Paid Memberships Pro - Version 2.3.3

Version Description

2020-05-13 =
SECURITY: Fixed SQL injection vulnerability when logged in as an administrator and adding new orders in the dashboard. JVN#20248858 (Thanks, Kenichi Okuno of Mitsui Bussan Secure Directions, Inc)
SECURITY: Making sure to properly escape all values on the add/edit order form in the dashboard.
BUG FIX: Now properly setting the order status to "error" when an initial payment fails when using PayPal Express. Before the order status would be set as "cancelled", which would count the order toward reports and make it harder to find orders that had errors. (Thanks, Mirco Babini)
BUG FIX: Fixed issue with the PMPro logo and some other assets loading over the wrong schema (http vs https) in some cases.
BUG FIX: Fixed issue where the chosen discount code was not shown after submitting when adding a new order through the dashboard.
BUG FIX/ENHANCEMENT: Using "PMPro" in the admin activity email subject to keep the line shorter and avoid issues when replacing the word "member" via gettext.
ENHANCEMENT: Added a pmpro_allow_weak_passwords filter. You can set this to return true (like this https://gist.github.com/ideadude/5a12119b9ce1c2aad87b2d69cb8f9505) to allow weak passwords on the change password and reset password pages. Note that at this time, weak passwords are still allowed on the checkout page no matter the value of this filter. We expect to change that in the future. For now, you can use our PMPro Strong Passwords plugin to force strong passwords at checkout.
REFACTOR: Updated the logic around checking the PMPRO_IPN_DEBUG constant in the IPN handler. (Thanks, Mirco Babini)

Release Info

Developer	strangerstudios
Plugin	Paid Memberships Pro
Version	2.3.3
Comparing to
See all releases

Code changes from version 2.3.2 to 2.3.3

Files changed (11) hide show

CHANGELOG.txt +13 -2
adminpages/orders.php +213 -229
classes/class-pmpro-admin-activity-email.php +1 -1
classes/class.memberorder.php +32 -32
includes/admin.php +7 -1
includes/functions.php +5 -1
includes/scripts.php +13 -1
js/pmpro-login.js +9 -3
paid-memberships-pro.php +3 -3
readme.txt +14 -3
services/ipnhandler.php +20 -15

CHANGELOG.txt CHANGED Viewed

	@@ -1,11 +1,22 @@
1	== Changelog ==
2	- = 2.3.2 2020-05-07 =










3	* BUG FIX: Fixed errors calling is_main_query() that came up with certain themes.
4	* BUG FIX: Fixed typo in the pmpro_account_profile_action_links filter.
5	* BUG FIX/ENHANCEMENT: Added a new force parameter to the pmpro_getAllLevels() function. This is used by the Multisite Membership Add On to fix an issue where levels were missing or incorrect on the subsites.
6	* ENHANCEMENT: Removed mention of the ezAdsense plugin, which has been discontinued.

7
8	- = 2.3.1 2020-05-01 =
9	* BUG FIX: Fixed infinite redirect issue if no account page was set. Fixed a few other places where we do is_page() type checks just in case.
10	* BUG FIX: Fixed issue where all pages were retitled to Welcome when logged in, if no login page was set.
11	* BUG FIX: Fixed issue with BuddyBoss and other themes/plugins that use the_title filter with only one parameter.


1	== Changelog ==
2	+ = 2.3.3 - 2020-05-13 =
3	+ * SECURITY: Fixed SQL injection vulnerability when logged in as an administrator and adding new orders in the dashboard. JVN#20248858 (Thanks, Kenichi Okuno of Mitsui Bussan Secure Directions, Inc)
4	+ * SECURITY: Making sure to properly escape all values on the add/edit order form in the dashboard.
5	+ * BUG FIX: Now properly setting the order status to "error" when an initial payment fails when using PayPal Express. Before the order status would be set as "cancelled", which would count the order toward reports and make it harder to find orders that had errors. (Thanks, Mirco Babini)
6	+ * BUG FIX: Fixed issue with the PMPro logo and some other assets loading over the wrong schema (http vs https) in some cases.
7	+ * BUG FIX: Fixed issue where the chosen discount code was not shown after submitting when adding a new order through the dashboard.
8	+ * BUG FIX/ENHANCEMENT: Using "PMPro" in the admin activity email subject to keep the line shorter and avoid issues when replacing the word "member" via gettext.
9	+ * ENHANCEMENT: Added a pmpro_allow_weak_passwords filter. You can set this to return true (like this https://gist.github.com/ideadude/5a12119b9ce1c2aad87b2d69cb8f9505) to allow weak passwords on the change password and reset password pages. Note that at this time, weak passwords are still allowed on the checkout page no matter the value of this filter. We expect to change that in the future. For now, you can use our PMPro Strong Passwords plugin to force strong passwords at checkout.
10	+ * REFACTOR: Updated the logic around checking the PMPRO_IPN_DEBUG constant in the IPN handler. (Thanks, Mirco Babini)
11	+
12	+ = 2.3.2 - 2020-05-07 =
13	* BUG FIX: Fixed errors calling is_main_query() that came up with certain themes.
14	* BUG FIX: Fixed typo in the pmpro_account_profile_action_links filter.
15	* BUG FIX/ENHANCEMENT: Added a new force parameter to the pmpro_getAllLevels() function. This is used by the Multisite Membership Add On to fix an issue where levels were missing or incorrect on the subsites.
16	* ENHANCEMENT: Removed mention of the ezAdsense plugin, which has been discontinued.
17	+ * ENHANCEMENT: Added $recipient param in sendAdminActivity() function so you can send additional activity emails like this https://gist.github.com/dparker1005/6bf650370a12aef44adf8c8c26d3e906
18
19	+ = 2.3.1 - 2020-05-01 =
20	* BUG FIX: Fixed infinite redirect issue if no account page was set. Fixed a few other places where we do is_page() type checks just in case.
21	* BUG FIX: Fixed issue where all pages were retitled to Welcome when logged in, if no login page was set.
22	* BUG FIX: Fixed issue with BuddyBoss and other themes/plugins that use the_title filter with only one parameter.

adminpages/orders.php CHANGED Viewed

	@@ -291,11 +291,8 @@ if ( ! empty( $_REQUEST['save'] ) ) {
291
292	// save
293	if ( $order->saveOrder() !== false && $nonceokay ) {
294	- // ~~also~~ ~~update the discount code if needed~~
295	- ~~if( isset( $_REQUEST['discount_code_id'] ) ) {~~
296	- $order->updateDiscountCode( intval( $_REQUEST['discount_code_id'] ) );
297	- }
298	-
299	// handle timestamp
300	if ( $order->updateTimestamp( intval( $_POST['ts_year'] ), intval( $_POST['ts_month'] ), intval( $_POST['ts_day'] ), intval( $_POST['ts_hour'] ) . ':' . intval( $_POST['ts_minute'] ) . ':00' ) !== false ) {
301	$pmpro_msg = __( 'Order saved successfully.', 'paid-memberships-pro' );
	@@ -308,6 +305,11 @@ if ( ! empty( $_REQUEST['save'] ) ) {
308	$pmpro_msg = __( 'Error saving order.', 'paid-memberships-pro' );
309	$pmpro_msgt = 'error';
310	}





