PluginProbe ʕ •ᴥ•ʔ
Appointment Booking Calendar / 1.4.03
Appointment Booking Calendar v1.4.03
1.4.04 1.4.03 1.4.02 trunk 1.3.51 1.3.52 1.3.53 1.3.54 1.3.55 1.3.56 1.3.57 1.3.58 1.3.59 1.3.60 1.3.61 1.3.62 1.3.63 1.3.64 1.3.65 1.3.66 1.3.67 1.3.68 1.3.69 1.3.70 1.3.71 1.3.72 1.3.73 1.3.74 1.3.75 1.3.76 1.3.77 1.3.78 1.3.79 1.3.80 1.3.81 1.3.82 1.3.83 1.3.84 1.3.85 1.3.86 1.3.87 1.3.88 1.3.89 1.3.90 1.3.91 1.3.92 1.3.93 1.3.94 1.3.95 1.3.96 1.3.97 1.3.98 1.3.99 1.4.01
appointment-booking-calendar / inc / cpabc_apps_go.inc.php
appointment-booking-calendar / inc Last commit date
banner.php 1 week ago cp-feedback.php 1 week ago cp_admin_int_edition.inc.php 1 week ago cpabc_appointments_admin_addbk.inc.php 1 week ago cpabc_appointments_admin_int.inc.php 1 week ago cpabc_appointments_admin_int_bookings_list.inc.php 1 week ago cpabc_appointments_admin_int_calendar_list.inc.php 1 week ago cpabc_appointments_admin_int_edit_booking.inc.php 1 week ago cpabc_apps_go.inc.php 1 week ago cpabc_apps_on.inc.php 1 week ago cpabc_publish_wizzard.inc.php 1 week ago cpabc_scheduler.inc.php 1 week ago index.html 1 week ago
cpabc_apps_go.inc.php
1376 lines
1 <?php
2
3 if ( ! defined( 'ABSPATH' ) )
4 {
5 echo 'Direct access not allowed.';
6 exit;
7 }
8
9
10 function cpabc_appointments_main_initialization()
11 {
12 global $wpdb;
13
14 if ( isset( $_GET['cpabc_ipncheck'] ) && $_GET['cpabc_ipncheck'] != '' )
15 {
16 cpabc_appointments_check_IPN_verification();
17 return;
18 }
19
20 if (false == get_option('ABC_ONE_TIME_4UPDATE',false))
21 {
22 cpabc_appointments_add_field_verify($wpdb->prefix.CPABC_APPOINTMENTS_CALENDARS_TABLE_NAME_NO_PREFIX, 'who_added', "VARCHAR(25) DEFAULT '' NOT NULL");
23 cpabc_appointments_add_field_verify($wpdb->prefix.CPABC_APPOINTMENTS_CALENDARS_TABLE_NAME_NO_PREFIX, 'who_edited', "VARCHAR(25) DEFAULT '' NOT NULL");
24 cpabc_appointments_add_field_verify($wpdb->prefix.CPABC_APPOINTMENTS_CALENDARS_TABLE_NAME_NO_PREFIX, 'who_cancelled', "VARCHAR(25) DEFAULT '' NOT NULL");
25 cpabc_appointments_add_field_verify($wpdb->prefix.CPABC_APPOINTMENTS_CALENDARS_TABLE_NAME_NO_PREFIX, 'is_cancelled', "VARCHAR(25) DEFAULT '0' NOT NULL");
26 cpabc_appointments_add_field_verify($wpdb->prefix.CPABC_APPOINTMENTS_CALENDARS_TABLE_NAME_NO_PREFIX, 'is_verified', "VARCHAR(25) DEFAULT '0' NOT NULL");
27 cpabc_appointments_add_field_verify($wpdb->prefix.CPABC_APPOINTMENTS_CALENDARS_TABLE_NAME_NO_PREFIX, 'verified_required', "VARCHAR(25) DEFAULT '0' NOT NULL");
28 cpabc_appointments_add_field_verify($wpdb->prefix.CPABC_APPOINTMENTS_CALENDARS_TABLE_NAME_NO_PREFIX, 'cancelled_reason', "TEXT");
29 update_option('ABC_ONE_TIME_4UPDATE',true);
30 }
31
32 if(isset($_GET) && array_key_exists('cpabc_app',$_GET)) {
33 if ( $_GET["cpabc_app"] == 'calfeed' )
34 {
35 if ($_GET["id"] != '' && substr(md5($_GET["id"].get_option('ABC_RCODE',$_SERVER["DOCUMENT_ROOT"])),0,10) == $_GET["verify"])
36 cpabc_export_iCal();
37 else
38 {
39 echo 'Access denied - verify value is not correct.';
40 exit;
41 }
42
43 }
44
45 if ($_GET["cpabc_app"] == 'captcha')
46 {
47 @include_once dirname( __FILE__ ) . '/../captcha/captcha.php';
48 exit;
49 }
50
51 }
52
53 if (isset( $_GET['cpabc_appointments_csv'] ) && is_admin() && current_user_can('edit_posts') && wp_verify_nonce( $_REQUEST['rsave'], 'uname_abc_bklist' ))
54 {
55 cpabc_appointments_export_csv();
56 return;
57 }
58
59 if (isset( $_GET['cpabc_app'] ) && $_GET['cpabc_app'] == 'cpabc_loadmindate' && is_admin() && current_user_can('edit_posts') )
60 {
61 if ($_GET["code"] == '')
62 echo '';
63 else
64 {
65 $date = date("Y-m-d H:i",strtotime($_GET["code"]));
66 if (date("Y",strtotime($_GET["code"])) == '1970')
67 echo '<span style="color:#DD0000;">Error! Invalid date format!. Calculated min date for today: '.esc_html($date).'</span>';
68 else
69 echo '<span style="color:#008800;">Calculated min date for today: '.esc_html($date).'</span>';
70 }
71 exit;
72 }
73
74 if (isset( $_GET['cpabc_app'] ) && $_GET['cpabc_app'] == 'cpabc_loadmaxdate' && is_admin() && current_user_can('edit_posts') )
75 {
76 if ($_GET["code"] == '')
77 echo '';
78 else
79 {
80 $date = date("Y-m-d H:i",strtotime($_GET["code"]));
81 if (date("Y",strtotime($_GET["code"])) == '1970')
82 echo '<span style="color:#DD0000;">Error! Invalid date format!. Calculated max date for today: '.esc_html($date).'</span>';
83 else
84 {
85 echo '<span style="color:#008800;">Calculated max date for today: '.esc_html($date).'</span>';
86 $date2 = date("Y-m-d H:i",strtotime($_GET["code2"]));
87 if ($date2 >= $date)
88 echo '<br /><span style="color:#DD0000;">Error! Max date is smaller than min date, so no days will be available in the calendar.</span>';
89 }
90 }
91 exit;
92 }
93
94 if (isset($_GET["cpabc_c"]) && $_GET['cpabc_c'] == '1')
95 {
96 cpabc_process_cancel_go_appointment();
97 }
98
99 if (!defined('CP_CALENDAR_ID') && isset($_POST["cpabc_item"]))
100 define ('CP_CALENDAR_ID', intval($_POST["cpabc_item"]));
101
102 if ( 'POST' == $_SERVER['REQUEST_METHOD'] && isset( $_POST['cpabc_appointments_post_options'] ) && (is_admin() || cpabc_appointments_user_access_to(CP_CALENDAR_ID) ))
103 {
104 cpabc_appointments_save_options();
105 return;
106 }
107
108 // if this isn't the expected post and isn't the captcha verification then nothing to do
109 if ( 'POST' != $_SERVER['REQUEST_METHOD'] || ! isset( $_POST['cpabc_appointments_post'] ) )
110 if ( 'GET' != $_SERVER['REQUEST_METHOD'] || !isset( $_GET['hdcaptcha'] ) )
111 return;
112
113
114 if (function_exists('session_start')) @session_start();
115
116 $hdcaptcha = '';
117 if (isset($_GET["hdcaptcha"]) && $_GET['hdcaptcha'] != '')
118 $hdcaptcha = sanitize_text_field($_GET["hdcaptcha"]);
119 else if (isset($_POST["hdcaptcha"]) && $_POST['hdcaptcha']!= '')
120 $hdcaptcha = sanitize_text_field($_POST['hdcaptcha']);
121
122 $captcha_tr = '';
123 if (!empty($_COOKIE['rand_code'])) $captcha_tr = get_transient( "cpeople-captcha-".sanitize_key($_COOKIE['rand_code']));
124
125 if (
