function doModel()
{
switch ($this->action) {
case 'logout':
// unset only the required parameters in Session
Session::newInstance()->_drop('adminId');
Session::newInstance()->_drop('adminUserName');
Session::newInstance()->_drop('adminName');
Session::newInstance()->_drop('adminEmail');
Session::newInstance()->_drop('adminLocale');
Cookie::newInstance()->pop('oc_adminId');
Cookie::newInstance()->pop('oc_adminSecret');
Cookie::newInstance()->pop('oc_adminLocale');
Cookie::newInstance()->set();
$this->redirectTo(osc_admin_base_url(true));
break;
default:
//default dashboard page (main page at oc-admin)
$this->_exportVariableToView("numUsers", User::newInstance()->count());
$this->_exportVariableToView("numAdmins", Admin::newInstance()->count());
$this->_exportVariableToView("numItems", Item::newInstance()->count());
$this->_exportVariableToView("numItemsSpam", Item::newInstance()->totalItems(null, 'SPAM'));
$this->_exportVariableToView("numItemsBlock", Item::newInstance()->totalItems(null, 'DISABLED'));
$this->_exportVariableToView("numItemsInactive", Item::newInstance()->totalItems(null, 'INACTIVE'));
$this->_exportVariableToView("numItemsPerCategory", osc_get_non_empty_categories());
$this->_exportVariableToView("newsList", osc_listNews());
$this->_exportVariableToView("comments", ItemComment::newInstance()->getLastComments(5));
//calling the view...
$this->doView('main/index.php');
}
}
function basic_info()
{
require_once ABS_PATH . 'oc-includes/osclass/model/Admin.php';
require_once ABS_PATH . 'oc-includes/osclass/model/Preference.php';
Admin::newInstance()->insert(array('s_name' => 'Administrator', 's_username' => 'admin', 's_password' => sha1('admin'), 's_email' => $_POST['email']));
$mPreference = Preference::newInstance();
$mPreference->insert(array('s_section' => 'osclass', 's_name' => 'pageTitle', 's_value' => $_POST['webtitle'], 'e_type' => 'STRING'));
$mPreference->insert(array('s_section' => 'osclass', 's_name' => 'contactEmail', 's_value' => $_POST['email'], 'e_type' => 'STRING'));
}
function __construct()
{
parent::__construct();
if ($this->isModerator()) {
if ($this->action != 'edit' && $this->action != 'edit_post' || Params::getParam('id') != '' && Params::getParam('id') != osc_logged_admin_id()) {
osc_add_flash_error_message(_m("You don't have enough permissions"), 'admin');
$this->redirectTo(osc_admin_base_url());
}
}
//specific things for this class
$this->adminManager = Admin::newInstance();
}
function basic_info()
{
require_once LIB_PATH . 'osclass/model/Admin.php';
require_once LIB_PATH . 'osclass/model/Preference.php';
require_once LIB_PATH . 'osclass/helpers/hSecurity.php';
if ($_POST['s_name'] == '') {
$admin = 'admin';
} else {
$admin = $_POST['s_name'];
}
if ($_POST['s_passwd'] == '') {
$password = osc_genRandomPassword();
} else {
$password = $_POST['s_passwd'];
}
Admin::newInstance()->insert(array('s_name' => 'Administrator', 's_username' => $admin, 's_password' => sha1($password), 's_email' => $_POST['email']));
$mPreference = Preference::newInstance();
$mPreference->insert(array('s_section' => 'osclass', 's_name' => 'pageTitle', 's_value' => $_POST['webtitle'], 'e_type' => 'STRING'));
$mPreference->insert(array('s_section' => 'osclass', 's_name' => 'contactEmail', 's_value' => $_POST['email'], 'e_type' => 'STRING'));
$body = 'Welcome ' . $_POST['webtitle'] . ',<br/><br/>';
$body .= 'Your OSClass installation at ' . WEB_PATH . ' is up and running. You can access to the administration panel with this data access:<br/>';
$body .= '<ul>';
$body .= '<li>username: '******'</li>';
$body .= '<li>password: '******'</li>';
$body .= '</ul>';
$body .= 'Regards,<br/>';
