Changeset 1492115

Timestamp:

09/08/2016 12:17:51 AM (9 years ago)

Author:

davejesch

Message:

• Fix: Changes to resolve authentication issues. (thanks to Craig S., Cathy E., Josh C. and Jason H.)
• Enhancement: Some optimizations and code cleanup.
• Enhancement: Updates in the Settings page for validating URLs. (thanks to Craig S.)
• Fix: Fixing a table name reference when removing tables on uninstall.
• Enhancement: Code to protect JSON data being returned via API calls when third-party plugins throw runtime errors.
• Fix: Fix URL references in the Help text. (thanks to Pedro M.)
• Fix: Fix text domain reference. (thanks to Pedro M.)
• Fix: authentication token save. (thanks to Jeff C.)
• Enhancement: Changes to allow new features in upcoming add-ons.
• Enhancement: Change API code to work with any Permalink setting on Target site.

Location:

wpsitesynccontent/trunk

Files:

• assets/css/font-awesome.min.css (deleted)
• assets/css/sync-admin.css (modified) (2 diffs)
• assets/imgs/screenshot-sync.png (deleted)
• assets/imgs/spectrom.png (deleted)
• assets/imgs/spectrom_logo_plain.png (deleted)
• assets/imgs/spectrom_small.png (deleted)
• classes/admin.php (modified) (4 diffs)
• classes/ajax.php (modified) (4 diffs)
• classes/apicontroller.php (modified) (8 diffs)
• classes/apimodel.php (modified) (6 diffs)
• classes/apirequest.php (modified) (4 diffs)
• classes/apiresponse.php (modified) (3 diffs)
• classes/auth.php (modified) (1 diff)
• classes/extensionsettings.php (modified) (1 diff)
• classes/logmodel.php (modified) (1 diff)
• classes/model.php (modified) (2 diffs)
• classes/settings.php (modified) (15 diffs)
• classes/sourcesmodel.php (modified) (9 diffs)
• install/activate.php (modified) (1 diff)
• install/deactivate.php (modified) (3 diffs)
• readme.txt (modified) (2 diffs)
• views/content_details.php (modified) (1 diff)
• wpsitesynccontent.php (modified) (3 diffs)

wpsitesynccontent/trunk/assets/css/sync-admin.css

@@ -16 +16 @@
     background-size: contain; /* 100px 82px; */
     vertical-align: top;
+}
+.notice #sync-logo {
+    margin-top: .5rem;
 }
 #spectrom_sync {
@@ -164 +167 @@
     margin: 0 .7rem;
 }
-/* TODO: can be removed?? */
-/*.spectrom-sync-settings div.spectrom-mkt-right {
-  float: right;
-  display: inline-block;
-  width: 300px;
-  padding: 0 5px;
-  margin: 25px 0 0 0;
-  height: 100%;
-  min-height: 100px;
-}
-.spectrom-sync-settings div.spectrom-mkt-right div.spectrom-logo {
-    width: 100%;
-width: 260px;
-    height: 150px;
-    background-image: url('../imgs/spectrom.png');
-    background-repeat: no-repeat;
-    background-size: contain;
-    background-position: center;
-} */
 
 .spectrom-sync-settings div.spectrom-page {

wpsitesynccontent/trunk/classes/admin.php

@@ -59 +59 @@
 
         wp_register_style('sync-admin', WPSiteSyncContent::get_asset('css/sync-admin.css'), array(), WPSiteSyncContent::PLUGIN_VERSION, 'all');
-        wp_register_style('font-awesome', WPSiteSyncContent::get_asset('css/font-awesome.min.css'), array(), WPSiteSyncContent::PLUGIN_VERSION, 'all');
 
         $screen = get_current_screen();
@@ -69 +68 @@
                 wp_enqueue_script('sync');
 
-            $option_data = array('site_key' => WPSiteSyncContent::get_option('site_key'));
+            $option_data = array('site_key' => SyncOptions::get('site_key'));
             wp_localize_script('sync-settings', 'syncdata', $option_data);
 
@@ -123 +122 @@
         echo '<span>', __('Push content to Target: ', 'wpsitesynccontent'), '<br/>',
             sprintf('<span title="%2$s"><b>%1$s</b></span>',
-                WPSiteSyncContent::get_option('host'),
+                SyncOptions::get('host'),
                 esc_attr(__('The "Target" is the WordPress install that the Content will be pushed to.', 'wpsitesynccontent'))),
             '</span>';
@@ -263 +262 @@
                     } else if (0 !== $response_body->error_code) {
                         $msg = $api->error_code_to_string($response_body->error_code);
-                        echo '<p>', sprintf(__('Error #%1$d: %2$s', 'wpsitesync-pull'), $response_body->error_code, $msg), '</p>';
+                        echo '<p>', sprintf(__('Error #%1$d: %2$s', 'wpsitesynccontent'), $response_body->error_code, $msg), '</p>';
                         $pull_active = FALSE;
                     }

