'+message+"
")}}function wpinvUnblock(el){var $el=jQuery(el);if(1==$el.data("GetPaidIsBlocked")){$el.data("GetPaidIsBlocked",0);if(!$el.data("GetPaidWasRelative")){$el.removeClass("position-relative")}$el.children(".getpaid-block-ui").remove()}}
\ No newline at end of file
+function wpinvBlock(e,t){t=void 0!==t&&""!==t?t:WPInv.loading;var a=jQuery(e);1!=a.data("GetPaidIsBlocked")&&(a.data("GetPaidIsBlocked",1),a.data("GetPaidWasRelative",a.hasClass("position-relative")),a.addClass("position-relative"),a.append('"))}function wpinvUnblock(e){var t=jQuery(e);1==t.data("GetPaidIsBlocked")&&(t.data("GetPaidIsBlocked",0),t.data("GetPaidWasRelative")||t.removeClass("position-relative"),t.children(".getpaid-block-ui").remove())}jQuery((function(e){var t=[],a=!1;window.getpaid_form=function(i){return{fetched_initial_state:0,cached_states:{},form:i,show_error(t,a){i.find(".getpaid-payment-form-errors, .getpaid-custom-payment-form-errors").html("").addClass("d-none"),a&&i.find(a).length?(i.find(a).html(t).removeClass("d-none"),i.find(a).closest(".form-group").find(".form-control").addClass("is-invalid"),i.find(a).closest(".form-group").find(".getpaid-custom-payment-form-success").addClass("d-none")):(i.find(".getpaid-payment-form-errors").html(t).removeClass("d-none"),i.find(".getpaid-custom-payment-form-errors").each((function(){var t=e(this).closest(".form-group").find(".form-control");""!=t.val()&&t.addClass("is-valid")})))},hide_error(){i.find(".getpaid-payment-form-errors, .getpaid-custom-payment-form-errors").html("").addClass("d-none"),i.find(".is-invalid, .is-valid").removeClass("is-invalid is-valid")},cache_state(e,t){this.cached_states[e]=t},current_state_key(){return this.form.serialize()},is_current_state_cached(){return this.cached_states.hasOwnProperty(this.current_state_key())},switch_state(){this.hide_error();var t=this.cached_states[this.current_state_key()];if(!t)return this.fetch_state();var a=this.form.find(".getpaid-tax-template");if(t.totals)for(var n in t.totals)t.totals.hasOwnProperty(n)&&this.form.find(".getpaid-form-cart-totals-total-"+n).html(t.totals[n]);if(a.length&&(this.form.find(".getpaid-form-cart-totals-tax:not(.getpaid-tax-template)").remove(),!Array.isArray(t.taxes))){var s=a.prop("outerHTML");for(var r in t.taxes)if(t.taxes.hasOwnProperty(r)){var d=a.before(s).prev().removeClass("getpaid-tax-template d-none");d.find(".getpaid-payment-form-line-totals-label").html(r),d.find(".getpaid-payment-form-line-totals-value").html(t.taxes[r])}}if(Array.isArray(t.fees)?this.form.find(".getpaid-form-cart-totals-fees").addClass("d-none"):this.form.find(".getpaid-form-cart-totals-fees").removeClass("d-none"),Array.isArray(t.discounts)?this.form.find(".getpaid-form-cart-totals-discount").addClass("d-none"):this.form.find(".getpaid-form-cart-totals-discount").removeClass("d-none"),t.items)for(var o in t.items)t.items.hasOwnProperty(o)&&this.form.find(".getpaid-form-cart-item-subtotal-"+o).html(t.items[o]);if(t.selected_items)for(var o in t.selected_items)t.selected_items.hasOwnProperty(o)&&(this.form.find('input[name="getpaid-items['+o+'][price]"]').val(t.selected_items[o].price),this.form.find('input[name="getpaid-items['+o+'][quantity]"]').val(t.selected_items[o].quantity),this.form.find(".getpaid-items-"+o+"-view-price").html(t.selected_items[o].price_fmt),this.form.find(".getpaid-items-"+o+"-view-quantity").text(t.selected_items[o].quantity));if(t.texts)for(var p in t.texts)t.texts.hasOwnProperty(p)&&this.form.find(p).html(t.texts[p]);t.gateways&&this.process_gateways(t.gateways,t),t.invoice&&(0==this.form.find('input[name="invoice_id"]').length&&this.form.append(''+WPInv.maxFilesExceeded+"
");let p=a.name.match(/\.([^\.]+)$/)[1];if(i.find(".getpaid-files-input").data("extensions").indexOf(p.toString().toLowerCase())<0)return void d.find(".getpaid-progress").html(''+WPInv.unsupportedFile+"
");let l=new FormData;l.append("file",a),l.append("action","wpinv_file_upload"),l.append("form_id",d.closest("form").find('input[name="form_id"]').val()),l.append("_ajax_nonce",WPInv.formNonce),l.append("field_name",i.data("name")),r.push(a),t=e.ajax({url:WPInv.ajax_url,type:"POST",contentType:!1,processData:!1,data:l,xhr:function(){let e=new window.XMLHttpRequest;return e.upload.addEventListener("progress",(function(e){if(e.lengthComputable){let t=Math.round(100*e.loaded/e.total)+"%";d.find(".progress-bar").attr("aria-valuenow",e.loaded).css("width",t).text(t)}}),!1),e},success:function(e){e.success?d.append(e.data):d.find(".getpaid-progress").html(''+e.data+"
")},error:function(e,t,a){d.find(".getpaid-progress").html(''+a+"
")}})},o=function(e){Array.prototype.forEach.apply(e,[d])};a.on("dragenter",(()=>{a.addClass("getpaid-trying-to-drop")})).on("dragover",(e=>{(e=e.originalEvent).stopPropagation(),e.preventDefault(),e.dataTransfer.dropEffect="copy"})).on("dragleave",(()=>{a.removeClass("getpaid-trying-to-drop")})).on("drop",(e=>{(e=e.originalEvent).stopPropagation(),e.preventDefault();let t=e.dataTransfer.files;t.length>0&&o(t)})),i.find(".getpaid-files-input").on("change",(function(e){let t=e.originalEvent.target.files;t&&(o(t),i.find(".getpaid-files-input").val(""))}))})),jQuery.fn.popover&&this.form.find(".gp-tooltip").length&&this.form.find(".gp-tooltip").popover({container:this.form[0],html:!0,content:function(){return e(this).closest(".getpaid-form-cart-item-name").find(".getpaid-item-desc").html()}}),jQuery.fn.flatpickr&&this.form.find(".getpaid-init-flatpickr").length&&this.form.find(".getpaid-init-flatpickr").each((function(){let e={},t=jQuery(this);if(t.data("disable_alt")&&t.data("disable_alt").length>0&&(e.disable=t.data("disable_alt")),t.data("disable_days_alt")&&t.data("disable_days_alt").length>0){e.disable=e.disable||[];let a=t.data("disable_days_alt");e.disable.push((function(e){return a.indexOf(e.getDay())>=0}))}jQuery(this).removeClass("flatpickr-input").flatpickr(e)})),WPInv.recaptchaSettings&&WPInv.recaptchaSettings.enabled&&"v2"==WPInv.recaptchaSettings.version&&function(e){if(a)e();else{t.push(e);var i=setInterval((function(){"undefined"!=typeof grecaptcha&&(clearInterval(i),a=!0,t.forEach((function(e){e()})))}),100)}}((()=>{var e=this.form.find(".getpaid-recaptcha-wrapper .g-recaptcha").attr("id");e&&grecaptcha.ready((()=>{grecaptcha.render(e,WPInv.recaptchaSettings.render_params)}))}))},process_gateways(t,a){this.form.data("initial_amt",a.initial_amt),this.form.data("currency",a.currency);var i=this.form.find(".getpaid-payment-form-submit"),n=i.data("free").replace(/%price%/gi,a.totals.raw_total),s=i.data("pay").replace(/%price%/gi,a.totals.raw_total);return i.prop("disabled",!1).css("cursor","pointer"),a.is_free?(i.val(n),this.form.find(".getpaid-gateways").slideUp(),void this.form.data("isFree","yes")):(this.form.data("isFree","no"),this.form.find(".getpaid-gateways").slideDown(),i.val(s),this.form.find(".getpaid-no-recurring-gateways, .getpaid-no-subscription-group-gateways, .getpaid-no-multiple-subscription-group-gateways, .getpaid-no-active-gateways").addClass("d-none"),this.form.find(".getpaid-select-gateway-title-div, .getpaid-available-gateways-div, .getpaid-gateway-descriptions-div").removeClass("d-none"),t.length<1?(this.form.find(".getpaid-select-gateway-title-div, .getpaid-available-gateways-div, .getpaid-gateway-descriptions-div").addClass("d-none"),i.prop("disabled",!0).css("cursor","not-allowed"),a.has_multiple_subscription_groups?void this.form.find(".getpaid-no-multiple-subscription-group-gateways").removeClass("d-none"):a.has_subscription_group?void this.form.find(".getpaid-no-subscription-group-gateways").removeClass("d-none"):a.has_recurring?void this.form.find(".getpaid-no-recurring-gateways").removeClass("d-none"):void this.form.find(".getpaid-no-active-gateways").removeClass("d-none")):(1==t.length?(this.form.find(".getpaid-select-gateway-title-div").addClass("d-none"),this.form.find(".getpaid-gateway-radio input").addClass("d-none")):this.form.find(".getpaid-gateway-radio input").removeClass("d-none"),this.form.find(".getpaid-gateway").addClass("d-none"),e.each(t,((e,t)=>{this.form.find(`.getpaid-gateway-${t}`).removeClass("d-none")})),0===this.form.find(".getpaid-gateway:visible input:checked").length&&this.form.find(".getpaid-gateway:visible .getpaid-gateway-radio input").eq(0).prop("checked",!0),void(0===this.form.find(".getpaid-gateway-description:visible").length&&this.form.find(".getpaid-gateway-radio input:checked").trigger("change"))))},setup_saved_payment_tokens(){var t=this.form.data("currency");this.form.find(".getpaid-saved-payment-methods").each((function(){var a=e(this);a.show(),e("input",a).on("change",(function(){e(this).closest("li").hasClass("getpaid-new-payment-method")?a.closest(".getpaid-gateway-description").find(".getpaid-new-payment-method-form").slideDown():a.closest(".getpaid-gateway-description").find(".getpaid-new-payment-method-form").slideUp()})),a.find("input").each((function(){"none"!=e(this).data("currency")&&t!=e(this).data("currency")?