PluginProbe ʕ •ᴥ•ʔ
Code Manager / 1.0.5
Code Manager v1.0.5
1.0.47 trunk 1.0.0 1.0.1 1.0.10 1.0.11 1.0.12 1.0.13 1.0.14 1.0.15 1.0.16 1.0.17 1.0.18 1.0.19 1.0.2 1.0.20 1.0.21 1.0.22 1.0.23 1.0.24 1.0.25 1.0.26 1.0.27 1.0.28 1.0.3 1.0.30 1.0.31 1.0.32 1.0.33 1.0.34 1.0.35 1.0.36 1.0.37 1.0.38 1.0.39 1.0.4 1.0.40 1.0.41 1.0.42 1.0.43 1.0.44 1.0.45 1.0.46 1.0.5 1.0.6 1.0.7 1.0.8 1.0.9
code-manager / Code_Manager / Code_Manager_Model.php
code-manager / Code_Manager Last commit date
Code_Manager.php 5 years ago Code_Manager_Export.php 5 years ago Code_Manager_Form.php 5 years ago Code_Manager_Import.php 5 years ago Code_Manager_Import_File.php 5 years ago Code_Manager_List.php 5 years ago Code_Manager_List_View.php 5 years ago Code_Manager_Model.php 5 years ago Code_Manager_Preview.php 5 years ago Code_Manager_Settings.php 5 years ago Code_Manager_Tabs.php 5 years ago Message_Box.php 5 years ago WP_List_Table.php 5 years ago
Code_Manager_Model.php
637 lines
1 <?php
2
3 namespace Code_Manager {
4
5 /**
6 * Class Code_Manager_Model
7 *
8 * Interface between code manager front-end and code manager database table.
9 *
10 * @author Peter Schulz
11 * @since 1.0.0
12 */
13 class Code_Manager_Model {
14
15 /**
16 * Base table name without prefix
17 */
18 const BASE_TABLE_NAME = 'code_manager';
19
20 /**
21 * Base table name with prefix
22 *
23 * @since 1.0.0
24 *
25 * @return string Real base table name
26 */
27 public static function get_base_table_name() {
28 global $wpdb;
29 return $wpdb->prefix . static::BASE_TABLE_NAME;
30 }
31
32 /**
33 * Check if base table exists
34 *
35 * @since 1.0.0
36 *
37 * @return bool TRUE = table found
38 */
39 public static function table_exists() {
40 global $wpdb;
41
42 $wpdb->query(
43 $wpdb->prepare( '
44 select true
45 from `information_schema`.`tables`
46 where table_schema = %s
47 and table_name = %s
48 ',
49 [
50 $wpdb->dbname,
51 self::get_base_table_name(),
52 ]
53 )
54 );
55 $wpdb->get_results();
56
57 return 1 === $wpdb->num_rows;
58 }
59
60 /**
61 * Get record from code manager table for given Code ID
62 *
63 * @since 1.0.0
64 *
65 * @param integer $code_id Code ID
66 *
67 * @return array
68 */
69 public static function dml_query( $code_id ) {
70 global $wpdb;
71 return $wpdb->get_results(
72 $wpdb->prepare(
73 'select * from `' . self::get_base_table_name() . '` ' .
74 'where code_id = %d',
75 [
76 $code_id
77 ]
78 ),
79 'ARRAY_A'
80 );
81 }
82
83 /**
84 * Get record from code manager table for given code name
85 *
86 * @since 1.0.0
87 *
88 * @param integer $code_name Code name
89 *
90 * @return array
91 */
92 public static function dml_query_by_name( $code_name ) {
93 global $wpdb;
94 return $wpdb->get_results(
95 $wpdb->prepare(
96 'select * from `' . self::get_base_table_name() . '` ' .
