PluginProbe ʕ •ᴥ•ʔ
Tutor LMS – eLearning and online course solution / 1.9.13
Tutor LMS – eLearning and online course solution v1.9.13
3.9.14 3.9.13 3.9.12 3.9.11 trunk 1.0.0 1.0.0-alpha 1.0.1 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.0.7 1.0.8 1.0.9 1.1.0 1.1.1 1.2.0 1.2.1 1.2.11 1.2.12 1.2.13 1.2.20 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.3.8 1.3.9 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8 1.4.9 1.5.0 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.5.9 1.6.0 1.6.1 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.6.9 1.7.0 1.7.1 1.7.2 1.7.3 1.7.4 1.7.5 1.7.6 1.7.7 1.7.8 1.7.9 1.8.0 1.8.1 1.8.10 1.8.2 1.8.3 1.8.4 1.8.5 1.8.6 1.8.7 1.8.8 1.8.9 1.9.0 1.9.1 1.9.10 1.9.11 1.9.12 1.9.13 1.9.14 1.9.15 1.9.16 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.7 1.9.8 1.9.9 2.0.0 2.0.1 2.0.10 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.0.7 2.0.8 2.0.9 2.1.0 2.1.1 2.1.10 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 2.1.8 2.1.9 2.2.0 2.2.1 2.2.2 2.2.3 2.2.4 2.3.0 2.4.0 2.5.0 2.6.0 2.6.1 2.6.2 2.7.0 2.7.1 2.7.2 2.7.3 2.7.4 2.7.5 2.7.6 2.7.7 3.0.0 3.0.1 3.0.2 3.1.0 3.2.0 3.2.1 3.2.2 3.2.3 3.3.0 3.3.1 3.4.0 3.4.1 3.4.2 3.5.0 3.6.0 3.6.1 3.6.2 3.6.3 3.6.4 3.7.0 3.7.1 3.7.2 3.7.3 3.7.4 3.8.0 3.8.1 3.8.2 3.8.3 3.9.0 3.9.1 3.9.10 3.9.2 3.9.3 3.9.4 3.9.5 3.9.6 3.9.7 3.9.8 3.9.9
tutor / classes / Ajax.php
tutor / classes Last commit date
Addons.php 4 years ago Admin.php 4 years ago Ajax.php 4 years ago Assets.php 4 years ago Course.php 4 years ago Course_Filter.php 4 years ago Course_Settings_Tabs.php 4 years ago Course_Widget.php 4 years ago Custom_Validation.php 5 years ago Dashboard.php 4 years ago Email.php 5 years ago FormHandler.php 4 years ago Frontend.php 5 years ago Gutenberg.php 4 years ago Instructor.php 5 years ago Instructors_List.php 4 years ago Lesson.php 4 years ago Options.php 4 years ago Post_types.php 4 years ago Private_Course_Access.php 5 years ago Q_and_A.php 5 years ago Question_Answers_List.php 4 years ago Quiz.php 4 years ago Quiz_Attempts_List.php 4 years ago RestAPI.php 4 years ago Rewrite_Rules.php 4 years ago Shortcode.php 4 years ago Student.php 4 years ago Students_List.php 4 years ago Taxonomies.php 4 years ago Template.php 4 years ago Theme_Compatibility.php 5 years ago Tools.php 4 years ago Tutor.php 4 years ago TutorEDD.php 4 years ago Tutor_Base.php 5 years ago Tutor_List_Table.php 4 years ago Tutor_Setup.php 4 years ago Upgrader.php 4 years ago User.php 4 years ago Utils.php 4 years ago Video_Stream.php 4 years ago Withdraw.php 4 years ago Withdraw_Requests_List.php 4 years ago WooCommerce.php 4 years ago
Ajax.php
617 lines
1 <?php
2 namespace TUTOR;
3
4 if ( ! defined( 'ABSPATH' ) ) {
5 exit;
6 }
7
8 class Ajax {
9 public function __construct() {
10
11 add_action( 'wp_ajax_sync_video_playback', array( $this, 'sync_video_playback' ) );
12 add_action( 'wp_ajax_nopriv_sync_video_playback', array( $this, 'sync_video_playback_noprev' ) );
