Server : Apache System : Linux server2.corals.io 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Mon Nov 15 09:17:08 EST 2021 x86_64 User : corals ( 1002) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system Directory : /home/corals/gg.corals.io/wp-content/plugins/quickcal/includes/ajax/front/ |
<?php
do_action('booked_before_creating_appointment');
$date = isset($_POST['date']) ? esc_html( $_POST['date'] ) : '';
$title = isset($_POST['title']) ? esc_html( $_POST['title'] ) : '';
$timestamp = isset($_POST['timestamp']) ? esc_html( $_POST['timestamp'] ) : '';
$timeslot = isset($_POST['timeslot']) ? esc_html( $_POST['timeslot'] ) : '';
$customer_type = isset($_POST['customer_type']) ? esc_html( $_POST['customer_type'] ) : '';
$calendar_id = (isset($_POST['calendar_id']) ? esc_html( $_POST['calendar_id'] ) : false);
$calendar_id_for_cf = $calendar_id;
if ($calendar_id):
$calendar_id = array($calendar_id);
$calendar_id = array_map( 'intval', $calendar_id );
$calendar_id = array_unique( $calendar_id );
endif;
$name_requirements = get_option('booked_registration_name_requirements',array('require_name'));
$name_requirements = ( isset($name_requirements[0]) ? $name_requirements[0] : false );
$is_new_registration = $customer_type == 'new' && ! isset($_POST['date']) && ! isset($_POST['timestamp']) && ! isset($_POST['timeslot']);
if ( !$is_new_registration && $date && $timeslot && isset($calendar_id_for_cf) ):
$appt_is_available = booked_appt_is_available($date,$timeslot,$calendar_id_for_cf);
else:
wp_die();
endif;
if ($appt_is_available):
$time_format = get_option('time_format');
$date_format = get_option('date_format');
$appointment_default_status = get_option('booked_new_appointment_default','draft');
$hide_end_times = get_option('booked_hide_end_times',false);
// Get custom field data (new in v1.2)
$custom_fields = array();
if ( $calendar_id_for_cf ) {
$custom_fields = json_decode(stripslashes(get_option('booked_custom_fields_'.$calendar_id_for_cf)),true);
}
if ( !$custom_fields ) {
$custom_fields = json_decode(stripslashes(get_option('booked_custom_fields')),true);
}
$custom_field_data = array();
$cf_meta_value = '';
if (!empty($custom_fields)):
$previous_field = false;
foreach($custom_fields as $key => $field):
$field_name = $field['name'];
$field_title = $field['value'];
$field_title_parts = explode('---',$field_name);
if ($field_title_parts[0] == 'radio-buttons-label' || $field_title_parts[0] == 'checkboxes-label'):
$current_group_name = $field_title;
elseif ($field_title_parts[0] == 'single-radio-button' || $field_title_parts[0] == 'single-checkbox'):
// Don't change the group name yet
else :
$current_group_name = $field_title;
endif;
if ($field_name != $previous_field){
if (isset($_POST[$field_name]) && $_POST[$field_name]):
$field_value = $_POST[$field_name];
if (is_array($field_value)){
$field_value = implode(', ',$field_value);
}
$custom_field_data[$key] = array(
'label' => $current_group_name,
'value' => $field_value
);
endif;
$previous_field = $field_name;
}
endforeach;
$custom_field_data = apply_filters('booked_custom_field_data', $custom_field_data);
if (!empty($custom_field_data)):
foreach($custom_field_data as $key => $data):
$cf_meta_value .= '<p class="cf-meta-value"><strong>'.$data['label'].'</strong><br>'.$data['value'].'</p>';
endforeach;
endif;
endif;
// END Get custom field data
if ($customer_type == 'guest'):
$name = esc_attr($_POST['guest_name']);
$surname = isset($_POST['guest_surname']) && $_POST['guest_surname'] ? esc_attr($_POST['guest_surname']) : false;
$fullname = ( $surname ? $name . ' ' . $surname : $name );
$email = isset($_POST['guest_email']) ? esc_attr($_POST['guest_email']) : '';
$email_required = get_option('booked_require_guest_email_address',false);
if ( $name_requirements == 'require_surname' && !$surname ):
echo 'error###'.esc_html__('Your full name is required to book an appointment.','booked');
else:
if ($email && is_email($email) && $name || !$email && !$email_required && $name):
// Create a new appointment post for a guest customer
$new_post = apply_filters('booked_new_appointment_args', array(
'post_title' => date_i18n($date_format,$timestamp).' @ '.date_i18n($time_format,$timestamp).' (User: Guest)',
'post_content' => '',
'post_status' => $appointment_default_status,
'post_date' => date_i18n('Y',strtotime($date)).'-'.date_i18n('m',strtotime($date)).'-01 00:00:00',
'post_type' => 'booked_appointments'
));
$post_id = wp_insert_post($new_post);
update_post_meta($post_id, '_appointment_title', $title);
update_post_meta($post_id, '_appointment_guest_name', $name);
update_post_meta($post_id, '_appointment_guest_surname', $surname);
update_post_meta($post_id, '_appointment_guest_email', $email);
update_post_meta($post_id, '_appointment_timestamp', $timestamp);
update_post_meta($post_id, '_appointment_timeslot', $timeslot);
if ($appointment_default_status == 'publish'): wp_publish_post($post_id); endif;
if ( apply_filters('booked_update_cf_meta_value', true) ) {
update_post_meta($post_id, '_cf_meta_value', $cf_meta_value);
}
if ( apply_filters('booked_update_appointment_calendar', true) ) {
if (!empty($calendar_id)): $calendar_term = get_term_by('id',$calendar_id[0],'booked_custom_calendars'); $calendar_name = $calendar_term->name; wp_set_object_terms($post_id,$calendar_id,'booked_custom_calendars'); else: $calendar_name = false; endif;
}
// Send a confirmation email to the User?
