M_Viper/WP-Business-Forum
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 5 Wiki Activity

Update from Git Manager GUI

Browse Source
This commit is contained in:
M_Viper
2026-03-21 18:47:28 +01:00
parent 5d7a4743d7
commit 6fff4f9dc2
4 changed files with 1710 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

395
includes/class-forum-ajax.php
View File

@@ -9,8 +9,15 @@ class WBF_Ajax {
'wbf_new_thread', 'wbf_new_post', 'wbf_toggle_like',
'wbf_update_profile', 'wbf_upload_avatar', 'wbf_upload_post_image',
'wbf_forgot_password', 'wbf_reset_password', 'wbf_load_more_messages',
'wbf_create_invite', 'wbf_delete_invite',
'wbf_toggle_subscribe', 'wbf_restore_content', 'wbf_toggle_profile_visibility',
'wbf_mod_action', 'wbf_report_post', 'wbf_edit_post', 'wbf_edit_thread', 'wbf_search', 'wbf_get_notifications', 'wbf_mark_notifications_read', 'wbf_move_thread', 'wbf_tag_suggest',
'wbf_set_reaction', 'wbf_send_message', 'wbf_get_inbox', 'wbf_get_conversation', 'wbf_mark_messages_read', 'wbf_get_online_users', 'wbf_user_suggest', 'wbf_delete_message', 'wbf_get_new_messages',
'wbf_delete_account',
'wbf_vote_poll',
'wbf_create_poll',
'wbf_toggle_bookmark',
'wbf_set_thread_prefix',
];
foreach ($actions as $action) {
add_action('wp_ajax_nopriv_' . $action, [__CLASS__, str_replace('wbf_','handle_',$action)]);
@@ -50,7 +57,37 @@ class WBF_Ajax {
}
public static function handle_register() {
// Register braucht keinen Nonce
// Spam-Schutz: Honeypot + Zeitlimit
if ( ! empty($_POST['wbf_website']) ) {
wp_send_json_error(['message' => 'Spam erkannt.']);
}
$min_secs = (int)(wbf_get_settings()['spam_min_seconds'] ?? 30);
if ( $min_secs > 0 ) {
$form_time = (int)($_POST['wbf_form_time'] ?? 0);
if ( $form_time > 0 && (time() - $form_time) < $min_secs ) {
wp_send_json_error(['message' => 'Bitte warte noch einen Moment, bevor du das Formular absendest.']);
}
}
// Registrierungsmodus prüfen
$reg_mode = wbf_get_settings()['registration_mode'] ?? 'open';
if ( $reg_mode === 'disabled' ) {
wp_send_json_error(['message' => 'Registrierung ist deaktiviert.']);
}
// Regel-Akzeptierung prüfen (wenn Pflicht aktiviert)
$rules_required = ( wbf_get_settings()['rules_accept_required'] ?? '1' ) === '1';
$rules_enabled = ( wbf_get_settings()['rules_enabled'] ?? '1' ) === '1';
if ( $rules_enabled && $rules_required && empty( $_POST['rules_accepted'] ) ) {
wp_send_json_error(['message' => 'Bitte akzeptiere die Forum-Regeln um fortzufahren.']);
}
if ( $reg_mode === 'invite' ) {
$code = strtoupper( trim( sanitize_text_field( $_POST['invite_code'] ?? '' ) ) );
if ( ! $code ) {
wp_send_json_error(['message' => 'Einladungscode erforderlich.', 'need_invite' => true]);
}
if ( ! WBF_DB::verify_invite( $code ) ) {
wp_send_json_error(['message' => 'Einladungscode ungültig oder abgelaufen.', 'need_invite' => true]);
}
}
$result = WBF_Auth::register(
sanitize_text_field($_POST['username'] ?? ''),
sanitize_email( $_POST['email'] ?? ''),
@@ -59,6 +96,12 @@ class WBF_Ajax {
);
if ($result['success']) {
$u = $result['user'];
// Einladungscode einlösen
$reg_mode2 = wbf_get_settings()['registration_mode'] ?? 'open';
