function doModel() { switch ($this->action) { case 'logout': // unset only the required parameters in Session Session::newInstance()->_drop('adminId'); Session::newInstance()->_drop('adminUserName'); Session::newInstance()->_drop('adminName'); Session::newInstance()->_drop('adminEmail'); Session::newInstance()->_drop('adminLocale'); Cookie::newInstance()->pop('oc_adminId'); Cookie::newInstance()->pop('oc_adminSecret'); Cookie::newInstance()->pop('oc_adminLocale'); Cookie::newInstance()->set(); $this->redirectTo(osc_admin_base_url(true)); break; default: //default dashboard page (main page at oc-admin) $this->_exportVariableToView("numUsers", User::newInstance()->count()); $this->_exportVariableToView("numAdmins", Admin::newInstance()->count()); $this->_exportVariableToView("numItems", Item::newInstance()->count()); $this->_exportVariableToView("numItemsSpam", Item::newInstance()->totalItems(null, 'SPAM')); $this->_exportVariableToView("numItemsBlock", Item::newInstance()->totalItems(null, 'DISABLED')); $this->_exportVariableToView("numItemsInactive", Item::newInstance()->totalItems(null, 'INACTIVE')); $this->_exportVariableToView("numItemsPerCategory", osc_get_non_empty_categories()); $this->_exportVariableToView("newsList", osc_listNews()); $this->_exportVariableToView("comments", ItemComment::newInstance()->getLastComments(5)); //calling the view... $this->doView('main/index.php'); } }
function basic_info() { require_once ABS_PATH . 'oc-includes/osclass/model/Admin.php'; require_once ABS_PATH . 'oc-includes/osclass/model/Preference.php'; Admin::newInstance()->insert(array('s_name' => 'Administrator', 's_username' => 'admin', 's_password' => sha1('admin'), 's_email' => $_POST['email'])); $mPreference = Preference::newInstance(); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'pageTitle', 's_value' => $_POST['webtitle'], 'e_type' => 'STRING')); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'contactEmail', 's_value' => $_POST['email'], 'e_type' => 'STRING')); }
function __construct() { parent::__construct(); if ($this->isModerator()) { if ($this->action != 'edit' && $this->action != 'edit_post' || Params::getParam('id') != '' && Params::getParam('id') != osc_logged_admin_id()) { osc_add_flash_error_message(_m("You don't have enough permissions"), 'admin'); $this->redirectTo(osc_admin_base_url()); } } //specific things for this class $this->adminManager = Admin::newInstance(); }
function basic_info() { require_once LIB_PATH . 'osclass/model/Admin.php'; require_once LIB_PATH . 'osclass/model/Preference.php'; require_once LIB_PATH . 'osclass/helpers/hSecurity.php'; if ($_POST['s_name'] == '') { $admin = 'admin'; } else { $admin = $_POST['s_name']; } if ($_POST['s_passwd'] == '') { $password = osc_genRandomPassword(); } else { $password = $_POST['s_passwd']; } Admin::newInstance()->insert(array('s_name' => 'Administrator', 's_username' => $admin, 's_password' => sha1($password), 's_email' => $_POST['email'])); $mPreference = Preference::newInstance(); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'pageTitle', 's_value' => $_POST['webtitle'], 'e_type' => 'STRING')); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'contactEmail', 's_value' => $_POST['email'], 'e_type' => 'STRING')); $body = 'Welcome ' . $_POST['webtitle'] . ',<br/><br/>'; $body .= 'Your OSClass installation at ' . WEB_PATH . ' is up and running. You can access to the administration panel with this data access:<br/>'; $body .= '<ul>'; $body .= '<li>username: '******'</li>'; $body .= '<li>password: '******'</li>'; $body .= '</ul>'; $body .= 'Regards,<br/>'; $body .= 'The <a href=\'http://osclass.org/\'>OSClass</a> team'; $sitename = strtolower($_SERVER['SERVER_NAME']); if (substr($sitename, 0, 4) == 'www.') { $sitename = substr($sitename, 4); } try { require_once LIB_PATH . 'phpmailer/class.phpmailer.php'; $mail = new PHPMailer(true); $mail->CharSet = "utf-8"; $mail->Host = "localhost"; $mail->From = 'osclass@' . $sitename; $mail->FromName = 'OSClass'; $mail->Subject = 'OSClass successfully installed!'; $mail->AddAddress($_POST['email'], 'OSClass administrator'); $mail->Body = $body; $mail->AltBody = $body; if (!$mail->Send()) { return array('email_status' => $_POST['email'] . "<br>" . $mail->ErrorInfo, 's_password' => $password); } else { return array('email_status' => '', 's_password' => $password); } } catch (phpmailerException $exception) { } }