97 'where code_name = %s',
98 [
99 $code_name
100 ]
101 ),
102 'ARRAY_A'
103 );
104 }
105
106 /**
107 * Insert new row into code manager table
108 *
109 * @since 1.0.0
110 *
111 * @param string $code_name Code name
112 * @param integer $code_type Code type
113 * @param string $code Code
114 * @param string $code_author Author
115 * @param string $code_description Description
116 *
117 * @return int Code ID if insert was successful or -1 if insert failed
118 */
119 public static function dml_insert( $code_name, $code_type, $code, $code_author, $code_description ) {
120 global $wpdb;
121 $rows = $wpdb->insert(
122 self::get_base_table_name(),
123 [
124 'code_name' => $code_name,
125 'code_type' => $code_type,
126 'code' => $code,
127 'code_author' => $code_author,
128 'code_description' => $code_description,
129 ]
130 );
131 return 1 === $rows ? $wpdb->insert_id : -1;
132 }
133
134 /**
135 * Update row in code manager table
136 *
137 * @since 1.0.0
138 *
139 * @param integer $code_id Code ID
140 * @param string $code_name Code name
141 * @param string $code_type Code type
142 * @param string $code Code
143 * @param string $code_author Author
144 * @param string $code_description Description
145 *
146 * @return integer Number of rows updated
147 */
148 public static function dml_update( $code_id, $code_name, $code_type, $code, $code_author, $code_description ) {
149 $code_row = self::dml_query( $code_id );
150 $code_type_changed = false;
151
152 if ( is_array( $code_row ) && 1 === sizeof( $code_row ) ) {
153 if ( ! isset( $code_row[0]['code_type'] ) ) {
154 return 0;
155 } else {
156 if ( $code_type !== $code_row[0]['code_type'] ) {
157 $code_type_changed = true;
158 }
159 }
160 } else {
161 return 0;
162 }
163
164 $column_values = [
165 'code_name' => $code_name,
166 'code_type' => $code_type,
167 'code' => $code,
168 'code_author' => $code_author,
169 'code_description' => $code_description,
170 ];
171 if ( $code_type_changed ) {
172 $column_values['code_enabled'] = 0;
173 }
174
175 global $wpdb;
176 return $wpdb->update(
177 self::get_base_table_name(),
178 $column_values,
179 [
180 'code_id' => $code_id
181 ]
182 );
183 }
184
185 /**
186 * Delete row from code manager table
187 *
188 * @since 1.0.0
189 *
190 * @param integer $code_id Code ID
191 *
192 * @return integer Number of rows deleted
193 */
194 public static function dml_delete( $code_id ) {
195 global $wpdb;
196 return $wpdb->query(
197 $wpdb->prepare(
198 'delete from `' . self::get_base_table_name() . '` ' .
199 'where code_id = %d',
200 [
201 $code_id
202 ]
203 )
204 );
205 }
206
207 /**
208 * Get shortcode for a given code id
209 *
210 * @since 1.0.0
211 *
212 * @param integer $code_id Code ID
213 *
214 * @return string Code
215 */
216 public static function get_code_from_id( $code_id ) {
217 if ( is_numeric( $code_id ) ) {
218 global $wpdb;
219 $query = 'select * from `' . self::get_base_table_name() . "` where code_id = %d";
220 $code =
221 $wpdb->get_results(
222 $wpdb->prepare(
223 $query,
224 [
225 $code_id
226 ]
227 ),
228 'ARRAY_A'
229 );
230
231 if ( 1 === $wpdb->num_rows ) {
232 return $code[0]['code'];
233 }
234 }
235
236 return '';
237 }
238
239 /**
240 * Get shortcode for a given code name
241 *
242 * @since 1.0.0
243 *
244 * @param integer $code_id Code ID
245 *
246 * @return string Code
247 */
248 protected static function get_code_from_name( $code_name ) {
249 if ( '' !== $code_name ) {
250 global $wpdb;
251 $query = 'select * from `' . self::get_base_table_name() . "` where code_name = %s";
252 $code =
253 $wpdb->get_results(
254 $wpdb->prepare(
255 $query,
256 [
257 $code_name
258 ]
259 ),
260 'ARRAY_A'
261 );
262
263 if ( 1 === $wpdb->num_rows ) {
264 return $code[0]['code'];
265 }
266 }
267
268 return '';
269 }
270
271 /**
272 * Get codes for a given code type
273 *
274 * @since 1.0.0
275 *
276 * @param string $code_type Code type
277 *
278 * @return array List of code
279 */
280 public static function get_codes( $code_type ) {
281 global $wpdb;
282 $query = 'select * from `' . self::get_base_table_name() . '` ' .
