Changeset 3445583
- Timestamp:
- 01/23/2026 12:46:57 PM (2 months ago)
- Location:
- bookingor/trunk
- Files:
-
- 6 edited
-
README.txt (modified) (1 diff)
-
app/Backend/Controller/Payment/PaymentControl.php (modified) (2 diffs)
-
app/Backend/Controller/Settings/SettingsControl.php (modified) (1 diff)
-
app/Frontend/Controller/Customer/CustomerControlFront.php (modified) (1 diff)
-
app/Frontend/Controller/Staff/StaffControlFront.php (modified) (1 diff)
-
includes/class-bookingor.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
bookingor/trunk/README.txt
r3445558 r3445583 5 5 Tested up to: 6.9 6 6 Donate link: https://bookingor.com 7 Stable tag: 2.0. 47 Stable tag: 2.0.5 8 8 Requires PHP: 7.2 9 9 License: GPLv2 or later -
bookingor/trunk/app/Backend/Controller/Payment/PaymentControl.php
r3444926 r3445583 52 52 cb.picked_date, 53 53 cb.picked_date_end, 54 cb.tax_get_price,55 54 cb.payment_method, 56 55 cb.service_get_price, … … 128 127 cb.staff_get_id, 129 128 cb.service_get_price, 130 cb.tax_get_price,131 129 cb.discount_get_price, 132 130 cb.appoint_status, -
bookingor/trunk/app/Backend/Controller/Settings/SettingsControl.php
r3444926 r3445583 55 55 } 56 56 57 public function secureBookingor()58 {59 if (isset($_REQUEST['action'])) {60 if (isset($_POST['nonce'])) {61 if (!wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'bookingor_ajax_nonce')) {62 $response = [63 'status' => htmlspecialchars('error'),64 'message' => htmlspecialchars('Nonce verification failed.')65 ];66 echo wp_json_encode($response);67 }68 }69 70 update_option(self::$name_prefix . '_settings_p_ky_id', sanitize_text_field(wp_unslash($_POST['it_id'] ?? '')));71 update_option(self::$name_prefix . '_settings_p_ky', sanitize_text_field(wp_unslash($_POST['lc_code'] ?? '')));72 update_option(self::$name_prefix . '_settings_p_lc_name', sanitize_text_field(wp_unslash($_POST['lc_plan'] ?? '')));73 update_option(self::$name_prefix . '_settings_p_lc_slug', sanitize_text_field(wp_unslash($_POST['lc_plan_slug'] ?? '')));74 75 76 77 $get_p_k = sanitize_text_field(wp_unslash($_POST['lc_code']));78 $get_p_k_id = sanitize_text_field(wp_unslash($_POST['it_id']));79 80 $client = new Client();81 $endpoint = 'https://bookingor.com/';82 83 try {84 // Send a GET request85 $response = $client->get($endpoint, [86 'query' => [87 'edd_action' => 'check_license',88 'item_id' => $get_p_k_id,89 'license' => $get_p_k,90 'url' => home_url(),91 ],92 ]);93 94 // Get the response body95 $body = $response->getBody();96 $data = json_decode($body, true);97 98 $json_Data = wp_json_encode($data);99 // Output the response data100 101 if ($data['success'] == true && $data['license'] == 'valid') {102 update_option(self::$name_prefix . '_settings_p_data', sanitize_text_field($json_Data ?? ''));103 $response = [104 'license' => $data['license'],105 'status' => htmlspecialchars('success'),106 'message' => htmlspecialchars('License key verified successfully'),107 ];108 update_option(self::$name_prefix . '_setup_completed', 'yes');109 } elseif ($data['success'] == true && $data['license'] == 'site_inactive') {110 update_option(self::$name_prefix . '_settings_p_data', '');111 112 $response = [113 'license' => $data['license'],114 'status' => htmlspecialchars('error'),115 'message' => htmlspecialchars('Site Name not matched. Add Website on your bookingor Account'),116 'redirect_url' => admin_url('admin.php?page=bookingor-pro'),117 ];118 } else {119 update_option(self::$name_prefix . '_settings_p_data', '');120 121 $response = [122 'license' => $data['license'],123 'status' => htmlspecialchars('error'),124 'message' => htmlspecialchars('License key not verified'),125 'redirect_url' => admin_url('admin.php?page=bookingor-pro'),126 ];127 }128 129 echo wp_json_encode($response);130 die();131 } catch (\Exception $e) {132 $response = [133 'status' => htmlspecialchars('error'),134 'message' => htmlspecialchars('Server error: ' . $e->getMessage()),135 ];136 echo wp_json_encode($response);137 die();138 }139 }140 }141 57 142 58 /** -
