function pc_user_auth() { global $wpdb, $pc_users; if (isset($_POST['type']) && $_POST['type'] == 'js_ajax_auth') { include_once PC_DIR . '/classes/pc_form_framework.php'; include_once PC_DIR . '/classes/simple_form_validator.php'; include_once PC_DIR . '/functions.php'; $f_fw = new pc_form(); $validator = new simple_fv(); $indexes = array(); $indexes[] = array('index' => 'pc_auth_username', 'label' => 'username', 'required' => true); $indexes[] = array('index' => 'pc_auth_psw', 'label' => 'psw', 'required' => true); $indexes[] = array('index' => 'pc_remember_me', 'label' => 'remember me'); $validator->formHandle($indexes); $error = $validator->getErrors(); $fdata = $validator->form_val; // honeypot check if (!$f_fw->honeypot_validaton()) { echo json_encode(array('resp' => 'error', 'mess' => "Antispam - we've got a bot here!")); die; } // error message if ($error) { die(json_encode(array('resp' => 'error', 'mess' => __('Incorrect username or password', 'pc_ml')))); } else { //// try to login $response = pc_login($fdata['pc_auth_username'], $fdata['pc_auth_psw'], $fdata['pc_remember_me']); // user not found if (!$response) { echo json_encode(array('resp' => 'error', 'mess' => __('Username or password incorrect', 'pc_ml'))); die; } elseif ($response === 2 || $response === 3) { echo json_encode(array('resp' => 'error', 'mess' => pc_get_message('pc_default_pu_mex'))); die; } // custom error if ($response !== true) { echo json_encode(array('resp' => 'error', 'mess' => $response)); die; } else { // redirect logged user to pvt page if (get_option('pg_redirect_back_after_login') && isset($_SESSION['pc_last_restricted']) && filter_var($_SESSION['pc_last_restricted'], FILTER_VALIDATE_URL)) { $redirect_url = $_SESSION['pc_last_restricted']; } else { // check for custom categories redirects $custom_cat_redirect = pc_user_cats_login_redirect(pc_user_logged('categories')); $redirect_url = $custom_cat_redirect ? $custom_cat_redirect : pc_man_redirects('pg_logged_user_redirect'); } echo json_encode(array('resp' => 'success', 'mess' => pc_get_message('pc_login_ok_mex'), 'redirect' => $redirect_url)); die; } } die; // security block } }
function pcud_form_shortcode($atts, $content = null) { require_once PC_DIR . '/classes/pc_form_framework.php'; $f_fw = new pc_form(); include_once PCUD_DIR . '/functions.php'; extract(shortcode_atts(array('form' => '', 'layout' => ''), $atts)); if (!filter_var($form, FILTER_VALIDATE_INT)) { return false; } // execute only if pvtContent or WP user is logged $pc_logged = pc_user_logged(false); if (!$pc_logged && !current_user_can(get_option('pg_min_role', 'upload_files'))) { return false; } // ignore testing mode $user_id = $pc_logged ? $GLOBALS['pc_user_id'] : 0; // form structure $term = get_term_by('id', $form, 'pcud_forms'); if (empty($term)) { return false; } if (empty($term->description)) { // retrocompatibility $form_fields = (array) get_option('pcud_form_' . $form, array()); } else { $form_fields = unserialize(base64_decode($term->description)); } // layout if (empty($layout) || !in_array($layout, array('one_col', 'fluid'))) { $layout_class = 'pc_' . get_option('pg_reg_layout', 'one_col') . '_form'; } else { $layout_class = 'pc_' . $layout . '_form'; } $form = ' <form class="pc_custom_form pc_custom_form_' . $form . ' ' . $layout_class . '"> <input type="hidden" name="pcud_fid" value="' . $form . '" />'; $form .= $f_fw->form_code(pcud_v2_field_names_sanitize($form_fields), false, $user_id); $form .= ' <div class="pc_custom_form_message"></div> <input type="button" class="pc_custom_form_btn" value="' . __('Submit', 'pcud_ml') . '" /> </form>'; return str_replace(array("\r", "\n", "\t", "\v"), '', $form); }