$body .= 'The <a href=\'http://osclass.org/\'>OSClass</a> team';
$sitename = strtolower($_SERVER['SERVER_NAME']);
if (substr($sitename, 0, 4) == 'www.') {
$sitename = substr($sitename, 4);
}
try {
require_once LIB_PATH . 'phpmailer/class.phpmailer.php';
$mail = new PHPMailer(true);
$mail->CharSet = "utf-8";
$mail->Host = "localhost";
$mail->From = 'osclass@' . $sitename;
$mail->FromName = 'OSClass';
$mail->Subject = 'OSClass successfully installed!';
$mail->AddAddress($_POST['email'], 'OSClass administrator');
$mail->Body = $body;
$mail->AltBody = $body;
if (!$mail->Send()) {
return array('email_status' => $_POST['email'] . "<br>" . $mail->ErrorInfo, 's_password' => $password);
} else {
return array('email_status' => '', 's_password' => $password);
}
} catch (phpmailerException $exception) {
}
}
function basic_info()
{
require_once LIB_PATH . 'osclass/model/Admin.php';
require_once LIB_PATH . 'osclass/helpers/hSecurity.php';
$admin = Params::getParam('s_name');
if ($admin == '') {
$admin = 'admin';
}
$password = Params::getParam('s_passwd', false, false);
if ($password == '') {
$password = osc_genRandomPassword();
}
Admin::newInstance()->insert(array('s_name' => 'Administrator', 's_username' => $admin, 's_password' => osc_hash_password($password), 's_email' => Params::getParam('email')));
$mPreference = Preference::newInstance();
$mPreference->insert(array('s_section' => 'osclass', 's_name' => 'pageTitle', 's_value' => Params::getParam('webtitle'), 'e_type' => 'STRING'));
$mPreference->insert(array('s_section' => 'osclass', 's_name' => 'contactEmail', 's_value' => Params::getParam('email'), 'e_type' => 'STRING'));
$body = sprintf(__('Hi %s,'), Params::getParam('webtitle')) . "<br/><br/>";
$body .= sprintf(__('Your Osclass installation at %s is up and running. You can access the administration panel with these details:'), WEB_PATH) . '<br/>';
$body .= '<ul>';
$body .= '<li>' . sprintf(__('username: %s'), $admin) . '</li>';
$body .= '<li>' . sprintf(__('password: %s'), $password) . '</li>';
$body .= '</ul>';
$body .= sprintf(__('Remember that for any doubts you might have you can consult our <a href="%1$s">documentation</a>, <a href="%2$s">forum</a> or <a href="%3$s">blog</a>.'), 'http://doc.osclass.org/', 'http://forums.osclass.org/', 'http://blog.osclass.org/');
$body .= sprintf(' ' . __('Osclass doesn’t run any developments but we can put you in touch with third party developers through a Premium Support. And hey, if you would like to contribute to Osclass - learn how <a href="%1$s">here</a>!'), 'http://blog.osclass.org/2012/11/22/how-to-collaborate-to-osclass/') . '<br/><br/>';
$body .= __('Cheers,') . "<br/>";
$body .= __('The <a href="http://osclass.org/">Osclass</a> team');
$sitename = strtolower($_SERVER['SERVER_NAME']);
if (substr($sitename, 0, 4) == 'www.') {
$sitename = substr($sitename, 4);
}
try {
require_once LIB_PATH . 'phpmailer/class.phpmailer.php';
$mail = new PHPMailer(true);
$mail->CharSet = "utf-8";
$mail->Host = "localhost";
$mail->From = 'osclass@' . $sitename;
$mail->FromName = 'Osclass';
$mail->Subject = 'Osclass successfully installed!';
$mail->AddAddress(Params::getParam('email'), 'Osclass administrator');
$mail->Body = $body;
$mail->AltBody = $body;
if (!$mail->Send()) {
return array('email_status' => Params::getParam('email') . "<br>" . $mail->ErrorInfo, 's_password' => $password);
}
return array('email_status' => '', 's_password' => $password);
} catch (phpmailerException $exception) {
return array('email_status' => Params::getParam('email') . "<br>" . $exception->errorMessage(), 's_password' => $password);
}
}
function basic_info()
{
require_once LIB_PATH . 'osclass/model/Admin.php';