283 "where code_type = '{$code_type}'"; // No prepare needed
284 return $wpdb->get_results( $query, 'ARRAY_A' );
285 }
286
287 /**
288 * Get active codes (status = enabled) for a given code type
289 *
290 * @since 1.0.0
291 *
292 * @param string $code_type Code type
293 *
294 * @return array List of code
295 */
296 public static function get_active_codes( $code_type ) {
297 global $wpdb;
298 $query = 'select * from `' . self::get_base_table_name() . '` ' .
299 "where code_type = '{$code_type}' and code_enabled > 0"; // No prepare needed
300 return $wpdb->get_results( $query, 'ARRAY_A' );
301 }
302
303 /**
304 * Update code from ajax request (insert when new: code_id = -1)
305 *
306 * @since 1.0.0
307 */
308 public static function update_code() {
309 self::header_no_cache();
310
311 if (
312 isset( $_REQUEST['wpnonce'] ) ||
313 isset( $_REQUEST['code_id'] ) ||
314 isset( $_REQUEST['code_name'] ) ||
315 isset( $_REQUEST['code_type'] ) ||
316 isset( $_REQUEST['code'] )
317 ) {
318 // All arguments available, start update process
319 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) ); // input var okay.
320
321 // Check if actions is allowed
322 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
323 if ( ! wp_verify_nonce( $wp_nonce, "code-manager-update-code" ) ) {
324 echo 'ERR-Not authorized';
325 wp_die();
326 }
327
328 $code_name = sanitize_text_field( wp_unslash( $_REQUEST['code_name'] ) ); // input var okay.
329 $code_type = sanitize_text_field( wp_unslash( $_REQUEST['code_type'] ) ); // input var okay.
330 $code = wp_unslash( $_REQUEST['code'] ); // input var okay.
331
332 global $wpdb;
333 $wpdb->suppress_errors( true );
334
335 if ( '-1' == $code_id ) {
336 // Insert new code
337 $rows_inserted = $wpdb->insert(
338 self::get_base_table_name(),
339 [
340 'code_name' => $code_name,
341 'code_type' => $code_type,
342 'code' => $code
343 ]
344 );
345
346 echo 1 === $rows_inserted ? 'INS-' . $wpdb->insert_id : 'ERR-' . $wpdb->last_error;
347 } else {
348 // Update existing code
349 $code_row = self::dml_query( $code_id );
350 $code_type_changed = false;
351
352 if ( is_array( $code_row ) && 1 === sizeof( $code_row ) ) {
353 if ( ! isset( $code_row[0]['code_type'] ) ) {
354 echo 'UPD-0';
355 wp_die();
356 } else {
357 if ( $code_type !== $code_row[0]['code_type'] ) {
358 $code_type_changed = true;
359 }
360 }
361 } else {
362 echo 'UPD-0';
363 wp_die();
364 }
365
366 $set_columns = 'set code_name = %s, code_type = %s, code = %s ';
367 if ( $code_type_changed ) {
368 $set_columns .= ', code_enabled = 0 ';
369 }
370
371 $rows_updated = $wpdb->query(
372 $wpdb->prepare(
373 'update ' . self::get_base_table_name() . ' ' .
374 $set_columns .