if ( $reg_mode2 === 'invite' ) {
$code2 = strtoupper( trim( sanitize_text_field( $_POST['invite_code'] ?? '' ) ) );
if ( $code2 ) WBF_DB::use_invite( $code2, $u->id );
}
wp_send_json_success(['display_name'=>$u->display_name,'avatar_url'=>$u->avatar_url,'user_id'=>$u->id]);
} else {
wp_send_json_error($result);
@@ -79,23 +122,40 @@ class WBF_Ajax {
if (!$user) wp_send_json_error(['message'=>'Nicht eingeloggt.']);
if (!WBF_DB::can($user, 'create_thread')) wp_send_json_error(['message'=>'Keine Berechtigung.']);
// Flood Control
if ( ! WBF_DB::check_flood( $user->id ) ) {
$secs = (int)( wbf_get_settings()['flood_interval'] ?? 30 );
wp_send_json_error(['message'=>"Bitte warte {$secs} Sekunden zwischen Beiträgen.", 'flood'=>true]);
}
$title = sanitize_text_field($_POST['title'] ?? '');
$content = WBF_BBCode::sanitize( $_POST['content'] ?? '' );
$category_id = (int)($_POST['category_id'] ?? 0);
$prefix_id = (int)($_POST['prefix_id'] ?? 0) ?: null;
if (strlen($title) < 5) wp_send_json_error(['message'=>'Titel zu kurz (min. 5 Zeichen).']);
if (strlen($content) < 10) wp_send_json_error(['message'=>'Inhalt zu kurz (min. 10 Zeichen).']);
if (!$category_id) wp_send_json_error(['message'=>'Keine Kategorie gewählt.']);
// Inhalt nur prüfen wenn KEIN Poll mitgeschickt wird
$has_poll = ! empty( sanitize_text_field($_POST['poll_question'] ?? '') );
if ( ! $has_poll && strlen($content) < 10 ) {
wp_send_json_error(['message'=>'Inhalt zu kurz (min. 10 Zeichen).']);
}
// Bei Umfrage ohne Inhalt: Platzhalter setzen
if ( $has_poll && strlen($content) < 1 ) {
$content = '—';
}
$cat = WBF_DB::get_category($category_id);
if (!$cat || !WBF_DB::can_post_in($user, $cat)) wp_send_json_error(['message'=>'Keine Berechtigung für diese Kategorie.']);
$id = WBF_DB::create_thread([
'category_id' => $category_id,
'user_id' => $user->id,
'title' => $title,
'title' => WBF_DB::apply_word_filter($title),
'slug' => sanitize_title($title) . '-' . time(),
'content' => $content,
'content' => WBF_DB::apply_word_filter($content),
'prefix_id' => $prefix_id,
]);
// Tags speichern
@@ -104,6 +164,23 @@ class WBF_Ajax {
WBF_DB::sync_thread_tags( $id, $raw_tags );
}
// Umfrage erstellen (optional)
$poll_question = sanitize_text_field( $_POST['poll_question'] ?? '' );
$poll_opts_raw = $_POST['poll_options'] ?? [];
if ( $poll_question && is_array($poll_opts_raw) ) {
$poll_options = array_values( array_filter( array_map( 'sanitize_text_field', $poll_opts_raw ) ) );
if ( count($poll_options) >= 2 ) {
$poll_multi = ! empty($_POST['poll_multi']) ? true : false;
$poll_ends = sanitize_text_field( $_POST['poll_ends_at'] ?? '' );
$poll_ends_dt = null;
if ( $poll_ends ) {
$ts = strtotime($poll_ends);
if ( $ts && $ts > time() ) $poll_ends_dt = date('Y-m-d H:i:s', $ts);
}
WBF_DB::create_poll( $id, $poll_question, $poll_options, $poll_multi, $poll_ends_dt );
}
}
wp_send_json_success(['thread_id'=>$id,'message'=>'Thread erstellt!']);
}
@@ -115,8 +192,15 @@ class WBF_Ajax {
if (!$user) wp_send_json_error(['message'=>'Nicht eingeloggt.']);
