function doModel() { switch ($this->action) { case 'login_post': //post execution for the login if (!osc_users_enabled()) { osc_add_flash_error_message(_m('Users are not enabled')); $this->redirectTo(osc_base_url()); } osc_csrf_check(); osc_run_hook('before_validating_login'); // e-mail or/and password is/are empty or incorrect $wrongCredentials = false; $email = Params::getParam('email'); $password = Params::getParam('password', false, false); if ($email == '') { osc_add_flash_error_message(_m('Please provide an email address')); $wrongCredentials = true; } if ($password == '') { osc_add_flash_error_message(_m('Empty passwords are not allowed. Please provide a password')); $wrongCredentials = true; } if ($wrongCredentials) { $this->redirectTo(osc_user_login_url()); } if (osc_validate_email($email)) { $user = User::newInstance()->findByEmail($email); } if (empty($user)) { $user = User::newInstance()->findByUsername($email); } if (empty($user)) { osc_add_flash_error_message(_m("The user doesn't exist")); $this->redirectTo(osc_user_login_url()); } if (!osc_verify_password($password, isset($user['s_password']) ? $user['s_password'] : '')) { osc_add_flash_error_message(_m('The password is incorrect')); $this->redirectTo(osc_user_login_url()); // @TODO if valid user, send email parameter back to the login form } else { if (@$user['s_password'] != '') { if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $user['s_password'], $cost)) { if ($cost[1] != BCRYPT_COST) { User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id'])); } } else { User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id'])); } } } // e-mail or/and IP is/are banned $banned = osc_is_banned($email); // int 0: not banned or unknown, 1: email is banned, 2: IP is banned, 3: both email & IP are banned if ($banned & 1) { osc_add_flash_error_message(_m('Your current email is not allowed')); } if ($banned & 2) { osc_add_flash_error_message(_m('Your current IP is not allowed')); } if ($banned !== 0) { $this->redirectTo(osc_user_login_url()); } osc_run_hook('before_login'); $url_redirect = osc_get_http_referer(); $page_redirect = ''; if (osc_rewrite_enabled()) { if ($url_redirect != '') { $request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $url_redirect)); $tmp_ar = explode("?", $request_uri); $request_uri = $tmp_ar[0]; $rules = Rewrite::newInstance()->listRules(); foreach ($rules as $match => $uri) { if (preg_match('#' . $match . '#', $request_uri, $m)) { $request_uri = preg_replace('#' . $match . '#', $uri, $request_uri); if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) { $page_redirect = $match[2]; if ($page_redirect == '' || $page_redirect == 'login') { $url_redirect = osc_user_dashboard_url(); } } break; } } } } require_once LIB_PATH . 'osclass/UserActions.php'; $uActions = new UserActions(false); $logged = $uActions->bootstrap_login($user['pk_i_id']); if ($logged == 0) { osc_add_flash_error_message(_m("The user doesn't exist")); } else { if ($logged == 1) { if (time() - strtotime($user['dt_access_date']) > 1200) { // EACH 20 MINUTES osc_add_flash_error_message(sprintf(_m('The user has not been validated yet. Would you like to re-send your <a href="%s">activation?</a>'), osc_user_resend_activation_link($user['pk_i_id'], $user['s_email']))); } else { osc_add_flash_error_message(_m('The user has not been validated yet')); } } else { if ($logged == 2) { osc_add_flash_error_message(_m('The user has been suspended')); } else { if ($logged == 3) { if (Params::getParam('remember') == 1) { //this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_userId', $user['pk_i_id']); Cookie::newInstance()->push('oc_userSecret', $secret); Cookie::newInstance()->set(); } if ($url_redirect == '') { $url_redirect = osc_user_dashboard_url(); } osc_run_hook("after_login", $user, $url_redirect); $this->redirectTo(osc_apply_filter('correct_login_url_redirect', $url_redirect)); } else { osc_add_flash_error_message(_m('This should never happen')); } } } } if (!$user['b_enabled']) { $this->redirectTo(osc_user_login_url()); } $this->redirectTo(osc_user_login_url()); break; case 'resend': $id = Params::getParam('id'); $email = Params::getParam('email'); $user = User::newInstance()->findByPrimaryKey($id); if ($id == '' || $email == '' || !isset($user) || $user['b_active'] == 1 || $email != $user['s_email']) { osc_add_flash_error_message(_m('Incorrect link')); $this->redirectTo(osc_user_login_url()); } if (time() - strtotime($user['dt_access_date']) > 1200) { // EACH 20 MINUTES if (osc_notify_new_user()) { osc_run_hook('hook_email_admin_new_user', $user); } if (osc_user_validation_enabled()) { osc_run_hook('hook_email_user_validation', $user, $user); } User::newInstance()->update(array('dt_access_date' => date('Y-m-d H:i:s')), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('Validation email re-sent')); } else { osc_add_flash_warning_message(_m('We have just sent you an email to validate your account, you will have to wait a few minutes to resend it again')); } $this->redirectTo(osc_user_login_url()); break; case 'recover': //form to recover the password (in this case we have the form in /gui/) $this->doView('user-recover.php'); break; case 'recover_post': //post execution to recover the password osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; // e-mail is incorrect if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) { osc_add_flash_error_message(_m('Invalid email address')); $this->redirectTo(osc_recover_user_password_url()); } $userActions = new UserActions(false); $success = $userActions->recover_password(); switch ($success) { case 0: // recover ok osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password')); $this->redirectTo(osc_base_url()); break; case 1: // e-mail does not exist osc_add_flash_error_message(_m('We were not able to identify you given the information provided')); $this->redirectTo(osc_recover_user_password_url()); break; case 2: // recaptcha wrong osc_add_flash_error_message(_m('The recaptcha code is wrong')); $this->redirectTo(osc_recover_user_password_url()); break; } break; case 'forgot': //form to recover the password (in this case we have the form in /gui/) $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user) { $this->doView('user-forgot_password.php'); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'forgot_post': osc_csrf_check(); if (Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user['b_enabled'] == 1) { if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) { User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => Params::getServerParam('REMOTE_ADDR'), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed')); $this->redirectTo(osc_user_login_url()); } else { osc_add_flash_error_message(_m("Error, the password don't match")); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); } $this->redirectTo(osc_base_url()); break; default: //login Session::newInstance()->_setReferer(osc_get_http_referer()); if (osc_logged_user_id() != '') { $this->redirectTo(osc_user_dashboard_url()); } $this->doView('user-login.php'); } }
