PageRenderTime 49ms CodeModel.GetById 21ms RepoModel.GetById 0ms app.codeStats 1ms

/wp-content/plugins/opentickets-community-edition/inc/core/my-account-takeover.class.php

https://gitlab.com/leobelizquierdo/cabotsubmitter-wordpress
PHP | 376 lines | 308 code | 55 blank | 13 comment | 52 complexity | 62996ed8b69b90ddfb22f6a740ced56f MD5 | raw file
    

  1. <?php if ( __FILE__ == $_SERVER['SCRIPT_FILENAME'] ) die( header( 'Location: /') );
    2. 

  2. 

  3. class qsot_my_account_takeover {
    4. 

  4. 	protected static $options = array();
    5. 

  5. 	protected static $o = array();
    6. 

  6. 

  7. 	public static function pre_init() {
    8. 

  8. 		$settings_class_name = apply_filters('qsot-settings-class-name', '');
    9. 

  9. 		if (!empty($settings_class_name)) {
    10. 

  10. 			self::$o = call_user_func_array(array($settings_class_name, "instance"), array());
    11. 

  11. 			// load all the options, and share them with all other parts of the plugin
    12. 

  12. 			$options_class_name = apply_filters('qsot-options-class-name', '');
    13. 

  13. 			if (!empty($options_class_name)) {
    14. 

  14. 				self::$options = call_user_func_array(array($options_class_name, "instance"), array());
    15. 

  15. 				self::_setup_admin_options();
    16. 

  16. 			}
    17. 

  17. 

  18. 			add_action('woocommerce_before_my_account', array(__CLASS__, 'draw_upcoming_event_tickets_list'), 10);
    19. 

  19. 

  20. 			add_action('edit_user_profile', array(__CLASS__, 'add_my_account_to_user_profile'), 4, 1);
    21. 

  21. 			add_action('show_user_profile', array(__CLASS__, 'add_my_account_to_user_profile'), 4, 1);
    22. 

  22. 

  23. 			add_action('woocommerce_init', array(__CLASS__, 'override_shortcodes'), 10001);
    24. 

  24. 

  25. 			add_action('woocommerce_my_account_my_orders_values', array(__CLASS__, 'my_orders_values'), 10, 2);
    26. 

  26. 			add_action('woocommerce_my_account_my_orders_headers', array(__CLASS__, 'my_orders_headers'), 10, 2);
    27. 

  27. 

  28. 			// allow users to be logged in indefinitely, more or less
    29. 

  29. 			if (self::$options->{'qsot-infinite-login'} == 'yes') {
    30. 

  30. 				//add_action('login_init', array(__CLASS__, 'long_test_cookie'), PHP_INT_MAX);
    31. 

  31. 				add_filter('auth_cookie_expiration', array(__CLASS__, 'long_login_expire'), PHP_INT_MAX, 3);
    32. 

  32. 				add_filter('auth_cookie_expire_time', array(__CLASS__, 'long_login_expire'), PHP_INT_MAX, 4);
    33. 

  33. 				add_filter('wc_session_expiring', array(__CLASS__, 'long_login_expiring'), PHP_INT_MAX, 3);
    34. 

  34. 				add_filter('wc_session_expiration', array(__CLASS__, 'long_login_expire'), PHP_INT_MAX, 3);
    35. 

  35. 				add_filter('init', array(__CLASS__, 'extend_login_expiration'), -1);
    36. 

  36. 			}
    37. 

  37. 		}
    38. 

  38. 	}
    39. 

  39. 

  40. 	public static function debug($name) { die(__log($name)); }
    41. 

  41. 

  42. 	public static function my_orders_headers($user, $orders) {
    43. 

  43. 		if (!is_admin()) return;
    44. 

  44. 

  45. 		echo '<th>'.__('Shows','opentickets-community-edition').'</th>';
    46. 

  46. 	}
    47. 

  47. 

  48. 	public static function my_orders_values($user, $order) {
    49. 

  49. 		if (!is_admin()) return;
    50. 

  50. 

  51. 		$shows = array();
    52. 

  52. 

  53. 		foreach ($order->get_items() as $item) {
    54. 

