/**
* processes any POST requests
*
* this is called on the 'init' hook
*
* @global object $wpdb
* @return null
*/
public static function process_page_request()
{
$post_sanitize = array('subsource' => FILTER_SANITIZE_STRING, 'action' => FILTER_SANITIZE_STRING, 'pdb_data_keys' => FILTER_SANITIZE_STRING, 'submit_button' => FILTER_SANITIZE_STRING, 'filename' => FILTER_SANITIZE_STRING, 'base_filename' => FILTER_SANITIZE_STRING, 'CSV_type' => FILTER_SANITIZE_STRING, 'include_csv_titles' => FILTER_VALIDATE_BOOLEAN, 'nocookie' => FILTER_VALIDATE_BOOLEAN, 'previous_multipage' => FILTER_SANITIZE_STRING);
/*
* $post_input is used for control functions, not for the dataset
*/
$post_input = filter_input_array(INPUT_POST, $post_sanitize);
// only process POST arrays from this plugin's pages
if (empty($post_input['subsource']) or $post_input['subsource'] != self::PLUGIN_NAME or empty($post_input['action'])) {
return;
}
// add a filter to check the submission before anything is done with it
$check = true;
self::set_filter('check_submission', $check);
if ($check === false) {
return;
}
// error_log( __METHOD__.' post:'.print_r( $_POST, true ) );
/*
* the originating page for a multipage form is saved in a session value
*
* if this is an empty string, it is assumed the submission was not part of a multipage form series
*/
self::$session->set('previous_multipage', $post_input['previous_multipage']);
/*
* get the defined columns for the submitting shortcode (if any)
*
* this is needed so that validation will be performed on the expected list
* of fields, not just what's found in the POST array
*/
$columns = false;
if (!empty($post_input['pdb_data_keys'])) {
$columns = self::get_data_key_columns($post_input['pdb_data_keys']);
}
/*
* instantiate the validation object if we need to. This is necessary
* because another script can instantiate the object in order to add a
* feedback message
*
* we don't validate administrators in the admin
*/
if (!is_object(self::$validation_errors)) {
if (Participants_Db::is_form_validated()) {
self::$validation_errors = new PDb_FormValidation();
}
}
switch ($post_input['action']) {
case 'update':
case 'insert':
/*
* we are here for one of these cases:
* a) we're adding a new record in the admin
* b) a user is updating their record on the frontend
* c) an admin is updating a record
*
* signups are processed in the case 'signup' section
*
* set the raw post array filters. We pass in the $_POST array, expecting
* a possibly altered copy of it to be returned
*
* filter: pdb-before_submit_update
* filter: pdb-before_submit_add
*/
$post_data = self::set_filter('before_submit_' . ($post_input['action'] === 'insert' ? 'add' : 'update'), $_POST);
if (isset($_POST['id'])) {
$id = filter_input(INPUT_POST, 'id', FILTER_VALIDATE_INT, array('options' => array('min_range' => 1)));
} elseif (isset($_GET['id'])) {
$id = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT, array('options' => array('min_range' => 1)));
} else {
$id = false;
}
$participant_id = self::process_form($post_data, $post_input['action'], $id, $columns);
if (false === $participant_id) {
// we have errors; go back to form and show errors
return;
}
/*
* set the stored record hook.
*
* hook: pdb-after_submit_update
* hook: pdb-after_submit_add
*/
$wp_hook = self::$prefix . 'after_submit_' . ($post_input['action'] == 'insert' ? 'add' : 'update');
do_action($wp_hook, self::get_participant($participant_id));
/*
* if we are submitting from the frontend, set the feedback message and
* send the update notification
*/
if (!is_admin()) {
/*
* if the user is an admin, the validation object won't be instantiated,
* so we do that here so the feedback message can be shown.
*/
if (!is_object(self::$validation_errors)) {
self::$validation_errors = new PDb_FormValidation();
}
self::$validation_errors->add_error('', self::$plugin_options['record_updated_message']);
if (self::$plugin_options['send_record_update_notify_email'] && Participants_Db::$session->get('form_status') !== 'multipage') {
$sent = wp_mail(self::$plugin_options['email_signup_notify_addresses'], self::proc_tags(self::$plugin_options['record_update_email_subject'], $participant_id, 'all'), self::proc_tags(self::$plugin_options['record_update_email_body'], $participant_id, 'all'), self::$email_headers);
}
/*
* if the "thanks page" is defined as another page, save the ID in a session variable and move to that page.
