PageRenderTime 74ms CodeModel.GetById 30ms RepoModel.GetById 0ms app.codeStats 1ms

/wp-content/plugins/membership/membershipincludes/classes/membershippublic.php

https://github.com/bfay/maniacal-kitten
PHP | 2477 lines | 1638 code | 607 blank | 232 comment | 464 complexity | 5a04dacf3c688e53507308dc1d333a8c MD5 | raw file
Possible License(s): GPL-2.0, GPL-3.0, AGPL-1.0, LGPL-3.0, LGPL-2.1

Large files files are truncated, but you can click here to view the full file

  1. <?php
  2. if(!class_exists('membershippublic')) {
  3. class membershippublic {
  4. var $build = 2;
  5. var $db;
  6. var $tables = array('membership_levels', 'membership_rules', 'subscriptions', 'subscriptions_levels', 'membership_relationships');
  7. var $membership_levels;
  8. var $membership_rules;
  9. var $membership_relationships;
  10. var $subscriptions;
  11. var $subscriptions_levels;
  12. function __construct() {
  13. global $wpdb;
  14. $this->db =& $wpdb;
  15. foreach($this->tables as $table) {
  16. $this->$table = membership_db_prefix($this->db, $table);
  17. }
  18. add_action('plugins_loaded', array(&$this, 'load_textdomain'));
  19. // Set up Actions
  20. add_action('init', array(&$this, 'initialise_plugin'), 1 );
  21. add_filter('query_vars', array(&$this, 'add_queryvars') );
  22. add_action('generate_rewrite_rules', array(&$this, 'add_rewrites') );
  23. // Add protection
  24. add_action('parse_request', array(&$this, 'initialise_membership_protection'), 2 );
  25. // Download protection
  26. add_action('pre_get_posts', array(&$this, 'handle_download_protection'), 3 );
  27. // Payment return
  28. add_action('pre_get_posts', array(&$this, 'handle_paymentgateways'), 1 );
  29. // add feed protection
  30. add_filter('feed_link', array(&$this, 'add_feed_key'), 99, 2);
  31. // Register
  32. add_filter('register', array(&$this, 'override_register') );
  33. // Ultimate Facebook Compatibility
  34. add_filter( 'wdfb_registration_redirect_url', array(&$this, 'wdfb_registration_redirect_url') );
  35. // Level shortcodes filters
  36. add_filter( 'membership_level_shortcodes', array(&$this, 'build_level_shortcode_list' ) );
  37. add_filter( 'membership_not_level_shortcodes', array(&$this, 'build_not_level_shortcode_list' ) );
  38. }
  39. function wdfb_registration_redirect_url($url) {
  40. global $M_options;
  41. $url = get_permalink($M_options['registration_page']);
  42. return $url;
  43. }
  44. function membershippublic() {
  45. $this->__construct();
  46. }
  47. function load_textdomain() {
  48. $locale = apply_filters( 'membership_locale', get_locale() );
  49. $mofile = membership_dir( "membershipincludes/languages/membership-$locale.mo" );
  50. if ( file_exists( $mofile ) )
  51. load_textdomain( 'membership', $mofile );
  52. }
  53. function initialise_plugin() {
  54. global $user, $member, $M_options, $M_Rules, $wp_query, $wp_rewrite, $M_active, $bp;
  55. if(defined('MEMBERSHIP_GLOBAL_TABLES') && MEMBERSHIP_GLOBAL_TABLES === true ) {
  56. if(function_exists('get_blog_option')) {
  57. $M_options = get_blog_option(MEMBERSHIP_GLOBAL_MAINSITE, 'membership_options', array());
  58. } else {
  59. $M_options = get_option('membership_options', array());
  60. }
  61. } else {
  62. $M_options = get_option('membership_options', array());
  63. }
  64. // Check if the membership plugin is active
  65. $M_active = M_get_membership_active();
  66. // Create our subscription page shortcode
  67. add_shortcode('subscriptionform', array(&$this, 'do_subscription_shortcode') );
  68. add_shortcode('accountform', array(&$this, 'do_account_shortcode') );
  69. add_shortcode('upgradeform', array(&$this, 'do_upgrade_shortcode') );
  70. add_shortcode('renewform', array(&$this, 'do_renew_shortcode') );
  71. // Moved extra shortcodes over to the main plugin for new registration forms
  72. add_shortcode('subscriptiontitle', array(&$this, 'do_subscriptiontitle_shortcode') );
  73. add_shortcode('subscriptiondetails', array(&$this, 'do_subscriptiondetails_shortcode') );
  74. add_shortcode('subscriptionprice', array(&$this, 'do_subscriptionprice_shortcode') );
  75. add_shortcode('subscriptionbutton', array(&$this, 'do_subscriptionbutton_shortcode') );
  76. do_action('membership_register_shortcodes');
  77. // Check if we are on a membership specific page
  78. add_filter('the_posts', array(&$this, 'check_for_membership_pages'), 1);
  79. // Check for subscription shortcodes - and if needed queue styles
  80. add_filter('the_posts', array(&$this, 'add_subscription_styles'));
  81. $user = wp_get_current_user();
  82. if(!method_exists($user, 'has_cap') || $user->has_cap('membershipadmin') || $M_active == 'no') {
  83. // Admins can see everything
  84. return;
  85. }
  86. if( $M_active == 'no' ) {
  87. // The plugin isn't active so just return
  88. return;
  89. }
  90. if(!method_exists($user, 'has_cap') || $user->has_cap('membershipadmin')) {
  91. // Admins can see everything - unless we have a cookie set to limit viewing
  92. if(empty($_COOKIE['membershipuselevel']) || $_COOKIE['membershipuselevel'] == '0') {
  93. return;
  94. }
  95. }
  96. // More tags
  97. if( isset($M_options['moretagdefault']) && $M_options['moretagdefault'] == 'no' ) {
  98. // More tag content is not visible by default - works for both web and rss content - unfortunately
  99. add_filter('the_content_more_link', array(&$this, 'show_moretag_protection'), 99, 2);
  100. add_filter('the_content', array(&$this, 'replace_moretag_content'), 1);
  101. add_filter('the_content_feed', array(&$this, 'replace_moretag_content'), 1);
  102. }
  103. // Shortcodes setup
  104. if(!empty($M_options['membershipshortcodes'])) {
  105. foreach($M_options['membershipshortcodes'] as $key => $value) {
  106. if(!empty($value)) {
  107. add_shortcode(stripslashes(trim($value)), array(&$this, 'do_membership_shortcode') );
  108. }
  109. }
  110. // Shortcodes now default to protected for those entered by the user (which will be none for new users / installs)
  111. $this->override_shortcodes();
  112. }
  113. // Downloads protection
  114. if(!empty($M_options['membershipdownloadgroups'])) {
  115. add_filter('the_content', array(&$this, 'protect_download_content') );
  116. }
  117. // Makes sure that despite other rules, the pages set in the options panel are available to the user
  118. add_action('pre_get_posts', array(&$this, 'ensure_option_pages_visible'), 999 );