311	} else {
312	// order passed?
313	if ( ! empty( $_REQUEST['order'] ) ) {
	@@ -371,9 +373,9 @@ if ( function_exists( 'pmpro_add_email_order_modal' ) ) {
371	<?php if ( ! empty( $order ) ) { ?>
372
373	<?php if ( ! empty( $order->id ) ) { ?>
374	- <h1 class="wp-heading-inline"><?php esc_html_e( 'Order', 'paid-memberships-pro' ); ?> #<?php echo $order->id; ?>: <?php echo $order->code; ?></h1>
375	- <a title="<?php _e( 'Print', 'paid-memberships-pro' ); ?>" href="<?php echo add_query_arg( array( 'action' => 'pmpro_orders_print_view', 'order' => $order->id ), admin_url('admin-ajax.php' ) ); ?>" class="page-title-action" target="_blank" ><?php _e( 'Print', 'paid-memberships-pro' ); ?></a>
376	- <a title="<?php _e( 'Email', 'paid-memberships-pro' ); ?>" href="#TB_inline?width=600&height=200&inlineId=email_invoice" class="thickbox email_link page-title-action" data-order="<?php echo $order->id; ?>"><?php _e( 'Email', 'paid-memberships-pro' ); ?></a>
377	<?php } else { ?>
378	<h1 class="wp-heading-inline"><?php esc_html_e( 'New Order', 'paid-memberships-pro' ); ?></h1>
379	<?php } ?>
	@@ -401,7 +403,7 @@ if ( function_exists( 'pmpro_add_email_order_modal' ) ) {
401	<td>
402	<?php
403	if ( ! empty( $order->id ) ) {
404	- echo $order->id;
405	} else {
406	echo '<p class="description">' . __( 'This will be generated when you save.', 'paid-memberships-pro' ) . '</p>';
407	}
	@@ -414,14 +416,14 @@ if ( function_exists( 'pmpro_add_email_order_modal' ) ) {
414	<td>
415	<?php
416	if ( in_array( 'code', $read_only_fields ) ) {
417	- echo $order->code;
418	} else { ?>
419	<input id="code" name="code" type="text" value="<?php echo esc_attr( $order->code ); ?>" class="regular-text" />
420	<?php
421	}
422	?>
423	<?php if ( $order_id < 0 ) { ?>
424	- <p class="description"><?php _e( 'Randomly generated for you.', 'paid-memberships-pro' ); ?></p>
425	<?php } ?>
426	</td>
427	</tr>
	@@ -430,7 +432,7 @@ if ( function_exists( 'pmpro_add_email_order_modal' ) ) {
430	<td>
431	<?php
432	if ( in_array( 'user_id', $read_only_fields ) && $order_id > 0 ) {
433	- echo $order->user_id;
434	} else { ?>
435	<input id="user_id" name="user_id" type="text" value="<?php echo esc_attr( $order->user_id ); ?>" class="regular-text" />
436	<?php
	@@ -439,11 +441,11 @@ if ( function_exists( 'pmpro_add_email_order_modal' ) ) {
439	</td>
440	</tr>
441	<tr>
442	- <th scope="row" valign="top"><label for="membership_id"><?php _e( 'Membership Level ID', 'paid-memberships-pro' ); ?>:</label></th>
443	<td>
444	<?php
445	if ( in_array( 'membership_id', $read_only_fields ) && $order_id > 0 ) {
446	- echo $order->membership_id;
447	} else { ?>
448	<input id="membership_id" name="membership_id" type="text" value="<?php echo esc_attr( $order->membership_id ); ?>" class="regular-text" />
449	<?php
	@@ -452,12 +454,12 @@ if ( function_exists( 'pmpro_add_email_order_modal' ) ) {
452	</td>
453	</tr>
454	<tr>
455	- <th scope="row" valign="top"><label for="billing_name"><?php _e( 'Billing Name', 'paid-memberships-pro' ); ?>:</label>
456	</th>
457	<td>
458	<?php
459	if ( in_array( 'billing_name', $read_only_fields ) && $order_id > 0 ) {
460	- echo $order->billing_name;
461	} else {
462	?>
463	<input id="billing_name" name="billing_name" type="text" size="50"
	@@ -466,12 +468,12 @@ if ( function_exists( 'pmpro_add_email_order_modal' ) ) {
466	</td>
467	</tr>
468	<tr>
469	- <th scope="row" valign="top"><label for="billing_street"><?php _e( 'Billing Street', 'paid-memberships-pro' ); ?>
470	:</label></th>
471	<td>
472	<?php
473	if ( in_array( 'billing_street', $read_only_fields ) && $order_id > 0 ) {
474	- echo $order->billing_street;
475	} else {
476	?>
477	<input id="billing_street" name="billing_street" type="text" size="50"
	@@ -479,12 +481,12 @@ if ( function_exists( 'pmpro_add_email_order_modal' ) ) {
479	<?php } ?>
480	</tr>
481	<tr>
482	- <th scope="row" valign="top"><label for="billing_city"><?php _e( 'Billing City', 'paid-memberships-pro' ); ?>:</label>
483	</th>
484	<td>
485	<?php
486	if ( in_array( 'billing_city', $read_only_fields ) && $order_id > 0 ) {
487	- echo $order->billing_city;
488	} else {
489	?>
490	<input id="billing_city" name="billing_city" type="text" size="50"
	@@ -492,12 +494,12 @@ if ( function_exists( 'pmpro_add_email_order_modal' ) ) {
492	<?php } ?>
493	</tr>
494	<tr>
495	- <th scope="row" valign="top"><label for="billing_state"><?php _e( 'Billing State', 'paid-memberships-pro' ); ?>
496	:</label></th>
497	<td>
498	<?php
499	if ( in_array( 'billing_state', $read_only_fields ) && $order_id > 0 ) {
500	- echo $order->billing_state;
501	} else {
502	?>
503	<input id="billing_state" name="billing_state" type="text" size="50"
	@@ -505,12 +507,12 @@ if ( function_exists( 'pmpro_add_email_order_modal' ) ) {
505	<?php } ?>
506	</tr>
507	<tr>
508	- <th scope="row" valign="top"><label for="billing_zip"><?php _e( 'Billing Postal Code', 'paid-memberships-pro' ); ?>
509	:</label></th>
510	<td>
511	<?php
512	if ( in_array( 'billing_zip', $read_only_fields ) && $order_id > 0 ) {
513	- echo $order->billing_zip;
514	} else {
515	?>
516	<input id="billing_zip" name="billing_zip" type="text" size="50"
	@@ -518,12 +520,12 @@ if ( function_exists( 'pmpro_add_email_order_modal' ) ) {
518	<?php } ?>
519	</tr>
520	<tr>
521	- <th scope="row" valign="top"><label for="billing_country"><?php _e( 'Billing Country', 'paid-memberships-pro' ); ?>
522	:</label></th>
523	<td>
524	<?php
525	if ( in_array( 'billing_country', $read_only_fields ) && $order_id > 0 ) {
526	- echo $order->billing_country;
527	} else {
528	?>
529	<input id="billing_country" name="billing_country" type="text" size="50"
	@@ -532,12 +534,12 @@ if ( function_exists( 'pmpro_add_email_order_modal' ) ) {
532	</td>
533	</tr>
534	<tr>
535	- <th scope="row" valign="top"><label for="billing_phone"><?php _e( 'Billing Phone', 'paid-memberships-pro' ); ?>
536	:</label></th>
537	<td>
538	<?php
539	if ( in_array( 'billing_phone', $read_only_fields ) && $order_id > 0 ) {
540	- echo $order->billing_phone;
541	} else {
542	?>
543	<input id="billing_phone" name="billing_phone" type="text" size="50"
	@@ -562,7 +564,7 @@ if ( function_exists( 'pmpro_add_email_order_modal' ) ) {
562	$codes = $wpdb->get_results($sqlQuery, OBJECT);
563	if ( ! empty( $codes ) ) { ?>
564	<tr>
565	- <th scope="row" valign="top"><label for="discount_code_id"><?php _e( 'Discount Code', 'paid-memberships-pro' ); ?>:</label></th>
566	<td>
567	<?php
568	if ( in_array( 'discount_code_id', $read_only_fields ) && $order_id > 0 ) {
	@@ -588,7 +590,7 @@ if ( function_exists( 'pmpro_add_email_order_modal' ) ) {
588	<td>
589	<?php
590	if ( in_array( 'subtotal', $read_only_fields ) && $order_id > 0 ) {
591	- echo $order->subtotal;
592	} else {
593	?>
594	<input id="subtotal" name="subtotal" type="text" size="10"
	@@ -597,11 +599,11 @@ if ( function_exists( 'pmpro_add_email_order_modal' ) ) {
597	</td>
598	</tr>
599	<tr>
600	- <th scope="row" valign="top"><label for="tax"><?php _e( 'Tax', 'paid-memberships-pro' ); ?>:</label></th>
601	<td>
602	<?php
603	if ( in_array( 'tax', $read_only_fields ) && $order_id > 0 ) {
604	- echo $order->tax;
605	} else {
606	?>
607	<input id="tax" name="tax" type="text" size="10"
	@@ -610,86 +612,85 @@ if ( function_exists( 'pmpro_add_email_order_modal' ) ) {
610	</td>
611	</tr>
612	<tr>
613	- <th scope="row" valign="top"><label for="couponamount"><?php _e( 'Coupon Amount', 'paid-memberships-pro' ); ?>:</label>
614	</th>
615	<td>
616	<?php
617	if ( in_array( 'couponamount', $read_only_fields ) && $order_id > 0 ) {
618	- echo $order->couponamount;
619	} else {
620	- ?>
621	- <input id="couponamount" name="couponamount" type="text" size="10"
622	- value="<?php echo esc_attr( $order->couponamount ); ?>"/>
623	<?php } ?>
624	</td>
625	</tr>
626	<tr>
627	- <th scope="row" valign="top"><label for="total"><?php _e( 'Total', 'paid-memberships-pro' ); ?>:</label></th>
628	<td>
629	<?php
630	if ( in_array( 'total', $read_only_fields ) && $order_id > 0 ) {
631	- echo $order->total;
632	} else {
633	?>
634	<input id="total" name="total" type="text" size="10"
635	value="<?php echo esc_attr( $order->total ); ?>"/>
636	<?php } ?>
637	- <p class="description"><?php _e( 'Should be subtotal + tax - couponamount.', 'paid-memberships-pro' ); ?></p>
638	</td>
639	</tr>
640
641	<tr>
642	- <th scope="row" valign="top"><label for="payment_type"><?php _e( 'Payment Type', 'paid-memberships-pro' ); ?>:</label>
643	</th>
644	<td>
645	<?php
646	if ( in_array( 'payment_type', $read_only_fields ) && $order_id > 0 ) {
647	- echo $order->payment_type;
648	} else {
649	?>
650	<input id="payment_type" name="payment_type" type="text" size="50"
651	value="<?php echo esc_attr( $order->payment_type ); ?>"/>
652	<?php } ?>
653	- <p class="description"><?php _e( 'e.g. PayPal Express, PayPal Standard, Credit Card.', 'paid-memberships-pro' ); ?></p>
654	</td>
655	</tr>
656	<tr>
657	- <th scope="row" valign="top"><label for="cardtype"><?php _e( 'Card Type', 'paid-memberships-pro' ); ?></label></th>
658	<td>
659	<?php
660	if ( in_array( 'cardtype', $read_only_fields ) && $order_id > 0 ) {
661	- echo $order->cardtype;
662	} else {
663	?>
664	<input id="cardtype" name="cardtype" type="text" size="50"
665	value="<?php echo esc_attr( $order->cardtype ); ?>"/>
666	<?php } ?>
667	- <p class="description"><?php _e( 'e.g. Visa, MasterCard, AMEX, etc', 'paid-memberships-pro' ); ?></p>
668	</td>
669	</tr>
670	<tr>
671	- <th scope="row" valign="top"><label for="accountnumber"><?php _e( 'Account Number', 'paid-memberships-pro' ); ?>
672	:</label></th>
673	<td>
674	<?php
675	if ( in_array( 'accountnumber', $read_only_fields ) && $order_id > 0 ) {
676	- echo $order->accountnumber;
677	} else {
678	?>
679	<input id="accountnumber" name="accountnumber" type="text" size="50"
680	value="<?php echo esc_attr( $order->accountnumber ); ?>"/>
681	<?php } ?>
682	- <p class="description"><?php _e( 'Obscure all but last 4 digits.', 'paid-memberships-pro' ); ?></p>
683	</td>
684	</tr>
685	<?php
686	if ( in_array( 'ExpirationDate', $read_only_fields ) && $order_id > 0 ) {
687	- echo $order->ExpirationDate;
688	} else {
689	?>
690	<tr>
691	<th scope="row" valign="top"><label
692	- for="expirationmonth"><?php _e( 'Expiration Month', 'paid-memberships-pro' ); ?>:</label></th>
693	<td>
694	<input id="expirationmonth" name="expirationmonth" type="text" size="10"
695	value="<?php echo esc_attr( $order->expirationmonth ); ?>"/>
	@@ -697,7 +698,7 @@ if ( function_exists( 'pmpro_add_email_order_modal' ) ) {
697	</td>
698	</tr>
699	<tr>
700	- <th scope="row" valign="top"><label for="expirationyear"><?php _e( 'Expiration Year', 'paid-memberships-pro' ); ?>
701	:</label></th>
702	<td>
703	<input id="expirationyear" name="expirationyear" type="text" size="10"
	@@ -707,11 +708,11 @@ if ( function_exists( 'pmpro_add_email_order_modal' ) ) {
707	</tr>
708	<?php } ?>
709	<tr>
710	- <th scope="row" valign="top"><label for="status"><?php _e( 'Status', 'paid-memberships-pro' ); ?>:</label></th>
711	<td>
712	<?php
713	if ( in_array( 'status', $read_only_fields ) && $order_id > 0 ) {
714	- echo $order->status;
715	} else { ?>
716	<?php
717	$statuses = pmpro_getOrderStatuses();
	@@ -719,7 +720,7 @@ if ( function_exists( 'pmpro_add_email_order_modal' ) ) {
719	<select id="status" name="status">
720	<?php foreach ( $statuses as $status ) { ?>
721	<option
722	- value="<?php echo esc_attr( $status ); ?>" <?php selected( $order->status, $status ); ?>><?php echo $status; ?></option>
723	<?php } ?>
724	</select>
725	<?php
	@@ -729,47 +730,39 @@ if ( function_exists( 'pmpro_add_email_order_modal' ) ) {
729	</tr>
730
731	<tr>
732	- <th scope="row" valign="top"><label for="gateway"><?php _e( 'Gateway', 'paid-memberships-pro' ); ?>:</label></th>
733	<td>
734	<?php
735	if ( in_array( 'gateway', $read_only_fields ) && $order_id > 0 ) {
736	- echo $order->gateway;
737	} else {
738	- ?>
739	- <select id="gateway" name="gateway" onchange="pmpro_changeGateway(jQuery(this).val());">
740	- <?php
741	- $pmpro_gateways = pmpro_gateways();
742	- foreach ( $pmpro_gateways as $pmpro_gateway_name => $pmpro_gateway_label ) {
743	- ?>
744	- <option
745	- value="<?php echo esc_attr( $pmpro_gateway_name ); ?>" <?php selected( $order->gateway, $pmpro_gateway_name ); ?>><?php echo $pmpro_gateway_label; ?></option>
746	- <?php
747	- }
748	- ?>
749	- </select>
750	- <?php } ?>
751	</td>
752	</tr>
753	<tr>
754	<th scope="row" valign="top"><label
755	- for="gateway_environment"><?php _e( 'Gateway Environment', 'paid-memberships-pro' ); ?>:</label></th>
756	<td>
757	<?php
758	if ( in_array( 'gateway_environment', $read_only_fields ) && $order_id > 0 ) {
759	- echo $order->gateway_environment;
760	} else {
761	- ?>
762	- <select name="gateway_environment">
763	- <option value="sandbox"
764	- <?php
765	- if ( $order->gateway_environment == 'sandbox' ) {
766	?>
767	- ~~selected~~="~~selected~~"~~<?php } ?>><?php _e( 'Sandbox/Testing', 'paid-memberships-pro' ); ?></option~~>
768	- <option value="~~live~~"
769	- <?php
770	- if ( $order->gateway_environment == 'live' ) {
771	- ?>
772	- selected="selected"<?php } ?>><?php _e( 'Live/Production', 'paid-memberships-pro' ); ?></option>
773	</select>
774	<?php } ?>
775	</td>
	@@ -781,18 +774,18 @@ selected="selected"<?php } ?>><?php _e( 'Live/Production', 'paid-memberships-pro
781	<td>
782	<?php
783	if ( in_array( 'payment_transaction_id', $read_only_fields ) && $order_id > 0 ) {
784	- echo $order->payment_transaction_id;
785	} else {
786	?>
787	<input id="payment_transaction_id" name="payment_transaction_id" type="text" size="50"
788	value="<?php echo esc_attr( $order->payment_transaction_id ); ?>"/>
789	<?php } ?>
790	- <p class="description"><?php _e( 'Generated by the gateway. Useful to cross reference orders.', 'paid-memberships-pro' ); ?></p>
791	</td>
792	</tr>
793	<tr>
794	<th scope="row" valign="top"><label
795	- for="subscription_transaction_id"><?php _e( 'Subscription Transaction ID', 'paid-memberships-pro' ); ?>
796	:</label></th>
797	<td>
798	<?php
	@@ -803,43 +796,41 @@ selected="selected"<?php } ?>><?php _e( 'Live/Production', 'paid-memberships-pro
803	<input id="subscription_transaction_id" name="subscription_transaction_id" type="text" size="50"
804	value="<?php echo esc_attr( $order->subscription_transaction_id ); ?>"/>
805	<?php } ?>
806	- <p class="description"><?php _e( 'Generated by the gateway. Useful to cross reference subscriptions.', 'paid-memberships-pro' ); ?></p>
807	</td>
808	</tr>
809
810	<tr>
811	- <th scope="row" valign="top"><label for="ts_month"><?php _e( 'Date', 'paid-memberships-pro' ); ?>:</label></th>
812	<td>
813	<?php
814	if ( in_array( 'timestamp', $read_only_fields ) && $order_id > 0 ) {
815	- echo date_i18n( get_option( 'date_format' ) . ' ' . get_option( 'time_format' ), $order->timestamp );
816	} else {
817	- ?>
818	- ~~<?php~~
819	- // ~~set~~ ~~up date vars~~
820	- if ( ~~! empty( $order->timestamp ) )~~ {
821	- $timestamp = ~~$order->~~timestamp;
822	- } ~~else {~~
823	- ~~$timestamp = current_time( 'timestamp' );~~
824	- }
825	-
826	- $~~year~~ = date( 'Y', $timestamp );
827	- $~~month~~ = date( 'n', $timestamp );
828	- $~~day~~ = date( 'j', $timestamp );
829	- $~~hour~~ = date( 'H', $timestamp );
830	- ~~$minute = date( 'i', $timestamp );~~
831	- ~~$second~~ = ~~date( 's', $timestamp );~~
832	- ?>
833	- ~~<select~~ id=~~"ts_month"~~ ~~name="ts_month">~~
834	- ~~<?php~~
835	- ~~for~~ ( $i ~~= 1~~; $i < ~~13;~~ $i ++ ) {
836	- ?>
837	- <option ~~value="<?php echo esc_attr( $i ); ?>" <?php selected( $i, $month ); ?>>~~
838	- <?php ~~echo esc_html( date_i18n( 'F', mktime( 0, 0, 0, $i, 2 ) ) ); ?>~~
839	- ~~</option>~~
840	- ~~<?php~~
841	- }
842	- ?>
843	</select>
844	<input name="ts_day" type="text" size="2" value="<?php echo esc_attr( $day ); ?>"/>
845	<input name="ts_year" type="text" size="4" value="<?php echo esc_attr( $year ); ?>"/>
	@@ -855,30 +846,28 @@ selected="selected"<?php } ?>><?php _e( 'Live/Production', 'paid-memberships-pro
855	if ( ! empty( $affiliates ) ) {
856	?>
857	<tr>
858	- <th scope="row" valign="top"><label for="affiliate_id"><?php _e( 'Affiliate ID', 'paid-memberships-pro' ); ?>
859	:</label></th>
860	<td>
861	<?php
862	if ( in_array( 'affiliate_id', $read_only_fields ) && $order_id > 0 ) {
863	- echo $order->affiliate_id;
864	} else {
865	- ?>
866	- <input id="affiliate_id" name="affiliate_id" type="text" size="50"
867	- value="<?php echo esc_attr( $order->affiliate_id ); ?>"/>
868	<?php } ?>
869	</td>
870	</tr>
871	<tr>
872	- <th scope="row" valign="top"><label for="affiliate_subid"><?php _e( 'Affiliate SubID', 'paid-memberships-pro' ); ?>
873	:</label></th>
874	<td>
875	<?php
876	if ( in_array( 'affiliate_subid', $read_only_fields ) && $order_id > 0 ) {
877	- echo $order->affiliate_subid;
878	} else {
879	- ?>
880	- <input id="affiliate_subid" name="affiliate_subid" type="text" size="50"
881	- value="<?php echo esc_attr( $order->affiliate_subid ); ?>"/>
882	<?php } ?>
883	</td>
884	</tr>
	@@ -891,14 +880,13 @@ selected="selected"<?php } ?>><?php _e( 'Live/Production', 'paid-memberships-pro
891	if( !empty( $tospage_id ) \|\| !empty( $consent_entry ) ) {
892	?>
893	<tr>
894	- <th scope="row" valign="top"><label for="tos_consent"><?php _e( 'TOS Consent', 'paid-memberships-pro' ); ?>:</label></th>
895	<td id="tos_consent">
896	<?php
897	-
898	if( !empty( $consent_entry ) ) {
899	- echo pmpro_consent_to_text( $consent_entry );
900	} else {
901	- ~~echo __~~( 'N/A' );
902	}
903	?>
904	</td>
	@@ -906,17 +894,15 @@ selected="selected"<?php } ?>><?php _e( 'Live/Production', 'paid-memberships-pro
906	<?php
907	}
908	?>
909	-
910	<tr>
911	- <th scope="row" valign="top"><label for="notes"><?php _e( 'Notes', 'paid-memberships-pro' ); ?>:</label></th>
912	<td>
913	<?php
914	- if ( in_array( 'notes', $read_only_fields ) && $order_id > 0 ) {
915	- echo $order->notes;
916	} else {
917	- ?>
918	- <textarea id="notes" name="notes" rows="5"
919	- cols="80"><?php echo esc_textarea( $order->notes ); ?></textarea>
920	<?php } ?>
921	</td>
922	</tr>
	@@ -930,15 +916,15 @@ selected="selected"<?php } ?>><?php _e( 'Live/Production', 'paid-memberships-pro
930	<input name="order" type="hidden" value="
931	<?php
932	if ( ! empty( $order->id ) ) {
933	- echo $order->id;
934	} else {
935	- echo $order_id;
936	}
937	?>
938	"/>
939	- <input name="save" type="submit" class="button-primary" value="<?php _e( 'Save Order', 'paid-memberships-pro' ); ?>"/>
940	- <input name="cancel" type="button" class="cancel button-secondary" value="<?php _e( 'Cancel', 'paid-memberships-pro' ); ?>"
941	- onclick="location.href='<?php echo get_admin_url( null, '/admin.php?page=pmpro-orders' ); ?>';"/>
942	</p>
943
944	</form>
	@@ -948,7 +934,7 @@ selected="selected"<?php } ?>><?php _e( 'Live/Production', 'paid-memberships-pro
948	<form id="posts-filter" method="get" action="">
949
950	<h1 class="wp-heading-inline"><?php esc_html_e( 'Orders', 'paid-memberships-pro' ); ?></h1>
951	- <a href="<?php echo add_query_arg( array( 'page' => 'pmpro-orders', 'order' => -1 ), get_admin_url(null, 'admin.php' ) ); ?>" class="page-title-action"><?php esc_html_e( 'Add New Order', 'paid-memberships-pro' ); ?></a>
952
953	<?php
954	// build the export URL
	@@ -969,7 +955,7 @@ selected="selected"<?php } ?>><?php _e( 'Live/Production', 'paid-memberships-pro
969	);
970	$export_url = add_query_arg( $url_params, $export_url );
971	?>
972	- <a target="_blank" href="<?php echo $export_url; ?>" class="page-title-action"><?php _e( 'Export to CSV', 'paid-memberships-pro' ); ?></a>
973
974	<hr class="wp-header-end">
975
	@@ -989,31 +975,31 @@ selected="selected"<?php } ?>><?php _e( 'Live/Production', 'paid-memberships-pro
989
990	<ul class="subsubsub">
991	<li>
992	- <?php _e( 'Show', 'paid-memberships-pro' ); ?>
993	<select id="filter" name="filter">
994	- <option value="all" <?php selected( $filter, 'all' ); ?>><?php _e( 'All', 'paid-memberships-pro' ); ?></option>
995	<option
996	- value="within-a-date-range" <?php selected( $filter, 'within-a-date-range' ); ?>><?php _e( 'Within a Date Range', 'paid-memberships-pro' ); ?></option>
997	<option
998	- value="predefined-date-range" <?php selected( $filter, 'predefined-date-range' ); ?>><?php _e( 'Predefined Date Range', 'paid-memberships-pro' ); ?></option>
999	<option
1000	- value="within-a-level" <?php selected( $filter, 'within-a-level' ); ?>><?php _e( 'Within a Level', 'paid-memberships-pro' ); ?></option>
1001	<option
1002	- value="with-discount-code" <?php selected( $filter, 'with-discount-code' ); ?>><?php _e( 'With a Discount Code', 'paid-memberships-pro' ); ?></option>
1003	<option
1004	- value="within-a-status" <?php selected( $filter, 'within-a-status' ); ?>><?php _e( 'Within a Status', 'paid-memberships-pro' ); ?></option>
1005	<option
1006	- value="only-paid" <?php selected( $filter, 'only-paid' ); ?>><?php _e( 'Only Paid Orders', 'paid-memberships-pro' ); ?></option>
1007	<option
1008	- value="only-free" <?php selected( $filter, 'only-free' ); ?>><?php _e( 'Only Free Orders', 'paid-memberships-pro' ); ?></option>
1009
1010	<?php $custom_filters = apply_filters( 'pmpro_admin_orders_filters', array() ); ?>
1011	<?php foreach( $custom_filters as $value => $name ) { ?>
1012	- <option value="<?php ~~esc_attr_e~~( $value ); ?>" <?php selected( $filter, $value ); ?>><?php esc_html_e( $name ); ?></option>
1013	<?php } ?>
1014	</select>
1015
1016	- <span id="from"><?php _e( 'From', 'paid-memberships-pro' ); ?></span>
1017
1018	<select id="start-month" name="start-month">
1019	<?php for ( $i = 1; $i < 13; $i ++ ) { ?>
	@@ -1028,7 +1014,7 @@ selected="selected"<?php } ?>><?php _e( 'Live/Production', 'paid-memberships-pro
1028	value="<?php echo esc_attr( $start_year ); ?>"/>
1029
1030
1031	- <span id="to"><?php _e( 'To', 'paid-memberships-pro' ); ?></span>
1032
1033	<select id="end-month" name="end-month">
1034	<?php for ( $i = 1; $i < 13; $i ++ ) { ?>
	@@ -1041,18 +1027,18 @@ selected="selected"<?php } ?>><?php _e( 'Live/Production', 'paid-memberships-pro
1041	<input id='end-day' name="end-day" type="text" size="2" value="<?php echo esc_attr( $end_day ); ?>"/>
1042	<input id='end-year' name="end-year" type="text" size="4" value="<?php echo esc_attr( $end_year ); ?>"/>
1043
1044	- <span id="filterby"><?php _e( 'filter by ', 'paid-memberships-pro' ); ?></span>
1045
1046	<select id="predefined-date" name="predefined-date">
1047
1048	<option
1049	- value="<?php echo 'This Month'; ?>" <?php selected( $predefined_date, 'This Month' ); ?>><?php ~~echo~~ 'This Month'; ?></option>
1050	<option
1051	- value="<?php echo 'Last Month'; ?>" <?php selected( $predefined_date, 'Last Month' ); ?>><?php ~~echo~~ 'Last Month'; ?></option>
1052	<option
1053	- value="<?php echo 'This Year'; ?>" <?php selected( $predefined_date, 'This Year' ); ?>><?php ~~echo~~ 'This Year'; ?></option>
1054	<option
1055	- value="<?php echo 'Last Year'; ?>" <?php selected( $predefined_date, 'Last Year' ); ?>><?php ~~echo~~ 'Last Year'; ?></option>
1056
1057	</select>
1058
	@@ -1063,7 +1049,7 @@ selected="selected"<?php } ?>><?php _e( 'Live/Production', 'paid-memberships-pro
1063	<select id="l" name="l">
1064	<?php foreach ( $levels as $level ) { ?>
1065	<option
1066	- value="<?php echo $level->id; ?>" <?php selected( $l, $level->id ); ?>><?php echo $level->name; ?></option>
1067	<?php } ?>
1068
1069	</select>
	@@ -1076,7 +1062,7 @@ selected="selected"<?php } ?>><?php _e( 'Live/Production', 'paid-memberships-pro
1076	<select id="discount_code" name="discount_code">
1077	<?php foreach ( $codes as $code ) { ?>
1078	<option
1079	- value="<?php echo $code->id; ?>" <?php selected( $discount_code, $code->id ); ?>><?php echo $code->code; ?></option>
1080	<?php } ?>
1081	</select>
1082	<?php } ?>
	@@ -1087,11 +1073,11 @@ selected="selected"<?php } ?>><?php _e( 'Live/Production', 'paid-memberships-pro
1087	<select id="status" name="status">
1088	<?php foreach ( $statuses as $the_status ) { ?>
1089	<option
1090	- value="<?php echo esc_attr( $the_status ); ?>" <?php selected( $the_status, $status ); ?>><?php echo $the_status; ?></option>
1091	<?php } ?>
1092	</select>
1093
1094	- <input id="submit" class="button" type="submit" value="<?php _e( 'Filter', 'paid-memberships-pro' ); ?>"/>
1095	</li>
1096	</ul>
1097
	@@ -1225,10 +1211,10 @@ selected="selected"<?php } ?>><?php _e( 'Live/Production', 'paid-memberships-pro
1225	</script>
1226
1227	<p class="search-box">
1228	- <label class="hidden" for="post-search-input"><?php _e( 'Search Orders', 'paid-memberships-pro' ); ?>:</label>
1229	<input type="hidden" name="page" value="pmpro-orders"/>
1230	<input id="post-search-input" type="text" value="<?php echo esc_attr( $s ); ?>" name="s"/>
1231	- <input class="button" type="submit" value="<?php _e( 'Search Orders', 'paid-memberships-pro' ); ?>"/>
1232	</p>
1233
1234	<?php
	@@ -1276,7 +1262,7 @@ selected="selected"<?php } ?>><?php _e( 'Live/Production', 'paid-memberships-pro
1276	$fields = apply_filters( 'pmpro_orders_search_fields', $fields );
1277
1278	foreach ( $fields as $field ) {
1279	- $sqlQuery .= ' OR ' . $field . " LIKE '%" . esc_sql( $s ) . "%' ";
1280	}
1281	$sqlQuery .= ') ';
1282
	@@ -1308,18 +1294,18 @@ selected="selected"<?php } ?>><?php _e( 'Live/Production', 'paid-memberships-pro
1308	<table class="widefat">
1309	<thead>
1310	<tr class="thead">
1311	- <th><?php _e( 'ID', 'paid-memberships-pro' ); ?></th>
1312	- <th><?php _e( 'Code', 'paid-memberships-pro' ); ?></th>
1313	- <th><?php _e( 'Username', 'paid-memberships-pro' ); ?></th>
1314	<?php do_action( 'pmpro_orders_extra_cols_header', $order_ids ); ?>
1315	- <th><?php _e( 'Level', 'paid-memberships-pro' ); ?></th>
1316	- <th><?php _e( 'Total', 'paid-memberships-pro' ); ?></th>
1317	- <th><?php _e( 'Payment', 'paid-memberships-pro' ); ?></th>
1318	- <th><?php _e( 'Gateway', 'paid-memberships-pro' ); ?></th>
1319	- <th><?php _e( 'Transaction IDs', 'paid-memberships-pro' ); ?></th>
1320	- <th><?php _e( 'Status', 'paid-memberships-pro' ); ?></th>
1321	- <th><?php _e( 'Date', 'paid-memberships-pro' ); ?></th>
1322	- <th><?php _e( 'Discount Code', 'paid-memberships-pro' );?></th>
1323	</tr>
1324	</thead>
1325	<tbody id="orders" class="list:order orders-list">
	@@ -1331,33 +1317,31 @@ selected="selected"<?php } ?>><?php _e( 'Live/Production', 'paid-memberships-pro
1331	$order->getMemberOrderByID( $order_id );
1332	$order->getUser();
1333	?>
1334	- <tr
1335	- <?php
1336	- if ( $count ++ % 2 == 0 ) {
1337	- ?>
1338	- class="alternate"<?php } ?>>
1339	<td>
1340	- <a href="admin.php?page=pmpro-orders&order=<?php echo $order->id; ?>"><?php echo $order->id; ?></a>
1341	</td>
1342	<td class="order_code column-order_code has-row-actions">
1343	- <a href="admin.php?page=pmpro-orders&order=<?php echo $order->id; ?>"><?php echo $order->code; ?></a>
1344	<br />
1345	<div class="row-actions">
1346	<span class="edit">
1347	- <a title="<?php _e( 'Edit', 'paid-memberships-pro' ); ?>" href="<?php echo add_query_arg( array( 'page' => 'pmpro-orders', 'order' => $order->id ), admin_url('admin.php' ) ); ?>"><?php _e( 'Edit', 'paid-memberships-pro' ); ?></a>
1348	</span> \|
1349	<span class="copy">
1350	- <a title="<?php _e( 'Copy', 'paid-memberships-pro' ); ?>" href="<?php echo add_query_arg( array( 'page' => 'pmpro-orders', 'order' => '-1', 'copy' => $order->id ), admin_url('admin.php' ) ); ?>"><?php _e( 'Copy', 'paid-memberships-pro' ); ?></a>
1351	</span> \|
1352	<span class="delete">
1353	- <a href="javascript:pmpro_askfirst('<?php echo str_replace( "'", "\'", sprintf( __( 'Deleting orders is permanent and can affect active users. Are you sure you want to delete order %s?', 'paid-memberships-pro' ), str_replace( "'", '', $order->code ) ) ); ?>', 'admin.php?page=pmpro-orders&delete=<?php echo $order->id; ?>'); void(0);"><?php _e( 'Delete', 'paid-memberships-pro' ); ?></a>