function doModel() { parent::doModel(); //specific things for this class switch ($this->action) { case 'add_post_default': // add default category and reorder parent categories osc_csrf_check(); $fields['fk_i_parent_id'] = NULL; $fields['i_expiration_days'] = 0; $fields['i_position'] = 0; $fields['b_enabled'] = 1; $default_locale = osc_language(); $aFieldsDescription[$default_locale]['s_name'] = "NEW CATEGORY, EDIT ME!"; $categoryId = $this->categoryManager->insert($fields, $aFieldsDescription); // reorder parent categories. NEW category first $rootCategories = $this->categoryManager->findRootCategories(); foreach ($rootCategories as $cat) { $order = $cat['i_position']; $order++; $this->categoryManager->updateOrder($cat['pk_i_id'], $order); } $this->categoryManager->updateOrder($categoryId, '0'); $this->redirectTo(osc_admin_base_url(true) . '?page=categories'); break; default: // $this->_exportVariableToView("categories", $this->categoryManager->toTreeAll()); $this->doView("categories/index.php"); } }
function doModel() { switch ($this->action) { case 'latestsearches': //calling the comments settings view $this->doView('settings/searches.php'); break; case 'latestsearches_post': // updating comment osc_csrf_check(); if (Params::getParam('save_latest_searches') == 'on') { osc_set_preference('save_latest_searches', 1); } else { osc_set_preference('save_latest_searches', 0); } if (Params::getParam('customPurge') == '') { osc_add_flash_error_message(_m('Custom number could not be left empty'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=latestsearches'); } else { osc_set_preference('purge_latest_searches', Params::getParam('customPurge')); osc_add_flash_ok_message(_m('Last search settings have been updated'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=latestsearches'); } break; } }
function doModel() { switch ($this->action) { case 'advanced': //calling the advanced settings view $this->doView('settings/advanced.php'); break; case 'advanced_post': // updating advanced settings if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=advanced'); } osc_csrf_check(); $subdomain_type = Params::getParam('e_type'); if (!in_array($subdomain_type, array('category', 'country', 'region', 'city', 'user'))) { $subdomain_type = ''; } $iUpdated = osc_set_preference('subdomain_type', $subdomain_type); $iUpdated += osc_set_preference('subdomain_host', Params::getParam('s_host')); if ($iUpdated > 0) { osc_add_flash_ok_message(_m("Advanced settings have been updated"), 'admin'); } osc_calculate_location_slug(osc_subdomain_type()); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=advanced'); break; case 'advanced_cache_flush': osc_cache_flush(); osc_add_flash_ok_message(_m("Cache flushed correctly"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=advanced'); break; } }
function doModel() { switch ($this->action) { case 'comments': //calling the comments settings view $this->doView('settings/comments.php'); break; case 'comments_post': // updating comment osc_csrf_check(); $iUpdated = 0; $enabledComments = Params::getParam('enabled_comments'); $enabledComments = $enabledComments != '' ? true : false; $moderateComments = Params::getParam('moderate_comments'); $moderateComments = $moderateComments != '' ? true : false; $numModerateComments = Params::getParam('num_moderate_comments'); $commentsPerPage = Params::getParam('comments_per_page'); $notifyNewComment = Params::getParam('notify_new_comment'); $notifyNewComment = $notifyNewComment != '' ? true : false; $notifyNewCommentUser = Params::getParam('notify_new_comment_user'); $notifyNewCommentUser = $notifyNewCommentUser != '' ? true : false; $regUserPostComments = Params::getParam('reg_user_post_comments'); $regUserPostComments = $regUserPostComments != '' ? true : false; $msg = ''; if (!osc_validate_int(Params::getParam("num_moderate_comments"))) { $msg .= _m("Number of moderate comments must only contain numeric characters") . "<br/>"; } if (!osc_validate_int(Params::getParam("comments_per_page"))) { $msg .= _m("Comments per page must only contain numeric characters") . "<br/>"; } if ($msg != '') { osc_add_flash_error_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=comments'); } $iUpdated += osc_set_preference('enabled_comments', $enabledComments); if ($moderateComments) { $iUpdated += osc_set_preference('moderate_comments', $numModerateComments); } else { $iUpdated += osc_set_preference('moderate_comments', '-1'); } $iUpdated += osc_set_preference('notify_new_comment', $notifyNewComment); $iUpdated += osc_set_preference('notify_new_comment_user', $notifyNewCommentUser); $iUpdated += osc_set_preference('comments_per_page', $commentsPerPage); $iUpdated += osc_set_preference('reg_user_post_comments', $regUserPostComments); if ($iUpdated > 0) { osc_add_flash_ok_message(_m("Comment settings have been updated"), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=comments'); break; } }
function doModel() { switch ($this->action) { case 'spamNbots': // calling the spam and bots view $akismet_key = osc_akismet_key(); $akismet_status = 3; if ($akismet_key != '') { require_once osc_lib_path() . 'Akismet.class.php'; $akismet_obj = new Akismet(osc_base_url(), $akismet_key); $akismet_status = 2; if ($akismet_obj->isKeyValid()) { $akismet_status = 1; } } View::newInstance()->_exportVariableToView('akismet_status', $akismet_status); $this->doView('settings/spamNbots.php'); break; case 'akismet_post': // updating spam and bots option osc_csrf_check(); $updated = 0; $akismetKey = Params::getParam('akismetKey'); $akismetKey = trim($akismetKey); $updated = osc_set_preference('akismetKey', $akismetKey); if ($akismetKey == '') { osc_add_flash_info_message(_m('Your Akismet key has been cleared'), 'admin'); } else { osc_add_flash_ok_message(_m('Your Akismet key has been updated'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=spamNbots'); break; case 'recaptcha_post': // updating spam and bots option osc_csrf_check(); $iUpdated = 0; $recaptchaPrivKey = Params::getParam('recaptchaPrivKey'); $recaptchaPrivKey = trim($recaptchaPrivKey); $recaptchaPubKey = Params::getParam('recaptchaPubKey'); $recaptchaPubKey = trim($recaptchaPubKey); $iUpdated += osc_set_preference('recaptchaPrivKey', $recaptchaPrivKey); $iUpdated += osc_set_preference('recaptchaPubKey', $recaptchaPubKey); if ($recaptchaPubKey == '') { osc_add_flash_info_message(_m('Your reCAPTCHA key has been cleared'), 'admin'); } else { osc_add_flash_ok_message(_m('Your reCAPTCHA key has been updated'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=spamNbots'); break; } }
