Changeset 702419
- Timestamp:
- 04/23/2013 06:41:08 PM (13 years ago)
- Location:
- pagely-reseller-management/trunk
- Files:
-
- 9 edited
-
assets/js/pp-api.js (modified) (13 diffs)
-
inc/helpers.php (modified) (1 diff)
-
partner-api.php (modified) (25 diffs)
-
readme.txt (modified) (2 diffs)
-
views/cart.php (modified) (3 diffs)
-
views/complete.php (modified) (1 diff)
-
views/order-form.php (modified) (2 diffs)
-
views/order_step1.php (modified) (7 diffs)
-
views/order_step3.php (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
pagely-reseller-management/trunk/assets/js/pp-api.js
r601740 r702419 12 12 13 13 // account form validation 14 var validator = $("#pagely_form_acc").validate({ 14 $("#acc_submit").click( function(event) { 15 16 acc_form_validate(); 17 } 18 ); 19 20 var acc_form_validate = function () { 21 22 $("#pagely_form_acc").validate({ 15 23 rules: { 16 24 "pagely_order[mobile]": { … … 58 66 } 59 67 60 }); 68 }); 69 70 }; 61 71 62 72 // post-submit callback for account … … 74 84 var error = responseObj.message; 75 85 done_waiting(); 76 //$('#form_msg').html('<p class="alert">'+error+'</p>').addClass('error').effect("highlight", {}, 3000);86 $('.form_msg').html('<p class="alert alert-error">'+error+'</p>').addClass('error'); 77 87 78 88 if (error) { … … 165 175 166 176 done_waiting(); 167 //$('#form_msg').html('<p class="alert">'+error+'</p>').addClass('error').effect("highlight", {}, 3000);177 $('.form_msg').html('<p class="alert alert-error">'+error+'</p>').addClass('error'); 168 178 169 179 $( "#pp_dialog" ).html('<p class="alert alert-danger">'+error+'</p>'); … … 219 229 data: { 220 230 action: "pagely_jax_purchase_cart_callback", 221 ppjaxnounce: $('#_wpnonce').val(), 231 ppjaxnounce: $('#pagely_order_cart_nounce').val(), 232 222 233 }, 223 234 success: function(data) { … … 266 277 }); 267 278 268 // domain remote validation 269 $('#po_domain').blur( function (){ 270 $('#po_domain').addClass('remote'); 279 280 // domain remote validation 281 $.fn.validate_domain = function(el) { 282 283 $('#po_domain').addClass('remote'); 271 284 $.ajax({ 272 285 url: pagelyJax.ajaxurl, … … 274 287 data: { 275 288 action: "pagely_jax_formvalidate_callback", 276 ppjaxnounce: $('# _wpnonce').val(),289 ppjaxnounce: $('#pagely_order_acc_nounce').val(), 277 290 field: "pagely_order[domain]", 278 value: $( this).val()291 value: $(el).val() 279 292 }, 280 293 success: function(data) { … … 282 295 if (data.result == 3) { 283 296 //error 284 $( '#po_domain').siblings('p.help-block').remove();285 $( '#po_domain').removeClass().addClass('error required');286 $( "#po_domain").parent('.controls').append('<p class="help-block alert alert-danger">'+data.message+'</p>');297 $(el).siblings('p.help-block').remove(); 298 $(el).removeClass().addClass('error required'); 299 $(el).parent('.controls').append('<p class="help-block alert alert-danger">'+data.message+'</p>'); 287 300 288 301 289 302 } else { 290 303 //success 291 $('#po_domain').removeClass().addClass('valid required'); 292 $('#po_domain').siblings('p.help-block').remove(); 293 294 $('#_wpnonce').val(pagelyJax.ppjaxnounce); 304 $(el).removeClass().addClass('valid required'); 305 $(el).siblings('p.help-block').remove(); 306 //$('#_wpnonce').val(pagelyJax.ppjaxnounce); 295 307 } 296 308 297 309 } 298 }); 310 }); 311 312 }; 313 314 // call in field blur 315 $('#po_domain').blur( function (){ 316 $.fn.validate_domain(this); 299 317 }); 300 318 319 320 301 321 // email remote validation 302 $ ('#po_email').blur( function (){303 322 $.fn.validate_email = function(el) { 323 $('#po_email').addClass('remote'); 304 324 $.ajax({ 305 325 url: pagelyJax.ajaxurl, … … 307 327 data: { 308 328 action: "pagely_jax_formvalidate_callback", 309 ppjaxnounce: $('# _wpnonce').val(),329 ppjaxnounce: $('#pagely_order_acc_nounce').val(), 310 330 field: "pagely_order[email]", 311 value: $( this).val()331 value: $(el).val() 312 332 }, 313 333 success: function(data) { … … 315 335 if (data.result == 3) { 316 336 //error 317 $( '#po_email').siblings('p.help-block').remove();318 $( '#po_email').removeClass().addClass('error required');337 $(el).siblings('p.help-block').remove(); 338 $(el).removeClass().addClass('error required'); 319 339 320 340 if (data.message == "That email address is already in use.") { 321 $( "#po_email").parent('.controls').append('<p class="help-block alert alert-danger">Existing customer? <a href="https://atomic.pagely.com">Login</a> to add a new site.