PluginProbe ʕ •ᴥ•ʔ
Appointment Booking Calendar / 1.3.57
Appointment Booking Calendar v1.3.57
1.4.04 1.4.03 1.4.02 trunk 1.3.51 1.3.52 1.3.53 1.3.54 1.3.55 1.3.56 1.3.57 1.3.58 1.3.59 1.3.60 1.3.61 1.3.62 1.3.63 1.3.64 1.3.65 1.3.66 1.3.67 1.3.68 1.3.69 1.3.70 1.3.71 1.3.72 1.3.73 1.3.74 1.3.75 1.3.76 1.3.77 1.3.78 1.3.79 1.3.80 1.3.81 1.3.82 1.3.83 1.3.84 1.3.85 1.3.86 1.3.87 1.3.88 1.3.89 1.3.90 1.3.91 1.3.92 1.3.93 1.3.94 1.3.95 1.3.96 1.3.97 1.3.98 1.3.99 1.4.01
appointment-booking-calendar / inc / cpabc_apps_go.inc.php
appointment-booking-calendar / inc Last commit date
banner.php 5 years ago cp-feedback.php 5 years ago cp_admin_int_edition.inc.php 5 years ago cpabc_appointments_admin_addbk.inc.php 5 years ago cpabc_appointments_admin_int.inc.php 5 years ago cpabc_appointments_admin_int_bookings_list.inc.php 5 years ago cpabc_appointments_admin_int_calendar_list.inc.php 5 years ago cpabc_apps_go.inc.php 5 years ago cpabc_apps_on.inc.php 5 years ago cpabc_publish_wizzard.inc.php 5 years ago cpabc_scheduler.inc.php 5 years ago index.html 5 years ago
cpabc_apps_go.inc.php
1216 lines
1 <?php
2
3 if ( ! defined( 'ABSPATH' ) )
4 {
5 echo 'Direct access not allowed.';
6 exit;
7 }
8
9
10 function cpabc_appointments_main_initialization()
11 {
12 global $wpdb;
13
14 if ( isset( $_GET['cpabc_ipncheck'] ) && $_GET['cpabc_ipncheck'] != '' )
15 {
16 cpabc_appointments_check_IPN_verification();
17 return;
18 }
19
20 if(isset($_GET) && array_key_exists('cpabc_app',$_GET)) {
21 if ( $_GET["cpabc_app"] == 'calfeed' )
22 {
23 if ($_GET["id"] != '' && substr(md5($_GET["id"].get_option('ABC_RCODE',$_SERVER["DOCUMENT_ROOT"])),0,10) == $_GET["verify"])
24 cpabc_export_iCal();
25 else
26 {
27 echo 'Access denied - verify value is not correct.';
28 exit;
29 }
30
31 }
32
33 if ($_GET["cpabc_app"] == 'captcha')
34 {
35 @include_once dirname( __FILE__ ) . '/../captcha/captcha.php';
36 exit;
37 }
38
39 }
40
41 if (isset( $_GET['cpabc_appointments_csv'] ) && is_admin() && current_user_can('edit_posts') )
42 {
43 cpabc_appointments_export_csv();
44 return;
45 }
46
47 if (isset( $_GET['cpabc_app'] ) && $_GET['cpabc_app'] == 'cpabc_loadmindate' && is_admin() && current_user_can('edit_posts') )
48 {
49 if ($_GET["code"] == '')
50 echo '';
51 else
52 {
53 $date = date("Y-m-d H:i",strtotime($_GET["code"]));
54 if (date("Y",strtotime($_GET["code"])) == '1970')
55 echo '<span style="color:#DD0000;">Error! Invalid date format!. Calculated min date for today: '.$date.'</span>';
56 else
57 echo '<span style="color:#008800;">Calculated min date for today: '.$date.'</span>';
58 }
59 exit;
60 }
61
62 if (isset( $_GET['cpabc_app'] ) && $_GET['cpabc_app'] == 'cpabc_loadmaxdate' && is_admin() && current_user_can('edit_posts') )
63 {
64 if ($_GET["code"] == '')
65 echo '';
66 else
67 {
68 $date = date("Y-m-d H:i",strtotime($_GET["code"]));
69 if (date("Y",strtotime($_GET["code"])) == '1970')
70 echo '<span style="color:#DD0000;">Error! Invalid date format!. Calculated max date for today: '.$date.'</span>';
71 else
72 {
73 echo '<span style="color:#008800;">Calculated max date for today: '.$date.'</span>';
74 $date2 = date("Y-m-d H:i",strtotime($_GET["code2"]));
75 if ($date2 >= $date)
76 echo '<br /><span style="color:#DD0000;">Error! Max date is smaller than min date, so no days will be available in the calendar.</span>';
77 }
78 }
79 exit;
80 }
81
82 if (isset($_GET["cpabc_c"]) && $_GET['cpabc_c'] == '1')
83 {
84 cpabc_process_cancel_go_appointment();
85 }
86
87 if (!defined('CP_CALENDAR_ID') && isset($_POST["cpabc_item"]))
88 define ('CP_CALENDAR_ID', intval($_POST["cpabc_item"]));
89
90 if ( 'POST' == $_SERVER['REQUEST_METHOD'] && isset( $_POST['cpabc_appointments_post_options'] ) && (is_admin() || cpabc_appointments_user_access_to(CP_CALENDAR_ID) ))
91 {
92 cpabc_appointments_save_options();
93 return;
94 }
95
96 // if this isn't the expected post and isn't the captcha verification then nothing to do
97 if ( 'POST' != $_SERVER['REQUEST_METHOD'] || ! isset( $_POST['cpabc_appointments_post'] ) )
98 if ( 'GET' != $_SERVER['REQUEST_METHOD'] || !isset( $_GET['hdcaptcha'] ) )
99 return;
100
101
102 if (function_exists('session_start')) @session_start();
103
104 $hdcaptcha = '';
105 if (isset($_GET["hdcaptcha"]) && $_GET['hdcaptcha'] != '')
106 $hdcaptcha = sanitize_text_field($_GET["hdcaptcha"]);
107 else if (isset($_POST["hdcaptcha"]) && $_POST['hdcaptcha']!= '')
108 $hdcaptcha = sanitize_text_field($_POST['hdcaptcha']);
109 if (
110 (!is_admin() && cpabc_get_option('dexcv_enable_captcha', CPABC_TDEAPP_DEFAULT_dexcv_enable_captcha) != 'false') &&
111 ( (strtolower($hdcaptcha) != strtolower($_SESSION['rand_code'])) ||
112 ($_SESSION['rand_code'] == '')
113 )
114 &&
115 ( (md5(strtolower($hdcaptcha)) != ($_COOKIE['rand_code'])) ||
116 ($_COOKIE['rand_code'] == '')
117 )
118 )
119 {
120 $_SESSION['rand_code'] = '';
121 setCookie('rand_code', '', time()+36000,"/");
122 echo 'captchafailed';
123 exit;
124 }
125
126 // if this isn't the real post (it was the captcha verification) then echo ok and exit
127 if ( 'POST' != $_SERVER['REQUEST_METHOD'] || ! isset( $_POST['cpabc_appointments_post'] ) )
128 {
129 if (!isset($_GET["abcc"]))
130 return;
131 echo 'ok';
132 exit;
133 }
134
135 $_SESSION['rand_code'] = '';
136
137 $selectedCalendar = sanitize_key($_POST["cpabc_item"]);
138
139 $selDaycal = sanitize_text_field($_POST["selDaycal".$selectedCalendar]);
140 if (is_admin() && $_POST["selMonthcal".$selectedCalendar] != '' && $_POST["freq"] != '10')
141 $selDaycal .= sanitize_text_field($_POST["selMonthcal".$selectedCalendar]);
142 $pdateAndTime = explode(";",str_replace(",","-", $selDaycal));
143 array_shift($pdateAndTime);
144
145 $military_time = cpabc_get_option('calendar_militarytime', CPABC_APPOINTMENTS_DEFAULT_CALENDAR_MILITARYTIME);
146 if (cpabc_get_option('calendar_militarytime', CPABC_APPOINTMENTS_DEFAULT_CALENDAR_MILITARYTIME) == '0') $format = "g:i A"; else $format = "H:i";
147
148 $calendar_dformat = cpabc_get_option('calendar_dateformat', CPABC_APPOINTMENTS_DEFAULT_CALENDAR_DATEFORMAT);