1354	</span> \|
1355	<span class="print">
1356	- <a target="_blank" title="<?php _e( 'Print', 'paid-memberships-pro' ); ?>" href="<?php echo add_query_arg( array( 'action' => 'pmpro_orders_print_view', 'order' => $order->id ), admin_url('admin-ajax.php' ) ); ?>"><?php _e( 'Print', 'paid-memberships-pro' ); ?></a>
1357	</span> \|
1358	<span class="email">
1359	<a href="#TB_inline?width=600&height=200&inlineId=email_invoice" class="thickbox email_link"
1360	- data-order="<?php echo $order->id; ?>"><?php _e( 'Email', 'paid-memberships-pro' ); ?></a>
1361	</span>
1362	<?php
1363	// Set up the hover actions for this user
	@@ -1369,7 +1353,7 @@ class="alternate"<?php } ?>>
1369	foreach ( $actions as $action => $link ) {
1370	++ $i;
1371	( $i == $action_count ) ? $sep = '' : $sep = ' \| ';
1372	- $out .= "<span class='$action'>$link$sep</span>";
1373	}
1374	echo $out;
1375	}
	@@ -1379,11 +1363,11 @@ class="alternate"<?php } ?>>
1379	<td class="username column-username">
1380	<?php $order->getUser(); ?>
1381	<?php if ( ! empty( $order->user ) ) { ?>
1382	- <a href="user-edit.php?user_id=<?php echo $order->user->ID; ?>"><?php echo $order->user->user_login; ?></a>
1383	<?php } elseif ( $order->user_id > 0 ) { ?>
1384	- [<?php _e( 'deleted', 'paid-memberships-pro' ); ?>]
1385	<?php } else { ?>
1386	- [<?php _e( 'none', 'paid-memberships-pro' ); ?>]
1387	<?php } ?>
1388	</td>
1389	<?php do_action( 'pmpro_orders_extra_cols_body', $order ); ?>
	@@ -1391,80 +1375,80 @@ class="alternate"<?php } ?>>
1391	<?php
1392	$level = pmpro_getLevel( $order->membership_id );
1393	if ( ! empty( $level ) ) {
1394	- echo $level->name;
1395	} elseif ( $order->membership_id > 0 ) { ?>
1396	- [<?php _e( 'deleted', 'paid-memberships-pro' ); ?>]
1397	<?php } else { ?>
1398	- [<?php _e( 'none', 'paid-memberships-pro' ); ?>]
1399	<?php }
1400	?>
1401	</td>
1402	- <td><?php echo pmpro_formatPrice( $order->total ); ?></td>
1403	<td>
1404	<?php
1405	if ( ! empty( $order->payment_type ) ) {
1406	- echo $order->payment_type . '<br />';
1407	}
1408	?>
1409	<?php if ( ! empty( $order->accountnumber ) ) { ?>
1410	- <?php echo $order->cardtype; ?>: x<?php echo last4( $order->accountnumber ); ?><br/>
1411	<?php } ?>
1412	<?php if ( ! empty( $order->billing->name ) ) { ?>
1413	- <?php echo $order->billing->name; ?><br/>
1414	<?php } ?>
1415	<?php if ( ! empty( $order->billing->street ) ) { ?>
1416	- <?php echo $order->billing->street; ?><br/>
1417	<?php if ( $order->billing->city && $order->billing->state ) { ?>
1418	- <?php echo $order->billing->city; ?>, <?php echo $order->billing->state; ?><?php echo $order->billing->zip; ?>
1419	- <?php
1420	- if ( ! empty( $order->billing->country ) ) {
1421	- echo $order->billing->country; }
1422	?>
1423	<br/>
1424	<?php } ?>
1425	<?php } ?>
1426	<?php
1427	if ( ! empty( $order->billing->phone ) ) {
1428	- echo formatPhone( $order->billing->phone );
1429	}
1430	?>
1431	</td>
1432	<td><?php echo $order->gateway; ?>
1433	- <?php
1434	- if ( $order->gateway_environment == 'test' ) {
1435	- echo '(test)';
1436	- }
1437	?>
1438	- </td>
1439	<td>
1440	- <?php _e( 'Payment', 'paid-memberships-pro' ); ?>:
1441	- <?php
1442	- if ( ! empty( $order->payment_transaction_id ) ) {
1443	- echo $order->payment_transaction_id;
1444	- } else {
1445	- _e( 'N/A', 'paid-memberships-pro' );
1446	- }
1447	?>
1448	<br/>
1449	- <?php _e( 'Subscription', 'paid-memberships-pro' ); ?>
1450	:
1451	<?php
1452	if ( ! empty( $order->subscription_transaction_id ) ) {
1453	- echo $order->subscription_transaction_id;
1454	} else {
1455	- _e( 'N/A', 'paid-memberships-pro' );
1456	}
1457	?>
1458	</td>
1459	- <td><?php echo $order->status; ?></td>
1460	<td>
1461	- <?php echo date_i18n( get_option( 'date_format' ), $order->timestamp ); ?><br/>
1462	- <?php echo date_i18n( get_option( 'time_format' ), $order->timestamp ); ?>
1463	</td>
1464	<td>
1465	<?php if ( $order->getDiscountCode() ) { ?>
1466	- <a title="<?php _e('edit', 'paid-memberships-pro' ); ?>" href="<?php echo add_query_arg( array( 'page' => 'pmpro-discountcodes', 'edit' => $order->discount_code->id ), admin_url('admin.php' ) ); ?>">
1467	- <?php echo $order->discount_code->code; ?>
1468	</a>
1469	<?php } ?>
1470	</td>
	@@ -1475,7 +1459,7 @@ class="alternate"<?php } ?>>
1475	if ( ! $order_ids ) {
1476	?>
1477	<tr>
1478	- <td colspan="9"><p><?php _e( 'No orders found.', 'paid-memberships-pro' ); ?></p></td>
1479	</tr>
1480	<?php
1481	}
	@@ -1485,7 +1469,7 @@ class="alternate"<?php } ?>>
1485	</form>
1486	<?php
1487	// add normal args
1488	- $pagination_url = add_query_arg( $url_params, get_admin_url( null, '/admin.php?page=pmpro-orders' ) );
1489	echo pmpro_getPaginationString( $pn, $totalrows, $limit, 1, $pagination_url, "&limit=$limit&pn=" );
1490	?>
1491


