function get_bookings($ids_only = false, $status = false)
{
global $wpdb;
$status_condition = $blog_condition = '';
if (is_multisite()) {
if (!is_main_site()) {
//not the main blog, force single blog search
$blog_condition = "AND e.blog_id=" . get_current_blog_id();
} elseif (is_main_site() && !get_option('dbem_ms_global_events')) {
$blog_condition = "AND (e.blog_id=" . get_current_blog_id() . ' OR e.blog_id IS NULL)';
}
}
if (is_numeric($status)) {
$status_condition = " AND booking_status={$status}";
} elseif (EM_Object::array_is_numeric($status)) {
$status_condition = " AND booking_status IN (" . implode(',', $status) . ")";
}
$EM_Booking = em_get_booking();
//empty booking for fields
$results = $wpdb->get_results("SELECT b." . implode(', b.', array_keys($EM_Booking->fields)) . " FROM " . EM_BOOKINGS_TABLE . " b, " . EM_EVENTS_TABLE . " e WHERE e.event_id=b.event_id AND person_id={$this->ID} {$blog_condition} {$status_condition} ORDER BY " . get_option('dbem_bookings_default_orderby', 'event_start_date') . " " . get_option('dbem_bookings_default_order', 'ASC'), ARRAY_A);
$bookings = array();
if ($ids_only) {
foreach ($results as $booking_data) {
$bookings[] = $booking_data['booking_id'];
}
return apply_filters('em_person_get_bookings', $bookings, $this);
} else {
foreach ($results as $booking_data) {
$bookings[] = em_get_booking($booking_data);
}
return apply_filters('em_person_get_bookings', new EM_Bookings($bookings), $this);
}
}
/**
* Overrides the default capability of the user for another owner's event if the user is a group admin and the event belongs to a group.
* User must have the relevant permissions globally in order to inherit that capability for this event as well.
* @param boolean $result
* @param EM_Event $EM_Event
*/
function bp_em_group_event_can_manage($result, $EM_Event, $owner_capability, $admin_capability, $user_to_check)
{
if (!$result && $EM_Event->event_owner != get_current_user_id() && !empty($EM_Event->group_id) && bp_is_active('groups')) {
//only override if already false, incase it's true
//if the user is an admin of this group, and actually has the relevant permissions globally, they can manage this event
$EM_Object = new EM_Object();
//create new object to prevent infinite loop should we call $EM_Event->can_manage();
if (groups_is_user_admin(get_current_user_id(), $EM_Event->group_id) && $EM_Object->can_manage($owner_capability, $admin_capability, $user_to_check)) {
//This user is an admin of the owner's group, so they can edit this event.
return true;
} else {
$EM_Event->add_error($EM_Object->get_errors());
//add any applicable errors
}
}
return $result;
}
/**
* Save an array into this class
* @param $array
* @return null
*/
function to_object($array = array())
{
//Save event core data
parent::to_object($array);
//Save location info
$this->location = new EM_Location($array['location_id']);
//Save contact person info
}
/**
* Looks at the request values, saves/updates and then displays the right menu in the admin
* @return null
*/
function em_admin_ms_locations()
{
//TODO EM_Location is globalized, use it fully here
global $EM_Location;
EM_Object::ms_global_switch();
//Take actions
if (!empty($_REQUEST['action']) && ($_REQUEST['action'] == "edit" || $_REQUEST['action'] == "location_save")) {
em_admin_location();
} else {
// no action, just a locations list
em_admin_locations();
}
EM_Object::ms_global_switch_back();
}
/**
* Generates an ics file for a single event
*/
function em_ical_item()
{
global $wpdb, $wp_query, $wp_rewrite;
//check if we're outputting an ical feed
if (!empty($wp_query) && $wp_query->get('ical')) {
$execute_ical = false;
$filename = 'events';
$args = array();
//single event
if ($wp_query->get(EM_POST_TYPE_EVENT)) {
$event_id = $wpdb->get_var('SELECT event_id FROM ' . EM_EVENTS_TABLE . " WHERE event_slug='" . $wp_query->get(EM_POST_TYPE_EVENT) . "' AND event_status=1 LIMIT 1");
if (!empty($event_id)) {
$filename = $wp_query->get(EM_POST_TYPE_EVENT);
$args['event'] = $event_id;
}
//single location
} elseif ($wp_query->get(EM_POST_TYPE_LOCATION)) {
$location_id = $wpdb->get_var('SELECT location_id FROM ' . EM_LOCATIONS_TABLE . " WHERE location_slug='" . $wp_query->get(EM_POST_TYPE_LOCATION) . "' AND location_status=1 LIMIT 1");
if (!empty($location_id)) {
$filename = $wp_query->get(EM_POST_TYPE_LOCATION);
$args['location'] = $location_id;
}
//taxonomies
} else {
$taxonomies = EM_Object::get_taxonomies();
foreach ($taxonomies as $tax_arg => $taxonomy_info) {
$taxonomy_term = $wp_query->get($taxonomy_info['query_var']);
if ($taxonomy_term) {
$filename = $taxonomy_term;
$args[$tax_arg] = $taxonomy_term;
}
}
}
//only output the ical if we have a match from above
if (count($args) > 0) {
//send headers and output ical
header('Content-type: text/calendar; charset=utf-8');
header('Content-Disposition: inline; filename="' . $filename . '.ics"');
em_locate_template('templates/ical.php', true, array('args' => $args));
exit;
} else {
//no item exists, so redirect to original URL
$url_to_redirect = preg_replace("/ical\\/\$/", '', esc_url_raw(add_query_arg(array('ical' => null))));
wp_redirect($url_to_redirect, '302');
exit;
}
}
}
function ajax_add_booking()
{
/* Check the nonce */
check_admin_referer('add_booking', '_wpnonce_add_booking');
if (!empty($_REQUEST['event_id']) && is_numeric($_REQUEST['event_id'])) {
$EM_Event = new EM_Event($_REQUEST['event_id']);
$result = $EM_Event->get_bookings()->add_from_post();
if ($result) {
$return = array('result' => true, 'message' => $EM_Event->get_bookings()->feedback_message);
} else {
$return = array('result' => false, 'message' => implode('<br />', $EM_Event->get_bookings()->errors));
}
echo EM_Object::json_encode($return);
exit;
} else {
$return = array('result' => false, 'message' => '');
echo EM_Object::json_encode($return);
exit;
}
}
/**
* Shortcode for producing a google map with all the locations. Unfinished and undocumented.
* @param array $atts
* @return string
*/
function get_global($atts)
{
//TODO Finish and document this feature, need to add balloons here
if (get_option('dbem_gmap_is_active') == '1') {
ob_start();
$atts['em_ajax'] = true;
$atts['query'] = 'GlobalMapData';
$rand = substr(md5(rand() . rand()), 0, 5);
//build js array of arguments to send to event query
?>
<div class='em-locations-map' id='em-locations-map-<?php
echo $rand;
?>
' style='width:<?php
echo $atts['width'];
?>
px; height:<?php
echo $atts['height'];
?>
px'><em><?php
_e('Loading Map....', 'dbem');
?>
</em></div>
<div class='em-locations-map-coords' id='em-locations-map-coords-<?php
echo $rand;
?>
' style="display:none; visibility:hidden;"><?php
echo EM_Object::json_encode($atts);
?>
</div>
<?php
return apply_filters('em_map_get_global', ob_get_clean());
} else {
return '';
}
}
public static function meta_box_ms_categories()
{
global $EM_Event;
EM_Object::ms_global_switch();
$categories = EM_Categories::get(array('hide_empty' => false));
?>
<?php
if (count($categories) > 0) {
?>
<p class="ms-global-categories">
<?php
$selected = $EM_Event->get_categories()->get_ids();
?>
<?php
$walker = new EM_Walker_Category();
?>
<?php
$args_em = array('hide_empty' => 0, 'name' => 'event_categories[]', 'hierarchical' => true, 'id' => EM_TAXONOMY_CATEGORY, 'taxonomy' => EM_TAXONOMY_CATEGORY, 'selected' => $selected, 'walker' => $walker);
?>
<?php
echo walk_category_dropdown_tree($categories, 0, $args_em);
?>
</p>
<?php
} else {
?>
<p><?php
sprintf(__('No categories available, <a href="%s">create one here first</a>', 'dbem'), get_bloginfo('wpurl') . '/wp-admin/admin.php?page=events-manager-categories');
?>
</p>
<?php
}
?>
<!-- END Categories -->
<?php
EM_Object::ms_global_switch_back();
}
public static function get_default_search($array_or_defaults = array(), $array = array())
{
self::$context = EM_POST_TYPE_LOCATION;
$defaults = array('eventful' => false, 'eventless' => false, 'orderby' => 'location_name', 'town' => false, 'state' => false, 'country' => false, 'region' => false, 'status' => 1, 'scope' => 'all', 'blog' => get_current_blog_id(), 'private' => current_user_can('read_private_locations'), 'private_only' => false, 'post_id' => false);
//sort out whether defaults were supplied or just the array of search values
if (empty($array)) {
$array = $array_or_defaults;
} else {
$defaults = array_merge($defaults, $array_or_defaults);
}
//specific functionality
if (EM_MS_GLOBAL) {
if (get_site_option('dbem_ms_mainblog_locations')) {
//when searching in MS Global mode with all locations being stored on the main blog, blog_id becomes redundant as locations are stored in one blog table set
$array['blog'] = false;
} elseif ((!is_admin() || defined('DOING_AJAX')) && empty($array['blog']) && is_main_site() && get_site_option('dbem_ms_global_locations')) {
//if enabled, by default we display all blog locations on main site
$array['blog'] = false;
}
}
$array['eventful'] = !empty($array['eventful']) && $array['eventful'] == true;
$array['eventless'] = !empty($array['eventless']) && $array['eventless'] == true;
if (is_admin() && !defined('DOING_AJAX')) {
$defaults['owner'] = !current_user_can('read_others_locations') ? get_current_user_id() : false;
}
return apply_filters('em_locations_get_default_search', parent::get_default_search($defaults, $array), $array, $defaults);
}
/**
* Can the user manage this coupon?