13 add_action( 'wp_ajax_tutor_place_rating', array( $this, 'tutor_place_rating' ) );
14
15 add_action( 'wp_ajax_tutor_ask_question', array( $this, 'tutor_ask_question' ) );
16 add_action( 'wp_ajax_tutor_add_answer', array( $this, 'tutor_add_answer' ) );
17
18 add_action( 'wp_ajax_tutor_course_add_to_wishlist', array( $this, 'tutor_course_add_to_wishlist' ) );
19 add_action( 'wp_ajax_nopriv_tutor_course_add_to_wishlist', array( $this, 'tutor_course_add_to_wishlist' ) );
20
21 /**
22 * Addon Enable Disable Control
23 */
24 add_action( 'wp_ajax_addon_enable_disable', array( $this, 'addon_enable_disable' ) );
25
26 /**
27 * Update Rating/review
28 *
29 * @since v.1.4.0
30 */
31 add_action( 'wp_ajax_tutor_load_edit_review_modal', array( $this, 'tutor_load_edit_review_modal' ) );
32 add_action( 'wp_ajax_tutor_update_review_modal', array( $this, 'tutor_update_review_modal' ) );
33
34 /**
35 * Ajax login
36 *
37 * @since v.1.6.3
38 */
39 add_action( 'wp_ajax_nopriv_tutor_user_login', array( $this, 'process_ajax_login' ) );
40
41 /**
42 * Announcement
43 *
44 * @since v.1.7.9
45 */
46 add_action( 'wp_ajax_tutor_announcement_create', array( $this, 'create_or_update_annoucement' ) );
47 add_action( 'wp_ajax_tutor_announcement_delete', array( $this, 'delete_annoucement' ) );
48 }
49
50
51
52 /**
53 * Update video information and data when necessary
54 *
55 * @since v.1.0.0
56 */
57 public function sync_video_playback() {
58 tutor_utils()->checking_nonce();
59
60 $user_id = get_current_user_id();
61 $post_id = isset( $_POST['post_id'] ) ? sanitize_text_field( $_POST['post_id'] ) : 0;
62 $duration = sanitize_text_field( $_POST['duration'] );
63 $currentTime = sanitize_text_field( $_POST['currentTime'] );
64
65 if ( ! tutils()->has_enrolled_content_access( 'lesson', $post_id ) ) {
66 wp_send_json_error( array( 'message' => __( 'Access Denied', 'tutor' ) ) );
67 exit;
68 }
69
70 /**
71 * Update posts attached video
72 */
73 $video = tutor_utils()->get_video( $post_id );
74
75 if ( $duration ) {
76 $video['duration_sec'] = $duration; // secs
77 $video['playtime'] = tutor_utils()->playtime_string( $duration );
78 $video['runtime'] = tutor_utils()->playtime_array( $duration );
79 }
80 tutor_utils()->update_video( $post_id, $video );
81
82 /**
83 * Sync Lesson Reading Info by Users
84 */
85
86 $best_watch_time = tutor_utils()->get_lesson_reading_info( $post_id, $user_id, 'video_best_watched_time' );
87 if ( $best_watch_time < $currentTime ) {
88 tutor_utils()->update_lesson_reading_info( $post_id, $user_id, 'video_best_watched_time', $currentTime );
89 }
90
91 if ( tutor_utils()->avalue_dot( 'is_ended', $_POST ) ) {
92 tutor_utils()->mark_lesson_complete( $post_id );
93 }
94 exit();
95 }
96
97 public function sync_video_playback_noprev() {
98
99 }
100
101
102 public function tutor_place_rating() {
103 global $wpdb;
104
105 tutils()->checking_nonce();
106
107 $rating = sanitize_text_field( tutor_utils()->avalue_dot( 'rating', $_POST ) );
108 $course_id = sanitize_text_field( tutor_utils()->avalue_dot( 'course_id', $_POST ) );