</p>');341 $( el ).parent('.controls').append('<p class="help-block alert alert-danger">Existing customer? <a href="https://atomic.pagely.com">Login</a> to add a new site.</p>'); 322 342 } 323 343 } else { 324 344 //success 325 $( '#po_email').removeClass().addClass('valid required email');326 $( '#po_email').siblings('p.help-block').remove();327 328 $('#_wpnonce').val(pagelyJax.ppjaxnounce);345 $(el).removeClass().addClass('valid required email'); 346 $(el).siblings('p.help-block').remove(); 347 348 //$('#_wpnonce').val(pagelyJax.ppjaxnounce); 329 349 } 330 350 331 351 } 332 }); 352 }); 353 }; 354 355 $('#po_email').blur( function (){ 356 $.fn.validate_email(this); 333 357 }); 334 358 … … 360 384 data: { 361 385 action: "pagely_jax_gopaypal_callback", 362 ppjaxnounce: $('#_wpnonce').val(), 386 ppjaxnounce: $('#pagely_order_pay_nounce').val(), 387 363 388 }, 364 389 success: function(response) { … … 399 424 $("#state_drop").hide().removeClass('required').attr('name',''); 400 425 if (str != null) { 401 $("#po_state_text").show().addClass('required').attr('name','subscription[billing_state]').val(''+str) .effect("highlight", {}, 3000);426 $("#po_state_text").show().addClass('required').attr('name','subscription[billing_state]').val(''+str); 402 427 } else { 403 $("#po_state_text").show().addClass('required').attr('name','subscription[billing_state]').val('') .effect("highlight", {}, 3000);428 $("#po_state_text").show().addClass('required').attr('name','subscription[billing_state]').val(''); 404 429 405 430 } … … 498 523 action: "pagely_jax_generic_callback", 499 524 ppdo: "clear_session", 500 ppjaxnounce: $('#_wpnonce').val(),525 //ppjaxnounce: $('#_wpnonce').val(), 501 526 }, 502 527 success: function() { -
pagely-reseller-management/trunk/inc/helpers.php
r601734 r702419 25 25 ************************/ 26 26 function pagely_order_form($slug) { 27 // check if page is ssl, else redirect. 27 28 // load the class 29 $pagely = PagelyApi::init(); 30 31 // check if page is ssl and in live mode, else redirect. 32 28 33 $location = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; 29 if ( !is_ssl() ) {34 if ( !is_ssl() && !$pagely->_is_sandbox() ) { 30 35 31 36 echo "<script type='text/javascript'>window.location = '$location'</script>"; 32 37 die(); 33 38 } 34 // load the class 35 $pagely = PagelyApi::init(); 39 36 40 37 41 if (isset($_GET['complete']) && $_GET['complete'] == 'true') { -
pagely-reseller-management/trunk/partner-api.php
r634731 r702419 4 4 Plugin URI: https://docs-api.pagely.com/reseller-plugin/ 5 5 Description: For Pagely Resellers 6 Version: 3.1. 16 Version: 3.1.2 7 7 Author: joshua.strebel 8 Author URI: http ://page.ly8 Author URI: https://page.ly 9 9 10 10 */ … … 83 83 84 84 var $live_endpoint = 'https://api.pagely.com/v1'; 85 var $sandbox_endpoint = 'https://sandbox-api.pagely.com/v1'; 85 // var $sandbox_endpoint = 'https://sandbox-api.pagely.com/v1'; 86 var $sandbox_endpoint = 'http://api.hcs/v1'; 87 86 88 87 89 var $api_endpoint = ''; … … 210 212 wp_localize_script( 'pp-form-js', 'pagelyJax', array( 211 213 'ajaxurl' => admin_url( 'admin-ajax.php' ), 212 'ppjaxnounce' => wp_create_nonce( 'chickendinner' ),214 //'ppjaxnounce' => wp_create_nonce( 'chickendinner' ), 213 215 'pp_portal_url' => $this->pp_portal_url, 214 216 'session_data' => json_encode( $this->_get_pp_session() ), … … 241 243 if ($allow_signups == 1) { 242 244 return true; 245 } else { 246 return false; 247 } 248 } 249 250 //are signups on? 251 function _get_trial_length() { 252 $api_options = get_option('pp_api'); 253 $free_trial_days = $api_options['free_trial_days']; 254 if ($free_trial_days > 0) { 255 return $free_trial_days; 243 256 } else { 244 257 return false; … … 394 407 'pp_api', 395 408 array( $pagely_options['support_url'], 'support_url' ) 396 ); 409 ); 410 411 412 // free_trial length 413 if ($pagely_options['reseller_id'] == 1) { 414 if (!isset($pagely_options['free_trial_days'])) { $pagely_options['free_trial_days'] = 0; } 415 add_settings_field( 416 'free_trial_days', 417 'Length of Free Trial (Days)', 418 