htmlspecialchars(__('Submit'), ENT_QUOTES);
?>
" class="button button-large" /></p>
</form>
<?php
break;
case 2:
load_default_textdomain($language);
$GLOBALS['hq_locale'] = new HQ_Locale();
$dbname = trim(hq_unslash($_POST['dbname']));
$uname = trim(hq_unslash($_POST['uname']));
$pwd = trim(hq_unslash($_POST['pwd']));
$dbhost = trim(hq_unslash($_POST['dbhost']));
$prefix = trim(hq_unslash($_POST['prefix']));
$step_1 = 'setup-config.php?step=1';
$install = 'install.php';
if (isset($_REQUEST['noapi'])) {
$step_1 .= '&noapi';
}
if (!empty($language)) {
$step_1 .= '&language=' . $language;
$install .= '?language=' . $language;
} else {
$install .= '?language=en_US';
}
$tryagain_link = '</p><p class="step"><a href="' . $step_1 . '" onclick="javascript:history.go(-1);return false;" class="button button-large">' . __('Try again') . '</a>';
if (empty($prefix)) {
hq_die(__('<strong>ERROR</strong>: "Table Prefix" must not be empty.' . $tryagain_link));
}
/**
* Edit user settings based on contents of $_POST
*
* Used on user-edit.php and profile.php to manage and process user options, passwords etc.
*
* @since 0.0.1
*
* @param int $user_id Optional. User ID.
* @return int|HQ_Error user id of the updated user
*/
function edit_user($user_id = 0)
{
$hq_roles = hq_roles();
$user = new stdClass();
if ($user_id) {
$update = true;
$user->ID = (int) $user_id;
$userdata = get_userdata($user_id);
$user->user_login = hq_slash($userdata->user_login);
} else {
$update = false;
}
if (!$update && isset($_POST['user_login'])) {
$user->user_login = sanitize_user($_POST['user_login'], true);
}
$pass1 = $pass2 = '';
if (isset($_POST['pass1'])) {
$pass1 = $_POST['pass1'];
}
if (isset($_POST['pass2'])) {
$pass2 = $_POST['pass2'];
}
if (isset($_POST['role']) && current_user_can('edit_users')) {
$new_role = sanitize_text_field($_POST['role']);
$potential_role = isset($hq_roles->role_objects[$new_role]) ? $hq_roles->role_objects[$new_role] : false;
// Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
// Multisite super admins can freely edit their blog roles -- they possess all caps.
if (is_multisite() && current_user_can('manage_sites') || $user_id != get_current_user_id() || $potential_role && $potential_role->has_cap('edit_users')) {
$user->role = $new_role;
}
// If the new role isn't editable by the logged-in user die with error
$editable_roles = get_editable_roles();
if (!empty($new_role) && empty($editable_roles[$new_role])) {
hq_die(__('You can’t give users that role.'));
}
}
if (isset($_POST['email'])) {
$user->user_email = sanitize_text_field(hq_unslash($_POST['email']));
}
if (isset($_POST['url'])) {
if (empty($_POST['url']) || $_POST['url'] == 'http://') {
$user->user_url = '';
} else {
$user->user_url = esc_url_raw($_POST['url']);
$protocols = implode('|', array_map('preg_quote', hq_allowed_protocols()));
$user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://' . $user->user_url;
}
}
if (isset($_POST['first_name'])) {
$user->first_name = sanitize_text_field($_POST['first_name']);
}
if (isset($_POST['last_name'])) {
$user->last_name = sanitize_text_field($_POST['last_name']);
}
if (isset($_POST['nickname'])) {
$user->nickname = sanitize_text_field($_POST['nickname']);
}
if (isset($_POST['display_name'])) {
$user->display_name = sanitize_text_field($_POST['display_name']);
}
if (isset($_POST['description'])) {
$user->description = trim($_POST['description']);
}
foreach (hq_get_user_contact_methods($user) as $method => $name) {
if (isset($_POST[$method])) {
$user->{$method} = sanitize_text_field($_POST[$method]);
}
}
if ($update) {
$user->rich_editing = isset($_POST['rich_editing']) && 'false' == $_POST['rich_editing'] ? 'false' : 'true';
$user->admin_color = isset($_POST['admin_color']) ? sanitize_text_field($_POST['admin_color']) : 'fresh';
$user->show_admin_bar_front = isset($_POST['admin_bar_front']) ? 'true' : 'false';
}
$user->comment_shortcuts = isset($_POST['comment_shortcuts']) && 'true' == $_POST['comment_shortcuts'] ? 'true' : '';
$user->use_ssl = 0;
if (!empty($_POST['use_ssl'])) {
$user->use_ssl = 1;
}
$errors = new HQ_Error();
/* checking that username has been typed */
if ($user->user_login == '') {
$errors->add('user_login', __('<strong>ERROR</strong>: Please enter a username.'));
}
/* checking the password has been typed twice */
/**
* Fires before the password and confirm password fields are checked for congruity.
