Stop User Enumeration - Version 1.3.5

Version Description

  • full rewrite
  • Changed detection rules to stop a reported bypass
  • Added detection and suppression of REST API calls to user data
  • Added settings page to allow REST API calls or stop system logging as required
  • Added code to remove numbers from comment authors, and setting to turn that off
Download this release

Release Info

Developer fullworks
Plugin Icon 128x128 Stop User Enumeration
Version 1.3.5
Comparing to
See all releases

Code changes from version 1.3.4 to 1.3.5

Files changed (5) hide show
  1. js/commentauthor.js +5 -0
  2. readme.txt +27 -6
  3. settings/settings-general.php +42 -0
  4. stop-user-enumeration.php +166 -16
  5. wp-settings-framework.php +988 -0
js/commentauthor.js ADDED
@@ -0,0 +1,5 @@
 
 
 
 
 
1
+ jQuery(document).ready(function($) {
2
+ $(".comment-form input[name='author']").blur(function() {
3
+ $(this).val($(this).val().replace(/\d+/g, ''));
4
+ });
5
+ });
readme.txt CHANGED
@@ -2,30 +2,43 @@
2
  Contributors: fullworks
3
  Tags: User Enumeration, Security, WPSCAN, fail2ban
4
  Requires at least: 3.4
5
- Tested up to: 4.4.2
6
- Stable tag: 1.3.4
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
10
  User Enumeration is a method hackers and scanners use to get your username. This plugin stops it.
11
  == Description ==
12
  Even if you are careful and set your blogging nickname differently from your login id, if you are using permalinks it only takes a few seconds
13
- to discover your real user name. This plugin stops user enumeration dead (like in use by WPSCAN), and additionally it will log an event
14
- in your system log so you can use (optionally) fail2ban to block the probing IP.
 
 
 
 
 
 
 
15
  == Installation ==
16
 
17
  1. Upload `plugin-name.php` to the `/wp-content/plugins/` directory
18
  1. Activate the plugin through the 'Plugins' menu in WordPress
 
19
 
20
  == Frequently asked questions ==
21
 
22
  = Are there any settings? =
23
- No
24
  = Will it work on Multisite? =
25
  Yes
 
 
 
 
26
  = Do I need fail2ban for this to work? =
27
- No, but fail2ban will allow you to block IP addresses that attempt user enumeration.
28
  = What do I do with the fail2ban file?=
 
29
  Place the file wordpress-userenum.conf in your fail2ban installation's filter.d directory.
30
  edit your jail.local to include lines like
31
  `[wordpress-userenum]
@@ -40,6 +53,14 @@ Adjusted to your own requirements.
40
 
41
  == Changelog ==
42
  =
 
 
 
 
 
 
 
 
43
  = 1.3.4 =
44
 
45
  * Simplify code and deal with undefined request and other argument issues
2
  Contributors: fullworks
3
  Tags: User Enumeration, Security, WPSCAN, fail2ban
4
  Requires at least: 3.4
5
+ Tested up to: 4.7
6
+ Stable tag: 1.3.5
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
10
  User Enumeration is a method hackers and scanners use to get your username. This plugin stops it.
11
  == Description ==
12
  Even if you are careful and set your blogging nickname differently from your login id, if you are using permalinks it only takes a few seconds
13
+ to discover your real user name.
14
+
15
+ This plugin stops user enumeration dead (like in use by WPSCAN), and additionally it will log an event
16
+ in your system log so you can use (optionally) fail2ban to block the probing IP directly at your firewall, a very powerful solution for VPS owners to stop brute force attacks as well as DDoS attacks.
17
+
18
+ Since WordPress 4.5 user data can also be obtained by API calls without logging in, this is a WordPress feature, but if you don't need it, this
19
+ plugin will restrict that too.
20
+
21
+
22
  == Installation ==
23
 
24
  1. Upload `plugin-name.php` to the `/wp-content/plugins/` directory
25
  1. Activate the plugin through the 'Plugins' menu in WordPress
26
+ 1. If needed to change defaults settings, visit the settings page
27
 
28
  == Frequently asked questions ==
29
 
30
  = Are there any settings? =
31
+ Yes, but the default ones are fine for most cases
32
  = Will it work on Multisite? =
33
  Yes
34
+ = Why don't I just block with .htaccess =
35
+ A .htaccess solution may suffice, but most published do not cover POST blocking, REST API blocking and still allow admin users access.
36
+ = Does it break anything? =
37
+ If a comment is left by someone just giving a number that comment would be forbidden, as it is assume a hack attempt, but the plugin has a bit of code that strips out numbers from comment author names
38
  = Do I need fail2ban for this to work? =
39
+ No, but fail2ban will allow you to block IP addresses at your VPS firewall that attempt user enumeration.
40
  = What do I do with the fail2ban file?=
41
+ You only need this if you are using Fail2Ban.
42
  Place the file wordpress-userenum.conf in your fail2ban installation's filter.d directory.
43
  edit your jail.local to include lines like
44
  `[wordpress-userenum]
53
 
54
  == Changelog ==
55
  =
56
+ = 1.3.5 =
57
+
58
+ * full rewrite
59
+ * Changed detection rules to stop a reported bypass
60
+ * Added detection and suppression of REST API calls to user data
61
+ * Added settings page to allow REST API calls or stop system logging as required
62
+ * Added code to remove numbers from comment authors, and setting to turn that off
63
+
64
  = 1.3.4 =
65
 