bookingor/trunk/app/Frontend/Controller/Customer/CustomerControlFront.php
r3444926 r3445583 144 144 } 145 145 146 /**147 * Fetch customer profile data from customer_add table.148 *149 * @global wpdb $wpdb WordPress database abstraction object.150 *151 * @return array|object|null Customer profile data if user is a customer, otherwise null.152 */153 public static function bp_front_customer_profile_view()154 {155 $current_user = wp_get_current_user();156 $user_email = $current_user->user_email;157 global $wpdb;158 self::$bookingorDb = $wpdb;159 $escaped_user_email = $wpdb->prepare('%s', $user_email);160 $customer_detail = $wpdb->prefix . self::$dp_prefix . 'customer_add';161 162 $current_user = wp_get_current_user();163 $user_roles = $current_user->roles;164 if (in_array('bookingor_customer', $user_roles)) {165 166 return self::$customer_front_profile = self::$bookingorDb->get_results(self::$bookingorDb->prepare("SELECT customer_id, customer_first_name, customer_last_name, customer_email, customer_phone FROM %1\$s WHERE customer_email =" . $escaped_user_email, $customer_detail));167 }168 }169 170 /**171 * Log out the user and return a success response if the user is logged in.172 *173 * @return void174 */175 public static function bp_front_bookingor_profile_logout()176 {177 if (is_user_logged_in()) {178 wp_logout();179 180 $redirect_url = home_url();181 $response = [182 'status' => htmlspecialchars('success'),183 'message' => htmlspecialchars('Logged out successfully'),184 'redirect_url' => $redirect_url185 ];186 echo wp_json_encode($response);187 exit;188 }189 }190 191 /**192 * Log in the user and return a json response with a status of "success" and a message of "Logged in successfully" if the user is a customer, otherwise return a json response with a status of "failed" and a message of "Invalid email or password".193 *194 * @return void195 */196 public static function bp_front_bookingor_profile_login()197 {198 // Get the username and password from the request199 $email = sanitize_text_field(wp_unslash($_POST['username'] ?? ""));200 $password = sanitize_text_field(wp_unslash($_POST['password'] ?? ""));201 if (isset($_POST['nonce'])) {202 if (!wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'bookingor_ajax_nonce')) {203 $response = [204 'status' => htmlspecialchars('error'),205 'message' => htmlspecialchars('Nonce verification failed.')206 ];207 }208 }209 // Check if the username and password are correct210 $user = get_user_by('email', $email);211 if ($user && wp_check_password($password, $user->data->user_pass)) {212 // Login the user213 wp_set_auth_cookie($user->ID);214 // Get the current user's role215 $current_user = get_user_by('id', $user->ID);216 $user_roles = $current_user->roles;217 218 // Redirect to the corresponding dashboard page219 if (in_array('bookingor_customer', $user_roles)) {220 $customer_path = get_option('bookingor_customer_dashboard_page');221 $redirect_url = home_url($customer_path);222 } elseif (in_array('bookingor_staff', $user_roles)) {223 $staff_path = get_option('bookingor_staff_dashboard_page');224 $redirect_url = home_url($staff_path);225 } else {226 // Handle other roles or no role227 $response = [228 'status' => htmlspecialchars('failed'),229 'message' => htmlspecialchars('Invalid email or password')230 ];231 echo wp_json_encode($response);232 die();233 }234 235 // Send a JSON response with the redirect URL236 $response = [237 'status' => htmlspecialchars('success'),238 'redirect_url' => esc_url($redirect_url)239 ];240 echo wp_json_encode($response);241 die();242 } else {243 // Return an error message if the username or password is incorrect244 $response = [245 'status' => htmlspecialchars('failed'),246 'message' => htmlspecialchars('Invalid email or password')247 ];248 echo wp_json_encode($response);249 die();250 }251 }252 253 /**254 * Resets the user's password and returns a json response with a status of "success" and a message of "Password reset successfully" if the user exists, otherwise returns a json response with a status of "failed" and a message of "Invalid email address"255 *256 * @return void257 */258 function bp_front_bookingor_password_reset()259 {260 // Get the email from the request261 $email = sanitize_text_field(wp_unslash($_POST['email'] ?? ""));262 // Check if the email is valid263 $user = get_user_by('email', $email);264 if (isset($_POST['nonce'])) {265 if (!wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'bookingor_ajax_nonce')) {266 $response = [267 'status' => htmlspecialchars('error'),268 'message' => htmlspecialchars('Nonce verification failed.')269 ];270 }271 }272 if ($user) {273 // Generate a new password274 $new_password = wp_generate_password(12, false);275 // Update the user's password276 wp_set_password($new_password, $user->ID);277 // Send a password reset email to the user278 wp_password_change_notification($user, $new_password);279 EmailNotification::sendEmail(280 $user->user_email,281 'Your password has been reset',282 'Your new password is: ' . $new_password283 );284 // Return a success message285 $response = [286 'status' => htmlspecialchars('success'),287 'message' => htmlspecialchars('Password reset Email Sent Successfully')288 ];289 echo wp_json_encode($response);290 die();291 } else {292 // Return an error message if the email is invalid293 $response = [294 'status' => htmlspecialchars('failed'),295 'message' => htmlspecialchars('Invalid email address')296 ];297 echo wp_json_encode($response);298 die();299 }300 }301 146 } -
bookingor/trunk/app/Frontend/Controller/Staff/StaffControlFront.php
r3444926 r3445583 232 232 } 233 233 234 /** 235 * Retrieves staff assignment data including staff ID, first name, last name, icon, email, phone number, weekly schedule, and assigned services. 236 * Staff members are filtered by active status and the provided service ID. 237 * 238 * @return array An array of staff assignment data. 239 */ 240 public static function bp_front_get_staff_ajx() 241 { 242 $response = new \stdclass(); 243 $response->success = false; 244 global $wpdb; 245 self::$bookingorDb = $wpdb; 246 $get_staff = $wpdb->prefix . self::$dp_prefix . 'staff_add'; 247 $service_get_staff = $wpdb->prefix . self::$dp_prefix . 'staff_assign_service'; 248 $service_get_id = isset($_REQUEST['service_get_id']) ? intval($_REQUEST['service_get_id']) : 0; 249 if (isset($_POST['nonce'])) { 250 if (!wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'bookingor_ajax_nonce')) { 251 $response = [ 252 'status' => htmlspecialchars('error'), 253 'message' => htmlspecialchars('Nonce verification failed.') 254 ]; 255 } 256 } 257 $response = self::$bookingorDb->get_results($wpdb->prepare( 258 'SELECT 259 sgs.service_get_id, 260 sgs.staff_get_id, 261 gs.staff_id, 262 gs.staff_first_name, 263 gs.staff_last_name, 264 gs.staff_sheet_weekly 265 FROM 266 %1$s gs 267 INNER JOIN 268 %2$s sgs ON sgs.staff_get_id = gs.staff_id 269 WHERE 270 sgs.service_get_id = %3$s', 271 $get_staff, 272 $service_get_staff, 273 $service_get_id 274 )); 275 echo wp_json_encode($response); 276 die(); 277 } 278 279 /** 280 * Retrieves daily staff time data including staff ID, service ID, service duration, padding before and after, and weekly schedule. 