  119. // check for a no-access page and always filter it if needed
  120. if(!empty($M_options['nocontent_page']) && $M_options['nocontent_page'] != $M_options['registration_page']) {
  121. add_filter('get_pages', array(&$this, 'hide_nocontent_page_from_menu'), 99);
  122. }
  123. // New registration form settings
  124. if( (isset($M_options['formtype']) && $M_options['formtype'] == 'new') ) {
  125. add_action( 'wp_ajax_nopriv_buynow', array(&$this, 'popover_signup_form') );
  126. //login and register are no-priv only because, well they aren't logged in or registered
  127. add_action( 'wp_ajax_nopriv_register_user', array(&$this, 'popover_register_process') );
  128. add_action( 'wp_ajax_nopriv_login_user', array(&$this, 'popover_login_process') );
  129. // if logged in:
  130. add_action( 'wp_ajax_buynow', array(&$this, 'popover_sendpayment_form') );
  131. add_action( 'wp_ajax_register_user', array(&$this, 'popover_register_process') );
  132. add_action( 'wp_ajax_login_user', array(&$this, 'popover_login_process') );
  133. }
  134. }
  135. function add_queryvars($vars) {
  136. if(!in_array('feedkey',$vars)) $vars[] = 'feedkey';
  137. if(!in_array('protectedfile',$vars)) $vars[] = 'protectedfile';
  138. if(!in_array('paymentgateway',$vars)) $vars[] = 'paymentgateway';
  139. return $vars;
  140. }
  141. function add_rewrites($wp_rewrite) {
  142. global $M_options;
  143. // This function adds in the api rewrite rules
  144. // Note the addition of the namespace variable so that we know these are vent based
  145. // calls
  146. $new_rules = array();
  147. if(!empty($M_options['masked_url'])) {
  148. $new_rules[trailingslashit($M_options['masked_url']) . '(.*)'] = 'index.php?protectedfile=' . $wp_rewrite->preg_index(1);
  149. }
  150. $new_rules['paymentreturn/(.+)'] = 'index.php?paymentgateway=' . $wp_rewrite->preg_index(1);
  151. $new_rules = apply_filters('M_rewrite_rules', $new_rules);
  152. $wp_rewrite->rules = array_merge($new_rules, $wp_rewrite->rules);
  153. return $wp_rewrite;
  154. }
  155. function override_register( $link ) {
  156. global $M_options;
  157. if ( ! is_user_logged_in() ) {
  158. if ( get_option('users_can_register') ) {
  159. // get the new registration stuff.
  160. if(!empty($M_options['registration_page'])) {
  161. $url = get_permalink( $M_options['registration_page'] );
  162. $link = preg_replace('/<a href(.+)a>/', '<a href="' . $url . '">' . __('Register', 'membership') . '</a>', $link);
  163. }
  164. }
  165. } else {
  166. // change to account page?
  167. if(!empty($M_options['account_page'])) {
  168. $url = get_permalink( $M_options['account_page'] );
  169. $link = preg_replace('/<a href(.+)a>/', '<a href="' . $url . '">' . __('My Account', 'membership') . '</a>', $link);
  170. }
  171. }
  172. return $link;
  173. }
  174. function add_feed_key( $output, $feed ) {
  175. global $user;
  176. if($user->ID > 0) {
  177. $member = new M_Membership($user->ID);
  178. if($member->is_member()) {
  179. $key = get_user_meta($user->ID, '_membership_key');
  180. if(empty($key)) {
  181. $key = md5($user->ID . $user->user_pass . time());
  182. update_user_meta($user->ID, '_membership_key', $key);
  183. }
  184. if(!empty($key)) {
  185. $output = add_query_arg('k', $key, untrailingslashit($output));
  186. }
  187. }
  188. }
  189. return $output;
  190. }
  191. function initialise_membership_protection($wp) {
  192. global $user, $member, $M_options, $M_Rules, $wp_query, $wp_rewrite, $M_active;
  193. // Set up some common defaults
  194. static $initialised = false;
  195. if($initialised) {
  196. // ensure that this is only called once, so return if we've been here already.
  197. return;
  198. }
  199. if(empty($user) || !method_exists($user, 'has_cap')) {
  200. $user = wp_get_current_user();
  201. }
  202. if( $M_active == 'no' ) {
  203. // The plugin isn't active so just return
  204. return;
  205. }
  206. if(!method_exists($user, 'has_cap') || $user->has_cap('membershipadmin')) {
  207. // Admins can see everything - unless we have a cookie set to limit viewing
  208. if(!empty($_COOKIE['membershipuselevel']) && $_COOKIE['membershipuselevel'] != '0') {
  209. $level_id = (int) $_COOKIE['membershipuselevel'];
  210. $member = new M_Membership($user->ID);
  211. $member->assign_level( $level_id, true );
  212. } else {
  213. return;
  214. }
  215. } else {
  216. // We are not a membershipadmin user
  217. if(!empty($wp->query_vars['feed'])) {
  218. // This is a feed access
  219. // Set the feed rules
  220. if(isset($_GET['k'])) {
  221. $key = $_GET['k'];
  222. $user_id = $this->find_user_from_key($key);
  223. $user_id = (int) $user_id;
  224. if($user_id > 0) {
  225. // Logged in - check there settings, if they have any.
  226. $member = new M_Membership($user_id);
  227. // Load the levels for this member - and associated rules
  228. $member->load_levels( true );
  229. } else {
  230. $member = new M_Membership(false);
  231. if(isset($M_options['strangerlevel']) && $M_options['strangerlevel'] != 0) {
  232. $member->assign_level($M_options['strangerlevel'], true );
  233. } else {
  234. // This user can't access anything on the site - show a blank feed.
  235. add_filter('the_posts', array(&$this, 'show_noaccess_feed'), 1 );
  236. }
  237. }
  238. } else {
  239. // not passing a key so limit based on stranger settings
  240. // need to grab the stranger settings
  241. $member = new M_Membership($user->ID);
  242. if(isset($M_options['strangerlevel']) && $M_options['strangerlevel'] != 0) {
  243. $member->assign_level($M_options['strangerlevel'], true );
  244. } else {
  245. // This user can't access anything on the site - show a blank feed.
  246. add_filter('the_posts', array(&$this, 'show_noaccess_feed'), 1 );
  247. }
  248. }
  249. } else {
  250. // Users
  251. $member = new M_Membership($user->ID);
  252. if($user->ID > 0 && $member->has_levels()) {
  253. // Load the levels for this member - and associated rules
  254. $member->load_levels( true );
  255. } else {
  256. // not logged in so limit based on stranger settings
  257. // need to grab the stranger settings
  258. if(isset($M_options['strangerlevel']) && $M_options['strangerlevel'] != 0) {
  259. $member->assign_level( $M_options['strangerlevel'], true );
  260. } else {
  261. // This user can't access anything on the site - .