109 $review = sanitize_textarea_field( tutor_utils()->avalue_dot( 'review', $_POST ) );
110
111 ! $rating ? $rating = 0 : 0;
112 $rating > 5 ? $rating = 5 : 0;
113
114 $user_id = get_current_user_id();
115 $user = get_userdata( $user_id );
116 $date = date( 'Y-m-d H:i:s', tutor_time() );
117
118 if ( ! tutils()->has_enrolled_content_access( 'course', $course_id ) ) {
119 wp_send_json_error( array( 'message' => __( 'Access Denied', 'tutor' ) ) );
120 exit;
121 }
122
123 do_action( 'tutor_before_rating_placed' );
124
125 $previous_rating_id = $wpdb->get_var( $wpdb->prepare( "select comment_ID from {$wpdb->comments} WHERE comment_post_ID = %d AND user_id = %d AND comment_type = 'tutor_course_rating' LIMIT 1;", $course_id, $user_id ) );
126
127 $review_ID = $previous_rating_id;
128 if ( $previous_rating_id ) {
129 $wpdb->update(
130 $wpdb->comments,
131 array( 'comment_content' => $review ),
132 array( 'comment_ID' => $previous_rating_id )
133 );
134
135 $rating_info = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->commentmeta} WHERE comment_id = %d AND meta_key = 'tutor_rating'; ", $previous_rating_id ) );
136 if ( $rating_info ) {
137 $wpdb->update(
138 $wpdb->commentmeta,
139 array( 'meta_value' => $rating ),
140 array(
141 'comment_id' => $previous_rating_id,
142 'meta_key' => 'tutor_rating',
143 )
144 );
145 } else {
146 $wpdb->insert(
147 $wpdb->commentmeta,
148 array(
149 'comment_id' => $previous_rating_id,
150 'meta_key' => 'tutor_rating',
151 'meta_value' => $rating,
152 )
153 );
154 }
155 } else {
156 $data = array(
157 'comment_post_ID' => esc_sql( $course_id ),
158 'comment_approved' => 'approved',
159 'comment_type' => 'tutor_course_rating',
160 'comment_date' => $date,
161 'comment_date_gmt' => get_gmt_from_date( $date ),
162 'user_id' => $user_id,
163 'comment_author' => $user->user_login,
164 'comment_agent' => 'TutorLMSPlugin',
165 );
166 if ( $review ) {
167 $data['comment_content'] = $review;
168 }
169
170 $wpdb->insert( $wpdb->comments, $data );
171 $comment_id = (int) $wpdb->insert_id;
172 $review_ID = $comment_id;
173
174 if ( $comment_id ) {
175 $result = $wpdb->insert(
176 $wpdb->commentmeta,
177 array(
178 'comment_id' => $comment_id,
179 'meta_key' => 'tutor_rating',
180 'meta_value' => $rating,
181 )
182 );
183
184 do_action( 'tutor_after_rating_placed', $comment_id );
185 }
186 }
187
188 $data = array(
189 'msg' => __( 'Rating placed success', 'tutor' ),
190 'review_id' => $review_ID,
191 'review' => $review,
192 );
193 wp_send_json_success( $data );
194 }
195
196 public function tutor_ask_question() {
197 tutor_utils()->checking_nonce();
198
199 global $wpdb;
200
201 $course_id = (int) sanitize_text_field( $_POST['tutor_course_id'] );
202 $question_title = sanitize_text_field( $_POST['question_title'] );
203 $question = wp_kses_post( $_POST['question'] );
204
205 if ( ! tutils()->has_enrolled_content_access( 'course', $course_id ) ) {
206 wp_send_json_error( array( 'message' => __( 'Access Denied', 'tutor' ) ) );