function basic_info() { require_once LIB_PATH . 'osclass/model/Admin.php'; require_once LIB_PATH . 'osclass/helpers/hSecurity.php'; $admin = Params::getParam('s_name'); if ($admin == '') { $admin = 'admin'; } $password = Params::getParam('s_passwd', false, false); if ($password == '') { $password = osc_genRandomPassword(); } Admin::newInstance()->insert(array('s_name' => 'Administrator', 's_username' => $admin, 's_password' => osc_hash_password($password), 's_email' => Params::getParam('email'))); $mPreference = Preference::newInstance(); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'pageTitle', 's_value' => Params::getParam('webtitle'), 'e_type' => 'STRING')); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'contactEmail', 's_value' => Params::getParam('email'), 'e_type' => 'STRING')); $body = sprintf(__('Hi %s,'), Params::getParam('webtitle')) . "<br/><br/>"; $body .= sprintf(__('Your Osclass installation at %s is up and running. You can access the administration panel with these details:'), WEB_PATH) . '<br/>'; $body .= '<ul>'; $body .= '<li>' . sprintf(__('username: %s'), $admin) . '</li>'; $body .= '<li>' . sprintf(__('password: %s'), $password) . '</li>'; $body .= '</ul>'; $body .= sprintf(__('Remember that for any doubts you might have you can consult our <a href="%1$s">documentation</a>, <a href="%2$s">forum</a> or <a href="%3$s">blog</a>.'), 'http://doc.osclass.org/', 'http://forums.osclass.org/', 'http://blog.osclass.org/'); $body .= sprintf(' ' . __('Osclass doesn’t run any developments but we can put you in touch with third party developers through a Premium Support. And hey, if you would like to contribute to Osclass - learn how <a href="%1$s">here</a>!'), 'http://blog.osclass.org/2012/11/22/how-to-collaborate-to-osclass/') . '<br/><br/>'; $body .= __('Cheers,') . "<br/>"; $body .= __('The <a href="http://osclass.org/">Osclass</a> team'); $sitename = strtolower($_SERVER['SERVER_NAME']); if (substr($sitename, 0, 4) == 'www.') { $sitename = substr($sitename, 4); } try { require_once LIB_PATH . 'phpmailer/class.phpmailer.php'; $mail = new PHPMailer(true); $mail->CharSet = "utf-8"; $mail->Host = "localhost"; $mail->From = 'osclass@' . $sitename; $mail->FromName = 'Osclass'; $mail->Subject = 'Osclass successfully installed!'; $mail->AddAddress(Params::getParam('email'), 'Osclass administrator'); $mail->Body = $body; $mail->AltBody = $body; if (!$mail->Send()) { return array('email_status' => Params::getParam('email') . "<br>" . $mail->ErrorInfo, 's_password' => $password); } return array('email_status' => '', 's_password' => $password); } catch (phpmailerException $exception) { return array('email_status' => Params::getParam('email') . "<br>" . $exception->errorMessage(), 's_password' => $password); } }
function basic_info() { require_once LIB_PATH . 'osclass/model/Admin.php'; require_once LIB_PATH . 'osclass/helpers/hSecurity.php'; $admin = Params::getParam('s_name'); if ($admin == '') { $admin = 'admin'; } $password = Params::getParam('s_passwd', false, false); if ($password == '') { $password = osc_genRandomPassword(); } Admin::newInstance()->insert(array('s_name' => 'Administrator', 's_username' => $admin, 's_password' => osc_hash_password($password), 's_email' => Params::getParam('email'))); $mPreference = Preference::newInstance(); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'pageTitle', 's_value' => Params::getParam('webtitle'), 'e_type' => 'STRING')); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'contactEmail', 's_value' => Params::getParam('email'), 'e_type' => 'STRING')); $body = sprintf(__('Привет %s,'), Params::getParam('webtitle')) . "<br/><br/>"; $body .= sprintf(__('Osclass успешно установлен %s и запущен. Вы можете получить доступ к панели администрирования:'), WEB_PATH) . '<br/>'; $body .= '<ul>'; $body .= '<li>' . sprintf(__('username: %s'), $admin) . '</li>'; $body .= '<li>' . sprintf(__('password: %s'), $password) . '</li>'; $body .= '</ul>'; $body .= sprintf(__('Помните, если у вас появяться вопросы вы можете прочитать <a href="%1$s">документацию</a>, спросить на <a href="%2$s">форуме</a> или в <a href="%3$s">блоге</a>.'), 'http://os-class.ru/wiki', 'http://os-class.ru/frm', 'http://os-class.ru/category/articles'); $body .