function validate_form()
{
$error = array();
$NumberTickets = clean_int($_POST['numberoftickets']);
$MaxMb = clean_number($_POST['MaxMb']);
$Max_Mb = clean_number($_POST['Max_Mb']);
$MaxTime = clean_int($_POST['MaxTime']);
$Max_Time = clean_int($_POST['Max_Time']);
$error[] = validate_int($NumberTickets);
if (!\Grase\Validate::numericLimit($MaxMb)) {
$error[] = sprintf(T_("Invalid value '%s' for Data Limit"), $MaxMb);
}
if (!\Grase\Validate::numericLimit($Max_Mb)) {
$error[] = sprintf(T_("Invalid value '%s' for Data Limit"), $Max_Mb);
}
if (!\Grase\Validate::numericLimit($MaxTime)) {
$error[] = sprintf(T_("Invalid value '%s' for Time Limit"), $MaxTime);
}
if (!\Grase\Validate::numericLimit($Max_Time)) {
$error[] = sprintf(T_("Invalid value '%s' for Time Limit"), $Max_Time);
}
if ((is_numeric($Max_Mb) || $_POST['Max_Mb'] == 'inherit') && is_numeric($MaxMb)) {
$error[] = T_("Only set one Data limit field");
}
if ((is_numeric($Max_Time) || $_POST['Max_Time'] == 'inherit') && is_numeric($MaxTime)) {
$error[] = T_("Only set one Time limit field");
}
// 1000 seems like a reasonable number, if someone wants it increased we can now that we can delete batches
if ($NumberTickets > 1000) {
$error[] = T_("Max of 1000 tickets per batch");
}
$error[] = validate_group($_POST['Group']);
return array_filter($error);
}
function kp_process_create()
{
$user_id = get_current_user_id($user_id);
$user_data = get_userdata($user_id);
if (isset($_POST['title_form'], $_POST['goal_form'], $_POST['content_form']) && $_POST['kp_wish'] == 'process_kp_wish') {
if (!wp_verify_nonce($_POST['kp_nonce'], 'kp_nonce')) {
return;
}
// var_dump($_POST); //////////////////
if ($_POST['title_form'] == '' || $_POST['goal_form'] == '' || $_POST['content_form'] == '') {
$location_fail = get_bloginfo('url') . '/account/?user='******'&tab=donation_form&kp-message=wish_void';
wp_redirect($location_fail);
exit;
}
if (!validate_int($_POST['goal_form'], 1000000)) {
$location_fail = get_bloginfo('url') . '/account/?user='******'&tab=donation_form&int-message=goal_failed';
wp_redirect($location_fail);
exit;
}
//Retrieve data POST
$wish_title = sanitize_title($_POST['title_form']);
$wish_goal = sanitize_text_field($_POST['goal_form']);
//Create properly format
$wish_goal = number_format($wish_goal, 2, '.', '');
$wish_content = sanitize_text_field($_POST['content_form']);
$wish_youtube = isset($_POST['youtube_form']) ? sanitize_text_field($_POST['youtube_form']) : '';
$wish_vimeo = isset($_POST['vimeo_form']) ? sanitize_text_field($_POST['vimeo_form']) : '';
$author_login = $user_data->user_login;
// Создаем массив
$post_data = array('post_title' => wp_strip_all_tags($wish_title), 'post_type' => 'give_forms', 'post_content' => '', 'post_status' => 'draft', 'post_author' => $user_id);
// Insert post in WP
$post_id = wp_insert_post(wp_slash($post_data));
if (!$post_id) {
return;
}
$settings_for_buttons = array(0 => array("_give_id" => array("level_id" => '1'), "_give_amount" => '2', "_give_text" => '2 dollars', "_give_default" => "default"), 1 => array("_give_id" => array("level_id" => '2'), "_give_amount" => '5', "_give_text" => '5 dollars', "_give_default" => "default"), 2 => array("_give_id" => array("level_id" => '3'), "_give_amount" => '10', "_give_text" => '10 dollars', "_give_default" => "default"), 3 => array("_give_id" => array("level_id" => '4'), "_give_amount" => '20', "_give_text" => '20 dollars', "_give_default" => "default"), 4 => array("_give_id" => array("level_id" => '5'), "_give_amount" => '50', "_give_text" => '50 dollars', "_give_default" => "default"));
//Settings for offline donations
$offline_notes = 'In order to make an offline donation we ask that you please follow these instructions:
Make a check payable to ""
On the memo line of the check, please indicate that the donation is for ""
Please mail your check to:
123 G Street
San Diego, CA 92101
All contributions will be gratefully acknowledged and are tax deductible.';
$offline_subject = '{donation} - Offline Donation Instructions';
$offline_email = 'Dear {name},
Thank you for your offline donation request! Your generosity is greatly appreciated.
