Changeset 3392864
- Timestamp:
- 11/10/2025 10:44:53 AM (5 weeks ago)
- Location:
- hydra-booking
- Files:
-
- 272 added
- 5 edited
-
tags/1.1.28 (added)
-
tags/1.1.28/admin (added)
-
tags/1.1.28/admin/Admin.php (added)
-
tags/1.1.28/admin/Controller (added)
-
tags/1.1.28/admin/Controller/AdminMenu.php (added)
-
tags/1.1.28/admin/Controller/AuthController.php (added)
-
tags/1.1.28/admin/Controller/BookingController.php (added)
-
tags/1.1.28/admin/Controller/CountryController.php (added)
-
tags/1.1.28/admin/Controller/DashboardController.php (added)
-
tags/1.1.28/admin/Controller/DateTimeController.php (added)
-
tags/1.1.28/admin/Controller/Enqueue.php (added)
-
tags/1.1.28/admin/Controller/FrontendDashboard.php (added)
-
tags/1.1.28/admin/Controller/Helper.php (added)
-
tags/1.1.28/admin/Controller/HostsController.php (added)
-
tags/1.1.28/admin/Controller/ImportExport.php (added)
-
tags/1.1.28/admin/Controller/MeetingController.php (added)
-
tags/1.1.28/admin/Controller/NoticeController.php (added)
-
tags/1.1.28/admin/Controller/Notification.php (added)
-
tags/1.1.28/admin/Controller/PromoNotice.php (added)
-
tags/1.1.28/admin/Controller/RouteController.php (added)
-
tags/1.1.28/admin/Controller/ScheduleController.php (added)
-
tags/1.1.28/admin/Controller/SettingsController.php (added)
-
tags/1.1.28/admin/Controller/SetupWizard.php (added)
-
tags/1.1.28/admin/Controller/TransStrings.php (added)
-
tags/1.1.28/admin/Controller/UpdateController.php (added)
-
tags/1.1.28/admin/Controller/licenseController.php (added)
-
tags/1.1.28/app (added)
-
tags/1.1.28/app/App.php (added)
-
tags/1.1.28/app/Content (added)
-
tags/1.1.28/app/Content/Archive (added)
-
tags/1.1.28/app/Content/Archive.php (added)
-
tags/1.1.28/app/Content/Archive/archive-page-tfhb-host.php (added)
-
tags/1.1.28/app/Content/Archive/archive-tfhb_meeting.php (added)
-
tags/1.1.28/app/Content/Archive/taxonomy-meeting_category.php (added)
-
tags/1.1.28/app/Content/Template (added)
-
tags/1.1.28/app/Content/Template/embed.php (added)
-
tags/1.1.28/app/Content/Template/meeting-calendar.php (added)
-
tags/1.1.28/app/Content/Template/meeting-cencel.php (added)
-
tags/1.1.28/app/Content/Template/meeting-confirmation.php (added)
-
tags/1.1.28/app/Content/Template/meeting-form.php (added)
-
tags/1.1.28/app/Content/Template/meeting-info.php (added)
-
tags/1.1.28/app/Content/Template/meeting-times.php (added)
-
tags/1.1.28/app/Content/Template/reschedule.php (added)
-
tags/1.1.28/app/Content/Template/single-meeting.php (added)
-
tags/1.1.28/app/Content/calendar.php (added)
-
tags/1.1.28/app/Enqueue.php (added)
-
tags/1.1.28/app/FrontendDashboard (added)
-
tags/1.1.28/app/FrontendDashboard/FrontendDashboard.php (added)
-
tags/1.1.28/app/FrontendDashboard/Shortcode (added)
-
tags/1.1.28/app/FrontendDashboard/Shortcode/Login.php (added)
-
tags/1.1.28/app/FrontendDashboard/Shortcode/Signup.php (added)
-
tags/1.1.28/app/FrontendDashboard/Template (added)
-
tags/1.1.28/app/FrontendDashboard/Template/email-verification.php (added)
-
tags/1.1.28/app/FrontendDashboard/Template/forgot-password.php (added)
-
tags/1.1.28/app/FrontendDashboard/Template/frontend-dashboard.php (added)
-
tags/1.1.28/app/FrontendDashboard/Template/frontend-login.php (added)
-
tags/1.1.28/app/FrontendDashboard/Template/frontend-signup.php (added)
-
tags/1.1.28/app/Shortcode (added)
-
tags/1.1.28/app/Shortcode/HydraBookingShortcode.php (added)
-
tags/1.1.28/app/Shortcode/ShortcodeBuilder.php (added)
-
tags/1.1.28/assets (added)
-
tags/1.1.28/assets/admin (added)
-
tags/1.1.28/assets/admin/css (added)
-
tags/1.1.28/assets/admin/css/tfhb-admin-style.css (added)
-
tags/1.1.28/assets/admin/js (added)
-
tags/1.1.28/assets/admin/js/main.js (added)
-
tags/1.1.28/assets/app (added)
-
tags/1.1.28/assets/app/css (added)
-
tags/1.1.28/assets/app/css/style.css (added)
-
tags/1.1.28/assets/app/css/style.css.map (added)
-
tags/1.1.28/assets/app/images (added)
-
tags/1.1.28/assets/app/images/Meeting.svg (added)
-
tags/1.1.28/assets/app/images/arrow-left.svg (added)
-
tags/1.1.28/assets/app/images/arrow-right.svg (added)
-
tags/1.1.28/assets/app/images/chevrons-up-down.svg (added)
-
tags/1.1.28/assets/app/images/clock.svg (added)
-
tags/1.1.28/assets/app/images/fd-dashboard-logo.png (added)
-
tags/1.1.28/assets/app/images/g-calendar.svg (added)
-
tags/1.1.28/assets/app/images/globe.svg (added)
-
tags/1.1.28/assets/app/images/google-calendar.svg (added)
-
tags/1.1.28/assets/app/images/google-meet small.png (added)
-
tags/1.1.28/assets/app/images/host.png (added)
-
tags/1.1.28/assets/app/images/location.png (added)
-
tags/1.1.28/assets/app/images/location.svg (added)
-
tags/1.1.28/assets/app/images/meeting-cover.png (added)
-
tags/1.1.28/assets/app/images/ms_teams-logo.svg (added)
-
tags/1.1.28/assets/app/images/other-calendar.svg (added)
