API tools faq
paste
Advertisement
rdusnr

Untitled

rdusnr
Jul 20th, 2017
100
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 36.61 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /**
  3. * AJAX Functions
  4. *
  5. * All of these functions enhance the responsiveness of the user interface in
  6. * the default theme by adding AJAX functionality.
  7. *
  8. * For more information on how the custom AJAX functions work, see
  9. * http://codex.wordpress.org/AJAX_in_Plugins.
  10. *
  11. * @package BuddyPress
  12. * @since BuddyPress (1.2)
  13. * @subpackage BP-Default
  14. */
  15.  
  16. // Exit if accessed directly
  17. if ( ! defined( 'ABSPATH' ) ) exit;
  18.  
  19. /**
  20. * Register AJAX handlers for BP Default theme functionality.
  21. *
  22. * This function is registered to the after_setup_theme hook with priority 20 as
  23. * this file is included in a function hooked to after_setup_theme at priority 10.
  24. *
  25. * @since BuddyPress (1.6)
  26. */
  27. function bp_dtheme_register_actions() {
  28. $actions = array(
  29. // Directory filters
  30. 'blogs_filter' => 'bp_dtheme_object_template_loader',
  31. 'forums_filter' => 'bp_dtheme_object_template_loader',
  32. 'groups_filter' => 'bp_dtheme_object_template_loader',
  33. 'members_filter' => 'bp_dtheme_object_template_loader',
  34. 'messages_filter' => 'bp_dtheme_messages_template_loader',
  35.  
  36. // Friends
  37. 'accept_friendship' => 'bp_dtheme_ajax_accept_friendship',
  38. 'addremove_friend' => 'bp_dtheme_ajax_addremove_friend',
  39. 'reject_friendship' => 'bp_dtheme_ajax_reject_friendship',
  40.  
  41. // Activity
  42. 'activity_get_older_updates' => 'bp_dtheme_activity_template_loader',
  43. 'activity_mark_fav' => 'bp_dtheme_mark_activity_favorite',
  44. 'activity_mark_unfav' => 'bp_dtheme_unmark_activity_favorite',
  45. 'activity_widget_filter' => 'bp_dtheme_activity_template_loader',
  46. 'delete_activity' => 'bp_dtheme_delete_activity',
  47. 'delete_activity_comment' => 'bp_dtheme_delete_activity_comment',
  48. 'get_single_activity_content' => 'bp_dtheme_get_single_activity_content',
  49. 'new_activity_comment' => 'bp_dtheme_new_activity_comment',
  50. 'post_update' => 'bp_dtheme_post_update',
  51. 'bp_spam_activity' => 'bp_dtheme_spam_activity',
  52. 'bp_spam_activity_comment' => 'bp_dtheme_spam_activity',
  53.  
  54. // Groups
  55. 'groups_invite_user' => 'bp_dtheme_ajax_invite_user',
  56. 'joinleave_group' => 'bp_dtheme_ajax_joinleave_group',
  57.  
  58. // Messages
  59. 'messages_autocomplete_results' => 'bp_dtheme_ajax_messages_autocomplete_results',
  60. 'messages_close_notice' => 'bp_dtheme_ajax_close_notice',
  61. 'messages_delete' => 'bp_dtheme_ajax_messages_delete',
  62. 'messages_markread' => 'bp_dtheme_ajax_message_markread',
  63. 'messages_markunread' => 'bp_dtheme_ajax_message_markunread',
  64. 'messages_send_reply' => 'bp_dtheme_ajax_messages_send_reply',
  65. );
  66.  
  67. /**
  68. * Register all of these AJAX handlers
  69. *
  70. * The "wp_ajax_" action is used for logged in users, and "wp_ajax_nopriv_"
  71. * executes for users that aren't logged in. This is for backpat with BP <1.6.
  72. */
  73. foreach( $actions as $name => $function ) {
  74. add_action( 'wp_ajax_' . $name, $function );
  75. add_action( 'wp_ajax_nopriv_' . $name, $function );
  76. }
  77. }
  78. add_action( 'after_setup_theme', 'bp_dtheme_register_actions', 20 );
  79.  
  80. /**
  81. * This function looks scarier than it actually is. :)
  82. * Each object loop (activity/members/groups/blogs/forums) contains default parameters to
  83. * show specific information based on the page we are currently looking at.
  84. * The following function will take into account any cookies set in the JS and allow us
  85. * to override the parameters sent. That way we can change the results returned without reloading the page.
  86. * By using cookies we can also make sure that user settings are retained across page loads.
  87. *
  88. * @return string Query string for the activity/members/groups/blogs/forums loops
  89. * @since BuddyPress (1.2)
  90. */
  91. function bp_dtheme_ajax_querystring( $query_string, $object ) {
  92. if ( empty( $object ) )
  93. return '';
  94.  
  95. // Set up the cookies passed on this AJAX request. Store a local var to avoid conflicts
  96. if ( ! empty( $_POST['cookie'] ) )
  97. $_BP_COOKIE = wp_parse_args( str_replace( '; ', '&', urldecode( $_POST['cookie'] ) ) );
  98. else
  99. $_BP_COOKIE = &$_COOKIE;
  100.  
  101. $qs = array();
  102.  
  103. /**
  104. * Check if any cookie values are set. If there are then override the default params passed to the
  105. * template loop
  106. */
  107.  
  108. // Activity stream filtering on action
  109. if ( ! empty( $_BP_COOKIE['bp-' . $object . '-filter'] ) && '-1' != $_BP_COOKIE['bp-' . $object . '-filter'] ) {
  110. $qs[] = 'type=' . $_BP_COOKIE['bp-' . $object . '-filter'];
  111. $qs[] = 'action=' . $_BP_COOKIE['bp-' . $object . '-filter'];
  112. }
  113.  