In order to make an offline donation we ask that you please follow these instructions:
Make a check payable to ""
On the memo line of the check, please indicate that the donation is for ""
Please mail your check to:
123 G Street
San Diego, CA 92101
Once your donation has been received we will mark it as complete and you will receive an email receipt for your records. Please contact us with any questions you may have!
Sincerely,';
//Update meta data
update_post_meta($post_id, '_give_form_content', $wish_content);
update_post_meta($post_id, '_give_goal_option', 'yes');
update_post_meta($post_id, '_give_set_goal', $wish_goal);
update_post_meta($post_id, 'autor_login', $author_login);
update_post_meta($post_id, '_give_price_option', 'multi');
update_post_meta($post_id, '_give_set_price', '1.00');
update_post_meta($post_id, '_give_donation_levels', $settings_for_buttons);
update_post_meta($post_id, '_give_display_style', 'buttons');
update_post_meta($post_id, '_give_custom_amount', 'yes');
update_post_meta($post_id, '_give_content_option', 'give_post_form');
update_post_meta($post_id, '_give_payment_display', 'reveal');
update_post_meta($post_id, '_give_default_gateway', 'global');
update_post_meta($post_id, '_give_show_register_form', 'none');
update_post_meta($post_id, 'youtube', $wish_youtube);
update_post_meta($post_id, 'vimeo', $wish_vimeo);
update_post_meta($post_id, '_give_customize_offline_donations', 'no');
update_post_meta($post_id, '_give_offline_checkout_notes', $offline_notes);
update_post_meta($post_id, '_give_offline_donation_subject', $offline_subject);
update_post_meta($post_id, '_give_offline_donation_email', $offline_email);
update_post_meta($post_id, '_give_terms_option', 'none');
//Upload thumbnail
if (isset($_FILES["image_form"]["name"]) && $_FILES["image_form"]["name"] != '') {
$err_images = true;
if ($_FILES["image_form"]["error"] == 0 && $post_id) {
//&& current_user_can( 'edit_post', $post_id )
require_once ABSPATH . 'wp-admin/includes/image.php';
require_once ABSPATH . 'wp-admin/includes/file.php';
require_once ABSPATH . 'wp-admin/includes/media.php';
$attachment_id = media_handle_upload('image_form', $post_id);
if ($attachment_id) {
set_post_thumbnail($post_id, $attachment_id);
}
if (is_wp_error($attachment_id)) {
$err_images = false;
}
} else {
$err_images = false;
}
if ($err_images == false) {
$location_fail = get_bloginfo('url') . '/account/?user='******'&tab=donation_form&kp-message=images_fail';
wp_redirect($location_fail);
exit;
}
}
//unset Data Post
unset($_POST['title_form'], $_POST['goal_form'], $_POST['content_form'], $_POST['youtube_form'], $_POST['vimeo_form'], $_POST['kp_nonce']);
if (isset($user_id, $wish_title, $wish_goal, $wish_content) && $post_id > 0) {
$location_ok = get_bloginfo('url') . '/account/?user='******'&tab=donation_form&kp-message=wish_completed';
wp_redirect($location_ok);
exit;
}
}
}
public function remove_thumbs_up($student_id)
{
if (validate_int($student_id)) {
$safe_student_id = sanitize_int($student_id);
}
if (!$this->check_if_student_can_interact($safe_student_id)) {
return FALSE;
}
if (!$this->check_if_user_has_given_thumbs_up($safe_student_id)) {
return FALSE;
}
global $dbCon;
$sql = "UPDATE post_thumbs_up SET removed = 1 WHERE student_id = ? AND post_id = ? AND removed = 0;";
$stmt = $dbCon->prepare($sql);
if ($stmt === false) {
trigger_error('SQL Error: ' . $dbCon->error, E_USER_ERROR);
}
$stmt->bind_param('ii', $safe_student_id, $this->id);
//Bind parameters.