126 (!is_admin() && cpabc_get_option('dexcv_enable_captcha', CPABC_TDEAPP_DEFAULT_dexcv_enable_captcha) != 'false') &&
127 ( (strtolower($hdcaptcha) != strtolower($_SESSION['rand_code'])) ||
128 ($_SESSION['rand_code'] == '')
129 )
130 &&
131 ( ((strtolower($hdcaptcha)) != ($captcha_tr)) ||
132 ($captcha_tr == '')
133 )
134 )
135 {
136 $_SESSION['rand_code'] = '';
137 setCookie('rand_code', '', time()+36000,"/");
138 echo 'captchafailed';
139 exit;
140 }
141
142 // if this isn't the real post (it was the captcha verification) then echo ok and exit
143 if ( 'POST' != $_SERVER['REQUEST_METHOD'] || ! isset( $_POST['cpabc_appointments_post'] ) )
144 {
145 if (!isset($_GET["abcc"]))
146 return;
147 echo 'ok';
148 exit;
149 }
150
151 $_SESSION['rand_code'] = '';
152
153 if (!wp_verify_nonce( $_REQUEST['_wpnonce'], 'cpabc_bkcontrol' ))
154 {
155 echo "Access verification error. Unauthorized.";
156 exit;
157 }
158
159
160
161 $selectedCalendar = sanitize_key($_POST["cpabc_item"]);
162
163 $selDaycal = sanitize_text_field($_POST["selDaycal".$selectedCalendar]);
164 if (is_admin() && $_POST["selMonthcal".$selectedCalendar] != '' && $_POST["freq"] != '10')
165 $selDaycal .= sanitize_text_field($_POST["selMonthcal".$selectedCalendar]);
166 $pdateAndTime = explode(";",str_replace(",","-", $selDaycal));
167 array_shift($pdateAndTime);
168
169 $military_time = cpabc_get_option('calendar_militarytime', CPABC_APPOINTMENTS_DEFAULT_CALENDAR_MILITARYTIME);
170 if (cpabc_get_option('calendar_militarytime', CPABC_APPOINTMENTS_DEFAULT_CALENDAR_MILITARYTIME) == '0') $format = "g:i A"; else $format = "H:i";
171
172 $calendar_dformat = cpabc_get_option('calendar_dateformat', CPABC_APPOINTMENTS_DEFAULT_CALENDAR_DATEFORMAT);
173 if ($calendar_dformat == '5')
174 $format = "Y-m-d ".$format;
175 else if ($calendar_dformat == '2')
176 $format = "d.m.Y ".$format;
177 else if ($calendar_dformat == '1')
178 $format = "d/m/Y ".$format;
179 else
180 $format = "m/d/Y ".$format;
181
182 $pdate = array();
183 for($n=0;$n<count($pdateAndTime); $n++)
184 {
185 $pdateAndTime[$n] = date("Y-m-d H:i:s",strtotime($pdateAndTime[$n]));
186 $pdate[$n] = date($format,strtotime($pdateAndTime[$n]));
187 }
188
189 $services_formatted = array();
190
191
192 $price = explode(";",cpabc_get_option('request_cost', CPABC_APPOINTMENTS_DEFAULT_COST));
193 foreach ($price as $item => $value)
194 $price[$item] = floatval(trim(str_replace(',','', str_replace(CPABC_APPOINTMENTS_DEFAULT_CURRENCY_SYMBOL,'',
195 str_replace(CPABC_APPOINTMENTS_GBP_CURRENCY_SYMBOL,'',
196 str_replace(CPABC_APPOINTMENTS_EUR_CURRENCY_SYMBOL_A, '',
197 str_replace(CPABC_APPOINTMENTS_EUR_CURRENCY_SYMBOL_B,'', $value )))) )));
198
199 if (isset($price[count($pdateAndTime)-1]))
200 $price = $price[count($pdateAndTime)-1];
201 else
202 $price = floatval($price[0]) * count($pdateAndTime);
203
204
205 // check discount codes
206 //-------------------------------------------------
207 $discount_note = "";
208 $coupon = false;
209
210 $params = array();
211 $params["UTIMEZONE"] = sanitize_text_field(@$_POST["cpabc_appointments_utime"]);
212 $params["PRICE"] = number_format ($price, 2);
213 $params["COUPONCODE"] = ($coupon?"\nCoupon code:".$coupon->code.$discount_note."\n":"");
214 $params["QUANTITY"] = (!empty($_POST["abc_capacity"]) ? sanitize_text_field($_POST["abc_capacity"]) : '');
215
216 // get form info
217 //---------------------------
218 $params["NAME"] = sanitize_text_field($_POST["name"]);
219 $params["EMAIL"] = sanitize_email($_POST["email"]);
220 $params["PHONE"] = sanitize_text_field($_POST["phone"]);
221 $params["COMMENTS"] = sanitize_textarea_field($_POST["question"]);
222
223 $params[ 'request_timestamp' ] = (date("Y-m-d", current_time('timestamp'))). " ". (date("H:i:s", current_time('timestamp')));
224
225 $buffer_A = sanitize_textarea_field($_POST["question"]);
226 $to = "email";
227
228 $_SESSION['rand_code'] = '';
229 setCookie('rand_code', '', time()+36000,"/");
230
231 /**
232 * Action called before insert the data into database.
233 * To the function is passed an array with submitted data.
234 */
235 do_action_ref_array( 'cpabc_process_data_before_insert', array(&$params) );
236
237 // insert into database
238 //---------------------------
239
240 if (date("Y",strtotime($pdateAndTime[0])) == "1970") // if this is spam, skip
241 return;
242
243 $alldates = '';
244 for ($n=0; $n<count($pdateAndTime); $n++)
245 {
246 $params["DATE"] = trim( substr($pdate[$n], 0, strpos($pdate[$n],' ') ) );
247 $params["MAINDATE"] = $params["DATE"];
248 $params["TIME"] = trim( substr($pdate[$n], strpos($pdate[$n],' ') ) );
249
250 $alldates .= " - ".$pdate[$n]."\n";
251
252 $rows_affected = $wpdb->insert( CPABC_APPOINTMENTS_TABLE_NAME, array( 'calendar' => $selectedCalendar,
253 'time' => current_time('mysql'),
254 'booked_time' => sanitize_text_field($pdate[$n]),
255 'booked_time_unformatted' => $pdateAndTime[$n],
256 'name' => "".sanitize_text_field(@$_POST["name"]),
257 'email' => "".sanitize_email(@$_POST[$to]),
258 'phone' => "".sanitize_text_field(@$_POST["phone"]),
259 'question' => $buffer_A,
260 'quantity' => (isset($_POST["abc_capacity"])?sanitize_text_field($_POST["abc_capacity"]):1),
261 'buffered_date' => serialize($params)
262 ) );
263 if (!$rows_affected)
264 {
265 echo 'Error saving data! Please try again.';
266 echo '<br /><br />If the error persists please be sure you are using the latest version and in that case contact support service at https://abc.dwbooster.com/contact-us?debug=db';
267 exit;
268 }
269
270 // save data here
271 $item_number[] = $wpdb->insert_id;
272 }
273
274 $params["ALLDATES"] = $alldates;
275
276 // Call action for data processing
277 //---------------------------------
278 $params[ 'itemnumber' ] = $item_number[0];
279 $params[ 'itemnumbers' ] = $item_number;
280 $params[ 'useremail' ] = "".sanitize_email(@$_POST[$to]);
281 $params[ 'formid' ] = $selectedCalendar;
282 /**
283 * Action called after inserted the data into database.
284 * To the function is passed an array with submitted data.