  54. 			unset($item['item_meta']);
    55. 

  55. 			if (is_array($item) && isset($item['event_id'])) {
    56. 

  56. 				$event = apply_filters('qsot-get-event', false, $item['event_id']);
    57. 

  57. 				if (is_object($event)) {
    58. 

  58. 					$shows[] = $event->post_title;
    59. 

  59. 				}
    60. 

  60. 			}
    61. 

  61. 		}
    62. 

  62. 

  63. 		$shows = array_unique($shows);
    64. 

  64. 		?>
    65. 

  65. 			<td>
    66. 

  66. 				<?php if (count($shows)): ?>
    67. 

  67. 					<?php echo implode('<br/>', $shows) ?>
    68. 

  68. 				<?php else: ?>
    69. 

  69. 					<?php echo '&nbsp;'.__('(none)','opentickets-community-edition'); ?>
    70. 

  70. 				<?php endif; ?>
    71. 

  71. 			</td>
    72. 

  72. 		<?php
    73. 

  73. 	}
    74. 

  74. 

  75. 	public static function long_login_expire($length, $user_id=0, $remember='', $from_expiration=0) {
    76. 

  76. 		return $from_expiration ? $from_expiration : 31536000;
    77. 

  77. 	}
    78. 

  78. 

  79. 	public static function long_login_expiring($length, $user_id=0, $remember='') {
    80. 

  80. 		return 31449600;
    81. 

  81. 	}
    82. 

  82. 

  83. 	public static function long_test_cookie() {
    84. 

  84. 		setcookie(TEST_COOKIE, 'WP Cookie check', apply_filters('auth_cookie_expiration', 0), COOKIEPATH, COOKIE_DOMAIN);
    85. 

  85. 		if ( SITECOOKIEPATH != COOKIEPATH )
    86. 

  86. 			setcookie(TEST_COOKIE, 'WP Cookie check', apply_filters('auth_cookie_expiration', 0), SITECOOKIEPATH, COOKIE_DOMAIN);
    87. 

  87. 	}
    88. 

  88. 

  89. 	public static function extend_login_expiration() {
    90. 

  90. 		$user = wp_get_current_user();
    91. 

  91. 		if (!empty($user->ID)) {
    92. 

  92. 			wp_set_auth_cookie($user->ID);
    93. 

  93. 			self::long_test_cookie();
    94. 

  94. 		}
    95. 

  95. 	}
    96. 

  96. 

  97. 	public static function override_shortcodes() {
    98. 

  98. 		remove_shortcode('woocommerce_view_order');
    99. 

  99. 		add_shortcode( 'woocommerce_view_order', array( __CLASS__, 'view_order_shortcode' ) );
    100. 

  100. 	}
    101. 

  101. 

  102. 	public static function view_order_shortcode($atts) {
    103. 

  103. 		return WC()->shortcode_wrapper( array( __CLASS__, 'view_order_shortcode_output' ), $atts );
    104. 

  104. 	}
    105. 

  105. 

  106. 	public static function view_order_shortcode_output($atts) {
    107. 

  107. 		if ( ! is_user_logged_in() ) return;
    108. 

  108. 

  109. 		extract( shortcode_atts( array(
    110. 

  110. 	    	'order_count' => 10
    111. 

  111. 		), $atts ) );
    112. 

  112. 

  113. 		$user_id      	= get_current_user_id();
    114. 

  114. 		$order_id		= ( isset( $_GET['order'] ) ) ? $_GET['order'] : 0;
    115. 

  115. 		$order 			= new WC_Order( $order_id );
    116. 

  116. 

  117. 		if ( $order_id == 0 ) {
    118. 

  118. 			wc_get_template( 'myaccount/my-orders.php', array( 'order_count' => 'all' == $order_count ? -1 : $order_count ) );
    119. 

  119. 			return;
    120. 

  120. 		}
    121. 

  121. 

  122. 		if ( !current_user_can('delete_users') && $order->user_id != $user_id ) {
    123. 

