PluginProbe ʕ •ᴥ•ʔ
Appointment Booking Calendar / 1.3.94
Appointment Booking Calendar v1.3.94
1.4.04 1.4.03 1.4.02 trunk 1.3.51 1.3.52 1.3.53 1.3.54 1.3.55 1.3.56 1.3.57 1.3.58 1.3.59 1.3.60 1.3.61 1.3.62 1.3.63 1.3.64 1.3.65 1.3.66 1.3.67 1.3.68 1.3.69 1.3.70 1.3.71 1.3.72 1.3.73 1.3.74 1.3.75 1.3.76 1.3.77 1.3.78 1.3.79 1.3.80 1.3.81 1.3.82 1.3.83 1.3.84 1.3.85 1.3.86 1.3.87 1.3.88 1.3.89 1.3.90 1.3.91 1.3.92 1.3.93 1.3.94 1.3.95 1.3.96 1.3.97 1.3.98 1.3.99 1.4.01
appointment-booking-calendar / inc / cpabc_apps_go.inc.php
appointment-booking-calendar / inc Last commit date
banner.php 1 year ago cp-feedback.php 1 year ago cp_admin_int_edition.inc.php 1 year ago cpabc_appointments_admin_addbk.inc.php 1 year ago cpabc_appointments_admin_int.inc.php 1 year ago cpabc_appointments_admin_int_bookings_list.inc.php 1 year ago cpabc_appointments_admin_int_calendar_list.inc.php 1 year ago cpabc_appointments_admin_int_edit_booking.inc.php 1 year ago cpabc_apps_go.inc.php 1 year ago cpabc_apps_on.inc.php 1 year ago cpabc_publish_wizzard.inc.php 1 year ago cpabc_scheduler.inc.php 1 year ago index.html 1 year ago
cpabc_apps_go.inc.php
1305 lines
1 <?php
2
3 if ( ! defined( 'ABSPATH' ) )
4 {
5 echo 'Direct access not allowed.';
6 exit;
7 }
8
9
10 function cpabc_appointments_main_initialization()
11 {
12 global $wpdb;
13
14 if ( isset( $_GET['cpabc_ipncheck'] ) && $_GET['cpabc_ipncheck'] != '' )
15 {
16 cpabc_appointments_check_IPN_verification();
17 return;
18 }
19
20 if (false == get_option('ABC_ONE_TIME_4UPDATE',false))
21 {
22 cpabc_appointments_add_field_verify($wpdb->prefix.CPABC_APPOINTMENTS_CALENDARS_TABLE_NAME_NO_PREFIX, 'who_added', "VARCHAR(25) DEFAULT '' NOT NULL");
23 cpabc_appointments_add_field_verify($wpdb->prefix.CPABC_APPOINTMENTS_CALENDARS_TABLE_NAME_NO_PREFIX, 'who_edited', "VARCHAR(25) DEFAULT '' NOT NULL");
24 cpabc_appointments_add_field_verify($wpdb->prefix.CPABC_APPOINTMENTS_CALENDARS_TABLE_NAME_NO_PREFIX, 'who_cancelled', "VARCHAR(25) DEFAULT '' NOT NULL");
25 cpabc_appointments_add_field_verify($wpdb->prefix.CPABC_APPOINTMENTS_CALENDARS_TABLE_NAME_NO_PREFIX, 'is_cancelled', "VARCHAR(25) DEFAULT '0' NOT NULL");
26 cpabc_appointments_add_field_verify($wpdb->prefix.CPABC_APPOINTMENTS_CALENDARS_TABLE_NAME_NO_PREFIX, 'is_verified', "VARCHAR(25) DEFAULT '0' NOT NULL");
27 cpabc_appointments_add_field_verify($wpdb->prefix.CPABC_APPOINTMENTS_CALENDARS_TABLE_NAME_NO_PREFIX, 'verified_required', "VARCHAR(25) DEFAULT '0' NOT NULL");
28 cpabc_appointments_add_field_verify($wpdb->prefix.CPABC_APPOINTMENTS_CALENDARS_TABLE_NAME_NO_PREFIX, 'cancelled_reason', "TEXT");
29 update_option('ABC_ONE_TIME_4UPDATE',true);
30 }
31
32 if(isset($_GET) && array_key_exists('cpabc_app',$_GET)) {
33 if ( $_GET["cpabc_app"] == 'calfeed' )
34 {
35 if ($_GET["id"] != '' && substr(md5($_GET["id"].get_option('ABC_RCODE',$_SERVER["DOCUMENT_ROOT"])),0,10) == $_GET["verify"])
36 cpabc_export_iCal();
37 else
38 {
39 echo 'Access denied - verify value is not correct.';
40 exit;
41 }
42
43 }
44
45 if ($_GET["cpabc_app"] == 'captcha')
46 {
47 @include_once dirname( __FILE__ ) . '/../captcha/captcha.php';
48 exit;
49 }
50
51 }
52
53 if (isset( $_GET['cpabc_appointments_csv'] ) && is_admin() && current_user_can('edit_posts') && wp_verify_nonce( $_REQUEST['rsave'], 'uname_abc_bklist' ))
54 {
55 cpabc_appointments_export_csv();
56 return;
57 }
58
59 if (isset( $_GET['cpabc_app'] ) && $_GET['cpabc_app'] == 'cpabc_loadmindate' && is_admin() && current_user_can('edit_posts') )
60 {
61 if ($_GET["code"] == '')
62 echo '';
63 else
64 {
65 $date = date("Y-m-d H:i",strtotime($_GET["code"]));
66 if (date("Y",strtotime($_GET["code"])) == '1970')
67 echo '<span style="color:#DD0000;">Error! Invalid date format!. Calculated min date for today: '.esc_html($date).'</span>';
68 else
69 echo '<span style="color:#008800;">Calculated min date for today: '.esc_html($date).'</span>';
70 }
71 exit;
72 }
73
74 if (isset( $_GET['cpabc_app'] ) && $_GET['cpabc_app'] == 'cpabc_loadmaxdate' && is_admin() && current_user_can('edit_posts') )
75 {
76 if ($_GET["code"] == '')
77 echo '';
78 else
79 {
80 $date = date("Y-m-d H:i",strtotime($_GET["code"]));
81 if (date("Y",strtotime($_GET["code"])) == '1970')
82 echo '<span style="color:#DD0000;">Error! Invalid date format!. Calculated max date for today: '.esc_html($date).'</span>';
83 else
84 {
85 echo '<span style="color:#008800;">Calculated max date for today: '.esc_html($date).'</span>';
86 $date2 = date("Y-m-d H:i",strtotime($_GET["code2"]));
87 if ($date2 >= $date)
88 echo '<br /><span style="color:#DD0000;">Error! Max date is smaller than min date, so no days will be available in the calendar.</span>';
89 }
90 }
91 exit;
92 }
93
94 if (isset($_GET["cpabc_c"]) && $_GET['cpabc_c'] == '1')
95 {
96 cpabc_process_cancel_go_appointment();
97 }
98
99 if (!defined('CP_CALENDAR_ID') && isset($_POST["cpabc_item"]))
100 define ('CP_CALENDAR_ID', intval($_POST["cpabc_item"]));
101
102 if ( 'POST' == $_SERVER['REQUEST_METHOD'] && isset( $_POST['cpabc_appointments_post_options'] ) && (is_admin() || cpabc_appointments_user_access_to(CP_CALENDAR_ID) ))
103 {
104 cpabc_appointments_save_options();
105 return;
106 }
107
108 // if this isn't the expected post and isn't the captcha verification then nothing to do
109 if ( 'POST' != $_SERVER['REQUEST_METHOD'] || ! isset( $_POST['cpabc_appointments_post'] ) )
110 if ( 'GET' != $_SERVER['REQUEST_METHOD'] || !isset( $_GET['hdcaptcha'] ) )
111 return;
112
113
114 if (function_exists('session_start')) @session_start();
115
116 $hdcaptcha = '';
117 if (isset($_GET["hdcaptcha"]) && $_GET['hdcaptcha'] != '')
118 $hdcaptcha = sanitize_text_field($_GET["hdcaptcha"]);
119 else if (isset($_POST["hdcaptcha"]) && $_POST['hdcaptcha']!= '')
120 $hdcaptcha = sanitize_text_field($_POST['hdcaptcha']);
121
122 $captcha_tr = '';
123 if (!empty($_COOKIE['rand_code'])) $captcha_tr = get_transient( "cpeople-captcha-".sanitize_key($_COOKIE['rand_code']));
124
125 if (