  114. if ( ! empty( $_BP_COOKIE['bp-' . $object . '-scope'] ) ) {
  115. if ( 'personal' == $_BP_COOKIE['bp-' . $object . '-scope'] ) {
  116. $user_id = ( bp_displayed_user_id() ) ? bp_displayed_user_id() : bp_loggedin_user_id();
  117. $qs[] = 'user_id=' . $user_id;
  118. }
  119.  
  120. // Activity stream scope only on activity directory.
  121. if ( 'all' != $_BP_COOKIE['bp-' . $object . '-scope'] && ! bp_displayed_user_id() && ! bp_is_single_item() )
  122. $qs[] = 'scope=' . $_BP_COOKIE['bp-' . $object . '-scope'];
  123. }
  124.  
  125. // If page and search_terms have been passed via the AJAX post request, use those.
  126. if ( ! empty( $_POST['page'] ) && '-1' != $_POST['page'] )
  127. $qs[] = 'page=' . absint( $_POST['page'] );
  128.  
  129. // exludes activity just posted and avoids duplicate ids
  130. if ( ! empty( $_POST['exclude_just_posted'] ) ) {
  131. $just_posted = wp_parse_id_list( $_POST['exclude_just_posted'] );
  132. $qs[] = 'exclude=' . implode( ',', $just_posted );
  133. }
  134.  
  135. $object_search_text = bp_get_search_default_text( $object );
  136. if ( ! empty( $_POST['search_terms'] ) && $object_search_text != $_POST['search_terms'] && 'false' != $_POST['search_terms'] && 'undefined' != $_POST['search_terms'] )
  137. $qs[] = 'search_terms=' . $_POST['search_terms'];
  138.  
  139. // Now pass the querystring to override default values.
  140. $query_string = empty( $qs ) ? '' : join( '&', (array) $qs );
  141.  
  142. $object_filter = '';
  143. if ( isset( $_BP_COOKIE['bp-' . $object . '-filter'] ) )
  144. $object_filter = $_BP_COOKIE['bp-' . $object . '-filter'];
  145.  
  146. $object_scope = '';
  147. if ( isset( $_BP_COOKIE['bp-' . $object . '-scope'] ) )
  148. $object_scope = $_BP_COOKIE['bp-' . $object . '-scope'];
  149.  
  150. $object_page = '';
  151. if ( isset( $_BP_COOKIE['bp-' . $object . '-page'] ) )
  152. $object_page = $_BP_COOKIE['bp-' . $object . '-page'];
  153.  
  154. $object_search_terms = '';
  155. if ( isset( $_BP_COOKIE['bp-' . $object . '-search-terms'] ) )
  156. $object_search_terms = $_BP_COOKIE['bp-' . $object . '-search-terms'];
  157.  
  158. $object_extras = '';
  159. if ( isset( $_BP_COOKIE['bp-' . $object . '-extras'] ) )
  160. $object_extras = $_BP_COOKIE['bp-' . $object . '-extras'];
  161.  
  162. return apply_filters( 'bp_dtheme_ajax_querystring', $query_string, $object, $object_filter, $object_scope, $object_page, $object_search_terms, $object_extras );
  163. }
  164. add_filter( 'bp_ajax_querystring', 'bp_dtheme_ajax_querystring', 10, 2 );
  165.  
  166. /**
  167. * Load the template loop for the current object.
  168. *
  169. * @return string Prints template loop for the specified object
  170. * @since BuddyPress (1.2)
  171. */
  172. function bp_dtheme_object_template_loader() {
  173. // Bail if not a POST action
  174. if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
  175. return;
  176.  
  177. // Bail if no object passed
  178. if ( empty( $_POST['object'] ) )
  179. return;
  180.  
  181. // Sanitize the object
  182. $object = sanitize_title( $_POST['object'] );
  183.  
  184. // Bail if object is not an active component
  185. if ( ! bp_is_active( $object ) )
  186. return;
  187.  
  188. /**
  189. * AJAX requests happen too early to be seen by bp_update_is_directory()
  190. * so we do it manually here to ensure templates load with the correct
  191. * context. Without this check, templates will load the 'single' version
  192. * of themselves rather than the directory version.
  193. */
  194. if ( ! bp_current_action() )
  195. bp_update_is_directory( true, bp_current_component() );
  196.  
  197. // Locate the object template
  198. locate_template( array( "$object/$object-loop.php" ), true );
  199. exit;
  200. }
  201.  
  202. /**
  203. * Load messages template loop when searched on the private message page
  204. *
  205. * @return string Prints template loop for the Messages component
  206. * @since BuddyPress (1.6)
  207. */
  208. function bp_dtheme_messages_template_loader(){
  209. locate_template( array( 'members/single/messages/messages-loop.php' ), true );
  210. exit;
  211. }
  212.  
  213. /**
  214. * Load the activity loop template when activity is requested via AJAX,
  215. *
  216. * @return string JSON object containing 'contents' (output of the template loop for the Activity component) and 'feed_url' (URL to the relevant RSS feed).
  217. * @since BuddyPress (1.2)
  218. */
  219. function bp_dtheme_activity_template_loader() {
  220. // Bail if not a POST action
  221. if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
  222. return;
  223.  
  224. $scope = '';
  225. if ( ! empty( $_POST['scope'] ) )
  226. $scope = $_POST['scope'];
  227.  
  228. // We need to calculate and return the feed URL for each scope
  229. switch ( $scope ) {
  230. case 'friends':
  231. $feed_url = bp_loggedin_user_domain() . bp_get_activity_slug() . '/friends/feed/';
  232. break;
  233. case 'groups':
  234. $feed_url = bp_loggedin_user_domain() . bp_get_activity_slug() . '/groups/feed/';
  235. break;
  236. case 'favorites':
  237. $feed_url = bp_loggedin_user_domain() . bp_get_activity_slug() . '/favorites/feed/';
  238. break;
  239. case 'mentions':
  240. $feed_url = bp_loggedin_user_domain() . bp_get_activity_slug() . '/mentions/feed/';
  241.  
