Simple Membership - Version 3.3.5

Version Description

Added nonce check on the edit profile form.
Added an extra check for the membership level data on the registration form.
Minimum WordPress version requirement updated to v4.0.

Release Info

Developer	mra13
Plugin	Simple Membership
Version	3.3.5
Comparing to
See all releases

Code changes from version 3.3.2 to 3.3.5

Files changed (22) hide show

classes/class.simple-wp-membership.php +18 -11
classes/class.swpm-admin-registration.php +25 -4
classes/class.swpm-category-list.php +3 -0
classes/class.swpm-front-registration.php +40 -6
classes/class.swpm-init-time-tasks.php +12 -11
classes/class.swpm-installation.php +5 -0
classes/class.swpm-members.php +14 -4
classes/class.swpm-membership-level.php +21 -3
classes/class.swpm-membership-levels.php +17 -5
classes/class.swpm-protection.php +2 -1
classes/class.swpm-utils-misc.php +14 -0
classes/class.swpm-utils.php +0 -1
ipn/swpm_handle_pp_ipn.php +2 -1
readme.txt +17 -2
simple-wp-membership.php +2 -2
views/add.php +13 -2
views/admin_add.php +1 -1
views/admin_add_level.php +1 -1
views/admin_edit.php +3 -2
views/admin_edit_level.php +1 -1
views/admin_members_list.php +3 -0
views/edit.php +1 -0

classes/class.simple-wp-membership.php CHANGED Viewed

	@@ -375,16 +375,18 @@ class SimpleWpMembership {
375	public function inner_custom_box() {
376	global $post, $wpdb;
377	$id = $post->ID;
378	- // ~~Use~~ ~~nonce for verification~~
379	- $is_protected = ~~SwpmProtection::get_instance()~~->is_protected($id);
380	- ~~echo '<input type="hidden" name="swpm_noncename" id="swpm_noncename" value="' .~~
381	- ~~wp_create_nonce(plugin_basename(__FILE__))~~ ~~. '" />';~~


382	// The actual fields for data entry
383	echo '<h4>' . __("Do you want to protect this content?", 'swpm') . '</h4>';
384	- echo '<input type="radio" ' . ((!$is_protected) ? 'checked' : "") .
385	- ' name="swpm_protect_post" value="1" /> No, Do ~~not protect~~ this content~~. <~~br/>';
386	- echo ~~'<input type="radio" ' .~~ (~~($is_protected~~) ~~? 'checked' : "") .~~
387	- ~~' name="swpm_protect_post" value="2" /> Yes, Protect this content.<br/>';~~
388	echo '<h4>' . __("Select the membership level that can access this content:", 'swpm') . "</h4>";
389	$query = "SELECT * FROM " . $wpdb->prefix . "swpm_membership_tbl WHERE id !=1 ";
390	$levels = $wpdb->get_results($query, ARRAY_A);
	@@ -398,16 +400,21 @@ class SimpleWpMembership {
398	global $wpdb;
399	$post_type = filter_input(INPUT_POST, 'post_type');
400	$swpm_protect_post = filter_input(INPUT_POST, 'swpm_protect_post');
401	- ~~$swpm_noncename = filter_input(INPUT_POST, 'swpm_noncename');~~
402	if (wp_is_post_revision($post_id)) {
403	return;
404	}
405	- if (~~!wp_verify_nonce~~(~~$swpm_noncename,~~ ~~plugin_basename(__FILE__~~))) {
406	return $post_id;
407	}
408	- ~~if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) {~~




409	return $post_id;
410	}

411	if ('page' == $post_type) {
412	if (!current_user_can('edit_page', $post_id)) {
413	return $post_id;


375	public function inner_custom_box() {
376	global $post, $wpdb;
377	$id = $post->ID;
378	+ $protection_obj = SwpmProtection::get_instance();
379	+ $is_protected = $protection_obj->is_protected($id);
380	+
381	+ //Nonce input
382	+ echo '<input type="hidden" name="swpm_post_protection_box_nonce" value="' .wp_create_nonce('swpm_post_protection_box_nonce_action') . '" />';
383	+
384	// The actual fields for data entry
385	echo '<h4>' . __("Do you want to protect this content?", 'swpm') . '</h4>';
386	+ echo '<input type="radio" ' . ((!$is_protected) ? 'checked' : "") . ' name="swpm_protect_post" value="1" /> No, Do not protect this content. <br/>';
387	+ echo '<input type="radio" ' . (($is_protected) ? 'checked' : "") . ' name="swpm_protect_post" value="2" /> Yes, Protect this content.<br/>';
388	+ echo $protection_obj->get_last_message();
389	+
390	echo '<h4>' . __("Select the membership level that can access this content:", 'swpm') . "</h4>";
391	$query = "SELECT * FROM " . $wpdb->prefix . "swpm_membership_tbl WHERE id !=1 ";
392	$levels = $wpdb->get_results($query, ARRAY_A);

400	global $wpdb;
401	$post_type = filter_input(INPUT_POST, 'post_type');
402	$swpm_protect_post = filter_input(INPUT_POST, 'swpm_protect_post');
403	+
404	if (wp_is_post_revision($post_id)) {
405	return;
406	}
407	+ if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) {
408	return $post_id;
409	}
410	+
411	+ //Check nonce
412	+ $swpm_post_protection_box_nonce = filter_input(INPUT_POST, 'swpm_post_protection_box_nonce');
413	+ if (!wp_verify_nonce($swpm_post_protection_box_nonce, 'swpm_post_protection_box_nonce_action')) {
414	+ //Nonce check failed.
415	return $post_id;
416	}
417	+
418	if ('page' == $post_type) {
419	if (!current_user_can('edit_page', $post_id)) {
420	return $post_id;

classes/class.swpm-admin-registration.php CHANGED Viewed

	@@ -15,7 +15,16 @@ class SwpmAdminRegistration extends SwpmRegistration {
15
16	}
17
18	- public function ~~register~~() {









19	global $wpdb;
20	$member = SwpmTransfer::$default_fields;
21	$form = new SwpmForm($member);
	@@ -26,7 +35,8 @@ class SwpmAdminRegistration extends SwpmRegistration {
26	$plain_password = $member_info['plain_password'];
27	unset($member_info['plain_password']);
28	$wpdb->insert($wpdb->prefix . "swpm_members_tbl", $member_info);
29	- ~~/* * ****************** register to wordpress ******** */~~

