· 6 years ago · May 20, 2019, 09:52 AM
1<?php
2/*
3Plugin Name: Wpisy
4Description: Umożliwia dodawanie wpisów przez użytkowników.
5Version: 1.01
6Author: Dawid Fordon
7*/
8require_once( ABSPATH . '/wp-load.php');
9require_once( ABSPATH . 'wp-includes/pluggable.php');
10/*require_once( ABSPATH . 'wp-includes/link-template.php');*/
11
12require_once(ABSPATH . 'wp-admin/includes/image.php');
13require_once(ABSPATH . 'wp-admin/includes/file.php');
14require_once(ABSPATH . 'wp-admin/includes/media.php');
15require_once plugin_dir_path( __FILE__ ) . '/class-download-remote-image.php';
16function admin_add_menu(){
17 add_menu_page('Strona główna','Wpisy','administrator', 'test_glowna','test_glowna','');
18
19}
20add_action('admin_menu', 'admin_add_menu');
21
22
23function createPostTable () {
24 global $wpdb;
25
26 $table_name = $wpdb->prefix . "katalog_wpisy";
27
28 $sql = "CREATE TABLE IF NOT EXISTS $table_name (
29 id int(11) NOT NULL AUTO_INCREMENT,
30 Nazwa varchar(25) NOT NULL,
31 Tytul varchar(25) NOT NULL,
32 slowa_klucz varchar(75) NOT NULL,
33 email text NOT NULL,
34 website varchar (75) NOT NULL,
35 miasto text NOT NULL,
36 kod_poczt int(11) NOT NULL,
37 ulica text NOT NULL,
38 tel int(11) NOT NULL,
39 nip int(11) NOT NULL,
40 opis text NOT NULL,
41 maincategory text NOT NULL,
42 hash varchar(125) NOT NULL,
43 APRO tinyint(1) DEFAULT '0' NOT NULL,
44 EC int(11) DEFAULT '0' NOT NULL,
45 uid int(11) NOT NULL,
46 PRIMARY KEY (id)
47 )";
48
49 require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
50 dbDelta($sql);
51}
52createPostTable();
53function createMsgTable () {
54 global $wpdb;
55
56 $table_name = $wpdb->prefix . "katalog_ustawienia";
57
58 $sql = "CREATE TABLE IF NOT EXISTS $table_name (
59 id int(11) NOT NULL AUTO_INCREMENT,
60 msgc text NOT NULL,
61 msgd varchar(255) NOT NULL,
62 msga varchar(255) NOT NULL,
63 slowa_klucz_limit int(11) NOT NULL,
64 PRIMARY KEY (id)
65 )";
66 $c = $wpdb->get_var("SELECT COUNT(id) FROM $table_name");
67 //echo "Liczba wierszy id ", $c;
68
69 if($c<1){
70 $wpdb->query("INSERT INTO `$table_name` (`msgc`, `msgd`, `msga`, `slowa_klucz_limit`) VALUES ('Przykladowa wiadomosc z prosba o potwierdzenie wpisu', 'Przykladowa wiadomosc o odrzuceniu wpisu', 'Przykladowa wiadomosc z o dodanie wpisu', '3')");
71 }
72 require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
73 dbDelta($sql);
74}
75createMsgTable();
76
77function returem($whats){
78 global $wpdb;
79 $table_name = $wpdb->prefix . "katalog_wpisy"; //test
80 $comm = " ";
81 foreach($wpdb->get_results("SELECT * FROM `$table_name`") as $key => $row){
82 $comm = $row->$whats;
83 }
84 return $comm;
85}
86/*function check(){
87 global $wpdb;
88
89}*/
90
91if(isset($_POST['val'])){
92 global $wpdb;
93 $table_name = $wpdb->prefix . "katalog_wpisy"; //test
94 $val = $_POST['val'];
95 $wpdb->query('UPDATE '.$table_name.' SET APRO=1 WHERE id='.$_POST['val'].'');
96
97 $pid = returem('uid');
98 $updated_post = array(
99 'ID' => $pid,
100 'post_status' => 'publish',
101 );
102 wp_update_post($updated_post);
103 $headers = "MIME-Version: 1.0\r\n";
104 $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
105 $epid = esc_url(get_permalink($pid, false));
106 $msg = returnme('msga').' <a href="'.$epid.'">link</a>';
107 mail(returem('email'), 'Twoj wpis zostal dodany', $msg, $headers); #akceptacja tymczasowa
108}
109
110#AJAX SELF
111if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) AND strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest'){
112 null; #POZNIEJ
113}
114
115
116function generateRandomString($length = 10) {
117 $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
118 $charactersLength = strlen($characters);