function doModel() { switch ($this->action) { case 'mailserver': // calling the mailserver view $this->doView('settings/mailserver.php'); break; case 'mailserver_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=mailserver'); } osc_csrf_check(); // updating mailserver $iUpdated = 0; $mailserverAuth = Params::getParam('mailserver_auth'); $mailserverAuth = $mailserverAuth != '' ? true : false; $mailserverPop = Params::getParam('mailserver_pop'); $mailserverPop = $mailserverPop != '' ? true : false; $mailserverType = Params::getParam('mailserver_type'); $mailserverHost = Params::getParam('mailserver_host'); $mailserverPort = Params::getParam('mailserver_port'); $mailserverUsername = Params::getParam('mailserver_username'); $mailserverPassword = Params::getParam('mailserver_password', false, false); $mailserverSsl = Params::getParam('mailserver_ssl'); $mailserverMailFrom = Params::getParam('mailserver_mail_from'); $mailserverNameFrom = Params::getParam('mailserver_name_from'); if (!in_array($mailserverType, array('custom', 'gmail'))) { osc_add_flash_error_message(_m('Mail server type is incorrect'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=mailserver'); } $iUpdated += osc_set_preference('mailserver_auth', $mailserverAuth); $iUpdated += osc_set_preference('mailserver_pop', $mailserverPop); $iUpdated += osc_set_preference('mailserver_type', $mailserverType); $iUpdated += osc_set_preference('mailserver_host', $mailserverHost); $iUpdated += osc_set_preference('mailserver_port', $mailserverPort); $iUpdated += osc_set_preference('mailserver_username', $mailserverUsername); $iUpdated += osc_set_preference('mailserver_password', $mailserverPassword); $iUpdated += osc_set_preference('mailserver_ssl', $mailserverSsl); $iUpdated += osc_set_preference('mailserver_mail_from', $mailserverMailFrom); $iUpdated += osc_set_preference('mailserver_name_from', $mailserverNameFrom); if ($iUpdated > 0) { osc_add_flash_ok_message(_m('Mail server configuration has changed'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=mailserver'); break; } }
function doModel() { switch ($this->action) { case 'dashboard': //dashboard... $max_items = Params::getParam('max_items') != '' ? Params::getParam('max_items') : 5; $aItems = Item::newInstance()->findByUserIDEnabled(osc_logged_user_id(), 0, $max_items); //calling the view... $this->_exportVariableToView('items', $aItems); $this->_exportVariableToView('max_items', $max_items); $this->doView('user-dashboard.php'); break; case 'profile': //profile... $user = User::newInstance()->findByPrimaryKey(osc_logged_user_id()); $aCountries = Country::newInstance()->listAll(); $aRegions = array(); if ($user['fk_c_country_code'] != '') { $aRegions = Region::newInstance()->findByCountry($user['fk_c_country_code']); } elseif (count($aCountries) > 0) { $aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']); } $aCities = array(); if ($user['fk_i_region_id'] != '') { $aCities = City::newInstance()->findByRegion($user['fk_i_region_id']); } else { if (count($aRegions) > 0) { $aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']); } } //calling the view... $this->_exportVariableToView('countries', $aCountries); $this->_exportVariableToView('regions', $aRegions); $this->_exportVariableToView('cities', $aCities); $this->_exportVariableToView('user', $user); $this->_exportVariableToView('locales', OSCLocale::newInstance()->listAllEnabled()); $this->doView('user-profile.php'); break; case 'profile_post': //profile post... osc_csrf_check(); $userId = Session::newInstance()->_get('userId'); require_once LIB_PATH . 'osclass/UserActions.php'; $userActions = new UserActions(false); $success = $userActions->edit($userId); if ($success == 1 || $success == 2) { osc_add_flash_ok_message(_m('Your profile has been updated successfully')); } else { osc_add_flash_error_message($success); } $this->redirectTo(osc_user_profile_url()); break; case 'alerts': //alerts $aAlerts = Alerts::newInstance()->findByUser(Session::newInstance()->_get('userId'), false); $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId')); foreach ($aAlerts as $k => $a) { $array_conditions = (array) json_decode($a['s_search']); // $search = Search::newInstance(); $search = new Search(); $search->setJsonAlert($array_conditions); $search->limit(0, 3); $aAlerts[$k]['items'] = $search->doSearch(); } $this->_exportVariableToView('alerts', $aAlerts); View::newInstance()->_reset('alerts'); $this->_exportVariableToView('user', $user); $this->doView('user-alerts.php'); break; case 'change_email': //change email $this->doView('user-change_email.php'); break; case 'change_email_post': //change email post osc_csrf_check(); if (!osc_validate_email(Params::getParam('new_email'))) { osc_add_flash_error_message(_m('The specified e-mail is not valid')); $this->redirectTo(osc_change_user_email_url()); } else { $user = User::newInstance()->findByEmail(Params::getParam('new_email')); if (!isset($user['pk_i_id'])) { $userEmailTmp = array(); $userEmailTmp['fk_i_user_id'] = Session::newInstance()->_get('userId'); $userEmailTmp['s_new_email'] = Params::getParam('new_email'); UserEmailTmp::newInstance()->insertOrUpdate($userEmailTmp); $code = osc_genRandomPassword(30); $date = date('Y-m-d H:i:s'); $userManager = new User(); $userManager->update(array('s_pass_code' => $code, 's_pass_date' => $date, 's_pass_ip' => $_SERVER['REMOTE_ADDR']), array('pk_i_id' => Session::newInstance()->_get('userId'))); $validation_url = osc_change_user_email_confirm_url(Session::newInstance()->_get('userId'), $code); osc_run_hook('hook_email_new_email', Params::getParam('new_email'), $validation_url); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('The specified e-mail is already in use')); $this->redirectTo(osc_change_user_email_url()); } } break; case 'change_username': //change username $this->doView('user-change_username.php'); break; case 'change_username_post': //change username $username = osc_sanitize_username(Params::getParam('s_username')); osc_run_hook('before_username_change', Session::newInstance()->_get('userId'), $username); if ($username != '') { $user = User::newInstance()->findByUsername($username); if (isset($user['s_username'])) { osc_add_flash_error_message(_m('The specified username is already in use')); } else { if (!osc_is_username_blacklisted($username)) { User::newInstance()->update(array('s_username' => $username), array('pk_i_id' => Session::newInstance()->_get('userId'))); osc_add_flash_ok_message(_m('The username was updated')); osc_run_hook('after_username_change', Session::newInstance()->_get('userId'), Params::getParam('s_username')); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('The specified username is not valid, it contains some invalid words')); } } } else { osc_add_flash_error_message(_m('The specified username could not be empty')); } $this->redirectTo(osc_change_user_username_url()); break; case 'change_password': //change password $this->doView('user-change_password.php'); break; case 'change_password_post': //change password post osc_csrf_check(); $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId')); if (Params::getParam('password', false, false) == '' || Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_change_user_password_url()); } if (!osc_verify_password(Params::getParam('password', false, false), $user['s_password'])) { osc_add_flash_error_message(_m("Current password doesn't match")); $this->redirectTo(osc_change_user_password_url()); } if (!Params::getParam('new_password', false, false)) { osc_add_flash_error_message(_m("Passwords can't be empty")); $this->redirectTo(osc_change_user_password_url()); } if (Params::getParam('new_password', false, false) != Params::getParam('new_password2', false, false)) { osc_add_flash_error_message(_m("Passwords don't match")); $this->redirectTo(osc_change_user_password_url()); } User::newInstance()->update(array('s_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => Session::newInstance()->_get('userId'))); osc_add_flash_ok_message(_m('Password has been changed')); $this->redirectTo(osc_user_profile_url()); break; case 'items': // view items user $itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 10; $page = Params::getParam('iPage') > 0 ? Params::getParam('iPage') - 1 : 0; $itemType = Params::getParam('itemType'); $total_items = Item::newInstance()->countItemTypesByUserID(osc_logged_user_id(), $itemType); $total_pages = ceil($total_items / $itemsPerPage); $items = Item::newInstance()->findItemTypesByUserID(osc_logged_user_id(), $page * $itemsPerPage, $itemsPerPage, $itemType); $this->_exportVariableToView('items', $items); $this->_exportVariableToView('search_total_pages', $total_pages); $this->_exportVariableToView('search_total_items', $total_items); $this->_exportVariableToView('items_per_page', $itemsPerPage); $this->_exportVariableToView('items_type', $itemType); $this->_exportVariableToView('search_page', $page); $this->doView('user-items.php'); break; case 'activate_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $result = 0; if ($email != '' && $secret != '') { $result = Alerts::newInstance()->activate($email, $secret); } if ($result == 1) { osc_add_flash_ok_message(_m('Alert activated')); } else { osc_add_flash_error_message(_m('Oops! There was a problem trying to activate your alert. Please contact an administrator')); } $this->redirectTo(osc_base_url()); break; case 'unsub_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $id = Params::getParam('id'); $alert = Alerts::newInstance()->findByPrimaryKey($id); $result = 0; if (!empty($alert)) { if ($email == $alert['s_email'] && $secret == $alert['s_secret']) { $result = Alerts::newInstance()->unsub($id); } } if ($result == 1) { osc_add_flash_ok_message(_m('Unsubscribed correctly')); } else { osc_add_flash_error_message(_m('Oops! There was a problem trying to unsubscribe you. Please contact an administrator')); } $this->redirectTo(osc_user_alerts_url()); break; case 'delete': $id = Params::getParam('id'); $secret = Params::getParam('secret'); if (osc_is_web_user_logged_in()) { $user = User::newInstance()->findByPrimaryKey(osc_logged_user_id()); View::newInstance()->_exportVariableToView('user', $user); if (!empty($user) && osc_logged_user_id() == $id && $secret == $user['s_secret']) { User::newInstance()->deleteUser(osc_logged_user_id()); Session::newInstance()->_drop('userId'); Session::newInstance()->_drop('userName'); Session::newInstance()->_drop('userEmail'); Session::newInstance()->_drop('userPhone'); Cookie::newInstance()->pop('oc_userId'); Cookie::newInstance()->pop('oc_userSecret'); Cookie::newInstance()->set(); osc_add_flash_ok_message(_m("Your account have been deleted")); $this->redirectTo(osc_base_url()); } else { osc_add_flash_error_message(_m("Oops! you can not do that")); $this->redirectTo(osc_user_dashboard_url()); } } else { osc_add_flash_error_message(_m("Oops! you can not do that")); $this->redirectTo(osc_base_url()); } break; } }
function doModel() { switch (Params::getParam('type')) { case 'add': // calling add currency view $aCurrency = array('pk_c_code' => '', 's_name' => '', 's_description' => ''); $this->_exportVariableToView('aCurrency', $aCurrency); $this->_exportVariableToView('typeForm', 'add_post'); $this->doView('settings/currency_form.php'); break; case 'add_post': // adding a new currency osc_csrf_check(); $currencyCode = Params::getParam('pk_c_code'); $currencyName = Params::getParam('s_name'); $currencyDescription = Params::getParam('s_description'); // cleaning parameters $currencyName = trim(strip_tags($currencyName)); $currencyDescription = trim(strip_tags($currencyDescription)); $currencyCode = trim(strip_tags($currencyCode)); if (!preg_match('/^.{1,3}$/', $currencyCode)) { osc_add_flash_error_message(_m('The currency code is not in the correct format'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies'); } $fields = array('pk_c_code' => $currencyCode, 's_name' => $currencyName, 's_description' => $currencyDescription); $isInserted = Currency::newInstance()->insert($fields); if ($isInserted) { osc_add_flash_ok_message(_m('Currency added'), 'admin'); } else { osc_add_flash_error_message(_m("Currency couldn't be added"), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies'); break; case 'edit': // calling edit currency view $currencyCode = Params::getParam('code'); $currencyCode = trim(strip_tags($currencyCode)); if ($currencyCode == '') { osc_add_flash_warning_message(sprintf(_m("The currency code '%s' doesn't exist"), $currencyCode), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies'); } $aCurrency = Currency::newInstance()->findByPrimaryKey($currencyCode); if (!$aCurrency) { osc_add_flash_warning_message(sprintf(_m("The currency code '%s' doesn't exist"), $currencyCode), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies'); } $this->_exportVariableToView('aCurrency', $aCurrency); $this->_exportVariableToView('typeForm', 'edit_post'); $this->doView('settings/currency_form.php'); break; case 'edit_post': // updating currency osc_csrf_check(); $currencyName = Params::getParam('s_name'); $currencyDescription = Params::getParam('s_description'); $currencyCode = Params::getParam('pk_c_code'); // cleaning parameters $currencyName = trim(strip_tags($currencyName)); $currencyDescription = trim(strip_tags($currencyDescription)); $currencyCode = trim(strip_tags($currencyCode)); if (!preg_match('/.{1,3}/', $currencyCode)) { osc_add_flash_error_message(_m('Error: the currency code is not in the correct format'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies'); } $updated = Currency::newInstance()->update(array('s_name' => $currencyName, 's_description' => $currencyDescription), array('pk_c_code' => $currencyCode)); if ($updated == 1) { osc_add_flash_ok_message(_m('Currency updated'), 'admin'); } else { osc_add_flash_info_message(_m('No changes were made'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies'); break; case 'delete': // deleting a currency osc_csrf_check(); $rowChanged = 0; $aCurrencyCode = Params::getParam('code'); if (!is_array($aCurrencyCode)) { $aCurrencyCode = array($aCurrencyCode); } $msg_current = ''; foreach ($aCurrencyCode as $currencyCode) { if (preg_match('/.