*/
function can_manage($owner_capability = false, $admin_capability = false, $user_to_check = false)
{
return apply_filters('em_coupon_can_manage', parent::can_manage($owner_capability, $admin_capability, $user_to_check), $this, $owner_capability, $admin_capability, $user_to_check);
}
/**
* Can the user manage this location?
*/
function can_manage($owner_capability = false, $admin_capability = false)
{
if ($owner_capability == 'edit_locations' && $this->id == '' && !is_user_logged_in() && get_option('dbem_events_anonymous_submissions')) {
return apply_filters('em_event_can_manage', true);
}
return apply_filters('em_location_can_manage', parent::can_manage($owner_capability, $admin_capability), $this);
}
public static function rewrite_rules_array($rules)
{
global $wpdb;
//get the slug of the event page
$events_page_id = get_option('dbem_events_page');
$events_page = get_post($events_page_id);
$em_rules = array();
if (is_object($events_page)) {
$events_slug = urldecode(preg_replace('/\\/$/', '', str_replace(trailingslashit(home_url()), '', get_permalink($events_page_id))));
$events_slug = !empty($events_slug) ? trailingslashit($events_slug) : $events_slug;
$em_rules[$events_slug . '(\\d{4}-\\d{2}-\\d{2})$'] = 'index.php?pagename=' . $events_slug . '&calendar_day=$matches[1]';
//event calendar date search
if ($events_page_id != get_option('page_on_front') && EM_POST_TYPE_EVENT_SLUG != $events_slug) {
//ignore this rule if events page is the home page
$em_rules[$events_slug . 'rss/?$'] = 'index.php?post_type=' . EM_POST_TYPE_EVENT . '&feed=feed';
//rss page
$em_rules[$events_slug . 'feed/?$'] = 'index.php?post_type=' . EM_POST_TYPE_EVENT . '&feed=feed';
//compatible rss page
}
if (EM_POST_TYPE_EVENT_SLUG . '/' == $events_slug) {
//won't apply on homepage
//make sure we hard-code rewrites for child pages of events
$child_posts = $wpdb->get_results("SELECT ID, post_name FROM {$wpdb->posts} WHERE post_parent={$events_page->ID} AND post_type='page' AND post_status='publish'");
foreach ($child_posts as $child_post) {
$em_rules[$events_slug . urldecode($child_post->post_name) . '/?$'] = 'index.php?page_id=' . $child_post->ID;
//single event booking form with slug //check if child page has children
$grandchildren = $wpdb->get_results("SELECT ID, post_name FROM {$wpdb->posts} WHERE post_parent={$child_post->ID} AND post_type='page' AND post_status='publish'");
if (count($grandchildren) != 0) {
foreach ($grandchildren as $grandchild) {
$em_rules[$events_slug . urldecode($child_post->post_name) . '/' . urldecode($grandchild->post_name) . '/?$'] = 'index.php?page_id=' . $grandchild->ID;
}
}
}
} elseif (empty($events_slug)) {
//hard code homepage child pages
$child_posts = $wpdb->get_results("SELECT ID, post_name FROM {$wpdb->posts} WHERE post_parent={$events_page->ID} AND post_type='page' AND post_status='publish'");
foreach ($child_posts as $child_post) {
$em_rules[$events_page->post_name . '/' . urldecode($child_post->post_name) . '/?$'] = 'index.php?page_id=' . $child_post->ID;
//single event booking form with slug //check if child page has children
$grandchildren = $wpdb->get_results("SELECT ID, post_name FROM {$wpdb->posts} WHERE post_parent={$child_post->ID} AND post_type='page' AND post_status='publish'");
if (count($grandchildren) != 0) {
foreach ($grandchildren as $grandchild) {
$em_rules[$events_slug . urldecode($child_post->post_name) . '/' . urldecode($grandchild->post_name) . '/?$'] = 'index.php?page_id=' . $grandchild->ID;
}
}
}
}
//global links hard-coded
if (EM_MS_GLOBAL && !get_site_option('dbem_ms_global_events_links', true)) {
//MS Mode has slug also for global links
$em_rules[$events_slug . get_site_option('dbem_ms_events_slug', EM_EVENT_SLUG) . '/(.+)$'] = 'index.php?pagename=' . $events_slug . '&em_redirect=1&event_slug=$matches[1]';
//single event from subsite
}
//add redirection for backwards compatability
$em_rules[$events_slug . EM_EVENT_SLUG . '/(.+)$'] = 'index.php?pagename=' . $events_slug . '&em_redirect=1&event_slug=$matches[1]';
//single event
$em_rules[$events_slug . EM_LOCATION_SLUG . '/(.+)$'] = 'index.php?pagename=' . $events_slug . '&em_redirect=1&location_slug=$matches[1]';
//single location page
$em_rules[$events_slug . EM_CATEGORY_SLUG . '/(.+)$'] = 'index.php?pagename=' . $events_slug . '&em_redirect=1&category_slug=$matches[1]';
//single category page slug
//add a rule that ensures that the events page is found and used over other pages
$em_rules[trim($events_slug, '/') . '/?$'] = 'index.php?pagename=' . trim($events_slug, '/');
} else {
$events_slug = EM_POST_TYPE_EVENT_SLUG;
$em_rules[$events_slug . '/(\\d{4}-\\d{2}-\\d{2})$'] = 'index.php?post_type=' . EM_POST_TYPE_EVENT . '&calendar_day=$matches[1]';
//event calendar date search
if (get_option('dbem_rsvp_enabled')) {
if (!get_option('dbem_my_bookings_page') || !is_object(get_post(get_option('dbem_my_bookings_page')))) {
//only added if bookings page isn't assigned
$em_rules[$events_slug . '/my\\-bookings$'] = 'index.php?post_type=' . EM_POST_TYPE_EVENT . '&bookings_page=1';
//page for users to manage bookings
}
}
//check for potentially conflicting posts with the same slug as events
$conflicting_posts = get_posts(array('name' => EM_POST_TYPE_EVENT_SLUG, 'post_type' => 'any', 'numberposts' => 0));
if (count($conflicting_posts) > 0) {
//won't apply on homepage
foreach ($conflicting_posts as $conflicting_post) {
//make sure we hard-code rewrites for child pages of events
$child_posts = get_posts(array('post_type' => 'any', 'post_parent' => $conflicting_post->ID, 'numberposts' => 0));
foreach ($child_posts as $child_post) {
$em_rules[EM_POST_TYPE_EVENT_SLUG . '/' . urldecode($child_post->post_name) . '/?$'] = 'index.php?page_id=' . $child_post->ID;
//single event booking form with slug
//check if child page has children
$grandchildren = get_pages('child_of=' . $child_post->ID);
if (count($grandchildren) != 0) {
foreach ($grandchildren as $grandchild) {
$em_rules[$events_slug . urldecode($child_post->post_name) . '/' . urldecode($grandchild->post_name) . '/?$'] = 'index.php?page_id=' . $grandchild->ID;
}
}
}
}
}
}
$em_rules = apply_filters('em_rewrite_rules_array_events', $em_rules, $events_slug);
//make sure there's no page with same name as archives, that should take precedence as it can easily be deleted wp admin side
$em_query = new WP_Query(array('pagename' => EM_POST_TYPE_EVENT_SLUG));
if ($em_query->have_posts()) {
$em_rules[trim(EM_POST_TYPE_EVENT_SLUG, '/') . '/?$'] = 'index.php?pagename=' . trim(EM_POST_TYPE_EVENT_SLUG, '/');
wp_reset_postdata();
}
//make sure there's no page with same name as archives, that should take precedence as it can easily be deleted wp admin side