(e(this).closest("li").addClass("d-none"),e(this).prop("checked",!1)):e(this).closest("li").removeClass("d-none")})),0===e("li:not(.d-none) input",a).filter(":checked").length&&e("li:not(.d-none) input",a).eq(0).prop("checked",!0),0===e("li:not(.d-none) input",a).filter(":checked").length&&e("input",a).last().prop("checked",!0),2>e("li:not(.d-none) input",a).length&&a.hide(),e("input",a).filter(":checked").trigger("change")}))},handleAddressToggle(t){var a=t.closest(".getpaid-payment-form-element-address");a.find(".getpaid-billing-address-title, .getpaid-shipping-address-title, .getpaid-shipping-address-wrapper").addClass("d-none"),t.on("change",(function(){e(this).is(":checked")?(a.find(".getpaid-billing-address-title, .getpaid-shipping-address-title, .getpaid-shipping-address-wrapper").addClass("d-none"),a.find(".getpaid-shipping-billing-address-title").removeClass("d-none")):(a.find(".getpaid-billing-address-title, .getpaid-shipping-address-title, .getpaid-shipping-address-wrapper").removeClass("d-none"),a.find(".getpaid-shipping-billing-address-title").addClass("d-none"))}))},validate_vat_number(){var t=this.form.find(".wpinv_vat_number"),a=this.form.find(".wpinv_country"),i=t.parent().find(".getpaid-vat-number-validate");if(t.length&&a.length){var n=t.val(),s=a.val();n&&s?(i.prop("disabled",!0).text(WPInv.validating),e.post(WPInv.ajax_url,{action:"wpinv_validate_vat_number",vat_number:n,country:s,_ajax_nonce:WPInv.formNonce}).done((e=>{e.success?(i.removeClass("btn-primary").addClass("btn-success").text(WPInv.valid),t.removeClass("is-invalid").addClass("is-valid"),this.hide_error()):(i.removeClass("btn-success").addClass("btn-danger").text(WPInv.invalid),t.removeClass("is-valid").addClass("is-invalid"),this.show_error(e.data.message,".getpaid-error-billingwpinv_vat_number"))})).fail((()=>{i.removeClass("btn-success").addClass("btn-warning").text(WPInv.error),this.show_error(WPInv.vatValidationError,".getpaid-error-billingwpinv_vat_number")})).always((()=>{i.prop("disabled",!1),setTimeout((()=>{i.removeClass("btn-success btn-danger btn-warning").addClass("btn-primary").text(i.data("validate"))}),3e3)}))):this.show_error(WPInv.vatFieldsRequired,".getpaid-error-billingwpinv_vat_number")}},init(){this.setup_saved_payment_tokens(),this.attach_events(),this.refresh_state(),this.form.find(".getpaid-payment-form-element-billing_email span.d-none").closest(".col-12").addClass("d-none"),this.form.find(".getpaid-gateway-description:not(:has(*))").remove();var t=this.form.find('[name ="same-shipping-address"]');t.length>0&&this.handleAddressToggle(t),e("body").trigger("getpaid_setup_payment_form",[this.form])}}};var i=function(t){function a(a){0!=t.find(".getpaid-payment-form-items-cart").length&&(t.find(".getpaid-payment-form-items-cart-item.getpaid-selectable").each((function(){e(this).find(".getpaid-item-price-input").attr("name",""),e(this).find(".getpaid-item-quantity-input").attr("name",""),e(this).hide()})),e(a).each((function(e,a){if(a){var i=t.find(".getpaid-payment-form-items-cart-item.item-"+a);i.find(".getpaid-item-price-input").attr("name","getpaid-items["+a+"][price]"),i.find(".getpaid-item-quantity-input").attr("name","getpaid-items["+a+"][quantity]"),i.show()}})))}if(t.find(".getpaid-gateway-descriptions-div .form-horizontal .form-group").addClass("row"),t.find(".getpaid-payment-form-items-radio").length){var i=function(){a([t.find(".getpaid-payment-form-items-radio .form-check-input:checked").val()])},n=t.find(".getpaid-payment-form-items-radio .form-check-input");n.on("change",i),0===n.filter(":checked").length&&n.eq(0).prop("checked",!0),i()}if(t.find(".getpaid-payment-form-items-checkbox").length){i=function(){a(t.find(".getpaid-payment-form-items-checkbox input:checked").map((function(){return e(this).val()})).get())};var s=t.find(".getpaid-payment-form-items-checkbox input");s.on("change",i),0===s.filter(":checked").length&&s.eq(0).prop("checked",!0),i()}if(t.find(".getpaid-payment-form-items-select").length){i=function(){a([t.find(".getpaid-payment-form-items-select select").val()])};var r=t.find(".getpaid-payment-form-items-select select");r.on("change",i),r.val()||r.find("option:first").prop("selected","selected"),i()}getpaid_form(t).init(),t.on("submit",(function(a){a.preventDefault(),wpinvBlock(t),t.find(".getpaid-payment-form-errors, .getpaid-custom-payment-form-errors").html("").addClass("d-none"),t.find(".is-invalid,.is-valid").removeClass("is-invalid is-valid");var i=t.data("key"),n={submit:!0,delay:!1,data:t.serialize(),form:t,key:i};if("no"==t.data("isFree")&&e("body").trigger("getpaid_payment_form_before_submit",[n]),n.submit){var s=!0,r=function(){var a=function(a){if("string"!=typeof a){if(a.success)return a.data.action&&"redirect"!=a.data.action||(window.location.href=decodeURIComponent(a.data)),"auto_submit_form"==a.data.action&&(t.parent().append(''+a.data.form+"
"),e(".getpaid-checkout-autosubmit-form form").submit()),void("event"==a.data.action&&(e("body").trigger(a.data.event,[a.data.data,t]),s=!1));t.find(".getpaid-payment-form-errors").html(a.data).removeClass("d-none"),t.find(".getpaid-payment-form-remove-on-error").remove(),document.dispatchEvent(new Event("ayecode_reset_captcha")),a.invoice&&(localStorage.setItem("getpaid_last_invoice_"+t.find('input[name="form_id"]').val(),a.invoice),0==t.find('input[name="invoice_id"]').length&&t.append('get_log_months();
foreach ( $months as $month ) {
- $selected = ( isset( $_GET['m'] ) && $_GET['m'] == $month->month ) ? ' selected="selected"' : '';
- echo '' . esc_html( $month->month_name . ' ' . $month->year ) . ' ';
+ $selected = ( isset( $_GET['m'] ) && $_GET['m'] == $month->year_month ) ? ' selected="selected"' : '';
+ echo '' . esc_html( $month->month_name . ' ' . $month->year ) . ' ';
}
?>
@@ -193,14 +193,14 @@ private function get_log_months() {
global $wpdb;
$table_name = $wpdb->prefix . 'getpaid_anonymization_logs';
- $months = $wpdb->get_results(
- "SELECT DISTINCT YEAR(timestamp) AS year, MONTH(timestamp) AS month,
- DATE_FORMAT(timestamp, '%M') AS month_name,
- DATE_FORMAT(timestamp, '%Y%m') AS month
+ return $wpdb->get_results(
+ "SELECT DISTINCT
+ YEAR(timestamp) AS year,
+ MONTH(timestamp) AS month_num,
+ DATE_FORMAT(timestamp, '%M') AS month_name,
+ DATE_FORMAT(timestamp, '%Y%m') AS year_month
FROM $table_name
- ORDER BY year DESC, month DESC"
+ ORDER BY year DESC, month_num DESC"
);
-
- return $months;
}
}
\ No newline at end of file
diff --git a/includes/class-wpinv-data-retention.php b/includes/class-wpinv-data-retention.php
index f6326ee5..a365787f 100644
--- a/includes/class-wpinv-data-retention.php
+++ b/includes/class-wpinv-data-retention.php
@@ -17,647 +17,734 @@
*/
class WPInv_Data_Retention {
- /**
- * Error message.
- *
- * @var string
- */
- private $error_message;
-
- /**
- * Flag to control whether user deletion should be handled.
- *
- * @var bool
- */
- private $handle_user_deletion = true;
-
- /**
- * Class constructor.
- */
- public function __construct() {
- add_filter( 'wpinv_settings_misc', array( $this, 'add_data_retention_settings' ) );
-
- add_action( 'wpmu_delete_user', array( $this, 'maybe_handle_user_deletion' ), 1 );
- add_action( 'delete_user', array( $this, 'maybe_handle_user_deletion' ), 1 );
- add_filter( 'wp_privacy_personal_data_erasure_request', array( $this, 'handle_erasure_request' ), 10, 2 );
-
- add_action( 'getpaid_daily_maintenance', array( $this, 'perform_data_retention_cleanup' ) );
- }
-
- /**
- * Adds data retention settings to the misc settings page.
- *
- * @param array $misc_settings Existing misc settings.
- * @return array Updated misc settings.
- */
- public function add_data_retention_settings( $misc_settings ) {
- $misc_settings['data_retention'] = array(
- 'id' => 'data_retention',
- 'name' => '' . __( 'Data Retention', 'invoicing' ) . ' ',
- 'type' => 'header',
- );
-
- $misc_settings['data_retention_method'] = array(
- 'id' => 'data_retention_method',
- 'name' => __( 'Data Handling', 'invoicing' ),
- 'desc' => __( 'Choose how to handle user data when deletion is required.', 'invoicing' ),
- 'type' => 'select',
- 'options' => array(
- 'anonymize' => __( 'Anonymize data', 'invoicing' ),
- 'delete' => __( 'Delete data without anonymization', 'invoicing' ),
- ),
- 'std' => 'anonymize',
- 'tooltip' => __( 'Anonymization replaces personal data with non-identifiable information. Direct deletion removes all data permanently.', 'invoicing' ),
- );
-
- $misc_settings['data_retention_period'] = array(
- 'id' => 'data_retention_period',
- 'name' => __( 'Retention Period', 'invoicing' ),
- 'desc' => __( 'Specify how long to retain customer data after processing.', 'invoicing' ),
- 'type' => 'select',
- 'options' => array(
- 'never' => __( 'Never delete (retain indefinitely)', 'invoicing' ),
- '30' => __( '30 days', 'invoicing' ),
- '90' => __( '90 days', 'invoicing' ),
- '180' => __( '6 months', 'invoicing' ),
- '365' => __( '1 year', 'invoicing' ),
- '730' => __( '2 years', 'invoicing' ),
- '1825' => __( '5 years', 'invoicing' ),
- '3650' => __( '10 years', 'invoicing' ),
- ),
- 'std' => '3650',
- 'tooltip' => __( 'Choose how long to keep processed customer data before final action. This helps balance data minimization with business needs.', 'invoicing' ),
- );
-
- return $misc_settings;
- }
-
- /**
- * Conditionally handles user deletion based on the flag.