-
tags/1.1.28/assets/app/images/outlook-calendar.svg (added)
-
tags/1.1.28/assets/app/images/payment.svg (added)
-
tags/1.1.28/assets/app/images/phone.png (added)
-
tags/1.1.28/assets/app/images/phone.svg (added)
-
tags/1.1.28/assets/app/images/preloader.svg (added)
-
tags/1.1.28/assets/app/images/refresh-cw.svg (added)
-
tags/1.1.28/assets/app/images/sucess.gif (added)
-
tags/1.1.28/assets/app/images/user-icon.svg (added)
-
tags/1.1.28/assets/app/images/user.svg (added)
-
tags/1.1.28/assets/app/images/yahoo-calendar.svg (added)
-
tags/1.1.28/assets/app/images/zoom.png (added)
-
tags/1.1.28/assets/app/js (added)
-
tags/1.1.28/assets/app/js/app.js (added)
-
tags/1.1.28/assets/app/js/login.js (added)
-
tags/1.1.28/assets/app/js/main.js (added)
-
tags/1.1.28/assets/app/js/registration.js (added)
-
tags/1.1.28/assets/app/js/widget.js (added)
-
tags/1.1.28/assets/images (added)
-
tags/1.1.28/assets/images/150x50.png (added)
-
tags/1.1.28/assets/images/Import.svg (added)
-
tags/1.1.28/assets/images/Location.png (added)
-
tags/1.1.28/assets/images/Mailchimp-small.svg (added)
-
tags/1.1.28/assets/images/Mailchimp.svg (added)
-
tags/1.1.28/assets/images/Meeting.png (added)
-
tags/1.1.28/assets/images/Slack.png (added)
-
tags/1.1.28/assets/images/Slack.svg (added)
-
tags/1.1.28/assets/images/Telegram.png (added)
-
tags/1.1.28/assets/images/Telegram.svg (added)
-
tags/1.1.28/assets/images/Twilio.png (added)
-
tags/1.1.28/assets/images/Twilio.svg (added)
-
tags/1.1.28/assets/images/Woo.png (added)
-
tags/1.1.28/assets/images/Zoho.svg (added)
-
tags/1.1.28/assets/images/Zoom.png (added)
-
tags/1.1.28/assets/images/avator.png (added)
-
tags/1.1.28/assets/images/calendar-days.png (added)
-
tags/1.1.28/assets/images/cancel-booking.svg (added)
-
tags/1.1.28/assets/images/cf7.png (added)
-
tags/1.1.28/assets/images/complete-booking.svg (added)
-
tags/1.1.28/assets/images/confirmed.svg (added)
-
tags/1.1.28/assets/images/delete-icon.svg (added)
-
tags/1.1.28/assets/images/facebook-logo.png (added)
-
tags/1.1.28/assets/images/file-text.png (added)
-
tags/1.1.28/assets/images/fluent-crm-small.svg (added)
-
tags/1.1.28/assets/images/fluent-crm.png (added)
-
tags/1.1.28/assets/images/fluent-forms.png (added)
-
tags/1.1.28/assets/images/forminator.png (added)
-
tags/1.1.28/assets/images/google-calendar.png (added)
-
tags/1.1.28/assets/images/google-meet-small.svg (added)
-
tags/1.1.28/assets/images/gravity-forms.png (added)
-
tags/1.1.28/assets/images/hydra-booking-logo.png (added)
-
tags/1.1.28/assets/images/ical.png (added)
-
tags/1.1.28/assets/images/icon-calendar.svg (added)
-
tags/1.1.28/assets/images/images-icon.png (added)
-
tags/1.1.28/assets/images/mail.png (added)
-
tags/1.1.28/assets/images/more-vertical.svg (added)
-
tags/1.1.28/assets/images/ms_teams-logo.svg (added)
-
tags/1.1.28/assets/images/notification-not-found.svg (added)
-
tags/1.1.28/assets/images/outlook-calendar.png (added)
-
tags/1.1.28/assets/images/pabbly-small.svg (added)
-
tags/1.1.28/assets/images/pabbly.svg (added)
-
tags/1.1.28/assets/images/paypal.png (added)
-
tags/1.1.28/assets/images/paypal.svg (added)
-
tags/1.1.28/assets/images/phone.png (added)
-
tags/1.1.28/assets/images/pre-loader-big.svg (added)
-
tags/1.1.28/assets/images/pre-loader-small.svg (added)
-
tags/1.1.28/assets/images/pre-loader.svg (added)
-
tags/1.1.28/assets/images/setup-wizard.jpg (added)
-
tags/1.1.28/assets/images/shape-1.svg (added)
-
tags/1.1.28/assets/images/shape-2.svg (added)
-
tags/1.1.28/assets/images/shape-3.svg (added)
-
tags/1.1.28/assets/images/shape-4.svg (added)
-
tags/1.1.28/assets/images/stripe-small.svg (added)
-
tags/1.1.28/assets/images/stripe.png (added)
-
tags/1.1.28/assets/images/success.gif (added)
-
tags/1.1.28/assets/images/total-booking.svg (added)
-
tags/1.1.28/assets/images/total-earning.svg (added)
-
tags/1.1.28/assets/images/twitter-x-logo.png (added)
-
tags/1.1.28/assets/images/user.png (added)
-
tags/1.1.28/assets/images/webhooks.png (added)
-
tags/1.1.28/assets/images/youtube-logo.png (added)
-
tags/1.1.28/assets/images/zapier-small.png (added)
-
tags/1.1.28/assets/images/zapier.svg (added)
-
tags/1.1.28/assets/images/zoho.png (added)
-
tags/1.1.28/assets/images/zoom-icon-small.svg (added)
-
tags/1.1.28/assets/lib (added)
-
tags/1.1.28/assets/lib/select2 (added)
-
tags/1.1.28/assets/lib/select2/select2.min.css (added)
-
tags/1.1.28/assets/lib/select2/select2.min.js (added)
-
tags/1.1.28/assets/public (added)
-
tags/1.1.28/assets/public/js (added)
-
tags/1.1.28/assets/public/js/app.js (added)
-
tags/1.1.28/build (added)
-
tags/1.1.28/build/assets (added)
-
tags/1.1.28/build/assets/tfhb-admin-app-script.js (added)
-
tags/1.1.28/build/assets/tfhb-admin-app.css (added)
-
tags/1.1.28/build/assets/tfhb-admin-app.woff2 (added)
-
tags/1.1.28/build/assets/tfhb-admin-app2.woff2 (added)