array(&$this, '_pagely_options_field_free_trial'), 419 'partner-api', 420 'pp_api', 421 array( $pagely_options['free_trial_days'], 'free_trial_days' ) 422 ); 423 } 397 424 398 425 // order_by … … 457 484 <option value='1' {$checked2}>Price: High-to-Low</option> 458 485 </select>"; 459 } 486 } 487 488 // free trial days_dropdown 489 function _pagely_options_field_free_trial($args) { 490 491 $args[0] == 0 ? $checked1 = "selected='selected'" : $checked1 = ''; 492 $args[0] == 5 ? $checked2 = "selected='selected'" : $checked2 = ''; 493 $args[0] == 10 ? $checked3 = "selected='selected'" : $checked3 = ''; 494 $args[0] == 15 ? $checked4 = "selected='selected'" : $checked4 = ''; 495 $args[0] == 30 ? $checked5 = "selected='selected'" : $checked5 = ''; 496 497 echo "<select id='{$args[1]}' name='pp_api[{$args[1]}]'> 498 <option value='0' {$checked1}>0</option> 499 <option value='5' {$checked2}>5</option> 500 <option value='10' {$checked3}>10</option> 501 <option value='15' {$checked4}>15</option> 502 <option value='30' {$checked5}>30</option> 503 </select>"; 504 } 460 505 461 506 // api key field … … 486 531 <option value='0' {$checked1}>No</option> 487 532 <option value='1' {$checked2}>Yes</option> 488 </select> <span class='description'>Will show a mainten ce message on cart pages.</span>";533 </select> <span class='description'>Will show a maintenance message on cart pages.</span>"; 489 534 } 490 535 … … 508 553 <th scope='col' id='price' class='manage-column column-price'>Price</th> 509 554 <th scope='col' id='featured' class='manage-column column-featured'>Featured</th> 555 <th scope='col' id='hidden' class='manage-column column-hidden'>*Hidden</th> 510 556 </tr> 511 557 </thead>"; 512 558 513 559 foreach ($all_plans->objects as $p) { 514 if ($p->active == "1" && $p->visible == "1") {560 if ($p->active == "1") { 515 561 $checked = ''; 516 562 $checkradio = ''; … … 518 564 if ( in_array($p->id,$args[0]) ) { $checked = "checked='checked'";} 519 565 } 566 567 $visible = $p->visible == 0 ? '<span style="color:#ccc">Yes</span>' : '<span style="color:green;">No</span>'; 568 520 569 if ( isset($args[0]['plan_default']) && $args[0]['plan_default'] == $p->id) {$checkradio = "checked='checked'";} 521 570 echo "<tr> … … 526 575 <td>".$this->_cash($p->price)."</td> 527 576 <td><input type='radio' name='pp_api[{$args[1]}][plan_default]' value='{$p->id}' {$checkradio}/></td> 577 <td>{$visible}</td> 528 578 </tr>"; 529 579 } 530 580 } 531 581 532 echo "</table><span class='description'>These are all the hosting plans that are active in our system for your account. You may choose 3 at any one time to list for sale via this plugin. If you wish to modify or create plans, visit the <a href='https://photon.pagely.com'>API Portal</a>.</span> ";582 echo "</table><span class='description'>These are all the hosting plans that are active in our system for your account. You may choose 3 at any one time to list for sale via this plugin. If you wish to modify or create plans, visit the <a href='https://photon.pagely.com'>API Portal</a>.</span> <strong>*Hidden</strong> plans may be purchased by the customer here, but are hidden from within the dashboard. Use case is for plans you only want new customers to see."; 533 583 } else { 534 584 … … 750 800 $str .= "<tr class='total'> 751 801 <td class='desc'>Total in USD</td> 752 <td class='price'>".$this->_cash( cart_total())."</strong>/mo</td>802 <td class='price'>".$this->_cash($this->_cart_total())."</strong>/mo</td> 753 803 </tr> 754 804 </table>"; … … 972 1022 header( "Content-Type: application/json" ); 973 1023 974 $nonce = $_POST['ppjaxnounce'];975 1024 $field = $_POST['field']; 976 1025 // check to see if the submitted nonce matches with the generated nonce we created earlier 977 if ( ! wp_verify_nonce( $nonce, 'chickendinner' ) ) { 978 echo "nounce fail"; 1026 1027 // check nounce on submission 1028 $form['pagely_order_acc_nounce'] = $_POST['ppjaxnounce']; 1029 if ( ! wp_verify_nonce( $form['pagely_order_acc_nounce'], 'pagely_account_submit' ) ) { 1030 $msg = "Nounce Check failed. Possible automated submission. die()"; 1031 1032 $result = array(); 1033 $result = (object)$result; 1034 $result->result = 3; 1035 $result->message = $msg; 1036 echo json_encode($result); 979 1037 die(); 980 } 