/** * Authenticate user to NXTClass using OpenID. * * @param mixed $user authenticated user object, or nxt_Error or null */ function openid_authenticate($user) { if (array_key_exists('openid_identifier', $_POST) && $_POST['openid_identifier']) { $redirect_to = array_key_exists('redirect_to', $_REQUEST) ? $_REQUEST['redirect_to'] : null; openid_start_login($_POST['openid_identifier'], 'login', $redirect_to); // if we got this far, something is wrong global $error; $error = openid_message(); $user = new nxt_Error('openid_login_error', $error); } else { if (array_key_exists('finish_openid', $_REQUEST)) { $identity_url = $_REQUEST['identity_url']; if (!nxt_verify_nonce($_REQUEST['_nxtnonce'], 'openid_login_' . md5($identity_url))) { $user = new nxt_Error('openid_login_error', 'Error during OpenID authentication. Please try again. (invalid nonce)'); } if ($identity_url) { $user_id = get_user_by_openid($identity_url); if ($user_id) { $user = new nxt_User($user_id); } else { $user = new nxt_Error('openid_registration_closed', __('Your have entered a valid OpenID, but this site is not currently accepting new accounts.', 'openid')); } } else { if (array_key_exists('openid_error', $_REQUEST)) { $user = new nxt_Error('openid_login_error', htmlentities2($_REQUEST['openid_error'])); } } } } return $user; }
/** * bibs_screen() * * Hooks into courseware_below_* for handling bibs screen */ function bibs_screen($vars) { global $bp; $nonce_name = 'bibs'; $nonce_delete_name = 'delete_bib'; $nonce_edit_name = 'edit_bib'; // Are we dealing with courses or assignments? if (isset($vars['assignment'])) { $post_id = $vars['assignment']->ID; } elseif (isset($vars['course'])) { $post_id = $vars['course']->ID; } else { $post_id = null; } if ($post_id) { $this->current_parent = $post_id; } $is_nonce = isset($_POST['_nxtnonce']) ? nxt_verify_nonce($_POST['_nxtnonce'], $nonce_name) : false; if ($is_nonce && isset($_POST['bib'])) { if (!$this->has_bib_caps($bp->loggedin_user->id) && !is_super_admin()) { $vars['die'] = __('BuddyPress Courseware Error while forbidden user tried to add bibliography entries.', 'bpsp'); return $vars; } // Add an existing bib if (isset($_POST['bib']['existing']) && !empty($_POST['bib']['existing'])) { $data = $this->get_bib($_POST['bib']['existing']); if ($this->add_bib($data, false, $post_id)) { $vars['message'] = __('Bibliography added', 'bpsp'); } else { $vars['error'] = __('Bibliography could not be added', 'bpsp'); } } elseif (!empty($_POST['bib']['www']['title']) && !empty($_POST['bib']['www']['url'])) { if ($this->add_www($_POST['bib']['www'], $post_id)) { $vars['message'] = __('Entry added', 'bpsp'); } else { $vars['error'] = __('Entry could not be added', 'bpsp'); } } elseif (!empty($_POST['bib']['book'])) { if ($this->add_book($_POST['bib']['book'], $post_id)) { $vars['message'] = __('Book added', 'bpsp'); } else { $vars['error'] = __('Book could not be added', 'bpsp'); } } else { $vars['error'] = __('No bibliography entry could be added.', 'bpsp'); } } if (isset($vars['course']) && $vars['course']->ID) { $this->current_parent = $vars['course']->ID; } if (isset($vars['assignment']) && $vars['assignment']->ID) { $this->current_parent = $vars['assignment']->ID; } $vars['has_bibs'] = true; $vars['post_id'] = $this->current_parent; $vars['has_bib_caps'] = $this->has_bib_caps($bp->loggedin_user->id); $vars['bibs'] = $this->has_bibs($this->current_parent); $vars['bibdb'] = $this->load_bibs(true); $vars['bibs_nonce'] = nxt_nonce_field($nonce_name, '_nxtnonce', true, false); $vars['bibs_delete_permalink'] = $vars['current_uri'] . '/delete_bibliography'; $vars['bibs_edit_permalink'] = $vars['current_uri'] . '/edit_bibliography'; $vars['bibs_delete_uri'] = add_query_arg('_nxtnonce', nxt_create_nonce($nonce_delete_name), $vars['bibs_delete_permalink']); $vars['bibs_edit_uri'] = $vars['current_uri'] . '/edit_bibliography'; return $vars; }
/** * edit_course_screen( $vars ) * * Hooks into courses_screen_handler * Edit course screen * * @param Array $vars a set of variables received for this screen template * @return Array $vars a set of variable passed to this screen template */ function edit_course_screen($vars) { global $bp; $nonce_name = 'edit_course'; $updated_course_id = false; $old_course = $this->is_course($this->current_course); $old_course->terms = nxt_get_object_terms($old_course->ID, 'group_id'); if (!