149 if ($calendar_dformat == '5')
150 $format = "Y-m-d ".$format;
151 else if ($calendar_dformat == '2')
152 $format = "d.m.Y ".$format;
153 else if ($calendar_dformat == '1')
154 $format = "d/m/Y ".$format;
155 else
156 $format = "m/d/Y ".$format;
157
158 $pdate = array();
159 for($n=0;$n<count($pdateAndTime); $n++)
160 {
161 $pdateAndTime[$n] = date("Y-m-d H:i:s",strtotime($pdateAndTime[$n]));
162 $pdate[$n] = date($format,strtotime($pdateAndTime[$n]));
163 }
164
165 $services_formatted = array();
166
167
168 $price = explode(";",cpabc_get_option('request_cost', CPABC_APPOINTMENTS_DEFAULT_COST));
169 foreach ($price as $item => $value)
170 $price[$item] = trim(str_replace(',','', str_replace(CPABC_APPOINTMENTS_DEFAULT_CURRENCY_SYMBOL,'',
171 str_replace(CPABC_APPOINTMENTS_GBP_CURRENCY_SYMBOL,'',
172 str_replace(CPABC_APPOINTMENTS_EUR_CURRENCY_SYMBOL_A, '',
173 str_replace(CPABC_APPOINTMENTS_EUR_CURRENCY_SYMBOL_B,'', $value )))) ));
174
175 if (isset($price[count($pdateAndTime)-1]))
176 $price = $price[count($pdateAndTime)-1];
177 else
178 $price = $price[0] * count($pdateAndTime);
179
180
181 // check discount codes
182 //-------------------------------------------------
183 $discount_note = "";
184 $coupon = false;
185
186 $params = array();
187 $params["UTIMEZONE"] = sanitize_text_field(@$_POST["cpabc_appointments_utime"]);
188 $params["PRICE"] = number_format ($price, 2);
189 $params["COUPONCODE"] = ($coupon?"\nCoupon code:".$coupon->code.$discount_note."\n":"");
190 $params["QUANTITY"] = (!empty($_POST["abc_capacity"]) ? sanitize_text_field($_POST["abc_capacity"]) : '');
191
192 // get form info
193 //---------------------------
194 $params["NAME"] = sanitize_text_field($_POST["name"]);
195 $params["EMAIL"] = sanitize_email($_POST["email"]);
196 $params["PHONE"] = sanitize_text_field($_POST["phone"]);
197 $params["COMMENTS"] = sanitize_textarea_field($_POST["question"]);
198
199 $buffer_A = sanitize_textarea_field($_POST["question"]);
200 $to = "email";
201
202 $_SESSION['rand_code'] = '';
203 setCookie('rand_code', '', time()+36000,"/");
204
205 /**
206 * Action called before insert the data into database.
207 * To the function is passed an array with submitted data.
208 */
209 do_action_ref_array( 'cpabc_process_data_before_insert', array(&$params) );
210
211 // insert into database
212 //---------------------------
213
214 if (date("Y",strtotime($pdateAndTime[0])) == "1970") // if this is spam, skip
215 return;
216
217 for ($n=0; $n<count($pdateAndTime); $n++)
218 {
219 $params["DATE"] = trim( substr($pdate[$n], 0, strpos($pdate[$n],' ') ) );
220 $params["MAINDATE"] = $params["DATE"];
221 $params["TIME"] = trim( substr($pdate[$n], strpos($pdate[$n],' ') ) );
222 $rows_affected = $wpdb->insert( CPABC_APPOINTMENTS_TABLE_NAME, array( 'calendar' => $selectedCalendar,
223 'time' => current_time('mysql'),
224 'booked_time' => sanitize_text_field($pdate[$n]),
225 'booked_time_unformatted' => $pdateAndTime[$n],
226 'name' => "".sanitize_text_field(@$_POST["name"]),
227 'email' => "".sanitize_email(@$_POST[$to]),
228 'phone' => "".sanitize_text_field(@$_POST["phone"]),
229 'question' => $buffer_A,
230 'quantity' => (isset($_POST["abc_capacity"])?sanitize_text_field($_POST["abc_capacity"]):1),
231 'buffered_date' => serialize($params)
232 ) );
233 if (!$rows_affected)
234 {
235 echo 'Error saving data! Please try again.';
236 echo '<br /><br />If the error persists please be sure you are using the latest version and in that case contact support service at https://abc.dwbooster.com/contact-us?debug=db';
237 exit;
238 }
239
240 // save data here
241 $item_number[] = $wpdb->insert_id;
242 }
243
244 // Call action for data processing
245 //---------------------------------
246 $params[ 'itemnumber' ] = $item_number[0];
247 $params[ 'itemnumbers' ] = $item_number;
248 $params[ 'useremail' ] = "".sanitize_email(@$_POST[$to]);
249 $params[ 'formid' ] = $selectedCalendar;
250 /**
251 * Action called after inserted the data into database.
252 * To the function is passed an array with submitted data.
253 */
254
255 do_action( 'cpabc_process_data', $params );
256
257 $item_number = implode(";", $item_number);
258
259 if ( is_admin() && current_user_can('edit_posts') )
260 {
261 cpabc_process_ready_to_go_appointment($item_number, '');
262 return;
263 }
264
265 if (cpabc_get_option('paypal_mode','production') == "sandbox")
266 $ppurl = 'https://www.sandbox.paypal.com/cgi-bin/webscr';
267 else
268 $ppurl = 'https://www.paypal.com/cgi-bin/webscr';
269
270 ?>
271 <html>
272 <head><title>Redirecting to Paypal...</title></head>
273 <body>
274 <form action="<?php echo $ppurl; ?>" name="ppform3" method="post">
275 <input type="hidden" name="cmd" value="_xclick" />
276 <input type="hidden" name="business" value="<?php echo sanitize_email(cpabc_get_option('paypal_email', _cpabc_appointments_get_default_paypal_email() )); ?>" />
277 <input type="hidden" name="item_name" value="<?php echo sanitize_text_field(cpabc_get_option('paypal_product_name', CPABC_APPOINTMENTS_DEFAULT_PRODUCT_NAME)); ?>" />
278 <input type="hidden" name="custom" value="<?php echo $item_number; ?>" />
279 <input type="hidden" name="amount" value="<?php echo floatval($price); ?>" />
280 <input type="hidden" name="page_style" value="Primary" />
281 <input type="hidden" name="no_shipping" value="1" />
282 <input type="hidden" name="return" value="<?php echo esc_url(trim(cpabc_get_option('url_ok', CPABC_APPOINTMENTS_DEFAULT_OK_URL))); ?>">
283 <input type="hidden" name="cancel_return" value="<?php echo esc_url(cpabc_get_option('url_cancel', CPABC_APPOINTMENTS_DEFAULT_CANCEL_URL)); ?>" />
284 <input type="hidden" name="currency_code" value="<?php echo cpabc_appointments_clean_currency(cpabc_get_option('currency', CPABC_APPOINTMENTS_DEFAULT_CURRENCY)); ?>" />
285 <input type="hidden" name="lc" value="<?php echo cpabc_get_option('paypal_language', CPABC_APPOINTMENTS_DEFAULT_PAYPAL_LANGUAGE); ?>" />
286 <input type="hidden" name="bn" value="NetFactorSL_SI_Custom" />