  242. if ( isset( $_POST['_wpnonce_activity_filter'] ) && wp_verify_nonce( wp_unslash( $_POST['_wpnonce_activity_filter'] ), 'activity_filter' ) ) {
  243. bp_activity_clear_new_mentions( bp_loggedin_user_id() );
  244. }
  245. break;
  246. default:
  247. $feed_url = home_url( bp_get_activity_root_slug() . '/feed/' );
  248. break;
  249. }
  250.  
  251. // Buffer the loop in the template to a var for JS to spit out.
  252. ob_start();
  253. locate_template( array( 'activity/activity-loop.php' ), true );
  254. $result['contents'] = ob_get_contents();
  255. $result['feed_url'] = apply_filters( 'bp_dtheme_activity_feed_url', $feed_url, $scope );
  256. ob_end_clean();
  257.  
  258. exit( json_encode( $result ) );
  259. }
  260.  
  261. /**
  262. * Processes Activity updates received via a POST request.
  263. *
  264. * @return string HTML
  265. * @since BuddyPress (1.2)
  266. */
  267. function bp_dtheme_post_update() {
  268. // Bail if not a POST action
  269. if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
  270. return;
  271.  
  272. // Check the nonce
  273. check_admin_referer( 'post_update', '_wpnonce_post_update' );
  274.  
  275. if ( ! is_user_logged_in() )
  276. exit( '-1' );
  277.  
  278. if ( empty( $_POST['content'] ) )
  279. exit( '-1<div id="message" class="error"><p>' . __( 'Please enter some content to post.', 'buddypress' ) . '</p></div>' );
  280.  
  281. $activity_id = 0;
  282. if ( empty( $_POST['object'] ) && bp_is_active( 'activity' ) ) {
  283. $activity_id = bp_activity_post_update( array( 'content' => $_POST['content'], 'error_type' => 'wp_error' ) );
  284.  
  285. } elseif ( $_POST['object'] == 'groups' ) {
  286. if ( ! empty( $_POST['item_id'] ) && bp_is_active( 'groups' ) )
  287. $activity_id = groups_post_update( array( 'content' => $_POST['content'], 'group_id' => $item_id, 'error_type' => 'wp_error' ) );
  288.  
  289. } else {
  290. $activity_id = apply_filters( 'bp_activity_custom_update', $_POST['object'], $_POST['item_id'], $_POST['content'] );
  291. }
  292.  
  293. if ( false === $activity_id ) {
  294. exit( '-1<div id="message" class="error"><p>' . __( 'There was a problem posting your update, please try again.', 'buddypress' ) . '</p></div>' );
  295. } elseif ( is_wp_error( $activity_id ) && $activity_id->get_error_code() ) {
  296. exit( '-1<div id="message" class="error bp-ajax-message"><p>' . $activity_id->get_error_message() . '</p></div>' );
  297. }
  298.  
  299. if ( bp_has_activities ( 'include=' . $activity_id ) ) {
  300. while ( bp_activities() ) {
  301. bp_the_activity();
  302. locate_template( array( 'activity/entry.php' ), true );
  303. }
  304. }
  305.  
  306. exit;
  307. }
  308.  
  309. /**
  310. * Posts new Activity comments received via a POST request.
  311. *
  312. * @global BP_Activity_Template $activities_template
  313. * @return string HTML
  314. * @since BuddyPress (1.2)
  315. */
  316. function bp_dtheme_new_activity_comment() {
  317. global $activities_template;
  318.  
  319. // Bail if not a POST action
  320. if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
  321. return;
  322.  
  323. // Check the nonce
  324. check_admin_referer( 'new_activity_comment', '_wpnonce_new_activity_comment' );
  325.  
  326. if ( ! is_user_logged_in() )
  327. exit( '-1' );
  328.  
  329. if ( empty( $_POST['content'] ) )
  330. exit( '-1<div id="message" class="error"><p>' . __( 'Please do not leave the comment area blank.', 'buddypress' ) . '</p></div>' );
  331.  
  332. if ( empty( $_POST['form_id'] ) || empty( $_POST['comment_id'] ) || ! is_numeric( $_POST['form_id'] ) || ! is_numeric( $_POST['comment_id'] ) )
  333. exit( '-1<div id="message" class="error"><p>' . __( 'There was an error posting that reply, please try again.', 'buddypress' ) . '</p></div>' );
  334.  
  335. $comment_id = bp_activity_new_comment( array(
  336. 'activity_id' => $_POST['form_id'],
  337. 'content' => $_POST['content'],
  338. 'parent_id' => $_POST['comment_id'],
  339. 'error_type' => 'wp_error'
  340. ) );
  341.  
  342. if ( false === $comment_id ) {
  343. exit( '-1<div id="message" class="error"><p>' . __( 'There was an error posting that reply, please try again.', 'buddypress' ) . '</p></div>' );
  344. } elseif ( is_wp_error( $comment_id ) ) {
  345. exit( '-1<div id="message" class="error bp-ajax-message"><p>' . esc_html( $comment_id->get_error_message() ) . '</p></div>' );
  346. }
  347.  
  348. // Load the new activity item into the $activities_template global
  349. bp_has_activities( 'display_comments=stream&hide_spam=false&show_hidden=true&include=' . $comment_id );
  350.  
  351. // Swap the current comment with the activity item we just loaded
  352. $activities_template->activity = new stdClass;
  353. $activities_template->activity->id = $activities_template->activities[0]->item_id;
  354. $activities_template->activity->current_comment = $activities_template->activities[0];
  355.  
  356. $template = locate_template( 'activity/comment.php', false, false );
  357.  
  358. /**
  359. * Backward compatibility. In older versions of BP, the markup was
  360. * generated in the PHP instead of a template. This ensures that
  361. * older themes (which are not children of bp-default and won't
  362. * have the new template) will still work.
  363. */
  364. if ( empty( $template ) )
  365. $template = buddypress()->plugin_dir . '/bp-themes/bp-default/activity/comment.php';
  366.  