126 (!is_admin() && cpabc_get_option('dexcv_enable_captcha', CPABC_TDEAPP_DEFAULT_dexcv_enable_captcha) != 'false') &&
127 ( (strtolower($hdcaptcha) != strtolower($_SESSION['rand_code'])) ||
128 ($_SESSION['rand_code'] == '')
129 )
130 &&
131 ( ((strtolower($hdcaptcha)) != ($captcha_tr)) ||
132 ($captcha_tr == '')
133 )
134 )
135 {
136 $_SESSION['rand_code'] = '';
137 setCookie('rand_code', '', time()+36000,"/");
138 echo 'captchafailed';
139 exit;
140 }
141
142 // if this isn't the real post (it was the captcha verification) then echo ok and exit
143 if ( 'POST' != $_SERVER['REQUEST_METHOD'] || ! isset( $_POST['cpabc_appointments_post'] ) )
144 {
145 if (!isset($_GET["abcc"]))
146 return;
147 echo 'ok';
148 exit;
149 }
150
151 $_SESSION['rand_code'] = '';
152
153 if (!wp_verify_nonce( $_REQUEST['_wpnonce'], 'cpabc_bkcontrol' ))
154 {
155 echo "Access verification error. Unauthorized.";
156 exit;
157 }
158
159
160
161 $selectedCalendar = sanitize_key($_POST["cpabc_item"]);
162
163 $selDaycal = sanitize_text_field($_POST["selDaycal".$selectedCalendar]);
164 if (is_admin() && $_POST["selMonthcal".$selectedCalendar] != '' && $_POST["freq"] != '10')
165 $selDaycal .= sanitize_text_field($_POST["selMonthcal".$selectedCalendar]);
166 $pdateAndTime = explode(";",str_replace(",","-", $selDaycal));
167 array_shift($pdateAndTime);
168
169 $military_time = cpabc_get_option('calendar_militarytime', CPABC_APPOINTMENTS_DEFAULT_CALENDAR_MILITARYTIME);
170 if (cpabc_get_option('calendar_militarytime', CPABC_APPOINTMENTS_DEFAULT_CALENDAR_MILITARYTIME) == '0') $format = "g:i A"; else $format = "H:i";
171
172 $calendar_dformat = cpabc_get_option('calendar_dateformat', CPABC_APPOINTMENTS_DEFAULT_CALENDAR_DATEFORMAT);
173 if ($calendar_dformat == '5')
174 $format = "Y-m-d ".$format;
175 else if ($calendar_dformat == '2')
176 $format = "d.m.Y ".$format;
177 else if ($calendar_dformat == '1')
178 $format = "d/m/Y ".$format;
179 else
180 $format = "m/d/Y ".$format;
181
182 $pdate = array();
183 for($n=0;$n<count($pdateAndTime); $n++)
184 {
185 $pdateAndTime[$n] = date("Y-m-d H:i:s",strtotime($pdateAndTime[$n]));
186 $pdate[$n] = date($format,strtotime($pdateAndTime[$n]));
187 }
188
189 $services_formatted = array();
190
191
192 $price = explode(";",cpabc_get_option('request_cost', CPABC_APPOINTMENTS_DEFAULT_COST));
193 foreach ($price as $item => $value)
194 $price[$item] = floatval(trim(str_replace(',','', str_replace(CPABC_APPOINTMENTS_DEFAULT_CURRENCY_SYMBOL,'',
195 str_replace(CPABC_APPOINTMENTS_GBP_CURRENCY_SYMBOL,'',
196 str_replace(CPABC_APPOINTMENTS_EUR_CURRENCY_SYMBOL_A, '',
197 str_replace(CPABC_APPOINTMENTS_EUR_CURRENCY_SYMBOL_B,'', $value )))) )));
198
199 if (isset($price[count($pdateAndTime)-1]))
200 $price = $price[count($pdateAndTime)-1];
201 else
202 $price = floatval($price[0]) * count($pdateAndTime);
203
204
205 // check discount codes
206 //-------------------------------------------------
207 $discount_note = "";
208 $coupon = false;
209
210 $params = array();
211 $params["UTIMEZONE"] = sanitize_text_field(@$_POST["cpabc_appointments_utime"]);
212 $params["PRICE"] = number_format ($price, 2);
213 $params["COUPONCODE"] = ($coupon?"\nCoupon code:".$coupon->code.$discount_note."\n":"");
214 $params["QUANTITY"] = (!empty($_POST["abc_capacity"]) ? sanitize_text_field($_POST["abc_capacity"]) : '');
215
216 // get form info
217 //---------------------------
218 $params["NAME"] = sanitize_text_field($_POST["name"]);
219 $params["EMAIL"] = sanitize_email($_POST["email"]);
220 $params["PHONE"] = sanitize_text_field($_POST["phone"]);
221 $params["COMMENTS"] = sanitize_textarea_field($_POST["question"]);
222
223 $params[ 'request_timestamp' ] = (date("Y-m-d", current_time('timestamp'))). " ". (date("H:i:s", current_time('timestamp')));
224
225 $buffer_A = sanitize_textarea_field($_POST["question"]);
226 $to = "email";
227
228 $_SESSION['rand_code'] = '';
229 setCookie('rand_code', '', time()+36000,"/");
230
231 /**
232 * Action called before insert the data into database.
233 * To the function is passed an array with submitted data.
234 */
235 do_action_ref_array( 'cpabc_process_data_before_insert', array(&$params) );
236
237 // insert into database
238 //---------------------------
239
240 if (date("Y",strtotime($pdateAndTime[0])) == "1970") // if this is spam, skip
241 return;
242
243 $alldates = '';
244 for ($n=0; $n<count($pdateAndTime); $n++)
245 {
246 $params["DATE"] = trim( substr($pdate[$n], 0, strpos($pdate[$n],' ') ) );
247 $params["MAINDATE"] = $params["DATE"];
248 $params["TIME"] = trim( substr($pdate[$n], strpos($pdate[$n],' ') ) );
249
250 $alldates .= " - ".$pdate[$n]."\n";
251
252 $rows_affected = $wpdb->insert( CPABC_APPOINTMENTS_TABLE_NAME, array( 'calendar' => $selectedCalendar,
253 'time' => current_time('mysql'),
254 'booked_time' => sanitize_text_field($pdate[$n]),
255 'booked_time_unformatted' => $pdateAndTime[$n],
256 'name' => "".sanitize_text_field(@$_POST["name"]),
257 'email' => "".sanitize_email(@$_POST[$to]),
258 'phone' => "".sanitize_text_field(@$_POST["phone"]),
259 'question' => $buffer_A,
260 'quantity' => (isset($_POST["abc_capacity"])?sanitize_text_field($_POST["abc_capacity"]):1),
261 'buffered_date' => serialize($params)
262 ) );
263 if (!$rows_affected)
264 {
265 echo 'Error saving data! Please try again.';
266 echo '<br /><br />If the error persists please be sure you are using the latest version and in that case contact support service at https://abc.dwbooster.com/contact-us?debug=db';
267 exit;
268 }
269
270 // save data here
271 $item_number[] = $wpdb->insert_id;
272 }
273
274 $params["ALLDATES"] = $alldates;
275
276 // Call action for data processing
277 //---------------------------------
278 $params[ 'itemnumber' ] = $item_number[0];
279 $params[ 'itemnumbers' ] = $item_number;
280 $params[ 'useremail' ] = "".sanitize_email(@$_POST[$to]);
281 $params[ 'formid' ] = $selectedCalendar;
282 /**
283 * Action called after inserted the data into database.
284 * To the function is passed an array with submitted data.