30	$query = $wpdb->prepare("SELECT role FROM " . $wpdb->prefix . "swpm_membership_tbl WHERE id = %d", $member_info['membership_level']);
31	$wp_user_info = array();
32	$wp_user_info['user_nicename'] = implode('-', explode(' ', $member_info['user_name']));
	@@ -44,7 +54,9 @@ class SwpmAdminRegistration extends SwpmRegistration {
44	$wp_user_info['role'] = $wpdb->get_var($query);
45	$wp_user_info['user_registered'] = date('Y-m-d H:i:s');
46	SwpmUtils::create_wp_user($wp_user_info);
47	- /* * ~~******************~~ register to wordpress ******** */


48	$send_notification = SwpmSettings::get_instance()->get_value('enable-notification-after-manual-user-add');
49	$member_info['plain_password'] = $plain_password;
50	$this->member_info = $member_info;
	@@ -60,7 +72,16 @@ class SwpmAdminRegistration extends SwpmRegistration {
60	SwpmTransfer::get_instance()->set('status', $message);
61	}
62
63	- public function ~~edit~~($id) {









64	global $wpdb;
65	$query = $wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "swpm_members_tbl WHERE member_id = %d", $id);
66	$member = $wpdb->get_row($query, ARRAY_A);


15
16	}
17
18	+ public function register_admin_end() {
19	+ //Check we are on the admin end and user has management permission
20	+ SwpmMiscUtils::check_user_permission_and_is_admin('member creation by admin');
21	+
22	+ //Check nonce
23	+ if ( !isset( $_POST['_wpnonce_create_swpmuser_admin_end'] ) \|\| !wp_verify_nonce($_POST['_wpnonce_create_swpmuser_admin_end'], 'create_swpmuser_admin_end' )){
24	+ //Nonce check failed.
25	+ wp_die(SwpmUtils::_("Error! Nonce verification failed for user registration from admin end."));
26	+ }
27	+
28	global $wpdb;
29	$member = SwpmTransfer::$default_fields;
30	$form = new SwpmForm($member);

35	$plain_password = $member_info['plain_password'];
36	unset($member_info['plain_password']);
37	$wpdb->insert($wpdb->prefix . "swpm_members_tbl", $member_info);
38	+
39	+ //Register to wordpress
40	$query = $wpdb->prepare("SELECT role FROM " . $wpdb->prefix . "swpm_membership_tbl WHERE id = %d", $member_info['membership_level']);
41	$wp_user_info = array();
42	$wp_user_info['user_nicename'] = implode('-', explode(' ', $member_info['user_name']));

54	$wp_user_info['role'] = $wpdb->get_var($query);
55	$wp_user_info['user_registered'] = date('Y-m-d H:i:s');
56	SwpmUtils::create_wp_user($wp_user_info);
57	+ //End register to wordpress
58	+
59	+ //Send notification
60	$send_notification = SwpmSettings::get_instance()->get_value('enable-notification-after-manual-user-add');
61	$member_info['plain_password'] = $plain_password;
62	$this->member_info = $member_info;

72	SwpmTransfer::get_instance()->set('status', $message);
73	}
74
75	+ public function edit_admin_end($id) {
76	+ //Check we are on the admin end and user has management permission
77	+ SwpmMiscUtils::check_user_permission_and_is_admin('member edit by admin');
78	+
79	+ //Check nonce
80	+ if ( !isset($_POST['_wpnonce_edit_swpmuser_admin_end']) \|\| !wp_verify_nonce($_POST['_wpnonce_edit_swpmuser_admin_end'], 'edit_swpmuser_admin_end' )){
81	+ //Nonce check failed.
82	+ wp_die(SwpmUtils::_("Error! Nonce verification failed for user edit from admin end."));
83	+ }
84	+
85	global $wpdb;
86	$query = $wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "swpm_members_tbl WHERE member_id = %d", $id);
87	$member = $wpdb->get_row($query, ARRAY_A);

classes/class.swpm-category-list.php CHANGED Viewed

	@@ -68,6 +68,9 @@ class SwpmCategoryList extends WP_List_Table {
68	}
69
70	public static function update_category_list() {



71	$selected = filter_input(INPUT_POST, 'membership_level_id');
72	$selected_level_id = empty($selected) ? 1 : $selected;
73	$category = ($selected_level_id == 1) ?


68	}
69
70	public static function update_category_list() {
71	+ //Check we are on the admin end and user has management permission
72	+ SwpmMiscUtils::check_user_permission_and_is_admin('category protection update');
73	+
74	$selected = filter_input(INPUT_POST, 'membership_level_id');
75	$selected_level_id = empty($selected) ? 1 : $selected;
76	$category = ($selected_level_id == 1) ?

classes/class.swpm-front-registration.php CHANGED Viewed

	@@ -69,16 +69,30 @@ class SwpmFrontRegistration extends SwpmRegistration {
69	return ob_get_clean();
70	}
71
72	- public function ~~register~~() {

73	//If captcha is present and validation failed, it returns an error string. If validation succeeds, it returns an empty string.
74	$captcha_validation_output = apply_filters('swpm_validate_registration_form_submission', '');
75	-
76	if (!empty($captcha_validation_output)) {
77	$message = array('succeeded' => false, 'message' => SwpmUtils::_('Security check: captcha validation failed.'));
78	SwpmTransfer::get_instance()->set('status', $message);
79	return;
80	}
81	- ~~if ($this->create_swpm_user() && $this->create_wp_user() && $this->send_reg_email()) {~~














82	do_action('swpm_front_end_registration_complete'); //Keep this action hook for people who are using it (so their implementation doesn't break).
83	do_action('swpm_front_end_registration_complete_user_data', $this->member_info);
84
	@@ -136,10 +150,22 @@ class SwpmFrontRegistration extends SwpmRegistration {
136	return true;
137	}
138
139	- private function ~~create_wp_user~~() {
140	global $wpdb;
141	$member_info = $this->member_info;


142	$query = $wpdb->prepare("SELECT role FROM " . $wpdb->prefix . "swpm_membership_tbl WHERE id = %d", $member_info['membership_level']);