285 */
286
287 do_action( 'cpabc_process_data', $params );
288
289 $item_number = implode(";", $item_number);
290
291 if ( is_admin() && current_user_can('edit_posts') )
292 {
293 cpabc_process_ready_to_go_appointment($item_number, '');
294 return;
295 }
296
297 if (cpabc_get_option('paypal_mode','production') == "sandbox")
298 $ppurl = 'https://www.sandbox.paypal.com/cgi-bin/webscr';
299 else
300 $ppurl = 'https://www.paypal.com/cgi-bin/webscr';
301
302 ?>
303 <html>
304 <head><title>Redirecting to Paypal...</title></head>
305 <body>
306 <form action="<?php echo esc_attr($ppurl); ?>" name="ppform3" method="post">
307 <input type="hidden" name="cmd" value="_xclick" />
308 <input type="hidden" name="business" value="<?php echo esc_attr(sanitize_email(cpabc_get_option('paypal_email', _cpabc_appointments_get_default_paypal_email() ))); ?>" />
309 <input type="hidden" name="item_name" value="<?php echo esc_attr(cpabc_get_option('paypal_product_name', CPABC_APPOINTMENTS_DEFAULT_PRODUCT_NAME)); ?>" />
310 <input type="hidden" name="custom" value="<?php echo esc_attr($item_number); ?>" />
311 <input type="hidden" name="amount" value="<?php echo floatval($price); ?>" />
312 <input type="hidden" name="page_style" value="Primary" />
313 <input type="hidden" name="no_shipping" value="<?php if (cpabc_get_option('request_address','0') != '1') echo '1'; else echo '2'; ?>" />
314 <input type="hidden" name="return" value="<?php echo esc_attr(trim(cpabc_get_option('url_ok', CPABC_APPOINTMENTS_DEFAULT_OK_URL))); ?>">
315 <input type="hidden" name="cancel_return" value="<?php echo esc_attr(cpabc_get_option('url_cancel', CPABC_APPOINTMENTS_DEFAULT_CANCEL_URL)); ?>" />
316 <input type="hidden" name="currency_code" value="<?php echo esc_attr(cpabc_appointments_clean_currency(cpabc_get_option('currency', CPABC_APPOINTMENTS_DEFAULT_CURRENCY))); ?>" />
317 <input type="hidden" name="lc" value="<?php echo esc_attr(cpabc_get_option('paypal_language', CPABC_APPOINTMENTS_DEFAULT_PAYPAL_LANGUAGE)); ?>" />
318 <input type="hidden" name="bn" value="NetFactorSL_SI_Custom" />
319 <input type="hidden" name="notify_url" value="<?php echo esc_attr(cpabc_appointment_get_FULL_site_url()); ?>/?cpabc_ipncheck=<?php echo esc_attr($item_number); ?>" />
320 </form>
321 <script type="text/javascript">
322 document.ppform3.submit();
323 </script>
324 </body>
325 </html>
326 <?php
327 exit();
328 }
329
330
331 function cpabc_appointments_clean_currency($currency)
332 {
333 $currency = trim(strtoupper($currency));
334 if ($currency == 'GPB')
335 return 'GBP';
336 else if ($currency == 'CDN')
337 return 'CAD';
338 else if ($currency == '$')
339 return 'USD';
340 else if ($currency == 'DOLLAR')
341 return 'USD';
342 else if ($currency == 'EURO')
343 return 'EUR';
344 else if ($currency == '')
345 return 'EUR';
346 else if ($currency == 'MXP')
347 return 'MXN';
348 else if ($currency == 'AUS')
349 return 'AUD';
350 else
351 return $currency;
352 }
353
354
355 function cpabc_appointments_user_access_to($calendar) {
356 global $wpdb;
357 $current_user = wp_get_current_user();
358 $myrows = $wpdb->get_results( "SELECT * FROM ".CPABC_APPOINTMENTS_CONFIG_TABLE_NAME." where id='".intval($calendar)."' AND conwer<>'' AND conwer='".esc_sql($current_user->ID)."'" );
359 return count($myrows);
360 }
361
362
363 function cpabc_verify_paypal_ipn() {
364 // Read POST data
365 $raw_post_data = file_get_contents('php://input');
366 $raw_post_array = explode('&', $raw_post_data);
367 $myPost = array();
368 foreach ($raw_post_array as $keyval) {
369 $keyval = explode('=', $keyval);
370 if (count($keyval) == 2) {
371 $myPost[$keyval[0]] = urldecode($keyval[1]);
372 }
373 }
374
375 // Build validation request back to PayPal
376 $req = 'cmd=_notify-validate';
377 foreach ($myPost as $key => $value) {
378 $value = urlencode($value);
379 $req .= "&$key=$value";
380 }
381
382 // Send validation request to PayPal
383 $paypal_url = 'https://ipnpb.paypal.com/cgi-bin/webscr';
384 $ch = curl_init($paypal_url);
385 curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
386 curl_setopt($ch, CURLOPT_POST, 1);
387 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
388 curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
389 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
390 curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
391 curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
392 curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
393
394 $res = curl_exec($ch);
395 curl_close($ch);
396
397 return (trim($res) === "VERIFIED");
398 }
399
400
401 function cpabc_appointments_check_IPN_verification() {
402
403 global $wpdb;
404
405 $itemparam = sanitize_text_field($_GET["cpabc_ipncheck"]);
406
407 $payment_status = sanitize_text_field($_POST['payment_status']);
408 $payer_email = sanitize_email($_POST['payer_email']);
409 $payment_type = sanitize_text_field($_POST['payment_type']);
410 $txnid = sanitize_text_field($_POST['txn_id']);
411
412 if (CPABC_TDEAPP_CALENDAR_STEP2_VRFY)
413 {
414
415 if (!cpabc_verify_paypal_ipn()) {
416 error_log('Invalid PayPal IPN verification');
417 die('IPN validation failed');
418 }
419
420 if ($payment_status != 'Completed' && $payment_type != 'echeck')
421 return;
422
423 if ($payment_type == 'echeck' && $payment_status == 'Completed')
424 return;
425 }
426
427 $itemnumber = explode(";",$itemparam);
428 $myrows = $wpdb->get_results( "SELECT * FROM ".CPABC_TDEAPP_CALENDAR_DATA_TABLE." WHERE reference='".intval($itemnumber[0])."'" );
429 if (count($myrows))
430 {
431 echo 'OK - Already processed';
432 exit;
433 }
434
435 $myrows = $wpdb->get_results( "SELECT * FROM ".CPABC_APPOINTMENTS_TABLE_NAME." WHERE id=".intval($itemnumber[0]) );
436 $params = unserialize($myrows[0]->buffered_date);
437 $params["txnid"] = $txnid;
438 $wpdb->query( "UPDATE ".CPABC_APPOINTMENTS_TABLE_NAME." SET buffered_date='".esc_sql(serialize($params))."' WHERE id=".intval($itemnumber[0]) );
439
440
441 cpabc_process_ready_to_go_appointment( $itemparam, $payer_email);
442
443 echo 'OK';
444
445 exit();
446
447 }
448
449 function cpabc_process_cancel_go_appointment()
450 {
451 global $wpdb;
452 $itemnumber = base64_decode($_GET["i"]);
453 $cpabc_pcode = base64_decode(get_option('CPABC_PCODE',""));
454 if (is_numeric($itemnumber) && $_GET["verify"] == substr(md5($cpabc_pcode.$itemnumber),0,10))
455 {
456 $wpdb->query( "DELETE FROM ".CPABC_TDEAPP_CALENDAR_DATA_TABLE." WHERE id=".intval($itemnumber) );
457 header("Location: ".CPABC_APPOINTMENTS_DEFAULT_ON_CANCEL_REDIRECT_TO);
458 exit;
459 } else {
460 echo 'Wrong cancellation link';
461 exit;
462 }
463 }
464
465 function cpabc_process_ready_to_go_appointment($itemnumber, $payer_email = "", $is_resend = false, $send_admin = true)
466 {
467 global $wpdb;
468
469 cpabc_appointments_add_field_verify(CPABC_TDEAPP_CALENDAR_DATA_TABLE, 'quantity', "VARCHAR(25) DEFAULT '1' NOT NULL");
470 cpabc_appointments_add_field_verify(CPABC_TDEAPP_CALENDAR_DATA_TABLE, 'reminder', "VARCHAR(1) DEFAULT '' NOT NULL");
471 cpabc_appointments_add_field_verify(CPABC_TDEAPP_CALENDAR_DATA_TABLE, 'reference', "VARCHAR(30) DEFAULT '' NOT NULL");
472
473 $itemnumber = explode(";",$itemnumber);
474 $myrows = $wpdb->get_results( "SELECT * FROM ".CPABC_APPOINTMENTS_TABLE_NAME." WHERE id=".intval($itemnumber[0]) );
475 $mycalendarrows = $wpdb->get_results( 'SELECT * FROM '.CPABC_APPOINTMENTS_CONFIG_TABLE_NAME .' WHERE `'.CPABC_TDEAPP_CONFIG_ID.'`='.intval($myrows[0]->calendar));
476 $reminder_timeline = date( "Y-m-d H:i:s", strtotime (date("Y-m-d H:i:s")." +".$mycalendarrows[0]->reminder_hours." hours") );
477 if (!defined('CP_CALENDAR_ID'))
478 define ('CP_CALENDAR_ID',$myrows[0]->calendar);
479
480 $SYSTEM_EMAIL = cpabc_get_option('notification_from_email', _cpabc_appointments_get_default_from_email() );
481 $SYSTEM_RCPT_EMAIL = cpabc_get_option('notification_destination_email', _cpabc_appointments_get_default_paypal_email() );
482
483 $email_subject1 = cpabc_get_option('email_subject_confirmation_to_user', CPABC_APPOINTMENTS_DEFAULT_SUBJECT_CONFIRMATION_EMAIL);
484 $email_content1 = cpabc_get_option('email_confirmation_to_user', CPABC_APPOINTMENTS_DEFAULT_CONFIRMATION_EMAIL);
485 $email_subject2 = cpabc_get_option('email_subject_notification_to_admin', CPABC_APPOINTMENTS_DEFAULT_SUBJECT_NOTIFICATION_EMAIL);
486 $email_content2 = cpabc_get_option('email_notification_to_admin', CPABC_APPOINTMENTS_DEFAULT_NOTIFICATION_EMAIL);
487
488 $email_content1 = str_replace("%CALENDAR%", $mycalendarrows[0]->uname, $email_content1);
489 $email_content2 = str_replace("%CALENDAR%", $mycalendarrows[0]->uname, $email_content2);
490
491 $params = unserialize($myrows[0]->buffered_date);
492 $attachments = array();
493 foreach ($params as $item => $value)
494 {
495 $email_content1 = str_replace('<%'.$item.'%>',(is_array($value)?(implode(", ",$value)):($value)),$email_content1);
496 $email_content2 = str_replace('<%'.$item.'%>',(is_array($value)?(implode(", ",$value)):($value)),$email_content2);
497 $email_content1 = str_replace('%'.$item.'%',(is_array($value)?(implode(", ",$value)):($value)),$email_content1);
498 $email_content2 = str_replace('%'.$item.'%',(is_array($value)?(implode(", ",$value)):($value)),$email_content2);
499 if (strpos($item,"_link"))
500 $attachments[] = $value;
501 }
502 $buffered_dates = array();
503 for ($n=0;$n<count($itemnumber);$n++)
504 {
505 $myrows = $wpdb->get_results( "SELECT * FROM ".CPABC_APPOINTMENTS_TABLE_NAME." WHERE id=".intval($itemnumber[$n]) );
506 $buffered_dates[] = $myrows[0]->booked_time;
507 $information = $mycalendarrows[0]->uname."\n".