function pc_register_user() { global $wpdb, $pc_users; if (isset($_POST['type']) && $_POST['type'] == 'pc_registration') { require_once PC_DIR . '/classes/pc_form_framework.php'; require_once PC_DIR . '/classes/recaptchalib.php'; include_once PC_DIR . '/functions.php'; ////////// VALIDATION //////////////////////////////////// $term = get_term((int) $_REQUEST['form_id'], 'pc_reg_form'); if (!$term) { $mess = json_encode(array('resp' => 'error', 'mess' => __('Form not found', 'pc_ml'))); die($mess); } $GLOBALS['pc_custom_cat_name'] = true; $f_fw = new pc_form(array('use_custom_cat_name' => true, 'strip_no_reg_cats' => true)); $form_structure = unserialize(base64_decode($term->description)); $antispam = get_option('pg_antispam_sys', 'honeypot'); // custom validation indexes $custom_indexes = array(); $indexes = $f_fw->generate_validator($form_structure, $custom_indexes); //// prior custom validation $cust_errors = array(); if ($antispam == 'honeypot') { if (!$f_fw->honeypot_validaton()) { $cust_errors[] = "Antispam - we've got a bot here!"; } } else { $privatekey = "6LfQas0SAAAAAIzpthJ7UC89nV9THR9DxFXg3nVL"; $resp = pc_recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']); //var_dump($resp->is_valid); if (!$resp->is_valid) { $cust_errors[] = "reCAPTCHA - " . __("wasn't entered correctly", 'pc_ml'); } } // check disclaimer if (get_option('pg_use_disclaimer') && !isset($_POST['pc_disclaimer'])) { $cust_errors[] = __("Disclaimer", 'pc_ml') . " - " . __("must be accepted to proceed with registration", 'pc_ml'); } // validation wrap-up $is_valid = $f_fw->validate_form($indexes, $cust_errors, false, false); $fdata = $f_fw->form_data; if (!$is_valid) { $error = $f_fw->errors; } else { $status = get_option('pg_registered_pending') ? 3 : 1; $allow_wp_sync_fail = !get_option('pg_require_wps_registration') ? true : false; // if no categories field - use forced or default ones if (!isset($fdata['categories'])) { $fdata['categories'] = isset($_POST['pc_cc']) && !empty($_POST['pc_cc']) ? explode(',', $_POST['pc_cc']) : get_option('pg_registration_cat'); if (isset($_POST['pc_cc']) && !empty($_POST['pc_cc'])) { $GLOBALS['pc_escape_no_reg_cats'] = true; } // flag to bypass reg cats restrictions } // private page switch - put in form data $fdata['disable_pvt_page'] = get_option('pg_registered_pvtpage') ? 0 : 1; // insert user $result = $pc_users->insert_user($fdata, $status, $allow_wp_sync_fail); if (!$result) { $error = $pc_users->validation_errors; } } // results if (isset($error) && !empty($error)) { $mess = json_encode(array('resp' => 'error', 'mess' => $error)); die($mess); } else { // PC-ACTION - registered user - passes new user ID and status do_action('pc_registered_user', $result, $status); // success message $mess = json_encode(array('resp' => 'success', 'mess' => pc_get_message('pc_default_sr_mex'), 'redirect' => pc_man_redirects('pg_registered_user_redirect'))); die($mess); } die; // security block } }