66
  * Simplify code and deal with undefined request and other argument issues
settings/settings-general.php ADDED
@@ -0,0 +1,42 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ add_filter( 'wpsf_register_settings_sue_settings', 'sue_settings' );
3
+
4
+ function sue_settings( $wpsf_settings ) {
5
+ // General Settings section
6
+ $wpsf_settings[] = array(
7
+ 'section_id' => 'general',
8
+ 'section_title' => '',
9
+ 'section_description' => 'These settings let you control the functionality of the plugin. Keeping this plugin up to date takes time and effort,<br> if you appreciate this effort please consider a donation, <a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=4EMTVFMKXRRYY"><strong>by clicking here (even 50 cents is appreciated and can help keep this plugin current)</strong></a>',
10
+ 'section_order' => 5,
11
+ 'fields' => array(
12
+
13
+ array(
14
+ 'id' => 'stop_rest_user',
15
+ 'title' => 'Stop REST API User calls',
16
+ 'desc' => 'WordPress allows anyone to find users by API call, by checking this box the calls will be restricted to logged in users only<br>
17
+ only untick this box if you need to allow unfettered API access to users',
18
+ 'type' => 'checkbox',
19
+ 'default' => 1
20
+ ),
21
+ array(
22
+ 'id' => 'log_auth',
23
+ 'title' => 'log attempts to AUTH LOG',
24
+ 'desc' => 'Leave this ticked if you are using <a href="http://www.fail2ban.org/wiki/index.php/Main_Page" target="_blank">Fail2Ban</a> on
25
+ your VPS to block attempts at enumeration.<br> If you are not running Fail2Ban or on a shared host this does not need to be ticked, however it normally will not cause a problem being ticked.',
26
+ 'type' => 'checkbox',
27
+ 'default' => 1
28
+ ),
29
+ array(
30
+ 'id' => 'comment_jquery',
31
+ 'title' => 'Turn off comment Author changes',
32
+ 'desc' => 'This plugin uses jQuery to remove any numbers from a comment author name, this is because numbers trigger enumeration checking.
33
+ You can untick this if you do not use comments on your site or you use a different comment method than standard',
34
+ 'type' => 'checkbox',
35
+ 'default' => 1
36
+ ),
37
+
38
+ )
39
+ );
40
+
41
+ return $wpsf_settings;
42
+ }
stop-user-enumeration.php CHANGED
@@ -1,9 +1,9 @@
1
  <?php
2
  /*
3
  Plugin Name: Stop User Enumeration
4
- Plugin URI: http://fullworks.net/wordpress-plugins/stop-user-enumeration/
5
  Description: User enumeration is a technique used by hackers to get your login name if you are using permalinks. This plugin stops that.
6
- Version: 1.3.4
7
  Author: Fullworks Digital Ltd
8
  Author URI: http://fullworks.net
9
  License: GPLv2 or later
@@ -24,22 +24,172 @@ You should have received a copy of the GNU General Public License
24
  along with this program; if not, write to the Free Software
25
  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26
  */
27
-
28
- if ( ! is_admin() && isset($_SERVER['REQUEST_URI'])){
29
- if(preg_match('/(wp-comments-post)/', $_SERVER['REQUEST_URI']) === 0 && !empty($_REQUEST['author']) ) {
30
- openlog('wordpress('.$_SERVER['HTTP_HOST'].')',LOG_NDELAY|LOG_PID,LOG_AUTH);
31
- syslog(LOG_INFO,"Attempted user enumeration from {$_SERVER['REMOTE_ADDR']}");
32
- closelog();
33
- wp_die('forbidden');
34
- }
35
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
36
 
37
- add_action('plugin_row_meta', 'sue_plugin_row_meta', 10, 2 );
38
- function sue_plugin_row_meta( $links, $file = '' ){
39
- if( false !== strpos($file , '/stop-user-enumeration.php') ){
40
- $links[] = '<a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=4EMTVFMKXRRYY"><strong>Please Donate (even 50 cents)</strong></a>';
41
- }
42
- return $links;
43
  }
 
 
 
 
 
 
 
44
 
45
  ?>
1
  <?php
2
  /*
3
  Plugin Name: Stop User Enumeration
4
+ Plugin URI: http://fullworks.net/
5
  Description: User enumeration is a technique used by hackers to get your login name if you are using permalinks. This plugin stops that.
6
+ Version: 1.3.5
7
  Author: Fullworks Digital Ltd
8
  Author URI: http://fullworks.net
9
  License: GPLv2 or later
24
  along with this program; if not, write to the Free Software
25
  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26
  */
27
+ // If this file is called directly, abort.
28
+ if ( ! defined( 'WPINC' ) ) {
29
+ die;
 
 
 
 
 