-
tags/1.1.28/build/index.html (added)
-
tags/1.1.28/hydra-booking.php (added)
-
tags/1.1.28/includes (added)
-
tags/1.1.28/includes/Includes.php (added)
-
tags/1.1.28/includes/database (added)
-
tags/1.1.28/includes/database/Attendees.php (added)
-
tags/1.1.28/includes/database/Availability.php (added)
-
tags/1.1.28/includes/database/Booking.php (added)
-
tags/1.1.28/includes/database/BookingMeta.php (added)
-
tags/1.1.28/includes/database/Host.php (added)
-
tags/1.1.28/includes/database/Meeting.php (added)
-
tags/1.1.28/includes/database/Meta.php (added)
-
tags/1.1.28/includes/database/Migrator.php (added)
-
tags/1.1.28/includes/database/Transactions.php (added)
-
tags/1.1.28/includes/helper (added)
-
tags/1.1.28/includes/helper/helper-functions.php (added)
-
tags/1.1.28/includes/hooks (added)
-
tags/1.1.28/includes/hooks/ActionHooks.php (added)
-
tags/1.1.28/includes/hooks/ActivationHooks.php (added)
-
tags/1.1.28/includes/hooks/BookingLocation.php (added)
-
tags/1.1.28/includes/hooks/DeactivationHooks.php (added)
-
tags/1.1.28/includes/hooks/FilterHooks.php (added)
-
tags/1.1.28/includes/hooks/MailHooks.php (added)
-
tags/1.1.28/includes/hooks/Mailer.php (added)
-
tags/1.1.28/includes/license (added)
-
tags/1.1.28/includes/license/HydraBooking.php (added)
-
tags/1.1.28/includes/license/HydraBookingBase.php (added)
-
tags/1.1.28/includes/migration (added)
-
tags/1.1.28/includes/migration/Migration.php (added)
-
tags/1.1.28/includes/migration/ThirdParty (added)
-
tags/1.1.28/includes/migration/ThirdParty/FluentBooking (added)
-
tags/1.1.28/includes/migration/ThirdParty/FluentBooking/Migrator.php (added)
-
tags/1.1.28/includes/migration/ThirdParty/ThirdParty.php (added)
-
tags/1.1.28/includes/post-type (added)
-
tags/1.1.28/includes/post-type/Booking (added)
-
tags/1.1.28/includes/post-type/Booking/Booking_CPT.php (added)
-
tags/1.1.28/includes/post-type/Meeting (added)
-
tags/1.1.28/includes/post-type/Meeting/Meeting_CPT.php (added)
-
tags/1.1.28/includes/post-type/Post_Type.php (added)
-
tags/1.1.28/includes/services (added)
-
tags/1.1.28/includes/services/Integrations (added)
-
tags/1.1.28/includes/services/Integrations/AppleCalendar (added)
-
tags/1.1.28/includes/services/Integrations/AppleCalendar/AppleCalendar.php (added)
-
tags/1.1.28/includes/services/Integrations/BookingBookmarks (added)
-
tags/1.1.28/includes/services/Integrations/BookingBookmarks/BookingBookmarks.php (added)
-
tags/1.1.28/includes/services/Integrations/GoogleCalendar (added)
-
tags/1.1.28/includes/services/Integrations/GoogleCalendar/GoogleCalendar.php (added)
-
tags/1.1.28/includes/services/Integrations/MailChimp (added)
-
tags/1.1.28/includes/services/Integrations/MailChimp/MailChimp.php (added)
-
tags/1.1.28/includes/services/Integrations/Telegram (added)
-
tags/1.1.28/includes/services/Integrations/Telegram/Telegram.php (added)
-
tags/1.1.28/includes/services/Integrations/Woocommerce (added)
-
tags/1.1.28/includes/services/Integrations/Woocommerce/WooBooking.php (added)
-
tags/1.1.28/includes/services/Integrations/Zoom (added)
-
tags/1.1.28/includes/services/Integrations/Zoom/ZoomServices.php (added)
-
tags/1.1.28/languages (added)
-
tags/1.1.28/languages/hydra-booking.pot (added)
-
tags/1.1.28/readme.txt (added)
-
tags/1.1.28/vendor (added)
-
tags/1.1.28/vendor/appsero (added)
-
tags/1.1.28/vendor/appsero/client (added)
-
tags/1.1.28/vendor/appsero/client/.editorconfig (added)
-
tags/1.1.28/vendor/appsero/client/.github (added)
-
tags/1.1.28/vendor/appsero/client/.github/workflows (added)
-
tags/1.1.28/vendor/appsero/client/.github/workflows/wpcs.yml (added)
-
tags/1.1.28/vendor/appsero/client/.gitignore (added)
-
tags/1.1.28/vendor/appsero/client/.php-cs-fixer.dist.php (added)
-
tags/1.1.28/vendor/appsero/client/composer.json (added)
-
tags/1.1.28/vendor/appsero/client/composer.lock (added)
-
tags/1.1.28/vendor/appsero/client/phpcs.xml.dist (added)
-
tags/1.1.28/vendor/appsero/client/readme.md (added)
-
tags/1.1.28/vendor/appsero/client/src (added)
-
tags/1.1.28/vendor/appsero/client/src/Client.php (added)
-
tags/1.1.28/vendor/appsero/client/src/Insights.php (added)
-
tags/1.1.28/vendor/appsero/client/src/License.php (added)
-
tags/1.1.28/vendor/autoload.php (added)
-
tags/1.1.28/vendor/composer (added)
-
tags/1.1.28/vendor/composer/ClassLoader.php (added)
-
tags/1.1.28/vendor/composer/InstalledVersions.php (added)
-
tags/1.1.28/vendor/composer/LICENSE (added)
-
tags/1.1.28/vendor/composer/autoload_classmap.php (added)
-
tags/1.1.28/vendor/composer/autoload_namespaces.php (added)
-
tags/1.1.28/vendor/composer/autoload_psr4.php (added)
-
tags/1.1.28/vendor/composer/autoload_real.php (added)
-
tags/1.1.28/vendor/composer/autoload_static.php (added)
-
tags/1.1.28/vendor/composer/installed.json (added)
-
tags/1.1.28/vendor/composer/installed.php (added)