= sprintf(' ' . __('Osclass doesn’t run any developments but we can put you in touch with third party developers through a Premium Support. And hey, if you would like to contribute to Osclass - learn how <a href="%1$s">here</a>!'), 'http://blog.osclass.org/2012/11/22/how-to-collaborate-to-osclass/') . '<br/><br/>'; $body .= __('Аплодисменты,') . "<br/>"; $body .= __('Ваш <a href="http://os-class.ru/">Osclass Rus Team</a> team'); $sitename = strtolower($_SERVER['SERVER_NAME']); if (substr($sitename, 0, 4) == 'www.') { $sitename = substr($sitename, 4); } try { require_once LIB_PATH . 'phpmailer/class.phpmailer.php'; $mail = new PHPMailer(true); $mail->CharSet = "utf-8"; $mail->Host = "localhost"; $mail->From = 'osclass@' . $sitename; $mail->FromName = 'Osclass'; $mail->Subject = 'Osclass успешно установлен!'; $mail->AddAddress(Params::getParam('email'), 'Osclass administrator'); $mail->Body = $body; $mail->AltBody = $body; if (!$mail->Send()) { return array('email_status' => Params::getParam('email') . "<br>" . $mail->ErrorInfo, 's_password' => $password); } return array('email_status' => '', 's_password' => $password); } catch (phpmailerException $exception) { return array('email_status' => Params::getParam('email') . "<br>" . $exception->errorMessage(), 's_password' => $password); } }
function basic_info() { require_once LIB_PATH . 'osclass/model/Admin.php'; require_once LIB_PATH . 'osclass/helpers/hSecurity.php'; $admin = Params::getParam('s_name'); if ($admin == '') { $admin = 'admin'; } $password = Params::getParam('s_passwd', false, false); if ($password == '') { $password = osc_genRandomPassword(); } Admin::newInstance()->insert(array('s_name' => 'Administrator', 's_username' => $admin, 's_password' => sha1($password), 's_email' => Params::getParam('email'))); $mPreference = Preference::newInstance(); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'pageTitle', 's_value' => Params::getParam('webtitle'), 'e_type' => 'STRING')); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'contactEmail', 's_value' => Params::getParam('email'), 'e_type' => 'STRING')); $body = sprintf(__('Welcome %s,'), Params::getParam('webtitle')) . "<br/><br/>"; $body .= sprintf(__('Your OSClass installation at %s is up and running. You can access the administration panel with these details:'), WEB_PATH) . "<br/>"; $body .= '<ul>'; $body .= '<li>' . sprintf(__('username: %s'), $admin) . '</li>'; $body .= '<li>' . sprintf(__('password: %s'), $password) . '</li>'; $body .= '</ul>'; $body .= __('Regards,') . "<br/>"; $body .= __('The <a href="http://osclass.org/">OSClass</a> team'); $sitename = strtolower($_SERVER['SERVER_NAME']); if (substr($sitename, 0, 4) == 'www.') { $sitename = substr($sitename, 4); } try { require_once LIB_PATH . 'phpmailer/class.phpmailer.php'; $mail = new PHPMailer(true); $mail->CharSet = "utf-8"; $mail->Host = "localhost"; $mail->From = 'osclass@' . $sitename; $mail->FromName = 'OSClass'; $mail->Subject = 'OSClass successfully installed!'; $mail->AddAddress(Params::getParam('email'), 'OSClass administrator'); $mail->Body = $body; $mail->AltBody = $body; if (!$mail->Send()) { return array('email_status' => Params::getParam('email') . "<br>" . $mail->ErrorInfo, 's_password' => $password); } return array('email_status' => '', 's_password' => $password); } catch (phpmailerException $exception) { return array('email_status' => Params::getParam('email') . "<br>" . $exception->errorMessage(), 's_password' => $password); } }
function osc_is_admin_user_logged_in() { if (Session::newInstance()->_get("adminId") != '') { return true; } //can already be a logged user or not, we'll take a look into the cookie if (Cookie::newInstance()->get_value('oc_adminId') != '' && Cookie::newInstance()->get_value('oc_adminSecret') != '') { $admin = Admin::newInstance()->findByIdSecret(Cookie::newInstance()->get_value('oc_adminId'), Cookie::newInstance()->get_value('oc_adminSecret')); Session::newInstance()->_set('adminId', $admin['pk_i_id']); Session::newInstance()->_set('adminUserName', $admin['s_username']); Session::newInstance()->_set('adminName', $admin['s_name']); Session::newInstance()->_set('adminEmail', $admin['s_email']); Session::newInstance()->_set('adminLocale', Cookie::newInstance()->get_value('oc_adminLocale')); return true; } return false; }