  367. load_template( $template, false );
  368.  
  369. unset( $activities_template );
  370. exit;
  371. }
  372.  
  373. /**
  374. * Deletes an Activity item received via a POST request.
  375. *
  376. * @return mixed String on error, void on success
  377. * @since BuddyPress (1.2)
  378. */
  379. function bp_dtheme_delete_activity() {
  380. // Bail if not a POST action
  381. if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
  382. return;
  383.  
  384. // Check the nonce
  385. check_admin_referer( 'bp_activity_delete_link' );
  386.  
  387. if ( ! is_user_logged_in() )
  388. exit( '-1' );
  389.  
  390. if ( empty( $_POST['id'] ) || ! is_numeric( $_POST['id'] ) )
  391. exit( '-1' );
  392.  
  393. $activity = new BP_Activity_Activity( (int) $_POST['id'] );
  394.  
  395. // Check access
  396. if ( ! bp_activity_user_can_delete( $activity ) )
  397. exit( '-1' );
  398.  
  399. // Call the action before the delete so plugins can still fetch information about it
  400. do_action( 'bp_activity_before_action_delete_activity', $activity->id, $activity->user_id );
  401.  
  402. if ( ! bp_activity_delete( array( 'id' => $activity->id, 'user_id' => $activity->user_id ) ) )
  403. exit( '-1<div id="message" class="error"><p>' . __( 'There was a problem when deleting. Please try again.', 'buddypress' ) . '</p></div>' );
  404.  
  405. do_action( 'bp_activity_action_delete_activity', $activity->id, $activity->user_id );
  406. exit;
  407. }
  408.  
  409. /**
  410. * Deletes an Activity comment received via a POST request
  411. *
  412. * @return mixed String on error, void on success
  413. * @since BuddyPress (1.2)
  414. */
  415. function bp_dtheme_delete_activity_comment() {
  416. // Bail if not a POST action
  417. if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
  418. return;
  419.  
  420. // Check the nonce
  421. check_admin_referer( 'bp_activity_delete_link' );
  422.  
  423. if ( ! is_user_logged_in() )
  424. exit( '-1' );
  425.  
  426. $comment = new BP_Activity_Activity( $_POST['id'] );
  427.  
  428. // Check access
  429. if ( ! bp_current_user_can( 'bp_moderate' ) && $comment->user_id != bp_loggedin_user_id() )
  430. exit( '-1' );
  431.  
  432. if ( empty( $_POST['id'] ) || ! is_numeric( $_POST['id'] ) )
  433. exit( '-1' );
  434.  
  435. // Call the action before the delete so plugins can still fetch information about it
  436. do_action( 'bp_activity_before_action_delete_activity', $_POST['id'], $comment->user_id );
  437.  
  438. if ( ! bp_activity_delete_comment( $comment->item_id, $comment->id ) )
  439. exit( '-1<div id="message" class="error"><p>' . __( 'There was a problem when deleting. Please try again.', 'buddypress' ) . '</p></div>' );
  440.  
  441. do_action( 'bp_activity_action_delete_activity', $_POST['id'], $comment->user_id );
  442. exit;
  443. }
  444.  
  445. /**
  446. * AJAX spam an activity item or comment
  447. *
  448. * @global BuddyPress $bp The one true BuddyPress instance
  449. * @return mixed String on error, void on success
  450. * @since BuddyPress (1.6)
  451. */
  452. function bp_dtheme_spam_activity() {
  453. global $bp;
  454.  
  455. // Bail if not a POST action
  456. if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
  457. return;
  458.  
  459. // Check that user is logged in, Activity Streams are enabled, and Akismet is present.
  460. if ( ! is_user_logged_in() || ! bp_is_active( 'activity' ) || empty( $bp->activity->akismet ) )
  461. exit( '-1' );
  462.  
  463. // Check an item ID was passed
  464. if ( empty( $_POST['id'] ) || ! is_numeric( $_POST['id'] ) )
  465. exit( '-1' );
  466.  
  467. // Is the current user allowed to spam items?
  468. if ( ! bp_activity_user_can_mark_spam() )
  469. exit( '-1' );
  470.  
  471. // Load up the activity item
  472. $activity = new BP_Activity_Activity( (int) $_POST['id'] );
  473. if ( empty( $activity->component ) )
  474. exit( '-1' );
  475.  
  476. // Check nonce
  477. check_admin_referer( 'bp_activity_akismet_spam_' . $activity->id );
  478.  
  479. // Call an action before the spamming so plugins can modify things if they want to
  480. do_action( 'bp_activity_before_action_spam_activity', $activity->id, $activity );
  481.  
  482. // Mark as spam
  483. bp_activity_mark_as_spam( $activity );
  484. $activity->save();
  485.  
  486. do_action( 'bp_activity_action_spam_activity', $activity->id, $activity->user_id );
  487. exit;
  488. }
  489.  
  490. /**
  491. * Mark an activity as a favourite via a POST request.
  492. *
  493. * @return string HTML
  494. * @since BuddyPress (1.2)
  495. */
  496. function bp_dtheme_mark_activity_favorite() {
  497. // Bail if not a POST action
  498. if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
  499. return;
  500.  
  501. if ( ! isset( $_POST['nonce'] ) ) {
  502. return;
  503. }
  504.  
  505. // Either the 'mark' or 'unmark' nonce is accepted, for backward compatibility.
  506. $nonce = wp_unslash( $_POST['nonce'] );
  507. if ( ! wp_verify_nonce( $nonce, 'mark_favorite' ) && ! wp_verify_nonce( $nonce, 'unmark_favorite' ) ) {
  508. return;
  509. }
  510.  
  511. if ( bp_activity_add_user_favorite( $_POST['id'] ) )
  512. _e( 'Remove Favorite', 'buddypress' );
  513. else
  514. _e( 'Favorite', 'buddypress' );
  515.  
  516. exit;
  517. }
  518.  