<?php include_once PC_DIR . '/classes/pc_form_framework.php'; include_once PC_DIR . '/functions.php'; global $pc_users, $pc_wp_user; $form_fw = new pc_form(); // first/last name flag $fist_last_name = get_option('pg_use_first_last_name'); // current user can edit - flag $cuc = get_option('pg_min_role_tmu', get_option('pg_min_role', 'upload_files')); // WP user sync check $wp_user_sync = $pc_users->wp_user_sync; // check if are updating $upd = isset($_GET['user']) ? true : false; if ($upd) { // if update - get the user ID and if is WP synced $user_id = (int) addslashes($_GET['user']); $is_wp_synced = $wp_user_sync && $pc_wp_user->pvtc_is_synced($user_id) ? true : false; } else { $is_wp_synced = false; } /***********************************************************************/ // DISABLE / ENABLE / ACTIVATE / DELETE if (isset($_GET['new_status'])) { $ns = (int) $_GET['new_status']; if (!isset($_GET['pc_nonce']) || !wp_verify_nonce($_GET['pc_nonce'], __FILE__)) { die('<p>Cheating?</p>'); } if (!in_array($ns, array(0, 1, 2))) { die('<p>Wrong status value</p>'); }
function pc_reg_form_builder() { if (!isset($_POST['pc_nonce']) || !wp_verify_nonce($_POST['pc_nonce'], 'lcwp_ajax')) { die('Cheating?'); } include_once PC_DIR . '/classes/pc_form_framework.php'; $f_fw = new pc_form(); $form_id = trim(addslashes($_POST['form_id'])); if (!filter_var($form_id, FILTER_VALIDATE_INT)) { die('Invalid form ID'); } $term = get_term($form_id, 'pc_reg_form'); $structure = unserialize(base64_decode($term->description)); echo ' <table id="pc_rf_add_f_table" class="widefat pc_table"> <tbody> <tr> <td class="pc_label_td">' . __('Form name', 'pc_ml') . '</td> <td class="pc_field_td"> <input type="text" name="pc_rf_name" id="pc_rf_name" value="' . $term->name . '" placeholder="' . __("New form's name", 'pc_ml') . '" autocomplete="off" /> </td> </tr> <tr> <td class="pc_label_td"><input type="button" name="pc_rf_add_field" id="pc_rf_add_field" class="button-secondary" value="' . __('Add field', 'pc_ml') . '" /></td> <td class="pc_field_td"> <select name="pc_rf_fields_dd" class="lcweb-chosen pc_rf_fields_dd" data-placeholder="' . __('Add fields', 'pc_ml') . ' .." autocomplete="off">'; foreach ($f_fw->fields as $index => $data) { if (in_array($index, array('username', 'psw', 'pc_disclaimer'))) { continue; } echo '<option value="' . $index . '">' . $data['label'] . '</option>'; } echo ' <option value="custom|||text">' . __('TEXT BLOCK', 'pc_ml') . '</option> </select> </td> </tr> </tbody> </table> <table id="pc_rf_builder_table" class="widefat pc_table"> <thead> <tr> <th style="width: 15px;"></th> <th style="width: 15px;"></th> <th>' . __('Field', 'pc_ml') . '</th> <th>' . __('Required?', 'pc_ml') . '</th> </tr> </thead> <tbody>'; $txt_id = 0; foreach ($structure['include'] as $field) { $required = in_array($field, (array) $structure['require']) || in_array($field, array('username', 'psw', 'categories')) ? 'checked="checked"' : ''; $disabled = in_array($field, array('username', 'psw', 'categories')) ? 'disabled="disabled"' : ''; $del_code = in_array($field, array('username', 'psw')) ? '' : '<span class="pc_del_field" title="' . __('remove field', 'pc_ml') . '"></span>'; // text block part if ($field == 'custom|||text') { $content = isset($structure['texts']) && is_array($structure['texts']) && isset($structure['texts'][$txt_id]) ? $structure['texts'][$txt_id] : ''; $code = ' <td colspan="2"> <input type="hidden" name="pc_reg_form_field[]" value="' . $field . '" class="pc_reg_form_builder_included" /> <textarea name="pc_reg_form_texts[]" placeholder="' . __('Supports HTML and shortcodes', 'pc_ml') . '">' . $content . '</textarea> </td>'; $txt_id++; } else { $code = ' <td> <input type="hidden" name="pc_reg_form_field[]" value="' . $field . '" class="pc_reg_form_builder_included" /> ' . $f_fw->get_field_name($field) . ' </td> <td> <input type="checkbox" name="pc_reg_form_req[]" value="' . $field . '" ' . $required . ' ' . $disabled . ' class="ip_checks pc_reg_form_builder_required" autocomplete="off" /> </td>'; } echo ' <tr rel="' . $field . '"> <td>' . $del_code . '</td> <td><span class="pc_move_field" title="' . __('sort field', 'pc_ml') . '"></span></td> ' . $code . ' </tr>'; } echo '</tbody> </table>'; die; }