$em_query = new WP_Query(array('pagename' => EM_POST_TYPE_LOCATION_SLUG));
if ($em_query->have_posts()) {
$em_rules[trim(EM_POST_TYPE_LOCATION_SLUG, '/') . '/?$'] = 'index.php?pagename=' . trim(EM_POST_TYPE_LOCATION_SLUG, '/');
wp_reset_postdata();
}
//If in MS global mode and locations are linked on same site
if (EM_MS_GLOBAL && !get_site_option('dbem_ms_global_locations_links', true)) {
$locations_page_id = get_option('dbem_locations_page');
$locations_page = get_post($locations_page_id);
if (is_object($locations_page)) {
$locations_slug = preg_replace('/\\/$/', '', str_replace(trailingslashit(home_url()), '', get_permalink($locations_page_id)));
$locations_slug_slashed = !empty($locations_slug) ? trailingslashit($locations_slug) : $locations_slug;
$em_rules[$locations_slug . '/' . get_site_option('dbem_ms_locations_slug', EM_LOCATION_SLUG) . '/(.+)$'] = 'index.php?pagename=' . $locations_slug_slashed . '&location_slug=$matches[1]';
//single event booking form with slug
}
}
//add ical CPT endpoints
$em_rules[EM_POST_TYPE_EVENT_SLUG . "/([^/]+)/ical/?\$"] = 'index.php?' . EM_POST_TYPE_EVENT . '=$matches[1]&ical=1';
if (get_option('dbem_locations_enabled')) {
$em_rules[EM_POST_TYPE_LOCATION_SLUG . "/([^/]+)/ical/?\$"] = 'index.php?' . EM_POST_TYPE_LOCATION . '=$matches[1]&ical=1';
}
//add ical taxonomy endpoints
$taxonomies = EM_Object::get_taxonomies();
foreach ($taxonomies as $tax_arg => $taxonomy_info) {
//set the dynamic rule for this taxonomy
$em_rules[$taxonomy_info['slug'] . "/([^/]+)/ical/?\$"] = 'index.php?' . $taxonomy_info['query_var'] . '=$matches[1]&ical=1';
}
//add RSS location CPT endpoint
if (get_option('dbem_locations_enabled')) {
$em_rules[EM_POST_TYPE_LOCATION_SLUG . "/([^/]+)/rss/?\$"] = 'index.php?' . EM_POST_TYPE_LOCATION . '=$matches[1]&rss=1';
}
return $em_rules + $rules;
}
/**
* Hooks into em_booking_get_post filter and makes sure that if there's an active gateway for new bookings, if no $_REQUEST['gateway'] is supplied (i.e. hacking, spammer, or js problem with booking button mode).
* @param boolean $result
* @param EM_Booking $EM_Booking
* @return boolean
*/
static function em_booking_get_post($result, $EM_Booking)
{
if (!empty($_REQUEST['manual_booking']) && wp_verify_nonce($_REQUEST['manual_booking'], 'em_manual_booking_' . $_REQUEST['event_id'])) {
return $result;
}
if (get_option('dbem_multiple_bookings') && get_class($EM_Booking) == 'EM_Booking') {
//we only deal with the EM_Multiple_Booking class if we're in multi booking mode
return $result;
}
if (empty($EM_Booking->booking_id) && (empty($_REQUEST['gateway']) || !array_key_exists($_REQUEST['gateway'], self::active_gateways())) && $EM_Booking->get_price() > 0 && count(EM_Gateways::active_gateways()) > 0) {
//spammer or hacker trying to get around no gateway selection
$error = __('Choice of payment method not recognized. If you are seeing this error and selecting a method of payment, we apologize for the inconvenience. Please contact us and we\'ll help you make a booking as soon as possible.', 'em-pro');
$EM_Booking->add_error($error);
$result = false;
if (defined('DOING_AJAX')) {
$return = array('result' => false, 'message' => $error, 'errors' => $error);
echo EM_Object::json_encode($return);
die;
}
}
return $result;
}
<?php
$args = !empty($args) ? $args : array();
/* @var $args array */
?>
<!-- START Category Search -->
<div class="em-search-category em-search-field">
<label><?php
echo esc_html($args['category_label']);
?>
</label>
<?php
EM_Object::ms_global_switch();
//in case in global tables mode of MultiSite, grabs main site categories, if not using MS Global, nothing happens
wp_dropdown_categories(array('hide_empty' => 0, 'orderby' => 'name', 'name' => 'category', 'hierarchical' => true, 'taxonomy' => EM_TAXONOMY_CATEGORY, 'selected' => $args['category'], 'show_option_none' => $args['categories_label'], 'class' => 'em-events-search-category'));
EM_Object::ms_global_switch_back();
//if switched above, switch back
?>
</div>
<!-- END Category Search -->
public static function get_taxonomies()
{
if (empty(self::$taxonomies_array)) {
//default taxonomies
$taxonomies_array = array('category' => array('name' => EM_TAXONOMY_CATEGORY, 'ms' => 'event-category', 'context' => array()), 'tag' => array('name' => EM_TAXONOMY_TAG, 'context' => array()));
//get additional taxonomies associated with locations and events and set context for default taxonomies
foreach (get_taxonomies(array(), 'objects') as $tax_name => $tax) {
$event_tax = in_array(EM_POST_TYPE_EVENT, $tax->object_type);
$loc_tax = in_array(EM_POST_TYPE_LOCATION, $tax->object_type);
if ($tax_name == EM_TAXONOMY_CATEGORY || $tax_name == EM_TAXONOMY_TAG) {
$tax_name = $tax_name == EM_TAXONOMY_CATEGORY ? 'category' : 'tag';
if ($event_tax) {
$taxonomies_array[$tax_name]['context'][] = EM_POST_TYPE_EVENT;
}
if ($loc_tax) {
$taxonomies_array[$tax_name]['context'][] = EM_POST_TYPE_LOCATION;
}
} else {
$tax_name = str_replace('-', '_', $tax_name);
$prefix = !array_key_exists($tax_name, $taxonomies_array) ? '' : 'post_';
if (is_array($tax->object_type)) {
if ($event_tax || $loc_tax) {
$taxonomies_array[$prefix . $tax_name] = array('name' => $tax_name, 'context' => array());
}
if ($event_tax) {
$taxonomies_array[$prefix . $tax_name]['context'][] = EM_POST_TYPE_EVENT;
}
if ($loc_tax) {
$taxonomies_array[$prefix . $tax_name]['context'][] = EM_POST_TYPE_LOCATION;
}
}
}
}
//users can add even more to this if needed, e.g. MS compatability
self::$taxonomies_array = apply_filters('em_object_taxonomies', $taxonomies_array);
}
return self::$taxonomies_array;
}
public static function get_default_search($array_or_defaults = array(), $array = array())
{
$defaults = array('orderby' => get_option('dbem_categories_default_orderby'), 'order' => get_option('dbem_categories_default_order'), 'hide_empty' => false, 'exclude' => array(), 'exclude_tree' => array(), 'include' => array(), 'number' => '', 'fields' => 'all', 'slug' => '', 'parent' => '', 'hierarchical' => true, 'child_of' => 0, 'get' => '', 'name__like' => '', 'pad_counts' => false, 'offset' => '', 'search' => '', 'cache_domain' => 'core');
//sort out whether defaults were supplied or just the array of search values
if (empty($array)) {
$array = $array_or_defaults;
} else {
$defaults = array_merge($defaults, $array_or_defaults);
}
return apply_filters('em_categories_get_default_search', parent::get_default_search($defaults, $array), $array, $defaults);
}
<?php
/*
* This page will search for either a specific location via GET "id" variable
* or will search for events by name via the GET "q" variable.