287 <input type="hidden" name="notify_url" value="<?php echo cpabc_appointment_get_FULL_site_url(); ?>/?cpabc_ipncheck=<?php echo $item_number; ?>" />
288 </form>
289 <script type="text/javascript">
290 document.ppform3.submit();
291 </script>
292 </body>
293 </html>
294 <?php
295 exit();
296 }
297
298
299 function cpabc_appointments_clean_currency($currency)
300 {
301 $currency = trim(strtoupper($currency));
302 if ($currency == 'GPB')
303 return 'GBP';
304 else if ($currency == 'CDN')
305 return 'CAD';
306 else if ($currency == '$')
307 return 'USD';
308 else if ($currency == 'DOLLAR')
309 return 'USD';
310 else if ($currency == 'EURO')
311 return 'EUR';
312 else if ($currency == '')
313 return 'EUR';
314 else if ($currency == 'MXP')
315 return 'MXN';
316 else if ($currency == 'AUS')
317 return 'AUD';
318 else
319 return $currency;
320 }
321
322
323 function cpabc_appointments_user_access_to($calendar) {
324 global $wpdb;
325 $current_user = wp_get_current_user();
326 $myrows = $wpdb->get_results( "SELECT * FROM ".CPABC_APPOINTMENTS_CONFIG_TABLE_NAME." where id='".intval($calendar)."' AND conwer<>'' AND conwer='".esc_sql($current_user->ID)."'" );
327 return count($myrows);
328 }
329
330
331 function cpabc_appointments_check_IPN_verification() {
332
333 global $wpdb;
334
335 $itemparam = sanitize_text_field($_GET["cpabc_ipncheck"]);
336
337 $payment_status = sanitize_text_field($_POST['payment_status']);
338 $payer_email = sanitize_email($_POST['payer_email']);
339 $payment_type = sanitize_text_field($_POST['payment_type']);
340 $txnid = sanitize_text_field($_POST['txn_id']);
341
342 if (CPABC_TDEAPP_CALENDAR_STEP2_VRFY)
343 {
344 if ($payment_status != 'Completed' && $payment_type != 'echeck')
345 return;
346
347 if ($payment_type == 'echeck' && $payment_status == 'Completed')
348 return;
349 }
350
351 $itemnumber = explode(";",$itemparam);
352 $myrows = $wpdb->get_results( "SELECT * FROM ".CPABC_TDEAPP_CALENDAR_DATA_TABLE." WHERE reference='".intval($itemnumber[0])."'" );
353 if (count($myrows))
354 {
355 echo 'OK - Already processed';
356 exit;
357 }
358
359 $myrows = $wpdb->get_results( "SELECT * FROM ".CPABC_APPOINTMENTS_TABLE_NAME." WHERE id=".intval($itemnumber[0]) );
360 $params = unserialize($myrows[0]->buffered_date);
361 $params["txnid"] = $txnid;
362 $wpdb->query( "UPDATE ".CPABC_APPOINTMENTS_TABLE_NAME." SET buffered_date='".esc_sql(serialize($params))."' WHERE id=".intval($itemnumber[0]) );
363
364
365 cpabc_process_ready_to_go_appointment( $itemparam, $payer_email);
366
367 echo 'OK';
368
369 exit();
370
371 }
372
373 function cpabc_process_cancel_go_appointment()
374 {
375 global $wpdb;
376 $itemnumber = base64_decode($_GET["i"]);
377 if (is_numeric($itemnumber))
378 {
379 $wpdb->query( "DELETE FROM ".CPABC_TDEAPP_CALENDAR_DATA_TABLE." WHERE id=".$itemnumber );
380 header("Location: ".CPABC_APPOINTMENTS_DEFAULT_ON_CANCEL_REDIRECT_TO);
381 exit;
382 }
383 }
384
385 function cpabc_process_ready_to_go_appointment($itemnumber, $payer_email = "")
386 {
387 global $wpdb;
388
389 cpabc_appointments_add_field_verify(CPABC_TDEAPP_CALENDAR_DATA_TABLE, 'quantity', "VARCHAR(25) DEFAULT '1' NOT NULL");
390 cpabc_appointments_add_field_verify(CPABC_TDEAPP_CALENDAR_DATA_TABLE, 'reminder', "VARCHAR(1) DEFAULT '' NOT NULL");
391 cpabc_appointments_add_field_verify(CPABC_TDEAPP_CALENDAR_DATA_TABLE, 'reference', "VARCHAR(30) DEFAULT '' NOT NULL");
392
393 $itemnumber = explode(";",$itemnumber);
394 $myrows = $wpdb->get_results( "SELECT * FROM ".CPABC_APPOINTMENTS_TABLE_NAME." WHERE id=".intval($itemnumber[0]) );
395 $mycalendarrows = $wpdb->get_results( 'SELECT * FROM '.CPABC_APPOINTMENTS_CONFIG_TABLE_NAME .' WHERE `'.CPABC_TDEAPP_CONFIG_ID.'`='.intval($myrows[0]->calendar));
396 $reminder_timeline = date( "Y-m-d H:i:s", strtotime (date("Y-m-d H:i:s")." +".$mycalendarrows[0]->reminder_hours." hours") );
397 if (!defined('CP_CALENDAR_ID'))
398 define ('CP_CALENDAR_ID',$myrows[0]->calendar);
399
400 $SYSTEM_EMAIL = cpabc_get_option('notification_from_email', _cpabc_appointments_get_default_from_email() );
401 $SYSTEM_RCPT_EMAIL = cpabc_get_option('notification_destination_email', _cpabc_appointments_get_default_paypal_email() );
402
403 $email_subject1 = cpabc_get_option('email_subject_confirmation_to_user', CPABC_APPOINTMENTS_DEFAULT_SUBJECT_CONFIRMATION_EMAIL);
404 $email_content1 = cpabc_get_option('email_confirmation_to_user', CPABC_APPOINTMENTS_DEFAULT_CONFIRMATION_EMAIL);
405 $email_subject2 = cpabc_get_option('email_subject_notification_to_admin', CPABC_APPOINTMENTS_DEFAULT_SUBJECT_NOTIFICATION_EMAIL);
406 $email_content2 = cpabc_get_option('email_notification_to_admin', CPABC_APPOINTMENTS_DEFAULT_NOTIFICATION_EMAIL);
407
408 $email_content1 = str_replace("%CALENDAR%", $mycalendarrows[0]->uname, $email_content1);
409 $email_content2 = str_replace("%CALENDAR%", $mycalendarrows[0]->uname, $email_content2);
410
411 $params = unserialize($myrows[0]->buffered_date);
412 $attachments = array();
413 foreach ($params as $item => $value)
414 {
415 $email_content1 = str_replace('<%'.$item.'%>',(is_array($value)?(implode(", ",$value)):($value)),$email_content1);
416 $email_content2 = str_replace('<%'.$item.'%>',(is_array($value)?(implode(", ",$value)):($value)),$email_content2);
417 $email_content1 = str_replace('%'.$item.'%',(is_array($value)?(implode(", ",$value)):($value)),$email_content1);
418 $email_content2 = str_replace('%'.$item.'%',(is_array($value)?(implode(", ",$value)):($value)),$email_content2);
419 if (strpos($item,"_link"))
420 $attachments[] = $value;
421 }
422 $buffered_dates = array();
423 for ($n=0;$n<count($itemnumber);$n++)
424 {
425 $myrows = $wpdb->get_results( "SELECT * FROM ".CPABC_APPOINTMENTS_TABLE_NAME." WHERE id=".intval($itemnumber[$n]) );
426 $buffered_dates[] = $myrows[0]->booked_time;
427 $information = $mycalendarrows[0]->uname."\n".
428 $myrows[0]->booked_time."\n".
429 ($myrows[0]->name?$myrows[0]->name."\n":"").
430 $myrows[0]->email."\n".
431 ($myrows[0]->phone?$myrows[0]->phone."\n":"").
