php plugin

<?php
/**
 * Plugin Name:       Xclusive Custom Features
 * Description:       A plugin handles login into the xclusive website as well as display of events listing from event vendors .
 * Version:           1.0.0
 * Author:            Rightclick (A-sin Cole)
 * License:           GPL-2.0+
 * Text Domain:       xclusive
 */


 class Xclusive_Plugin
 {
     /**
     * Creates the plugin class.
     *
     * To keep the initialization fast, only add filter and action
     * hooks in the constructor.
     */
     public function __construct()
     {
         // the code below registers the shortcode for the login form in the plugin
         add_shortcode('xclusive-login-form', array( $this, 'render_login_form' ));
         // code below redirects user to our custom login page
         add_action('login_form_login', array( $this, 'redirect_to_custom_login' ));
         add_filter('authenticate', 'wp_authenticate_username_password', 20, 3);
         add_filter('authenticate', 'wp_authenticate_spam_check', 99);
         add_filter('authenticate', array( $this, 'maybe_redirect_at_authenticate' ), 101, 3);
         add_action('wp_logout', array( $this, 'redirect_after_logout' ));
         add_filter('login_redirect', array( $this, 'redirect_after_login' ), 10, 3);
         // the code below registers the shortcode for the registeration form in the plugin
         add_shortcode('xclusive-register-form', array( $this, 'render_register_form' ));
         // code below redirects user to our custom registration page
         add_action('login_form_register', array( $this, 'redirect_to_custom_register' ));
         // call registration function when user submits the form
         add_action('login_form_register', array( $this, 'do_register_user' ));

         // the code below registers the shortcode for the events page in the plugin
         add_shortcode('nairabox-events', array($this, 'render_events_page' ));
         // the code below registers the shortcode for the movies page in the plugin
         add_shortcode('nairabox-movies', array($this, 'render_movies_page'));
         // the code below registers the shortcode for the afri tickets event page in the plugin
         add_shortcode('afritickets-events', array($this, 'render_afrievents_page'));
         // add filter for ajax calls to increment and edit data for movies tickets quota
         add_action('wp_ajax_my_action', array($this,'update_nairabox_movies_quota'));
         // add filter for ajax calls to increment and edit data for events tickets quota
         add_action('wp_ajax_my_action_events', array($this,'update_nairabox_events_quota'));
         add_action('wp_ajax_get_nairabox_event_quota', array($this,'get_nairabox_event_quota'));
         //  register cron job
         add_action('monthly_quota_event', array($this, 'update_tickets_quota_monthly' ));
     }


     /**
    * Plugin activation hook.
    *
    * Creates all WordPress pages needed by the plugin.
    * this code runs once when plugin is activated
    */
     public static function plugin_activated()
     {
         // Information needed for creating the plugin's pages
         $page_definitions = array(
            'member-login' => array(
                'title' => __('Sign In', 'xclusive'),
                'content' => '[xclusive-login-form]'
            ),
            'member-account' => array(
                'title' => __('Your Account', 'xclusive'),
                'content' => '[account-info]'
            ),
            'events-listing' => $arrayName = array(
                'title' => __('Events', 'xclusive'),
                'content' => '[nairabox-events]'
            ),
            'afrievents-listing' => $arrayName = array(
                'title' => __('Events', 'xclusive'),
                'content' => '[afritickets-events]'
            ),
            'movies-listing' => $arrayName = array(
                'title' => __('Movies', 'xclusive'),
                'content' => '[nairabox-movies]'
            ),
            'member-register' => array(
                'title' => __('Register', 'xclusive'),
                'content' => '[xclusive-register-form]'
            ),
        );

         foreach ($page_definitions as $slug => $page) {
             // Check that the page doesn't exist already
             $query = new WP_Query('pagename=' . $slug);
             if (! $query->have_posts()) {
                 // Add the page using the data from the array above
                 wp_insert_post(
                    array(
                        'post_content'   => $page['content'],
                        'post_name'      => $slug,
                        'post_title'     => $page['title'],
                        'post_status'    => 'publish',
                        'post_type'      => 'page',
                        'ping_status'    => 'closed',
                        'comment_status' => 'closed',
                    )
                );
             }
         }