if (!WBF_DB::can($user, 'post')) wp_send_json_error(['message'=>'Keine Berechtigung.']);
// Flood Control
if ( ! WBF_DB::check_flood( $user->id ) ) {
$secs = (int)( wbf_get_settings()['flood_interval'] ?? 30 );
wp_send_json_error(['message'=>"Bitte warte {$secs} Sekunden zwischen Beiträgen.", 'flood'=>true]);
}
$thread_id = (int)($_POST['thread_id'] ?? 0);
$content = WBF_BBCode::sanitize( $_POST['content'] ?? '' );
$content = WBF_DB::apply_word_filter( $content );
if (strlen($content) < 3) wp_send_json_error(['message'=>'Antwort zu kurz.']);
if (!$thread_id) wp_send_json_error(['message'=>'Ungültiger Thread.']);
@@ -131,13 +215,24 @@ class WBF_Ajax {
$notif_users = WBF_DB::get_thread_participants($thread_id);
foreach ($notif_users as $participant_id) {
WBF_DB::create_notification($participant_id, 'reply', $thread_id, $user->id);
// E-Mail
$notif_user = WBF_DB::get_user($participant_id);
self::send_notification_email($notif_user, 'reply', $user->display_name, [
'thread_id' => $thread_id,
'thread_title' => $thread->title,
]);
}
// Thread-Abonnenten benachrichtigen
$subscribers = WBF_DB::get_thread_subscribers($thread_id);
foreach ($subscribers as $sub) {
if ((int)$sub->id === (int)$user->id) continue; // nicht sich selbst
if (in_array($sub->id, array_column($notif_users, 'id') ?: [])) continue; // schon benachrichtigt
self::send_notification_email($sub, 'reply', $user->display_name, [
'thread_id' => $thread_id,
'thread_title' => $thread->title,
]);
}
// Ersteller auto-abonniert
WBF_DB::subscribe($thread->user_id, $thread_id);
// @Erwähnungen
$mentioned = WBF_DB::extract_mentions($content);
foreach ($mentioned as $m_user) {
@@ -198,13 +293,13 @@ class WBF_Ajax {
if (!WBF_DB::can($user,'delete_thread')) wp_send_json_error(['message'=>'Keine Berechtigung.']);
$thread = WBF_DB::get_thread($object_id);
if (!$thread) wp_send_json_error(['message'=>'Thread nicht gefunden.']);
WBF_DB::delete_thread($object_id);
WBF_DB::soft_delete_thread($object_id);
wp_send_json_success(['action'=>'deleted','redirect'=>'?forum_cat='.urlencode('')]);
break;
case 'delete_post':
if (!WBF_DB::can($user,'delete_post')) wp_send_json_error(['message'=>'Keine Berechtigung.']);
WBF_DB::delete_post($object_id);
WBF_DB::soft_delete_post($object_id);
wp_send_json_success(['action'=>'post_deleted']);
break;
@@ -278,6 +373,34 @@ class WBF_Ajax {
}
WBF_DB::update_user($user->id, $update);
// Benutzerdefinierte Profilfelder speichern
$field_defs = WBF_DB::get_profile_field_defs();
foreach ( $field_defs as $def ) {
$key = sanitize_key( $def['key'] );
if ( ! $key ) continue;
$raw = $_POST[ 'cf_' . $key ] ?? null;
if ( $raw === null ) continue; // nicht übermittelt — nicht anfassen
// Pflichtfeld-Prüfung
if ( ! empty($def['required']) && trim($raw) === '' ) {
wp_send_json_error(['message' => sprintf('Das Feld "%s" ist ein Pflichtfeld.', $def['label'])]);
}
// Sanitisierung je nach Typ
if ( $def['type'] === 'url' ) {
$value = esc_url_raw( trim($raw) );
} elseif ( $def['type'] === 'textarea' ) {
$value = sanitize_textarea_field( $raw );
} elseif ( $def['type'] === 'number' ) {
$value = is_numeric($raw) ? (string)(float)$raw : '';