291
292	// save
293	if ( $order->saveOrder() !== false && $nonceokay ) {
294	+ $order_id = $order->id;
295	+



296	// handle timestamp
297	if ( $order->updateTimestamp( intval( $_POST['ts_year'] ), intval( $_POST['ts_month'] ), intval( $_POST['ts_day'] ), intval( $_POST['ts_hour'] ) . ':' . intval( $_POST['ts_minute'] ) . ':00' ) !== false ) {
298	$pmpro_msg = __( 'Order saved successfully.', 'paid-memberships-pro' );

305	$pmpro_msg = __( 'Error saving order.', 'paid-memberships-pro' );
306	$pmpro_msgt = 'error';
307	}
308	+
309	+ // also update the discount code if needed
310	+ if( isset( $_REQUEST['discount_code_id'] ) ) {
311	+ $order->updateDiscountCode( intval( $_REQUEST['discount_code_id'] ) );
312	+ }
313	} else {
314	// order passed?
315	if ( ! empty( $_REQUEST['order'] ) ) {

373	<?php if ( ! empty( $order ) ) { ?>
374
375	<?php if ( ! empty( $order->id ) ) { ?>
376	+ <h1 class="wp-heading-inline"><?php esc_html_e( 'Order', 'paid-memberships-pro' ); ?> #<?php echo esc_html( $order->id ); ?>: <?php echo esc_html( $order->code ); ?></h1>
377	+ <a title="<?php esc_attr_e( 'Print', 'paid-memberships-pro' ); ?>" href="<?php echo esc_url( add_query_arg( array( 'action' => 'pmpro_orders_print_view', 'order' => $order->id ), admin_url( 'admin-ajax.php' ) ) ); ?>" class="page-title-action" target="_blank" ><?php esc_html_e( 'Print', 'paid-memberships-pro' ); ?></a>
378	+ <a title="<?php esc_attr_e( 'Email', 'paid-memberships-pro' ); ?>" href="#TB_inline?width=600&height=200&inlineId=email_invoice" class="thickbox email_link page-title-action" data-order="<?php echo esc_html( $order->id ); ?>"><?php esc_html_e( 'Email', 'paid-memberships-pro' ); ?></a>
379	<?php } else { ?>
380	<h1 class="wp-heading-inline"><?php esc_html_e( 'New Order', 'paid-memberships-pro' ); ?></h1>
381	<?php } ?>

403	<td>
404	<?php
405	if ( ! empty( $order->id ) ) {
406	+ echo esc_html( $order->id );
407	} else {
408	echo '<p class="description">' . __( 'This will be generated when you save.', 'paid-memberships-pro' ) . '</p>';
409	}

416	<td>
417	<?php
418	if ( in_array( 'code', $read_only_fields ) ) {
419	+ echo esc_html( $order->code );
420	} else { ?>
421	<input id="code" name="code" type="text" value="<?php echo esc_attr( $order->code ); ?>" class="regular-text" />
422	<?php
423	}
424	?>
425	<?php if ( $order_id < 0 ) { ?>
426	+ <p class="description"><?php esc_html_e( 'Randomly generated for you.', 'paid-memberships-pro' ); ?></p>
427	<?php } ?>
428	</td>
429	</tr>

432	<td>
433	<?php
434	if ( in_array( 'user_id', $read_only_fields ) && $order_id > 0 ) {
435	+ echo esc_html( $order->user_id );
436	} else { ?>
437	<input id="user_id" name="user_id" type="text" value="<?php echo esc_attr( $order->user_id ); ?>" class="regular-text" />
438	<?php

441	</td>
442	</tr>
443	<tr>
444	+ <th scope="row" valign="top"><label for="membership_id"><?php esc_html_e( 'Membership Level ID', 'paid-memberships-pro' ); ?>:</label></th>
445	<td>
446	<?php
447	if ( in_array( 'membership_id', $read_only_fields ) && $order_id > 0 ) {
448	+ echo esc_html( $order->membership_id );
449	} else { ?>
450	<input id="membership_id" name="membership_id" type="text" value="<?php echo esc_attr( $order->membership_id ); ?>" class="regular-text" />
451	<?php

454	</td>
455	</tr>
456	<tr>
457	+ <th scope="row" valign="top"><label for="billing_name"><?php esc_html_e( 'Billing Name', 'paid-memberships-pro' ); ?>:</label>
458	</th>
459	<td>
460	<?php
461	if ( in_array( 'billing_name', $read_only_fields ) && $order_id > 0 ) {
462	+ echo esc_html( $order->billing_name );
463	} else {
464	?>
465	<input id="billing_name" name="billing_name" type="text" size="50"

468	</td>
469	</tr>
470	<tr>
471	+ <th scope="row" valign="top"><label for="billing_street"><?php esc_html_e( 'Billing Street', 'paid-memberships-pro' ); ?>
472	:</label></th>
473	<td>
474	<?php
475	if ( in_array( 'billing_street', $read_only_fields ) && $order_id > 0 ) {
476	+ echo esc_html( $order->billing_street );
477	} else {
478	?>
479	<input id="billing_street" name="billing_street" type="text" size="50"

481	<?php } ?>
482	</tr>
483	<tr>
484	+ <th scope="row" valign="top"><label for="billing_city"><?php esc_html_e( 'Billing City', 'paid-memberships-pro' ); ?>:</label>
485	</th>
486	<td>
487	<?php
488	if ( in_array( 'billing_city', $read_only_fields ) && $order_id > 0 ) {
489	+ echo esc_html( $order->billing_city );
490	} else {
491	?>
492	<input id="billing_city" name="billing_city" type="text" size="50"

494	<?php } ?>
495	</tr>
496	<tr>
497	+ <th scope="row" valign="top"><label for="billing_state"><?php esc_html_e( 'Billing State', 'paid-memberships-pro' ); ?>
498	:</label></th>
499	<td>
500	<?php
501	if ( in_array( 'billing_state', $read_only_fields ) && $order_id > 0 ) {
502	+ echo esc_html( $order->billing_state );
503	} else {
504	?>
505	<input id="billing_state" name="billing_state" type="text" size="50"

507	<?php } ?>
508	</tr>
509	<tr>
510	+ <th scope="row" valign="top"><label for="billing_zip"><?php esc_html_e( 'Billing Postal Code', 'paid-memberships-pro' ); ?>
511	:</label></th>
512	<td>
513	<?php
514	if ( in_array( 'billing_zip', $read_only_fields ) && $order_id > 0 ) {
515	+ echo esc_html( $order->billing_zip );
516	} else {
517	?>
518	<input id="billing_zip" name="billing_zip" type="text" size="50"

520	<?php } ?>
521	</tr>
522	<tr>
523	+ <th scope="row" valign="top"><label for="billing_country"><?php esc_html_e( 'Billing Country', 'paid-memberships-pro' ); ?>
524	:</label></th>
525	<td>
526	<?php
527	if ( in_array( 'billing_country', $read_only_fields ) && $order_id > 0 ) {
528	+ echo esc_html( $order->billing_country );
529	} else {
530	?>
531	<input id="billing_country" name="billing_country" type="text" size="50"

534	</td>
535	</tr>
536	<tr>
537	+ <th scope="row" valign="top"><label for="billing_phone"><?php esc_html_e( 'Billing Phone', 'paid-memberships-pro' ); ?>
538	:</label></th>
539	<td>
540	<?php
541	if ( in_array( 'billing_phone', $read_only_fields ) && $order_id > 0 ) {
542	+ echo esc_html( $order->billing_phone );
543	} else {
544	?>
545	<input id="billing_phone" name="billing_phone" type="text" size="50"

564	$codes = $wpdb->get_results($sqlQuery, OBJECT);
565	if ( ! empty( $codes ) ) { ?>
566	<tr>
567	+ <th scope="row" valign="top"><label for="discount_code_id"><?php esc_html_e( 'Discount Code', 'paid-memberships-pro' ); ?>:</label></th>
568	<td>
569	<?php
570	if ( in_array( 'discount_code_id', $read_only_fields ) && $order_id > 0 ) {

590	<td>
591	<?php
592	if ( in_array( 'subtotal', $read_only_fields ) && $order_id > 0 ) {
593	+ echo esc_html( $order->subtotal );
594	} else {
595	?>
596	<input id="subtotal" name="subtotal" type="text" size="10"

