/classes/class-s2-frontend.php

  1. <?php 
  2. class s2_frontend extends s2class { 
  3. /** 
  4. Load all our strings 
  5. */ 
  6. function load_strings() { 
  7. $this->please_log_in = "<p class=\"s2_message\">" . sprintf(__('To manage your subscription options please <a href="%1$s">login.</a>', 'subscribe2'), get_option('siteurl') . '/wp-login.php') . "</p>"; 
  8.  
  9. $this->profile = "<p class=\"s2_message\">" . sprintf(__('You may manage your subscription options from your <a href="%1$s">profile</a>', 'subscribe2'), get_option('siteurl') . "/wp-admin/admin.php?page=s2") . "</p>"; 
  10. if ( $this->s2_mu === true ) { 
  11. global $blog_id; 
  12. $user_ID = get_current_user_id(); 
  13. if ( !is_user_member_of_blog($user_ID, $blog_id) ) { 
  14. // if we are on multisite and the user is not a member of this blog change the link 
  15. $this->profile = "<p class=\"s2_message\">" . sprintf(__('<a href="%1$s">Subscribe</a> to email notifications when this blog posts new content.', 'subscribe2'), get_option('siteurl') . "/wp-admin/?s2mu_subscribe=" . $blog_id) . "</p>"; 
  16.  
  17. $this->confirmation_sent = "<p class=\"s2_message\">" . __('A confirmation message is on its way!', 'subscribe2') . "</p>"; 
  18.  
  19. $this->already_subscribed = "<p class=\"s2_error\">" . __('That email address is already subscribed.', 'subscribe2') . "</p>"; 
  20.  
  21. $this->not_subscribed = "<p class=\"s2_error\">" . __('That email address is not subscribed.', 'subscribe2') . "</p>"; 
  22.  
  23. $this->not_an_email = "<p class=\"s2_error\">" . __('Sorry, but that does not look like an email address to me.', 'subscribe2') . "</p>"; 
  24.  
  25. $this->barred_domain = "<p class=\"s2_error\">" . __('Sorry, email addresses at that domain are currently barred due to spam, please use an alternative email address.', 'subscribe2') . "</p>"; 
  26.  
  27. $this->error = "<p class=\"s2_error\">" . __('Sorry, there seems to be an error on the server. Please try again later.', 'subscribe2') . "</p>"; 
  28.  
  29. // confirmation messages 
  30. $this->no_such_email = "<p class=\"s2_error\">" . __('No such email address is registered.', 'subscribe2') . "</p>"; 
  31.  
  32. $this->added = "<p class=\"s2_message\">" . __('You have successfully subscribed!', 'subscribe2') . "</p>"; 
  33.  
  34. $this->deleted = "<p class=\"s2_message\">" . __('You have successfully unsubscribed.', 'subscribe2') . "</p>"; 
  35.  
  36. /**/$this->subscribe = __('subscribe', 'subscribe2'); //ACTION replacement in subscribing confirmation email 
  37.  
  38. /**/$this->unsubscribe = __('unsubscribe', 'subscribe2'); //ACTION replacement in unsubscribing in confirmation email 
  39. } // end load_strings() 
  40.  
  41. /** ===== template and filter functions ===== */ 
  42. /** 
  43. Display our form; also handles (un)subscribe requests 
  44. */ 
  45. function shortcode($atts) { 
  46. extract(shortcode_atts(array( 
  47. 'hide' => '',  
  48. 'id' => '',  
  49. 'nojs' => 'false',  
  50. 'noantispam' => 'false',  
  51. 'link' => '',  
  52. 'size' => 20,  
  53. 'wrap' => 'true' 
  54. ), $atts)); 
  55.  
  56. // if link is true return a link to the page with the ajax class 
  57. if ( $link !== '' && !is_user_logged_in() ) { 
  58. $hide_id = ($hide === '') ? "": " id=\"" . strtolower($hide) . "\""; 
  59. $this->s2form = "<a href=\"" . get_permalink($this->subscribe2_options['s2page']) . "\" class=\"s2popup\"" . $hide_id . ">" . $link . "</a>\r\n"; 
  60. return $this->s2form; 
  61.  
  62. // Apply filters to button text 
  63. $unsubscribe_button_value = apply_filters('s2_unsubscribe_button', __('Unsubscribe', 'subscribe2')); 
  64. $subscribe_button_value = apply_filters('s2_subscribe_button', __('Subscribe', 'subscribe2')); 
  65.  
