/preheaders/checkout.php

  1. <?php 
  2. global $post, $gateway, $wpdb, $besecure, $discount_code, $discount_code_id, $pmpro_level, $pmpro_levels, $pmpro_msg, $pmpro_msgt, $pmpro_review, $skip_account_fields, $pmpro_paypal_token, $pmpro_show_discount_code, $pmpro_error_fields, $pmpro_required_billing_fields, $pmpro_required_user_fields, $wp_version, $current_user; 
  3.  
  4. //make sure we know current user's membership level 
  5. if ( $current_user->ID ) { 
  6. $current_user->membership_level = pmpro_getMembershipLevelForUser( $current_user->ID ); 
  7.  
  8. //this var stores fields with errors so we can make them red on the frontend 
  9. $pmpro_error_fields = array(); 
  10.  
  11. //blank array for required fields, set below 
  12. $pmpro_required_billing_fields = array(); 
  13. $pmpro_required_user_fields = array(); 
  14.  
  15. //was a gateway passed? 
  16. if ( ! empty( $_REQUEST['gateway'] ) ) { 
  17. $gateway = $_REQUEST['gateway']; 
  18. } elseif ( ! empty( $_REQUEST['review'] ) ) { 
  19. $gateway = "paypalexpress"; 
  20. } else { 
  21. $gateway = pmpro_getOption( "gateway" ); 
  22.  
  23. //set valid gateways - the active gateway in the settings and any gateway added through the filter will be allowed 
  24. if ( pmpro_getOption( "gateway", true ) == "paypal" ) { 
  25. $valid_gateways = apply_filters( "pmpro_valid_gateways", array( "paypal", "paypalexpress" ) ); 
  26. } else { 
  27. $valid_gateways = apply_filters( "pmpro_valid_gateways", array( pmpro_getOption( "gateway", true ) ) ); 
  28.  
  29. //let's add an error now, if an invalid gateway is set 
  30. if ( ! in_array( $gateway, $valid_gateways ) ) { 
  31. $pmpro_msg = __( "Invalid gateway.", 'paid-memberships-pro' ); 
  32. $pmpro_msgt = "pmpro_error"; 
  33.  
  34. //what level are they purchasing? (discount code passed) 
  35. $pmpro_level = pmpro_getLevelAtCheckout(); 
  36.  
  37. if ( empty( $pmpro_level->id ) ) { 
  38. wp_redirect( pmpro_url( "levels" ) ); 
  39. exit( 0 ); 
  40.  
  41. //enqueue some scripts 
  42. wp_enqueue_script( 'jquery.creditCardValidator', plugins_url( '/js/jquery.creditCardValidator.js', dirname( __FILE__ ) ), array( 'jquery' ) ); 
  43.  
  44. global $wpdb, $current_user, $pmpro_requirebilling; 
  45. //unless we're submitting a form, let's try to figure out if https should be used 
  46.  
  47. if ( ! pmpro_isLevelFree( $pmpro_level ) ) { 
  48. //require billing and ssl 
  49. $pagetitle = __( "Checkout: Payment Information", 'paid-memberships-pro' ); 
  50. $pmpro_requirebilling = true; 
  51. $besecure = pmpro_getOption( "use_ssl" ); 
  52. } else { 
  53. //no payment so we don't need ssl 
  54. $pagetitle = __( "Set Up Your Account", 'paid-memberships-pro' ); 
  55. $pmpro_requirebilling = false; 
  56. $besecure = false; 
  57.  
  58. //in case a discount code was used or something else made the level free, but we're already over ssl 
  59. if ( ! $besecure && ! empty( $_REQUEST['submit-checkout'] ) && is_ssl() ) { 
  60. $besecure = true; 
  61. } //be secure anyway since we're already checking out 
  62.  
  63. //action to run extra code for gateways/etc 
  64. do_action( 'pmpro_checkout_preheader' ); 
  65.  
  66. //get all levels in case we need them 
  67. global $pmpro_levels; 
  68. $pmpro_levels = pmpro_getAllLevels(); 
  69.  
  70. //should we show the discount code field? 
  71. if ( $wpdb->get_var( "SELECT id FROM $wpdb->pmpro_discount_codes LIMIT 1" ) ) { 
  72. $pmpro_show_discount_code = true; 
  73. } else { 
  74. $pmpro_show_discount_code = false; 
  75. $pmpro_show_discount_code = apply_filters( "pmpro_show_discount_code", $pmpro_show_discount_code ); 
  76.  
  77. //by default we show the account fields if the user isn't logged in 
  78. if ( $current_user->ID ) { 
  79. $skip_account_fields = true; 
  80. } else { 
  81. $skip_account_fields = false; 
  82. //in case people want to have an account created automatically 
  83. $skip_account_fields = apply_filters( "pmpro_skip_account_fields", $skip_account_fields, $current_user ); 
  84.  
  85. //some options 
  86. global $tospage; 
  87. $tospage = pmpro_getOption( "tospage" ); 
  88. if ( $tospage ) { 
  89. $tospage = get_post( $tospage ); 
  90.  