$stmt->execute();
$id = $stmt->insert_id;
$stmt->close();
if ($id > 0) {
return FALSE;
}
return FALSE;
}
$daystop = date('t', strtotime("{$yearstop}-{$monthstop}"));
$day = 1;
$month = date('m', strtotime("-6 months"));
$year = date('Y', strtotime("-6 months"));
$amount = 7;
}
} else {
if ($ui->post['dmy'] == 'ye') {
$dmy = 'ye';
$day = 1;
if (validate_int($ui->post['yearstart'], 2000, date('Y'))) {
$year = $ui->post['yearstart'];
} else {
$year = date('Y', strtotime("-6 days"));
}
if (validate_int($ui->post['yearstop'], 2000, date('Y'))) {
$yearstop = $ui->post['yearstop'];
} else {
$yearstop = date('Y');
}
$month = 1;
$monthstop = 12;
$daystop = 31;
$now = date('Y');
$date1 = strtotime("{$year}-{$month}-{$day}");
$date2 = strtotime("{$yearstop}-{$monthstop}-{$daystop}");
$add = $date1;
$i = 0;
while ($add <= $date2) {
$newadd = strtotime("+1 year", $add);
$add = $newadd;
public function get_post_ids_for_member_feed($limit = NULL)
{
global $dbCon;
$post_ids = array();
if (!validate_int($limit)) {
$limit = NULL;
}
if (!empty($limit)) {
$sql = "SELECT id FROM group_post WHERE group_id IN (SELECT group_id FROM student_group WHERE student_id = ? AND active = 1) AND removed = 0 ORDER BY time DESC LIMIT {$limit};";
} else {
$sql = "SELECT id FROM group_post WHERE group_id IN (SELECT group_id FROM student_group WHERE student_id = ? AND active = 1) AND removed = 0 ORDER BY time DESC;";
}
$stmt = $dbCon->prepare($sql);
//Prepare Statement
if ($stmt === false) {
trigger_error('SQL Error: ' . $dbCon->error, E_USER_ERROR);
}
$stmt->bind_param('i', $this->id);
//Bind parameters.
$stmt->execute();
//Execute
$stmt->bind_result($post_id);
while ($stmt->fetch()) {
$post_ids[] = $post_id;
}
$stmt->close();
if (count($post_ids) > 0) {
return $post_ids;
}
return FALSE;
}
public function get_posts($limit = NULL)
{
global $dbCon;
$posts = array();
if (!validate_int($limit)) {
$limit = NULL;
}
if (!empty($limit)) {
$sql = "SELECT group_post.id, group_post.`time`, group_post.post_type, group_post.img_path, group_post.public, group_post.post, student.id, `group`.id, `group`.`name`, `group`.public FROM group_post INNER JOIN `group` ON group_post.group_id = `group`.id INNER JOIN student ON student_id = student.id WHERE group_id = ? ORDER BY time DESC LIMIT {$limit};";
} else {
$sql = "SELECT group_post.id, group_post.`time`, group_post.post_type, group_post.img_path, group_post.public, group_post.post, student.id, `group`.id, `group`.`name`, `group`.public FROM group_post INNER JOIN `group` ON group_post.group_id = `group`.id INNER JOIN student ON student_id = student.id WHERE group_id = ? ORDER BY time DESC;";
}
$stmt = $dbCon->prepare($sql);
//Prepare Statement
if ($stmt === false) {
trigger_error('SQL Error: ' . $dbCon->error, E_USER_ERROR);
}
$stmt->bind_param('i', $this->id);
//Bind parameters.