119 $randomString = '';
120 for ($i = 0; $i < $length; $i++) {
121 $randomString .= $characters[rand(0, $charactersLength - 1)];
122 }
123 return $randomString;
124}
125if(isset($_GET['hash']) AND isset($_GET['email'])){
126 global $wpdb;
127 $table_name = $wpdb->prefix . "katalog_wpisy"; //test
128 foreach($wpdb->get_results("SELECT * FROM $table_name WHERE EC=0") as $key => $row){
129 if($_GET['hash'] == $row->hash AND $_GET['email'] == $row->email ){
130 $wpdb->query('UPDATE '.$table_name.' SET EC=1 WHERE hash="'.$_GET['hash'].'"');
131 }
132 }
133}
134function returnme($what){
135 global $wpdb;
136 $table_name = $wpdb->prefix . "katalog_ustawienia"; //test
137 $comm = " ";
138 foreach($wpdb->get_results("SELECT * FROM `$table_name`") as $key => $row){
139 $comm = $row->$what;
140 }
141 return $comm;
142}
143if(isset($_POST['valdeny'])){
144 global $wpdb;
145 $table_name = $wpdb->prefix . "katalog_wpisy"; //test
146 $val = $_POST['valdeny'];
147 $wpdb->query('DELETE FROM `'.$table_name.'` WHERE id='.$_POST['valdeny'].'');
148 $headers = "MIME-Version: 1.0\r\n";
149 $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
150 $msg = returnme('msgd');
151
152 mail(returem('email'), 'Twoj wpis zostal odrzucony', $msg, $headers); #akceptacja tymczasowa
153}
154
155
156
157if(isset($_POST['textopis'])){
158 global $wpdb;
159 $table_name = $wpdb->prefix . "katalog_ustawienia"; //test
160 $glvar = htmlspecialchars($_POST['textopis']);
161 $wpdb->query('UPDATE `'.$table_name.'` SET msgc="'.$glvar.'"WHERE id="1"');
162}
163if(isset($_POST['textdeny'])){
164 global $wpdb;
165 $table_name = $wpdb->prefix . "katalog_ustawienia"; //test
166 $slvar = htmlspecialchars($_POST['textdeny']);
167 $wpdb->query('UPDATE `'.$table_name.'` SET msgd="'.$slvar.'"WHERE id="1"');
168}
169if(isset($_POST['textapro'])){
170 global $wpdb;
171 $table_name = $wpdb->prefix . "katalog_ustawienia"; //test
172 $mlvar = htmlspecialchars($_POST['textapro']);
173 $wpdb->query('UPDATE `'.$table_name.'` SET msga="'.$mlvar.'"WHERE id="1"');
174}
175if(isset($_POST['max_limit'])){
176 global $wpdb;
177 $table_name = $wpdb->prefix . "katalog_ustawienia"; //test
178 $varl = $_POST['max_limit'];
179 $wpdb->query('UPDATE `'.$table_name.'` SET `slowa_klucz_limit`="'.$varl.'" WHERE id="1"');
180}
181
182function first3words($s, $limit=3){
183 return preg_replace('/((\w+\W*){'.($limit-1).'}(\w+))(.*)/', '${1}', $s);
184}
185
186
187
188#USTAWIENIA
189function test_glowna(){
190 global $wpdb;
191 ?>
192 <div class="KatalogWrap">
193 <form method="post" action="">
194 <div class="KatalogPole" style="float:left;width:33%;">
195 <label for="wiadomosc" style="width:100%">Wiadomosc z prosba o potwierdzenie wpisu</label>
196 <textarea name="textopis" style="width:100%" id="wiadomosc"> <?php echo returnme('msgc'); ?> </textarea>
197 </div>
198 <!-- !-->
199 <div class="KatalogPole" style="float:left;width:33%;">
200 <label for="wiadomosc" style="width:100%"> Wiadomosc o odrzuceniu postu</label>
201 <textarea name="textdeny" style="width:100%" id="wiadomosc"> <?php echo returnme('msgd'); ?> </textarea>
202 </div>
203 <!-- !-->
204 <div class="KatalogPole" style="float:left;width:33%;">
205 <label for="wiadomosc" style="width:100%">Wiadomosc o dodanie wpisu</label>
206 <textarea name="textapro" style="width:100%" id="wiadomosc"> <?php echo returnme('msga'); ?> </textarea>
207 </div>
208 <!-- !-->
209 <div style="clear:both"></div>
210 <div class="KatalogPole" style="float:left;width:33%;">
211 <label for="limitw" style="width:26%;">Ilosc slow kluczowych</label>
212 <input id="limitw" type="number" name="max_limit" value="<?php echo returnme('slowa_klucz_limit'); ?>" >
213 </div>