  91. //load em up (other fields) 
  92. global $username, $password, $password2, $bfirstname, $blastname, $baddress1, $baddress2, $bcity, $bstate, $bzipcode, $bcountry, $bphone, $bemail, $bconfirmemail, $CardType, $AccountNumber, $ExpirationMonth, $ExpirationYear; 
  93.  
  94. if ( isset( $_REQUEST['order_id'] ) ) { 
  95. $order_id = intval( $_REQUEST['order_id'] ); 
  96. } else { 
  97. $order_id = ""; 
  98. if ( isset( $_REQUEST['bfirstname'] ) ) { 
  99. $bfirstname = sanitize_text_field( stripslashes( $_REQUEST['bfirstname'] ) ); 
  100. } else { 
  101. $bfirstname = ""; 
  102. if ( isset( $_REQUEST['blastname'] ) ) { 
  103. $blastname = sanitize_text_field( stripslashes( $_REQUEST['blastname'] ) ); 
  104. } else { 
  105. $blastname = ""; 
  106. if ( isset( $_REQUEST['fullname'] ) ) { 
  107. $fullname = $_REQUEST['fullname']; 
  108. } //honeypot for spammers 
  109. if ( isset( $_REQUEST['baddress1'] ) ) { 
  110. $baddress1 = sanitize_text_field( stripslashes( $_REQUEST['baddress1'] ) ); 
  111. } else { 
  112. $baddress1 = ""; 
  113. if ( isset( $_REQUEST['baddress2'] ) ) { 
  114. $baddress2 = sanitize_text_field( stripslashes( $_REQUEST['baddress2'] ) ); 
  115. } else { 
  116. $baddress2 = ""; 
  117. if ( isset( $_REQUEST['bcity'] ) ) { 
  118. $bcity = sanitize_text_field( stripslashes( $_REQUEST['bcity'] ) ); 
  119. } else { 
  120. $bcity = ""; 
  121.  
  122. if ( isset( $_REQUEST['bstate'] ) ) { 
  123. $bstate = sanitize_text_field( stripslashes( $_REQUEST['bstate'] ) ); 
  124. } else { 
  125. $bstate = ""; 
  126.  
  127. //convert long state names to abbreviations 
  128. if ( ! empty( $bstate ) ) { 
  129. global $pmpro_states; 
  130. foreach ( $pmpro_states as $abbr => $state ) { 
  131. if ( $bstate == $state ) { 
  132. $bstate = $abbr; 
  133. break; 
  134.  
  135. if ( isset( $_REQUEST['bzipcode'] ) ) { 
  136. $bzipcode = sanitize_text_field( stripslashes( $_REQUEST['bzipcode'] ) ); 
  137. } else { 
  138. $bzipcode = ""; 
  139. if ( isset( $_REQUEST['bcountry'] ) ) { 
  140. $bcountry = sanitize_text_field( stripslashes( $_REQUEST['bcountry'] ) ); 
  141. } else { 
  142. $bcountry = ""; 
  143. if ( isset( $_REQUEST['bphone'] ) ) { 
  144. $bphone = sanitize_text_field( stripslashes( $_REQUEST['bphone'] ) ); 
  145. } else { 
  146. $bphone = ""; 
  147. if ( isset ( $_REQUEST['bemail'] ) ) { 
  148. $bemail = sanitize_email( stripslashes( $_REQUEST['bemail'] ) ); 
  149. } elseif ( is_user_logged_in() ) { 
  150. $bemail = $current_user->user_email; 
  151. } else { 
  152. $bemail = ""; 
  153. if ( isset( $_REQUEST['bconfirmemail_copy'] ) ) { 
  154. $bconfirmemail = $bemail; 
  155. } elseif ( isset( $_REQUEST['bconfirmemail'] ) ) { 
  156. $bconfirmemail = sanitize_email( stripslashes( $_REQUEST['bconfirmemail'] ) ); 
  157. } elseif ( is_user_logged_in() ) { 
  158. $bconfirmemail = $current_user->user_email; 
  159. } else { 
  160. $bconfirmemail = ""; 
  161.  
  162. if ( isset( $_REQUEST['CardType'] ) && ! empty( $_REQUEST['AccountNumber'] ) ) { 
  163. $CardType = sanitize_text_field( $_REQUEST['CardType'] ); 
  164. } else { 
  165. $CardType = ""; 
  166. if ( isset( $_REQUEST['AccountNumber'] ) ) { 
  167. $AccountNumber = sanitize_text_field( $_REQUEST['AccountNumber'] ); 
  168. } else { 
  169. $AccountNumber = ""; 
  170.  
  171. if ( isset( $_REQUEST['ExpirationMonth'] ) ) { 
  172. $ExpirationMonth = sanitize_text_field( $_REQUEST['ExpirationMonth'] ); 
  173. } else { 
  174. $ExpirationMonth = ""; 
  175. if ( isset( $_REQUEST['ExpirationYear'] ) ) { 
  176. $ExpirationYear = sanitize_text_field( $_REQUEST['ExpirationYear'] ); 
  177. } else { 
  178. $ExpirationYear = ""; 
  179. if ( isset( $_REQUEST['CVV'] ) ) { 
  180. $CVV = sanitize_text_field( $_REQUEST['CVV'] ); 
  181. } else { 
  182. $CVV = ""; 
  183.  