285 */
286
287 do_action( 'cpabc_process_data', $params );
288
289 $item_number = implode(";", $item_number);
290
291 if ( is_admin() && current_user_can('edit_posts') )
292 {
293 cpabc_process_ready_to_go_appointment($item_number, '');
294 return;
295 }
296
297 if (cpabc_get_option('paypal_mode','production') == "sandbox")
298 $ppurl = 'https://www.sandbox.paypal.com/cgi-bin/webscr';
299 else
300 $ppurl = 'https://www.paypal.com/cgi-bin/webscr';
301
302 ?>
303 <html>
304 <head><title>Redirecting to Paypal...</title></head>
305 <body>
306 <form action="<?php echo esc_attr($ppurl); ?>" name="ppform3" method="post">
307 <input type="hidden" name="cmd" value="_xclick" />
308 <input type="hidden" name="business" value="<?php echo esc_attr(sanitize_email(cpabc_get_option('paypal_email', _cpabc_appointments_get_default_paypal_email() ))); ?>" />
309 <input type="hidden" name="item_name" value="<?php echo esc_attr(cpabc_get_option('paypal_product_name', CPABC_APPOINTMENTS_DEFAULT_PRODUCT_NAME)); ?>" />
310 <input type="hidden" name="custom" value="<?php echo esc_attr($item_number); ?>" />
311 <input type="hidden" name="amount" value="<?php echo floatval($price); ?>" />
312 <input type="hidden" name="page_style" value="Primary" />
313 <input type="hidden" name="no_shipping" value="<?php if (cpabc_get_option('request_address','0') != '1') echo '1'; else echo '2'; ?>" />
314 <input type="hidden" name="return" value="<?php echo esc_attr(trim(cpabc_get_option('url_ok', CPABC_APPOINTMENTS_DEFAULT_OK_URL))); ?>">
315 <input type="hidden" name="cancel_return" value="<?php echo esc_attr(cpabc_get_option('url_cancel', CPABC_APPOINTMENTS_DEFAULT_CANCEL_URL)); ?>" />
316 <input type="hidden" name="currency_code" value="<?php echo esc_attr(cpabc_appointments_clean_currency(cpabc_get_option('currency', CPABC_APPOINTMENTS_DEFAULT_CURRENCY))); ?>" />
317 <input type="hidden" name="lc" value="<?php echo esc_attr(cpabc_get_option('paypal_language', CPABC_APPOINTMENTS_DEFAULT_PAYPAL_LANGUAGE)); ?>" />
318 <input type="hidden" name="bn" value="NetFactorSL_SI_Custom" />
319 <input type="hidden" name="notify_url" value="<?php echo esc_attr(cpabc_appointment_get_FULL_site_url()); ?>/?cpabc_ipncheck=<?php echo esc_attr($item_number); ?>" />
320 </form>
321 <script type="text/javascript">
322 document.ppform3.submit();
323 </script>
324 </body>
325 </html>
326 <?php
327 exit();
328 }
329
330
331 function cpabc_appointments_clean_currency($currency)
332 {
333 $currency = trim(strtoupper($currency));
334 if ($currency == 'GPB')
335 return 'GBP';
336 else if ($currency == 'CDN')
337 return 'CAD';
338 else if ($currency == '$')
339 return 'USD';
340 else if ($currency == 'DOLLAR')
341 return 'USD';
342 else if ($currency == 'EURO')
343 return 'EUR';
344 else if ($currency == '')
345 return 'EUR';
346 else if ($currency == 'MXP')
347 return 'MXN';
348 else if ($currency == 'AUS')
349 return 'AUD';
350 else
351 return $currency;
352 }
353
354
355 function cpabc_appointments_user_access_to($calendar) {
356 global $wpdb;
357 $current_user = wp_get_current_user();
358 $myrows = $wpdb->get_results( "SELECT * FROM ".CPABC_APPOINTMENTS_CONFIG_TABLE_NAME." where id='".intval($calendar)."' AND conwer<>'' AND conwer='".esc_sql($current_user->ID)."'" );
359 return count($myrows);
360 }
361
362
363 function cpabc_appointments_check_IPN_verification() {
364
365 global $wpdb;
366
367 $itemparam = sanitize_text_field($_GET["cpabc_ipncheck"]);
368
369 $payment_status = sanitize_text_field($_POST['payment_status']);
370 $payer_email = sanitize_email($_POST['payer_email']);
371 $payment_type = sanitize_text_field($_POST['payment_type']);
372 $txnid = sanitize_text_field($_POST['txn_id']);
373
374 if (CPABC_TDEAPP_CALENDAR_STEP2_VRFY)
375 {
376 if ($payment_status != 'Completed' && $payment_type != 'echeck')
377 return;
378
379 if ($payment_type == 'echeck' && $payment_status == 'Completed')
380 return;
381 }
382
383 $itemnumber = explode(";",$itemparam);
384 $myrows = $wpdb->get_results( "SELECT * FROM ".CPABC_TDEAPP_CALENDAR_DATA_TABLE." WHERE reference='".intval($itemnumber[0])."'" );
385 if (count($myrows))
386 {
387 echo 'OK - Already processed';
388 exit;
389 }
390
391 $myrows = $wpdb->get_results( "SELECT * FROM ".CPABC_APPOINTMENTS_TABLE_NAME." WHERE id=".intval($itemnumber[0]) );
392 $params = unserialize($myrows[0]->buffered_date);
393 $params["txnid"] = $txnid;
394 $wpdb->query( "UPDATE ".CPABC_APPOINTMENTS_TABLE_NAME." SET buffered_date='".esc_sql(serialize($params))."' WHERE id=".intval($itemnumber[0]) );
395
396
397 cpabc_process_ready_to_go_appointment( $itemparam, $payer_email);
398
399 echo 'OK';
400
401 exit();
402
403 }
404
405 function cpabc_process_cancel_go_appointment()
406 {
407 global $wpdb;
408 $itemnumber = base64_decode($_GET["i"]);
409 $cpabc_pcode = base64_decode(get_option('CPABC_PCODE',""));
410 if (is_numeric($itemnumber) && $_GET["verify"] == substr(md5($cpabc_pcode.$itemnumber),0,10))
411 {
412 $wpdb->query( "DELETE FROM ".CPABC_TDEAPP_CALENDAR_DATA_TABLE." WHERE id=".intval($itemnumber) );
413 header("Location: ".CPABC_APPOINTMENTS_DEFAULT_ON_CANCEL_REDIRECT_TO);
414 exit;
415 } else {
416 echo 'Wrong cancellation link';
417 exit;
418 }
419 }
420
421 function cpabc_process_ready_to_go_appointment($itemnumber, $payer_email = "", $is_resend = false, $send_admin = true)
422 {
423 global $wpdb;
424
425 cpabc_appointments_add_field_verify(CPABC_TDEAPP_CALENDAR_DATA_TABLE, 'quantity', "VARCHAR(25) DEFAULT '1' NOT NULL");
426 cpabc_appointments_add_field_verify(CPABC_TDEAPP_CALENDAR_DATA_TABLE, 'reminder', "VARCHAR(1) DEFAULT '' NOT NULL");
427 cpabc_appointments_add_field_verify(CPABC_TDEAPP_CALENDAR_DATA_TABLE, 'reference', "VARCHAR(30) DEFAULT '' NOT NULL");
428
429 $itemnumber = explode(";",$itemnumber);
430 $myrows = $wpdb->get_results( "SELECT * FROM ".CPABC_APPOINTMENTS_TABLE_NAME." WHERE id=".intval($itemnumber[0]) );
431 $mycalendarrows = $wpdb->get_results( 'SELECT * FROM '.CPABC_APPOINTMENTS_CONFIG_TABLE_NAME .' WHERE `'.CPABC_TDEAPP_CONFIG_ID.'`='.intval($myrows[0]->calendar));
432 $reminder_timeline = date( "Y-m-d H:i:s", strtotime (date("Y-m-d H:i:s")." +".$mycalendarrows[0]->reminder_hours." hours") );
433 if (!defined('CP_CALENDAR_ID'))
434 define ('CP_CALENDAR_ID',$myrows[0]->calendar);
435
436 $SYSTEM_EMAIL = cpabc_get_option('notification_from_email', _cpabc_appointments_get_default_from_email() );
437 $SYSTEM_RCPT_EMAIL = cpabc_get_option('notification_destination_email', _cpabc_appointments_get_default_paypal_email() );
438
439 $email_subject1 = cpabc_get_option('email_subject_confirmation_to_user', CPABC_APPOINTMENTS_DEFAULT_SUBJECT_CONFIRMATION_EMAIL);
440 $email_content1 = cpabc_get_option('email_confirmation_to_user', CPABC_APPOINTMENTS_DEFAULT_CONFIRMATION_EMAIL);
441 $email_subject2 = cpabc_get_option('email_subject_notification_to_admin', CPABC_APPOINTMENTS_DEFAULT_SUBJECT_NOTIFICATION_EMAIL);
442 $email_content2 = cpabc_get_option('email_notification_to_admin', CPABC_APPOINTMENTS_DEFAULT_NOTIFICATION_EMAIL);
443
444 $email_content1 = str_replace("%CALENDAR%", $mycalendarrows[0]->uname, $email_content1);
445 $email_content2 = str_replace("%CALENDAR%", $mycalendarrows[0]->uname, $email_content2);
446
447 $params = unserialize($myrows[0]->buffered_date);
448 $attachments = array();
449 foreach ($params as $item => $value)
450 {
451 $email_content1 = str_replace('<%'.$item.'%>',(is_array($value)?(implode(", ",$value)):($value)),$email_content1);
452 $email_content2 = str_replace('<%'.$item.'%>',(is_array($value)?(implode(", ",$value)):($value)),$email_content2);
453 $email_content1 = str_replace('%'.$item.'%',(is_array($value)?(implode(", ",$value)):($value)),$email_content1);
454 $email_content2 = str_replace('%'.$item.'%',(is_array($value)?(implode(", ",$value)):($value)),$email_content2);
455 if (strpos($item,"_link"))
456 $attachments[] = $value;
457 }
458 $buffered_dates = array();
459 for ($n=0;$n<count($itemnumber);$n++)
460 {
461 $myrows = $wpdb->get_results( "SELECT * FROM ".CPABC_APPOINTMENTS_TABLE_NAME." WHERE id=".intval($itemnumber[$n]) );
462 $buffered_dates[] = $myrows[0]->booked_time;
463 $information = $mycalendarrows[0]->uname."\n".