function pc_registration_form($form_id = '', $layout = '', $forced_cats = false, $redirect = false) { include_once PC_DIR . '/classes/pc_form_framework.php'; include_once PC_DIR . '/classes/recaptchalib.php'; // if is not set the target user category, return an error if (!get_option('pg_registration_cat')) { return __('You have to set registered users default category in settings', 'pc_ml'); } else { $f_fw = new pc_form(array('use_custom_cat_name' => true, 'strip_no_reg_cats' => true)); //// get form structure // if form not found - get first in list if (!(int) $form_id) { $rf = get_terms('pc_reg_form', 'hide_empty=0&order=DESC&number=1'); if (empty($rf)) { return __('No registration forms found', 'pc_ml'); } $rf = $rf[0]; } else { $rf = get_term($form_id, 'pc_reg_form'); if (empty($rf)) { $rf = get_terms('pc_reg_form', 'hide_empty=0&order=DESC&number=1'); if (empty($rf)) { return __('No registration forms found', 'pc_ml'); } $rf = $rf[0]; } } $form_structure = unserialize(base64_decode($rf->description)); if (!is_array($form_structure) || !in_array('username', $form_structure['include']) || !in_array('psw', $form_structure['include'])) { return __('Username and password fields are mandatory', 'pc_ml'); } // disclaimer inclusion if (get_option('pg_use_disclaimer')) { $form_structure['include'][] = 'pc_disclaimer'; } // PC-FILTER - manage registration form structure - passes structure array and form id $form_structure = apply_filters('pc_registration_form', $form_structure, $rf->term_id); // layout class $layout = empty($layout) ? get_option('pg_reg_layout', 'one_col') : $layout; $layout_class = 'pc_' . $layout . '_form'; // custom category parameter if (!empty($forced_cats) && !in_array("categories", $form_structure['include'])) { $cat_attr = 'pc_cc="' . $forced_cats . '"'; } else { $cat_attr = ''; } // custom redirect attribute if (!empty($redirect)) { $redir_attr = 'pc_redirect="' . $redirect . '"'; } else { $redir_attr = ''; } //// init structure $form = '<form class="pc_registration_form pc_rf_' . $rf->term_id . ' ' . $layout_class . '" ' . $cat_attr . ' ' . $redir_attr . ' rel="' . $rf->term_id . '">'; $custom_fields = ''; //// anti-spam system $antispam = get_option('pg_antispam_sys', 'honeypot'); if ($antispam == 'honeypot') { $custom_fields .= $f_fw->honeypot_generator(); } else { $publickey = "6LfQas0SAAAAAIdKJ6Y7MT17o37GJArsvcZv-p5K"; $custom_fields .= ' <script type="text/javascript"> var RecaptchaOptions = {theme : "clean"}; </script> <li class="pc_rf_recaptcha">' . pc_recaptcha_get_html($publickey) . '</li>'; } $form .= $f_fw->form_code($form_structure, $custom_fields); $form .= ' <div id="pc_reg_message"></div> <input type="button" class="pc_reg_btn" value="' . __('Submit', 'pc_ml') . '" /> </form>'; return $form; } }