  262. add_filter('comments_open', array(&$this, 'close_comments'), 99, 2);
  263. // Changed for this version to see if it helps to get around changed in WP 3.5
  264. //add_action('pre_get_posts', array(&$this, 'show_noaccess_page'), 1 );
  265. add_action('the_posts', array(&$this, 'show_noaccess_page'), 1 );
  266. //the_posts
  267. // Hide all pages from menus - except the signup one
  268. add_filter('get_pages', array(&$this, 'remove_pages_menu'));
  269. // Hide all categories from lists
  270. add_filter( 'get_terms', array(&$this, 'remove_categories'), 1, 3 );
  271. }
  272. }
  273. }
  274. }
  275. // Set up the level shortcodes here
  276. $shortcodes = apply_filters('membership_level_shortcodes', array() );
  277. if(!empty($shortcodes)) {
  278. foreach($shortcodes as $key => $value) {
  279. if(!empty($value)) {
  280. if($member->has_level($key)) {
  281. // member is on this level so can see the content
  282. add_shortcode(stripslashes(trim($value)), array(&$this, 'do_level_shortcode') );
  283. } else {
  284. // member isn't on this level and so can't see the content
  285. add_shortcode(stripslashes(trim($value)), array(&$this, 'do_levelprotected_shortcode') );
  286. }
  287. }
  288. }
  289. }
  290. $shortcodes = apply_filters('membership_not_level_shortcodes', array() );
  291. if(!empty($shortcodes)) {
  292. foreach($shortcodes as $key => $value) {
  293. if(!empty($value)) {
  294. if(!$member->has_level($key)) {
  295. // member is on this level so can see the content
  296. add_shortcode(stripslashes(trim($value)), array(&$this, 'do_level_shortcode') );
  297. } else {
  298. // member isn't on this level and so can't see the content
  299. add_shortcode(stripslashes(trim($value)), array(&$this, 'do_levelprotected_shortcode') );
  300. }
  301. }
  302. }
  303. }
  304. do_action('membership-add-shortcodes');
  305. // Set the initialisation status
  306. $initialised = true;
  307. }
  308. function remove_categories($terms, $taxonomies, $args) {
  309. foreach( (array) $terms as $key => $value ) {
  310. if($value->taxonomy == 'category') {
  311. unset($terms[$key]);
  312. }
  313. }
  314. return $terms;
  315. }
  316. function remove_pages_menu($pages) {
  317. global $M_options;
  318. foreach( (array) $pages as $key => $page ) {
  319. if(!empty($M_options['registration_page']) && $page->ID == $M_options['registration_page']) {
  320. // We want to keep this page available
  321. } else {
  322. unset($pages[$key]);
  323. }
  324. }
  325. return $pages;
  326. }
  327. function handle_paymentgateways($wp_query) {
  328. if(!empty($wp_query->query_vars['paymentgateway'])) {
  329. do_action( 'membership_process_payment_return', $wp_query->query_vars['paymentgateway'] );
  330. // exit();
  331. }
  332. }
  333. function handle_download_protection($wp_query) {
  334. global $user, $member, $wpdb, $M_options;
  335. if(!empty($wp_query->query_vars['protectedfile'])) {
  336. $protected = explode("/", $wp_query->query_vars['protectedfile']);
  337. $protected = array_pop( $protected );
  338. }
  339. if(empty($protected) && !empty($_GET['file'])) {
  340. $protected = $_GET['file'];
  341. }
  342. if(!empty($protected)) {
  343. // See if the filename has a size extension and if so, strip it out
  344. $filename_exp = '/(.+)\-(\d+[x]\d+)\.(.+)$/';
  345. $filematch = array();
  346. if(preg_match($filename_exp, $protected, $filematch)) {
  347. // We have an image with an image size attached
  348. $newfile = $filematch[1] . "." . $filematch[3];
  349. $size_extension = "-" . $filematch[2];
  350. } else {
  351. $newfile = $protected;
  352. $size_extension = '';
  353. }
  354. // Process based on the protection type
  355. switch($M_options['protection_type']) {
  356. case 'complete' : // Work out the post_id again
  357. $post_id = preg_replace('/^' . MEMBERSHIP_FILE_NAME_PREFIX . '/', '', $newfile);
  358. $post_id -= (INT) MEMBERSHIP_FILE_NAME_INCREMENT;
  359. if(is_numeric($post_id) && $post_id > 0) {
  360. $image = get_post_meta($post_id, '_wp_attached_file', true);
  361. if(!empty($size_extension)) {
  362. // Add back in a size extension if we need to
  363. $image = str_replace( '.' . pathinfo($image, PATHINFO_EXTENSION), $size_extension . '.' . pathinfo($image, PATHINFO_EXTENSION), $image );
  364. // hack to remove any double extensions :/ need to change when work out a neater way
  365. $image = str_replace( $size_extension . $size_extension, $size_extension, $image );
  366. }
  367. }
  368. break;
  369. case 'hybrid' : // Work out the post_id again
  370. $post_id = preg_replace('/^' . MEMBERSHIP_FILE_NAME_PREFIX . '/', '', $newfile);
  371. $post_id -= (INT) MEMBERSHIP_FILE_NAME_INCREMENT;
  372. if(is_numeric($post_id) && $post_id > 0) {
  373. $image = get_post_meta($post_id, '_wp_attached_file', true);
  374. if(!empty($size_extension)) {
  375. // Add back in a size extension if we need to
  376. $image = str_replace( '.' . pathinfo($image, PATHINFO_EXTENSION), $size_extension . '.' . pathinfo($image, PATHINFO_EXTENSION), $image );
  377. // hack to remove any double extensions :/ need to change when work out a neater way
  378. $image = str_replace( $size_extension . $size_extension, $size_extension, $image );
  379. }
  380. }
  381. break;
  382. case 'basic' :
  383. default: // The basic protection - need to change this
  384. $sql = $this->db->prepare( "SELECT post_id FROM {$this->db->postmeta} WHERE meta_key = '_wp_attached_file' AND meta_value LIKE %s", '%' . $newfile . '%' );
  385. $post_id = $wpdb->get_var( $sql );
  386. if(empty($post_id)) {
  387. // Can't find the file in the first pass, try the second pass.