508 $myrows[0]->booked_time."\n".
509 ($myrows[0]->name?$myrows[0]->name."\n":"").
510 $myrows[0]->email."\n".
511 ($myrows[0]->phone?$myrows[0]->phone."\n":"").
512 $myrows[0]->question."\n";
513
514 if ($reminder_timeline > date("Y-m-d H:i:s", strtotime($myrows[0]->booked_time_unformatted)))
515 $reminder = '1';
516 else
517 $reminder = '';
518
519 if (!$is_resend)
520 $rows_affected = $wpdb->insert( CPABC_TDEAPP_CALENDAR_DATA_TABLE, array( 'appointment_calendar_id' => $myrows[0]->calendar,
521 'datatime' => date("Y-m-d H:i:s", strtotime($myrows[0]->booked_time_unformatted)),
522 'title' => $myrows[0]->email,
523 'reminder' => $reminder,
524 'quantity' => (isset($myrows[0]->quantity)?$myrows[0]->quantity:1),
525 'description' => str_replace("\n","<br />", $information),
526 'reference' => intval($itemnumber[$n])
527 ) );
528 // SEND EMAILS START
529 if ($n == count($itemnumber)-1) // send emails only once
530 {
531
532 $params['itemnumber'] = $wpdb->insert_id;
533
534 $information = $mycalendarrows[0]->uname."\n".
535 implode(" - ",$buffered_dates)."\n".
536 ($myrows[0]->name?$myrows[0]->name."\n":"").
537 $myrows[0]->email."\n".
538 ($myrows[0]->phone?$myrows[0]->phone."\n":"").
539 $myrows[0]->question."\n";
540
541 $email_content1 = str_replace("%INFORMATION%", $information, $email_content1);
542 $email_content2 = str_replace("%INFORMATION%", $information, $email_content2);
543
544 $itemnumberdb = $wpdb->insert_id;
545 $cpabc_pcode = base64_decode(get_option('CPABC_PCODE',""));
546 $cancel_link = cpabc_appointment_get_FULL_site_url().'/?cpabc_c=1&i='.base64_encode($itemnumberdb).'&verify='.substr(md5($cpabc_pcode.$itemnumberdb),0,10).'&a=1';
547
548 $email_content1 = str_replace("%CANCEL%", $cancel_link, $email_content1);
549 $email_content2 = str_replace("%CANCEL%", $cancel_link, $email_content2);
550
551 $email_content1 = str_replace("%ALLDATES%", implode("\n",$buffered_dates), $email_content1);
552 $email_content2 = str_replace("%ALLDATES%", implode("\n",$buffered_dates), $email_content2);
553
554 if (!strpos($SYSTEM_EMAIL,">"))
555 $SYSTEM_EMAIL = '"'.$SYSTEM_EMAIL.'" <'.$SYSTEM_EMAIL.'>';
556
557 // SEND EMAIL TO USER
558 $replyto = $myrows[0]->email;
559 if ('html' == cpabc_get_option('nuser_emailformat', CPABC_APPOINTMENTS_DEFAULT_email_format)) $content_type = "Content-Type: text/html; charset=utf-8\n"; else $content_type = "Content-Type: text/plain; charset=utf-8\n";
560
561 if (!is_admin() || isset($_POST["sendemails_admin"]) || defined('CPABC_IS_RESEND') )
562 {
563 wp_mail($myrows[0]->email, $email_subject1, $email_content1,
564 "From: ".$SYSTEM_EMAIL."\r\n".
565 $content_type.
566 "X-Mailer: PHP/" . phpversion());
567
568 if ($payer_email && strtolower($payer_email) != strtolower($myrows[0]->email))
569 wp_mail($payer_email , $email_subject1, $email_content1,
570 "From: ".$SYSTEM_EMAIL."\r\n".
571 $content_type.
572 "X-Mailer: PHP/" . phpversion());
573
574 // SEND EMAIL TO ADMIN
575 if ('html' == cpabc_get_option('nadmin_emailformat', CPABC_APPOINTMENTS_DEFAULT_email_format)) $content_type = "Content-Type: text/html; charset=utf-8\n"; else $content_type = "Content-Type: text/plain; charset=utf-8\n";
576 $to = explode(",",$SYSTEM_RCPT_EMAIL);
577 foreach ($to as $item)
578 if (trim($item) != '')
579 {
580 wp_mail(trim($item), $email_subject2, $email_content2,
581 "From: ".$SYSTEM_EMAIL."\r\n".
582 ($replyto!=''?"Reply-To: ".$replyto."\r\n":'').
583 $content_type.
584 "X-Mailer: PHP/" . phpversion(), $attachments);
585 }
586 }
587 }
588 // SEND EMAILS END
589 }
590 }
591
592 function cpabc_appointments_add_field_verify ($table, $field, $type = "text")
593 {
594 global $wpdb;
595 $results = $wpdb->get_results("SHOW columns FROM `".$table."` where field='".$field."'");
596 if (!count($results))
597 {
598 $sql = "ALTER TABLE `".$table."` ADD `".$field."` ".$type;
599 $wpdb->query($sql);
600 }
601 }
602
603
604 function cpabc_appointments_save_options()
605 {
606 global $wpdb;
607 if (!defined('CP_CALENDAR_ID'))
608 define ('CP_CALENDAR_ID', intval($_POST["cpabc_item"]));
609
610 if (!wp_verify_nonce( $_REQUEST['_wpnonce'], 'uname_abc' ))
611 {
612 echo "Access verification error. Cannot update settings.";
613 return;
614 }
615
616 if ( ! current_user_can('edit_pages') && !cpabc_appointments_user_access_to(CP_CALENDAR_ID) ) // prevent loading coupons from outside admin area
617 {
618 echo 'No enough privilegies to load this content.';
619 exit;
620 }
621 if ($_POST["cpabc_appointments_control_field"] == '\\"')
622 foreach ($_POST as $item => $value)
623 if (!is_array($value))
624 $_POST[$item] = stripcslashes($value);
625
626
627 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'enable_reminder');
628 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'reminder_hours');
629 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'reminder_subject');
630 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'reminder_content');
631 cpabc_appointments_add_field_verify(CPABC_TDEAPP_CALENDAR_DATA_TABLE, 'reminder', "VARCHAR(1) DEFAULT '' NOT NULL");
632 cpabc_appointments_add_field_verify(CPABC_TDEAPP_CALENDAR_DATA_TABLE, 'quantity', "VARCHAR(25) DEFAULT '1' NOT NULL");
633
634 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'min_slots');
635 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'max_slots');
636 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'close_fpanel');
637 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'quantity_field');
638
639 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'calendar_startyear', "VARCHAR(20) DEFAULT '' NOT NULL");
640 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'calendar_startmonth', "VARCHAR(20) DEFAULT '' NOT NULL");
641 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'calendar_theme');
642
643 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'paypal_mode');
644 cpabc_appointments_add_field_verify(CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, 'request_address');
645
646
647 $request_cost = '';
648 for ($k=1;$k <= intval($_POST["max_slots"]); $k++)
649 $request_cost .= ($k!=1?";":"").cpabc_clean_price($_POST["request_cost_".$k]);
650
651 $data = array(
652 'calendar_language' => sanitize_text_field($_POST["calendar_language"]),
653 'calendar_dateformat' => sanitize_text_field($_POST["calendar_dateformat"]),
654 'calendar_pages' => sanitize_text_field($_POST["calendar_pages"]),
655 'calendar_militarytime' => sanitize_text_field($_POST["calendar_militarytime"]),
656 'calendar_weekday' => sanitize_text_field($_POST["calendar_weekday"]),
657 'calendar_mindate' => sanitize_text_field($_POST["calendar_mindate"]),
658 'calendar_maxdate' => sanitize_text_field($_POST["calendar_maxdate"]),
659 'min_slots' => sanitize_text_field($_POST["min_slots"]),
660 'max_slots' => sanitize_text_field($_POST["max_slots"]),
661 'close_fpanel' => sanitize_text_field($_POST["close_fpanel"]),
662 'quantity_field' => sanitize_text_field($_POST["quantity_field"]),
663 'request_address' => sanitize_text_field($_POST["request_address"]),
664 'paypal_mode' => sanitize_text_field($_POST["paypal_mode"]),
665
666 'calendar_startyear' => sanitize_text_field($_POST["calendar_startyear"]),