{1,3}/', $currencyCode) && $currencyCode != osc_currency()) { $rowChanged += Currency::newInstance()->delete(array('pk_c_code' => $currencyCode)); } // foreign key error if (Currency::newInstance()->getErrorLevel() == '1451') { $msg_current .= sprintf('</p><p>' . _m("%s couldn't be deleted because it has listings associated to it"), $currencyCode); } else { if ($currencyCode == osc_currency()) { $msg_current .= sprintf('</p><p>' . _m("%s couldn't be deleted because it's the default currency"), $currencyCode); } } } $msg = ''; $status = ''; switch ($rowChanged) { case '0': $msg = _m('No currencies have been deleted'); $status = 'error'; break; case '1': $msg = _m('One currency has been deleted'); $status = 'ok'; break; default: $msg = sprintf(_m('%s currencies have been deleted'), $rowChanged); $status = 'ok'; break; } if ($status == 'ok' && $msg_current != '') { $status = 'warning'; } switch ($status) { case 'error': osc_add_flash_error_message($msg . $msg_current, 'admin'); break; case 'warning': osc_add_flash_warning_message($msg . $msg_current, 'admin'); break; case 'ok': osc_add_flash_ok_message($msg, 'admin'); break; } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies'); break; default: // calling the currencies view $aCurrencies = Currency::newInstance()->listAll(); $this->_exportVariableToView('aCurrencies', $aCurrencies); $this->doView('settings/currencies.php'); break; } }
function doModel() { parent::doModel(); //specific things for this class switch ($this->action) { case 'edit': if (Params::getParam("id") == '') { $this->redirectTo(osc_admin_base_url(true) . "?page=emails"); } $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } $this->_exportVariableToView("email", $this->emailManager->findByPrimaryKey(Params::getParam("id"))); $this->doView("emails/frm.php"); break; case 'edit_post': osc_csrf_check(); $id = Params::getParam("id"); $s_internal_name = Params::getParam("s_internal_name"); $aFieldsDescription = array(); $postParams = Params::getParamsAsArray('', false); $not_empty = false; foreach ($postParams as $k => $v) { if (preg_match('|(.+?)#(.+)|', $k, $m)) { if ($m[2] == 's_title' && $v != '') { $not_empty = true; } $aFieldsDescription[$m[1]][$m[2]] = $v; } } Session::newInstance()->_setForm('s_internal_name', $s_internal_name); Session::newInstance()->_setForm('aFieldsDescription', $aFieldsDescription); if ($not_empty) { foreach ($aFieldsDescription as $k => $_data) { $this->emailManager->updateDescription($id, $k, $_data['s_title'], $_data['s_text']); } if (!$this->emailManager->internalNameExists($id, $s_internal_name)) { if (!$this->emailManager->isIndelible($id)) { $this->emailManager->updateInternalName($id, $s_internal_name); } Session::newInstance()->_clearVariables(); osc_add_flash_ok_message(_m('The email/alert has been updated'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=emails"); } osc_add_flash_error_message(_m('You can\'t repeat internal name'), 'admin'); } else { osc_add_flash_error_message(_m('The email couldn\'t be updated, at least one title should not be empty'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . "?page=emails&action=edit&id=" . $id); break; default: //- if (Params::getParam('iDisplayLength') == '') { Params::setParam('iDisplayLength', 10); } $p_iPage = 1; if (is_numeric(Params::getParam('iPage')) && Params::getParam('iPage') >= 1) { $p_iPage = Params::getParam('iPage'); } Params::setParam('iPage', $p_iPage); $prefLocale = osc_current_admin_locale(); $emails = $this->emailManager->listAll(1); // pagination $start = ($p_iPage - 1) * Params::getParam('iDisplayLength'); $limit = Params::getParam('iDisplayLength'); $count = count($emails); $displayRecords = $limit; if ($start + $limit > $count) { $displayRecords = $start + $limit - $count; } // ---- $aData = array(); $max = $start + $limit; if ($max > $count) { $max = $count; } for ($i = $start; $i < $max; $i++) { $email = $emails[$i]; if (isset($email['locale'][$prefLocale]) && !empty($email['locale'][$prefLocale]['s_title'])) { $title = $email['locale'][$prefLocale]; } else { $title = current($email['locale']); } $options = array(); $options[] = '<a href="' . osc_admin_base_url(true) . '?page=emails&action=edit&id=' . $email["pk_i_id"] . '">' . __('Edit') . '</a>'; $auxOptions = '<ul>' . PHP_EOL; foreach ($options as $actual) { $auxOptions .= '<li>' . $actual . '</li>' . PHP_EOL; } $actions = '<div class="actions">' . $auxOptions . '</div>' . PHP_EOL; $row = array(); $row[] = $email['s_internal_name'] . $actions; $row[] = $title['s_title']; $aData[] = $row; } // ---- $array['iTotalRecords'] = $displayRecords; $array['iTotalDisplayRecords'] = count($emails); $array['iDisplayLength'] = $limit; $array['aaData'] = $aData; $page = (int) Params::getParam('iPage'); if (count($array['aaData']) == 0 && $page != 1) { $total = (int) $array['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $array['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . $_SERVER['QUERY_STRING']; if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aEmails', $array); $this->doView("emails/index.php"); } }
function doModel() { parent::doModel(); switch($this->action) { case('add'): // callin add view $this->_exportVariableToView( 'admin', null ); $this->doView('admins/frm.php'); break; case('add_post'): if( defined('DEMO') ) { osc_add_flash_warning_message( _m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } osc_csrf_check(); // adding a new admin $sPassword = Params::getParam('s_password', false, false); $sName = Params::getParam('s_name'); $sEmail = Params::getParam('s_email'); $sUserName = Params::getParam('s_username'); $bModerator = Params::getParam('b_moderator')==0?0:1; // cleaning parameters $sPassword = strip_tags($sPassword); $sPassword = trim($sPassword); $sName = strip_tags($sName); $sName = trim($sName); $sEmail = strip_tags($sEmail); $sEmail = trim($sEmail); $sUserName = strip_tags($sUserName); $sUserName = trim($sUserName); // Checks for legit data if( !osc_validate_email($sEmail, true) ) { osc_add_flash_warning_message( _m("Email invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } if( !osc_validate_username($sUserName) ) { osc_add_flash_warning_message( _m("Username invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } if( $sName == '' ) { osc_add_flash_warning_message( _m("Name invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true).'