214 <div style="clear:both"></div>
215 <div style="float:left;width:33%;">
216 <input type="submit" value="zapisz">
217 </div>
218 </form>
219 </div>
220
221 <table style="margin:auto;border-spacing: 5px" class="table">
222 <thead>
223 <tr style="text-align:center">
224 <th>NAZWA</th>
225 <th>TYTUL</th>
226 <th>SLOWA KLUCZOWE</th>
227 <th>EMAIL</th>
228 <th>STRONA INTERNETOWA</th>
229 <th>MIASTO</th>
230 <th>KOD POCZTOWY</th>
231 <th>ULICA</th>
232 <th>TELEFON</th>
233 <th>NIP</th>
234 <th>OPIS</th>
235 <th>AKCJA</th>
236 </tr>
237 </thead>
238 <tbody>
239 <?php
240 $table_name = $wpdb->prefix . "katalog_wpisy"; //test
241 foreach($wpdb->get_results("SELECT * FROM $table_name WHERE EC=1 AND APRO=0") as $key => $row){
242 echo '
243 <tr style="text-align:center">
244 <td>'.$row->Nazwa.'</td>
245 <td>'.$row->Tytul.'</td>
246 <td>'.$row->maincategory.'</td>
247 <td>'.$row->slowa_klucz.'</td>
248 <td>'.$row->email.'</td>
249 <td>'.$row->website.'</td>
250 <td>'.$row->miasto.'</td>
251 <td>'.$row->kod_poczt.'</td>
252 <td>'.$row->ulica.'</td>
253 <td>'.$row->tel.'</td>
254 <td>'.$row->nip.'</td>
255 <td>'.$row->opis.'</td>
256
257 <td><form method="post"><input type="number" name="valdeny" value='.$row->id.' hidden><input name="update" type="submit" value="Odrzuc" ></form></td>
258 <td><form method="post"><input type="number" name="val" value='.$row->id.' hidden><input name="update" type="submit" value="Akceptuj" ></form></td>
259 </tr>
260 ';
261 }
262 ?>
263 </tbody>
264 </table>
265 <?php
266}
267function hasSubdomain($url) {
268 $parsede = parse_url($url);
269 $parsed = str_replace('www.', '', $parsede);
270 $exploded = explode('.', $parsed["host"]);
271 return (count($exploded) > 2);
272}
273
274if(!empty($_POST) AND $_SERVER['REQUEST_METHOD'] == 'POST'){
275 if(isset($_POST['nazwa']) AND isset($_POST['tytul']) AND isset($_POST['maincategory']) AND isset($_POST['slowa_kluczowe']) AND isset($_POST['email']) AND isset($_POST['website']) AND isset($_POST['miasto']) AND isset($_POST['kod_pocztowy']) AND isset($_POST['ulica']) AND isset($_POST['telefon']) AND isset($_POST['nip']) AND isset($_POST['opis'])){
276 global $wpdb;
277 $table_name = $wpdb->prefix . "katalog_wpisy"; //test
278 $web = $_POST['website'];
279 $count = $wpdb->get_var('SELECT COUNT(*) FROM `'.$table_name.'` WHERE website="'.$web.'" ');
280
281 if($count == '0' AND hasSubdomain(returem['website']) != '1'){ // sprwadzenie istnienia adresu www w BD
282 $secret = generateRandomString($length = 10);
283 $headers = "From: " . strip_tags($_POST['email']) . "\r\n";
284 $headers .= "Reply-To: ". strip_tags($_POST['email']) . "\r\n";
285 $headers .= "MIME-Version: 1.0\r\n";
286 $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
287 $email = urlencode($_POST['email']);
288 $hash = MD5($_POST['email'].$secret);
289 $post = array();
290 $post['post_status'] = 'pending';
291 $post['post_title'] = htmlspecialchars($_POST['tytul']);
292 $post['post_content'] = htmlspecialchars($_POST['opis']);
293 $post['post_category'] = array($_POST['maincategory']);
294 $post['post_content'] .= "\n Adres email: ".htmlspecialchars($_POST['email']);
295 $post['post_content'] .= "\n Strona internetowa: <a href='".htmlspecialchars($_POST['website'])."'>Link</a>";
296 $post['post_content'] .= "\n Miasto: ".htmlspecialchars($_POST['miasto']);
297 $post['post_content'] .= "\n Kod pocztowy: ".htmlspecialchars($_POST['kod_pocztowy']);
298 $post['post_content'] .= "\n Ulica: ".htmlspecialchars($_POST['ulica']);
299 $post['post_content'] .= "\n Telefon: ".htmlspecialchars($_POST['telefon']);
300 $post['post_content'] .= "\n NIP: ".htmlspecialchars($_POST['nip']);
301 $postId = wp_insert_post( $post );