*/
if (isset($post_data['thanks_page']) && $post_data['thanks_page'] != $_SERVER['REQUEST_URI']) {
self::$session->set('pdbid', $post_data['id']);
$redirect = $post_input['action'] == 'insert' ? $post_data['thanks_page'] : self::add_uri_conjunction($post_data['thanks_page']) . 'action=update';
wp_redirect($redirect);
exit;
}
return;
}
// redirect according to which submit button was used
switch ($post_input['submit_button']) {
case self::$i18n['apply']:
$redirect = get_admin_url() . 'admin.php?page=' . self::PLUGIN_NAME . '-edit_participant&id=' . $participant_id;
break;
case self::$i18n['next']:
$get_id = $post_input['action'] == 'update' ? '&id=' . self::next_id($participant_id) : '';
$redirect = get_admin_url() . 'admin.php?page=' . self::PLUGIN_NAME . '-edit_participant' . $get_id;
break;
case self::$i18n['previous']:
$get_id = $post_input['action'] == 'update' ? '&id=' . self::next_id($participant_id, false) : '';
$redirect = get_admin_url() . 'admin.php?page=' . self::PLUGIN_NAME . '-edit_participant' . $get_id;
break;
case self::$i18n['submit']:
default:
$redirect = get_admin_url() . 'admin.php?page=' . self::PLUGIN_NAME;
}
wp_redirect($redirect);
exit;
case 'output CSV':
$csv_role = Participants_Db::plugin_setting_is_true('editor_allowed_csv_export') ? 'editor' : 'admin';
if (!Participants_Db::current_user_has_plugin_role($csv_role, 'csv export')) {
die;
}
$header_row = array();
$title_row = array();
$data = array();
$filename = !empty($post_input['filename']) ? $post_input['filename'] : '';
switch ($post_input['CSV_type']) {
// create a blank data array
case 'blank':
// add the header row
foreach (self::get_column_atts('CSV') as $column) {
$header_row[] = $column->name;
}
$data[] = $header_row;
$i = 2;
// number of blank rows to create
while ($i > 0) {
$data[] = array_fill_keys($header_row, '');
$i--;
}
break;
case 'participant list':
global $wpdb;
$import_columns = '';
foreach (self::get_column_atts('CSV') as $column) {
$import_columns .= sprintf('`%s`,', $column->name);
$header_row[] = $column->name;
$title_row[] = $column->title;
}
$data['header'] = $header_row;
if ($post_input['include_csv_titles']) {
$data['titles'] = $title_row;
}
global $current_user;
$query = get_transient(Participants_Db::$prefix . 'admin_list_query' . $current_user->ID);
if ($query) {
$query = str_replace('*', ' ' . trim($import_columns, ',') . ' ', $query);
$data += self::_prepare_CSV_rows($wpdb->get_results($query, ARRAY_A));
}
break;
}
// CSV type
if (!empty($filename)) {
$base_filename = substr($filename, 0, strpos($filename, PDb_List_Admin::filename_datestamp() . '.csv'));
/*
* @version 1.6
* base filename is now saved as a preference
*/
global $user_ID;
PDb_List_Admin::$user_settings = Participants_Db::$prefix . PDb_List_Admin::$user_settings . '-' . $user_ID;
PDb_List_Admin::set_admin_user_setting('csv_base_filename', $base_filename);
// create a file pointer connected to the output stream
$output = fopen('php://output', 'w');
//header('Content-type: application/csv'); // some sources say it should be this
header('Content-Type: text/csv; charset=utf-8');
header("Cache-Control: no-store, no-cache");
header('Content-Disposition: attachment; filename="' . $filename . '"');
// output the data lines
foreach ($data as $line) {
fputcsv($output, $line, ',', self::$CSV_enclosure);
}
fclose($output);
// we must terminate the script to prevent additional output being added to the CSV file
exit;
}
return $data;
case 'retrieve':
if (self::nonce_check(filter_input(INPUT_POST, 'session_hash', FILTER_SANITIZE_STRING), self::$main_submission_nonce_key)) {
self::_process_retrieval();
}
return;
case 'signup':
if (!self::nonce_check(filter_input(INPUT_POST, 'session_hash', FILTER_SANITIZE_STRING), self::$main_submission_nonce_key)) {
return;
}
$_POST['private_id'] = '';
$columns[] = 'private_id';
/*
* route the $_POST data through a callback if defined
*
* filter: pdb-before_submit_signup
*/
$post_data = self::set_filter('before_submit_signup', $_POST);
/*
* the signup form should update the current record if it is revisited during a multipage form session
*/
$submit_action = 'insert';
if (self::$session->get('pdbid') !== false) {
$submit_action = 'update';
}
// submit the data
$post_data['id'] = self::process_form($post_data, $submit_action, self::$session->get('pdbid'), $columns);
if (false !== $post_data['id']) {
/*
* hook: pdb-after_submit_signup
*/
$wp_hook = self::$prefix . 'after_submit_signup';
do_action($wp_hook, self::get_participant($post_data['id']));
$redirect = $post_data['thanks_page'];
self::$session->set('pdbid', $post_data['id']);
wp_redirect($redirect);
exit;
}
return;
}
// $_POST['action']
}
/**
* sets up the internationalization strings
*/
private static function _setup_i18n()
{
/* translators: the following 5 strings are used in logic matching, please test after translating in case special characters cause problems */
self::$i18n = array('delete_checked' => _x('Delete Checked', 'submit button label', 'participants-database'), 'change' => _x('Change', 'submit button label', 'participants-database'), 'sort' => _x('Sort', 'submit button label', 'participants-database'), 'filter' => _x('Filter', 'submit button label', 'participants-database'), 'clear' => _x('Clear', 'submit button label', 'participants-database'), 'search' => _x('Search', 'search button label', 'participants-database'));
}