207 exit;
208 }
209
210 if ( empty( $question ) || empty( $question_title ) ) {
211 wp_send_json_error( __( 'Empty question title or body', 'tutor' ) );
212 }
213
214 $user_id = get_current_user_id();
215 $user = get_userdata( $user_id );
216 $date = date( 'Y-m-d H:i:s', tutor_time() );
217
218 do_action( 'tutor_before_add_question', $course_id );
219 $data = apply_filters(
220 'tutor_add_question_data',
221 array(
222 'comment_post_ID' => $course_id,
223 'comment_author' => $user->user_login,
224 'comment_date' => $date,
225 'comment_date_gmt' => get_gmt_from_date( $date ),
226 'comment_content' => $question,
227 'comment_approved' => 'waiting_for_answer',
228 'comment_agent' => 'TutorLMSPlugin',
229 'comment_type' => 'tutor_q_and_a',
230 'user_id' => $user_id,
231 )
232 );
233
234 $wpdb->insert( $wpdb->comments, $data );
235 $comment_id = (int) $wpdb->insert_id;
236
237 if ( $comment_id ) {
238 $result = $wpdb->insert(
239 $wpdb->commentmeta,
240 array(
241 'comment_id' => $comment_id,
242 'meta_key' => 'tutor_question_title',
243 'meta_value' => $question_title,
244 )
245 );
246 }
247 do_action( 'tutor_after_add_question', $course_id, $comment_id );
248
249 wp_send_json_success( __( 'Question has been added successfully', 'tutor' ) );
250 }
251
252
253 public function tutor_add_answer() {
254 tutor_utils()->checking_nonce();
255 global $wpdb;
256
257 $answer = wp_kses_post( $_POST['answer'] );
258 if ( ! $answer ) {
259 wp_send_json_error( __( 'Please write answer', 'tutor' ) );
260 }
261
262 $question_id = (int) sanitize_text_field( $_POST['question_id'] );
263 $question = tutor_utils()->get_qa_question( $question_id );
264
265 $user_id = get_current_user_id();
266 $user = get_userdata( $user_id );
267 $date = date( 'Y-m-d H:i:s', tutor_time() );
268
269 if ( ! tutils()->has_enrolled_content_access( 'qa_question', $question_id ) ) {
270 wp_send_json_error( array( 'message' => __( 'Access Denied', 'tutor' ) ) );
271 exit;
272 }
273
274 do_action( 'tutor_before_answer_to_question' );
275 $data = apply_filters(
276 'tutor_add_answer_data',
277 array(
278 'comment_post_ID' => $question->comment_post_ID,
279 'comment_author' => $user->user_login,
280 'comment_date' => $date,
281 'comment_date_gmt' => get_gmt_from_date( $date ),
282 'comment_content' => $answer,
283 'comment_approved' => 'approved',
284 'comment_agent' => 'TutorLMSPlugin',
285 'comment_type' => 'tutor_q_and_a',
286 'comment_parent' => $question_id,
287 'user_id' => $user_id,
288 )
289 );
290
291 $wpdb->insert( $wpdb->comments, $data );
292 $comment_id = (int) $wpdb->insert_id;
293 do_action( 'tutor_after_answer_to_question', $comment_id );
294
295 wp_send_json_success( __( 'Answer has been added successfully', 'tutor' ) );
296 }
297
298
299 public function tutor_course_add_to_wishlist() {
300 tutils()->checking_nonce();
301
302 $course_id = (int) sanitize_text_field( $_POST['course_id'] );
303 if ( ! is_user_logged_in() ) {
304 wp_send_json_error( array( 'redirect_to' => wp_login_url( wp_get_referer() ) ) );