302 wp_set_post_tags( $postId, str_replace(' ', ',',first3words(htmlspecialchars($_POST['slowa_kluczowe']), returnme('slowa_klucz_limit'))), true );
303 // https://s.wordpress.com/mshots/v1/http%3A%2F%2F'xxx'?w=612 //
304 $wpdb->insert(''.$table_name.'',
305 array(
306 'Nazwa' => htmlspecialchars($_POST['nazwa']),
307 'Tytul' => htmlspecialchars($_POST['tytul']),
308 'maincategory' => $_POST['maincategory'],
309 'slowa_klucz' => first3words(htmlspecialchars($_POST['slowa_kluczowe']), returnme('slowa_klucz_limit')),
310 'email' => htmlspecialchars($_POST['email']),
311 'website' => htmlspecialchars($_POST['website']),
312 'miasto' => htmlspecialchars($_POST['miasto']),
313 'kod_poczt' => htmlspecialchars($_POST['kod_pocztowy']),
314 'ulica' => htmlspecialchars($_POST['ulica']),
315 'tel' => htmlspecialchars($_POST['telefon']),
316 'nip' => htmlspecialchars($_POST['nip']),
317 'opis' => htmlspecialchars($_POST['opis']),
318 'hash' => $hash,
319 'uid' => $postId,
320 ));
321 $attachment_id = media_handle_upload('html-upload', $postId);
322 $attachment_url = wp_get_attachment_url($attachment_id);
323 $filename = $attachment_url;
324 $parent_post_id = $postId;
325
326 $filetype = wp_check_filetype( basename( $filename ), null );
327
328 $wp_upload_dir = wp_upload_dir();
329
330
331 $attachment = array(
332 'guid' => $wp_upload_dir['url'] . '/' . basename( $filename ),
333 'post_mime_type' => $filetype['type'],
334 'post_title' => preg_replace( '/\.[^.]+$/', '', basename( $filename ) ),
335 'post_content' => '',
336 'post_status' => 'inherit'
337 );
338
339
340 $attach_id = wp_insert_attachment( $attachment, $filename, $parent_post_id );
341
342
343 require_once( ABSPATH . 'wp-admin/includes/image.php' );
344
345 $attach_data = wp_generate_attachment_metadata( $attach_id, $filename );
346 wp_update_attachment_metadata( $attach_id, $attach_data );
347
348 set_post_thumbnail( $parent_post_id, $attach_id );
349
350 $host = $_SERVER['HTTP_HOST'];
351
352 $msg = returnme('msgc').'<a href="'.$host.'/dodaj-wpis/?email='.$email.'&hash='.$hash.'">Link</a>';
353 mail($_POST['email'], 'Prosba o potwierdzenie wpisu', $msg, $headers); #potwierdzenie tymczasowe
354 die(header("Location: index.php"));
355 }else{
356 echo "Podana strona internetowa zostala juz dodana";
357 }
358
359 }
360}
361
362
363/*function input_function($atts){
364 $a = shortcode_atts( array(
365 'type' => '',
366 'name' => '',
367 'id' => '',
368 'placeholder' => ''
369 ), $atts );
370 return "<input id={$a['id']} type={$a['type']} name={$a['name']} placeholder={$a['placeholder']} >";
371}
372add_shortcode('input', 'input_function');
373
374function link_shortcode($atts, $content=null){
375 $a = shortcode_atts(array(
376 'for' => 'label',
377 ), $atts);
378 return '<label for="'.esc_attr($a['for']).'">'.$content.'</label>';
379}
380add_shortcode('link', 'link_shortcode');*/
381
382
383function fields(){
384 echo '
385
386 <div class="DodajWpis"> <h1> Dodaj wpis </h1> </div>
387 <form method="post" id="#form" action="" enctype="multipart/form-data">
388
389 <label class="katalogLabelName" for="name">Nazwa</label>
390 <input class="Input" id="name" type="text" style="width:50%;" name="nazwa" required>
391
392 <label class="katalogLabelName" for="tytul">Tytul</label>
393 <input class="Input" type="text" style="width:50%;" name="tytul">
394
395 <label class="katalogLabelName" for="maincategory">Kategoria</label>
396 <select name="maincategory" required>';
397 $args = array('show_option_none' => 'No Category','hide_empty' => 0);
398 $kategorie = get_categories( $args );
399 foreach ( $kategorie as $category ) :
400 echo '<option value="' . $category->term_id . '">' . $category->name . '</option>';