281 * Staff members are filtered by active status and the provided staff ID and service ID. 282 * 283 * @return array An array of daily staff time data. 284 */ 285 public static function bp_front_daily_staff_time() 286 { 287 global $wpdb; 288 self::$bookingorDb = $wpdb; 289 $staff = $wpdb->prefix . self::$dp_prefix . 'staff_add'; 290 $service = $wpdb->prefix . self::$dp_prefix . 'services'; 291 $get_id = $wpdb->prefix . self::$dp_prefix . 'staff_service_get'; 292 $get_staff_id = sanitize_text_field(wp_unslash($_POST['get_staff_id'] ?? '')); 293 $get_service_id = sanitize_text_field(wp_unslash($_POST['get_service_id'] ?? '')); 294 if (isset($_POST['nonce'])) { 295 if (!wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'bookingor_ajax_nonce')) { 296 $response = [ 297 'status' => htmlspecialchars('error'), 298 'message' => htmlspecialchars('Nonce verification failed.') 299 ]; 300 } 301 } 302 self::$f_select_daily_time = self::$bookingorDb->get_results($wpdb->prepare( 303 'SELECT 304 DISTINCT gi.staff_get_id, 305 s.service_id, 306 s.service_duration, 307 s.service_duration_type, 308 s.padding_before, 309 s.padding_after, 310 st.staff_sheet_weekly 311 FROM 312 %1$s gi 313 INNER JOIN 314 %2$s st ON gi.staff_get_id = st.staff_id 315 INNER JOIN 316 %3$s s ON s.service_id = %4$s 317 WHERE 318 gi.staff_get_id = %5$s', 319 $get_id, 320 $staff, 321 $service, 322 $get_service_id, 323 $get_staff_id 324 )); 325 } 326 327 /** 328 * Logs in a staff member using their username and password. 329 * 330 * @return object The user object for the logged in staff member. 331 */ 332 public static function staff_admin_login() 333 { 334 $username = sanitize_text_field(wp_unslash($_POST['staff_username'] ?? '')); 335 $password = sanitize_text_field(wp_unslash($_POST['staff_password'] ?? '')); 336 if (isset($_POST['nonce'])) { 337 if (!wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'bookingor_ajax_nonce')) { 338 $response = [ 339 'status' => htmlspecialchars('error'), 340 'message' => htmlspecialchars('Nonce verification failed.') 341 ]; 342 } 343 } 344 $user = wp_signon(['user_login' => $username, 'user_password' => $password], false); 345 } 346 347 /** 348 * Hides the WordPress toolbar for staff members with the 'bookingor_staff' role. 349 * 350 * @return bool false if the user is a staff member, true otherwise. 351 */ 352 public static function hide_toolbar_for_bookingor_staff() 353 { 354 if (current_user_can('bookingor_staff')) { 355 return false; 356 } 357 } 358 359 /** 360 * Retrieves a list of upcoming appointments booked by customers for the 361 * current staff member. 362 * 363 * @return array An array of upcoming appointments, with the following 364 * information for each appointment: start time count, book ID, service 365 * ID, customer ID, staff ID, service name, service duration, service 366 * capacity min, service capacity max, service cost, appointment status, 367 * picked date, picked date end, start time, end time, payment method, 368 * customer ID, customer first name, customer last name, customer email, 369 * customer phone, staff first name, staff last name, staff email, and 370 * staff phone. 371 */ 372 373 374 /** 375 * Retrieve a list of staff profile data for the currently logged-in staff user. 376 * 377 * This method returns a list of staff profile data for the currently 378 * logged-in staff user. The list includes the staff ID, first name, last 379 * name, icon, email, phone, and sheet weekly. 380 * 381 * @return array List of staff profile data for the currently logged-in staff user. 382 */ 383 384 385 /** 386 * Retrieves staff details from the database based on the provided staff ID. 387 * Retrieves staff information including first name, last name, email, phone number, location, icon, weekly schedule, holidays, Google Calendar ID, Google access token, Google time zone, and status. 