$email_content = get_option('booked_appt_confirmation_email_content',false);
$email_subject = get_option('booked_appt_confirmation_email_subject',false);
$token_replacements = quickcal_get_appointment_tokens( $post_id );
if ( $email_content && $email_subject ):
$admin_email = quickcal_which_admin_to_send_email( esc_html( $_POST['calendar_id'] ) );
$email_content = quickcal_token_replacement( $email_content,$token_replacements );
$email_subject = quickcal_token_replacement( $email_subject,$token_replacements );
do_action( 'booked_confirmation_email', $email, $email_subject, $email_content, $admin_email );
endif;
// Send an email to the Admin?
$email_content = get_option('booked_admin_appointment_email_content',false);
$email_subject = get_option('booked_admin_appointment_email_subject',false);
if ($email_content && $email_subject):
$admin_email = quickcal_which_admin_to_send_email( esc_html( $_POST['calendar_id'] ) );
$email_content = quickcal_token_replacement( $email_content,$token_replacements );
$email_subject = quickcal_token_replacement( $email_subject,$token_replacements );
do_action( 'booked_admin_confirmation_email', $admin_email, $email_subject, $email_content, $token_replacements['email'], $token_replacements['name'] );
endif;
do_action('booked_new_appointment_created', $post_id);
echo 'success###'.$date;
else :
if ($email && !is_email($email)):
$errors[] = esc_html__('The email address you have entered doesn\'t appear to be valid.','booked');
elseif ($email_required && !$email):
$errors[] = esc_html__('Your name and a valid email address are required to book an appointment.','booked');
elseif (!$name):
$errors[] = esc_html__('Your name is required to book an appointment.','booked');
else:
$errors[] = esc_html__('An unknown error occured.','booked');
endif;
echo 'error###'.implode('
',$errors);
endif;
endif;
elseif ($customer_type == 'current'):
$user_id = ! empty($_POST['user_id']) ? intval($_POST['user_id']) : false;
if ( ! $user_id && is_user_logged_in() ) {
$user = wp_get_current_user();
$user_id = $user->ID;
}
// Create a new appointment post for a current customer
$new_post = apply_filters('booked_new_appointment_args', array(
'post_title' => date_i18n($date_format,$timestamp).' @ '.date_i18n($time_format,$timestamp).' (User: '.$user_id.')',
'post_content' => '',
'post_status' => $appointment_default_status,
'post_date' => date_i18n('Y',strtotime($date)).'-'.date_i18n('m',strtotime($date)).'-01 00:00:00',
'post_author' => $user_id,
'post_type' => 'booked_appointments'
));
$post_id = wp_insert_post($new_post);
update_post_meta($post_id, '_appointment_title', $title);
update_post_meta($post_id, '_appointment_timestamp', $timestamp);
update_post_meta($post_id, '_appointment_timeslot', $timeslot);
update_post_meta($post_id, '_appointment_user', $user_id);
if ($appointment_default_status == 'publish'): wp_publish_post($post_id); endif;
if (apply_filters('booked_update_cf_meta_value', true)) {
update_post_meta($post_id, '_cf_meta_value', $cf_meta_value);
}
if (apply_filters('booked_update_appointment_calendar', true)) {
if (!empty($calendar_id)): $calendar_term = get_term_by('id',$calendar_id[0],'booked_custom_calendars'); $calendar_name = $calendar_term->name; wp_set_object_terms($post_id,$calendar_id,'booked_custom_calendars'); else: $calendar_name = false; endif;
}
// Send a confirmation email to the User?