1038 } 981 1039 982 1040 switch($field) { … … 1012 1070 $form[$k] = trim($v); 1013 1071 } 1072 1073 $form['pagely_order_acc_nounce'] = $_POST['pagely_order_acc_nounce']; 1074 // check nounce on submission 1075 if ( ! wp_verify_nonce( $form['pagely_order_acc_nounce'], 'pagely_account_submit' ) ) { 1076 $msg = "Nounce Check failed. Possible automated submission. die()"; 1077 1078 $result = array(); 1079 $result = (object)$result; 1080 $result->result = 3; 1081 $result->message = $msg; 1082 echo json_encode($result); 1083 die(); 1084 } 1085 1014 1086 $this->_set_pp_session( array('last_activity' => time() ) ); 1015 1087 $this->_set_pp_session( array('last_action' => 'accformsubmit') ); … … 1018 1090 $result = (object)$result; 1019 1091 $result->result = 2; 1020 $result->message = " ";1092 $result->message = "Data saved in session."; 1021 1093 // expects json back 1022 1094 echo json_encode($result); … … 1036 1108 1037 1109 // never trust user input, rebuild the post array before sending. 1110 $form['first_name'] = isset($form['first_name']) ? $form['first_name'] : ''; 1111 $form['last_name'] = isset($form['last_name']) ? $form['last_name'] : ''; 1112 1038 1113 $params['name'] = $form['first_name'] .' '. $form['last_name']; 1039 $params['username'] = $form['email'];1040 $params['company_name'] = $form['company_name'];1041 $params['email'] = $form['email'];1042 $params['phone'] = $form['mobile'];1043 $params['twitter'] = $form['twitter'];1044 $params['affiliate_code'] = $form['affiliate_code'];1045 $params['auth_q'] = $form['squestion'];1046 $params['auth_q_answer'] = $form['sanswer'];1114 $params['username'] = isset($form['email']) ? $form['email'] : ''; 1115 $params['company_name'] = isset($form['company_name']) ? $form['company_name'] : ''; 1116 $params['email'] = isset($form['email']) ? $form['email'] : ''; 1117 $params['phone'] = isset($form['mobile']) ? $form['mobile'] : ''; 1118 $params['twitter'] = isset($form['twitter']) ? $form['twitter'] : ''; 1119 $params['affiliate_code'] = isset($form['affiliate_code']) ? $form['affiliate_code'] : ''; 1120 $params['auth_q'] = isset($form['squestion']) ? $form['squestion'] : ''; 1121 $params['auth_q_answer'] = isset($form['sanswer']) ? $form['sanswer'] : ''; 1047 1122 1048 1123 … … 1064 1139 if ($result->result == 2) { 1065 1140 // successfully created an account 1141 1066 1142 // store some values in the session 1143 $form['promo_code'] = isset($form['promo_code']) ? $form['promo_code'] : ''; 1144 $form['domain_type'] = isset($form['domain_type']) ? $form['domain_type'] : 0; 1145 $form['domain'] = isset($form['domain']) ? $form['domain'] : ''; 1146 1067 1147 $this->_set_pp_session( array('account_id' => $result->id) ); 1068 1148 $this->_set_pp_session( array('domain' => strtolower($form['domain'])) ); … … 1126 1206 */ 1127 1207 function _pagely_jax_gopaypal_callback() { 1208 header( "Content-Type: application/json" ); 1209 1210 $params = array(); 1211 $this->_set_pp_session( array('last_activity' => time() ) ); 1212 $this->_set_pp_session( array('last_action' => 'paypal') ); 1213 1214 $form['pagely_order_pay_nounce'] = $_POST['ppjaxnounce']; 1215 1216 // check nounce on submission 1217 if ( ! wp_verify_nonce( $form['pagely_order_pay_nounce'], 'pagely_pay_submit' ) ) { 1218 $msg = "Paypal Nounce Check failed. Possible automated submission. die()"; 1219 1220 $result = array(); 1221 $result = (object)$result; 1222 $result->result = 3; 1223 $result->message = $msg; 1224 echo json_encode($result); 1225 die(); 1226 } 1128 1227 1129 1228 // first we need to send the account data … … 1138 1237 } 1139 1238 } 1140 1141 $params = array();1142 $this->_set_pp_session( array('last_activity' => time() ) );1143 $this->_set_pp_session( array('last_action' => 'paypal') );1144 header( "Content-Type: application/json" );1145 1146 $nonce = $_POST['ppjaxnounce'];1147 // check to see if the submitted nonce matches with the generated nonce we created earlier1148 if ( ! wp_verify_nonce( $nonce, 'chickendinner' ) ) {1149 // echo "nounce fail";1150 // die();1151 }1152 1239 1153 1240 … … 1189 1276 function _pagely_jax_payformsubmit_callback() { 1190 1277 1278 header( "Content-Type: application/json" ); 1279 1280 $form = $_POST['pagely_order']; 1281 foreach ($form as $k => $v) { 1282 $form[$k] = strip_tags(trim($v)); 1283 } 1284 1285 1286 $form['pagely_order_pay_nounce'] = $_POST['pagely_order_pay_nounce']; 1287 // check nounce on submission 1288 1289 if ( ! wp_verify_nonce( $form['pagely_order_pay_nounce'], 'pagely_pay_submit' ) ) { 1290 $msg = "Nounce Check failed. Possible automated submission. die()"; 1291 1292 $result = array(); 1293 $result = (object)$result; 1294 $result->result = 3; 1295 $result->message = $msg; 1296 echo json_encode($result); 1297 die(); 1298 } 1299 1191 1300 // first we need to send the account data 1192 1301 $act_id = $this->_get_pp_session('account_id'); 1302 1193 1303 if ( !