-
Notifications
You must be signed in to change notification settings - Fork 0
/
voyeurWP-ajax.php
238 lines (211 loc) · 8.11 KB
/
voyeurWP-ajax.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
<?php
/**
* This file holds all of the users
* custom information
*/
require_once('../../../wp-config.php'); // Makes sure we can access WP functions.
/**
* This is the main Voyeur file so we
* can create an instance of the class.
*/
require_once('voyeurWP.php'); // Allows us to access our other Voyeur functions.
global $wpdb;
$vwp = new VoyeurWP(); // Create new object based on the Voyeur class.
////////////////////////////////
//// ////
//// LOAD VOYEUR ////
//// ////
////////////////////////////////
if ($_POST['action'] == 'loadVoyeur') {
//////////////////////////////////////////
//// GENERATE ALL OF THE USER OPTIONS ////
//// USED WITHIN #VoyeurControlsAjax ////
//////////////////////////////////////////
//////////////////////
//// AUTHOR SELECT ///
//////////////////////
// Find all users who can post and HAVE posted something
$query = "SELECT ID, user_nicename FROM $wpdb->users WHERE ID IN (SELECT post_author FROM $wpdb->posts WHERE post_status = 'publish' AND post_type = 'post') ORDER BY user_nicename";
$author_ids = $wpdb->get_results($wpdb->prepare($query));
// In case we want to limit by user TYPE, use code below...:
// (Although we already limit by user type with saying that we only take users who have POSTED something... See query above.)
/*
foreach ($author_ids as &$author) {
$authorUserMeta = get_user_meta($author->ID, 'wp_capabilities');
// If the author does not have any posting capabilities, remove them.
if (!$authorUserMeta['administrator'] && !$authorUserMeta['author'] && !$authorUserMeta['editor']) {
unset($author);
}
}
*/
echo '<br />';
if (count($author_ids) > 1) { // Only display author options if WP has used more than one author.
echo '<h4><strong>' . __('Filter by Author:') . '</strong></h4>';
echo '<form id="voyeur_authors" name="voyeur_authors">';
echo '<table class="voyeurOptionSelect"><tr><td width="50%">';
$currentCol = 1;
// Loop through each author.
foreach($author_ids as $author) {
echo '<label><input type="checkbox" value="' . $author->ID . '" ';
echo 'name="author"';
echo ' /> ' . $author->user_nicename;
echo "\n" . '</label></td>';
if ($currentCol == 2) {
echo "\n" . '</tr>' . "\n" . '<tr><td width="50%">';
$currentCol = 1;
} else {
echo "\n" . '<td width="50%">';
$currentCol++;
}
}
echo '</td></tr></table>' . "\n" . '</form>' . "\n" . '<br />';
}
////////////////////////
//// CATEGORY SELECT ///
////////////////////////
$args=array(
'orderby' => 'name',
'order' => 'ASC'
);
$categories = get_categories($args);
if (count($categories) > 1) { // Only display category options if WP has used more than one category.
echo '<h4><strong>' . __('Filter by Category:') . '</strong></h4>';
echo '<form id="voyeur_categories" name="voyeur_categories">';
echo '<table class="voyeurOptionSelect"><tr><td width="50%">';
$currentCol = 1;
// Loop through each category.
foreach($categories as $cat) {
echo '<label><input type="checkbox" value="' . $cat->cat_ID . '" ';
echo 'name="category" /> ' . $cat->cat_name;
echo "\n" . '</label></td>';
if ($currentCol == 2) {
echo "\n" . '</tr>' . "\n" . '<tr><td width="50%">';
$currentCol = 1;
} else {
echo "\n" . '<td width="50%">';
$currentCol++;
}
}
echo '</td></tr></table>' . "\n" . '</form>' . "\n" . '<br />';
}
// Add tags and date fields for user Thickbox.
echo $vwp->vwp_addTagsAndTimeFields('user');
}
////////////////////////////////
//// ////
//// LOAD VALUES ////
//// ////
////////////////////////////////
else if ($_POST['action'] == 'loadVals') {
// Prepare checkbox inputs for use! //
// Get rid of commas to put into array cleanly.
if (isset($_POST['author'])) {
$authors = vwp_sanitizeNumerical($_POST['author']);
}
if (isset($_POST['category'])) {
$categories = vwp_sanitizeNumerical($_POST['category']);
}
//////////////////////////////////////
$checkedIds = array(); // Create an array to store checkboxes that are NOT grayed out.
