/**
* Internal Function - retrieves all leves
* @param string $type Content Type - categories | pages | posts | comments
* @param integer $id Page/Post/Category ID
* @return array Membership Levels
*/
function __getContentLevels($type, $id)
{
global $WishListMemberInstance;
$levels = WLMAPI::GetLevels();
$ls = $WishListMemberInstance->GetContentLevels($type, $id);
foreach ((array) $levels as $k => $level) {
if ($level['all' . $type]) {
$ls[] = $k;
}
}
$ls = array_unique($ls);
$ret = array();
foreach ((array) $ls as $l) {
$ret[$l] = $levels[$l]['name'];
}
return $ret;
}
function Init()
{
//check for access levels
//do not allow wlm to run it's own access_protection
//let's control it via another plugin. That is much cleane
global $wpdb;
if (defined(WLMERRORREPORTING)) {
set_error_handler(array(&$this, 'ErrorHandler'), WLMERRORREPORTING);
}
$this->MigrateLevelData();
// migrate data pertaining to each content's membership level
// this prepares us for user level content
$this->MigrateContentLevelData();
/*
* Handle request for anonymous data
*/
if (isset($_POST['wlm_anon'])) {
if ($this->ValidateRequestForAnonData($_POST['wlm_anon_time'], $_POST['wlm_anon_hash'])) {
echo maybe_serialize($this->ReturnAnonymousData());
}
exit;
}
/*
* Short Codes
*/
$this->wlmshortcode = new WishListMemberShortCode();
/*
* Generate Transient Hash Session
* and Javascript Code
*/
if (isset($_GET['wlm_th'])) {
list($field, $name) = explode(':', $_GET['wlm_th']);
header("Content-type:text/javascript");
$ckname = md5('wlm_transient_hash');
$hash = md5($_SERVER['REMOTE_ADDR'] . microtime());
setcookie("{$ckname}[{$hash}]", $hash, 0, '/');
echo "<!-- \n\n";
if ($field == 'field' && !empty($name)) {
echo 'document.write("<input type=\'hidden\' name=\'' . $name . '\' value=\'' . $hash . '\' />");';
echo 'document.write("<input type=\'hidden\' name=\'bn\' value=\'WishListProducts_SP\' />");';
} else {
echo 'var wlm_cookie_hash="' . $hash . '";';
}
echo "\n\n// -->";
exit;
}
/*
* End Transient Hash Code
*/
$wpm_levels = (array) $this->GetOption('wpm_levels');
// load $this->attachments with list of attachments including resized versions
/*
* WP Cron Hooks
*/
// Sync Membership
if (!wp_next_scheduled('wishlistmember_syncmembership_count')) {
wp_schedule_event(time(), 'daily', 'wishlistmember_syncmembership_count');
}
// Send Queued Email
if (!wp_next_scheduled('wishlistmember_email_queue')) {
wp_schedule_event(time(), 'hourly', 'wishlistmember_email_queue');
}
//process api queue
if (!wp_next_scheduled('wishlistmember_api_queue')) {
wp_schedule_event(time(), 'hourly', 'wishlistmember_api_queue');
}
// Sequential Upgrade
if (!wp_next_scheduled('wishlistmember_sequential_upgrade')) {
wp_schedule_event(time(), 'hourly', 'wishlistmember_sequential_upgrade');
}
// Unsubscribe Expired Members
if (!wp_next_scheduled('wishlistmember_unsubscribe_expired')) {
wp_schedule_event(time(), 'hourly', 'wishlistmember_unsubscribe_expired');
}
// Schedule the cron to run the cancelling of memberships. Glen Barnhardt 4-16-2010
if (!wp_next_scheduled('wishlistmember_check_scheduled_cancelations')) {
wp_schedule_event(time(), 'hourly', 'wishlistmember_check_scheduled_cancelations');
}
// Schedule the cron to run the cancelling of waiting level cancellations. Glen Barnhardt 10-27-2010
if (!wp_next_scheduled('wishlistmember_check_level_cancelations')) {
wp_schedule_event(time(), 'hourly', 'wishlistmember_check_level_cancelations');
}
// Schedule the cron to run the notification of members with incomplete registration. Fel Jun 10-27-2010
if (!wp_next_scheduled('wishlistmember_registration_notification')) {
wp_schedule_event(time(), 'hourly', 'wishlistmember_registration_notification');
}
// Schedule the cron to run the notification for expiring members. Peter 02-20-2013
if (!wp_next_scheduled('wishlistmember_expring_members_notification')) {
wp_schedule_event(time(), 'daily', 'wishlistmember_expring_members_notification');
}
// Schedule the cron to run User Level modifications
if (!wp_next_scheduled('wishlistmember_run_scheduled_user_levels')) {
// schedule the event daily.