143	$wp_user_info = array();
144	$wp_user_info['user_nicename'] = implode('-', explode(' ', $member_info['user_name']));
145	$wp_user_info['display_name'] = $member_info['user_name'];
	@@ -149,18 +175,26 @@ class SwpmFrontRegistration extends SwpmRegistration {
149	$wp_user_info['last_name'] = $member_info['last_name'];
150	$wp_user_info['user_login'] = $member_info['user_name'];
151	$wp_user_info['password'] = $member_info['plain_password'];
152	- $wp_user_info['role'] = $~~wpdb->get_var($query)~~;
153	$wp_user_info['user_registered'] = date('Y-m-d H:i:s');
154	SwpmUtils::create_wp_user($wp_user_info);
155	return true;
156	}
157
158	- public function ~~edit~~() {
159	global $wpdb;

160	$auth = SwpmAuth::get_instance();
161	if (!$auth->is_logged_in()) {
162	return;
163	}







164	$user_data = (array) $auth->userData;
165	unset($user_data['permitted']);
166	$form = new SwpmForm($user_data);


69	return ob_get_clean();
70	}
71
72	+ public function register_front_end() {
73	+
74	//If captcha is present and validation failed, it returns an error string. If validation succeeds, it returns an empty string.
75	$captcha_validation_output = apply_filters('swpm_validate_registration_form_submission', '');

76	if (!empty($captcha_validation_output)) {
77	$message = array('succeeded' => false, 'message' => SwpmUtils::_('Security check: captcha validation failed.'));
78	SwpmTransfer::get_instance()->set('status', $message);
79	return;
80	}
81	+
82	+ //Validate swpm level hash data.
83	+ $hash_val_posted = sanitize_text_field($_POST['swpm_level_hash']);
84	+ $level_value = sanitize_text_field($_POST['membership_level']);
85	+ $swpm_p_key = get_option('swpm_private_key_one');
86	+ $hash_val = md5($swpm_p_key.'\|'.$level_value);
87	+ if($hash_val != $hash_val_posted){//Level hash validation failed.
88	+ $msg = '<p>Error! Security check failed for membership level validation.</p>';
89	+ $msg .= '<p>The submitted membership level data does not seem to be authentic.</p>';
90	+ $msg .= '<p>If you are using caching please empty the cache data and try again.</p>';
91	+ wp_die($msg);
92	+ }
93	+
94	+ //Crete the member profile and send notification
95	+ if ($this->create_swpm_user() && $this->prepare_and_create_wp_user_front_end() && $this->send_reg_email()) {
96	do_action('swpm_front_end_registration_complete'); //Keep this action hook for people who are using it (so their implementation doesn't break).
97	do_action('swpm_front_end_registration_complete_user_data', $this->member_info);
98

150	return true;
151	}
152
153	+ private function prepare_and_create_wp_user_front_end() {
154	global $wpdb;
155	$member_info = $this->member_info;
156	+
157	+ //Retrieve the user role assigned for this level
158	$query = $wpdb->prepare("SELECT role FROM " . $wpdb->prefix . "swpm_membership_tbl WHERE id = %d", $member_info['membership_level']);
159	+ $user_role = $wpdb->get_var($query);
160	+ //Check to make sure that the user role of this level is not admin.
161	+ if($user_role == 'administrator'){
162	+ //For security reasons we don't allow users with administrator role to be creted from the front-end. That can only be done from the admin dashboard side.
163	+ $error_msg = '<p>Error! The user role for this membership level (level ID: '.$member_info['membership_level'].') is set to "Administrator".</p>';
164	+ $error_msg .= '<p>For security reasons, member registration to this level is not permitted from the front end.</p>';
165	+ $error_msg .= '<p>An administrator of the site can manually create a member record with this access level from the admin dashboard side.</p>';
166	+ wp_die($error_msg);
167	+ }
168	+
169	$wp_user_info = array();
170	$wp_user_info['user_nicename'] = implode('-', explode(' ', $member_info['user_name']));
171	$wp_user_info['display_name'] = $member_info['user_name'];

175	$wp_user_info['last_name'] = $member_info['last_name'];
176	$wp_user_info['user_login'] = $member_info['user_name'];
177	$wp_user_info['password'] = $member_info['plain_password'];
178	+ $wp_user_info['role'] = $user_role;
179	$wp_user_info['user_registered'] = date('Y-m-d H:i:s');
180	SwpmUtils::create_wp_user($wp_user_info);
181	return true;
182	}
183
184	+ public function edit_profile_front_end() {
185	global $wpdb;
186	+ //Check that the member is logged in
187	$auth = SwpmAuth::get_instance();
188	if (!$auth->is_logged_in()) {
189	return;
190	}
191	+
192	+ //Check nonce
193	+ if ( !isset($_POST['swpm_profile_edit_nonce_val']) \|\| !wp_verify_nonce($_POST['swpm_profile_edit_nonce_val'], 'swpm_profile_edit_nonce_action' )){
194	+ //Nonce check failed.
195	+ wp_die(SwpmUtils::_("Error! Nonce verification failed for front end profile edit."));
196	+ }
197	+
198	$user_data = (array) $auth->userData;
199	unset($user_data['permitted']);
200	$form = new SwpmForm($user_data);

classes/class.swpm-init-time-tasks.php CHANGED Viewed

	@@ -23,11 +23,6 @@ class SwpmInitTimeTasks {
23	//Crete the custom post types
24	$this->create_post_type();
25
26	- if (current_user_can(SWPM_MANAGEMENT_PERMISSION)) {
27	- // Admin dashboard stuff
28	- $this->admin_init();
29	- }
30	-
31	//Do frontend-only init time tasks
32	if (!is_admin()) {
33	SwpmAuth::get_instance();
	@@ -43,6 +38,12 @@ class SwpmInitTimeTasks {
43	$this->register_member();
44	$this->edit_profile();
45	SwpmCommentFormRelated::check_and_restrict_comment_posting_to_members();