30
  }
31
+
32
+
33
+ class Stop_User_Enumeration_Plugin {
34
+ private static $instance = null;
35
+ private $plugin_path;
36
+ private $plugin_url;
37
+ private $text_domain = 'stop_user_enumeration';
38
+ private $settings_link;
39
+ private $donate_link;
40
+ /**
41
+ * Creates or returns an instance of this class.
42
+ */
43
+ public static function get_instance() {
44
+ // If an instance hasn't been created and set to $instance create an instance and set it to $instance.
45
+ if ( null == self::$instance ) {
46
+ self::$instance = new self;
47
+ }
48
+ return self::$instance;
49
+ }
50
+ /**
51
+ * Initializes the plugin by setting localization, hooks, filters, and administrative functions.
52
+ */
53
+ private function __construct() {
54
+ $this->plugin_path = plugin_dir_path( __FILE__ );
55
+ $this->plugin_url = plugin_dir_url( __FILE__ );
56
+ $this->settings_link = sprintf('<a href="options-general.php?page=sue-settings-settings">%s</a>',__("Settings"));
57
+ $this->donate_link = sprintf('<a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=4EMTVFMKXRRYY"><strong>%s</strong></a>',__("Please Donate (even 50 cents)"));
58
+ load_plugin_textdomain( $this->text_domain, false, $this->plugin_path . '/lang' );
59
+
60
+
61
+ // Include and create a new WordPressSettingsFramework
62
+ add_action( 'admin_menu', array( $this, 'init_settings' ), 99 );
63
+ require_once( $this->plugin_path .'wp-settings-framework.php' );
64
+ $this->wpsf = new WordPressSettingsFramework( $this->plugin_path .'settings/settings-general.php', 'sue_settings' );
65
+ // Add an optional settings validation filter (recommended)
66
+ add_filter( $this->wpsf->get_option_group() .'_settings_validate', array(&$this, 'validate_settings') );
67
+ // run plugin from init hook as needs a plugable function
68
+
69
+
70
+
71
+ add_action( 'admin_enqueue_scripts', array( $this, 'register_scripts' ) );
72
+ add_action( 'admin_enqueue_scripts', array( $this, 'register_styles' ) );
73
+ add_action( 'wp_enqueue_scripts', array( $this, 'register_scripts' ) );
74
+ add_action( 'wp_enqueue_scripts', array( $this, 'register_styles' ) );
75
+ add_action('plugin_row_meta', array($this,'sue_plugin_row_meta' ),10,2);
76
+ add_filter( 'rest_authentication_errors', array( $this,'only_allow_logged_in_rest_access_to_users'));
77
+ register_activation_hook( __FILE__, array( $this, 'activation' ) );
78
+ register_deactivation_hook( __FILE__, array( $this, 'deactivation' ) );
79
+
80
+
81
+ // run plugin from init hook as needs a plugable function
82
+ add_action('init',array($this,'run_plugin'));
83
+ }
84
+ public function get_plugin_url() {
85
+ return $this->plugin_url;
86
+ }
87
+ public function get_plugin_path() {
88
+ return $this->plugin_path;
89
+ }
90
+ /**
91
+ * Place code that runs at plugin activation here.
92
+ */
93
+ public function activation() {
94
+ }
95
+ /**
96
+ * Place code that runs at plugin deactivation here.
97
+ */
98
+ public function deactivation() {
99
+ }
100
+ /**
101
+ * Enqueue and register JavaScript files here.
102
+ */
103
+ public function register_scripts() {
104
+ if($this->wpsf->get_settings()['general_comment_jquery'] == 1 ) {
105
+ wp_enqueue_script( 'comment_author', plugins_url( '/js/commentauthor.js' , __FILE__ ), array( 'jquery' ) );
106
+ }
107
+ }
108
+ /**
109
+ * Enqueue and register CSS files here.
110
+ */
111
+ public function register_styles() {
112
+ }
113
+ /**
114
+ * Place code for your plugin's functionality here.
115
+ */
116
+ public function run_plugin() {
117
+ if ( ! is_user_logged_in() && isset($_SERVER['REQUEST_URI'])){
118
+ if( !empty($_REQUEST['author']) && !empty(preg_replace("/[^0-9]/","",$_REQUEST['author']))) {
119
+ $this->sue_log();
120
+ wp_die('forbidden - number in author name not allowed = ' . $_REQUEST['author']);
121
+ }
122
+ } elseif ( is_admin() ) {
123
+ $setting = wpsf_get_setting( 'sue_settings', 'general', 'stop_rest_user' );
124
+ // if the setting is exactly false then it has never been set - set admin notice
125
+ if ($setting===false) {
126
+ add_action( 'admin_notices', array($this,'sue_setting_nag'));
127
+ }
128
+
129
+ }
130
+ }
131
+ public function only_allow_logged_in_rest_access_to_users ($access) {
132
+ if($this->wpsf->get_settings()['general_stop_rest_user'] == 1 ) {
133
+ if( preg_match('/users/', $_SERVER['REQUEST_URI']) !== 0 ) {
134
+ if( ! is_user_logged_in() ) {
135
+ $this->sue_log();
136
+ return new WP_Error( 'rest_cannot_access', __( 'Only authenticated users can access the User endpoint REST API.', 'stop-user-enumeration' ), array( 'status' => rest_authorization_required_code() ) );
137
+ }
138
+ }
139
+ }
140
+ return $access;
141
+ }
142
+ public function sue_log() {
143
+ if($this->wpsf->get_settings()['general_log_auth'] == 1 ) {
144
+ openlog('wordpress('.$_SERVER['HTTP_HOST'].')',LOG_NDELAY|LOG_PID,LOG_AUTH);
145
+ syslog(LOG_INFO,"Attempted user enumeration from {$_SERVER['REMOTE_ADDR']}");
146
+ closelog();
147
+ }
148
+ }
149
+ public function sue_plugin_row_meta( $links, $file = '' ){
150
+ if( false !== strpos($file , '/stop-user-enumeration.php') ){
151
+ $links[] = $this->donate_link;
152
+ array_unshift($links, $this->settings_link);
153
+ }
154
+ return $links;
155
+ }
156
+ public function sue_setting_nag() {
157
+ ?>
158
+ <div class="notice notice-warning">
159
+ <p>
160
+ <?php
161
+ _e('Plugin: Stop User Enueration now has settings, go to the '.$this->settings_link.' page and save the new settings')
162
+ ?>
163
+ </p>
164
+ </div>
165
+ <?php
166
+
167
+ }
168
+
169
+ public function init_settings() {
170
+
171
+ $this->wpsf->add_settings_page( array(
172
+ 'parent_slug' => 'options-general.php',
173
+ 'page_title' => __( 'Stop User Enumeration Settings' ),
174
+ 'menu_title' => __( 'Stop User Enumeration' )
175
+ ) );
176
+
177
+ }
178
+
179
+ function validate_settings( $input )
180
+ {
181
+ // Do your settings validation here
182
+ // Same as $sanitize_callback from http://codex.wordpress.org/Function_Reference/register_setting
183
+ return $input;
184
+ }
185
 
 
 
 
 
 
 
186
  }
187
+ Stop_User_Enumeration_Plugin::get_instance();
188
+
189
+
190
+
191
+
192
+
193
+
194
 