wpsitesynccontent/trunk/classes/ajax.php

@@ -24 +24 @@
         // also include the user name of the user on the Source site that is Pushing the Content
         $current_user = wp_get_current_user();
-        if (0 !== $current_user->ID) {
+//SyncDebug::log(__METHOD__.'() current user=' . var_export($current_user, TRUE));
+        if (NULL !== $current_user && 0 !== $current_user->ID) {
             $data['username'] = $current_user->user_login;
             $data['user_id'] = $current_user->ID;
@@ -36 +37 @@
     public function dispatch()
     {
-        // TODO: add authentication checking: must be logged in, an 'Author' role or higher, check nonce
-
         $operation = $this->post('operation');
 SyncDebug::log(__METHOD__."('{$operation}')");
-        $response = new SyncApiResponse();
+        $response = new SyncApiResponse(TRUE);
+
+        // perform authentication checking: must be logged in, an 'Author' role or higher
+        if (!is_user_logged_in()) {
+            $response->error_code(SyncApiRequest::ERROR_SESSION_EXPIRED, $operation);
+            $response->send();
+        }
+        if (!current_user_can('publish_posts')) {
+            $response->error_code(SyncApiRequest::ERROR_NO_PERMISSION, $operation);
+            $response->send();
+        }
+        // TODO: check nonce
 
         switch ($operation) {
@@ -74 +84 @@
             if (FALSE === apply_filters('spectrom_sync_ajax_operation', FALSE, $operation, $response)) {
                 // No method found, fallback to error message.
-                $response->success(FALSE);
+//              $response->success(FALSE);
                 $response->error_code(SyncApiRequest::ERROR_EXTENSION_MISSING, $operation);
                 // TODO: error_code() data parameter
@@ -95 +105 @@
         $input = new SyncInput();
         $settings = array_merge(
-            get_option(SyncOptions::OPTION_NAME),
+            SyncOptions::get_all(), // get_option(SyncOptions::OPTION_NAME),
             $input->post(SyncOptions::OPTION_NAME)
         );

wpsitesynccontent/trunk/classes/apicontroller.php

@@ -36 +36 @@
     public function __construct($args)
     {
+//SyncDebug::log(__METHOD__.'() args=' . var_export($args, TRUE));
         self::$_instance = $this;
         $this->args = $args;
@@ -47 +48 @@
             $response = $args['response'];
         else
-            $response = new SyncApiResponse();
+            $response = new SyncApiResponse(TRUE);
 
         if (isset($args['site_key']))
@@ -171 +172 @@
         if (NULL === $this->_headers) {
             if (!function_exists('apache_request_headers')) {
-                $this->_headers = $this->_get_request_headers();
+//SyncDebug::log(__METHOD__.'() using _get_request_headers()');
+                $hdrs = $this->_get_request_headers();
             } else {
-                $this->_headers = apache_request_headers();
-            }
-SyncDebug::log(__METHOD__.'() read request headers: ' . var_export($this->_headers, TRUE));
+//SyncDebug::log(__METHOD__.'() using apache_request_headers()');
+                $hdrs = apache_request_headers();
+            }
+            $this->_headers = array();
+            foreach ($hdrs as $key => $value) {
+                $this->_headers[strtolower($key)] = $value;
+            }
+//SyncDebug::log(__METHOD__.'() read request headers: ' . var_export($this->_headers, TRUE));
         }
 
@@ -212 +219 @@
             }
         }
+//SyncDebug::log(__METHOD__.'() headers: ' . var_export($arh, TRUE));
         return $arh;
     }
@@ -223 +231 @@
 SyncDebug::log(__METHOD__.'()');
 SyncDebug::log(' post data: ' . var_export($_POST, TRUE));
-SyncDebug::log(' request data: ' . var_export($_REQUEST, TRUE));
+//SyncDebug::log(' request data: ' . var_export($_REQUEST, TRUE));
         // TODO: need to assume failure, not success - then set to success when successful
         $response->success(TRUE);
@@ -235 +243 @@
 //SyncDebug::log(__METHOD__.'():' . __LINE__ . ' - post_data=' . var_export($post_data, TRUE));
 
-        $this->source_post_id = intval($post_data['ID']);
+        $this->source_post_id = abs($post_data['ID']);
+//      if (0 === $this->source_post_id && isset($post_data['post_id']))
+//          $this->source_post_id = abs($post_data['post_id']);
 SyncDebug::log('- syncing post data Source ID#'. $this->source_post_id . ' - "' . $post_data['post_title'] . '"');
 
@@ -313 +323 @@
                 wp_update_post($post_data); // ;here;
             } else {
-                $response->error_code(SyncApiResponse::ERROR_NO_PERMISSION);
+                $response->error_code(SyncApiRequest::ERROR_NO_PERMISSION);
                 $response->send();
             }
@@ -324 +334 @@
                 $target_post_id = wp_insert_post($new_post_data); // ;here;
             } else {
-                $response->error_code(SyncApiResponse::ERROR_NO_PERMISSION);
+                $response->error_code(SyncApiRequest::ERROR_NO_PERMISSION);
                 $response->send();
             }
         }
         $this->post_id = $target_post_id;
+SyncDebug::log(__METHOD__ . '():' . __LINE__. '  performing sync');
 