464 $myrows[0]->booked_time."\n".
465 ($myrows[0]->name?$myrows[0]->name."\n":"").
466 $myrows[0]->email."\n".
467 ($myrows[0]->phone?$myrows[0]->phone."\n":"").
468 $myrows[0]->question."\n";
469
470 if ($reminder_timeline > date("Y-m-d H:i:s", strtotime($myrows[0]->booked_time_unformatted)))
471 $reminder = '1';
472 else
473 $reminder = '';
474
475 if (!$is_resend)
476 $rows_affected = $wpdb->insert( CPABC_TDEAPP_CALENDAR_DATA_TABLE, array( 'appointment_calendar_id' => $myrows[0]->calendar,
477 'datatime' => date("Y-m-d H:i:s", strtotime($myrows[0]->booked_time_unformatted)),
478 'title' => $myrows[0]->email,
479 'reminder' => $reminder,
480 'quantity' => (isset($myrows[0]->quantity)?$myrows[0]->quantity:1),
481 'description' => str_replace("\n","<br />", $information),
482 'reference' => intval($itemnumber[$n])
483 ) );
484 // SEND EMAILS START
485 if ($n == count($itemnumber)-1) // send emails only once
486 {
487
488 $params['itemnumber'] = $wpdb->insert_id;
489
490 $information = $mycalendarrows[0]->uname."\n".
491 implode(" - ",$buffered_dates)."\n".
492 ($myrows[0]->name?$myrows[0]->name."\n":"").
493 $myrows[0]->email."\n".
494 ($myrows[0]->phone?$myrows[0]->phone."\n":"").
495 $myrows[0]->question."\n";
496
497 $email_content1 = str_replace("%INFORMATION%", $information, $email_content1);
498 $email_content2 = str_replace("%INFORMATION%", $information, $email_content2);
499
500 $itemnumberdb = $wpdb->insert_id;
501 $cpabc_pcode = base64_decode(get_option('CPABC_PCODE',""));
502 $cancel_link = cpabc_appointment_get_FULL_site_url().'/?cpabc_c=1&i='.base64_encode($itemnumberdb).'&verify='.substr(md5($cpabc_pcode.$itemnumberdb),0,10).'&a=1';
503
504 $email_content1 = str_replace("%CANCEL%", $cancel_link, $email_content1);
505 $email_content2 = str_replace("%CANCEL%", $cancel_link, $email_content2);
506
507 $email_content1 = str_replace("%ALLDATES%", implode("\n",$buffered_dates), $email_content1);
508 $email_content2 = str_replace("%ALLDATES%", implode("\n",$buffered_dates), $email_content2);
509
510 if (!strpos($SYSTEM_EMAIL,">"))
511 $SYSTEM_EMAIL = '"'.$SYSTEM_EMAIL.'" <'.$SYSTEM_EMAIL.'>';
512
513 // SEND EMAIL TO USER
514 $replyto = $myrows[0]->email;
515 if ('html' == cpabc_get_option('nuser_emailformat', CPABC_APPOINTMENTS_DEFAULT_email_format)) $content_type = "Content-Type: text/html; charset=utf-8\n"; else $content_type = "Content-Type: text/plain; charset=utf-8\n";
516
517 if (!is_admin() || isset($_POST["sendemails_admin"]) || defined('CPABC_IS_RESEND') )
518 {
519 wp_mail($myrows[0]->email, $email_subject1, $email_content1,
520 "From: ".$SYSTEM_EMAIL."\r\n".
521 $content_type.
522 "X-Mailer: PHP/" . phpversion());
523
524 if ($payer_email && strtolower($payer_email) != strtolower($myrows[0]->email))
525 wp_mail($payer_email , $email_subject1, $email_content1,
526 "From: ".$SYSTEM_EMAIL."\r\n".
527 $content_type.
528 "X-Mailer: PHP/" . phpversion());
529
530 // SEND EMAIL TO ADMIN
531 if ('html' == cpabc_get_option('nadmin_emailformat', CPABC_APPOINTMENTS_DEFAULT_email_format)) $content_type = "Content-Type: text/html; charset=utf-8\n"; else $content_type = "Content-Type: text/plain; charset=utf-8\n";
532 $to = explode(",",$SYSTEM_RCPT_EMAIL);
533 foreach ($to as $item)
534 if (trim($item) != '')
535 {
536 wp_mail(trim($item), $email_subject2, $email_content2,
537 "From: ".$SYSTEM_EMAIL."\r\n".
538 ($replyto!=''?"Reply-To: ".$replyto."\r\n":'').
539 $content_type.
540 "X-Mailer: PHP/" . phpversion(), $attachments);
541 }
542 }
543 }
544 // SEND EMAILS END
545 }
546 }
547
548 function cpabc_appointments_add_field_verify ($table, $field, $type = "text")
549 {
550 global $wpdb;
551 $results = $wpdb->get_results("SHOW columns FROM `".$table."` where field='".$field."'");
552 if (!count($results))
553 {
554 $sql = "ALTER TABLE `".$table."` ADD `".$field."` ".$type;
555 $wpdb->query($sql);
556 }
557 }
558
559
560 function cpabc_appointments_save_options()
561 {
562 global $wpdb;
563 if (!defined('CP_CALENDAR_ID'))
564 define ('CP_CALENDAR_ID', intval($_POST["cpabc_item"]));
565
566 if (!wp_verify_nonce( $_REQUEST['_wpnonce'], 'uname_abc' ))
567 {
568 echo "Access verification error. Cannot update settings.";
569 return;
570 }
571
572 if ( ! current_user_can('edit_pages') && !cpabc_appointments_user_access_to(CP_CALENDAR_ID) ) // prevent loading coupons from outside admin area
573 {
574 echo 'No enough privilegies to load this content.';
575 exit;
576 }
577 if ($_POST["cpabc_appointments_control_field"] == '\\"')
578 foreach ($_POST as $item => $value)
579 if (!is_array($value))
580 $_POST[$item] = stripcslashes($value);
581
582
583 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'enable_reminder');
584 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'reminder_hours');
585 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'reminder_subject');
586 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'reminder_content');
587 cpabc_appointments_add_field_verify(CPABC_TDEAPP_CALENDAR_DATA_TABLE, 'reminder', "VARCHAR(1) DEFAULT '' NOT NULL");
588 cpabc_appointments_add_field_verify(CPABC_TDEAPP_CALENDAR_DATA_TABLE, 'quantity', "VARCHAR(25) DEFAULT '1' NOT NULL");
589
590 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'min_slots');
591 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'max_slots');
592 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'close_fpanel');
593 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'quantity_field');
594
595 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'calendar_startyear', "VARCHAR(20) DEFAULT '' NOT NULL");
596 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'calendar_startmonth', "VARCHAR(20) DEFAULT '' NOT NULL");
597 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'calendar_theme');
598
599 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'paypal_mode');
600 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'request_address');
601
602
603 $request_cost = '';
604 for ($k=1;$k <= intval($_POST["max_slots"]); $k++)
605 $request_cost .= ($k!=1?";":"").cpabc_clean_price($_POST["request_cost_".$k]);
606
607 $data = array(
608 'calendar_language' => sanitize_text_field($_POST["calendar_language"]),
609 'calendar_dateformat' => sanitize_text_field($_POST["calendar_dateformat"]),
610 'calendar_pages' => sanitize_text_field($_POST["calendar_pages"]),
611 'calendar_militarytime' => sanitize_text_field($_POST["calendar_militarytime"]),
612 'calendar_weekday' => sanitize_text_field($_POST["calendar_weekday"]),
613 'calendar_mindate' => sanitize_text_field($_POST["calendar_mindate"]),
614 'calendar_maxdate' => sanitize_text_field($_POST["calendar_maxdate"]),
615 'min_slots' => sanitize_text_field($_POST["min_slots"]),
616 'max_slots' => sanitize_text_field($_POST["max_slots"]),
617 'close_fpanel' => sanitize_text_field($_POST["close_fpanel"]),
618 'quantity_field' => sanitize_text_field($_POST["quantity_field"]),