- *
- * @param int $user_id The ID of the user being deleted.
- */
- public function maybe_handle_user_deletion( $user_id ) {
- if ( ! $this->handle_user_deletion ) {
- return;
- }
-
- if ( current_user_can( 'manage_options' ) ) {
- $this->handle_admin_user_deletion( $user_id );
- } else {
- $this->handle_self_account_deletion( $user_id );
- }
- }
-
- /**
- * Handles admin-initiated user deletion process.
- *
- * @since 2.8.22
- * @param int $user_id The ID of the user being deleted.
- */
- public function handle_admin_user_deletion( $user_id ) {
- if ( $this->has_active_subscriptions( $user_id ) ) {
- $this->prevent_user_deletion( $user_id, 'active_subscriptions' );
- return;
- }
-
- if ( $this->has_paid_invoices( $user_id ) ) {
- $retention_method = wpinv_get_option( 'data_retention_method', 'anonymize' );
- if ( 'anonymize' === $retention_method ) {
- $this->anonymize_user_data( $user_id );
- $this->prevent_user_deletion( $user_id, 'paid_invoices' );
- } else {
- $this->delete_user_data( $user_id );
- }
- }
- }
-
- /**
- * Handles user account self-deletion.
- *
- * @since 2.8.22
- * @param int $user_id The ID of the user being deleted.
- */
- public function handle_self_account_deletion( $user_id ) {
- $this->cancel_active_subscriptions( $user_id );
-
- if ( $this->has_paid_invoices( $user_id ) ) {
- $retention_method = wpinv_get_option( 'data_retention_method', 'anonymize' );
-
- if ( 'anonymize' === $retention_method ) {
- $user = get_userdata( $user_id );
-
- $this->anonymize_user_data( $user_id );
-
- $message = apply_filters( 'uwp_get_account_deletion_message', '', $user );
- do_action( 'uwp_send_account_deletion_emails', $user, $message );
-
- $this->end_user_session();
- }
- }
- }
-
- /**
- * Checks if user has active subscriptions.
- *
- * @since 2.8.22
- * @param int $user_id The ID of the user being checked.
- * @return bool True if user has active subscriptions, false otherwise.
- */
- private function has_active_subscriptions( $user_id ) {
- $subscriptions = getpaid_get_subscriptions(
- array(
- 'customer_in' => array( (int) $user_id ),
- 'status' => 'active',
- )
- );
-
- return ! empty( $subscriptions );
- }
-
- /**
- * Cancels all active subscriptions for a user.
- *
- * @since 2.8.22
- * @param int $user_id The ID of the user.
- */
- private function cancel_active_subscriptions( $user_id ) {
- $subscriptions = getpaid_get_subscriptions(
- array(
- 'customer_in' => array( (int) $user_id ),
- 'status' => 'active',
- )
- );
-
- foreach ( $subscriptions as $subscription ) {
- $subscription->cancel();
- }
- }
-
- /**
- * Checks if user has paid invoices.
- *
- * @since 2.8.22
- * @param int $user_id The ID of the user being checked.
- * @return bool True if user has paid invoices, false otherwise.
- */
- private function has_paid_invoices( $user_id ) {
- $invoices = wpinv_get_invoices(
- array(
- 'user' => (int) $user_id,
- 'status' => 'publish',
- )
- );
-
- return ! empty( $invoices->total );
- }
-
- /**
- * Prevents user deletion by setting an error message and stopping execution.
- *
- * @since 2.8.22
- * @param int $user_id The ID of the user being deleted.
- * @param string $reason The reason for preventing deletion.
- */
- private function prevent_user_deletion( $user_id, $reason ) {
- $user = get_userdata( $user_id );
-
- if ( 'active_subscriptions' === $reason ) {
- $this->error_message = sprintf(
- /* translators: %s: user login */
- esc_html__( 'User deletion for %s has been halted. All active subscriptions should be cancelled first.', 'invoicing' ),
- $user->user_login
- );
- } else {
- $this->error_message = sprintf(
- /* translators: %s: user login */
- esc_html__( 'User deletion for %s has been halted due to paid invoices. Data will be anonymized instead.', 'invoicing' ),
- $user->user_login
- );
- }
-
- wp_die( $this->error_message, esc_html__( 'User Deletion Halted', 'invoicing' ), array( 'response' => 403 ) );
- }
-
- /**
- * Anonymizes user data.
- *
- * @since 2.8.22
- * @param int $user_id The ID of the user to anonymize.
- * @return bool True on success, false on failure.
- */
- private function anonymize_user_data( $user_id ) {
- global $wpdb;
-
- $user = get_userdata( $user_id );
- if ( ! $user ) {
- return false;
- }
-
- $table_name = $wpdb->prefix . 'getpaid_customers';
- $deletion_date = gmdate( 'Y-m-d', strtotime( '+10 years' ) );
- $hashed_email = $this->hash_email( $user->user_email );
-
- $updated = $wpdb->update(
- $table_name,
- array(
- 'is_anonymized' => 1,
- 'deletion_date' => $deletion_date,
- 'email' => $hashed_email,
- 'email_cc' => $hashed_email,
- 'phone' => '',
- ),
- array( 'user_id' => (int) $user->ID )
- );
-
- if ( false === $updated ) {
- return false;
- }
-
- wp_update_user(
- array(
- 'ID' => (int) $user->ID,
- 'user_email' => $hashed_email,
- )
- );
-
- /**
- * Fires when anonymizing user meta fields.
- *
- * @since 2.8.22
- * @param int $user_id The ID of the user being anonymized.
- */
- do_action( 'wpinv_anonymize_user_meta_data', $user->ID );
-
- $user_meta_data = array(
- 'nickname',
+ /**
+ * Error message.
+ *
+ * @var string
+ */
+ private $error_message;
+
+ /**
+ * Flag to control whether user deletion should be handled.
+ *
+ * @var bool
+ */
+ private $handle_user_deletion = true;
+
+ /**
+ * Class constructor.
+ */
+ public function __construct() {
+ add_filter( 'wpinv_settings_misc', array( $this, 'add_data_retention_settings' ) );
+
+ add_action( 'wpmu_delete_user', array( $this, 'maybe_handle_user_deletion' ), 1 );
+ add_action( 'delete_user', array( $this, 'maybe_handle_user_deletion' ), 1 );
+
+ // Register GDPR personal data eraser.
+ add_filter( 'wp_privacy_personal_data_erasers', array( $this, 'register_eraser' ) );
+
+ add_action( 'getpaid_daily_maintenance', array( $this, 'perform_data_retention_cleanup' ) );
+ }
+
+ /**
+ * Adds data retention settings to the misc settings page.
+ *
+ * @param array $misc_settings Existing misc settings.
+ * @return array Updated misc settings.
+ */
+ public function add_data_retention_settings( $misc_settings ) {
+ $misc_settings['data_retention'] = array(
+ 'id' => 'data_retention',
+ 'name' => '' . __( 'Data Retention', 'invoicing' ) . ' ',
+ 'type' => 'header',
+ );
+
+ $misc_settings['data_retention_method'] = array(
+ 'id' => 'data_retention_method',
+ 'name' => __( 'Data Handling', 'invoicing' ),
+ 'desc' => __( 'Choose how to handle user data when deletion is required.', 'invoicing' ),
+ 'type' => 'select',
+ 'options' => array(
+ 'anonymize' => __( 'Anonymize data', 'invoicing' ),
+ 'delete' => __( 'Delete data without anonymization', 'invoicing' ),
+ ),
+ 'std' => 'anonymize',
+ 'tooltip' => __( 'Anonymization replaces personal data with non-identifiable information. Direct deletion removes all data permanently.', 'invoicing' ),
+ );
+
+ $misc_settings['data_retention_period'] = array(
+ 'id' => 'data_retention_period',
+ 'name' => __( 'Retention Period', 'invoicing' ),
+ 'desc' => __( 'Specify how long to retain customer data after processing.', 'invoicing' ),
+ 'type' => 'select',
+ 'options' => array(
+ 'never' => __( 'Never delete (retain indefinitely)', 'invoicing' ),
+ '30' => __( '30 days', 'invoicing' ),
+ '90' => __( '90 days', 'invoicing' ),
+ '180' => __( '6 months', 'invoicing' ),
+ '365' => __( '1 year', 'invoicing' ),
+ '730' => __( '2 years', 'invoicing' ),
+ '1825' => __( '5 years', 'invoicing' ),
+ '3650' => __( '10 years', 'invoicing' ),
+ ),
+ 'std' => '3650',
+ 'tooltip' => __( 'Choose how long to keep processed customer data before final action. This helps balance data minimization with business needs.', 'invoicing' ),
+ );
+
+ return $misc_settings;
+ }
+
+ /**
+ * Conditionally handles user deletion based on the flag.
+ *
+ * @param int $user_id The ID of the user being deleted.
+ */
+ public function maybe_handle_user_deletion( $user_id ) {
+ if ( ! $this->handle_user_deletion ) {
+ return;
+ }
+
+ if ( current_user_can( 'manage_options' ) ) {
+ $this->handle_admin_user_deletion( $user_id );
+ } else {
+ $this->handle_self_account_deletion( $user_id );
+ }
+ }
+
+ /**
+ * Handles admin-initiated user deletion process.
+ *
+ * @since 2.8.22
+ * @param int $user_id The ID of the user being deleted.