require_once LIB_PATH . 'osclass/helpers/hSecurity.php';
$admin = Params::getParam('s_name');
if ($admin == '') {
$admin = 'admin';
}
$password = Params::getParam('s_passwd', false, false);
if ($password == '') {
$password = osc_genRandomPassword();
}
Admin::newInstance()->insert(array('s_name' => 'Administrator', 's_username' => $admin, 's_password' => osc_hash_password($password), 's_email' => Params::getParam('email')));
$mPreference = Preference::newInstance();
$mPreference->insert(array('s_section' => 'osclass', 's_name' => 'pageTitle', 's_value' => Params::getParam('webtitle'), 'e_type' => 'STRING'));
$mPreference->insert(array('s_section' => 'osclass', 's_name' => 'contactEmail', 's_value' => Params::getParam('email'), 'e_type' => 'STRING'));
$body = sprintf(__('Привет %s,'), Params::getParam('webtitle')) . "<br/><br/>";
$body .= sprintf(__('Osclass успешно установлен %s и запущен. Вы можете получить доступ к панели администрирования:'), WEB_PATH) . '<br/>';
$body .= '<ul>';
$body .= '<li>' . sprintf(__('username: %s'), $admin) . '</li>';
$body .= '<li>' . sprintf(__('password: %s'), $password) . '</li>';
$body .= '</ul>';
$body .= sprintf(__('Помните, если у вас появяться вопросы вы можете прочитать <a href="%1$s">документацию</a>, спросить на <a href="%2$s">форуме</a> или в <a href="%3$s">блоге</a>.'), 'http://os-class.ru/wiki', 'http://os-class.ru/frm', 'http://os-class.ru/category/articles');
$body .= sprintf(' ' . __('Osclass doesn’t run any developments but we can put you in touch with third party developers through a Premium Support. And hey, if you would like to contribute to Osclass - learn how <a href="%1$s">here</a>!'), 'http://blog.osclass.org/2012/11/22/how-to-collaborate-to-osclass/') . '<br/><br/>';
$body .= __('Аплодисменты,') . "<br/>";
$body .= __('Ваш <a href="http://os-class.ru/">Osclass Rus Team</a> team');
$sitename = strtolower($_SERVER['SERVER_NAME']);
if (substr($sitename, 0, 4) == 'www.') {
$sitename = substr($sitename, 4);
}
try {
require_once LIB_PATH . 'phpmailer/class.phpmailer.php';
$mail = new PHPMailer(true);
$mail->CharSet = "utf-8";
$mail->Host = "localhost";
$mail->From = 'osclass@' . $sitename;
$mail->FromName = 'Osclass';
$mail->Subject = 'Osclass успешно установлен!';
$mail->AddAddress(Params::getParam('email'), 'Osclass administrator');
$mail->Body = $body;
$mail->AltBody = $body;
if (!$mail->Send()) {
return array('email_status' => Params::getParam('email') . "<br>" . $mail->ErrorInfo, 's_password' => $password);
}
return array('email_status' => '', 's_password' => $password);
} catch (phpmailerException $exception) {
return array('email_status' => Params::getParam('email') . "<br>" . $exception->errorMessage(), 's_password' => $password);
}
}
function basic_info()
{
require_once LIB_PATH . 'osclass/model/Admin.php';
require_once LIB_PATH . 'osclass/helpers/hSecurity.php';
$admin = Params::getParam('s_name');
if ($admin == '') {
$admin = 'admin';
}
$password = Params::getParam('s_passwd', false, false);
if ($password == '') {
$password = osc_genRandomPassword();
}
Admin::newInstance()->insert(array('s_name' => 'Administrator', 's_username' => $admin, 's_password' => sha1($password), 's_email' => Params::getParam('email')));
$mPreference = Preference::newInstance();
$mPreference->insert(array('s_section' => 'osclass', 's_name' => 'pageTitle', 's_value' => Params::getParam('webtitle'), 'e_type' => 'STRING'));
$mPreference->insert(array('s_section' => 'osclass', 's_name' => 'contactEmail', 's_value' => Params::getParam('email'), 'e_type' => 'STRING'));
$body = sprintf(__('Welcome %s,'), Params::getParam('webtitle')) . "<br/><br/>";
