function fep_createPage_action() { if (isset($_POST['fep-create-page'])) { $titlePre = wp_strip_all_tags($_POST['fep-create-page-title']); $title = utf8_encode($titlePre); $slugPre = wp_strip_all_tags($_POST['fep-create-page-slug']); $slug = utf8_encode($slugPre); delete_transient('fep_page_id'); if (fep_page_id() != '') { echo "<div id='message' class='error'><p>" . sprintf(__("Already created page <a href='%s'>%s </a> for \"Front End PM\". Please use that page instead!", 'fep'), get_permalink(fep_page_id()), get_the_title(fep_page_id())) . "</p></div>"; return; } if (!$title) { echo "<div id='message' class='error'><p>" . __("You must enter a valid Title!", 'fep') . "</p></div>"; return; } // Check if a form has been sent if (!fep_verify_nonce($_POST['token'], 'fep-create-page')) { echo "<div id='message' class='error'><p>" . __("Invalid Token. Please try again!", 'fep') . "</p></div>"; return; } $fep_page = array('post_title' => $title, 'post_name' => $slug, 'post_content' => '[front-end-pm]', 'post_status' => 'publish', 'post_type' => 'page'); $pageID = wp_insert_post($fep_page); if ($pageID == 0) { echo "<div id='message' class='error'><p>" . __("Something wrong.Please try again to create page!", 'fep') . "</p></div>"; return; } else { echo "<div id='message' class='updated'><p>" . sprintf(__("Page <a href='%s'>%s </a> for \"Front End PM\" successfully created!", 'fep'), get_permalink($pageID), get_the_title($pageID)) . "</p></div>"; set_transient('fep_page_id', $pageID, 60 * 60 * 24); return; } } }
function delete() { global $wpdb, $user_ID; $delID = isset($_GET['id']) ? absint($_GET['id']) : 0; if (current_user_can('manage_options') && fep_verify_nonce($_GET['token'], 'announcement')) { do_action('fep_announcement_before_delete', $delID); $wpdb->query($wpdb->prepare("DELETE FROM " . FEP_MESSAGES_TABLE . " WHERE id = %d", $delID)); $wpdb->query($wpdb->prepare("DELETE FROM " . FEP_META_TABLE . " WHERE message_id = %d", $delID)); delete_transient("fep_announcements_with_seen"); delete_transient("fep_announcements_with_deleted"); echo '<div id="fep-success">' . __("Announcement successfully Deleted.", 'fep') . ' </div>'; return true; } elseif (!current_user_can('manage_options') && fep_verify_nonce($_GET['token'], 'announcement')) { if (!$this->is_seen($delID)) { echo '<div id="fep-error">' . __("Something wrong. Please try again.", 'fep') . ' </div>'; return false; } $userDel = $wpdb->get_row($wpdb->prepare("SELECT meta_id, field_value FROM " . FEP_META_TABLE . " WHERE message_id = %d AND field_name = %s LIMIT 1", $delID, 'announcement_deleted_user_id')); $user_array = maybe_unserialize($userDel->field_value); if (is_array($user_array)) { $user_array[] = $user_ID; } else { $user_array = array($user_ID); } sort($user_array); $serialized_value = maybe_serialize(array_unique($user_array)); if ($userDel) { $result = $wpdb->update(FEP_META_TABLE, array('field_value' => $serialized_value), array('meta_id' => $userDel->meta_id), array('%s'), array('%d')); } else { $result = $wpdb->insert(FEP_META_TABLE, array('message_id' => $delID, 'field_name' => 'announcement_deleted_user_id', 'field_value' => $serialized_value), array('%d', '%s', '%s')); } if ($result) { delete_transient("fep_announcements_with_deleted"); echo '<div id="fep-success">' . __("Announcement successfully Deleted.", 'fep') . ' </div>'; return true; } } else { echo '<div id="fep-error">' . __("Something wrong. Please try again.", 'fep') . ' </div>'; return false; } }
function delete() { global $wpdb; $delID = absint($_GET['id']); if (!fep_verify_nonce($_GET['token'], 'delete_message_admin')) { echo "<div id='fep-error'>" . __("Invalid Token!", 'fep') . "</div>"; return; } if (0 == $delID) { echo "<div id='fep-error'>" . __("Invalid message id!", 'fep') . "</div>"; return; } if (current_user_can('manage_options')) { $ids = $wpdb->get_col($wpdb->prepare("SELECT id FROM " . FEP_MESSAGES_TABLE . " WHERE id = %d OR parent_id = %d", $delID, $delID)); $id = implode(',', $ids); do_action('fep_message_before_delete', $delID, $ids); $wpdb->query($wpdb->prepare("DELETE FROM " . FEP_MESSAGES_TABLE . " WHERE id = %d OR parent_id = %d", $delID, $delID)); $wpdb->query("DELETE FROM " . FEP_META_TABLE . " WHERE message_id IN ({$id})"); } else { echo "<div id='fep-error'>" . __("No permission!", 'fep') . "</div>"; return; } echo "<div id='fep-success'>" . __("Message was successfully deleted!", 'fep') . "</div>"; return; }