388 * 389 * @return stdClass An object containing staff data, special days, leave information, assigned services, and locations. 390 */ 391 public static function bp_front_get_staff_data() 392 { 393 $staffDetails = new stdClass(); 394 global $wpdb; 395 self::$bookingorDb = $wpdb; 396 $get_staff_data = $wpdb->prefix . self::$dp_prefix . 'staff_add'; 397 $get_staff_assign_service_data = $wpdb->prefix . self::$dp_prefix . 'staff_assign_service'; 398 $get_staff_special_day = $wpdb->prefix . self::$dp_prefix . 'staff_special_days'; 399 $get_staff_location = $wpdb->prefix . self::$dp_prefix . 'location_assign_staff'; 400 $front_staff_profile = self::$front_staff_profile; 401 if ($front_staff_profile) { 402 $staff_id = $front_staff_profile[0]->staff_id; 403 self::$staff_data = self::$bookingorDb->get_results($wpdb->prepare("SELECT staff_id, staff_first_name, staff_last_name, staff_email, staff_phone, staff_location, staff_icon, staff_sheet_weekly, staff_holiday, google_calendar_id, google_access_token, google_time_zone, status FROM {$wpdb->prefix}bookingor_staff_add WHERE staff_id = %d", $staff_id)); 404 self::$staff_data_sp_day = self::$bookingorDb->get_results($wpdb->prepare("SELECT leave_date, staff_special_day FROM {$wpdb->prefix}bookingor_staff_special_days WHERE staff_get_id = %d", $staff_id)); 405 self::$staff_data_leave = self::$bookingorDb->get_results($wpdb->prepare("SELECT holiday_date FROM {$wpdb->prefix}bookingor_holiday WHERE staff_get_id = %d", $staff_id)); 406 self::$staff_assign = self::$bookingorDb->get_results($wpdb->prepare('SELECT assign_id, staff_get_id, service_get_id, staff_price 407 FROM %1$s WHERE staff_get_id = %2$d', $get_staff_assign_service_data, $staff_id)); 408 self::$staff_location = self::$bookingorDb->get_results( 409 $wpdb->prepare( 410 'SELECT 411 location_assign_id, 412 location_get_id, 413 staff_get_id 414 FROM 415 %1$s 416 WHERE 417 staff_get_id = %2$d', 418 $get_staff_location, 419 $staff_id 420 ) 421 ); 422 $staffDetails->staffData = self::$staff_data; 423 $staffDetails->staffDataSpDay = self::$staff_data_sp_day; 424 $staffDetails->staffDataLeave = self::$staff_data_leave; 425 $staffDetails->staffAssign = self::$staff_assign; 426 $staffDetails->staffLocation = self::$staff_location; 427 428 return $staffDetails; 429 } 430 } 431 432 /** 433 * Retrieves a list of service data including service ID, service icon, service name, service cost, service duration, category ID, category name, and status. 434 * 435 * @return array An array of service data. 436 */ 437 public static function bp_front_view_service() 438 { 439 $current_user = wp_get_current_user(); 440 $user_id = $current_user->ID; 441 global $wpdb; 442 self::$bookingorDb = $wpdb; 443 $category = $wpdb->prefix . self::$dp_prefix . 'categories'; 444 $services = $wpdb->prefix . self::$dp_prefix . 'services'; 445 self::$service_view = self::$bookingorDb->get_results($wpdb->prepare( 446 'SELECT 447 s.service_id, 448 s.service_icon, 449 s.service_name, 450 s.service_cost, 451 s.service_duration, 452 s.service_duration_type, 453 s.category_get_id, 454 s.status, 455 c.category_name 456 FROM 457 %1$s s 458 INNER JOIN 459 %2$s c ON s.category_get_id = c.category_id 460 ', 461 $services, 462 $category 463 )); 464 465 return self::$service_view; 466 } 467 468 /** 469 * Logs out the user and returns a json response. 470 * 471 * This function logs out the user and returns a json response with a status 472 * of "success" and a message of "Logged out successfully". 