195
  ?>
wp-settings-framework.php ADDED
@@ -0,0 +1,988 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * WordPress Settings Framework
4
+ *
5
+ * @author Gilbert Pellegrom, James Kemp
6
+ * @link https://github.com/gilbitron/WordPress-Settings-Framework
7
+ * @version 1.6.3
8
+ * @license MIT
9
+ */
10
+
11
+ if( !class_exists('WordPressSettingsFramework') ){
12
+ /**
13
+ * WordPressSettingsFramework class
14
+ */
15
+ class WordPressSettingsFramework {
16
+
17
+ /**
18
+ * @access private
19
+ * @var array
20
+ */
21
+ private $settings_wrapper;
22
+
23
+ /**
24
+ * @access private
25
+ * @var array
26
+ */
27
+ private $settings;
28
+
29
+ /**
30
+ * @access private
31
+ * @var array
32
+ */
33
+ private $tabs;
34
+
35
+ /**
36
+ * @access private
37
+ * @var string
38
+ */
39
+ private $option_group;
40
+
41
+ /**
42
+ * @access private
43
+ * @var array
44
+ */
45
+ private $settings_page = array();
46
+
47
+ /**
48
+ * @access private
49
+ * @var str
50
+ */
51
+ private $options_path;
52
+
53
+ /**
54
+ * @access private
55
+ * @var str
56
+ */
57
+ private $options_url;
58
+
59
+ /**
60
+ * @access protected
61
+ * @var array
62
+ */
63
+ protected $setting_defaults = array(
64
+ 'id' => 'default_field',
65
+ 'title' => 'Default Field',
66
+ 'desc' => '',
67
+ 'std' => '',
68
+ 'type' => 'text',
69
+ 'placeholder' => '',
70
+ 'choices' => array(),
71
+ 'class' => '',
72
+ 'subfields' => array()
73
+ );
74
+
75
+ /**
76
+ * Constructor
77
+ *
78
+ * @param string path to settings file
79
+ * @param string optional "option_group" override
80
+ */
81
+ public function __construct( $settings_file, $option_group = false ) {
82
+
83
+ if( !is_file($settings_file) )
84
+ return;
85
+
86
+ require_once( $settings_file );
87
+
88
+ $this->option_group = preg_replace("/[^a-z0-9]+/i", "", basename($settings_file, '.php'));
89
+
90
+ if( $option_group )
91
+ $this->option_group = $option_group;
92
+
93
+ $this->options_path = plugin_dir_path( __FILE__ );
94
+ $this->options_url = plugin_dir_url( __FILE__ );
95
+
96
+ $this->construct_settings();
97
+
98
+ if( is_admin() ) {
99
+
100
+ global $pagenow;
101
+
102
+ add_action( 'admin_init', array( $this, 'admin_init') );
103
+ add_action( 'wpsf_do_settings_sections_'.$this->option_group, array( $this, 'do_tabless_settings_sections'), 10 );
104
+
105
+ if( isset( $_GET['page'] ) && $_GET['page'] === $this->settings_page['slug'] ) {
106
+
107
+ if( $pagenow !== "options-general.php" ) add_action( 'admin_notices', array( $this, 'admin_notices') );
108
+ add_action( 'admin_enqueue_scripts', array( $this, 'admin_enqueue_scripts' ) );
109
+
110
+ }
111
+
112
+ if( $this->has_tabs() ) {
113
+
114
+ add_action( 'wpsf_before_settings_'.$this->option_group, array( $this, 'tab_links' ) );
115
+
116
+ remove_action( 'wpsf_do_settings_sections_'.$this->option_group, array( $this, 'do_tabless_settings_sections'), 10 );
117
+ add_action( 'wpsf_do_settings_sections_'.$this->option_group, array( $this, 'do_tabbed_settings_sections'), 10 );
118
+
119
+ }
120
+
121
+ }
122
+
123
+ }
124
+
125
+ /**
126
+ * Construct Settings
127
+ *
128
+ * @return array
129
+ */
130
+ public function construct_settings() {
131
+
132
+ $this->settings_wrapper = apply_filters( 'wpsf_register_settings_'.$this->option_group, array() );
133
+
134
+ if( !is_array($this->settings_wrapper) ){
135
+ return new WP_Error( 'broke', __( 'WPSF settings must be an array' ) );
136
+ }
137
+
138
+ // If "sections" is set, this settings group probably has tabs
139
+ if( isset( $this->settings_wrapper['sections'] ) ) {
140
+
141
+ $this->tabs = (isset( $this->settings_wrapper['tabs'] )) ? $this->settings_wrapper['tabs'] : array();
142
+ $this->settings = $this->settings_wrapper['sections'];
143
+
144
+ // If not, it's probably just an array of settings
145
+ } else {
146
+
147
+ $this->settings = $this->settings_wrapper;
148
+
149
+ }
150
+
151
+ $this->settings_page['slug'] = sprintf( '%s-settings', str_replace('_', '-', $this->option_group ) );
152
+
153
+ }
154
+
155
+ /**
156
+ * Get the option group for this instance
157
+ *
158
+ * @return string the "option_group"
159
+ */
160
+ public function get_option_group() {
161
+
162
+ return $this->option_group;
163
+
164
+ }
165
+
166
+ /**
167
+ * Registers the internal WordPress settings
168
+ */
169
+ public function admin_init() {
170
+
171
+ register_setting( $this->option_group, $this->option_group .'_settings', array( $this, 'settings_validate') );
172
+ $this->process_settings();
173
+
174
+ }
175
+
176
+ /**
177
+ * Add Settings Page
178
+ *
179
+ * @param array $args
180
+ */
181
+
182
+ public function add_settings_page( $args ) {
183
+
184
+ $defaults = array(
185
+ 'parent_slug' => false,
186
+ 'page_slug' => "",
187
+ 'page_title' => "",
188
+ 'menu_title' => "",
189
+ 'capability' => 'manage_options'
190
+ );
191
+
192
+ $args = wp_parse_args( $args, $defaults );
193
+
194
+ $this->settings_page['title'] = $args['page_title'];
195
+
196
+ if( $args['parent_slug'] ) {
197
+
198
+ add_submenu_page(
199
+ $args['parent_slug'],
200
+ $this->settings_page['title'],
201
+ $args['menu_title'],
202
+ $args['capability'],
203
+ $this->settings_page['slug'],
204
+ array( $this, 'settings_page_content' )
205
+ );
206
+
207
+ } else {
208
+
209
+ add_menu_page(
210
+ $this->settings_page['title'],
211
+ $args['menu_title'],
212
+ $args['capability'],
213
+ $this->settings_page['slug'],
214
+ array( $this, 'settings_page_content' )
215
+ );
216
+
217
+ }
218
+
219
+ }
220
+
221
+ /**
222
+ * Settings Page Content
223
+ */
224
+
225
+ public function settings_page_content() {
226
+ if ( !current_user_can( 'manage_options' ) ) {
227
+ wp_die( __( 'You do not have sufficient permissions to access this page.' ) );
228