667 'calendar_startmonth' => sanitize_text_field($_POST["calendar_startmonth"]),
668 'calendar_theme' => sanitize_text_field($_POST["calendar_theme"]),
669
670 'paypal_email' => sanitize_email($_POST["paypal_email"]),
671 'request_cost' => sanitize_text_field($request_cost),
672 'paypal_product_name' => sanitize_text_field($_POST["paypal_product_name"]),
673 'currency' => sanitize_text_field($_POST["currency"]),
674 'url_ok' => sanitize_text_field($_POST["url_ok"]),
675 'url_cancel' => sanitize_text_field($_POST["url_cancel"]),
676 'paypal_language' => sanitize_text_field($_POST["paypal_language"]),
677
678 'nuser_emailformat' => sanitize_text_field(@$_POST["nuser_emailformat"]),
679 'nadmin_emailformat' => sanitize_text_field($_POST["nadmin_emailformat"]),
680 'nremind_emailformat' => sanitize_text_field($_POST["nremind_emailformat"]),
681
682 'vs_text_is_required' => sanitize_text_field($_POST['vs_text_is_required']),
683 'vs_text_is_email' => sanitize_text_field($_POST['vs_text_is_email']),
684 'vs_text_datemmddyyyy' => sanitize_text_field($_POST['vs_text_datemmddyyyy']),
685 'vs_text_dateddmmyyyy' => sanitize_text_field($_POST['vs_text_dateddmmyyyy']),
686 'vs_text_number' => sanitize_text_field($_POST['vs_text_number']),
687 'vs_text_digits' => sanitize_text_field($_POST['vs_text_digits']),
688 'vs_text_max' => sanitize_text_field($_POST['vs_text_max']),
689 'vs_text_min' => sanitize_text_field($_POST['vs_text_min']),
690 'vs_text_submitbtn' => sanitize_text_field($_POST['vs_text_submitbtn']),
691
692 'cu_user_email_field' => sanitize_text_field(cpabc_get_post_param("cu_user_email_field")),
693
694 'notification_from_email' => sanitize_text_field($_POST["notification_from_email"]),
695 'notification_destination_email' => sanitize_text_field($_POST["notification_destination_email"]),
696 'email_subject_confirmation_to_user' => sanitize_text_field($_POST["email_subject_confirmation_to_user"]),
697 'email_confirmation_to_user' => cpabc_clean_and_sanitize($_POST["email_confirmation_to_user"]),
698 'email_subject_notification_to_admin' => sanitize_text_field($_POST["email_subject_notification_to_admin"]),
699 'email_notification_to_admin' => cpabc_clean_and_sanitize($_POST["email_notification_to_admin"]),
700
701 'enable_reminder' => sanitize_text_field(cpabc_get_post_param("enable_reminder")),
702 'reminder_hours' => sanitize_text_field(cpabc_get_post_param("reminder_hours")),
703 'reminder_subject' => sanitize_text_field(cpabc_get_post_param("reminder_subject")),
704 'reminder_content' => cpabc_clean_and_sanitize(cpabc_get_post_param("reminder_content")),
705
706 'dexcv_enable_captcha' => sanitize_text_field($_POST["dexcv_enable_captcha"]),
707 'dexcv_width' => sanitize_text_field($_POST["dexcv_width"]),
708 'dexcv_height' => sanitize_text_field($_POST["dexcv_height"]),
709 'dexcv_chars' => sanitize_text_field($_POST["dexcv_chars"]),
710 'dexcv_min_font_size' => sanitize_text_field($_POST["dexcv_min_font_size"]),
711 'dexcv_max_font_size' => sanitize_text_field($_POST["dexcv_max_font_size"]),
712 'dexcv_noise' => sanitize_text_field($_POST["dexcv_noise"]),
713 'dexcv_noise_length' => sanitize_text_field($_POST["dexcv_noise_length"]),
714 'dexcv_background' => sanitize_text_field(str_replace('#','',$_POST['dexcv_background'])),
715 'dexcv_border' => sanitize_text_field(str_replace('#','',$_POST['dexcv_border'])),
716 'dexcv_font' => sanitize_text_field($_POST["dexcv_font"]),
717 'cv_text_enter_valid_captcha' => sanitize_text_field($_POST['cv_text_enter_valid_captcha']),
718 'cp_cal_checkboxes' => sanitize_text_field(cpabc_get_post_param("cp_cal_checkboxes"))
719 );
720 $wpdb->update ( CPABC_APPOINTMENTS_CONFIG_TABLE_NAME, $data, array( 'id' => CP_CALENDAR_ID ));
721 }
722
723
724 function cpabc_clean_price($price)
725 {
726 return preg_replace('/[^0-9.]+/', '', str_replace(',','.',$price));
727 }
728
729
730 function cpabc_clean_and_sanitize ($str)
731 {
732 if ( is_object( $str ) || is_array( $str ) ) {
733 return '';
734 }
735 $str = (string) $str;
736 $str = str_replace('%CA','#@*cpabc',$str);
737 $filtered = wp_check_invalid_utf8( $str );
738 while ( preg_match( '/%[a-f0-9]{2}/i', $filtered, $match ) )
739 $filtered = str_replace( $match[0], '', $filtered );
740 $filtered = str_replace('#@*cpabc','%CA',$filtered);
741 return trim($filtered);
742 }
743
744
745 function cpabc_appointments_get_field_name ($fieldid, $form)
746 {
747 if (is_array($form))
748 foreach($form as $item)
749 if ($item->name == $fieldid)
750 return $item->title;
751 return $fieldid;
752 }
753
754
755 function cpabc_appointments_clean_csv_value($value)
756 {
757 $value = trim($value);
758 while (strlen($value) > 1 && in_array($value[0],array('=','@')))
759 $value = trim(substr($value, 1));
760 return $value;
761 }
762
763 function cpabc_appointments_export_csv ()
764 {
765 if (!is_admin())
766 return;
767 global $wpdb;
768
769 if (!defined('CP_CALENDAR_ID'))
770 define ('CP_CALENDAR_ID',intval($_GET["cal"]));
771
772 $form_data = json_decode(cpabc_appointment_cleanJSON(cpabc_get_option('form_structure', CPABC_APPOINTMENTS_DEFAULT_form_structure)));
773
774 $excluded = explode(",",get_option('CPABC_EXCLUDED_COLUMNS',""));
775 for ($i=0; $i<count($excluded); $i++)
776 $excluded[$i] = trim($excluded[$i]);
777
778 $cond = '';
779
780 if ($_GET["search"] != '') $cond .= " AND (buffered_date like '%".esc_sql(sanitize_text_field($_GET["search"]))."%')";
781 if ($_GET["dfrom"] != '') $cond .= " AND (`booked_time_unformatted` >= '".esc_sql(sanitize_text_field($_GET["dfrom"]))."')";
782 if ($_GET["dto"] != '') $cond .= " AND (`booked_time_unformatted` <= '".esc_sql(sanitize_text_field($_GET["dto"]))." 23:59:59')";
783
784 if (CP_CALENDAR_ID != 0) {
785 $query = "SELECT * FROM ".CPABC_TDEAPP_CONFIG." where ".CPABC_TDEAPP_CONFIG_ID."='".esc_sql(intval(CP_CALENDAR_ID))."'";
786 $rowcal = $wpdb->get_results($query,ARRAY_A);
787 $current_user = wp_get_current_user();
788 if (!cpabc_appointment_is_administrator() && !($rowcal[0]["conwer"] == $current_user->ID)) {
789 echo 'Access not verified';
790 exit;
791 }
792 $cond .= " AND appointment_calendar_id=".intval(CP_CALENDAR_ID);
793 } else {
794 if (!cpabc_appointment_is_administrator()) {
795 echo 'Access not verified';
796 exit;
797 }
798 }
799
800
801
802 $events = $wpdb->get_results( "SELECT * FROM ".CPABC_TDEAPP_CALENDAR_DATA_TABLE." INNER JOIN ".CPABC_APPOINTMENTS_CONFIG_TABLE_NAME." ON ".CPABC_TDEAPP_CALENDAR_DATA_TABLE.".appointment_calendar_id=".CPABC_APPOINTMENTS_CONFIG_TABLE_NAME.".id LEFT JOIN ".CPABC_APPOINTMENTS_TABLE_NAME." ON ".CPABC_TDEAPP_CALENDAR_DATA_TABLE.".reference=".CPABC_APPOINTMENTS_TABLE_NAME.".id WHERE 1=1 ".$cond );
803
804 $fields = array();
805 if (!in_array("Calendar ID",$excluded)) $fields[] = "Calendar ID";
806 if (!in_array("Calendar",$excluded)) $fields[] = "Calendar";
807 if (!in_array("Time",$excluded)) $fields[] = "Time";
808 $corefieldcount = count($fields);
809 $values = array();
810
811 foreach ($events as $item)
812 {
813 $value = array();
814 if (!in_array("Calendar ID",$excluded)) $value[] = $item->appointment_calendar_id;