$this->has_course_caps($bp->loggedin_user->id) || !is_super_admin() && $bp->groups->current_group->id != $old_course->terms[0]->name) { $vars['die'] = __('BuddyPress Courseware Error while forbidden user tried to update the course.', 'bpsp'); return $vars; } // Update course if (isset($_POST['course']) && $_POST['course']['object'] == 'group' && isset($_POST['_nxtnonce'])) { $updated_course = $_POST['course']; $is_nonce = nxt_verify_nonce($_POST['_nxtnonce'], $nonce_name); if (true != $is_nonce) { $vars['message'] = __('Nonce Error while editing a course.', 'bpsp'); } else { if (isset($updated_course['title']) && isset($updated_course['content']) && isset($updated_course['group_id'])) { $updated_course['title'] = strip_tags($updated_course['title']); $updated_course_id = nxt_update_post(array('ID' => $old_course->ID, 'post_title' => $updated_course['title'], 'post_content' => $updated_course['content'])); if ($updated_course_id) { $vars['message'] = __('New course was updated.', 'bpsp'); } else { $vars['error'] = __('New course could not be updated.', 'bpsp'); } } } } $vars['name'] = 'edit_course'; $vars['group_id'] = $bp->groups->current_group->id; $vars['user_id'] = $bp->loggedin_user->id; $vars['course'] = $this->is_course($updated_course_id); $vars['course_edit_uri'] = $vars['current_uri'] . '/course/edit/'; $vars['course_permalink'] = $vars['current_uri'] . '/course'; $vars['nonce'] = nxt_nonce_field($nonce_name, '_nxtnonce', true, false); $vars['trail'] = array(__('Editing Course: ', 'bpsp') . $vars['course']->post_title => $vars['course']->permalink); return $vars; }
// Renew a free level on this subscription $sub_id = (int) $_POST['subscription']; $user = (int) $_POST['user']; $level = (int) $_POST['level']; if (nxt_verify_nonce($_REQUEST['_nxtnonce'], 'renew-sub_' . $sub_id) && $user == $member->ID) { $member->record_active_payment($sub_id, $level, time()); } //update_user_meta( $member->ID, '_membership_last_upgraded', time()); break; case 'upgradesolo': // Upgrade a solo subscription $sub_id = (int) $_POST['subscription']; $user = (int) $_POST['user']; $fromsub_id = (int) $_POST['fromsub_id']; $gateway = $_POST['gateway']; if (nxt_verify_nonce($_REQUEST['_nxtnonce'], 'upgrade-sub_' . $sub_id) && $user == $member->ID) { // Join the new subscription $member->create_subscription($sub_id, $gateway); // Remove the old subscription $member->drop_subscription($fromsub_id); // Timestamp the update update_user_meta($user, '_membership_last_upgraded', time()); } break; } } $rels = $member->get_relationships(); foreach ((array) $rels as $rel) { $sub = new M_Subscription($rel->sub_id); $nextlevel = $sub->get_next_level($rel->level_id, $rel->order_instance); if (!empty($rel->usinggateway) && $rel->usinggateway != 'admin') {
<?php if (isset($_GET['error'])) { if (isset($_GET['main'])) { $errmsg = __('You cannot delete a plugin while it is active on the main site.'); } elseif (isset($_GET['charsout'])) { $errmsg = sprintf(__('The plugin generated %d characters of <strong>unexpected output</strong> during activation. If you notice “headers already sent” messages, problems with syndication feeds or other issues, try deactivating or removing this plugin.'), $_GET['charsout']); } else { $errmsg = __('Plugin could not be activated because it triggered a <strong>fatal error</strong>.'); } ?> <div id="message" class="updated"><p><?php echo $errmsg; ?> </p> <?php if (!isset($_GET['main']) && !isset($_GET['charsout']) && nxt_verify_nonce($_GET['_error_nonce'], 'plugin-activation-error_' . $plugin)) { ?> <iframe style="border:0" width="100%" height="70px" src="<?php echo 'plugins.php?action=error_scrape&plugin=' . esc_attr($plugin) . '&_nxtnonce=' . esc_attr($_GET['_error_nonce']); ?> "></iframe> <?php } ?> </div> <?php } elseif (isset($_GET['deleted'])) { $delete_result = get_transient('plugins_delete_result_' . $user_ID); delete_transient('plugins_delete_result'); //Delete it once we're done. if (is_nxt_error($delete_result)) {
<?php global $profileuser, $user_id, $user; if (isset($_POST['action']) && $_POST['action'] == 'update') { if (nxt_verify_nonce($_REQUEST['_nxtnonce'], 'update-user_' . $user_id)) { $msg = __('Your details have been updated.', 'membership'); $user = array('ID' => $_POST['user_id'], 'first_name' => $_POST['first_name'], 'last_name' => $_POST['last_name'], 'nickname' => $_POST['nickname'], 'display_name' => $_POST['display_name'], 'user_email' => $_POST['email'], 'user_url' => $_POST['url']); if (!empty($_POST['pass1'])) { if ($_POST['pass1'] == $_POST['pass2']) { $user['user_pass'] = $_POST['pass1']; } else { $msg = __('Your password settings do not match', 'membership'); } } $errors = edit_user($user['ID']); $profileuser = get_user_to_edit($user_id); if (isset($errors) && is_nxt_error($errors)) { $msg = implode("</p>\n<p>", $errors->get_error_messages()); } } else { $msg = __('Your details could not be updated.', 'membership'); } do_action('edit_user_profile_update', $user_id); } ?> <div id="account-form"> <div class="formleft"> <?php if (!empty($msg)) { ?>