        //  create movies ticket count in wordpress options table
         update_option("monthly_movies_ticket_count", 1500);
        //  create events ticket count in wordpress options table
         update_option("quarterly_events_ticket_count", 1500);
     }

     public function update_nairabox_events_quota()
     {
        //  number of tickets retrieved from API call
         $value =  intval(sanitize_text_field($_POST['value']));
        //  retrieve user id
         $user_id = get_current_user_id();
        //  get number of tickets user has left for the period
         $events_ticket_quota_left = get_user_meta($user_id, 'events_ticket_quota_left', true);
        //  check last month user redeemed ticket
         $events_ticket_last_redeemed_month = get_user_meta($user_id, 'events_ticket_last_redeemed_month', true);
        //  current month value
         $current_month = date('m');
         $current_monthly_events_ticket_count = get_option("quarterly_events_ticket_count");
         if ($current_month != $events_ticket_last_redeemed_month) {
             update_user_meta($user_id, 'events_ticket_last_redeemed_month', $current_month);
             update_user_meta($user_id, 'events_ticket_quota_left', $value);
             $new_monthly_events_ticket_count = $current_monthly_events_ticket_count - $value;
             update_option("quarterly_events_ticket_count", $new_monthly_events_ticket_count);

             wp_die(); // this is required to terminate immediately and return a proper response
         } elseif ($current_month == $events_ticket_last_redeemed_month && $events_ticket_quota_left > 0) {
             update_user_meta($user_id, 'events_ticket_quota_left', ($events_ticket_quota_left -  $value));
             $new_monthly_events_ticket_count = $current_monthly_events_ticket_count - $value;
             update_option("quarterly_events_ticket_count", $new_monthly_events_ticket_count);
             wp_die(); // this is required to terminate immediately and return a proper response
         } elseif ($current_month == $events_ticket_last_redeemed_month && $events_ticket_quota_left == 0) {
             wp_die(); // this is required to terminate immediately and return a proper response
         }
     }

     public function update_nairabox_movies_quota()
     {
         $value =  intval(sanitize_text_field($_POST['value']));
         $user_id = get_current_user_id();
         $movies_ticket_quota_left = get_user_meta($user_id, 'movies_ticket_quota_left', true);
         $movies_ticket_last_redeemed_month = get_user_meta($user_id, 'movies_ticket_last_redeemed_month', true);
         $current_month = date('m');
         $current_monthly_movies_ticket_count = get_option("monthly_movies_ticket_count");
         if ($current_month != $movies_ticket_last_redeemed_month) {
             update_user_meta($user_id, 'movies_ticket_last_redeemed_month', $current_month);
             update_user_meta($user_id, 'movies_ticket_quota_left', $value);
             $new_monthly_movies_ticket_count = $current_monthly_movies_ticket_count - $value;
             update_option("monthly_movies_ticket_count", $new_monthly_movies_ticket_count);

             wp_die(); // this is required to terminate immediately and return a proper response
         } elseif ($current_month == $movies_ticket_last_redeemed_month && $movies_ticket_quota_left > 0) {
             update_user_meta($user_id, 'movies_ticket_quota_left', ($movies_ticket_quota_left -  $value));
             $new_monthly_movies_ticket_count = $current_monthly_movies_ticket_count - $value;
             update_option("monthly_movies_ticket_count", $new_monthly_movies_ticket_count);
             wp_die(); // this is required to terminate immediately and return a proper response
         } elseif ($current_month == $movies_ticket_last_redeemed_month && $movies_ticket_quota_left == 0) {
             wp_die(); // this is required to terminate immediately and return a proper response
         }
     }