46	}
47
48	//IPN listener
	@@ -52,21 +53,21 @@ class SwpmInitTimeTasks {
52	public function admin_init() {
53	$createswpmuser = filter_input(INPUT_POST, 'createswpmuser');
54	if (!empty($createswpmuser)) {
55	- SwpmAdminRegistration::get_instance()->~~register~~();
56	}
57	$editswpmuser = filter_input(INPUT_POST, 'editswpmuser');
58	if (!empty($editswpmuser)) {
59	$id = filter_input(INPUT_GET, 'member_id', FILTER_VALIDATE_INT);
60	- SwpmAdminRegistration::get_instance()->~~edit~~($id);
61	}
62	$createswpmlevel = filter_input(INPUT_POST, 'createswpmlevel');
63	if (!empty($createswpmlevel)) {
64	- SwpmMembershipLevel::get_instance()->~~create~~();
65	}
66	$editswpmlevel = filter_input(INPUT_POST, 'editswpmlevel');
67	if (!empty($editswpmlevel)) {
68	$id = filter_input(INPUT_GET, 'id');
69	- SwpmMembershipLevel::get_instance()->~~edit~~($id);
70	}
71	$update_category_list = filter_input(INPUT_POST, 'update_category_list');
72	if (!empty($update_category_list)) {
	@@ -131,14 +132,14 @@ class SwpmInitTimeTasks {
131	private function register_member() {
132	$registration = filter_input(INPUT_POST, 'swpm_registration_submit');
133	if (!empty($registration)) {
134	- SwpmFrontRegistration::get_instance()->~~register~~();
135	}
136	}
137
138	private function edit_profile() {
139	$swpm_editprofile_submit = filter_input(INPUT_POST, 'swpm_editprofile_submit');
140	if (!empty($swpm_editprofile_submit)) {
141	- SwpmFrontRegistration::get_instance()->~~edit~~();
142	//TODO - do a redirect?
143	}
144	}


23	//Crete the custom post types
24	$this->create_post_type();
25





26	//Do frontend-only init time tasks
27	if (!is_admin()) {
28	SwpmAuth::get_instance();

38	$this->register_member();
39	$this->edit_profile();
40	SwpmCommentFormRelated::check_and_restrict_comment_posting_to_members();
41	+ } else {
42	+ //Do admin side init time tasks
43	+ if (current_user_can(SWPM_MANAGEMENT_PERMISSION)) {
44	+ //Admin dashboard side stuff
45	+ $this->admin_init();
46	+ }
47	}
48
49	//IPN listener

53	public function admin_init() {
54	$createswpmuser = filter_input(INPUT_POST, 'createswpmuser');
55	if (!empty($createswpmuser)) {
56	+ SwpmAdminRegistration::get_instance()->register_admin_end();
57	}
58	$editswpmuser = filter_input(INPUT_POST, 'editswpmuser');
59	if (!empty($editswpmuser)) {
60	$id = filter_input(INPUT_GET, 'member_id', FILTER_VALIDATE_INT);
61	+ SwpmAdminRegistration::get_instance()->edit_admin_end($id);
62	}
63	$createswpmlevel = filter_input(INPUT_POST, 'createswpmlevel');
64	if (!empty($createswpmlevel)) {
65	+ SwpmMembershipLevel::get_instance()->create_level();
66	}
67	$editswpmlevel = filter_input(INPUT_POST, 'editswpmlevel');
68	if (!empty($editswpmlevel)) {
69	$id = filter_input(INPUT_GET, 'id');
70	+ SwpmMembershipLevel::get_instance()->edit_level($id);
71	}
72	$update_category_list = filter_input(INPUT_POST, 'update_category_list');
73	if (!empty($update_category_list)) {

132	private function register_member() {
133	$registration = filter_input(INPUT_POST, 'swpm_registration_submit');
134	if (!empty($registration)) {
135	+ SwpmFrontRegistration::get_instance()->register_front_end();
136	}
137	}
138
139	private function edit_profile() {
140	$swpm_editprofile_submit = filter_input(INPUT_POST, 'swpm_editprofile_submit');
141	if (!empty($swpm_editprofile_submit)) {
142	+ SwpmFrontRegistration::get_instance()->edit_profile_front_end();
143	//TODO - do a redirect?
144	}
145	}

classes/class.swpm-installation.php CHANGED Viewed

	@@ -247,6 +247,11 @@ class SwpmInstallation {
247	}
248
249	$settings->set_value('swpm-active-version', SIMPLE_WP_MEMBERSHIP_VER)->save(); //save everything.





250	}
251
252	}


247	}
248
249	$settings->set_value('swpm-active-version', SIMPLE_WP_MEMBERSHIP_VER)->save(); //save everything.
250	+
251	+ //Generate and save a swpm private key for this site
252	+ $unique_id = uniqid('', true);
253	+ add_option('swpm_private_key_one',$unique_id);
254	+
255	}
256
257	}

classes/class.swpm-members.php CHANGED Viewed

	@@ -55,9 +55,10 @@ class SwpmMembers extends WP_List_Table {
55	}
56
57	function column_member_id($item) {

58	$actions = array(
59	'edit' => sprintf('<a href="admin.php?page=simple_wp_membership&member_action=edit&member_id=%s">Edit</a>', $item['member_id']),
60	- 'delete' => sprintf('<a href="admin.php?page=simple_wp_membership&member_action=delete&member_id=%s" onclick="return confirm(\'Are you sure you want to delete this entry?\')">Delete</a>', $item['member_id']),
61	);
62	return $item['member_id'] . $this->row_actions($actions);
63	}
	@@ -321,6 +322,15 @@ class SwpmMembers extends WP_List_Table {
321
322	function delete() {
323	if (isset($_REQUEST['member_id'])) {









324	$id = sanitize_text_field($_REQUEST['member_id']);
325	$id = absint($id);
326	SwpmMembers::delete_user_by_id($id);
	@@ -343,7 +353,7 @@ class SwpmMembers extends WP_List_Table {
343	$wpdb->query($query);
344	}
345
346	- function ~~show~~() {
347	ob_start();
348	$status = filter_input(INPUT_GET, 'status');
349	include_once(SIMPLE_WP_MEMBERSHIP_PATH . 'views/admin_members_list.php');
	@@ -440,7 +450,7 @@ class SwpmMembers extends WP_List_Table {
440	switch ($action) {
441	case 'members_list':
442	//Show the members listing
443	- echo $this->~~show~~();
444	break;
445	case 'add':
446	//Process member profile add
	@@ -452,7 +462,7 @@ class SwpmMembers extends WP_List_Table {
452	break;
453	default:
454	//Show the members listing page by default.
455	- echo $this->~~show~~();
456	break;
457	}
458