401 endforeach;
402 echo '</select>
403
404 <label class="katalogLabelName" for="slowa_kluczowe">Slowa kluczowe (Limit to '.returnme('slowa_klucz_limit').')</label>
405 <input class="Input" type="text" style="width:50%;" name="slowa_kluczowe" id="slowa_kluczowe" required>
406
407 <label class="katalogLabelName" for="email">Adres e-mail</label>
408 <input class="Input" type="email" style="width:50%;" name="email" id="email">
409
410 <label class="katalogLabelName" for="website">Adres strony internetowej</label>
411 <input class="Input" type="url" style="width:50%;" id="website" name="website" required>
412
413 <label class="katalogLabelName" for="miasto">Miasto</label>
414 <input class="Input" type="text" style="width:50%;" name="miasto" id="miato">
415
416 <label class="katalogLabelName" for="kod_pocztowy" >Kod pocztowy</label>
417 <input class="Input" type="number" style="width:50%;" name="kod_pocztowy" id="kod_pocztowy" required>
418
419 <label class="katalogLabelName" for="Ulica">Ulica</label>
420 <input class="Input" type="text" style="width:50%;" name="ulica" id="ulica" required>
421
422 <label class="katalogLabelName" for="tel">Telefon</label>
423 <input class="Input" type="number" style="width:50%;" name="telefon" id="tel" required>
424
425 <label class="katalogLabelName" for="nip">NIP</label>
426 <input class="Input" type="number" style="width:50%;" name="nip" id="nip" required>
427
428 <input class="Wyslij" type="file" id="async-upload" name="html-upload" accept="image/png, image/jpeg" required >
429 <br>
430
431 <label class="katalogLabelName" for="textarea">Opis</label>
432 <textarea id="textarea" style="width:50%;" name="opis" required></textarea>
433 <input type="submit" value="wyslij" class="button">
434
435 </form>
436 ';
437
438}
439add_shortcode('form', 'fields');
440
441
442
443/*function get_shot( $website = '', $width = 150, $height = 80 ) {
444
445// Image found.
446 if ( '' !== $website ) {
447
448 $query_args = array(
449 'w' => intval( $width ),
450 'h' => intval( $height ),
451 );
452
453 return add_query_arg( $query_args, 'https://s0.wordpress.com/mshots/v1/' . rawurlencode( esc_url( $website ) ) );
454
455 }
456
457 return '';
458
459}
460
461function shortcode( $website, $content = '', $code = '' ) {
462
463 // Get screenshot.
464 $image_uri = $this->get_shot( $website, $width = 150, $height = 80 );
465
466 if ( ! empty( $image_uri ) ) {
467
468 ob_start();
469
470 if ( ! empty( $content ) ) {
471 echo '<div class="wp-caption" style="width:' . ( intval( $width ) + 10 ) . 'px;">';
472 }
473
474 ?><div class="browser-shot <?php echo esc_attr( $class ); ?>"><a href="<?php echo esc_url( $link ); ?>" <?php echo esc_html( $target ); ?>><img src="<?php echo esc_url( $image_uri ); ?>" alt="<?php echo esc_attr( $alt ); ?>" width="<?php echo intval( $width ); ?>" height="<?php echo intval( $height ); ?>" class="<?php echo esc_attr( $image_class ); ?>" /></a></div><?php
475
476 if ( ! empty( $content ) ) {
477 echo '<p class="wp-caption-text">' . esc_html( $content ) . '</p></div>';
478 }
479
480 return ob_get_clean();
481
482 }
483
484 return '';
485
486}*/
487
488
489
490function base_tag(){
491 global $wpdb;
492 $table_name = $wpdb->prefix . "katalog_wpisy"; //test
493 $co = '';
494 $co .= "<table> <tr><th>Nazwa</th><th>Slowa kluczowe</th><th>Tytul</th></tr>";
495 foreach($wpdb->get_results("SELECT * FROM $table_name WHERE APRO=1") as $key => $row){
496 $co .= '<tr><td>'.$row->Nazwa.'</td>';
497 $co .= '<td>'.$row->slowa_klucz.'</td>';
498 $co .= '<td>'.$row->Tytul.'</td></tr>';
499 }
500 $co .= "</table>";
501 return $co;
502}
503add_shortcode('all', 'base_tag');
504
505
506?>