Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: admin notification after guest email verified #1320

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions admin/class-admin-settings.php
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@
/**
* WPUF settings
*/

#[AllowDynamicProperties]
class WPUF_Admin_Settings {

/**
Expand Down
2 changes: 1 addition & 1 deletion includes/Admin/Forms/Form.php
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
/**
* @var array|\WP_Post|null
*/
private $data;
public $data;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Revert the visibility change of the $data property.

I strongly agree with the previous review comment. Changing the visibility of the $data property from private to public violates the principle of encapsulation and can lead to several issues:

  1. It allows uncontrolled access and modification of the $data property from outside the class.
  2. This can result in unexpected behavior and make the code harder to maintain and reason about.
  3. It increases the risk of introducing bugs or security vulnerabilities.
  4. It goes against best practices in object-oriented design.

Unless there is a compelling and well-documented reason for this change, it is strongly recommended to revert the visibility of the $data property back to private.

Apply this diff to revert the change:

-    public $data;
+    private $data;

If there is a specific need to access this property from outside the class, consider implementing getter and setter methods instead of making the property public. This would allow for controlled access and potential validation of the data.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
public $data;
private $data;


public function __construct( $form ) {
if ( is_numeric( $form ) ) {
Expand Down Expand Up @@ -192,39 +192,39 @@

return [ $user_can_post, $info ];
}

Check failure on line 195 in includes/Admin/Forms/Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection

Functions must not contain multiple empty lines in a row; found 2 empty lines

if ( $this->is_charging_enabled() ) {
$pay_per_post = $this->is_enabled_pay_per_post();

Check warning on line 198 in includes/Admin/Forms/Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection

Equals sign not aligned correctly; expected 1 space but found 6 spaces
// $pay_per_post_cost = (float) $this->get_pay_per_post_cost();

Check warning on line 199 in includes/Admin/Forms/Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection

This comment is 67% valid code; is this commented out code?
$force_pack = $this->is_enabled_force_pack();
$fallback_enabled = $this->is_enabled_fallback_cost();
// $fallback_cost = $this->get_subs_fallback_cost();

Check warning on line 202 in includes/Admin/Forms/Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection

This comment is 70% valid code; is this commented out code?

// guest post payment checking
if ( ! is_user_logged_in() && isset( $form_settings['guest_post'] ) && $form_settings['guest_post'] === 'true' ) {

//if ( $form->is_charging_enabled() ) {

Check warning on line 207 in includes/Admin/Forms/Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection

This comment is 62% valid code; is this commented out code?

if ( $force_pack ) {
$user_can_post = 'no';
$pack_page = get_permalink( wpuf_get_option( 'subscription_page',

Check failure on line 211 in includes/Admin/Forms/Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection

Opening parenthesis of a multi-line function call must be the last content on the line

Check failure on line 211 in includes/Admin/Forms/Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection

Opening parenthesis of a multi-line function call must be the last content on the line
'wpuf_payment' ) );

Check warning on line 212 in includes/Admin/Forms/Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection

Found precision alignment of 1 spaces.

Check failure on line 212 in includes/Admin/Forms/Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection

Multi-line function call not indented correctly; expected 20 spaces but found 69

Check failure on line 212 in includes/Admin/Forms/Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection

Multi-line function call not indented correctly; expected 20 spaces but found 69

Check failure on line 212 in includes/Admin/Forms/Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection

Closing parenthesis of a multi-line function call must be on a line by itself

Check failure on line 212 in includes/Admin/Forms/Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection

Closing parenthesis of a multi-line function call must be on a line by itself
/* translators: %s: Pack page link */
$info = sprintf( __( 'You need to <a href="%s">purchase a subscription package</a> to post in this form', 'wp-user-frontend' ), $pack_page );

Check warning on line 214 in includes/Admin/Forms/Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection

Equals sign not aligned correctly; expected 1 space but found 10 spaces
} elseif ( $pay_per_post && ! $force_pack ) {
$user_can_post = 'yes';
// $info = sprintf( __( 'There is a <strong>%s</strong> charge to add a new post.', 'wpuf' ), wpuf_format_price( $pay_per_post_cost ));

Check warning on line 217 in includes/Admin/Forms/Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection

This comment is 50% valid code; is this commented out code?
// echo '<div class="wpuf-info">' . apply_filters( 'wpuf_ppp_notice', $info, $id, $form_settings ) . '</div>';
} else {
$user_can_post = 'no';
$info = sprintf( __( 'Payment type not selected for this form. Please contact admin.', 'wp-user-frontend' ) );
}

// } else {

Check warning on line 224 in includes/Admin/Forms/Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection

This comment is 50% valid code; is this commented out code?
// $user_can_post = 'yes';
// }
} else {

Check failure on line 227 in includes/Admin/Forms/Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection

If control structure block found as the only statement within an "else" block. Use elseif instead.
// regular payment checking
if ( $force_pack && is_user_logged_in() ) {
$current_pack = $current_user->subscription()->current_pack();
Expand All @@ -233,7 +233,7 @@
// user has valid post count
if ( $has_post_count ) {
$user_can_post = 'yes';
} else {

Check failure on line 236 in includes/Admin/Forms/Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection

If control structure block found as the only statement within an "else" block. Use elseif instead.
if ( $fallback_enabled && ! $has_post_count ) {
$user_can_post = 'yes';
} else {
Expand All @@ -247,7 +247,7 @@
}
} elseif ( $pay_per_post && is_user_logged_in() && ! $current_user->subscription()->has_post_count( $form_settings['post_type'] ) ) {
$user_can_post = 'yes';
// $info = sprintf( __( 'There is a <strong>%s</strong> charge to add a new post.', 'wpuf' ), wpuf_format_price( $pay_per_post_cost ));

Check warning on line 250 in includes/Admin/Forms/Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection

This comment is 50% valid code; is this commented out code?
// echo '<div class="wpuf-info">' . apply_filters( 'wpuf_ppp_notice', $info, $id, $form_settings ) . '</div>';
} elseif ( ! $pay_per_post && ! $current_user->subscription()->has_post_count( $form_settings['post_type'] ) ) {
$user_can_post = 'no';
Expand All @@ -262,7 +262,7 @@
}
}
}
} else {

Check failure on line 265 in includes/Admin/Forms/Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection

If control structure block found as the only statement within an "else" block. Use elseif instead.
if ( isset( $form_settings['guest_post'] ) && $form_settings['guest_post'] === 'true' && !
is_user_logged_in() ) {
$user_can_post = 'yes';
Expand Down Expand Up @@ -368,7 +368,7 @@
$field['recaptcha_theme'] = isset( $field['recaptcha_theme'] ) ? $field['recaptcha_theme'] : 'light';
}

// $form_fields[] = apply_filters( 'wpuf-get-form-field', $field );

Check warning on line 371 in includes/Admin/Forms/Form.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection

This comment is 63% valid code; is this commented out code?

$form_fields[] = apply_filters( 'wpuf-get-form-fields', $field );
}
Expand Down
8 changes: 8 additions & 0 deletions includes/Ajax/Admin_Form_Builder_Ajax.php
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,10 @@ public function save_form() {
wp_send_json_error( __( 'Unauthorized operation', 'wp-user-frontend' ) );
}

if ( ! current_user_can( wpuf_admin_role() ) ) {
wp_send_json_error( __( 'Unauthorized operation', 'wp-user-frontend' ) );
}

if ( empty( $form_data['wpuf_form_id'] ) ) {
wp_send_json_error( __( 'Invalid form id', 'wp-user-frontend' ) );
}
Expand Down Expand Up @@ -86,6 +90,10 @@ public function wpuf_get_post_taxonomies() {
wp_send_json_error( __( 'Unauthorized operation', 'wp-user-frontend' ) );
}

if ( ! current_user_can( wpuf_admin_role() ) ) {
wp_send_json_error( __( 'Unauthorized operation', 'wp-user-frontend' ) );
}

if ( isset( $post_type ) && empty( $post_data['post_type'] ) ) {
wp_send_json_error( __( 'Invalid post type', 'wp-user-frontend' ) );
}
Expand Down
9 changes: 7 additions & 2 deletions includes/Ajax/Frontend_Form_Ajax.php
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,11 @@ class Frontend_Form_Ajax {

private $post_expiration_message = 'wpuf-post_expiration_message';

/**
* @var array
*/
private $form_fields;

/**
* New/Edit post submit handler
*
Expand Down Expand Up @@ -155,9 +160,9 @@ public function submit_post() {
$charging_enabled = 'yes';
}

if ( $guest_mode === 'true' && $guest_verify === 'true' && ! is_user_logged_in() && $charging_enabled === 'yes' ) {
if ( 'true' === $guest_mode && 'true' === $guest_verify && ! is_user_logged_in() && 'yes' === $charging_enabled ) {
$postarr['post_status'] = wpuf_get_draft_post_status( $this->form_settings );
} elseif ( $guest_mode === 'true' && $guest_verify === 'true' && ! is_user_logged_in() ) {
} elseif ( 'true' === $guest_mode && 'true' === $guest_verify && ! is_user_logged_in() ) {
$postarr['post_status'] = 'draft';
}
//if date is set and assigned as publish date
Expand Down
246 changes: 208 additions & 38 deletions includes/Frontend/Frontend_Form.php
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@ class Frontend_Form extends Frontend_Render_Form {
public function __construct() {
// // guest post hook
add_action( 'init', [ $this, 'publish_guest_post' ] );
// notification and other tasks after the guest verified the email
add_action( 'wpuf_guest_post_email_verified', [ $this, 'send_mail_to_admin_after_guest_mail_verified' ] );