  519. /**
  520. * Un-favourite an activity via a POST request.
  521. *
  522. * @return string HTML
  523. * @since BuddyPress (1.2)
  524. */
  525. function bp_dtheme_unmark_activity_favorite() {
  526. // Bail if not a POST action
  527. if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
  528. return;
  529.  
  530. if ( ! isset( $_POST['nonce'] ) ) {
  531. return;
  532. }
  533.  
  534. // Either the 'mark' or 'unmark' nonce is accepted, for backward compatibility.
  535. $nonce = wp_unslash( $_POST['nonce'] );
  536. if ( ! wp_verify_nonce( $nonce, 'mark_favorite' ) && ! wp_verify_nonce( $nonce, 'unmark_favorite' ) ) {
  537. return;
  538. }
  539.  
  540. if ( bp_activity_remove_user_favorite( $_POST['id'] ) )
  541. _e( 'Favorite', 'buddypress' );
  542. else
  543. _e( 'Remove Favorite', 'buddypress' );
  544.  
  545. exit;
  546. }
  547.  
  548. /**
  549. * Fetches full an activity's full, non-excerpted content via a POST request.
  550. * Used for the 'Read More' link on long activity items.
  551. *
  552. * @return string HTML
  553. * @since BuddyPress (1.5)
  554. */
  555. function bp_dtheme_get_single_activity_content() {
  556. // Bail if not a POST action
  557. if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
  558. return;
  559.  
  560. $activity_array = bp_activity_get_specific( array(
  561. 'activity_ids' => $_POST['activity_id'],
  562. 'display_comments' => 'stream'
  563. ) );
  564.  
  565. $activity = ! empty( $activity_array['activities'][0] ) ? $activity_array['activities'][0] : false;
  566.  
  567. if ( empty( $activity ) )
  568. exit; // @todo: error?
  569.  
  570. do_action_ref_array( 'bp_dtheme_get_single_activity_content', array( &$activity ) );
  571.  
  572. // Activity content retrieved through AJAX should run through normal filters, but not be truncated
  573. remove_filter( 'bp_get_activity_content_body', 'bp_activity_truncate_entry', 5 );
  574. $content = apply_filters( 'bp_get_activity_content_body', $activity->content );
  575.  
  576. exit( $content );
  577. }
  578.  
  579. /**
  580. * Invites a friend to join a group via a POST request.
  581. *
  582. * @since BuddyPress (1.2)
  583. * @todo Audit return types
  584. */
  585. function bp_dtheme_ajax_invite_user() {
  586. // Bail if not a POST action
  587. if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
  588. return;
  589.  
  590. check_ajax_referer( 'groups_invite_uninvite_user' );
  591.  
  592. if ( ! $_POST['friend_id'] || ! $_POST['friend_action'] || ! $_POST['group_id'] )
  593. return;
  594.  
  595. if ( ! bp_groups_user_can_send_invites( $_POST['group_id'] ) )
  596. return;
  597.  
  598. if ( ! friends_check_friendship( bp_loggedin_user_id(), $_POST['friend_id'] ) )
  599. return;
  600.  
  601. $group_id = (int) $_POST['group_id'];
  602. $friend_id = (int) $_POST['friend_id'];
  603.  
  604. if ( 'invite' == $_POST['friend_action'] ) {
  605. $group = groups_get_group( $group_id );
  606.  
  607. // Users who have previously requested membership do not need
  608. // another invitation created for them
  609. if ( BP_Groups_Member::check_for_membership_request( $friend_id, $group_id ) ) {
  610. $user_status = 'is_pending';
  611.  
  612. // Create the user invitation
  613. } else if ( groups_invite_user( array( 'user_id' => $friend_id, 'group_id' => $group_id ) ) ) {
  614. $user_status = 'is_invited';
  615.  
  616. // Miscellaneous failure
  617. } else {
  618. return;
  619. }
  620.  
  621. $user = new BP_Core_User( $_POST['friend_id'] );
  622.  
  623. echo '<li id="uid-' . $user->id . '">';
  624. echo $user->avatar_thumb;
  625. echo '<h4>' . $user->user_link . '</h4>';
  626. echo '<span class="activity">' . esc_attr( $user->last_active ) . '</span>';
  627. echo '<div class="action">
  628. <a class="button remove" href="' . wp_nonce_url( bp_loggedin_user_domain() . bp_get_groups_slug() . '/' . $_POST['group_id'] . '/invites/remove/' . $user->id, 'groups_invite_uninvite_user' ) . '" id="uid-' . esc_attr( $user->id ) . '">' . __( 'Remove Invite', 'buddypress' ) . '</a>
  629. </div>';
  630.  
  631. if ( 'is_pending' == $user_status ) {
  632. echo '<p class="description">' . sprintf( __( '%s has previously requested to join this group. Sending an invitation will automatically add the member to the group.', 'buddypress' ), $user->user_link ) . '</p>';
  633. }
  634.  
  635. echo '</li>';
  636. exit;
  637.  
  638. } elseif ( 'uninvite' == $_POST['friend_action'] ) {
  639. // Users who have previously requested membership should not
  640. // have their requests deleted on the "uninvite" action
  641. if ( BP_Groups_Member::check_for_membership_request( $friend_id, $group_id ) ) {
  642. return;
  643. }
  644.  
  645. // Remove the unsent invitation
  646. if ( ! groups_uninvite_user( $friend_id, $group_id ) ) {
  647. return;
  648. }
  649.  
  650. exit;
  651.  
  652. } else {
  653. return;
  654. }
  655. }
  656.  
  657. /**
  658. * Friend/un-friend a user via a POST request.
  659. *
  660. * @return string HTML
  661. * @since BuddyPress (1.2)
  662. */
  663. function bp_dtheme_ajax_addremove_friend() {
  664. // Bail if not a POST action
  665. if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
  666. return;
  667.  
  668. // Cast fid as an integer
  669. $friend_id = (int) $_POST['fid'];
  670.  