  184. if ( isset( $_REQUEST['discount_code'] ) ) { 
  185. $discount_code = preg_replace( "/[^A-Za-z0-9\-]/", "", $_REQUEST['discount_code'] ); 
  186. } else { 
  187. $discount_code = ""; 
  188. if ( isset( $_REQUEST['username'] ) ) { 
  189. $username = sanitize_user( $_REQUEST['username'] ); 
  190. } else { 
  191. $username = ""; 
  192. if ( isset( $_REQUEST['password'] ) ) { 
  193. $password = $_REQUEST['password']; 
  194. } else { 
  195. $password = ""; 
  196. if ( isset( $_REQUEST['password2_copy'] ) ) { 
  197. $password2 = $password; 
  198. } elseif ( isset( $_REQUEST['password2'] ) ) { 
  199. $password2 = $_REQUEST['password2']; 
  200. } else { 
  201. $password2 = ""; 
  202. if ( isset( $_REQUEST['tos'] ) ) { 
  203. $tos = intval( $_REQUEST['tos'] ); 
  204. } else { 
  205. $tos = ""; 
  206.  
  207. //_x stuff in case they clicked on the image button with their mouse 
  208. if ( isset( $_REQUEST['submit-checkout'] ) ) { 
  209. $submit = $_REQUEST['submit-checkout']; 
  210. if ( empty( $submit ) && isset( $_REQUEST['submit-checkout_x'] ) ) { 
  211. $submit = $_REQUEST['submit-checkout_x']; 
  212. if ( isset( $submit ) && $submit === "0" ) { 
  213. $submit = true; 
  214. } elseif ( ! isset( $submit ) ) { 
  215. $submit = false; 
  216.  
  217. //require fields 
  218. $pmpro_required_billing_fields = array( 
  219. "bfirstname" => $bfirstname,  
  220. "blastname" => $blastname,  
  221. "baddress1" => $baddress1,  
  222. "bcity" => $bcity,  
  223. "bstate" => $bstate,  
  224. "bzipcode" => $bzipcode,  
  225. "bphone" => $bphone,  
  226. "bemail" => $bemail,  
  227. "bcountry" => $bcountry,  
  228. "CardType" => $CardType,  
  229. "AccountNumber" => $AccountNumber,  
  230. "ExpirationMonth" => $ExpirationMonth,  
  231. "ExpirationYear" => $ExpirationYear,  
  232. "CVV" => $CVV 
  233. ); 
  234. $pmpro_required_billing_fields = apply_filters( "pmpro_required_billing_fields", $pmpro_required_billing_fields ); 
  235. $pmpro_required_user_fields = array( 
  236. "username" => $username,  
  237. "password" => $password,  
  238. "password2" => $password2,  
  239. "bemail" => $bemail,  
  240. "bconfirmemail" => $bconfirmemail 
  241. ); 
  242. $pmpro_required_user_fields = apply_filters( "pmpro_required_user_fields", $pmpro_required_user_fields ); 
  243.  
  244. //pmpro_confirmed is set to true later if payment goes through 
  245. $pmpro_confirmed = false; 
  246.  
  247. //check their fields if they clicked continue 
  248. if ( $submit && $pmpro_msgt != "pmpro_error" ) { 
  249.  
  250. //make sure javascript is ok 
  251. if ( apply_filters( "pmpro_require_javascript_for_checkout", true ) && ! empty( $_REQUEST['checkjavascript'] ) && empty( $_REQUEST['javascriptok'] ) ) { 
  252. pmpro_setMessage( __( "There are JavaScript errors on the page. Please contact the webmaster.", 'paid-memberships-pro' ), "pmpro_error" ); 
  253.  
  254. //if we're skipping the account fields and there is no user, we need to create a username and password 
  255. if ( $skip_account_fields && ! $current_user->ID ) { 
  256. $username = pmpro_generateUsername( $bfirstname, $blastname, $bemail ); 
  257. if ( empty( $username ) ) { 
  258. $username = pmpro_getDiscountCode(); 
  259. $password = pmpro_getDiscountCode() . pmpro_getDiscountCode(); //using two random discount codes 
  260. $password2 = $password; 
  261.  
  262. //check billing fields 
  263. if ( $pmpro_requirebilling ) { 
  264. //filter 
  265. foreach ( $pmpro_required_billing_fields as $key => $field ) { 
  266. if ( ! $field ) { 
  267. $pmpro_error_fields[] = $key; 
  268.  
  269. //check user fields 
  270. if ( empty( $current_user->ID ) ) { 
  271. foreach ( $pmpro_required_user_fields as $key => $field ) { 
  272. if ( ! $field ) { 
  273. $pmpro_error_fields[] = $key; 
  274.  