public function update_user($user_id, $data) { include_once 'pc_form_framework.php'; $form_fw = new pc_form(); // wp-sync init if ($this->wp_user_sync) { include_once 'wp_user_sync.php'; global $pc_wp_user; $is_wp_synced = $pc_wp_user->pvtc_is_synced($user_id); } else { $is_wp_synced = false; } // put array elements in $_POST globval to use validator foreach ((array) $data as $key => $val) { $_POST[$key] = $val; } /*** form structure ***/ $form_fields = array(); $require = isset($data['email']) && $form_fw->mail_is_required ? array('email') : array(); // add $data fields foreach ((array) $data as $key => $val) { $form_fields[] = $key; } /* PC-FILTER - customize required fields for user update */ $require = apply_filters('pc_update_user_required_fields', $require); $form_structure = array('include' => array_unique($form_fields), 'require' => array_unique($require)); // if WP synced - ignore username if ($this->wp_user_sync && $is_wp_synced) { if (($key = array_search('username', $form_structure['include'])) !== false) { unset($form_structure['include'][$key]); } } // if password is empty - ignore if (in_array('psw', $form_structure['include']) && (!isset($data['psw']) || empty($data['psw']))) { if (($key = array_search('psw', $form_structure['include'])) !== false) { unset($form_structure['include'][$key]); } } // if password is ok but repeat password doesn't exist - set it if (in_array('psw', $form_structure['include']) && !isset($data['check_psw'])) { $_POST['check_psw'] = $data['psw']; $data['check_psw'] = $_POST['check_psw']; } // validation structure $indexes = $form_fw->generate_validator($form_structure); // add index for disable_pvt_page if (in_array('disable_pvt_page', $form_fields)) { $indexes[] = array('index' => 'disable_pvt_page', 'label' => __("Disable private page", 'pc_ml'), 'type' => 'int', 'max_len' => 1); } /*** standard validation ***/ $is_valid = $form_fw->validate_form($indexes, array(), $user_id); $fdata = $form_fw->form_data; /*** advanced/custom validations ***/ if ($is_valid) { $params = array('fdata' => $fdata, 'user_id' => $user_id, 'wp_synced' => $is_wp_synced); $this->specific_user_check('update', $params); if (!empty($this->validation_errors)) { return false; } /* PC-FILTER - custom data validation before user insertion - pass/return HTML code for error message */ $this->validation_errors = apply_filters('pc_update_user_data_check', $this->validation_errors, $fdata); if (!empty($this->validation_errors)) { return false; } } // abort or update if (!$is_valid) { $this->validation_errors = $form_fw->errors; return false; } else { $this->validation_errors = ''; /*** update user ***/ // prepare query array with fixed fields $query_arr = array(); foreach ($this->fixed_fields as $ff) { if (isset($fdata[$ff])) { switch ($ff) { case 'categories': $val = serialize((array) $fdata[$ff]); break; case 'psw': $val = $this->encrypt_psw($fdata[$ff]); break; default: $val = isset($fdata[$ff]) ? $fdata[$ff] : false; break; } if ($val !== false) { $query_arr[$ff] = $val; } // sanitize known data for saving if (isset($query_arr['disable_pvt_page'])) { $query_arr['disable_pvt_page'] = (int) $query_arr['disable_pvt_page']; } } } // only if there are fixed fields to save if (!empty($query_arr)) { $result = $this->db->update(PC_USERS_TABLE, $query_arr, array('id' => (int) $user_id)); } else { $result = 0; // simulate "no fields updated" response } if ($result === false) { // if data is same, returns 0. Check for false $this->debug_note(__('Error updating user data into database', 'pc_ml')); $this->validation_errors = __('Error updating user data into database', 'pc_ml'); return false; } else { // if is wp-synced if ($this->wp_user_sync && $is_wp_synced) { $wp_user_id = $pc_wp_user->sync_wp_user($fdata, $is_wp_synced->ID); } // update metas $this->save_meta_fields($user_id, $form_structure['include'], $fdata); /* PC-ACTION - triggered when user is updated - passes user id */ do_action('pc_user_updated', $user_id); return true; } } }
