PluginProbe ʕ •ᴥ•ʔ
Code Manager / 1.0.8
Code Manager v1.0.8
1.0.47 trunk 1.0.0 1.0.1 1.0.10 1.0.11 1.0.12 1.0.13 1.0.14 1.0.15 1.0.16 1.0.17 1.0.18 1.0.19 1.0.2 1.0.20 1.0.21 1.0.22 1.0.23 1.0.24 1.0.25 1.0.26 1.0.27 1.0.28 1.0.3 1.0.30 1.0.31 1.0.32 1.0.33 1.0.34 1.0.35 1.0.36 1.0.37 1.0.38 1.0.39 1.0.4 1.0.40 1.0.41 1.0.42 1.0.43 1.0.44 1.0.45 1.0.46 1.0.5 1.0.6 1.0.7 1.0.8 1.0.9
code-manager / Code_Manager / Code_Manager_Model.php
code-manager / Code_Manager Last commit date
Code_Manager.php 4 years ago Code_Manager_Dashboard.php 4 years ago Code_Manager_Export.php 4 years ago Code_Manager_Form.php 4 years ago Code_Manager_Import.php 4 years ago Code_Manager_Import_File.php 4 years ago Code_Manager_List.php 4 years ago Code_Manager_List_View.php 4 years ago Code_Manager_Model.php 4 years ago Code_Manager_Preview.php 4 years ago Code_Manager_Settings.php 4 years ago Code_Manager_Tabs.php 4 years ago Message_Box.php 4 years ago WP_List_Table.php 4 years ago
Code_Manager_Model.php
675 lines
1 <?php
2
3 namespace Code_Manager {
4
5 /**
6 * Class Code_Manager_Model
7 *
8 * Interface between code manager front-end and code manager database table.
9 *
10 * @author Peter Schulz
11 * @since 1.0.0
12 */
13 class Code_Manager_Model {
14
15 /**
16 * Base table name without prefix
17 */
18 const BASE_TABLE_NAME = 'code_manager';
19
20 /**
21 * Base table name with prefix
22 *
23 * @since 1.0.0
24 *
25 * @return string Real base table name
26 */
27 public static function get_base_table_name() {
28 global $wpdb;
29 return $wpdb->prefix . static::BASE_TABLE_NAME;
30 }
31
32 /**
33 * Check if base table exists
34 *
35 * @since 1.0.0
36 *
37 * @return bool TRUE = table found
38 */
39 public static function table_exists() {
40 global $wpdb;
41
42 $wpdb->query(
43 $wpdb->prepare( '
44 select true
45 from `information_schema`.`tables`
46 where table_schema = %s
47 and table_name = %s
48 ',
49 [
50 $wpdb->dbname,
51 self::get_base_table_name(),
52 ]
53 )
54 );
55 $wpdb->get_results();
56
57 return 1 === $wpdb->num_rows;
58 }
59
60 /**
61 * Get record from code manager table for given Code ID
62 *
63 * @since 1.0.0
64 *
65 * @param integer $code_id Code ID
66 *
67 * @return array
68 */
69 public static function dml_query( $code_id ) {
70 global $wpdb;
71 return $wpdb->get_results(
72 $wpdb->prepare(
73 'select * from `' . self::get_base_table_name() . '` ' .
74 'where code_id = %d',
75 [
76 $code_id
77 ]
78 ),
79 'ARRAY_A'
80 );
81 }
82
83 /**
84 * Get record from code manager table for given code name
85 *
86 * @since 1.0.0
87 *
88 * @param integer $code_name Code name
89 *
90 * @return array
91 */
92 public static function dml_query_by_name( $code_name ) {
93 global $wpdb;
94 return $wpdb->get_results(
95 $wpdb->prepare(
96 'select * from `' . self::get_base_table_name() . '` ' .