*
* @since 0.0.1
*
* @param string $user_login The username.
* @param string &$pass1 The password, passed by reference.
* @param string &$pass2 The confirmed password, passed by reference.
*/
do_action_ref_array('check_passwords', array($user->user_login, &$pass1, &$pass2));
if ($update) {
if (empty($pass1) && !empty($pass2)) {
$errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass1'));
} elseif (!empty($pass1) && empty($pass2)) {
$errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass2'));
}
} else {
if (empty($pass1)) {
$errors->add('pass', __('<strong>ERROR</strong>: Please enter your password.'), array('form-field' => 'pass1'));
} elseif (empty($pass2)) {
$errors->add('pass', __('<strong>ERROR</strong>: Please enter your password twice.'), array('form-field' => 'pass2'));
}
}
/* Check for "\" in password */
if (false !== strpos(hq_unslash($pass1), "\\")) {
$errors->add('pass', __('<strong>ERROR</strong>: Passwords may not contain the character "\\".'), array('form-field' => 'pass1'));
}
/* checking the password has been typed twice the same */
if ($pass1 != $pass2) {
$errors->add('pass', __('<strong>ERROR</strong>: Please enter the same password in the two password fields.'), array('form-field' => 'pass1'));
}
if (!empty($pass1)) {
$user->user_pass = $pass1;
}
if (!$update && isset($_POST['user_login']) && !validate_username($_POST['user_login'])) {
$errors->add('user_login', __('<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.'));
}
if (!$update && username_exists($user->user_login)) {
$errors->add('user_login', __('<strong>ERROR</strong>: This username is already registered. Please choose another one.'));
}
/* checking e-mail address */
if (empty($user->user_email)) {
$errors->add('empty_email', __('<strong>ERROR</strong>: Please enter an e-mail address.'), array('form-field' => 'email'));
} elseif (!is_email($user->user_email)) {
$errors->add('invalid_email', __('<strong>ERROR</strong>: The email address isn’t correct.'), array('form-field' => 'email'));
} elseif (($owner_id = email_exists($user->user_email)) && (!$update || $owner_id != $user->ID)) {
$errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.'), array('form-field' => 'email'));
}
/**
* Fires before user profile update errors are returned.
*
* @since 0.0.1
*
* @param array &$errors An array of user profile update errors, passed by reference.
* @param bool $update Whether this is a user update.
* @param HQ_User &$user HQ_User object, passed by reference.
*/
do_action_ref_array('user_profile_update_errors', array(&$errors, $update, &$user));
if ($errors->get_error_codes()) {
return $errors;
}
if ($update) {
$user_id = hq_update_user($user);
} else {
$user_id = hq_insert_user($user);
hq_new_user_notification($user_id, null, 'both');
}
return $user_id;
}
/**
* This function inserts/updates links into/in the database.
*
* @since 0.0.1
*
* @global hqdb $hqdb
*
* @param array $linkdata Elements that make up the link to insert.
* @param bool $hq_error Optional. If true return HQ_Error object on failure.