         // save the source and target post information for later reference

wpsitesynccontent/trunk/classes/apimodel.php

@@ -28 +28 @@
             return;
 
-SyncDebug::log(__METHOD__.'() request uri=' . $_SERVER['REQUEST_URI']);
+//SyncDebug::log(__METHOD__.'() request uri=' . $_SERVER['REQUEST_URI']);
         add_filter('request', array(&$this, 'set_query_var'));
         // hook in late to allow other plugins to operate earlier
@@ -76 +76 @@
     public function set_query_var(array $vars)
     {
+//SyncDebug::log(__METHOD__.'() vars=' . var_export($vars, TRUE));
         if (!empty($vars[$this->options['name']]))
             return $vars;
@@ -104 +105 @@
 
         $parts = explode('/', $api);
-SyncDebug::log(__METHOD__.'() parts=' . var_export($parts, TRUE));
+//SyncDebug::log(__METHOD__.'() parts=' . var_export($parts, TRUE));
 
         // spectrom - using json only for now
@@ -113 +114 @@
         // TODO: this can be simplified. assume only Sync callback are made, which will always be array type
         if (is_string($callback)) {
+//SyncDebug::log(__METHOD__.'() string callback');
             call_user_func($callback, $values);
         } else if (is_array($callback)) {
+//SyncDebug::log(__METHOD__.'() array callback');
             if ('__construct' === $callback[1])
                 new $callback[0]($values);
@@ -120 +123 @@
                 call_user_func($callback, $values);
         } else {
+//SyncDebug::log(__METHOD__.'() no callback');
             // TODO: use exception
             trigger_error(
@@ -128 +132 @@
 
         // WP will render main page if we leave this out
+        // TODO: shouldn't be needed. SyncApiController calls die() when sending results
         exit;
     }

wpsitesynccontent/trunk/classes/apirequest.php

@@ -138 +138 @@
         $remote_args['headers'][self::HEADER_WP_VERSION] = $wp_version;
         $remote_args['headers'][self::HEADER_SOURCE] = site_url();
-        $remote_args['headers'][self::HEADER_SITE_KEY] = WPSiteSyncContent::get_option('site_key'); // $model->generate_site_key();
+//      $remote_args['headers'][self::HEADER_SITE_KEY] = WPSiteSyncContent::get_option('site_key'); // $model->generate_site_key();
+        $remote_args['headers'][self::HEADER_SITE_KEY] = SyncOptions::get('site_key'); // $model->generate_site_key();
+//SyncDebug::log(__METHOD__.'() plugin sitekey=' . WPSiteSyncContent::get_option('site_key') . ' // option sitekey=' . SyncOptions::get('site_key'));
 
         // send data where it's going
-        $url = $this->host . '/' . WPSiteSyncContent::API_ENDPOINT . '?action=' . $action;
+//      $url = $this->host . '/' . WPSiteSyncContent::API_ENDPOINT . '?action=' . $action;
+        $url = $this->host . '?pagename=' . WPSiteSyncContent::API_ENDPOINT . '&action=' . $action;
 SyncDebug::log(__METHOD__.'():' . __LINE__ . ' sending API request to ' . $url, TRUE);
 SyncDebug::log('  sending data array: ' . SyncDebug::arr_dump($remote_args));
 
+        $remote_args = apply_filters('spectrom_sync_api_arguments', $remote_args, $action);
+
         $request = wp_remote_post($url, $remote_args);
         if (is_wp_error($request)) {
-//SyncDebug::log(__METHOD__.'():' . __LINE__ . ' error in wp_remote_post(): ' . var_export($request, TRUE));
+SyncDebug::log(__METHOD__.'():' . __LINE__ . ' error in wp_remote_post(): ' . var_export($request, TRUE));
             // handle error
             $response->error_code(self::ERROR_REMOTE_REQUEST_FAILED, $request->get_error_message());
@@ -214 +219 @@
                             update_user_meta($this->_user_id, 'spectrom_site_target_uid', $response->response->data->user_id);
 
-SyncDebug::log(__METHOD__.'() saving auth token ' . var_export($response, TRUE));
+SyncDebug::log(__METHOD__.'() saving auth token');
                             // store the returned token for later authentication uses
                             $sources_model = new SyncSourcesModel();
@@ -396 +401 @@
         // the success or error message will be returned as part of the response for the AJAX request and displayed just
         // underneath the ( Sync ) button within the MetaBox.
-        $response = new SyncApiResponse();
+//      $response = new SyncApiResponse();
         if (!is_wp_error($result)) {
             // PARSE IMAGES FROM SOURCE ONLY
@@ -402 +407 @@
             $response->success(TRUE);
             $response->notice_code(SyncApiRequest::NOTICE_CONTENT_SYNCD);
-//          $response->notice(__('Content SYNCd.', 'wpsitesynccontent'));
             $response->set('post_id', $result->data->post_id);
 

wpsitesynccontent/trunk/classes/apiresponse.php

@@ -28 +28 @@
     public $data = array();
 