432 $myrows[0]->question."\n";
433
434 if ($reminder_timeline > date("Y-m-d H:i:s", strtotime($myrows[0]->booked_time_unformatted)))
435 $reminder = '1';
436 else
437 $reminder = '';
438
439 $rows_affected = $wpdb->insert( CPABC_TDEAPP_CALENDAR_DATA_TABLE, array( 'appointment_calendar_id' => $myrows[0]->calendar,
440 'datatime' => date("Y-m-d H:i:s", strtotime($myrows[0]->booked_time_unformatted)),
441 'title' => $myrows[0]->email,
442 'reminder' => $reminder,
443 'quantity' => (isset($myrows[0]->quantity)?$myrows[0]->quantity:1),
444 'description' => str_replace("\n","<br />", $information),
445 'reference' => intval($itemnumber[$n])
446 ) );
447 // SEND EMAILS START
448 if ($n == count($itemnumber)-1) // send emails only once
449 {
450
451 $params['itemnumber'] = $wpdb->insert_id;
452
453 $information = $mycalendarrows[0]->uname."\n".
454 implode(" - ",$buffered_dates)."\n".
455 ($myrows[0]->name?$myrows[0]->name."\n":"").
456 $myrows[0]->email."\n".
457 ($myrows[0]->phone?$myrows[0]->phone."\n":"").
458 $myrows[0]->question."\n";
459
460 $email_content1 = str_replace("%INFORMATION%", $information, $email_content1);
461 $email_content2 = str_replace("%INFORMATION%", $information, $email_content2);
462
463 $itemnumberdb = $wpdb->insert_id;
464 $cancel_link = cpabc_appointment_get_FULL_site_url().'/?cpabc_c=1&i='.base64_encode($itemnumberdb).'&a=1';
465
466 $email_content1 = str_replace("%CANCEL%", $cancel_link, $email_content1);
467 $email_content2 = str_replace("%CANCEL%", $cancel_link, $email_content2);
468
469 if (!strpos($SYSTEM_EMAIL,">"))
470 $SYSTEM_EMAIL = '"'.$SYSTEM_EMAIL.'" <'.$SYSTEM_EMAIL.'>';
471
472 // SEND EMAIL TO USER
473 $replyto = $myrows[0]->email;
474 if ('html' == cpabc_get_option('nuser_emailformat', CPABC_APPOINTMENTS_DEFAULT_email_format)) $content_type = "Content-Type: text/html; charset=utf-8\n"; else $content_type = "Content-Type: text/plain; charset=utf-8\n";
475
476 if (!is_admin() || isset($_POST["sendemails_admin"]))
477 {
478 wp_mail($myrows[0]->email, $email_subject1, $email_content1,
479 "From: ".$SYSTEM_EMAIL."\r\n".
480 $content_type.
481 "X-Mailer: PHP/" . phpversion());
482
483 if ($payer_email && strtolower($payer_email) != strtolower($myrows[0]->email))
484 wp_mail($payer_email , $email_subject1, $email_content1,
485 "From: ".$SYSTEM_EMAIL."\r\n".
486 $content_type.
487 "X-Mailer: PHP/" . phpversion());
488
489 // SEND EMAIL TO ADMIN
490 if ('html' == cpabc_get_option('nadmin_emailformat', CPABC_APPOINTMENTS_DEFAULT_email_format)) $content_type = "Content-Type: text/html; charset=utf-8\n"; else $content_type = "Content-Type: text/plain; charset=utf-8\n";
491 $to = explode(",",$SYSTEM_RCPT_EMAIL);
492 foreach ($to as $item)
493 if (trim($item) != '')
494 {
495 wp_mail(trim($item), $email_subject2, $email_content2,
496 "From: ".$SYSTEM_EMAIL."\r\n".
497 ($replyto!=''?"Reply-To: ".$replyto."\r\n":'').
498 $content_type.
499 "X-Mailer: PHP/" . phpversion(), $attachments);
500 }
501 }
502 }
503 // SEND EMAILS END
504 }
505 }
506
507 function cpabc_appointments_add_field_verify ($table, $field, $type = "text")
508 {
509 global $wpdb;
510 $results = $wpdb->get_results("SHOW columns FROM `".$table."` where field='".$field."'");
511 if (!count($results))
512 {
513 $sql = "ALTER TABLE `".$table."` ADD `".$field."` ".$type;
514 $wpdb->query($sql);
515 }
516 }
517
518
519 function cpabc_appointments_save_options()
520 {
521 global $wpdb;
522 if (!defined('CP_CALENDAR_ID'))
523 define ('CP_CALENDAR_ID', intval($_POST["cpabc_item"]));
524
525 if (!wp_verify_nonce( $_REQUEST['_wpnonce'], 'uname_abc' ))
526 {
527 echo "Access verification error. Cannot update settings.";
528 return;
529 }
530
531 if ( ! current_user_can('edit_pages') && !cpabc_appointments_user_access_to(CP_CALENDAR_ID) ) // prevent loading coupons from outside admin area
532 {
533 echo 'No enough privilegies to load this content.';
534 exit;
535 }
536 if ($_POST["cpabc_appointments_control_field"] == '\\"')
537 foreach ($_POST as $item => $value)
538 if (!is_array($value))
539 $_POST[$item] = stripcslashes($value);
540
541
542 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'enable_reminder');
543 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'reminder_hours');
544 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'reminder_subject');
545 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'reminder_content');
546 cpabc_appointments_add_field_verify(CPABC_TDEAPP_CALENDAR_DATA_TABLE, 'reminder', "VARCHAR(1) DEFAULT '' NOT NULL");
547 cpabc_appointments_add_field_verify(CPABC_TDEAPP_CALENDAR_DATA_TABLE, 'quantity', "VARCHAR(25) DEFAULT '1' NOT NULL");
548
549 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'min_slots');
550 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'max_slots');
551 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'close_fpanel');
552 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'quantity_field');
553
554 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'calendar_startyear', "VARCHAR(20) DEFAULT '' NOT NULL");
555 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'calendar_startmonth', "VARCHAR(20) DEFAULT '' NOT NULL");
556 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'calendar_theme');
557
558 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'paypal_mode');
559
560
561 $request_cost = '';
562 for ($k=1;$k <= intval($_POST["max_slots"]); $k++)
563 $request_cost .= ($k!=1?";":"").cpabc_clean_price($_POST["request_cost_".$k]);
564
565 $data = array(
566 'calendar_language' => sanitize_text_field($_POST["calendar_language"]),
567 'calendar_dateformat' => sanitize_text_field($_POST["calendar_dateformat"]),
568 'calendar_pages' => sanitize_text_field($_POST["calendar_pages"]),
569 'calendar_militarytime' => sanitize_text_field($_POST["calendar_militarytime"]),
570 'calendar_weekday' => sanitize_text_field($_POST["calendar_weekday"]),
571 'calendar_mindate' => sanitize_text_field($_POST["calendar_mindate"]),
572 'calendar_maxdate' => sanitize_text_field($_POST["calendar_maxdate"]),
573 'min_slots' => sanitize_text_field($_POST["min_slots"]),
574 'max_slots' => sanitize_text_field($_POST["max_slots"]),