wp_schedule_event(time(), 'hourly', 'wishlistmember_run_scheduled_user_levels');
}
if (wlm_arrval($_GET, 'wlmfile')) {
$this->FileProtectLoadAttachments();
$this->FileProtect(wlm_arrval($_GET, 'wlmfile'));
}
if (wlm_arrval($_GET, 'wlmfolder')) {
if ($this->GetOption('folder_protection') == 1) {
$this->FolderProtect(wlm_arrval($_GET, 'wlmfolder'), wlm_arrval($_GET, 'restoffolder'));
}
}
$wpm_current_user = wp_get_current_user();
if (isset($_GET['wlmfolderinfo']) && $wpm_current_user->caps['administrator']) {
//echo "<link rel='stylesheet' type='text/css' href='". get_bloginfo('wpurl'). "/wp-admin/css/colors-fresh.css' />";
echo "<link rel='stylesheet' type='text/css' href='" . get_bloginfo('wpurl') . "/wp-admin/css/wp-admin.css' />";
/* $files=glob($_GET['wlmfolderinfo']."/*.*");
foreach ($files as $file) {
echo "$file<br>";
}
*/
// security check. we dont want display list of all files on the server right? we make it limited only to folder protection folder even for admin
$needle = $this->GetOption('rootOfFolders');
// echo "<br>needle->".$needle;
$haystack = $_GET['wlmfolderinfo'];
// echo "<br>haystack->".$haystack;
$pos = strpos($haystack, $needle);
if ($pos === false) {
// echo "<br> string needle NOT found in haystack";
die;
} else {
//echo "<br>string needle found in haystack";
}
if ($handle = opendir(wlm_arrval($_GET, 'wlmfolderinfo'))) {
?>
<div style="padding-top:5px;padding-left:20px;">
<table>
<tr>
<th> URL</th>
</tr>
<?php
while (false !== ($file = readdir($handle))) {
// do something with the file
// note that '.' and '..' is returned even
if (!($file == '.' || $file == '..' || $file == '.htaccess')) {
?>
<tr>
<td> <?php
echo $_GET['wlmfolderLinkinfo'];
?>
/<?php
echo $file;
?>
</td>
</tr>
<?php
}
}
?>
</table>
</div>
<?php
closedir($handle);
}
die;
}
if (wlm_arrval($_GET, 'clearRecentPosts')) {
if (is_admin()) {
$this->DeleteOption('RecentPosts');
}
}
// email confirmation
if (wlm_arrval($_GET, 'wlmconfirm')) {
list($uid, $hash) = explode('/', $_GET['wlmconfirm'], 2);
$user = new WishListMemberUser($uid, true);
$levelID = $user->ConfirmByHash($hash);
if ($levelID) {
// send welcome email
$userinfo = $user->UserInfo->data;
//get first name and last name using get_user_meta as $userinfo only got the display name
$usermeta = get_user_meta($userinfo->ID, $key, $single);
$this->WPMAutoLogin($uid);
$_POST['log'] = $userinfo->user_login;
$this->Login();
}
}
/* we just save the original post and get data just in case we need them later */
$this->OrigPost = $_POST;
$this->OrigGet = $_GET;
/* remove unsecure information */
unset($this->OrigPost['password']);
unset($this->OrigGet['password']);
unset($this->OrigPost['password1']);
unset($this->OrigGet['password1']);
unset($this->OrigPost['password2']);
unset($this->OrigGet['password2']);
/* load extensions */
foreach ((array) $this->extensions as $extension) {
include_once $extension;
$this->RegisterExtension($WLMExtension['Name'], $WLMExtension['URL'], $WLMExtension['Version'], $WLMExtension['Description'], $WLMExtension['Author'], $WLMExtension['AuthorURL'], $WLMExtension['File']);
}
/* check for REST API Call */
if (isset($_GET['WLMAPI'])) {
list($func, $key, $params) = explode('/', $_GET['WLMAPI'], 3);
$params = explode('/', $params);
foreach ((array) $params as $k => $v) {