  388. $sql = $this->db->prepare( "SELECT post_id FROM {$this->db->postmeta} WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE %s", '%' . $protected . '%');
  389. $post_id = $this->db->get_var( $sql );
  390. }
  391. if(is_numeric($post_id) && $post_id > 0) {
  392. $image = get_post_meta($post_id, '_wp_attached_file', true);
  393. if(!empty($size_extension)) {
  394. // Add back in a size extension if we need to
  395. $image = str_replace( '.' . pathinfo($image, PATHINFO_EXTENSION), $size_extension . '.' . pathinfo($image, PATHINFO_EXTENSION), $image );
  396. // hack to remove any double extensions :/ need to change when work out a neater way
  397. $image = str_replace( $size_extension . $size_extension, $size_extension, $image );
  398. }
  399. }
  400. break;
  401. }
  402. if(!empty($image) && !empty($post_id) && is_numeric($post_id)) {
  403. // check for protection
  404. $group = get_post_meta($post_id, '_membership_protected_content_group', true);
  405. if(empty($group) || $group == 'no') {
  406. // it's not protected so grab and display it
  407. //$file = $wp_query->query_vars['protectedfile'];
  408. $this->output_file($image);
  409. } else {
  410. // check we can see it
  411. if(empty($member) || !method_exists($member, 'has_level_rule')) {
  412. $user = wp_get_current_user();
  413. $member = new M_Membership( $user->ID );
  414. }
  415. if( method_exists($member, 'has_level_rule') && $member->has_level_rule('downloads') && $member->pass_thru( 'downloads', array( 'can_view_download' => $group ) ) ) {
  416. //$file = $wp_query->query_vars['protectedfile'];
  417. $this->output_file($image);
  418. } else {
  419. $this->show_noaccess_image($wp_query);
  420. }
  421. }
  422. } else {
  423. // We haven't found anything so default to the no access image
  424. $this->show_noaccess_image($wp_query);
  425. }
  426. exit();
  427. }
  428. }
  429. function output_file($pathtofile) {
  430. global $wpdb, $M_options;
  431. // The directory and direct path dir
  432. $uploadpath = membership_wp_upload_dir();
  433. $file = trailingslashit($uploadpath) . $pathtofile;
  434. // The url and direct url
  435. $origpath = membership_upload_url();
  436. $trueurl = trailingslashit($origpath) . $pathtofile;
  437. if ( !is_file( $file ) ) {
  438. status_header( 404 );
  439. die( '404 &#8212; File not found.' );
  440. }
  441. $mime = wp_check_filetype( $file );
  442. if( false === $mime[ 'type' ] && function_exists( 'mime_content_type' ) )
  443. $mime[ 'type' ] = mime_content_type( $file );
  444. if( $mime[ 'type' ] )
  445. $mimetype = $mime[ 'type' ];
  446. else
  447. $mimetype = 'image/' . substr( $trueurl, strrpos( $trueurl, '.' ) + 1 );
  448. header( 'Content-type: ' . $mimetype ); // always send this
  449. if ( false === strpos( $_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS' ) )
  450. header( 'Content-Length: ' . filesize( $file ) );
  451. $last_modified = gmdate( 'D, d M Y H:i:s', filemtime( $file ) );
  452. $etag = '"' . md5( $last_modified ) . '"';
  453. header( "Last-Modified: $last_modified GMT" );
  454. header( 'ETag: ' . $etag );
  455. header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + 100000000 ) . ' GMT' );
  456. // Support for Conditional GET
  457. $client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false;
  458. if( ! isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) )
  459. $_SERVER['HTTP_IF_MODIFIED_SINCE'] = false;
  460. $client_last_modified = trim( $_SERVER['HTTP_IF_MODIFIED_SINCE'] );
  461. // If string is empty, return 0. If not, attempt to parse into a timestamp
  462. $client_modified_timestamp = $client_last_modified ? strtotime( $client_last_modified ) : 0;
  463. // Make a timestamp for our most recent modification...
  464. $modified_timestamp = strtotime($last_modified);
  465. if ( ( $client_last_modified && $client_etag )
  466. ? ( ( $client_modified_timestamp >= $modified_timestamp) && ( $client_etag == $etag ) )
  467. : ( ( $client_modified_timestamp >= $modified_timestamp) || ( $client_etag == $etag ) )
  468. ) {
  469. status_header( 304 );
  470. exit;
  471. }
  472. // If we made it this far, just serve the file
  473. readfile( $file );
  474. }
  475. function show_noaccess_image($wp_query) {
  476. $locale = apply_filters( 'membership_locale', get_locale() );
  477. if(file_exists(membership_dir( "membershipincludes/images/noaccess/noaccess-$locale.png" ))) {
  478. $file = membership_dir( "membershipincludes/images/noaccess/noaccess-$locale.png" );
  479. $trueurl = membership_url( "membershipincludes/images/noaccess/noaccess-$locale.png" );
  480. } elseif( file_exists(membership_dir( "membershipincludes/images/noaccess/noaccess.png" )) ) {
  481. $file = membership_dir( "membershipincludes/images/noaccess/noaccess.png" );
  482. $trueurl = membership_url( "membershipincludes/images/noaccess/noaccess.png" );
  483. }
  484. if(!empty($file)) {
  485. if ( !is_file( $file ) ) {
  486. status_header( 404 );
  487. die( '404 &#8212; File not found.' );
  488. }
  489. $mime = wp_check_filetype( $file );
  490. if( false === $mime[ 'type' ] && function_exists( 'mime_content_type' ) )
  491. $mime[ 'type' ] = mime_content_type( $file );
  492. if( $mime[ 'type' ] )
  493. $mimetype = $mime[ 'type' ];
  494. else
  495. $mimetype = 'image/' . substr( $trueurl, strrpos( $trueurl, '.' ) + 1 );
  496. header( 'Content-type: ' . $mimetype ); // always send this
  497. if ( false === strpos( $_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS' ) )
  498. header( 'Content-Length: ' . filesize( $file ) );
  499. $last_modified = gmdate( 'D, d M Y H:i:s', filemtime( $file ) );
  500. $etag = '"' . md5( $last_modified ) . '"';
  501. header( "Last-Modified: $last_modified GMT" );
  502. header( 'ETag: ' . $etag );
  503. header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + 100000000 ) . ' GMT' );
  504. // Support for Conditional GET
  505. $client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false;
  506. if( ! isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) )
  507. $_SERVER['HTTP_IF_MODIFIED_SINCE'] = false;
  508. $client_last_modified = trim( $_SERVER['HTTP_IF_MODIFIED_SINCE'] );
  509. // If string is empty, return 0. If not, attempt to parse into a timestamp
  510. $client_modified_timestamp = $client_last_modified ? strtotime( $client_last_modified ) : 0;
  511. // Make a timestamp for our most recent modification...