305 }
306 global $wpdb;
307
308 $user_id = get_current_user_id();
309 $if_added_to_list = $wpdb->get_row( $wpdb->prepare( "SELECT * from {$wpdb->usermeta} WHERE user_id = %d AND meta_key = '_tutor_course_wishlist' AND meta_value = %d;", $user_id, $course_id ) );
310
311 if ( $if_added_to_list ) {
312 $wpdb->delete(
313 $wpdb->usermeta,
314 array(
315 'user_id' => $user_id,
316 'meta_key' => '_tutor_course_wishlist',
317 'meta_value' => $course_id,
318 )
319 );
320 wp_send_json_success(
321 array(
322 'status' => 'removed',
323 'msg' => __(
324 'Course removed from wish list',
325 'tutor'
326 ),
327 )
328 );
329 } else {
330 add_user_meta( $user_id, '_tutor_course_wishlist', $course_id );
331 wp_send_json_success(
332 array(
333 'status' => 'added',
334 'msg' => __(
335 'Course added to wish list',
336 'tutor'
337 ),
338 )
339 );
340 }
341 }
342
343 /**
344 * Method for enable / disable addons
345 */
346 public function addon_enable_disable() {
347
348 if ( ! current_user_can( 'manage_options' ) ) {
349 wp_send_json_error( array( 'message' => __( 'Access Denied', 'tutor' ) ) );
350 }
351
352 $addonsConfig = maybe_unserialize( get_option( 'tutor_addons_config' ) );
353
354 $isEnable = (bool) sanitize_text_field( tutor_utils()->avalue_dot( 'isEnable', $_POST ) );
355 $addonFieldName = sanitize_text_field( tutor_utils()->avalue_dot( 'addonFieldName', $_POST ) );
356
357 do_action( 'tutor_addon_before_enable_disable' );
358 if ( $isEnable ) {
359 do_action( "tutor_addon_before_enable_{$addonFieldName}" );
360 do_action( 'tutor_addon_before_enable', $addonFieldName );
361 $addonsConfig[ $addonFieldName ]['is_enable'] = 1;
362 update_option( 'tutor_addons_config', $addonsConfig );
363
364 do_action( 'tutor_addon_after_enable', $addonFieldName );
365 do_action( "tutor_addon_after_enable_{$addonFieldName}" );
366 } else {
367 do_action( "tutor_addon_before_disable_{$addonFieldName}" );
368 do_action( 'tutor_addon_before_disable', $addonFieldName );
369 $addonsConfig[ $addonFieldName ]['is_enable'] = 0;
370 update_option( 'tutor_addons_config', $addonsConfig );
371
372 do_action( 'tutor_addon_after_disable', $addonFieldName );
373 do_action( "tutor_addon_after_disable_{$addonFieldName}" );
374 }
375
376 do_action( 'tutor_addon_after_enable_disable' );
377 wp_send_json_success();
378 }
379
380 /**
381 * Load review edit form
382 *
383 * @since v.1.4.0
384 */
385 public function tutor_load_edit_review_modal() {
386 tutor_utils()->checking_nonce();
387
388 $review_id = (int) sanitize_text_field( tutils()->array_get( 'review_id', $_POST ) );
389 $rating = tutils()->get_rating_by_id( $review_id );
390
391 if ( ! tutils()->has_enrolled_content_access( 'review', $review_id ) ) {
392 wp_send_json_error( array( 'message' => __( 'Access Denied', 'tutor' ) ) );
393 exit;
394 }
395
396 ob_start();
397 tutor_load_template( 'dashboard.reviews.edit-review-form', array( 'rating' => $rating ) );
398 $output = ob_get_clean();
399
400 wp_send_json_success( array( 'output' => $output ) );
