Paid Memberships Pro - Version 1.8.4.4

Version Description

  • BUG: Fixed issue where subscriptions cancelled at Stripe wouldn't cancel the related PMPro membership if the membership was created after updating to v1.8. (Thank, Ninjami-Juho)
  • BUG: Now tracking "views" when the wp_head hook is fired instead of the "wp" hook. Previously page redirects and AJAX calls might have been counted as "views". Using wp_head will result in more accurate numbers (compared to something like Google Analytics, e.g.). Also note that the number of views will now be much much lower than before on some sites. (Thanks, Michael Cummings)
  • BUG: Fixed loading of email templates from language folders in themes, child themes, and languages folder. (Thanks, Karel Martens)
  • ENHANCEMENT: Added the pmpro_format_phone filter to change how phone numbers are formated. Param 1 is $r, the formatted phone number. Param 2 is $phone, the original phone number.
  • ENHANCEMENT: Added doc blocks to cleanPhone and formatPhone functions and the new pmpro_format_phone filter.
Download this release

Release Info

Developer strangerstudios
Plugin Icon 128x128 Paid Memberships Pro
Version 1.8.4.4
Comparing to
See all releases

Code changes from version 1.8.4.2 to 1.8.4.4

Files changed (15) hide show
  1. adminpages/advancedsettings.php +4 -4
  2. adminpages/discountcodes.php +20 -20
  3. adminpages/membershiplevels.php +11 -11
  4. adminpages/memberslist-csv.php +2 -2
  5. adminpages/memberslist.php +6 -6
  6. adminpages/orders-csv.php +10 -10
  7. adminpages/orders.php +43 -43
  8. adminpages/reports.php +1 -1
  9. adminpages/reports/login.php +419 -419
  10. classes/class.pmproemail.php +24 -15
  11. includes/functions.php +34 -11
  12. includes/init.php +2 -0
  13. paid-memberships-pro.php +2 -2
  14. readme.txt +11 -1
  15. services/stripe-webhook.php +2 -1
adminpages/advancedsettings.php CHANGED
@@ -227,10 +227,10 @@ if(pmpro_displayAds())
227
  <th scope="row" valign="top">&nbsp;</th>
228
  <td>
229
  <label for="recaptcha_publickey"><?php _e('reCAPTCHA Public Key', 'pmpro');?>:</label>
230
- <input type="text" name="recaptcha_publickey" size="60" value="<?php echo $recaptcha_publickey?>" />
231
  <br /><br />
232
  <label for="recaptcha_privatekey"><?php _e('reCAPTCHA Private Key', 'pmpro');?>:</label>
233
- <input type="text" name="recaptcha_privatekey" size="60" value="<?php echo $recaptcha_privatekey?>" />
234
  </td>
235
  </tr>
236
  <tr>
@@ -296,14 +296,14 @@ if(pmpro_displayAds())
296
  <input id="<?php _e($field['field_name'], 'pmpro'); ?>"
297
  name="<?php _e($field['field_name'], 'pmpro'); ?>"
298
  type="<?php _e($field['field_type'], 'pmpro'); ?>"
299
- value="<?php echo pmpro_getOption($field['field_name']); ?> ">
300
  <?php
301
  break;
302
  case 'textarea':
303
  ?>
304
  <textarea id="<?php _e($field['field_name'], 'pmpro'); ?>"
305
  name="<?php _e($field['field_name'], 'pmpro'); ?>">
306
- <?php echo pmpro_getOption($field['field_name']); ?>
307
  </textarea>
308
  <?php
309
  break;
227
  <th scope="row" valign="top">&nbsp;</th>
228
  <td>
229
  <label for="recaptcha_publickey"><?php _e('reCAPTCHA Public Key', 'pmpro');?>:</label>
230
+ <input type="text" name="recaptcha_publickey" size="60" value="<?php echo esc_attr($recaptcha_publickey);?>" />
231
  <br /><br />
232
  <label for="recaptcha_privatekey"><?php _e('reCAPTCHA Private Key', 'pmpro');?>:</label>
233
+ <input type="text" name="recaptcha_privatekey" size="60" value="<?php echo esc_attr($recaptcha_privatekey);?>" />
234
  </td>
235
  </tr>
236
  <tr>
296
  <input id="<?php _e($field['field_name'], 'pmpro'); ?>"
297
  name="<?php _e($field['field_name'], 'pmpro'); ?>"
298
  type="<?php _e($field['field_type'], 'pmpro'); ?>"
299
+ value="<?php echo esc_attr(pmpro_getOption($field['field_name'])); ?> ">
300
  <?php
301
  break;
302
  case 'textarea':
303
  ?>
304
  <textarea id="<?php _e($field['field_name'], 'pmpro'); ?>"
305
  name="<?php _e($field['field_name'], 'pmpro'); ?>">
306
+ <?php echo esc_textarea(pmpro_getOption($field['field_name'])); ?>
307
  </textarea>
308
  <?php
309
  break;
adminpages/discountcodes.php CHANGED
@@ -9,31 +9,31 @@
9
  global $wpdb, $pmpro_currency_symbol;
10
 
11
  if(isset($_REQUEST['edit']))
12
- $edit = $_REQUEST['edit'];
13
  else
14
  $edit = false;
15
 
16
  if(isset($_REQUEST['delete']))
17
- $delete = $_REQUEST['delete'];
18
  else
19
  $delete = false;
20
 
21
  if(isset($_REQUEST['saveid']))
22
- $saveid = $_POST['saveid'];
23
  else
24
  $saveid = false;
25
 
26
  if($saveid)
27
  {
28
  //get vars
29
- $code = $_POST['code'];
30
- $starts_month = $_POST['starts_month'];
31
- $starts_day = $_POST['starts_day'];
32
- $starts_year = $_POST['starts_year'];
33
- $expires_month = $_POST['expires_month'];
34
- $expires_day = $_POST['expires_day'];
35
- $expires_year = $_POST['expires_year'];
36
- $uses = $_POST['uses'];
37
 
38
  //fix up dates
39
  $starts = date("Y-m-d", strtotime($starts_month . "/" . $starts_day . "/" . $starts_year, current_time("timestamp")));
@@ -110,7 +110,7 @@
110
  {
111
  //get the values ready
112
  $n = array_search($level_id, $all_levels_a); //this is the key location of this level's values
113
- $initial_payment = $initial_payment_a[$n];
114
 
115
  //is this recurring?
116
  if(!empty($recurring_a))
@@ -125,10 +125,10 @@
125
 
126
  if(!empty($recurring))
127
  {
128
- $billing_amount = $billing_amount_a[$n];
129
- $cycle_number = $cycle_number_a[$n];
130
- $cycle_period = $cycle_period_a[$n];
131
- $billing_limit = $billing_limit_a[$n];
132
 
133
  //custom trial
134
  if(!empty($custom_trial_a))
@@ -143,8 +143,8 @@
143
 
144
  if(!empty($custom_trial))
145
  {
146
- $trial_amount = $trial_amount_a[$n];
147
- $trial_limit = $trial_limit_a[$n];
148
  }
149
  else
150
  {
@@ -175,8 +175,8 @@
175
 
176
  if(!empty($expiration))
177
  {
178
- $expiration_number = $expiration_number_a[$n];
179
- $expiration_period = $expiration_period_a[$n];
180
  }
181
  else
182
  {
9
  global $wpdb, $pmpro_currency_symbol;
10
 
11
  if(isset($_REQUEST['edit']))
12
+ $edit = intval($_REQUEST['edit']);
13
  else
14
  $edit = false;
15
 
16
  if(isset($_REQUEST['delete']))
17
+ $delete = intval($_REQUEST['delete']);
18
  else
19
  $delete = false;
20
 
21
  if(isset($_REQUEST['saveid']))
22
+ $saveid = intval($_POST['saveid']);
23
  else
24
  $saveid = false;
25
 
26
  if($saveid)
27
  {
28
  //get vars
29
+ $code = sanitize_text_field($_POST['code']);
30
+ $starts_month = intval($_POST['starts_month']);
31
+ $starts_day = intval($_POST['starts_day']);
32
+ $starts_year = intval($_POST['starts_year']);
33
+ $expires_month = intval($_POST['expires_month']);
34
+ $expires_day = intval($_POST['expires_day']);
35
+ $expires_year = intval($_POST['expires_year']);
36
+ $uses = intval($_POST['uses']);
37
 
38
  //fix up dates
39
  $starts = date("Y-m-d", strtotime($starts_month . "/" . $starts_day . "/" . $starts_year, current_time("timestamp")));
110
  {
111
  //get the values ready
112
  $n = array_search($level_id, $all_levels_a); //this is the key location of this level's values
113
+ $initial_payment = sanitize_text_field($initial_payment_a[$n]);
114
 
115
  //is this recurring?
116
  if(!empty($recurring_a))
125
 
126
  if(!empty($recurring))
127
  {
128
+ $billing_amount = sanitize_text_field($billing_amount_a[$n]);
129
+ $cycle_number = intval($cycle_number_a[$n]);
130
+ $cycle_period = sanitize_text_field($cycle_period_a[$n]);
131
+ $billing_limit = intval($billing_limit_a[$n]);
132
 
133
  //custom trial
134
  if(!empty($custom_trial_a))
143
 
144
  if(!empty($custom_trial))
145
  {
146
+ $trial_amount = sanitize_text_field($trial_amount_a[$n]);
147
+ $trial_limit = intval($trial_limit_a[$n]);
148
  }
149
  else
150
  {
175
 
176
  if(!empty($expiration))
177
  {
178
+ $expiration_number = intval($expiration_number_a[$n]);
179
+ $expiration_period = sanitize_text_field($expiration_period_a[$n]);
180
  }
181
  else
182
  {
adminpages/membershiplevels.php CHANGED
@@ -14,28 +14,28 @@
14
  global $pmpro_stripe_error, $pmpro_braintree_error, $pmpro_payflow_error, $pmpro_twocheckout_error, $wp_version;
15
 
16
  if(isset($_REQUEST['edit']))
17
- $edit = $_REQUEST['edit'];
18
  else
19
  $edit = false;
20
  if(isset($_REQUEST['copy']))
21
- $copy = $_REQUEST['copy'];
22
  if(isset($_REQUEST['s']))
23
- $s = $_REQUEST['s'];
24
  else
25
  $s = "";
26
 
27
  if(isset($_REQUEST['action']))
28
- $action = $_REQUEST['action'];
29
  else
30
  $action = false;
31
 
32
  if(isset($_REQUEST['saveandnext']))
33
- $saveandnext = $_REQUEST['saveandnext'];
34
 
35
  if(isset($_REQUEST['saveid']))
36
- $saveid = $_REQUEST['saveid'];
37
  if(isset($_REQUEST['deleteid']))
38
- $deleteid = $_REQUEST['deleteid'];
39
 
40
  if($action == "save_membershiplevel")
41
  {
@@ -155,7 +155,7 @@
155
  {
156
  global $wpdb;
157
 
158
- $ml_id = $_REQUEST['deleteid'];
159
 
160
  if($ml_id > 0)
161
  {
@@ -280,7 +280,7 @@
280
 
281
  ?>
282
  <form action="" method="post" enctype="multipart/form-data">
283
- <input name="saveid" type="hidden" value="<?php echo $edit?>" />
284
  <input type="hidden" name="action" value="save_membershiplevel" />
285
  <table class="form-table">
286
  <tbody>
@@ -571,7 +571,7 @@
571
  <p class="search-box">
572
  <label class="screen-reader-text" for="post-search-input"><?php _e('Search Levels', 'pmpro');?>:</label>
573
  <input type="hidden" name="page" value="pmpro-membershiplevels" />
574
- <input id="post-search-input" type="text" value="<?php echo $s?>" name="s" size="30" />
575
  <input class="button" type="submit" value="<?php _e('Search Levels', 'pmpro');?>" id="search-submit" />
576
  </p>
577
  </form>
@@ -657,7 +657,7 @@
657
  </td>
658
  <td><?php if($level->allow_signups) { ?><a href="<?php echo pmpro_url("checkout", "?level=" . $level->id);?>"><?php _e('Yes', 'pmpro');?></a><?php } else { ?><?php _e('No', 'pmpro');?><?php } ?></td>
659
 