$act_id ) { 1194 1304 $account_result = $this->_send_account_data(); … … 1203 1313 $this->_set_pp_session( array('last_activity' => time() ) ); 1204 1314 $this->_set_pp_session( array('last_action' => 'payformsubmit') ); 1205 header( "Content-Type: application/json" ); 1206 1207 $nonce = $_POST['ppjaxnounce']; 1208 // check to see if the submitted nonce matches with the generated nonce we created earlier 1209 if ( ! wp_verify_nonce( $nonce, 'chickendinner' ) ) { 1210 // echo "nounce fail"; 1211 // die(); 1212 } 1213 1214 $form = $_POST['pagely_order']; 1215 foreach ($form as $k => $v) { 1216 $form[$k] = strip_tags(trim($v)); 1217 } 1218 1315 1316 1317 1318 $form['billing_name'] = isset($form['billing_name']) ? $form['billing_name'] : ''; 1219 1319 $name = explode(' ',$form['billing_name']); 1220 1320 // never trust user input, rebuild the post array before sending. 1221 1321 $params['account_id'] = $this->_get_pp_session('account_id'); 1222 $params['type'] = $form['type'];1322 $params['type'] = isset($form['type']) ? $form['type'] : ''; 1223 1323 $params['name'] = ''; 1224 $params['cc_number'] = $form['cc_number'];1225 $params['cc_exp_month'] = $form['cc_exp_month'];1226 $params['cc_exp_year'] = $form['cc_exp_year'];1227 $params['cc_ccv'] = $form['cc_ccv'];1228 $params['cc_first_name'] = $name[0];1229 $params['cc_last_name'] = $name[1];1230 $params['cc_address'] = $form['cc_address'];1231 $params['cc_country'] = $form['cc_country'];1232 $params['cc_city'] = $form['cc_city'];1233 $params['cc_state'] = $form['cc_state'];1234 $params['cc_zip'] = $form['cc_zip'];1324 $params['cc_number'] = isset($form['cc_number']) ? $form['cc_number'] : ''; 1325 $params['cc_exp_month'] = isset($form['cc_exp_month']) ? $form['cc_exp_month'] : ''; 1326 $params['cc_exp_year'] = isset($form['cc_exp_year']) ? $form['cc_exp_year'] : ''; 1327 $params['cc_ccv'] = isset($form['cc_ccv']) ? $form['cc_ccv'] : ''; 1328 $params['cc_first_name'] = isset($name[0]) ? $name[0] : ''; 1329 $params['cc_last_name'] = isset($name[1]) ? $name[1] : ''; 1330 $params['cc_address'] = isset($form['cc_address']) ? $form['cc_address'] : ''; 1331 $params['cc_country'] = isset($form['cc_country']) ? $form['cc_country'] : ''; 1332 $params['cc_city'] = isset($form['cc_city']) ? $form['cc_city'] : ''; 1333 $params['cc_state'] = isset($form['cc_state']) ? $form['cc_state'] : ''; 1334 $params['cc_zip'] = isset($form['cc_zip']) ? $form['cc_zip'] : ''; 1235 1335 $params['promocode'] = $this->_get_pp_session('promo_code'); 1236 $params['client_ip'] = $_SERVER['REMOTE_ADDR'];1336 $params['client_ip'] = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : ''; 1237 1337 //print_r($params); 1238 1338 $uri = '/account_profiles/single'; … … 1258 1358 if ($this->_get_pp_session('paid') == 1 && !$this->_get_pp_session('domain_queued')) { 1259 1359 $domain_push = $this->_put_domain($params); 1260 1360 $domain_push = json_decode($domain_push); 1261 1361 if($domain_push->result != 2) { 1262 1362 // there was an error pushing the domain to the install queue 1263 1363 //contact support 1264 $this->_support_email($to ='[email protected]',$ from,$subj= "failed install",$msg = $domain_push->result);1364 $this->_support_email($to ='[email protected]',$to,$subj= "failed install",$msg = $domain_push->result); 1265 1365 } 1266 1366 } … … 1297 1397 $params['site_email'] = $this->_get_pp_session('email'); 1298 1398 $params['promocode'] = $this->_get_pp_session('promo_code'); 1299 $params['plan_id'] = $this->_get_pp_session('plan_id'); 1399 $params['plan_id'] = $this->_get_pp_session('plan_id'); 1400 $params['run_trial'] = $this->_get_trial_length(); 1300 1401 $uri = '/domains/single/'; 1301 1402 $json = $this->_pagely_api_request($method = 'PUT',$uri, $params ); … … 1426 1527 header( "Content-Type: application/json" ); 1427 1528 1428 $nonce = $_POST['ppjaxnounce'];1429 1529 //array of all pagely_order inputs 1430 $form = $_POST['pagely_order'] ;1530 $form = $_POST['pagely_order']['product_upgrades']; 1431 1531 foreach ($form as $k => $v) { 1432 1532 if (is_array($v)) { … … 1439 1539 } 1440 1540 // array of products to be added to cart 1441 $items = $_POST['pagely_order']['product_upgrades']; 1442 // check to see if the submitted nonce matches with the generated nonce we created earlier 1443 if ( ! wp_verify_nonce( $nonce, 'chickendinner' ) ) { 1444 // echo "nounce fail"; 1445 // die(); 1446 } 1541 $items = $form; 1542 1543 1544 // check nounce on submission 1545 $form['pagely_order_cart_nounce'] = $_POST['pagely_order_cart_nounce']; 1546 if ( ! wp_verify_nonce( $form['pagely_order_cart_nounce'], 'pagely_cart_submit' ) ) { 1547 $msg = "Nounce Check failed. Possible automated submission. die()"; 1548 1549 $result = array(); 1550 $result = (object)$result; 1551 $result->result = 3; 1552 $result->message = $msg; 1553 echo json_encode($result); 1554 die(); 1555 } 1556 1447 1557 1448 1558 … … 1582 1692 $params['hash'] = sha1($time.$this->pagely_api_sec); // not used yet 1583 1693 // pass an object ID as needed 1584 $params['id'] = $params['id']; // should be object id, like domain_id = 1099; can be empty on PUT1694 $params['id'] = isset($params['id']) ? $params['id'] : ''; // should be object id, like domain_id = 1099; can be empty on PUT 1585 1695 break; 1586 1696 } -
pagely-reseller-management/trunk/readme.txt
r634731 r702419 3 3 Tags: admin, administration, plugin, website reseller, hosting, Wordpress, CMS, page.ly,pagely Wordpress Hosting 4 4 Requires at least: 3.4 5 Tested up to: 3. 4.15 Tested up to: 3.5.1 6 6 Stable tag: trunk 7 7 License: GPLv2 or later … … 20 20 Read [the documentation here](https://docs-api.pagely.com/reseller-plugin/). 21 21 == Changelog == 22 = 3.1.2 = 23 Proper use of nounces, some code cleanup. 22 24 = 3.1.1 = 23 25 A bit of code cleanup. -
pagely-reseller-management/trunk/views/cart.php
r591718 r702419 1 1 <!-- Cart --> 2 <div class="cartwrapper <?php if ($this->_get_pp_session('domain_queued')) { ?>minicart<? } ?> well">3 <table id="<?php if ($this->_get_pp_session('domain_queued')) {?>powerupcart<?php } else {?>totals<? } ?>" class="table table-bordered table-striped">2 <div class="cartwrapper <?php if ($this->_get_pp_session('domain_queued')) { ?>minicart<?php } ?> well"> 3 <table id="<?php if ($this->_get_pp_session('domain_queued')) {?>powerupcart<?php } else {?>totals<?php } ?>" class="table table-bordered table-striped"> 4 4 <thead> 5 5 <tr> … … 19 19 <?php if ($this->_get_pp_session('domain_queued')) { ?> 20 20 <small><a href="" class="removeitem btn btn-mini btn-danger" rel="<?=$k?>">Remove</a></small> 21 <? } ?>21 <?php } ?> 22 22 </td> 23 23 <td class="<?=$item['id'];?> price span1"> 24 <? if($item['price'] > 0) { ?>25 <?php echo $this->_cash($item['price']);?> <? if ($item['recurring']) { echo '/<em class="cycle">mo</em>'; } ?>26 <? } else {?>-<?}?>24 <?php if($item['price'] > 0) { ?> 25 <?php echo $this->_cash($item['price']);?> <?php if ($item['recurring']) { echo '/<em class="cycle">mo</em>'; } ?> 26 <?php } else {?>-<?php }?> 27 27 </td> 28 28 </tr> … … 40 40 </table> 41 41 42 <? } else { ?> <!-- /Cart Items -->42 <?php } else { ?> <!-- /Cart Items --> 43 43 <tr class="empty total_row"> 44 44 <td colspan="2"><em>Empty</em></td> 45 45 </tr> 46 46 </table> 47 <? } ?>47 <?php } ?> 48 48 <?php if ($this->_get_pp_session('domain_queued') && $this->_cart_total_items() > 0) { ?> 49 49 <div class="form-actions purchase_cart"> 50 50 <button class="btn btn-primary btn-large" id="pagely_purchase_cart" <?php if($this->_cart_total_items() == 0) {?>disabled<?php }?>>Purchase »</button> 51 51 </div> 52 <? } ?>52 <?php } ?> 53 53 54 54 <input type="hidden" name="action" value="pagely_jax_purchase_cart_callback"/> -
pagely-reseller-management/trunk/views/complete.php