////////////////////////
//// FIND AUTHORS ///
////////////////////////
$query = "SELECT ID FROM $wpdb->users WHERE ID IN (SELECT DISTINCT post_author FROM $wpdb->posts WHERE post_status = 'publish' AND post_type = 'post' ";
if (isset($authors)) {
$query .= "AND (";
for ($i = 0; $i < count($authors); $i++) {
$query .= 'post_author = ' . $authors[$i];
if ($i != (count($authors) - 1) && count($authors) > 1) { // If we're not at the last author AND there's more than one, add 'OR' to our statement.
$query .= ' || ';
}
}
$query .= ") ";
}
if (isset($categories)) {
$query .= "AND ID IN (SELECT object_id FROM $wpdb->term_relationships WHERE ";
for ($i = 0; $i < count($categories); $i++) {
$query .= 'term_taxonomy_id = ' . $categories[$i];
if ($i != (count($categories) - 1) && count($categories) > 1) // If we're not at the last category AND there's more than one, add 'OR' to our statement.
$query .= ' || ';
}
$query .= ')';
}
$query .= ')';
$result = $wpdb->get_results($wpdb->prepare($query));
for ($i = 0; $i < count($result); $i++) { // Create array of authors that correspond to checked boxes.
$checkedIds['authors'][$result[$i]->ID] = 1; // This strange array syntax is so we can use the Javascript 'in' operator later.
}
///////////////////////////
//// FIND CATEGORIES ///
///////////////////////////
$query = "SELECT DISTINCT term_taxonomy_id FROM $wpdb->term_relationships WHERE ";
if (isset($authors)) {
$query .= "object_id IN (SELECT DISTINCT ID FROM $wpdb->posts WHERE post_status = 'publish' AND ";
for ($i = 0; $i < count($authors); $i++) {
$query .= 'post_author = ' . $authors[$i];
if ($i != (count($authors) - 1) && count($authors) > 1) // If we're not at the last author AND there's more than one, add 'OR' to our statement.
$query .= ' || ';
}
$query .= ') ';
}
if (isset($categories)) {
if (isset($authors)) { // If already added author filters, need to say AND for next statement.
$query .= 'AND ';
}
$query .= "object_id IN (SELECT DISTINCT object_id FROM $wpdb->term_relationships WHERE ";
for ($i = 0; $i < count($categories); $i++) {
$query .= 'term_taxonomy_id = ' . $categories[$i];
if ($i != (count($categories) - 1) && count($categories) > 1) // If we're not at the last category AND there's more than one, add 'OR' to our statement.
$query .= ' || ';
}
$query .= ') ';
}
if (isset($authors) || isset($categories)) {
$query .= 'AND ';
}
$query .= "term_taxonomy_id IN (SELECT DISTINCT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE taxonomy = 'category')";
$result = $wpdb->get_results($wpdb->prepare($query));
for ($i = 0; $i < count($result); $i++) { // create array of authors that correspond to checked boxes
$checkedIds['categories'][$result[$i]->term_taxonomy_id] = 1;
}
echo json_encode($checkedIds); // Final output to voyeurWP.js.php.
}
////////////////////////////////
//// ////
//// FIND UNIX TIMESTAMP ////
//// ////
////////////////////////////////
else if ($_POST['action'] == 'findUnixTimestamp') {
$unixAuthors = $unixCategories = $unixTags = $unixDay = $unixMonth = $unixYear = '';
if (isset($_POST['author'])) {
$unixAuthors = wp_kses($_POST['author'], array());
}
if (isset($_POST['category'])) {
$unixCategories = wp_kses($_POST['category'], array());
}
if (isset($_POST['tag'])) {
$unixTags = wp_kses($_POST['tag'], array());
}
if (isset($_POST['day'])) {
$unixDay = (int) absint($_POST['day']);
}
if (isset($_POST['monthnum'])) {
$unixMonth = (int) absint($_POST['monthnum']);
}
if (isset($_POST['year'])) {
$unixYear = (int) absint($_POST['year']);
}
// Find the unix timestamp from user-defined filters.
echo $vwp->vwp_findUnixTimestamp($unixAuthors, $unixCategories, $unixTags, $unixDay, $unixMonth, $unixYear);
}
/**
* Sanitizes user integer $_GET input.
*/
function vwp_sanitizeNumerical($data) {
$sData = explode(',', rtrim($data, ',')); // Explode into array while trimming.
for ($i = 0; $i < count($sData); $i++) {
$sData[$i] = (int) absint($sData[$i]); // Make sure data is int AND is not negative.
}
return $sData;
}
?>