  275. if ( ! empty( $pmpro_error_fields ) ) { 
  276. pmpro_setMessage( __( "Please complete all required fields.", 'paid-memberships-pro' ), "pmpro_error" ); 
  277. if ( ! empty( $password ) && $password != $password2 ) { 
  278. pmpro_setMessage( __( "Your passwords do not match. Please try again.", 'paid-memberships-pro' ), "pmpro_error" ); 
  279. $pmpro_error_fields[] = "password"; 
  280. $pmpro_error_fields[] = "password2"; 
  281. if ( ! empty( $bemail ) && $bemail != $bconfirmemail ) { 
  282. pmpro_setMessage( __( "Your email addresses do not match. Please try again.", 'paid-memberships-pro' ), "pmpro_error" ); 
  283. $pmpro_error_fields[] = "bemail"; 
  284. $pmpro_error_fields[] = "bconfirmemail"; 
  285. if ( ! empty( $bemail ) && ! is_email( $bemail ) ) { 
  286. pmpro_setMessage( __( "The email address entered is in an invalid format. Please try again.", 'paid-memberships-pro' ), "pmpro_error" ); 
  287. $pmpro_error_fields[] = "bemail"; 
  288. $pmpro_error_fields[] = "bconfirmemail"; 
  289. if ( ! empty( $tospage ) && empty( $tos ) ) { 
  290. pmpro_setMessage( sprintf( __( "Please check the box to agree to the %s.", 'paid-memberships-pro' ), $tospage->post_title ), "pmpro_error" ); 
  291. $pmpro_error_fields[] = "tospage"; 
  292. if ( ! in_array( $gateway, $valid_gateways ) ) { 
  293. pmpro_setMessage( __( "Invalid gateway.", 'paid-memberships-pro' ), "pmpro_error" ); 
  294. if ( ! empty( $fullname ) ) { 
  295. pmpro_setMessage( __( "Are you a spammer?", 'paid-memberships-pro' ), "pmpro_error" ); 
  296.  
  297. if ( $pmpro_msgt == "pmpro_error" ) { 
  298. $pmpro_continue_registration = false; 
  299. } else { 
  300. $pmpro_continue_registration = true; 
  301. $pmpro_continue_registration = apply_filters( "pmpro_registration_checks", $pmpro_continue_registration ); 
  302.  
  303. if ( $pmpro_continue_registration ) { 
  304. //if creating a new user, check that the email and username are available 
  305. if ( empty( $current_user->ID ) ) { 
  306. $ouser = get_user_by( 'login', $username ); 
  307. $oldem_user = get_user_by( 'email', $bemail ); 
  308.  
  309. //this hook can be used to allow multiple accounts with the same email address 
  310. $oldemail = apply_filters( "pmpro_checkout_oldemail", ( false !== $oldem_user ? $oldem_user->user_email : null ) ); 
  311.  
  312. if ( ! empty( $ouser->user_login ) ) { 
  313. pmpro_setMessage( __( "That username is already taken. Please try another.", 'paid-memberships-pro' ), "pmpro_error" ); 
  314. $pmpro_error_fields[] = "username"; 
  315.  
  316. if ( ! empty( $oldemail ) ) { 
  317. pmpro_setMessage( __( "That email address is already taken. Please try another.", 'paid-memberships-pro' ), "pmpro_error" ); 
  318. $pmpro_error_fields[] = "bemail"; 
  319. $pmpro_error_fields[] = "bconfirmemail"; 
  320.  
  321. //only continue if there are no other errors yet 
  322. if ( $pmpro_msgt != "pmpro_error" ) { 
  323. //check recaptcha first 
  324. global $recaptcha; 
  325. if ( ! $skip_account_fields && ( $recaptcha == 2 || ( $recaptcha == 1 && pmpro_isLevelFree( $pmpro_level ) ) ) ) { 
  326. global $recaptcha_privatekey; 
  327.  
  328. if ( isset( $_POST["recaptcha_challenge_field"] ) ) { 
  329. //using older recaptcha lib 
  330. $resp = recaptcha_check_answer( $recaptcha_privatekey,  
  331. $_SERVER["REMOTE_ADDR"],  
  332. $_POST["recaptcha_challenge_field"],  
  333. $_POST["recaptcha_response_field"] ); 
  334.  
  335. $recaptcha_valid = $resp->is_valid; 
  336. $recaptcha_errors = $resp->error; 
  337. } else { 
  338. //using newer recaptcha lib 
  339. $reCaptcha = new pmpro_ReCaptcha( $recaptcha_privatekey ); 
  340. $resp = $reCaptcha->verifyResponse( $_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"] ); 
  341.  
  342. $recaptcha_valid = $resp->success; 
  343. $recaptcha_errors = $resp->errorCodes; 
  344.  
  345. if ( ! $recaptcha_valid ) { 
  346. $pmpro_msg = sprintf( __( "reCAPTCHA failed. (%s) Please try again.", 'paid-memberships-pro' ), $recaptcha_errors ); 
  347. $pmpro_msgt = "pmpro_error"; 
  348. } else { 
  349. // Your code here to handle a successful verification 
  350. if ( $pmpro_msgt != "pmpro_error" ) { 
  351. $pmpro_msg = "All good!"; 
  352. } else { 
  353. if ( $pmpro_msgt != "pmpro_error" ) { 
  354. $pmpro_msg = "All good!"; 
  355.  