+ */
+ public function handle_admin_user_deletion( $user_id ) {
+ if ( $this->has_active_subscriptions( $user_id ) ) {
+ $this->prevent_user_deletion( $user_id, 'active_subscriptions' );
+ return;
+ }
+
+ if ( $this->has_paid_invoices( $user_id ) ) {
+ $retention_method = wpinv_get_option( 'data_retention_method', 'anonymize' );
+ if ( 'anonymize' === $retention_method ) {
+ $this->anonymize_user_data( $user_id );
+ $this->prevent_user_deletion( $user_id, 'paid_invoices' );
+ } else {
+ $this->delete_user_data( $user_id );
+ }
+ }
+ }
+
+ /**
+ * Handles user account self-deletion.
+ *
+ * @since 2.8.22
+ * @param int $user_id The ID of the user being deleted.
+ */
+ public function handle_self_account_deletion( $user_id ) {
+ $this->cancel_active_subscriptions( $user_id );
+
+ if ( $this->has_paid_invoices( $user_id ) ) {
+ $retention_method = wpinv_get_option( 'data_retention_method', 'anonymize' );
+
+ if ( 'anonymize' === $retention_method ) {
+ $user = get_userdata( $user_id );
+
+ $this->anonymize_user_data( $user_id );
+
+ $message = apply_filters( 'uwp_get_account_deletion_message', '', $user );
+ do_action( 'uwp_send_account_deletion_emails', $user, $message );
+
+ $this->end_user_session();
+ }
+ }
+ }
+
+ /**
+ * Checks if user has active subscriptions.
+ *
+ * @since 2.8.22
+ * @param int $user_id The ID of the user being checked.
+ * @return bool True if user has active subscriptions, false otherwise.
+ */
+ private function has_active_subscriptions( $user_id ) {
+ $subscriptions = getpaid_get_subscriptions(
+ array(
+ 'customer_in' => array( (int) $user_id ),
+ 'status' => 'active',
+ )
+ );
+
+ return ! empty( $subscriptions );
+ }
+
+ /**
+ * Cancels all active subscriptions for a user.
+ *
+ * @since 2.8.22
+ * @param int $user_id The ID of the user.
+ */
+ private function cancel_active_subscriptions( $user_id ) {
+ $subscriptions = getpaid_get_subscriptions(
+ array(
+ 'customer_in' => array( (int) $user_id ),
+ 'status' => 'active',
+ )
+ );
+
+ foreach ( $subscriptions as $subscription ) {
+ $subscription->cancel();
+ }
+ }
+
+ /**
+ * Checks if user has paid invoices.
+ *
+ * @since 2.8.22
+ * @param int $user_id The ID of the user being checked.
+ * @return bool True if user has paid invoices, false otherwise.
+ */
+ private function has_paid_invoices( $user_id ) {
+ $invoices = wpinv_get_invoices(
+ array(
+ 'user' => (int) $user_id,
+ 'status' => 'publish',
+ )
+ );
+
+ return ! empty( $invoices->total );
+ }
+
+ /**
+ * Prevents user deletion by setting an error message and stopping execution.
+ *
+ * @since 2.8.22
+ * @param int $user_id The ID of the user being deleted.
+ * @param string $reason The reason for preventing deletion.
+ */
+ private function prevent_user_deletion( $user_id, $reason ) {
+ $user = get_userdata( $user_id );
+
+ if ( 'active_subscriptions' === $reason ) {
+ $this->error_message = sprintf(
+ /* translators: %s: user login */
+ esc_html__( 'User deletion for %s has been halted. All active subscriptions should be cancelled first.', 'invoicing' ),
+ $user->user_login
+ );
+ } else {
+ $this->error_message = sprintf(
+ /* translators: %s: user login */
+ esc_html__( 'User deletion for %s has been halted due to paid invoices. Data will be anonymized instead.', 'invoicing' ),
+ $user->user_login
+ );
+ }
+
+ wp_die(
+ $this->error_message,
+ esc_html__( 'User Deletion Halted', 'invoicing' ),
+ array(
+ 'response' => 403,
+ 'back_link' => true,
+ )
+ );
+ }
+
+ /**
+ * Anonymizes user data.
+ *
+ * @since 2.8.22
+ * @param int $user_id The ID of the user to anonymize.
+ * @return bool True on success, false on failure.
+ */
+ private function anonymize_user_data( $user_id ) {
+ global $wpdb;
+
+ $user = get_userdata( $user_id );
+ if ( ! $user ) {
+ return false;
+ }
+
+ $table_name = $wpdb->prefix . 'getpaid_customers';
+ $retention_period = wpinv_get_option( 'data_retention_period', '3650' );
+ $hashed_email = $this->hash_email( $user->user_email );
+
+ // Use the configured retention period for the deletion date.
+ $update_data = array(
+ 'is_anonymized' => 1,
+ 'email' => $hashed_email,
+ 'email_cc' => '',
+ 'first_name' => __( 'Anonymized', 'invoicing' ),
+ 'last_name' => '',
+ 'address' => '',
+ 'city' => '',
+ 'state' => '',
+ 'zip' => '',
+ 'phone' => '',
+ 'company' => '',
+ 'company_id' => '',
+ 'vat_number' => '',
+ );
+
+ if ( 'never' !== $retention_period ) {
+ $update_data['deletion_date'] = gmdate( 'Y-m-d', strtotime( "+{$retention_period} days" ) );
+ }
+
+ $updated = $wpdb->update(
+ $table_name,
+ $update_data,
+ array( 'user_id' => (int) $user->ID )
+ );
+
+ if ( false === $updated ) {
+ return false;
+ }
+
+ $anonymized_name = __( 'Anonymized User', 'invoicing' );
+ $anonymized_login = 'anonymized_' . $user->ID;
+
+ // Anonymize user_login directly since wp_update_user() does not allow changing it.
+ $wpdb->update(
+ $wpdb->users,
+ array( 'user_login' => $anonymized_login ),
+ array( 'ID' => (int) $user->ID )
+ );
+
+ // Clear caches after direct DB update.
+ clean_user_cache( $user->ID );
+
+ wp_update_user(
+ array(
+ 'ID' => (int) $user->ID,
+ 'user_email' => $hashed_email,
+ 'display_name' => $anonymized_name,
+ 'first_name' => '',
+ 'last_name' => '',
+ 'nickname' => $anonymized_name,
+ 'user_nicename' => sanitize_title( $anonymized_login ),
+ 'user_url' => '',
+ 'description' => '',
+ )
+ );
+
+ /**
+ * Fires when anonymizing user meta fields.
+ *
+ * @since 2.8.22
+ * @param int $user_id The ID of the user being anonymized.
+ */
+ do_action( 'wpinv_anonymize_user_meta_data', $user->ID );
+
+ $user_meta_data = array(
+ 'nickname',
'description',
'rich_editing',
'syntax_highlighting',
'comment_shortcuts',
- 'admin_color',
+ 'admin_color',
'use_ssl',
'show_admin_bar_front',
'locale',
- 'wp_capabilities',
- 'wp_user_level',
'dismissed_wp_pointers',
'show_welcome_panel',
- );
-
- /**
- * Filters the user meta fields to be anonymized.
- *
- * @since 2.8.22
- * @param array $user_meta_data The meta fields to be anonymized.
- * @param int $user_id The ID of the user being anonymized.
- */
- $user_meta_data = apply_filters( 'wpinv_user_meta_data_to_anonymize', $user_meta_data, $user->ID );
-
- foreach ( $user_meta_data as $meta_key ) {
- delete_user_meta( $user->ID, $meta_key );
- }
-
- return $this->ensure_invoice_anonymization( $user->ID, 'anonymize' );
- }
-
- /**
- * Deletes user data without anonymization.
- *
- * @param int $user_id The ID of the user to delete.
- * @return bool True on success, false on failure.
- */
- private function delete_user_data( $user_id ) {
- // Delete associated invoices.
- $this->ensure_invoice_anonymization( $user_id, 'delete' );
-
- // Delete the user.
- if ( is_multisite() ) {
- wpmu_delete_user( $user_id );
- } else {
- wp_delete_user( $user_id );
- }
-
- /**
- * Fires after deleting user data without anonymization.
- *
- * @since 2.8.22
- * @param int $user_id The ID of the user being deleted.
- */
- do_action( 'wpinv_delete_user_data', $user_id );
-
- return true;
- }
-
- /**
- * Ensures invoice data remains anonymized.
- *
- * @since 2.8.22
- * @param int $user_id The ID of the user whose invoices should be checked.
- * @param string $action The action to perform (anonymize or delete).
- * @return bool True on success, false on failure.
- */
- public function ensure_invoice_anonymization( $user_id, $action = 'anonymize' ) {
- $invoices = wpinv_get_invoices( array( 'user' => $user_id ) );
-
- /**
- * Filters the invoice meta fields to be anonymized.
- *
- * @since 2.8.22
- * @param array $inv_meta_data The meta fields to be anonymized.
- * @param int $user_id The ID of the user being processed.
- */
- $inv_meta_data = apply_filters( 'wpinv_invoice_meta_data_to_anonymize', array(), $user_id );
-
- foreach ( $invoices->invoices as $invoice ) {
- foreach ( $inv_meta_data as $meta_key ) {
- delete_post_meta( $invoice->get_id(), $meta_key );
- }
-
- if ( 'anonymize' === $action ) {
- $hashed_inv_email = $this->hash_email( $invoice->get_email() );
- $hashed_inv_email_cc = $this->hash_email( $invoice->get_email_cc() );
-
- $invoice->set_email( $hashed_inv_email );
- $invoice->set_email_cc( $hashed_inv_email_cc );
- $invoice->set_phone( '' );
- $invoice->set_ip( $this->anonymize_data( $invoice->get_ip() ) );
- $invoice->set_is_anonymized( 1 );
-
- /**
- * Fires when anonymizing additional invoice data.
- *
- * @since 2.8.22
- * @param WPInv_Invoice $invoice The invoice being anonymized.
- * @param string $action The action being performed (anonymize or delete).
- */
- do_action( 'wpinv_anonymize_invoice_data', $invoice, $action );
-
- $invoice->save();
- } else {
- $invoice->delete();
- }
- }
-
- return $this->log_deletion_action( $user_id, $invoices->invoices, $action );
- }
-
- /**
- * Logs the deletion or anonymization action for a user and their invoices.