619 'request_address' => sanitize_text_field($_POST["request_address"]),
620 'paypal_mode' => sanitize_text_field($_POST["paypal_mode"]),
621
622 'calendar_startyear' => sanitize_text_field($_POST["calendar_startyear"]),
623 'calendar_startmonth' => sanitize_text_field($_POST["calendar_startmonth"]),
624 'calendar_theme' => sanitize_text_field($_POST["calendar_theme"]),
625
626 'paypal_email' => sanitize_email($_POST["paypal_email"]),
627 'request_cost' => sanitize_text_field($request_cost),
628 'paypal_product_name' => sanitize_text_field($_POST["paypal_product_name"]),
629 'currency' => sanitize_text_field($_POST["currency"]),
630 'url_ok' => sanitize_text_field($_POST["url_ok"]),
631 'url_cancel' => sanitize_text_field($_POST["url_cancel"]),
632 'paypal_language' => sanitize_text_field($_POST["paypal_language"]),
633
634 'nuser_emailformat' => sanitize_text_field(@$_POST["nuser_emailformat"]),
635 'nadmin_emailformat' => sanitize_text_field($_POST["nadmin_emailformat"]),
636 'nremind_emailformat' => sanitize_text_field($_POST["nremind_emailformat"]),
637
638 'vs_text_is_required' => sanitize_text_field($_POST['vs_text_is_required']),
639 'vs_text_is_email' => sanitize_text_field($_POST['vs_text_is_email']),
640 'vs_text_datemmddyyyy' => sanitize_text_field($_POST['vs_text_datemmddyyyy']),
641 'vs_text_dateddmmyyyy' => sanitize_text_field($_POST['vs_text_dateddmmyyyy']),
642 'vs_text_number' => sanitize_text_field($_POST['vs_text_number']),
643 'vs_text_digits' => sanitize_text_field($_POST['vs_text_digits']),
644 'vs_text_max' => sanitize_text_field($_POST['vs_text_max']),
645 'vs_text_min' => sanitize_text_field($_POST['vs_text_min']),
646 'vs_text_submitbtn' => sanitize_text_field($_POST['vs_text_submitbtn']),
647
648 'cu_user_email_field' => sanitize_text_field(cpabc_get_post_param("cu_user_email_field")),
649
650 'notification_from_email' => sanitize_text_field($_POST["notification_from_email"]),
651 'notification_destination_email' => sanitize_text_field($_POST["notification_destination_email"]),
652 'email_subject_confirmation_to_user' => sanitize_text_field($_POST["email_subject_confirmation_to_user"]),
653 'email_confirmation_to_user' => cpabc_clean_and_sanitize($_POST["email_confirmation_to_user"]),
654 'email_subject_notification_to_admin' => sanitize_text_field($_POST["email_subject_notification_to_admin"]),
655 'email_notification_to_admin' => cpabc_clean_and_sanitize($_POST["email_notification_to_admin"]),
656
657 'enable_reminder' => sanitize_text_field(cpabc_get_post_param("enable_reminder")),
658 'reminder_hours' => sanitize_text_field(cpabc_get_post_param("reminder_hours")),
659 'reminder_subject' => sanitize_text_field(cpabc_get_post_param("reminder_subject")),
660 'reminder_content' => cpabc_clean_and_sanitize(cpabc_get_post_param("reminder_content")),
661
662 'dexcv_enable_captcha' => sanitize_text_field($_POST["dexcv_enable_captcha"]),
663 'dexcv_width' => sanitize_text_field($_POST["dexcv_width"]),
664 'dexcv_height' => sanitize_text_field($_POST["dexcv_height"]),
665 'dexcv_chars' => sanitize_text_field($_POST["dexcv_chars"]),
666 'dexcv_min_font_size' => sanitize_text_field($_POST["dexcv_min_font_size"]),
667 'dexcv_max_font_size' => sanitize_text_field($_POST["dexcv_max_font_size"]),
668 'dexcv_noise' => sanitize_text_field($_POST["dexcv_noise"]),
669 'dexcv_noise_length' => sanitize_text_field($_POST["dexcv_noise_length"]),
670 'dexcv_background' => sanitize_text_field(str_replace('#','',$_POST['dexcv_background'])),
671 'dexcv_border' => sanitize_text_field(str_replace('#','',$_POST['dexcv_border'])),
672 'dexcv_font' => sanitize_text_field($_POST["dexcv_font"]),
673 'cv_text_enter_valid_captcha' => sanitize_text_field($_POST['cv_text_enter_valid_captcha']),
674 'cp_cal_checkboxes' => sanitize_text_field(cpabc_get_post_param("cp_cal_checkboxes"))
675 );
676 $wpdb->update ( CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, $data, array( 'id' => CP_CALENDAR_ID ));
677 }
678
679
680 function cpabc_clean_price($price)
681 {
682 return preg_replace('/[^0-9.]+/', '', str_replace(',','.',$price));
683 }
684
685
686 function cpabc_clean_and_sanitize ($str)
687 {
688 if ( is_object( $str ) || is_array( $str ) ) {
689 return '';
690 }
691 $str = (string) $str;
692 $str = str_replace('%CA','#@*cpabc',$str);
693 $filtered = wp_check_invalid_utf8( $str );
694 while ( preg_match( '/%[a-f0-9]{2}/i', $filtered, $match ) )
695 $filtered = str_replace( $match[0], '', $filtered );
696 $filtered = str_replace('#@*cpabc','%CA',$filtered);
697 return trim($filtered);
698 }
699
700
701 function cpabc_appointments_get_field_name ($fieldid, $form)
702 {
703 if (is_array($form))
704 foreach($form as $item)
705 if ($item->name == $fieldid)
706 return $item->title;
707 return $fieldid;
708 }
709
710
711 function cpabc_appointments_clean_csv_value($value)
712 {
713 $value = trim($value);
714 while (strlen($value) > 1 && in_array($value[0],array('=','@')))
715 $value = trim(substr($value, 1));
716 return $value;
717 }
718
719 function cpabc_appointments_export_csv ()
720 {
721 if (!is_admin())
722 return;
723 global $wpdb;
724
725 if (!defined('CP_CALENDAR_ID'))
726 define ('CP_CALENDAR_ID',intval($_GET["cal"]));
727
728 $form_data = json_decode(cpabc_appointment_cleanJSON(cpabc_get_option('form_structure', CPABC_APPOINTMENTS_DEFAULT_form_structure)));
729
730 $excluded = explode(",",get_option('CPABC_EXCLUDED_COLUMNS',""));
731 for ($i=0; $i<count($excluded); $i++)
732 $excluded[$i] = trim($excluded[$i]);
733
734 $cond = '';
735
736 if ($_GET["search"] != '') $cond .= " AND (buffered_date like '%".esc_sql(sanitize_text_field($_GET["search"]))."%')";
737 if ($_GET["dfrom"] != '') $cond .= " AND (`booked_time_unformatted` >= '".esc_sql(sanitize_text_field($_GET["dfrom"]))."')";
738 if ($_GET["dto"] != '') $cond .= " AND (`booked_time_unformatted` <= '".esc_sql(sanitize_text_field($_GET["dto"]))." 23:59:59')";
739
740 if (CP_CALENDAR_ID != 0) $cond .= " AND appointment_calendar_id=".intval(CP_CALENDAR_ID);
741
742 $events = $wpdb->get_results( "SELECT * FROM ".CPABC_TDEAPP_CALENDAR_DATA_TABLE." INNER JOIN ".CPABC_APPOINTMENTS_CONFIG_TABLE_NAME." ON ".CPABC_TDEAPP_CALENDAR_DATA_TABLE.".appointment_calendar_id=".CPABC_APPOINTMENTS_CONFIG_TABLE_NAME.".id LEFT JOIN ".CPABC_APPOINTMENTS_TABLE_NAME." ON ".CPABC_TDEAPP_CALENDAR_DATA_TABLE.".reference=".CPABC_APPOINTMENTS_TABLE_NAME.".id WHERE 1=1 ".$cond );
743
744 $fields = array();
745 if (!in_array("Calendar ID",$excluded)) $fields[] = "Calendar ID";
746 if (!in_array("Calendar",$excluded)) $fields[] = "Calendar";
747 if (!in_array("Time",$excluded)) $fields[] = "Time";
748 $corefieldcount = count($fields);
749 $values = array();
750
751 foreach ($events as $item)
752 {
753 $value = array();
754 if (!in_array("Calendar ID",$excluded)) $value[] = $item->appointment_calendar_id;