*/
require_once '../../../../wp-load.php';
global $wpdb;
$locations_table = $wpdb->prefix . EM_LOCATIONS_TABLE;
$location_cond = get_option('dbem_permissions_locations') < 1 && !em_verify_admin() ? "AND location_owner=" . get_current_user_id() : '';
$term = isset($_GET['term']) ? '%' . $_GET['term'] . '%' : '%' . $_GET['q'] . '%';
$sql = $wpdb->prepare("\n\tSELECT \n\t\tConcat( location_name, ', ', location_address, ', ', location_town) AS `label`,\n\t\tlocation_name AS `value`,\n\t\tlocation_address AS `address`, \n\t\tlocation_town AS `town`, \n\t\tlocation_id AS `id`\n\tFROM {$locations_table} \n\tWHERE ( `location_name` LIKE %s ) {$location_cond} LIMIT 10\n", $term);
$locations_array = $wpdb->get_results($sql);
echo EM_Object::json_encode($locations_array);
/*
$return_string_array = array();
foreach($locations_array as $location){
$return_string_class = array();
foreach($location as $key => $value ){
$return_string_class[] = "$key : '".addslashes($value)."'";
}
$return_string_array[] = '{'. implode(',', $return_string_class) .'}';
}
echo '['. implode(',', $return_string_array) .']';
*/
function get_default_search($array = array())
{
$defaults = array('orderby' => get_option('dbem_events_default_orderby'), 'order' => get_option('dbem_events_default_order'), 'bookings' => false, 'status' => 1, 'format_header' => '', 'format_footer' => '', 'town' => false, 'state' => false, 'country' => false, 'region' => false, 'blog' => get_current_blog_id(), 'private' => current_user_can('read_private_events'), 'private_only' => false, 'post_id' => false);
if (EM_MS_GLOBAL && !is_admin()) {
if (empty($array['blog']) && is_main_site() && get_site_option('dbem_ms_global_events')) {
$array['blog'] = false;
}
}
if (is_admin()) {
//figure out default owning permissions
$defaults['owner'] = !current_user_can('edit_others_events') ? get_current_user_id() : false;
if (!array_key_exists('status', $array) && current_user_can('edit_others_events')) {
$defaults['status'] = false;
//by default, admins see pending and live events
}
}
return apply_filters('em_events_get_default_search', parent::get_default_search($defaults, $array), $array, $defaults);
}
function em_admin_init()
{
//in MS global mode and locations are stored in the main blog, then a user must have at least a subscriber role
if (EM_MS_GLOBAL && is_user_logged_in() && !is_main_site() && get_site_option('dbem_ms_mainblog_locations')) {
EM_Object::ms_global_switch();
$user = new WP_User(get_current_user_id());
if (count($user->roles) == 0) {
$user->set_role('subscriber');
}
EM_Object::ms_global_switch_back();
}
}
function get_default_search($array = array())
{
//These defaults aren't for db queries, but flags for what to display in calendar output
$defaults = array('full' => 0, 'long_events' => 0, 'scope' => 'future', 'status' => 1, 'town' => false, 'state' => false, 'country' => false, 'region' => false, 'blog' => get_current_blog_id(), 'orderby' => get_option('dbem_display_calendar_orderby'), 'order' => get_option('dbem_display_calendar_order'));
if (is_multisite()) {
global $bp;
if (!is_main_site() && !array_key_exists('blog', $array)) {
//not the main blog, force single blog search
$array['blog'] = get_current_blog_id();
} elseif (empty($array['blog']) && get_site_option('dbem_ms_global_events')) {
$array['blog'] = false;
}
}
$atts = parent::get_default_search($defaults, $array);
$atts['full'] = $atts['full'] == true ? 1 : 0;
$atts['long_events'] = $atts['long_events'] == true ? 1 : 0;
return apply_filters('em_calendar_get_default_search', $atts, $array, $defaults);
}
/**
* Can the user manage this location?
*/
function can_manage($owner_capability = false, $admin_capability = false, $user_to_check = false)
{
if ($this->location_id == '' && !is_user_logged_in() && get_option('dbem_events_anonymous_submissions')) {
$user_to_check = get_option('dbem_events_anonymous_user');
}
if ($admin_capability && EM_MS_GLOBAL && get_site_option('dbem_ms_mainblog_locations')) {
//if in global mode with locations restricted to main blog, we check capabilities against the main blog
self::ms_global_switch();
$return = parent::can_manage($owner_capability, $admin_capability, $user_to_check);
self::ms_global_switch_back();
} else {
$return = parent::can_manage($owner_capability, $admin_capability, $user_to_check);
}
return apply_filters('em_location_can_manage', $return, $this, $owner_capability, $admin_capability, $user_to_check);
}
/**
* Can the user manage this?
*/
function can_manage($owner_capability = false, $admin_capability = false)
{
return apply_filters('em_event_can_manage', parent::can_manage($owner_capability, $admin_capability), $this);
}
function get_default_search($array = array())
{
$defaults = array('status' => false, 'person' => true, 'blog' => get_current_blog_id(), 'ticket_id' => false);
if (true || is_admin()) {
//figure out default owning permissions
if (!current_user_can('edit_others_events')) {
$defaults['owner'] = get_current_user_id();
} else {
$defaults['owner'] = false;
}
}
if (EM_MS_GLOBAL && !is_admin()) {
if (empty($array['blog']) && is_main_site() && get_site_option('dbem_ms_global_events')) {
$array['blog'] = false;
}
}
return apply_filters('em_bookings_get_default_search', parent::get_default_search($defaults, $array), $array, $defaults);
}
/**
* Performs actions on init. This works for both ajax and normal requests, the return results depends if an em_ajax flag is passed via POST or GET.
*/
function em_init_actions()
{
global $wpdb, $EM_Notices, $EM_Event;
if (defined('DOING_AJAX') && DOING_AJAX) {
$_REQUEST['em_ajax'] = true;
}
//NOTE - No EM objects are globalized at this point, as we're hitting early init mode.
//TODO Clean this up.... use a uniformed way of calling EM Ajax actions
if (!empty($_REQUEST['em_ajax']) || !empty($_REQUEST['em_ajax_action'])) {
if (isset($_REQUEST['em_ajax_action']) && $_REQUEST['em_ajax_action'] == 'get_location') {
if (isset($_REQUEST['id'])) {
$EM_Location = new EM_Location($_REQUEST['id'], 'location_id');
$location_array = $EM_Location->to_array();
$location_array['location_balloon'] = $EM_Location->output(get_option('dbem_location_baloon_format'));
echo EM_Object::json_encode($location_array);
}
die;
}
if (isset($_REQUEST['em_ajax_action']) && $_REQUEST['em_ajax_action'] == 'delete_ticket') {
if (isset($_REQUEST['id'])) {
$EM_Ticket = new EM_Ticket($_REQUEST['id']);
$result = $EM_Ticket->delete();
if ($result) {
$result = array('result' => true);
} else {
$result = array('result' => false, 'error' => $EM_Ticket->feedback_message);
}
} else {
$result = array('result' => false, 'error' => __('No ticket id provided', 'dbem'));
}
echo EM_Object::json_encode($result);
die;
}
if (isset($_REQUEST['query']) && $_REQUEST['query'] == 'GlobalMapData') {
$EM_Locations = EM_Locations::get($_REQUEST);
$json_locations = array();
foreach ($EM_Locations as $location_key => $EM_Location) {
$json_locations[$location_key] = $EM_Location->to_array();
$json_locations[$location_key]['location_balloon'] = $EM_Location->output(get_option('dbem_map_text_format'));
}
echo EM_Object::json_encode($json_locations);
die;
}
if (isset($_REQUEST['ajaxCalendar']) && $_REQUEST['ajaxCalendar']) {
//FIXME if long events enabled originally, this won't show up on ajax call
echo EM_Calendar::output($_REQUEST, false);
die;
}
}
//Event Actions
if (!empty($_REQUEST['action']) && substr($_REQUEST['action'], 0, 5) == 'event') {
//Load the event object, with saved event if requested
if (!empty($_REQUEST['event_id'])) {
$EM_Event = new EM_Event($_REQUEST['event_id']);
} else {
$EM_Event = new EM_Event();
}
//Save Event, only via BP or via [event_form]
if ($_REQUEST['action'] == 'event_save' && $EM_Event->can_manage('edit_events', 'edit_others_events')) {
//Check Nonces
if (!wp_verify_nonce($_REQUEST['_wpnonce'], 'wpnonce_event_save')) {
exit('Trying to perform an illegal action.');
}