     public function get_nairabox_event_quota()
     {
         $user_id = get_current_user_id();
         $quota_used = get_user_meta($user_id, 'movies_ticket_quota_left', true);
         echo $quota_used;

         wp_die();
     }


     /**
     * A shortcode for rendering the new user registration form.
     *
     * @param  array   $attributes  Shortcode attributes.
     * @param  string  $content     The text content for shortcode. Not used.
     *
     * @return string  The shortcode output
     */
     public function render_register_form($attributes, $content = null)
     {
         // Parse shortcode attributes
         $default_attributes = array( 'show_title' => false );
         $attributes = shortcode_atts($default_attributes, $attributes);

         if (is_user_logged_in()) {
             return __('You are already signed in.', 'xclusive');
         } elseif (! get_option('users_can_register')) {
             return __('Registering new users is currently not allowed.', 'xclusive');
         } else {
             // Retrieve possible errors from request parameters
             $attributes['errors'] = array();
             if (isset($_REQUEST['register-errors'])) {
                 $error_codes = explode(',', $_REQUEST['register-errors']);

                 foreach ($error_codes as $error_code) {
                     $attributes['errors'] []= $this->get_error_message($error_code);
                 }
             }
             return $this->get_template_html('register_form', $attributes);
         }
     }

     /**
     * Redirects the user to the custom registration page instead
     * of wp-login.php?action=register.
     */
     public function redirect_to_custom_register()
     {
         if ('GET' == $_SERVER['REQUEST_METHOD']) {
             if (is_user_logged_in()) {
                 $this->redirect_logged_in_user();
             } else {
                 wp_redirect(home_url('member-register'));
             }
             exit;
         }
     }

     /**
     * Validates and then completes the new user signup process if all went well.
     *
     * @param string $email         The new user's email address
     * @param string $first_name    The new user's first name
     * @param string $last_name     The new user's last name
     * @param string $phone         The user's phone number
     *
     * @return int|WP_Error         The id of the user that was created, or error if failed.
     */
     private function register_user($email, $first_name, $last_name, $phone)
     {
         $errors = new WP_Error();

         // Email address is used as both username and email. It is also the only
         // parameter we need to validate
         if (! is_email($email)) {
             $errors->add('email', $this->get_error_message('email'));
             return $errors;
         }

         if (username_exists($email) || email_exists($email)) {
             // $errors->add( 'email_exists', $this->get_error_message( 'email_exists') );
             $creds = array(
                'user_login'    => $email,
                'user_password' => 'Vu0bqg^h1P7pECozLLLabILp766dssjbHH',
                'remember'      => true
            );
             $user = wp_signon($creds, false);
             return $user;
         }

         // Generate the password so that the subscriber will have to check email...
         $password = 'Vu0bqg^h1P7pECozLLLabILp766dssjbHH';

         $user_data = array(
            'user_login'    => $email,
            'user_email'    => $email,
            'user_pass'     => $password,
            'first_name'    => $first_name,
            'last_name'     => $last_name,
            'nickname'      => $first_name,
        );

         $user_id = wp_insert_user($user_data);
         add_user_meta($user_id, 'phone', $phone);
         // wp_new_user_notification( $user_id, $password );

        //  set current month as last time user redeemed movies ticket in wordpress options table
         update_user_meta($user_id, 'movies_ticket_last_redeemed_month', date('m'));
        //  set users movies ticket quota to 2
         update_user_meta($user_id, 'movies_ticket_quota_left', 2);
         //  set current month as last time user redeemed event ticket in wordpress options table
         update_user_meta($user_id, 'events_ticket_last_redeemed_month', date('m'));
         //  set users event ticket quota to 1
         update_user_meta($user_id, 'events_ticket_quota_left', 1);