755 if (!in_array("Calendar",$excluded)) $value[] = $item->uname;
756 if (!in_array("Time",$excluded)) $value[] = $item->datatime;
757
758 $data = array();
759 $data = unserialize($item->buffered_date);
760
761 if (!is_array($data))
762 {
763 $data = array(
764 'title' => $item->title,
765 'description' => $item->description
766 );
767 }
768 $end = count($fields);
769 for ($i=$corefieldcount; $i<$end; $i++)
770 if (isset($data[$fields[$i]]) ){
771 $value[$i] = $data[$fields[$i]];
772 unset($data[$fields[$i]]);
773 }
774 else $value[$i] = '';
775 foreach ($data as $k => $d)
776 if (!in_array($k,$excluded))
777 {
778 $fields[] = $k;
779 $value[] = $d;
780 }
781 $values[] = $value;
782 }
783
784 header("Content-type: application/octet-stream");
785 header("Content-Disposition: attachment; filename=bookings.csv");
786
787 $end = count($fields);
788 for ($i=0; $i<$end; $i++)
789 {
790 $hlabel = cpabc_appointments_iconv("utf-8", "ISO-8859-1//TRANSLIT//IGNORE", cpabc_appointments_get_field_name($fields[$i],@$form_data[0]));
791 echo '"'.str_replace('"','""', cpabc_appointments_clean_csv_value($hlabel)).'",';
792 }
793 echo "\n";
794 foreach ($values as $item)
795 {
796 for ($i=0; $i<$end; $i++)
797 {
798 if (!isset($item[$i]))
799 $item[$i] = '';
800 if (is_array($item[$i]))
801 $item[$i] = implode($item[$i],',');
802 $item[$i] = cpabc_appointments_iconv("utf-8", "ISO-8859-1//TRANSLIT//IGNORE", $item[$i]);
803 echo '"'.str_replace('"','""', cpabc_appointments_clean_csv_value($item[$i])).'",';
804 }
805 echo "\n";
806 }
807
808 exit;
809 }
810
811
812 function cpabc_appointments_iconv($from, $to, $text)
813 {
814 $text = trim($text);
815 if ( strlen($text) > 1 && (in_array(substr($text,0,1), array('=','@','+','-'))) )
816 {
817 if (substr($text,0,1) != '-' || floatval($text)."" != $text)
818 $text = chr(9).$text;
819 }
820 if (function_exists('iconv'))
821 return iconv($from, $to, $text);
822 else
823 return $text;
824 }
825
826
827
828 function cpabc_appointments_calendar_load() {
829 global $wpdb;
830 if ( ! isset( $_GET['cpabc_calendar_load'] ) || $_GET['cpabc_calendar_load'] != '1' )
831 return;
832
833 @header("Cache-Control: no-store, no-cache, must-revalidate");
834 @header("Pragma: no-cache");
835
836 $calid = str_replace (CPABC_TDEAPP_CAL_PREFIX, "",$_GET["id"]);
837 $query = "SELECT * FROM ".CPABC_TDEAPP_CONFIG." where ".CPABC_TDEAPP_CONFIG_ID."='".esc_sql($calid)."'";
838 $row = $wpdb->get_results($query,ARRAY_A);
839 if ($row[0])
840 {
841 $min_date = strtotime($row[0]["calendar_mindate"]);
842
843 // New header to mark init of calendar output
844 echo '--***--***--***---!';
845 // START:: new code to clean corrupted data
846 $working_dates = explode(",",$row[0][CPABC_TDEAPP_CONFIG_WORKINGDATES]);
847 for($i=0;$i<count($working_dates); $i++)
848 if (is_numeric($working_dates[$i]))
849 $working_dates[$i] = intval($working_dates[$i]);
850 else
851 $working_dates[$i] = '';
852 if ($working_dates[0] === '')
853 unset($working_dates[0]);
854 $working_dates = array_unique($working_dates);
855 $working_dates = implode(",",$working_dates);
856 while (!(strpos($working_dates,",,") === false))
857 $working_dates = str_replace(",,",",",$working_dates);
858 if ($working_dates[strlen($working_dates)-1] == ',')
859 $working_dates = substr($working_dates,0,strlen($working_dates)-1);
860 echo esc_html($working_dates).";";
861 // END:: new code to clean corrupted data
862 echo esc_html($row[0][CPABC_TDEAPP_CONFIG_RESTRICTEDDATES]).";";
863 echo esc_html($row[0][CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES0]).";";
864 echo esc_html($row[0][CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES1]).";";
865 echo esc_html($row[0][CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES2]).";";
866 echo esc_html($row[0][CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES3]).";";
867 echo esc_html($row[0][CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES4]).";";
868 echo esc_html($row[0][CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES5]).";";
869 echo esc_html($row[0][CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES6]).";";
870
871 if (is_admin() && current_user_can('edit_posts'))
872 {
873 echo esc_html($row[0]["specialDates"]);
874 }
875 else
876 {
877 $special_dates = explode(";", $row[0]["specialDates"]);
878 foreach ($special_dates as $specialdate)
879 {
880 $date = explode("/",substr($specialdate,0,strpos($specialdate.",",',')));
881 if (isset($date[2]) && isset($date[1]) && isset($date[0]))
882 {
883 $datetime = strtotime($date[2]."-".$date[0]."-".$date[1]);
884 if ($datetime > $min_date) echo esc_html($specialdate).";";
885 }
886 }
887 }
888 }
889
890 exit();
891 }
892
893
894 function cpabc_appointments_calendar_load2() {
895 global $wpdb;
896 if ( ! isset( $_GET['cpabc_calendar_load2'] ) || $_GET['cpabc_calendar_load2'] != '1' )
897 return;
898 header("Cache-Control: no-store, no-cache, must-revalidate");
899 header("Pragma: no-cache");
900
901 $calid = str_replace (CPABC_TDEAPP_CAL_PREFIX, "",$_GET["id"]);
902
903 $query = "SELECT * FROM ".CPABC_TDEAPP_CONFIG." where ".CPABC_TDEAPP_CONFIG_ID."='".esc_sql($calid)."'";
904 $rowcal = $wpdb->get_results($query,ARRAY_A);
905 $min_date = strtotime($rowcal[0]["calendar_mindate"]);
906 $min_date = date("Y-m-d H:i:s", $min_date);
907 $min_date = strtotime($min_date." -1 day");
908
909
910 $query = "SELECT * FROM ".CPABC_TDEAPP_CALENDAR_DATA_TABLE." where ".CPABC_TDEAPP_DATA_IDCALENDAR."='".esc_sql($calid)."' ORDER BY ".CPABC_TDEAPP_DATA_DATETIME." ASC";
911 $row_array = $wpdb->get_results($query,ARRAY_A);
912
913 if (isset($_GET["cpabc_action"]) && $_GET["cpabc_action"] == 'mvparse' && is_admin() && current_user_can('edit_posts'))
914 {
915 $ret = array();
916 $ret['events'] = array();
917 $ret["issort"] = true;
918 $ret['error'] = null;
919 $d1 = cpabc_js2PhpTime($_POST["startdate"]);
920 $d2 = cpabc_js2PhpTime($_POST["enddate"]);
921 $d1 = mktime(0, 0, 0, date("m", $d1), date("d", $d1), date("Y", $d1));
922 $d2 = mktime(0, 0, 0, date("m", $d2), date("d", $d2), date("Y", $d2))+24*60*60-1;
923 $ret["start"] = cpabc_php2JsTime($d1);
924 $ret["end"] = cpabc_php2JsTime($d2);
925
926 define('CPABC_CAL_TIME_SLOT_SIZE'," +".get_option('CPABC_CAL_TIME_SLOT_SIZE_SET',"30")." minutes");
927
928 foreach ($row_array as $row)
929 {
930 //if ($ret["start"] == '' || $ret["start"] > strtotime($row[CPABC_TDEAPP_DATA_DATETIME]))
931 // $ret["start"] = strtotime($row[CPABC_TDEAPP_DATA_DATETIME]);
932 //if ($ret["end"] == '' || $ret["end"] < strtotime($row[CPABC_TDEAPP_DATA_DATETIME]))
933 // $ret["end"] = strtotime($row[CPABC_TDEAPP_DATA_DATETIME]);
934 $ev = array(
935 $row["id"],
936 $row[CPABC_TDEAPP_DATA_TITLE],
937 cpabc_php2JsTime(cpabc_mySql2PhpTime($row[CPABC_TDEAPP_DATA_DATETIME])),
938 cpabc_php2JsTime(cpabc_mySql2PhpTime( date("Y-m-d H:i",strtotime($row[CPABC_TDEAPP_DATA_DATETIME].CPABC_CAL_TIME_SLOT_SIZE)))),
939 0, // is all day event?