  671. // Trying to cancel friendship
  672. if ( 'is_friend' == BP_Friends_Friendship::check_is_friend( bp_loggedin_user_id(), $friend_id ) ) {
  673. check_ajax_referer( 'friends_remove_friend' );
  674.  
  675. if ( ! friends_remove_friend( bp_loggedin_user_id(), $friend_id ) ) {
  676. echo __( 'Friendship could not be canceled.', 'buddypress' );
  677. } else {
  678. echo '<a id="friend-' . esc_attr( $friend_id ) . '" class="add" rel="add" title="' . __( 'Add Friend', 'buddypress' ) . '" href="' . wp_nonce_url( bp_loggedin_user_domain() . bp_get_friends_slug() . '/add-friend/' . $friend_id, 'friends_add_friend' ) . '">' . __( '<i class="icon-plus"></i>', 'buddypress' ) . '</a>';
  679. }
  680.  
  681. // Trying to request friendship
  682. } elseif ( 'not_friends' == BP_Friends_Friendship::check_is_friend( bp_loggedin_user_id(), $friend_id ) ) {
  683. check_ajax_referer( 'friends_add_friend' );
  684.  
  685. if ( ! friends_add_friend( bp_loggedin_user_id(), $friend_id ) ) {
  686. echo __(' Friendship could not be requested.', 'buddypress' );
  687. } else {
  688. echo '<a id="friend-' . esc_attr( $friend_id ) . '" class="remove" rel="remove" title="' . __( 'Cancel Friendship Request', 'buddypress' ) . '" href="' . wp_nonce_url( bp_loggedin_user_domain() . bp_get_friends_slug() . '/requests/cancel/' . $friend_id . '/', 'friends_withdraw_friendship' ) . '" class="requested">' . __( '<i class="icon-minus"></i>', 'buddypress' ) . '</a>';
  689. }
  690.  
  691. // Trying to cancel pending request
  692. } elseif ( 'pending' == BP_Friends_Friendship::check_is_friend( bp_loggedin_user_id(), $friend_id ) ) {
  693. check_ajax_referer( 'friends_withdraw_friendship' );
  694.  
  695. if ( friends_withdraw_friendship( bp_loggedin_user_id(), $friend_id ) ) {
  696. echo '<a id="friend-' . esc_attr( $friend_id ) . '" class="add" rel="add" title="' . __( 'Add Friend', 'buddypress' ) . '" href="' . wp_nonce_url( bp_loggedin_user_domain() . bp_get_friends_slug() . '/add-friend/' . $friend_id, 'friends_add_friend' ) . '">' . __( '<i class="icon-plus"></i>', 'buddypress' ) . '</a>';
  697. } else {
  698. echo __("Friendship request could not be cancelled.", 'buddypress');
  699. }
  700.  
  701. // Request already pending
  702. } else {
  703. echo __( 'Request Pending', 'buddypress' );
  704. }
  705.  
  706. exit;
  707. }
  708. /**
  709. * Accept a user friendship request via a POST request.
  710. *
  711. * @return mixed String on error, void on success
  712. * @since BuddyPress (1.2)
  713. */
  714. function bp_dtheme_ajax_accept_friendship() {
  715. // Bail if not a POST action
  716. if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
  717. return;
  718.  
  719. check_admin_referer( 'friends_accept_friendship' );
  720.  
  721. if ( ! friends_accept_friendship( (int) $_POST['id'] ) )
  722. echo "-1<div id='message' class='error'><p>" . __( 'There was a problem accepting that request. Please try again.', 'buddypress' ) . '</p></div>';
  723.  
  724. exit;
  725. }
  726.  
  727. /**
  728. * Reject a user friendship request via a POST request.
  729. *
  730. * @return mixed String on error, void on success
  731. * @since BuddyPress (1.2)
  732. */
  733. function bp_dtheme_ajax_reject_friendship() {
  734. // Bail if not a POST action
  735. if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
  736. return;
  737.  
  738. check_admin_referer( 'friends_reject_friendship' );
  739.  
  740. if ( ! friends_reject_friendship( (int) $_POST['id'] ) )
  741. echo "-1<div id='message' class='error'><p>" . __( 'There was a problem rejecting that request. Please try again.', 'buddypress' ) . '</p></div>';
  742.  
  743. exit;
  744. }
  745.  
  746. /**
  747. * Join or leave a group when clicking the "join/leave" button via a POST request.
  748. *
  749. * @return string HTML
  750. * @since BuddyPress (1.2)
  751. */
  752. function bp_dtheme_ajax_joinleave_group() {
  753. // Bail if not a POST action
  754. if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
  755. return;
  756.  
  757. // Cast gid as integer
  758. $group_id = (int) $_POST['gid'];
  759.  
  760. if ( groups_is_user_banned( bp_loggedin_user_id(), $group_id ) )
  761. return;
  762.  
  763. if ( ! $group = groups_get_group( array( 'group_id' => $group_id ) ) )
  764. return;
  765.  
  766. if ( ! groups_is_user_member( bp_loggedin_user_id(), $group->id ) ) {
  767. if ( 'public' == $group->status ) {
  768. check_ajax_referer( 'groups_join_group' );
  769.  
  770. if ( ! groups_join_group( $group->id ) ) {
  771. _e( 'Error joining group', 'buddypress' );
  772. } else {
  773. echo '<a id="group-' . esc_attr( $group->id ) . '" class="leave-group" rel="leave" title="' . __( 'Leave Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'leave-group', 'groups_leave_group' ) . '">' . __( 'Leave Group', 'buddypress' ) . '</a>';
  774. }
  775.  
  776. } elseif ( 'private' == $group->status ) {
  777.  
  778. // If the user has already been invited, then this is
  779. // an Accept Invitation button
  780. if ( groups_check_user_has_invite( bp_loggedin_user_id(), $group->id ) ) {
  781. check_ajax_referer( 'groups_accept_invite' );
  782.  