97 'where code_name = %s',
98 [
99 $code_name
100 ]
101 ),
102 'ARRAY_A'
103 );
104 }
105
106 /**
107 * Insert new row into code manager table
108 *
109 * @since 1.0.0
110 *
111 * @param string $code_name Code name
112 * @param integer $code_type Code type
113 * @param string $code Code
114 * @param string $code_author Author
115 * @param string $code_description Description
116 *
117 * @return int Code ID if insert was successful or -1 if insert failed
118 */
119 public static function dml_insert( $code_name, $code_type, $code, $code_author, $code_description, $code_enabled ) {
120 global $wpdb;
121 $rows = $wpdb->insert(
122 self::get_base_table_name(),
123 [
124 'code_name' => $code_name,
125 'code_type' => $code_type,
126 'code_enabled' => $code_enabled,
127 'code' => $code,
128 'code_author' => $code_author,
129 'code_description' => $code_description,
130 ]
131 );
132 return 1 === $rows ? $wpdb->insert_id : -1;
133 }
134
135 /**
136 * Update row in code manager table
137 *
138 * @since 1.0.0
139 *
140 * @param integer $code_id Code ID
141 * @param string $code_name Code name
142 * @param string $code_type Code type
143 * @param string $code Code
144 * @param string $code_author Author
145 * @param string $code_description Description
146 *
147 * @return integer Number of rows updated
148 */
149 public static function dml_update( $code_id, $code_name, $code_type, $code, $code_author, $code_description, $code_enabled ) {
150 $code_row = self::dml_query( $code_id );
151 $code_type_changed = false;
152
153 if ( is_array( $code_row ) && 1 === sizeof( $code_row ) ) {
154 if ( ! isset( $code_row[0]['code_type'] ) ) {
155 return 0;
156 } else {
157 if ( $code_type !== $code_row[0]['code_type'] ) {
158 $code_type_changed = true;
159 }
160 }
161 } else {
162 return 0;
163 }
164
165 $column_values = [
166 'code_name' => $code_name,
167 'code_type' => $code_type,
168 'code_enabled' => $code_enabled,
169 'code' => $code,
170 'code_author' => $code_author,
171 'code_description' => $code_description,
172 ];
173 if ( $code_type_changed ) {
174 $column_values['code_enabled'] = 0;
175 }
176
177 global $wpdb;
178 return $wpdb->update(
179 self::get_base_table_name(),
180 $column_values,
181 [
182 'code_id' => $code_id
183 ]
184 );
185 }
186
187 /**
188 * Delete row from code manager table
189 *
190 * @since 1.0.0
191 *
192 * @param integer $code_id Code ID
193 *
194 * @return integer Number of rows deleted
195 */
196 public static function dml_delete( $code_id ) {
197 global $wpdb;
198 return $wpdb->query(
199 $wpdb->prepare(
200 'delete from `' . self::get_base_table_name() . '` ' .
201 'where code_id = %d',
202 [
203 $code_id
204 ]
205 )
206 );
207 }
208
209 /**
210 * Get shortcode for a given code id
211 *
212 * @since 1.0.0
213 *
214 * @param integer $code_id Code ID
215 *
216 * @return string Code
217 */
218 public static function get_code_from_id( $code_id, $action = null ) {
219 if ( is_numeric( $code_id ) ) {
220 global $wpdb;
221 $query = 'select * from `' . self::get_base_table_name() . "` where code_id = %d";
222 $code =
223 $wpdb->get_results(
224 $wpdb->prepare(
225 $query,
226 [
227 $code_id
228 ]
229 ),
230 'ARRAY_A'
231 );
232
233 if ( 1 === $wpdb->num_rows ) {
234 if ( null === $action ) {
235 return $code[0]['code'];
236 } else {
237 return json_encode( $code[0] );
238 }
239 }
240 }
241
242 return '';
243 }
244
245 /**
246 * Get shortcode for a given code name
247 *
248 * @since 1.0.0
249 *
250 * @param integer $code_id Code ID
251 *
252 * @return string Code
253 */
254 protected static function get_code_from_name( $code_name ) {
255 if ( '' !== $code_name ) {
256 global $wpdb;
257 $query = 'select * from `' . self::get_base_table_name() . "` where code_name = %s";
258 $code =
259 $wpdb->get_results(
260 $wpdb->prepare(
261 $query,
262 [
263 $code_name
264 ]
265 ),
266 'ARRAY_A'
267 );
268
269 if ( 1 === $wpdb->num_rows ) {
270 return $code[0]['code'];
271 }
272 }
273
274 return '';
275 }
276
277 /**
278 * Get codes for a given code type
279 *
280 * @since 1.0.0
281 *
282 * @param string $code_type Code type
283 *
284 * @return array List of code
285 */
286 public static function get_codes( $code_type ) {
287 global $wpdb;
288 $query = 'select * from `' . self::get_base_table_name() . '` ' .