660
- <td><a title="<?php _e('edit','pmpro'); ?>" href="admin.php?page=pmpro-membershiplevels&edit=<?php echo $level->id?>" class="button-primary"><?php _e('edit','pmpro'); ?></a>&nbsp;<a title="<?php _e('copy','pmpro'); ?>" href="admin.php?page=pmpro-membershiplevels&copy=<?php echo $level->id?>&edit=-1" class="button-secondary"><?php _e('copy','pmpro'); ?></a>&nbsp;<a title="<?php _e('delete','pmpro'); ?>" href="javascript: askfirst('<?php printf(__("Are you sure you want to delete membership level %s? All subscriptions will be cancelled.", "pmpro"), $level->name);?>','admin.php?page=pmpro-membershiplevels&action=delete_membership_level&deleteid=<?php echo $level->id?>'); void(0);" class="button-secondary"><?php _e('delete','pmpro'); ?></a></td>
661
  </tr>
662
  <?php
663
  }
14
  global $pmpro_stripe_error, $pmpro_braintree_error, $pmpro_payflow_error, $pmpro_twocheckout_error, $wp_version;
15
 
16
  if(isset($_REQUEST['edit']))
17
+ $edit = intval($_REQUEST['edit']);
18
  else
19
  $edit = false;
20
  if(isset($_REQUEST['copy']))
21
+ $copy = intval($_REQUEST['copy']);
22
  if(isset($_REQUEST['s']))
23
+ $s = sanitize_text_field($_REQUEST['s']);
24
  else
25
  $s = "";
26
 
27
  if(isset($_REQUEST['action']))
28
+ $action = sanitize_text_field($_REQUEST['action']);
29
  else
30
  $action = false;
31
 
32
  if(isset($_REQUEST['saveandnext']))
33
+ $saveandnext = intval($_REQUEST['saveandnext']);
34
 
35
  if(isset($_REQUEST['saveid']))
36
+ $saveid = intval($_REQUEST['saveid']);
37
  if(isset($_REQUEST['deleteid']))
38
+ $deleteid = intval($_REQUEST['deleteid']);
39
 
40
  if($action == "save_membershiplevel")
41
  {
155
  {
156
  global $wpdb;
157
 
158
+ $ml_id = intval($_REQUEST['deleteid']);
159
 
160
  if($ml_id > 0)
161
  {
280
 
281
  ?>
282
  <form action="" method="post" enctype="multipart/form-data">
283
+ <input name="saveid" type="hidden" value="<?php echo esc_attr($edit); ?>" />
284
  <input type="hidden" name="action" value="save_membershiplevel" />
285
  <table class="form-table">
286
  <tbody>
571
  <p class="search-box">
572
  <label class="screen-reader-text" for="post-search-input"><?php _e('Search Levels', 'pmpro');?>:</label>
573
  <input type="hidden" name="page" value="pmpro-membershiplevels" />
574
+ <input id="post-search-input" type="text" value="<?php echo esc_attr($s); ?>" name="s" size="30" />
575
  <input class="button" type="submit" value="<?php _e('Search Levels', 'pmpro');?>" id="search-submit" />
576
  </p>
577
  </form>
657
  </td>
658
  <td><?php if($level->allow_signups) { ?><a href="<?php echo pmpro_url("checkout", "?level=" . $level->id);?>"><?php _e('Yes', 'pmpro');?></a><?php } else { ?><?php _e('No', 'pmpro');?><?php } ?></td>
659
 
660
+ <td><a title="<?php _e('edit','pmpro'); ?>" href="admin.php?page=pmpro-membershiplevels&edit=<?php echo $level->id?>" class="button-primary"><?php _e('edit','pmpro'); ?></a>&nbsp;<a title="<?php _e('copy','pmpro'); ?>" href="admin.php?page=pmpro-membershiplevels&copy=<?php echo $level->id?>&edit=-1" class="button-secondary"><?php _e('copy','pmpro'); ?></a>&nbsp;<a title="<?php _e('delete','pmpro'); ?>" href="javascript: askfirst('<?php echo str_replace("'", "\'", sprintf("Are you sure you want to delete membership level %s? All subscriptions will be cancelled.", "pmpro"), $level->name);?>','admin.php?page=pmpro-membershiplevels&action=delete_membership_level&deleteid=<?php echo $level->id?>'); void(0);" class="button-secondary"><?php _e('delete','pmpro'); ?></a></td>
661
  </tr>
662
  <?php
663
  }
adminpages/memberslist-csv.php CHANGED
@@ -9,12 +9,12 @@
9
 
10
  //get users
11
  if(isset($_REQUEST['s']))
12
- $s = $_REQUEST['s'];
13
  else
14
  $s = "";
15
 
16
  if(isset($_REQUEST['l']))
17
- $l = $_REQUEST['l'];
18
  else
19
  $l = false;
20
 
9
 
10
  //get users
11
  if(isset($_REQUEST['s']))
12
+ $s = sanitize_text_field($_REQUEST['s']);
13
  else
14
  $s = "";
15
 
16
  if(isset($_REQUEST['l']))
17
+ $l = sanitize_text_field($_REQUEST['l']);
18
  else
19
  $l = false;
20
 
adminpages/memberslist.php CHANGED
@@ -8,12 +8,12 @@
8
  //vars
9
  global $wpdb;
10
  if(isset($_REQUEST['s']))
11
- $s = trim($_REQUEST['s']);
12
  else
13
  $s = "";
14
 
15
  if(isset($_REQUEST['l']))
16
- $l = $_REQUEST['l'];
17
  else
18
  $l = false;
19
 
@@ -23,7 +23,7 @@
23
  <form id="posts-filter" method="get" action="">
24
  <h2>
25
  <?php _e('Members List', 'pmpro');?>
26
- <a target="_blank" href="<?php echo admin_url('admin-ajax.php');?>?action=memberslist_csv&s=<?php echo $s?>&l=<?php echo $l?>" class="add-new-h2"><?php _e('Export to CSV', 'pmpro');?></a>
27
  </h2>
28
  <ul class="subsubsub">
29
  <li>
@@ -48,7 +48,7 @@
48
  <p class="search-box">
49
  <label class="hidden" for="post-search-input"><?php _e('Search Members', 'pmpro');?>:</label>
50
  <input type="hidden" name="page" value="pmpro-memberslist" />
51
- <input id="post-search-input" type="text" value="<?php echo $s?>" name="s"/>
52
  <input class="button" type="submit" value="<?php _e('Search Members', 'pmpro');?>"/>
53
  </p>
54
  <?php
@@ -211,7 +211,7 @@
211
  </td>
212
  <td><?php echo $theuser->first_name?></td>
213
  <td><?php echo $theuser->last_name?></td>
214
- <td><a href="mailto:<?php echo $theuser->user_email?>"><?php echo $theuser->user_email?></a></td>
215
  <?php do_action("pmpro_memberslist_extra_cols_body", $theuser);?>
216
  <td>
217
  <?php
@@ -248,7 +248,7 @@
248
  {
249
  ?>
250
  <tr>
251
- <td colspan="9"><p><?php _e("No members found.", "pmpro");?> <?php if($l) { ?><a href="?page=pmpro-memberslist&s=<?php echo $s?>"><?php _e("Search all levels", "pmpro");?></a>.<?php } ?></p></td>
252
  </tr>
253
  <?php
254
  }
8
  //vars
9
  global $wpdb;
10
  if(isset($_REQUEST['s']))
11
+ $s = sanitize_text_field(trim($_REQUEST['s']));
12
  else
13
  $s = "";
14
 
15
  if(isset($_REQUEST['l']))
16
+ $l = sanitize_text_field($_REQUEST['l']);
17
  else
18
  $l = false;
19
 
23
  <form id="posts-filter" method="get" action="">
24
  <h2>
25
  <?php _e('Members List', 'pmpro');?>
26
+ <a target="_blank" href="<?php echo admin_url('admin-ajax.php');?>?action=memberslist_csv&s=<?php echo esc_attr($s);?>&l=<?php echo $l?>" class="add-new-h2"><?php _e('Export to CSV', 'pmpro');?></a>
27
  </h2>
28
  <ul class="subsubsub">
29
  <li>
48
  <p class="search-box">
49
  <label class="hidden" for="post-search-input"><?php _e('Search Members', 'pmpro');?>:</label>
50
  <input type="hidden" name="page" value="pmpro-memberslist" />
51
+ <input id="post-search-input" type="text" value="<?php echo esc_attr($s);?>" name="s"/>
52
  <input class="button" type="submit" value="<?php _e('Search Members', 'pmpro');?>"/>
53
  </p>
54
  <?php
211
  </td>
212
  <td><?php echo $theuser->first_name?></td>
213
  <td><?php echo $theuser->last_name?></td>
214
+ <td><a href="mailto:<?php echo esc_attr($theuser->user_email)?>"><?php echo $theuser->user_email?></a></td>
215
  <?php do_action("pmpro_memberslist_extra_cols_body", $theuser);?>
216
  <td>
217
  <?php
248
  {
249
  ?>
250
  <tr>
251
+ <td colspan="9"><p><?php _e("No members found.", "pmpro");?> <?php if($l) { ?><a href="?page=pmpro-memberslist&s=<?php echo esc_attr($s);?>"><?php _e("Search all levels", "pmpro");?></a>.<?php } ?></p></td>
252
  </tr>
253
  <?php
254
  }
adminpages/orders-csv.php CHANGED
@@ -9,52 +9,52 @@
9
 
10
  //get users
11
  if(isset($_REQUEST['s']))
12
- $s = $_REQUEST['s'];
13
  else
14
  $s = "";
15
 
16
  if(isset($_REQUEST['l']))
17
- $l = $_REQUEST['l'];
18
  else
19
  $l = false;
20
 
21
  if(isset($_REQUEST['start-month']))
22
- $start_month = $_REQUEST['start-month'];
23
  else
24
  $start_month = "1";
25
 
26
  if(isset($_REQUEST['start-day']))
27
- $start_day = $_REQUEST['start-day'];
28
  else
29
  $start_day = "1";
30
 
31
  if(isset($_REQUEST['start-year']))
32
- $start_year = $_REQUEST['start-year'];
33
  else
34
  $start_year = date("Y");
35
 
36
  if(isset($_REQUEST['end-month']))
37
- $end_month = $_REQUEST['end-month'];
38
  else
39
  $end_month = date("n");
40
 
41
  if(isset($_REQUEST['end-day']))
42
- $end_day = $_REQUEST['end-day'];
43
  else
44
  $end_day = date("j");
45
 
46
  if(isset($_REQUEST['end-year']))
47
- $end_year = $_REQUEST['end-year'];
48
  else
49
  $end_year = date("Y");
50
 
51
  if(isset($_REQUEST['predefined-date']))
52
- $predefined_date = $_REQUEST['predefined-date'];
53
  else
54
  $predefined_date = "This Month";
55
 
56
  if(isset($_REQUEST['status']))
57
- $status = $_REQUEST['status'];
58
  else
59
  $status = "";
60
 
9
 
10
  //get users
11
  if(isset($_REQUEST['s']))
12
+ $s = sanitize_text_field($_REQUEST['s']);
13
  else
14
  $s = "";
15
 
16
  if(isset($_REQUEST['l']))
17
+ $l = intval($_REQUEST['l']);
18
  else
19
  $l = false;
20
 
21
  if(isset($_REQUEST['start-month']))
22
+ $start_month = intval($_REQUEST['start-month']);
23
  else
24
  $start_month = "1";
25
 
26
  if(isset($_REQUEST['start-day']))
27
+ $start_day = intval($_REQUEST['start-day']);
28
  else
29
  $start_day = "1";
30
 
31
  if(isset($_REQUEST['start-year']))
32
+ $start_year = intval($_REQUEST['start-year']);
33
  else
34
  $start_year = date("Y");
35
 
36
  if(isset($_REQUEST['end-month']))
37
+ $end_month = intval($_REQUEST['end-month']);
38
  else
39
  $end_month = date("n");
40
 