401 }
402
403 public function tutor_update_review_modal() {
404 global $wpdb;
405
406 tutor_utils()->checking_nonce();
407
408 $review_id = (int) sanitize_text_field( tutils()->array_get( 'review_id', $_POST ) );
409 $rating = sanitize_text_field( tutor_utils()->avalue_dot( 'rating', $_POST ) );
410 $review = wp_kses_post( tutor_utils()->avalue_dot( 'review', $_POST ) );
411
412 if ( ! tutils()->has_enrolled_content_access( 'review', $review_id ) ) {
413 wp_send_json_error( array( 'message' => __( 'Access Denied', 'tutor' ) ) );
414 exit;
415 }
416
417 $is_exists = $wpdb->get_var( $wpdb->prepare( "SELECT comment_ID from {$wpdb->comments} WHERE comment_ID=%d AND comment_type = 'tutor_course_rating' ;", $review_id ) );
418
419 if ( $is_exists ) {
420 $wpdb->update(
421 $wpdb->comments,
422 array( 'comment_content' => $review ),
423 array( 'comment_ID' => $review_id )
424 );
425 $wpdb->update(
426 $wpdb->commentmeta,
427 array( 'meta_value' => $rating ),
428 array(
429 'comment_id' => $review_id,
430 'meta_key' => 'tutor_rating',
431 )
432 );
433
434 do_action( 'tutor_after_review_update', $review_id, $is_exists );
435
436 wp_send_json_success();
437 }
438 wp_send_json_error();
439 }
440
441 /**
442 * Process ajax login
443 *
444 * @since v.1.6.3
445 */
446 public function process_ajax_login() {
447 tutils()->checking_nonce();
448
449 $username = sanitize_text_field( tutils()->array_get( 'log', $_POST ) );
450 $password = tutils()->array_get( 'pwd', $_POST ); // Password can not be sanitized because users might use special characters including quotes etc.
451 $redirect_to = esc_url( tutils()->array_get( 'redirect_to', $_POST ) );
452
453 try {
454 $creds = array(
455 'user_login' => trim( wp_unslash( $username ) ), // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
456 'user_password' => $password, // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
457 'remember' => isset( $_POST['rememberme'] ), // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
458 );
459
460 $validation_error = new \WP_Error();
461 $validation_error = apply_filters( 'tutor_process_login_errors', $validation_error, $creds['user_login'], $creds['user_password'] );
462
463 if ( $validation_error->get_error_code() ) {
464 wp_send_json_error( '<strong>' . __( 'ERROR:', 'tutor' ) . '</strong> ' . $validation_error->get_error_message() );
465 }
466
467 if ( empty( $creds['user_login'] ) ) {
468 wp_send_json_error( '<strong>' . __( 'ERROR:', 'tutor' ) . '</strong> ' . __( 'Username is required.', 'tutor' ) );
469 }
470
471 // On multisite, ensure user exists on current site, if not add them before allowing login.
472 if ( is_multisite() ) {
473 $user_data = get_user_by( is_email( $creds['user_login'] ) ? 'email' : 'login', $creds['user_login'] );
474
475 if ( $user_data && ! is_user_member_of_blog( $user_data->ID, get_current_blog_id() ) ) {
476 add_user_to_blog( get_current_blog_id(), $user_data->ID, 'customer' );
477 }
478 }
479
480 // Perform the login.