/** * import_gradebook_screen( $vars ) * * Hooks into screen_handler * Imports a CSV file data into the gradebook_screen(). It doesn't save anything! * * @param Array $vars a set of variables received for this screen template * @return Array $vars a set of variable passed to this screen template */ function import_gradebook_screen($vars) { $is_nonce = nxt_verify_nonce($_POST['_nxtnonce'], 'gradebook_import_nonce'); if (!$is_nonce) { $vars['die'] = __('BuddyPress Courseware Nonce Error while importing gradebook.', 'bpsp'); return $this->gradebook_screen($vars); } $grades = array(); if (isset($_FILES['csv_filename']) && !empty($_FILES['csv_filename'])) { require_once 'parseCSV.class.php'; // Load CSV parser $csv = new parseCSV(); $csv->auto($_FILES['csv_filename']['tmp_name']); foreach ($csv->data as $grade) { $id = bp_core_get_userid_from_nicename($grade['uid']); if ($id) { $grades[$id] = $grade; } } if (count($csv->data) == count($grades)) { $vars['message'] = __('Data imported successfully, but it is not saved yet! Save this form changes to keep the data.', 'bpsp'); } else { $vars['error'] = __('File data contains error or entries from other gradebook. Please check again.', 'bpsp'); } } $vars['grades'] = $grades; $vars['assignment_permalink'] = $vars['assignment_permalink'] . '/gradebook'; unset($_POST); return $this->gradebook_screen($vars); }
/** * edit_assignment_screen( $vars ) * * Hooks into screen_handler * Edit assignment screen * * @param Array $vars a set of variables received for this screen template * @return Array $vars a set of variable passed to this screen template */ function edit_assignment_screen($vars) { global $bp; $nonce_name = 'edit_assignment'; $updated_assignment_id = $this->current_assignment; $old_assignment = $this->is_assignment($this->current_assignment); if (!$this->has_assignment_caps($bp->loggedin_user->id) && !is_super_admin() || $bp->loggedin_user->id != $old_assignment->post_author) { $vars['die'] = __('BuddyPress Courseware Error while forbidden user tried to update the assignment.', 'bpsp'); return $vars; } // Update assignment if (isset($_POST['assignment']) && $_POST['assignment']['object'] == 'group' && BPSP_Lectures::is_lecture($_POST['assignment']['lecture_id']) && isset($_POST['_nxtnonce'])) { $updated_assignment = $_POST['assignment']; $is_nonce = nxt_verify_nonce($_POST['_nxtnonce'], $nonce_name); if (true != $is_nonce) { $vars['error'] = __('Nonce Error while editing the assignment.', 'bpsp'); } else { if (isset($updated_assignment['title']) && isset($updated_assignment['content']) && isset($updated_assignment['course_id']) && is_numeric($updated_assignment['group_id'])) { $updated_assignment['title'] = strip_tags($updated_assignment['title']); $updated_assignment_id = nxt_update_post(array('ID' => $old_assignment->ID, 'post_title' => $updated_assignment['title'], 'post_content' => $updated_assignment['content'])); if (is_object($updated_assignment_id) && isset($updated_assignment_id->ID)) { $updated_assignment_id = $updated_assignment_id->ID; } if ($updated_assignment_id) { nxt_set_post_terms($updated_assignment_id, $updated_assignment['course_id'], 'course_id'); if (strtotime($updated_assignment['due_date'])) { update_post_meta($updated_assignment_id, 'due_date', $updated_assignment['due_date'], $old_assignment->due_date); } if (isset($updated_assignment['lecture_id'])) { update_post_meta($updated_assignment_id, 'lecture_id', $updated_assignment['lecture_id']); } // Save the formbuilder if (isset($updated_assignment['form']) && !empty($updated_assignment['form'])) { $this->frmb->load_serialized($updated_assignment['form']); if ($this->frmb->get_data()) { update_post_meta($updated_assignment_id, 'form_data', $this->frmb->get_data(), $old_assignment->form_data); } } $vars['message'] = __('Assignment was updated.', 'bpsp'); do_action('courseware_assignment_activity', $this->is_assignment($updated_assignment_id), 'update'); } else { $vars['error'] = __('Assignment could not be updated.', 'bpsp'); } } } } $vars['name'] = 'edit_assignment'; $vars['group_id'] = $bp->groups->current_group->id; $vars['user_id'] = $bp->loggedin_user->id; $vars['lecture_id'] = get_post_meta(isset($new_assignment_id) ? $new_assignment_id : $old_assignment->ID, 'lecture_id', true); $vars['lectures'] = BPSP_Lectures::has_lectures($bp->groups->current_group->id); $vars['assignment'] = $this->is_assignment($updated_assignment_id); $vars['assignment_edit_uri'] = $vars['current_uri'] . '/assignment/' . $this->current_assignment->post_name . '/edit/'; $vars['assignment_delete_uri'] = $vars['current_uri'] . '/assignment/' . $this->current_assignment->post_name . '/delete/'; $vars['assignment_permalink'] = $vars['current_uri'] . '/assignment/' . $this->current_assignment->post_name; $vars['nonce'] = nxt_nonce_field($nonce_name, '_nxtnonce', true, false); $vars['delete_nonce'] = add_query_arg('_nxtnonce', nxt_create_nonce('delete_assignment'), $vars['assignment_delete_uri']); $vars['trail'] = array($vars['assignment']->lecture->post_title => $vars['assignment']->lecture->permalink, __('Editing Assignment: ') . $vars['assignment']->post_title => $vars['assignment']->permalink); return $vars; }