55	}
56
57	function column_member_id($item) {
58	+ $delete_swpmuser_nonce = wp_create_nonce( 'delete_swpmuser_admin_end' );
59	$actions = array(
60	'edit' => sprintf('<a href="admin.php?page=simple_wp_membership&member_action=edit&member_id=%s">Edit</a>', $item['member_id']),
61	+ 'delete' => sprintf('<a href="admin.php?page=simple_wp_membership&member_action=delete&member_id=%s&delete_swpmuser_nonce=%s" onclick="return confirm(\'Are you sure you want to delete this entry?\')">Delete</a>', $item['member_id'], $delete_swpmuser_nonce),
62	);
63	return $item['member_id'] . $this->row_actions($actions);
64	}

322
323	function delete() {
324	if (isset($_REQUEST['member_id'])) {
325	+ //Check we are on the admin end and user has management permission
326	+ SwpmMiscUtils::check_user_permission_and_is_admin('member deletion by admin');
327	+
328	+ //Check nonce
329	+ if ( !isset($_REQUEST['delete_swpmuser_nonce']) \|\| !wp_verify_nonce($_REQUEST['delete_swpmuser_nonce'], 'delete_swpmuser_admin_end' )){
330	+ //Nonce check failed.
331	+ wp_die(SwpmUtils::_("Error! Nonce verification failed for user delete from admin end."));
332	+ }
333	+
334	$id = sanitize_text_field($_REQUEST['member_id']);
335	$id = absint($id);
336	SwpmMembers::delete_user_by_id($id);

353	$wpdb->query($query);
354	}
355
356	+ function show_all_members() {
357	ob_start();
358	$status = filter_input(INPUT_GET, 'status');
359	include_once(SIMPLE_WP_MEMBERSHIP_PATH . 'views/admin_members_list.php');

450	switch ($action) {
451	case 'members_list':
452	//Show the members listing
453	+ echo $this->show_all_members();
454	break;
455	case 'add':
456	//Process member profile add

462	break;
463	default:
464	//Show the members listing page by default.
465	+ echo $this->show_all_members();
466	break;
467	}
468

classes/class.swpm-membership-level.php CHANGED Viewed

	@@ -17,7 +17,7 @@ class SwpmMembershipLevel {
17	private static $_instance = null;
18
19	private function __construct() {
20	- ;
21	}
22
23	public static function get_instance() {
	@@ -25,7 +25,16 @@ class SwpmMembershipLevel {
25	return self::$_instance;
26	}
27
28	- public function ~~create~~() {









29	global $wpdb;
30	$level = SwpmTransfer::$default_level_fields;
31	$form = new SwpmLevelForm($level);
	@@ -44,7 +53,16 @@ class SwpmMembershipLevel {
44	SwpmTransfer::get_instance()->set('status', $message);
45	}
46
47	- public function ~~edit~~($id) {









48	global $wpdb;
49	$query = $wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "swpm_membership_tbl WHERE id = %d", $id);
50	$level = $wpdb->get_row($query, ARRAY_A);


17	private static $_instance = null;
18
19	private function __construct() {
20	+ //NOP
21	}
22
23	public static function get_instance() {

25	return self::$_instance;
26	}
27
28	+ public function create_level() {
29	+ //Check we are on the admin end and user has management permission
30	+ SwpmMiscUtils::check_user_permission_and_is_admin('membership level creation');
31	+
32	+ //Check nonce
33	+ if ( !isset($_POST['_wpnonce_create_swpmlevel_admin_end']) \|\| !wp_verify_nonce($_POST['_wpnonce_create_swpmlevel_admin_end'], 'create_swpmlevel_admin_end' )){
34	+ //Nonce check failed.
35	+ wp_die(SwpmUtils::_("Error! Nonce verification failed for membership level creation from admin end."));
36	+ }
37	+
38	global $wpdb;
39	$level = SwpmTransfer::$default_level_fields;
40	$form = new SwpmLevelForm($level);

53	SwpmTransfer::get_instance()->set('status', $message);
54	}
55
56	+ public function edit_level($id) {
57	+ //Check we are on the admin end and user has management permission
58	+ SwpmMiscUtils::check_user_permission_and_is_admin('membership level edit');
59	+
60	+ //Check nonce
61	+ if ( !isset($_POST['_wpnonce_edit_swpmlevel_admin_end']) \|\| !wp_verify_nonce($_POST['_wpnonce_edit_swpmlevel_admin_end'], 'edit_swpmlevel_admin_end' )){
62	+ //Nonce check failed.
63	+ wp_die(SwpmUtils::_("Error! Nonce verification failed for membership level edit from admin end."));
64	+ }
65	+
66	global $wpdb;
67	$query = $wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "swpm_membership_tbl WHERE id = %d", $id);
68	$level = $wpdb->get_row($query, ARRAY_A);

classes/class.swpm-membership-levels.php CHANGED Viewed

	@@ -67,9 +67,11 @@ class SwpmMembershipLevels extends WP_List_Table {
67	}
68
69	function column_id($item) {


70	$actions = array(
71	'edit' => sprintf('<a href="admin.php?page=simple_wp_membership_levels&level_action=edit&id=%s">Edit</a>', $item['id']),
72	- 'delete' => sprintf('<a href="admin.php?page=simple_wp_membership_levels&level_action=delete&id=%s" onclick="return confirm(\'Are you sure you want to delete this entry?\')">Delete</a>', $item['id']),
73	);
74	return $item['id'] . $this->row_actions($actions);
75	}
	@@ -181,9 +183,19 @@ class SwpmMembershipLevels extends WP_List_Table {
181	}
182	}
183
184	- function ~~delete~~() {
185	global $wpdb;
186	if (isset($_REQUEST['id'])) {










187	$id = sanitize_text_field($_REQUEST['id']);
188	$id = absint($id);
189	$query = $wpdb->prepare("DELETE FROM " . $wpdb->prefix . "swpm_membership_tbl WHERE id = %d", $id);
	@@ -192,7 +204,7 @@ class SwpmMembershipLevels extends WP_List_Table {
192	}
193	}
194
195	- function ~~show~~() {
196	?>
197	<div class="swpm-margin-top-10"></div>
198	<form method="post">
	@@ -291,9 +303,9 @@ class SwpmMembershipLevels extends WP_List_Table {
291	$this->manage_categroy();
292	break;
293	case 'delete':
294	- $this->~~delete~~();
295	default:
296	- $this->~~show~~();
297	break;
298	}
299