+    private $_headers_sent = FALSE;             // TRUE when headers are sent on instantiation
+    private $_capture = FALSE;                  // TRUE when capturing output
+
     // constructor
-    public function __construct()
-    {
+    public function __construct($send_headers = FALSE)
+    {
+        if ($send_headers) {
+            $this->_send_headers(TRUE);
+        }
+
         if (!is_user_logged_in())
             $this->session_timeout = 1;
@@ -170 +177 @@
             return;
 
-        global $wp_version;
-        header(self::HEADER_SYNC_VERSION . ': ' . WPSiteSyncContent::PLUGIN_VERSION);       // send this header so sources will know that they're talking to SYNC
-        header(self::HEADER_WP_VERSION . ': ' . $wp_version);                               // send this header so sources will know that they're talking to WP
-        header('Content-Type: application/json');
+        $this->_send_headers();
 
         if ($this->has_errors()) {
@@ -185 +189 @@
         if ($exit)
             exit(0);                            // stop script
+    }
+
+    /**
+     * Send the HTTP headers for the JSON response
+     */
+    private function _send_headers($capture = FALSE)
+    {
+        if (!$this->_headers_sent) {
+            global $wp_version;
+
+            header(self::HEADER_SYNC_VERSION . ': ' . WPSiteSyncContent::PLUGIN_VERSION);       // send this header so sources will know that they're talking to SYNC
+            header(self::HEADER_WP_VERSION . ': ' . $wp_version);                               // send this header so sources will know that they're talking to WP
+            header('Content-Type: application/json');
+            $this->_headers_sent = TRUE;
+
+            if ($this->_capture) {
+                // headers have already been sent and ob_start() has been called.
+                // clear the output buffer so our JSON data can be sent
+                ob_get_clean();
+            }
+            if ($capture) {
+                ob_start();
+                $this->_capture = TRUE;
+            }
+        }
     }
 

wpsitesynccontent/trunk/classes/auth.php

@@ -36 +36 @@
 //SyncDebug::log(__METHOD__.'() authenticating via token');
 //SyncDebug::log(' - source: ' . $source . ' site_key: ' . $site_key . ' user: ' . $username . ' token: ' . $token);
-### $site_key = ''; ###
             $user_signon = $source_model->check_auth($source, $site_key, $username, $token);
 //SyncDebug::log(__METHOD__.'() source->check_auth() returned ' . var_export($user_signon, TRUE));

wpsitesynccontent/trunk/classes/extensionsettings.php

@@ -4 +4 @@
 {
     const FEED_URL = 'https://wpsitesync.com/downloads/feed/';
+    const TRANSIENT_KEY = 'wpsitesync_extension_list';
+    const TRANSIENT_TTL = 86400;                    // 24 hours
+
+    private static $_instance = NULL;
+
+    private function __construct()
+    {
+    }
+
+    public static function get_instance()
+    {
+        if (NULL === self::$_instance)
+            self::$_instance = new self();
+        return self::$_instance;
+    }
 