+ }
229
+ ?>
230
+ <div class="wrap">
231
+ <div id="icon-options-general" class="icon32"></div>
232
+ <h2><?php echo $this->settings_page['title']; ?></h2>
233
+ <?php
234
+ // Output your settings form
235
+ $this->settings();
236
+ ?>
237
+ </div>
238
+ <?php
239
+
240
+ }
241
+
242
+ /**
243
+ * Displays any errors from the WordPress settings API
244
+ */
245
+ public function admin_notices() {
246
+
247
+ settings_errors();
248
+
249
+ }
250
+
251
+ /**
252
+ * Enqueue scripts and styles
253
+ */
254
+ public function admin_enqueue_scripts() {
255
+
256
+ // scripts
257
+
258
+ wp_register_script('jquery-ui-timepicker', $this->options_url.'assets/vendor/jquery-timepicker/jquery.ui.timepicker.js', array('jquery', 'jquery-ui-core'), false, true);
259
+ wp_register_script('wpsf', $this->options_url.'assets/js/main.js', array('jquery'), false, true);
260
+
261
+ wp_enqueue_script('jquery');
262
+ wp_enqueue_script('farbtastic');
263
+ wp_enqueue_script('media-upload');
264
+ wp_enqueue_script('thickbox');
265
+ wp_enqueue_script('jquery-ui-core');
266
+ wp_enqueue_script('jquery-ui-datepicker');
267
+ wp_enqueue_script('jquery-ui-timepicker');
268
+ wp_enqueue_script('wpsf');
269
+
270
+ // styles
271
+
272
+ wp_register_style('jquery-ui-timepicker', $this->options_url.'assets/vendor/jquery-timepicker/jquery.ui.timepicker.css');
273
+ wp_register_style('wpsf', $this->options_url.'assets/css/main.css');
274
+ wp_register_style('jquery-ui-css', '//ajax.googleapis.com/ajax/libs/jqueryui/1.8.21/themes/ui-darkness/jquery-ui.css');
275
+
276
+ wp_enqueue_style('farbtastic');
277
+ wp_enqueue_style('thickbox');
278
+ wp_enqueue_style('jquery-ui-timepicker');
279
+ wp_enqueue_style('jquery-ui-css');
280
+ wp_enqueue_style('wpsf');
281
+
282
+ }
283
+
284
+ /**
285
+ * Adds a filter for settings validation
286
+ *
287
+ * @param array the un-validated settings
288
+ * @return array the validated settings
289
+ */
290
+ public function settings_validate( $input ) {
291
+
292
+ return apply_filters( $this->option_group .'_settings_validate', $input );
293
+
294
+ }
295
+
296
+ /**
297
+ * Displays the "section_description" if specified in $this->settings
298
+ *
299
+ * @param array callback args from add_settings_section()
300
+ */
301
+ public function section_intro( $args ) {
302
+
303
+ if(!empty($this->settings)){
304
+
305
+ foreach($this->settings as $section){
306
+
307
+ if($section['section_id'] == $args['id']){
308
+
309
+ if(isset($section['section_description']) && $section['section_description']) echo '<p class="wpsf-section-description">'. $section['section_description'] .'</p>';
310
+ break;
311
+
312
+ }
313
+
314
+ }
315
+
316
+ }
317
+
318
+ }
319
+
320
+ /**
321
+ * Processes $this->settings and adds the sections and fields via the WordPress settings API
322
+ */
323
+ private function process_settings() {
324
+
325
+ if( !empty($this->settings) ){
326
+
327
+ usort($this->settings, array( $this, 'sort_array'));
328
+
329
+ foreach( $this->settings as $section ){
330
+
331
+ if( isset($section['section_id']) && $section['section_id'] && isset($section['section_title']) ){
332
+
333
+ $page_name = ( $this->has_tabs() ) ? sprintf( '%s_%s', $this->option_group, $section['tab_id'] ) : $this->option_group;
334
+
335
+ add_settings_section( $section['section_id'], $section['section_title'], array( $this, 'section_intro'), $page_name );
336
+
337
+ if( isset($section['fields']) && is_array($section['fields']) && !empty($section['fields']) ){
338
+
339
+ foreach( $section['fields'] as $field ){
340
+
341
+ if( isset($field['id']) && $field['id'] && isset($field['title']) ){
342
+
343
+ $title = !empty( $field['subtitle'] ) ? sprintf('%s <span class="wpsf-subtitle">%s</span>', $field['title'], $field['subtitle']) : $field['title'];
344
+
345
+ add_settings_field( $field['id'], $title, array( $this, 'generate_setting'), $page_name, $section['section_id'], array('section' => $section, 'field' => $field) );
346
+
347
+ }
348
+ }
349
+
350
+ }
351
+
352
+ }
353
+
354
+ }
355
+
356
+ }
357
+
358
+ }
359
+
360
+ /**
361
+ * Usort callback. Sorts $this->settings by "section_order"
362
+ *
363
+ * @param mixed section order a
364
+ * @param mixed section order b
365
+ * @return int order
366
+ */
367
+ public function sort_array( $a, $b ) {
368
+
369
+ if( !isset($a['section_order']) )
370
+ return;
371
+
372
+ return $a['section_order'] > $b['section_order'];
373
+
374
+ }
375
+
376
+ /**
377
+ * Generates the HTML output of the settings fields
378
+ *
379
+ * @param array callback args from add_settings_field()
380
+ */
381
+ public function generate_setting( $args ) {
382
+
383
+ $section = $args['section'];
384
+ $this->setting_defaults = apply_filters( 'wpsf_defaults_'.$this->option_group, $this->setting_defaults );
385
+
386
+ $args = wp_parse_args( $args['field'], $this->setting_defaults );
387
+
388
+ $options = get_option( $this->option_group .'_settings' );
389
+
390
+ $args['id'] = $this->has_tabs() ? sprintf( '%s_%s_%s', $section['tab_id'], $section['section_id'], $args['id'] ) : sprintf( '%s_%s', $section['section_id'], $args['id'] );
391
+ $args['value'] = isset( $options[$args['id']] ) ? $options[$args['id']] : ( isset( $args['default'] ) ? $args['default'] : '' );
392
+ $args['name'] = $this->generate_field_name( $args['id'] );
393
+
394
+ do_action( 'wpsf_before_field_' . $this->option_group );
395
+ do_action( 'wpsf_before_field_' . $this->option_group . '_' . $args['id'] );
396
+
397
+ $this->do_field_method( $args );
398
+
399
+ do_action( 'wpsf_after_field_' . $this->option_group );
400
+ do_action( 'wpsf_after_field_' . $this->option_group . '_' . $args['id'] );
401
+
402
+ }
403
+
404
+ /**
405
+ * Do field method, if it exists
406
+ *
407
+ * @param str $type