function fep_download_file() { if (!isset($_GET['fepaction']) || $_GET['fepaction'] != 'download') { return; } global $wpdb, $user_ID; $id = absint($_GET['id']); if (!fep_verify_nonce($_GET['token'], 'download')) { wp_die(__('Invalid token', 'fep')); } $msgsMeta = $wpdb->get_row($wpdb->prepare("SELECT * FROM " . FEP_META_TABLE . " WHERE meta_id = %d", $id)); if (!$msgsMeta) { wp_die(__('No attachment found', 'fep')); } $message_id = $msgsMeta->message_id; $unserialized_file = maybe_unserialize($msgsMeta->field_value); if ($msgsMeta->field_name != 'attachment' || !$unserialized_file['type'] || !$unserialized_file['url'] || !$unserialized_file['file']) { wp_die(__('Invalid Attachment', 'fep')); } $attachment_type = $unserialized_file['type']; $attachment_url = $unserialized_file['url']; $attachment_path = $unserialized_file['file']; $attachment_name = basename($attachment_url); $msgsInfo = $wpdb->get_row($wpdb->prepare("SELECT from_user, to_user, status FROM " . FEP_MESSAGES_TABLE . " WHERE id = %d", $message_id)); if (!$msgsInfo) { wp_die(__('Message already deleted', 'fep')); } if ($msgsInfo->from_user != $user_ID && $msgsInfo->to_user != $user_ID && $msgsInfo->status != 2 && !current_user_can('manage_options')) { wp_die(__('No permission', 'fep')); } if (!file_exists($attachment_path)) { $wpdb->query($wpdb->prepare("DELETE FROM " . FEP_META_TABLE . " WHERE meta_id = %d", $id)); wp_die(__('Attachment already deleted', 'fep')); } header("Content-Description: File Transfer"); header("Content-Transfer-Encoding: binary"); header("Content-Type: {$attachment_type}", true, 200); header("Content-Disposition: attachment; filename=\"{$attachment_name}\""); header("Content-Length: " . filesize($attachment_path)); nocache_headers(); //clean all levels of output buffering while (ob_get_level()) { ob_end_clean(); } readfile($attachment_path); exit; }
function delete() { global $wpdb, $user_ID; $delID = absint($_GET['id']); if (!fep_verify_nonce($_GET['token'], 'delete_message')) { return "<div id='fep-error'>" . __("Invalid Token!", 'fep') . "</div>"; } $info = $wpdb->get_row($wpdb->prepare("SELECT from_user, to_user, to_del, from_del FROM " . FEP_MESSAGES_TABLE . " WHERE id = %d", $delID)); if ($info->to_user == $user_ID) { if ($info->from_del == 0) { $wpdb->update(FEP_MESSAGES_TABLE, array('to_del' => 1), array('id' => $delID), array('%d'), array('%d')); } else { $ids = $wpdb->get_col($wpdb->prepare("SELECT id FROM " . FEP_MESSAGES_TABLE . " WHERE id = %d OR parent_id = %d", $delID, $delID)); $id = implode(',', $ids); do_action('fep_message_before_delete', $delID, $ids); $wpdb->query($wpdb->prepare("DELETE FROM " . FEP_MESSAGES_TABLE . " WHERE id = %d OR parent_id = %d", $delID, $delID)); $wpdb->query("DELETE FROM " . FEP_META_TABLE . " WHERE message_id IN ({$id})"); } } elseif ($info->from_user == $user_ID) { if ($info->to_del == 0) { $wpdb->update(FEP_MESSAGES_TABLE, array('from_del' => 1), array('id' => $delID), array('%d'), array('%d')); } else { $ids = $wpdb->get_col($wpdb->prepare("SELECT id FROM " . FEP_MESSAGES_TABLE . " WHERE id = %d OR parent_id = %d", $delID, $delID)); $id = implode(',', $ids); do_action('fep_message_before_delete', $delID, $ids); $wpdb->query($wpdb->prepare("DELETE FROM " . FEP_MESSAGES_TABLE . " WHERE id = %d OR parent_id = %d", $delID, $delID)); $wpdb->query("DELETE FROM " . FEP_META_TABLE . " WHERE message_id IN ({$id})"); } } else { return "<div id='fep-error'>" . __("No permission!", 'fep') . "</div>"; } return "<div id='fep-success'>" . __("Your message was successfully deleted!", 'fep') . "</div>"; }