     public function init_settings()
     {
+        // no settings fields to display so nothing to initialize
+    }
+
+    public function show_settings()
+    {
+        echo '<h3>Available Extensions:</h3>';
+
+        $extens = $this->_get_extension_data();
+        if (FALSE === $extens) {
+            echo '<p><b>Error:</b> Temporarily unable to read data from https://wpsitesync.com</p>';
+        } else {
+            $count = 0;
+            foreach ($extens as $ext_info) {
+                // image is 491x309
+                echo '<div class="sync-extension">';
+                echo '<h3>', esc_html($ext_info['title']), ' ', $ext_info['price'], '</h3>';
+                echo '</div>';
+                ++$count;
+            }
+            echo '<p>', sprintf(__('%1$d extensions found.', 'wpsitesynccontent')), '</p>';
+        }
+    }
+
+    private function _get_extension_data()
+    {
+        $data = get_transient(self::TRANSIENT_KEY);
+        if (FALSE === $data) {
+            $url = self::FEED_URL;
+$url = 'http://wpsitesync.dev/downloadfeed/';
+            $response = wp_remote_get($url);
+//echo 'reading data from ', $url, '<br/>';
+            if (is_wp_error($response)) {
+                return FALSE;
+die('error');
+            } else {
+                $data = wp_remote_retrieve_body($response);
+            }
+//          set_transient(self::TRANSIENT_KEY, $data, self::TRANSIENT_TTL);
+        }
+
+//echo '<pre>', $data, '</pre>';
+//echo 'read ', strlen($data), ' bytes of data<br/>';
+
+        $ret = array();
+        $info = array();
+
+        $xmldoc = simplexml_load_string($data);
+//echo 'found ', count($xmldoc->channel->item), ' items<br/>';
+        foreach ($xmldoc->channel->item as $item) {
+//echo 'title=', $item->title, '<br/>';
+            $info = array(
+                'title' => $item->title,
+                'link' => $item->link,
+                'price' => $item->price,
+                'saleprice' => isset($item->saleprice) ? $item->saleprice : '',
+                'image' => isset($item->image) ? $item->image : '',
+            );
+            $ret[] = $info;
+        }
+//echo '<pre>', var_export($xmldoc, TRUE), '</pre>';
+        return $ret;
+####
+        $parser = xml_parser_create();
+        xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0);
+        xml_parser_set_option($parser, XML_OPTION_SKIP_WHITE, 1);
+        xml_parse_into_struct($parser, $data, $values, $tags);
+        xml_parser_free($parser);
+
+        foreach ($tags as $key => $val) {
+            echo $key, ' = ', esc_html($val), '<br/>';
+            if ('item' === $key) {
+                echo var_export($val, TRUE), '<br/>';
+                foreach ($val as $idx) {
+                    echo 'value=', var_export($values[$idx], TRUE), '<br/>';
+                }
+            }
+        }
+
+        return $ret;
+####
+        
+
+        // parse the XML data
+        $xml = new DOMDocument();
+        $xml->loadHTML($data);
+        $items = $xml->getElementsByTagName('item');
+
+        // loop through each <item> tag and return them
+        $nodes = $xml->documentElement;
+        $count = 0;
+        foreach ($nodes->childNodes as $item) {
+            echo $item->nodeName, ' = ', esc_html($item->nodeValue), '<br/>';
+            ++$count;
+        }
+        echo '<p>found ', $count, ' nodes<br/>';
+
+/*      for ($i = $items->length - 1; $i >= 0; $i--) {
+            $node = $items->item($i);
+            $title = $node->get('title');
+echo $title, '<br/>';
+            if (FALSE !== stripos($title, 'wpsitesync')) {
+                $ret[] = array(
+                    'title' => $title,
+                );
+            }
+        } */
+
+        return $ret;
     }
 }

wpsitesynccontent/trunk/classes/logmodel.php

@@ -40 +40 @@
         if (!isset($data['source_user']))
             $data['source_user'] = 0;
+        if (!isset($data['post_title']))
+            $data['post_title'] = '';
 
         return $wpdb->insert($this->_log_table, $data);

wpsitesynccontent/trunk/classes/model.php

@@ -182 +182 @@
             'p' => $post_id,
             'post_type' => apply_filters('spectrom_sync_allowed_post_types', array('post', 'page')),
+            'post_status' => array('publish', 'pending', 'draft', 'future', 'private', 'trash'),
             'posts_per_page' => 1,
         );
@@ -188 +189 @@
         // TODO: add failure checking
 SyncDebug::log(__METHOD__.'() post id=' . $post_id);
+
+        if (0 === $query->found_posts)
+            return $push_data;
 
         $push_data['post_data'] = (array) $query->posts[0];

wpsitesynccontent/trunk/classes/settings.php

@@ -11 +11 @@
     private static $_instance = NULL;
 
-    private $_options = array();
+//  private $_options = array();
     private $_tab = '';
 
@@ -22 +22 @@
         add_action('load-settings_page_sync', array(&$this, 'contextual_help'));
 
-        $this->_options = SyncOptions::get_all();
+//      $this->_options = SyncOptions::get_all();
     }
 
@@ -41 +41 @@
      * @param string $default (optional) The default value to be returned
      * @return mixed The value if it exists, else $default
-     */
-    public function get_option($option, $default = NULL)
-    {
+     * @deprecated
+     */
+/*  public function get_option($option, $default = NULL)
+    {
+        // TODO: remove this method
         return isset($this->_options[$option]) ? $this->_options[$option] : $default;
-    }
+    } */
 
     /**
@@ -83 +85 @@
 //SyncDebug::log(__METHOD__.'() tab=' . $this->_tab);
         wp_enqueue_script('sync-settings');
-        wp_enqueue_style('font-awesome');
 
         do_action('spectrom_sync_before_render_settings');
@@ -138 +139 @@
 
         case 'extensions':
+//          $ext = SyncExtensionSettings::get_instance();
+//          $ext->show_settings();
             break;
 
@@ -154 +157 @@
         submit_button(); 
         echo '</form>';
-        echo '<p>', __('WPSiteSync for Content Site key: ', 'wpsitesynccontent'), '<b>', $this->get_option('site_key'), '</b></p>';
+        echo '<p>', __('WPSiteSync for Content Site key: ', 'wpsitesynccontent'), '<b>', SyncOptions::get('site_key'), '</b></p>';
         echo '</div><!-- #tab_container -->';
     }
@@ -174 +177 @@
             break;
         case 'extensions':
+//          $ext = SyncExtensionSettings::get_instance();
+//          $ext->init_settings();
             break;
         case 'license':
@@ -192 +197 @@
     {
 //SyncDebug::log(__METHOD__.'() tab=' . $this->_tab);
-        $option_values = $this->_options;
+        $option_values = SyncOptions::get_all(); // $this->_options;
 