  66. // if a button is hidden, show only other 
  67. if ( strtolower($hide) == 'subscribe' ) { 
  68. $this->input_form_action = "<input type=\"submit\" name=\"unsubscribe\" value=\"" . esc_attr($unsubscribe_button_value) . "\" />"; 
  69. } elseif ( strtolower($hide) == 'unsubscribe' ) { 
  70. $this->input_form_action = "<input type=\"submit\" name=\"subscribe\" value=\"" . esc_attr($subscribe_button_value) . "\" />"; 
  71. } else { 
  72. // both form input actions 
  73. $this->input_form_action = "<input type=\"submit\" name=\"subscribe\" value=\"" . esc_attr($subscribe_button_value) . "\" /> <input type=\"submit\" name=\"unsubscribe\" value=\"" . esc_attr($unsubscribe_button_value) . "\" />"; 
  74.  
  75. // if ID is provided, get permalink 
  76. $action = ''; 
  77. if ( is_numeric($id) ) { 
  78. $action = " action=\"" . get_permalink( $id ) . "\""; 
  79. } elseif ( $id === 'home' ) { 
  80. $action = " action=\"" . get_site_url() . "\""; 
  81. } elseif ( $id === 'self' ) { 
  82. $action = ''; 
  83. } elseif ( $this->subscribe2_options['s2page'] > 0 ) { 
  84. $action = " action=\"" . get_permalink( $this->subscribe2_options['s2page'] ) . "\""; 
  85.  
  86. // allow remote setting of email in form 
  87. if ( isset($_REQUEST['email']) && is_email($_REQUEST['email']) ) { 
  88. $value = $this->sanitize_email($_REQUEST['email']); 
  89. } elseif ( strtolower($nojs) == 'true' ) { 
  90. $value = ''; 
  91. } else { 
  92. $value = __('Enter email address...', 'subscribe2'); 
  93.  
  94. // if wrap is true add paragraph html tags 
  95. $wrap_text = ''; 
  96. if ( strtolower($wrap) == 'true' ) { 
  97. $wrap_text = '</p><p>'; 
  98.  
  99. // deploy some anti-spam measures 
  100. $antispam_text = ''; 
  101. if ( strtolower($noantispam) != 'true' ) { 
  102. $antispam_text = "<span style=\"display:none !important\">"; 
  103. $antispam_text .= "<label for=\"name\">Leave Blank:</label><input type=\"text\" id=\"name\" name=\"name\" />"; 
  104. $antispam_text .= "<label for=\"uri\">Do Not Change:</label><input type=\"text\" id=\"uri\" name=\"uri\" value=\"http://\" />"; 
  105. $antispam_text .= "</span>"; 
  106.  
  107. // build default form 
  108. if ( strtolower($nojs) == 'true' ) { 
  109. $this->form = "<form method=\"post\"" . $action . "><input type=\"hidden\" name=\"ip\" value=\"" . $_SERVER['REMOTE_ADDR'] . "\" />" . $antispam_text . "<p><label for=\"s2email\">" . __('Your email:', 'subscribe2') . "</label><br /><input type=\"text\" name=\"email\" id=\"s2email\" value=\"" . $value . "\" size=\"" . $size . "\" />" . $wrap_text . $this->input_form_action . "</p></form>"; 
  110. } else { 
  111. $this->form = "<form method=\"post\"" . $action . "><input type=\"hidden\" name=\"ip\" value=\"" . $_SERVER['REMOTE_ADDR'] . "\" />" . $antispam_text . "<p><label for=\"s2email\">" . __('Your email:', 'subscribe2') . "</label><br /><input type=\"text\" name=\"email\" id=\"s2email\" value=\"" . $value . "\" size=\"" . $size . "\" onfocus=\"if (this.value == '" . $value . "') {this.value = '';}\" onblur=\"if (this.value == '') {this.value = '" . $value . "';}\" />" . $wrap_text . $this->input_form_action . "</p></form>\r\n"; 
  112. $this->s2form = apply_filters('s2_form', $this->form); 
  113.  