         // redirect_after_login(get_home_url());
         return $user_id;
     }

     /**
     * Handles the registration of a new user.
     *
     * Used through the action hook "login_form_register" activated on wp-login.php
     * when accessed through the registration action.
     */
     public function do_register_user()
     {
         if ('POST' == $_SERVER['REQUEST_METHOD']) {
             $redirect_url = home_url('member-register');

             if (! get_option('users_can_register')) {
                 // Registration closed, display error
                 $redirect_url = add_query_arg('register-errors', 'closed', $redirect_url);
             } else {
                 $email = $_POST['email'];
                 $first_name = sanitize_text_field($_POST['first_name']);
                 $last_name = sanitize_text_field($_POST['last_name']);
                 $phone = sanitize_text_field(($_POST['phone']));

                 $result = $this->register_user($email, $first_name, $last_name, $phone);

                 if (is_wp_error($result)) {
                     // Parse errors into a string and append as parameter to redirect
                     $errors = join(',', $result->get_error_codes());
                     $redirect_url = add_query_arg('register-errors', $errors, $redirect_url);
                 } else {
                     // Success, redirect to home page.
                     $redirect_url = home_url();
                     $redirect_url = add_query_arg('registered', $email, $redirect_url);
                 }
             }

             wp_redirect($redirect_url);
             exit;
         }
     }


     /**
     * A shortcode for rendering the movies page.
     *
     * @param  array   $attributes  Shortcode attributes.
     * @param  string  $content     The text content for shortcode. Not used.
     *
     * @return string  The shortcode output
     */
     public function render_movies_page($attributes, $content = null)
     {
         // Parse shortcode attributes
         $default_attributes = array( 'show_title' => false );
         $attributes = shortcode_atts($default_attributes, $attributes);
         $show_title = $attributes['show_title'];


         // Pass the redirect parameter to the WordPress login functionality: by default,
         // don't specify a redirect, but if a valid redirect URL has been passed as
         // request parameter, use it.
         $attributes['redirect'] = '';
         if (isset($_REQUEST['redirect_to'])) {
             $attributes['redirect'] = wp_validate_redirect($_REQUEST['redirect_to'], $attributes['redirect']);
         }
         // Error messages
         $errors = array();
         if (isset($_REQUEST['login'])) {
             $error_codes = explode(',', $_REQUEST['login']);

             foreach ($error_codes as $code) {
                 $errors []= $this->get_error_message($code);
             }
         }
         $attributes['errors'] = $errors;

         // Check if user just logged out
         $attributes['logged_out'] = isset($_REQUEST['logged_out']) && $_REQUEST['logged_out'] == true;

         // Render the login form using an external template
         return $this->get_template_html('movies', $attributes);
     }


     /**
     * A shortcode for rendering the events page.
     *
     * @param  array   $attributes  Shortcode attributes.
     * @param  string  $content     The text content for shortcode. Not used.
     *
     * @return string  The shortcode output
     */
     public function render_events_page($attributes, $content = null)
     {
         // Parse shortcode attributes
         $default_attributes = array( 'show_title' => false );
         $attributes = shortcode_atts($default_attributes, $attributes);
         $show_title = $attributes['show_title'];


         // Pass the redirect parameter to the WordPress login functionality: by default,
         // don't specify a redirect, but if a valid redirect URL has been passed as
         // request parameter, use it.
         $attributes['redirect'] = '';
         if (isset($_REQUEST['redirect_to'])) {
             $attributes['redirect'] = wp_validate_redirect($_REQUEST['redirect_to'], $attributes['redirect']);
         }
         // Error messages
         $errors = array();
         if (isset($_REQUEST['login'])) {
             $error_codes = explode(',', $_REQUEST['login']);

             foreach ($error_codes as $code) {
                 $errors []= $this->get_error_message($code);
             }
         }
         $attributes['errors'] = $errors;

         // Check if user just logged out
         $attributes['logged_out'] = isset($_REQUEST['logged_out']) && $_REQUEST['logged_out'] == true;

         // Render the login form using an external template
         return $this->get_template_html('events', $attributes);
     }