?page=admins&action=add'); } if( $sPassword == '' ) { osc_add_flash_warning_message( _m("Password invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } $admin = $this->adminManager->findByEmail($sEmail); if( $admin ) { osc_add_flash_warning_message( _m("Email already in use"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } $admin = $this->adminManager->findByUsername($sUserName); if( $admin ) { osc_add_flash_warning_message( _m("Username already in use"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } $array = array( 's_password' => osc_hash_password($sPassword), 's_name' => $sName, 's_email' => $sEmail, 's_username' => $sUserName, 'b_moderator' => $bModerator ); $isInserted = $this->adminManager->insert($array); if( $isInserted ) { // send email osc_run_hook('hook_email_new_admin', array( 's_name' => $sName, 's_username' => $sUserName, 's_password' => $sPassword, 's_email' => $sEmail ) ); osc_add_flash_ok_message( _m('The admin has been added'), 'admin'); } else { osc_add_flash_error_message( _m('There has been an error adding a new admin'), 'admin'); } $this->redirectTo(osc_admin_base_url(true).'?page=admins'); break; case('edit'): // calling edit admin view $adminEdit = null; $adminId = Params::getParam('id'); if( $adminId != '' ) { $adminEdit = $this->adminManager->findByPrimaryKey((int) $adminId); } elseif( Session::newInstance()->_get('adminId') != '') { $adminEdit = $this->adminManager->findByPrimaryKey( Session::newInstance()->_get('adminId') ); } if( count($adminEdit) == 0 ) { osc_add_flash_error_message( _m('There is no admin with this id'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } $this->_exportVariableToView("admin", $adminEdit); $this->doView('admins/frm.php'); break; case('edit_post'): if( defined('DEMO') ) { osc_add_flash_warning_message( _m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } osc_csrf_check(); // updating a new admin $iUpdated = 0; $adminId = Params::getParam('id'); $sPassword = Params::getParam('s_password', false, false); $sPassword2 = Params::getParam('s_password2', false, false); $sOldPassword = Params::getParam('old_password', false, false); $sName = Params::getParam('s_name'); $sEmail = Params::getParam('s_email'); $sUserName = Params::getParam('s_username'); $bModerator = Params::getParam('b_moderator')==0?0:1; // cleaning parameters $sPassword = strip_tags($sPassword); $sPassword = trim($sPassword); $sPassword2 = strip_tags($sPassword2); $sPassword2 = trim($sPassword2); $sName = strip_tags($sName); $sName = trim($sName); $sEmail = strip_tags($sEmail); $sEmail = trim($sEmail); $sUserName = strip_tags($sUserName); $sUserName = trim($sUserName); // Checks for legit data if( !osc_validate_email($sEmail, true) ) { osc_add_flash_warning_message( _m("Email invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } if( !osc_validate_username($sUserName) ) { osc_add_flash_warning_message( _m("Username invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } if( $sName == '' ) { osc_add_flash_warning_message( _m("Name invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } $aAdmin = $this->adminManager->findByPrimaryKey($adminId); if( count($aAdmin) == 0 ) { osc_add_flash_error_message( _m("This admin doesn't exist"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } if( $aAdmin['s_email'] != $sEmail ) { if($this->adminManager->findByEmail( $sEmail ) ) { osc_add_flash_warning_message( _m('Existing email'), 'admin'); $this->redirectTo(osc_admin_base_url(true).'?page=admins&action=edit&id=' . $adminId); } } if( $aAdmin['s_username'] != $sUserName ) { if( $this->adminManager->findByUsername( $sUserName ) ) { osc_add_flash_warning_message( _m('Existing username'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } } $conditions = array('pk_i_id' => $adminId); $array = array(); if(osc_logged_admin_id()==$adminId) { if($sOldPassword != '' ) { if( $sPassword=='' ) { osc_add_flash_warning_message( _m("Password invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } else { $firstCondition = osc_verify_password($sOldPassword, $aAdmin['s_password']); $secondCondition = ( $sPassword == $sPassword2 ); if( $firstCondition && $secondCondition ) { $array['s_password'] = osc_hash_password($sPassword); } else { osc_add_flash_warning_message( _m("The password couldn't be updated. Passwords don't match"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } } } } else { if( $sPassword!='') { if($sPassword == $sPassword2) { $array['s_password'] = osc_hash_password($sPassword); } else { osc_add_flash_warning_message( _m("The password couldn't be updated. Passwords don't match"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } } } if($adminId!=osc_logged_admin_id()) { $array['b_moderator'] = $bModerator; } $array['s_name'] = Params::getParam('s_name'); $array['s_username'] = $sUserName; $array['s_email'] = $sEmail; $iUpdated = $this->adminManager->update($array, $conditions); if( $iUpdated > 0 ) { osc_add_flash_ok_message( _m('The admin has been updated'), 'admin'); } if( $this->isModerator() ) { $this->redirectTo(osc_admin_base_url(true)); } else { $this->redirectTo(osc_admin_base_url(true).'?page=admins'); } break; case('delete'): if( defined('DEMO') ) { osc_add_flash_warning_message( _m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } osc_csrf_check(); // deleting and admin $isDeleted = false; $adminId = Params::getParam('id'); if( !is_array($adminId) ) { osc_add_flash_error_message( _m("The admin id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } // Verification to avoid an administrator trying to remove to itself if( in_array(Session::newInstance()->_get('adminId'), $adminId) ) { osc_add_flash_error_message( _m("The operation hasn't been completed. You're trying to remove yourself!"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } $isDeleted = $this->adminManager->deleteBatch( $adminId ); if( $isDeleted ) { osc_add_flash_ok_message( _m('The admin has been deleted correctly'), 'admin'); } else { osc_add_flash_error_message( _m('The admin couldn\'t be deleted'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); break; default: if(Params::getParam("action")!="") { osc_run_hook("admin_bulk_".Params::getParam("action"), Params::getParam('id')); } if( Params::getParam('iDisplayLength') == '' ) { Params::setParam('iDisplayLength', 10 ); } $p_iPage = 1; if( is_numeric(Params::getParam('iPage')) && Params::getParam('iPage') >= 1 ) { $p_iPage = Params::getParam('iPage'); } Params::setParam('iPage', $p_iPage); $admins = $this->adminManager->listAll(); // pagination $start = ($p_iPage-1) * Params::getParam('iDisplayLength'); $limit = Params::getParam('iDisplayLength'); $count = count( $admins ); $displayRecords = $limit; if( ($start+$limit ) > $count ) { $displayRecords = ($start+$limit) - $count; } // ---- $aData = array(); $max = ($start+$limit); if($max > $count) $max = $count; for($i = $start; $i < $max; $i++) { $admin = $admins[$i]; $options = array(); $options[] = '<a href="' . osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $admin['pk_i_id'] . '">' . __('Edit') . '</a>'; $options[] = '<a onclick="return delete_dialog(\'' . $admin['pk_i_id'] . '\');" href="' . osc_admin_base_url(true) . '?page=admins&action=delete&id[]=' . $admin['pk_i_id'] . '">' . __('Delete') . '</a>'; $auxOptions = '<ul>'.PHP_EOL; foreach( $options as $actual ) { $auxOptions .= '<li>'.$actual.'</li>'.PHP_EOL; } $actions = '<div class="actions">'.