static function process_actions() { global $current_user; $allowed_actions = array('pause', 'restart', 'delete', 'setSold', 'unsetSold'); if (!isset($_GET['action']) || !in_array($_GET['action'], $allowed_actions)) { return; } if (!isset($_GET['aid']) || !is_numeric($_GET['aid'])) { return; } $d = trim($_GET['action']); $post_id = appthemes_numbers_only($_GET['aid']); // make sure ad exist $post = get_post($post_id); if (!$post || $post->post_type != APP_POST_TYPE) { return; } // make sure author matches if ($post->post_author != $current_user->ID) { return; } $expire_time = strtotime(get_post_meta($post->ID, 'cp_sys_expire_date', true)); $is_expired = current_time('timestamp') > $expire_time && $post->post_status == 'draft'; $is_pending = $post->post_status == 'pending'; if ($d == 'pause' && !$is_expired && !$is_pending) { wp_update_post(array('ID' => $post->ID, 'post_status' => 'draft')); appthemes_add_notice('paused', __('Ad has been paused.', APP_TD), 'success'); wp_redirect(CP_DASHBOARD_URL); exit; } elseif ($d == 'restart' && !$is_expired && !$is_pending) { wp_update_post(array('ID' => $post->ID, 'post_status' => 'publish')); appthemes_add_notice('restarted', __('Ad has been published.', APP_TD), 'success'); wp_redirect(CP_DASHBOARD_URL); exit; } elseif ($d == 'delete') { cp_delete_ad_listing($post->ID); appthemes_add_notice('deleted', __('Ad has been deleted.', APP_TD), 'success'); wp_redirect(CP_DASHBOARD_URL); exit; } elseif ($d == 'setSold') { update_post_meta($post->ID, 'cp_ad_sold', 'yes'); appthemes_add_notice('marked-sold', __('Ad has been marked as sold.', APP_TD), 'success'); wp_redirect(CP_DASHBOARD_URL); exit; } elseif ($d == 'unsetSold') { update_post_meta($post->ID, 'cp_ad_sold', 'no'); appthemes_add_notice('unmarked-sold', __('Ad has been unmarked as sold.', APP_TD), 'success'); wp_redirect(CP_DASHBOARD_URL); exit; } }
if ($checkauthor != null) { // author check is ok. now update ad status if ($d == 'pause') { $my_ad = array(); $my_ad['ID'] = $aid; $my_ad['post_status'] = 'draft'; wp_update_post($my_ad); $action_msg = __('Ad has been paused', 'appthemes'); } elseif ($d == 'restart') { $my_ad = array(); $my_ad['ID'] = $aid; $my_ad['post_status'] = 'publish'; wp_update_post($my_ad); $action_msg = __('Ad has been published', 'appthemes'); } elseif ($d == 'delete') { cp_delete_ad_listing($aid); $action_msg = __('Ad has been deleted', 'appthemes'); } elseif ($d == 'freerenew') { cp_renew_ad_listing($aid); $action_msg = __('Ad has been relisted', 'appthemes'); } elseif ($d == 'setSold') { update_post_meta($aid, 'cp_ad_sold', 'yes'); $action_msg = __('Ad has been marked as sold', 'appthemes'); } elseif ($d == 'unsetSold') { update_post_meta($aid, 'cp_ad_sold', 'no'); $action_msg = __('Ad has been unmarked as sold', 'appthemes'); } else { //echo "nothing here"; } } }
function template_redirect() { global $wpdb, $current_user; appthemes_auth_redirect_login(); // if not logged in, redirect to login page nocache_headers(); // check to see if we want to pause or restart the ad if (isset($_GET['action']) && !empty($_GET['action'])) { $d = trim($_GET['action']); $aid = trim($_GET['aid']); // make sure author matches ad. Prevents people from trying to hack other peoples ads $sql = $wpdb->prepare("SELECT wposts.post_author FROM {$wpdb->posts} wposts WHERE ID = %d AND post_author = %d", $aid, $current_user->ID); $checkauthor = $wpdb->get_row($sql); if ($checkauthor != null) { // author check is ok. now update ad status if ($d == 'pause') { $my_ad = array(); $my_ad['ID'] = $aid; $my_ad['post_status'] = 'draft'; wp_update_post($my_ad); $redirect_url = add_query_arg(array('paused' => 'true'), CP_DASHBOARD_URL); wp_redirect($redirect_url); exit; } elseif ($d == 'restart') { $my_ad = array(); $my_ad['ID'] = $aid; $my_ad['post_status'] = 'publish'; wp_update_post($my_ad); $redirect_url = add_query_arg(array('restarted' => 'true'), CP_DASHBOARD_URL); wp_redirect($redirect_url); exit; } elseif ($d == 'delete') { cp_delete_ad_listing($aid); $redirect_url = add_query_arg(array('deleted' => 'true'), CP_DASHBOARD_URL); wp_redirect($redirect_url); exit; } elseif ($d == 'freerenew') { cp_renew_ad_listing($aid); $redirect_url = add_query_arg(array('freerenewed' => 'true'), CP_DASHBOARD_URL); wp_redirect($redirect_url); exit; } elseif ($d == 'setSold') { update_post_meta($aid, 'cp_ad_sold', 'yes'); $redirect_url = add_query_arg(array('markedsold' => 'true'), CP_DASHBOARD_URL); wp_redirect($redirect_url); exit; } elseif ($d == 'unsetSold') { update_post_meta($aid, 'cp_ad_sold', 'no'); $redirect_url = add_query_arg(array('unmarkedsold' => 'true'), CP_DASHBOARD_URL); wp_redirect($redirect_url); exit; } } } add_action('appthemes_notices', array($this, 'show_notice')); }