940 0, // more than one day event
941 '',//Recurring event rule,
942 '#3CF',
943 0,//editable
944 '',
945 '',//$attends
946 $row[CPABC_TDEAPP_DATA_DESCRIPTION],
947 '',
948 1
949 );
950 $ret['events'][] = $ev;
951 }
952 echo json_encode($ret);
953 exit;
954 }
955
956
957 foreach ($row_array as $row)
958 {
959 $dn = explode(" ", $row[CPABC_TDEAPP_DATA_DATETIME]);
960 $d1 = explode("-", $dn[0]);
961 $d2 = explode(":", $dn[1]);
962
963 $currentd = strtotime(intval($d1[0])."-".intval($d1[1])."-".intval($d1[2]));
964
965 if (($currentd > $min_date) || (is_admin() && current_user_can('edit_posts')))
966 {
967 echo esc_html($row[CPABC_TDEAPP_DATA_ID])."\n";
968
969 echo intval($d1[0]).",".intval($d1[1]).",".intval($d1[2])."\n";
970 echo intval($d2[0]).":".esc_html($d2[1])."\n";
971 echo esc_html($row["quantity"]?$row["quantity"]:'1')."\n";
972 if (is_admin() && current_user_can('edit_posts'))
973 {
974 echo $row[CPABC_TDEAPP_DATA_TITLE]."\n";
975 echo $row[CPABC_TDEAPP_DATA_DESCRIPTION]."\n*-*\n";
976 }
977 else
978 {
979 echo "Booked\n";
980 echo "OK\n*-*\n";
981 }
982 }
983 }
984
985 exit();
986 }
987
988
989 function cpabc_js2PhpTime($jsdate){
990 if(preg_match('@(\d+)/(\d+)/(\d+)\s+(\d+):(\d+)((am|pm)*)@', $jsdate, $matches)==1){
991 if ($matches[6]=="pm")
992 if ($matches[4]<12)
993 $matches[4] += 12;
994 $ret = mktime($matches[4], $matches[5], 0, $matches[1], $matches[2], $matches[3]);
995 }else if(preg_match('@(\d+)/(\d+)/(\d+)@', $jsdate, $matches)==1){
996 $ret = mktime(0, 0, 0, $matches[1], $matches[2], $matches[3]);
997 }
998 return $ret;
999 }
1000
1001
1002 function cpabc_php2MySqlTime($phpDate){
1003 return date("Y-m-d H:i:s", $phpDate);
1004 }
1005
1006
1007 function cpabc_php2JsTime($phpDate){
1008 return @date("m/d/Y H:i", $phpDate);
1009 }
1010
1011
1012 function cpabc_mySql2PhpTime($sqlDate){
1013 $a1 = explode (" ",$sqlDate);
1014 $a2 = explode ("-",$a1[0]);
1015 $a3 = explode (":",$a1[1]);
1016 $t = mktime($a3[0],$a3[1],$a3[2],$a2[1],$a2[2],$a2[0]);
1017 return $t;
1018 }
1019
1020
1021 function cpabc_appointments_calendar_update() {
1022 global $wpdb, $user_ID;
1023
1024 if ( ! isset( $_GET['cpabc_calendar_update'] ) || $_GET['cpabc_calendar_update'] != '1' )
1025 return;
1026
1027 $calid = intval(str_replace (CPABC_TDEAPP_CAL_PREFIX, "",$_GET["id"]));
1028 if ( ! current_user_can('edit_pages') && !cpabc_appointments_user_access_to($calid) )
1029 return;
1030
1031 cpabc_appointments_add_field_verify(CPABC_TDEAPP_CONFIG, 'specialDates');
1032
1033 header("Cache-Control: no-store, no-cache, must-revalidate");
1034 header("Pragma: no-cache");
1035 if ( $user_ID )
1036 $wpdb->query("update ".CPABC_TDEAPP_CONFIG." set specialDates='".esc_sql(sanitize_text_field($_POST["specialDates"]))."',".CPABC_TDEAPP_CONFIG_WORKINGDATES."='".esc_sql(sanitize_text_field($_POST["workingDates"]))."',".CPABC_TDEAPP_CONFIG_RESTRICTEDDATES."='".esc_sql(sanitize_text_field($_POST["restrictedDates"]))."',".CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES0."='".esc_sql(sanitize_text_field($_POST["timeWorkingDates0"]))."',".CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES1."='".esc_sql(sanitize_text_field($_POST["timeWorkingDates1"]))."',".CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES2."='".esc_sql(sanitize_text_field($_POST["timeWorkingDates2"]))."',".CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES3."='".esc_sql(sanitize_text_field($_POST["timeWorkingDates3"]))."',".CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES4."='".esc_sql(sanitize_text_field($_POST["timeWorkingDates4"]))."',".CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES5."='".esc_sql(sanitize_text_field($_POST["timeWorkingDates5"]))."',".CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES6."='".esc_sql(sanitize_text_field($_POST["timeWorkingDates6"]))."' where ".CPABC_TDEAPP_CONFIG_ID."=".$calid);
1037
1038 exit();
1039 }
1040
1041
1042 function cpabc_appointments_calendar_update2() {
1043 global $wpdb, $user_ID;
1044
1045 if ( ! isset( $_GET['cpabc_calendar_update2'] ) || $_GET['cpabc_calendar_update2'] != '1' )
1046 return;
1047
1048 $calid = intval(str_replace (CPABC_TDEAPP_CAL_PREFIX, "",$_GET["id"]));
1049 if ( ! current_user_can('edit_pages') && !cpabc_appointments_user_access_to($calid) )
1050 return;
1051
1052 header("Cache-Control: no-store, no-cache, must-revalidate");
1053 header("Pragma: no-cache");
1054 if ( $user_ID )
1055 {
1056 if ($_GET["act"]=='del')
1057 $wpdb->query("delete from ".CPABC_TDEAPP_CALENDAR_DATA_TABLE." where ".CPABC_TDEAPP_DATA_IDCALENDAR."=".intval($calid)." and ".CPABC_TDEAPP_DATA_ID."=".intval($_POST["sqlId"]));
1058 else if ($_GET["act"]=='edit')
1059 {
1060 $data = explode("\n", $_POST["appoiments"]);
1061 $d1 = explode(",", $data[0]);
1062 $d2 = explode(":", $data[1]);
1063 $datetime = sanitize_text_field($d1[0])."-".sanitize_text_field($d1[1])."-".sanitize_text_field($d1[2])." ".sanitize_text_field($d2[0]).":".sanitize_text_field($d2[1]);
1064 $capacity = sanitize_text_field($data[2]);
1065 $title = sanitize_text_field($data[3]);
1066 $description = "";
1067 for ($j=4;$j<count($data);$j++)
1068 {
1069 $description .= cpabc_clean_and_sanitize($data[$j]);
1070 if ($j!=count($data)-1)
1071 $description .= "\n";
1072 }
1073 $wpdb->query("update ".CPABC_TDEAPP_CALENDAR_DATA_TABLE." set ".CPABC_TDEAPP_DATA_DATETIME."='".esc_sql($datetime)."',quantity='".esc_sql($capacity)."',".CPABC_TDEAPP_DATA_TITLE."='".esc_sql($title)."',".CPABC_TDEAPP_DATA_DESCRIPTION."='".esc_sql($description)."' where ".CPABC_TDEAPP_DATA_IDCALENDAR."=".intval($calid)." and ".CPABC_TDEAPP_DATA_ID."=".intval($_POST["sqlId"]));
1074 }
1075 else if ($_GET["act"]=='add')
1076 {
1077 $data = explode("\n", $_POST["appoiments"]);
1078 $d1 = explode(",", $data[0]);
1079 $d2 = explode(":", $data[1]);
1080 $datetime = sanitize_text_field($d1[0])."-".sanitize_text_field($d1[1])."-".sanitize_text_field($d1[2])." ".sanitize_text_field($d2[0]).":".sanitize_text_field($d2[1]);
1081 $capacity = sanitize_text_field($data[2]);
1082 $title = sanitize_text_field($data[3]);
1083 $description = "";
1084 for ($j=4;$j<count($data);$j++)
1085 {
1086 $description .= cpabc_clean_and_sanitize($data[$j]);
1087 if ($j!=count($data)-1)
1088 $description .= "\n";
1089 }
1090 $wpdb->query("insert into ".CPABC_TDEAPP_CALENDAR_DATA_TABLE."(".CPABC_TDEAPP_DATA_IDCALENDAR.",".CPABC_TDEAPP_DATA_DATETIME.",".CPABC_TDEAPP_DATA_TITLE.",".CPABC_TDEAPP_DATA_DESCRIPTION.",quantity) values(".intval($calid).",'".esc_sql($datetime)."','".esc_sql($title)."','".esc_sql($description)."','".esc_sql($capacity)."') ");
1091 echo esc_html($wpdb->insert_id);
1092
1093 }
1094 }
1095
1096 exit();
1097 }
1098
1099 function cpabc_get_captcha_params()
1100 {
1101 $str = '&inAdmin=1';
1102 $tmp = cpabc_get_option('dexcv_width', CPABC_TDEAPP_DEFAULT_dexcv_width);
1103 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_width) $str .='&width='.$tmp;
1104