  356. //no errors yet 
  357. if ( $pmpro_msgt != "pmpro_error" ) { 
  358. do_action( 'pmpro_checkout_before_processing' ); 
  359.  
  360. //process checkout if required 
  361. if ( $pmpro_requirebilling ) { 
  362. $morder = new MemberOrder(); 
  363. $morder->membership_id = $pmpro_level->id; 
  364. $morder->membership_name = $pmpro_level->name; 
  365. $morder->discount_code = $discount_code; 
  366. $morder->InitialPayment = $pmpro_level->initial_payment; 
  367. $morder->PaymentAmount = $pmpro_level->billing_amount; 
  368. $morder->ProfileStartDate = date_i18n( "Y-m-d", current_time( "timestamp" ) ) . "T0:0:0"; 
  369. $morder->BillingPeriod = $pmpro_level->cycle_period; 
  370. $morder->BillingFrequency = $pmpro_level->cycle_number; 
  371.  
  372. if ( $pmpro_level->billing_limit ) { 
  373. $morder->TotalBillingCycles = $pmpro_level->billing_limit; 
  374.  
  375. if ( pmpro_isLevelTrial( $pmpro_level ) ) { 
  376. $morder->TrialBillingPeriod = $pmpro_level->cycle_period; 
  377. $morder->TrialBillingFrequency = $pmpro_level->cycle_number; 
  378. $morder->TrialBillingCycles = $pmpro_level->trial_limit; 
  379. $morder->TrialAmount = $pmpro_level->trial_amount; 
  380.  
  381. //credit card values 
  382. $morder->cardtype = $CardType; 
  383. $morder->accountnumber = $AccountNumber; 
  384. $morder->expirationmonth = $ExpirationMonth; 
  385. $morder->expirationyear = $ExpirationYear; 
  386. $morder->ExpirationDate = $ExpirationMonth . $ExpirationYear; 
  387. $morder->ExpirationDate_YdashM = $ExpirationYear . "-" . $ExpirationMonth; 
  388. $morder->CVV2 = $CVV; 
  389.  
  390. //not saving email in order table, but the sites need it 
  391. $morder->Email = $bemail; 
  392.  
  393. //sometimes we need these split up 
  394. $morder->FirstName = $bfirstname; 
  395. $morder->LastName = $blastname; 
  396. $morder->Address1 = $baddress1; 
  397. $morder->Address2 = $baddress2; 
  398.  
  399. //other values 
  400. $morder->billing = new stdClass(); 
  401. $morder->billing->name = $bfirstname . " " . $blastname; 
  402. $morder->billing->street = trim( $baddress1 . " " . $baddress2 ); 
  403. $morder->billing->city = $bcity; 
  404. $morder->billing->state = $bstate; 
  405. $morder->billing->country = $bcountry; 
  406. $morder->billing->zip = $bzipcode; 
  407. $morder->billing->phone = $bphone; 
  408.  
  409. //$gateway = pmpro_getOption("gateway"); 
  410. $morder->gateway = $gateway; 
  411. $morder->setGateway(); 
  412.  
  413. //setup level var 
  414. $morder->getMembershipLevel(); 
  415. $morder->membership_level = apply_filters( "pmpro_checkout_level", $morder->membership_level ); 
  416.  
  417. //tax 
  418. $morder->subtotal = $morder->InitialPayment; 
  419. $morder->getTax(); 
  420.  
  421. //filter for order, since v1.8 
  422. $morder = apply_filters( "pmpro_checkout_order", $morder ); 
  423.  
  424. $pmpro_processed = $morder->process(); 
  425.  
  426. if ( ! empty( $pmpro_processed ) ) { 
  427. $pmpro_msg = __( "Payment accepted.", 'paid-memberships-pro' ); 
  428. $pmpro_msgt = "pmpro_success"; 
  429. $pmpro_confirmed = true; 
  430. } else { 
  431. $pmpro_msg = !empty( $morder->error ) ? $morder->error : null; 
  432. if ( empty( $pmpro_msg ) ) { 
  433. $pmpro_msg = __( "Unknown error generating account. Please contact us to set up your membership.", 'paid-memberships-pro' ); 
  434. $pmpro_msgt = "pmpro_error"; 
  435.  
  436. } else // !$pmpro_requirebilling 
  437. //must have been a free membership, continue 
  438. $pmpro_confirmed = true; 
  439. } //endif ($pmpro_continue_registration) 
  440.  
  441. //make sure we have at least an empty morder here to avoid a warning 
  442. if ( empty( $morder ) ) { 
  443. $morder = false; 
  444.  
  445. //Hook to check payment confirmation or replace it. If we get an array back, pull the values (morder) out 
  446. $pmpro_confirmed = apply_filters( 'pmpro_checkout_confirmed', $pmpro_confirmed, $morder ); 
  447. if ( is_array( $pmpro_confirmed ) ) { 
  448. extract( $pmpro_confirmed ); 
  449.  
  450. //if payment was confirmed create/update the user. 