/** * edit_schedule_screen( $vars ) * * Hooks into screen_handler * Edit schedule screen * * @param Array $vars a set of variables received for this screen template * @return Array $vars a set of variable passed to this screen template */ function edit_schedule_screen($vars) { global $bp; $nonce_name = 'edit_schedule'; $old_schedule = $this->is_schedule($this->current_schedule); $old_schedule->terms = nxt_get_object_terms($old_schedule->ID, 'group_id'); if (!$this->has_schedule_caps($bp->loggedin_user->id) || !is_super_admin() && $bp->groups->current_group->id != $old_schedule->terms[0]->name) { $vars['die'] = __('BuddyPress Courseware Error while forbidden user tried to update the schedule.', 'bpsp'); return $vars; } // Update schedule if (isset($_POST['schedule']) && $_POST['schedule']['object'] == 'group' && isset($_POST['_nxtnonce'])) { if (empty($_POST['schedule']['desc']) || empty($_POST['schedule']['start_date'])) { $vars['error'] = __('New schedule could not be added. Missing description and/or start date.', 'bpsp'); $_POST = null; return $this->edit_schedule_screen($vars); } $updated_schedule = $_POST['schedule']; if (isset($updated_schedule['end_date']) && !empty($updated_schedule['end_date'])) { $valid_dates = $this->datecheck($updated_schedule['start_date'], $updated_schedule['end_date']); } else { $valid_dates = true; } $is_nonce = nxt_verify_nonce($_POST['_nxtnonce'], $nonce_name); if (true != $is_nonce) { $vars['error'] = __('Nonce Error while editing a schedule.', 'bpsp'); } else { if (!empty($updated_schedule['group_id']) && $valid_dates) { $updated_schedule_id = nxt_update_post(array('ID' => $old_schedule->ID, 'post_title' => sanitize_text_field($updated_schedule['title']), 'post_content' => sanitize_text_field($updated_schedule['desc']))); if ($updated_schedule_id) { if (!empty($updated_schedule['course_id']) && BPSP_Courses::is_course($updated_schedule['course_id'])) { nxt_set_post_terms($updated_schedule_id, $updated_schedule['course_id'], 'course_id'); } elseif (empty($updated_schedule['course_id'])) { nxt_set_post_terms($updated_schedule_id, '', 'course_id'); } update_post_meta($updated_schedule_id, 'start_date', $updated_schedule['start_date'], $old_schedule->start_date); update_post_meta($updated_schedule_id, 'end_date', $updated_schedule['end_date'], $old_schedule->end_date); if (isset($updated_schedule['lecture_id'])) { update_post_meta($updated_schedule_id, 'lecture_id', $updated_schedule['lecture_id']); } if (!empty($updated_schedule['location'])) { if ($old_schedule->location) { update_post_meta($updated_schedule_id, 'location', $updated_schedule['location'], $old_schedule->location); } else { add_post_meta($updated_schedule_id, 'location', $updated_schedule['location']); } } $vars['message'] = __('Schedule was updated.', 'bpsp'); } else { $vars['error'] = __('Schedule could not be updated.', 'bpsp'); } } } } $vars['name'] = 'edit_schedule'; $vars['group_id'] = $bp->groups->current_group->id; $vars['course_id'] = $this->current_course->ID; $vars['lecture_id'] = get_post_meta($old_schedule->ID, 'lecture_id', true); $vars['user_id'] = $bp->loggedin_user->id; $vars['lectures'] = BPSP_Lectures::has_lectures($bp->groups->current_group->id); $vars['schedule'] = $this->is_schedule($old_schedule->ID); $vars['schedule_edit_uri'] = $vars['current_uri'] . '/schedule/' . $this->current_schedule . '/edit'; $vars['schedule_delete_uri'] = $vars['current_uri'] . '/schedule/' . $this->current_schedule . '/delete'; $vars['schedule_delete_title'] = __('Delete Course', 'bpsp'); $vars['schedule_permalink'] = $vars['current_uri'] . '/schedule/' . $this->current_schedule; $vars['nonce'] = nxt_nonce_field($nonce_name, '_nxtnonce', true, false); $vars['delete_nonce'] = add_query_arg('_nxtnonce', nxt_create_nonce('delete_schedule'), $vars['schedule_delete_uri']); $vars['trail'] = array($vars['schedule']->lecture->post_title => $vars['schedule']->lecture->permalink, __('Editing Schedule: ', 'bpsp') . $vars['schedule']->post_title => $vars['schedule']->permalink); return $vars; }
$content = esc_textarea($content); if (isset($_GET['a'])) { ?> <div id="message" class="updated"><p><?php _e('File edited successfully.'); ?> </p></div> <?php } elseif (isset($_GET['phperror'])) { ?> <div id="message" class="updated"><p><?php _e('This plugin has been deactivated because your changes resulted in a <strong>fatal error</strong>.'); ?> </p> <?php if (nxt_verify_nonce($_GET['_error_nonce'], 'plugin-activation-error_' . $file)) { ?> <iframe style="border:0" width="100%" height="70px" src="<?php bloginfo('nxturl'); ?> /nxt-admin/plugins.php?action=error_scrape&plugin=<?php echo esc_attr($file); ?> &_nxtnonce=<?php echo esc_attr($_GET['_error_nonce']); ?> "></iframe> <?php } ?> </div>
public function file_editor() { $files = $this->get_writable_files(); if (isset($_POST['file']) && !isset($files[$_POST['file']])) { echo '<div class="error"><p>' . __('Invalid file!') . '</p></div>'; return; } if (isset($_POST['file'])) { $file = $_POST['file']; } else { $keys = array_keys($files); $file = $keys[0]; unset($keys); } if (isset($_POST['newcontent'])) { if (!nxt_verify_nonce($_POST['csrf_ckeditor-for-nxtclass'], 'ckeditor_create_nonce_file_editor') || empty($_POST['_nxt_http_referer']) || isset($_SERVER['HTTP_REFERER']) && !strstr($_SERVER['HTTP_REFERER'], $_POST['_nxt_http_referer'])) { nxt_die("You do not have sufficient permissions to access this page."); } $fp = fopen($files[$file], 'w'); $content = stripslashes($_POST['newcontent']); fwrite($fp, stripslashes($_POST['newcontent'])); echo '<div class="updated"><p>' . __('Configuration updated!') . '</p></div>'; } else { $fp = fopen($files[$file], 'r'); $content = fread($fp, filesize($files[$file])); } fclose($fp); include 'includes/file_editor.php'; }
