LLMS_Controller_Certificates

Handles awarded user certificates.

Contents

Source Source

File: includes/controllers/class.llms.controller.certificates.php

23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
class LLMS_Controller_Certificates extends LLMS_Abstract_Controller_User_Engagements {
 
    /**
     * Type of user engagement.
     *
     * @since 6.0.0
     *
     * @var string
     */
    protected $engagement_type = 'certificate';
 
    /**
     * Constructor.
     *
     * @since 3.18.0
     * @since 3.37.4 Add filter hook for `lifterlms_register_post_type_llms_certificate`.
     * @since 5.5.0 Drop usage of deprecated `lifterlms_register_post_type_llms_certificate` in favor of `lifterlms_register_post_type_certificate`.
     *
     * @return void
     */
    public function __construct() {
 
        parent::__construct();
 
        add_filter( 'lifterlms_register_post_type_certificate', array( $this, 'maybe_allow_public_query' ) );
 
        add_action( 'init', array( $this, 'maybe_handle_reporting_actions' ) );
        add_action( 'wp', array( $this, 'maybe_authenticate_export_generation' ) );
    }
 
    /**
     * Returns a translated text of the given type.
     *
     * @since 6.0.0
     *
     * @param int   $text_type One of the LLMS_Abstract_Controller_User_Engagements::TEXT_ constants.
     * @param array $variables Optional variables that are used in sprintf().
     * @return string
     */
    protected function get_text( $text_type, $variables = array() ) {
 
        switch ( $text_type ) {
            case self::TEXT_SYNC_AWARDED_ENGAGEMENT_INSUFFICIENT_PERMISSIONS:
                return sprintf(
                    /* translators: %1$d: awarded certificate ID */
                    __( 'Sorry, you are not allowed to edit the awarded certificate #%1$d.', 'lifterlms' ),
                    ( $variables['engagement_id'] ?? 0 )
                );
            case self::TEXT_SYNC_AWARDED_ENGAGEMENT_INVALID_TEMPLATE:
                return sprintf(
                    /* translators: %1$d: awarded certificate ID */
                    __( 'Sorry, the awarded certificate #%1$d does not have a valid certificate template.', 'lifterlms' ),
                    ( $variables['engagement_id'] ?? 0 )
                );
            case self::TEXT_SYNC_AWARDED_ENGAGEMENTS_INSUFFICIENT_PERMISSIONS:
                return __( 'Sorry, you are not allowed to edit awarded certificates.', 'lifterlms' );
            case self::TEXT_SYNC_AWARDED_ENGAGEMENTS_INVALID_NONCE:
                return __( 'Sorry, you are not allowed to sync awarded certificates.', 'lifterlms' );
            case self::TEXT_SYNC_MISSING_AWARDED_ENGAGEMENT_ID:
                return __( 'Sorry, you need to provide a valid awarded certificate ID.', 'lifterlms' );
            case self::TEXT_SYNC_MISSING_ENGAGEMENT_TEMPLATE_ID:
                return __( 'Sorry, you need to provide a valid certificate template ID.', 'lifterlms' );
            default:
                return parent::get_text( $text_type );
        }
    }
 
    /**
     * Modify certificate post type registration data during a certificate template export.
     *
     * @since 3.37.4
     * @since 5.9.0 Stop using deprecated `FILTER_SANITIZE_STRING`.
     *
     * @link https://github.com/gocodebox/lifterlms/issues/776
     *
     * @param array $post_type_args Array of `llms_certificate` post type registration arguments.
     * @return array
     */
    public function maybe_allow_public_query( $post_type_args ) {
 
        if ( ! empty( $_REQUEST['_llms_cert_auth'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
 
            $auth = llms_filter_input( INPUT_GET, '_llms_cert_auth', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
 
            global $wpdb;
            $post_id = $wpdb->get_var( $wpdb->prepare( "SELECT post_id FROM {$wpdb->postmeta} WHERE meta_key = '_llms_auth_nonce' AND meta_value = %s", $auth ) ); // db call ok; no-cache ok.
            if ( $post_id && 'llms_certificate' === get_post_type( $post_id ) ) {
                $post_type_args['publicly_queryable'] = true;
            }
        }
 
        return $post_type_args;
 
    }
 
    /**
     * Allow cURL requests to view a certificate to be authenticated via a nonce.
     *
     * A cURL request is used to scrape the HTML and this will authenticate the scrape.
     *
     * @since 3.18.0
     * @since 3.24.0 Unknown.
     * @since 3.37.4 Use the `post_author` as the WP_User ID when exporting a certificate template.
     *
     * @return void
     */
    public function maybe_authenticate_export_generation() {
 
        if ( empty( $_REQUEST['_llms_cert_auth'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
            return;
        }
 
