// keep only numeric, commas or decimal values $postvals['cp_price'] = empty($_POST['cp_price']) ? '' : appthemes_clean_price($_POST['cp_price']); if (isset($postvals['cp_currency']) && !empty($postvals['cp_currency'])) { $price_curr = $postvals['cp_currency']; } else { $price_curr = $cp_options->curr_symbol; } // keep only values and insert/strip commas if needed if (!empty($_POST['tags_input'])) { $postvals['tags_input'] = appthemes_clean_tags($_POST['tags_input']); $_POST['tags_input'] = $postvals['tags_input']; } // store the user IP address, ID for later $postvals['cp_sys_userIP'] = appthemes_get_ip(); $postvals['user_id'] = $current_user->ID; $ad_pack_id = isset($_POST['ad_pack_id']) ? appthemes_numbers_only($_POST['ad_pack_id']) : false; if ($ad_pack_id) { $postvals['pack_duration'] = cp_get_ad_pack_length($ad_pack_id); } $coupon = false; if (cp_payments_is_enabled()) { // see if the featured ad checkbox has been checked if (isset($_POST['featured_ad'])) { $postvals['featured_ad'] = $_POST['featured_ad']; // get the featured ad price into the array $postvals['cp_sys_feat_price'] = $cp_options->sys_feat_price; } // calculate the ad listing fee and put into a variable $postvals['cp_sys_ad_listing_fee'] = cp_ad_listing_fee($_POST['cat'], $ad_pack_id, $postvals['cp_price'], $price_curr); // calculate the total cost of the ad if (isset($postvals['cp_sys_feat_price'])) {
<?php /* * Template Name: User Edit Item * * This template must be assigned to the edit-item page * in order for it to work correctly * */ global $wpdb; $debugOn = array(); $current_user = wp_get_current_user(); // grabs the user info and puts into vars // get the ad id from the querystring. $aid = appthemes_numbers_only($_GET['aid']); // make sure the ad id is legit otherwise set it to zero which will return no results if (!empty($aid)) { $aid = $aid; } else { $aid = '0'; } // select post information and also category with joins. // filtering based off current user id which prevents people from trying to hack other peoples ads $sql = $wpdb->prepare("SELECT wposts.*, {$wpdb->term_taxonomy}.term_id " . "FROM {$wpdb->posts} wposts " . "LEFT JOIN {$wpdb->term_relationships} ON({$aid} = {$wpdb->term_relationships}.object_id) " . "LEFT JOIN {$wpdb->term_taxonomy} ON({$wpdb->term_relationships}.term_taxonomy_id = {$wpdb->term_taxonomy}.term_taxonomy_id) " . "LEFT JOIN {$wpdb->terms} ON({$wpdb->term_taxonomy}.term_id = {$wpdb->terms}.term_id) " . "WHERE ID = %s AND {$wpdb->term_taxonomy}.taxonomy = '" . APP_TAX_CAT . "' " . "AND post_author = %s", $aid, $current_user->ID); // pull ad fields from db $getad = $wpdb->get_row($sql); ?> <script type='text/javascript'> // <![CDATA[
<img src="<?php echo appthemes_locate_template_uri('images/step1.gif'); ?> " alt="" class="stepimg" /> <?php // display the custom message cp_display_message('membership_form_help'); if (isset($_GET['membership']) && $_GET['membership'] == 'required') { ?> <p class="info"> <?php if (!empty($_GET['cat']) && $_GET['cat'] != 'all') { $category_id = appthemes_numbers_only($_GET['cat']); $category = get_term_by('term_id ', $category_id, APP_TAX_CAT); if ($category) { $term_link = html('a', array('href' => get_term_link($category, APP_TAX_CAT), 'title' => $category->name), $category->name); printf(__('Membership is currently required in order to post to category %s.', APP_TD), $term_link); } } else { _e('Membership is currently required.', APP_TD); } ?> </p> <?php } ?>
static function process_actions() { global $current_user; $allowed_actions = array('pause', 'restart', 'delete', 'setSold', 'unsetSold'); if (!isset($_GET['action']) || !in_array($_GET['action'], $allowed_actions)) { return; } if (!isset($_GET['aid']) || !is_numeric($_GET['aid'])) { return; } $d = trim($_GET['action']); $post_id = appthemes_numbers_only($_GET['aid']); // make sure ad exist $post = get_post($post_id); if (!$post || $post->post_type != APP_POST_TYPE) { return; } // make sure author matches if ($post->post_author != $current_user->ID) { return; } $expire_time = strtotime(get_post_meta($post->ID, 'cp_sys_expire_date', true)); $is_expired = current_time('timestamp') > $expire_time && $post->post_status == 'draft'; $is_pending = $post->post_status == 'pending'; if ($d == 'pause' && !