- *
- * @since 2.8.22
- * @param int $user_id The ID of the user being processed.
- * @param array $invoices An array of invoice objects being processed.
- * @param string $action The action being performed (anonymize or delete).
- * @return bool True on success, false on failure.
- */
- private function log_deletion_action( $user_id, $invoices, $action ) {
- global $wpdb;
-
- $table_name = $wpdb->prefix . 'getpaid_anonymization_logs';
- $user_data = get_userdata( $user_id );
-
- $additional_info = array(
- 'Username' => $user_data ? $user_data->user_login : 'N/A',
- 'User Roles' => $user_data ? implode(', ', $user_data->roles) : 'N/A',
- 'Email' => $user_data ? $user_data->user_email : 'N/A',
- 'First Name' => $user_data ? $user_data->first_name : 'N/A',
- 'Last Name' => $user_data ? $user_data->last_name : 'N/A',
- 'Registered' => $user_data ? $user_data->user_registered : 'N/A',
- 'invoice_count' => count( $invoices ),
- );
-
-
- /**
- * Filters the additional info before logging.
- *
- * @since 2.8.22
- * @param array $additional_info The additional information to be logged.
- * @param int $user_id The ID of the user being processed.
- * @param array $invoices The invoices being processed.
- * @param string $action The action being performed (anonymize or delete).
- */
- $additional_info = apply_filters( 'wpinv_anonymization_log_additional_info', $additional_info, $user_id, $invoices, $action );
-
- $data = array(
- 'user_id' => $user_id,
- 'action' => sanitize_text_field( $action ),
- 'data_type' => 'User Invoices',
- 'timestamp' => current_time( 'mysql' ),
- 'additional_info' => wp_json_encode( $additional_info ),
- );
-
- $format = array(
- '%d', // user_id
- '%s', // action
- '%s', // data_type
- '%s', // timestamp
- '%s', // additional_info
- );
-
- if ( ! empty( $user_id ) && ! empty( $action ) ) {
- $result = $wpdb->update(
- $table_name,
- $data,
- array(
- 'user_id' => (int) $user_id,
- 'action' => sanitize_text_field( $action ),
- ),
- $format,
- array( '%d', '%s' )
- );
-
- if ( false === $result ) {
- // If update fails, try to insert.
- $result = $wpdb->insert( $table_name, $data, $format );
- }
-
- if ( false === $result ) {
- wpinv_error_log( sprintf( 'Failed to log anonymization action for user ID: %d. Error: %s', $user_id, $wpdb->last_error ) );
- return false;
- }
- }
-
- /**
- * Fires after logging a deletion or anonymization action.
- *
- * @since 2.8.22
- * @param int $user_id The ID of the user being processed.
- * @param array $invoices An array of invoice objects being processed.
- * @param string $action The action being performed (anonymize or delete).
- * @param array $data The data that was inserted into the log.
- */
- do_action( 'wpinv_after_log_deletion_action', $user_id, $invoices, $action, $data );
-
- return true;
- }
-
- /**
- * Handles GDPR personal data erasure request.
- *
- * @since 2.8.22
- * @param array $response The default response.
- * @param int $user_id The ID of the user being erased.
- * @return array The modified response.
- */
- public function handle_erasure_request( $response, $user_id ) {
- if ( $this->has_active_subscriptions( $user_id ) ) {
- $response['messages'][] = esc_html__( 'User has active subscriptions. Data cannot be erased at this time.', 'invoicing' );
- $response['items_removed'] = false;
- } elseif ( $this->has_paid_invoices( $user_id ) ) {
- $retention_method = wpinv_get_option( 'data_retention_method', 'anonymize' );
- if ( 'anonymize' === $retention_method ) {
- $this->anonymize_user_data( $user_id );
- $response['messages'][] = esc_html__( 'User data has been anonymized due to existing paid invoices.', 'invoicing' );
- $response['items_removed'] = false;
- $response['items_retained'] = true;
- } else {
- $this->delete_user_data( $user_id );
- $response['messages'][] = esc_html__( 'User data has been deleted.', 'invoicing' );
- $response['items_removed'] = true;
- $response['items_retained'] = false;
- }
- }
-
- return $response;
- }
-
- /**
- * Hashes email for anonymization.
- *
- * @since 2.8.22
- * @param string $email The email to hash.
- * @return string The hashed email.
- */
- private function hash_email( $email ) {
- $site_url = get_site_url();
- $domain = wp_parse_url( $site_url, PHP_URL_HOST );
-
- if ( empty( $domain ) ) {
- return $email;
- }
-
- $clean_email = sanitize_email( strtolower( trim( $email ) ) );
- $hash = wp_hash( $clean_email );
- $hash = substr( $hash, 0, 20 );
- $anonymized_email = sprintf( '%s@%s', $hash, $domain );
-
- /**
- * Filters the anonymized email before returning.
- *
- * @since 2.8.22
- * @param string $anonymized_email The anonymized email address.
- * @param string $email The original email address.
- */
- return apply_filters( 'wpinv_anonymized_email', $anonymized_email, $email );
- }
-
- /**
- * Anonymizes a given piece of data.
- *
- * @since 2.8.22
- * @param string $data The data to anonymize.
- * @return string The anonymized data.
- */
- private function anonymize_data( $data ) {
- if ( empty( $data ) ) {
- return '';
- }
-
- return wp_privacy_anonymize_data( 'text', $data );
- }
-
- /**
- * Performs data retention cleanup.
- *
- * This method is responsible for cleaning up anonymized user data
- * that has exceeded the retention period.
- *
- * @since 2.8.22
- */
- public function perform_data_retention_cleanup() {
- global $wpdb;
-
- $retention_period = wpinv_get_option( 'data_retention_period', '3650' );
-
- // If retention period is set to 'never', exit the function.
- if ( 'never' === $retention_period ) {
- return;
- }
-
- $customers_table = $wpdb->prefix . 'getpaid_customers';
-
- // Calculate the cutoff date for data retention.
- $cutoff_date = gmdate( 'Y-m-d', strtotime( "-$retention_period days" ) );
-
- $expired_records = $wpdb->get_results(
- $wpdb->prepare(
- "SELECT * FROM $customers_table WHERE deletion_date < %s AND is_anonymized = 1",
- $cutoff_date
- )
- );
-
- /**
- * Fires before the data retention cleanup process begins.
- *
- * @since 2.8.22
- * @param array $expired_records Array of customer records to be processed.
- */
- do_action( 'getpaid_data_retention_before_cleanup', $expired_records );
-
- if ( ! empty( $expired_records ) ) {
- // Disable our custom user deletion handling.
- $this->handle_user_deletion = false;
-
- foreach ( $expired_records as $record ) {
- // Delete associated invoices.
- $this->ensure_invoice_anonymization( (int) $record->user_id, 'delete' );
-
- // Delete the user.
- wp_delete_user( (int) $record->user_id );
-
- /**
- * Fires after processing each expired record during cleanup.
- *
- * @since 2.8.22
- * @param object $record The customer record being processed.
- */
- do_action( 'getpaid_data_retention_process_record', $record );
- }
-
- // Re-enable our custom user deletion handling.
- $this->handle_user_deletion = true;
-
- /**
- * Fires after the data retention cleanup process is complete.
- *
- * @since 2.8.22
- * @param array $expired_records Array of customer records that were processed.
- */
- do_action( 'getpaid_data_retention_after_cleanup', $expired_records );
- }
-
- /**
- * Fires after the data retention cleanup attempt, regardless of whether records were processed.
- *
- * @since 2.8.22
- * @param int $retention_period The current retention period in years.
- * @param string $cutoff_date The cutoff date used for identifying expired records.
- */
- do_action( 'getpaid_data_retention_cleanup_complete', $retention_period, $cutoff_date );
- }
-
- /**
- * Ends the user's current session.
- *
- * @since 2.8.22
- */
- private function end_user_session() {
- wp_logout();
-
- // Redirect after deletion.
- $redirect_page = home_url();
- wp_safe_redirect( $redirect_page );
- exit();
- }
-}
\ No newline at end of file
+ );
+
+ /**
+ * Filters the user meta fields to be anonymized.
+ *
+ * @since 2.8.22
+ * @param array $user_meta_data The meta fields to be anonymized.
+ * @param int $user_id The ID of the user being anonymized.
+ */
+ $user_meta_data = apply_filters( 'wpinv_user_meta_data_to_anonymize', $user_meta_data, $user->ID );
+
+ foreach ( $user_meta_data as $meta_key ) {
+ delete_user_meta( $user->ID, $meta_key );
+ }
+
+ return $this->ensure_invoice_anonymization( $user->ID, 'anonymize' );
+ }
+
+ /**
+ * Deletes user data without anonymization.
+ *
+ * @param int $user_id The ID of the user to delete.
+ * @return bool True on success, false on failure.
+ */
+ private function delete_user_data( $user_id ) {
+ // Delete associated invoices.
+ $this->ensure_invoice_anonymization( $user_id, 'delete' );
+
+ // Disable our handler to prevent infinite recursion.
+ $this->handle_user_deletion = false;
+
+ // Delete the user.
+ if ( is_multisite() ) {
+ wpmu_delete_user( $user_id );
+ } else {
+ wp_delete_user( $user_id );
+ }
+
+ // Re-enable our handler.
+ $this->handle_user_deletion = true;
+
+ /**
+ * Fires after deleting user data without anonymization.
+ *
+ * @since 2.8.22
+ * @param int $user_id The ID of the user being deleted.
+ */
+ do_action( 'wpinv_delete_user_data', $user_id );
+
+ return true;
+ }
+
+ /**
+ * Ensures invoice data remains anonymized.
+ *
+ * @since 2.8.22
+ * @param int $user_id The ID of the user whose invoices should be checked.
+ * @param string $action The action to perform (anonymize or delete).
+ * @return bool True on success, false on failure.
+ */
+ public function ensure_invoice_anonymization( $user_id, $action = 'anonymize' ) {
+ $invoices = wpinv_get_invoices( array( 'user' => $user_id ) );
+
+ /**
+ * Filters the invoice meta fields to be anonymized.