//Grab and validate submitted data
if ($EM_Event->get_post() && $EM_Event->save()) {
//EM_Event gets the event if submitted via POST and validates it (safer than to depend on JS)
$events_result = true;
//Success notice
if (is_user_logged_in()) {
$EM_Notices->add_confirm($EM_Event->output(get_option('dbem_events_form_result_success')), true);
} else {
$EM_Notices->add_confirm($EM_Event->output(get_option('dbem_events_anonymous_result_success')), true);
}
$redirect = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : wp_get_referer();
$redirect = em_add_get_params($redirect, array('success' => 1));
wp_redirect($redirect);
exit;
} else {
$EM_Notices->add_error($EM_Event->get_errors());
$events_result = false;
}
}
if ($_REQUEST['action'] == 'event_duplicate' && wp_verify_nonce($_REQUEST['_wpnonce'], 'event_duplicate_' . $EM_Event->event_id)) {
$EM_Event = $EM_Event->duplicate();
if ($EM_Event === false) {
$EM_Notices->add_error($EM_Event->errors, true);
} else {
$EM_Notices->add_confirm($EM_Event->feedback_message, true);
}
wp_redirect(wp_get_referer());
exit;
}
if ($_REQUEST['action'] == 'event_delete' && wp_verify_nonce($_REQUEST['_wpnonce'], 'event_delete_' . $EM_Event->event_id)) {
//DELETE action
$selectedEvents = !empty($_REQUEST['events']) ? $_REQUEST['events'] : '';
if (EM_Object::array_is_numeric($selectedEvents)) {
$events_result = EM_Events::delete($selectedEvents);
} elseif (is_object($EM_Event)) {
$events_result = $EM_Event->delete();
}
$plural = count($selectedEvents) > 1 ? __('Events', 'dbem') : __('Event', 'dbem');
if ($events_result) {
$message = !empty($EM_Event->feedback_message) ? $EM_Event->feedback_message : sprintf(__('%s successfully deleted.', 'dbem'), $plural);
$EM_Notices->add_confirm($message, true);
} else {
$message = !empty($EM_Event->errors) ? $EM_Event->errors : sprintf(__('%s could not be deleted.', 'dbem'), $plural);
$EM_Notices->add_error($message, true);
}
wp_redirect(wp_get_referer());
exit;
} elseif ($_REQUEST['action'] == 'event_detach' && wp_verify_nonce($_REQUEST['_wpnonce'], 'event_detach_' . get_current_user_id() . '_' . $EM_Event->event_id)) {
//Detach event and move on
if ($EM_Event->detach()) {
$EM_Notices->add_confirm($EM_Event->feedback_message, true);
} else {
$EM_Notices->add_error($EM_Event->errors, true);
}
wp_redirect(wp_get_referer());
exit;
} elseif ($_REQUEST['action'] == 'event_attach' && !empty($_REQUEST['undo_id']) && wp_verify_nonce($_REQUEST['_wpnonce'], 'event_attach_' . get_current_user_id() . '_' . $EM_Event->event_id)) {
//Detach event and move on
if ($EM_Event->attach($_REQUEST['undo_id'])) {
$EM_Notices->add_confirm($EM_Event->feedback_message, true);
} else {
$EM_Notices->add_error($EM_Event->errors, true);
}
wp_redirect(wp_get_referer());
exit;
}
//AJAX Exit
if (isset($events_result) && !empty($_REQUEST['em_ajax'])) {
if ($events_result) {
$return = array('result' => true, 'message' => $EM_Event->feedback_message);
} else {
$return = array('result' => false, 'message' => $EM_Event->feedback_message, 'errors' => $EM_Event->errors);
}
}
}
//Location Actions
if (!empty($_REQUEST['action']) && substr($_REQUEST['action'], 0, 8) == 'location') {
global $EM_Location, $EM_Notices;
//Load the location object, with saved event if requested
if (!empty($_REQUEST['location_id'])) {
$EM_Location = new EM_Location($_REQUEST['location_id']);
} else {
$EM_Location = new EM_Location();
}
if ($_REQUEST['action'] == 'location_save' && current_user_can('edit_locations')) {
if (get_site_option('dbem_ms_mainblog_locations')) {
EM_Object::ms_global_switch();
}
//switch to main blog if locations are global
//Check Nonces
em_verify_nonce('location_save');
//Grab and validate submitted data
if ($EM_Location->get_post() && $EM_Location->save()) {
//EM_location gets the location if submitted via POST and validates it (safer than to depend on JS)
$EM_Notices->add_confirm($EM_Location->feedback_message, true);
$redirect = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : wp_get_referer();
wp_redirect($redirect);
exit;
} else {
$EM_Notices->add_error($EM_Location->get_errors());
$result = false;
}
if (get_site_option('dbem_ms_mainblog_locations')) {
EM_Object::ms_global_switch_back();
}
} elseif (!empty($_REQUEST['action']) && $_REQUEST['action'] == "location_delete") {
//delete location
//get object or objects
if (!empty($_REQUEST['locations']) || !empty($_REQUEST['location_id'])) {
$args = !empty($_REQUEST['locations']) ? $_REQUEST['locations'] : $_REQUEST['location_id'];
$locations = EM_Locations::get($args);
foreach ($locations as $location) {
if (!$location->delete()) {
$EM_Notices->add_error($location->get_errors());
$errors = true;
}
}
if (empty($errors)) {
$result = true;
$location_term = count($locations) > 1 ? __('Locations', 'dbem') : __('Location', 'dbem');
$EM_Notices->add_confirm(sprintf(__('%s successfully deleted', 'dbem'), $location_term));
} else {
$result = false;
}
}
} elseif (!empty($_REQUEST['action']) && $_REQUEST['action'] == "locations_search" && (!empty($_REQUEST['term']) || !empty($_REQUEST['q']))) {
$results = array();
if (is_user_logged_in() || get_option('dbem_events_anonymous_submissions') && user_can(get_option('dbem_events_anonymous_user'), 'read_others_locations')) {
$location_cond = is_user_logged_in() && !current_user_can('read_others_locations') ? "AND location_owner=" . get_current_user_id() : '';
$term = isset($_REQUEST['term']) ? '%' . $_REQUEST['term'] . '%' : '%' . $_REQUEST['q'] . '%';
$sql = $wpdb->prepare("\r\n\t\t\t\t\tSELECT \r\n\t\t\t\t\t\tlocation_id AS `id`,\r\n\t\t\t\t\t\tConcat( location_name, ', ', location_address, ', ', location_town) AS `label`,\r\n\t\t\t\t\t\tlocation_name AS `value`,\r\n\t\t\t\t\t\tlocation_address AS `address`, \r\n\t\t\t\t\t\tlocation_town AS `town`, \r\n\t\t\t\t\t\tlocation_state AS `state`,\r\n\t\t\t\t\t\tlocation_region AS `region`,\r\n\t\t\t\t\t\tlocation_postcode AS `postcode`,\r\n\t\t\t\t\t\tlocation_country AS `country`\r\n\t\t\t\t\tFROM " . EM_LOCATIONS_TABLE . " \r\n\t\t\t\t\tWHERE ( `location_name` LIKE %s ) AND location_status=1 {$location_cond} LIMIT 10\r\n\t\t\t\t", $term);
$results = $wpdb->get_results($sql);
}
echo EM_Object::json_encode($results);
die;
}
if (isset($result) && $result && !empty($_REQUEST['em_ajax'])) {
$return = array('result' => true, 'message' => $EM_Location->feedback_message);
echo EM_Object::json_encode($return);
die;
} elseif (isset($result) && !$result && !empty($_REQUEST['em_ajax'])) {
$return = array('result' => false, 'message' => $EM_Location->feedback_message, 'errors' => $EM_Notices->get_errors());
echo EM_Object::json_encode($return);
die;
}
}
//Booking Actions
if (!empty($_REQUEST['action']) && substr($_REQUEST['action'], 0, 7) == 'booking' && (is_user_logged_in() || $_REQUEST['action'] == 'booking_add' && get_option('dbem_bookings_anonymous'))) {
global $EM_Event, $EM_Booking, $EM_Person;
//Load the booking object, with saved booking if requested
$EM_Booking = !empty($_REQUEST['booking_id']) ? new EM_Booking($_REQUEST['booking_id']) : new EM_Booking();
if (!empty($EM_Booking->event_id)) {
//Load the event object, with saved event if requested
$EM_Event = $EM_Booking->get_event();
} elseif (!empty($_REQUEST['event_id'])) {
$EM_Event = new EM_Event($_REQUEST['event_id']);
}
$allowed_actions = array('bookings_approve' => 'approve', 'bookings_reject' => 'reject', 'bookings_unapprove' => 'unapprove', 'bookings_delete' => 'delete');
$result = false;
$feedback = '';
if ($_REQUEST['action'] == 'booking_add') {
//ADD/EDIT Booking
ob_start();
em_verify_nonce('booking_add');
if (!is_user_logged_in() || get_option('dbem_bookings_double') || !$EM_Event->get_bookings()->has_booking(get_current_user_id())) {
$post_validation = $EM_Booking->get_post();
do_action('em_booking_add', $EM_Event, $EM_Booking, $post_validation);
if ($post_validation) {
//Does this user need to be registered first?