     /**
     * A shortcode for rendering the events page.
     *
     * @param  array   $attributes  Shortcode attributes.
     * @param  string  $content     The text content for shortcode. Not used.
     *
     * @return string  The shortcode output
     */
     public function render_afrievents_page($attributes, $content = null)
     {
         // Parse shortcode attributes
         $default_attributes = array( 'show_title' => false );
         $attributes = shortcode_atts($default_attributes, $attributes);
         $show_title = $attributes['show_title'];


         // Pass the redirect parameter to the WordPress login functionality: by default,
         // don't specify a redirect, but if a valid redirect URL has been passed as
         // request parameter, use it.
         $attributes['redirect'] = '';
         if (isset($_REQUEST['redirect_to'])) {
             $attributes['redirect'] = wp_validate_redirect($_REQUEST['redirect_to'], $attributes['redirect']);
         }
         // Error messages
         $errors = array();
         if (isset($_REQUEST['login'])) {
             $error_codes = explode(',', $_REQUEST['login']);

             foreach ($error_codes as $code) {
                 $errors []= $this->get_error_message($code);
             }
         }
         $attributes['errors'] = $errors;

         // Check if user just logged out
         $attributes['logged_out'] = isset($_REQUEST['logged_out']) && $_REQUEST['logged_out'] == true;

         // Render the login form using an external template
         return $this->get_template_html('afritickets_events', $attributes);
     }


     /**
     * A shortcode for rendering the login form.
     *
     * @param  array   $attributes  Shortcode attributes.
     * @param  string  $content     The text content for shortcode. Not used.
     *
     * @return string  The shortcode output
     */
     public function render_login_form($attributes, $content = null)
     {
         // Parse shortcode attributes
         $default_attributes = array( 'show_title' => false );
         $attributes = shortcode_atts($default_attributes, $attributes);
         $show_title = $attributes['show_title'];

         if (is_user_logged_in()) {
             return __('You are already signed in.', 'xclusive');
         }

         // Pass the redirect parameter to the WordPress login functionality: by default,
         // don't specify a redirect, but if a valid redirect URL has been passed as
         // request parameter, use it.
         $attributes['redirect'] = home_url();
         if (isset($_REQUEST['redirect_to'])) {
             $attributes['redirect'] = wp_validate_redirect($_REQUEST['redirect_to'], $attributes['redirect']);
         }
         // Error messages
         $errors = array();
         if (isset($_REQUEST['login'])) {
             $error_codes = explode(',', $_REQUEST['login']);

             foreach ($error_codes as $code) {
                 $errors []= $this->get_error_message($code);
             }
         }
         $attributes['errors'] = $errors;

         // Check if user just logged out
         $attributes['logged_out'] = isset($_REQUEST['logged_out']) && $_REQUEST['logged_out'] == true;

         // Render the login form using an external template
         return $this->get_template_html('login_form', $attributes);
     }

     /**
    * Renders the contents of the given template to a string and returns it.
    *
    * @param string $template_name The name of the template to render (without .php)
    * @param array  $attributes    The PHP variables for the template
    *
    * @return string               The contents of the template.
    */
     private function get_template_html($template_name, $attributes = null)
     {
         if (! $attributes) {
             $attributes = array();
         }

         ob_start();

         do_action('xclusive_before_' . $template_name);

         require('templates/' . $template_name . '.php');

         do_action('xclusive_after_' . $template_name);

         $html = ob_get_contents();
         ob_end_clean();

         return $html;
     }

     /**
    * Redirect the user to the custom login page instead of wp-login.php.
    */
     public function redirect_to_custom_login()
     {
         $redirect_to = isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : null;

         if ($_SERVER['REQUEST_METHOD'] == 'GET') {
             $redirect_to = isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : null;

             if (is_user_logged_in()) {
                 $this->redirect_logged_in_user($redirect_to);
                 exit;
             }