/** * Verifies the AJAX request to prevent processing requests external of the blog. * * @since 2.0.3 * * @param string $action Action nonce * @param string $query_arg where to look for nonce in $_REQUEST (since 2.5) */ function check_ajax_referer($action = -1, $query_arg = false, $die = true) { if ($query_arg) { $nonce = $_REQUEST[$query_arg]; } else { $nonce = isset($_REQUEST['_ajax_nonce']) ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_nxtnonce']; } $result = nxt_verify_nonce($nonce, $action); if ($die && false == $result) { die('-1'); } do_action('check_ajax_referer', $action, $result); return $result; }
/** * @since 0.1.0 */ function members_content_permissions_save_meta($post_id, $post) { global $nxt_roles; /* Verify the nonce. */ if (!isset($_POST['content_permissions_meta_nonce']) || !nxt_verify_nonce($_POST['content_permissions_meta_nonce'], plugin_basename(__FILE__))) { return false; } if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) { return; } if (defined('DOING_AJAX') && DOING_AJAX) { return; } if (defined('DOING_CRON') && DOING_CRON) { return; } /* Get the post type object. */ $post_type = get_post_type_object($post->post_type); /* Check if the current user has permission to edit the post. */ if (!current_user_can($post_type->cap->edit_post, $post_id)) { return $post_id; } /* Don't save if the post is only a revision. */ if ('revision' == $post->post_type) { return; } $meta_values = get_post_meta($post_id, '_members_access_role', false); if (isset($_POST['members_access_role']) && is_array($_POST['members_access_role'])) { foreach ($_POST['members_access_role'] as $role) { if (!in_array($role, $meta_values)) { add_post_meta($post_id, '_members_access_role', $role, false); } } foreach ($nxt_roles->role_names as $role => $name) { if (!in_array($role, $_POST['members_access_role']) && in_array($role, $meta_values)) { delete_post_meta($post_id, '_members_access_role', $role); } } } elseif (!empty($meta_values)) { delete_post_meta($post_id, '_members_access_role'); } $meta = array('_members_access_error' => esc_html($_POST['members_access_error'])); foreach ($meta as $meta_key => $new_meta_value) { /* Get the meta value of the custom field key. */ $meta_value = get_post_meta($post_id, $meta_key, true); /* If a new meta value was added and there was no previous value, add it. */ if ($new_meta_value && '' == $meta_value) { add_post_meta($post_id, $meta_key, $new_meta_value, true); } elseif ($new_meta_value && $new_meta_value != $meta_value) { update_post_meta($post_id, $meta_key, $new_meta_value); } elseif ('' == $new_meta_value && $meta_value) { delete_post_meta($post_id, $meta_key, $meta_value); } } }
/** * Loads the create Achievement page. Also implements controller logic. * * @global DPA_Achievement_Template $achievements_template Achievements template tag object * @global nxt_Error $achievements_errors Achievement creation error object * @global object $bp BuddyPress global settings * @since 2.0 * @uses DPA_Achievement */ function dpa_screen_achievement_create() { global $achievements_template, $achievements_errors, $bp, $current_blog; if (!bp_is_current_component($bp->achievements->slug) || DPA_SLUG_CREATE != $bp->current_action || !dpa_permission_can_user_create()) { return; } $bp->achievements->current_achievement = new DPA_Achievement(); $achievement =& $bp->achievements->current_achievement; // Has form been submitted? if (empty($_POST['achievement-create'])) { $achievement->points = ''; $achievement->action_count = 1; $achievement->is_active = 1; do_action('dpa_screen_achievement_create', $achievement); bp_core_load_template(apply_filters('dpa_screen_achievement_create_template', 'achievements/create')); return; } if (!nxt_verify_nonce($_POST['_nxtnonce'], 'achievement-create')) { nxt_nonce_ays(''); die; } /* We can't use template tags because if the new details fail validation and do not save, the template loop will fetch the old version. */ if ('badge' == stripslashes($_POST['achievement_type'])) { $achievement->action_count = 1; $achievement->action_id = -1; } else { $achievement->action_count = (int) $_POST['action_count']; $achievement->action_id = (int) $_POST['action_id']; } if (is_multisite() && bp_is_active('blogs')) { $achievement->site_id = (int) $_POST['site_id']; } else { $achievement->site_id = BP_ROOT_BLOG; } if (bp_is_active('groups')) { $achievement->group_id = (int) $_POST['group_id']; } else { $achievement->group_id = -1; } if (!empty($_POST['is_hidden'])) { $achievement->is_active = 2; } elseif (!empty($_POST['is_active'])) { $achievement->is_active = 1; } else { $achievement->is_active = 0; } $achievement->name = stripslashes($_POST['name']); $achievement->description = stripslashes($_POST['description']); $achievement->points = (int) $_POST['points']; $achievement->slug = stripslashes($_POST['slug']); $achievement->picture_id = -1; // A pictures is chosen on its own page, after creation. $achievements_errors = $achievement->save(); if (!is_nxt_error($achievements_errors)) { $achievements_template->achievement = $achievement; // Required for dpa_record_activity() if (1 == $achievement->is_active) { dpa_record_activity($bp->loggedin_user->id, dpa_format_activity($bp->loggedin_user->id, $achievement->id), $achievement->id, 'achievement_created'); } bp_core_add_message(__("Achievement created succesfully!", 'dpa')); do_action('dpa_screen_achievement_create_success', $achievement); if (dpa_permission_can_user_change_picture()) { bp_core_redirect(dpa_get_achievements_permalink() . '/' . $achievement->slug . '/' . DPA_SLUG_ACHIEVEMENT_CHANGE_PICTURE); } else { bp_core_redirect(dpa_get_achievements_permalink() . '/' . $achievement->slug); } } else { if (!$achievement->points) { $achievement->points = ''; } if (!$achievement->action_count) { $achievement->action_count = ''; } do_action('dpa_screen_achievement_create_fail', $achievement, $achievements_errors); bp_core_add_message(__('An error has occurred and the Achievement has not been created. See below for details.', 'dpa'), 'error'); bp_core_load_template(apply_filters('dpa_screen_achievement_create_template', 'achievements/create')); } }
<?php if (!isset($_REQUEST['woo-shortcodes-nonce']) || $_REQUEST['woo-shortcodes-nonce'] == '') { die('Security check'); } // Get the path to the root. $full_path = __FILE__; $path_bits = explode('nxt-content', $full_path); $url = $path_bits[0]; // Require NXTClass bootstrap. require_once $url . '/nxt-load.php'; // Nonce security check. $nonce = $_REQUEST['woo-shortcodes-nonce']; if (!nxt_verify_nonce($nonce, 'wooframework-shortcode-generator')) { die('Security check'); } $woo_framework_version = get_option('woo_framework_version'); $MIN_VERSION = '2.9'; $meetsMinVersion = version_compare($woo_framework_version, $MIN_VERSION) >= 0; $woo_framework_path = dirname(__FILE__) . '/../../'; $woo_framework_url = get_template_directory_uri() . '/functions/'; $woo_shortcode_css = $woo_framework_path . 'css/shortcodes.css'; $isWooTheme = file_exists($woo_shortcode_css); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> </head> <body> <div id="woo-dialog">
/** * group_admin_content() * * Hooks into bp_before_group_admin_content(), adds Courseware group options */ function group_admin_content() { global $bp; $nonce_name = 'courseware_group_option'; if (isset($_POST['save']) && nxt_verify_nonce($_POST['_nxtnonce'], $nonce_name)) { if (isset($_POST['group_courseware_status']) && !empty($_POST['group_courseware_status'])) { $post_value = sanitize_key($_POST['group_courseware_status']); if (groups_update_groupmeta($bp->groups->current_group->id, 'courseware', $post_value)) { $vars['message'] = __('Group Courseware settings were successfully updated.', 'bpsp'); } } if (isset($_POST['responses_courseware_status']) && !empty($_POST['responses_courseware_status'])) { $post_value = sanitize_key($_POST['responses_courseware_status']); if (groups_update_groupmeta($bp->groups->current_group->id, 'courseware_responses', $post_value)) { $vars['message'] = __('Group Courseware responses settings were successfully updated.', 'bpsp'); } } } $vars['name'] = '_group_admin_screen'; $vars['form_nonce'] = nxt_nonce_field($nonce_name, '_nxtnonce', true, false); $vars['current_status'] = groups_get_groupmeta($bp->groups->current_group->id, 'courseware'); $vars['current_responses_status'] = groups_get_groupmeta($bp->groups->current_group->id, 'courseware_responses'); $this->load_template($vars); }
function create_new_and_redirect() { //echo 'workin?'; if (isset($_GET['new_wiki_page']) && $_GET['new_wiki_page'] == 'true' && nxt_verify_nonce($_GET['nonce'], 'nxtw_new_page_nonce')) { global $nxt_version; global $nxtdb; $new_wiki = array(); $title = strip_tags($_GET['title']); $pieces = explode(':', $title, 2); if (count($pieces) == 2) { list($namespace, $topic) = $pieces; $namespace = strtolower(preg_replace('/[ -]+/', '-', $namespace)); $parent_id = $nxtdb->get_var('SELECT id FROM `' . $nxtdb->posts . '` WHERE post_name = "' . $namespace . '"'); if ($parent_id) { $new_wiki['post_parent'] = $parent_id; } } else { $namespace = ''; $topic = $title; } $topic = strtolower(preg_replace('/[ -]+/', '-', $topic)); $url = get_option('siteurl') . '/wiki/' . ($namespace ? $namespace . '/' : '') . $topic; $new_wiki['post_name'] = $topic; $new_wiki['post_title'] = $title; $new_wiki['post_content'] = 'Click the "Edit" tab to add content to this page.'; $new_wiki['guid'] = $url; $new_wiki['post_status'] = 'publish'; if ($nxt_version >= 3.0) { $new_wiki['post_type'] = 'wiki'; } $new_wiki_id = nxt_insert_post($new_wiki); if ($nxt_version <= 3.0) { update_post_meta($new_wiki_id, '_wiki_page', 1); } nxt_redirect($url); exit; } }