$this->set_wp_post_types();

// Enable post edit link for post authors in frontend
Expand Down Expand Up @@ -326,48 +329,52 @@ public function publish_guest_post() {
$pid = isset( $_GET['p_id'] ) ? sanitize_text_field( wp_unslash( $_GET['p_id'] ) ) : '';
$fid = isset( $_GET['f_id'] ) ? sanitize_text_field( wp_unslash( $_GET['f_id'] ) ) : '';

if ( $post_msg === 'verified' ) {
$response = [];
$post_id = wpuf_decryption( $pid );
$form_id = wpuf_decryption( $fid );
$form_settings = wpuf_get_form_settings( $form_id );
$post_author_id = get_post_field( 'post_author', $post_id );
$payment_status = new Subscription();
$form = new Form( $form_id );
$pay_per_post = $form->is_enabled_pay_per_post();
$force_pack = $form->is_enabled_force_pack();

if ( $form->is_charging_enabled() && $pay_per_post ) {
if ( ( $payment_status->get_payment_status( $post_id ) ) === 'pending' ) {
$response['show_message'] = true;
$response['redirect_to'] = add_query_arg(
[
'action' => 'wpuf_pay',
'type' => 'post',
'post_id' => $post_id,
],
get_permalink( wpuf_get_option( 'payment_page', 'wpuf_payment' ) )
);

wp_redirect( $response['redirect_to'] );
wpuf_clear_buffer();
wp_send_json( $response );
}
} else {
$p_status = get_post_status( $post_id );
if ( $post_msg !== 'verified' ) {
return;
}

if ( $p_status ) {
wp_update_post(
[
'ID' => $post_id,
'post_status' => isset( $form_settings['post_status'] ) ? $form_settings['post_status'] : 'publish',
]
);
$response = [];
$post_id = wpuf_decryption( $pid );
$form_id = wpuf_decryption( $fid );
$form_settings = wpuf_get_form_settings( $form_id );
$post_author_id = get_post_field( 'post_author', $post_id );
$payment_status = new Subscription();
$form = new Form( $form_id );
$pay_per_post = $form->is_enabled_pay_per_post();
$force_pack = $form->is_enabled_force_pack();

if ( $form->is_charging_enabled() && $pay_per_post ) {
if ( ( $payment_status->get_payment_status( $post_id ) ) === 'pending' ) {
$response['show_message'] = true;
$response['redirect_to'] = add_query_arg(
[
'action' => 'wpuf_pay',
'type' => 'post',
'post_id' => $post_id,
],
get_permalink( wpuf_get_option( 'payment_page', 'wpuf_payment' ) )
);

wp_redirect( $response['redirect_to'] );
wpuf_clear_buffer();
wp_send_json( $response );
}
} else {
$p_status = get_post_status( $post_id );

echo wp_kses_post( "<div class='wpuf-success' style='text-align:center'>" . __( 'Email successfully verified. Please Login.', 'wp-user-frontend' ) . '</div>' );
}
if ( $p_status ) {
wp_update_post(
[
'ID' => $post_id,
'post_status' => isset( $form_settings['post_status'] ) ? $form_settings['post_status'] : 'publish',
]
);

echo wp_kses_post( "<div class='wpuf-success' style='text-align:center'>" . __( 'Email successfully verified. Please Login.', 'wp-user-frontend' ) . '</div>' );
}
}

do_action( 'wpuf_guest_post_email_verified', $post_id );
}

/**
Expand Down Expand Up @@ -476,4 +483,167 @@ private function generate_auth_link() {
$this->form_settings['message_restrict'] = str_replace( $placeholders, $replace, $this->form_settings['message_restrict'] );
}
}

/**
* Send a notification mail after a guest verified his/her email
*
* @since WPUF
*
* @return void
*/
public function send_mail_to_admin_after_guest_mail_verified() {
$post_id = ! empty( $_GET['p_id'] ) ? wpuf_decryption( sanitize_text_field( wp_unslash( $_GET['p_id'] ) ) ) : 0;
$form_id = ! empty( $_GET['f_id'] ) ? wpuf_decryption( sanitize_text_field( wp_unslash( $_GET['f_id'] ) ) ) : 0;

if ( empty( $post_id ) || empty( $form_id ) ) {
return;
}

$form = new Form( $form_id );

if ( empty( $form->data ) ) {
return;
}

$this->form_fields = $form->get_fields();
$this->form_settings = $form->get_settings();