289 "where code_type = '{$code_type}'"; // No prepare needed
290 return $wpdb->get_results( $query, 'ARRAY_A' );
291 }
292
293 /**
294 * Get active codes (status = enabled) for a given code type
295 *
296 * @since 1.0.0
297 *
298 * @param string $code_type Code type
299 *
300 * @return array List of code
301 */
302 public static function get_active_codes( $code_type ) {
303 global $wpdb;
304 $query = 'select * from `' . self::get_base_table_name() . '` ' .
305 "where code_type = '{$code_type}' and code_enabled > 0"; // No prepare needed
306 return $wpdb->get_results( $query, 'ARRAY_A' );
307 }
308
309 /**
310 * Update code from ajax request (insert when new: code_id = -1)
311 *
312 * @since 1.0.0
313 */
314 public static function update_code() {
315 self::header_no_cache();
316
317 if (
318 isset( $_REQUEST['wpnonce'] ) ||
319 isset( $_REQUEST['code_id'] ) ||
320 isset( $_REQUEST['code_name'] ) ||
321 isset( $_REQUEST['code_type'] ) ||
322 isset( $_REQUEST['code'] )
323 ) {
324 // All arguments available, start update process
325 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) ); // input var okay.
326
327 // Check if actions is allowed
328 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
329 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
330 echo 'ERR-Token expired, please refresh page';
331 wp_die();
332 }
333
334 $code_name = sanitize_text_field( wp_unslash( $_REQUEST['code_name'] ) ); // input var okay.
335 $code_type = sanitize_text_field( wp_unslash( $_REQUEST['code_type'] ) ); // input var okay.
336 $code = wp_unslash( $_REQUEST['code'] ); // input var okay.
337
338 global $wpdb;
339 $wpdb->suppress_errors( true );
340
341 if ( '-1' == $code_id ) {
342 // Insert new code
343 $rows_inserted = $wpdb->insert(
344 self::get_base_table_name(),
345 [
346 'code_name' => $code_name,
347 'code_type' => $code_type,
348 'code' => $code
349 ]
350 );
351
352 echo 1 === $rows_inserted ? 'INS-' . $wpdb->insert_id : 'ERR-' . $wpdb->last_error;
353 } else {
354 // Update existing code
355 $code_row = self::dml_query( $code_id );
356 $code_type_changed = false;
357
358 if ( is_array( $code_row ) && 1 === sizeof( $code_row ) ) {
359 if ( ! isset( $code_row[0]['code_type'] ) ) {
360 echo 'UPD-0';
361 wp_die();
362 } else {
363 if ( $code_type !== $code_row[0]['code_type'] ) {
364 $code_type_changed = true;
365 }
366 }
367 } else {
368 echo 'UPD-0';
369 wp_die();
370 }
371
372 $set_columns = 'set code_name = %s, code_type = %s, code = %s ';
373 if ( $code_type_changed ) {
374 $set_columns .= ', code_enabled = 0 ';
375 }
376
377 $rows_updated = $wpdb->query(
378 $wpdb->prepare(
379 'update ' . self::get_base_table_name() . ' ' .
380 $set_columns .
381 'where code_id = %d',
382 [
383 $code_name,
384 $code_type,
385 $code,
386 $code_id
387 ]
388 )
389 );
390
391 echo '' === $wpdb->last_error ? "UPD-{$rows_updated}" : 'ERR-' . $wpdb->last_error;
392 }
393 } else {
394 echo 'ERR-Wrong arguments';
395 }
396
397 wp_die();
398 }
399
400 /**
401 * Activate code preview from ajax request for a given code_id
402 *
403 * @since 1.0.0
404 */
405 public static function activate_code_preview() {
406 self::header_no_cache();
407
408 if ( is_user_logged_in() && isset( $_REQUEST['wpnonce'] ) && isset( $_REQUEST['code_id'] ) ) {
409 // Check if action is allowed
410 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
411 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
412 echo 'ERR-Token expired, please refresh page';
413 wp_die();
414 }
415
416 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) ); // input var okay.