599	</td>
600	</tr>
601	<tr>
602	+ <th scope="row" valign="top"><label for="tax"><?php esc_html_e( 'Tax', 'paid-memberships-pro' ); ?>:</label></th>
603	<td>
604	<?php
605	if ( in_array( 'tax', $read_only_fields ) && $order_id > 0 ) {
606	+ echo esc_html( $order->tax );
607	} else {
608	?>
609	<input id="tax" name="tax" type="text" size="10"

612	</td>
613	</tr>
614	<tr>
615	+ <th scope="row" valign="top"><label for="couponamount"><?php esc_html_e( 'Coupon Amount', 'paid-memberships-pro' ); ?>:</label>
616	</th>
617	<td>
618	<?php
619	if ( in_array( 'couponamount', $read_only_fields ) && $order_id > 0 ) {
620	+ echo esc_html( $order->couponamount );
621	} else {
622	+ ?>
623	+ <input id="couponamount" name="couponamount" type="text" size="10" value="<?php echo esc_attr( $order->couponamount ); ?>"/>

624	<?php } ?>
625	</td>
626	</tr>
627	<tr>
628	+ <th scope="row" valign="top"><label for="total"><?php esc_html_e( 'Total', 'paid-memberships-pro' ); ?>:</label></th>
629	<td>
630	<?php
631	if ( in_array( 'total', $read_only_fields ) && $order_id > 0 ) {
632	+ echo esc_html( $order->total );
633	} else {
634	?>
635	<input id="total" name="total" type="text" size="10"
636	value="<?php echo esc_attr( $order->total ); ?>"/>
637	<?php } ?>
638	+ <p class="description"><?php esc_html_e( 'Should be subtotal + tax - couponamount.', 'paid-memberships-pro' ); ?></p>
639	</td>
640	</tr>
641
642	<tr>
643	+ <th scope="row" valign="top"><label for="payment_type"><?php esc_html_e( 'Payment Type', 'paid-memberships-pro' ); ?>:</label>
644	</th>
645	<td>
646	<?php
647	if ( in_array( 'payment_type', $read_only_fields ) && $order_id > 0 ) {
648	+ echo esc_html( $order->payment_type );
649	} else {
650	?>
651	<input id="payment_type" name="payment_type" type="text" size="50"
652	value="<?php echo esc_attr( $order->payment_type ); ?>"/>
653	<?php } ?>
654	+ <p class="description"><?php esc_html_e( 'e.g. PayPal Express, PayPal Standard, Credit Card.', 'paid-memberships-pro' ); ?></p>
655	</td>
656	</tr>
657	<tr>
658	+ <th scope="row" valign="top"><label for="cardtype"><?php esc_html_e( 'Card Type', 'paid-memberships-pro' ); ?></label></th>
659	<td>
660	<?php
661	if ( in_array( 'cardtype', $read_only_fields ) && $order_id > 0 ) {
662	+ echo esc_html( $order->cardtype );
663	} else {
664	?>
665	<input id="cardtype" name="cardtype" type="text" size="50"
666	value="<?php echo esc_attr( $order->cardtype ); ?>"/>
667	<?php } ?>
668	+ <p class="description"><?php esc_html_e( 'e.g. Visa, MasterCard, AMEX, etc', 'paid-memberships-pro' ); ?></p>
669	</td>
670	</tr>
671	<tr>
672	+ <th scope="row" valign="top"><label for="accountnumber"><?php esc_html_e( 'Account Number', 'paid-memberships-pro' ); ?>
673	:</label></th>
674	<td>
675	<?php
676	if ( in_array( 'accountnumber', $read_only_fields ) && $order_id > 0 ) {
677	+ echo esc_html( $order->accountnumber );
678	} else {
679	?>
680	<input id="accountnumber" name="accountnumber" type="text" size="50"
681	value="<?php echo esc_attr( $order->accountnumber ); ?>"/>
682	<?php } ?>
683	+ <p class="description"><?php esc_html_e( 'Obscure all but last 4 digits.', 'paid-memberships-pro' ); ?></p>
684	</td>
685	</tr>
686	<?php
687	if ( in_array( 'ExpirationDate', $read_only_fields ) && $order_id > 0 ) {
688	+ echo esc_html( $order->ExpirationDate );
689	} else {
690	?>
691	<tr>
692	<th scope="row" valign="top"><label
693	+ for="expirationmonth"><?php esc_html_e( 'Expiration Month', 'paid-memberships-pro' ); ?>:</label></th>
694	<td>
695	<input id="expirationmonth" name="expirationmonth" type="text" size="10"
696	value="<?php echo esc_attr( $order->expirationmonth ); ?>"/>

698	</td>
699	</tr>
700	<tr>
701	+ <th scope="row" valign="top"><label for="expirationyear"><?php esc_html_e( 'Expiration Year', 'paid-memberships-pro' ); ?>
702	:</label></th>
703	<td>
704	<input id="expirationyear" name="expirationyear" type="text" size="10"

708	</tr>
709	<?php } ?>
710	<tr>
711	+ <th scope="row" valign="top"><label for="status"><?php esc_html_e( 'Status', 'paid-memberships-pro' ); ?>:</label></th>
712	<td>
713	<?php
714	if ( in_array( 'status', $read_only_fields ) && $order_id > 0 ) {
715	+ echo esc_html( $order->status );
716	} else { ?>
717	<?php
718	$statuses = pmpro_getOrderStatuses();

720	<select id="status" name="status">
721	<?php foreach ( $statuses as $status ) { ?>
722	<option
723	+ value="<?php echo esc_attr( $status ); ?>" <?php selected( $order->status, $status ); ?>><?php echo esc_html( $status ); ?></option>
724	<?php } ?>
725	</select>
726	<?php

730	</tr>
731
732	<tr>
733	+ <th scope="row" valign="top"><label for="gateway"><?php esc_html_e( 'Gateway', 'paid-memberships-pro' ); ?>:</label></th>
734	<td>
735	<?php
736	if ( in_array( 'gateway', $read_only_fields ) && $order_id > 0 ) {
737	+ echo esc_html( $order->gateway );
738	} else {
739	+ ?>
740	+ <select id="gateway" name="gateway" onchange="pmpro_changeGateway(jQuery(this).val());">
741	+ <?php
742	+ $pmpro_gateways = pmpro_gateways();
743	+ foreach ( $pmpro_gateways as $pmpro_gateway_name => $pmpro_gateway_label ) {
744	+ ?>
745	+ <option
746	+ value="<?php echo esc_attr( $pmpro_gateway_name ); ?>" <?php selected( $order->gateway, $pmpro_gateway_name ); ?>><?php echo esc_html( $pmpro_gateway_label ); ?></option>
747	+ <?php
748	+ }
749	+ ?>
750	+ </select>
751	+ <?php } ?>
752	</td>
753	</tr>
754	<tr>
755	<th scope="row" valign="top"><label
756	+ for="gateway_environment"><?php esc_html_e( 'Gateway Environment', 'paid-memberships-pro' ); ?>:</label></th>
757	<td>
758	<?php
759	if ( in_array( 'gateway_environment', $read_only_fields ) && $order_id > 0 ) {
760	+ echo esc_html( $order->gateway_environment );
761	} else {





762	?>
763	+ <select name="gateway_environment">
764	+ <option value="sandbox" <?php if ( $order->gateway_environment == 'sandbox' ) { ?>selected="selected"<?php } ?>><?php esc_html_e( 'Sandbox/Testing', 'paid-memberships-pro' ); ?></option>
765	+ <option value="live" <?php if ( $order->gateway_environment == 'live' ) { ?>selected="selected"<?php } ?>><?php esc_html_e( 'Live/Production', 'paid-memberships-pro' ); ?></option>



766	</select>
767	<?php } ?>
768	</td>

774	<td>
775	<?php
776	if ( in_array( 'payment_transaction_id', $read_only_fields ) && $order_id > 0 ) {
777	+ echo esc_html( $order->payment_transaction_id );
778	} else {
779	?>
780	<input id="payment_transaction_id" name="payment_transaction_id" type="text" size="50"
781	value="<?php echo esc_attr( $order->payment_transaction_id ); ?>"/>
782	<?php } ?>
783	+ <p class="description"><?php esc_html_e( 'Generated by the gateway. Useful to cross reference orders.', 'paid-memberships-pro' ); ?></p>
784	</td>
785	</tr>
786	<tr>
787	<th scope="row" valign="top"><label
788	+ for="subscription_transaction_id"><?php esc_html_e( 'Subscription Transaction ID', 'paid-memberships-pro' ); ?>
789	:</label></th>
790	<td>
791	<?php

796	<input id="subscription_transaction_id" name="subscription_transaction_id" type="text" size="50"
797	value="<?php echo esc_attr( $order->subscription_transaction_id ); ?>"/>
798	<?php } ?>
799	+ <p class="description"><?php esc_html_e( 'Generated by the gateway. Useful to cross reference subscriptions.', 'paid-memberships-pro' ); ?></p>
800	</td>
801	</tr>
802
803	<tr>
804	+ <th scope="row" valign="top"><label for="ts_month"><?php esc_html_e( 'Date', 'paid-memberships-pro' ); ?>:</label></th>
805	<td>
806	<?php
807	if ( in_array( 'timestamp', $read_only_fields ) && $order_id > 0 ) {
808	+ echo esc_html( date_i18n( get_option( 'date_format' ) . ' ' . get_option( 'time_format' ), $order->timestamp ) );
809	} else {
810	+ // set up date vars
811	+ if ( ! empty( $order->timestamp ) ) {
812	+ $timestamp = $order->timestamp;
813	+ } else {
814	+ $timestamp = current_time( 'timestamp' );
815	+ }
816	+
817	+ $year = date( 'Y', $timestamp );
818	+ $month = date( 'n', $timestamp );
819	+ $day = date( 'j', $timestamp );
820	+ $hour = date( 'H', $timestamp );
821	+ $minute = date( 'i', $timestamp );
822	+ $second = date( 's', $timestamp );
823	+ ?>
824	+ <select id="ts_month" name="ts_month">
825	+ <?php
826	+ for ( $i = 1; $i < 13; $i ++ ) {
827	+ ?>
828	+ <option value="<?php echo esc_attr( $i ); ?>" <?php selected( $i, $month ); ?>>
829	+ <?php echo esc_html( date_i18n( 'F', mktime( 0, 0, 0, $i, 2 ) ) ); ?>
830	+ </option>
831	+ <?php
832	+ }
833	+ ?>


834	</select>
835	<input name="ts_day" type="text" size="2" value="<?php echo esc_attr( $day ); ?>"/>
836	<input name="ts_year" type="text" size="4" value="<?php echo esc_attr( $year ); ?>"/>

846	if ( ! empty( $affiliates ) ) {
847	?>
848	<tr>
849	+ <th scope="row" valign="top"><label for="affiliate_id"><?php esc_html_e( 'Affiliate ID', 'paid-memberships-pro' ); ?>
850	:</label></th>
851	<td>
852	<?php
853	if ( in_array( 'affiliate_id', $read_only_fields ) && $order_id > 0 ) {
854	+ echo esc_html( $order->affiliate_id );
855	} else {
856	+ ?>
857	+ <input id="affiliate_id" name="affiliate_id" type="text" size="50" value="<?php echo esc_attr( $order->affiliate_id ); ?>"/>

858	<?php } ?>
859	</td>
860	</tr>
861	<tr>
862	+ <th scope="row" valign="top"><label for="affiliate_subid"><?php esc_html_e( 'Affiliate SubID', 'paid-memberships-pro' ); ?>
863	:</label></th>
864	<td>
865	<?php
866	if ( in_array( 'affiliate_subid', $read_only_fields ) && $order_id > 0 ) {
867	+ echo esc_html( $order->affiliate_subid );
868	} else {
869	+ ?>
870	+ <input id="affiliate_subid" name="affiliate_subid" type="text" size="50" value="<?php echo esc_attr( $order->affiliate_subid ); ?>"/>

871	<?php } ?>
872	</td>
873	</tr>

880	if( !empty( $tospage_id ) \|\| !empty( $consent_entry ) ) {
881	?>
882	<tr>
883	+ <th scope="row" valign="top"><label for="tos_consent"><?php esc_html_e( 'TOS Consent', 'paid-memberships-pro' ); ?>:</label></th>
884	<td id="tos_consent">
885	<?php

886	if( !empty( $consent_entry ) ) {
887	+ echo esc_html( pmpro_consent_to_text( $consent_entry ) );
888	} else {
889	+ esc_html_e( 'N/A' );
890	}
891	?>
892	</td>

894	<?php
895	}
896	?>

897	<tr>
898	+ <th scope="row" valign="top"><label for="notes"><?php esc_html_e( 'Notes', 'paid-memberships-pro' ); ?>:</label></th>
899	<td>
900	<?php
901	+ if ( in_array( 'notes', $read_only_fields ) && $order_id > 0 ) {
902	+ echo wp_kses_post( $order->notes );
903	} else {
904	+ ?>
905	+ <textarea id="notes" name="notes" rows="5" cols="80"><?php echo esc_textarea( $order->notes ); ?></textarea>

906	<?php } ?>
907	</td>
908	</tr>

916	<input name="order" type="hidden" value="
917	<?php
918	if ( ! empty( $order->id ) ) {
919	+ echo esc_html( $order->id );
920	} else {
921	+ echo esc_html( $order_id );
922	}
923	?>
924	"/>
925	+ <input name="save" type="submit" class="button-primary" value="<?php esc_attr_e( 'Save Order', 'paid-memberships-pro' ); ?>"/>
926	+ <input name="cancel" type="button" class="cancel button-secondary" value="<?php esc_attr_e( 'Cancel', 'paid-memberships-pro' ); ?>"
927	+ onclick="location.href='<?php echo esc_url( get_admin_url( null, '/admin.php?page=pmpro-orders' ) ); ?>';"/>
928	</p>
929
930	</form>