375 'where code_id = %d',
376 [
377 $code_name,
378 $code_type,
379 $code,
380 $code_id
381 ]
382 )
383 );
384
385 echo '' === $wpdb->last_error ? "UPD-{$rows_updated}" : 'ERR-' . $wpdb->last_error;
386 }
387 } else {
388 echo 'ERR-Wrong arguments';
389 }
390
391 wp_die();
392 }
393
394 /**
395 * Activate code preview from ajax request for a given code_id
396 *
397 * @since 1.0.0
398 */
399 public static function activate_code_preview() {
400 self::header_no_cache();
401
402 if ( is_user_logged_in() && isset( $_REQUEST['wpnonce'] ) && isset( $_REQUEST['code_id'] ) ) {
403 // Check if action is allowed
404 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
405 if ( ! wp_verify_nonce( $wp_nonce, "code-manager-activate-preview" ) ) {
406 echo 'ERR-Not authorized';
407 wp_die();
408 }
409
410 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) ); // input var okay.
411
412 Code_Manager_Preview::add_user_preview_code_id( $code_id );
413
414 echo 'OK';
415 } else {
416 echo 'ERR-Wrong arguments';
417 }
418
419 wp_die();
420 }
421
422 /**
423 * Deactivate code preview from ajax request for a given code_id
424 *
425 * @since 1.0.0
426 */
427 public static function deactivate_code_preview() {
428 self::header_no_cache();
429
430 if ( is_user_logged_in() && isset( $_REQUEST['wpnonce'] ) && isset( $_REQUEST['code_id'] ) ) {
431 // Check if action is allowed
432 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
433 if ( ! wp_verify_nonce( $wp_nonce, "code-manager-activate-preview" ) ) {
434 echo 'ERR-Not authorized';
435 wp_die();
436 }
437
438 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) ); // input var okay.
439
440 Code_Manager_Preview::remove_user_preview_code_id( $code_id );
441
442 echo 'OK';
443 } else {
444 echo 'ERR-Wrong arguments';
445 }
446
447 wp_die();
448 }
449
450 /**
451 * Reset all previewed code IDs
452 *
453 * @since 1.0.0
454 */
455 public static function reset_preview() {
456 self::header_no_cache();
457
458 if ( is_user_logged_in() && isset( $_REQUEST['wpnonce'] ) ) {
459 // Check if action is allowed
460 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
461 if ( ! wp_verify_nonce( $wp_nonce, "code-manager-reset-preview" ) ) {
462 echo 'ERR-Not authorized';
463 wp_die();
464 }
465
466 global $wpdb;
467 $wpdb->query( "delete from {$wpdb->prefix}usermeta where meta_key = 'code_manager_preview_code_ids'" );
468
469 echo 'OK';
470 } else {
471 echo 'ERR-Wrong arguments';
472 }
473
474 wp_die();
475 }
476
477 /**
478 * Activate code from ajax request for a given code_id
479 *
480 * @since 1.0.0
481 */
482 public static function activate_code() {
483 self::header_no_cache();
484
485 if (
486 isset( $_REQUEST['wpnonce'] ) &&
487 isset( $_REQUEST['code_id'] ) &&
488 isset( $_REQUEST['code_item_value'] )
489 ) {
490 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) ); // input var okay.
491
492 // Check if action is allowed
493 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
494 if ( ! wp_verify_nonce( $wp_nonce, "code-manager-activate-code-{$code_id}" ) ) {
495 echo 'ERR-Not authorized';
496 wp_die();
497 }
498
499 $code_item_value = sanitize_text_field( wp_unslash( $_REQUEST['code_item_value'] ) ); // input var okay.