             // The rest are redirected to the login page
             $login_url = home_url('member-register');
             if (! empty($redirect_to)) {
                 $login_url = add_query_arg('redirect_to', $redirect_to, $login_url);
             }

             wp_redirect($login_url);
             exit;
         }
     }

     /**
    * Redirects the user to the correct page depending on whether he / she
    * is an admin or not.
    *
    * @param string $redirect_to   An optional redirect_to URL for admin users
    */
     private function redirect_logged_in_user($redirect_to = null)
     {
         $user = wp_get_current_user();
         if (user_can($user, 'manage_options')) {
             if ($redirect_to) {
                 wp_safe_redirect($redirect_to);
             } else {
                 wp_redirect(admin_url());
             }
         } else {
             wp_redirect(home_url('member-account'));
         }
     }

     /**
    * Redirect the user after authentication if there were any errors.
    *
    * @param Wp_User|Wp_Error  $user       The signed in user, or the errors that have occurred during login.
    * @param string            $username   The user name used to log in.
    * @param string            $password   The password used to log in.
    *
    * @return Wp_User|Wp_Error The logged in user, or error information if there were errors.
    */
     public function maybe_redirect_at_authenticate($user, $username, $password)
     {
         // Check if the earlier authenticate filter (most likely,
         // the default WordPress authentication) functions have found errors
         if ($_SERVER['REQUEST_METHOD'] === 'POST') {
             if (is_wp_error($user)) {
                 $error_codes = join(',', $user->get_error_codes());

                 $login_url = home_url('member-login');
                 $login_url = add_query_arg('login', $error_codes, $login_url);

                 wp_redirect($login_url);
                 exit;
             }
         }

         return $user;
     }

     /**
    * Finds and returns a matching error message for the given error code.
    *
    * @param string $error_code    The error code to look up.
    *
    * @return string               An error message.
    */
     private function get_error_message($error_code)
     {
         switch ($error_code) {
            case 'empty_username':
                return __('You do have an email address, right?', 'xclusive');

            case 'empty_password':
                return __('You need to enter a password to login.', 'xclusive');

            case 'invalid_username':
                return __(
                    "We don't have any users with that email address. Maybe you used a different one when signing up?",
                    'xclusive'
                );

            case 'incorrect_password':
                $err = __(
                    "The password you entered wasn't quite right. <a href='%s'>Did you forget your password</a>?",
                    'xclusive'
                );
                return sprintf($err, wp_lostpassword_url());
         // Registration errors

            case 'email':
            return __('The email address you entered is not valid.', 'xclusive');

            case 'email_exists':
            return __('An account exists with this email address.', 'xclusive');

            case 'closed':
            return __('Registering new users is currently not allowed.', 'xclusive');

            default:
                break;
        }

         return __('An unknown error occurred. Please try again later.', 'xclusive');
     }

     /**
    * Redirect to custom login page after the user has been logged out.
    */
     public function redirect_after_logout()
     {
         $redirect_url = home_url('login?logged_out=true');
         wp_safe_redirect($redirect_url);
         exit;
     }

     /**
    * Returns the URL to which the user should be redirected after the (successful) login.
    *
    * @param string           $redirect_to           The redirect destination URL.
    * @param string           $requested_redirect_to The requested redirect destination URL passed as a parameter.
    * @param WP_User|WP_Error $user                  WP_User object if login was successful, WP_Error object otherwise.
    *
    * @return string Redirect URL
    */
     public function redirect_after_login($redirect_to, $request, $user)
     {
         $redirect_to = $_GET['redirect_to'];

         if(!isset($user -> ID)){
             return $redirect_to;
         }

         if(user_can($user, 'manage_options')){
             $redirect_to = admin_url();
         } else {
             return $redirect_to;
         }

         return $redirect_to;
     }
 }

 // Initialize the plugin class
$xclusive_pages_plugin = new Xclusive_Plugin();

// Create the custom pages on plugin activation
register_activation_hook(__FILE__, array( 'Xclusive_Plugin', 'plugin_activated' ));