r591718 r702419 3 3 <div class="hero-unit"> 4 4 <h2>Order Complete. Thank You.</h2> 5 <p>Please allow a few moments for your new site to provision and then check your email for your welcome information. <strong>Thanks again and Welcome Aboard!</strong></p> 5 <p>Please allow a few moments for your new site to provision and then <strong>check your email</strong> for your welcome information. <strong>Thanks again and Welcome Aboard!</strong></p> 6 6 7 <?php if( isset($_GET['product_fails']) ) { ?> 7 8 <p class="error">Unfortunately there was an error when purchasing (<?php echo $_GET['product_fails']?>) additional upgrade items. You may try again when you login to your new site.</p> 8 <? } ?>9 <?php } ?> 9 10 <a href="<?php echo esc_url( home_url( '/' ) ); ?>" class="btn">Return to Home</a> 10 11 </div> -
pagely-reseller-management/trunk/views/order-form.php
r613039 r702419 12 12 13 13 <div id="pp"> 14 <? if($this->_is_sandbox()) {?><p class="alert">SANDBOX MODE</p><?} ?>14 <?php if($this->_is_sandbox()) {?><p class="alert">SANDBOX MODE</p><?php } ?> 15 15 <?php $session = $this->_get_pp_session(); // grab the session 16 16 17 17 if ( $this->_signups_on() ) { 18 if ( $session['order_complete']) {18 if ( isset($session['order_complete']) ) { 19 19 echo $this->_get_view( PP_PLUGIN_ASSETS_PATH . 'views/complete.php'); 20 20 $this->_clear_pp_session(); 21 21 22 } else if (!isset($session['account_id']) || $session['paid'] == 0) { // determine which view snippet to load22 } else if (!isset($session['account_id']) || (!isset($session['paid']) || $session['paid'] == 0) ) { // determine which view snippet to load 23 23 24 24 echo $this->_get_view( PP_PLUGIN_ASSETS_PATH . 'views/order_step1.php'); 25 25 26 } else if ($session['domain_queued'] == 1 && $session['paid'] == 1 && ! $session['order_complete']) {26 } else if ($session['domain_queued'] == 1 && $session['paid'] == 1 && !isset($session['order_complete']) ) { 27 27 28 28 echo $this->_get_view( PP_PLUGIN_ASSETS_PATH . 'views/order_step3.php'); … … 47 47 <button id="session">show session</button> 48 48 </p> 49 <? } ?>49 <?php } ?> 50 50 <div id="pp_dialog"></div> -
pagely-reseller-management/trunk/views/order_step1.php
r613039 r702419 2 2 <!--<div id="progress"><span class="meter" style="width:33%"><span class="progress_title">Sign-Up Progress 1/3</span> 3 3 </span></div>--> 4 5 6 4 <?php 5 7 6 $preselected_plan = $this->_get_pp_session('preselected_plan'); 8 7 $plans = $this->_get_plans(); 9 8 10 9 $form = $this->_get_pp_session('acc_form_post'); 10 $posted_from_dff_page = false; 11 // we dont want to use a nounce here since the referrer may be cached. 12 13 14 $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; 15 $referer_parse = parse_url($referer); 16 $this_site = str_replace(array('http://','https://'),'',site_url()); 17 18 if (!empty($_POST) && $referer_parse['host'] == $this_site && isset($_POST['auto_submit']) ) { 19 $posted_from_dff_page = true; 20 $form = $_POST['pagely_order']; 21 22 } else { 23 // blow out and incoming post data from other sites 24 $_POST = array(); 25 } 26 27 28 11 29 12 30 if (is_array($plans)) { ?> 13 31 32 <div class="form_msg"></div> 14 33 <section id="pagely_account_form" class=""> 15 34 <form method="post" action="" id="pagely_form_acc" class="pagely_form form-horizontal" autocomplete="off"> … … 18 37 <fieldset id="choose_plan"> 19 38 <legend>New Account Setup</legend> 20 <?php if ( is_array($form) ) { ?>39 <?php if ( is_array($form) && !$posted_from_dff_page ) { ?> 21 40 <div class="alert alert-info"><h4 class="alert-heading">Your account is pending.</h4> 22 41 <p>Please verify the information below is correct and proceed with payment to complete setup.</p> 23 42 </div> 24 <? }?>25 <div id="form_msg"></div>43 <?php }?> 44 26 45 27 46 … … 142 161 <?php if (isset($form['sanswer']) ) { ?> 143 162 <input id="" name="pagely_order[sanswer]" type="password" class="span3 required" value="<?php echo $form['sanswer']; ?>"> 144 <? } else { ?>163 <?php } else { ?> 145 164 146 165 <input id="" name="pagely_order[sanswer]" type="text" class="span3 required" value=""> 147 <? } ?>166 <?php } ?> 148 167 </div> 149 168 </div> … … 161 180 </div><!--well--> 162 181 182 183 163 184 164 185 <div class="form-actions create_account"> 165 <input type="submit" class="btn btn-primary btn-large form-submit" value="<?php _e('Continue') ?>" tabindex=""/>186 <input id="acc_submit" type="submit" class="btn btn-primary btn-large form-submit" value="<?php _e('Continue') ?