1105 $tmp = cpabc_get_option('dexcv_height', CPABC_TDEAPP_DEFAULT_dexcv_height);
1106 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_height) $str .='&height='.$tmp;
1107
1108 $tmp = cpabc_get_option('dexcv_chars', CPABC_TDEAPP_DEFAULT_dexcv_chars);
1109 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_chars) $str .='&letter_count='.$tmp;
1110
1111 $tmp = cpabc_get_option('dexcv_min_font_size', CPABC_TDEAPP_DEFAULT_dexcv_min_font_size);
1112 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_min_font_size) $str .='&min_size='.$tmp;
1113
1114 $tmp = cpabc_get_option('dexcv_max_font_size', CPABC_TDEAPP_DEFAULT_dexcv_max_font_size);
1115 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_max_font_size) $str .='&max_size='.$tmp;
1116
1117 $tmp = cpabc_get_option('dexcv_noise', CPABC_TDEAPP_DEFAULT_dexcv_noise);
1118 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_noise) $str .='&noise='.$tmp;
1119
1120 $tmp = cpabc_get_option('dexcv_noise_length', CPABC_TDEAPP_DEFAULT_dexcv_noise_length);
1121 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_noise_length) $str .='&noiselength='.$tmp;
1122
1123 $tmp = cpabc_get_option('dexcv_background', CPABC_TDEAPP_DEFAULT_dexcv_background);
1124 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_background) $str .='&bcolor='.$tmp;
1125
1126 $tmp = cpabc_get_option('dexcv_border', CPABC_TDEAPP_DEFAULT_dexcv_border);
1127 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_border) $str .='&border='.$tmp;
1128
1129 $tmp = cpabc_get_option('dexcv_font', CPABC_TDEAPP_DEFAULT_dexcv_font);
1130 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_font) $str .='&font='.$tmp;
1131
1132 return $str;
1133 }
1134
1135 function cpabc_appointment_cleanJSON($str)
1136 {
1137 $str = str_replace('&qquot;','"',$str);
1138 $str = str_replace(' ',' ',$str);
1139 $str = str_replace("\n",'\n',$str);
1140 $str = str_replace("\r",'',$str);
1141 return $str;
1142 }
1143
1144 function cpabc_auto_language($calendar_language)
1145 {
1146 if ($calendar_language == '-')
1147 {
1148 $calendar_language = substr(strtoupper(get_bloginfo('language')),0,2);
1149 $calendar_language = str_replace ( array('ES','CS','NL','JA','KO','NB','SV',''),
1150 array('SP','CZ','DU','JP','KR','NW','SE',''), $calendar_language);
1151 }
1152 return $calendar_language;
1153 }
1154
1155 function cpabc_data_management_loaded()
1156 {
1157 global $wpdb, $cpabc_postURL;
1158
1159 $action = sanitize_text_field(cpabc_get_post_param('cpabc_do_action_loaded'));
1160 if (!$action) return; // go out if the call isn't for this one
1161
1162 if ($_POST['cpabc_publish_id']) $item = intval($_POST['cpabc_publish_id']);
1163
1164 if ($action == "wizard" && wp_verify_nonce( $_POST['nonce'], 'abc_update_actions_pwizard' ) && current_user_can('manage_options'))
1165 {
1166 $shortcode = '[CPABC_APPOINTMENT_CALENDAR calendar="'.$item .'"]';
1167 $cpabc_postURL = cpabc_publish_on( sanitize_text_field(cpabc_get_post_param("whereto")),
1168 sanitize_text_field(cpabc_get_post_param("publishpage")),
1169 sanitize_text_field(cpabc_get_post_param("publishpost")),
1170 @$shortcode,
1171 sanitize_text_field(cpabc_get_post_param("posttitle")));
1172 return;
1173 }
1174
1175 // ...
1176 echo 'Some unexpected error happened. If you see this error contact the support service at https://abc.dwbooster.com/contact-us';
1177
1178 exit();
1179 }
1180
1181
1182 function cpabc_publish_on($whereto, $publishpage = '', $publishpost = '', $content = '', $posttitle = 'Booking Form')
1183 {
1184 global $wpdb;
1185 $id = '';
1186 if ($whereto == '0' || $whereto =='1') // new page
1187 {
1188 $my_post = array(
1189 'post_title' => $posttitle,
1190 'post_type' => ($whereto == '0'?'page':'post'),
1191 'post_content' => 'This is a <b>preview</b> page, remember to publish it if needed. You can edit the full form settings into the admin settings page.<br /><br /> '.$content,
1192 'post_status' => 'draft'
1193 );
1194
1195 // Insert the post into the database
1196 $id = wp_insert_post( $my_post );
1197 }
1198 else
1199 {
1200 $id = ($whereto == '2'?$publishpage:$publishpost);
1201 $post = get_post( $id );
1202 $pos = strpos($post->post_content,$content);
1203 if ($pos === false)
1204 {
1205 $my_post = array(
1206 'ID' => $id,
1207 'post_content' => $content.$post->post_content,
1208 );
1209 // Update the post into the database
1210 wp_update_post( $my_post );
1211 }
1212 }
1213 return get_permalink($id);
1214 }
1215
1216
1217 function cpabc_appointment_get_site_url($admin = false)
1218 {
1219 $blog = get_current_blog_id();
1220 if( $admin )
1221 $url = get_admin_url( $blog );
1222 else
1223 $url = get_home_url( $blog );
1224
1225 $url = parse_url($url);
1226 $url = rtrim(@$url["path"],"/");
1227 if (is_ssl())
1228 $url = str_replace('http://', 'https://', $url);
1229 return $url;
1230 }
1231
1232
1233 function cpabc_appointment_get_FULL_site_url($admin = false)
1234 {
1235 $blog = get_current_blog_id();
1236 if( $admin )
1237 $url = get_admin_url( $blog );
1238 else
1239 $url = get_home_url( $blog );
1240
1241 $url = parse_url($url);
1242 $url = rtrim(@$url["path"],"/");
1243 $pos = strpos($url, "://");
1244 if ($pos === false)
1245 $url = 'http://'.$_SERVER["HTTP_HOST"].$url;
1246 if (is_ssl())
1247 $url = str_replace('http://', 'https://', $url);
1248 return $url;
1249 }
1250
1251 function cpabc_get_get_param ($key)
1252 {
1253 if (isset($_GET[$key]))
1254 return $_GET[$key];
1255 else
1256 return "";
1257 }
1258
1259 function cpabc_get_post_param ($key)
1260 {
1261 if (isset($_POST[$key]))
1262 return $_POST[$key];
1263 else
1264 return "";
1265 }
1266
1267 // cpabc_cpabc_get_option:
1268 $cpabc_option_buffered_item = false;
1269 $cpabc_option_buffered_id = -1;
1270
1271 function cpabc_get_option ($field, $default_value = '')
1272 {
1273 global $wpdb, $cpabc_option_buffered_item, $cpabc_option_buffered_id;
1274 if (!defined('CP_CALENDAR_ID'))
1275 $id = 0;
1276 else
1277 $id = CP_CALENDAR_ID;
1278 if ($cpabc_option_buffered_id == $id)
1279 $value = (isset($cpabc_option_buffered_item->$field) ? $cpabc_option_buffered_item->$field : '');
1280 else
1281 {
1282
1283 $myrows = $wpdb->get_results( "SELECT * FROM ".CPABC_APPOINTMENTS_CONFIG_TABLE_NAME." WHERE id=".intval($id) );
1284 $value = @$myrows[0]->$field;
1285 $cpabc_option_buffered_item = @$myrows[0];
1286 $cpabc_option_buffered_id = $id;
1287 }
1288 if ($value == '' && @$cpabc_option_buffered_item->calendar_language == '')
1289 $value = $default_value;
1290 return $value;
1291 }
1292
1293 function cpabc_appointment_is_administrator()
1294 {
1295 return current_user_can('manage_options');
1296 }
1297
1298
1299 $codepeople_promote_banner_plugins[ 'appointment-booking-calendar' ] = array(
1300 'plugin_name' => 'Appointment Booking Calendar',
1301 'plugin_url' => 'https://wordpress.org/support/plugin/appointment-booking-calendar/reviews/?filter=5#new-post'
1302 );
1303 require_once 'banner.php';
1304
1305 ?>