function rcp_process_data() { if (!is_admin()) { return; } if (!empty($_POST)) { /**************************************** * subscription levels ****************************************/ // add a new subscription level if (isset($_POST['rcp-action']) && $_POST['rcp-action'] == 'add-level') { if (!current_user_can('rcp_manage_levels')) { wp_die(__('You do not have permission to perform this action.', 'rcp')); } $levels = new RCP_Levels(); $add = $levels->insert($_POST); if ($add) { $url = get_bloginfo('wpurl') . '/wp-admin/admin.php?page=rcp-member-levels&rcp_message=level_added'; } else { $url = get_bloginfo('wpurl') . '/wp-admin/admin.php?page=rcp-member-levels&rcp_message=level_not_added'; } wp_safe_redirect($url); exit; } // edit a subscription level if (isset($_POST['rcp-action']) && $_POST['rcp-action'] == 'edit-subscription') { if (!current_user_can('rcp_manage_levels')) { wp_die(__('You do not have permission to perform this action.', 'rcp')); } $levels = new RCP_Levels(); $update = $levels->update($_POST['subscription_id'], $_POST); if ($update) { // clear the cache $url = get_bloginfo('wpurl') . '/wp-admin/admin.php?page=rcp-member-levels&rcp_message=level_updated'; } else { $url = get_bloginfo('wpurl') . '/wp-admin/admin.php?page=rcp-member-levels&rcp_message=level_not_updated'; } wp_safe_redirect($url); exit; } // add a subscription for an existing member if (isset($_POST['rcp-action']) && $_POST['rcp-action'] == 'add-subscription') { if (!current_user_can('rcp_manage_members')) { wp_die(__('You do not have permission to perform this action.', 'rcp')); } if (isset($_POST['expiration']) && strtotime('NOW') > strtotime($_POST['expiration']) && 'none' !== $_POST['expiration']) { $url = get_bloginfo('wpurl') . '/wp-admin/admin.php?page=rcp-members&rcp_message=user_not_added'; header("Location:" . $url); } else { $levels = new RCP_Levels(); $user = get_user_by('login', $_POST['user']); $expiration = isset($_POST['expiration']) ? sanitize_text_field($_POST['expiration']) : 'none'; $level_id = absint($_POST['level']); rcp_set_expiration_date($user->ID, $expiration); rcp_set_status($user->ID, 'active'); update_user_meta($user->ID, 'rcp_signup_method', 'manual'); // Add a role, if needed, to the user $subscription = $levels->get_level($level_id); update_user_meta($user->ID, 'rcp_subscription_level', $level_id); // Add the new user role $role = !empty($subscription->role) ? $subscription->role : 'subscriber'; $user->add_role($role); if (isset($_POST['recurring'])) { update_user_meta($user->ID, 'rcp_recurring', 'yes'); } else { delete_user_meta($user->ID, 'rcp_recurring'); } $url = get_bloginfo('wpurl') . '/wp-admin/admin.php?page=rcp-members&rcp_message=user_added'; header("Location:" . $url); } } // bulk edit members if (isset($_POST['rcp-bulk-action']) && $_POST['rcp-bulk-action']) { if (!wp_verify_nonce($_POST['rcp_bulk_edit_nonce'], 'rcp_bulk_edit_nonce')) { wp_die(__('Nonce verification failed.', 'rcp')); } if (!current_user_can('rcp_manage_members')) { wp_die(__('You do not have permission to perform this action.', 'rcp')); } if (empty($_POST['member-ids'])) { wp_die(__('Please select at least one member to edit.', 'rcp')); } $member_ids = array_map('absint', $_POST['member-ids']); $action = !empty($_POST['rcp-bulk-action']) ? sanitize_text_field($_POST['rcp-bulk-action']) : false; foreach ($member_ids as $member_id) { $member = new RCP_Member($member_id); if (!empty($_POST['expiration']) && 'delete' !