// find arrays. arrays are specified by separating values with commas
if (strpos($v, ',') !== false) {
$params[$k] = explode(',', $v);
}
}
echo WLMAPI::__remoteProcess($func, $key, $params);
//record API used
$api_used = $this->GetOption("WLMAPIUsed");
$date = date("Y-m-d");
if ($api_used) {
$api_used = (array) maybe_unserialize($api_used);
if (isset($api_used["api1"]) && $api_used["api1"]["date"] == $date) {
$request = (int) $api_used["api1"]["request"];
$api_used["api1"]["request"] = $request + 1;
} else {
$arr = array("request" => 1, "date" => $date);
$api_used["api1"] = $arr;
}
} else {
$arr = array("request" => 1, "date" => $date);
$api_used["api1"] = $arr;
}
$this->SaveOption('WLMAPIUsed', maybe_serialize((array) $api_used));
exit;
}
if (strpos($_SERVER['REQUEST_URI'], '/wlmapi/2.0/') !== false) {
if (file_exists($this->pluginDir . '/core/API2.php')) {
require_once 'core/API2.php';
preg_match('/\\/wlmapi\\/2\\.0\\/(xml|json|php)?\\//i', $_SERVER['REQUEST_URI'], $return_type);
$return_type = $return_type[1];
$wlmapi = new WLMAPI2('EXTERNAL');
switch ($wlmapi->return_type) {
case 'XML':
header('Content-type: text/xml');
break;
case 'JSON':
header('Content-type: application/json');
break;
default:
header('Content-type: text/plain');
break;
}
echo $wlmapi->result;
//record API used
$api_used = $this->GetOption("WLMAPIUsed");
$date = date("Y-m-d");
if ($api_used) {
$api_used = (array) maybe_unserialize($api_used);
if (isset($api_used["api2"]) && $api_used["api2"]["date"] == $date) {
$request = (int) $api_used["api2"]["request"];
$api_used["api2"]["request"] = $request + 1;
} else {
$arr = array("request" => 1, "date" => $date);
$api_used["api2"] = $arr;
}
} else {
$arr = array("request" => 1, "date" => $date);
$api_used["api2"] = $arr;
}
$this->SaveOption('WLMAPIUsed', maybe_serialize((array) $api_used));
exit;
}
}
if (!defined('WLMCANSPAM')) {
define('WLMCANSPAM', sprintf(__("If you no longer wish to receive communication from us:\n%1\$s=%2\$s\n\nTo update your contact information:\n%3\$s", 'wishlist-member'), get_bloginfo("url") . '/?wlmunsub', '%s', get_bloginfo('wpurl') . '/wp-admin/profile.php'));
}
$this->Permalink = (bool) get_option('permalink_structure');
// we get permalink status
if (wlm_arrval($_POST, 'cookiehash')) {
@setcookie('wishlist_reg_cookie', $_COOKIE['wishlist_reg_cookie'] = stripslashes(wlm_arrval($_POST, 'cookiehash')), 0, '/');
}
if (wlm_arrval($_GET, 'wlmunsub')) {
list($uid, $key) = explode('/', $_GET['wlmunsub']);
$mykey = substr(md5($uid . WLMUNSUBKEY), 0, 10);
$user = $this->Get_UserData($uid);
if ($user->ID && $mykey == $key) {
$this->Update_UserMeta($user->ID, 'wlm_unsubscribe', 1);
if ($this->GetOption('unsub_notification') == 1) {
$recipient_email = trim($this->GetOption('unsubscribe_notice_email_recipient')) == '' ? get_bloginfo('admin_email') : $this->GetOption('unsubscribe_notice_email_recipient');
$this->send_email_template('admin_unsubscribe_notice', $user->ID, array(), $recipient_email);
}
$url = $this->UnsubscribeURL();
if ($url) {
header('Location:' . $url);
exit;
} else {
add_action('wp_head', array(&$this, 'UnsubJavaScript'));
}
}
}
if (wlm_arrval($_GET, 'loginlimit')) {
$GLOBALS['error'] = $this->GetOption('login_limit_error');
}
// process registration URL...