         $default_values = apply_filters('spectrom_sync_default_settings',
@@ -251 +256 @@
                 'size' => '50',
                 'value' => $data['username'],
-                'description' => __('Username on Target to authenticate API calls with. Must be able to create Content with this username.', 'wpsitesynccontent'),
+                'description' => __('Username on Target for authentication. Must be able to create Content with this username.', 'wpsitesynccontent'),
             )
         );
@@ -459 +464 @@
 
 //SyncDebug::log(__METHOD__.'() values=' . var_export($values, TRUE));
-        $settings = $this->_options;
+        $settings = SyncOptions::get_all(); // $this->_options;
 //SyncDebug::log(__METHOD__.'() settings: ' . var_export($settings, TRUE));
 
@@ -466 +471 @@
 
         $missing_error = FALSE;
+        $re_auth = FALSE;
         foreach ($values as $key => $value) {
 //SyncDebug::log(" key={$key}  value=[{$value}]");
             if (empty($values[$key]) && 'password' === $key) {
                 // ignore this so that passwords are not required on every settings update
-//              $out[$key] = $settings[$key];
             } else {
-                if ('host' === $key && FALSE === filter_var($value, FILTER_VALIDATE_URL)) {
-                    add_settings_error('sync_options_group', 'invalid-url', __('Invalid URL.', 'wpsitesynccontent'));
-                    $out[$key] = $settings[$key];
+                if ('host' === $key) {
+                    if (FALSE === $this->_is_valid_url($value)) {
+                        add_settings_error('sync_options_group', 'invalid-url', __('Invalid URL.', 'wpsitesynccontent'));
+                        $out[$key] = $settings[$key];
+                    } else {
+                        $out[$key] = $value;
+                        if ($out[$key] !== $settings[$key])
+                            $re_auth = TRUE;
+                    }
                 } else if (0 === strlen(trim($value))) {
                     if (!$missing_error) {
@@ -487 +498 @@
                 } else {
                     $out[$key] = $value;
+                    if ('username' === $key && $out[$key] !== $settings[$key])
+                        $re_auth = TRUE;
                 }
             }
@@ -492 +505 @@
 //SyncDebug::log(__METHOD__.'()  output array: ' . var_export($out, TRUE));
 
-        // authenticate if there was a password provided
-        if (!empty($out['password'])) {
+        // authenticate if there was a password provided or the host/username are different
+        if ($re_auth && empty($out['password'])) {
+            add_settings_error('sync_options_group', 'no-password', __('Changed Host Name of Target or Username but did not provide password.', 'wpsitesynccontent'));
+            $re_auth = FALSE;
+        }
+        if (!empty($out['password']) || $re_auth) {
             $out['auth'] = 0;
 
@@ -524 +541 @@
 
     /**
+     * Performs validation on URL. Note: filter_var() checks for schema but does not validate it. Also allows trailing '.' characters
+     * @param string $url The URL to validate
+     * @return boolean TRUE on successful validation; FALSE on failure
+     */
+    private function _is_valid_url($url)
+    {
+        $res = filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED | FILTER_FLAG_HOST_REQUIRED);
+        if (FALSE === $res)
+            return FALSE;
+
+        if (0 !== stripos($url, 'http://') && 0 !== stripos($url, 'https://'))
+            return FALSE;
+        else if ('.' === substr($url, -1))
+            return FALSE;
+
+        return TRUE;
+    }
+
+    /**
      * Callback for adding contextual help to Sync Settings page
      */
@@ -535 +571 @@
             '<p><strong>' . __('For more information:', 'wpsitesynccontent') . '</strong></p>' .
             '<p>' . sprintf(__('Visit the <a href="%s" target="_blank">documentation</a> on the WPSiteSync for Content website.', 'wpsitesynccontent'),
-                        esc_url('https://wpsitesync.com/documentation/')) . '</p>' .
+                        esc_url('http://wpsitesync.com/knowledgebase/use-wpsitesync-content/')) . '</p>' .
             '<p>' . sprintf(
                         __('<a href="%s" target="_blank">Post an issue</a> on <a href="%s" target="_blank">GitHub</a>.', 'wpsitesynccontent'),
-                        esc_url('https://github.com/ServerPress/sync/issues'),
-                        esc_url('https://github.com/ServerPress/sync/')) .
+                        esc_url('https://github.com/ServerPress/wpsitesync/issues'),
+                        esc_url('https://github.com/ServerPress/wpsitesync')) .
             '</p>'
         );

wpsitesynccontent/trunk/classes/sourcesmodel.php

@@ -36 +36 @@
      * @param string $name The username to authenticate
      * @param string $token The user's Token to authenticate against
-     * @return object The found row if the user is authenticated; otherwise NULL
+     * @return WP_User|WP_Error The user associated with the found row if the user is authenticated; otherwise WP_Error
      */
     public function check_auth($source, $site_key, $name, $token)
@@ -69 +69 @@
      * @return object The Source site's information that matches the $domain and $site_key; or NULL if not found
      */
-    public function find_source($source, $site_key)
+    public function find_source($source, $site_key, $auth_name = NULL)
     {
         global $wpdb;
         $source = $this->_fix_domain($source);
+
+        if (NULL !== $auth_name) {
+            $sql = "SELECT *
+                    FROM `{$this->_sources_table}`
+                    WHERE `site_key`=%s AND `domain`=%s AND `auth_name`=%s";
+            $res = $wpdb->get_row($exec = $wpdb->prepare($sql, $site_key, $source, $auth_name));
+//SyncDebug::log(__METHOD__.'():' . __LINE__ . ' sql=' . $exec . ' res=' . var_export($res, TRUE));
+            if (NULL !== $res)
+                return $res;
+        }
 