$email_content = get_option('booked_appt_confirmation_email_content');
$email_subject = get_option('booked_appt_confirmation_email_subject');
$token_replacements = quickcal_get_appointment_tokens( $post_id );
if ($email_content && $email_subject):
$admin_email = quickcal_which_admin_to_send_email($_POST['calendar_id']);
$email_content = quickcal_token_replacement( $email_content,$token_replacements );
$email_subject = quickcal_token_replacement( $email_subject,$token_replacements );
do_action( 'booked_confirmation_email', $token_replacements['email'], $email_subject, $email_content, $admin_email );
endif;
// Send an email to the Admin?
$email_content = get_option('booked_admin_appointment_email_content');
$email_subject = get_option('booked_admin_appointment_email_subject');
if ($email_content && $email_subject):
$admin_email = quickcal_which_admin_to_send_email($_POST['calendar_id']);
$email_content = quickcal_token_replacement( $email_content,$token_replacements );
$email_subject = quickcal_token_replacement( $email_subject,$token_replacements );
do_action( 'booked_admin_confirmation_email', $admin_email, $email_subject, $email_content, $token_replacements['email'], $token_replacements['name'] );
endif;
if ( apply_filters( 'booked_sessions_enabled', true ) ):
$_SESSION['appt_requested'] = 1;
endif;
do_action('booked_new_appointment_created', $post_id);
echo 'success###'.$date;
elseif ($customer_type == 'new'):
$name = esc_attr($_POST['booked_appt_name']);
$surname = ( isset($_POST['booked_appt_surname']) && $_POST['booked_appt_surname'] ? esc_attr($_POST['booked_appt_surname']) : false );
$fullname = ( $surname ? $name . ' ' . $surname : $name );
$email = $_POST['booked_appt_email'];
$password = $_POST['booked_appt_password'];
if ( $name_requirements == 'require_surname' && !$surname ):
echo 'error###'.esc_html__('Your full name is required to book an appointment.','booked');
else:
if (isset($_POST['captcha_word'])):
$captcha_word = strtolower($_POST['captcha_word']);
$captcha_code = strtolower($_POST['captcha_code']);
else :
$captcha_word = false;
$captcha_code = false;
endif;
$errors = quickcal_registration_validation($email,$password,$captcha_word,$captcha_code);
if (empty($errors)):
$userdata = array(
'user_login' => $email,
'user_email' => $email,
'user_pass' => $password,
'first_name' => $name,
'last_name' => $surname
);
$user_id = wp_insert_user( $userdata );
update_user_meta( $user_id, 'nickname', $name );
wp_update_user( array ('ID' => $user_id, 'display_name' => $name ) );
$creds = array();
$creds['user_login'] = $email;
$creds['user_password'] = $password;
$creds['remember'] = true;
$user_signon = wp_signon( $creds, false );
if ( is_wp_error($user_signon) ){
$signin_errors = $user_signon->get_error_message();
}
// Create a new appointment post for this new customer
$new_post = apply_filters('booked_new_appointment_args', array(
'post_title' => date_i18n($date_format,$timestamp).' @ '.date_i18n($time_format,$timestamp).' (User: '.$user_id.')',
'post_content' => '',
'post_status' => $appointment_default_status,
'post_date' => date_i18n('Y',strtotime($date)).'-'.date_i18n('m',strtotime($date)).'-01 00:00:00',
'post_author' => $user_id,
'post_type' => 'booked_appointments'
));
$post_id = wp_insert_post($new_post);
update_post_meta( $post_id, '_appointment_title', $title );
update_post_meta( $post_id, '_appointment_timestamp', $timestamp );
update_post_meta( $post_id, '_appointment_timeslot', $timeslot );
update_post_meta( $post_id, '_appointment_user', $user_id );
if ($appointment_default_status == 'publish'): wp_publish_post( $post_id ); endif;
if (apply_filters('booked_update_cf_meta_value', true)) {
update_post_meta($post_id, '_cf_meta_value', $cf_meta_value);
}
if (apply_filters('booked_update_appointment_calendar', true)) {
if (!empty($calendar_id)): wp_set_object_terms($post_id,$calendar_id,'booked_custom_calendars'); endif;
}
if (apply_filters('booked_update_appointment_calendar', true)) {
if (!empty($calendar_id)): $calendar_term = get_term_by('id',$calendar_id[0],'booked_custom_calendars'); $calendar_name = $calendar_term->name; wp_set_object_terms($post_id,$calendar_id,'booked_custom_calendars'); else: $calendar_name = false; endif;
}
$token_replacements = quickcal_get_appointment_tokens( $post_id );
// Send an email to the Admin?