417
418 Code_Manager_Preview::add_user_preview_code_id( $code_id );
419
420 echo 'OK';
421 } else {
422 echo 'ERR-Wrong arguments';
423 }
424
425 wp_die();
426 }
427
428 /**
429 * Deactivate code preview from ajax request for a given code_id
430 *
431 * @since 1.0.0
432 */
433 public static function deactivate_code_preview() {
434 self::header_no_cache();
435
436 if ( is_user_logged_in() && isset( $_REQUEST['wpnonce'] ) && isset( $_REQUEST['code_id'] ) ) {
437 // Check if action is allowed
438 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
439 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
440 echo 'ERR-Token expired, please refresh page';
441 wp_die();
442 }
443
444 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) ); // input var okay.
445
446 Code_Manager_Preview::remove_user_preview_code_id( $code_id );
447
448 echo 'OK';
449 } else {
450 echo 'ERR-Wrong arguments';
451 }
452
453 wp_die();
454 }
455
456 /**
457 * Reset all previewed code IDs
458 *
459 * @since 1.0.0
460 */
461 public static function reset_preview() {
462 self::header_no_cache();
463
464 if ( is_user_logged_in() && isset( $_REQUEST['wpnonce'] ) ) {
465 // Check if action is allowed
466 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
467 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
468 echo 'ERR-Token expired, please refresh page';
469 wp_die();
470 }
471
472 global $wpdb;
473 $wpdb->query( "delete from {$wpdb->prefix}usermeta where meta_key = 'code_manager_preview_code_ids'" );
474
475 echo 'OK';
476 } else {
477 echo 'ERR-Wrong arguments';
478 }
479
480 wp_die();
481 }
482
483 /**
484 * Activate code from ajax request for a given code_id
485 *
486 * @since 1.0.0
487 */
488 public static function activate_code() {
489 self::header_no_cache();
490
491 if (
492 isset( $_REQUEST['wpnonce'] ) &&
493 isset( $_REQUEST['code_id'] ) &&
494 isset( $_REQUEST['code_item_value'] )
495 ) {
496 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) ); // input var okay.
497
498 // Check if action is allowed
499 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
500 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
501 echo 'ERR-Token expired, please refresh page';
502 wp_die();
503 }
504
505 $code_item_value = sanitize_text_field( wp_unslash( $_REQUEST['code_item_value'] ) ); // input var okay.
506 $update_values = [
507 'code_enabled' => $code_item_value
508 ];
509
510 global $wpdb;
511 $wpdb->suppress_errors( true );
512 $rows_update = $wpdb->update(
513 self::get_base_table_name(),
514 $update_values,
515 [
516 'code_id' => $code_id
517 ]
518 );
519
520 echo '' === $wpdb->last_error ? "UPD-{$rows_update}" : 'ERR-' . $wpdb->last_error;
521 } else {
522 echo 'ERR-Wrong arguments';
523 }
524 }
525
526 /**
527 * Get a list with all available codes from ajax request
528 *
529 * @since 1.0.0
530 */
531 public static function get_code_list() {
532 self::header_no_cache();
533
534 // Check if action is allowed
535 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
536 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-' . Code_manager::get_current_user_login() ) ) {
537 echo 'ERR-Token expired, please refresh page';
538 wp_die();
539 }
540
541 $code_manager_tabs_class = CODE_MANAGER_TAB_CLASS;
542 $code_manager_tabs = new $code_manager_tabs_class();
543 $code_type_groups = $code_manager_tabs->get_code_types();
544 $code_types = [''];
545 foreach ( $code_type_groups as $code_type_group ) {
546 foreach ( $code_type_group as $key => $value ) {
547 $code_types[] = $key;
548 }
549 }
550
551 global $wpdb;
552 $query = 'select code_id, code_name, code_type, code_enabled from ' . self::get_base_table_name() . ' ' .
553 "where code_type in ('" . implode( "','", $code_types ) . "') " .