  783. if ( ! groups_accept_invite( bp_loggedin_user_id(), $group->id ) ) {
  784. _e( 'Error requesting membership', 'buddypress' );
  785. } else {
  786. echo '<a id="group-' . esc_attr( $group->id ) . '" class="leave-group" rel="leave" title="' . __( 'Leave Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'leave-group', 'groups_leave_group' ) . '">' . __( 'Leave Group', 'buddypress' ) . '</a>';
  787. }
  788.  
  789. // Otherwise, it's a Request Membership button
  790. } else {
  791. check_ajax_referer( 'groups_request_membership' );
  792.  
  793. if ( ! groups_send_membership_request( bp_loggedin_user_id(), $group->id ) ) {
  794. _e( 'Error requesting membership', 'buddypress' );
  795. } else {
  796. echo '<a id="group-' . esc_attr( $group->id ) . '" class="membership-requested" rel="membership-requested" title="' . __( 'Membership Requested', 'buddypress' ) . '" href="' . bp_get_group_permalink( $group ) . '">' . __( 'Membership Requested', 'buddypress' ) . '</a>';
  797. }
  798. }
  799. }
  800.  
  801. } else {
  802. check_ajax_referer( 'groups_leave_group' );
  803.  
  804. if ( ! groups_leave_group( $group->id ) ) {
  805. _e( 'Error leaving group', 'buddypress' );
  806. } elseif ( 'public' == $group->status ) {
  807. echo '<a id="group-' . esc_attr( $group->id ) . '" class="join-group" rel="join" title="' . __( 'Join Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'join', 'groups_join_group' ) . '">' . __( 'Join Group', 'buddypress' ) . '</a>';
  808. } elseif ( 'private' == $group->status ) {
  809. echo '<a id="group-' . esc_attr( $group->id ) . '" class="request-membership" rel="join" title="' . __( 'Request Membership', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'request-membership', 'groups_send_membership_request' ) . '">' . __( 'Request Membership', 'buddypress' ) . '</a>';
  810. }
  811. }
  812.  
  813. exit;
  814. }
  815.  
  816. /**
  817. * Close and keep closed site wide notices from an admin in the sidebar, via a POST request.
  818. *
  819. * @return mixed String on error, void on success
  820. * @since BuddyPress (1.2)
  821. */
  822. function bp_dtheme_ajax_close_notice() {
  823. // Bail if not a POST action
  824. if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
  825. return;
  826.  
  827. $nonce_check = isset( $_POST['nonce'] ) && wp_verify_nonce( wp_unslash( $_POST['nonce'] ), 'bp_messages_close_notice' );
  828.  
  829. if ( ! $nonce_check || ! isset( $_POST['notice_id'] ) ) {
  830. echo "-1<div id='message' class='error'><p>" . __( 'There was a problem closing the notice.', 'buddypress' ) . '</p></div>';
  831.  
  832. } else {
  833. $user_id = get_current_user_id();
  834. $notice_ids = bp_get_user_meta( $user_id, 'closed_notices', true );
  835. $notice_ids[] = (int) $_POST['notice_id'];
  836.  
  837. bp_update_user_meta( $user_id, 'closed_notices', $notice_ids );
  838. }
  839.  
  840. exit;
  841. }
  842.  
  843. /**
  844. * Send a private message reply to a thread via a POST request.
  845. *
  846. * @return string HTML
  847. * @since BuddyPress (1.2)
  848. */
  849. function bp_dtheme_ajax_messages_send_reply() {
  850. // Bail if not a POST action
  851. if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
  852. return;
  853.  
  854. check_ajax_referer( 'messages_send_message' );
  855.  
  856. $result = messages_new_message( array( 'thread_id' => (int) $_REQUEST['thread_id'], 'content' => $_REQUEST['content'] ) );
  857.  
  858. if ( $result ) { ?>
  859. <div class="message-box new-message">
  860. <div class="message-metadata">
  861. <?php do_action( 'bp_before_message_meta' ); ?>
  862. <?php echo bp_loggedin_user_avatar( 'type=thumb&width=30&height=30' ); ?>
  863.  
  864. <strong><a href="<?php echo bp_loggedin_user_domain(); ?>"><?php bp_loggedin_user_fullname(); ?></a> <span class="activity"><?php printf( __( 'Sent %s', 'buddypress' ), bp_core_time_since( bp_core_current_time() ) ); ?></span></strong>
  865.  
  866. <?php do_action( 'bp_after_message_meta' ); ?>
  867. </div>
  868.  
  869. <?php do_action( 'bp_before_message_content' ); ?>
  870.  
  871. <div class="message-content">
  872. <?php echo stripslashes( apply_filters( 'bp_get_the_thread_message_content', $_REQUEST['content'] ) ); ?>
  873. </div>
  874.  
  875. <?php do_action( 'bp_after_message_content' ); ?>
  876.  
  877. <div class="clear"></div>
  878. </div>
  879. <?php
  880. } else {
  881. echo "-1<div id='message' class='error'><p>" . __( 'There was a problem sending that reply. Please try again.', 'buddypress' ) . '</p></div>';
  882. }
  883.  
  884. exit;
  885. }
  886.  
  887. /**
  888. * Mark a private message as unread in your inbox via a POST request.
  889. *
  890. * @return mixed String on error, void on success
  891. * @since BuddyPress (1.2)
  892. */
  893. function bp_dtheme_ajax_message_markunread() {
  894. // Bail if not a POST action
  895. if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
  896. return;
  897.  
  898. $nonce_check = isset( $_POST['nonce'] ) && wp_verify_nonce( wp_unslash( $_POST['nonce'] ), 'bp_messages_mark_messages_unread' );
  899.  
  900. if ( ! $nonce_check || ! isset( $_POST['thread_ids'] ) ) {
  901. echo "-1<div id='message' class='error'><p>" . __( 'There was a problem marking messages as unread.', 'buddypress' ) . '</p></div>';
  902.  