-
tags/1.1.28/vendor/composer/platform_check.php (added)
-
trunk/app/Content/Template/meeting-cencel.php (modified) (2 diffs)
-
trunk/app/Shortcode/HydraBookingShortcode.php (modified) (8 diffs)
-
trunk/assets/app/js/main.js (modified) (1 diff)
-
trunk/hydra-booking.php (modified) (2 diffs)
-
trunk/readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
hydra-booking/trunk/app/Content/Template/meeting-cencel.php
r3304865 r3392864 22 22 $data = isset( $args['attendeeBooking'] ) ? $args['attendeeBooking'] : array(); 23 23 24 // tfhb_print_r($data);25 24 ?> 26 25 <div class=" tfhb-booking-cencel tfhb-meeting-<?php echo esc_attr( $data->meeting_id ); ?>" data-calendar="<?php echo esc_attr( $data->meeting_id ); ?>"> … … 89 88 ?> 90 89 </ul> 91 </div> 92 90 </div> 93 91 <?php if ( $data->status == 'canceled' ) : ?> 94 92 <div class="tfhb-notice notice-error" > 95 <span><?php echo esc_html_ ( 'This meeting has been cancelled by the ', 'hydra-booking' ) . esc_attr($data->cancelled_by) . '.'; ?></span>93 <span><?php echo esc_html__( 'This meeting has been cancelled by the ', 'hydra-booking' ) . esc_attr($data->cancelled_by) . '.'; ?></span> 96 94 </div> 97 95 <?php else : ?> 98 96 <div class="hidden-field"> 99 <input type="hidden" id="attendee_hash" name="attendee_hash" value="<?php echo esc_attr($data->hash); ?>"> 97 <input type="hidden" id="attendee_hash" name="attendee_hash" value="<?php echo esc_attr($data->hash); ?>"> 98 <input type="hidden" name="nonce" value="<?php echo esc_attr( wp_create_nonce( 'tfhb_cancel_' . $data->hash ) ); ?>"> 100 99 </div> 101 100 <div class="tfhb-forms" > -
hydra-booking/trunk/app/Shortcode/HydraBookingShortcode.php
r3388253 r3392864 44 44 // Create Zoom Meeting 45 45 46 } 47 48 /** 49 * Generate a cryptographically secure token. 50 * 51 * @param int $bytes 52 * 53 * @return string 54 */ 55 private function generate_secure_token( $bytes = 16 ) { 56 try { 57 $token = \bin2hex( \random_bytes( $bytes ) ); 58 } catch ( \Exception $exception ) { 59 $token = \wp_generate_password( $bytes * 2, false, false ); 60 } 61 62 return $token; 46 63 } 47 64 … … 296 313 } else { 297 314 298 $meeting_hash = md5( sanitize_text_field( $_POST['meeting_dates'] ) . sanitize_text_field( $_POST['meeting_time_start'] ) . sanitize_text_field( $_POST['meeting_time_end'] ) . sanitize_text_field( $_POST['meeting_id'] ) . wp_rand( 1000, 9999 ));315 $meeting_hash = $this->generate_secure_token(); 299 316 300 317 } … … 355 372 356 373 // Attendee Data 357 $attendee_data['hash'] = md5( $data['meeting_id'] . $data['meeting_dates'] . $data['start_time'] . $data['end_time'] . wp_rand( 1000, 9999 ));374 $attendee_data['hash'] = $this->generate_secure_token(); 358 375 $attendee_data['meeting_id'] = isset( $data['meeting_id'] ) ? sanitize_text_field( $data['meeting_id'] ) : 0; 359 376 $attendee_data['host_id'] = isset( $data['host_id'] ) ? sanitize_text_field( $data['host_id'] ) : 0; … … 713 730 } 714 731 ) 715 ); 716 717 // tfhb_print_r($booking_frequency_date); 732 ); 718 733 // if currentdate is greater than booking_frequency_date then you can book the meeting 719 734 if ( strtotime( $current_date ) > strtotime( $booking_frequency_date ) ) { … … 979 994 // Booking Cancel Callback 980 995 public function tfhb_meeting_form_cencel_callback() { 981 // Checked Nonce validation.982 if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'tfhb_nonce' ) ) {983 wp_send_json_error( array( 'message' => esc_html(__('Nonce verification failed', 'hydra-booking')) ) );984 }985 986 996 // Check if the request is POST. 987 997 if ( 'POST' !== $_SERVER['REQUEST_METHOD'] ) { … … 997 1007 $response = array(); 998 1008 999 $attendee_hash = isset( $_POST['attendee_hash'] ) ? sanitize_text_field( $_POST['attendee_hash'] ) : ''; 1009 $hash = isset( $_POST['hash'] ) ? sanitize_text_field( $_POST['hash'] ) : ''; 1010 1011 // Checked Nonce validation. 1012 $nonce_valid = false; 1013 if ( isset( $_POST['nonce'] ) && ! empty( $hash ) ) { 1014 $nonce_valid = wp_verify_nonce( $_POST['nonce'], 'tfhb_cancel_' . $hash ); 1015 } 1016 1017 if ( ! $nonce_valid ) { 1018 wp_send_json_error( array( 'message' => esc_html(__('Nonce verification failed', 'hydra-booking')) ) ); 1019 } 1020 1000 1021 $reason = isset( $_POST['reason'] ) ? sanitize_text_field( $_POST['reason'] ) : ''; 1001 $hash = isset( $_POST['hash'] ) ? sanitize_text_field( $_POST['hash'] ) : '';1002 1022 1003 1023 $Attendee = new Attendees(); … … 1010 1030 ); 1011 1031 1012 if ( ! $attendeeBooking ) {1032 if ( ! $attendeeBooking || ! hash_equals( $attendeeBooking->hash, $hash ) ) { 1013 1033 wp_send_json_error( array( 'message' => esc_html(__('Invalid Booking ID', 'hydra-booking')) ) ); 1014 1034 } … … 1052 1072 * @return $booking 1053 1073 */ 1054 public function tfhb_meeting_paypal_payment_confirmation_callback() {1074 public function tfhb_meeting_paypal_payment_confirmation_callback() { 1055 1075 // Checked Nonce validation. 