  123. 			echo '<div class="woocommerce-error">' . __( 'Invalid order.', 'woocommerce' ) . ' <a href="'.get_permalink( wc_get_page_id('myaccount') ).'">'. __( 'My Account &rarr;','opentickets-community-edition') .'</a>' . '</div>';
    124. 

  124. 			return;
    125. 

  125. 		}
    126. 

  126. 

  127. 		if (is_callable(array(&$order, 'get_status'))) {
    128. 

  128. 			$status = $order->get_status();
    129. 

  129. 		} else {
    130. 

  130. 			$status = get_term_by('slug', $order->status, 'shop_order_status');
    131. 

  131. 		}
    132. 

  132. 

  133. 		echo '<p class="order-info">'
    134. 

  134. 		. sprintf( __('Order <mark class="order-number">%s</mark> made on <mark class="order-date">%s</mark>','opentickets-community-edition'), $order->get_order_number(), date_i18n( get_option( 'date_format' ), strtotime( $order->order_date ) ) )
    135. 

  135. 		. '. ' . sprintf( __('Order status: <mark class="order-status">%s</mark>','opentickets-community-edition'), __($status->name,'opentickets-community-edition') )
    136. 

  136. 		. '.</p>';
    137. 

  137. 

  138. 		$notes = $order->get_customer_order_notes();
    139. 

  139. 		if ($notes) :
    140. 

  140. 			?>
    141. 

  141. 			<h2><?php _e('Order Updates','opentickets-community-edition'); ?></h2>
    142. 

  142. 			<ol class="commentlist notes">
    143. 

  143. 				<?php foreach ($notes as $note) : ?>
    144. 

  144. 				<li class="comment note">
    145. 

  145. 					<div class="comment_container">
    146. 

  146. 						<div class="comment-text">
    147. 

  147. 							<p class="meta"><?php echo date_i18n(__( 'l jS \of F Y, h:ia','opentickets-community-edition'), strtotime($note->comment_date)); ?></p>
    148. 

  148. 							<div class="description">
    149. 

  149. 								<?php echo wpautop(wptexturize($note->comment_content)); ?>
    150. 

  150. 							</div>
    151. 

  151. 			  				<div class="clear"></div>
    152. 

  152. 			  			</div>
    153. 

  153. 						<div class="clear"></div>
    154. 

  154. 					</div>
    155. 

  155. 				</li>
    156. 

  156. 				<?php endforeach; ?>
    157. 

  157. 			</ol>
    158. 

  158. 			<?php
    159. 

  159. 		endif;
    160. 

  160. 

  161. 		do_action( 'woocommerce_view_order', $order_id );
    162. 

  162. 	}
    163. 

  163. 

  164. 	// add the upcoming events section to the user profile, both on the frontend and backend
    165. 

  165. 	public static function add_my_account_to_user_profile( $userprofile ) {
    166. 

  166. 		// grab a WC instance
    167. 

  167. 		$woocommerce = WC();
    168. 

  168. 

  169. 		// first make sure to load all the required files are included
    170. 

  170. 		$woocommerce->frontend_includes();
    171. 

  171. 		$pp = $woocommerce->plugin_path();
    172. 

  172. 		include_once( $pp . '/includes/abstracts/abstract-wc-session.php' );
    173. 

  173. 		include_once( $pp . '/includes/class-wc-session-handler.php' );
    174. 

  174. 

  175. 		// next, setup the session, if it is not arlready setup (mainly for the backend profile pages)
    176. 

  176. 		$session_class = apply_filters( 'woocommerce_session_handler', 'WC_Session_Handler' );
    177. 

  177. 		$woocommerce->session = isset( $woocommerce->session ) && $woocommerce->session instanceof $session_class ? $woocommerce->session : new $session_class();
    178. 

  178. 

  179. 		// setup the customer information for the profile page
    180. 

  180. 		if ( ! is_object( $woocommerce->customer ) )
    181. 

  181. 			$woocommerce->customer = new WC_Customer();
    182. 

  182. 

  183. 		// if the user is not logged in, then force them to before we continue
    184. 

  184. 		if ( ! is_user_logged_in() ) {
    185. 

  185. 			wc_get_template( 'myaccount/form-login.php' );
    186. 

  186. 		} else {
    187. 