554 'order by code_name';
555 $rows = $wpdb->get_results( $query, 'ARRAY_A' );
556
557 $i = 0;
558 while ( $i < sizeof( $rows ) ) {
559 $rows[$i]['preview_enabled'] = Code_Manager_Preview::is_code_id_preview_enabled( $rows[$i]['code_id'] );
560 $i++;
561 }
562 echo json_encode( $rows );
563
564 wp_die();
565 }
566
567 public static function get_code() {
568 if ( isset( $_POST['wpda_action'] ) ** 'all' === $_POST['wpda_action'] ) {
569 self::header_no_cache( 'application/json' );
570 } else {
571 self::header_no_cache();
572 }
573
574 if ( isset( $_REQUEST['code_id'] ) ) {
575 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) ); // input var okay.
576
577 // Check if action is allowed
578 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
579 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-get-code' . Code_manager::get_current_user_login() ) ) {
580 echo 'ERR-Token expired, please refresh page';
581 wp_die();
582 }
583
584 echo self::get_code_from_id( $code_id, isset( $_POST['wpda_action'] ) ? $_POST['wpda_action'] : null );
585 } else {
586 echo 'ERR-Wrong arguments';
587 }
588
589 wp_die();
590 }
591
592 public static function is_code_preview_enabled() {
593 self::header_no_cache();
594
595 if (
596 isset( $_REQUEST['wpnonce'] ) &&
597 isset( $_REQUEST['code_id'] )
598 ) {
599 $code_id = sanitize_text_field( wp_unslash( $_REQUEST['code_id'] ) ); // input var okay.
600
601 // Check if action is allowed
602 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
603 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-get-code' . Code_manager::get_current_user_login() ) ) {
604 echo 'ERR-Token expired, please refresh page';
605 wp_die();
606 }
607
608 echo Code_Manager_Preview::is_code_id_preview_enabled( $code_id ) ? "true" : "false";
609 } else {
610 echo 'ERR-Wrong arguments';
611 }
612
613 wp_die();
614 }
615
616 /**
617 * Check if code name exists from ajax request
618 *
619 * @since 1.0.0
620 */
621 public static function code_name_exists() {
622 self::header_no_cache();
623
624 if ( isset( $_REQUEST['code_name'] ) ) {
625 $code_name = sanitize_text_field( wp_unslash( $_REQUEST['code_name'] ) ); // input var okay.
626
627 // Check if action is allowed
628 $wp_nonce = isset( $_REQUEST['wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['wpnonce'] ) ) : ''; // input var okay.
629 if ( ! wp_verify_nonce( $wp_nonce, 'code-manager-get-code' . Code_manager::get_current_user_login() ) ) {
630 echo 'ERR-Token expired, please refresh page';
631 wp_die();
632 }
633
634 if ( '' === self::get_code_from_name( $code_name ) ) {
635 echo 'OK';
636 } else {
637 echo 'ERR-Exists';
638 }
639 } else {
640 echo 'ERR-Wrong arguments';
641 }
642
643 wp_die();
644 }
645
646 /**
647 * Sends header to browser (allows content type changes)
648 *
649 * @since 1.0.0
650 */
651 protected static function header_no_cache( $content_type = 'text/plain' ) {
652 if ( ob_get_length() ) {
653 // Clear buffer to prevent errors (not 100% proof)
654 ob_clean();
655 }
656
657 if ( isset( $_REQUEST['code_manager_content_type'] ) ) {
658 // Check if action is allowed
659 $wp_nonce = isset( $_REQUEST['wpnonce_content_type'] ) ?
660 sanitize_text_field( wp_unslash( $_REQUEST['wpnonce_content_type'] ) ) : ''; // input var okay.
661 if ( wp_verify_nonce( $wp_nonce, 'code_manager_content_type' ) ) {
662 $content_type =
663 sanitize_text_field( wp_unslash( $_REQUEST['code_manager_content_type'] ) ); // input var okay.
664 }
665 }
666
667 header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
668 header("Cache-Control: post-check=0, pre-check=0", false);
669 header("Pragma: no-cache");
670 header("Content-Type: {$content_type}; charset=utf-8");
671 }
672
673 }
674
675 }