1056 1076 if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'tfhb_nonce' ) ) { 1057 wp_send_json_error( array( 'message' => esc_html (__('Nonce verification failed', 'hydra-booking')) ) );1077 wp_send_json_error( array( 'message' => esc_html__( 'Nonce verification failed', 'hydra-booking' ) ) ); 1058 1078 } 1059 1079 1060 1080 // Check if the request is POST. 1061 1081 if ( 'POST' !== $_SERVER['REQUEST_METHOD'] ) { 1062 wp_send_json_error( array( 'message' => esc_html (__('Invalid request method', 'hydra-booking')) ) );1082 wp_send_json_error( array( 'message' => esc_html__( 'Invalid request method', 'hydra-booking' ) ) ); 1063 1083 } 1064 1084 1065 1085 // Check if the request is not empty. 1066 1086 if ( empty( $_POST ) ) { 1067 wp_send_json_error( array( 'message' => esc_html (__('Invalid request', 'hydra-booking')) ) );1068 } 1069 $payment_details = isset( $_POST['payment_details'] ) ? $_POST['payment_details'] : array(); 1070 $ responseData = isset( $_POST['responseData'] ) ? $_POST['responseData']: array();1071 1072 1087 wp_send_json_error( array( 'message' => esc_html__( 'Invalid request', 'hydra-booking' ) ) ); 1088 } 1089 1090 $payment_details = isset( $_POST['payment_details'] ) ? wp_unslash( $_POST['payment_details'] ) : array(); 1091 $response_data = isset( $_POST['responseData'] ) ? wp_unslash( $_POST['responseData'] ) : array(); 1092 1073 1093 $payment_id = isset( $payment_details['id'] ) ? sanitize_text_field( $payment_details['id'] ) : ''; 1074 $payer_id = isset( $payment_details['payer']['payer_id'] ) ? sanitize_text_field( $payment_details['payer']['payer_id'] ) : ''; 1075 $hash = isset( $responseData['data']['hash'] ) ? sanitize_text_field( $responseData['data']['hash'] ) : ''; 1076 $booking_id = isset( $responseData['data']['booking_id'] ) ? sanitize_text_field( $responseData['data']['booking_id'] ) : ''; 1077 $attendee_id = isset( $responseData['data']['attendee_id'] ) ? sanitize_text_field( $responseData['data']['attendee_id'] ) : ''; 1078 $meeting_id = isset( $responseData['data']['booking']['meeting_id'] ) ? sanitize_text_field( $responseData['data']['booking']['meeting_id'] ) : ''; 1079 $host_id = isset( $responseData['data']['booking']['host_id'] ) ? sanitize_text_field( $responseData['data']['booking']['host_id'] ) : ''; 1080 $customer_id = isset( $responseData['data']['booking']['attendee_id'] ) ? sanitize_text_field( $responseData['data']['booking']['attendee_id'] ) : ''; 1081 $payment_method = isset( $responseData['data']['booking']['payment_method'] ) ? sanitize_text_field( $responseData['data']['booking']['payment_method'] ) : ''; 1082 $total = isset($payment_details['purchase_units'][0]['amount']['value']) ? sanitize_text_field( $payment_details['purchase_units'][0]['amount']['value'] ) : ''; 1083 1084 $attendee = new Attendees(); 1085 1086 $attendeedata = array( 1094 $payer_id = isset( $payment_details['payer']['payer_id'] ) ? sanitize_text_field( $payment_details['payer']['payer_id'] ) : ''; 1095 1096 $hash = isset( $response_data['data']['hash'] ) ? sanitize_text_field( $response_data['data']['hash'] ) : ''; 1097 $attendee_hash = isset( $response_data['data']['attendee_data']['hash'] ) ? sanitize_text_field( $response_data['data']['attendee_data']['hash'] ) : ''; 1098 $booking_id = isset( $response_data['data']['booking_id'] ) ? absint( $response_data['data']['booking_id'] ) : 0; 1099 $attendee_id = isset( $response_data['data']['attendee_id'] ) ? absint( $response_data['data']['attendee_id'] ) : 0; 1100 $meeting_id = isset( $response_data['data']['booking']['meeting_id'] ) ? absint( $response_data['data']['booking']['meeting_id'] ) : 0; 1101 $host_id = isset( $response_data['data']['booking']['host_id'] ) ? absint( $response_data['data']['booking']['host_id'] ) : 0; 1102 1103 $total = isset( $payment_details['purchase_units'][0]['amount']['value'] ) ? sanitize_text_field( $payment_details['purchase_units'][0]['amount']['value'] ) : ''; 1104 $currency = isset( $payment_details['purchase_units'][0]['amount']['currency_code'] ) ? sanitize_text_field( $payment_details['purchase_units'][0]['amount']['currency_code'] ) : ''; 1105 1106 if ( empty( $payment_id ) || empty( $payer_id ) ) { 1107 wp_send_json_error( array( 'message' => esc_html__( 'Missing payment identifiers.', 'hydra-booking' ) ) ); 1108 } 1109 1110 if ( empty( $booking_id ) || empty( $attendee_id ) || empty( $attendee_hash ) ) { 1111 wp_send_json_error( array( 'message' => esc_html__( 'Missing booking information.', 'hydra-booking' ) ) ); 1112 } 1113 1114 $attendee_model = new Attendees(); 1115 $attendee = $attendee_model->getAttendeeWithBooking( 1116 array( 1117 array( 'id', '=', $attendee_id ), 1118 ), 1119 1, 1120 'DESC' 1121 ); 1122 1123 if ( empty( $attendee ) ) { 1124 wp_send_json_error( array( 'message' => esc_html__( 'Booking not found for the provided attendee.', 'hydra-booking' ) ) ); 1125 } 1126 1127 if ( (int) $attendee->booking_id !