  114. global $user_ID; 
  115. get_currentuserinfo(); 
  116. if ( $user_ID ) { 
  117. $this->s2form = $this->profile; 
  118. if ( isset($_POST['subscribe']) || isset($_POST['unsubscribe']) ) { 
  119. // anti spam sign up measure 
  120. if ( $_POST['name'] != '' || $_POST['uri'] != 'http://' ) { 
  121. // looks like some invisible-to-user fields were changed; falsely report success 
  122. return $this->confirmation_sent; 
  123. global $wpdb, $user_email; 
  124. $this->email = $this->sanitize_email($_POST['email']); 
  125. if ( !is_email($this->email) ) { 
  126. $this->s2form = $this->form . $this->not_an_email; 
  127. } elseif ( $this->is_barred($this->email) ) { 
  128. $this->s2form = $this->form . $this->barred_domain; 
  129. } else { 
  130. $this->ip = $_POST['ip']; 
  131. if ( is_int($this->lockout) && $this->lockout > 0 ) { 
  132. $date = date('H:i:s.u', $this->lockout); 
  133. $ips = $wpdb->get_col($wpdb->prepare("SELECT ip FROM $this->public WHERE date = CURDATE() AND time > SUBTIME(CURTIME(), %s)", $date)); 
  134. if ( in_array($this->ip, $ips) ) { 
  135. return __('Slow down, you move too fast.', 'subscribe2'); 
  136. // does the supplied email belong to a registered user? 
  137. $check = $wpdb->get_var($wpdb->prepare("SELECT user_email FROM $wpdb->users WHERE user_email = %s", $this->email)); 
  138. if ( '' != $check ) { 
  139. // this is a registered email 
  140. $this->s2form = $this->please_log_in; 
  141. } else { 
  142. // this is not a registered email 
  143. // what should we do? 
  144. if ( isset($_POST['subscribe']) ) { 
  145. // someone is trying to subscribe 
  146. // lets see if they've tried to subscribe previously 
  147. if ( '1' !== $this->is_public($this->email) ) { 
  148. // the user is unknown or inactive 
  149. $this->add($this->email); 
  150. $status = $this->send_confirm('add'); 
  151. // set a variable to denote that we've already run, and shouldn't run again 
  152. $this->filtered = 1; 
  153. if ( $status ) { 
  154. $this->s2form = $this->confirmation_sent; 
  155. } else { 
  156. $this->s2form = $this->error; 
  157. } else { 
  158. // they're already subscribed 
  159. $this->s2form = $this->already_subscribed; 
  160. $this->action = 'subscribe'; 
  161. } elseif ( isset($_POST['unsubscribe']) ) { 
  162. // is this email a subscriber? 
  163. if ( false == $this->is_public($this->email) ) { 
  164. $this->s2form = $this->form . $this->not_subscribed; 
  165. } else { 
  166. $status = $this->send_confirm('del'); 
  167. // set a variable to denote that we've already run, and shouldn't run again 
  168. $this->filtered = 1; 
  169. if ( $status ) { 
  170. $this->s2form = $this->confirmation_sent; 
  171. } else { 
  172. $this->s2form = $this->error; 
  173. $this->action = 'unsubscribe'; 
  174. return $this->s2form; 
  175. } // end shortcode() 
  176.  
  177. /** 
  178. Display form when deprecated <!--subscribe2--> is used 
  179. */ 
  180. function filter($content = '') { 
  181. if ( '' == $content || !strstr($content, '<!--subscribe2-->') ) { return $content; } 
  182.  
  183. return preg_replace('|(<p>)?(\n)*<!--subscribe2-->(\n)*(</p>)?|', do_shortcode( '[subscribe2]' ), $content); 
  184. } // end filter() 
  185.  
  186. /** 
  187. Overrides the default query when handling a (un)subscription confirmation 
  188. This is basically a trick: if the s2 variable is in the query string, just grab the first 
  189. static page and override it's contents later with title_filter() 
  190. */ 
  191. function query_filter() { 
  192. // don't interfere if we've already done our thing 
  193. if ( 1 == $this->filtered ) { return; } 
  194.  
  195. global $wpdb; 
  196.  
  197. // brute force Simple Facebook Connect to bypass compatiblity issues 
  198. $priority = has_filter('wp_head', 'sfc_base_meta'); 
  199. if ( $priority !== false ) { 
  200. remove_action('wp_head', 'sfc_base_meta', $priority); 
  201.  