== $action) { $member->set_expiration_date(date('Y-m-d H:i:s', strtotime($_POST['expiration']))); } if ($action) { switch ($action) { case 'mark-active': $member->set_status('active'); break; case 'mark-expired': $member->set_status('expired'); break; case 'mark-cancelled': $member->set_status('cancelled'); break; case 'delete': wp_delete_user($member->ID); break; } } } wp_redirect(admin_url('admin.php?page=rcp-members&rcp_message=members_updated')); exit; } // edit a member's subscription if (isset($_POST['rcp-action']) && $_POST['rcp-action'] == 'edit-member') { if (!current_user_can('rcp_manage_members')) { wp_die(__('You do not have permission to perform this action.', 'rcp')); } $levels = new RCP_Levels(); $user_id = absint($_POST['user']); $member = new RCP_Member($user_id); $status = sanitize_text_field($_POST['status']); $level_id = absint($_POST['level']); $expiration = isset($_POST['expiration']) ? sanitize_text_field($_POST['expiration']) : 'none'; $expiration = 'none' !== $expiration ? date('Y-m-d 23:59:59', strtotime($_POST['expiration'])) : $expiration; if (!empty($_POST['expiration'])) { $member->set_expiration_date($expiration); } if (isset($_POST['level'])) { $current_id = rcp_get_subscription_id($user_id); $new_level = $levels->get_level($level_id); $old_level = $levels->get_level($current_id); if ($current_id != $level_id) { update_user_meta($user_id, 'rcp_subscription_level', $level_id); // Remove the old user role $role = !empty($old_level->role) ? $old_level->role : 'subscriber'; $member->remove_role($role); // Add the new user role $role = !empty($new_level->role) ? $new_level->role : 'subscriber'; $member->add_role($role); } } if (isset($_POST['recurring'])) { $member->set_recurring(true); } else { $member->set_recurring(false); } if (isset($_POST['trialing'])) { update_user_meta($user_id, 'rcp_is_trialing', 'yes'); } else { delete_user_meta($user_id, 'rcp_is_trialing'); } if (isset($_POST['signup_method'])) { update_user_meta($user_id, 'rcp_signup_method', $_POST['signup_method']); } if (isset($_POST['notes'])) { update_user_meta($user_id, 'rcp_notes', wp_kses($_POST['notes'], array())); } if (isset($_POST['status'])) { rcp_set_status($user_id, $status); } if (isset($_POST['payment-profile-id'])) { $member->set_payment_profile_id($_POST['payment-profile-id']); } do_action('rcp_edit_member', $user_id); wp_redirect(admin_url('admin.php?page=rcp-members&edit_member=' . $user_id . '&rcp_message=user_updated')); exit; } /**************************************** * discount codes ****************************************/ // add a new discount code if (isset($_POST['rcp-action']) && $_POST['rcp-action'] == 'add-discount') { if (!current_user_can('rcp_manage_discounts')) { wp_die(__('You do not have permission to perform this action.', 'rcp')); } $discounts = new RCP_Discounts(); // Setup unsanitized data $data = array('name' => $_POST['name'], 'description' => $_POST['description'], 'amount' => $_POST['amount'], 'unit' => isset($_POST['unit']) && $_POST['unit'] == '%' ? '%' : 'flat', 'code' => $_POST['code'], 'status' => 'active', 'expiration' => $_POST['expiration'], 'max_uses' => $_POST['max'], 'subscription_id' => $_POST['subscription']); $add = $discounts->insert($data); if ($add) { $url = get_bloginfo('wpurl') . '/wp-admin/admin.php?page=rcp-discounts&rcp_message=discount_added'; } else { $url = get_bloginfo('wpurl') . '/wp-admin/admin.php?page=rcp-discounts&rcp_message=discount_not_added'; } wp_safe_redirect($url); exit; } // edit a discount code if (isset($_POST['rcp-action']) && $_POST['rcp-action'] == 'edit-discount') { if (!current_user_can('rcp_manage_discounts')) { wp_die(__('You do not have permission to perform this action.', 'rcp')); } $discounts = new RCP_Discounts(); // Setup unsanitized data $data = array('name' => $_POST['name'], 'description' => $_POST['description'], 'amount' => $_POST['amount'], 'unit' => isset($_POST['unit']) && $_POST['unit'] == '%' ? '%' : 'flat', 'code' => $_POST['code'], 'status' => $_POST['status'], 'expiration' => $_POST['expiration'], 'max_uses' => $_POST['max'], 'subscription_id' => $_POST['subscription']); $update = $discounts->update($_POST['discount_id'], $data); if ($update) { $url = get_bloginfo('wpurl') . '/wp-admin/admin.php?page=rcp-discounts&discount-updated=1'; } else { $url = get_bloginfo('wpurl') . '/wp-admin/admin.php?page=rcp-discounts&discount-updated=0'; } wp_safe_redirect($url); exit; } // add a new manual payment if (isset($_POST['rcp-action']) && $_POST['rcp-action'] == 'add-payment') { if (!current_user_can('rcp_manage_payments')) { wp_die(__('You do not have permission to perform this action.', 'rcp')); } $payments = new RCP_Payments(); $user = get_user_by('login', $_POST['user']); if ($user) { $data = array('amount' => empty($_POST['amount']) ? 