815 if (!in_array("Calendar",$excluded)) $value[] = $item->uname;
816 if (!in_array("Time",$excluded)) $value[] = $item->datatime;
817
818 $data = array();
819 $data = unserialize($item->buffered_date);
820
821 if (!is_array($data))
822 {
823 $data = array(
824 'title' => $item->title,
825 'description' => $item->description
826 );
827 }
828 $end = count($fields);
829 for ($i=$corefieldcount; $i<$end; $i++)
830 if (isset($data[$fields[$i]]) ){
831 $value[$i] = $data[$fields[$i]];
832 unset($data[$fields[$i]]);
833 }
834 else $value[$i] = '';
835 foreach ($data as $k => $d)
836 if (!in_array($k,$excluded))
837 {
838 $fields[] = $k;
839 $value[] = $d;
840 }
841 $values[] = $value;
842 }
843
844 header("Content-type: application/octet-stream");
845 header("Content-Disposition: attachment; filename=bookings.csv");
846
847 $end = count($fields);
848 for ($i=0; $i<$end; $i++)
849 {
850 $hlabel = cpabc_appointments_iconv("utf-8", "ISO-8859-1//TRANSLIT//IGNORE", cpabc_appointments_get_field_name($fields[$i],@$form_data[0]));
851 echo '"'.str_replace('"','""', cpabc_appointments_clean_csv_value($hlabel)).'",';
852 }
853 echo "\n";
854 foreach ($values as $item)
855 {
856 for ($i=0; $i<$end; $i++)
857 {
858 if (!isset($item[$i]))
859 $item[$i] = '';
860 if (is_array($item[$i]))
861 $item[$i] = implode($item[$i],',');
862 $item[$i] = cpabc_appointments_iconv("utf-8", "ISO-8859-1//TRANSLIT//IGNORE", $item[$i]);
863 echo '"'.str_replace('"','""', cpabc_appointments_clean_csv_value($item[$i])).'",';
864 }
865 echo "\n";
866 }
867
868 exit;
869 }
870
871
872 function cpabc_appointments_iconv($from, $to, $text)
873 {
874 $text = trim($text);
875 if ( strlen($text) > 1 && (in_array(substr($text,0,1), array('=','@','+','-'))) )
876 {
877 if (substr($text,0,1) != '-' || floatval($text)."" != $text)
878 $text = chr(9).$text;
879 }
880 if (function_exists('iconv'))
881 return iconv($from, $to, $text);
882 else
883 return $text;
884 }
885
886
887
888 function cpabc_appointments_calendar_load() {
889 global $wpdb;
890 if ( ! isset( $_GET['cpabc_calendar_load'] ) || $_GET['cpabc_calendar_load'] != '1' )
891 return;
892
893 @header("Cache-Control: no-store, no-cache, must-revalidate");
894 @header("Pragma: no-cache");
895
896 $calid = str_replace (CPABC_TDEAPP_CAL_PREFIX, "",$_GET["id"]);
897 $query = "SELECT * FROM ".CPABC_TDEAPP_CONFIG." where ".CPABC_TDEAPP_CONFIG_ID."='".esc_sql($calid)."'";
898 $row = $wpdb->get_results($query,ARRAY_A);
899 if ($row[0])
900 {
901 $min_date = strtotime($row[0]["calendar_mindate"]." - 7 days");
902
903 // New header to mark init of calendar output
904 echo '--***--***--***---!';
905 // START:: new code to clean corrupted data
906 $working_dates = explode(",",$row[0][CPABC_TDEAPP_CONFIG_WORKINGDATES]);
907 for($i=0;$i<count($working_dates); $i++)
908 if (is_numeric($working_dates[$i]))
909 $working_dates[$i] = intval($working_dates[$i]);
910 else
911 $working_dates[$i] = '';
912 if ($working_dates[0] === '')
913 unset($working_dates[0]);
914 $working_dates = array_unique($working_dates);
915 $working_dates = implode(",",$working_dates);
916 while (!(strpos($working_dates,",,") === false))
917 $working_dates = str_replace(",,",",",$working_dates);
918 if ($working_dates[strlen($working_dates)-1] == ',')
919 $working_dates = substr($working_dates,0,strlen($working_dates)-1);
920 echo esc_html($working_dates).";";
921 // END:: new code to clean corrupted data
922 echo esc_html($row[0][CPABC_TDEAPP_CONFIG_RESTRICTEDDATES]).";";
923 echo esc_html($row[0][CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES0]).";";
924 echo esc_html($row[0][CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES1]).";";
925 echo esc_html($row[0][CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES2]).";";
926 echo esc_html($row[0][CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES3]).";";
927 echo esc_html($row[0][CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES4]).";";
928 echo esc_html($row[0][CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES5]).";";
929 echo esc_html($row[0][CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES6]).";";
930
931 if (is_admin() && current_user_can('edit_posts'))
932 {
933 echo esc_html($row[0]["specialDates"]);
934 }
935 else
936 {
937 $special_dates = explode(";", $row[0]["specialDates"]);
938 foreach ($special_dates as $specialdate)
939 {
940 $date = explode("/",substr($specialdate,0,strpos($specialdate.",",',')));
941 if (isset($date[2]) && isset($date[1]) && isset($date[0]))
942 {
943 $datetime = strtotime($date[2]."-".$date[0]."-".$date[1]);
944 if ($datetime > $min_date) echo esc_html($specialdate).";";
945 }
946 }
947 }
948 }
949
950 exit();
951 }
952
953
954 function cpabc_appointments_calendar_load2() {
955 global $wpdb;
956 if ( ! isset( $_GET['cpabc_calendar_load2'] ) || $_GET['cpabc_calendar_load2'] != '1' )
957 return;
958 header("Cache-Control: no-store, no-cache, must-revalidate");
959 header("Pragma: no-cache");
960
961 $calid = str_replace (CPABC_TDEAPP_CAL_PREFIX, "",$_GET["id"]);
962
963 $query = "SELECT * FROM ".CPABC_TDEAPP_CONFIG." where ".CPABC_TDEAPP_CONFIG_ID."='".esc_sql($calid)."'";
964 $rowcal = $wpdb->get_results($query,ARRAY_A);
965
966
967 $current_user = wp_get_current_user();
968 if (!cpabc_appointment_is_administrator() && !($rowcal[0]["conwer"] == $current_user->ID)) {
969 echo 'Access not verified';
970 exit;
971 }
972
973
974 $min_date = strtotime($rowcal[0]["calendar_mindate"]);
975 $min_date = date("Y-m-d H:i:s", $min_date);
976 $min_date = strtotime($min_date." -1 day");
977
978
979
980
981 $query = "SELECT * FROM ".CPABC_TDEAPP_CALENDAR_DATA_TABLE." where ".CPABC_TDEAPP_DATA_IDCALENDAR."='".esc_sql($calid)."' ORDER BY ".CPABC_TDEAPP_DATA_DATETIME." ASC";
982 $row_array = $wpdb->get_results($query,ARRAY_A);
983
984 if (isset($_GET["cpabc_action"]) && $_GET["cpabc_action"] == 'mvparse' && is_admin() && current_user_can('edit_posts'))
985 {
986 $ret = array();
987 $ret['events'] = array();
988 $ret["issort"] = true;
989 $ret['error'] = null;
990 $d1 = cpabc_js2PhpTime($_POST["startdate"]);
991 $d2 = cpabc_js2PhpTime($_POST["enddate"]);
992 $d1 = mktime(0, 0, 0, date("m", $d1), date("d", $d1), date("Y", $d1));
993 $d2 = mktime(0, 0, 0, date("m", $d2), date("d", $d2), date("Y", $d2))+24*60*60-1;
994 $ret["start"] = cpabc_php2JsTime($d1);
995 $ret["end"] = cpabc_php2JsTime($d2);
996
997 define('CPABC_CAL_TIME_SLOT_SIZE'," +".get_option('CPABC_CAL_TIME_SLOT_SIZE_SET',"30")." minutes");
998
999 foreach ($row_array as $row)
1000 {
1001 //if ($ret["start"] == '' || $ret["start"] > strtotime($row[CPABC_TDEAPP_DATA_DATETIME]))
1002 // $ret["start"] = strtotime($row[CPABC_TDEAPP_DATA_DATETIME]);
1003 //if ($ret["end"] == '' || $ret["end"] < strtotime($row[CPABC_TDEAPP_DATA_DATETIME]))
1004 // $ret["end"] = strtotime($row[CPABC_TDEAPP_DATA_DATETIME]);
1005 $ev = array(
1006 $row["id"],
1007 $row[CPABC_TDEAPP_DATA_TITLE],
1008 cpabc_php2JsTime(cpabc_mySql2PhpTime($row[CPABC_TDEAPP_DATA_DATETIME])),
1009 cpabc_php2JsTime(cpabc_mySql2PhpTime( date("Y-m-d H:i",strtotime($row[CPABC_TDEAPP_DATA_DATETIME].CPABC_CAL_TIME_SLOT_SIZE)))),
1010 0, // is all day event?