/** * edit_lecture_screen( $vars ) * * Hooks into screen_handler * Edit lecture screen * * @param Array $vars a set of variables received for this screen template * @return Array $vars a set of variable passed to this screen template */ function edit_lecture_screen($vars) { global $bp; $nonce_name = 'edit_lecture'; $updated_lecture_id = $this->current_lecture; $old_lecture = $this->is_lecture($this->current_lecture); if (!$this->has_lecture_caps($bp->loggedin_user->id) && $bp->loggedin_user->id != $old_lecture->post_author && $bp->groups->current_group->id != $old_lecture->group[0]->name && !is_super_admin()) { $vars['die'] = __('BuddyPress Courseware Error while forbidden user tried to update the lecture.', 'bpsp'); return $vars; } // Update lecture if (isset($_POST['lecture']) && $_POST['lecture']['object'] == 'group' && isset($_POST['_nxtnonce'])) { $updated_lecture = $_POST['lecture']; $is_nonce = nxt_verify_nonce($_POST['_nxtnonce'], $nonce_name); if (true != $is_nonce) { $vars['error'] = __('Nonce Error while editing the lecture.', 'bpsp'); } else { if (isset($updated_lecture['title']) && isset($updated_lecture['content']) && is_numeric($updated_lecture['group_id'])) { $updated_lecture['title'] = strip_tags($updated_lecture['title']); $updated_lecture_id = nxt_update_post(array('ID' => $old_lecture->ID, 'post_title' => $updated_lecture['title'], 'post_content' => $updated_lecture['content'], 'post_parent' => intval($updated_lecture['parent']), 'menu_order' => intval($updated_lecture['order']))); if ($updated_lecture_id) { $vars['message'] = __('Lecture was updated.', 'bpsp'); do_action('courseware_lecture_activity', $this->is_lecture($updated_lecture_id), 'update'); } else { $vars['error'] = __('Lecture could not be updated.', 'bpsp'); } } } } $vars['name'] = 'edit_lecture'; $vars['group_id'] = $bp->groups->current_group->id; $vars['user_id'] = $bp->loggedin_user->id; $vars['lecture'] = $this->is_lecture($updated_lecture_id); $vars['lectures'] = $this->has_lectures($bp->groups->current_group->id); $vars['lecture_edit_uri'] = $vars['current_uri'] . '/lecture/' . $this->current_lecture->post_name . '/edit/'; $vars['lecture_delete_uri'] = $vars['current_uri'] . '/lecture/' . $this->current_lecture->post_name . '/delete/'; $vars['lecture_permalink'] = $vars['current_uri'] . '/lecture/' . $this->current_lecture->post_name; $vars['nonce'] = nxt_nonce_field($nonce_name, '_nxtnonce', true, false); $vars['delete_nonce'] = add_query_arg('_nxtnonce', nxt_create_nonce('delete_lecture'), $vars['lecture_delete_uri']); $vars['trail'] = array($this->current_lecture->course->post_title => $this->current_lecture->course->permalink, __('Editing Lecture: ', 'bpsp') . $this->current_lecture->post_title => $this->current_lecture->permalink); return $vars; }
function _show_post_preview() { if (isset($_GET['preview_id']) && isset($_GET['preview_nonce'])) { $id = (int) $_GET['preview_id']; if (false == nxt_verify_nonce($_GET['preview_nonce'], 'post_preview_' . $id)) { nxt_die(__('You do not have permission to preview drafts.')); } add_filter('the_preview', '_set_preview'); } }
/** * delete_response_screen( $vars ) * * Hooks into screen_handler * Delete response screen * * @param Array $vars a set of variables received for this screen template * @return Array $vars a set of variable passed to this screen template */ function delete_response_screen($vars) { if (is_object($this->current_response)) { $response = $this->current_response; } else { $response = $this->is_response($this->current_response); } $nonce_name = 'response_delete'; $is_nonce = false; if (isset($_GET['_nxtnonce'])) { $is_nonce = nxt_verify_nonce($_GET['_nxtnonce'], $nonce_name); } if (true != $is_nonce) { $vars['die'] = __('Nonce Error while deleting the response.', 'bpsp'); return $vars; } if ($this->has_response_caps() || is_super_admin()) { nxt_delete_post($response->ID); delete_post_meta($this->current_assignment->ID, 'responded_author', $response->post_author); if (isset($vars['assignment'])) { $vars = $this->populate_responses($vars); } } else { $vars['die'] = __('BuddyPress Courseware Error while forbidden user tried to delete the response.', 'bpsp'); return $vars; } $vars['name'] = 'single_assignment'; $vars['message'] = __('Response deleted successfully.', 'bpsp'); return $vars; }