$registration = true;
//TODO do some ticket validation before registering the user
if ($EM_Event->get_bookings()->get_available_spaces() >= $EM_Booking->get_spaces(true)) {
if ((!is_user_logged_in() || defined('EM_FORCE_REGISTRATION')) && get_option('dbem_bookings_anonymous') && !get_option('dbem_bookings_registration_disable')) {
//find random username - less options for user, less things go wrong
$username_root = explode('@', $_REQUEST['user_email']);
$username_rand = $username_root[0] . rand(1, 1000);
while (username_exists($username_root[0] . rand(1, 1000))) {
$username_rand = $username_root[0] . rand(1, 1000);
}
$_REQUEST['dbem_phone'] = !empty($_REQUEST['dbem_phone']) ? $_REQUEST['dbem_phone'] : '';
//fix to prevent warnings
$_REQUEST['user_name'] = !empty($_REQUEST['user_name']) ? $_REQUEST['user_name'] : '';
//fix to prevent warnings
$user_data = array('user_login' => $username_rand, 'user_email' => $_REQUEST['user_email'], 'user_name' => $_REQUEST['user_name'], 'dbem_phone' => $_REQUEST['dbem_phone']);
$id = em_register_new_user($user_data);
if (is_numeric($id)) {
$EM_Person = new EM_Person($id);
$EM_Booking->person_id = $id;
$feedback = get_option('dbem_booking_feedback_new_user');
$EM_Notices->add_confirm($feedback);
} else {
$registration = false;
if (is_object($id) && get_class($id) == 'WP_Error') {
/* @var $id WP_Error */
if ($id->get_error_code() == 'email_exists') {
$EM_Notices->add_error(get_option('dbem_booking_feedback_email_exists'));
} else {
$EM_Notices->add_error($id->get_error_messages());
}
} else {
$EM_Notices->add_error(get_option('dbem_booking_feedback_reg_error'));
}
}
} elseif ((!is_user_logged_in() || defined('EM_FORCE_REGISTRATION')) && get_option('dbem_bookings_registration_disable')) {
//Validate name, phone and email
$user_data = array();
if (empty($EM_Booking->booking_meta['registration'])) {
$EM_Booking->booking_meta['registration'] = array();
}
// Check the e-mail address
if ($_REQUEST['user_email'] == '') {
$registration = false;
$EM_Notices->add_error(__('<strong>ERROR</strong>: Please type your e-mail address.', 'dbem'));
} elseif (!is_email($_REQUEST['user_email'])) {
$registration = false;
$EM_Notices->add_error(__('<strong>ERROR</strong>: The email address isn’t correct.', 'dbem'));
} elseif (email_exists($_REQUEST['user_email'])) {
$registration = false;
$EM_Notices->add_error(get_option('dbem_booking_feedback_email_exists'));
} else {
$user_data['user_email'] = $_REQUEST['user_email'];
}
//Check the user name
if (!empty($_REQUEST['user_name'])) {
$name_string = explode(' ', wp_kses($_REQUEST['user_name'], array()));
$user_data['first_name'] = array_shift($name_string);
$user_data['last_name'] = implode(' ', $name_string);
}
//Check the first/last name
if (!empty($_REQUEST['first_name'])) {
$user_data['first_name'] = wp_kses($_REQUEST['first_name'], array());
}
if (!empty($_REQUEST['last_name'])) {
$user_data['last_name'] = wp_kses($_REQUEST['last_name'], array());
}
//Check the phone
if (!empty($_REQUEST['dbem_phone'])) {
$user_data['dbem_phone'] = wp_kses($_REQUEST['dbem_phone'], array());
}
//Add booking meta
$EM_Booking->booking_meta['registration'] = array_merge($EM_Booking->booking_meta['registration'], $user_data);
//in case someone else added stuff
//Save default person to booking
$EM_Booking->person_id = get_option('dbem_bookings_registration_user');
} elseif (!is_user_logged_in()) {
$registration = false;
$EM_Notices->add_error(get_option('dbem_booking_feedback_log_in'));
} elseif (empty($EM_Booking->person_id)) {
//user must be logged in, so we make this person the current user id
$EM_Booking->person_id = get_current_user_id();
}
}
$EM_Bookings = $EM_Event->get_bookings();
if ($registration && $EM_Bookings->add($EM_Booking)) {
$result = true;
$EM_Notices->add_confirm($EM_Bookings->feedback_message);
$feedback = $EM_Bookings->feedback_message;
} else {
$result = false;
$EM_Notices->add_error($EM_Bookings->get_errors());
$feedback = $EM_Bookings->feedback_message;
}
} else {
$result = false;
$EM_Notices->add_error($EM_Booking->get_errors());
}
} else {
$result = false;
$feedback = get_option('dbem_booking_feedback_already_booked');
$EM_Notices->add_error($feedback);
}
ob_clean();
} elseif ($_REQUEST['action'] == 'booking_add_one' && is_object($EM_Event) && is_user_logged_in()) {
//ADD/EDIT Booking
em_verify_nonce('booking_add_one');
if (!$EM_Event->get_bookings()->has_booking(get_current_user_id()) || get_option('dbem_bookings_double')) {
$EM_Booking = new EM_Booking(array('person_id' => get_current_user_id(), 'event_id' => $EM_Event->event_id, 'booking_spaces' => 1));
//new booking
$EM_Ticket = $EM_Event->get_bookings()->get_tickets()->get_first();
//get first ticket in this event and book one place there. similar to getting the form values in EM_Booking::get_post_values()
$EM_Ticket_Booking = new EM_Ticket_Booking(array('ticket_id' => $EM_Ticket->ticket_id, 'ticket_booking_spaces' => 1));
$EM_Booking->tickets_bookings = new EM_Tickets_Bookings();
$EM_Booking->tickets_bookings->booking = $EM_Ticket_Booking->booking = $EM_Booking;
$EM_Booking->tickets_bookings->add($EM_Ticket_Booking);
//Now save booking
if ($EM_Event->get_bookings()->add($EM_Booking)) {
$result = true;
$EM_Notices->add_confirm($EM_Event->get_bookings()->feedback_message);
$feedback = $EM_Event->get_bookings()->feedback_message;
} else {
$result = false;
$EM_Notices->add_error($EM_Event->get_bookings()->get_errors());
$feedback = $EM_Event->get_bookings()->feedback_message;
}
} else {
$result = false;
$feedback = get_option('dbem_booking_feedback_already_booked');
$EM_Notices->add_error($feedback);
}
} elseif ($_REQUEST['action'] == 'booking_cancel') {
//Cancel Booking
em_verify_nonce('booking_cancel');
if ($EM_Booking->can_manage() || $EM_Booking->person->ID == get_current_user_id() && get_option('dbem_bookings_user_cancellation')) {
if ($EM_Booking->cancel()) {
$result = true;
if (!defined('DOING_AJAX')) {
if ($EM_Booking->person->ID == get_current_user_id()) {
$EM_Notices->add_confirm(get_option('dbem_booking_feedback_cancelled'), true);
} else {
$EM_Notices->add_confirm($EM_Booking->feedback_message, true);
}
wp_redirect($_SERVER['HTTP_REFERER']);
exit;
}
} else {
$result = false;
$EM_Notices->add_error($EM_Booking->get_errors());
$feedback = $EM_Booking->feedback_message;
}
} else {
$EM_Notices->add_error(__('You must log in to cancel your booking.', 'dbem'));
}
//TODO user action shouldn't check permission, booking object should.
} elseif (array_key_exists($_REQUEST['action'], $allowed_actions) && $EM_Event->can_manage('manage_bookings', 'manage_others_bookings')) {
//Event Admin only actions
$action = $allowed_actions[$_REQUEST['action']];
//Just do it here, since we may be deleting bookings of different events.
if (!empty($_REQUEST['bookings']) && EM_Object::array_is_numeric($_REQUEST['bookings'])) {
$results = array();
foreach ($_REQUEST['bookings'] as $booking_id) {
$EM_Booking = new EM_Booking($booking_id);
$result = $EM_Booking->{$action}();
$results[] = $result;
if (!in_array(false, $results) && !$result) {
$feedback = $EM_Booking->feedback_message;
}
}
$result = !in_array(false, $results);
} elseif (is_object($EM_Booking)) {
$result = $EM_Booking->{$action}();
$feedback = $EM_Booking->feedback_message;
}
//FIXME not adhereing to object's feedback or error message, like other bits in this file.