} else {
$value = sanitize_text_field( $raw );
}
WBF_DB::set_user_meta( $user->id, $key, $value );
}
wp_send_json_success(['message'=>'Profil gespeichert!']);
}
@@ -394,6 +517,17 @@ class WBF_Ajax {
wp_send_json_error(['message' => 'Keine Berechtigung.']);
}
// Post-Bearbeitungslimit prüfen
if ($is_own && !$is_mod) {
$limit_min = (int)(wbf_get_settings()['post_edit_limit'] ?? 30);
if ($limit_min > 0) {
$age_min = (time() - strtotime($db_post->created_at)) / 60;
if ($age_min > $limit_min) {
wp_send_json_error(['message' => "Bearbeitung nur innerhalb von {$limit_min} Minuten nach dem Posten möglich."]);
}
}
}
$wpdb->update(
"{$wpdb->prefix}forum_posts",
['content' => $content, 'updated_at' => current_time('mysql')],
@@ -828,6 +962,251 @@ class WBF_Ajax {
}
// ── Einladungen ───────────────────────────────────────────────────────────
public static function handle_create_invite() {
self::verify();
$user = WBF_Auth::get_current_user();
if ( ! $user || ! WBF_Roles::can($user, 'manage_users') ) {
wp_send_json_error(['message' => 'Keine Berechtigung.']);
}
$max_uses = max(1, (int)($_POST['max_uses'] ?? 1));
$note = sanitize_text_field($_POST['note'] ?? '');
$expires = sanitize_text_field($_POST['expires'] ?? '');
$expires_at = null;
if ($expires) {
$ts = strtotime($expires);
if ($ts > time()) {
$expires_at = date('Y-m-d H:i:s', $ts);
}
}
$code = WBF_DB::create_invite($user->id, $max_uses, $note, $expires_at);
$url = wbf_get_forum_url() . '?wbf_invite=' . $code;
wp_send_json_success(['code' => $code, 'url' => $url]);
}
public static function handle_delete_invite() {
self::verify();
$user = WBF_Auth::get_current_user();
if ( ! $user || ! WBF_Roles::can($user, 'manage_users') ) {
wp_send_json_error(['message' => 'Keine Berechtigung.']);
}
$id = (int)($_POST['invite_id'] ?? 0);
if ($id) WBF_DB::delete_invite($id);
wp_send_json_success();
}
// ── Thread-Abonnement ─────────────────────────────────────────────────────
public static function handle_toggle_subscribe() {
self::verify();
$user = WBF_Auth::get_current_user();
if (!$user) wp_send_json_error(['message'=>'Nicht eingeloggt.']);
$thread_id = (int)($_POST['thread_id'] ?? 0);
if (!$thread_id) wp_send_json_error(['message'=>'Ungültig.']);
if (WBF_DB::is_subscribed($user->id, $thread_id)) {
WBF_DB::unsubscribe($user->id, $thread_id);
wp_send_json_success(['subscribed'=>false,'msg'=>'Abonnement entfernt.']);
} else {
WBF_DB::subscribe($user->id, $thread_id);
wp_send_json_success(['subscribed'=>true,'msg'=>'Thread abonniert! Du erhältst E-Mails bei neuen Antworten.']);
}
}
// ── Wiederherstellen (Soft-Delete) ────────────────────────────────────────
public static function handle_restore_content() {
self::verify();
$user = WBF_Auth::get_current_user();
if (!$user || !WBF_Roles::can($user,'delete_thread')) wp_send_json_error(['message'=>'Keine Berechtigung.']);
$type = sanitize_key($_POST['content_type'] ?? '');
$id = (int)($_POST['content_id'] ?? 0);
if ($type === 'thread') {
WBF_DB::restore_thread($id);
} elseif ($type === 'post') {
WBF_DB::restore_post($id);
} else {
wp_send_json_error(['message'=>'Ungültig.']);