== $booking_id ) { 1128 wp_send_json_error( array( 'message' => esc_html__( 'Booking mismatch detected.', 'hydra-booking' ) ) ); 1129 } 1130 1131 if ( empty( $attendee->hash ) || ! hash_equals( $attendee->hash, $attendee_hash ) ) { 1132 wp_send_json_error( array( 'message' => esc_html__( 'Invalid booking reference.', 'hydra-booking' ) ) ); 1133 } 1134 1135 if ( empty( $attendee->payment_method ) || 'paypal_payment' !== $attendee->payment_method ) { 1136 wp_send_json_error( array( 'message' => esc_html__( 'PayPal is not the configured payment method for this booking.', 'hydra-booking' ) ) ); 1137 } 1138 1139 $current_payment_status = strtolower( $attendee->payment_status ); 1140 if ( 'completed' === $current_payment_status ) { 1141 $response['message'] = esc_html__( 'Payment has already been confirmed.', 'hydra-booking' ); 1142 wp_send_json_success( $response ); 1143 } 1144 1145 // Prefer data retrieved from the database over client input. 1146 $meeting_id = absint( $attendee->meeting_id ); 1147 $host_id = absint( $attendee->host_id ); 1148 1149 $meeting_model = new Meeting(); 1150 $meeting = $meeting_model->get( $meeting_id ); 1151 1152 $expected_total = isset( $meeting->meeting_price ) ? (float) $meeting->meeting_price : (float) $total; 1153 $expected_currency = isset( $meeting->payment_currency ) ? strtoupper( $meeting->payment_currency ) : strtoupper( $currency ); 1154 1155 $_tfhb_integration_settings = get_option( '_tfhb_integration_settings', array() ); 1156 $paypal_settings = isset( $_tfhb_integration_settings['paypal'] ) ? $_tfhb_integration_settings['paypal'] : array(); 1157 1158 $paypal_enabled = ! empty( $paypal_settings ) && ! empty( $paypal_settings['status'] ) && (int) $paypal_settings['status'] === 1; 1159 $client_id = isset( $paypal_settings['client_id'] ) ? trim( $paypal_settings['client_id'] ) : ''; 1160 $secret_key = isset( $paypal_settings['secret_key'] ) ? trim( $paypal_settings['secret_key'] ) : ''; 1161 1162 if ( ! $paypal_enabled || empty( $client_id ) || empty( $secret_key ) ) { 1163 wp_send_json_error( array( 'message' => esc_html__( 'PayPal integration is not configured.', 'hydra-booking' ) ) ); 1164 } 1165 1166 $environment = isset( $paypal_settings['environment'] ) && 'live' === strtolower( $paypal_settings['environment'] ) ? 'live' : 'sandbox'; 1167 $api_base = 'live' === $environment ? 'https://api-m.paypal.com' : 'https://api-m.sandbox.paypal.com'; 1168 1169 // Step 1: Retrieve OAuth access token. 1170 $token_response = wp_remote_post( 1171 $api_base . '/v1/oauth2/token', 1172 array( 1173 'headers' => array( 1174 'Authorization' => 'Basic ' . base64_encode( $client_id . ':' . $secret_key ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode 1175 ), 1176 'body' => array( 1177 'grant_type' => 'client_credentials', 1178 ), 1179 'timeout' => 20, 1180 ) 1181 ); 1182 1183 if ( is_wp_error( $token_response ) ) { 1184 wp_send_json_error( array( 'message' => esc_html__( 'Unable to communicate with PayPal. Please try again later.', 'hydra-booking' ) ) ); 1185 } 1186 1187 $token_code = (int) wp_remote_retrieve_response_code( $token_response ); 1188 $token_body = json_decode( wp_remote_retrieve_body( $token_response ), true ); 1189 if ( 200 !== $token_code || empty( $token_body['access_token'] ) ) { 1190 wp_send_json_error( array( 'message' => esc_html__( 'Failed to authenticate with PayPal.', 'hydra-booking' ) ) ); 1191 } 1192 1193 $access_token = $token_body['access_token']; 1194 1195 // Step 2: Retrieve order details. 1196 $order_response = wp_remote_get( 1197 $api_base . '/v2/checkout/orders/' . rawurlencode( $payment_id ), 1198 array( 1199 'headers' => array( 1200 'Authorization' => 'Bearer ' . $access_token, 1201 ), 1202 'timeout' => 20, 1203 ) 1204 ); 1205 if ( is_wp_error( $order_response ) ) { 1206 wp_send_json_error( array( 'message' => esc_html__( 'Unable to verify the PayPal payment.', 'hydra-booking' ) ) ); 1207 } 1208 1209 $order_code = (int) wp_remote_retrieve_response_code( $order_response ); 1210 $order_body = json_decode( wp_remote_retrieve_body( $order_response ), true ); 1211 if ( 200 !== $order_code || empty( $order_body ) ) { 1212 wp_send_json_error( array( 'message' => esc_html__( 'Unexpected response received from PayPal.', 'hydra-booking' ) ) ); 1213 } 1214 1215 if ( empty( $order_body['status'] ) || 'COMPLETED' !== strtoupper( $order_body['status'] ) ) { 1216 wp_send_json_error( array( 'message' => esc_html__( 'PayPal has not marked this payment as completed.', 'hydra-booking' ) ) ); 1217 } 1218 1219 $order_payer_id = isset( $order_body['payer']['payer_id'] ) ? $order_body['payer']['payer_id'] : ''; 1220 if ( empty( $order_payer_id ) || $order_payer_id !