  451. if ( ! empty( $pmpro_confirmed ) ) { 
  452. //just in case this hasn't been set yet 
  453. $submit = true; 
  454.  
  455. //do we need to create a user account? 
  456. if ( ! $current_user->ID ) { 
  457. /** 
  458. create user 
  459. */ 
  460. if ( version_compare( $wp_version, "3.1" ) < 0 ) { 
  461. require_once( ABSPATH . WPINC . '/registration.php' ); 
  462. } //need this for WP versions before 3.1 
  463.  
  464. //first name 
  465. if ( ! empty( $_REQUEST['first_name'] ) ) { 
  466. $first_name = $_REQUEST['first_name']; 
  467. } else { 
  468. $first_name = $bfirstname; 
  469. //last name 
  470. if ( ! empty( $_REQUEST['last_name'] ) ) { 
  471. $last_name = $_REQUEST['last_name']; 
  472. } else { 
  473. $last_name = $blastname; 
  474.  
  475. //insert user 
  476. $new_user_array = apply_filters( 'pmpro_checkout_new_user_array', array( 
  477. "user_login" => $username,  
  478. "user_pass" => $password,  
  479. "user_email" => $bemail,  
  480. "first_name" => $first_name,  
  481. "last_name" => $last_name 
  482. ); 
  483.  
  484. $user_id = apply_filters( 'pmpro_new_user', '', $new_user_array ); 
  485. if ( empty( $user_id ) ) { 
  486. $user_id = wp_insert_user( $new_user_array ); 
  487.  
  488. if ( empty( $user_id ) || is_wp_error( $user_id ) ) { 
  489. $e_msg = ''; 
  490.  
  491. if ( is_wp_error( $user_id ) ) { 
  492. $e_msg = $user_id->get_error_message(); 
  493.  
  494. $pmpro_msg = __( "Your payment was accepted, but there was an error setting up your account. Please contact us.", 'paid-memberships-pro' ) . sprintf( " %s", $e_msg ); // Dirty 'don't break translation hack. 
  495. $pmpro_msgt = "pmpro_error"; 
  496. } elseif ( apply_filters( 'pmpro_setup_new_user', true, $user_id, $new_user_array, $pmpro_level ) ) { 
  497.  
  498. //check pmpro_wp_new_user_notification filter before sending the default WP email 
  499. if ( apply_filters( "pmpro_wp_new_user_notification", true, $user_id, $pmpro_level->id ) ) { 
  500. if ( version_compare( $wp_version, "4.3.0" ) >= 0 ) { 
  501. wp_new_user_notification( $user_id, null, 'both' ); 
  502. } else { 
  503. wp_new_user_notification( $user_id, $new_user_array['user_pass'] ); 
  504.  
  505. $wpuser = get_userdata( $user_id ); 
  506.  
  507. //make the user a subscriber 
  508. $wpuser->set_role( get_option( 'default_role', 'subscriber' ) ); 
  509.  
  510. //okay, log them in to WP 
  511. $creds = array(); 
  512. $creds['user_login'] = $new_user_array['user_login']; 
  513. $creds['user_password'] = $new_user_array['user_pass']; 
  514. $creds['remember'] = true; 
  515. $user = wp_signon( $creds, false ); 
  516.  
  517. //setting some cookies 
  518. wp_set_current_user( $user_id, $username ); 
  519. wp_set_auth_cookie( $user_id, true, apply_filters( 'pmpro_checkout_signon_secure', force_ssl_admin() ) ); 
  520. } else { 
  521. $user_id = $current_user->ID; 
  522.  
  523. if ( ! empty( $user_id ) && ! is_wp_error( $user_id ) ) { 
  524. do_action( 'pmpro_checkout_before_change_membership_level', $user_id, $morder ); 
  525.  
  526. //start date is NOW() but filterable below 
  527. $startdate = current_time( "mysql" ); 
  528.  
  529. /** 
  530. * Filter the start date for the membership/subscription. 
  531. * 
  532. * @since 1.8.9 
  533. * 
  534. * @param string $startdate , datetime formatsted for MySQL (NOW() or YYYY-MM-DD) 
  535. * @param int $user_id , ID of the user checking out 
  536. * @param object $pmpro_level , object of level being checked out for 
  537. */ 
  538. $startdate = apply_filters( "pmpro_checkout_start_date", $startdate, $user_id, $pmpro_level ); 
  539.  
  540. //calculate the end date 
  541. if ( ! empty( $pmpro_level->expiration_number ) ) { 
  542. $enddate = date_i18n( "Y-m-d", strtotime( "+ " . $pmpro_level->expiration_number . " " . $pmpro_level->expiration_period, current_time( "timestamp" ) ) ); 
  543. } else { 
  544. $enddate = "NULL"; 
  545.  
  546. /** 
  547. * Filter the end date for the membership/subscription. 
  548. * 
  549. * @since 1.8.9 
  550. * 
  551. * @param string $enddate , datetime formatsted for MySQL (YYYY-MM-DD) 
  552. * @param int $user_id , ID of the user checking out 
  553. * @param object $pmpro_level , object of level being checked out for 
  554. * @param string $startdate , startdate calculated above 
  555. */ 
  556. $enddate = apply_filters( "pmpro_checkout_end_date", $enddate, $user_id, $pmpro_level, $startdate ); 
  557.  