         $sql = "SELECT *
@@ -90 +100 @@
     {
         global $wpdb;
-//SyncDebug::log(__METHOD__.'() data=' . var_export($data, TRUE));
+//SyncDebug::log(__METHOD__.'() data=' . var_export($data, TRUE), TRUE);
         $token = '';
         $data['domain'] = $this->_fix_domain($data['domain']);
@@ -111 +121 @@
 //SyncDebug::log(__METHOD__.'() - existing');
                 // update existing source token
+                if (empty($data['token']))
+                    $data['token'] = $this->_make_token();
                 if ($row->token !== $data['token'])
                     $wpdb->update($this->_sources_table, array('token' => $data['token']), array('id' => $row->id));
-                $token = $data['token;']; // $row->token
+                $token = $data['token']; // $row->token
             }
         } else {
@@ -119 +131 @@
 //SyncDebug::log(__METHOD__.'() - adding source');
             // first, check to see if the domain already exists
-            $row = $this->find_source($data['domain'], $data['site_key']);
-            if (NULL === $row) {
+            $row = $this->find_source($data['domain'], $data['site_key'], $data['auth_name']);
+            if (NULL === $row || $row->auth_name !== $data['auth_name']) {
 //SyncDebug::log(__METHOD__.'() - adding ' . __LINE__);
                 // no record found, add it
@@ -128 +140 @@
                 // update existing source
 //SyncDebug::log(__METHOD__.'() updating id ' . $row->id . ' with token '); //  . $data['token']);
-                if ($row->token !== $data['token'])
+                if (empty($data['token']) || $row->token !== $data['token']) {
+                    // TODO: ensure no duplicate tokens
+                    $data['token'] = $this->_make_token();
                     $wpdb->update($this->_sources_table, array('token' => $data['token']), array('id' => $row->id));
+                }
                 $token = $data['token']; // $row->token
             }
         }
+//$this->_show_sources();
 //SyncDebug::log(__METHOD__.'() last query: ' . $wpdb->last_query);
 //SyncDebug::log(__METHOD__.'() returning token ' . $token);
@@ -139 +155 @@
 
     /**
+     * Method used for debugging
+     */
+/*  private function _show_sources()
+    {
+        global $wpdb;
+
+        $sql = "SELECT *
+                FROM `{$this->_sources_table}`";
+        $res = $wpdb->get_results($sql, ARRAY_A);
+        if (NULL !== $res) {
+SyncDebug::log(__METHOD__.'()');
+            foreach ($res as $row) {
+                $vals = array_values($row);
+SyncDebug::log(' ' . implode(', ', $vals));
+            }
+SyncDebug::log(' ' . count($res) . ' rows');
+        }
+    } */
+
+    /**
      * Inserts a new record into the sources table, creating a unique token
      * @param array $data The data to add
@@ -151 +187 @@
         if (empty($data['token'])) {
             do {
-                $token = wp_generate_password(48, FALSE);
+                $token = $this->_make_token();
 //SyncDebug::log(__METHOD__ . '() looking for token ' . $token);
                 // this finds a match, regardless of the value of `allowed`
@@ -218 +254 @@
         $wpdb->update($this->_sources, array('allowed' => 1), array('site_key' => $site_key, 'auth_name' => $user));
     }
+
+    private function _make_token()
+    {
+        return wp_generate_password(48, FALSE);
+    }
 }

wpsitesynccontent/trunk/install/activate.php

@@ -127 +127 @@
         if (!empty($wpdb->charset))
             $charset_collate = " DEFAULT CHARACTER SET {$wpdb->charset} ";
-        if (!empty($wpdb->collate))
-            $charset_collate .= " COLLATE {$wpdb->collate} ";
+
+        // determine default collation for tables being created
+        $collate = NULL;
+        if (defined('DB_COLLATE'))
+            $collate = DB_COLLATE;                          // if the constant is declared, use it
+        if (empty($collate) && !empty($wpdb->collate))      // otherwise allow wpdb class to specify
+            $collate = $wpdb->collate;
+        if (!empty($collate))
+            $charset_collate .= " COLLATE {$collate} ";
 
         $aTables = $this->get_table_data();

wpsitesynccontent/trunk/install/deactivate.php

@@ -19 +19 @@
             $this->remove_database_tables();
             $this->remove_options();
+            $this->remove_transients();
         }
 