== $payer_id ) { 1221 wp_send_json_error( array( 'message' => esc_html__( 'PayPal payer verification failed.', 'hydra-booking' ) ) ); 1222 } 1223 1224 $order_reference = isset( $order_body['purchase_units'][0]['reference_id'] ) ? $order_body['purchase_units'][0]['reference_id'] : ''; 1225 if ( ! empty( $order_reference ) && (int) $order_reference !== $attendee_id ) { 1226 wp_send_json_error( array( 'message' => esc_html__( 'PayPal order reference does not match the attendee.', 'hydra-booking' ) ) ); 1227 } 1228 1229 $capture_data = isset( $order_body['purchase_units'][0]['payments']['captures'][0] ) ? $order_body['purchase_units'][0]['payments']['captures'][0] : array(); 1230 $order_amount_raw = isset( $capture_data['amount']['value'] ) ? $capture_data['amount']['value'] : ( isset( $order_body['purchase_units'][0]['amount']['value'] ) ? $order_body['purchase_units'][0]['amount']['value'] : '' ); 1231 $order_currency = isset( $capture_data['amount']['currency_code'] ) ? $capture_data['amount']['currency_code'] : ( isset( $order_body['purchase_units'][0]['amount']['currency_code'] ) ? $order_body['purchase_units'][0]['amount']['currency_code'] : '' ); 1232 $capture_status = isset( $capture_data['status'] ) ? strtoupper( $capture_data['status'] ) : ''; 1233 1234 if ( ! empty( $capture_status ) && 'COMPLETED' !== $capture_status ) { 1235 wp_send_json_error( array( 'message' => esc_html__( 'PayPal capture has not been completed.', 'hydra-booking' ) ) ); 1236 } 1237 1238 $order_amount = (float) $order_amount_raw; 1239 $expected_amount = (float) $expected_total; 1240 1241 if ( $expected_amount > 0 && abs( $order_amount - $expected_amount ) > 0.01 ) { 1242 wp_send_json_error( array( 'message' => esc_html__( 'Paid amount does not match the booking total.', 'hydra-booking' ) ) ); 1243 } 1244 1245 if ( ! empty( $expected_currency ) && ! empty( $order_currency ) && strtoupper( $expected_currency ) !== strtoupper( $order_currency ) ) { 1246 wp_send_json_error( array( 'message' => esc_html__( 'Currency mismatch detected for the payment.', 'hydra-booking' ) ) ); 1247 } 1248 1249 // Update attendee payment status. 1250 $attendee_update = array( 1087 1251 'id' => $attendee_id, 1088 1252 'payment_status' => 'Completed', 1253 'status' => 'confirmed', 1089 1254 ); 1090 1091 // attendee Update 1092 $attendeeUpdate = $attendee->update( $attendeedata ); 1093 1094 $charge = array( 1095 'payment_id' => ! empty( $payment_id ) ? $payment_id : '', 1096 'payer_id' => ! empty( $payer_id ) ? $payer_id : '', 1097 'booking_id' => ! empty( $booking_id ) ? $booking_id : '', 1098 'attendee_id' => ! empty( $attendee_id ) ? $attendee_id : '', 1255 1256 $attendee_result = $attendee_model->update( $attendee_update ); 1257 if ( false === $attendee_result ) { 1258 wp_send_json_error( array( 'message' => esc_html__( 'Unable to update attendee payment status.', 'hydra-booking' ) ) ); 1259 } 1260 1261 // Update booking status to confirmed. 1262 $booking_model = new Booking(); 1263 $booking_model->update( 1264 array( 1265 'id' => $booking_id, 1266 'status' => 'confirmed', 1267 ) 1099 1268 ); 1100 // Data for Transactions Table 1101 $tdata = array( 1269 1270 $transactions_model = new Transactions(); 1271 $existing_transaction = $transactions_model->get( 1272 array( 1273 array( 'booking_id', '=', $booking_id ), 1274 array( 'attendee_id', '=', $attendee_id ), 1275 ), 1276 1 1277 ); 1278 1279 $transaction_payload = array( 1102 1280 'booking_id' => $booking_id, 1103 'attendee_id' 1281 'attendee_id' => $attendee_id, 1104 1282 'meeting_id' => $meeting_id, 1105 'host_id' => $host_id, 1106 'customer_id' => $booking_id, 1107 'payment_method' => $payment_method, 1108 'total' => $total, 1109 'transation_history' => wp_json_encode( $charge ), 1110 'status' => 'completed', 1283 'host_id' => $host_id, 1284 'customer_id' => $attendee_id, 1285 'payment_method' => 'paypal_payment', 1286 'total' => $order_amount_raw ? sanitize_text_field( $order_amount_raw ) : sanitize_text_field( $total ), 1287 'transation_history' => array( 1288 'payment_id' => $payment_id, 1289 'payer_id' => $payer_id, 1290 'order' => $order_body, 1291 ), 1292 'status' => 'completed', 1111 1293 ); 1112 1113 $Transactions = new Transactions(); 1114 $Transactions = $Transactions->add( $tdata ); 1115 1116 // After Booking Hooks 1117 do_action( 'hydra_booking/after_booking_payment_complete', $attendeedata ); 1118 1119 // return success message 1120 $response['message'] = esc_html(__('Payment Completed Successfully', 'hydra-booking')); 1294 1295 if ( $existing_transaction ) { 1296 $transaction_payload['id'] = $existing_transaction->id; 1297 $transactions_model->update( $transaction_payload ); 1298 } else { 1299 $transactions_model->add( $transaction_payload ); 1300 } 1301 1302 // Retrieve the refreshed attendee record to pass along hooks. 