require_once "__inc_nxt.php"; require_once "__inc_opts.php"; jfb_debug_checkpoint('start'); //If present, include the Premium addon @(include_once realpath(dirname(__FILE__)) . "/../nxt-FB-AutoConnect-Premium.php"); if (!defined('JFB_PREMIUM')) { @(include_once "Premium.php"); } //Start logging $browser = jfb_get_browser(); $jfb_log = "Starting login process (Client: " . $_SERVER['REMOTE_ADDR'] . ", Version: {$jfb_version}, Browser: " . $browser['shortname'] . " " . $browser['version'] . " for " . $browser['platform'] . ")\n"; //Run one hook before ANYTHING happens. do_action('nxtfb_prelogin'); //Check the nonce to make sure this was a valid login attempt (unless the user has disabled nonce checking) if (!get_option($opt_jfb_disablenonce)) { if (nxt_verify_nonce($_REQUEST[$jfb_nonce_name], $jfb_nonce_name) != 1) { //If there's already a user logged in, tell the user and give them a link back to where they were. $currUser = nxt_get_current_user(); if ($currUser->ID) { $msg = "User \"{$currUser->user_login}\" has already logged in via another browser session.\n"; $jfb_log .= $msg; j_mail("FB Double-Login: "******" -> " . get_bloginfo('name')); die($msg . "<br /><br /><a href=\"" . $_POST['redirectTo'] . "\">Continue</a>"); } //If the nonce failed for some other reason, report the error. $jfb_log .= "nxt: nonce check failed (expected '" . nxt_create_nonce($jfb_nonce_name) . "', received '" . $_REQUEST['_nxtnonce'] . "')\n" . " Original Components) " . get_option($opt_jfb_generated_nonce) . "\n" . " Current Components) " . jfb_debug_nonce_components() . "\n"; if (function_exists('get_plugins')) { $plugins = get_plugins(); $jfb_log .= " Active Plugins:\n"; foreach ($plugins as $plugin) { $jfb_log .= " " . $plugin['Name'] . ' ' . $plugin['Version'] . "\n";
/** * woothemes_metabox_handle function. * * @access public * @return void */ function woothemes_metabox_handle() { $pID = ''; global $globals, $post; $woo_metaboxes = get_option('woo_custom_template', array()); $seo_metaboxes = get_option('woo_custom_seo_template', array()); if (!empty($seo_metaboxes) && get_option('seo_woo_hide_fields') != 'true') { $woo_metaboxes = array_merge((array) $woo_metaboxes, (array) $seo_metaboxes); } // Sanitize post ID. if (isset($_POST['post_ID'])) { $pID = intval($_POST['post_ID']); } // End IF Statement // Don't continue if we don't have a valid post ID. if ($pID == 0) { return; } // End IF Statement $upload_tracking = array(); if (isset($_POST['action']) && $_POST['action'] == 'editpost') { if (get_post_type() != '' && get_post_type() != 'nav_menu_item' && nxt_verify_nonce($_POST['wooframework-custom-fields-nonce'], 'wooframework-custom-fields')) { foreach ($woo_metaboxes as $k => $woo_metabox) { // On Save.. this gets looped in the header response and saves the values submitted if (isset($woo_metabox['type']) && in_array($woo_metabox['type'], woothemes_metabox_fieldtypes())) { $var = $woo_metabox['name']; // Get the current value for checking in the script. $current_value = ''; $current_value = get_post_meta($pID, $var, true); if (isset($_POST[$var])) { // Sanitize the input. $posted_value = ''; $posted_value = $_POST[$var]; // If it doesn't exist, add the post meta. if (get_post_meta($pID, $var) == "") { add_post_meta($pID, $var, $posted_value, true); } elseif ($posted_value != get_post_meta($pID, $var, true)) { update_post_meta($pID, $var, $posted_value); } elseif ($posted_value == "") { delete_post_meta($pID, $var, get_post_meta($pID, $var, true)); } // End IF Statement } elseif (!isset($_POST[$var]) && $woo_metabox['type'] == 'checkbox') { update_post_meta($pID, $var, 'false'); } else { delete_post_meta($pID, $var, $current_value); // Deletes check boxes OR no $_POST } // End IF Statement } else { if ($woo_metabox['type'] == 'timestamp') { // Timestamp save logic. // It is assumed that the data comes back in the following format: // date: month/day/year // hour: int(2) // minute: int(2) // second: int(2) $var = $woo_metabox['name']; // Format the data into a timestamp. $date = $_POST[$var]['date']; $hour = $_POST[$var]['hour']; $minute = $_POST[$var]['minute']; // $second = $_POST[$var]['second']; $second = '00'; $day = substr($date, 3, 2); $month = substr($date, 0, 2); $year = substr($date, 6, 4); $timestamp = mktime($hour, $minute, $second, $month, $day, $year); update_post_meta($pID, $var, $timestamp); } elseif (isset($woo_metabox['type']) && $woo_metabox['type'] == 'upload') { // So, the upload inputs will do this rather $id = $woo_metabox['name']; $override['action'] = 'editpost'; if (!empty($_FILES['attachement_' . $id]['name'])) { //New upload $_FILES['attachement_' . $id]['name'] = preg_replace('/[^a-zA-Z0-9._\\-]/', '', $_FILES['attachement_' . $id]['name']); $uploaded_file = nxt_handle_upload($_FILES['attachement_' . $id], $override); $uploaded_file['option_name'] = $woo_metabox['label']; $upload_tracking[] = $uploaded_file; update_post_meta($pID, $id, $uploaded_file['url']); } elseif (empty($_FILES['attachement_' . $id]['name']) && isset($_POST[$id])) { // Sanitize the input. $posted_value = ''; $posted_value = $_POST[$id]; update_post_meta($pID, $id, $posted_value); } elseif ($_POST[$id] == '') { delete_post_meta($pID, $id, get_post_meta($pID, $id, true)); } // End IF Statement } } // End IF Statement // Error Tracking - File upload was not an Image update_option('woo_custom_upload_tracking', $upload_tracking); } // End FOREACH Loop } // End IF Statement } // End IF Statement }