934	<form id="posts-filter" method="get" action="">
935
936	<h1 class="wp-heading-inline"><?php esc_html_e( 'Orders', 'paid-memberships-pro' ); ?></h1>
937	+ <a href="<?php echo esc_url( add_query_arg( array( 'page' => 'pmpro-orders', 'order' => -1 ), get_admin_url(null, 'admin.php' ) ) ); ?>" class="page-title-action"><?php esc_html_e( 'Add New Order', 'paid-memberships-pro' ); ?></a>
938
939	<?php
940	// build the export URL

955	);
956	$export_url = add_query_arg( $url_params, $export_url );
957	?>
958	+ <a target="_blank" href="<?php echo esc_url( $export_url ); ?>" class="page-title-action"><?php esc_html_e( 'Export to CSV', 'paid-memberships-pro' ); ?></a>
959
960	<hr class="wp-header-end">
961

975
976	<ul class="subsubsub">
977	<li>
978	+ <?php esc_html_e( 'Show', 'paid-memberships-pro' ); ?>
979	<select id="filter" name="filter">
980	+ <option value="all" <?php selected( $filter, 'all' ); ?>><?php esc_html_e( 'All', 'paid-memberships-pro' ); ?></option>
981	<option
982	+ value="within-a-date-range" <?php selected( $filter, 'within-a-date-range' ); ?>><?php esc_html_e( 'Within a Date Range', 'paid-memberships-pro' ); ?></option>
983	<option
984	+ value="predefined-date-range" <?php selected( $filter, 'predefined-date-range' ); ?>><?php esc_html_e( 'Predefined Date Range', 'paid-memberships-pro' ); ?></option>
985	<option
986	+ value="within-a-level" <?php selected( $filter, 'within-a-level' ); ?>><?php esc_html_e( 'Within a Level', 'paid-memberships-pro' ); ?></option>
987	<option
988	+ value="with-discount-code" <?php selected( $filter, 'with-discount-code' ); ?>><?php esc_html_e( 'With a Discount Code', 'paid-memberships-pro' ); ?></option>
989	<option
990	+ value="within-a-status" <?php selected( $filter, 'within-a-status' ); ?>><?php esc_html_e( 'Within a Status', 'paid-memberships-pro' ); ?></option>
991	<option
992	+ value="only-paid" <?php selected( $filter, 'only-paid' ); ?>><?php esc_html_e( 'Only Paid Orders', 'paid-memberships-pro' ); ?></option>
993	<option
994	+ value="only-free" <?php selected( $filter, 'only-free' ); ?>><?php esc_html_e( 'Only Free Orders', 'paid-memberships-pro' ); ?></option>
995
996	<?php $custom_filters = apply_filters( 'pmpro_admin_orders_filters', array() ); ?>
997	<?php foreach( $custom_filters as $value => $name ) { ?>
998	+ <option value="<?php echo esc_attr( $value ); ?>" <?php selected( $filter, $value ); ?>><?php esc_html_e( $name ); ?></option>
999	<?php } ?>
1000	</select>
1001
1002	+ <span id="from"><?php esc_html_e( 'From', 'paid-memberships-pro' ); ?></span>
1003
1004	<select id="start-month" name="start-month">
1005	<?php for ( $i = 1; $i < 13; $i ++ ) { ?>

1014	value="<?php echo esc_attr( $start_year ); ?>"/>
1015
1016
1017	+ <span id="to"><?php esc_html_e( 'To', 'paid-memberships-pro' ); ?></span>
1018
1019	<select id="end-month" name="end-month">
1020	<?php for ( $i = 1; $i < 13; $i ++ ) { ?>

1027	<input id='end-day' name="end-day" type="text" size="2" value="<?php echo esc_attr( $end_day ); ?>"/>
1028	<input id='end-year' name="end-year" type="text" size="4" value="<?php echo esc_attr( $end_year ); ?>"/>
1029
1030	+ <span id="filterby"><?php esc_html_e( 'filter by ', 'paid-memberships-pro' ); ?></span>
1031
1032	<select id="predefined-date" name="predefined-date">
1033
1034	<option
1035	+ value="<?php echo 'This Month'; ?>" <?php selected( $predefined_date, 'This Month' ); ?>><?php esc_html_e( 'This Month', 'paid-memberships-pro' ); ?></option>
1036	<option
1037	+ value="<?php echo 'Last Month'; ?>" <?php selected( $predefined_date, 'Last Month' ); ?>><?php esc_html_e( 'Last Month', 'paid-memberships-pro' ); ?></option>
1038	<option
1039	+ value="<?php echo 'This Year'; ?>" <?php selected( $predefined_date, 'This Year' ); ?>><?php esc_html_e( 'This Year', 'paid-memberships-pro' ); ?></option>
1040	<option
1041	+ value="<?php echo 'Last Year'; ?>" <?php selected( $predefined_date, 'Last Year' ); ?>><?php esc_html_e( 'Last Year', 'paid-memberships-pro' ); ?></option>
1042
1043	</select>
1044

1049	<select id="l" name="l">
1050	<?php foreach ( $levels as $level ) { ?>
1051	<option
1052	+ value="<?php echo esc_attr( $level->id ); ?>" <?php selected( $l, $level->id ); ?>><?php echo esc_html( $level->name ); ?></option>
1053	<?php } ?>
1054
1055	</select>

1062	<select id="discount_code" name="discount_code">
1063	<?php foreach ( $codes as $code ) { ?>
1064	<option
1065	+ value="<?php echo esc_attr( $code->id ); ?>" <?php selected( $discount_code, $code->id ); ?>><?php echo esc_html( $code->code ); ?></option>
1066	<?php } ?>
1067	</select>
1068	<?php } ?>

1073	<select id="status" name="status">
1074	<?php foreach ( $statuses as $the_status ) { ?>
1075	<option
1076	+ value="<?php echo esc_attr( $the_status ); ?>" <?php selected( $the_status, $status ); ?>><?php echo esc_html( $the_status ); ?></option>
1077	<?php } ?>
1078	</select>
1079
1080	+ <input id="submit" class="button" type="submit" value="<?php esc_attr_e( 'Filter', 'paid-memberships-pro' ); ?>"/>
1081	</li>
1082	</ul>
1083

1211	</script>
1212
1213	<p class="search-box">
1214	+ <label class="hidden" for="post-search-input"><?php esc_html_e( 'Search Orders', 'paid-memberships-pro' ); ?>:</label>
1215	<input type="hidden" name="page" value="pmpro-orders"/>
1216	<input id="post-search-input" type="text" value="<?php echo esc_attr( $s ); ?>" name="s"/>
1217	+ <input class="button" type="submit" value="<?php esc_attr_e( 'Search Orders', 'paid-memberships-pro' ); ?>"/>
1218	</p>
1219
1220	<?php

1262	$fields = apply_filters( 'pmpro_orders_search_fields', $fields );
1263
1264	foreach ( $fields as $field ) {
1265	+ $sqlQuery .= ' OR ' . esc_sql( $field ) . " LIKE '%" . esc_sql( $s ) . "%' ";
1266	}
1267	$sqlQuery .= ') ';
1268

1294	<table class="widefat">
1295	<thead>
1296	<tr class="thead">
1297	+ <th><?php esc_html_e( 'ID', 'paid-memberships-pro' ); ?></th>
1298	+ <th><?php esc_html_e( 'Code', 'paid-memberships-pro' ); ?></th>
1299	+ <th><?php esc_html_e( 'Username', 'paid-memberships-pro' ); ?></th>
1300	<?php do_action( 'pmpro_orders_extra_cols_header', $order_ids ); ?>
1301	+ <th><?php esc_html_e( 'Level', 'paid-memberships-pro' ); ?></th>
1302	+ <th><?php esc_html_e( 'Total', 'paid-memberships-pro' ); ?></th>
1303	+ <th><?php esc_html_e( 'Payment', 'paid-memberships-pro' ); ?></th>
1304	+ <th><?php esc_html_e( 'Gateway', 'paid-memberships-pro' ); ?></th>
1305	+ <th><?php esc_html_e( 'Transaction IDs', 'paid-memberships-pro' ); ?></th>
1306	+ <th><?php esc_html_e( 'Status', 'paid-memberships-pro' ); ?></th>
1307	+ <th><?php esc_html_e( 'Date', 'paid-memberships-pro' ); ?></th>
1308	+ <th><?php esc_html_e( 'Discount Code', 'paid-memberships-pro' );?></th>
1309	</tr>
1310	</thead>
1311	<tbody id="orders" class="list:order orders-list">

1317	$order->getMemberOrderByID( $order_id );
1318	$order->getUser();
1319	?>
1320	+ <tr <?php if ( $count ++ % 2 == 0 ) { ?>
1321	+ class="alternate"<?php } ?>>



1322	<td>
1323	+ <a href="admin.php?page=pmpro-orders&order=<?php echo esc_attr( $order->id ); ?>"><?php echo esc_html( $order->id ); ?></a>
1324	</td>
1325	<td class="order_code column-order_code has-row-actions">
1326	+ <a href="admin.php?page=pmpro-orders&order=<?php echo esc_attr( $order->id ); ?>"><?php echo esc_html( $order->code ); ?></a>
1327	<br />
1328	<div class="row-actions">
1329	<span class="edit">
1330	+ <a title="<?php esc_attr_e( 'Edit', 'paid-memberships-pro' ); ?>" href="<?php echo esc_url( add_query_arg( array( 'page' => 'pmpro-orders', 'order' => $order->id ), admin_url('admin.php' ) ) ); ?>"><?php esc_html_e( 'Edit', 'paid-memberships-pro' ); ?></a>
1331	</span> \|
1332	<span class="copy">
1333	+ <a title="<?php esc_attr_e( 'Copy', 'paid-memberships-pro' ); ?>" href="<?php echo esc_url( add_query_arg( array( 'page' => 'pmpro-orders', 'order' => '-1', 'copy' => $order->id ), admin_url('admin.php' ) ) ); ?>"><?php esc_html_e( 'Copy', 'paid-memberships-pro' ); ?></a>
1334	</span> \|
1335	<span class="delete">
1336	+ <a href="javascript:pmpro_askfirst('<?php echo esc_attr
1337	+ ( sprintf( __( 'Deleting orders is permanent and can affect active users. Are you sure you want to delete order %s?', 'paid-memberships-pro' ), str_replace( "'", '', $order->code ) ) ); ?>', 'admin.php?page=pmpro-orders&delete=<?php echo $order->id; ?>'); void(0);"><?php esc_html_e( 'Delete', 'paid-memberships-pro' ); ?></a>
1338	</span> \|
1339	<span class="print">
1340	+ <a target="_blank" title="<?php esc_attr_e( 'Print', 'paid-memberships-pro' ); ?>" href="<?php echo esc_url( add_query_arg( array( 'action' => 'pmpro_orders_print_view', 'order' => $order->id ), admin_url('admin-ajax.php' ) ) ); ?>"><?php esc_html_e( 'Print', 'paid-memberships-pro' ); ?></a>
1341	</span> \|
1342	<span class="email">
1343	<a href="#TB_inline?width=600&height=200&inlineId=email_invoice" class="thickbox email_link"
1344	+ data-order="<?php echo esc_attr( $order->id ); ?>"><?php esc_html_e( 'Email', 'paid-memberships-pro' ); ?></a>
1345	</span>
1346	<?php
1347	// Set up the hover actions for this user

1353	foreach ( $actions as $action => $link ) {
1354	++ $i;
1355	( $i == $action_count ) ? $sep = '' : $sep = ' \| ';
1356	+ $out .= "<span class='" . esc_attr( $action ) . "'>" . esc_html( $link ) . $sep . "</span>";
1357	}
1358	echo $out;
1359	}

1363	<td class="username column-username">
1364	<?php $order->getUser(); ?>
1365	<?php if ( ! empty( $order->user ) ) { ?>
1366	+ <a href="user-edit.php?user_id=<?php echo esc_attr( $order->user->ID ); ?>"><?php echo esc_html( $order->user->user_login ); ?></a>
1367	<?php } elseif ( $order->user_id > 0 ) { ?>
1368	+ [<?php esc_html_e( 'deleted', 'paid-memberships-pro' ); ?>]
1369	<?php } else { ?>
1370	+ [<?php esc_html_e( 'none', 'paid-memberships-pro' ); ?>]
1371	<?php } ?>
1372	</td>
1373	<?php do_action( 'pmpro_orders_extra_cols_body', $order ); ?>