67	}
68
69	function column_id($item) {
70	+ $delete_swpmlevel_nonce = wp_create_nonce( 'nonce_delete_swpmlevel_admin_end' );
71	+
72	$actions = array(
73	'edit' => sprintf('<a href="admin.php?page=simple_wp_membership_levels&level_action=edit&id=%s">Edit</a>', $item['id']),
74	+ 'delete' => sprintf('<a href="admin.php?page=simple_wp_membership_levels&level_action=delete&id=%s&delete_swpmlevel_nonce=%s" onclick="return confirm(\'Are you sure you want to delete this entry?\')">Delete</a>', $item['id'],$delete_swpmlevel_nonce),
75	);
76	return $item['id'] . $this->row_actions($actions);
77	}

183	}
184	}
185
186	+ function delete_level() {
187	global $wpdb;
188	if (isset($_REQUEST['id'])) {
189	+
190	+ //Check we are on the admin end and user has management permission
191	+ SwpmMiscUtils::check_user_permission_and_is_admin('membership level delete');
192	+
193	+ //Check nonce
194	+ if ( !isset($_REQUEST['delete_swpmlevel_nonce']) \|\| !wp_verify_nonce($_REQUEST['delete_swpmlevel_nonce'], 'nonce_delete_swpmlevel_admin_end' )){
195	+ //Nonce check failed.
196	+ wp_die(SwpmUtils::_("Error! Nonce verification failed for membership level delete from admin end."));
197	+ }
198	+
199	$id = sanitize_text_field($_REQUEST['id']);
200	$id = absint($id);
201	$query = $wpdb->prepare("DELETE FROM " . $wpdb->prefix . "swpm_membership_tbl WHERE id = %d", $id);

204	}
205	}
206
207	+ function show_levels() {
208	?>
209	<div class="swpm-margin-top-10"></div>
210	<form method="post">

303	$this->manage_categroy();
304	break;
305	case 'delete':
306	+ $this->delete_level();
307	default:
308	+ $this->show_levels();
309	break;
310	}
311

classes/class.swpm-protection.php CHANGED Viewed

	@@ -19,7 +19,8 @@ class SwpmProtection extends SwpmProtectionBase {
19	public function is_protected($id) {
20	if ($this->post_in_parent_categories($id) \|\| $this->post_in_categories($id)) {
21	$this->msg = '<p style="background: #FFF6D5; border: 1px solid #D1B655; color: #3F2502; margin: 10px 0px 10px 0px; padding: 5px 5px 5px 10px;">
22	- The category or parent category of this post is protected. You can change the category protection settings ~~from the <a href="admin.php?page=simple_wp_membership_levels&level_action=category_list" target="_blank">category protection</a> menu.~~

23	</p>';
24	return true;
25	}


19	public function is_protected($id) {
20	if ($this->post_in_parent_categories($id) \|\| $this->post_in_categories($id)) {
21	$this->msg = '<p style="background: #FFF6D5; border: 1px solid #D1B655; color: #3F2502; margin: 10px 0px 10px 0px; padding: 5px 5px 5px 10px;">
22	+ The category or parent category of this post is protected. You can change the category protection settings
23	+ from the <a href="admin.php?page=simple_wp_membership_levels&level_action=category_list" target="_blank">category protection</a> menu.
24	</p>';
25	return true;
26	}

classes/class.swpm-utils-misc.php CHANGED Viewed

@@ -264,4 +264,18 @@ class SwpmMiscUtils {
+                    }
                     return false;
+                }
+            }


264	}
265	return false;
266	}
267	+
268	+ public static function check_user_permission_and_is_admin($action_name){
269	+ //Check we are on the admin end
270	+ if (!is_admin()) {
271	+ //Error! This is not on the admin end. This can only be done from the admin side
272	+ wp_die(SwpmUtils::_("Error! This action (".$action_name.") can only be done from admin end."));
273	+ }
274	+
275	+ //Check user has management permission
276	+ if (!current_user_can(SWPM_MANAGEMENT_PERMISSION)) {
277	+ //Error! Only management users can do this
278	+ wp_die(SwpmUtils::_("Error! This action (".$action_name.") can only be done by an user with management permission."));
279	+ }
280	+ }
281	}

classes/class.swpm-utils.php CHANGED Viewed

	@@ -357,7 +357,6 @@ abstract class SwpmUtils {
357
358	public static function get_free_level() {
359	$encrypted = filter_input(INPUT_POST, 'level_identifier');
360	- global $wpdb;
361	if (!empty($encrypted)) {
362	return SwpmPermission::get_instance($encrypted)->get('id');
363	}


357
358	public static function get_free_level() {
359	$encrypted = filter_input(INPUT_POST, 'level_identifier');

360	if (!empty($encrypted)) {
361	return SwpmPermission::get_instance($encrypted)->get('id');
362	}

ipn/swpm_handle_pp_ipn.php CHANGED Viewed

	@@ -167,7 +167,8 @@ class swpm_paypal_ipn_handler {
167	swpm_handle_subsc_signup_stand_alone($this->ipn_data,$subsc_ref,$this->ipn_data['txn_id'],$swpm_id);
168	}
169	else if($transaction_type == "subscr_payment"){
170	- ~~//swpm_update_member_subscription_start_date_if_applicable(~~$this->~~ipn_data~~);

171	}
172	}
173	else


167	swpm_handle_subsc_signup_stand_alone($this->ipn_data,$subsc_ref,$this->ipn_data['txn_id'],$swpm_id);
168	}
169	else if($transaction_type == "subscr_payment"){
170	+ $this->debug_log('swpm subscr_payment type transaction. Checking if the member profile needed to be updated',true);
171	+ swpm_update_member_subscription_start_date_if_applicable($this->ipn_data);
172	}
173	}
174	else

readme.txt CHANGED Viewed

	@@ -2,9 +2,9 @@
2	Contributors: smp7, wp.insider, amijanina
3	Donate link: https://simple-membership-plugin.com/
4	Tags: member, members, members only, membership, memberships, register, WordPress membership plugin, content, content protection, paypal, restrict, restrict access, Restrict content, admin, access control, subscription, teaser, protection, profile, login, login page, bbpress, stripe
5	- Requires at least: 3.3
6	Tested up to: 4.6
7	- Stable tag: 3.3.2
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
	@@ -127,6 +127,21 @@ Please visit the memberhsip plugin page to view screenshots:
127	https://simple-membership-plugin.com/
128
129	== Changelog ==















130
131	= 3.3.2 =
132	- You can now view a member's last accessed date and time value by editing the member's profile from the admin dashboard.