$author_id = get_post_field( 'post_author', $post_id );

$is_email_varified = get_user_meta( $author_id, 'wpuf_guest_email_verified', true );

// if user email already verified, no need to check again.
// It will prevent mail flooding by clicking on the same link
if ( $is_email_varified ) {
return;
}

$mail_body = $this->prepare_mail_body( $this->form_settings['notification']['new_body'], $author_id, $post_id );
$to = $this->prepare_mail_body( $this->form_settings['notification']['new_to'], $author_id, $post_id );
$subject = $this->prepare_mail_body( $this->form_settings['notification']['new_subject'], $author_id, $post_id );
$subject = wp_strip_all_tags( $subject );
$mail_body = get_formatted_mail_body( $mail_body, $subject );
$headers = [ 'Content-Type: text/html; charset=UTF-8' ];

// update the information for future to check if the email is already verified
update_user_meta( $author_id, 'wpuf_guest_email_verified', 1 );
wp_mail( $to, $subject, $mail_body, $headers );
}

/**
* Prepare the mail body
*
* @param $content
* @param $user_id
* @param $post_id
*
* @return array|string|string[]
*/
public function prepare_mail_body( $content, $user_id, $post_id ) {
$user = get_user_by( 'id', $user_id );
$post = get_post( $post_id );

$post_field_search = [
'{post_title}',
'{post_content}',
'{post_excerpt}',
'{tags}',
'{category}',
'{author}',
'{author_email}',
'{author_bio}',
'{sitename}',
'{siteurl}',
'{permalink}',
'{editlink}',
];

$home_url = sprintf( '<a href="%s">%s</a>', home_url(), home_url() );
$post_url = sprintf( '<a href="%s">%s</a>', get_permalink( $post_id ), get_permalink( $post_id ) );
$post_edit_link = sprintf( '<a href="%s">%s</a>', admin_url( 'post.php?action=edit&post=' . $post_id ), admin_url( 'post.php?action=edit&post=' . $post_id ) );

$post_field_replace = [
$post->post_title,
$post->post_content,
$post->post_excerpt,
get_the_term_list( $post_id, 'post_tag', '', ', ' ),
get_the_term_list( $post_id, 'category', '', ', ' ),
$user->display_name,
$user->user_email,
( $user->description ) ? $user->description : 'not available',
get_bloginfo( 'name' ),
$home_url,
$post_url,
$post_edit_link,
];

if ( class_exists( 'WooCommerce' ) ) {
$post_field_search[] = '{product_cat}';
$post_field_replace[] = get_the_term_list( $post_id, 'product_cat', '', ', ' );
}

$content = str_replace( $post_field_search, $post_field_replace, $content );

// custom fields
preg_match_all( '/{custom_([\w-]*)\b}/', $content, $matches );
[ $search, $replace ] = $matches;

if ( $replace ) {
foreach ( $replace as $index => $meta_key ) {
$value = get_post_meta( $post_id, $meta_key, false );

if ( isset( $value[0] ) && is_array( $value[0] ) ) {
$new_value = implode( '; ', $value[0] );
} else {
$new_value = implode( '; ', $value );
}

$original_value = '';
$meta_val = '';

if ( count( $value ) > 1 ) {
$is_first = true;

foreach ( $value as $val ) {
if ( $is_first ) {
if ( get_post_mime_type( (int) $val ) ) {
$meta_val = wp_get_attachment_url( $val );
} else {
$meta_val = $val;
}
$is_first = false;
} else {
if ( get_post_mime_type( (int) $val ) ) {
$meta_val = $meta_val . ', ' . wp_get_attachment_url( $val );
} else {
$meta_val = $meta_val . ', ' . $val;
}
}

if ( get_post_mime_type( (int) $val ) ) {
$meta_val = $meta_val . ',' . wp_get_attachment_url( $val );
} else {
$meta_val = $meta_val . ',' . $val;
}
}
$original_value = $original_value . $meta_val;
} else {
if ( 'address_field' === $meta_key ) {
$value = get_post_meta( $post_id, $meta_key, true );
$new_value = implode( ', ', $value );
}

if ( get_post_mime_type( (int) $new_value ) ) {
$original_value = wp_get_attachment_url( $new_value );
} else {
$original_value = $new_value;
}
}

$content = str_replace( $search[ $index ], $original_value, $content );
}
}

return $content;
}
}
Loading