$email_content = get_option('booked_admin_appointment_email_content');
$email_subject = get_option('booked_admin_appointment_email_subject');
if ($email_content && $email_subject):
$email_calendar_id = esc_html( $_POST['calendar_id'] );
$admin_email = quickcal_which_admin_to_send_email( $email_calendar_id );
$email_content = quickcal_token_replacement( $email_content,$token_replacements );
$email_subject = quickcal_token_replacement( $email_subject,$token_replacements );
do_action( 'booked_admin_confirmation_email', $admin_email, $email_subject, $email_content, $token_replacements['email'], $token_replacements['name'] );
endif;
// Send a registration welcome email to the new user?
$email_content = get_option('booked_registration_email_content');
$email_subject = get_option('booked_registration_email_subject');
if ($email_content && $email_subject):
$registration_token_replacements = array(
'name' => $fullname,
'email' => $email,
'username' => $email,
'password' => $password
);
$admin_email = quickcal_which_admin_to_send_email( esc_html( $_POST['calendar_id'] ) );
$email_content = quickcal_token_replacement( $email_content,$registration_token_replacements,'user' );
$email_subject = quickcal_token_replacement( $email_subject,$registration_token_replacements,'user' );
do_action( 'booked_registration_email', $registration_token_replacements['email'], $email_subject, $email_content, $admin_email );
endif;
// Send an email to the User?
$email_content = get_option('booked_appt_confirmation_email_content');
$email_subject = get_option('booked_appt_confirmation_email_subject');
if ($email_content && $email_subject):
$admin_email = quickcal_which_admin_to_send_email( esc_html( $_POST['calendar_id'] ) );
$email_content = quickcal_token_replacement( $email_content,$token_replacements );
$email_subject = quickcal_token_replacement( $email_subject,$token_replacements );
do_action( 'booked_confirmation_email', $token_replacements['email'], $email_subject, $email_content , $admin_email);
endif;
if ( apply_filters( 'booked_sessions_enabled', true ) ):
$_SESSION['appt_requested'] = 1;
$_SESSION['new_account'] = 1;
endif;
do_action('booked_new_appointment_created', $post_id);
echo 'success###'.$date;
else :
echo 'error###'.implode('
',$errors);
endif;
endif;
endif;
// register the user only
elseif ( $is_new_registration ):
$name = esc_attr($_POST['booked_appt_name']);
$surname = ( isset($_POST['booked_appt_surname']) && $_POST['booked_appt_surname'] ? esc_attr($_POST['booked_appt_surname']) : false );
$fullname = ( $surname ? $name . ' ' . $surname : $name );
$email = $_POST['booked_appt_email'];
$password = $_POST['booked_appt_password'];
if ( $name_requirements == 'require_surname' && !$surname ):
echo 'error###'.esc_html__('Your full name is required to book an appointment.','booked');
else:
if (isset($_POST['captcha_word'])):
$captcha_word = strtolower($_POST['captcha_word']);
$captcha_code = strtolower($_POST['captcha_code']);
else :
$captcha_word = false;
$captcha_code = false;
endif;
$errors = quickcal_registration_validation($email,$password,$captcha_word,$captcha_code);
if (empty($errors)):
$userdata = array(
'user_login' => $email,
'user_email' => $email,
'user_pass' => $password,
'first_name' => $name,
'last_name' => $surname
);
$user_id = wp_insert_user( $userdata );
if ($surname): $name = $name . ' ' . $surname; endif;
update_user_meta( $user_id, 'nickname', $name );
wp_update_user( array ('ID' => $user_id, 'display_name' => $name ) );
$creds = array();
$creds['user_login'] = $email;
$creds['user_password'] = $password;
$creds['remember'] = true;
$user_signon = wp_signon( $creds, false );
if ( is_wp_error($user_signon) ){
$signin_errors = $user_signon->get_error_message();
}
// Send a registration welcome email to the new user?
$email_content = get_option('booked_registration_email_content');
$email_subject = get_option('booked_registration_email_subject');
if ($email_content && $email_subject):
$token_replacements = array(
'name' => $fullname,
'email' => $email,
'username' => $email,
'password' => $password
);
$email_content = quickcal_token_replacement( $email_content,$token_replacements,'user' );
$email_subject = quickcal_token_replacement( $email_subject,$token_replacements,'user' );
do_action( 'booked_registration_email', $token_replacements['email'], $email_subject, $email_content );
endif;
if ( apply_filters( 'booked_sessions_enabled', true ) ):
$_SESSION['appt_requested'] = 1;
$_SESSION['new_account'] = 1;
endif;
do_action('booked_new_appointment_created', $post_id);
echo 'success###' . esc_html__('Registration has been successful.','booked');
else :
echo 'error###'.implode('
',$errors);
endif;
endif;
else:
$error_message = apply_filters(
'booked_availability_error_message',
esc_html__('Sorry, someone just booked this appointment before you could. Please choose a different booking time.','booked')
);
echo 'error###' . $error_message;
endif;
session_write_close();