  187. 			// find all the completed orders for that user
    188. 

  188. 			query_posts( array(
    189. 

  189. 				'numberposts' => -1,
    190. 

  190. 				'meta_key' => '_customer_user',
    191. 

  191. 				'meta_value' => $userprofile->ID,
    192. 

  192. 				'post_type' => wc_get_order_types( 'view-orders' ),
    193. 

  193. 				'post_status' => array_keys( wc_get_order_statuses() )
    194. 

  194. 			) );
    195. 

  195. 			// and if there are no posts, then bail, because there will definitely be nothing to display
    196. 

  196. 			if ( have_posts() )
    197. 

  197. 				the_post();
    198. 

  198. 

  199. 			// hack it up here.
    200. 

  200. 			// basically, because this part of the template is not designed to show in the admin, we have to fool core WC into thinking that the displayed user is possibly someone other than the current user
    201. 

  201. 			$cu = wp_get_current_user();
    202. 

  202. 			$GLOBALS['qsot_my_acct'] = array(
    203. 

  203. 				'current_user' => $cu,
    204. 

  204. 				'can_edit_orders' => current_user_can('edit_shop_orders'),
    205. 

  205. 			);
    206. 

  206. 			$GLOBALS['current_user'] = $userprofile;
    207. 

  207. 			$cu2 = wp_get_current_user();
    208. 

  208. 			$GLOBALS['qsot_my_acct']['swapin_user'] = $cu2;
    209. 

  209. 			?><div class="my-account"><?php
    210. 

  210. 				wc_get_template( 'myaccount/my-account.php', array(
    211. 

  211. 					'current_user' 	=> $cu2,
    212. 

  212. 					'order_count' 	=> -1,
    213. 

  213. 				) );
    214. 

  214. 			?></div><?php
    215. 

  215. 			$GLOBALS['current_user'] = $cu;
    216. 

  216. 			wp_get_current_user();
    217. 

  217. 		}
    218. 

  218. 	}
    219. 

  219. 

  220. 	public static function draw_upcoming_event_tickets_list($current_user) {
    221. 

  221. 		global $wpdb;
    222. 

  222. 

  223. 		$orders = get_posts(array(
    224. 

  224. 			'posts_per_page' => -1,
    225. 

  225. 			'meta_key' => '_customer_user',
    226. 

  226. 			'meta_value' => is_object($current_user) && isset($current_user->ID) ? $current_user->ID : get_current_user_id(),
    227. 

  227. 			'post_type' => 'shop_order',
    228. 

  228. 			'post_status' => 'any',
    229. 

  229. 			'fields' => 'ids',
    230. 

  230. 		));
    231. 

  231. 		if (!is_array($orders) || empty($orders)) return;
    232. 

  232. 		$orders = array_map('absint', $orders);
    233. 

  233. 

  234. 		$q = 'select distinct order_item_id from '.$wpdb->base_prefix.'woocommerce_order_items where order_id in ('.implode(',', $orders).')';
    235. 

  235. 		$order_item_ids = $wpdb->get_col($q);
    236. 

  236. 		if (!is_array($order_item_ids) || empty($order_item_ids)) return;
    237. 

  237. 		$order_item_ids = array_map('absint', $order_item_ids);
    238. 

  238. 

  239. 		$q = $wpdb->prepare(
    240. 

  240. 			'select order_item_id, meta_value from '.$wpdb->base_prefix.'woocommerce_order_itemmeta where order_item_id in ('.implode(',', $order_item_ids).') and meta_key = %s',
    241. 

  241. 			'_event_id'
    242. 

  242. 		);
    243. 

  243. 		$pairs = $wpdb->get_results($q);
    244. 

  244. 		if (!is_array($pairs) || empty($pairs)) return;
    245. 

  245. 

  246. 		$groups = array();
    247. 

  247. 		foreach ($pairs as $pair) {
    248. 

  248. 			$event_id = $pair->meta_value;
    249. 

  249. 			$oiid = $pair->order_item_id;
    250. 

  250. 			if (!isset($groups["{$event_id}"]) || !is_array($groups["{$event_id}"])) $groups["{$event_id}"] = array();
    251. 