$body .= sprintf(__('Your OSClass installation at %s is up and running. You can access the administration panel with these details:'), WEB_PATH) . "<br/>";
$body .= '<ul>';
$body .= '<li>' . sprintf(__('username: %s'), $admin) . '</li>';
$body .= '<li>' . sprintf(__('password: %s'), $password) . '</li>';
$body .= '</ul>';
$body .= __('Regards,') . "<br/>";
$body .= __('The <a href="http://osclass.org/">OSClass</a> team');
$sitename = strtolower($_SERVER['SERVER_NAME']);
if (substr($sitename, 0, 4) == 'www.') {
$sitename = substr($sitename, 4);
}
try {
require_once LIB_PATH . 'phpmailer/class.phpmailer.php';
$mail = new PHPMailer(true);
$mail->CharSet = "utf-8";
$mail->Host = "localhost";
$mail->From = 'osclass@' . $sitename;
$mail->FromName = 'OSClass';
$mail->Subject = 'OSClass successfully installed!';
$mail->AddAddress(Params::getParam('email'), 'OSClass administrator');
$mail->Body = $body;
$mail->AltBody = $body;
if (!$mail->Send()) {
return array('email_status' => Params::getParam('email') . "<br>" . $mail->ErrorInfo, 's_password' => $password);
}
return array('email_status' => '', 's_password' => $password);
} catch (phpmailerException $exception) {
return array('email_status' => Params::getParam('email') . "<br>" . $exception->errorMessage(), 's_password' => $password);
}
}
function osc_is_admin_user_logged_in()
{
if (Session::newInstance()->_get("adminId") != '') {
return true;
}
//can already be a logged user or not, we'll take a look into the cookie
if (Cookie::newInstance()->get_value('oc_adminId') != '' && Cookie::newInstance()->get_value('oc_adminSecret') != '') {
$admin = Admin::newInstance()->findByIdSecret(Cookie::newInstance()->get_value('oc_adminId'), Cookie::newInstance()->get_value('oc_adminSecret'));
Session::newInstance()->_set('adminId', $admin['pk_i_id']);
Session::newInstance()->_set('adminUserName', $admin['s_username']);
Session::newInstance()->_set('adminName', $admin['s_name']);
Session::newInstance()->_set('adminEmail', $admin['s_email']);
Session::newInstance()->_set('adminLocale', Cookie::newInstance()->get_value('oc_adminLocale'));
return true;
}
return false;
}
function doModel()
{
switch ($this->action) {
case 'login_post':
//post execution for the login
if (Params::getParam('user') == '' && Params::getParam('password', false, false) == '') {
$this->redirectTo(osc_admin_base_url());
}
if (Params::getParam('user') == '') {
osc_add_flash_error_message(_m('The username field is empty'), 'admin');
$this->redirectTo(osc_admin_base_url());
}
if (Params::getParam('password') == '') {
osc_add_flash_error_message(_m('The password field is empty'), 'admin');
$this->redirectTo(osc_admin_base_url());
}
// fields are not empty
$admin = Admin::newInstance()->findByUsername(Params::getParam('user'));
if (!$admin) {
osc_add_flash_error_message(sprintf(_m('Sorry, incorrect username. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin');
$this->redirectTo(osc_admin_base_url());
}
if ($admin["s_password"] !== sha1(Params::getParam('password', false, false))) {
osc_add_flash_error_message(sprintf(_m('Sorry, incorrect password. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin');
$this->redirectTo(osc_admin_base_url());
}
if (Params::getParam('remember')) {
// this include contains de osc_genRandomPassword function
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$secret = osc_genRandomPassword();
Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id']));
Cookie::newInstance()->set_expires(osc_time_cookie());
Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']);
Cookie::newInstance()->push('oc_adminSecret', $secret);
Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale'));
Cookie::newInstance()->set();
}
// we are logged in... let's go!