41
  if(isset($_REQUEST['end-day']))
42
+ $end_day = intval($_REQUEST['end-day']);
43
  else
44
  $end_day = date("j");
45
 
46
  if(isset($_REQUEST['end-year']))
47
+ $end_year = intval($_REQUEST['end-year']);
48
  else
49
  $end_year = date("Y");
50
 
51
  if(isset($_REQUEST['predefined-date']))
52
+ $predefined_date = sanitize_text_field($_REQUEST['predefined-date']);
53
  else
54
  $predefined_date = "This Month";
55
 
56
  if(isset($_REQUEST['status']))
57
+ $status = sanitize_text_field($_REQUEST['status']);
58
  else
59
  $status = "";
60
 
adminpages/orders.php CHANGED
@@ -8,52 +8,52 @@
8
  //vars
9
  global $wpdb;
10
  if(isset($_REQUEST['s']))
11
- $s = trim($_REQUEST['s']);
12
  else
13
  $s = "";
14
 
15
  if(isset($_REQUEST['l']))
16
- $l = $_REQUEST['l'];
17
  else
18
  $l = false;
19
 
20
  if(isset($_REQUEST['start-month']))
21
- $start_month = $_REQUEST['start-month'];
22
  else
23
  $start_month = "1";
24
 
25
  if(isset($_REQUEST['start-day']))
26
- $start_day = $_REQUEST['start-day'];
27
  else
28
  $start_day = "1";
29
 
30
  if(isset($_REQUEST['start-year']))
31
- $start_year = $_REQUEST['start-year'];
32
  else
33
  $start_year = date("Y");
34
 
35
  if(isset($_REQUEST['end-month']))
36
- $end_month = $_REQUEST['end-month'];
37
  else
38
  $end_month = date("n");
39
 
40
  if(isset($_REQUEST['end-day']))
41
- $end_day = $_REQUEST['end-day'];
42
  else
43
  $end_day = date("j");
44
 
45
  if(isset($_REQUEST['end-year']))
46
- $end_year = $_REQUEST['end-year'];
47
  else
48
  $end_year = date("Y");
49
 
50
  if(isset($_REQUEST['predefined-date']))
51
- $predefined_date = $_REQUEST['predefined-date'];
52
  else
53
  $predefined_date = "This Month";
54
 
55
  if(isset($_REQUEST['status']))
56
- $status = $_REQUEST['status'];
57
  else
58
  $status = "";
59
 
@@ -97,57 +97,57 @@
97
  $order = new MemberOrder();
98
 
99
  //update values
100
- if(!in_array("code", $read_only_fields))
101
  $order->code = $_POST['code'];
102
- if(!in_array("user_id", $read_only_fields))
103
  $order->user_id = intval($_POST['user_id']);
104
- if(!in_array("membership_id", $read_only_fields))
105
  $order->membership_id = intval($_POST['membership_id']);
106
- if(!in_array("billing_name", $read_only_fields))
107
  $order->billing->name = stripslashes($_POST['billing_name']);
108
- if(!in_array("billing_street", $read_only_fields))
109
  $order->billing->street = stripslashes($_POST['billing_street']);
110
- if(!in_array("billing_city", $read_only_fields))
111
  $order->billing->city = stripslashes($_POST['billing_city']);
112
- if(!in_array("billing_state", $read_only_fields))
113
  $order->billing->state = stripslashes($_POST['billing_state']);
114
- if(!in_array("billing_zip", $read_only_fields))
115
  $order->billing->zip = $_POST['billing_zip'];
116
- if(!in_array("billing_country", $read_only_fields))
117
  $order->billing->country = stripslashes($_POST['billing_country']);
118
- if(!in_array("billing_phone", $read_only_fields))
119
  $order->billing->phone = $_POST['billing_phone'];
120
- if(!in_array("subtotal", $read_only_fields))
121
  $order->subtotal = $_POST['subtotal'];
122
- if(!in_array("tax", $read_only_fields))
123
  $order->tax = $_POST['tax'];
124
- if(!in_array("couponamount", $read_only_fields))
125
  $order->couponamount = $_POST['couponamount'];
126
- if(!in_array("total", $read_only_fields))
127
  $order->total = $_POST['total'];
128
- if(!in_array("payment_type", $read_only_fields))
129
  $order->payment_type = $_POST['payment_type'];
130
- if(!in_array("cardtype", $read_only_fields))
131
  $order->cardtype = $_POST['cardtype'];
132
- if(!in_array("accountnumber", $read_only_fields))
133
  $order->accountnumber = $_POST['accountnumber'];
134
- if(!in_array("expirationmonth", $read_only_fields))
135
  $order->expirationmonth = $_POST['expirationmonth'];
136
- if(!in_array("expirationyear", $read_only_fields))
137
  $order->expirationyear = $_POST['expirationyear'];
138
- if(!in_array("ExpirationDate", $read_only_fields))
139
  $order->ExpirationDate = $order->expirationmonth . $order->expirationyear;
140
- if(!in_array("status", $read_only_fields))
141
  $order->status = stripslashes($_POST['status']);
142
- if(!in_array("gateway", $read_only_fields))
143
  $order->gateway = $_POST['gateway'];
144
- if(!in_array("gateway_environment", $read_only_fields))
145
  $order->gateway_environment = $_POST['gateway_environment'];
146
- if(!in_array("payment_transaction_id", $read_only_fields))
147
  $order->payment_transaction_id = $_POST['payment_transaction_id'];
148
- if(!in_array("subscription_transaction_id", $read_only_fields))
149
  $order->subscription_transaction_id = $_POST['subscription_transaction_id'];
150
- if(!in_array("notes", $read_only_fields))
151
  $order->notes = stripslashes($_POST['notes']);
152
 
153
  //affiliate stuff
@@ -513,8 +513,8 @@
513
  }
514
  ?>
515
  </select>
516
- <input name="ts_day" type="text" size="2" value="<?php echo $day?>" />
517
- <input name="ts_year" type="text" size="4" value="<?php echo $year?>" />
518
  <?php } ?>
519
  </td>
520
  </tr>
@@ -617,8 +617,8 @@
617
  <?php } ?>
618
  </select>
619
 
620
- <input id='start-day' name="start-day" type="text" size="2" value="<?php echo $start_day?>" />
621
- <input id='start-year' name="start-year" type="text" size="4" value="<?php echo $start_year?>" />
622
 
623
 
624
  <span id="to"><?php _ex('To', 'Dropdown label', 'pmpro')?></span>
@@ -630,8 +630,8 @@
630
  </select>
631
 
632
 
633
- <input id='end-day' name="end-day" type="text" size="2" value="<?php echo $end_day?>" />
634
- <input id='end-year' name="end-year" type="text" size="4" value="<?php echo $end_year?>" />
635
 
636
  <span id="filterby"><?php _ex('filter by ', 'Dropdown label', 'pmpro')?></span>
637
 
@@ -776,7 +776,7 @@
776
  <p class="search-box">
777
  <label class="hidden" for="post-search-input"><?php _e('Search Orders', 'pmpro');?>:</label>
778
  <input type="hidden" name="page" value="pmpro-orders" />
779
- <input id="post-search-input" type="text" value="<?php echo $s?>" name="s"/>
780
  <input class="button" type="submit" value="<?php _e('Search Orders', 'pmpro');?>"/>
781
  </p>
782
 
8
  //vars
9
  global $wpdb;
10
  if(isset($_REQUEST['s']))
11
+ $s = sanitize_text_field(trim($_REQUEST['s']));
12
  else
13
  $s = "";
14
 
15
  if(isset($_REQUEST['l']))
16
+ $l = intval($_REQUEST['l']);
17
  else
18
  $l = false;
19
 
20
  if(isset($_REQUEST['start-month']))
21
+ $start_month = intval($_REQUEST['start-month']);
22
  else
23
  $start_month = "1";
24
 
25
  if(isset($_REQUEST['start-day']))
26
+ $start_day = intval($_REQUEST['start-day']);
27
  else
28
  $start_day = "1";
29
 
30
  if(isset($_REQUEST['start-year']))
31
+ $start_year = intval($_REQUEST['start-year']);
32
  else
33
  $start_year = date("Y");
34
 
35
  if(isset($_REQUEST['end-month']))
36
+ $end_month = intval($_REQUEST['end-month']);
37
  else
38
  $end_month = date("n");
39
 
40
  if(isset($_REQUEST['end-day']))
41
+ $end_day = intval($_REQUEST['end-day']);
42
  else
43
  $end_day = date("j");
44
 
45
  if(isset($_REQUEST['end-year']))
46
+ $end_year = intval($_REQUEST['end-year']);
47
  else
48
  $end_year = date("Y");
49
 
50
  if(isset($_REQUEST['predefined-date']))
51
+ $predefined_date = sanitize_text_field($_REQUEST['predefined-date']);
52
  else
53
  $predefined_date = "This Month";
54
 
55
  if(isset($_REQUEST['status']))
56
+ $status = sanitize_text_field($_REQUEST['status']);
57
  else
58
  $status = "";
59
 
97
  $order = new MemberOrder();
98
 
99
  //update values
100
+ if(!in_array("code", $read_only_fields) && isset($_POST['code']))
101
  $order->code = $_POST['code'];
102
+ if(!in_array("user_id", $read_only_fields) && isset($_POST['user_id']))
103
  $order->user_id = intval($_POST['user_id']);
104
+ if(!in_array("membership_id", $read_only_fields) && isset($_POST['membership_id']))
105
  $order->membership_id = intval($_POST['membership_id']);
106
+ if(!in_array("billing_name", $read_only_fields) && isset($_POST['billing_name']))
107
  $order->billing->name = stripslashes($_POST['billing_name']);
108
+ if(!in_array("billing_street", $read_only_fields) && isset($_POST['billing_street']))
109
  $order->billing->street = stripslashes($_POST['billing_street']);
110
+ if(!in_array("billing_city", $read_only_fields) && isset($_POST['billing_city']))
111
  $order->billing->city = stripslashes($_POST['billing_city']);
112
+ if(!in_array("billing_state", $read_only_fields) && isset($_POST['billing_state']))
113
  $order->billing->state = stripslashes($_POST['billing_state']);
114
+ if(!in_array("billing_zip", $read_only_fields) && isset($_POST['billing_zip']))
115
  $order->billing->zip = $_POST['billing_zip'];
116
+ if(!in_array("billing_country", $read_only_fields) && isset($_POST['billing_country']))
117
  $order->billing->country = stripslashes($_POST['billing_country']);
118
+ if(!in_array("billing_phone", $read_only_fields) && isset($_POST['billing_phone']))
119
  $order->billing->phone = $_POST['billing_phone'];
120
+ if(!in_array("subtotal", $read_only_fields) && isset($_POST['subtotal']))
121
  $order->subtotal = $_POST['subtotal'];
122
+ if(!in_array("tax", $read_only_fields) && isset($_POST['tax']))
123
  $order->tax = $_POST['tax'];
124
+ if(!in_array("couponamount", $read_only_fields) && isset($_POST['couponamount']))
125
  $order->couponamount = $_POST['couponamount'];
126
+ if(!in_array("total", $read_only_fields) && isset($_POST['total']))
127
  $order->total = $_POST['total'];
128
+ if(!in_array("payment_type", $read_only_fields) && isset($_POST['payment_type']))
129
  $order->payment_type = $_POST['payment_type'];
130
+ if(!in_array("cardtype", $read_only_fields) && isset($_POST['cardtype']))
131
  $order->cardtype = $_POST['cardtype'];
132
+ if(!in_array("accountnumber", $read_only_fields) && isset($_POST['accountnumber']))
133
  $order->accountnumber = $_POST['accountnumber'];
134
+ if(!in_array("expirationmonth", $read_only_fields) && isset($_POST['expirationmonth']))
135
  $order->expirationmonth = $_POST['expirationmonth'];
136
+ if(!in_array("expirationyear", $read_only_fields) && isset($_POST['expirationyear']))
137
  $order->expirationyear = $_POST['expirationyear'];
138
+ if(!in_array("ExpirationDate", $read_only_fields) && isset($_POST['ExpirationDate']))
139
  $order->ExpirationDate = $order->expirationmonth . $order->expirationyear;
140
+ if(!in_array("status", $read_only_fields) && isset($_POST['status']))
141
  $order->status = stripslashes($_POST['status']);
142
+ if(!in_array("gateway", $read_only_fields) && isset($_POST['gateway']))
143
  $order->gateway = $_POST['gateway'];
144
+ if(!in_array("gateway_environment", $read_only_fields) && isset($_POST['gateway_environment']))
145
  $order->gateway_environment = $_POST['gateway_environment'];
146
+ if(!in_array("payment_transaction_id", $read_only_fields) && isset($_POST['payment_transaction_id']))
147
  $order->payment_transaction_id = $_POST['payment_transaction_id'];
148
+ if(!in_array("subscription_transaction_id", $read_only_fields) && isset($_POST['subscription_transaction_id']))
149
  $order->subscription_transaction_id = $_POST['subscription_transaction_id'];
150
+ if(!in_array("notes", $read_only_fields) && isset($_POST['notes']))
151
  $order->notes = stripslashes($_POST['notes']);
152
 