1375	<?php
1376	$level = pmpro_getLevel( $order->membership_id );
1377	if ( ! empty( $level ) ) {
1378	+ echo esc_html( $level->name );
1379	} elseif ( $order->membership_id > 0 ) { ?>
1380	+ [<?php esc_html_e( 'deleted', 'paid-memberships-pro' ); ?>]
1381	<?php } else { ?>
1382	+ [<?php esc_html_e( 'none', 'paid-memberships-pro' ); ?>]
1383	<?php }
1384	?>
1385	</td>
1386	+ <td><?php echo esc_html( pmpro_formatPrice( $order->total ) ); ?></td>
1387	<td>
1388	<?php
1389	if ( ! empty( $order->payment_type ) ) {
1390	+ echo esc_html( $order->payment_type ) . '<br />';
1391	}
1392	?>
1393	<?php if ( ! empty( $order->accountnumber ) ) { ?>
1394	+ <?php echo esc_html( $order->cardtype ); ?>: x<?php echo esc_html( last4( $order->accountnumber ) ); ?><br/>
1395	<?php } ?>
1396	<?php if ( ! empty( $order->billing->name ) ) { ?>
1397	+ <?php echo esc_html( $order->billing->name ); ?><br/>
1398	<?php } ?>
1399	<?php if ( ! empty( $order->billing->street ) ) { ?>
1400	+ <?php echo esc_html( $order->billing->street ); ?><br/>
1401	<?php if ( $order->billing->city && $order->billing->state ) { ?>
1402	+ <?php echo esc_html( $order->billing->city ); ?>, <?php echo esc_html( $order->billing->state ); ?><?php echo esc_html( $order->billing->zip ); ?>
1403	+ <?php
1404	+ if ( ! empty( $order->billing->country ) ) {
1405	+ echo esc_html( $order->billing->country ); }
1406	?>
1407	<br/>
1408	<?php } ?>
1409	<?php } ?>
1410	<?php
1411	if ( ! empty( $order->billing->phone ) ) {
1412	+ echo esc_html( formatPhone( $order->billing->phone ) );
1413	}
1414	?>
1415	</td>
1416	<td><?php echo $order->gateway; ?>
1417	+ <?php
1418	+ if ( $order->gateway_environment == 'test' ) {
1419	+ echo '(test)';
1420	+ }
1421	?>
1422	+ </td>
1423	<td>
1424	+ <?php esc_html_e( 'Payment', 'paid-memberships-pro' ); ?>:
1425	+ <?php
1426	+ if ( ! empty( $order->payment_transaction_id ) ) {
1427	+ echo esc_html( $order->payment_transaction_id );
1428	+ } else {
1429	+ esc_html_e( 'N/A', 'paid-memberships-pro' );
1430	+ }
1431	?>
1432	<br/>
1433	+ <?php esc_html_e( 'Subscription', 'paid-memberships-pro' ); ?>
1434	:
1435	<?php
1436	if ( ! empty( $order->subscription_transaction_id ) ) {
1437	+ echo esc_html( $order->subscription_transaction_id );
1438	} else {
1439	+ esc_html_e( 'N/A', 'paid-memberships-pro' );
1440	}
1441	?>
1442	</td>
1443	+ <td><?php echo esc_html( $order->status ); ?></td>
1444	<td>
1445	+ <?php echo esc_html( date_i18n( get_option( 'date_format' ), $order->timestamp ) ); ?><br/>
1446	+ <?php echo esc_html( date_i18n( get_option( 'time_format' ), $order->timestamp ) ); ?>
1447	</td>
1448	<td>
1449	<?php if ( $order->getDiscountCode() ) { ?>
1450	+ <a title="<?php esc_attr_e('edit', 'paid-memberships-pro' ); ?>" href="<?php echo esc_url( add_query_arg( array( 'page' => 'pmpro-discountcodes', 'edit' => $order->discount_code->id ), admin_url('admin.php' ) ) ); ?>">
1451	+ <?php echo esc_html( $order->discount_code->code ); ?>
1452	</a>
1453	<?php } ?>
1454	</td>

1459	if ( ! $order_ids ) {
1460	?>
1461	<tr>
1462	+ <td colspan="9"><p><?php esc_html_e( 'No orders found.', 'paid-memberships-pro' ); ?></p></td>
1463	</tr>
1464	<?php
1465	}

1469	</form>
1470	<?php
1471	// add normal args
1472	+ $pagination_url = esc_url( add_query_arg( $url_params, get_admin_url( null, '/admin.php?page=pmpro-orders' ) ) );
1473	echo pmpro_getPaginationString( $pn, $totalrows, $limit, 1, $pagination_url, "&limit=$limit&pn=" );
1474	?>
1475

classes/class-pmpro-admin-activity-email.php CHANGED Viewed

	@@ -405,7 +405,7 @@ class PMPro_Admin_Activity_Email extends PMProEmail {
405	}
406	$this->email = $recipient;
407
408	- $this->subject = sprintf( __( '[%1$s] ~~Paid~~ ~~Memberships Pro~~ Activity for %2$s: %3$s', 'paid-memberships-pro' ), get_bloginfo( 'name' ), ucwords( $term ), $date_range );
409	$this->template = 'admin_activity_email';
410	$this->body = $admin_activity_email_body;
411	$this->from = pmpro_getOption( 'from' );


405	}
406	$this->email = $recipient;
407
408	+ $this->subject = sprintf( __( '[%1$s] PMPro Activity for %2$s: %3$s', 'paid-memberships-pro' ), get_bloginfo( 'name' ), ucwords( $term ), $date_range );
409	$this->template = 'admin_activity_email';
410	$this->body = $admin_activity_email_body;
411	$this->from = pmpro_getOption( 'from' );

classes/class.memberorder.php CHANGED Viewed

	@@ -654,11 +654,11 @@
654	$after_action = "pmpro_updated_order";
655	//update
656	$this->sqlQuery = "UPDATE $wpdb->pmpro_membership_orders
657	- SET `code` = '" . $this->code . "',
658	- `session_id` = '" . $this->session_id . "',
659	`user_id` = " . intval($this->user_id) . ",
660	`membership_id` = " . intval($this->membership_id) . ",
661	- `paypal_token` = '" . $this->paypal_token . "',
662	`billing_name` = '" . esc_sql($this->billing->name) . "',
663	`billing_street` = '" . esc_sql($this->billing->street) . "',
664	`billing_city` = '" . esc_sql($this->billing->city) . "',
	@@ -666,20 +666,20 @@
666	`billing_zip` = '" . esc_sql($this->billing->zip) . "',
667	`billing_country` = '" . esc_sql($this->billing->country) . "',
668	`billing_phone` = '" . esc_sql($this->billing->phone) . "',
669	- `subtotal` = '" . $this->subtotal . "',
670	- `tax` = '" . $this->tax . "',
671	- `couponamount` = '" . $this->couponamount . "',
672	`certificate_id` = " . intval($this->certificate_id) . ",
673	- `certificateamount` = '" . $this->certificateamount . "',
674	- `total` = '" . $this->total . "',
675	- `payment_type` = '" . $this->payment_type . "',
676	- `cardtype` = '" . $this->cardtype . "',
677	- `accountnumber` = '" . $this->accountnumber . "',
678	- `expirationmonth` = '" . $this->expirationmonth . "',
679	- `expirationyear` = '" . $this->expirationyear . "',
680	`status` = '" . esc_sql($this->status) . "',
681	- `gateway` = '" . $this->gateway . "',
682	- `gateway_environment` = '" . $this->gateway_environment . "',
683	`payment_transaction_id` = '" . esc_sql($this->payment_transaction_id) . "',
684	`subscription_transaction_id` = '" . esc_sql($this->subscription_transaction_id) . "',
685	`timestamp` = '" . esc_sql($this->datetime) . "',
	@@ -687,7 +687,7 @@
687	`affiliate_subid` = '" . esc_sql($this->affiliate_subid) . "',
688	`notes` = '" . esc_sql($this->notes) . "',
689	`checkout_id` = " . intval($this->checkout_id) . "
690	- WHERE id = '" . $this->id . "'
691	LIMIT 1";
692	}
693	else
	@@ -705,32 +705,32 @@
705	//insert
706	$this->sqlQuery = "INSERT INTO $wpdb->pmpro_membership_orders
707	(`code`, `session_id`, `user_id`, `membership_id`, `paypal_token`, `billing_name`, `billing_street`, `billing_city`, `billing_state`, `billing_zip`, `billing_country`, `billing_phone`, `subtotal`, `tax`, `couponamount`, `certificate_id`, `certificateamount`, `total`, `payment_type`, `cardtype`, `accountnumber`, `expirationmonth`, `expirationyear`, `status`, `gateway`, `gateway_environment`, `payment_transaction_id`, `subscription_transaction_id`, `timestamp`, `affiliate_id`, `affiliate_subid`, `notes`, `checkout_id`)
708	- VALUES('" . $this->code . "',
709	- '" . session_id() . "',
710	" . intval($this->user_id) . ",
711	" . intval($this->membership_id) . ",
712	- '" . $this->paypal_token . "',
713	'" . esc_sql(trim($this->billing->name)) . "',
714	'" . esc_sql(trim($this->billing->street)) . "',
715	'" . esc_sql($this->billing->city) . "',
716	'" . esc_sql($this->billing->state) . "',
717	'" . esc_sql($this->billing->zip) . "',
718	'" . esc_sql($this->billing->country) . "',
719	- '" . cleanPhone($this->billing->phone) . "',
720	- '" . $this->subtotal . "',
721	- '" . $tax . "',
722	- '" . $this->couponamount. "',
723	" . intval($this->certificate_id) . ",
724	- '" . $this->certificateamount . "',
725	- '" . $total . "',
726	- '" . $this->payment_type . "',
727	- '" . $this->cardtype . "',
728	- '" . hideCardNumber($this->accountnumber, false) . "',
729	- '" . $this->expirationmonth . "',
730	- '" . $this->expirationyear . "',
731	'" . esc_sql($this->status) . "',
732	- '" . $this->gateway . "',
733	- '" . $this->gateway_environment . "',
734	'" . esc_sql($this->payment_transaction_id) . "',
735	'" . esc_sql($this->subscription_transaction_id) . "',
736	'" . esc_sql($this->datetime) . "',


654	$after_action = "pmpro_updated_order";
655	//update
656	$this->sqlQuery = "UPDATE $wpdb->pmpro_membership_orders
657	+ SET `code` = '" . esc_sql( $this->code ) . "',
658	+ `session_id` = '" . esc_sql( $this->session_id ) . "',
659	`user_id` = " . intval($this->user_id) . ",
660	`membership_id` = " . intval($this->membership_id) . ",
661	+ `paypal_token` = '" . esc_sql( $this->paypal_token ) . "',
662	`billing_name` = '" . esc_sql($this->billing->name) . "',
663	`billing_street` = '" . esc_sql($this->billing->street) . "',
664	`billing_city` = '" . esc_sql($this->billing->city) . "',

666	`billing_zip` = '" . esc_sql($this->billing->zip) . "',
667	`billing_country` = '" . esc_sql($this->billing->country) . "',
668	`billing_phone` = '" . esc_sql($this->billing->phone) . "',
669	+ `subtotal` = '" . esc_sql( $this->subtotal ) . "',
670	+ `tax` = '" . esc_sql( $this->tax ) . "',
671	+ `couponamount` = '" . esc_sql( $this->couponamount ) . "',
672	`certificate_id` = " . intval($this->certificate_id) . ",
673	+ `certificateamount` = '" . esc_sql( $this->certificateamount ) . "',
674	+ `total` = '" . esc_sql( $this->total ) . "',
675	+ `payment_type` = '" . esc_sql( $this->payment_type ) . "',
676	+ `cardtype` = '" . esc_sql( $this->cardtype ) . "',
677	+ `accountnumber` = '" . esc_sql( $this->accountnumber ) . "',
678	+ `expirationmonth` = '" . esc_sql( $this->expirationmonth ) . "',
679	+ `expirationyear` = '" . esc_sql( $this->expirationyear ) . "',
680	`status` = '" . esc_sql($this->status) . "',
681	+ `gateway` = '" . esc_sql( $this->gateway ) . "',
682	+ `gateway_environment` = '" . esc_sql( $this->gateway_environment ) . "',
683	`payment_transaction_id` = '" . esc_sql($this->payment_transaction_id) . "',
684	`subscription_transaction_id` = '" . esc_sql($this->subscription_transaction_id) . "',
685	`timestamp` = '" . esc_sql($this->datetime) . "',

687	`affiliate_subid` = '" . esc_sql($this->affiliate_subid) . "',
688	`notes` = '" . esc_sql($this->notes) . "',
689	`checkout_id` = " . intval($this->checkout_id) . "
690	+ WHERE id = '" . esc_sql( $this->id ) . "'
691	LIMIT 1";
692	}
693	else

705	//insert
706	$this->sqlQuery = "INSERT INTO $wpdb->pmpro_membership_orders
707	(`code`, `session_id`, `user_id`, `membership_id`, `paypal_token`, `billing_name`, `billing_street`, `billing_city`, `billing_state`, `billing_zip`, `billing_country`, `billing_phone`, `subtotal`, `tax`, `couponamount`, `certificate_id`, `certificateamount`, `total`, `payment_type`, `cardtype`, `accountnumber`, `expirationmonth`, `expirationyear`, `status`, `gateway`, `gateway_environment`, `payment_transaction_id`, `subscription_transaction_id`, `timestamp`, `affiliate_id`, `affiliate_subid`, `notes`, `checkout_id`)
708	+ VALUES('" . esc_sql( $this->code ) . "',
709	+ '" . esc_sql( session_id() ) . "',
710	" . intval($this->user_id) . ",
711	" . intval($this->membership_id) . ",
712	+ '" . esc_sql( $this->paypal_token ) . "',
713	'" . esc_sql(trim($this->billing->name)) . "',
714	'" . esc_sql(trim($this->billing->street)) . "',
715	'" . esc_sql($this->billing->city) . "',
716	'" . esc_sql($this->billing->state) . "',
717	'" . esc_sql($this->billing->zip) . "',
718	'" . esc_sql($this->billing->country) . "',
719	+ '" . esc_sql( cleanPhone($this->billing->phone) ) . "',
720	+ '" . esc_sql( $this->subtotal ) . "',
721	+ '" . esc_sql( $tax ) . "',
722	+ '" . esc_sql( $this->couponamount ). "',
723	" . intval($this->certificate_id) . ",
724	+ '" . esc_sql( $this->certificateamount ) . "',
725	+ '" . esc_sql( $total ) . "',
726	+ '" . esc_sql( $this->payment_type ) . "',
727	+ '" . esc_sql( $this->cardtype ) . "',
728	+ '" . esc_sql( hideCardNumber($this->accountnumber, false) ) . "',
729	+ '" . esc_sql( $this->expirationmonth ) . "',
730	+ '" . esc_sql( $this->expirationyear ) . "',
731	'" . esc_sql($this->status) . "',
732	+ '" . esc_sql( $this->gateway ) . "',
733	+ '" . esc_sql( $this->gateway_environment ) . "',
734	'" . esc_sql($this->payment_transaction_id) . "',
735	'" . esc_sql($this->subscription_transaction_id) . "',
736	'" . esc_sql($this->datetime) . "',

includes/admin.php CHANGED Viewed

	@@ -32,7 +32,13 @@ add_action( 'admin_init', 'pmpro_admin_init_redirect_to_dashboard' );
32	function pmpro_block_dashboard() {
33	global $current_user;
34	$block_dashboard = pmpro_getOption( 'block_dashboard' );
35	- ~~if ( ! wp_doing_ajax() && ! empty( $block_dashboard ) && in_array( 'subscriber', (array) $current_user->roles ) ) {~~






36	$block = true;
37	} else {
38	$block = false;