  512. $modified_timestamp = strtotime($last_modified);
  513. if ( ( $client_last_modified && $client_etag )
  514. ? ( ( $client_modified_timestamp >= $modified_timestamp) && ( $client_etag == $etag ) )
  515. : ( ( $client_modified_timestamp >= $modified_timestamp) || ( $client_etag == $etag ) )
  516. ) {
  517. status_header( 304 );
  518. exit;
  519. }
  520. // If we made it this far, just serve the file
  521. readfile( $file );
  522. }
  523. }
  524. function find_user_from_key($key = false) {
  525. global $wpdb;
  526. //$key = get_usermeta($user->ID, '_membership_key');
  527. $sql = $wpdb->prepare( "SELECT user_id FROM {$wpdb->usermeta} WHERE meta_key = %s AND meta_value = %s LIMIT 0,1", '_membership_key', $key );
  528. $user_id = $wpdb->get_var($sql);
  529. return $user_id;
  530. }
  531. // loop and page overrides
  532. function show_moretag_protection($more_tag_link, $more_tag) {
  533. global $M_options;
  534. return stripslashes($M_options['moretagmessage']);
  535. }
  536. function replace_moretag_content($the_content) {
  537. global $M_options;
  538. $morestartsat = strpos($the_content, '<span id="more-');
  539. if($morestartsat !== false) {
  540. $the_content = substr($the_content, 0, $morestartsat);
  541. $the_content .= stripslashes($M_options['moretagmessage']);
  542. }
  543. return $the_content;
  544. }
  545. // Output the level based shortcode content
  546. function do_level_shortcode($atts, $content = null, $code = "") {
  547. return do_shortcode($content);
  548. }
  549. // Output the protected shortcode content
  550. function do_membership_shortcode($atts, $content = null, $code = "") {
  551. return do_shortcode($content);
  552. }
  553. // Show the protected shortcode message
  554. function do_protected_shortcode($atts, $content = null, $code = "") {
  555. global $M_options;
  556. return stripslashes($M_options['shortcodemessage']);
  557. }
  558. // Show the level based protected shortcode message
  559. function do_levelprotected_shortcode($atts, $content = null, $code = "") {
  560. global $M_options;
  561. // Set up the level shortcodes here
  562. $shortcodes = apply_filters('membership_level_shortcodes', array() );
  563. $notshortcodes = apply_filters('membership_not_level_shortcodes', array() );
  564. $code = strtolower( $code );
  565. if( substr( $code, 0, 4 ) !== "not-" ) {
  566. if(!empty($shortcodes)) {
  567. // search positive shortcodes first
  568. $id = array_search( $code, $shortcodes );
  569. if($id !== false) {
  570. // we have found a level so we need to check if it has a custom protected message, otherwise we'll just output the default main on
  571. $level = new M_Level( $id );
  572. $message = $level->get_meta( 'level_protectedcontent' );
  573. if(!empty($message)) {
  574. return stripslashes($message);
  575. }
  576. }
  577. }
  578. } else {
  579. if(!empty($notshortcodes)) {
  580. // search positive shortcodes first
  581. $id = array_search( $code, $notshortcodes );
  582. if($id !== false) {
  583. // we have found a level so we need to check if it has a custom protected message, otherwise we'll just output the default main on
  584. $level = new M_Level( $id );
  585. $message = $level->get_meta( 'level_protectedcontent' );
  586. if(!empty($message)) {
  587. return stripslashes($message);
  588. }
  589. }
  590. }
  591. }
  592. // If we are here then we have no custom message, or the shortcode wasn't found so just output the standard message
  593. if(isset($M_options['shortcodemessage'])) {
  594. return stripslashes($M_options['shortcodemessage']);
  595. } else {
  596. return '';
  597. }
  598. }
  599. function override_shortcodes() {
  600. // By default all the shortcodes are protected to override them here
  601. global $M_shortcode_tags, $shortcode_tags;
  602. $M_shortcode_tags = $shortcode_tags;
  603. if(!empty($M_options['membershipshortcodes'])) {
  604. foreach($M_options['membershipshortcodes'] as $key => $value) {
  605. if(!empty($value)) {
  606. $shortcode_tags[$value] = array(&$this, 'do_protected_shortcode');
  607. }
  608. }
  609. }
  610. }
  611. function may_be_singular($wp_query) {
  612. if( is_archive() || is_author() || is_category() || is_tag() || is_tax() || is_search() ) {
  613. return false;
  614. } else {
  615. return true;
  616. }
  617. }
  618. function check_for_posts_existance($posts, $wp_query) {
  619. global $bp, $wp_query;
  620. if(!empty($bp)) {
  621. // BuddyPress exists so we have to handle "pretend" pages.
  622. $thepage = substr($wp_query->query['pagename'], 0 , strpos($wp_query->query['pagename'], '/'));
  623. if(empty($thepage)) $thepage = $wp_query->query['pagename'];
  624. $bppages = apply_filters('membership_buddypress_pages', (array) $bp->root_components );
  625. if(in_array($thepage, $bppages)) {
  626. return $posts;
  627. }
  628. }
  629. $M_options = get_option('membership_options', array());
  630. if(empty($posts)) {
  631. if( !empty( $wp_query->query['pagename'] )) {
  632. // we have a potentially fake page that a plugin is creating or using.
  633. if( !in_array( $wp_query->query['pagename'], apply_filters( 'membership_notallowed_pagenames', array() ) ) ) {
  634. return $posts;
  635. } else {
  636. $this->show_noaccess_page($wp_query);
  637. }
  638. } else {
  639. if($M_options['override_404'] == 'yes') {
  640. // empty posts
  641. $this->show_noaccess_page($wp_query);
  642. } else {
  643. return $posts;
  644. }
  645. }
  646. if($this->posts_actually_exist() && $this->may_be_singular($wp_query)) {
  647. // we have nothing to see because it either doesn't exist, is a pretend or it's protected - move to no access page.
  648. $this->show_noaccess_page($wp_query);
  649. } else {
  650. return $posts;
  651. }
  652. }
  653. return $posts;
  654. }
  655. function posts_actually_exist() {
  656. $sql = $this->db->prepare( "SELECT count(*) FROM {$this->db->posts} WHERE post_type = 'post' AND post_status = 'publish'" );
  657. if($this->db->get_var( $sql ) > 0) {
  658. return true;
  659. } else {
  660. return false;
  661. }
  662. }
  663. function show_noaccess_feed($wp_query) {
  664. global $M_options;
  665. //$wp_query->query_vars['post__in'] = array(0);
  666. /**
  667. * What we are going to do here, is create a fake post. A post
  668. * that doesn't actually exist. We're gonna fill it up with
  669. * whatever values you want. The content of the post will be
  670. * the output from your plugin. The questions and answers.