+ *
+ * @since 2.8.22
+ * @param array $inv_meta_data The meta fields to be anonymized.
+ * @param int $user_id The ID of the user being processed.
+ */
+ $inv_meta_data = apply_filters( 'wpinv_invoice_meta_data_to_anonymize', array(), $user_id );
+
+ foreach ( $invoices->invoices as $invoice ) {
+ foreach ( $inv_meta_data as $meta_key ) {
+ delete_post_meta( $invoice->get_id(), $meta_key );
+ }
+
+ if ( 'anonymize' === $action ) {
+ $invoice->set_email( $this->hash_email( $invoice->get_email() ) );
+ $invoice->set_email_cc( '' );
+ $invoice->set_phone( '' );
+ $invoice->set_ip( $this->anonymize_data( $invoice->get_ip() ) );
+ $invoice->set_first_name( __( 'Anonymized', 'invoicing' ) );
+ $invoice->set_last_name( '' );
+ $invoice->set_company( '' );
+ $invoice->set_vat_number( '' );
+ $invoice->set_address( '' );
+ $invoice->set_city( '' );
+ $invoice->set_zip( '' );
+ $invoice->set_is_anonymized( 1 );
+
+ /**
+ * Fires when anonymizing additional invoice data.
+ *
+ * @since 2.8.22
+ * @param WPInv_Invoice $invoice The invoice being anonymized.
+ * @param string $action The action being performed (anonymize or delete).
+ */
+ do_action( 'wpinv_anonymize_invoice_data', $invoice, $action );
+
+ $invoice->save();
+ } else {
+ $invoice->delete();
+ }
+ }
+
+ return $this->log_deletion_action( $user_id, $invoices->invoices, $action );
+ }
+
+ /**
+ * Logs the deletion or anonymization action for a user and their invoices.
+ *
+ * @since 2.8.22
+ * @param int $user_id The ID of the user being processed.
+ * @param array $invoices An array of invoice objects being processed.
+ * @param string $action The action being performed (anonymize or delete).
+ * @return bool True on success, false on failure.
+ */
+ private function log_deletion_action( $user_id, $invoices, $action ) {
+ global $wpdb;
+
+ $table_name = $wpdb->prefix . 'getpaid_anonymization_logs';
+
+ $additional_info = array(
+ 'invoice_count' => count( $invoices ),
+ 'retention_method' => wpinv_get_option( 'data_retention_method', 'anonymize' ),
+ 'retention_period' => wpinv_get_option( 'data_retention_period', '3650' ),
+ );
+
+ /**
+ * Filters the additional info before logging.
+ *
+ * @since 2.8.22
+ * @param array $additional_info The additional information to be logged.
+ * @param int $user_id The ID of the user being processed.
+ * @param array $invoices The invoices being processed.
+ * @param string $action The action being performed (anonymize or delete).
+ */
+ $additional_info = apply_filters( 'wpinv_anonymization_log_additional_info', $additional_info, $user_id, $invoices, $action );
+
+ $data = array(
+ 'user_id' => $user_id,
+ 'action' => sanitize_text_field( $action ),
+ 'data_type' => 'User Invoices',
+ 'timestamp' => current_time( 'mysql', true ),
+ 'additional_info' => wp_json_encode( $additional_info ),
+ );
+
+ $format = array(
+ '%d', // user_id
+ '%s', // action
+ '%s', // data_type
+ '%s', // timestamp
+ '%s', // additional_info
+ );
+
+ if ( ! empty( $user_id ) && ! empty( $action ) ) {
+ // Check if a log entry already exists for this user and action.
+ $existing = $wpdb->get_var(
+ $wpdb->prepare(
+ "SELECT COUNT(*) FROM $table_name WHERE user_id = %d AND action = %s",
+ (int) $user_id,
+ sanitize_text_field( $action )
+ )
+ );
+
+ if ( $existing ) {
+ $result = $wpdb->update(
+ $table_name,
+ $data,
+ array(
+ 'user_id' => (int) $user_id,
+ 'action' => sanitize_text_field( $action ),
+ ),
+ $format,
+ array( '%d', '%s' )
+ );
+ } else {
+ $result = $wpdb->insert( $table_name, $data, $format );
+ }
+
+ if ( false === $result ) {
+ wpinv_error_log( sprintf( 'Failed to log anonymization action for user ID: %d. Error: %s', $user_id, $wpdb->last_error ) );
+ return false;
+ }
+ }
+
+ /**
+ * Fires after logging a deletion or anonymization action.
+ *
+ * @since 2.8.22
+ * @param int $user_id The ID of the user being processed.
+ * @param array $invoices An array of invoice objects being processed.
+ * @param string $action The action being performed (anonymize or delete).
+ * @param array $data The data that was inserted into the log.
+ */
+ do_action( 'wpinv_after_log_deletion_action', $user_id, $invoices, $action, $data );
+
+ return true;
+ }
+
+ /**
+ * Registers the GDPR personal data eraser.
+ *
+ * @since 2.8.22
+ * @param array $erasers Registered erasers.
+ * @return array Modified erasers.
+ */
+ public function register_eraser( $erasers ) {
+ $erasers['getpaid-data-retention'] = array(
+ 'eraser_friendly_name' => __( 'GetPaid Invoice Data', 'invoicing' ),
+ 'callback' => array( $this, 'handle_erasure_request' ),
+ );
+
+ return $erasers;
+ }
+
+ /**
+ * Handles GDPR personal data erasure request.
+ *
+ * @since 2.8.22
+ * @param string $email_address The email address of the user being erased.
+ * @param int $page The current page (for batched processing).
+ * @return array The erasure response.
+ */
+ public function handle_erasure_request( $email_address, $page = 1 ) {
+ $response = array(
+ 'items_removed' => false,
+ 'items_retained' => false,
+ 'messages' => array(),
+ 'done' => true,
+ );
+
+ $user = get_user_by( 'email', $email_address );
+
+ if ( ! $user ) {
+ return $response;
+ }
+
+ $user_id = $user->ID;
+
+ if ( $this->has_active_subscriptions( $user_id ) ) {
+ $response['messages'][] = esc_html__( 'User has active subscriptions. Data cannot be erased at this time.', 'invoicing' );
+ $response['items_removed'] = false;
+ } elseif ( $this->has_paid_invoices( $user_id ) ) {
+ $retention_method = wpinv_get_option( 'data_retention_method', 'anonymize' );
+ if ( 'anonymize' === $retention_method ) {
+ $this->anonymize_user_data( $user_id );
+ $response['messages'][] = esc_html__( 'User data has been anonymized due to existing paid invoices.', 'invoicing' );
+ $response['items_removed'] = false;
+ $response['items_retained'] = true;
+ } else {
+ $this->delete_user_data( $user_id );
+ $response['messages'][] = esc_html__( 'User data has been deleted.', 'invoicing' );
+ $response['items_removed'] = true;
+ $response['items_retained'] = false;
+ }
+ }
+
+ return $response;
+ }
+
+ /**
+ * Hashes email for anonymization.
+ *
+ * @since 2.8.22
+ * @param string $email The email to hash.
+ * @return string The hashed email.
+ */
+ private function hash_email( $email ) {
+ if ( empty( $email ) ) {
+ return '';
+ }
+
+ $site_url = get_site_url();
+ $domain = wp_parse_url( $site_url, PHP_URL_HOST );
+
+ if ( empty( $domain ) ) {
+ $domain = 'localhost';
+ }
+
+ $clean_email = sanitize_email( strtolower( trim( $email ) ) );
+ $hash = wp_hash( $clean_email );
+ $hash = substr( $hash, 0, 20 );
+ $anonymized_email = sprintf( '%s@%s', $hash, $domain );
+
+ /**
+ * Filters the anonymized email before returning.
+ *
+ * @since 2.8.22
+ * @param string $anonymized_email The anonymized email address.
+ * @param string $email The original email address.
+ */
+ return apply_filters( 'wpinv_anonymized_email', $anonymized_email, $email );
+ }
+
+ /**
+ * Anonymizes a given piece of data.
+ *
+ * @since 2.8.22
+ * @param string $data The data to anonymize.
+ * @return string The anonymized data.
+ */
+ private function anonymize_data( $data ) {
+ if ( empty( $data ) ) {
+ return '';
+ }
+
+ return wp_privacy_anonymize_data( 'text', $data );
+ }
+
+ /**
+ * Performs data retention cleanup.
+ *
+ * This method is responsible for cleaning up anonymized user data
+ * that has exceeded the retention period.
+ *
+ * @since 2.8.22
+ */
+ public function perform_data_retention_cleanup() {
+ global $wpdb;
+
+ $retention_period = wpinv_get_option( 'data_retention_period', '3650' );
+
+ // If retention period is set to 'never', exit the function.
+ if ( 'never' === $retention_period ) {
+ return;
+ }
+
+ $customers_table = $wpdb->prefix . 'getpaid_customers';
+
+ // Find anonymized records whose deletion_date has passed.
+ $expired_records = $wpdb->get_results(
+ $wpdb->prepare(
+ "SELECT * FROM $customers_table WHERE deletion_date IS NOT NULL AND deletion_date < %s AND is_anonymized = 1",
+ gmdate( 'Y-m-d' )
+ )
+ );
+
+ /**
+ * Fires before the data retention cleanup process begins.
+ *
+ * @since 2.8.22
+ * @param array $expired_records Array of customer records to be processed.
+ */
+ do_action( 'getpaid_data_retention_before_cleanup', $expired_records );
+
+ if ( ! empty( $expired_records ) ) {
+ // Disable our custom user deletion handling to prevent recursion.
+ $this->handle_user_deletion = false;
+
+ foreach ( $expired_records as $record ) {
+ // Delete associated invoices.
+ $this->ensure_invoice_anonymization( (int) $record->user_id, 'delete' );
+
+ // Delete the user.
+ wp_delete_user( (int) $record->user_id );
+
+ /**
+ * Fires after processing each expired record during cleanup.
+ *
+ * @since 2.8.22
+ * @param object $record The customer record being processed.
+ */
+ do_action( 'getpaid_data_retention_process_record', $record );
+ }
+
+ // Re-enable our custom user deletion handling.
+ $this->handle_user_deletion = true;
+
+ /**
+ * Fires after the data retention cleanup process is complete.