1303 $updated_attendee = $attendee_model->getAttendeeWithBooking( 1304 array( 1305 array( 'id', '=', $attendee_id ), 1306 ), 1307 1, 1308 'DESC' 1309 ); 1310 1311 // Trigger hooks. 1312 $attendee_hook_payload = array( 1313 'id' => $attendee_id, 1314 'payment_status' => 'Completed', 1315 'status' => 'confirmed', 1316 ); 1317 1318 do_action( 'hydra_booking/after_booking_payment_complete', $attendee_hook_payload ); 1319 1320 if ( $updated_attendee ) { 1321 do_action( 'hydra_booking/after_booking_confirmed', $updated_attendee ); 1322 } 1323 1324 // Return success message. 1325 $response['message'] = esc_html__( 'Payment Completed Successfully', 'hydra-booking' ); 1121 1326 wp_send_json_success( $response ); 1122 1123 1327 } 1124 1328 } -
hydra-booking/trunk/assets/app/js/main.js
r3295598 r3392864 1 1 (function(e){let n=`<span class="tfhb-submit-preloader"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100" preserveAspectRatio="xMidYMid" style="shape-rendering: auto; display: block; background: transparent;" width="200" height="200" xmlns:xlink="http://www.w3.org/1999/xlink"><g><circle stroke-dasharray="188.49555921538757 64.83185307179586" r="40" stroke-width="4" stroke="#ffffff" fill="none" cy="50" cx="50"> 2 2 <animateTransform keyTimes="0;1" values="0 50 50;360 50 50" dur="0.49751243781094534s" repeatCount="indefinite" type="rotate" attributeName="transform"></animateTransform> 3 </circle><g></g></g><!-- [ldio] generated by https://loading.io --></svg><span>`;e(document).ready(function(){e(document).on("submit",".tfhb-meeting-cencel-form",function(a){a.preventDefault(),$this=e(this);var i=new FormData(this);$this.find(".tfhb-booking-submit").append(n),$this.find(".tfhb-booking-submit").attr("disabled","disabled"),i.append("action","tfhb_meeting_form_cencel"), i.append("nonce",tfhb_app_booking.nonce),$this.find(".tfhb-notice").remove(),e.ajax({url:tfhb_app_booking.ajax_url,type:"POST",data:i,processData:!1,contentType:!1,success:function(t){$this.find(".tfhb-booking-submit").remove(".tfhb-submit-preloader"),t.success?($this.find(".tfhb-meeting-confirmation .tfhb-forms").html(""),$this.find(".tfhb-meeting-confirmation").append(`<div class="tfhb-notice tfhb-success">${t.data.message}</div>`)):$this.find(".tfhb-meeting-confirmation").append(`<div class="tfhb-notice tfhb-error">${t.data.message}</div>`)},error:function(t){console.log(t)}})})})})(jQuery);3 </circle><g></g></g><!-- [ldio] generated by https://loading.io --></svg><span>`;e(document).ready(function(){e(document).on("submit",".tfhb-meeting-cencel-form",function(a){a.preventDefault(),$this=e(this);var i=new FormData(this);$this.find(".tfhb-booking-submit").append(n),$this.find(".tfhb-booking-submit").attr("disabled","disabled"),i.append("action","tfhb_meeting_form_cencel"),$this.find(".tfhb-notice").remove(),e.ajax({url:tfhb_app_booking.ajax_url,type:"POST",data:i,processData:!1,contentType:!1,success:function(t){$this.find(".tfhb-booking-submit").remove(".tfhb-submit-preloader"),t.success?($this.find(".tfhb-meeting-confirmation .tfhb-forms").html(""),$this.find(".tfhb-meeting-confirmation").append(`<div class="tfhb-notice tfhb-success">${t.data.message}</div>`)):$this.find(".tfhb-meeting-confirmation").append(`<div class="tfhb-notice tfhb-error">${t.data.message}</div>`)},error:function(t){console.log(t)}})})})})(jQuery); -
hydra-booking/trunk/hydra-booking.php
r3392467 r3392864 4 4 * Plugin URI: https://hydrabooking.com/ 5 5 * Description: Appointment Booking Plugin with Automated Scheduling - Apple/Outlook/ Google Calendar, WooCommerce, Zoom, Fluent Forms, Zapier, Mailchimp & CRM Integration. 6 * Version: 1.1.2 76 * Version: 1.1.28 7 7 * Tested up to: 6.8 8 8 * Author: Themefic … … 27 27 define( 'TFHB_URL', plugin_dir_url( __FILE__ ) ); 28 28 29 define( 'TFHB_VERSION', '1.1.2 7' );29 define( 'TFHB_VERSION', '1.1.28' ); 30 30 define( 'TFHB_BASE_FILE', __FILE__); 31 31 -
hydra-booking/trunk/readme.txt
r3392467 r3392864 5 5 Tested up to: 6.8 6 6 Requires PHP: 7.4 7 Stable tag: 1.1.2 77 Stable tag: 1.1.28 8 8 License: GPL-2.0+ 9 9 License URI: http://www.gnu.org/licenses/gpl-2.0.txt … … 217 217 == Changelog == 218 218 219 = 1.1.28 – Nov 10, 2025 = 220 221 - Improved: Vulnerability issue resolved for security. 222 - Improved: Overall system security strengthened. 223 219 224 = 1.1.27 – Nov 09, 2025 = 220 225 221 226 - Fixed: Zoom host update settings error resolved. 222 227 - Updated: Information in readme.txt file. 223 - Compatibility: Fully compatible with Wo rdPressv10.3.228 - Compatibility: Fully compatible with WooCommerce v10.3. 224 229 - Improved: System stability and overall performance. 225 230
Note: See TracChangeset
for help on using the changeset viewer.