408
+ */
409
+ public function do_field_method( $args ) {
410
+
411
+ $generate_field_method = sprintf('generate_%s_field', $args['type']);
412
+
413
+ if( method_exists($this, $generate_field_method) )
414
+ $this->$generate_field_method( $args );
415
+
416
+ }
417
+
418
+ /**
419
+ * Generate: Text field
420
+ *
421
+ * @param arr $args
422
+ */
423
+ public function generate_text_field( $args ) {
424
+
425
+ $args['value'] = esc_attr( stripslashes( $args['value'] ) );
426
+
427
+ echo '<input type="text" name="'. $args['name'] .'" id="'. $args['id'] .'" value="'. $args['value'] .'" placeholder="'. $args['placeholder'] .'" class="regular-text '. $args['class'] .'" />';
428
+
429
+ $this->generate_description( $args['desc'] );
430
+
431
+ }
432
+
433
+ /**
434
+ * Generate: Number field
435
+ *
436
+ * @param arr $args
437
+ */
438
+ public function generate_number_field( $args ) {
439
+
440
+ $args['value'] = esc_attr( stripslashes( $args['value'] ) );
441
+
442
+ echo '<input type="number" name="'. $args['name'] .'" id="'. $args['id'] .'" value="'. $args['value'] .'" placeholder="'. $args['placeholder'] .'" class="regular-text '. $args['class'] .'" />';
443
+
444
+ $this->generate_description( $args['desc'] );
445
+
446
+ }
447
+
448
+ /**
449
+ * Generate: Time field
450
+ *
451
+ * @param arr $args
452
+ */
453
+ public function generate_time_field( $args ) {
454
+
455
+ $args['value'] = esc_attr( stripslashes( $args['value'] ) );
456
+
457
+ echo '<input name="'. $args['name'] .'" id="'. $args['id'] .'" value="'. $args['value'] .'" class="timepicker regular-text '. $args['class'] .'" data-timepicker="'.htmlentities( json_encode( $args['timepicker'] ) ).'" />';
458
+
459
+ $this->generate_description( $args['desc'] );
460
+
461
+ }
462
+
463
+ /**
464
+ * Generate: Date field
465
+ *
466
+ * @param arr $args
467
+ */
468
+ public function generate_date_field( $args ) {
469
+
470
+ $args['value'] = esc_attr( stripslashes( $args['value'] ) );
471
+
472
+ echo '<input name="'. $args['name'] .'" id="'. $args['id'] .'" value="'. $args['value'] .'" class="datepicker regular-text '. $args['class'] .'" data-datepicker="'.htmlentities( json_encode( $args['datepicker'] ) ).'" />';
473
+
474
+ $this->generate_description( $args['desc'] );
475
+
476
+ }
477
+
478
+ /**
479
+ * Generate: Group field
480
+ *
481
+ * Generates a table of subfields, and a javascript template for create new repeatable rows
482
+ *
483
+ * @param arr $args
484
+ */
485
+ public function generate_group_field( $args ) {
486
+
487
+ $row_count = count( $args['value'] );
488
+
489
+ echo '<table class="widefat wpsf-group" cellspacing="0">';
490
+
491
+ echo "<tbody>";
492
+
493
+ for ($row = 0; $row < $row_count; $row++) {
494
+
495
+ echo $this->generate_group_row_template( $args, false, $row );
496
+
497
+ }
498
+
499
+ echo "</tbody>";
500
+
501
+ echo "</table>";
502
+
503
+ printf('<script type="text/html" id="%s_template">%s</script>', $args['id'], $this->generate_group_row_template( $args, true ));
504
+
505
+ $this->generate_description( $args['desc'] );
506
+
507
+ }
508
+
509
+ /**
510
+ * Generate group row template
511
+ *
512
+ * @param arr $args Field arguments
513
+ * @param bool $blank Blank values
514
+ * @param int $row Iterator
515
+ * @return str|bool
516
+ */
517
+ public function generate_group_row_template( $args, $blank = false, $row = 0 ) {
518
+
519
+ $row_template = false;
520
+
521
+ if( $args['subfields'] ) {
522
+
523
+ $row_class = $row%2 == 0 ? "alternate" : "";
524
+
525
+ $row_template .= sprintf('<tr class="wpsf-group__row %s">', $row_class);
526
+
527
+ $row_template .= sprintf('<td class="wpsf-group__row-index"><span>%d</span></td>', $row);
528
+
529
+ $row_template .= '<td class="wpsf-group__row-fields">';
530
+
531
+ foreach( $args['subfields'] as $subfield ) {
532
+
533
+ $subfield = wp_parse_args( $subfield, $this->setting_defaults );
534
+
535
+ $subfield['value'] = ( $blank ) ? "" : isset( $args['value'][$row][$subfield['id']] ) ? $args['value'][$row][$subfield['id']] : "";
536
+ $subfield['name'] = sprintf('%s[%d][%s]', $args['name'], $row, $subfield['id']);
537
+ $subfield['id'] = sprintf('%s_%d_%s', $args['id'], $row, $subfield['id']);
538
+
539
+ $row_template .= '<div class="wpsf-group__field-wrapper">';
540
+
541
+ $row_template .= sprintf('<label for="%s" class="wpsf-group__field-label">%s</label>', $subfield['id'], $subfield['title']);
542
+
543
+ ob_start();
544
+ $this->do_field_method( $subfield );
545
+ $row_template .= ob_get_clean();
546
+
547
+ $row_template .= '</div>';
548
+
549
+ }
550
+
551
+ $row_template .= "</td>";
552
+
553
+ $row_template .= '<td class="wpsf-group__row-actions">';
554
+
555
+ $row_template .= sprintf('<a href="javascript: void(0);" class="wpsf-group__row-add" data-template="%s_template"><span class="dashicons dashicons-plus-alt"></span></a>', $args['id']);
556
+ $row_template .= '<a href="javascript: void(0);" class="wpsf-group__row-remove"><span class="dashicons dashicons-trash"></span></a>';
557
+
558
+ $row_template .= "</td>";
559
+
560
+ $row_template .= '</tr>';
561
+
562
+ }
563
+
564
+ return $row_template;
565
+
566
+ }
567
+
568
+ /**
569
+ * Generate: Select field
570
+ *
571
+ * @param arr $args
572
+ */
573
+ public function generate_select_field( $args ) {
574
+
575
+ $args['value'] = esc_html( esc_attr( $args['value'] ) );
576
+
577
+ echo '<select name="'. $args['name'] .'" id="'. $args['id'] .'" class="'. $args['class'] .'">';
578
+
579
+ foreach($args['choices'] as $value => $text ){
580
+
581
+ $selected = $value == $args['value'] ? 'selected="selected"' : '';
582
+
583
+ echo sprintf('<option value="%s" %s>%s</option>', $value, $selected, $text);
584
+
585
+ }
586
+
587
+ echo '</select>';