  558. //check code before adding it to the order 
  559. $code_check = pmpro_checkDiscountCode( $discount_code, $pmpro_level->id, true ); 
  560. if ( $code_check[0] == false ) { 
  561. //error 
  562. $pmpro_msg = $code_check[1]; 
  563. $pmpro_msgt = "pmpro_error"; 
  564.  
  565. //don't use this code 
  566. $use_discount_code = false; 
  567. } else { 
  568. //all okay 
  569. $use_discount_code = true; 
  570.  
  571. //update membership_user table.  
  572. if ( ! empty( $discount_code ) && ! empty( $use_discount_code ) ) { 
  573. $discount_code_id = $wpdb->get_var( "SELECT id FROM $wpdb->pmpro_discount_codes WHERE code = '" . esc_sql( $discount_code ) . "' LIMIT 1" ); 
  574. } else { 
  575. $discount_code_id = ""; 
  576.  
  577. $custom_level = array( 
  578. 'user_id' => $user_id,  
  579. 'membership_id' => $pmpro_level->id,  
  580. 'code_id' => $discount_code_id,  
  581. 'initial_payment' => $pmpro_level->initial_payment,  
  582. 'billing_amount' => $pmpro_level->billing_amount,  
  583. 'cycle_number' => $pmpro_level->cycle_number,  
  584. 'cycle_period' => $pmpro_level->cycle_period,  
  585. 'billing_limit' => $pmpro_level->billing_limit,  
  586. 'trial_amount' => $pmpro_level->trial_amount,  
  587. 'trial_limit' => $pmpro_level->trial_limit,  
  588. 'startdate' => $startdate,  
  589. 'enddate' => $enddate 
  590. ); 
  591.  
  592. if ( pmpro_changeMembershipLevel( $custom_level, $user_id, 'changed' ) ) { 
  593. //we're good 
  594. //blank order for free levels 
  595. if ( empty( $morder ) ) { 
  596. $morder = new MemberOrder(); 
  597. $morder->InitialPayment = 0; 
  598. $morder->Email = $bemail; 
  599. $morder->gateway = "free"; 
  600.  
  601. $morder = apply_filters( "pmpro_checkout_order_free", $morder ); 
  602.  
  603. //add an item to the history table, cancel old subscriptions 
  604. if ( ! empty( $morder ) ) { 
  605. $morder->user_id = $user_id; 
  606. $morder->membership_id = $pmpro_level->id; 
  607. $morder->saveOrder(); 
  608.  
  609. //update the current user 
  610. global $current_user; 
  611. if ( ! $current_user->ID && $user->ID ) { 
  612. $current_user = $user; 
  613. } //in case the user just signed up 
  614. pmpro_set_current_user(); 
  615.  
  616. //add discount code use 
  617. if ( $discount_code && $use_discount_code ) { 
  618. if ( ! empty( $morder->id ) ) { 
  619. $code_order_id = $morder->id; 
  620. } else { 
  621. $code_order_id = ""; 
  622.  
  623. $wpdb->query( "INSERT INTO $wpdb->pmpro_discount_codes_uses (code_id, user_id, order_id, timestamp) VALUES('" . $discount_code_id . "', '" . $user_id . "', '" . intval( $code_order_id ) . "', '" . current_time( "mysql" ) . "')" ); 
  624.  
  625. //save billing info ect, as user meta 
  626. $meta_keys = array( 
  627. "pmpro_bfirstname",  
  628. "pmpro_blastname",  
  629. "pmpro_baddress1",  
  630. "pmpro_baddress2",  
  631. "pmpro_bcity",  
  632. "pmpro_bstate",  
  633. "pmpro_bzipcode",  
  634. "pmpro_bcountry",  
  635. "pmpro_bphone",  
  636. "pmpro_bemail",  
  637. "pmpro_CardType",  
  638. "pmpro_AccountNumber",  
  639. "pmpro_ExpirationMonth",  
  640. "pmpro_ExpirationYear" 
  641. ); 
  642. $meta_values = array( 
  643. $bfirstname,  
  644. $blastname,  
  645. $baddress1,  
  646. $baddress2,  
  647. $bcity,  
  648. $bstate,  
  649. $bzipcode,  
  650. $bcountry,  
  651. $bphone,  
  652. $bemail,  
  653. $CardType,  
  654. hideCardNumber( $AccountNumber ),  
  655. $ExpirationMonth,  
  656. $ExpirationYear 
  657. ); 
  658. pmpro_replaceUserMeta( $user_id, $meta_keys, $meta_values ); 
  659.  
  660. //save first and last name fields 
  661. if ( ! empty( $bfirstname ) ) { 
  662. $old_firstname = get_user_meta( $user_id, "first_name", true ); 
  663. if ( empty( $old_firstname ) ) { 
  664. update_user_meta( $user_id, "first_name", $bfirstname ); 
  665. if ( ! empty( $blastname ) ) { 
  666. $old_lastname = get_user_meta( $user_id, "last_name", true ); 
  667. if ( empty( $old_lastname ) ) { 
  668. update_user_meta( $user_id, "last_name", $blastname ); 
  669.  