Session::newInstance()->_set('adminId', $admin['pk_i_id']);
Session::newInstance()->_set('adminUserName', $admin['s_username']);
Session::newInstance()->_set('adminName', $admin['s_name']);
Session::newInstance()->_set('adminEmail', $admin['s_email']);
Session::newInstance()->_set('adminLocale', Params::getParam('locale'));
$this->redirectTo(osc_admin_base_url());
break;
case 'recover':
// form to recover the password (in this case we have the form in /gui/)
$this->doView('gui/recover.php');
break;
case 'recover_post':
if (defined('DEMO')) {
osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url());
}
// post execution to recover the password
$admin = Admin::newInstance()->findByEmail(Params::getParam('email'));
if ($admin) {
if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The Recaptcha code is wrong'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover');
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$newPassword = osc_genRandomPassword(40);
Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id']));
$password_url = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword);
osc_run_hook('hook_email_user_forgot_password', $admin, $password_url);
}
osc_add_flash_ok_message(_m('A new password has been sent to your e-mail'), 'admin');
$this->redirectTo(osc_admin_base_url());
break;
case 'forgot':
// form to recover the password (in this case we have the form in /gui/)
$admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code'));
if (!$admin) {
osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin');
$this->redirectTo(osc_admin_base_url());
}
$this->doView('gui/forgot_password.php');
break;
case 'forgot_post':
$admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code'));
if (!$admin) {
osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin');
$this->redirectTo(osc_admin_base_url());
}
if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) {
Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => sha1(Params::getParam('new_password', false, false))), array('pk_i_id' => $admin['pk_i_id']));
osc_add_flash_ok_message(_m('The password has been changed'), 'admin');
$this->redirectTo(osc_admin_base_url());
} else {
osc_add_flash_error_message(_m("Error, the password don't match"), 'admin');
$this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code')));
}
break;
}
}
/**
* Check is an admin is a super admin or only a moderator
*
* @return boolean
*/
function osc_is_moderator()
{
$admin = Admin::newInstance()->findByPrimaryKey(osc_logged_admin_id());
if (isset($admin['b_moderator']) && $admin['b_moderator'] != 0) {
return true;
}
return false;
}
*/
error_reporting(0);
define('ABS_PATH', dirname(dirname(dirname(__FILE__))) . '/');
require_once ABS_PATH . 'oc-includes/osclass/db.php';
require_once ABS_PATH . 'oc-includes/osclass/classes/DAO.php';
require_once ABS_PATH . 'oc-includes/osclass/model/Admin.php';
require_once ABS_PATH . 'oc-includes/osclass/helpers/hDatabaseInfo.php';
require_once ABS_PATH . 'oc-includes/osclass/core/Params.php';
require_once ABS_PATH . 'oc-includes/osclass/compatibility.php';
require_once ABS_PATH . 'config.php';
$old_passwd = Params::getParam('old_password', false, false);
$id_admin = Params::getParam('id');
$new_username = Params::getParam('new_username');
$new_passwd = Params::getParam('new_password', false, false);
$response = array('error' => 'Operation fail');
$mAdmin = Admin::newInstance();
$admin = $mAdmin->findByIdPassword(1, sha1($old_passwd));
if ($admin) {
$result = -1;
if ($new_username != '') {
$result = $mAdmin->update(array('s_username' => $new_username), array('pk_i_id' => '1'));
} elseif ($new_passwd != '') {
$result = $mAdmin->update(array('s_password' => sha1($new_passwd)), array('pk_i_id' => '1'));
}
switch ($result) {
case 1:
$response = array('ok' => 'Updated sucessfully');
break;
case 0:
$response = array('ok' => 'No changes');
break;
function doModel()
{
switch ($this->action) {
case 'login_post':
//post execution for the login
osc_csrf_check();
osc_run_hook('before_login_admin');
$url_redirect = osc_get_http_referer();
$page_redirect = '';
$password = Params::getParam('password', false, false);
if (preg_match('|[\\?&]page=([^&]+)|', $url_redirect . '&', $match)) {
$page_redirect = $match[1];
}
if ($page_redirect == '' || $page_redirect == 'login' || $url_redirect == '') {
$url_redirect = osc_admin_base_url();
}
if (Params::getParam('user') == '') {
osc_add_flash_error_message(_m('The username field is empty'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=login");
}
if (Params::getParam('password', false, false) == '') {
osc_add_flash_error_message(_m('The password field is empty'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=login");