function doModel() { switch ($this->action) { case 'login_post': //post execution for the login if (Params::getParam('user') == '' && Params::getParam('password', false, false) == '') { $this->redirectTo(osc_admin_base_url()); } if (Params::getParam('user') == '') { osc_add_flash_error_message(_m('The username field is empty'), 'admin'); $this->redirectTo(osc_admin_base_url()); } if (Params::getParam('password') == '') { osc_add_flash_error_message(_m('The password field is empty'), 'admin'); $this->redirectTo(osc_admin_base_url()); } // fields are not empty $admin = Admin::newInstance()->findByUsername(Params::getParam('user')); if (!$admin) { osc_add_flash_error_message(sprintf(_m('Sorry, incorrect username. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin'); $this->redirectTo(osc_admin_base_url()); } if ($admin["s_password"] !== sha1(Params::getParam('password', false, false))) { osc_add_flash_error_message(sprintf(_m('Sorry, incorrect password. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin'); $this->redirectTo(osc_admin_base_url()); } if (Params::getParam('remember')) { // this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']); Cookie::newInstance()->push('oc_adminSecret', $secret); Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale')); Cookie::newInstance()->set(); } // we are logged in... let's go! Session::newInstance()->_set('adminId', $admin['pk_i_id']); Session::newInstance()->_set('adminUserName', $admin['s_username']); Session::newInstance()->_set('adminName', $admin['s_name']); Session::newInstance()->_set('adminEmail', $admin['s_email']); Session::newInstance()->_set('adminLocale', Params::getParam('locale')); $this->redirectTo(osc_admin_base_url()); break; case 'recover': // form to recover the password (in this case we have the form in /gui/) $this->doView('gui/recover.php'); break; case 'recover_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url()); } // post execution to recover the password $admin = Admin::newInstance()->findByEmail(Params::getParam('email')); if ($admin) { if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover'); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $newPassword = osc_genRandomPassword(40); Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id'])); $password_url = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword); osc_run_hook('hook_email_user_forgot_password', $admin, $password_url); } osc_add_flash_ok_message(_m('A new password has been sent to your e-mail'), 'admin'); $this->redirectTo(osc_admin_base_url()); break; case 'forgot': // form to recover the password (in this case we have the form in /gui/) $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if (!$admin) { osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin'); $this->redirectTo(osc_admin_base_url()); } $this->doView('gui/forgot_password.php'); break; case 'forgot_post': $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if (!$admin) { osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin'); $this->redirectTo(osc_admin_base_url()); } if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) { Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => sha1(Params::getParam('new_password', false, false))), array('pk_i_id' => $admin['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed'), 'admin'); $this->redirectTo(osc_admin_base_url()); } else { osc_add_flash_error_message(_m("Error, the password don't match"), 'admin'); $this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code'))); } break; } }
/** * Check is an admin is a super admin or only a moderator * * @return boolean */ function osc_is_moderator() { $admin = Admin::newInstance()->findByPrimaryKey(osc_logged_admin_id()); if (isset($admin['b_moderator']) && $admin['b_moderator'] != 0) { return true; } return false; }