$stmt->execute();
//Execute
$stmt->bind_result($post_id, $post_time, $post_type, $img_path, $post_public, $post_content, $student_id, $group_id, $group_name, $group_public);
while ($stmt->fetch()) {
$post = array();
$post['post_id'] = $post_id;
$post['post_time'] = $post_time;
$post['post_type'] = $post_type;
$post['img_path'] = $img_path;
$post['post_public'] = $post_public;
$post['post_content'] = $post_content;
$post['student_id'] = $student_id;
$post['group_id'] = $group_id;
$post['group_name'] = $group_name;
$post['group_public'] = $group_public;
$posts[] = $post;
}
$stmt->close();
if (count($posts) > 0) {
return $posts;
}
return FALSE;
}
/**
*
* @global type $dbCon mysqli connection
* @param int $student_id Id of student posting
* @param int $group_id Id of group in which the post is intended
* @param int $public 1 if public, 0 (anything else) if private
* @param string $post the post message
* @param int $type 1 if regular post, 2 if image post
* @param string $image_path Image path (used for type 2)
* @return string error|int id Error message if failed, Id of post if succeded
*/
private function save_post($student_id, $group_id, $public, $post, $type, $image_path)
{
//Validate and Sanitize
if (!validate_int($student_id)) {
//Return is 0 or FALSE - Both are not good
return "Student ID is incorrect";
}
if (!validate_int($group_id)) {
//Return is 0 or FALSE - Both are not good
return "Group ID is incorrect";
}
if (validate_int($public) === FALSE) {
//Return is FALSE - This is not good
return "There's been an error in the public setting, public is " . $public . " - should be integer.";
}
$safe_student_id = sanitize_int($student_id);
$safe_group_id = sanitize_int($group_id);
$safe_public = sanitize_int($public);
global $dbCon;
$sql = "INSERT INTO group_post (student_id, group_id, public, post, post_type, img_path) VALUES (?, ?, ?, ?, ?, ?);";
$stmt = $dbCon->prepare($sql);
if ($stmt === false) {
trigger_error('SQL Error: ' . $dbCon->error, E_USER_ERROR);
}
$stmt->bind_param('iiisis', $safe_student_id, $safe_group_id, $safe_public, $post, $type, $image_path);
//Bind parameters.
$stmt->execute();
$id = $stmt->insert_id;
if ($id > 0) {
$stmt->close();
return $id;
}
$error = $stmt->error;
$stmt->close();
return $error;
}
} elseif (isset($_POST['post-image-message'])) {
$public = 0;
$student_id = $student->get_id();
$group_id = $group->get_id();
if ($group->get_public() == 1) {
if (isset($_POST['post-image-privacy'])) {
$public = sanitize_int($_POST['post-image-privacy']);
}
}
$post = $_POST['post-image-text-message'];
$image_path = upload_image(950);
if ($image_path === FALSE) {
//Sikke en bandit!
} else {
$post_result = $pc->create_post($student_id, $group_id, $public, $post, 2, $image_path);
if (!validate_int($post_result)) {
?>
<script>alert("Error: <?php
echo $post_result;
?>
");</script>
<?php
}
}
}
if ($student->get_student_level_in_group($group->get_id()) === 3) {
if (isset($_POST['uploadHeader'])) {
$new_header = upload_image(1200);
if ($new_header !== FALSE) {
$group->save_header_image($new_header);
} else {
function validate_ignitions($number)
{
$safe_number = validate_int($number);
if ($safe_number < -1) {
$safe_number = -1;
}
return $safe_number;
}
function kp_process_transfer()
{
if (isset($_POST['aims_to'], $_POST['aims_from'], $_POST['money']) && $_POST['kp_transfer'] == 'process_kp_transfer') {
if (!wp_verify_nonce($_POST['kp_nonce'], 'kp_nonce')) {
return;
}
//Retrieve metadata From
$form_id_from = sanitize_text_field($_POST['aims_from']);
$amount_goal_from = get_post_meta($form_id_from, '_give_set_goal', true);
$amount_have_from = get_post_meta($form_id_from, '_give_form_earnings', true);
//Convert to one format:
$amount_goal_from_f = str_replace(',', '', $amount_goal_from);
$amount_have_from_f = number_format($amount_have_from, 2, '.', '');
//Substraction