//TODO multiple deletion won't work in ajax
if (!empty($_REQUEST['em_ajax'])) {
if ($result) {
echo $feedback;
} else {
echo '<span style="color:red">' . $feedback . '</span>';
}
die;
}
} elseif ($_REQUEST['action'] == 'booking_save') {
em_verify_nonce('booking_save_' . $EM_Booking->booking_id);
do_action('em_booking_save', $EM_Event, $EM_Booking);
if ($EM_Booking->can_manage('manage_bookings', 'manage_others_bookings')) {
if ($EM_Booking->get_post(true) && $EM_Booking->save(false)) {
$EM_Notices->add_confirm($EM_Booking->feedback_message, true);
$redirect = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : wp_get_referer();
wp_redirect($redirect);
exit;
} else {
$result = false;
$EM_Notices->add_error($EM_Booking->get_errors());
$feedback = $EM_Booking->feedback_message;
}
}
} elseif ($_REQUEST['action'] == 'booking_set_status') {
em_verify_nonce('booking_set_status_' . $EM_Booking->booking_id);
if ($EM_Booking->can_manage('manage_bookings', 'manage_others_bookings') && $_REQUEST['booking_status'] != $EM_Booking->booking_status) {
if ($EM_Booking->set_status($_REQUEST['booking_status'], false)) {
if (!empty($_REQUEST['send_email'])) {
if ($EM_Booking->email(false)) {
$EM_Booking->feedback_message .= " " . __('Mail Sent.', 'dbem');
} else {
$EM_Booking->feedback_message .= ' <span style="color:red">' . __('ERROR : Mail Not Sent.', 'dbem') . '</span>';
}
}
$EM_Notices->add_confirm($EM_Booking->feedback_message, true);
$redirect = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : wp_get_referer();
wp_redirect($redirect);
exit;
} else {
$result = false;
$EM_Notices->add_error($EM_Booking->get_errors());
$feedback = $EM_Booking->feedback_message;
}
}
} elseif ($_REQUEST['action'] == 'booking_resend_email') {
em_verify_nonce('booking_resend_email_' . $EM_Booking->booking_id);
if ($EM_Booking->can_manage('manage_bookings', 'manage_others_bookings')) {
if ($EM_Booking->email(false, true)) {
$EM_Notices->add_confirm(__('Mail Sent.', 'dbem'), true);
$redirect = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : wp_get_referer();
wp_redirect($redirect);
exit;
} else {
$result = false;
$EM_Notices->add_error(__('ERROR : Mail Not Sent.', 'dbem'));
$feedback = $EM_Booking->feedback_message;
}
}
}
if ($result && defined('DOING_AJAX')) {
$return = array('result' => true, 'message' => $feedback);
echo EM_Object::json_encode(apply_filters('em_action_' . $_REQUEST['action'], $return, $EM_Booking));
die;
} elseif (!$result && defined('DOING_AJAX')) {
$return = array('result' => false, 'message' => $feedback, 'errors' => $EM_Notices->get_errors());
echo EM_Object::json_encode(apply_filters('em_action_' . $_REQUEST['action'], $return, $EM_Booking));
die;
}
} elseif (!empty($_REQUEST['action']) && $_REQUEST['action'] == 'booking_add' && !is_user_logged_in() && !get_option('dbem_bookings_anonymous')) {
$EM_Notices->add_error(get_option('dbem_booking_feedback_log_in'));
if (!$result && defined('DOING_AJAX')) {
$return = array('result' => false, 'message' => $EM_Booking->feedback_message, 'errors' => $EM_Notices->get_errors());
echo EM_Object::json_encode(apply_filters('em_action_' . $_REQUEST['action'], $return, $EM_Booking));
}
die;
}
//AJAX call for searches
if (!empty($_REQUEST['action']) && substr($_REQUEST['action'], 0, 6) == 'search') {
if ($_REQUEST['action'] == 'search_states') {
$results = array();
$conds = array();
if (!empty($_REQUEST['country'])) {
$conds[] = $wpdb->prepare("(location_country = '%s' OR location_country IS NULL )", $_REQUEST['country']);
}
if (!empty($_REQUEST['region'])) {
$conds[] = $wpdb->prepare("( location_region = '%s' OR location_region IS NULL )", $_REQUEST['region']);
}
$cond = count($conds) > 0 ? "AND " . implode(' AND ', $conds) : '';
$results = $wpdb->get_col("SELECT DISTINCT location_state FROM " . EM_LOCATIONS_TABLE . " WHERE location_state IS NOT NULL AND location_state != '' {$cond} ORDER BY location_state");
if ($_REQUEST['return_html']) {
//quick shortcut for quick html form manipulation
ob_start();
?>
<option value=''><?php
echo get_option('dbem_search_form_states_label');
?>
</option>
<?php
foreach ($results as $result) {
echo "<option>{$result}</option>";
}
$return = ob_get_clean();
echo apply_filters('em_ajax_search_states', $return);
exit;
} else {
echo EM_Object::json_encode($results);
exit;
}
}
if ($_REQUEST['action'] == 'search_towns') {
$results = array();
$conds = array();
if (!empty($_REQUEST['country'])) {
$conds[] = $wpdb->prepare("(location_country = '%s' OR location_country IS NULL )", $_REQUEST['country']);
}
if (!empty($_REQUEST['region'])) {
$conds[] = $wpdb->prepare("( location_region = '%s' OR location_region IS NULL )", $_REQUEST['region']);
}
if (!empty($_REQUEST['state'])) {
$conds[] = $wpdb->prepare("(location_state = '%s' OR location_state IS NULL )", $_REQUEST['state']);
}
$cond = count($conds) > 0 ? "AND " . implode(' AND ', $conds) : '';
$results = $wpdb->get_col("SELECT DISTINCT location_town FROM " . EM_LOCATIONS_TABLE . " WHERE location_town IS NOT NULL AND location_town != '' {$cond} ORDER BY location_town");
if ($_REQUEST['return_html']) {
//quick shortcut for quick html form manipulation
ob_start();
?>
<option value=''><?php
echo get_option('dbem_search_form_towns_label');
?>
</option>
<?php
foreach ($results as $result) {
echo "<option>{$result}</option>";
}
$return = ob_get_clean();
echo apply_filters('em_ajax_search_towns', $return);
exit;
} else {
echo EM_Object::json_encode($results);
exit;
}
}
if ($_REQUEST['action'] == 'search_regions') {
if (!empty($_REQUEST['country'])) {
$conds[] = $wpdb->prepare("(location_country = '%s' OR location_country IS NULL )", $_REQUEST['country']);
}
$cond = count($conds) > 0 ? "AND " . implode(' AND ', $conds) : '';
$results = $wpdb->get_results("SELECT DISTINCT location_region AS value FROM " . EM_LOCATIONS_TABLE . " WHERE location_region IS NOT NULL AND location_region != '' {$cond} ORDER BY location_region");
if ($_REQUEST['return_html']) {
//quick shortcut for quick html form manipulation
ob_start();
?>
<option value=''><?php
echo get_option('dbem_search_form_regions_label');
?>
</option>
<?php
foreach ($results as $result) {
echo "<option>{$result->value}</option>";
}
$return = ob_get_clean();
echo apply_filters('em_ajax_search_regions', $return);
exit;
} else {
echo EM_Object::json_encode($results);
exit;
}
} elseif ($_REQUEST['action'] == 'search_events' && get_option('dbem_events_page_search') && defined('DOING_AJAX')) {
$args = EM_Events::get_post_search();
$args['owner'] = false;
ob_start();
em_locate_template('templates/events-list.php', true, array('args' => $args));
//if successful, this template overrides the settings and defaults, including search
echo apply_filters('em_ajax_search_events', ob_get_clean(), $args);
exit;
}
}
//EM Ajax requests require this flag.