  251. 			$groups["{$event_id}"][] = $oiid;
    252. 

  252. 		}
    253. 

  253. 

  254. 		$events = get_posts(array(
    255. 

  255. 			'posts_per_page' => -1,
    256. 

  256. 			'fields' => 'ids',
    257. 

  257. 			'suppress_filters' => false,
    258. 

  258. 			'post_status' => current_user_can( 'read_private_posts' ) ? array('publish', 'hidden', 'private') : array( 'publish' ),
    259. 

  259. 			'post_type' => self::$o->core_post_type,
    260. 

  260. 			'post__in' => array_keys($groups),
    261. 

  261. 			'meta_query' => array(
    262. 

  262. 				array(
    263. 

  263. 					'key' => self::$o->{'meta_key.start'},
    264. 

  264. 					'value' => date('Y-m-d H:i:s'),
    265. 

  265. 					'type' => 'DATETIME',
    266. 

  266. 					'compare' => '>=',
    267. 

  267. 				),
    268. 

  268. 			),
    269. 

  269. 			'meta_key' => self::$o->{'meta_key.start'},
    270. 

  270. 			'orderby' => 'meta_value_date',
    271. 

  271. 			'order' => 'asc',
    272. 

  272. 		));
    273. 

  273. 		if (!is_array($events) || empty($events)) return;
    274. 

  274. 		$events = array_map('absint', $events);
    275. 

  275. 

  276. 		$ticket_ids = array();
    277. 

  277. 		foreach ($events as $eid)
    278. 

  278. 			if (isset($groups["{$eid}"]))
    279. 

  279. 				$ticket_ids = array_merge($ticket_ids, $groups["{$eid}"]);
    280. 

  280. 		$ticket_ids = array_unique($ticket_ids);
    281. 

  281. 

  282. 		$q = 'select * from '.$wpdb->base_prefix.'woocommerce_order_itemmeta where order_item_id in ('.implode(',', $ticket_ids).')';
    283. 

  283. 		$raw_data = $wpdb->get_results($q);
    284. 

  284. 

  285. 		$q = 'select order_id, order_item_id from '.$wpdb->base_prefix.'woocommerce_order_items where order_item_id in ('.implode(',', $ticket_ids).')';
    286. 

  286. 		$raw_pairs = $wpdb->get_results($q);
    287. 

  287. 		$pairs = array();
    288. 

  288. 		foreach ($raw_pairs as $raw_row) $pairs[$raw_row->order_item_id.''] = $raw_row->order_id;
    289. 

  289. 

  290. 		$e_data = $event_data = $ticket_data = array();
    291. 

  291. 		foreach ($raw_data as $row) {
    292. 

  292. 			if (!isset($ticket_data["{$row->order_item_id}"]) || !is_array($ticket_data["{$row->order_item_id}"]))
    293. 

  293. 				$ticket_data["{$row->order_item_id}"] = array('__order_item_id' => $row->order_item_id, '__order_id' => isset($pairs[$row->order_item_id]) ? $pairs[$row->order_item_id] : 0);
    294. 

  294. 			$ticket_data["{$row->order_item_id}"][$row->meta_key] = $row->meta_value;
    295. 

  295. 		}
    296. 

  296. 

  297. 		foreach ($ticket_data as $ind => $ticket) {
    298. 

  298. 			$ticket = (object)wp_parse_args($ticket, array(
    299. 

  299. 				'_ticket_code' => '',
    300. 

  300. 				'_ticket_link' => '',
    301. 

  301. 				'_product_id' => 0,
    302. 

  302. 				'_event_id' => 0,
    303. 

  303. 				'__order_id' => 0,
    304. 

  304. 			));
    305. 

  305. 			$ticket->permalink = apply_filters('qsot-get-ticket-link', '', $ticket->__order_item_id);
    306. 

  306. 			$ticket->product = get_product($ticket->_product_id);
    307. 

  307. 			$ticket->event = apply_filters('qsot-event-add-meta', get_post($ticket->_event_id));
    308. 

  308. 			$ticket_data[$ind] = $ticket;
    309. 