588
+
589
+ $this->generate_description( $args['desc'] );
590
+
591
+ }
592
+
593
+ /**
594
+ * Generate: Password field
595
+ *
596
+ * @param arr $args
597
+ */
598
+ public function generate_password_field( $args ) {
599
+
600
+ $args['value'] = esc_attr( stripslashes( $args['value'] ) );
601
+
602
+ echo '<input type="password" name="'. $args['name'] .'" id="'. $args['id'] .'" value="'. $args['value'] .'" placeholder="'. $args['placeholder'] .'" class="regular-text '. $args['class'] .'" />';
603
+
604
+ $this->generate_description( $args['desc'] );
605
+
606
+ }
607
+
608
+ /**
609
+ * Generate: Textarea field
610
+ *
611
+ * @param arr $args
612
+ */
613
+ public function generate_textarea_field( $args ) {
614
+
615
+ $args['value'] = esc_html( esc_attr( $args['value'] ) );
616
+
617
+ echo '<textarea name="'. $args['name'] .'" id="'. $args['id'] .'" placeholder="'. $args['placeholder'] .'" rows="5" cols="60" class="'. $args['class'] .'">'. $args['value'] .'</textarea>';
618
+
619
+ $this->generate_description( $args['desc'] );
620
+
621
+ }
622
+
623
+ /**
624
+ * Generate: Radio field
625
+ *
626
+ * @param arr $args
627
+ */
628
+ public function generate_radio_field( $args ) {
629
+
630
+ $args['value'] = esc_html( esc_attr( $args['value'] ) );
631
+
632
+ foreach( $args['choices'] as $value => $text ){
633
+
634
+ $field_id = sprintf('%s_%s', $args['id'], $value);
635
+ $checked = $value == $args['value'] ? 'checked="checked"' : '';
636
+
637
+ echo sprintf('<label><input type="radio" name="%s" id="%s" value="%s" class="%s" %s> %s</label><br />', $args['name'], $args['id'], $field_id, $value, $args['class'], $checked, $text);
638
+
639
+ }
640
+
641
+ $this->generate_description( $args['desc'] );
642
+
643
+ }
644
+
645
+ /**
646
+ * Generate: Checkbox field
647
+ *
648
+ * @param arr $args
649
+ */
650
+ public function generate_checkbox_field( $args ) {
651
+
652
+ $args['value'] = esc_attr( stripslashes( $args['value'] ) );
653
+ $checked = $args['value'] ? 'checked="checked"' : '';
654
+
655
+ echo '<input type="hidden" name="'. $args['name'] .'" value="0" />';
656
+ echo '<label><input type="checkbox" name="'. $args['name'] .'" id="'. $args['id'] .'" value="1" class="'. $args['class'] .'" '.$checked.'> '. $args['desc'] .'</label>';
657
+
658
+ }
659
+
660
+ /**
661
+ * Generate: Checkboxes field
662
+ *
663
+ * @param arr $args
664
+ */
665
+ public function generate_checkboxes_field( $args ) {
666
+
667
+ echo '<input type="hidden" name="'. $args['name'] .'" value="0" />';
668
+
669
+ foreach($args['choices'] as $value => $text){
670
+
671
+ $checked = is_array( $args['value'] ) && in_array($value, $args['value']) ? 'checked="checked"' : '';
672
+ $field_id = sprintf('%s_%s', $args['id'], $value);
673
+
674
+ echo sprintf('<label><input type="checkbox" name="%s[]" id="%s" value="%s" class="%s" %s> %s</label><br />', $args['name'], $field_id, $value, $args['class'], $checked, $text);
675
+
676
+ }
677
+
678
+ $this->generate_description( $args['desc'] );
679
+ }
680
+
681
+ /**
682
+ * Generate: Color field
683
+ *
684
+ * @param arr $args
685
+ */
686
+ public function generate_color_field( $args ) {
687
+
688
+ $color_picker_id = sprintf('%s_cp', $args['id']);
689
+ $args['value'] = esc_attr( stripslashes( $args['value'] ) );
690
+
691
+ echo '<div style="position:relative;">';
692
+
693
+ echo sprintf('<input type="text" name="%s" id="%s" value="%s" class="%s">', $args['name'], $args['id'], $args['value'], $args['class']);
694
+
695
+ echo sprintf('<div id="%s" style="position:absolute;top:0;left:190px;background:#fff;z-index:9999;"></div>', $color_picker_id);
696
+
697
+ $this->generate_description( $args['desc'] );
698
+
699
+ echo '<script type="text/javascript">
700
+ jQuery(document).ready(function($){
701
+ var colorPicker = $("#'. $color_picker_id .'");
702
+ colorPicker.farbtastic("#'. $args['id'] .'");
703
+ colorPicker.hide();
704
+ $("#'. $args['id'] .'").live("focus", function(){
705
+ colorPicker.show();
706
+ });
707
+ $("#'. $args['id'] .'").live("blur", function(){
708
+ colorPicker.hide();
709
+ if($(this).val() == "") $(this).val("#");
710
+ });
711
+ });
712
+ </script>';
713
+
714
+ echo '</div>';
715
+
716
+ }
717
+
718
+ /**
719
+ * Generate: File field
720
+ *
721
+ * @param arr $args
722
+ */
723
+ public function generate_file_field( $args ) {
724
+
725
+ $args['value'] = esc_attr( $args['value'] );
726
+ $button_id = sprintf('%s_button', $args['id']);
727
+
728
+ echo sprintf('<input type="text" name="%s" id="%s" value="%s" class="regular-text %s"> ', $args['name'], $args['id'], $args['value'], $args['class']);
729
+
730
+ echo sprintf('<input type="button" class="button wpsf-browse" id="%s" value="Browse" />', $button_id);
731
+
732
+ echo '<script type="text/javascript">
733
+ jQuery(document).ready(function($){
734
+ $("#'. $button_id .'").click(function() {
735
+
736
+ tb_show("", "media-upload.php?post_id=0&amp;type=image&amp;TB_iframe=true");
737
+
738
+ window.original_send_to_editor = window.send_to_editor;
739
+
740
+ window.send_to_editor = function(html) {
741
+ var imgurl = $("img",html).attr("src");
742
+ $("#'. $args['id'] .'").val(imgurl);
743
+ tb_remove();
744
+ window.send_to_editor = window.original_send_to_editor;
745
+ };
746
+
747
+ return false;
748
+
749
+ });
750
+ });
751
+ </script>';
752
+
753
+ }
754
+
755
+ /**
756
+ * Generate: Editor field
757
+ *
758
+ * @param arr $args
759
+ */
760
+ public function generate_editor_field( $args ) {
761
+
762
+ wp_editor( $args['value'], $args['id'], array( 'textarea_name' => $args['name'] ) );
763
+
764
+ $this->generate_description( $args['desc'] );
765
+
766
+ }
767
+
768
+ /**
769
+ * Generate: Custom field
770
+ *
771
+ * @param arr $args
772
+ */