  671. */
  672. if(!empty($M_options['nocontent_page'])) {
  673. // grab the content form the no content page
  674. $post = get_post( $M_options['nocontent_page'] );
  675. } else {
  676. if(empty($M_options['protectedmessagetitle'])) {
  677. $M_options['protectedmessagetitle'] = __('No access to this content','membership');
  678. }
  679. $post = new stdClass;
  680. $post->post_author = 1;
  681. $post->post_name = 'membershipnoaccess';
  682. add_filter('the_permalink',create_function('$permalink', 'return "' . get_option('home') . '";'));
  683. $post->guid = get_bloginfo('wpurl');
  684. $post->post_title = esc_html(stripslashes($M_options['protectedmessagetitle']));
  685. $post->post_content = stripslashes($M_options['protectedmessage']);
  686. $post->ID = -1;
  687. $post->post_status = 'publish';
  688. $post->post_type = 'post';
  689. $post->comment_status = 'closed';
  690. $post->ping_status = 'open';
  691. $post->comment_count = 0;
  692. $post->post_date = current_time('mysql');
  693. $post->post_date_gmt = current_time('mysql', 1);
  694. }
  695. return array($post);
  696. }
  697. function ensure_option_pages_visible($wp_query) {
  698. global $M_options;
  699. if(empty($wp_query->query_vars['post__in'])) {
  700. return;
  701. }
  702. $forchecking = array();
  703. if(!empty($M_options['registration_page'])) {
  704. $wp_query->query_vars['post__in'][] = $M_options['registration_page'];
  705. $forchecking[] = $M_options['registration_page'];
  706. }
  707. if(!empty($M_options['account_page'])) {
  708. $wp_query->query_vars['post__in'][] = $M_options['account_page'];
  709. $forchecking[] = $M_options['account_page'];
  710. }
  711. if(!empty($M_options['nocontent_page'])) {
  712. $wp_query->query_vars['post__in'][] = $M_options['nocontent_page'];
  713. $forchecking[] = $M_options['nocontent_page'];
  714. }
  715. if(!empty($M_options['registrationcompleted_page'])) {
  716. $wp_query->query_vars['post__in'][] = $M_options['registrationcompleted_page'];
  717. $forchecking[] = $M_options['registrationcompleted_page'];
  718. }
  719. if(!empty($M_options['subscriptions_page'])) {
  720. $wp_query->query_vars['post__in'][] = $M_options['subscriptions_page'];
  721. $forchecking[] = $M_options['subscriptions_page'];
  722. }
  723. if(is_array($wp_query->query_vars['post__not_in'])) {
  724. foreach($wp_query->query_vars['post__not_in'] as $key => $value) {
  725. if(in_array( $value, (array) $forchecking ) ) {
  726. unset($wp_query->query_vars['post__not_in'][$key]);
  727. }
  728. }
  729. }
  730. $wp_query->query_vars['post__in'] = array_unique($wp_query->query_vars['post__in']);
  731. }
  732. function hide_nocontent_page_from_menu($pages) {
  733. global $M_options;
  734. foreach( (array) $pages as $key => $page ) {
  735. if( ($page->ID == $M_options['nocontent_page']) || ($page->ID == $M_options['registrationcompleted_page'])) {
  736. unset($pages[$key]);
  737. }
  738. }
  739. return $pages;
  740. }
  741. //function show_noaccess_page($wp_query, $forceviewing = false) {
  742. function show_noaccess_page($posts, $forceviewing = false) {
  743. global $M_options;
  744. if(!empty($posts)) {
  745. if(count($posts) == 1 && isset($posts[0]->post_type) && $posts[0]->post_type == 'page') {
  746. // We are on a page so get the first page and then check for ones we want to allow
  747. $page = $posts[0];
  748. if(!empty($page->ID) && !empty($M_options['nocontent_page']) && $page->ID == $M_options['nocontent_page']) {
  749. return $posts;
  750. }
  751. if(!empty($page->ID) && !empty($M_options['registration_page']) && $page->ID == $M_options['registration_page']) {
  752. // We know what we are looking at, the registration page has been set and we are trying to access it
  753. return $posts;
  754. }
  755. if(!empty($page->ID) && !empty($M_options['account_page']) && $page->ID == $M_options['account_page']) {
  756. // We know what we are looking at, the registration page has been set and we are trying to access it
  757. return $posts;
  758. }
  759. if(!empty($page->ID) && !empty($M_options['registrationcompleted_page']) && $page->ID == $M_options['registrationcompleted_page']) {
  760. // We know what we are looking at, the registration page has been set and we are trying to access it
  761. return $posts;
  762. }
  763. if(!empty($page->ID) && !empty($M_options['subscriptions_page']) && $page->ID == $M_options['subscriptions_page']) {
  764. // We know what we are looking at, the registration page has been set and we are trying to access it
  765. return $posts;
  766. }
  767. // We are still here so we may be at a page that we shouldn't be able to see
  768. if(!empty($M_options['nocontent_page']) && isset($page->ID) && $page->ID != $M_options['nocontent_page'] && !headers_sent()) {
  769. // grab the content form the no content page
  770. $url = get_permalink( (int) $M_options['nocontent_page'] );
  771. wp_safe_redirect( $url );
  772. exit;
  773. } else {
  774. return $posts;
  775. }
  776. } else {
  777. // We could be on a posts page / or on a single post.
  778. if(count($posts) == 1) {
  779. // We could be on a single posts page, or only have the one post to view
  780. if(isset($posts[0]->post_type) && $posts[0]->post_type != 'nav_menu_item') {
  781. // We'll redirect if this isn't a navigation menu item
  782. $post = $posts[0];
  783. if(!empty($M_options['nocontent_page']) && isset($post->ID) && $post->ID != $M_options['nocontent_page'] && !headers_sent()) {
  784. // grab the content form the no content page
  785. $url = get_permalink( (int) $M_options['nocontent_page'] );
  786. wp_safe_redirect( $url );
  787. exit;
  788. } else {
  789. return $posts;
  790. }
  791. }
  792. } else {
  793. // Check the first post in the list
  794. if(isset($posts[0]->post_type) && $posts[0]->post_type != 'nav_menu_item') {
  795. // We'll redirect if this isn't a navigation menu item
  796. $post = $posts[0];
  797. if(!empty($M_options['nocontent_page']) && isset($post->ID) && $post->ID != $M_options['nocontent_page'] && !headers_sent()) {
  798. // grab the content form the no content page
  799. $url = get_permalink( (int) $M_options['nocontent_page'] );
  800. wp_safe_redirect( $url );
  801. exit;
  802. } else {
  803. return $posts;
  804. }
  805. }
  806. }
  807. }
  808. } else {
  809. // We don't have any posts, so we should just redirect to the no content page.