$scuri = $this->RegistrationURL();
if (wlm_arrval($_GET, 'wpm_download_sample_csv') == 1) {
$this->SampleImportCSV();
}
if ($scuri) {
// strip out trailing .php
$scuri = preg_replace('/\\.php$/', '', $scuri);
// match the URL with an SC Method
$scuris = array_keys((array) $this->SCIntegrationURIs);
foreach ((array) $scuris as $x) {
if ($this->GetOption($x) == $scuri) {
$scuri = $x;
break;
}
}
// get the method name to call for the shoppingcart
if (isset($this->SCIntegrationURIs[$scuri])) {
$scmethod = $this->SCIntegrationURIs[$scuri];
$_POST['WishListMemberAction'] = 'WPMRegister';
} else {
// not a valid SC Integration URI - we terminate.
$this->CartIntegrationTerminate();
// not a valid SC Integration URI - we redirect to homepage
/*
header("Location: ".get_bloginfo('url'));
exit;
*/
}
}
switch (wlm_arrval($_POST, 'WishListMemberAction')) {
case 'SaveCustomRegForm':
$this->SaveCustomRegForm();
break;
case 'CloneCustomRegForm':
$this->CloneCustomRegForm(wlm_arrval($_POST, 'form_id'));
break;
case 'DeleteCustomRegForm':
$this->DeleteCustomRegForm(wlm_arrval($_POST, 'form_id'));
break;
case 'SaveMembershipLevels':
$this->SaveMembershipLevels();
break;
case 'SaveMembershipContent':
$this->SaveMembershipContent();
break;
case 'SaveMembershipContentPayPerPost':
$this->SaveMembershipContentPayPerPost();
break;
case 'EasyFolderProtection':
$this->EasyFolderProtection();
break;
case 'FolderProtectionParentFolder':
$this->FolderProtectionParentFolder();
break;
case 'SaveMembersData':
$this->SaveMembersData();
break;
case 'MoveMembership':
$this->MoveMembership();
break;
case 'ImportMembers':
require_once $this->pluginDir . '/core/UserSearch.php';
$this->ImportMembers();
break;
case 'ExportMembers':
require_once $this->pluginDir . '/core/UserSearch.php';
$this->ExportMembers();
break;
case 'ExportMembersChunked':
require_once $this->pluginDir . '/core/UserSearch.php';
$this->ExportMembersChunked();
break;
case 'ExportSettingsToFile':
$this->ExportSettingsToFile();
break;
/* start - backup stuff */
/* start - backup stuff */
case 'BackupSettings':
$this->Backup_Generate();
break;
case 'RestoreSettings':
$this->Backup_Restore($_POST['SettingsName'], false);
break;
case 'ImportSettings':
$this->Backup_Import(wlm_arrval($_POST, 'backup_first') == 1);
break;
case 'ExportSettings':
$this->Backup_Download(wlm_arrval($_POST, 'SettingsName'));
break;
case 'DeleteSettings':
$this->Backup_Delete(wlm_arrval($_POST, 'SettingsName'));
break;
case 'ResetSettings':
$this->ResetSettings();
break;
case 'WizardSetup':
$this->WizardSetup();
break;
/* end - backup stuff */
/* end - backup stuff */
case 'SaveSequential':
$this->SaveSequential();
break;
case 'WPMRegister':
// Added by Admin
if (true === wlm_admin_in_admin()) {
$wpm_errmsg = '';
$registered = $this->WPMRegister($_POST, $wpm_errmsg);
if ($registered) {
$_POST = array('msg' => __('<b>New Member Added.</b>', 'wishlist-member'));
} else {
$_POST['err'] = $wpm_errmsg;
}
} elseif ($_POST) {
$docart = true;
/*
* this is an attempt to prevent duplicate shopping cart registration posts
* from being processed it will definitely have its side effects but let's
* give it a try and see if people will complain
*/
if ($this->GetOption('PreventDuplicatePosts')) {
if ($scmethod) {
$now = time();
$recentposts = (array) $this->GetOption('RecentPosts');
/*
* we now compute posthash from both $_GET and $_POST and not
* just from $_POST because some integrations don't send $_POST
* data but $_GET.