}
// fields are not empty
$admin = Admin::newInstance()->findByUsername(Params::getParam('user'));
if (!$admin) {
osc_add_flash_error_message(sprintf(_m('Sorry, incorrect username. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=login");
}
if (!osc_verify_password($password, $admin['s_password'])) {
osc_add_flash_error_message(sprintf(_m('Sorry, incorrect password. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=login");
} else {
if (@$admin['s_password'] != '') {
if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $admin['s_password'], $cost)) {
if ($cost[1] != BCRYPT_COST) {
Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id']));
}
} else {
Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id']));
}
}
}
if (Params::getParam('remember')) {
// this include contains de osc_genRandomPassword function
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$secret = osc_genRandomPassword();
Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id']));
Cookie::newInstance()->set_expires(osc_time_cookie());
Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']);
Cookie::newInstance()->push('oc_adminSecret', $secret);
Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale'));
Cookie::newInstance()->set();
}
// we are logged in... let's go!
Session::newInstance()->_set('adminId', $admin['pk_i_id']);
Session::newInstance()->_set('adminUserName', $admin['s_username']);
Session::newInstance()->_set('adminName', $admin['s_name']);
Session::newInstance()->_set('adminEmail', $admin['s_email']);
Session::newInstance()->_set('adminLocale', Params::getParam('locale'));
osc_run_hook('login_admin', $admin);
$this->redirectTo($url_redirect);
break;
case 'recover':
// form to recover the password (in this case we have the form in /gui/)
$this->doView('gui/recover.php');
break;
case 'recover_post':
if (defined('DEMO')) {
osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url());
}
osc_csrf_check();
// post execution to recover the password
$admin = Admin::newInstance()->findByEmail(Params::getParam('email'));
if ($admin) {
if (osc_recaptcha_private_key() != '') {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The reCAPTCHA code is wrong'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover');
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$newPassword = osc_genRandomPassword(40);
Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id']));
$password_url = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword);
osc_run_hook('hook_email_user_forgot_password', $admin, $password_url);
}
osc_add_flash_ok_message(_m('A new password has been sent to your e-mail'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=login');
break;
case 'forgot':
// form to recover the password (in this case we have the form in /gui/)
$admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code'));
if (!$admin) {
osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin');
$this->redirectTo(osc_admin_base_url());
}
$this->doView('gui/forgot_password.php');
break;
case 'forgot_post':
osc_csrf_check();
$admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code'));
if (!$admin) {
osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin');
$this->redirectTo(osc_admin_base_url());
}
if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) {
Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $admin['pk_i_id']));
osc_add_flash_ok_message(_m('The password has been changed'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=login');
} else {
osc_add_flash_error_message(_m("Error, the passwords don't match"), 'admin');
$this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code')));
}
break;
default:
//osc_run_hook( 'init_admin' );
Session::newInstance()->_setReferer(osc_get_http_referer());
$this->doView('gui/login.php');
break;
}
}
function __construct()
{
parent::__construct();
//specific things for this class
$this->adminManager = Admin::newInstance();
}
function doModel()
{
switch ($this->action) {
case 'login_post':
//post execution for the login
$admin = Admin::newInstance()->findByUsername(Params::getParam('user'));
if ($admin) {
if ($admin["s_password"] == sha1(Params::getParam('password'))) {
if (Params::getParam('remember')) {
//this include contains de osc_genRandomPassword function
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$secret = osc_genRandomPassword();
Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id']));
Cookie::newInstance()->set_expires(osc_time_cookie());
Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']);
Cookie::newInstance()->push('oc_adminSecret', $secret);
Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale'));
Cookie::newInstance()->set();
}
//we are logged in... let's go!