575 'close_fpanel' => sanitize_text_field($_POST["close_fpanel"]),
576 'quantity_field' => sanitize_text_field($_POST["quantity_field"]),
577 'paypal_mode' => sanitize_text_field($_POST["paypal_mode"]),
578
579 'calendar_startyear' => sanitize_text_field($_POST["calendar_startyear"]),
580 'calendar_startmonth' => sanitize_text_field($_POST["calendar_startmonth"]),
581 'calendar_theme' => sanitize_text_field($_POST["calendar_theme"]),
582
583 'paypal_email' => sanitize_email($_POST["paypal_email"]),
584 'request_cost' => sanitize_text_field($request_cost),
585 'paypal_product_name' => sanitize_text_field($_POST["paypal_product_name"]),
586 'currency' => sanitize_text_field($_POST["currency"]),
587 'url_ok' => sanitize_text_field($_POST["url_ok"]),
588 'url_cancel' => sanitize_text_field($_POST["url_cancel"]),
589 'paypal_language' => sanitize_text_field($_POST["paypal_language"]),
590
591 'nuser_emailformat' => sanitize_text_field(@$_POST["nuser_emailformat"]),
592 'nadmin_emailformat' => sanitize_text_field($_POST["nadmin_emailformat"]),
593 'nremind_emailformat' => sanitize_text_field($_POST["nremind_emailformat"]),
594
595 'vs_text_is_required' => sanitize_text_field($_POST['vs_text_is_required']),
596 'vs_text_is_email' => sanitize_text_field($_POST['vs_text_is_email']),
597 'vs_text_datemmddyyyy' => sanitize_text_field($_POST['vs_text_datemmddyyyy']),
598 'vs_text_dateddmmyyyy' => sanitize_text_field($_POST['vs_text_dateddmmyyyy']),
599 'vs_text_number' => sanitize_text_field($_POST['vs_text_number']),
600 'vs_text_digits' => sanitize_text_field($_POST['vs_text_digits']),
601 'vs_text_max' => sanitize_text_field($_POST['vs_text_max']),
602 'vs_text_min' => sanitize_text_field($_POST['vs_text_min']),
603 'vs_text_submitbtn' => sanitize_text_field($_POST['vs_text_submitbtn']),
604
605 'cu_user_email_field' => sanitize_text_field(cpabc_get_post_param("cu_user_email_field")),
606
607 'notification_from_email' => sanitize_text_field($_POST["notification_from_email"]),
608 'notification_destination_email' => sanitize_text_field($_POST["notification_destination_email"]),
609 'email_subject_confirmation_to_user' => sanitize_text_field($_POST["email_subject_confirmation_to_user"]),
610 'email_confirmation_to_user' => cpabc_clean_and_sanitize($_POST["email_confirmation_to_user"]),
611 'email_subject_notification_to_admin' => sanitize_text_field($_POST["email_subject_notification_to_admin"]),
612 'email_notification_to_admin' => cpabc_clean_and_sanitize($_POST["email_notification_to_admin"]),
613
614 'enable_reminder' => sanitize_text_field(cpabc_get_post_param("enable_reminder")),
615 'reminder_hours' => sanitize_text_field(cpabc_get_post_param("reminder_hours")),
616 'reminder_subject' => sanitize_text_field(cpabc_get_post_param("reminder_subject")),
617 'reminder_content' => cpabc_clean_and_sanitize(cpabc_get_post_param("reminder_content")),
618
619 'dexcv_enable_captcha' => sanitize_text_field($_POST["dexcv_enable_captcha"]),
620 'dexcv_width' => sanitize_text_field($_POST["dexcv_width"]),
621 'dexcv_height' => sanitize_text_field($_POST["dexcv_height"]),
622 'dexcv_chars' => sanitize_text_field($_POST["dexcv_chars"]),
623 'dexcv_min_font_size' => sanitize_text_field($_POST["dexcv_min_font_size"]),
624 'dexcv_max_font_size' => sanitize_text_field($_POST["dexcv_max_font_size"]),
625 'dexcv_noise' => sanitize_text_field($_POST["dexcv_noise"]),
626 'dexcv_noise_length' => sanitize_text_field($_POST["dexcv_noise_length"]),
627 'dexcv_background' => sanitize_text_field(str_replace('#','',$_POST['dexcv_background'])),
628 'dexcv_border' => sanitize_text_field(str_replace('#','',$_POST['dexcv_border'])),
629 'dexcv_font' => sanitize_text_field($_POST["dexcv_font"]),
630 'cv_text_enter_valid_captcha' => sanitize_text_field($_POST['cv_text_enter_valid_captcha']),
631 'cp_cal_checkboxes' => sanitize_text_field(cpabc_get_post_param("cp_cal_checkboxes"))
632 );
633 $wpdb->update ( CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, $data, array( 'id' => CP_CALENDAR_ID ));
634 }
635
636
637 function cpabc_clean_price($price)
638 {
639 return preg_replace('/[^0-9.]+/', '', str_replace(',','.',$price));
640 }
641
642
643 function cpabc_clean_and_sanitize ($str)
644 {
645 if ( is_object( $str ) || is_array( $str ) ) {
646 return '';
647 }
648 $str = (string) $str;
649 $filtered = wp_check_invalid_utf8( $str );
650 while ( preg_match( '/%[a-f0-9]{2}/i', $filtered, $match ) )
651 $filtered = str_replace( $match[0], '', $filtered );
652 return trim($filtered);
653 }
654
655
656 function cpabc_appointments_get_field_name ($fieldid, $form)
657 {
658 if (is_array($form))
659 foreach($form as $item)
660 if ($item->name == $fieldid)
661 return $item->title;
662 return $fieldid;
663 }
664
665
666 function cpabc_appointments_export_csv ()
667 {
668 if (!is_admin())
669 return;
670 global $wpdb;
671
672 if (!defined('CP_CALENDAR_ID'))
673 define ('CP_CALENDAR_ID',intval($_GET["cal"]));
674
675 $form_data = json_decode(cpabc_appointment_cleanJSON(cpabc_get_option('form_structure', CPABC_APPOINTMENTS_DEFAULT_form_structure)));
676
677 $excluded = explode(",",get_option('CPABC_EXCLUDED_COLUMNS',""));
678 for ($i=0; $i<count($excluded); $i++)
679 $excluded[$i] = trim($excluded[$i]);
680
681 $cond = '';
682
683 if ($_GET["search"] != '') $cond .= " AND (buffered_date like '%".esc_sql(sanitize_text_field($_GET["search"]))."%')";
684 if ($_GET["dfrom"] != '') $cond .= " AND (`booked_time_unformatted` >= '".esc_sql(sanitize_text_field($_GET["dfrom"]))."')";
685 if ($_GET["dto"] != '') $cond .= " AND (`booked_time_unformatted` <= '".esc_sql(sanitize_text_field($_GET["dto"]))." 23:59:59')";
686
687 if (CP_CALENDAR_ID != 0) $cond .= " AND appointment_calendar_id=".intval(CP_CALENDAR_ID);
688
689 $events = $wpdb->get_results( "SELECT * FROM ".CPABC_TDEAPP_CALENDAR_DATA_TABLE." INNER JOIN ".CPABC_APPOINTMENTS_CONFIG_TABLE_NAME." ON ".CPABC_TDEAPP_CALENDAR_DATA_TABLE.".appointment_calendar_id=".CPABC_APPOINTMENTS_CONFIG_TABLE_NAME.".id LEFT JOIN ".CPABC_APPOINTMENTS_TABLE_NAME." ON ".CPABC_TDEAPP_CALENDAR_DATA_TABLE.".reference=".CPABC_APPOINTMENTS_TABLE_NAME.".id WHERE 1=1 ".$cond );
690
691 $fields = array();