*/
//$posthash=md5(serialize($_POST));
$posthash = md5(serialize($_GET) . serialize($_POST));
asort($recentposts);
foreach ((array) array_keys((array) $recentposts) as $k) {
if ($recentposts[$k] < $now) {
unset($recentposts[$k]);
}
}
if ($recentposts[$posthash]) {
$docart = false;
$url = $this->DuplicatePostURL();
if ($url == $wpm_request_url) {
$url = get_bloginfo('url');
}
header("Location: {$url}");
exit;
} else {
$recentposts[$posthash] = $now + DUPLICATEPOST_TIMEOUT;
}
$this->SaveOption('RecentPosts', $recentposts);
}
}
if ($docart) {
// we save original $_POST to see if it will change
$op = serialize($_POST);
if (!class_exists($scmethod['class'])) {
include_once $this->pluginDir . '/lib/' . $scmethod['file'];
}
$this->RegisterClass($scmethod['class']);
call_user_func(array(&$this, $scmethod['method']));
//record shopping cart used
$shoppingcart_used = $this->GetOption("WLMShoppinCartUsed");
$date = date("Y-m-d H:i:s");
if ($shoppingcart_used) {
$shoppingcart_used = (array) maybe_unserialize($shoppingcart_used);
$shoppingcart_used[$scmethod['method']] = $date;
} else {
$shoppingcart_used[$scmethod['method']] = $date;
}
$this->SaveOption('WLMShoppinCartUsed', maybe_serialize((array) $shoppingcart_used));
/*
// $_POST didn't changed - nothing happened, we redirect to homepage. This avoids 404 to be returned for the SC URIs
if(serialize($_POST)==$op){
header("Location: ".get_bloginfo('url'));
exit;
}
*/
}
$this->CartIntegrationTerminate();
}
break;
case 'EmailBroadcast':
// email broadcast
$this->EmailBroadcast();
break;
case 'DoMarketPlaceActions':
// marketplace actions
$this->DoMarketPlaceActions();
}
// check that each level has a reg URL specified
$changed = false;
foreach ((array) array_keys((array) $wpm_levels) as $k) {
if (!$wpm_levels[$k]['url']) {
$wpm_levels[$k]['url'] = $this->PassGen(6);
$changed = true;
}
}
if ($changed) {
$this->SaveOption('wpm_levels', $wpm_levels);
}
// no levels configured
if (!count($wpm_levels)) {
add_action('admin_notices', array(&$this, 'ErrNoLevels'));
}
// check if all levels have expirations specified
$unspecifiedexpiration = array();
foreach ((array) $wpm_levels as $level) {
if (!wlm_arrval($level, 'expire') && !wlm_arrval($level, 'noexpire') && wlm_arrval($level, 'name')) {
$unspecifiedexpiration[] = $level['name'];
}
}
if (count($unspecifiedexpiration)) {
$GLOBALS['unspecifiedexpiration'] = $unspecifiedexpiration;
add_action('admin_notices', array(&$this, 'ErrNoExpire'));
}
$wpm_current_user = wp_get_current_user();
// No profile editing for members
if ($wpm_current_user->ID && basename(dirname($_SERVER['PHP_SELF'])) == 'wp-admin' && basename($_SERVER['PHP_SELF']) == 'profile.php' && !$this->GetOption('members_can_update_info') && !$wpm_current_user->caps['administrator'] && !$this->GetOption('members_can_update_info') && !current_user_can('level_8')) {