>" tabindex=""/> 166 187 <span class="hide waiting"><img src="<?php echo PP_PLUGIN_ASSETS; ?>/assets/gfx/ajax-loader.gif" /> Processing...</span> 167 188 </div> 168 <?php wp_nonce_field(' chickendinner'); ?>189 <?php wp_nonce_field('pagely_account_submit','pagely_order_acc_nounce'); ?> 169 190 <input type="hidden" name="action" value="pagely_jax_accformsubmit_callback"/> 170 191 <input type="hidden" id="pagely_affiliate_code" name="pagely_order[affiliate_code]" value=""/> … … 192 213 <p><button id="pay_by_paypal" class="btn btn-large btn-success">PayPal</button></p> 193 214 <p class="lead">Pay easily from your Paypal Account</p> 215 <?php wp_nonce_field('pagely_pay_submit','pagely_order_pay_nounce'); ?> 216 194 217 </div> 195 218 </div> … … 324 347 <p class="tos_notice pull-right"><em><small>By continuing you are agreeing to our <a id="tos" class="inline" href="#tos">Terms of Service</a> & <a id="privacy" class="" href="">Privacy Policy</a></small></em></p> 325 348 </div> 326 <?php wp_nonce_field(' chickendinner'); ?>349 <?php wp_nonce_field('pagely_pay_submit','pagely_order_pay_nounce'); ?> 327 350 <input type="hidden" value="cc" name="pagely_order[type]"/> 328 351 <input type="hidden" name="action" value="pagely_jax_payformsubmit_callback"/> … … 330 353 </form> 331 354 </section> 332 <? } else { ?>355 <?php } else { ?> 333 356 <p class="alert alert-warning">Problem with the API. Someone will be flogged momentarily.</p> 334 357 <?php } ?> 358 359 <?php 360 if ($posted_from_dff_page) { 361 ?> 362 <script> 363 jQuery(document).ready(function($) { 364 jQuery.fn.validate_domain('#po_domain'); 365 jQuery.fn.validate_email('#po_email'); 366 //jQuery('#pagely_form_acc').valid(); 367 jQuery('#acc_submit').val('Verify and Continue'); 368 }); 369 </script> 370 <?php 371 //$submit_it = false; 372 } 373 ?> 335 374 <!-- /basic account page --> -
pagely-reseller-management/trunk/views/order_step3.php
r591718 r702419 7 7 8 8 <h2>Success! Your order is in queue for setup. Check your email for some welcome messages.</h2> 9 <p>Thank you for your purchase. New sites typically take 2-5 minutes to provision. If you do not receive a welcome email shortly please <a href="<? echo $this->_supportsite();?>">contact support</a>. Thanks and Welcome aboard!</p>9 <p>Thank you for your purchase. New sites typically take 2-5 minutes to provision. If you do not receive a welcome email shortly please <a href="<?php echo $this->_supportsite();?>">contact support</a>. Thanks and Welcome aboard!</p> 10 10 <?php } else {?> 11 11 <h2>Your Order has been received.</h2> … … 19 19 <legend>Optional Hosting Upgrades</legend> 20 20 <p class="lead">PowerUp your website with these available upgrades. <a href="?complete=true" class="btn btn-mini">No Thanks, I'm done.</a></p> 21 <?php if ($this->_get_trial_length() > 0) { ?> 22 <p class="alert"><span class="label label-warning">Heads Up</span> PowerUps will be billed immediately and are not part of the <?php echo $this->_get_trial_length();?> day trial.</p> 23 <?php } ?> 21 24 22 25 <fieldset id="powerups"> … … 30 33 <td class="span1"><input type="checkbox" id="u<?php echo $p->id?>" name="pagely_order[product_upgrades][]" value="<?php echo $p->id?>" /></td> 31 34 <td class="desc"><p><strong><label for="u<?php echo $p->id?>"><?php _e($p->name);?></label></strong><?php _e(stripslashes($p->desc));?></p></td> 32 <td class="price"><?php echo $this->_cash($p->price);?><?php if ( 1 == $p->recurring) {?>/<em class="cycle">mo</em><? } ?></td>35 <td class="price"><?php echo $this->_cash($p->price);?><?php if ( 1 == $p->recurring) {?>/<em class="cycle">mo</em><?php } ?></td> 33 36 </tr> 34 37 <?php } ?> … … 39 42 </div> 40 43 <!-- /products list --> 41 <?php wp_nonce_field(' chickendinner'); ?>44 <?php wp_nonce_field('pagely_cart_submit','pagely_order_cart_nounce'); ?> 42 45 <input type="hidden" name="action" value="pagely_jax_addtocart_callback"/> 43 46 </form> … … 45 48 46 49 <div id="cartholder" class="span4 offset1"> 47 <? echo $this->_get_view( PP_PLUGIN_ASSETS_PATH . 'views/cart.php'); ?>50 <?php echo $this->_get_view( PP_PLUGIN_ASSETS_PATH . 'views/cart.php'); ?> 48 51 </div> 49 52 </div>
Note: See TracChangeset
for help on using the changeset viewer.