  903. } else {
  904. $thread_ids = explode( ',', $_POST['thread_ids'] );
  905.  
  906. for ( $i = 0, $count = count( $thread_ids ); $i < $count; ++$i ) {
  907. BP_Messages_Thread::mark_as_unread( (int) $thread_ids[$i] );
  908. }
  909. }
  910.  
  911. exit;
  912. }
  913.  
  914. /**
  915. * Mark a private message as read in your inbox via a POST request.
  916. *
  917. * @return mixed String on error, void on success
  918. * @since BuddyPress (1.2)
  919. */
  920. function bp_dtheme_ajax_message_markread() {
  921. // Bail if not a POST action
  922. if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
  923. return;
  924.  
  925. $nonce_check = isset( $_POST['nonce'] ) && wp_verify_nonce( wp_unslash( $_POST['nonce'] ), 'bp_messages_mark_messages_read' );
  926.  
  927. if ( ! $nonce_check || ! isset( $_POST['thread_ids'] ) ) {
  928. echo "-1<div id='message' class='error'><p>" . __('There was a problem marking messages as read.', 'buddypress' ) . '</p></div>';
  929.  
  930. } else {
  931. $thread_ids = explode( ',', $_POST['thread_ids'] );
  932.  
  933. for ( $i = 0, $count = count( $thread_ids ); $i < $count; ++$i ) {
  934. BP_Messages_Thread::mark_as_read( (int) $thread_ids[$i] );
  935. }
  936. }
  937.  
  938. exit;
  939. }
  940.  
  941. /**
  942. * Delete a private message(s) in your inbox via a POST request.
  943. *
  944. * @return string HTML
  945. * @since BuddyPress (1.2)
  946. */
  947. function bp_dtheme_ajax_messages_delete() {
  948. // Bail if not a POST action
  949. if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
  950. return;
  951.  
  952. $nonce_check = isset( $_POST['nonce'] ) && wp_verify_nonce( wp_unslash( $_POST['nonce'] ), 'bp_messages_delete_selected' );
  953.  
  954. if ( ! $nonce_check || ! isset($_POST['thread_ids']) ) {
  955. echo "-1<div id='message' class='error'><p>" . __( 'There was a problem deleting messages.', 'buddypress' ) . '</p></div>';
  956.  
  957. } else {
  958. $thread_ids = explode( ',', $_POST['thread_ids'] );
  959.  
  960. for ( $i = 0, $count = count( $thread_ids ); $i < $count; ++$i ) {
  961. BP_Messages_Thread::delete( (int) $thread_ids[$i] );
  962. }
  963.  
  964. _e( 'Messages deleted.', 'buddypress' );
  965. }
  966.  
  967. exit;
  968. }
  969.  
  970. /**
  971. * AJAX handler for autocomplete. Displays friends only, unless BP_MESSAGES_AUTOCOMPLETE_ALL is defined.
  972. *
  973. * @return string HTML
  974. * @since BuddyPress (1.2)
  975. */
  976. function bp_dtheme_ajax_messages_autocomplete_results() {
  977.  
  978. // Include everyone in the autocomplete, or just friends?
  979. if ( bp_is_current_component( bp_get_messages_slug() ) )
  980. $autocomplete_all = buddypress()->messages->autocomplete_all;
  981.  
  982. $pag_page = 1;
  983. $limit = (int) $_GET['limit'] ? $_GET['limit'] : apply_filters( 'bp_autocomplete_max_results', 10 );
  984.  
  985. // Get the user ids based on the search terms
  986. if ( ! empty( $autocomplete_all ) ) {
  987. $users = BP_Core_User::search_users( $_GET['q'], $limit, $pag_page );
  988.  
  989. if ( ! empty( $users['users'] ) ) {
  990. // Build an array with the correct format
  991. $user_ids = array();
  992. foreach( $users['users'] as $user ) {
  993. if ( $user->id != bp_loggedin_user_id() ) {
  994. $user_ids[] = $user->id;
  995. }
  996. }
  997.  
  998. $user_ids = apply_filters( 'bp_core_autocomplete_ids', $user_ids, $_GET['q'], $limit );
  999. }
  1000.  
  1001. } else {
  1002. if ( bp_is_active( 'friends' ) ) {
  1003. $users = friends_search_friends( $_GET['q'], bp_loggedin_user_id(), $limit, 1 );
  1004.  
  1005. // Keeping the bp_friends_autocomplete_list filter for backward compatibility
  1006. $users = apply_filters( 'bp_friends_autocomplete_list', $users, $_GET['q'], $limit );
  1007.  
  1008. if ( ! empty( $users['friends'] ) ) {
  1009. $user_ids = apply_filters( 'bp_friends_autocomplete_ids', $users['friends'], $_GET['q'], $limit );
  1010. }
  1011. }
  1012. }
  1013.  
  1014. if ( ! empty( $user_ids ) ) {
  1015. foreach ( $user_ids as $user_id ) {
  1016. $ud = get_userdata( $user_id );
  1017. if ( ! $ud ) {
  1018. continue;
  1019. }
  1020.  
  1021. if ( bp_is_username_compatibility_mode() ) {
  1022. // Sanitize for spaces
  1023. $username = urlencode( $ud->user_login );
  1024. } else {
  1025. $username = $ud->user_nicename;
  1026. }
  1027.  
  1028. // Note that the final line break acts as a delimiter for the
  1029. // autocomplete javascript and thus should not be removed
  1030. echo '<span id="link-' . esc_attr( $username ) . '" href="' . bp_core_get_user_domain( $user_id ) . '"></span>' . bp_core_fetch_avatar( array( 'item_id' => $user_id, 'type' => 'thumb', 'width' => 15, 'height' => 15, 'alt' => $ud->display_name ) ) . ' &nbsp;' . bp_core_get_user_displayname( $user_id ) . ' (' . esc_html( $username ) . ')' . "\n";
  1031. }
  1032. }
  1033.  
  1034. exit;
  1035. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!