@@ -34 +35 @@
             'sync_log',
             'sync',
-            'sources',
+            'sync_sources',
             'sync_media',
         );
@@ -54 +55 @@
         foreach ($options as $option)
             delete_option($option);
+    }
+
+    /**
+     * Removes all transients
+     */
+    protected function remove_transients()
+    {
+        $trans_keys = array(
+            'wpsitesync_extension_list',
+        );
+
+        foreach ($trans_keys as $trans_key) {
+            delete_transient($trans_key);
+        }
     }
 

wpsitesynccontent/trunk/readme.txt

@@ -4 +4 @@
 Tags: attachments, content, content sync, data migration, desktopserver, export, import, migrate content, moving data, staging, synchronization, taxonomies
 Requires at least: 3.5
-Tested up to: 4.5
+Tested up to: 4.6
 Stable tag: trunk
 License: GPLv2 or later
@@ -107 +107 @@
 
 == Changelog ==
+= 1.2 - Sep 7, 2016 =
+* Fix: Changes to resolve authentication issues. (thanks to Craig S., Cathy E., Josh C. and Jason H.)
+* Enhancement: Some optimizations and code cleanup.
+* Enhancement: Updates in the Settings page for validating URLs. (thanks to Craig S.)
+* Fix: Fixing a table name reference when removing tables on uninstall.
+* Enhancement: Code to protect JSON data being returned via API calls when third-party plugins throw runtime errors.
+* Fix: Fix URL references in the Help text. (thanks to Pedro M.)
+* Fix: Fix text domain reference. (thanks to Pedro M.)
+* Fix: authentication token save. (thanks to Jeff C.)
+* Enhancement: Changes to allow new features in upcoming add-ons.
+* Enhancement: Change API code to work with any Permalink setting on Target site.
+
 = 1.1.1 - Jul 20, 2016 =
 * Fix for authentication issues that sometimes occur after initial credentials are entered.

wpsitesynccontent/trunk/views/content_details.php

@@ -1 +1 @@
 <div id="sync-details-container">
-    <p><b><?php _e('Content Details:', 'wpsitesync-pull'); ?></b></p>
+    <p><b><?php _e('Content Details:', 'wpsitesynccontent'); ?></b></p>
     <ul style="border:1px solid gray; padding:.2rem; margin: -4px">
-        <li><?php printf(__('Target Content Id: %d', 'wpsitesync-pull'), $data['target_post_id']); ?></li>
-        <li><?php printf(__('Content Title: %s', 'wpsitesync-pull'), $data['post_title']); ?></li>
-        <li><?php printf(__('Content Author: %s', 'wpsitesync-pull'), $data['post_author']); ?></li>
-        <li><?php printf(__('Last Modified: %s', 'wpsitesync-pull'),
+        <li><?php printf(__('Target Content Id: %d', 'wpsitesynccontent'), $data['target_post_id']); ?></li>
+        <li><?php printf(__('Content Title: %s', 'wpsitesynccontent'), $data['post_title']); ?></li>
+        <li><?php printf(__('Content Author: %s', 'wpsitesynccontent'), $data['post_author']); ?></li>
+        <li><?php printf(__('Last Modified: %s', 'wpsitesynccontent'),
                 date(get_option('date_format') . ' ' . get_option('time_format'), strtotime($data['modified'])) ); ?></li>
-        <li><?php printf(__('Content: %s', 'wpsitesync-pull'), $data['content']); ?></li>
+        <li><?php printf(__('Content: %s', 'wpsitesynccontent'), $data['content']); ?></li>
         <?php do_action('spectrom_sync_details_view', $data); ?>
     </ul>
-    <p><?php _e('Note: Syncing this Content will overwrite data.', 'wpsitesync-pull'); ?></p>
+    <p><?php _e('Note: Syncing this Content will overwrite data.', 'wpsitesynccontent'); ?></p>
 </div>

wpsitesynccontent/trunk/wpsitesynccontent.php

@@ -6 +6 @@
 Author: WPSiteSync
 Author URI: http://wpsitesync.com
-Version: 1.1.1
+Version: 1.2
 Text Domain: wpsitesynccontent
 Domain path: /language
@@ -25 +25 @@
     class WPSiteSyncContent
     {
-        const PLUGIN_VERSION = '1.1.1';
+        const PLUGIN_VERSION = '1.2';
         const PLUGIN_NAME = 'WPSiteSyncContent';
 
@@ -128 +128 @@
 
         /*
-         * return option values
-         * @param string $name name of the option value being requested
-         * @param string $default default value to return if nothing found
-         * @return multi the stored option value
-         */
-        public static function get_option($name, $default = NULL)
-        {
-            // TODO: deprecated
-            if (NULL === self::$_config)
-                self::$_config = SyncSettings::get_instance();
-            return self::$_config->get_option($name, $default);
-        }
-
-        /*
          * return reference to asset, relative to the base plugin's /assets/ directory
          * @param string $ref asset name to reference