function pcud_add_user_fields($fdata, $user_id) { include_once PCUD_DIR . '/functions.php'; include_once PC_DIR . '/classes/pc_form_framework.php'; $form_fw = new pc_form(); $custom_f_indexes = pcud_sorted_fields_indexes(); if (empty($custom_f_indexes)) { return false; } $code = ' <h3 style="border: none !important;">User Data add-on - ' . __('custom fields', 'pcud_ml') . '</h3> <table class="widefat pc_table pc_add_user" style="margin-bottom: 25px;"> <tbody>'; $a = 0; foreach ($custom_f_indexes as $f_index) { $f = $form_fw->fields[$f_index]; // user data exists? $val = !empty($fdata) && isset($fdata[$f_index]) ? $fdata[$f_index] : false; // specific cases $placeh = isset($f['placeh']) ? 'placeholder="' . $f['placeh'] . '"' : ''; // start code if (!$a) { $code .= '<tr>'; } $left_border = !$a ? '' : 'style="border-left: 1px solid #DFDFDF;"'; $code .= '<td class="pc_label_td" ' . $left_border . '>' . $f['label'] . '</td>'; // field type switch if ($f['type'] == 'text') { $dp_class = $f['subtype'] == 'eu_date' || $f['subtype'] == 'us_date' ? 'class="pcud_datepicker pcud_dp_' . $f['subtype'] . '"' : ''; $code .= ' <td class="pc_field_td"> <input type="' . $f['type'] . '" name="' . $f_index . '" value="' . pc_sanitize_input($val) . '" maxlength="' . $f['maxlen'] . '" ' . $placeh . ' ' . $dp_class . ' autocomplete="off" /> </td>'; } elseif ($f['type'] == 'textarea') { $code .= ' <td class="pc_field_td"> <textarea name="' . $f_index . '" autocomplete="off" ' . $placeh . ' style="width: 90%; height: 45px;">' . $val . '</textarea> </td>'; } elseif ($f['type'] == 'select' || $f['type'] == 'checkbox') { $opts = $form_fw->get_field_options($f['opt']); $multiple = $f['type'] == 'checkbox' || isset($f['multiple']) && $f['multiple'] ? 'multiple="multiple"' : ''; $multi_name = $multiple ? '[]' : ''; $code .= ' <td class="pc_field_td"> <select name="' . $f_index . $multi_name . '" class="lcweb-chosen" ' . $multiple . ' data-placeholder="' . __('Select values', 'pcud_ml') . ' .." autocomplete="off" style="width: 90%;">'; foreach ($opts as $opt) { $sel = in_array($opt, (array) $val) ? 'selected="selected"' : false; $code .= '<option value="' . $opt . '" ' . $sel . '>' . $opt . '</option>'; } $code .= ' </select> </td>'; } elseif ($f['type'] == 'single_checkbox') { $checked = empty($val) ? '' : 'checked="checked"'; $code .= ' <td class="pc_field_td"> <input type="checkbox" name="' . $f_index . '" value="1" ' . $checked . ' class="ip_checks" autocomplete="off" /> </td>'; } if ($a == 1) { $code .= '</tr>'; $a = 0; } else { $a++; } } // if missing a TD - add it if ($a !== 0) { $code .= '<td style="border-left: 1px solid #DFDFDF;" colspan="2"></td></tr>'; } // add-user button utility $btn_val = empty($fdata) ? __('Add User', 'pc_ml') : __('Update User', 'pc_ml'); $code .= ' <tr> <td colspan="2" style="width: 50%;"> <input type="submit" name="pc_man_user_submit" value="' . $btn_val . '" class="button-primary" /> </td> <td colspan="2" style="width: 50%;"></td> </tr> '; $code .= "\r\n\t<!-- datepicker init -->\r\n\t<script type='text/javascript'>\r\n\tjQuery(document).ready(function() {\r\n\t\tif(jQuery('.pcud_datepicker').size() > 0) {\r\n\t\t\t// dynamically add datepicker style\r\n\t\t\tjQuery('head').append(\"<link rel='stylesheet' href='" . PCUD_URL . "/css/datepicker/light/pcud_light.theme.min.css' type='text/css' media='all' />\");\r\n\t\t\t\r\n\t\t\tvar pcud_datepicker_init = function(type) {\r\n\t\t\t\treturn {\r\n\t\t\t\t\tdateFormat : (type == 'eu') ? 