        $post_id   = get_the_ID();
        $post_type = get_post_type( $post_id );
        if ( ! in_array( $post_type, array( 'llms_my_certificate', 'llms_certificate' ), true ) ) {
            return;
        }
 
        if ( get_post_meta( $post_id, '_llms_auth_nonce', true ) !== $_REQUEST['_llms_cert_auth'] ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
            return;
        }
 
        $cert = new LLMS_User_Certificate( $post_id );
        $uid  = ( 'llms_certificate' === $post_type ) ? get_post_field( 'post_author', $post_id ) : $cert->get_user_id();
        wp_set_current_user( $uid );
 
    }
 
    /**
     * Handle certificate form actions
     *
     * Manages frontend actions to download and manage certificate sharing settings and reporting (admin)
     * actions to download and delete.
     *
     * The method name is a misnomer as this method handles actions on reporting screens as well as
     * on the site's frontend when actually viewing a certificate
     *
     * @since 3.18.0
     * @since 3.35.0 Sanitize `$_POST` data.
     * @since 4.5.0 Add handler for changing certificate sharing settings.
     * @since 5.9.0 Stop using deprecated `FILTER_SANITIZE_STRING`.
     *
     * @return void
     */
    public function maybe_handle_reporting_actions() {
 
        if ( ! llms_verify_nonce( '_llms_cert_actions_nonce', 'llms-cert-actions' ) ) {
            return;
        }
 
        $cert_id = absint( llms_filter_input( INPUT_POST, 'certificate_id', FILTER_SANITIZE_NUMBER_INT ) );
        if ( isset( $_POST['llms_generate_cert'] ) ) {
            $this->download( $cert_id );
        } elseif ( isset( $_POST['llms_delete_cert'] ) ) {
            $this->delete( $cert_id );
        } elseif ( isset( $_POST['llms_enable_cert_sharing'] ) ) {
            $this->change_sharing_settings( $cert_id, (bool) $_POST['llms_enable_cert_sharing'] );
        }
 
    }
 
    /**
     * Change shareable settings of a certificate.
     *
     * @since 4.5.0
     *
     * @param int  $cert_id    WP Post ID of the llms_my_certificate.
     * @param bool $is_allowed Allow share the certificate or not.
     * @return WP_Error|boolean Returns `true` on success and `false` on failure or an error object when the user does not have sufficient privileges.
     */
    private function change_sharing_settings( $cert_id, $is_allowed ) {
 
        $cert = new LLMS_User_Certificate( $cert_id );
 
        if ( ! $cert->can_user_manage() ) {
            return new WP_Error( 'insufficient-permissions', __( 'You are not allowed to manage this certificate.', 'lifterlms' ) );
        }
 
        return $cert->set( 'allow_sharing', $is_allowed ? 'yes' : 'no' );
 
    }
 
    /**
     * Download a Certificate.
     *
     * Generates an HTML export of the certificate from the "Download" button
     * on the View Certificate front end & on reporting backend for admins.
     *
     * @since 3.18.0
     * @since 4.3.1 Properly use an `error` notice to display a WP_Error.
     *
     * @return void
     */
    private function download( $cert_id ) {
 
        $filepath = llms()->certificates()->get_export( $cert_id );
        if ( is_wp_error( $filepath ) ) {
            // @todo Need to handle errors differently on admin panel.
            return llms_add_notice( $filepath->get_error_message(), 'error' );
        }
 
        header( 'Content-Description: File Transfer' );
        header( 'Content-Type: application/octet-stream' );
        header( 'Content-Disposition: attachment; filename="' . basename( $filepath ) . '"' );
 
        readfile( $filepath ); // phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_read_readfile
 
        // Delete file after download.
        ignore_user_abort( true );
        wp_delete_file( $filepath );
        exit;
    }
 
}

Expand full source code Collapse full source code View on GitHub

Top ↑

Methods Methods

Top ↑

Changelog Changelog

Changelog
Version Description
6.0.0 Extended from the LLMS_Abstract_Controller_User_Engagements class.
4.3.1 Properly use an error notice to display a WP_Error when trying to download a certificate.
3.37.4 Modify llms_certificate post type registration to allow certificate templates to be exported. When exporting a certificate template, use the post_author for the certificate's WP User ID.
3.35.0 Sanitize $_POST data.
3.18.0 Introduced.

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.