473 * 474 * @since 1.0.0 475 */ 476 public static function bp_front_bookingor_profile_staff_logout() 477 { 478 if (is_user_logged_in()) { 479 wp_logout(); 480 481 $redirect_url = home_url(); 482 $response = [ 483 'status' => htmlspecialchars('success'), 484 'message' => htmlspecialchars('Logged out successfully'), 485 'redirect_url' => $redirect_url, 486 ]; 487 echo wp_json_encode($response); 488 exit; 489 } 490 } 491 492 public static function get_staff_data_by_id() 493 { 494 $staffDetails = new stdClass(); 495 global $wpdb; 496 self::$bookingorDb = $wpdb; 497 $get_staff_data = $wpdb->prefix . self::$dp_prefix . 'staff_add'; 498 $get_staff_assign_service_data = $wpdb->prefix . self::$dp_prefix . 'staff_assign_service'; 499 $get_staff_location = $wpdb->prefix . self::$dp_prefix . 'location_assign_staff'; 500 $get_staff_special_day = $wpdb->prefix . self::$dp_prefix . 'staff_special_days'; 501 $id = isset($_REQUEST['id']) ? intval($_REQUEST['id']) : 0; 502 if (isset($_POST['nonce'])) { 503 if (!wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'bookingor_ajax_nonce')) { 504 $response = [ 505 'status' => htmlspecialchars('error'), 506 'message' => htmlspecialchars('Nonce verification failed.') 507 ]; 508 } 509 } 510 self::$staff_data = self::$bookingorDb->get_results($wpdb->prepare(' 511 SELECT 512 staff_id, 513 staff_first_name, 514 staff_last_name, 515 staff_email, 516 staff_phone, 517 staff_location, 518 staff_icon, 519 staff_tag_line, 520 staff_about, 521 staff_sheet_weekly, 522 staff_holiday, 523 zoom_user_id, 524 google_calendar_id, 525 google_access_token, 526 google_time_zone, 527 status 528 FROM 529 %1$s 530 WHERE 531 staff_id = %2$d 532 ', $get_staff_data, $id)); 533 534 535 self::$staff_assign = self::$bookingorDb->get_results($wpdb->prepare(' 536 SELECT 537 assign_id, 538 staff_get_id, 539 service_get_id, 540 staff_price 541 FROM 542 %1$s 543 WHERE 544 staff_get_id = %2$d 545 ', $get_staff_assign_service_data, $id)); 546 self::$staff_location = self::$bookingorDb->get_results($wpdb->prepare(' 547 SELECT 548 location_assign_id, 549 location_get_id, 550 staff_get_id 551 FROM 552 %1$s 553 WHERE 554 staff_get_id = %2$d 555 ', $get_staff_location, $id)); 556 $staffDetails->staffData = self::$staff_data; 557 $staffDetails->staffDataSpDay = self::$staff_data_sp_day; 558 $staffDetails->staffDataLeave = self::$staff_data_leave; 559 $staffDetails->staffAssign = self::$staff_assign; 560 $staffDetails->staffLocation = self::$staff_location; 561 562 return $staffDetails; 563 } 234 564 235 } -
bookingor/trunk/includes/class-bookingor.php
r3445558 r3445583 96 96 $this->version = BOOKINGOR_VERSION; 97 97 } else { 98 $this->version = '2.0. 4';98 $this->version = '2.0.5'; 99 99 } 100 100 $this->plugin_name = 'bookingor'; … … 325 325 $this->loader->add_action('wp_ajax_nopriv_bp_front_get_subcategory_ajx', $plugin_public, 'bp_front_get_subcategory_ajx'); 326 326 // staff 327 328 327 329 $this->loader->add_action('init', $plugin_public_staff, 'bp_front_staff_view'); 328 330 $this->loader->add_action('wp_ajax_bp_front_staff_assigns', $plugin_public_staff, 'bp_front_staff_assigns'); 329 331 $this->loader->add_action('wp_ajax_nopriv_bp_front_staff_assigns', $plugin_public_staff, 'bp_front_staff_assigns'); 330 $this->loader->add_action('wp_ajax_bp_front_get_staff_ajx', $plugin_public_staff, 'bp_front_get_staff_ajx');331 $this->loader->add_action('wp_ajax_nopriv_bp_front_get_staff_ajx', $plugin_public_staff, 'bp_front_get_staff_ajx');332 $this->loader->add_filter('show_admin_bar', $plugin_public_staff, 'hide_toolbar_for_bookingor_staff');333 332 $this->loader->add_action('wp_ajax_bp_get_staff_email', $plugin_public_staff, 'bp_get_staff_email'); 334 333 $this->loader->add_action('wp_ajax_nopriv_bp_get_staff_email', $plugin_public_staff, 'bp_get_staff_email'); 335 $this->loader->add_action('init', $plugin_public_staff, 'get_staff_data_by_id');336 334 337 335
Note: See TracChangeset
for help on using the changeset viewer.