153
  //affiliate stuff
513
  }
514
  ?>
515
  </select>
516
+ <input name="ts_day" type="text" size="2" value="<?php echo esc_attr($day);?>" />
517
+ <input name="ts_year" type="text" size="4" value="<?php echo esc_attr($year);?>" />
518
  <?php } ?>
519
  </td>
520
  </tr>
617
  <?php } ?>
618
  </select>
619
 
620
+ <input id='start-day' name="start-day" type="text" size="2" value="<?php echo esc_attr($start_day);?>" />
621
+ <input id='start-year' name="start-year" type="text" size="4" value="<?php echo esc_attr($start_year);?>" />
622
 
623
 
624
  <span id="to"><?php _ex('To', 'Dropdown label', 'pmpro')?></span>
630
  </select>
631
 
632
 
633
+ <input id='end-day' name="end-day" type="text" size="2" value="<?php echo esc_attr($end_day);?>" />
634
+ <input id='end-year' name="end-year" type="text" size="4" value="<?php echo esc_attr($end_year);?>" />
635
 
636
  <span id="filterby"><?php _ex('filter by ', 'Dropdown label', 'pmpro')?></span>
637
 
776
  <p class="search-box">
777
  <label class="hidden" for="post-search-input"><?php _e('Search Orders', 'pmpro');?>:</label>
778
  <input type="hidden" name="page" value="pmpro-orders" />
779
+ <input id="post-search-input" type="text" value="<?php echo esc_attr($s);?>" name="s"/>
780
  <input class="button" type="submit" value="<?php _e('Search Orders', 'pmpro');?>"/>
781
  </p>
782
 
adminpages/reports.php CHANGED
@@ -54,7 +54,7 @@
54
  else
55
  {
56
  //view a single report
57
- $report = $_REQUEST['report'];
58
  call_user_func("pmpro_report_" . $report . "_page");
59
  }
60
 
54
  else
55
  {
56
  //view a single report
57
+ $report = sanitize_text_field($_REQUEST['report']);
58
  call_user_func("pmpro_report_" . $report . "_page");
59
  }
60
 