32	function pmpro_block_dashboard() {
33	global $current_user;
34	$block_dashboard = pmpro_getOption( 'block_dashboard' );
35	+
36	+ if ( ! wp_doing_ajax()
37	+ && ! empty( $block_dashboard )
38	+ && ! current_user_can( 'manage_options' )
39	+ && ! current_user_can( 'edit_users' )
40	+ && ! current_user_can( 'edit_posts' )
41	+ && in_array( 'subscriber', (array) $current_user->roles ) ) {
42	$block = true;
43	} else {
44	$block = false;

includes/functions.php CHANGED Viewed

	@@ -1074,6 +1074,10 @@ function pmpro_changeMembershipLevel( $level, $user_id = null, $old_level_status
1074
1075	if ( ! empty( $c_order->error ) ) {
1076	$pmpro_error = $c_order->error;




1077	}
1078	}
1079	}
	@@ -3255,4 +3259,4 @@ function pmpro_int_compare( $a, $b, $operator ) {
3255	}
3256
3257	return $r;
3258	- }


1074
1075	if ( ! empty( $c_order->error ) ) {
1076	$pmpro_error = $c_order->error;
1077	+ } else {
1078	+ if( $old_level_status == 'error' ) {
1079	+ $c_order->updateStatus("error");
1080	+ }
1081	}
1082	}
1083	}

3259	}
3260
3261	return $r;
3262	+ }

includes/scripts.php CHANGED Viewed

	@@ -69,10 +69,22 @@ function pmpro_enqueue_scripts() {
69	array( 'jquery', 'password-strength-meter' ),
70	PMPRO_VERSION );
71












72	wp_localize_script( 'pmpro_login', 'pmpro', array(
73	'pmpro_login_page' => 'changepassword',
74	'strength_indicator_text' => __( 'Strength Indicator', 'paid-memberships-pro' ),
75	- ));
76	wp_enqueue_script( 'pmpro_login' );
77	}
78	}


69	array( 'jquery', 'password-strength-meter' ),
70	PMPRO_VERSION );
71
72	+ /**
73	+ * Filter to allow weak passwords on the
74	+ * change password and reset password forms.
75	+ * At this time, this only disables the JS check on the frontend.
76	+ * There is no backend check for weak passwords on those forms.
77	+ *
78	+ * @since 2.3.3
79	+ *
80	+ * @param bool $allow_weak_passwords Whether to allow weak passwords.
81	+ */
82	+ $allow_weak_passwords = apply_filters( 'pmpro_allow_weak_passwords', false );
83	+
84	wp_localize_script( 'pmpro_login', 'pmpro', array(
85	'pmpro_login_page' => 'changepassword',
86	'strength_indicator_text' => __( 'Strength Indicator', 'paid-memberships-pro' ),
87	+ 'allow_weak_passwords' => $allow_weak_passwords ) );
88	wp_enqueue_script( 'pmpro_login' );
89	}
90	}

js/pmpro-login.js CHANGED Viewed

	@@ -29,11 +29,15 @@ jQuery(document).ready(function(){
29	switch ( strength ) {
30	case -1:
31	indicator.addClass( 'empty' ).html( ' ' );
32	- ~~submitbutton.prop~~( '~~disabled~~', ~~true~~ );


33	break;
34	case 2:
35	indicator.addClass( 'bad' ).html( pwsL10n.bad );
36	- ~~submitbutton.prop~~( '~~disabled~~', ~~true~~ );


37	break;
38	case 3:
39	indicator.addClass( 'good' ).html( pwsL10n.good );
	@@ -49,7 +53,9 @@ jQuery(document).ready(function(){
49	break;
50	default:
51	indicator.addClass( 'short' ).html( pwsL10n['short'] );
52	- ~~submitbutton.prop~~( '~~disabled~~', ~~true~~ );


53	}
54	}
55


29	switch ( strength ) {
30	case -1:
31	indicator.addClass( 'empty' ).html( ' ' );
32	+ if ( pmpro.allow_weak_passwords === '' ) {
33	+ submitbutton.prop( 'disabled', true );
34	+ }
35	break;
36	case 2:
37	indicator.addClass( 'bad' ).html( pwsL10n.bad );
38	+ if ( pmpro.allow_weak_passwords === '' ) {
39	+ submitbutton.prop( 'disabled', true );
40	+ }
41	break;
42	case 3:
43	indicator.addClass( 'good' ).html( pwsL10n.good );

53	break;
54	default:
55	indicator.addClass( 'short' ).html( pwsL10n['short'] );
56	+ if ( pmpro.allow_weak_passwords === '' ) {
57	+ submitbutton.prop( 'disabled', true );
58	+ }
59	}
60	}
61

paid-memberships-pro.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: Paid Memberships Pro
4	* Plugin URI: https://www.paidmembershipspro.com
5	* Description: The most complete member management and membership subscriptions plugin for WordPress.
6	- * Version: 2.3.2
7	* Author: Stranger Studios
8	* Author URI: https://www.strangerstudios.com
9	* Text Domain: paid-memberships-pro
	@@ -16,7 +16,7 @@
16	*/
17
18	// version constant
19	- define( 'PMPRO_VERSION', '2.3.2' );
20	define( 'PMPRO_USER_AGENT', 'Paid Memberships Pro v' . PMPRO_VERSION . '; ' . site_url() );
21	define( 'PMPRO_MIN_PHP_VERSION', '5.6' );
22
	@@ -139,7 +139,7 @@ if ( ! defined( 'SITEURL' ) ) {
139	if ( ! defined( 'SECUREURL' ) ) {
140	define( 'SECUREURL', str_replace( 'http://', 'https://', get_bloginfo( 'wpurl' ) ) );
141	}
142	- define( 'PMPRO_URL', ~~WP_PLUGIN_URL~~ . '~~/paid-memberships-pro~~' );
143	define( 'PMPRO_DOMAIN', pmpro_getDomainFromURL( site_url() ) );
144	define( 'PAYPAL_BN_CODE', 'PaidMembershipsPro_SP' );
145


3	* Plugin Name: Paid Memberships Pro
4	* Plugin URI: https://www.paidmembershipspro.com
5	* Description: The most complete member management and membership subscriptions plugin for WordPress.
6	+ * Version: 2.3.3
7	* Author: Stranger Studios
8	* Author URI: https://www.strangerstudios.com
9	* Text Domain: paid-memberships-pro

16	*/
17
18	// version constant
19	+ define( 'PMPRO_VERSION', '2.3.3' );
20	define( 'PMPRO_USER_AGENT', 'Paid Memberships Pro v' . PMPRO_VERSION . '; ' . site_url() );
21	define( 'PMPRO_MIN_PHP_VERSION', '5.6' );
22

139	if ( ! defined( 'SECUREURL' ) ) {
140	define( 'SECUREURL', str_replace( 'http://', 'https://', get_bloginfo( 'wpurl' ) ) );
141	}
142	+ define( 'PMPRO_URL', plugins_url( '', PMPRO_BASE_FILE ) );
143	define( 'PMPRO_DOMAIN', pmpro_getDomainFromURL( site_url() ) );
144	define( 'PAYPAL_BN_CODE', 'PaidMembershipsPro_SP' );
145

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: strangerstudios, kimannwall, andrewza, dlparker1005
3	Tags: memberships, members, subscriptions, ecommerce, user registration, member, membership, e-commerce, paypal, stripe, braintree, authorize.net, payflow, restrict access, restrict content, directory
4	Requires at least: 4
5	Tested up to: 5.4.1
6	- Stable tag: 2.3.2
7
8	Get Paid with Paid Memberships Pro: The most complete member management and membership subscriptions plugin for your WordPress site.
9
	@@ -153,13 +153,24 @@ Not sure? You can find out by doing a bit a research.
153	8. Membership Account page, display all sections or show specific sections using shortcode attributes.
154
155	== Changelog ==
156	- = 2.3.2 2020-05-07 =










157	* BUG FIX: Fixed errors calling is_main_query() that came up with certain themes.
158	* BUG FIX: Fixed typo in the pmpro_account_profile_action_links filter.
159	* BUG FIX/ENHANCEMENT: Added a new force parameter to the pmpro_getAllLevels() function. This is used by the Multisite Membership Add On to fix an issue where levels were missing or incorrect on the subsites.
160	* ENHANCEMENT: Removed mention of the ezAdsense plugin, which has been discontinued.

161
162	- = 2.3.1 2020-05-01 =
163	* BUG FIX: Fixed infinite redirect issue if no account page was set. Fixed a few other places where we do is_page() type checks just in case.
164	* BUG FIX: Fixed issue where all pages were retitled to Welcome when logged in, if no login page was set.
165	* BUG FIX: Fixed issue with BuddyBoss and other themes/plugins that use the_title filter with only one parameter.


3	Tags: memberships, members, subscriptions, ecommerce, user registration, member, membership, e-commerce, paypal, stripe, braintree, authorize.net, payflow, restrict access, restrict content, directory
4	Requires at least: 4
5	Tested up to: 5.4.1
6	+ Stable tag: 2.3.3
7
8	Get Paid with Paid Memberships Pro: The most complete member management and membership subscriptions plugin for your WordPress site.
9

153	8. Membership Account page, display all sections or show specific sections using shortcode attributes.
154
155	== Changelog ==
156	+ = 2.3.3 - 2020-05-13 =
157	+ * SECURITY: Fixed SQL injection vulnerability when logged in as an administrator and adding new orders in the dashboard. JVN#20248858 (Thanks, Kenichi Okuno of Mitsui Bussan Secure Directions, Inc)
158	+ * SECURITY: Making sure to properly escape all values on the add/edit order form in the dashboard.
159	+ * BUG FIX: Now properly setting the order status to "error" when an initial payment fails when using PayPal Express. Before the order status would be set as "cancelled", which would count the order toward reports and make it harder to find orders that had errors. (Thanks, Mirco Babini)
160	+ * BUG FIX: Fixed issue with the PMPro logo and some other assets loading over the wrong schema (http vs https) in some cases.
161	+ * BUG FIX: Fixed issue where the chosen discount code was not shown after submitting when adding a new order through the dashboard.
162	+ * BUG FIX/ENHANCEMENT: Using "PMPro" in the admin activity email subject to keep the line shorter and avoid issues when replacing the word "member" via gettext.
163	+ * ENHANCEMENT: Added a pmpro_allow_weak_passwords filter. You can set this to return true (like this https://gist.github.com/ideadude/5a12119b9ce1c2aad87b2d69cb8f9505) to allow weak passwords on the change password and reset password pages. Note that at this time, weak passwords are still allowed on the checkout page no matter the value of this filter. We expect to change that in the future. For now, you can use our PMPro Strong Passwords plugin to force strong passwords at checkout.
164	+ * REFACTOR: Updated the logic around checking the PMPRO_IPN_DEBUG constant in the IPN handler. (Thanks, Mirco Babini)
165	+
166	+ = 2.3.2 - 2020-05-07 =
167	* BUG FIX: Fixed errors calling is_main_query() that came up with certain themes.
168	* BUG FIX: Fixed typo in the pmpro_account_profile_action_links filter.
169	* BUG FIX/ENHANCEMENT: Added a new force parameter to the pmpro_getAllLevels() function. This is used by the Multisite Membership Add On to fix an issue where levels were missing or incorrect on the subsites.
170	* ENHANCEMENT: Removed mention of the ezAdsense plugin, which has been discontinued.
171	+ * ENHANCEMENT: Added $recipient param in sendAdminActivity() function so you can send additional activity emails like this https://gist.github.com/dparker1005/6bf650370a12aef44adf8c8c26d3e906
172
173	+ = 2.3.1 - 2020-05-01 =
174	* BUG FIX: Fixed infinite redirect issue if no account page was set. Fixed a few other places where we do is_page() type checks just in case.
175	* BUG FIX: Fixed issue where all pages were retitled to Welcome when logged in, if no login page was set.
176	* BUG FIX: Fixed issue with BuddyBoss and other themes/plugins that use the_title filter with only one parameter.

services/ipnhandler.php CHANGED Viewed

@@ -361,22 +361,27 @@ function pmpro_ipnExit() {
             		echo $logstr;
-            -
            		//log in file or email?
-            -
            		if ( defined( 'PMPRO_IPN_DEBUG' ) && PMPRO_IPN_DEBUG === "log" ) {
-            -
            			//file
-            -
            			$loghandle = fopen( dirname( __FILE__ ) . "/../logs/ipn.txt", "a+" );
-            -
            			fwrite( $loghandle, $logstr );
-            -
            			fclose( $loghandle );
-            -
            		} elseif ( defined( 'PMPRO_IPN_DEBUG' ) ) {
-            -
            			//email
-            -
            			if ( strpos( PMPRO_IPN_DEBUG, "@" ) ) {
-            -
            				$log_email = PMPRO_IPN_DEBUG;
-            -
            			}    //constant defines a specific email address
-            -
            			else {
-            -
            				$log_email = get_option( "admin_email" );
+            			}
-            -
-            -
            			wp_mail( $log_email, get_option( "blogname" ) . " IPN Log", nl2br( $logstr ) );
+            		}
+            	}


361
362	echo $logstr;
363
364	+ //log or dont log? log in file or email?
365	+ //- dont log if constant is undefined or defined but false
366	+ //- log to file if constant is set to TRUE or 'log'
367	+ //- log to file if constant is defined to a valid email address
368	+ if ( defined( 'PMPRO_IPN_DEBUG' ) ) {
369	+ if( PMPRO_IPN_DEBUG === false ){
370	+ //dont log here. false mean no.
371	+ //should avoid counterintuitive interpretation of false.
372	+ } elseif ( PMPRO_IPN_DEBUG === "log" ) {
373	+ //file
374	+ $logfile = apply_filters( 'pmpro_ipn_logfile', dirname( __FILE__ ) . "/../logs/ipn.txt" );
375	+ $loghandle = fopen( $logfile, "a+" );
376	+ fwrite( $loghandle, $logstr );
377	+ fclose( $loghandle );
378	+ } elseif ( is_email( PMPRO_IPN_DEBUG ) ) {
379	+ //email to specified address
380	+ wp_mail( PMPRO_IPN_DEBUG, get_option( "blogname" ) . " IPN Log", nl2br( $logstr ) );
381	+ } else {
382	+ //email to admin
383	+ wp_mail( get_option( "admin_email" ), get_option( "blogname" ) . " IPN Log", nl2br( $logstr ) );
384	}


385	}
386	}
387