}
wp_send_json_success(['message'=>'Wiederhergestellt.']);
}
// ── Profil-Sichtbarkeit umschalten ────────────────────────────────────────
public static function handle_toggle_profile_visibility() {
self::verify();
$user = WBF_Auth::get_current_user();
if (!$user) wp_send_json_error(['message'=>'Nicht eingeloggt.']);
$current = (int)($user->profile_public ?? 1);
$new = $current ? 0 : 1;
WBF_DB::update_user($user->id, ['profile_public'=>$new]);
wp_send_json_success(['public'=>$new,'msg'=> $new ? 'Profil ist jetzt öffentlich.' : 'Profil ist jetzt privat.']);
}
// ── DSGVO: Konto löschen ─────────────────────────────────────────────────
public static function handle_delete_account() {
self::verify();
$user = WBF_Auth::get_current_user();
if ( ! $user ) wp_send_json_error( [ 'message' => 'Nicht eingeloggt.' ] );
// Superadmin darf sich nicht selbst löschen
if ( $user->role === 'superadmin' ) {
wp_send_json_error( [ 'message' => 'Der Superadmin-Account kann nicht gelöscht werden.' ] );
}
// Passwort-Bestätigung prüfen
$password = $_POST['password'] ?? '';
if ( empty( $password ) ) {
wp_send_json_error( [ 'message' => 'Bitte Passwort zur Bestätigung eingeben.' ] );
}
if ( ! password_verify( $password, $user->password ) ) {
wp_send_json_error( [ 'message' => 'Falsches Passwort.' ] );
}
// Bestätigungs-Checkbox
if ( empty( $_POST['confirm'] ) ) {
wp_send_json_error( [ 'message' => 'Bitte Löschung ausdrücklich bestätigen.' ] );
}
// Ausloggen bevor gelöscht wird
WBF_Auth::logout();
// DSGVO-Löschung durchführen
$ok = WBF_DB::delete_user_gdpr( $user->id );
// Custom Profile Meta ebenfalls löschen
WBF_DB::delete_user_meta_all( $user->id );
if ( ! $ok ) {
wp_send_json_error( [ 'message' => 'Fehler bei der Kontolöschung. Bitte Admin kontaktieren.' ] );
}
// Admin benachrichtigen
$blog_name = get_bloginfo( 'name' );
$admin_email = get_option( 'admin_email' );
wp_mail(
$admin_email,
"[{$blog_name}] DSGVO: Konto gelöscht",
"Nutzer #{$user->id} ({$user->username}) hat sein Konto gemäß DSGVO Art. 17 gelöscht.\n\n"
. "Zeitpunkt: " . date('d.m.Y H:i:s') . "\n"
. "Alle personenbezogenen Daten wurden anonymisiert.",
[ 'Content-Type: text/plain; charset=UTF-8' ]
);
wp_send_json_success( [
'message' => 'Dein Konto wurde vollständig gelöscht. Alle personenbezogenen Daten wurden entfernt.',
'redirect' => wbf_get_forum_url(),
] );
}
// ── Umfrage: Erstellen (aus Thread-View) ──────────────────────────────────
public static function handle_create_poll() {
self::verify();
$user = WBF_Auth::get_current_user();
if ( ! $user ) wp_send_json_error(['message' => 'Nicht eingeloggt.']);
$thread_id = (int)( $_POST['thread_id'] ?? 0 );
if ( ! $thread_id ) wp_send_json_error(['message' => 'Ungültiger Thread.']);
$thread = WBF_DB::get_thread( $thread_id );
if ( ! $thread ) wp_send_json_error(['message' => 'Thread nicht gefunden.']);
// Nur der Thread-Ersteller darf eine Umfrage hinzufügen
if ( (int)$thread->user_id !== (int)$user->id && $user->role !== 'superadmin' ) {
wp_send_json_error(['message' => 'Keine Berechtigung.']);
}
// Bereits eine Umfrage vorhanden?