adminpages/reports/login.php CHANGED
@@ -1,420 +1,420 @@
1
- <?php
2
- /*
3
- PMPro Report
4
- Title: Logins
5
- Slug: login
6
-
7
- For each report, add a line like:
8
- global $pmpro_reports;
9
- $pmpro_reports['slug'] = 'Title';
10
-
11
- For each report, also write two functions:
12
- * pmpro_report_{slug}_widget() to show up on the report homepage.
13
- * pmpro_report_{slug}_page() to show up when users click on the report page widget.
14
- */
15
- global $pmpro_reports;
16
- $pmpro_reports['login'] = __('Visits, Views, and Logins', 'pmpro');
17
-
18
- function pmpro_report_login_widget()
19
- {
20
- global $wpdb;
21
- $now = current_time('timestamp');
22
- $visits = get_option("pmpro_visits", array("today"=>0, "thisday"=>date("Y-m-d", $now), "alltime"=>0, "month"=>0, "thismonth"=>date("n", $now)));
23
- $views = get_option("pmpro_views", array("today"=>0, "thisday"=>date("Y-m-d", $now), "alltime"=>0, "month"=>0, "thismonth"=>date("n", $now)));
24
- $logins = get_option("pmpro_logins", array("today"=>0, "thisday"=>date("Y-m-d", $now), "alltime"=>0, "month"=>0, "thismonth"=>date("n", $now)));
25
- ?>
26
- <div style="width: 33%; float: left;">
27
- <p><?php _e('Visits Today', 'pmpro')?>: <?php echo $visits['today'];?></p>
28
- <p><?php _e('Visits This Month', 'pmpro')?>: <?php echo $visits['month'];?></p>
29
- <p><?php _e('Visits All Time', 'pmpro')?>: <?php echo $visits['alltime'];?></p>
30
- </div>
31
- <div style="width: 33%; float: left;">
32
- <p><?php _e('Views Today', 'pmpro')?>: <?php echo $views['today'];?></p>
33
- <p><?php _e('Views This Month', 'pmpro')?>: <?php echo $views['month'];?></p>
34
- <p><?php _e('Views All Time', 'pmpro')?>: <?php echo $views['alltime'];?></p>
35
- </div>
36
- <div style="width: 33%; float: left;">
37
- <p><?php _e('Logins Today', 'pmpro')?>: <?php echo $logins['today'];?></p>
38
- <p><?php _e('Logins This Month', 'pmpro')?>: <?php echo $logins['month'];?></p>
39
- <p><?php _e('Logins All Time', 'pmpro')?>: <?php echo $logins['alltime'];?></p>
40
- </div>
41
- <div class="clear"></div>
42
- <?php
43
- }
44
-
45
- function pmpro_report_login_page()
46
- {
47
- global $wpdb;
48
- $now = current_time('timestamp');
49
-
50
- //vars
51
- if(!empty($_REQUEST['s']))
52
- $s = $_REQUEST['s'];
53
- else
54
- $s = "";
55
-
56
- if(!empty($_REQUEST['l']))
57
- $l = intval($_REQUEST['l']);
58
- else
59
- $l = "";
60
- ?>
61
- <form id="posts-filter" method="get" action="">
62
- <h2>
63
- <?php _e('Visits, Views, and Logins Report', 'pmpro');?>
64
- </h2>
65
- <ul class="subsubsub">
66
- <li>
67
- <?php _ex('Show', 'Dropdown label, e.g. Show All Users', 'pmpro')?> <select name="l" onchange="jQuery('#posts-filter').submit();">
68
- <option value="" <?php if(!$l) { ?>selected="selected"<?php } ?>><?php _e('All Users', 'pmpro')?></option>
69
- <option value="all" <?php if($l == "all") { ?>selected="selected"<?php } ?>><?php _e('All Levels', 'pmpro')?></option>
70
- <?php
71
- $levels = $wpdb->get_results("SELECT id, name FROM $wpdb->pmpro_membership_levels ORDER BY name");
72
- foreach($levels as $level)
73
- {
74
- ?>
75
- <option value="<?php echo $level->id?>" <?php if($l == $level->id) { ?>selected="selected"<?php } ?>><?php echo $level->name?></option>
76
- <?php
77
- }
78
- ?>
79
- </select>
80
- </li>
81
- </ul>
82
- <p class="search-box">
83
- <label class="hidden" for="post-search-input"><?php _ex('Search', 'Search form label', 'pmpro')?> <?php if(empty($l)) echo "Users"; else echo "Members";?>:</label>
84
- <input type="hidden" name="page" value="pmpro-reports" />
85
- <input type="hidden" name="report" value="login" />
86
- <input id="post-search-input" type="text" value="<?php echo esc_attr($s)?>" name="s"/>
87
- <input class="button" type="submit" value="Search Members"/>
88
- </p>
89
- <?php
90
- //some vars for the search
91
- if(isset($_REQUEST['pn']))
92
- $pn = intval($_REQUEST['pn']);
93
- else
94
- $pn = 1;
95
-
96
- if(isset($_REQUEST['limit']))
97
- $limit = intval($_REQUEST['limit']);
98
- else
99
- $limit = 15;
100
-
101
- $end = $pn * $limit;
102
- $start = $end - $limit;
103
-
104
- if($s)
105
- {
106
- $sqlQuery = "SELECT SQL_CALC_FOUND_ROWS u.ID, u.user_login, u.user_email, UNIX_TIMESTAMP(u.user_registered) as joindate, mu.membership_id, mu.initial_payment, mu.billing_amount, mu.cycle_period, mu.cycle_number, mu.billing_limit, mu.trial_amount, mu.trial_limit, UNIX_TIMESTAMP(mu.startdate) as startdate, UNIX_TIMESTAMP(mu.enddate) as enddate, m.name as membership FROM $wpdb->users u LEFT JOIN $wpdb->usermeta um ON u.ID = um.user_id LEFT JOIN $wpdb->pmpro_memberships_users mu ON u.ID = mu.user_id AND mu.status = 'active' LEFT JOIN $wpdb->pmpro_membership_levels m ON mu.membership_id = m.id WHERE (u.user_login LIKE '%" . esc_sql($s) . "%' OR u.user_email LIKE '%" . esc_sql($s) . "%' OR um.meta_value LIKE '%" . esc_sql($s) . "%') ";
107
-
108
- if($l == "all")
109
- $sqlQuery .= " AND mu.status = 'active' AND mu.membership_id > 0 ";
110
- elseif($l)
111
- $sqlQuery .= " AND mu.membership_id = '" . $l . "' ";
112
-
113
- $sqlQuery .= "GROUP BY u.ID ORDER BY user_registered DESC LIMIT $start, $limit";
114
- }
115
- else
116
- {
117
- $sqlQuery = "SELECT SQL_CALC_FOUND_ROWS u.ID, u.user_login, u.user_email, UNIX_TIMESTAMP(u.user_registered) as joindate, mu.membership_id, mu.initial_payment, mu.billing_amount, mu.cycle_period, mu.cycle_number, mu.billing_limit, mu.trial_amount, mu.trial_limit, UNIX_TIMESTAMP(mu.startdate) as startdate, UNIX_TIMESTAMP(mu.enddate) as enddate, m.name as membership FROM $wpdb->users u LEFT JOIN $wpdb->pmpro_memberships_users mu ON u.ID = mu.user_id AND mu.status = 'active' LEFT JOIN $wpdb->pmpro_membership_levels m ON mu.membership_id = m.id";
118
- $sqlQuery .= " WHERE 1=1 ";
119
-
120
- if($l == "all")
121
- $sqlQuery .= " AND mu.membership_id > 0 AND mu.status = 'active' ";
122
- elseif($l)
123
- $sqlQuery .= " AND mu.membership_id = '" . $l . "' ";
124
- $sqlQuery .= "GROUP BY u.ID ORDER BY user_registered DESC LIMIT $start, $limit";
125
- }
126
-
127
- $sqlQuery = apply_filters("pmpro_members_list_sql", $sqlQuery);
128
-
129
- $theusers = $wpdb->get_results($sqlQuery);
130
- $totalrows = $wpdb->get_var("SELECT FOUND_ROWS() as found_rows");
131
-
132
- if($theusers)
133
- {
134
- ?>
135
- <p class="clear"><?php echo strval($totalrows)?> <?php if(empty($l)) echo "users"; else echo "members";?> found.
136
- <?php
137
- }
138
- ?>
139
- <table class="widefat">
140
- <thead>
141
- <tr class="thead">
142
- <th><?php _e('ID', 'pmpro')?></th>
143
- <th><?php _e('User', 'pmpro')?></th>
144
- <th><?php _e('Name', 'pmpro')?></th>
145
- <th><?php _e('Membership', 'pmpro')?></th>
146
- <th><?php _e('Joined', 'pmpro')?></th>
147
- <th><?php _e('Expires', 'pmpro')?></th>
148
- <th><?php _e('Last Visit', 'pmpro')?></th>
149
- <th><?php _e('Visits This Month', 'pmpro')?></th>
150
- <th><?php _e('Total Visits', 'pmpro')?></th>
151
- <th><?php _e('Views This Month', 'pmpro')?></th>
152
- <th><?php _e('Total Views', 'pmpro')?></th>
153
- <th><?php _e('Last Login', 'pmpro')?></th>
154
- <th><?php _e('Logins This Month', 'pmpro')?></th>
155
- <th><?php _e('Total Logins', 'pmpro')?></th>
156
- </tr>
157
- </thead>
158
- <tbody id="users" class="list:user user-list">
159
- <?php
160
- $count = 0;
161
- foreach($theusers as $auser)
162
- {
163
- //get meta
164
- $theuser = get_userdata($auser->ID);
165
- $visits = get_user_meta($auser->ID, "pmpro_visits", true);
166
- $views = get_user_meta($auser->ID, "pmpro_views", true);
167
- $logins = get_user_meta($auser->ID, "pmpro_logins", true);
168
- if(empty($logins))
169
- $logins = array("last"=>"N/A", "month"=>"N/A", "alltime"=>"N/A");
170
- ?>
171
- <tr <?php if($count++ % 2 == 0) { ?>class="alternate"<?php } ?>>
172
- <td><?php echo $theuser->ID?></td>
173
- <td>
174
- <?php echo get_avatar($theuser->ID, 32)?>
175
- <strong>
176
- <?php
177
- $userlink = '<a href="user-edit.php?user_id=' . $theuser->ID . '">' . $theuser->user_login . '</a>';
178
- $userlink = apply_filters("pmpro_members_list_user_link", $userlink, $theuser);
179
- echo $userlink;
180
- ?>
181
- </strong>
182
- </td>
183
- <td>
184
- <?php echo $theuser->display_name;?>
185
- </td>
186
- <td><?php echo $auser->membership?></td>
187
- <td><?php echo date("m/d/Y", strtotime($theuser->user_registered, current_time("timestamp")))?></td>
188
- <td>
189
- <?php
190
- if($auser->enddate)
191
- echo date(get_option('date_format'), $auser->enddate);
192
- else
193
- echo "Never";
194
- ?>
195
- </td>
196
- <td><?php if(!empty($visits['last'])) echo $visits['last'];?></td>
197
- <td><?php if(!empty($visits['month']) && pmpro_isDateThisMonth($visits['last'])) echo $visits['month'];?></td>
198
- <td><?php if(!empty($visits['alltime'])) echo $visits['alltime'];?></td>
199
- <td><?php if(!empty($views['month']) && pmpro_isDateThisMonth($views['last'])) echo $views['month'];?></td>
200
- <td><?php if(!empty($views['alltime'])) echo $views['alltime'];?></td>
201
- <td><?php if(!empty($logins['last'])) echo $logins['last'];?></td>
202
- <td><?php if(!empty($logins['month']) && pmpro_isDateThisMonth($logins['last'])) echo $logins['month'];?></td>
203
- <td><?php if(!empty($logins['alltime'])) echo $logins['alltime'];?></td>
204
- </tr>
205
- <?php
206
- }
207
-
208
- if(!$theusers)
209
- {
210
- ?>
211
- <tr>
212
- <td colspan="9"><p><?php _e('No members found.', 'pmpro')?> <?php if($l) { ?><a href="?page=pmpro-memberslist&s=<?php echo esc_attr($s)?>"><?php _e('Search all levels', 'pmpro')?></a>.<?php } ?></p></td>
213
- </tr>
214
- <?php
215
- }
216
- ?>
217
- </tbody>
218
- </table>
219
- </form>
220
-
221
- <?php
222
- echo pmpro_getPaginationString($pn, $totalrows, $limit, 1, get_admin_url(NULL, "/admin.php?page=pmpro-reports&report=login&s=" . urlencode($s)), "&l=$l&limit=$limit&pn=");
223
- ?>
224
- <?php
225
- }
226
-
227
- /*
228
- Other code required for your reports. This file is loaded every time WP loads with PMPro enabled.
229
- */
230
-
231
- //track visits
232
- function pmpro_report_login_wp_visits()
233
- {
234
- //don't track admin
235
- if(is_admin())
236
- return;
237
-
238
- //only track logged in users
239
- if(!is_user_logged_in())
240
- return;
241
-
242
- //check for cookie
243
- if(!empty($_COOKIE['pmpro_visit']))
244
- return;
245
-
246
- $now = current_time('timestamp');
247
-
248
- //set cookie, then track
249
- setcookie("pmpro_visit", "1", NULL, COOKIEPATH, COOKIE_DOMAIN, false);
250
-
251
- global $current_user;
252
- //track for user
253
- if(!empty($current_user->ID))
254
- {
255
- $visits = $current_user->pmpro_visits;
256
- if(empty($visits))
257
- $visits = array("last"=>"N/A", "thisdate"=>NULL, "month"=>0, "thismonth"=>NULL, "alltime"=>0);
258
-
259
- //track logins for user
260
- $visits['last'] = date(get_option("date_format"));
261
- $visits['alltime']++;
262
- $thismonth = date("n", $now);
263
- if($thismonth == $visits['thismonth'])
264
- $visits['month']++;
265
- else
266
- {
267
- $visits['month'] = 1;
268
- $visits['thismonth'] = $thismonth;
269
- }
270
-
271
- //update user data
272
- update_user_meta($current_user->ID, "pmpro_visits", $visits);
273
- }
274
-
275
- //track for all
276
- $visits = get_option("pmpro_visits");
277
- if(empty($visits))
278
- $visits = array("today"=>0, "thisdate"=>NULL, "month"=>0, "thismonth"=> NULL, "alltime"=>0);
279
-
280
- $visits['alltime']++;
281
- $thisdate = date("Y-d-m", $now);
282
- if($thisdate == $visits['thisdate'])
283
- $visits['today']++;
284
- else
285
- {
286
- $visits['today'] = 1;
287
- $visits['thisdate'] = $thisdate;
288
- }
289
- if($thismonth == $visits['thismonth'])
290
- $visits['month']++;
291
- else
292
- {
293
- $visits['month'] = 1;
294
- $visits['thismonth'] = $thismonth;
295
- }
296
-
297
- update_option("pmpro_visits", $visits);
298
- }
299
- add_action("wp", "pmpro_report_login_wp_visits");
300
-
301
- //we want to clear the pmpro_visit cookie on login/logout
302
- function pmpro_report_login_clear_visit_cookie()
303
- {
304
- if(isset($_COOKIE['pmpro_visit']))
305
- unset($_COOKIE['pmpro_visit']);
306
- }
307
- add_action("wp_login", "pmpro_report_login_clear_visit_cookie");
308
- add_action("wp_logout", "pmpro_report_login_clear_visit_cookie");
309
-
310
- //track views
311
- function pmpro_report_login_wp_views()
312
- {
313
- //don't track admin
314
- if(is_admin())
315
- return;
316
-
317
- global $current_user;
318
- $now = current_time('timestamp');
319
-
320
- //track for user
321
- if(!empty($current_user->ID))
322
- {
323
- $views = $current_user->pmpro_views;
324
- if(empty($views))
325
- $views = array("last"=>"N/A", "month"=>0, "alltime"=>0);
326
-
327
- //track logins for user
328
- $views['last'] = date(get_option("date_format"), $now);
329
- $views['alltime']++;
330
- $thismonth = date("n", $now);
331
- if(isset($views['thismonth']) && $thismonth == $views['thismonth'])
332
- $views['month']++;
333
- else
334
- {
335
- $views['month'] = 1;
336
- $views['thismonth'] = $thismonth;
337
- }
338
-
339
- //update user data
340
- update_user_meta($current_user->ID, "pmpro_views", $views);
341
- }
342
-
343
- //track for all
344
- $views = get_option("pmpro_views");
345
- if(empty($views))
346
- $views = array("today"=>0, "thisdate"=> NULL, "month"=>0, "thismonth"=> NULL, "alltime"=>0);
347
-
348
- $views['alltime']++;
349
- $thisdate = date("Y-d-m", $now);
350
- if($thisdate == $views['thisdate'])
351
- $views['today']++;
352
- else
353
- {
354
- $views['today'] = 1;
355
- $views['thisdate'] = $thisdate;
356
- }
357
- $thismonth = date("n", $now);
358
- if(isset($views['thismonth']) && $thismonth == $views['thismonth'])
359
- $views['month']++;
360
- else
361
- {
362
- $views['month'] = 1;
363
- $views['thismonth'] = $thismonth;
364
- }
365
-
366
- update_option("pmpro_views", $views);
367
- }
368
- add_action("wp", "pmpro_report_login_wp_views");
369
-
370
- //track logins
371
- function pmpro_report_login_wp_login($user_login)
372
- {
373
- $now = current_time('timestamp');
374
-
375
- //get user data
376
- $user = get_user_by("login", $user_login);
377
- $logins = $user->pmpro_logins;
378
- if(empty($logins))
379
- $logins = array("last"=>"N/A", "thisdate"=>NULL, "month"=>0, "thismonth"=> NULL, "alltime"=>0);
380
-
381
- //track logins for user
382
- $logins['last'] = date(get_option("date_format"), $now);
383
- $logins['alltime']++;
384
- $thismonth = date("n", $now);
385
- if($thismonth == $logins['thismonth'])
386
- $logins['month']++;
387
- else
388
- {
389
- $logins['month'] = 1;
390
- $logins['thismonth'] = $thismonth;
391
- }
392
-
393
- //update user data
394
- update_user_meta($user->ID, "pmpro_logins", $logins);
395
-
396
- //track logins overall
397
- $logins = get_option("pmpro_logins");
398
- if(empty($logins))
399
- $logins = array("today"=>0, "thisdate"=>NULL, "month"=>0, "thismonth"=>NULL, "alltime"=>0);
400
-
401
- $logins['alltime']++;
402
- $thisdate = date("Y-d-m", $now);
403
- if($thisdate == $logins['thisdate'])
404
- $logins['today']++;
405
- else
406
- {
407
- $logins['today'] = 1;
408
- $logins['thisdate'] = $thisdate;
409
- }
410
- if($thismonth == $logins['thismonth'])
411
- $logins['month']++;
412
- else
413
- {
414
- $logins['month'] = 1;
415
- $logins['thismonth'] = $thismonth;
416
- }
417
-
418
- update_option("pmpro_logins", $logins);
419
- }
420
  add_action("wp_login", "pmpro_report_login_wp_login");
1