$is_expired && !$is_pending) { wp_update_post(array('ID' => $post->ID, 'post_status' => 'draft')); appthemes_add_notice('paused', __('Ad has been paused.', APP_TD), 'success'); wp_redirect(CP_DASHBOARD_URL); exit; } elseif ($d == 'restart' && !$is_expired && !$is_pending) { wp_update_post(array('ID' => $post->ID, 'post_status' => 'publish')); appthemes_add_notice('restarted', __('Ad has been published.', APP_TD), 'success'); wp_redirect(CP_DASHBOARD_URL); exit; } elseif ($d == 'delete') { cp_delete_ad_listing($post->ID); appthemes_add_notice('deleted', __('Ad has been deleted.', APP_TD), 'success'); wp_redirect(CP_DASHBOARD_URL); exit; } elseif ($d == 'setSold') { update_post_meta($post->ID, 'cp_ad_sold', 'yes'); appthemes_add_notice('marked-sold', __('Ad has been marked as sold.', APP_TD), 'success'); wp_redirect(CP_DASHBOARD_URL); exit; } elseif ($d == 'unsetSold') { update_post_meta($post->ID, 'cp_ad_sold', 'no'); appthemes_add_notice('unmarked-sold', __('Ad has been unmarked as sold.', APP_TD), 'success'); wp_redirect(CP_DASHBOARD_URL); exit; } }
/* Template Name: Membership Pack Purchases */ global $current_user; $current_user = wp_get_current_user(); if (!isset($errors)) { $errors = new WP_Error(); } // get information about current membership $active_membership = isset($current_user->active_membership_pack) ? get_pack($current_user->active_membership_pack) : false; //get any existing orders $cp_user_orders = get_user_orders($current_user->ID); $cp_user_recent_order = $cp_user_orders ? $cp_user_orders[0] : false; if (isset($_POST['step1']) || isset($_POST['step2'])) { if (isset($_POST['pack'])) { $pack_id = appthemes_numbers_only($_POST['pack']); $membership = get_pack($pack_id); if (!$membership) { $errors->add('invalid-pack-id', __('Choosen membership package does not exist.', APP_TD)); } } else { $errors->add('missed-pack', __('You need to choose membership package.', APP_TD)); } if (!isset($_POST['oid']) || $_POST['oid'] != appthemes_numbers_letters_only($_POST['oid'])) { $errors->add('invalid-order-id', __('Membership order ID is invalid.', APP_TD)); } } ?> <div class="content">
/** * Deletes all stats for individual listing, * called via ajax reset-stats action * * @return void */ public static function ajax_reset_post_stats() { if (empty(self::$args) || !current_user_can('manage_options') || !isset($_GET['post_id'])) { $response = array('success' => false); die(json_encode($response)); } $post_id = appthemes_numbers_only($_GET['post_id']); // delete post stats self::delete_post_stats($post_id); // update post meta mirrors to 0 views update_post_meta($post_id, self::$args['meta_daily'], '0'); update_post_meta($post_id, self::$args['meta_total'], '0'); $response = array('success' => true, 'html' => html('span', array('class' => 'text'), __('Stats have been reset!', APP_TD))); die(json_encode($response)); }
/** * Deletes all stats for individual listing, * called via ajax reset-stats action */ function appthemes_reset_stats_ajax() { global $wpdb; if (!current_theme_supports('app-stats') || !current_user_can('manage_options') || !isset($_GET['post_id'])) { $response = array('success' => false); die(json_encode($response)); } $post_id = appthemes_numbers_only($_GET['post_id']); list($options) = get_theme_support('app-stats'); // empty stats from both tables $wpdb->query($wpdb->prepare("DELETE FROM {$wpdb->app_stats_daily} WHERE postnum = '%d'", $post_id)); $wpdb->query($wpdb->prepare("DELETE FROM {$wpdb->app_stats_total} WHERE postnum = '%d'", $post_id)); // update post meta mirrors to 0 views update_post_meta($post_id, $options['meta_daily'], '0'); update_post_meta($post_id, $options['meta_total'], '0'); $response = array('success' => true, 'html' => html('span', array('class' => 'text'), __('Stats has been reseted!', APP_TD))); die(json_encode($response)); }
/** * Returns cleaned fields that we expect. * * return array */ protected function clean_expected_fields() { $posted = parent::clean_expected_fields(); foreach ($this->expected_fields() as $field) { if ($field == 'ad_pack_id') { $posted[$field] = isset($_POST[$field]) ? $_POST[$field] : ''; $posted[$field] = appthemes_numbers_only($posted[$field]); } } return $posted; }