692 if (!in_array("Calendar ID",$excluded)) $fields[] = "Calendar ID";
693 if (!in_array("Calendar",$excluded)) $fields[] = "Calendar";
694 if (!in_array("Time",$excluded)) $fields[] = "Time";
695 $values = array();
696
697 foreach ($events as $item)
698 {
699 $value = array();
700 if (!in_array("Calendar ID",$excluded)) $value[] = $item->appointment_calendar_id;
701 if (!in_array("Calendar",$excluded)) $value[] = $item->uname;
702 if (!in_array("Time",$excluded)) $value[] = $item->datatime;
703
704 $data = array();
705 $data = unserialize($item->buffered_date);
706
707 if (!is_array($data))
708 {
709 $data = array(
710 'title' => $item->title,
711 'description' => $item->description
712 );
713 }
714 $end = count($fields);
715 for ($i=3; $i<$end; $i++)
716 if (isset($data[$fields[$i]]) ){
717 $value[$i] = $data[$fields[$i]];
718 unset($data[$fields[$i]]);
719 }
720 else $value[$i] = '';
721 foreach ($data as $k => $d)
722 if (!in_array($k,$excluded))
723 {
724 $fields[] = $k;
725 $value[] = $d;
726 }
727 $values[] = $value;
728 }
729
730 header("Content-type: application/octet-stream");
731 header("Content-Disposition: attachment; filename=bookings.csv");
732
733 $end = count($fields);
734 for ($i=0; $i<$end; $i++)
735 {
736 $hlabel = cpabc_appointments_iconv("utf-8", "ISO-8859-1//TRANSLIT//IGNORE", cpabc_appointments_get_field_name($fields[$i],@$form_data[0]));
737 echo '"'.str_replace('"','""', $hlabel).'",';
738 }
739 echo "\n";
740 foreach ($values as $item)
741 {
742 for ($i=0; $i<$end; $i++)
743 {
744 if (!isset($item[$i]))
745 $item[$i] = '';
746 if (is_array($item[$i]))
747 $item[$i] = implode($item[$i],',');
748 $item[$i] = cpabc_appointments_iconv("utf-8", "ISO-8859-1//TRANSLIT//IGNORE", $item[$i]);
749 echo '"'.str_replace('"','""', $item[$i]).'",';
750 }
751 echo "\n";
752 }
753
754 exit;
755 }
756
757
758 function cpabc_appointments_iconv($from, $to, $text)
759 {
760 $text = trim($text);
761 if ( strlen($text) > 1 && (in_array(substr($text,0,1), array('=','@','+','-'))) )
762 {
763 if (substr($text,0,1) != '-' || floatval($text)."" != $text)
764 $text = chr(9).$text;
765 }
766 if (function_exists('iconv'))
767 return iconv($from, $to, $text);
768 else
769 return $text;
770 }
771
772
773
774 function cpabc_appointments_calendar_load() {
775 global $wpdb;
776 if ( ! isset( $_GET['cpabc_calendar_load'] ) || $_GET['cpabc_calendar_load'] != '1' )
777 return;
778
779 @header("Cache-Control: no-store, no-cache, must-revalidate");
780 @header("Pragma: no-cache");
781 $calid = str_replace (CPABC_TDEAPP_CAL_PREFIX, "",$_GET["id"]);
782 $query = "SELECT * FROM ".CPABC_TDEAPP_CONFIG." where ".CPABC_TDEAPP_CONFIG_ID."='".esc_sql($calid)."'";
783 $row = $wpdb->get_results($query,ARRAY_A);
784 if ($row[0])
785 {
786 // New header to mark init of calendar output
787 echo '--***--***--***---!';
788 // START:: new code to clean corrupted data
789 $working_dates = explode(",",$row[0][CPABC_TDEAPP_CONFIG_WORKINGDATES]);
790 for($i=0;$i<count($working_dates); $i++)
791 if (is_numeric($working_dates[$i]))
792 $working_dates[$i] = intval($working_dates[$i]);
793 else
794 $working_dates[$i] = '';
795 if ($working_dates[0] === '')
796 unset($working_dates[0]);
797 $working_dates = array_unique($working_dates);
798 $working_dates = implode(",",$working_dates);
799 while (!(strpos($working_dates,",,") === false))
800 $working_dates = str_replace(",,",",",$working_dates);
801 if ($working_dates[strlen($working_dates)-1] == ',')
802 $working_dates = substr($working_dates,0,strlen($working_dates)-1);
803 echo $working_dates.";";
804 // END:: new code to clean corrupted data
805 echo $row[0][CPABC_TDEAPP_CONFIG_RESTRICTEDDATES].";";
806 echo $row[0][CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES0].";";
807 echo $row[0][CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES1].";";
808 echo $row[0][CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES2].";";
809 echo $row[0][CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES3].";";
810 echo $row[0][CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES4].";";
811 echo $row[0][CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES5].";";
812 echo $row[0][CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES6].";";
813 echo $row[0]["specialDates"];
814 }
815
816 exit();
817 }
818
819
820 function cpabc_appointments_calendar_load2() {
821 global $wpdb;
822 if ( ! isset( $_GET['cpabc_calendar_load2'] ) || $_GET['cpabc_calendar_load2'] != '1' )
823 return;
824 header("Cache-Control: no-store, no-cache, must-revalidate");
825 header("Pragma: no-cache");
826 $calid = str_replace (CPABC_TDEAPP_CAL_PREFIX, "",$_GET["id"]);
827 $query = "SELECT * FROM ".CPABC_TDEAPP_CALENDAR_DATA_TABLE." where ".CPABC_TDEAPP_DATA_IDCALENDAR."='".esc_sql($calid)."' ORDER BY ".CPABC_TDEAPP_DATA_DATETIME." ASC";
828 $row_array = $wpdb->get_results($query,ARRAY_A);
829
830 if (isset($_GET["cpabc_action"]) && $_GET["cpabc_action"] == 'mvparse' && is_admin() && current_user_can('edit_posts'))
831 {
832 $ret = array();
833 $ret['events'] = array();
834 $ret["issort"] = true;
835 $ret['error'] = null;
836 $d1 = cpabc_js2PhpTime($_POST["startdate"]);
837 $d2 = cpabc_js2PhpTime($_POST["enddate"]);
838 $d1 = mktime(0, 0, 0, date("m", $d1), date("d", $d1), date("Y", $d1));
839 $d2 = mktime(0, 0, 0, date("m", $d2), date("d", $d2), date("Y", $d2))+24*60*60-1;
840 $ret["start"] = cpabc_php2JsTime($d1);
841 $ret["end"] = cpabc_php2JsTime($d2);
842
843 define('CPABC_CAL_TIME_SLOT_SIZE'," +".get_option('CPABC_CAL_TIME_SLOT_SIZE_SET',"30")." minutes");
844
845 foreach ($row_array as $row)
846 {
847 //if ($ret["start"] == '' || $ret["start"] > strtotime($row[CPABC_TDEAPP_DATA_DATETIME]))
848 // $ret["start"] = strtotime($row[CPABC_TDEAPP_DATA_DATETIME]);
849 //if ($ret["end"] == '' || $ret["end"] < strtotime($row[CPABC_TDEAPP_DATA_DATETIME]))
850 // $ret["end"] = strtotime($row[CPABC_TDEAPP_DATA_DATETIME]);
851 $ev = array(
852 $row["id"],
853 $row[CPABC_TDEAPP_DATA_TITLE],
854 cpabc_php2JsTime(cpabc_mySql2PhpTime($row[CPABC_TDEAPP_DATA_DATETIME])),
855 cpabc_php2JsTime(cpabc_mySql2PhpTime( date("Y-m-d H:i",strtotime($row[CPABC_TDEAPP_DATA_DATETIME].CPABC_CAL_TIME_SLOT_SIZE)))),
856 0, // is all day event?