+ <?php
2
+ /*
3
+ PMPro Report
4
+ Title: Logins
5
+ Slug: login
6
+
7
+ For each report, add a line like:
8
+ global $pmpro_reports;
9
+ $pmpro_reports['slug'] = 'Title';
10
+
11
+ For each report, also write two functions:
12
+ * pmpro_report_{slug}_widget() to show up on the report homepage.
13
+ * pmpro_report_{slug}_page() to show up when users click on the report page widget.
14
+ */
15
+ global $pmpro_reports;
16
+ $pmpro_reports['login'] = __('Visits, Views, and Logins', 'pmpro');
17
+
18
+ function pmpro_report_login_widget()
19
+ {
20
+ global $wpdb;
21
+ $now = current_time('timestamp');
22
+ $visits = get_option("pmpro_visits", array("today"=>0, "thisday"=>date("Y-m-d", $now), "alltime"=>0, "month"=>0, "thismonth"=>date("n", $now)));
23
+ $views = get_option("pmpro_views", array("today"=>0, "thisday"=>date("Y-m-d", $now), "alltime"=>0, "month"=>0, "thismonth"=>date("n", $now)));
24
+ $logins = get_option("pmpro_logins", array("today"=>0, "thisday"=>date("Y-m-d", $now), "alltime"=>0, "month"=>0, "thismonth"=>date("n", $now)));
25
+ ?>
26
+ <div style="width: 33%; float: left;">
27
+ <p><?php _e('Visits Today', 'pmpro')?>: <?php echo $visits['today'];?></p>
28
+ <p><?php _e('Visits This Month', 'pmpro')?>: <?php echo $visits['month'];?></p>
29
+ <p><?php _e('Visits All Time', 'pmpro')?>: <?php echo $visits['alltime'];?></p>
30
+ </div>
31
+ <div style="width: 33%; float: left;">
32
+ <p><?php _e('Views Today', 'pmpro')?>: <?php echo $views['today'];?></p>
33
+ <p><?php _e('Views This Month', 'pmpro')?>: <?php echo $views['month'];?></p>
34
+ <p><?php _e('Views All Time', 'pmpro')?>: <?php echo $views['alltime'];?></p>
35
+ </div>
36
+ <div style="width: 33%; float: left;">
37
+ <p><?php _e('Logins Today', 'pmpro')?>: <?php echo $logins['today'];?></p>
38
+ <p><?php _e('Logins This Month', 'pmpro')?>: <?php echo $logins['month'];?></p>
39
+ <p><?php _e('Logins All Time', 'pmpro')?>: <?php echo $logins['alltime'];?></p>
40
+ </div>
41
+ <div class="clear"></div>
42
+ <?php
43
+ }
44
+
45
+ function pmpro_report_login_page()
46
+ {
47
+ global $wpdb;
48
+ $now = current_time('timestamp');
49
+
50
+ //vars
51
+ if(!empty($_REQUEST['s']))
52
+ $s = $_REQUEST['s'];
53
+ else
54
+ $s = "";
55
+
56
+ if(!empty($_REQUEST['l']))
57
+ $l = intval($_REQUEST['l']);
58
+ else
59
+ $l = "";
60
+ ?>
61
+ <form id="posts-filter" method="get" action="">
62
+ <h2>
63
+ <?php _e('Visits, Views, and Logins Report', 'pmpro');?>
64
+ </h2>
65
+ <ul class="subsubsub">
66
+ <li>
67
+ <?php _ex('Show', 'Dropdown label, e.g. Show All Users', 'pmpro')?> <select name="l" onchange="jQuery('#posts-filter').submit();">
68
+ <option value="" <?php if(!$l) { ?>selected="selected"<?php } ?>><?php _e('All Users', 'pmpro')?></option>
69
+ <option value="all" <?php if($l == "all") { ?>selected="selected"<?php } ?>><?php _e('All Levels', 'pmpro')?></option>
70
+ <?php
71
+ $levels = $wpdb->get_results("SELECT id, name FROM $wpdb->pmpro_membership_levels ORDER BY name");
72
+ foreach($levels as $level)
73
+ {
74
+ ?>
75
+ <option value="<?php echo $level->id?>" <?php if($l == $level->id) { ?>selected="selected"<?php } ?>><?php echo $level->name?></option>
76
+ <?php
77
+ }
78
+ ?>
79
+ </select>
80
+ </li>
81
+ </ul>
82
+ <p class="search-box">
83
+ <label class="hidden" for="post-search-input"><?php _ex('Search', 'Search form label', 'pmpro')?> <?php if(empty($l)) echo "Users"; else echo "Members";?>:</label>
84
+ <input type="hidden" name="page" value="pmpro-reports" />
85
+ <input type="hidden" name="report" value="login" />
86
+ <input id="post-search-input" type="text" value="<?php echo esc_attr($s)?>" name="s"/>
87
+ <input class="button" type="submit" value="Search Members"/>
88
+ </p>
89
+ <?php
90
+ //some vars for the search
91
+ if(isset($_REQUEST['pn']))
92
+ $pn = intval($_REQUEST['pn']);
93
+ else
94
+ $pn = 1;
95
+
96
+ if(isset($_REQUEST['limit']))
97
+ $limit = intval($_REQUEST['limit']);
98
+ else
99
+ $limit = 15;
100
+
101
+ $end = $pn * $limit;
102
+ $start = $end - $limit;
103
+
104
+ if($s)
105
+ {
106
+ $sqlQuery = "SELECT SQL_CALC_FOUND_ROWS u.ID, u.user_login, u.user_email, UNIX_TIMESTAMP(u.user_registered) as joindate, mu.membership_id, mu.initial_payment, mu.billing_amount, mu.cycle_period, mu.cycle_number, mu.billing_limit, mu.trial_amount, mu.trial_limit, UNIX_TIMESTAMP(mu.startdate) as startdate, UNIX_TIMESTAMP(mu.enddate) as enddate, m.name as membership FROM $wpdb->users u LEFT JOIN $wpdb->usermeta um ON u.ID = um.user_id LEFT JOIN $wpdb->pmpro_memberships_users mu ON u.ID = mu.user_id AND mu.status = 'active' LEFT JOIN $wpdb->pmpro_membership_levels m ON mu.membership_id = m.id WHERE (u.user_login LIKE '%" . esc_sql($s) . "%' OR u.user_email LIKE '%" . esc_sql($s) . "%' OR um.meta_value LIKE '%" . esc_sql($s) . "%') ";
107
+
108
+ if($l == "all")
109
+ $sqlQuery .= " AND mu.status = 'active' AND mu.membership_id > 0 ";
110
+ elseif($l)
111
+ $sqlQuery .= " AND mu.membership_id = '" . $l . "' ";
112
+
113
+ $sqlQuery .= "GROUP BY u.ID ORDER BY user_registered DESC LIMIT $start, $limit";
114
+ }
115
+ else
116
+ {
117
+ $sqlQuery = "SELECT SQL_CALC_FOUND_ROWS u.ID, u.user_login, u.user_email, UNIX_TIMESTAMP(u.user_registered) as joindate, mu.membership_id, mu.initial_payment, mu.billing_amount, mu.cycle_period, mu.cycle_number, mu.billing_limit, mu.trial_amount, mu.trial_limit, UNIX_TIMESTAMP(mu.startdate) as startdate, UNIX_TIMESTAMP(mu.enddate) as enddate, m.name as membership FROM $wpdb->users u LEFT JOIN $wpdb->pmpro_memberships_users mu ON u.ID = mu.user_id AND mu.status = 'active' LEFT JOIN $wpdb->pmpro_membership_levels m ON mu.membership_id = m.id";
118
+ $sqlQuery .= " WHERE 1=1 ";
119
+
120
+ if($l == "all")
121
+ $sqlQuery .= " AND mu.membership_id > 0 AND mu.status = 'active' ";
122
+ elseif($l)
123
+ $sqlQuery .= " AND mu.membership_id = '" . $l . "' ";
124
+ $sqlQuery .= "GROUP BY u.ID ORDER BY user_registered DESC LIMIT $start, $limit";
125
+ }
126
+
127
+ $sqlQuery = apply_filters("pmpro_members_list_sql", $sqlQuery);
128
+
129
+ $theusers = $wpdb->get_results($sqlQuery);
130
+ $totalrows = $wpdb->get_var("SELECT FOUND_ROWS() as found_rows");
131
+
132
+ if($theusers)
133
+ {
134
+ ?>
135
+ <p class="clear"><?php echo strval($totalrows)?> <?php if(empty($l)) echo "users"; else echo "members";?> found.
136
+ <?php
137
+ }
138
+ ?>
139
+ <table class="widefat">
140
+ <thead>
141
+ <tr class="thead">
142
+ <th><?php _e('ID', 'pmpro')?></th>
143
+ <th><?php _e('User', 'pmpro')?></th>
144
+ <th><?php _e('Name', 'pmpro')?></th>
145
+ <th><?php _e('Membership', 'pmpro')?></th>
146
+ <th><?php _e('Joined', 'pmpro')?></th>
147
+ <th><?php _e('Expires', 'pmpro')?></th>
148
+ <th><?php _e('Last Visit', 'pmpro')?></th>
149
+ <th><?php _e('Visits This Month', 'pmpro')?></th>
150
+ <th><?php _e('Total Visits', 'pmpro')?></th>
151
+ <th><?php _e('Views This Month', 'pmpro')?></th>
152
+ <th><?php _e('Total Views', 'pmpro')?></th>
153
+ <th><?php _e('Last Login', 'pmpro')?></th>
154
+ <th><?php _e('Logins This Month', 'pmpro')?></th>
155
+ <th><?php _e('Total Logins', 'pmpro')?></th>
156
+ </tr>
157
+ </thead>
158
+ <tbody id="users" class="list:user user-list">
159
+ <?php
160
+ $count = 0;
161
+ foreach($theusers as $auser)
162
+ {
163
+ //get meta
164
+ $theuser = get_userdata($auser->ID);
165
+ $visits = get_user_meta($auser->ID, "pmpro_visits", true);
166
+ $views = get_user_meta($auser->ID, "pmpro_views", true);
167
+ $logins = get_user_meta($auser->ID, "pmpro_logins", true);
168
+ if(empty($logins))
169
+ $logins = array("last"=>"N/A", "month"=>"N/A", "alltime"=>"N/A");
170
+ ?>
171
+ <tr <?php if($count++ % 2 == 0) { ?>class="alternate"<?php } ?>>
172
+ <td><?php echo $theuser->ID?></td>
173
+ <td>
174
+ <?php echo get_avatar($theuser->ID, 32)?>
175
+ <strong>
176
+ <?php
177
+ $userlink = '<a href="user-edit.php?user_id=' . $theuser->ID . '">' . $theuser->user_login . '</a>';
178
+ $userlink = apply_filters("pmpro_members_list_user_link", $userlink, $theuser);
179
+ echo $userlink;
180
+ ?>
181
+ </strong>
182
+ </td>
183
+ <td>
184
+ <?php echo $theuser->display_name;?>
185
+ </td>
186
+ <td><?php echo $auser->membership?></td>
187
+ <td><?php echo date("m/d/Y", strtotime($theuser->user_registered, current_time("timestamp")))?></td>
188
+ <td>
189
+ <?php
190
+ if($auser->enddate)
191
+ echo date(get_option('date_format'), $auser->enddate);
192
+ else
193
+ echo "Never";
194
+ ?>
195
+ </td>
196
+ <td><?php if(!empty($visits['last'])) echo $visits['last'];?></td>
197
+ <td><?php if(!empty($visits['month']) && pmpro_isDateThisMonth($visits['last'])) echo $visits['month'];?></td>
198
+ <td><?php if(!empty($visits['alltime'])) echo $visits['alltime'];?></td>
199
+ <td><?php if(!empty($views['month']) && pmpro_isDateThisMonth($views['last'])) echo $views['month'];?></td>
200
+ <td><?php if(!empty($views['alltime'])) echo $views['alltime'];?></td>
201
+ <td><?php if(!empty($logins['last'])) echo $logins['last'];?></td>
202
+ <td><?php if(!empty($logins['month']) && pmpro_isDateThisMonth($logins['last'])) echo $logins['month'];?></td>
203
+ <td><?php if(!empty($logins['alltime'])) echo $logins['alltime'];?></td>
204
+ </tr>
205
+ <?php
206
+ }
207
+
208
+ if(!$theusers)
209
+ {
210
+ ?>
211
+ <tr>
212
+ <td colspan="9"><p><?php _e('No members found.', 'pmpro')?> <?php if($l) { ?><a href="?page=pmpro-memberslist&s=<?php echo esc_attr($s)?>"><?php _e('Search all levels', 'pmpro')?></a>.<?php } ?></p></td>
213
+ </tr>
214
+ <?php
215
+ }
216
+ ?>
217
+ </tbody>
218
+ </table>
219
+ </form>
220
+
221
+ <?php
222
+ echo pmpro_getPaginationString($pn, $totalrows, $limit, 1, get_admin_url(NULL, "/admin.php?page=pmpro-reports&report=login&s=" . urlencode($s)), "&l=$l&limit=$limit&pn=");
223
+ ?>
224
+ <?php
225
+ }
226
+
227
+ /*
228
+ Other code required for your reports. This file is loaded every time WP loads with PMPro enabled.
229
+ */
230
+
231
+ //track visits
232
+ function pmpro_report_login_wp_visits()
233
+ {
234
+ //don't track admin
235
+ if(is_admin())
236
+ return;
237
+
238
+ //only track logged in users
239
+ if(!is_user_logged_in())
240
+ return;
241
+
242
+ //check for cookie
243
+ if(!empty($_COOKIE['pmpro_visit']))
244
+ return;
245
+
246
+ $now = current_time('timestamp');
247
+
248
+ //set cookie, then track
249
+ setcookie("pmpro_visit", "1", NULL, COOKIEPATH, COOKIE_DOMAIN, false);
250
+
251
+ global $current_user;
252
+ //track for user
253
+ if(!empty($current_user->ID))
254
+ {
255
+ $visits = $current_user->pmpro_visits;
256
+ if(empty($visits))
257
+ $visits = array("last"=>"N/A", "thisdate"=>NULL, "month"=>0, "thismonth"=>NULL, "alltime"=>0);
258
+
259
+ //track logins for user
260
+ $visits['last'] = date(get_option("date_format"));
261
+ $visits['alltime']++;
262
+ $thismonth = date("n", $now);
263
+ if($thismonth == $visits['thismonth'])
264
+ $visits['month']++;
265
+ else
266
+ {
267
+ $visits['month'] = 1;
268
+ $visits['thismonth'] = $thismonth;
269
+ }
270
+
271
+ //update user data
272
+ update_user_meta($current_user->ID, "pmpro_visits", $visits);
273
+ }
274
+
275
+ //track for all
276
+ $visits = get_option("pmpro_visits");
277
+ if(empty($visits))
278
+ $visits = array("today"=>0, "thisdate"=>NULL, "month"=>0, "thismonth"=> NULL, "alltime"=>0);
279
+
280
+ $visits['alltime']++;
281
+ $thisdate = date("Y-d-m", $now);
282
+ if($thisdate == $visits['thisdate'])
283
+ $visits['today']++;
284
+ else
285
+ {
286
+ $visits['today'] = 1;
287
+ $visits['thisdate'] = $thisdate;
288
+ }
289
+ if($thismonth == $visits['thismonth'])
290
+ $visits['month']++;
291
+ else
292
+ {
293
+ $visits['month'] = 1;
294
+ $visits['thismonth'] = $thismonth;
295
+ }
296
+
297
+ update_option("pmpro_visits", $visits);
298
+ }
299
+ add_action("wp", "pmpro_report_login_wp_visits");
300
+
301
+ //we want to clear the pmpro_visit cookie on login/logout
302
+ function pmpro_report_login_clear_visit_cookie()
303
+ {
304
+ if(isset($_COOKIE['pmpro_visit']))
305
+ unset($_COOKIE['pmpro_visit']);
306
+ }
307
+ add_action("wp_login", "pmpro_report_login_clear_visit_cookie");
308
+ add_action("wp_logout", "pmpro_report_login_clear_visit_cookie");
309
+
310
+ //track views
311
+ function pmpro_report_login_wp_views()
312
+ {
313
+ //don't track admin
314
+ if(is_admin())
315
+ return;
316
+
317
+ global $current_user;
318
+ $now = current_time('timestamp');
319
+
320
+ //track for user
321
+ if(!empty($current_user->ID))
322
+ {
323
+ $views = $current_user->pmpro_views;
324
+ if(empty($views))
325
+ $views = array("last"=>"N/A", "month"=>0, "alltime"=>0);
326
+
327
+ //track logins for user
328
+ $views['last'] = date(get_option("date_format"), $now);
329
+ $views['alltime']++;
330
+ $thismonth = date("n", $now);
331
+ if(isset($views['thismonth']) && $thismonth == $views['thismonth'])
332
+ $views['month']++;
333
+ else
334
+ {
335
+ $views['month'] = 1;
336
+ $views['thismonth'] = $thismonth;
337
+ }
338
+
339
+ //update user data
340
+ update_user_meta($current_user->ID, "pmpro_views", $views);
341
+ }
342
+
343
+ //track for all
344
+ $views = get_option("pmpro_views");
345
+ if(empty($views))
346
+ $views = array("today"=>0, "thisdate"=> NULL, "month"=>0, "thismonth"=> NULL, "alltime"=>0);
347
+
348
+ $views['alltime']++;
349
+ $thisdate = date("Y-d-m", $now);
350
+ if($thisdate == $views['thisdate'])
351
+ $views['today']++;
352
+ else
353
+ {
354
+ $views['today'] = 1;
355
+ $views['thisdate'] = $thisdate;
356
+ }
357
+ $thismonth = date("n", $now);
358
+ if(isset($views['thismonth']) && $thismonth == $views['thismonth'])
359
+ $views['month']++;
360
+ else
361
+ {
362
+ $views['month'] = 1;
363
+ $views['thismonth'] = $thismonth;
364
+ }
365
+
366
+ update_option("pmpro_views", $views);
367
+ }
368
+ add_action("wp_head", "pmpro_report_login_wp_views");
369
+
370
+ //track logins
371
+ function pmpro_report_login_wp_login($user_login)
372
+ {
373
+ $now = current_time('timestamp');
374
+
375
+ //get user data
376
+ $user = get_user_by("login", $user_login);
377
+ $logins = $user->pmpro_logins;
378
+ if(empty($logins))
379
+ $logins = array("last"=>"N/A", "thisdate"=>NULL, "month"=>0, "thismonth"=> NULL, "alltime"=>0);
380
+
381
+ //track logins for user
382
+ $logins['last'] = date(get_option("date_format"), $now);
383
+ $logins['alltime']++;
384
+ $thismonth = date("n", $now);
385
+ if($thismonth == $logins['thismonth'])
386
+ $logins['month']++;
387
+ else
388
+ {
389
+ $logins['month'] = 1;
390
+ $logins['thismonth'] = $thismonth;
391
+ }
392
+
393
+ //update user data
394
+ update_user_meta($user->ID, "pmpro_logins", $logins);
395
+
396
+ //track logins overall
397
+ $logins = get_option("pmpro_logins");
398
+ if(empty($logins))
399
+ $logins = array("today"=>0, "thisdate"=>NULL, "month"=>0, "thismonth"=>NULL, "alltime"=>0);
400
+
401
+ $logins['alltime']++;
402
+ $thisdate = date("Y-d-m", $now);
403
+ if($thisdate == $logins['thisdate'])
404
+ $logins['today']++;
405
+ else
406
+ {
407
+ $logins['today'] = 1;
408
+ $logins['thisdate'] = $thisdate;
409
+ }
410
+ if($thismonth == $logins['thismonth'])
411
+ $logins['month']++;
412
+ else
413
+ {
414
+ $logins['month'] = 1;
415
+ $logins['thismonth'] = $thismonth;
416
+ }
417
+
418
+ update_option("pmpro_logins", $logins);
419
+ }
420
  add_action("wp_login", "pmpro_report_login_wp_login");
classes/class.pmproemail.php CHANGED
@@ -48,30 +48,39 @@
48
 