2	Contributors: smp7, wp.insider, amijanina
3	Donate link: https://simple-membership-plugin.com/
4	Tags: member, members, members only, membership, memberships, register, WordPress membership plugin, content, content protection, paypal, restrict, restrict access, Restrict content, admin, access control, subscription, teaser, protection, profile, login, login page, bbpress, stripe
5	+ Requires at least: 4.0
6	Tested up to: 4.6
7	+ Stable tag: 3.3.5
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

127	https://simple-membership-plugin.com/
128
129	== Changelog ==
130	+ = 3.3.5 =
131	+ - Added nonce check on the edit profile form.
132	+ - Added an extra check for the membership level data on the registration form.
133	+ - Minimum WordPress version requirement updated to v4.0.
134	+
135	+ = 3.3.4 =
136	+ - If you are editing the post protection settings of a post that belongs to a protected category, it will now show a message in the protection settings box to let you know.
137	+ - Improved nonce check with the protection settings saving functionality.
138	+
139	+ = 3.3.3 =
140	+ - Improvements for a recurring payment received transaction. It will update the profile even if the membership level setting is using a duration type value.
141	+ - Fixed CSRF vulnerabilies.
142	+ - Added nonce verification check in various admin side actions.
143	+ - Added is_admin() check for various admin side actions.
144	+ - Added current_user_can() check for various admin side actions.
145
146	= 3.3.2 =
147	- You can now view a member's last accessed date and time value by editing the member's profile from the admin dashboard.

simple-wp-membership.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	<?php
2	/*
3	Plugin Name: Simple WordPress Membership
4	- Version: 3.3.2
5	Plugin URI: https://simple-membership-plugin.com/
6	Author: smp7, wp.insider
7	Author URI: https://simple-membership-plugin.com/
	@@ -17,7 +17,7 @@ include_once('classes/class.simple-wp-membership.php');
17	include_once('classes/class.swpm-cronjob.php');
18	include_once('swpm-compat.php');
19
20	- define('SIMPLE_WP_MEMBERSHIP_VER', '3.3.2');
21	define('SIMPLE_WP_MEMBERSHIP_DB_VER', '1.2');
22	define('SIMPLE_WP_MEMBERSHIP_SITE_HOME_URL', home_url());
23	define('SIMPLE_WP_MEMBERSHIP_PATH', dirname(__FILE__) . '/');


1	<?php
2	/*
3	Plugin Name: Simple WordPress Membership
4	+ Version: 3.3.5
5	Plugin URI: https://simple-membership-plugin.com/
6	Author: smp7, wp.insider
7	Author URI: https://simple-membership-plugin.com/

17	include_once('classes/class.swpm-cronjob.php');
18	include_once('swpm-compat.php');
19
20	+ define('SIMPLE_WP_MEMBERSHIP_VER', '3.3.5');
21	define('SIMPLE_WP_MEMBERSHIP_DB_VER', '1.2');
22	define('SIMPLE_WP_MEMBERSHIP_SITE_HOME_URL', home_url());
23	define('SIMPLE_WP_MEMBERSHIP_PATH', dirname(__FILE__) . '/');

views/add.php CHANGED Viewed

@@ -29,8 +29,19 @@
                         <tr class="swpm-registration-membership-level-row">
                             <td><label for="membership_level"><?php echo SwpmUtils::_('Membership Level') ?></label></td>
                             <td>
-            -
                                <?php echo $membership_level_alias; ?>
-            -
                                <input type="hidden" value="<?php echo $membership_level; ?>" size="50" name="membership_level" id="membership_level" />
                             </td>
                         </tr>
                     </table>


29	<tr class="swpm-registration-membership-level-row">
30	<td><label for="membership_level"><?php echo SwpmUtils::_('Membership Level') ?></label></td>
31	<td>
32	+ <?php
33	+ echo $membership_level_alias;//Show the level name in the form.
34	+ //Add the input fields for the level data.
35	+ echo '<input type="hidden" value="'.$membership_level.'" size="50" name="membership_level" id="membership_level" />';
36	+ //Add the level input verification data.
37	+ $swpm_p_key = get_option('swpm_private_key_one');
38	+ if(empty($swpm_p_key)){
39	+ $swpm_p_key = uniqid('', true);
40	+ update_option('swpm_private_key_one',$swpm_p_key);
41	+ }
42	+ $swpm_level_hash = md5($swpm_p_key.'\|'.$membership_level);//level hash
43	+ echo '<input type="hidden" name="swpm_level_hash" value="' . $swpm_level_hash . '" />';
44	+ ?>
45	</td>
46	</tr>
47	</table>

views/admin_add.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	<div class="wrap" id="swpm-profile-page" type="add">
2	<form action="" method="post" name="swpm-create-user" id="swpm-create-user" class="validate"<?php do_action('user_new_form_tag');?>>
3	<input name="action" type="hidden" value="createuser" />
4	- <?php wp_nonce_field( '~~create-swpmuser~~', '~~_wpnonce_create-swpmuser~~' ) ?>
5	<h3><?php echo SwpmUtils::_('Add Member') ?></h3>
6	<p><?php echo SwpmUtils::_('Create a brand new user and add it to this site.'); ?></p>
7	<table class="form-table">