  810. if(!empty($M_options['nocontent_page']) && !headers_sent()) {
  811. // grab the content form the no content page
  812. $url = get_permalink( (int) $M_options['nocontent_page'] );
  813. wp_safe_redirect( $url );
  814. exit;
  815. } else {
  816. return $posts;
  817. }
  818. }
  819. // If we've reached here then something weird has happened :/
  820. return $posts;
  821. /*
  822. if(!empty($wp_query->query_vars['protectedfile']) && !$forceviewing) {
  823. return;
  824. }
  825. */
  826. }
  827. function close_comments($open, $postid) {
  828. return false;
  829. }
  830. // Content / downloads protection
  831. function protect_download_content($the_content) {
  832. global $M_options;
  833. $origpath = membership_upload_url();
  834. $newpath = trailingslashit(trailingslashit(get_option('home')) . $M_options['masked_url']);
  835. // Find all the urls in the post and then we'll check if they are protected
  836. /* Regular expression from http://blog.mattheworiordan.com/post/13174566389/url-regular-expression-for-links-with-or-without-the */
  837. $url_exp = '/((([A-Za-z]{3,9}:(?:\/\/)?)(?:[-;:&=\+\$,\w]+@)?[A-Za-z0-9.-]+|(?:www.|[-;:&=\+\$,\w]+@)[A-Za-z0-9.-]+)((?:\/[\+~%\/.\w-_]*)?\??(?:[-\+=&;%@.\w_]*)#?(?:[.\!\/\\w]*))?)/';
  838. $matches = array();
  839. if(preg_match_all($url_exp, $the_content, $matches)) {
  840. $home = get_option('home');
  841. if(!empty($matches) && !empty($matches[2])) {
  842. foreach((array) $matches[2] as $key => $domain) {
  843. if(untrailingslashit($home) == untrailingslashit($domain)) {
  844. $foundlocal = $key;
  845. $file = basename($matches[4][$foundlocal]);
  846. $filename_exp = '/(.+)\-(\d+[x]\d+)\.(.+)$/';
  847. $filematch = array();
  848. if(preg_match($filename_exp, $file, $filematch)) {
  849. // We have an image with an image size attached
  850. $newfile = $filematch[1] . "." . $filematch[3];
  851. $size_extension = "-" . $filematch[2];
  852. } else {
  853. $newfile = $file;
  854. $size_extension = '';
  855. }
  856. $sql = $this->db->prepare( "SELECT post_id FROM {$this->db->postmeta} WHERE meta_key = '_wp_attached_file' AND meta_value LIKE %s", '%' . $newfile . '%');
  857. $post_id = $this->db->get_var( $sql );
  858. if(empty($post_id)) {
  859. // Can't find the file in the first pass, try the second pass.
  860. $sql = $this->db->prepare( "SELECT post_id FROM {$this->db->postmeta} WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE %s", '%' . $file . '%');
  861. $post_id = $this->db->get_var( $sql );
  862. }
  863. if(!empty($post_id)) {
  864. // Found the file and it's in the media library
  865. $protected = get_post_meta( $post_id, '_membership_protected_content_group', true );
  866. if(!empty($protected)) {
  867. // We have a protected file - so we'll mask it
  868. switch($M_options['protection_type']) {
  869. case 'complete' : $protectedfilename = MEMBERSHIP_FILE_NAME_PREFIX . ($post_id + (int) MEMBERSHIP_FILE_NAME_INCREMENT) . $size_extension;
  870. $protectedfilename .= "." . pathinfo($newfile, PATHINFO_EXTENSION);
  871. $the_content = str_replace( $matches[0][$foundlocal], $newpath . $protectedfilename, $the_content );
  872. break;
  873. case 'hybrid' : $protectedfilename = MEMBERSHIP_FILE_NAME_PREFIX . ($post_id + (int) MEMBERSHIP_FILE_NAME_INCREMENT) . $size_extension;
  874. $protectedfilename .= "." . pathinfo($newfile, PATHINFO_EXTENSION);
  875. $the_content = str_replace( $matches[0][$foundlocal], $newpath . "?file=" . $protectedfilename, $the_content );
  876. break;
  877. case 'basic' :
  878. default: $the_content = str_replace( $matches[0][$foundlocal], str_replace( $origpath, $newpath, $matches[0][$foundlocal] ), $the_content );
  879. break;
  880. }
  881. }
  882. }
  883. }
  884. }
  885. }
  886. }
  887. return $the_content;
  888. }
  889. // Shortcodes
  890. function show_account_page( $content = null ) {
  891. global $bp, $profileuser, $user, $user_id;
  892. if(!is_user_logged_in()) {
  893. return apply_filters('membership_account_form_not_logged_in', $content );
  894. }
  895. require_once(ABSPATH . 'wp-admin/includes/user.php');
  896. $user = wp_get_current_user();
  897. $user_id = $user->ID;
  898. $profileuser = get_user_to_edit($user_id);
  899. $content = '';
  900. $content = apply_filters('membership_account_form_before_content', $content);
  901. ob_start();
  902. if( defined('MEMBERSHIP_ACCOUNT_FORM') && file_exists( MEMBERSHIP_ACCOUNT_FORM ) ) {
  903. include_once( MEMBERSHIP_ACCOUNT_FORM );
  904. } elseif(!empty($bp) && file_exists( apply_filters('membership_override_bpaccount_form', membership_dir('membershipincludes/includes/bp.account.form.php'), $user_id) )) {
  905. include_once( apply_filters('membership_override_bpaccount_form', membership_dir('membershipincludes/includes/bp.account.form.php'), $user_id) );
  906. } elseif( file_exists( apply_filters('membership_override_account_form', membership_dir('membershipincludes/includes/account.form.php'), $user_id) ) ) {
  907. include_once( apply_filters('membership_override_account_form', membership_dir('membershipincludes/includes/account.form.php'), $user_id) );
  908. }
  909. $content .= ob_get_contents();
  910. ob_end_clean();
  911. $content = apply_filters('membership_account_form_after_content', $content, $user_id);
  912. return $content;
  913. }
  914. function show_subpage_one($error = false) {
  915. global $bp;
  916. $content = '';
  917. $content = apply_filters('membership_subscription_form_registration_before_content', $content, $error);
  918. ob_start();
  919. if( defined('MEMBERSHIP_REGISTRATION_FORM') && file_exists( MEMBERSHIP_REGISTRATION_FORM ) ) {
  920. include_once( MEMBERSHIP_REGISTRATION_FORM );
  921. } elseif(!empty($bp) && file_exists( apply_filters('membership_override_bpregistration_form', membership_dir('membershipincludes/includes/bp.registration.form.php'), $error) )) {
  922. include_once( apply_filters('membership_override_bpregistration_form', membership_dir('membershipincludes/includes/bp.registration.form.php'), $error) );
  923. } elseif( file_exists( apply_filters('membership_override_registration_form', membership_dir('membershipincludes/includes/registration.form.php'), $error) ) ) {
  924. include_once( apply_filters('membership_override_registration_form', membership_dir('membershipincludes/includes/registration.form.php'), $error) );
  925. }
  926. $content .= ob_get_contents();
  927. ob_end_clean();
  928. $content = apply_filters('membership_subscription_form_registration_after_content', $content, $error);