+ *
+ * @since 2.8.22
+ * @param array $expired_records Array of customer records that were processed.
+ */
+ do_action( 'getpaid_data_retention_after_cleanup', $expired_records );
+ }
+
+ /**
+ * Fires after the data retention cleanup attempt, regardless of whether records were processed.
+ *
+ * @since 2.8.22
+ * @param int $retention_period The current retention period in days.
+ * @param string $cutoff_date The cutoff date used for identifying expired records.
+ */
+ do_action( 'getpaid_data_retention_cleanup_complete', $retention_period, gmdate( 'Y-m-d' ) );
+ }
+
+ /**
+ * Ends the user's current session.
+ *
+ * @since 2.8.22
+ */
+ private function end_user_session() {
+ wp_logout();
+
+ // Redirect after deletion.
+ $redirect_page = home_url();
+ wp_safe_redirect( $redirect_page );
+ exit();
+ }
+}
diff --git a/includes/gateways/class-getpaid-authorize-net-gateway.php b/includes/gateways/class-getpaid-authorize-net-gateway.php
index ba5b0e03..1334c345 100644
--- a/includes/gateways/class-getpaid-authorize-net-gateway.php
+++ b/includes/gateways/class-getpaid-authorize-net-gateway.php
@@ -63,6 +63,24 @@ class GetPaid_Authorize_Net_Gateway extends GetPaid_Authorize_Net_Legacy_Gateway
*/
public $currencies = array( 'USD', 'CAD', 'GBP', 'DKK', 'NOK', 'PLN', 'SEK', 'AUD', 'EUR', 'NZD' );
+ /**
+ * Currencies ACH payments are allowed for.
+ *
+ * @var array
+ */
+ public $ach_currencies = array( 'USD' );
+
+ /**
+ * ACH account types.
+ *
+ * @var array
+ */
+ protected $ach_account_types = array(
+ 'checking' => 'Checking',
+ 'savings' => 'Savings',
+ 'businessChecking' => 'Business Checking',
+ );
+
/**
* URL to view a transaction.
*
@@ -92,11 +110,27 @@ public function __construct() {
*/
public function payment_fields( $invoice_id, $form ) {
- // Let the user select a payment method.
- $this->saved_payment_methods();
+ $ach_enabled = wpinv_get_option( 'authorizenet_enable_ach' );
+ $show_type_selector = $ach_enabled && $this->is_ach_available();
- // Show the credit card entry form.
- $this->new_payment_method_entry( $this->get_cc_form( true ) );
+ // Payment type selector (CC vs ACH).
+ if ( $show_type_selector ) {
+ $this->render_payment_type_selector();
+ }
+
+ // Credit Card Section.
+ echo '';
+ $this->saved_payment_methods_by_type( 'card' );
+ $this->new_payment_method_entry( $this->get_cc_form( true ) );
+ echo '
';
+
+ // ACH Section.
+ if ( $show_type_selector ) {
+ echo '';
+ $this->saved_payment_methods_by_type( 'ach' );
+ $this->new_payment_method_entry( $this->get_ach_form( true ) );
+ echo '
';
+ }
}
/**
@@ -111,8 +145,16 @@ public function payment_fields( $invoice_id, $form ) {
*/
public function create_customer_profile( $invoice, $submission_data, $save = true ) {
- // Remove non-digits from the number
- $submission_data['authorizenet']['cc_number'] = preg_replace( '/\D/', '', $submission_data['authorizenet']['cc_number'] );
+ // Determine payment type.
+ $is_ach_payment = $this->is_ach_payment( $submission_data['authorizenet'] );
+
+ // Remove non-digits from the card/account number.
+ if ( $is_ach_payment ) {
+ $submission_data['authorizenet']['ach_routing_number'] = preg_replace( '/\D/', '', $submission_data['authorizenet']['ach_routing_number'] );
+ $submission_data['authorizenet']['ach_account_number'] = preg_replace( '/\D/', '', $submission_data['authorizenet']['ach_account_number'] );
+ } else {
+ $submission_data['authorizenet']['cc_number'] = preg_replace( '/\D/', '', $submission_data['authorizenet']['cc_number'] );
+ }
// Generate args.
$args = array(
@@ -169,12 +211,19 @@ public function create_customer_profile( $invoice, $submission_data, $save = tru
// Save the payment token.
if ( $save ) {
+ if ( $is_ach_payment ) {
+ $token_name = $this->get_ach_token_name( $submission_data['authorizenet'] );
+ } else {
+ $token_name = getpaid_get_card_name( $submission_data['authorizenet']['cc_number'] ) . '····' . substr( $submission_data['authorizenet']['cc_number'], -4 );
+ }
+
$this->save_token(
array(
- 'id' => $response->customerPaymentProfileIdList[0],
- 'name' => getpaid_get_card_name( $submission_data['authorizenet']['cc_number'] ) . '····' . substr( $submission_data['authorizenet']['cc_number'], -4 ),
- 'default' => true,
- 'type' => $this->is_sandbox( $invoice ) ? 'sandbox' : 'live',
+ 'id' => $response->customerPaymentProfileIdList[0],
+ 'name' => $token_name,
+ 'default' => true,
+ 'type' => $this->is_sandbox( $invoice ) ? 'sandbox' : 'live',
+ 'payment_method' => $is_ach_payment ? 'ach' : 'card',
)
);
}
@@ -213,26 +262,34 @@ public function get_customer_profile( $profile_id ) {
}
/**
- * Creates a customer profile.
+ * Creates a customer payment profile.
*
*
* @param string $profile_id profile id.
* @param WPInv_Invoice $invoice Invoice.
* @param array $submission_data Posted checkout fields.
* @param bool $save Whether or not to save the payment as a token.
- * @link https://developer.authorize.net/api/reference/index.html#customer-profiles-create-customer-profile
+ * @link https://developer.authorize.net/api/reference/index.html#customer-profiles-create-customer-payment-profile
* @return string|WP_Error Profile id.
*/
public function create_customer_payment_profile( $customer_profile, $invoice, $submission_data, $save ) {
- // Remove non-digits from the number
- $submission_data['authorizenet']['cc_number'] = preg_replace( '/\D/', '', $submission_data['authorizenet']['cc_number'] );
+ // Determine payment type.
+ $is_ach_payment = $this->is_ach_payment( $submission_data['authorizenet'] );
+
+ // Remove non-digits from the card/account number.
+ if ( $is_ach_payment ) {
+ $submission_data['authorizenet']['ach_routing_number'] = preg_replace( '/\D/', '', $submission_data['authorizenet']['ach_routing_number'] );
+ $submission_data['authorizenet']['ach_account_number'] = preg_replace( '/\D/', '', $submission_data['authorizenet']['ach_account_number'] );
+ } else {
+ $submission_data['authorizenet']['cc_number'] = preg_replace( '/\D/', '', $submission_data['authorizenet']['cc_number'] );
+ }
- // Prepare card details.
- $payment_information = $this->get_payment_information( $submission_data['authorizenet'] );
+ // Prepare payment details.
+ $payment_information = $this->get_payment_information( $submission_data['authorizenet'] );
- // Authorize.NET does not support saving the same card twice.
- $cached_information = $this->retrieve_payment_profile_from_cache( $payment_information, $customer_profile, $invoice );
+ // Authorize.NET does not support saving the same payment method twice.
+ $cached_information = $this->retrieve_payment_profile_from_cache( $payment_information, $customer_profile, $invoice );
if ( $cached_information ) {
return $cached_information;
@@ -284,12 +341,19 @@ public function create_customer_payment_profile( $customer_profile, $invoice, $s
// Save the payment token.
if ( $save ) {
+ if ( $is_ach_payment ) {
+ $token_name = $this->get_ach_token_name( $submission_data['authorizenet'] );
+ } else {
+ $token_name = getpaid_get_card_name( $submission_data['authorizenet']['cc_number'] ) . ' ···· ' . substr( $submission_data['authorizenet']['cc_number'], -4 );
+ }
+
$this->save_token(
array(
- 'id' => $response->customerPaymentProfileId,
- 'name' => getpaid_get_card_name( $submission_data['authorizenet']['cc_number'] ) . ' ···· ' . substr( $submission_data['authorizenet']['cc_number'], -4 ),
- 'default' => true,
- 'type' => $this->is_sandbox( $invoice ) ? 'sandbox' : 'live',
+ 'id' => $response->customerPaymentProfileId,
+ 'name' => $token_name,
+ 'default' => true,
+ 'type' => $this->is_sandbox( $invoice ) ? 'sandbox' : 'live',
+ 'payment_method' => $is_ach_payment ? 'ach' : 'card',
)
);
}
@@ -489,20 +553,24 @@ public function process_charge_response( $result, $invoice ) {
* Returns payment information.
*
*
- * @param array $card Card details.
+ * @param array $data Payment form data (card or ACH details).
* @return array
*/
- public function get_payment_information( $card ) {
- return array(
-
- 'creditCard' => array(
- 'cardNumber' => $card['cc_number'],
- 'expirationDate' => $card['cc_expire_year'] . '-' . $card['cc_expire_month'],
- 'cardCode' => $card['cc_cvv2'],
- ),
+ public function get_payment_information( $data ) {
+ // Check if this is an ACH payment.
+ if ( $this->is_ach_payment( $data ) ) {
+ return $this->get_ach_payment_information( $data );
+ }
- );
- }
+ // Default to credit card.
+ return array(
+ 'creditCard' => array(
+ 'cardNumber' => $data['cc_number'],
+ 'expirationDate' => $data['cc_expire_year'] . '-' . $data['cc_expire_month'],
+ 'cardCode' => $data['cc_cvv2'],
+ ),
+ );
+ }
/**
* Returns the customer profile meta name.
@@ -515,6 +583,302 @@ public function get_customer_profile_meta_name( $invoice ) {
return $this->is_sandbox( $invoice ) ? 'getpaid_authorizenet_sandbox_customer_profile_id' : 'getpaid_authorizenet_customer_profile_id';
}
+ /**
+ * Checks if ACH payments are available for the current currency.
+ *
+ * @return bool
+ */
+ public function is_ach_available() {
+ $currency = wpinv_get_currency();
+ return in_array( $currency, $this->ach_currencies, true );
+ }
+
+ /**
+ * Checks if the payment data is for an ACH payment.