1	<div class="wrap" id="swpm-profile-page" type="add">
2	<form action="" method="post" name="swpm-create-user" id="swpm-create-user" class="validate"<?php do_action('user_new_form_tag');?>>
3	<input name="action" type="hidden" value="createuser" />
4	+ <?php wp_nonce_field( 'create_swpmuser_admin_end', '_wpnonce_create_swpmuser_admin_end' ) ?>
5	<h3><?php echo SwpmUtils::_('Add Member') ?></h3>
6	<p><?php echo SwpmUtils::_('Create a brand new user and add it to this site.'); ?></p>
7	<table class="form-table">

views/admin_add_level.php CHANGED Viewed

	@@ -4,7 +4,7 @@
4	<input name="action" type="hidden" value="createlevel" />
5	<h3>Add Membership Level</h3>
6	<p><?php echo SwpmUtils::_('Create new membership level.'); ?></p>
7	- <?php wp_nonce_field( '~~create-swpmlevel~~', '~~_wpnonce_create-swpmlevel~~' ) ?>
8	<table class="form-table">
9	<tbody>
10	<tr>


4	<input name="action" type="hidden" value="createlevel" />
5	<h3>Add Membership Level</h3>
6	<p><?php echo SwpmUtils::_('Create new membership level.'); ?></p>
7	+ <?php wp_nonce_field( 'create_swpmlevel_admin_end', '_wpnonce_create_swpmlevel_admin_end' ) ?>
8	<table class="form-table">
9	<tbody>
10	<tr>

views/admin_edit.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	<div class="wrap" id="swpm-profile-page" type="edit">
2	<form action="" method="post" name="swpm-edit-user" id="swpm-edit-user" class="validate"<?php do_action('user_new_form_tag');?>>
3	<input name="action" type="hidden" value="edituser" />
4	- <?php wp_nonce_field( '~~edit-swpmuser~~', '~~_wpnonce_edit-swpmuser~~' ) ?>
5	<h3><?php echo SwpmUtils::_('Edit Member') ?></h3>
6	<p>
7	<?php echo SwpmUtils::_('Edit existing member details.'); ?>
	@@ -82,7 +82,8 @@
82	<?php echo apply_filters('swpm_admin_custom_fields', '',$membership_level); ?>
83	<?php submit_button( SwpmUtils::_('Edit User '), 'primary', 'editswpmuser', true, array( 'id' => 'createswpmusersub' ) ); ?>
84	<?php
85	- $~~member_delete_url~~ = ~~"?page=simple_wp_membership&member_action=delete&member_id=".$member_id~~;

86	echo '<div class="swpm-admin-delete-user-profile-link">';
87	echo '<a style="color:red;font-weight:bold;" href="'.$member_delete_url.'" onclick="return confirm(\'Are you sure you want to delete this user profile?\')">'.SwpmUtils::_('Delete User Profile').'</a>';
88	echo '</div>';


1	<div class="wrap" id="swpm-profile-page" type="edit">
2	<form action="" method="post" name="swpm-edit-user" id="swpm-edit-user" class="validate"<?php do_action('user_new_form_tag');?>>
3	<input name="action" type="hidden" value="edituser" />
4	+ <?php wp_nonce_field( 'edit_swpmuser_admin_end', '_wpnonce_edit_swpmuser_admin_end' ) ?>
5	<h3><?php echo SwpmUtils::_('Edit Member') ?></h3>
6	<p>
7	<?php echo SwpmUtils::_('Edit existing member details.'); ?>

82	<?php echo apply_filters('swpm_admin_custom_fields', '',$membership_level); ?>
83	<?php submit_button( SwpmUtils::_('Edit User '), 'primary', 'editswpmuser', true, array( 'id' => 'createswpmusersub' ) ); ?>
84	<?php
85	+ $delete_swpmuser_nonce = wp_create_nonce( 'delete_swpmuser_admin_end' );
86	+ $member_delete_url = "?page=simple_wp_membership&member_action=delete&member_id=".$member_id."&delete_swpmuser_nonce=".$delete_swpmuser_nonce;
87	echo '<div class="swpm-admin-delete-user-profile-link">';
88	echo '<a style="color:red;font-weight:bold;" href="'.$member_delete_url.'" onclick="return confirm(\'Are you sure you want to delete this user profile?\')">'.SwpmUtils::_('Delete User Profile').'</a>';
89	echo '</div>';

views/admin_edit_level.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	<div class="wrap" id="swpm-level-page">
2	<form action="" method="post" name="swpm-edit-level" id="swpm-edit-level" class="validate"<?php do_action('level_edit_form_tag');?>>
3	<input name="action" type="hidden" value="editlevel" />
4	- <?php wp_nonce_field( '~~edit-swpmlevel~~', '~~_wpnonce_edit-swpmlevel~~' ) ?>
5	<h2><?php echo SwpmUtils::_('Edit membership level'); ?></h2>
6	<p>
7	<?php


1	<div class="wrap" id="swpm-level-page">
2	<form action="" method="post" name="swpm-edit-level" id="swpm-edit-level" class="validate"<?php do_action('level_edit_form_tag');?>>
3	<input name="action" type="hidden" value="editlevel" />
4	+ <?php wp_nonce_field( 'edit_swpmlevel_admin_end', '_wpnonce_edit_swpmlevel_admin_end' ) ?>
5	<h2><?php echo SwpmUtils::_('Edit membership level'); ?></h2>
6	<p>
7	<?php

views/admin_members_list.php CHANGED Viewed

	@@ -1,4 +1,7 @@
1	<?php



2	if (isset($_REQUEST['member_action']) && $_REQUEST['member_action'] == 'delete') {
3	//Delete this record
4	$this->delete();


1	<?php
2	+
3	+ //$this refers to class "SwpmMembers" in this context.
4	+
5	if (isset($_REQUEST['member_action']) && $_REQUEST['member_action'] == 'delete') {
6	//Delete this record
7	$this->delete();

views/edit.php CHANGED Viewed

	@@ -8,6 +8,7 @@ extract($user_data, EXTR_SKIP);
8	?>
9	<div class="swpm-edit-profile-form">
10	<form id="swpm-editprofile-form" name="swpm-editprofile-form" method="post" action="">

11	<table>
12	<tr class="swpm-profile-username-row">
13	<td><label for="user_name"><?php echo SwpmUtils::_('Username') ?></label></td>


8	?>
9	<div class="swpm-edit-profile-form">
10	<form id="swpm-editprofile-form" name="swpm-editprofile-form" method="post" action="">
11	+ <?php wp_nonce_field( 'swpm_profile_edit_nonce_action', 'swpm_profile_edit_nonce_val' ) ?>
12	<table>
13	<tr class="swpm-profile-username-row">
14	<td><label for="user_name"><?php echo SwpmUtils::_('Username') ?></label></td>