  202. if ( 0 != $this->subscribe2_options['s2page'] ) { 
  203. return array('page_id' => $this->subscribe2_options['s2page']); 
  204. } else { 
  205. $id = $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_type='page' AND post_status='publish' LIMIT 1"); 
  206. if ( $id ) { 
  207. return array('page_id' => $id); 
  208. } else { 
  209. return array('showposts' => 1); 
  210. } // end query_filter() 
  211.  
  212. /** 
  213. Overrides the page title 
  214. */ 
  215. function title_filter($title) { 
  216. // don't interfere if we've already done our thing 
  217. if ( in_the_loop() ) { 
  218. $code = $_GET['s2']; 
  219. $action = intval(substr($code, 0, 1)); 
  220. if ( $action == '1' ) { 
  221. return __('Subscription Confirmation', 'subscribe2'); 
  222. } else { 
  223. return __('Unsubscription Confirmation', 'subscribe2'); 
  224. } else { 
  225. return $title; 
  226. } // end title_filter() 
  227.  
  228. /** 
  229. Confirm request from the link emailed to the user and email the admin 
  230. */ 
  231. function confirm($content = '') { 
  232. global $wpdb; 
  233.  
  234. if ( 1 == $this->filtered ) { return $content; } 
  235.  
  236. $code = $_GET['s2']; 
  237. $action = intval(substr($code, 0, 1)); 
  238. $hash = substr($code, 1, 32); 
  239. $id = intval(substr($code, 33)); 
  240. if ( $id ) { 
  241. $this->email = $this->sanitize_email($this->get_email($id)); 
  242. if ( !$this->email || $hash !== wp_hash($this->email) ) { 
  243. return $this->no_such_email; 
  244. } else { 
  245. return $this->no_such_email; 
  246.  
  247. // get current status of email so messages are only sent once per emailed link 
  248. $current = $this->is_public($this->email); 
  249.  
  250. if ( '1' == $action ) { 
  251. // make this subscription active 
  252. $this->message = apply_filters('s2_subscribe_confirmed', $this->added); 
  253. if ( '1' != $current ) { 
  254. $this->ip = $_SERVER['REMOTE_ADDR']; 
  255. $this->toggle($this->email); 
  256. if ( $this->subscribe2_options['admin_email'] == 'subs' || $this->subscribe2_options['admin_email'] == 'both' ) { 
  257. ( '' == get_option('blogname') ) ? $subject = "" : $subject = "[" . stripslashes(html_entity_decode(get_option('blogname'), ENT_QUOTES)) . "] "; 
  258. $subject .= __('New Subscription', 'subscribe2'); 
  259. $subject = html_entity_decode($subject, ENT_QUOTES); 
  260. $message = $this->email . " " . __('subscribed to email notifications!', 'subscribe2'); 
  261. $role = array('fields' => array('user_email'), 'role' => 'administrator'); 
  262. $wp_user_query = get_users( $role ); 
  263. foreach ($wp_user_query as $user) { 
  264. $recipients[] = $user->user_email; 
  265. $recipients = apply_filters('s2_admin_email', $recipients, 'subscribe'); 
  266. $headers = $this->headers(); 
  267. // send individual emails so we don't reveal admin emails to each other 
  268. foreach ( $recipients as $recipient ) { 
  269. @wp_mail($recipient, $subject, $message, $headers); 
  270. $this->filtered = 1; 
  271. } elseif ( '0' == $action ) { 
  272. // remove this subscriber 
  273. $this->message = apply_filters('s2_unsubscribe_confirmed', $this->deleted); 
  274. if ( '0' != $current ) { 
  275. $this->delete($this->email); 
  276. if ( $this->subscribe2_options['admin_email'] == 'unsubs' || $this->subscribe2_options['admin_email'] == 'both' ) { 
  277. ( '' == get_option('blogname') ) ? $subject = "" : $subject = "[" . stripslashes(html_entity_decode(get_option('blogname'), ENT_QUOTES)) . "] "; 
  278. $subject .= __('New Unsubscription', 'subscribe2'); 
  279. $subject = html_entity_decode($subject, ENT_QUOTES); 
  280. $message = $this->email . " " . __('unsubscribed from email notifications!', 'subscribe2'); 
  281. $role = array('fields' => array('user_email'), 'role' => 'administrator'); 
  282. $wp_user_query = get_users( $role ); 
  283. foreach ($wp_user_query as $user) { 
  284. $recipients[] = $user->user_email; 
  285. $recipients = apply_filters('s2_admin_email', $recipients, 'unsubscribe'); 
  286. $headers = $this->headers(); 
  287. // send individual emails so we don't reveal admin emails to each other 
  288. foreach ( $recipients as $recipient ) { 
  289. @wp_mail($recipient, $subject, $message, $headers); 
  290. $this->filtered = 1; 
  291.  