'dd/mm/yy' : 'mm/dd/yy',\r\n\t\t\t\t\tbeforeShow: function(input, inst) {\r\n\t\t\t\t\t\tjQuery('#ui-datepicker-div').wrap('<div class=\"pcud_dp\"></div>');\r\n\t\t\t\t\t},\r\n\t\t\t\t\tmonthNames: \t\tpcud_datepick_str.monthNames,\r\n\t\t\t\t\tmonthNamesShort: \tpcud_datepick_str.monthNamesShort,\r\n\t\t\t\t\tdayNames: \t\t\tpcud_datepick_str.dayNames,\r\n\t\t\t\t\tdayNamesShort: \t\tpcud_datepick_str.dayNamesShort,\r\n\t\t\t\t\tdayNamesMin:\t\tpcud_datepick_str.dayNamesMin,\r\n\t\t\t\t\tisRTL:\t\t\t\tpcud_datepick_str.isRTL\r\n\t\t\t\t};\t\r\n\t\t\t}\r\n\t\t\t\r\n\t\t\tjQuery('.pcud_dp_eu_date').datepicker( pcud_datepicker_init('eu') );\r\n\t\t\tjQuery('.pcud_dp_us_date').datepicker( pcud_datepicker_init('us') );\r\n\t\t}\r\n\t});\r\n\t</script>\r\n\t"; echo $code; }
function pcud_handle_custom_form() { if (isset($_POST['type']) && $_POST['type'] == 'pcud_cf_submit') { require_once PC_DIR . '/classes/pc_form_framework.php'; require_once PCUD_DIR . '/functions.php'; global $wpdb, $pc_users; $f_fw = new pc_form(); $form_id = (int) $_POST['pcud_fid']; // check for logged users $pc_logged = pc_user_logged(false); if (!$pc_logged && !current_user_can(get_option('pg_min_role', 'upload_files'))) { die(json_encode(array('resp' => 'error', 'mess' => __('You must be logged to use this form', 'pcud_ml')))); } ////////// VALIDATION //////////////////////////////////// // get form structure $term = get_term_by('id', $form_id, 'pcud_forms'); if (empty($term)) { die(json_encode(array('resp' => 'error', 'mess' => __('Form not found', 'pcud_ml')))); } if (empty($term->description)) { // retrocompatibility $form_fields = (array) get_option('pcud_form_' . $form_id, array()); } else { $form_fields = unserialize(base64_decode($term->description)); } $indexes = $f_fw->generate_validator(pcud_v2_field_names_sanitize($form_fields)); $is_valid = $f_fw->validate_form($indexes, $cust_errors = array(), false, false); $fdata = $f_fw->form_data; if (!$is_valid) { $error = $f_fw->errors; } else { // check for redirects if (isset($form_fields['redirect']) && !empty($form_fields['redirect'])) { $redirect = $form_fields['redirect'] == 'custom' ? $form_fields['cust_redir'] : get_permalink($form_fields['redirect']); } else { $redirect = ''; } // if not PC user - stop here if (!$pc_logged) { die(json_encode(array('resp' => 'success', 'mess' => __('Form submitted successfully.<br/> Not logged as PrivateContent user, nothing has been saved', 'pcud_ml'), 'redirect' => $redirect))); } // update user $result = $pc_users->update_user($GLOBALS['pc_user_id'], $fdata); if (!$result) { $error = $pc_users->validation_errors; } } // results if (isset($error) && !empty($error)) { die(json_encode(array('resp' => 'error', 'mess' => $error))); } else { // if is updating password - sync also cookie if (isset($fdata['psw'])) { $encrypted = $pc_users->get_user_field($user_id, $field); setcookie('pc_user', $GLOBALS['pc_user_id'] . '|||' . $encrypted, time() + 3600 * 6, '/'); } // PCUD-ACTION - user updated its data - passes form data do_action('pcud_user_updated_data', $fdata); // success message $mess = json_encode(array('resp' => 'success', 'mess' => __('Data saved succesfully', 'pc_ml'), 'redirect' => $redirect)); die($mess); } die; // security block } }