/**
* Makes sure that a user was referred from another admin page.
*
* To avoid security exploits.
*
* @since 1.2.0
* @uses do_action() Calls 'check_admin_referer' on $action.
*
* @param string $action Action nonce
* @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
*/
function check_admin_referer($action = -1, $query_arg = '_nxtnonce')
{
if (-1 == $action) {
_doing_it_wrong(__FUNCTION__, __('You should specify a nonce action to be verified by using the first parameter.'), '3.2');
}
$adminurl = strtolower(admin_url());
$referer = strtolower(nxt_get_referer());
$result = isset($_REQUEST[$query_arg]) ? nxt_verify_nonce($_REQUEST[$query_arg], $action) : false;
if (!$result && !(-1 == $action && strpos($referer, $adminurl) === 0)) {
nxt_nonce_ays($action);
die;
}
do_action('check_admin_referer', $action, $result);
return $result;
}
/**
* Loads the create Achievement page. Also implements controller logic.
*
* @global DPA_Achievement_Template $achievements_template Achievements template tag object
* @global nxt_Error $achievements_errors Achievement creation error object
* @global object $bp BuddyPress global settings
* @since 2.0
* @uses DPA_Achievement
*/
function dpa_screen_achievement_create()
{
global $achievements_template, $achievements_errors, $bp, $current_blog;
if (!bp_is_current_component($bp->achievements->slug) || DPA_SLUG_CREATE != $bp->current_action || !dpa_permission_can_user_create()) {
return;
}
$bp->achievements->current_achievement = new DPA_Achievement();
$achievement =& $bp->achievements->current_achievement;
// Has form been submitted?
if (empty($_POST['achievement-create'])) {
$achievement->points = '';
$achievement->action_count = 1;
$achievement->is_active = 1;
do_action('dpa_screen_achievement_create', $achievement);
bp_core_load_template(apply_filters('dpa_screen_achievement_create_template', 'achievements/create'));
return;
}
if (!nxt_verify_nonce($_POST['_nxtnonce'], 'achievement-create')) {
nxt_nonce_ays('');
die;
}
/* We can't use template tags because if the new details fail validation and do not save, the template loop will fetch the old version. */
if ('badge' == stripslashes($_POST['achievement_type'])) {
$achievement->action_count = 1;
$achievement->action_id = -1;
} else {
$achievement->action_count = (int) $_POST['action_count'];
$achievement->action_id = (int) $_POST['action_id'];
}
if (is_multisite() && bp_is_active('blogs')) {
$achievement->site_id = (int) $_POST['site_id'];
} else {
$achievement->site_id = BP_ROOT_BLOG;
}
if (bp_is_active('groups')) {
$achievement->group_id = (int) $_POST['group_id'];
} else {
$achievement->group_id = -1;
}
if (!empty($_POST['is_hidden'])) {
$achievement->is_active = 2;
} elseif (!empty($_POST['is_active'])) {
$achievement->is_active = 1;
} else {
$achievement->is_active = 0;
}
$achievement->name = stripslashes($_POST['name']);
$achievement->description = stripslashes($_POST['description']);
$achievement->points = (int) $_POST['points'];
$achievement->slug = stripslashes($_POST['slug']);
$achievement->picture_id = -1;
// A pictures is chosen on its own page, after creation.
$achievements_errors = $achievement->save();
if (!is_nxt_error($achievements_errors)) {
$achievements_template->achievement = $achievement;
// Required for dpa_record_activity()
if (1 == $achievement->is_active) {
dpa_record_activity($bp->loggedin_user->id, dpa_format_activity($bp->loggedin_user->id, $achievement->id), $achievement->id, 'achievement_created');
}
bp_core_add_message(__("Achievement created succesfully!", 'dpa'));
do_action('dpa_screen_achievement_create_success', $achievement);
if (dpa_permission_can_user_change_picture()) {
bp_core_redirect(dpa_get_achievements_permalink() . '/' . $achievement->slug . '/' . DPA_SLUG_ACHIEVEMENT_CHANGE_PICTURE);
} else {
bp_core_redirect(dpa_get_achievements_permalink() . '/' . $achievement->slug);
}
} else {
if (!$achievement->points) {
$achievement->points = '';
}
if (!$achievement->action_count) {
$achievement->action_count = '';
}
do_action('dpa_screen_achievement_create_fail', $achievement, $achievements_errors);
bp_core_add_message(__('An error has occurred and the Achievement has not been created. See below for details.', 'dpa'), 'error');
bp_core_load_template(apply_filters('dpa_screen_achievement_create_template', 'achievements/create'));
}
}