0.0 : sanitize_text_field($_POST['amount']), 'user_id' => $user->ID, 'date' => empty($_POST['date']) ? date('Y-m-d H:i:s', current_time('timestamp')) : date('Y-m-d', strtotime($_POST['date'], current_time('timestamp'))) . ' ' . date('H:i:s', current_time('timestamp')), 'payment_type' => 'manual', 'subscription' => rcp_get_subscription($user->ID), 'subscription_key' => rcp_get_subscription_key($user->ID), 'transaction_id' => sanitize_text_field($_POST['transaction-id']), 'status' => sanitize_text_field($_POST['status'])); $add = $payments->insert($data); } if (!empty($add)) { $cache_args = array('earnings' => 1, 'subscription' => 0, 'user_id' => 0, 'date' => ''); $cache_key = md5(implode(',', $cache_args)); delete_transient($cache_key); $url = admin_url('admin.php?page=rcp-payments&rcp_message=payment_added'); } else { $url = admin_url('admin.php?page=rcp-payments&rcp_message=payment_not_added'); } wp_safe_redirect($url); exit; } // edit a payment if (isset($_POST['rcp-action']) && $_POST['rcp-action'] == 'edit-payment') { if (!current_user_can('rcp_manage_payments')) { wp_die(__('You do not have permission to perform this action.', 'rcp')); } $payments = new RCP_Payments(); $payment_id = absint($_POST['payment-id']); $user = get_user_by('login', $_POST['user']); if ($user && $payment_id) { $data = array('amount' => empty($_POST['amount']) ? 0.0 : sanitize_text_field($_POST['amount']), 'user_id' => $user->ID, 'date' => empty($_POST['date']) ? date('Y-m-d H:i:s', current_time('timestamp')) : date('Y-m-d', strtotime($_POST['date'], current_time('timestamp'))) . ' ' . date('H:i:s', current_time('timestamp')), 'subscription' => rcp_get_subscription($user->ID), 'subscription_key' => rcp_get_subscription_key($user->ID), 'transaction_id' => sanitize_text_field($_POST['transaction-id']), 'status' => sanitize_text_field($_POST['status'])); $update = $payments->update($payment_id, $data); } if (!empty($update)) { $cache_args = array('earnings' => 1, 'subscription' => 0, 'user_id' => 0, 'date' => ''); $cache_key = md5(implode(',', $cache_args)); delete_transient($cache_key); $url = admin_url('admin.php?page=rcp-payments&rcp_message=payment_updated'); } else { $url = admin_url('admin.php?page=rcp-payments&rcp_message=payment_not_updated'); } wp_safe_redirect($url); exit; } } /************************************* * delete data *************************************/ if (!empty($_GET)) { /* member processing */ if (isset($_GET['revoke_access'])) { if (!current_user_can('rcp_manage_members')) { wp_die(__('You do not have permission to perform this action.', 'rcp')); } rcp_set_status(urldecode(absint($_GET['revoke_access'])), 'cancelled'); } if (isset($_GET['activate_member'])) { if (!current_user_can('rcp_manage_members')) { wp_die(__('You do not have permission to perform this action.', 'rcp')); } rcp_set_status(urldecode(absint($_GET['activate_member'])), 'active'); } if (isset($_GET['cancel_member'])) { if (!current_user_can('rcp_manage_members')) { wp_die(__('You do not have permission to perform this action.', 'rcp')); } rcp_cancel_member_payment_profile(urldecode(absint($_GET['cancel_member']))); wp_safe_redirect(admin_url(add_query_arg('rcp_message', 'member_cancelled', 'admin.php?page=rcp-members'))); exit; } /* subscription processing */ if (isset($_GET['delete_subscription']) && $_GET['delete_subscription'] > 0) { if (!current_user_can('rcp_manage_levels')) { wp_die(__('You do not have permission to perform this action.', 'rcp')); } $members_of_subscription = rcp_get_members_of_subscription(absint($_GET['delete_subscription'])); // cancel all active members of this subscription if ($members_of_subscription) { foreach ($members_of_subscription as $member) { rcp_set_status($member, 'cancelled'); } } $levels = new RCP_Levels(); $levels->remove($_GET['delete_subscription']); } if (isset($_GET['activate_subscription']) && $_GET['activate_subscription'] > 0) { if (!current_user_can('rcp_manage_levels')) { wp_die(__('You do not have permission to perform this action.', 'rcp')); } $levels = new RCP_Levels(); $update = $levels->update(absint($_GET['activate_subscription']), array('status' => 'active')); delete_transient('rcp_subscription_levels'); } if (isset($_GET['deactivate_subscription']) && $_GET['deactivate_subscription'] > 0) { if (!current_user_can('rcp_manage_levels')) { wp_die(__('You do not have permission to perform this action.', 'rcp')); } $levels = new RCP_Levels(); $update = $levels->update(absint($_GET['deactivate_subscription']), array('status' => 'inactive')); delete_transient('rcp_subscription_levels'); } /* discount processing */ if (!empty($_GET['delete_discount'])) { if (!current_user_can('rcp_manage_discounts')) { wp_die(__('You do not have permission to perform this action.', 'rcp')); } $discounts = new RCP_Discounts(); $discounts->delete($_GET['delete_discount']); } if (!empty($_GET['activate_discount'])) { if (!current_user_can('rcp_manage_discounts')) { wp_die(__('You do not have permission to perform this action.', 'rcp')); } $discounts = new RCP_Discounts(); $discounts->update($_GET['activate_discount'], array('status' => 'active')); } if (!empty($_GET['deactivate_discount'])) { if (!current_user_can('rcp_manage_discounts')) { wp_die(__('You do not have permission to perform this action.', 'rcp')); } $discounts = new RCP_Discounts(); $discounts->update($_GET['deactivate_discount'], array('status' => 'disabled')); } if (!empty($_GET['rcp-action']) && $_GET['rcp-action'] == 'delete_payment' && wp_verify_nonce($_GET['_wpnonce'], 'rcp_delete_payment_nonce')) { if (!current_user_can('rcp_manage_payments')) { wp_die(__('You do not have permission to perform this action.', 'rcp')); } $payments = new RCP_Payments(); $payments->delete(absint($_GET['payment_id'])); wp_safe_redirect(admin_url(add_query_arg('rcp_message', 'payment_deleted', 'admin.php?page=rcp-payments'))); exit; } } }
/** * Register a new user * * @access public * @since 1.0 */ function rcp_process_registration() { // check nonce if (!(isset($_POST["rcp_register_nonce"]) && wp_verify_nonce($_POST['rcp_register_nonce'], 'rcp-register-nonce'))) { return; } global $rcp_options, $rcp_levels_db; $subscription_id = rcp_get_registration()->get_subscription(); $discount = isset($_POST['rcp_discount']) ? sanitize_text_field($_POST['rcp_discount']) : ''; $price = number_format((double) $rcp_levels_db->get_level_field($subscription_id, 'price'), 2); $price = str_replace(',', '', $price); $subscription = $rcp_levels_db->get_level($subscription_id); $auto_renew = rcp_registration_is_recurring(); // if both today's total and the recurring total are 0, the there is a full discount // if this is not a recurring subscription only check today's total $full_discount = $auto_renew ? rcp_get_registration()->get_total() == 0 && rcp_get_registration()->get_recurring_total() == 0 : rcp_get_registration()->get_total() == 0; // get the selected payment method/gateway if (!isset($_POST['rcp_gateway'])) { $gateway = 'paypal'; } else { $gateway = sanitize_text_field($_POST['rcp_gateway']); } /*********************** * validate the form ***********************/ do_action('rcp_before_form_errors', $_POST); $is_ajax = isset($_POST['rcp_ajax']); $user_data = rcp_validate_user_data(); if (!rcp_is_registration()) { // no