header('Location:' . get_bloginfo('url'));
exit;
}
// Do not allow access to Dashboard for non-admins
if ($wpm_current_user->ID && basename(dirname($_SERVER['PHP_SELF'])) . '/' . basename($_SERVER['PHP_SELF']) == 'wp-admin/index.php' && !(current_user_can('edit_post') || current_user_can('edit_posts')) && !current_user_can('level_8')) {
header('Location:profile.php');
exit;
}
if ($wpm_current_user->ID) {
if (empty($_COOKIE['wlm_user_sequential'])) {
$this->DoSequential($wpm_current_user->ID);
setcookie('wlm_user_sequential', 1, time() + 3600, home_url('/', 'relative'));
setcookie('wlm_user_sequential', 1, time() + 3600, site_url('/', 'relative'));
}
}
// spawn cron job if requested
if (wlm_arrval($_GET, 'wlmcron') == 1) {
spawn_cron();
exit;
}
// send registration notification by force without waiting for the cron
if (wlm_arrval($_GET, 'regnotification') == 1) {
$this->NotifyRegistration();
exit;
}
// send expiring members notification by force without waiting for the cron
if (wlm_arrval($_GET, 'expnotification') == 1) {
$this->ExpiringMembersNotification();
exit;
}
if (wlm_arrval($_GET, 'wlmprocessapiqueues') > 0) {
$tries = wlm_arrval($_GET, 'wlmapitries');
$tries = $tries ? $tries : 5;
$this->ProcessApiQueue(wlm_arrval($_GET, 'wlmprocessapiqueues'), $tries);
exit;
}
if (wlm_arrval($_GET, 'syncmembership') > 0) {
$wpm_current_user = wp_get_current_user();
if ($wpm_current_user->caps['administrator']) {
$this->SyncMembershipCount();
echo "Done!";
exit;
}
}
// temporary fix for wpm_useraddress
$this->FixUserAddress(1);
//get term_ids for OnlyShowContentForLevel
$this->taxonomyIds = array();
$this->taxonomies = get_taxonomies(array('_builtin' => false, 'hierarchical' => true), 'names');
array_unshift($this->taxonomies, 'category');
foreach ($this->taxonomies as $taxonomy) {
add_action($taxonomy . '_edit_form_fields', array(&$this, 'CategoryForm'));
add_action($taxonomy . '_add_form_fields', array(&$this, 'CategoryForm'));
add_action('create_' . $taxonomy, array(&$this, 'SaveCategory'));
add_action('edit_' . $taxonomy, array(&$this, 'SaveCategory'));
}
$this->taxonomyIds = get_terms($this->taxonomies, array('fields' => 'ids', 'get' => 'all', 'orderby' => 'none'));
// Cateogry Protection
//error_reporting($error_reporting);
}
/**
* WishList Member stuff
*/
function check_user_access($userid, $postid)
{
// get user_levels
$user_levels = WLMAPI::GetUserLevels($userid);
// get the post levels
$post_levels = WLMAPI::GetPostLevels($postid);
if (array_key_exists('Protection', $post_levels)) {
// Compare user_levels with post_level
$result = '';
if (is_array($user_levels)) {
foreach ($user_levels as $user_level) {
$result .= array_search($user_level, $post_levels);
}
}
if ($result) {
return true;
}
return false;
}
return true;
}