  670. //show the confirmation 
  671. $ordersaved = true; 
  672.  
  673. //hook 
  674. do_action( "pmpro_after_checkout", $user_id, $morder ); //added $morder param in v2.0 
  675.  
  676. $sendemails = apply_filters( "pmpro_send_checkout_emails", true); 
  677.  
  678. if($sendemails) { // Send the e-mails only if the flag is set to true 
  679.  
  680. //setup some values for the emails 
  681. if ( ! empty( $morder ) ) { 
  682. $invoice = new MemberOrder( $morder->id ); 
  683. } else { 
  684. $invoice = null; 
  685. $current_user->membership_level = $pmpro_level; //make sure they have the right level info 
  686.  
  687. //send email to member 
  688. $pmproemail = new PMProEmail(); 
  689. $pmproemail->sendCheckoutEmail( $current_user, $invoice ); 
  690.  
  691. //send email to admin 
  692. $pmproemail = new PMProEmail(); 
  693. $pmproemail->sendCheckoutAdminEmail( $current_user, $invoice ); 
  694.  
  695. //redirect to confirmation 
  696. $rurl = pmpro_url( "confirmation", "?level=" . $pmpro_level->id ); 
  697. $rurl = apply_filters( "pmpro_confirmation_url", $rurl, $user_id, $pmpro_level ); 
  698. wp_redirect( $rurl ); 
  699. exit; 
  700. } else { 
  701.  
  702. //uh oh. we charged them then the membership creation failed 
  703.  
  704. // test that the order object contains data 
  705. $test = (array) $morder; 
  706. if ( ! empty( $test ) && $morder->cancel() ) { 
  707. $pmpro_msg = __( "IMPORTANT: Something went wrong during membership creation. Your credit card authorized, but we cancelled the order immediately. You should not try to submit this form again. Please contact the site owner to fix this issue.", 'paid-memberships-pro' ); 
  708. $morder = null; 
  709. } else { 
  710. $pmpro_msg = __( "IMPORTANT: Something went wrong during membership creation. Your credit card was charged, but we couldn't assign your membership. You should not submit this form again. Please contact the site owner to fix this issue.", 'paid-memberships-pro' ); 
  711.  
  712. //default values 
  713. if ( empty( $submit ) ) { 
  714. //show message if the payment gateway is not setup yet 
  715. if ( $pmpro_requirebilling && ! pmpro_getOption( "gateway", true ) ) { 
  716. if ( pmpro_isAdmin() ) { 
  717. $pmpro_msg = sprintf( __( 'You must <a href="%s">set up a Payment Gateway</a> before any payments will be processed.', 'paid-memberships-pro' ), get_admin_url( null, '/admin.php?page=pmpro-paymentsettings' ) ); 
  718. } else { 
  719. $pmpro_msg = __( "A Payment Gateway must be set up before any payments will be processed.", 'paid-memberships-pro' ); 
  720. $pmpro_msgt = ""; 
  721.  
  722. //default values from DB 
  723. if ( ! empty( $current_user->ID ) ) { 
  724. $bfirstname = get_user_meta( $current_user->ID, "pmpro_bfirstname", true ); 
  725. $blastname = get_user_meta( $current_user->ID, "pmpro_blastname", true ); 
  726. $baddress1 = get_user_meta( $current_user->ID, "pmpro_baddress1", true ); 
  727. $baddress2 = get_user_meta( $current_user->ID, "pmpro_baddress2", true ); 
  728. $bcity = get_user_meta( $current_user->ID, "pmpro_bcity", true ); 
  729. $bstate = get_user_meta( $current_user->ID, "pmpro_bstate", true ); 
  730. $bzipcode = get_user_meta( $current_user->ID, "pmpro_bzipcode", true ); 
  731. $bcountry = get_user_meta( $current_user->ID, "pmpro_bcountry", true ); 
  732. $bphone = get_user_meta( $current_user->ID, "pmpro_bphone", true ); 
  733. $bemail = get_user_meta( $current_user->ID, "pmpro_bemail", true ); 
  734. $bconfirmemail = $bemail; //as of 1.7.5, just setting to bemail 
  735. $CardType = get_user_meta( $current_user->ID, "pmpro_CardType", true ); 
  736. //$AccountNumber = hideCardNumber(get_user_meta($current_user->ID, "pmpro_AccountNumber", true), false); 
  737. $ExpirationMonth = get_user_meta( $current_user->ID, "pmpro_ExpirationMonth", true ); 
  738. $ExpirationYear = get_user_meta( $current_user->ID, "pmpro_ExpirationYear", true ); 
  739.  
  740. //clear out XXXX numbers (e.g. with Stripe) 
  741. if ( ! empty( $AccountNumber ) && strpos( $AccountNumber, "XXXX" ) === 0 ) { 
  742. $AccountNumber = ""; 
.