subscription level was chosen rcp_errors()->add('no_level', __('Please choose a subscription level', 'rcp'), 'register'); } if ($subscription_id && $price == 0 && $subscription->duration > 0 && rcp_has_used_trial($user_data['id'])) { // this ensures that users only sign up for a free trial once rcp_errors()->add('free_trial_used', __('You may only sign up for a free trial once', 'rcp'), 'register'); } if (!empty($discount)) { // make sure we have a valid discount if (rcp_validate_discount($discount, $subscription_id)) { // check if the user has already used this discount if ($price > 0 && !$user_data['need_new'] && rcp_user_has_used_discount($user_data['id'], $discount) && apply_filters('rcp_discounts_once_per_user', false)) { rcp_errors()->add('discount_already_used', __('You can only use the discount code once', 'rcp'), 'register'); } } else { // the entered discount code is incorrect rcp_errors()->add('invalid_discount', __('The discount you entered is invalid', 'rcp'), 'register'); } } // Validate extra fields in gateways with the 2.1+ gateway API if (!has_action('rcp_gateway_' . $gateway) && $price > 0 && !$full_discount) { $gateways = new RCP_Payment_Gateways(); $gateway_var = $gateways->get_gateway($gateway); $gateway_obj = new $gateway_var['class'](); $gateway_obj->validate_fields(); } do_action('rcp_form_errors', $_POST); // retrieve all error messages, if any $errors = rcp_errors()->get_error_messages(); if (!empty($errors) && $is_ajax) { wp_send_json_error(array('success' => false, 'errors' => rcp_get_error_messages_html('register'), 'nonce' => wp_create_nonce('rcp-register-nonce'))); } elseif ($is_ajax) { wp_send_json_success(array('success' => true)); } // only create the user if there are no errors if (!empty($errors)) { return; } if ($user_data['need_new']) { $user_data['id'] = wp_insert_user(array('user_login' => $user_data['login'], 'user_pass' => $user_data['password'], 'user_email' => $user_data['email'], 'first_name' => $user_data['first_name'], 'last_name' => $user_data['last_name'], 'display_name' => $user_data['first_name'] . ' ' . $user_data['last_name'], 'user_registered' => date('Y-m-d H:i:s'))); } if (empty($user_data['id'])) { return; } // Setup the member object $member = new RCP_Member($user_data['id']); update_user_meta($user_data['id'], '_rcp_new_subscription', '1'); $subscription_key = rcp_generate_subscription_key(); $old_subscription_id = $member->get_subscription_id(); if ($old_subscription_id) { update_user_meta($user_data['id'], '_rcp_old_subscription_id', $old_subscription_id); } if (!$member->is_active()) { update_user_meta($user_data['id'], 'rcp_subscription_level', $subscription_id); update_user_meta($user_data['id'], 'rcp_subscription_key', $subscription_key); // Ensure no pending level details are set delete_user_meta($user_data['id'], 'rcp_pending_subscription_level'); delete_user_meta($user_data['id'], 'rcp_pending_subscription_key'); $member->set_status('pending'); } else { // If the member is already active, we need to set these as pending changes update_user_meta($user_data['id'], 'rcp_pending_subscription_level', $subscription_id); update_user_meta($user_data['id'], 'rcp_pending_subscription_key', $subscription_key); // Flag the member as having just upgraded update_user_meta($user_data['id'], '_rcp_just_upgraded', current_time('timestamp')); } $member->set_joined_date('', $subscription_id); // Calculate the expiration date for the member $member_expires = $member->calculate_expiration($auto_renew); update_user_meta($user_data['id'], 'rcp_pending_expiration_date', $member_expires); // remove the user's old role, if this is a new user, we need to replace the default role $old_role = get_option('default_role', 'subscriber'); if ($old_subscription_id) { $old_level = $rcp_levels_db->get_level($old_subscription_id); $old_role = !empty($old_level->role) ? $old_level->role : $old_role; } $member->remove_role($old_role); // Set the user's role $role = !empty($subscription->role) ? $subscription->role : 'subscriber'; $user = new WP_User($user_data['id']); $user->add_role(apply_filters('rcp_default_user_level', $role, $subscription_id)); do_action('rcp_form_processing', $_POST, $user_data['id'], $price); // process a paid subscription if ($price > '0') { if (!empty($discount)) { $discounts = new RCP_Discounts(); $discount_obj = $discounts->get_by('code', $discount); // record the usage of this discount code $discounts->add_to_user($user_data['id'], $discount); // increase the usage count for the code $discounts->increase_uses($discount_obj->id); // if the discount is 100%, log the user in and redirect to success page if ($full_discount) { $member->set_expiration_date($member_expires); $member->set_status('active'); rcp_login_user_in($user_data['id'], $user_data['login']); wp_redirect(rcp_get_return_url($user_data['id'])); exit; } } // Remove trialing status, if it exists delete_user_meta($user_data['id'], 'rcp_is_trialing'); // log the new user in rcp_login_user_in($user_data['id'], $user_data['login']); $redirect = rcp_get_return_url($user_data['id']); $subscription_data = array('price' => rcp_get_registration()->get_total(true, false), 'discount' => rcp_get_registration()->get_total_discounts(), 'discount_code' => $discount, 'fee' => rcp_get_registration()->get_total_fees(), 'length' => $subscription->duration, 'length_unit' => strtolower($subscription->duration_unit), 'subscription_id' => $subscription->id, 'subscription_name' => $subscription->name, 'key' => $subscription_key, 'user_id' => $user_data['id'], 'user_name' => $user_data['login'], 'user_email' => $user_data['email'], 'currency' => $rcp_options['currency'], 'auto_renew' => $auto_renew, 'return_url' => $redirect, 'new_user' => $user_data['need_new'], 'post_data' => $_POST); // if giving the user a credit, make sure the credit does not exceed the first payment if ($subscription_data['fee'] < 0 && abs($subscription_data['fee']) > $subscription_data['price']) { $subscription_data['fee'] = -1 * $subscription_data['price']; } update_user_meta($user_data['id'], 'rcp_pending_subscription_amount', $subscription_data['price'] + $subscription_data['fee']); // send all of the subscription data off for processing by the gateway rcp_send_to_gateway($gateway, apply_filters('rcp_subscription_data', $subscription_data)); // process a free or trial subscription } else { // This is a free user registration or trial $member->set_expiration_date($member_expires); // if the subscription is a free trial, we need to record it in the user meta if ($member_expires != 'none') { // activate the user's trial subscription $member->set_status('active'); // this is so that users can only sign up for one trial update_user_meta($user_data['id'], 'rcp_has_trialed', 'yes'); update_user_meta($user_data['id'], 'rcp_is_trialing', 'yes'); rcp_email_subscription_status($user_data['id'], 'trial'); } else { update_user_meta($user_data['id'], 'rcp_subscription_level', $subscription_id); update_user_meta($user_data['id'], 'rcp_subscription_key', $subscription_key); // Ensure no pending level details are set delete_user_meta($user_data['id'], 'rcp_pending_subscription_level'); delete_user_meta($user_data['id'], 'rcp_pending_subscription_key'); // set the user's status to free $member->set_status('free'); rcp_email_subscription_status($user_data['id'], 'free'); } if ($user_data['need_new']) { if (!isset($rcp_options['disable_new_user_notices'])) { // send an email to the admin alerting them of the registration wp_new_user_notification($user_data['id']); } // log the new user in rcp_login_user_in($user_data['id'], $user_data['login']); } // send the newly created user to the redirect page after logging them in wp_redirect(rcp_get_return_url($user_data['id'])); exit; } // end price check }