if ( WBF_DB::get_poll( $thread_id ) ) {
wp_send_json_error(['message' => 'Dieser Thread hat bereits eine Umfrage.']);
}
$question = sanitize_text_field( $_POST['poll_question'] ?? '' );
$opts_raw = $_POST['poll_options'] ?? [];
$multi = ! empty($_POST['poll_multi']);
$ends_raw = sanitize_text_field( $_POST['poll_ends_at'] ?? '' );
if ( ! $question ) wp_send_json_error(['message' => 'Bitte eine Frage eingeben.']);
$options = array_values( array_filter( array_map( 'sanitize_text_field', (array)$opts_raw ) ) );
if ( count($options) < 2 ) wp_send_json_error(['message' => 'Mindestens 2 Antwortmöglichkeiten erforderlich.']);
if ( count($options) > 10 ) wp_send_json_error(['message' => 'Maximal 10 Antwortmöglichkeiten erlaubt.']);
$ends_at = null;
if ( $ends_raw ) {
$ts = strtotime( $ends_raw );
if ( $ts && $ts > time() ) $ends_at = date('Y-m-d H:i:s', $ts);
}
WBF_DB::create_poll( $thread_id, $question, $options, $multi, $ends_at );
wp_send_json_success(['message' => 'Umfrage erstellt! Seite wird neu geladen…']);
}
// ── Umfrage: Abstimmen ────────────────────────────────────────────────────
public static function handle_vote_poll() {
self::verify();
$user = WBF_Auth::get_current_user();
if ( ! $user ) wp_send_json_error(['message' => 'Bitte einloggen um abzustimmen.']);
$poll_id = (int)( $_POST['poll_id'] ?? 0 );
$option_idxs = array_map( 'intval', (array)( $_POST['options'] ?? [] ) );
if ( ! $poll_id || empty($option_idxs) ) {
wp_send_json_error(['message' => 'Ungültige Abstimmung.']);
}
$ok = WBF_DB::vote_poll( $poll_id, $user->id, $option_idxs );
if ( ! $ok ) {
wp_send_json_error(['message' => 'Bereits abgestimmt oder Umfrage beendet.']);
}
$results = WBF_DB::get_poll_results( $poll_id );
$my_votes = WBF_DB::get_user_votes( $poll_id, $user->id );
wp_send_json_success([
'results' => $results,
'my_votes' => $my_votes,
'total' => array_sum( $results ),
]);
}
// ── Lesezeichen ───────────────────────────────────────────────────────────
public static function handle_toggle_bookmark() {
self::verify();
$user = WBF_Auth::get_current_user();
if (!$user) wp_send_json_error(['message'=>'Nicht eingeloggt.']);
$thread_id = (int)($_POST['thread_id'] ?? 0);
if (!$thread_id) wp_send_json_error(['message'=>'Ungültiger Thread.']);
$added = WBF_DB::toggle_bookmark( $user->id, $thread_id );
wp_send_json_success(['bookmarked' => $added]);
}
// ── Thread-Präfix setzen ──────────────────────────────────────────────────
public static function handle_set_thread_prefix() {
self::verify();
$user = WBF_Auth::get_current_user();
if (!$user) wp_send_json_error(['message'=>'Nicht eingeloggt.']);
$thread_id = (int)($_POST['thread_id'] ?? 0);
$prefix_id = (int)($_POST['prefix_id'] ?? 0) ?: null;
if (!$thread_id) wp_send_json_error(['message'=>'Ungültiger Thread.']);
$thread = WBF_DB::get_thread($thread_id);
if (!$thread) wp_send_json_error(['message'=>'Thread nicht gefunden.']);
// Nur Thread-Ersteller oder Mods
if ( (int)$thread->user_id !== (int)$user->id && !WBF_DB::can($user,'pin_thread') ) {
wp_send_json_error(['message'=>'Keine Berechtigung.']);
}
global $wpdb;
$wpdb->update( "{$wpdb->prefix}forum_threads", ['prefix_id'=>$prefix_id], ['id'=>$thread_id] );
$prefix = $prefix_id ? WBF_DB::get_prefix($prefix_id) : null;
wp_send_json_success(['prefix' => $prefix]);
}
}
WBF_Ajax::init();
add_action( 'init', [ 'WBF_Ajax', 'init' ] );