*/ error_reporting(0); define('ABS_PATH', dirname(dirname(dirname(__FILE__))) . '/'); require_once ABS_PATH . 'oc-includes/osclass/db.php'; require_once ABS_PATH . 'oc-includes/osclass/classes/DAO.php'; require_once ABS_PATH . 'oc-includes/osclass/model/Admin.php'; require_once ABS_PATH . 'oc-includes/osclass/helpers/hDatabaseInfo.php'; require_once ABS_PATH . 'oc-includes/osclass/core/Params.php'; require_once ABS_PATH . 'oc-includes/osclass/compatibility.php'; require_once ABS_PATH . 'config.php'; $old_passwd = Params::getParam('old_password', false, false); $id_admin = Params::getParam('id'); $new_username = Params::getParam('new_username'); $new_passwd = Params::getParam('new_password', false, false); $response = array('error' => 'Operation fail'); $mAdmin = Admin::newInstance(); $admin = $mAdmin->findByIdPassword(1, sha1($old_passwd)); if ($admin) { $result = -1; if ($new_username != '') { $result = $mAdmin->update(array('s_username' => $new_username), array('pk_i_id' => '1')); } elseif ($new_passwd != '') { $result = $mAdmin->update(array('s_password' => sha1($new_passwd)), array('pk_i_id' => '1')); } switch ($result) { case 1: $response = array('ok' => 'Updated sucessfully'); break; case 0: $response = array('ok' => 'No changes'); break;
function doModel() { switch ($this->action) { case 'login_post': //post execution for the login osc_csrf_check(); osc_run_hook('before_login_admin'); $url_redirect = osc_get_http_referer(); $page_redirect = ''; $password = Params::getParam('password', false, false); if (preg_match('|[\\?&]page=([^&]+)|', $url_redirect . '&', $match)) { $page_redirect = $match[1]; } if ($page_redirect == '' || $page_redirect == 'login' || $url_redirect == '') { $url_redirect = osc_admin_base_url(); } if (Params::getParam('user') == '') { osc_add_flash_error_message(_m('The username field is empty'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } if (Params::getParam('password', false, false) == '') { osc_add_flash_error_message(_m('The password field is empty'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } // fields are not empty $admin = Admin::newInstance()->findByUsername(Params::getParam('user')); if (!$admin) { osc_add_flash_error_message(sprintf(_m('Sorry, incorrect username. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } if (!osc_verify_password($password, $admin['s_password'])) { osc_add_flash_error_message(sprintf(_m('Sorry, incorrect password. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } else { if (@$admin['s_password'] != '') { if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $admin['s_password'], $cost)) { if ($cost[1] != BCRYPT_COST) { Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id'])); } } else { Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id'])); } } } if (Params::getParam('remember')) { // this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']); Cookie::newInstance()->push('oc_adminSecret', $secret); Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale')); Cookie::newInstance()->set(); } // we are logged in... let's go! Session::newInstance()->_set('adminId', $admin['pk_i_id']); Session::newInstance()->_set('adminUserName', $admin['s_username']); Session::newInstance()->_set('adminName', $admin['s_name']); Session::newInstance()->_set('adminEmail', $admin['s_email']); Session::newInstance()->_set('adminLocale', Params::getParam('locale')); osc_run_hook('login_admin', $admin); $this->redirectTo($url_redirect); break; case 'recover': // form to recover the password (in this case we have the form in /gui/) $this->doView('gui/recover.php'); break; case 'recover_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url()); } osc_csrf_check(); // post execution to recover the password $admin = Admin::newInstance()->findByEmail(Params::getParam('email')); if ($admin) { if (osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The reCAPTCHA code is wrong'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover'); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $newPassword = osc_genRandomPassword(40); Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id'])); $password_url = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword); osc_run_hook('hook_email_user_forgot_password', $admin, $password_url); } osc_add_flash_ok_message(_m('A new password has been sent to your e-mail'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login'); break; case 'forgot': // form to recover the password (in this case we have the form in /gui/) $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if (!$admin) { osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin'); $this->redirectTo(osc_admin_base_url()); } $this->doView('gui/forgot_password.php'); break; case 'forgot_post': osc_csrf_check(); $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if (!$admin) { osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin'); $this->redirectTo(osc_admin_base_url()); } if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) { Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $admin['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login'); } else { osc_add_flash_error_message(_m("Error, the passwords don't match"), 'admin'); $this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code'))); } break; default: //osc_run_hook( 'init_admin' ); Session::newInstance()->_setReferer(osc_get_http_referer()); $this->doView('gui/login.php'); break; } }