857 0, // more than one day event
858 '',//Recurring event rule,
859 '#3CF',
860 0,//editable
861 '',
862 '',//$attends
863 $row[CPABC_TDEAPP_DATA_DESCRIPTION],
864 '',
865 1
866 );
867 $ret['events'][] = $ev;
868 }
869 echo json_encode($ret);
870 exit;
871 }
872
873
874 foreach ($row_array as $row)
875 {
876 echo $row[CPABC_TDEAPP_DATA_ID]."\n";
877 $dn = explode(" ", $row[CPABC_TDEAPP_DATA_DATETIME]);
878 $d1 = explode("-", $dn[0]);
879 $d2 = explode(":", $dn[1]);
880
881 echo intval($d1[0]).",".intval($d1[1]).",".intval($d1[2])."\n";
882 echo intval($d2[0]).":".($d2[1])."\n";
883 echo ($row["quantity"]?$row["quantity"]:'1')."\n";
884 if (is_admin() && current_user_can('edit_posts'))
885 {
886 echo $row[CPABC_TDEAPP_DATA_TITLE]."\n";
887 echo $row[CPABC_TDEAPP_DATA_DESCRIPTION]."\n*-*\n";
888 }
889 else
890 {
891 echo "Booked\n";
892 echo "OK\n*-*\n";
893 }
894 }
895
896 exit();
897 }
898
899
900 function cpabc_js2PhpTime($jsdate){
901 if(preg_match('@(\d+)/(\d+)/(\d+)\s+(\d+):(\d+)((am|pm)*)@', $jsdate, $matches)==1){
902 if ($matches[6]=="pm")
903 if ($matches[4]<12)
904 $matches[4] += 12;
905 $ret = mktime($matches[4], $matches[5], 0, $matches[1], $matches[2], $matches[3]);
906 }else if(preg_match('@(\d+)/(\d+)/(\d+)@', $jsdate, $matches)==1){
907 $ret = mktime(0, 0, 0, $matches[1], $matches[2], $matches[3]);
908 }
909 return $ret;
910 }
911
912
913 function cpabc_php2MySqlTime($phpDate){
914 return date("Y-m-d H:i:s", $phpDate);
915 }
916
917
918 function cpabc_php2JsTime($phpDate){
919 return @date("m/d/Y H:i", $phpDate);
920 }
921
922
923 function cpabc_mySql2PhpTime($sqlDate){
924 $a1 = explode (" ",$sqlDate);
925 $a2 = explode ("-",$a1[0]);
926 $a3 = explode (":",$a1[1]);
927 $t = mktime($a3[0],$a3[1],$a3[2],$a2[1],$a2[2],$a2[0]);
928 return $t;
929 }
930
931
932 function cpabc_appointments_calendar_update() {
933 global $wpdb, $user_ID;
934
935 if ( ! isset( $_GET['cpabc_calendar_update'] ) || $_GET['cpabc_calendar_update'] != '1' )
936 return;
937
938 $calid = intval(str_replace (CPABC_TDEAPP_CAL_PREFIX, "",$_GET["id"]));
939 if ( ! current_user_can('edit_pages') && !cpabc_appointments_user_access_to($calid) )
940 return;
941
942 cpabc_appointments_add_field_verify(CPABC_TDEAPP_CONFIG, 'specialDates');
943
944 header("Cache-Control: no-store, no-cache, must-revalidate");
945 header("Pragma: no-cache");
946 if ( $user_ID )
947 $wpdb->query("update ".CPABC_TDEAPP_CONFIG." set specialDates='".esc_sql(sanitize_text_field($_POST["specialDates"]))."',".CPABC_TDEAPP_CONFIG_WORKINGDATES."='".esc_sql(sanitize_text_field($_POST["workingDates"]))."',".CPABC_TDEAPP_CONFIG_RESTRICTEDDATES."='".esc_sql(sanitize_text_field($_POST["restrictedDates"]))."',".CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES0."='".esc_sql(sanitize_text_field($_POST["timeWorkingDates0"]))."',".CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES1."='".esc_sql(sanitize_text_field($_POST["timeWorkingDates1"]))."',".CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES2."='".esc_sql(sanitize_text_field($_POST["timeWorkingDates2"]))."',".CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES3."='".esc_sql(sanitize_text_field($_POST["timeWorkingDates3"]))."',".CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES4."='".esc_sql(sanitize_text_field($_POST["timeWorkingDates4"]))."',".CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES5."='".esc_sql(sanitize_text_field($_POST["timeWorkingDates5"]))."',".CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES6."='".esc_sql(sanitize_text_field($_POST["timeWorkingDates6"]))."' where ".CPABC_TDEAPP_CONFIG_ID."=".$calid);
948
949 exit();
950 }
951
952
953 function cpabc_appointments_calendar_update2() {
954 global $wpdb, $user_ID;
955
956 if ( ! isset( $_GET['cpabc_calendar_update2'] ) || $_GET['cpabc_calendar_update2'] != '1' )
957 return;
958
959 $calid = intval(str_replace (CPABC_TDEAPP_CAL_PREFIX, "",$_GET["id"]));
960 if ( ! current_user_can('edit_pages') && !cpabc_appointments_user_access_to($calid) )
961 return;
962
963 header("Cache-Control: no-store, no-cache, must-revalidate");
964 header("Pragma: no-cache");
965 if ( $user_ID )
966 {
967 if ($_GET["act"]=='del')
968 $wpdb->query("delete from ".CPABC_TDEAPP_CALENDAR_DATA_TABLE." where ".CPABC_TDEAPP_DATA_IDCALENDAR."=".intval($calid)." and ".CPABC_TDEAPP_DATA_ID."=".intval($_POST["sqlId"]));
969 else if ($_GET["act"]=='edit')
970 {
971 $data = explode("\n", $_POST["appoiments"]);
972 $d1 = explode(",", $data[0]);
973 $d2 = explode(":", $data[1]);
974 $datetime = sanitize_text_field($d1[0])."-".sanitize_text_field($d1[1])."-".sanitize_text_field($d1[2])." ".sanitize_text_field($d2[0]).":".sanitize_text_field($d2[1]);
975 $capacity = sanitize_text_field($data[2]);
976 $title = sanitize_text_field($data[3]);
977 $description = "";
978 for ($j=4;$j<count($data);$j++)
979 {
980 $description .= cpabc_clean_and_sanitize($data[$j]);
981 if ($j!=count($data)-1)
982 $description .= "\n";
983 }
984 $wpdb->query("update ".CPABC_TDEAPP_CALENDAR_DATA_TABLE." set ".CPABC_TDEAPP_DATA_DATETIME."='".esc_sql($datetime)."',quantity='".esc_sql($capacity)."',".CPABC_TDEAPP_DATA_TITLE."='".esc_sql($title)."',".CPABC_TDEAPP_DATA_DESCRIPTION."='".esc_sql($description)."' where ".CPABC_TDEAPP_DATA_IDCALENDAR."=".intval($calid)." and ".CPABC_TDEAPP_DATA_ID."=".intval($_POST["sqlId"]));
985 }
986 else if ($_GET["act"]=='add')
987 {
988 $data = explode("\n", $_POST["appoiments"]);
989 $d1 = explode(",", $data[0]);
990 $d2 = explode(":", $data[1]);
991 $datetime = sanitize_text_field($d1[0])."-".sanitize_text_field($d1[1])."-".sanitize_text_field($d1[2])." ".sanitize_text_field($d2[0]).":".sanitize_text_field($d2[1]);
992 $capacity = sanitize_text_field($data[2]);
993 $title = sanitize_text_field($data[3]);
994 $description = "";
995 for ($j=4;$j<count($data);$j++)
996 {
997 $description .= cpabc_clean_and_sanitize($data[$j]);
998 if ($j!=count($data)-1)
999 $description .= "\n";
1000 }
1001 $wpdb->query("insert into ".CPABC_TDEAPP_CALENDAR_DATA_TABLE."(".CPABC_TDEAPP_DATA_IDCALENDAR.",".CPABC_TDEAPP_DATA_DATETIME.",".CPABC_TDEAPP_DATA_TITLE.",".CPABC_TDEAPP_DATA_DESCRIPTION.",quantity) values(".intval($calid).",'".esc_sql($datetime)."','".esc_sql($title)."','".esc_sql($description)."','".esc_sql($capacity)."') ");
1002 echo $wpdb->insert_id;
1003
1004 }
1005 }
1006
1007 exit();
1008 }
1009
1010 function cpabc_get_captcha_params()
1011 {
1012 $str = '&inAdmin=1';
1013 $tmp = cpabc_get_option('dexcv_width', CPABC_TDEAPP_DEFAULT_dexcv_width);
1014 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_width) $str .='&width='.$tmp;
1015
1016 $tmp = cpabc_get_option('dexcv_height', CPABC_TDEAPP_DEFAULT_dexcv_height);
1017 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_height) $str .='&height='.$tmp;