1011 0, // more than one day event
1012 '',//Recurring event rule,
1013 '#3CF',
1014 0,//editable
1015 '',
1016 '',//$attends
1017 $row[CPABC_TDEAPP_DATA_DESCRIPTION],
1018 '',
1019 1
1020 );
1021 $ret['events'][] = $ev;
1022 }
1023 echo json_encode($ret);
1024 exit;
1025 }
1026
1027
1028 foreach ($row_array as $row)
1029 {
1030 $dn = explode(" ", $row[CPABC_TDEAPP_DATA_DATETIME]);
1031 $d1 = explode("-", $dn[0]);
1032 $d2 = explode(":", $dn[1]);
1033
1034 $currentd = strtotime(intval($d1[0])."-".intval($d1[1])."-".intval($d1[2]));
1035
1036 if (($currentd > $min_date) || (is_admin() && current_user_can('edit_posts')))
1037 {
1038 echo esc_html($row[CPABC_TDEAPP_DATA_ID])."\n";
1039
1040 echo intval($d1[0]).",".intval($d1[1]).",".intval($d1[2])."\n";
1041 echo intval($d2[0]).":".esc_html($d2[1])."\n";
1042 echo esc_html($row["quantity"]?$row["quantity"]:'1')."\n";
1043 if (is_admin() && current_user_can('edit_posts'))
1044 {
1045 echo $row[CPABC_TDEAPP_DATA_TITLE]."\n";
1046 echo $row[CPABC_TDEAPP_DATA_DESCRIPTION]."\n*-*\n";
1047 }
1048 else
1049 {
1050 echo "Booked\n";
1051 echo "OK\n*-*\n";
1052 }
1053 }
1054 }
1055
1056 exit();
1057 }
1058
1059
1060 function cpabc_js2PhpTime($jsdate){
1061 if(preg_match('@(\d+)/(\d+)/(\d+)\s+(\d+):(\d+)((am|pm)*)@', $jsdate, $matches)==1){
1062 if ($matches[6]=="pm")
1063 if ($matches[4]<12)
1064 $matches[4] += 12;
1065 $ret = mktime($matches[4], $matches[5], 0, $matches[1], $matches[2], $matches[3]);
1066 }else if(preg_match('@(\d+)/(\d+)/(\d+)@', $jsdate, $matches)==1){
1067 $ret = mktime(0, 0, 0, $matches[1], $matches[2], $matches[3]);
1068 }
1069 return $ret;
1070 }
1071
1072
1073 function cpabc_php2MySqlTime($phpDate){
1074 return date("Y-m-d H:i:s", $phpDate);
1075 }
1076
1077
1078 function cpabc_php2JsTime($phpDate){
1079 return @date("m/d/Y H:i", $phpDate);
1080 }
1081
1082
1083 function cpabc_mySql2PhpTime($sqlDate){
1084 $a1 = explode (" ",$sqlDate);
1085 $a2 = explode ("-",$a1[0]);
1086 $a3 = explode (":",$a1[1]);
1087 $t = mktime($a3[0],$a3[1],$a3[2],$a2[1],$a2[2],$a2[0]);
1088 return $t;
1089 }
1090
1091
1092 function cpabc_appointments_calendar_update() {
1093 global $wpdb, $user_ID;
1094
1095 if ( ! isset( $_GET['cpabc_calendar_update'] ) || $_GET['cpabc_calendar_update'] != '1' )
1096 return;
1097
1098 $calid = intval(str_replace (CPABC_TDEAPP_CAL_PREFIX, "",$_GET["id"]));
1099 if ( ! current_user_can('edit_pages') && !cpabc_appointments_user_access_to($calid) )
1100 return;
1101
1102 cpabc_appointments_add_field_verify(CPABC_TDEAPP_CONFIG, 'specialDates');
1103
1104 header("Cache-Control: no-store, no-cache, must-revalidate");
1105 header("Pragma: no-cache");
1106 if ( $user_ID )
1107 $wpdb->query("update ".CPABC_TDEAPP_CONFIG." set specialDates='".esc_sql(sanitize_text_field($_POST["specialDates"]))."',".CPABC_TDEAPP_CONFIG_WORKINGDATES."='".esc_sql(sanitize_text_field($_POST["workingDates"]))."',".CPABC_TDEAPP_CONFIG_RESTRICTEDDATES."='".esc_sql(sanitize_text_field($_POST["restrictedDates"]))."',".CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES0."='".esc_sql(sanitize_text_field($_POST["timeWorkingDates0"]))."',".CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES1."='".esc_sql(sanitize_text_field($_POST["timeWorkingDates1"]))."',".CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES2."='".esc_sql(sanitize_text_field($_POST["timeWorkingDates2"]))."',".CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES3."='".esc_sql(sanitize_text_field($_POST["timeWorkingDates3"]))."',".CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES4."='".esc_sql(sanitize_text_field($_POST["timeWorkingDates4"]))."',".CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES5."='".esc_sql(sanitize_text_field($_POST["timeWorkingDates5"]))."',".CPABC_TDEAPP_CONFIG_TIMEWORKINGDATES6."='".esc_sql(sanitize_text_field($_POST["timeWorkingDates6"]))."' where ".CPABC_TDEAPP_CONFIG_ID."=".$calid);
1108
1109 exit();
1110 }
1111
1112
1113 function cpabc_appointments_calendar_update2() {
1114 global $wpdb, $user_ID;
1115
1116 if ( ! isset( $_GET['cpabc_calendar_update2'] ) || $_GET['cpabc_calendar_update2'] != '1' )
1117 return;
1118
1119 $calid = intval(str_replace (CPABC_TDEAPP_CAL_PREFIX, "",$_GET["id"]));
1120 if ( ! current_user_can('edit_pages') && !cpabc_appointments_user_access_to($calid) )
1121 return;
1122
1123 header("Cache-Control: no-store, no-cache, must-revalidate");
1124 header("Pragma: no-cache");
1125 if ( $user_ID )
1126 {
1127 if ($_GET["act"]=='del')
1128 $wpdb->query("delete from ".CPABC_TDEAPP_CALENDAR_DATA_TABLE." where ".CPABC_TDEAPP_DATA_IDCALENDAR."=".intval($calid)." and ".CPABC_TDEAPP_DATA_ID."=".intval($_POST["sqlId"]));
1129 else if ($_GET["act"]=='edit')
1130 {
1131 $data = explode("\n", $_POST["appoiments"]);
1132 $d1 = explode(",", $data[0]);
1133 $d2 = explode(":", $data[1]);
1134 $datetime = sanitize_text_field($d1[0])."-".sanitize_text_field($d1[1])."-".sanitize_text_field($d1[2])." ".sanitize_text_field($d2[0]).":".sanitize_text_field($d2[1]);
1135 $capacity = sanitize_text_field($data[2]);
1136 $title = sanitize_text_field($data[3]);
1137 $description = "";
1138 for ($j=4;$j<count($data);$j++)
1139 {
1140 $description .= cpabc_clean_and_sanitize($data[$j]);
1141 if ($j!=count($data)-1)
1142 $description .= "\n";
1143 }
1144 $wpdb->query("update ".CPABC_TDEAPP_CALENDAR_DATA_TABLE." set ".CPABC_TDEAPP_DATA_DATETIME."='".esc_sql($datetime)."',quantity='".esc_sql($capacity)."',".CPABC_TDEAPP_DATA_TITLE."='".esc_sql($title)."',".CPABC_TDEAPP_DATA_DESCRIPTION."='".esc_sql($description)."' where ".CPABC_TDEAPP_DATA_IDCALENDAR."=".intval($calid)." and ".CPABC_TDEAPP_DATA_ID."=".intval($_POST["sqlId"]));
1145 }
1146 else if ($_GET["act"]=='add')
1147 {
1148 $data = explode("\n", $_POST["appoiments"]);
1149 $d1 = explode(",", $data[0]);
1150 $d2 = explode(":", $data[1]);
1151 $datetime = sanitize_text_field($d1[0])."-".sanitize_text_field($d1[1])."-".sanitize_text_field($d1[2])." ".sanitize_text_field($d2[0]).":".sanitize_text_field($d2[1]);
1152 $capacity = sanitize_text_field($data[2]);
1153 $title = sanitize_text_field($data[3]);
1154 $description = "";
1155 for ($j=4;$j<count($data);$j++)
1156 {
1157 $description .= cpabc_clean_and_sanitize($data[$j]);
1158 if ($j!=count($data)-1)
1159 $description .= "\n";
1160 }
1161 $wpdb->query("insert into ".CPABC_TDEAPP_CALENDAR_DATA_TABLE."(".CPABC_TDEAPP_DATA_IDCALENDAR.",".CPABC_TDEAPP_DATA_DATETIME.",".CPABC_TDEAPP_DATA_TITLE.",".CPABC_TDEAPP_DATA_DESCRIPTION.",quantity) values(".intval($calid).",'".esc_sql($datetime)."','".esc_sql($title)."','".esc_sql($description)."','".esc_sql($capacity)."') ");
1162 echo esc_html($wpdb->insert_id);
1163
1164 }
1165 }
1166
1167 exit();
1168 }
1169
1170 function cpabc_get_captcha_params()
1171 {
1172 $str = '&inAdmin=1';
1173 $tmp = cpabc_get_option('dexcv_width', CPABC_TDEAPP_DEFAULT_dexcv_width);
1174 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_width) $str .='&width='.$tmp;