$substraction_from = give_format_amount($amount_have_from_f - $amount_goal_from_f);
//Retrieve metadata TO
$form_id_to = sanitize_text_field($_POST['aims_to']);
$amount_goal_to = get_post_meta($form_id_to, '_give_set_goal', true);
$amount_have_to = get_post_meta($form_id_to, '_give_form_earnings', true);
//Convert to one format:
$amount_goal_to_f = str_replace(',', '', $amount_goal_to);
$amount_have_to_f = number_format($amount_have_to, 2, '.', '');
$substraction_to = give_format_amount($amount_have_to_f - $amount_goal_to_f);
$user_id = get_current_user_id();
//Amount to transfer
$transfer = sanitize_text_field($_POST['money']);
if (validate_int($transfer, $substraction_from)) {
//New data
$transfer = give_format_amount($transfer);
$new_amount_from = $amount_have_from_f - $transfer;
$new_amount_to = $amount_have_to_f + $transfer;
//echo number_format($new_amount_from, 2, '.', '') . ' ' . number_format($new_amount_to, 2, '.', '');
update_post_meta($form_id_from, '_give_form_earnings', $new_amount_from);
update_post_meta($form_id_to, '_give_form_earnings', $new_amount_to);
$location_ok = get_bloginfo('url') . '/account/?user='******'&tab=transfer_funds&kp-message=transfer_completed';
wp_redirect($location_ok);
exit;
} else {
$location_fail = get_bloginfo('url') . '/account/?user='******'&tab=transfer_funds&kp-message=int_failed';
wp_redirect($location_fail);
exit;
}
}
}
function log_member_in($user, $password)
{
//Security 101 - Never tell the user which part is incorrect!
$failed_message = "Wrong Username/Email or Password";
//We check if the value given from the user is an email
if ($this->validate_email($user)) {
//And so it is! We get the member details with the email address.
$user_array = $this->get_member_with_email($user);
} else {
//Oh, it's not an email, maybe a username then?
$user_array = $this->get_member_with_username($user);
}
//If the id is not set in the user array, or ID is less than one, we
//can't log the login attempt for a specific user
if (!isset($user_array['id']) && !validate_int($user_array['id'])) {
//We save the login attempt, without passing a user id, and passing
//the 0 value as response (0 == false in SQL)
$this->save_login_attempt(0);
return $failed_message;
//Return the string created in the beginning
}
//Since we've reached this far, we know that a user exists with the
//username OR email. We now hash the given password with the user's salt
$hashed_password = $this->hash_password($password, $user_array['salt']);
//We check if the saved password matches the given password
//die($hashed_password . '<br>' . $user_array['password']);
if ($this->compare_passwords($hashed_password, $user_array['password']) === TRUE) {
//We check if the user is banned
if ($this->check_if_ban_is_in_order($user_array['id']) === TRUE) {
//The account is banned. We save the login attemp with a failed
//respons, and returns an error message stating this.
$this->save_login_attempt(0, $user_array['id']);
//If the ban is more than 3 (which is where the user is banned)
//We annoy the user a bit by redirecting them!
//Here we check if it's only three!
//(remember we just saved one more, so it's +1)
if (!$this->check_if_ban_is_in_order($id, 5)) {
return "This account has been locked due to too many failed " . "logins. Please try again later!";
}
return "This account has been locked due to too many failed " . "logins. You are now being redirected because you've tried " . "to log in much more than allowed! " . "<script>" . "setTimeout(function()" . "{window.location = 'http://www.heibosoft.com'}" . ", 2000);" . "</script>";
}
//Now, let's sign the user in!
//We save a session cookie stating the user is signed in
$_SESSION['logged_in'] = TRUE;
//And a session cookie with the user id
$_SESSION['user_id'] = $user_array['id'];
//The user succesfully logged in, let's save the attempt anyway!