500 $update_values = [
501 'code_enabled' => $code_item_value
502 ];
503
504 global $wpdb;
505 $wpdb->suppress_errors( true );
506 $rows_update = $wpdb->update(
507 self::get_base_table_name(),
508 $update_values,
509 [
510 'code_id' => $code_id
511 ]
512 );
513
514 echo '' === $wpdb->last_error ? "UPD-{$rows_update}" : 'ERR-' . $wpdb->last_error;
515 } else {
516 echo 'ERR-Wrong arguments';
517 }
518 }
519
520 /**
521 * Get a list with all available codes from ajax request
522 *
523 * @since 1.0.0
524 */
525 public static function get_code_list() {
526 self::header_no_cache();
527
528 // Check if action is allowed
529 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
530 if ( ! wp_verify_nonce( $wp_nonce, "code-manager-get-code-list" ) ) {
531 echo 'ERR-Not authorized';
532 wp_die();
533 }
534
535 $code_manager_tabs_class = CODE_MANAGER_TAB_CLASS;
536 $code_manager_tabs = new $code_manager_tabs_class();
537 $code_type_groups = $code_manager_tabs->get_code_types();
538 $code_types = [''];
539 foreach ( $code_type_groups as $code_type_group ) {
540 foreach ( $code_type_group as $key => $value ) {
541 $code_types[] = $key;
542 }
543 }
544
545 global $wpdb;
546 $query = 'select code_id, code_name, code_type from ' . self::get_base_table_name() . ' ' .
547 "where code_type in ('" . implode( "','", $code_types ) . "') " .
548 'order by code_name';
549 $rows = $wpdb->get_results( $query, 'ARRAY_A' );
550 echo json_encode( $rows );
551
552 wp_die();
553 }
554
555 public static function get_code() {
556 self::header_no_cache();
557
558 if ( isset( $_REQUEST['code_id'] ) ) {
559 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) ); // input var okay.
560
561 // Check if action is allowed
562 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
563 if ( ! wp_verify_nonce( $wp_nonce, "code-manager-get-code" ) ) {
564 echo 'ERR-Not authorized';
565 wp_die();
566 }
567
568 echo self::get_code_from_id( $code_id );
569 } else {
570 echo 'ERR-Wrong arguments';
571 }
572
573 wp_die();
574 }
575
576 /**
577 * Check if code name exists from ajax request
578 *
579 * @since 1.0.0
580 */
581 public static function code_name_exists() {
582 self::header_no_cache();
583
584 if ( isset( $_REQUEST['code_name'] ) ) {
585 $code_name = sanitize_text_field( wp_unslash( $_REQUEST['code_name'] ) ); // input var okay.
586
587 // Check if action is allowed
588 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
589 if ( ! wp_verify_nonce( $wp_nonce, "code-manager-get-code" ) ) {
590 echo 'ERR-Not authorized';
591 wp_die();
592 }
593
594 if ( '' === self::get_code_from_name( $code_name ) ) {
595 echo 'OK';
596 } else {
597 echo 'ERR-Exists';
598 }
599 } else {
600 echo 'ERR-Wrong arguments';
601 }
602
603 wp_die();
604 }
605
606 /**
607 * Sends header to browser (allows content type changes)
608 *
609 * @since 1.0.0
610 */
611 protected static function header_no_cache() {
612 if ( ob_get_length() ) {
613 // Clear buffer to prevent errors (not 100% proof)
614 ob_clean();
615 }
616
617 $content_type = 'text/plain';
618
619 if ( isset( $_REQUEST['code_manager_content_type'] ) ) {
620 // Check if action is allowed
621 $wp_nonce = isset( $_REQUEST['wpnonce_content_type'] ) ?
622 sanitize_text_field( wp_unslash( $_REQUEST['wpnonce_content_type'] ) ) : ''; // input var okay.
623 if ( wp_verify_nonce( $wp_nonce, "code_manager_content_type" ) ) {
624 $content_type =
625 sanitize_text_field( wp_unslash( $_REQUEST['code_manager_content_type'] ) ); // input var okay.
626 }
627 }
628
629 header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
630 header("Cache-Control: post-check=0, pre-check=0", false);
631 header("Pragma: no-cache");
632 header("Content-Type: {$content_type}; charset=utf-8");
633 }
634
635 }
636
637 }