  929. return $content;
  930. }
  931. function show_subpage_two($user_id) {
  932. $content = '';
  933. $content = apply_filters('membership_subscription_form_before_content', $content, $user_id);
  934. ob_start();
  935. if( defined('MEMBERSHIP_SUBSCRIPTION_FORM') && file_exists( MEMBERSHIP_SUBSCRIPTION_FORM ) ) {
  936. include_once( MEMBERSHIP_SUBSCRIPTION_FORM );
  937. } elseif(file_exists( apply_filters('membership_override_subscription_form', membership_dir('membershipincludes/includes/subscription.form.php'), $user_id) ) ) {
  938. include_once( apply_filters('membership_override_subscription_form', membership_dir('membershipincludes/includes/subscription.form.php'), $user_id) );
  939. }
  940. $content .= ob_get_contents();
  941. ob_end_clean();
  942. $content = apply_filters('membership_subscription_form_after_content', $content, $user_id );
  943. return $content;
  944. }
  945. function show_subpage_member() {
  946. $content = '';
  947. $content = apply_filters('membership_subscription_form_member_before_content', $content, $user_id);
  948. ob_start();
  949. if( defined('MEMBERSHIP_MEMBER_FORM') && file_exists( MEMBERSHIP_MEMBER_FORM ) ) {
  950. include_once( MEMBERSHIP_MEMBER_FORM );
  951. } elseif(file_exists( apply_filters('membership_override_member_form', membership_dir('membershipincludes/includes/member.form.php')) )) {
  952. include_once( apply_filters('membership_override_member_form', membership_dir('membershipincludes/includes/member.form.php')) );
  953. }
  954. $content .= ob_get_contents();
  955. ob_end_clean();
  956. $content = apply_filters('membership_subscription_form_member_after_content', $content, $user_id );
  957. return $content;
  958. }
  959. function show_upgrade_page() {
  960. $content = '';
  961. $content = apply_filters('membership_upgrade_form_member_before_content', $content, $user_id);
  962. ob_start();
  963. if( defined('MEMBERSHIP_UPGRADE_FORM') && file_exists( MEMBERSHIP_UPGRADE_FORM ) ) {
  964. include_once( MEMBERSHIP_UPGRADE_FORM );
  965. } elseif(file_exists( apply_filters('membership_override_upgrade_form', membership_dir('membershipincludes/includes/upgrade.form.php')) )) {
  966. include_once( apply_filters('membership_override_upgrade_form', membership_dir('membershipincludes/includes/upgrade.form.php')) );
  967. }
  968. $content .= ob_get_contents();
  969. ob_end_clean();
  970. $content = apply_filters('membership_upgrade_form_member_after_content', $content, $user_id );
  971. return $content;
  972. }
  973. function show_renew_page( $user_id = false ) {
  974. global $M_options;
  975. $content = '';
  976. $content = apply_filters('membership_renew_form_member_before_content', $content, $user_id);
  977. ob_start();
  978. if( defined('MEMBERSHIP_RENEW_FORM') && file_exists( MEMBERSHIP_RENEW_FORM ) ) {
  979. include_once( MEMBERSHIP_RENEW_FORM );
  980. } elseif(file_exists( apply_filters('membership_override_renew_form', membership_dir('membershipincludes/includes/renew.form.php')) )) {
  981. include_once( apply_filters('membership_override_renew_form', membership_dir('membershipincludes/includes/renew.form.php')) );
  982. }
  983. $content .= ob_get_contents();
  984. ob_end_clean();
  985. $content = apply_filters('membership_renew_form_member_after_content', $content, $user_id );
  986. return $content;
  987. }
  988. function do_renew_shortcode($atts, $content = null, $code = "") {
  989. global $wp_query;
  990. $error = array();
  991. $page = addslashes($_REQUEST['action']);
  992. $M_options = get_option('membership_options', array());
  993. $content = $this->show_renew_page();
  994. $content = apply_filters('membership_renew_form', $content);
  995. return $content;
  996. }
  997. function do_upgrade_shortcode($atts, $content = null, $code = "") {
  998. global $wp_query;
  999. $error = array();
  1000. $page = addslashes($_REQUEST['action']);
  1001. $M_options = get_option('membership_options', array());
  1002. $content = $this->show_upgrade_page();
  1003. $content = apply_filters('membership_upgrade_form', $content);
  1004. return $content;
  1005. }
  1006. function do_account_shortcode($atts, $content = null, $code = "") {
  1007. global $wp_query;
  1008. $error = array();
  1009. $page = addslashes($_REQUEST['action']);
  1010. $M_options = get_option('membership_options', array());
  1011. $content = $this->show_account_page( $content );
  1012. $content = apply_filters('membership_account_form', $content);
  1013. return $content;
  1014. }
  1015. function do_account_form() {
  1016. global $wp_query, $M_options, $bp;
  1017. $content = $this->show_account_page();
  1018. return $content;
  1019. }
  1020. function do_renew_form() {
  1021. global $wp_query, $M_options, $bp;
  1022. $page = (isset($_REQUEST['action'])) ? addslashes($_REQUEST['action']) : '';
  1023. if(empty($page)) {
  1024. $page = 'renewform';
  1025. }
  1026. $content = '';
  1027. switch($page) {
  1028. case 'subscriptionsignup':
  1029. if(is_user_logged_in()) {
  1030. $member = current_member();
  1031. list($timestamp, $user_id, $sub_id, $key, $sublevel) = explode(':', $_POST['custom']);
  1032. if( wp_verify_nonce($_REQUEST['_wpnonce'], 'free-sub_' . $sub_id) ) {
  1033. $gateway = $_POST['gateway'];
  1034. // Join the new subscription
  1035. $member->create_subscription($sub_id, $gateway);
  1036. // Timestamp the update
  1037. update_user_meta( $user_id, '_membership_last_upgraded', time());
  1038. }
  1039. } else {
  1040. // check if a custom is posted and of so then process the user
  1041. if(isset($_POST['custom'])) {
  1042. list($timestamp, $user_id, $sub_id, $key, $sublevel) = explode(':', $_POST['custom']);
  1043. if( wp_verify_nonce($_REQUEST['_wpnonce'], 'free-sub_' . $sub_id) ) {
  1044. $gateway = $_POST['gateway'];
  1045. // Join the new subscription
  1046. $member = new M_Membership( $user_id );
  1047. $member->create_subscription($sub_id, $gateway);
  1048. // Timestamp the update
  1049. update_user_meta( $user_id, '_membership_last_upgraded', time());
  1050. }
  1051. }
  1052. }
  1053. $content = $this->show_renew_page();
  1054. break;
  1055. case 'renewform':
  1056. default: // Just show the page
  1057. $content = $this->show_renew_page();
  1058. break;
  1059. }
  1060. return $content;
  1061. }
  1062. function output_subscriptionform() {
  1063. global $wp_query, $M_options, $bp;
  1064. if(empty($user_id)) {
  1065. $user =

Large files files are truncated, but you can click here to view the full file