* @return int|HQ_Error Value 0 or HQ_Error on failure. The link ID on success.
*/
function hq_insert_link($linkdata, $hq_error = false)
{
global $hqdb;
$defaults = array('link_id' => 0, 'link_name' => '', 'link_url' => '', 'link_rating' => 0);
$args = hq_parse_args($linkdata, $defaults);
$r = hq_unslash(sanitize_bookmark($args, 'db'));
$link_id = $r['link_id'];
$link_name = $r['link_name'];
$link_url = $r['link_url'];
$update = false;
if (!empty($link_id)) {
$update = true;
}
if (trim($link_name) == '') {
if (trim($link_url) != '') {
$link_name = $link_url;
} else {
return 0;
}
}
if (trim($link_url) == '') {
return 0;
}
$link_rating = !empty($r['link_rating']) ? $r['link_rating'] : 0;
$link_image = !empty($r['link_image']) ? $r['link_image'] : '';
$link_target = !empty($r['link_target']) ? $r['link_target'] : '';
$link_visible = !empty($r['link_visible']) ? $r['link_visible'] : 'Y';
$link_owner = !empty($r['link_owner']) ? $r['link_owner'] : get_current_user_id();
$link_notes = !empty($r['link_notes']) ? $r['link_notes'] : '';
$link_description = !empty($r['link_description']) ? $r['link_description'] : '';
$link_rss = !empty($r['link_rss']) ? $r['link_rss'] : '';
$link_rel = !empty($r['link_rel']) ? $r['link_rel'] : '';
$link_category = !empty($r['link_category']) ? $r['link_category'] : array();
// Make sure we set a valid category
if (!is_array($link_category) || 0 == count($link_category)) {
$link_category = array(get_option('default_link_category'));
}
if ($update) {
if (false === $hqdb->update($hqdb->links, compact('link_url', 'link_name', 'link_image', 'link_target', 'link_description', 'link_visible', 'link_rating', 'link_rel', 'link_notes', 'link_rss'), compact('link_id'))) {
if ($hq_error) {
return new HQ_Error('db_update_error', __('Could not update link in the database'), $hqdb->last_error);
} else {
return 0;
}
}
} else {
if (false === $hqdb->insert($hqdb->links, compact('link_url', 'link_name', 'link_image', 'link_target', 'link_description', 'link_visible', 'link_owner', 'link_rating', 'link_rel', 'link_notes', 'link_rss'))) {
if ($hq_error) {
return new HQ_Error('db_insert_error', __('Could not insert link into the database'), $hqdb->last_error);
} else {
return 0;
}
}
$link_id = (int) $hqdb->insert_id;
}
hq_set_link_cats($link_id, $link_category);
if ($update) {
/**
* Fires after a link was updated in the database.
*
* @since 0.0.1
*
* @param int $link_id ID of the link that was updated.
*/
do_action('edit_link', $link_id);
} else {
/**
* Fires after a link was added to the database.
*
* @since 0.0.1
*
* @param int $link_id ID of the link that was added.
*/
do_action('add_link', $link_id);
}
clean_bookmark_cache($link_id);
return $link_id;
}
/**
* Filter the login page errors.
*
* @since 0.0.1
*
* @param object $errors HQ Error object.
* @param string $redirect_to Redirect destination URL.
*/
$errors = apply_filters('hq_login_errors', $errors, $redirect_to);
// Clear any stale cookies.
if ($reauth) {
hq_clear_auth_cookie();
}
login_header(__('Log In'), '', $errors);
if (isset($_POST['log'])) {
$user_login = '******' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ? esc_attr(hq_unslash($_POST['log'])) : '';
}
$rememberme = !empty($_POST['rememberme']);
if (!empty($errors->errors)) {
$aria_describedby_error = ' aria-describedby="login_error"';
} else {
$aria_describedby_error = '';
}
?>
<form name="loginform" id="loginform" action="<?php
echo esc_url(site_url('hq-login.php', 'login_post'));
?>
" method="post">
<p>
<label for="user_login"><?php