773
+ public function generate_custom_field( $args ) {
774
+
775
+ echo $args['default'];
776
+
777
+ }
778
+
779
+ /**
780
+ * Generate: Multi Inputs field
781
+ *
782
+ * @param arr $args
783
+ */
784
+ public function generate_multiinputs_field( $args ) {
785
+
786
+ $field_titles = array_keys( $args['default'] );
787
+ $values = array_values( $args['value'] );
788
+
789
+ echo '<div class="wpsf-multifields">';
790
+
791
+ $i = 0; while($i < count($values)):
792
+
793
+ $field_id = sprintf('%s_%s', $args['id'], $i);
794
+ $value = esc_attr( stripslashes( $values[$i] ) );
795
+
796
+ echo '<div class="wpsf-multifields__field">';
797
+ echo '<input type="text" name="'. $args['name'] .'[]" id="'. $field_id .'" value="'. $value .'" class="regular-text '. $args['class'] .'" placeholder="'. $args['placeholder'] .'" />';
798
+ echo '<br><span>'.$field_titles[$i].'</span>';
799
+ echo '</div>';
800
+
801
+ $i++; endwhile;
802
+
803
+ echo '</div>';
804
+
805
+ $this->generate_description( $args['desc'] );
806
+
807
+ }
808
+
809
+
810
+ /**
811
+ * Generate: Field ID
812
+ *
813
+ * @param mixed $id
814
+ */
815
+ public function generate_field_name( $id ) {
816
+
817
+ return sprintf('%s_settings[%s]', $this->option_group, $id);
818
+
819
+ }
820
+
821
+ /**
822
+ * Generate: Description
823
+ *
824
+ * @param mixed $description
825
+ */
826
+ public function generate_description( $description ) {
827
+
828
+ if( $description && $description !== "" ) echo '<p class="description">'. $description .'</p>';
829
+
830
+ }
831
+
832
+ /**
833
+ * Output the settings form
834
+ */
835
+ public function settings() {
836
+
837
+ do_action( 'wpsf_before_settings_'.$this->option_group );
838
+ ?>
839
+ <form action="options.php" method="post">
840
+ <?php do_action( 'wpsf_before_settings_fields_'.$this->option_group ); ?>
841
+ <?php settings_fields( $this->option_group ); ?>
842
+
843
+ <?php do_action( 'wpsf_do_settings_sections_'.$this->option_group ); ?>
844
+
845
+ <p class="submit"><input type="submit" class="button-primary" value="<?php _e( 'Save Changes' ); ?>" /></p>
846
+ </form>
847
+ <?php
848
+ do_action( 'wpsf_after_settings_'.$this->option_group );
849
+
850
+ }
851
+
852
+ /**
853
+ * Helper: Get Settings
854
+ *
855
+ * @return arr
856
+ */
857
+ public function get_settings() {
858
+
859
+ $saved_settings = get_option($this->option_group.'_settings');
860
+
861
+ $settings = array();
862
+
863
+ foreach($this->settings as $section){
864
+ foreach($section['fields'] as $field){
865
+
866
+ if( !empty( $field['default'] ) && is_array( $field['default'] ) ) {
867
+ $field['default'] = array_values( $field['default'] );
868
+ }
869
+
870
+ $setting_key = $this->has_tabs() ? sprintf('%s_%s_%s', $section['tab_id'], $section['section_id'], $field['id']) : sprintf('%s_%s', $section['section_id'], $field['id']);
871
+
872
+ if( isset( $saved_settings[$setting_key] ) ) {
873
+ $settings[ $setting_key ] = $saved_settings[$setting_key];
874
+ } else {
875
+ $settings[ $setting_key ] = (isset($field['default'])) ? $field['default'] : false;
876
+ }
877
+ }
878
+ }
879
+
880
+ return $settings;
881
+
882
+ }
883
+
884
+ /**
885
+ * Tabless Settings sections
886
+ */
887
+
888
+ public function do_tabless_settings_sections() {
889
+ ?>
890
+ <div class="wpsf-section wpsf-tabless">
891
+ <?php do_settings_sections( $this->option_group ); ?>
892
+ </div>
893
+ <?php
894
+ }
895
+
896
+ /**
897
+ * Tabbed Settings sections
898
+ */
899
+
900
+ public function do_tabbed_settings_sections() {
901
+
902
+ $i = 0;
903
+ foreach ( $this->tabs as $tab_data ) {
904
+ ?>
905
+ <div id="tab-<?php echo $tab_data['id']; ?>" class="wpsf-section wpsf-tab wpsf-tab--<?php echo $tab_data['id']; ?> <?php if($i == 0) echo 'wpsf-tab--active'; ?>">
906
+ <div class="postbox">
907
+ <?php do_settings_sections( sprintf( '%s_%s', $this->option_group, $tab_data['id'] ) ); ?>
908
+ </div>
909
+ </div>
910
+ <?php
911
+ $i++;
912
+ }
913
+
914
+ }
915
+
916
+ /**
917
+ * Output the tab links
918
+ */
919
+ public function tab_links() {
920
+
921
+ do_action( 'wpsf_before_tab_links_'.$this->option_group );
922
+
923
+ screen_icon();
924
+ ?>
925
+ <h2 class="nav-tab-wrapper">
926
+ <?php
927
+ $i = 0;
928
+ foreach ( $this->tabs as $tab_data ) {
929
+ $active = $i == 0 ? 'nav-tab-active' : '';
930
+ ?>
931
+ <a class="nav-tab wpsf-tab-link <?php echo $active; ?>" href="#tab-<?php echo $tab_data['id']; ?>"><?php echo $tab_data['title']; ?></a>
932
+ <?php
933
+ $i++;
934
+ }
935
+ ?>
936
+ </h2>
937
+ <?php
938
+ do_action( 'wpsf_after_tab_links_'.$this->option_group );
939
+
940
+ }
941
+
942
+ /**
943
+ * Check if this settings instance has tabs
944
+ */
945
+ public function has_tabs() {
946
+
947
+ if( !empty( $this->tabs ) )
948
+ return true;
949
+
950
+ return false;
951
+
952
+ }
953
+
954
+ }
955
+ }
956
+
957
+ if( !function_exists('wpsf_get_setting') ){
958
+
959
+ /**
960
+ * Get a setting from an option group
961
+ *
962
+ * @param string option group id
963
+ * @param string section id
964
+ * @param string field id
965
+ * @return mixed setting or false if no setting exists
966
+ */
967
+ function wpsf_get_setting( $option_group, $section_id, $field_id ){
968
+ $options = get_option( $option_group .'_settings' );
969
+ if(isset($options[ $section_id .'_'. $field_id])){
970
+ return $options[ $section_id .'_'. $field_id];
971
+ }
972
+ return false;
973
+ }
974
+
975
+ }
976
+
977
+ if( !function_exists('wpsf_delete_settings') ){
978
+
979
+ /**
980
+ * Delete all the saved settings from a settings file/option group
981
+ *
982
+ * @param string option group id
983
+ */
984
+ function wpsf_delete_settings( $option_group ){
985
+ delete_option( $option_group .'_settings' );
986
+ }
987
+
988
+ }