+ *
+ * @param array $data Payment data.
+ * @return bool
+ */
+ public function is_ach_payment( $data ) {
+ return isset( $data['payment_type'] ) && 'ach' === $data['payment_type'];
+ }
+
+ /**
+ * Generates a display name for an ACH token.
+ *
+ * @param array $data ACH form data.
+ * @return string
+ */
+ public function get_ach_token_name( $data ) {
+ $account_type = isset( $data['ach_account_type'] ) ? $data['ach_account_type'] : 'checking';
+ $account_number = preg_replace( '/\D/', '', isset( $data['ach_account_number'] ) ? $data['ach_account_number'] : '' );
+ $last_four = substr( $account_number, -4 );
+
+ $type_labels = array(
+ 'checking' => __( 'Checking', 'invoicing' ),
+ 'savings' => __( 'Savings', 'invoicing' ),
+ 'businessChecking' => __( 'Business Checking', 'invoicing' ),
+ );
+
+ $type_label = isset( $type_labels[ $account_type ] ) ? $type_labels[ $account_type ] : __( 'Bank Account', 'invoicing' );
+
+ return $type_label . ' ····' . $last_four;
+ }
+
+ /**
+ * Returns the ACH/eCheck form HTML.
+ *
+ * @param bool $save Whether to display the save checkbox.
+ * @return string
+ */
+ public function get_ach_form( $save = false ) {
+ ob_start();
+
+ $id_prefix = esc_attr( uniqid( $this->id . '_ach_' ) );
+ ?>
+
+
+
+ sanitize_text_field( isset( $data['ach_account_type'] ) ? $data['ach_account_type'] : 'checking' ),
+ 'routingNumber' => preg_replace( '/\D/', '', isset( $data['ach_routing_number'] ) ? $data['ach_routing_number'] : '' ),
+ 'accountNumber' => preg_replace( '/\D/', '', isset( $data['ach_account_number'] ) ? $data['ach_account_number'] : '' ),
+ 'nameOnAccount' => getpaid_limit_length( sanitize_text_field( isset( $data['ach_name_on_account'] ) ? $data['ach_name_on_account'] : '' ), 22 ),
+ 'echeckType' => 'WEB',
+ );
+
+ return array( 'bankAccount' => $bank_account );
+ }
+
+ /**
+ * Validates ACH form fields.
+ *
+ * @param array $data ACH form data.
+ * @return true|WP_Error
+ */
+ public function validate_ach_fields( $data ) {
+ // Routing number validation (9 digits).
+ $routing = preg_replace( '/\D/', '', isset( $data['ach_routing_number'] ) ? $data['ach_routing_number'] : '' );
+ if ( strlen( $routing ) !== 9 ) {
+ return new WP_Error( 'invalid_routing', __( 'Please enter a valid 9-digit routing number.', 'invoicing' ) );
+ }
+
+ // Validate routing number checksum.
+ if ( ! $this->validate_routing_number_checksum( $routing ) ) {
+ return new WP_Error( 'invalid_routing', __( 'The routing number appears to be invalid.', 'invoicing' ) );
+ }
+
+ // Account number validation (1-17 digits).
+ $account = preg_replace( '/\D/', '', isset( $data['ach_account_number'] ) ? $data['ach_account_number'] : '' );
+ if ( empty( $account ) || strlen( $account ) > 17 ) {
+ return new WP_Error( 'invalid_account', __( 'Please enter a valid account number.', 'invoicing' ) );
+ }
+
+ // Name on account validation.
+ $name = trim( isset( $data['ach_name_on_account'] ) ? $data['ach_name_on_account'] : '' );
+ if ( empty( $name ) ) {
+ return new WP_Error( 'invalid_name', __( 'Please enter the name on the account.', 'invoicing' ) );
+ }
+
+ // Account type validation.
+ $valid_types = array_keys( $this->ach_account_types );
+ $account_type = isset( $data['ach_account_type'] ) ? $data['ach_account_type'] : '';
+ if ( ! in_array( $account_type, $valid_types, true ) ) {
+ return new WP_Error( 'invalid_account_type', __( 'Please select a valid account type.', 'invoicing' ) );
+ }
+
+ return true;
+ }
+
+ /**
+ * Validates a routing number using the ABA checksum algorithm.
+ *
+ * @param string $routing The 9-digit routing number.
+ * @return bool
+ */
+ public function validate_routing_number_checksum( $routing ) {
+ if ( strlen( $routing ) !== 9 ) {
+ return false;
+ }
+
+ $checksum = (
+ 3 * ( (int) $routing[0] + (int) $routing[3] + (int) $routing[6] ) +
+ 7 * ( (int) $routing[1] + (int) $routing[4] + (int) $routing[7] ) +
+ 1 * ( (int) $routing[2] + (int) $routing[5] + (int) $routing[8] )
+ );
+
+ return $checksum % 10 === 0;
+ }
+
+ /**
+ * Displays saved payment methods filtered by type.
+ *
+ * @param string $payment_type 'card' or 'ach'.
+ */
+ public function saved_payment_methods_by_type( $payment_type = 'card' ) {
+ $tokens = $this->get_tokens( $this->is_sandbox() );
+
+ // Filter tokens by payment method type.
+ $filtered_tokens = array();
+ foreach ( $tokens as $token ) {
+ $token_type = isset( $token['payment_method'] ) ? $token['payment_method'] : 'card';
+ if ( $token_type === $payment_type ) {
+ $filtered_tokens[] = $token;
+ }
+ }
+
+ // For cards, if no tokens have payment_method set, assume they're all cards (backwards compatibility).
+ if ( empty( $filtered_tokens ) && 'card' === $payment_type ) {
+ foreach ( $tokens as $token ) {
+ if ( ! isset( $token['payment_method'] ) || 'card' === $token['payment_method'] ) {
+ $filtered_tokens[] = $token;
+ }
+ }
+ }
+
+ $input_name = 'ach' === $payment_type ? 'getpaid-authorizenet-ach-payment-method' : 'getpaid-authorizenet-payment-method';
+ $new_label = 'ach' === $payment_type ? __( 'Use a new bank account', 'invoicing' ) : __( 'Use a new card', 'invoicing' );
+
+ echo '';
+ }
+
/**
* Validates the submitted data.
*
@@ -532,16 +896,31 @@ public function validate_submission_data( $submission_data, $invoice ) {
return new WP_Error( 'invalid_settings', __( 'Please set-up your login id and transaction key before using this gateway.', 'invoicing' ) );
}
+ // Determine if this is an ACH payment.
+ $is_ach_payment = $this->is_ach_payment( isset( $submission_data['authorizenet'] ) ? $submission_data['authorizenet'] : array() );
+ $payment_method_key = $is_ach_payment ? 'getpaid-authorizenet-ach-payment-method' : 'getpaid-authorizenet-payment-method';
+
// Validate the payment method.
- if ( empty( $submission_data['getpaid-authorizenet-payment-method'] ) ) {
- return new WP_Error( 'invalid_payment_method', __( 'Please select a different payment method or add a new card.', 'invoicing' ) );
+ if ( empty( $submission_data[ $payment_method_key ] ) ) {
+ $error_message = $is_ach_payment
+ ? __( 'Please select a different payment method or add a new bank account.', 'invoicing' )
+ : __( 'Please select a different payment method or add a new card.', 'invoicing' );
+ return new WP_Error( 'invalid_payment_method', $error_message );
}
// Are we adding a new payment method?
- if ( 'new' != $submission_data['getpaid-authorizenet-payment-method'] ) {
- return $submission_data['getpaid-authorizenet-payment-method'];
+ if ( 'new' != $submission_data[ $payment_method_key ] ) {
+ return $submission_data[ $payment_method_key ];
}
+ // Validate ACH fields if this is a new ACH payment.
+ if ( $is_ach_payment ) {
+ $ach_validation = $this->validate_ach_fields( $submission_data['authorizenet'] );
+ if ( is_wp_error( $ach_validation ) ) {
+ return $ach_validation;
+ }
+ }
+
// Retrieve the customer profile id.
$profile_id = get_user_meta( $invoice->get_user_id(), $this->get_customer_profile_meta_name( $invoice ), true );
@@ -896,6 +1275,32 @@ public function admin_settings( $admin_settings ) {
'readonly' => true,
);
+ // ACH/eCheck Settings.
+ $admin_settings['authorizenet_ach_header'] = array(
+ 'type' => 'header',
+ 'id' => 'authorizenet_ach_header',
+ 'name' => '' . __( 'ACH/eCheck Settings', 'invoicing' ) . ' ',
+ );
+
+ $admin_settings['authorizenet_enable_ach'] = array(
+ 'type' => 'checkbox',
+ 'id' => 'authorizenet_enable_ach',
+ 'name' => __( 'Enable ACH Payments', 'invoicing' ),
+ 'desc' => sprintf(
+ __( 'Allow customers to pay via bank account (ACH/eCheck). Only available for USD transactions. %1$sLearn more about ACH payments%2$s.', 'invoicing' ),
+ '',
+ ' '
+ ),
+ );
+
+ $admin_settings['authorizenet_ach_description'] = array(
+ 'type' => 'text',
+ 'id' => 'authorizenet_ach_description',
+ 'name' => __( 'ACH Description', 'invoicing' ),
+ 'desc' => __( 'Description shown to customers when they select ACH payment.', 'invoicing' ),
+ 'std' => __( 'Pay directly from your bank account.', 'invoicing' ),
+ );
+
return $admin_settings;
}
diff --git a/readme.txt b/readme.txt
index 9444bf97..9b38601a 100644
--- a/readme.txt
+++ b/readme.txt
@@ -142,6 +142,11 @@ Automatic updates should work seamlessly. To avoid unforeseen problems, we alway
== Changelog ==
+= 2.8.45 - TBD =
+* Data anonymization - Fixed GDPR eraser hook, infinite recursion on user deletion, personal data leaking in logs, and missing billing address anonymization - FIXED
+* Authorize.net - ACH/eCheck bank account payments - ADDED
+* Minor bug fixes - FIXED
+
= 2.8.44 - 2026-02-26 =
* Option added to use native site template for direct payment page - ADDED