481 $user = wp_signon( apply_filters( 'tutor_login_credentials', $creds ), is_ssl() );
482
483 if ( is_wp_error( $user ) ) {
484 $message = $user->get_error_message();
485 $message = str_replace( '<strong>' . esc_html( $creds['user_login'] ) . '</strong>', '<strong>' . esc_html( $creds['user_login'] ) . '</strong>', $message );
486
487 wp_send_json_error( $message );
488 } else {
489 // since 1.9.8 do enroll if guest attempt to enroll
490 do_action( 'tutor_do_enroll_after_login_if_attempt', $_POST['tutor_course_enroll_attempt'] );
491
492 wp_send_json_success(
493 array(
494 'redirect' => apply_filters( 'tutor_login_redirect_url', $redirect_to ),
495 )
496 );
497
498 }
499 } catch ( \Exception $e ) {
500 wp_send_json_error( apply_filters( 'login_errors', $e->getMessage() ) );
501 do_action( 'tutor_login_failed' );
502 }
503 }
504
505 /**
506 * Create/Update announcement
507 *
508 * @since v.1.7.9
509 */
510 public function create_or_update_annoucement() {
511 // prepare alert message
512 $create_success_msg = __( 'Announcement created successfully', 'tutor' );
513 $update_success_msg = __( 'Announcement updated successfully', 'tutor' );
514 $create_fail_msg = __( 'Announcement creation failed', 'tutor' );
515 $update_fail_msg = __( 'Announcement update failed', 'tutor' );
516
517 $error = array();
518 $response = array();
519 tutils()->checking_nonce();
520
521 $course_id = sanitize_text_field( $_POST['tutor_announcement_course'] );
522 $announcement_title = sanitize_text_field( $_POST['tutor_announcement_title'] );
523 $announcement_summary = sanitize_textarea_field( $_POST['tutor_announcement_summary'] );
524
525 if ( ! tutils()->can_user_manage( 'course', $course_id ) ) {
526 wp_send_json_error( array( 'message' => __( 'Access Denied', 'tutor' ) ) );
527 }
528
529 // set data and sanitize it
530 $form_data = array(
531 'post_type' => 'tutor_announcements',
532 'post_title' => $announcement_title,
533 'post_content' => $announcement_summary,
534 'post_parent' => $course_id,
535 'post_status' => 'publish',
536 );
537
538 if ( isset( $_POST['announcement_id'] ) ) {
539 $form_data['ID'] = sanitize_text_field( $_POST['announcement_id'] );
540 }
541
542 // validation message set
543 if ( empty( $form_data['post_parent'] ) ) {
544 $error['post_parent'] = __( 'Course name required', 'tutor' );
545
546 }
547
548 if ( empty( $form_data['post_title'] ) ) {
549 $error['post_title'] = __( 'Announcement title required', 'tutor' );
550 }
551
552 if ( empty( $form_data['post_content'] ) ) {
553 $error['post_content'] = __( 'Announcement summary required', 'tutor' );
554
555 }
556
557 if ( count( $error ) > 0 ) {
558 $response['status'] = 'validation_error';
559 $response['message'] = $error;
560 wp_send_json( $response );
561 } else {
562 // insert or update post
563 $post_id = wp_insert_post( $form_data );
564 if ( $post_id > 0 ) {
565 $announcement = get_post( $post_id );
566 $action_type = sanitize_textarea_field( $_POST['action_type'] );
567 $response['status'] = 'success';
568 // set reponse message as per action type
569 $response['message'] = ( $action_type == 'create' ) ? $create_success_msg : $update_success_msg;
570
571 do_action( 'tutor_announcements/after/save', $post_id, $announcement, $action_type );
572
573 wp_send_json( $response );
574 } else {
575 // failure message
576 $response['status'] = 'fail';
577 if ( $_POST['action_type'] == 'create' ) {
578 $response['message'] = $create_fail_msg;
579 }
580 if ( $_POST['action_type'] == 'update' ) {
581 $response['message'] = $update_fail_msg;
582 }
583 wp_send_json( $response );
584 }
585 }
586 }
587
588 /**
589 * Delete announcement
590 *
591 * @since v.1.7.9
592 */
593 public function delete_annoucement() {
594 $announcement_id = sanitize_text_field( $_POST['announcement_id'] );
595 tutils()->checking_nonce();
596
597 if ( ! tutils()->can_user_manage( 'announcement', $announcement_id ) ) {
598 wp_send_json_error( array( 'message' => __( 'Access Denied', 'tutor' ) ) );
599 }
600
601 $delete = wp_delete_post( $announcement_id );
602 if ( $delete ) {
603 $response = array(
604 'status' => 'success',
605 'message' => __( 'Announcement deleted successfully', 'tutor' ),
606 );
607 wp_send_json( $response );
608 } else {
609 $response = array(
610 'status' => 'fail',
611 'message' => __( 'Announcement delete failed', 'tutor' ),
612 );
613 wp_send_json( $response );
614 }
615 }
616 }
617