1175
1176 $tmp = cpabc_get_option('dexcv_height', CPABC_TDEAPP_DEFAULT_dexcv_height);
1177 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_height) $str .='&height='.$tmp;
1178
1179 $tmp = cpabc_get_option('dexcv_chars', CPABC_TDEAPP_DEFAULT_dexcv_chars);
1180 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_chars) $str .='&letter_count='.$tmp;
1181
1182 $tmp = cpabc_get_option('dexcv_min_font_size', CPABC_TDEAPP_DEFAULT_dexcv_min_font_size);
1183 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_min_font_size) $str .='&min_size='.$tmp;
1184
1185 $tmp = cpabc_get_option('dexcv_max_font_size', CPABC_TDEAPP_DEFAULT_dexcv_max_font_size);
1186 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_max_font_size) $str .='&max_size='.$tmp;
1187
1188 $tmp = cpabc_get_option('dexcv_noise', CPABC_TDEAPP_DEFAULT_dexcv_noise);
1189 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_noise) $str .='&noise='.$tmp;
1190
1191 $tmp = cpabc_get_option('dexcv_noise_length', CPABC_TDEAPP_DEFAULT_dexcv_noise_length);
1192 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_noise_length) $str .='&noiselength='.$tmp;
1193
1194 $tmp = cpabc_get_option('dexcv_background', CPABC_TDEAPP_DEFAULT_dexcv_background);
1195 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_background) $str .='&bcolor='.$tmp;
1196
1197 $tmp = cpabc_get_option('dexcv_border', CPABC_TDEAPP_DEFAULT_dexcv_border);
1198 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_border) $str .='&border='.$tmp;
1199
1200 $tmp = cpabc_get_option('dexcv_font', CPABC_TDEAPP_DEFAULT_dexcv_font);
1201 if ($tmp != CPABC_TDEAPP_DEFAULT_dexcv_font) $str .='&font='.$tmp;
1202
1203 return $str;
1204 }
1205
1206 function cpabc_appointment_cleanJSON($str)
1207 {
1208 $str = str_replace('&qquot;','"',$str);
1209 $str = str_replace(' ',' ',$str);
1210 $str = str_replace("\n",'\n',$str);
1211 $str = str_replace("\r",'',$str);
1212 return $str;
1213 }
1214
1215 function cpabc_auto_language($calendar_language)
1216 {
1217 if ($calendar_language == '-')
1218 {
1219 $calendar_language = substr(strtoupper(get_bloginfo('language')),0,2);
1220 $calendar_language = str_replace ( array('ES','CS','NL','JA','KO','NB','SV',''),
1221 array('SP','CZ','DU','JP','KR','NW','SE',''), $calendar_language);
1222 }
1223 return $calendar_language;
1224 }
1225
1226 function cpabc_data_management_loaded()
1227 {
1228 global $wpdb, $cpabc_postURL;
1229
1230 $action = sanitize_text_field(cpabc_get_post_param('cpabc_do_action_loaded'));
1231 if (!$action) return; // go out if the call isn't for this one
1232
1233 if ($_POST['cpabc_publish_id']) $item = intval($_POST['cpabc_publish_id']);
1234
1235 if ($action == "wizard" && wp_verify_nonce( $_POST['nonce'], 'abc_update_actions_pwizard' ) && current_user_can('manage_options'))
1236 {
1237 $shortcode = '[CPABC_APPOINTMENT_CALENDAR calendar="'.$item .'"]';
1238 $cpabc_postURL = cpabc_publish_on( sanitize_text_field(cpabc_get_post_param("whereto")),
1239 sanitize_text_field(cpabc_get_post_param("publishpage")),
1240 sanitize_text_field(cpabc_get_post_param("publishpost")),
1241 @$shortcode,
1242 sanitize_text_field(cpabc_get_post_param("posttitle")));
1243 return;
1244 }
1245
1246 // ...
1247 echo 'Some unexpected error happened. If you see this error contact the support service at https://abc.dwbooster.com/contact-us';
1248
1249 exit();
1250 }
1251
1252
1253 function cpabc_publish_on($whereto, $publishpage = '', $publishpost = '', $content = '', $posttitle = 'Booking Form')
1254 {
1255 global $wpdb;
1256 $id = '';
1257 if ($whereto == '0' || $whereto =='1') // new page
1258 {
1259 $my_post = array(
1260 'post_title' => $posttitle,
1261 'post_type' => ($whereto == '0'?'page':'post'),
1262 'post_content' => 'This is a <b>preview</b> page, remember to publish it if needed. You can edit the full form settings into the admin settings page.<br /><br /> '.$content,
1263 'post_status' => 'draft'
1264 );
1265
1266 // Insert the post into the database
1267 $id = wp_insert_post( $my_post );
1268 }
1269 else
1270 {
1271 $id = ($whereto == '2'?$publishpage:$publishpost);
1272 $post = get_post( $id );
1273 $pos = strpos($post->post_content,$content);
1274 if ($pos === false)
1275 {
1276 $my_post = array(
1277 'ID' => $id,
1278 'post_content' => $content.$post->post_content,
1279 );
1280 // Update the post into the database
1281 wp_update_post( $my_post );
1282 }
1283 }
1284 return get_permalink($id);
1285 }
1286
1287
1288 function cpabc_appointment_get_site_url($admin = false)
1289 {
1290 $blog = get_current_blog_id();
1291 if( $admin )
1292 $url = get_admin_url( $blog );
1293 else
1294 $url = get_home_url( $blog );
1295
1296 $url = parse_url($url);
1297 $url = rtrim(@$url["path"],"/");
1298 if (is_ssl())
1299 $url = str_replace('http://', 'https://', $url);
1300 return $url;
1301 }
1302
1303
1304 function cpabc_appointment_get_FULL_site_url($admin = false)
1305 {
1306 $blog = get_current_blog_id();
1307 if( $admin )
1308 $url = get_admin_url( $blog );
1309 else
1310 $url = get_home_url( $blog );
1311
1312 $url = parse_url($url);
1313 $url = rtrim(@$url["path"],"/");
1314 $pos = strpos($url, "://");
1315 if ($pos === false)
1316 $url = 'http://'.$_SERVER["HTTP_HOST"].$url;
1317 if (is_ssl())
1318 $url = str_replace('http://', 'https://', $url);
1319 return $url;
1320 }
1321
1322 function cpabc_get_get_param ($key)
1323 {
1324 if (isset($_GET[$key]))
1325 return $_GET[$key];
1326 else
1327 return "";
1328 }
1329
1330 function cpabc_get_post_param ($key)
1331 {
1332 if (isset($_POST[$key]))
1333 return $_POST[$key];
1334 else
1335 return "";
1336 }
1337
1338 // cpabc_cpabc_get_option:
1339 $cpabc_option_buffered_item = false;
1340 $cpabc_option_buffered_id = -1;
1341
1342 function cpabc_get_option ($field, $default_value = '')
1343 {
1344 global $wpdb, $cpabc_option_buffered_item, $cpabc_option_buffered_id;
1345 if (!defined('CP_CALENDAR_ID'))
1346 $id = 0;
1347 else
1348 $id = CP_CALENDAR_ID;
1349 if ($cpabc_option_buffered_id == $id)
1350 $value = (isset($cpabc_option_buffered_item->$field) ? $cpabc_option_buffered_item->$field : '');
1351 else
1352 {
1353
1354 $myrows = $wpdb->get_results( "SELECT * FROM ".CPABC_APPOINTMENTS_CONFIG_TABLE_NAME." WHERE id=".intval($id) );
1355 $value = @$myrows[0]->$field;
1356 $cpabc_option_buffered_item = @$myrows[0];
1357 $cpabc_option_buffered_id = $id;
1358 }
1359 if ($value == '' && @$cpabc_option_buffered_item->calendar_language == '')
1360 $value = $default_value;
1361 return $value;
1362 }
1363
1364 function cpabc_appointment_is_administrator()
1365 {
1366 return current_user_can('manage_options');
1367 }
1368
1369
1370 $codepeople_promote_banner_plugins[ 'appointment-booking-calendar' ] = array(
1371 'plugin_name' => 'Appointment Booking Calendar',
1372 'plugin_url' => 'https://wordpress.org/support/plugin/appointment-booking-calendar/reviews/?filter=5#new-post'
1373 );
1374 require_once 'banner.php';
1375
1376 ?>