1018
1019 $tmp = cpabc_get_option('dexcv_chars', CPABC_TDEAPP_DEFAULT_dexcv_chars);
1020 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_chars) $str .='&letter_count='.$tmp;
1021
1022 $tmp = cpabc_get_option('dexcv_min_font_size', CPABC_TDEAPP_DEFAULT_dexcv_min_font_size);
1023 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_min_font_size) $str .='&min_size='.$tmp;
1024
1025 $tmp = cpabc_get_option('dexcv_max_font_size', CPABC_TDEAPP_DEFAULT_dexcv_max_font_size);
1026 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_max_font_size) $str .='&max_size='.$tmp;
1027
1028 $tmp = cpabc_get_option('dexcv_noise', CPABC_TDEAPP_DEFAULT_dexcv_noise);
1029 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_noise) $str .='&noise='.$tmp;
1030
1031 $tmp = cpabc_get_option('dexcv_noise_length', CPABC_TDEAPP_DEFAULT_dexcv_noise_length);
1032 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_noise_length) $str .='&noiselength='.$tmp;
1033
1034 $tmp = cpabc_get_option('dexcv_background', CPABC_TDEAPP_DEFAULT_dexcv_background);
1035 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_background) $str .='&bcolor='.$tmp;
1036
1037 $tmp = cpabc_get_option('dexcv_border', CPABC_TDEAPP_DEFAULT_dexcv_border);
1038 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_border) $str .='&border='.$tmp;
1039
1040 $tmp = cpabc_get_option('dexcv_font', CPABC_TDEAPP_DEFAULT_dexcv_font);
1041 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_font) $str .='&font='.$tmp;
1042
1043 return $str;
1044 }
1045
1046 function cpabc_appointment_cleanJSON($str)
1047 {
1048 $str = str_replace('&qquot;','"',$str);
1049 $str = str_replace(' ',' ',$str);
1050 $str = str_replace("\n",'\n',$str);
1051 $str = str_replace("\r",'',$str);
1052 return $str;
1053 }
1054
1055 function cpabc_auto_language($calendar_language)
1056 {
1057 if ($calendar_language == '-')
1058 {
1059 $calendar_language = substr(strtoupper(get_bloginfo('language')),0,2);
1060 $calendar_language = str_replace ( array('ES','CS','NL','JA','KO','NB','SV',''),
1061 array('SP','CZ','DU','JP','KR','NW','SE',''), $calendar_language);
1062 }
1063 return $calendar_language;
1064 }
1065
1066 function cpabc_data_management_loaded()
1067 {
1068 global $wpdb, $cpabc_postURL;
1069
1070 $action = sanitize_text_field(cpabc_get_post_param('cpabc_do_action_loaded'));
1071 if (!$action) return; // go out if the call isn't for this one
1072
1073 if ($_POST['cpabc_publish_id']) $item = intval($_POST['cpabc_publish_id']);
1074
1075 if ($action == "wizard" && wp_verify_nonce( $_POST['nonce'], 'abc_update_actions_pwizard' ) && current_user_can('manage_options'))
1076 {
1077 $shortcode = '[CPABC_APPOINTMENT_CALENDAR calendar="'.$item .'"]';
1078 $cpabc_postURL = cpabc_publish_on( sanitize_text_field(cpabc_get_post_param("whereto")),
1079 sanitize_text_field(cpabc_get_post_param("publishpage")),
1080 sanitize_text_field(cpabc_get_post_param("publishpost")),
1081 @$shortcode,
1082 sanitize_text_field(cpabc_get_post_param("posttitle")));
1083 return;
1084 }
1085
1086 // ...
1087 echo 'Some unexpected error happened. If you see this error contact the support service at https://bccf.dwbooster.com/contact-us';
1088
1089 exit();
1090 }
1091
1092
1093 function cpabc_publish_on($whereto, $publishpage = '', $publishpost = '', $content = '', $posttitle = 'Booking Form')
1094 {
1095 global $wpdb;
1096 $id = '';
1097 if ($whereto == '0' || $whereto =='1') // new page
1098 {
1099 $my_post = array(
1100 'post_title' => $posttitle,
1101 'post_type' => ($whereto == '0'?'page':'post'),
1102 'post_content' => 'This is a <b>preview</b> page, remember to publish it if needed. You can edit the full form settings into the admin settings page.<br /><br /> '.$content,
1103 'post_status' => 'draft'
1104 );
1105
1106 // Insert the post into the database
1107 $id = wp_insert_post( $my_post );
1108 }
1109 else
1110 {
1111 $id = ($whereto == '2'?$publishpage:$publishpost);
1112 $post = get_post( $id );
1113 $pos = strpos($post->post_content,$content);
1114 if ($pos === false)
1115 {
1116 $my_post = array(
1117 'ID' => $id,
1118 'post_content' => $content.$post->post_content,
1119 );
1120 // Update the post into the database
1121 wp_update_post( $my_post );
1122 }
1123 }
1124 return get_permalink($id);
1125 }
1126
1127
1128 function cpabc_appointment_get_site_url($admin = false)
1129 {
1130 $blog = get_current_blog_id();
1131 if( $admin )
1132 $url = get_admin_url( $blog );
1133 else
1134 $url = get_home_url( $blog );
1135
1136 $url = parse_url($url);
1137 $url = rtrim(@$url["path"],"/");
1138 if (is_ssl())
1139 $url = str_replace('http://', 'https://', $url);
1140 return $url;
1141 }
1142
1143
1144 function cpabc_appointment_get_FULL_site_url($admin = false)
1145 {
1146 $blog = get_current_blog_id();
1147 if( $admin )
1148 $url = get_admin_url( $blog );
1149 else
1150 $url = get_home_url( $blog );
1151
1152 $url = parse_url($url);
1153 $url = rtrim(@$url["path"],"/");
1154 $pos = strpos($url, "://");
1155 if ($pos === false)
1156 $url = 'http://'.$_SERVER["HTTP_HOST"].$url;
1157 if (is_ssl())
1158 $url = str_replace('http://', 'https://', $url);
1159 return $url;
1160 }
1161
1162 function cpabc_get_get_param ($key)
1163 {
1164 if (isset($_GET[$key]))
1165 return $_GET[$key];
1166 else
1167 return "";
1168 }
1169
1170 function cpabc_get_post_param ($key)
1171 {
1172 if (isset($_POST[$key]))
1173 return $_POST[$key];
1174 else
1175 return "";
1176 }
1177
1178 // cpabc_cpabc_get_option:
1179 $cpabc_option_buffered_item = false;
1180 $cpabc_option_buffered_id = -1;
1181
1182 function cpabc_get_option ($field, $default_value = '')
1183 {
1184 global $wpdb, $cpabc_option_buffered_item, $cpabc_option_buffered_id;
1185 if (!defined('CP_CALENDAR_ID'))
1186 $id = 0;
1187 else
1188 $id = CP_CALENDAR_ID;
1189 if ($cpabc_option_buffered_id == $id)
1190 $value = @$cpabc_option_buffered_item->$field;
1191 else
1192 {
1193
1194 $myrows = $wpdb->get_results( "SELECT * FROM ".CPABC_APPOINTMENTS_CONFIG_TABLE_NAME." WHERE id=".intval($id) );
1195 $value = @$myrows[0]->$field;
1196 $cpabc_option_buffered_item = @$myrows[0];
1197 $cpabc_option_buffered_id = $id;
1198 }
1199 if ($value == '' && @$cpabc_option_buffered_item->calendar_language == '')
1200 $value = $default_value;
1201 return $value;
1202 }
1203
1204 function cpabc_appointment_is_administrator()
1205 {
1206 return current_user_can('manage_options');
1207 }
1208
1209
1210 $codepeople_promote_banner_plugins[ 'appointment-booking-calendar' ] = array(
1211 'plugin_name' => 'Appointment Booking Calendar',
1212 'plugin_url' => 'https://wordpress.org/support/plugin/appointment-booking-calendar/reviews/?filter=5#new-post'
1213 );
1214 require_once 'banner.php';
1215
1216 ?>