if (is_user_logged_in()) {
//Admin operations
//Specific Oject Ajax
if (!empty($_REQUEST['em_obj'])) {
switch ($_REQUEST['em_obj']) {
case 'em_bookings_events_table':
case 'em_bookings_pending_table':
case 'em_bookings_confirmed_table':
//add some admin files just in case
include_once 'admin/bookings/em-confirmed.php';
include_once 'admin/bookings/em-events.php';
include_once 'admin/bookings/em-pending.php';
call_user_func($_REQUEST['em_obj']);
exit;
break;
}
}
}
//Export CSV - WIP
if (!empty($_REQUEST['action']) && $_REQUEST['action'] == 'export_bookings_csv' && wp_verify_nonce($_REQUEST['_wpnonce'], 'export_bookings_csv')) {
//sort out cols
if (!empty($_REQUEST['cols']) && is_array($_REQUEST['cols'])) {
$cols = array();
foreach ($_REQUEST['cols'] as $col => $active) {
if ($active) {
$cols[] = $col;
}
}
$_REQUEST['cols'] = $cols;
}
$_REQUEST['limit'] = 0;
//generate bookings export according to search request
$show_tickets = !empty($_REQUEST['show_tickets']);
$EM_Bookings_Table = new EM_Bookings_Table($show_tickets);
header("Content-Type: application/octet-stream; charset=utf-8");
header("Content-Disposition: Attachment; filename=" . sanitize_title(get_bloginfo()) . "-bookings-export.csv");
echo sprintf(__('Exported booking on %s', 'dbem'), date_i18n('D d M Y h:i', current_time('timestamp'))) . "\n";
echo '"' . implode('","', $EM_Bookings_Table->get_headers(true)) . '"' . "\n";
//Rows
$EM_Bookings_Table->limit = 150;
//if you're having server memory issues, try messing with this number
$EM_Bookings = $EM_Bookings_Table->get_bookings();
$handle = fopen("php://output", "w");
while (!empty($EM_Bookings)) {
foreach ($EM_Bookings as $EM_Booking) {
//Display all values
/* @var $EM_Booking EM_Booking */
/* @var $EM_Ticket_Booking EM_Ticket_Booking */
if ($show_tickets) {
foreach ($EM_Booking->get_tickets_bookings()->tickets_bookings as $EM_Ticket_Booking) {
$row = $EM_Bookings_Table->get_row_csv($EM_Ticket_Booking);
fputcsv($handle, $row);
}
} else {
$row = $EM_Bookings_Table->get_row_csv($EM_Booking);
fputcsv($handle, $row);
}
}
//reiterate loop
$EM_Bookings_Table->offset += $EM_Bookings_Table->limit;
$EM_Bookings = $EM_Bookings_Table->get_bookings();
}
fclose($handle);
exit;
}
}
/**
* Returns this object in the form of an array
* @return array
*/
function to_array($person = false)
{
$booking = array();
//Core Data
$booking = parent::to_array();
//Person Data
if ($person && is_object($this->person)) {
$person = $this->person->to_array();
$booking = array_merge($booking, $person);
}
return $booking;
}
function em_admin_email_test_ajax()
{
if (wp_verify_nonce($_REQUEST['_check_email_nonce'], 'check_email') && current_user_can('activate_plugins')) {
$subject = __("Events Manager Test Email", 'dbem');
$content = __('Congratulations! Your email settings work.', 'dbem');
$current_user = get_user_by('id', get_current_user_id());
//add filters for options used in EM_Mailer so the current supplied ones are used
ob_start();
function pre_option_dbem_mail_sender_name()
{
return sanitize_email($_REQUEST['dbem_mail_sender_name']);
}
add_filter('pre_option_dbem_mail_sender_name', 'pre_option_dbem_mail_sender_name');
function pre_option_dbem_mail_sender_address()
{
return sanitize_text_field($_REQUEST['dbem_mail_sender_address']);
}
add_filter('pre_option_dbem_mail_sender_address', 'pre_option_dbem_mail_sender_address');
function pre_option_dbem_rsvp_mail_send_method()
{
return sanitize_text_field($_REQUEST['dbem_rsvp_mail_send_method']);
}
add_filter('pre_option_dbem_rsvp_mail_send_method', 'pre_option_dbem_rsvp_mail_send_method');
function pre_option_dbem_rsvp_mail_port()
{
return sanitize_text_field($_REQUEST['dbem_rsvp_mail_port']);
}
add_filter('pre_option_dbem_rsvp_mail_port', 'pre_option_dbem_rsvp_mail_port');
function pre_option_dbem_rsvp_mail_SMTPAuth()
{
return sanitize_text_field($_REQUEST['dbem_rsvp_mail_SMTPAuth']);
}
add_filter('pre_option_dbem_rsvp_mail_SMTPAuth', 'pre_option_dbem_rsvp_mail_SMTPAuth');
function pre_option_dbem_smtp_host()
{
return sanitize_text_field($_REQUEST['dbem_smtp_host']);
}
add_filter('pre_option_dbem_smtp_host', 'pre_option_dbem_smtp_host');
function pre_option_dbem_smtp_username()
{
return sanitize_text_field($_REQUEST['dbem_smtp_username']);
}
add_filter('pre_option_dbem_smtp_username', 'pre_option_dbem_smtp_username');
function pre_option_dbem_smtp_password()
{
return sanitize_text_field($_REQUEST['dbem_smtp_password']);
}
add_filter('pre_option_dbem_smtp_password', 'pre_option_dbem_smtp_password');
ob_clean();
//remove any php errors/warnings output
$EM_Event = new EM_Event();
if ($EM_Event->email_send($subject, $content, $current_user->user_email)) {
$result = array('result' => true, 'message' => sprintf(__('Email sent succesfully to %s', 'dbem'), $current_user->user_email));
} else {
$result = array('result' => false, 'message' => __('Email not sent.', 'dbem') . " <ul><li>" . implode('</li><li>', $EM_Event->get_errors()) . '</li></ul>');
}
echo EM_Object::json_encode($result);
}
exit;
}
public static function get_default_search($array_or_defaults = array(), $array = array())
{
self::$context = EM_POST_TYPE_EVENT;
$defaults = array('orderby' => get_option('dbem_events_default_orderby'), 'order' => get_option('dbem_events_default_order'), 'bookings' => false, 'status' => 1, 'format_header' => '', 'format_footer' => '', 'town' => false, 'state' => false, 'country' => false, 'region' => false, 'blog' => get_current_blog_id(), 'private' => current_user_can('read_private_events'), 'private_only' => false, 'post_id' => false);
//sort out whether defaults were supplied or just the array of search values
if (empty($array)) {
$array = $array_or_defaults;
} else {
$defaults = array_merge($defaults, $array_or_defaults);
}
//specific functionality
if (EM_MS_GLOBAL && (!is_admin() || defined('DOING_AJAX'))) {
if (empty($array['blog']) && is_main_site() && get_site_option('dbem_ms_global_events')) {
$array['blog'] = false;
}
}
if (is_admin()) {
//figure out default owning permissions
$defaults['owner'] = !current_user_can('edit_others_events') ? get_current_user_id() : false;
if (!array_key_exists('status', $array) && current_user_can('edit_others_events')) {
$defaults['status'] = false;
//by default, admins see pending and live events
}
}
return apply_filters('em_events_get_default_search', parent::get_default_search($defaults, $array), $array, $defaults);
}
function get_default_search($array = array())
{
$defaults = array('scope' => false, 'eventful' => false, 'eventless' => false);
if (is_admin()) {
//by default, we only get categories the owner can manage
switch (get_option('dbem_permissions_categories')) {
case 0:
$defaults['owner'] = get_current_user_id();
break;
case 1:
$wp_user_search = new WP_User_Search(null, null, 'administrator');
$users = $wp_user_search->get_results();
$users[] = get_current_user_id();
$users[] = 0;
$defaults['owner'] = implode(',', $users);
break;
case 2:
$defaults['owner'] = false;
break;
}
$defaults['owner'] = em_verify_admin() ? false : $defaults['owner'];
}
return apply_filters('em_categories_get_default_search', parent::get_default_search($defaults, $array), $array, $defaults);
}
/**
* Can the user manage this?
*/
function can_manage($owner_capability = false, $admin_capability = false, $user_to_check = false)
{
if ($this->event_id == '' && !is_user_logged_in() && get_option('dbem_events_anonymous_submissions')) {
$user_to_check = get_option('dbem_events_anonymous_user');
}
return apply_filters('em_event_can_manage', parent::can_manage($owner_capability, $admin_capability, $user_to_check), $this, $owner_capability, $admin_capability, $user_to_check);
}
function get_default_search($array = array())
{
$defaults = array('eventful' => false, 'eventless' => false, 'orderby' => 'location_name', 'town' => false, 'state' => false, 'country' => false, 'region' => false, 'status' => 1, 'scope' => 'all', 'blog' => get_current_blog_id(), 'private' => current_user_can('read_private_locations'), 'private_only' => false, 'post_id' => false);
if (EM_MS_GLOBAL && get_site_option('dbem_ms_mainblog_locations')) {
if (empty($array['blog']) && !is_main_site()) {
$array['blog'] = get_current_site()->blog_id;
}
}
$array['eventful'] = !empty($array['eventful']) && $array['eventful'] == true;
$array['eventless'] = !empty($array['eventless']) && $array['eventless'] == true;
if (is_admin()) {
$defaults['owner'] = !current_user_can('read_others_locations') ? get_current_user_id() : false;
}
return apply_filters('em_locations_get_default_search', parent::get_default_search($defaults, $array), $array, $defaults);
}