49
  //load the template
50
  $locale = apply_filters("plugin_locale", get_locale(), "pmpro");
51
- if(file_exists(get_stylesheet_directory() . "/paid-memberships-pro/email/" . $this->template . ".html"))
52
- $this->body = file_get_contents(get_stylesheet_directory() . "/paid-memberships-pro/email/" . $this->template . ".html"); //email folder in pmpro folder in theme
 
 
 
53
  elseif(file_exists(get_stylesheet_directory() . "/membership-email-" . $this->template . ".html"))
54
- $this->body = file_get_contents(get_stylesheet_directory() . "/membership-email-" . $this->template . ".html"); //membership- file in pmpro folder in theme
55
- elseif(file_exists(TEMPLATEPATH . "/membership-email-" . $this->template . ".html"))
56
- $this->body = file_get_contents(TEMPLATEPATH . "/membership-email-" . $this->template . ".html"); //membership- file in theme root
 
 
 
 
 
 
57
  elseif(file_exists(WP_LANG_DIR . '/pmpro/email/' . $this->template . ".html"))
58
- $this->body = file_get_contents(WP_LANG_DIR . '/pmpro/email/' . $this->template . ".html"); //email folder in WP language folder
59
  elseif(file_exists(PMPRO_DIR . "/languages/" . $locale . "/" . $this->template . ".html"))
60
- $this->body = file_get_contents(PMPRO_DIR . "/languages/" . $locale . "/" . $this->template . ".html"); //email folder in PMPro language folder
61
  elseif(file_exists(PMPRO_DIR . "/email/" . $this->template . ".html"))
62
- $this->body = file_get_contents(PMPRO_DIR . "/email/" . $this->template . ".html"); //default template in plugin
63
  elseif(!empty($this->data) && !empty($this->data['body']))
64
- $this->body = $this->data['body'];
65
 
66
  //header and footer
67
  /* This is handled for all emails via the pmpro_send_html function in paid-memberships-pro now
68
- if(file_exists(TEMPLATEPATH . "/email_header.html"))
69
  {
70
- $this->body = file_get_contents(TEMPLATEPATH . "/email_header.html") . "\n" . $this->body;
71
  }
72
- if(file_exists(TEMPLATEPATH . "/email_footer.html"))
73
  {
74
- $this->body = $this->body . "\n" . file_get_contents(TEMPLATEPATH . "/email_footer.html");
75
  }
76
  */
77
 
@@ -188,7 +197,7 @@
188
  "membership_cost" => pmpro_getLevelCost($user->membership_level),
189
  "login_link" => wp_login_url(pmpro_url("account")),
190
  "display_name" => $user->display_name,
191
- "user_email" => $user->user_email,0
192
  );
193
 
194
  if(!empty($invoice) && !pmpro_isLevelFree($user->membership_level))
@@ -288,7 +297,7 @@
288
  "membership_cost" => pmpro_getLevelCost($user->membership_level),
289
  "login_link" => wp_login_url(pmpro_url("account")),
290
  "display_name" => $user->display_name,
291
- "user_email" => $user->user_email,0
292
  );
293
 
294
  if(!empty($invoice) && !pmpro_isLevelFree($user->membership_level))
48
 
49
  //load the template
50
  $locale = apply_filters("plugin_locale", get_locale(), "pmpro");
51
+
52
+ if(file_exists(get_stylesheet_directory() . "/paid-memberships-pro/email/" . $locale . "/" . $this->template . ".html"))
53
+ $this->body = file_get_contents(get_stylesheet_directory() . "/paid-memberships-pro/email/" . $locale . "/" . $this->template . ".html"); //localized email folder in child theme
54
+ elseif(file_exists(get_stylesheet_directory() . "/paid-memberships-pro/email/" . $this->template . ".html"))
55
+ $this->body = file_get_contents(get_stylesheet_directory() . "/paid-memberships-pro/email/" . $this->template . ".html"); //email folder in child theme
56
  elseif(file_exists(get_stylesheet_directory() . "/membership-email-" . $this->template . ".html"))
57
+ $this->body = file_get_contents(get_stylesheet_directory() . "/membership-email-" . $this->template . ".html"); //membership-email- file in child theme
58
+ elseif(file_exists(get_template_directory() . "/paid-memberships-pro/email/" . $locale . "/" . $this->template . ".html"))
59
+ $this->body = file_get_contents(get_template_directory() . "/paid-memberships-pro/email/" . $locale . "/" . $this->template . ".html"); //localized email folder in parent theme
60
+ elseif(file_exists(get_template_directory() . "/paid-memberships-pro/email/" . $this->template . ".html"))
61
+ $this->body = file_get_contents(get_template_directory() . "/paid-memberships-pro/email/" . $this->template . ".html"); //email folder in parent theme
62
+ elseif(file_exists(get_template_directory() . "/membership-email-" . $this->template . ".html"))
63
+ $this->body = file_get_contents(get_template_directory() . "/membership-email-" . $this->template . ".html"); //membership-email- file in parent theme
64
+ elseif(file_exists(WP_LANG_DIR . '/pmpro/email/' . $locale . "/" . $this->template . ".html"))
65
+ $this->body = file_get_contents(WP_LANG_DIR . '/pmpro/email/' . $locale . "/" . $this->template . ".html"); //localized email folder in WP language folder
66
  elseif(file_exists(WP_LANG_DIR . '/pmpro/email/' . $this->template . ".html"))
67
+ $this->body = file_get_contents(WP_LANG_DIR . '/pmpro/email/' . $this->template . ".html"); //email folder in WP language folder
68
  elseif(file_exists(PMPRO_DIR . "/languages/" . $locale . "/" . $this->template . ".html"))
69
+ $this->body = file_get_contents(PMPRO_DIR . "/languages/" . $locale . "/" . $this->template . ".html"); //email folder in PMPro language folder
70
  elseif(file_exists(PMPRO_DIR . "/email/" . $this->template . ".html"))
71
+ $this->body = file_get_contents(PMPRO_DIR . "/email/" . $this->template . ".html"); //default template in plugin
72
  elseif(!empty($this->data) && !empty($this->data['body']))
73
+ $this->body = $this->data['body']; //data passed in
74
 