  292. if ( '' != $this->message ) { 
  293. return $this->message; 
  294. } // end confirm() 
  295.  
  296. /** 
  297. Add hook for Minimeta Widget plugin 
  298. */ 
  299. function add_minimeta() { 
  300. if ( $this->subscribe2_options['s2page'] != 0 ) { 
  301. echo "<li><a href=\"" . get_permalink($this->subscribe2_options['s2page']) . "\">" . __('[Un]Subscribe to Posts', 'subscribe2') . "</a></li>\r\n"; 
  302. } // end add_minimeta() 
  303.  
  304. /** 
  305. Add jQuery code and CSS to front pages for ajax form 
  306. */ 
  307. function add_ajax() { 
  308. // enqueue the jQuery script we need and let WordPress handle the dependencies 
  309. wp_enqueue_script('jquery-ui-dialog'); 
  310. $css = 'http://ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/themes/ui-darkness/jquery-ui.css'; 
  311. if ( is_ssl() ) { 
  312. $css = str_replace('http:', 'https:', $css); 
  313. wp_register_style('jquery-ui-style', apply_filters('s2_jqueryui_css', $css)); 
  314. wp_enqueue_style('jquery-ui-style'); 
  315. } // end add_ajax() 
  316.  
  317. /** 
  318. Write Subscribe2 form js code dynamically so we can pull WordPress functions 
  319. */ 
  320. function add_s2_ajax() { 
  321. echo "<script type=\"text/javascript\">\r\n"; 
  322. echo "//<![CDATA[\r\n"; 
  323. echo "var s2jQuery = jQuery.noConflict();\r\n"; 
  324. echo "s2jQuery(document).ready(function() {\r\n"; 
  325. echo " var dialog = s2jQuery('<div></div>');\r\n"; 
  326. echo " if (s2jQuery('a.s2popup').attr('id') === 'unsubscribe') {\r\n"; 
  327. echo " dialog.html('" . do_shortcode('[subscribe2 nojs="true" hide="unsubscribe"]') . "');\r\n"; 
  328. echo " } else if (s2jQuery('a.s2popup').attr('id') === 'subscribe') {\r\n"; 
  329. echo " dialog.html('" . do_shortcode('[subscribe2 nojs="true" hide="subscribe"]') . "');\r\n"; 
  330. echo " } else {\r\n"; 
  331. echo " dialog.html('" . do_shortcode('[subscribe2 nojs="true"]') . "');\r\n"; 
  332. echo " }\r\n"; 
  333. if ( $this->s2form != $this->form && !is_user_logged_in() ) { 
  334. echo " dialog.dialog({modal: true, zIndex: 10000, title: '" . __('Subscribe to this blog', 'subscribe2') . "'});\r\n"; 
  335. } else { 
  336. echo " dialog.dialog({autoOpen: false, modal: true, zIndex: 10000, title: '" . __('Subscribe to this blog', 'subscribe2') . "'});\r\n"; 
  337. echo " s2jQuery('a.s2popup').click(function() {\r\n"; 
  338. echo " dialog.dialog('open');\r\n"; 
  339. echo " return false;\r\n"; 
  340. echo " });\r\n"; 
  341. echo "});\r\n"; 
  342. echo "//]]>\r\n"; 
  343. echo "</script>\r\n"; 
  344. } // end add_s2_ajax() 
  345.  
  346. /** 
  347. Check email is not from a barred domain 
  348. */ 
  349. function is_barred($email = '') { 
  350. if ( '' == $email ) { return false; } 
  351.  
  352. $bar_check = false; 
  353. list($user, $domain) = explode('@', $email, 2); 
  354. foreach ( preg_split("|[\s, ]+|", $this->subscribe2_options['barred']) as $barred_domain ) { 
  355. if ( strtolower($domain) === strtolower(trim($barred_domain)) ) { 
  356. $bar_check = true; 
  357. return $bar_check; 
  358. } // end is_barred() 
  359. ?> 
.