function __construct() { parent::__construct(); //specific things for this class $this->adminManager = Admin::newInstance(); }
function doModel() { switch ($this->action) { case 'login_post': //post execution for the login $admin = Admin::newInstance()->findByUsername(Params::getParam('user')); if ($admin) { if ($admin["s_password"] == sha1(Params::getParam('password'))) { if (Params::getParam('remember')) { //this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']); Cookie::newInstance()->push('oc_adminSecret', $secret); Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale')); Cookie::newInstance()->set(); } //we are logged in... let's go! Session::newInstance()->_set('adminId', $admin['pk_i_id']); Session::newInstance()->_set('adminUserName', $admin['s_username']); Session::newInstance()->_set('adminName', $admin['s_name']); Session::newInstance()->_set('adminEmail', $admin['s_email']); Session::newInstance()->_set('adminLocale', Params::getParam('locale')); } else { osc_add_flash_message(_m('The password is incorrect'), 'admin'); } } else { osc_add_flash_message(_m('That username does not exist'), 'admin'); } //returning logged in to the main page... $this->redirectTo(osc_admin_base_url()); break; case 'recover': //form to recover the password (in this case we have the form in /gui/) //#dev.conquer: we cannot use the doView here and only here $this->doView('gui/recover.php'); break; case 'recover_post': //post execution to recover the password $admin = Admin::newInstance()->findByEmail(Params::getParam('email')); if ($admin) { if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_message(_m('The Recaptcha code is wrong'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover'); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $newPassword = osc_genRandomPassword(40); Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id'])); $password_link = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword); $aPage = Page::newInstance()->findByInternalName('email_user_forgot_password'); $content = array(); $locale = osc_current_user_locale(); if (isset($aPage['locale'][$locale]['s_title'])) { $content = $aPage['locale'][$locale]; } else { $content = current($aPage['locale']); } if (!is_null($content)) { $words = array(); $words[] = array('{USER_NAME}', '{USER_EMAIL}', '{WEB_TITLE}', '{IP_ADDRESS}', '{PASSWORD_LINK}', '{DATE_TIME}'); $words[] = array($admin['s_name'], $admin['s_email'], osc_page_title(), $_SERVER['REMOTE_ADDR'], $password_link, date(osc_time_format() . ' ' . osc_date_format())); $title = osc_mailBeauty($content['s_title'], $words); $body = osc_mailBeauty($content['s_text'], $words); $emailParams = array('subject' => $title, 'to' => $admin['s_email'], 'to_name' => $admin['s_name'], 'body' => $body, 'alt_body' => $body); osc_sendMail($emailParams); } } osc_add_flash_message(_m('A new password has been sent to your e-mail'), 'admin'); $this->redirectTo(osc_admin_base_url()); break; case 'forgot': //form to recover the password (in this case we have the form in /gui/) $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if ($admin) { $this->doView('gui/forgot_password.php'); } else { osc_add_flash_message(_m('Sorry, the link is not valid'), 'admin'); $this->redirectTo(osc_admin_base_url()); } break; case 'forgot_post': $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if ($admin) { if (Params::getParam('new_password') == Params::getParam('new_password2')) { Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => $admin['pk_i_id'])); osc_add_flash_message(_m('The password has been changed'), 'admin'); $this->redirectTo(osc_admin_base_url()); } else { osc_add_flash_message(_m('Error, the password don\'t match'), 'admin'); $this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code'))); } } else { osc_add_flash_message(_m('Sorry, the link is not valid'), 'admin'); } $this->redirectTo(osc_admin_base_url()); break; } }