75
  //header and footer
76
  /* This is handled for all emails via the pmpro_send_html function in paid-memberships-pro now
77
+ if(file_exists(get_template_directory() . "/email_header.html"))
78
  {
79
+ $this->body = file_get_contents(get_template_directory() . "/email_header.html") . "\n" . $this->body;
80
  }
81
+ if(file_exists(get_template_directory() . "/email_footer.html"))
82
  {
83
+ $this->body = $this->body . "\n" . file_get_contents(get_template_directory() . "/email_footer.html");
84
  }
85
  */
86
 
197
  "membership_cost" => pmpro_getLevelCost($user->membership_level),
198
  "login_link" => wp_login_url(pmpro_url("account")),
199
  "display_name" => $user->display_name,
200
+ "user_email" => $user->user_email,
201
  );
202
 
203
  if(!empty($invoice) && !pmpro_isLevelFree($user->membership_level))
297
  "membership_cost" => pmpro_getLevelCost($user->membership_level),
298
  "login_link" => wp_login_url(pmpro_url("account")),
299
  "display_name" => $user->display_name,
300
+ "user_email" => $user->user_email,
301
  );
302
 
303
  if(!empty($invoice) && !pmpro_isLevelFree($user->membership_level))
includes/functions.php CHANGED
@@ -381,39 +381,62 @@ if(!function_exists("hideCardNumber"))
381
  }
382
  }
383
 
 
384
  if(!function_exists("cleanPhone"))
385
  {
 
 
 
 
 
 
 
 
386
  function cleanPhone($phone)
387
  {
388
  //if a + is passed, just pass it along
389
  if(strpos($phone, "+") !== false)
390
  return $phone;
391
-
392
  //clean the phone
393
  $phone = str_replace("-", "", $phone);
394
  $phone = str_replace(".", "", $phone);
395
  $phone = str_replace("(", "", $phone);
396
  $phone = str_replace(")", "", $phone);
397
  $phone = str_replace(" ", "", $phone);
398
-
399
  return $phone;
400
  }
401
  }
402
 
 
403
  if(!function_exists("formatPhone"))
404
  {
 
 
 
 
 
 
 
405
  function formatPhone($phone)
406
  {
407
- $phone = cleanPhone($phone);
408
 
409
- if(strlen($phone) == 11)
410
- return substr($phone, 0, 1) . " (" . substr($phone, 1, 3) . ") " . substr($phone, 4, 3) . "-" . substr($phone, 7, 4);
411
- elseif(strlen($phone) == 10)
412
- return "(" . substr($phone, 0, 3) . ") " . substr($phone, 3, 3) . "-" . substr($phone, 6, 4);
413
- elseif(strlen($phone) == 7)
414
- return substr($phone, 0, 3) . "-" . substr($phone, 3, 4);
415
- else
416
- return $phone;
 
 
 
 
 
 
 
 
417
  }
418
  }
419
 
381
  }
382
  }
383
 
384
+ //check for existing functions since we didn't use a prefix for this function
385
  if(!function_exists("cleanPhone"))
386
  {
387
+ /**
388
+ * Function to remove special characters from a phone number.
389
+ * NOTE: Could probably replace with preg_replace("[^0-9]", "", $phone)
390
+ *
391
+ * @since 1.0
392
+ *
393
+ * @param string $phone The phone number to clean.
394
+ */
395
  function cleanPhone($phone)
396
  {
397
  //if a + is passed, just pass it along
398
  if(strpos($phone, "+") !== false)
399
  return $phone;
 
400
  //clean the phone
401
  $phone = str_replace("-", "", $phone);
402
  $phone = str_replace(".", "", $phone);
403
  $phone = str_replace("(", "", $phone);
404
  $phone = str_replace(")", "", $phone);
405
  $phone = str_replace(" ", "", $phone);
 
406
  return $phone;
407
  }
408
  }
409
 
410
+ //check for existing functions since we didn't use a prefix for this function
411
  if(!function_exists("formatPhone"))
412
  {
413
+ /**
414
+ * Function to format a phone number.
415
+ *
416
+ * @since 1.0
417
+ *
418
+ * @param string $phone The phone number to format.
419
+ */
420
  function formatPhone($phone)
421
  {
422
+ $r = cleanPhone($phone);
423
 
424
+ if(strlen($r) == 11)
425
+ $r = substr($r, 0, 1) . " (" . substr($r, 1, 3) . ") " . substr($r, 4, 3) . "-" . substr($r, 7, 4);
426
+ elseif(strlen($r) == 10)
427
+ $r = "(" . substr($r, 0, 3) . ") " . substr($r, 3, 3) . "-" . substr($r, 6, 4);
428
+ elseif(strlen($r) == 7)
429
+ $r = substr($r, 0, 3) . "-" . substr($r, 3, 4);
430
+
431
+ /**
432
+ * Filter to do more or less cleaning of phone numbers.
433
+ *
434
+ * @since 1.8.4.4
435
+ *
436
+ * @param string $r The formatted phone number.
437
+ * @param string $phone The original phone number.
438
+ */
439
+ return apply_filters('pmpro_format_phone', $r, $phone);
440
  }
441
  }
442
 
includes/init.php CHANGED
@@ -129,6 +129,8 @@ function pmpro_wp()
129
  ob_start();
130
  if(file_exists(get_stylesheet_directory() . "/paid-memberships-pro/pages/" . $pmpro_page_name . ".php"))
131
  include(get_stylesheet_directory() . "/paid-memberships-pro/pages/" . $pmpro_page_name . ".php");
 
 
132
  else
133
  include(PMPRO_DIR . "/pages/" . $pmpro_page_name . ".php");
134
 
129
  ob_start();
130
  if(file_exists(get_stylesheet_directory() . "/paid-memberships-pro/pages/" . $pmpro_page_name . ".php"))
131
  include(get_stylesheet_directory() . "/paid-memberships-pro/pages/" . $pmpro_page_name . ".php");
132
+ elseif(file_exists(get_template_directory() . "/paid-memberships-pro/pages/" . $pmpro_page_name . ".php"))
133
+ include(get_template_directory() . "/paid-memberships-pro/pages/" . $pmpro_page_name . ".php");
134
  else
135
  include(PMPRO_DIR . "/pages/" . $pmpro_page_name . ".php");
136
 
paid-memberships-pro.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Paid Memberships Pro
4
  Plugin URI: http://www.paidmembershipspro.com
5
  Description: Plugin to Handle Memberships
6
- Version: 1.8.4.2
7
  Author: Stranger Studios
8
  Author URI: http://www.strangerstudios.com
9
  */
@@ -13,7 +13,7 @@ Author URI: http://www.strangerstudios.com
13
  */
14
 
15
  //version constant
16
- define("PMPRO_VERSION", "1.8.4.2");
17
 
18
  //if the session has been started yet, start it (ignore if running from command line)
19
  if(defined('STDIN') )
3
  Plugin Name: Paid Memberships Pro
4
  Plugin URI: http://www.paidmembershipspro.com
5
  Description: Plugin to Handle Memberships
6
+ Version: 1.8.4.4
7
  Author: Stranger Studios
8
  Author URI: http://www.strangerstudios.com
9
  */
13
  */
14
 
15
  //version constant
16
+ define("PMPRO_VERSION", "1.8.4.4");
17
 
18
  //if the session has been started yet, start it (ignore if running from command line)
19
  if(defined('STDIN') )
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: strangerstudios
3
  Tags: memberships, membership, authorize.net, ecommerce, paypal, stripe, braintree, restrict access, restrict content, directory site, payflow
4
  Requires at least: 3.5
5
  Tested up to: 4.2.2
6
- Stable tag: 1.8.4.2
7
 
8
  The easiest way to GET PAID with your WordPress site. Flexible content control by Membership Level, Reports, Affiliates and Discounts
9
 
@@ -102,6 +102,16 @@ Not sure? You can find out by doing a bit a research.
102
  4. Offer Membership Discounts with specific price rules (restricted by level, unique pricing for each level, # of uses, expiration date.)
103
 
104
  == Changelog ==
 
 
 
 
 
 
 
 
 
 
105
  = 1.8.4.2 =
106
  * BUG: Fixed bug where dropdown to set the account page in the page settings was showing up twice.
107
  * BUG: Fixed warning in pmpro_account shortcode.
3
  Tags: memberships, membership, authorize.net, ecommerce, paypal, stripe, braintree, restrict access, restrict content, directory site, payflow
4
  Requires at least: 3.5
5
  Tested up to: 4.2.2
6
+ Stable tag: 1.8.4.4
7
 
8
  The easiest way to GET PAID with your WordPress site. Flexible content control by Membership Level, Reports, Affiliates and Discounts
9
 
102
  4. Offer Membership Discounts with specific price rules (restricted by level, unique pricing for each level, # of uses, expiration date.)
103
 
104
  == Changelog ==
105
+ = 1.8.4.4 =
106
+ * BUG: Fixed issue where subscriptions cancelled at Stripe wouldn't cancel the related PMPro membership if the membership was created after updating to v1.8. (Thank, Ninjami-Juho)
107
+ * BUG: Now tracking "views" when the wp_head hook is fired instead of the "wp" hook. Previously page redirects and AJAX calls might have been counted as "views". Using wp_head will result in more accurate numbers (compared to something like Google Analytics, e.g.). Also note that the number of views will now be much much lower than before on some sites. (Thanks, Michael Cummings)
108
+ * BUG: Fixed loading of email templates from language folders in themes, child themes, and languages folder. (Thanks, Karel Martens)
109
+ * ENHANCEMENT: Added the pmpro_format_phone filter to change how phone numbers are formated. Param 1 is $r, the formatted phone number. Param 2 is $phone, the original phone number.
110
+ * ENHANCEMENT: Added doc blocks to cleanPhone and formatPhone functions and the new pmpro_format_phone filter.
111
+
112
+ = 1.8.4.3 =
113
+ * SECURITY PATCH: Fixes to Cross Site Scripting vulnerabilities in the PMPro settings pages in the WordPress dashboard. [Advisory ID HTB23264](https://www.htbridge.com/advisory/HTB23264). (Thanks, High-Tech Bridge Security Research Lab)
114
+
115
  = 1.8.4.2 =
116
  * BUG: Fixed bug where dropdown to set the account page in the page settings was showing up twice.
117
  * BUG: Fixed warning in pmpro_account shortcode.
services/stripe-webhook.php CHANGED
@@ -320,10 +320,11 @@
320
  global $wpdb;
321
 
322
  $customer_id = $event->data->object->customer;
 
323
  $plan_id = $event->data->object->plan->id;
324
 
325
  //look up the order
326
- $sqlQuery = "SELECT user_id FROM $wpdb->pmpro_membership_orders WHERE subscription_transaction_id = '" . esc_sql($customer_id) . "' ";
327
  if($status)
328
  $sqlQuery .= " AND status='" . esc_sql($status) . "' ";
329
  if($checkplan)
320
  global $wpdb;
321
 
322
  $customer_id = $event->data->object->customer;
323
+ $subscription_id = $event->data->object->id;
324
  $plan_id = $event->data->object->plan->id;
325
 
326
  //look up the order
327
+ $sqlQuery = "SELECT user_id FROM $wpdb->pmpro_membership_orders WHERE (subscription_transaction_id = '" . esc_sql($customer_id) . "' OR subscription_transaction_id = '" . esc_sql($subscription_id) . "') ";
328
  if($status)
329
  $sqlQuery .= " AND status='" . esc_sql($status) . "' ";
330
  if($checkplan)