Session::newInstance()->_set('adminId', $admin['pk_i_id']);
Session::newInstance()->_set('adminUserName', $admin['s_username']);
Session::newInstance()->_set('adminName', $admin['s_name']);
Session::newInstance()->_set('adminEmail', $admin['s_email']);
Session::newInstance()->_set('adminLocale', Params::getParam('locale'));
} else {
osc_add_flash_message(_m('The password is incorrect'), 'admin');
}
} else {
osc_add_flash_message(_m('That username does not exist'), 'admin');
}
//returning logged in to the main page...
$this->redirectTo(osc_admin_base_url());
break;
case 'recover':
//form to recover the password (in this case we have the form in /gui/)
//#dev.conquer: we cannot use the doView here and only here
$this->doView('gui/recover.php');
break;
case 'recover_post':
//post execution to recover the password
$admin = Admin::newInstance()->findByEmail(Params::getParam('email'));
if ($admin) {
if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
if (!osc_check_recaptcha()) {
osc_add_flash_message(_m('The Recaptcha code is wrong'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover');
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$newPassword = osc_genRandomPassword(40);
Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id']));
$password_link = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword);
$aPage = Page::newInstance()->findByInternalName('email_user_forgot_password');
$content = array();
$locale = osc_current_user_locale();
if (isset($aPage['locale'][$locale]['s_title'])) {
$content = $aPage['locale'][$locale];
} else {
$content = current($aPage['locale']);
}
if (!is_null($content)) {
$words = array();
$words[] = array('{USER_NAME}', '{USER_EMAIL}', '{WEB_TITLE}', '{IP_ADDRESS}', '{PASSWORD_LINK}', '{DATE_TIME}');
$words[] = array($admin['s_name'], $admin['s_email'], osc_page_title(), $_SERVER['REMOTE_ADDR'], $password_link, date(osc_time_format() . ' ' . osc_date_format()));
$title = osc_mailBeauty($content['s_title'], $words);
$body = osc_mailBeauty($content['s_text'], $words);
$emailParams = array('subject' => $title, 'to' => $admin['s_email'], 'to_name' => $admin['s_name'], 'body' => $body, 'alt_body' => $body);
osc_sendMail($emailParams);
}
}
osc_add_flash_message(_m('A new password has been sent to your e-mail'), 'admin');
$this->redirectTo(osc_admin_base_url());
break;
case 'forgot':
//form to recover the password (in this case we have the form in /gui/)
$admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code'));
if ($admin) {
$this->doView('gui/forgot_password.php');
} else {
osc_add_flash_message(_m('Sorry, the link is not valid'), 'admin');
$this->redirectTo(osc_admin_base_url());
}
break;
case 'forgot_post':
$admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code'));
if ($admin) {
if (Params::getParam('new_password') == Params::getParam('new_password2')) {
Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => $admin['pk_i_id']));
osc_add_flash_message(_m('The password has been changed'), 'admin');
$this->redirectTo(osc_admin_base_url());
} else {
osc_add_flash_message(_m('Error, the password don\'t match'), 'admin');
$this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code')));
}
} else {
osc_add_flash_message(_m('Sorry, the link is not valid'), 'admin');
}
$this->redirectTo(osc_admin_base_url());
break;
}
}