  309. 

  310. 			if (is_object($ticket->event) && (!isset($e_data["{$ticket->_event_id}"]) || !is_object($e_data["{$ticket->_event_id}"])))
    311. 

  311. 				$e_data["{$ticket->_event_id}"] = $ticket->event;
    312. 

  312. 			if (!isset($e_data["{$ticket->_event_id}"]->tickets) || !is_array($e_data["{$ticket->_event_id}"]->tickets))
    313. 

  313. 				$e_data["{$ticket->_event_id}"]->tickets = array();
    314. 

  314. 			$e_data["{$ticket->_event_id}"]->tickets[] = $ticket;
    315. 

  315. 		}
    316. 

  316. 

  317. 		foreach ($events as $eid) if (isset($e_data[$eid.''])) $event_data[$eid.''] = $e_data[$eid.''];
    318. 

  318. 

  319. 		wc_get_template('myaccount/my-upcoming-tickets.php', array(
    320. 

  320. 			'user' => $current_user,
    321. 

  321. 			'tickets' => $ticket_data,
    322. 

  322. 			'by_event' => $event_data,
    323. 

  323. 			'display_format' => self::$options->{'qsot-my-account-display-upcoming-tickets'},
    324. 

  324. 		));
    325. 

  325. 	}
    326. 

  326. 

  327. 	protected static function _setup_admin_options() {
    328. 

  328. 		self::$options->def('qsot-my-account-display-upcoming-tickets', 'by_event');
    329. 

  329. 		self::$options->def('qsot-infinite-login', 'yes');
    330. 

  330. 

  331. 		self::$options->add(array(
    332. 

  332. 			'order' => 1000,
    333. 

  333. 			'type' => 'title',
    334. 

  334. 			'title' => __('My Account Page','opentickets-community-edition'),
    335. 

  335. 			'id' => 'heading-frontend-my-account-1',
    336. 

  336. 			'page' => 'frontend',
    337. 

  337. 			'section' => 'my-account',
    338. 

  338. 		));
    339. 

  339. 

  340. 		self::$options->add(array(
    341. 

  341. 			'order' => 1010,
    342. 

  342. 			'id' => 'qsot-my-account-display-upcoming-tickets',
    343. 

  343. 			'type' => 'radio',
    344. 

  344. 			'title' => __('Display Upcoming Tickets','opentickets-community-edition'),
    345. 

  345. 			'desc_tip' => __('Format to display the upcoming tickets list in. The list appears on the end user\'s "My Account" page.','opentickets-community-edition'),
    346. 

  346. 			'options' => array(
    347. 

  347. 				'by_event' => __('By Event','opentickets-community-edition'),
    348. 

  348. 				'as_list' => __('As Line Item List','opentickets-community-edition'),
    349. 

  349. 			),
    350. 

  350. 			'default' => 'by_event',
    351. 

  351. 			'page' => 'frontend',
    352. 

  352. 			'section' => 'my-account',
    353. 

  353. 		));
    354. 

  354. 

  355. 		self::$options->add(array(
    356. 

  356. 			'order' => 1030,
    357. 

  357. 			'type' => 'sectionend',
    358. 

  358. 			'id' => 'heading-frontend-my-account-1',
    359. 

  359. 			'page' => 'frontend',
    360. 

  360. 			'section' => 'my-account',
    361. 

  361. 		));
    362. 

  362. 

  363. 		self::$options->add(array(
    364. 

  364. 			'order' => 115,
    365. 

  365. 			'id' => 'qsot-infinite-login',
    366. 

  366. 			'type' => 'checkbox',
    367. 

  367. 			'title' => __('Infinite Login','opentickets-community-edition'),
    368. 

  368. 			'desc' => __('Once a user logs in, they stay logged in, forever.','opentickets-community-edition'),
    369. 

  369. 			'default' => 'yes',
    370. 

  370. 		));
    371. 

  371. 	}
    372. 

  372. }
    373. 

  373. 

  374. if (defined('ABSPATH') && function_exists('add_action')) {
    375. 

  375. 	qsot_my_account_takeover::pre_init();
    376. 

  376. }
    377. 

  377.