$this->save_login_attempt(1, $user_array['id']);
return TRUE;
} else {
$this->save_login_attempt(0, $user_array['id']);
if ($this->check_if_ban_is_in_order($user_array['id']) === TRUE) {
if (!$this->check_if_ban_is_in_order($id, 5)) {
return "This account has been locked due to too many failed " . "logins. Please try again later!";
}
return "This account has been locked due to too many failed " . "logins. You are now being redirected because you've tried " . "to log in much more than allowed!";
}
return $failed_message;
}
return FALSE;
}
$error[] = sprintf(T_("Invalid recurrence interval '%s'"), $groupRecurTime[$key]);
}
if (!\Grase\Validate::recurrenceInterval($groupRecurData[$key], recurtimes())) {
$error[] = sprintf(T_("Invalid recurrence interval '%s'"), $groupRecurData[$key]);
}
if (!\Grase\Validate::recurrenceTime($groupRecurTime[$key], $groupRecurTimeLimit[$key])) {
$error[] = T_("Recurring time limit must be less than interval");
}
if (!\Grase\Validate::bandwidthOptions($groupBandwidthDownLimit[$key], bandwidth_options())) {
$error[] = sprintf(T_("Invalid Bandwidth Limit '%s'"), $groupBandwidthDownLimit[$key]);
}
if (!\Grase\Validate::bandwidthOptions($groupBandwidthUpLimit[$key], bandwidth_options())) {
$error[] = sprintf(T_("Invalid Bandwidth Limit '%s'"), $groupBandwidthUpLimit[$key]);
}
//TODO we don't validate that it's not 0, relying on HTML5 to do that
$error[] = @validate_int($groupSimultaneousUse[$key], true);
// TODO: Validate Login-Time
$error[] = @validate_uucptimerange($groupLoginTime[$key]);
$error = array_filter($error);
if (isset($groupRecurTime[$key]) xor isset($groupRecurTimeLimit[$key])) {
$error[] = sprintf(T_("Need both a time limit and recurrance for '%s'"), \Grase\Clean::text($name));
}
$groups[\Grase\Clean::groupName($name)] = array_filter(array('DataRecurTime' => \Grase\Clean::text($groupRecurData[$key]), 'DataRecurLimit' => clean_number($groupRecurDataLimit[$key]), 'TimeRecurTime' => @\Grase\Clean::text($groupRecurTime[$key]), 'TimeRecurLimit' => @clean_int($groupRecurTimeLimit[$key]), 'BandwidthDownLimit' => @clean_int($groupBandwidthDownLimit[$key]), 'BandwidthUpLimit' => @clean_int($groupBandwidthUpLimit[$key]), 'SimultaneousUse' => @clean_int($groupSimultaneousUse[$key]), 'LoginTime' => @$groupLoginTime[$key], 'IdleTimeout' => @clean_int($groupIdleTimeout[$key])));
$groupSettings[\Grase\Clean::groupName($name)] = array_filter(array('GroupName' => \Grase\Clean::groupName($name), 'Comment' => \Grase\Clean::text($groupComment[$key]), 'GroupLabel' => \Grase\Clean::text($name), 'Expiry' => @$groupExpiry[$key], 'ExpireAfter' => @$groupExpireAfter[$key], 'MaxMb' => @clean_number($groupDataLimit[$key]), 'MaxTime' => @clean_int($groupTimeLimit[$key])));
}
if (sizeof($error) == 0) {
// No errors. Save groups
foreach ($groupSettings as $attributes) {
$Settings->setGroup($attributes);
}
// Delete groups no longer referenced
?>
/"</script>
<?php
die;
} else {
$message = "You have been added to the group!";
$theres_a_message = TRUE;
}
}
}
}
}
if (isset($_POST['decline'])) {
$invite_id = sanitize_int($_POST['invid']);
$group_id = sanitize_int($_POST['gid']);
if (!validate_int($invite_id) || !validate_int($group_id)) {
die("You naughty bastard!");
}
if ($student->check_if_invite_for_group_is_pending($group_id)) {
if ($student->decline_pending_invite($invite_id)) {
$message = "You have declined the invite to the group!";
$theres_a_message = TRUE;
}
}
}
?>
<html>
<head>
<meta charset="UTF-8">
<title>Group Invites | StudyTeam</title>
<?php
function kp_process_edit()
{
$user_id = get_current_user_id($user_id);
$user_data = get_userdata($user_id);
if (isset($_POST['post_id_edit'], $_POST['title_form_edit'], $_POST['goal_form_edit'], $_POST['content_form_edit']) && $_POST['kp_wish_edit'] == 'process_kp_wish') {
if (!wp_verify_nonce($_POST['kp_nonce'], 'kp_nonce')) {
return;
}
//var_dump($_POST); //////////////////
if ($_POST['title_form_edit'] == '' || $_POST['goal_form_edit'] == '' || $_POST['content_form_edit'] == '') {
$location_fail = get_bloginfo('url') . '/account/?user='******'&tab=edit_wish&kp-message=wish_void';
wp_redirect($location_fail);
exit;
}
if (!validate_int($_POST['goal_form_edit'], 1000000)) {
$location_fail = get_bloginfo('url') . '/account/?user='******'&tab=edit_wish&int-message=goal_failed';
wp_redirect($location_fail);
exit;
}
//Retrieve data POST
$post_id = intval($_POST['post_id_edit']);
$wish_title = sanitize_title($_POST['title_form_edit']);
$wish_goal = sanitize_text_field($_POST['goal_form_edit']);
//Create properly format
$wish_goal = number_format($wish_goal, 2, '.', '');
$wish_content = sanitize_text_field($_POST['content_form_edit']);
$wish_youtube = isset($_POST['youtube_form_edit']) ? sanitize_text_field($_POST['youtube_form_edit']) : '';
$wish_vimeo = isset($_POST['vimeo_form_edit']) ? sanitize_text_field($_POST['vimeo_form_edit']) : '';
$author_login = $user_data->user_login;
//Update meta data
update_post_meta($post_id, '_give_set_goal', $wish_goal);
update_post_meta($post_id, '_give_form_content', $wish_content);
update_post_meta($post_id, 'youtube', $wish_youtube);
update_post_meta($post_id, 'vimeo', $wish_vimeo);
//For those wishes that were active bur now is waiting for admin's permission
update_post_meta($post_id, 'wish_status_active', 'pending_admin');
// Data array
$post_edit = array();
$post_edit['ID'] = $post_id;
$post_edit['post_title'] = $wish_title;
$post_edit['post_name'] = $wish_title;
$post_edit['post_status'] = 'pending';
wp_update_post($post_edit);
// Upload thumbnail
if (isset($_FILES["image_form_edit"]["name"]) && $_FILES["image_form_edit"]["name"] != '') {
$err_images = true;
if ($_FILES["image_form_edit"]["error"] == 0 && $post_id) {
//&& current_user_can( 'edit_post', $post_id )
require_once ABSPATH . 'wp-admin/includes/image.php';
require_once ABSPATH . 'wp-admin/includes/file.php';
require_once ABSPATH . 'wp-admin/includes/media.php';
if (has_post_thumbnail()) {
delete_post_thumbnail($post_id);
}
$attachment_id = media_handle_upload('image_form_edit', $post_id);
if ($attachment_id) {
set_post_thumbnail($post_id, $attachment_id);
}
if (is_wp_error($attachment_id)) {
$err_images = false;
}
} else {
$err_images = false;
}
if ($err_images == false) {
$location_fail = get_bloginfo('url') . '/account/?user='******'&tab=edit_wish&kp-message=images_fail';
wp_redirect($location_fail);
exit;
}
}
//unset Data Post
unset($_POST['post_id_edit'], $_POST['title_form_edit'], $_POST['goal_form_edit'], $_POST['content_form_edit'], $_POST['youtube_form_edit'], $_POST['vimeo_form_edit'], $_POST['kp_nonce']);
if (isset($user_id, $wish_title, $wish_goal, $wish_content) && $post_id > 0) {
$location_ok = get_bloginfo('url') . '/account/?user='******'&tab=edit_wish&kp-message=wish_updated';
wp_redirect($location_ok);
exit;
}
}
}