$auxOptions.'</div>'.PHP_EOL; $row = array(); $row[] = '<input type="checkbox" name="id[]" value="' . $admin['pk_i_id'] . '" />'; $row[] = $admin['s_username'] . $actions; $row[] = $admin['s_name']; $row[] = $admin['s_email']; $aData[] = $row; } $array['iTotalRecords'] = $displayRecords; $array['iTotalDisplayRecords'] = count($admins); $array['iDisplayLength'] = $limit; $array['aaData'] = $aData; $page = (int)Params::getParam('iPage'); if(count($array['aaData']) == 0 && $page!=1) { $total = (int)$array['iTotalDisplayRecords']; $maxPage = ceil( $total / (int)$array['iDisplayLength'] ); $url = osc_admin_base_url(true).'?'.$_SERVER['QUERY_STRING']; if($maxPage==0) { $url = preg_replace('/&iPage=(\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if($page > 1) { $url = preg_replace('/&iPage=(\d)+/', '&iPage='.$maxPage, $url); $this->redirectTo($url); } } $bulk_options = array( array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected admins?'), strtolower(__('Delete'))), 'label' => __('Delete')) ); $bulk_options = osc_apply_filter("admin_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); $this->_exportVariableToView('aAdmins', $array); // calling manage admins view $this->doView('admins/index.php'); break; } }
function doModel() { switch ($this->action) { case 'register': //register user $this->doView('user-register.php'); break; case 'register_post': //register user osc_csrf_check(); if (!osc_users_enabled()) { osc_add_flash_error_message(_m('Users are not enabled')); $this->redirectTo(osc_base_url()); } osc_run_hook('before_user_register'); $banned = osc_is_banned(Params::getParam('s_email')); if ($banned == 1) { osc_add_flash_error_message(_m('Your current email is not allowed')); $this->redirectTo(osc_register_account_url()); } else { if ($banned == 2) { osc_add_flash_error_message(_m('Your current IP is not allowed')); $this->redirectTo(osc_register_account_url()); } } require_once LIB_PATH . 'osclass/UserActions.php'; $userActions = new UserActions(false); $success = $userActions->add(); switch ($success) { case 1: osc_add_flash_ok_message(_m('The user has been created. An activation email has been sent')); $this->redirectTo(osc_base_url()); break; case 2: osc_add_flash_ok_message(_m('Your account has been created successfully')); $this->doView('user-login.php'); break; case 3: osc_add_flash_warning_message(_m('The specified e-mail is already in use')); $this->doView('user-register.php'); break; case 4: osc_add_flash_error_message(_m('The reCAPTCHA was not entered correctly')); $this->doView('user-register.php'); break; case 5: osc_add_flash_warning_message(_m('The email is not valid')); $this->doView('user-register.php'); break; case 6: osc_add_flash_warning_message(_m('The password cannot be empty')); $this->doView('user-register.php'); break; case 7: osc_add_flash_warning_message(_m("Passwords don't match")); $this->doView('user-register.php'); break; case 8: osc_add_flash_warning_message(_m("Username is already taken")); $this->doView('user-register.php'); break; case 9: osc_add_flash_warning_message(_m("The specified username is not valid, it contains some invalid words")); $this->doView('user-register.php'); break; } break; case 'validate': //validate account $id = intval(Params::getParam('id')); $code = Params::getParam('code'); $userManager = new User(); $user = $userManager->findByIdSecret($id, $code); if (!$user) { osc_add_flash_error_message(_m('The link is not valid anymore. Sorry for the inconvenience!')); $this->redirectTo(osc_base_url()); } if ($user['b_active'] == 1) { osc_add_flash_error_message(_m('Your account has already been validated')); $this->redirectTo(osc_base_url()); } $userManager = new User(); $userManager->update(array('b_active' => '1'), array('pk_i_id' => $id, 's_secret' => $code)); // Auto-login Session::newInstance()->_set('userId', $user['pk_i_id']); Session::newInstance()->_set('userName', $user['s_name']); Session::newInstance()->_set('userEmail', $user['s_email']); $phone = $user['s_phone_mobile'] ? $user['s_phone_mobile'] : $user['s_phone_land']; Session::newInstance()->_set('userPhone', $phone); osc_run_hook('hook_email_user_registration', $user); osc_run_hook('validate_user', $user); osc_add_flash_ok_message(_m('Your account has been validated')); $this->redirectTo(osc_base_url()); break; } }
function doModel() { parent::doModel(); if (osc_is_moderator() && ($this->action == 'settings' || $this->action == 'settings_post')) { osc_add_flash_error_message(_m("You don't have enough permissions"), "admin"); $this->redirectTo(osc_admin_base_url()); } //specific things for this class switch ($this->action) { case 'bulk_actions': osc_csrf_check(); $mItems = new ItemActions(true); switch (Params::getParam('bulk_actions')) { case 'enable_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->enable($_id)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been enabled', '%d listings have been enabled', $numSuccess), $numSuccess), 'admin'); } break; case 'disable_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->disable((int) $_id)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been disabled', '%d listings have been disabled', $numSuccess), $numSuccess), 'admin'); } break; case 'activate_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->activate($_id)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been activated', '%d listings have been activated', $numSuccess), $numSuccess), 'admin'); } break; case 'deactivate_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->deactivate($_id)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_m('%d listing has been deactivated', '%d listings have been deactivated', $numSuccess), $numSuccess), 'admin'); } break; case 'premium_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->premium($_id)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been marked as premium', '%d listings have been marked as premium', $numSuccess), $numSuccess), 'admin'); } break; case 'depremium_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->premium($_id, false)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_mn('%d change has been made', '%d changes have been made', $numSuccess), $numSuccess), 'admin'); } break; case 'spam_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->spam($_id)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been marked as spam', '%d listings have been marked as spam', $numSuccess), $numSuccess), 'admin'); } break; case 'despam_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->spam($_id, false)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_mn('%d change has been made', '%d changes have been made', $numSuccess), $numSuccess), 'admin'); } break; case 'delete_all': $id = Params::getParam('id'); $success = false; if ($id) { $numSuccess = 0; foreach ($id as $i) { if ($i) { $item = $this->itemManager->findByPrimaryKey($i); $success = $mItems->delete($item['s_secret'], $item['pk_i_id']); if ($success) { $numSuccess++; } } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been deleted', '%d listings have been deleted', $numSuccess), $numSuccess), 'admin'); } break; case 'clear_spam_all': $id = Params::getParam('id'); $success = false; if ($id) { $numSuccess = 0; foreach ($id as $i) { if ($i) { $success = $this->itemManager->clearStat($i, 'spam'); if ($success) { $numSuccess++; } } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked as spam', '%d listings have been unmarked as spam', $numSuccess), $numSuccess), 'admin'); } break; case 'clear_bad_all': $id = Params::getParam('id'); $success = false; if ($id) { $numSuccess = 0; foreach ($id as $i) { if ($i) { $success = $this->itemManager->clearStat($i, 'bad'); if ($success) { $numSuccess++; } } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked as missclassified', '%d listings have been unmarked as missclassified', $numSuccess), $numSuccess), 'admin'); } break; case 'clear_dupl_all': $id = Params::getParam('id'); $success = false; if ($id) { $numSuccess = 0; foreach ($id as $i) { if ($i) { $success = $this->itemManager->clearStat($i, 'duplicated'); if ($success) { $numSuccess++; } } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked as duplicated', '%d listings have been unmarked as duplicated', $numSuccess), $numSuccess), 'admin'); } break; case 'clear_expi_all': $id = Params::getParam('id'); $success = false; if ($id) { $numSuccess = 0; foreach ($id as $i) { if ($i) { $success = $this->itemManager->clearStat($i, 'expired'); if ($success) { $numSuccess++; } } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked as expired', '%d listings have been unmarked as expired', $numSuccess), $numSuccess), 'admin'); } break; case 'clear_offe_all': $id = Params::getParam('id'); $success = false; if ($id) { $numSuccess = 0; foreach ($id as $i) { if ($i) { $success = $this->itemManager->clearStat($i, 'offensive'); if ($success) { $numSuccess++; } } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked as offensive', '%d listings have been unmarked as offensive', $numSuccess), $numSuccess), 'admin'); } break; case 'clear_all': $id = Params::getParam('id'); $success = false; if ($id) { $numSuccess = 0; foreach ($id as $i) { if ($i) { $success = $this->itemManager->clearStat($i, 'all'); if ($success) { $numSuccess++; } } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked', '%d listings have been unmarked', $numSuccess), $numSuccess), 'admin'); } break; default: if (Params::getParam("bulk_actions") != "") { osc_run_hook("item_bulk_" . Params::getParam("bulk_actions"), Params::getParam('id')); } break; } $this->redirectTo($_SERVER['HTTP_REFERER']); break; case 'delete': //delete osc_csrf_check(); $id = Params::getParam('id'); $success = false; foreach ($id as $i) { if ($i) { $aItem = $this->itemManager->findByPrimaryKey($i); $mItems = new ItemActions(true); $success = $mItems->delete($aItem['s_secret'], $aItem['pk_i_id']); } } if ($success) { osc_add_flash_ok_message(_m('The listing has been deleted'), 'admin'); } else { osc_add_flash_error_message(_m("The listing couldn't be deleted"), 'admin'); } $this->redirectTo($_SERVER['HTTP_REFERER']); break; case 'status': //status osc_csrf_check(); $id = Params::getParam('id'); $value = Params::getParam('value'); if (!$id) { return false; } $id = (int) $id; if (!is_numeric($id)) { return false; } if (!in_array($value, array('ACTIVE', 'INACTIVE', 'ENABLE', 'DISABLE'))) { return false; } $item = $this->itemManager->findByPrimaryKey($id); $mItems = new ItemActions(true); switch ($value) { case 'ACTIVE': $success = $mItems->activate($id); if ($success && $success > 0) { osc_add_flash_ok_message(_m('The listing has been activated'), 'admin'); } else { if (!$success) { osc_add_flash_error_message(_m('An error has occurred'), 'admin'); } else { osc_add_flash_error_message(_m("The listing can't be activated because it's blocked"), 'admin'); } } break; case 'INACTIVE': $success = $mItems->deactivate($id); if ($success && $success > 0) { osc_add_flash_ok_message(_m('The listing has been deactivated'), 'admin'); } else { osc_add_flash_error_message(_m('An error has occurred'), 'admin'); } break; case 'ENABLE': $success = $mItems->enable($id); if ($success && $success > 0) { osc_add_flash_ok_message(_m('The listing has been enabled'), 'admin'); } else { osc_add_flash_error_message(_m('An error has occurred'), 'admin'); } break; case 'DISABLE': $success = $mItems->disable($id); if ($success && $success > 0) { osc_add_flash_ok_message(_m('The listing has been disabled'), 'admin'); } else { osc_add_flash_error_message(_m('An error has occurred'), 'admin'); } break; } $this->redirectTo($_SERVER['HTTP_REFERER']); break; case 'status_premium': //status premium osc_csrf_check(); $id = Params::getParam('id'); $value = Params::getParam('value'); if (!$id) { return false; } $id = (int) $id; if (!is_numeric($id)) { return false; } if (!in_array($value, array(0, 1))) { return false; } $mItems = new ItemActions(true); if ($mItems->premium($id, $value == 1 ? true : false)) { osc_add_flash_ok_message(_m('Changes have been applied'), 'admin'); } else { osc_add_flash_error_message(_m('An error has occurred'), 'admin'); } $this->redirectTo($_SERVER['HTTP_REFERER']); break; case 'status_spam': //status spam osc_csrf_check(); $id = Params::getParam('id'); $value = Params::getParam('value'); if (!$id) { return false; } $id = (int) $id; if (!is_numeric($id)) { return false; } if (!in_array($value, array(0, 1))) { return false; } $mItems = new ItemActions(true); if ($mItems->spam($id, $value == 1 ? true : false)) { osc_add_flash_ok_message(_m('Changes have been applied'), 'admin'); } else { osc_add_flash_error_message(_m('An error has occurred'), 'admin'); } $this->redirectTo($_SERVER['HTTP_REFERER']); break; case 'clear_stat': osc_csrf_check(); $id = Params::getParam('id'); $stat = Params::getParam('stat'); if (!$id) { return false; } if (!$stat) { return false; } $id = (int) $id; if (!is_numeric($id)) { return false; } $success = $this->itemManager->clearStat($id, $stat); if ($success) { osc_add_flash_ok_message(_m('The listing has been unmarked as') . " {$stat}", 'admin'); } else { osc_add_flash_error_message(_m("The listing hasn't been unmarked as") . " {$stat}", 'admin'); } $this->redirectTo($_SERVER['HTTP_REFERER']); break; case 'item_edit': // edit item $id = Params::getParam('id'); $item = Item::newInstance()->findByPrimaryKey($id); if (count($item) <= 0) { $this->redirectTo(osc_admin_base_url(true) . "?page=items"); } $csrf_token = osc_csrf_token_url(); if ($item['b_active']) { $actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=INACTIVE">' . __('Deactivate') . '</a>'; } else { $actions[] = '<a class="btn btn-red float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=ACTIVE">' . __('Activate') . '</a>'; } if ($item['b_enabled']) { $actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=DISABLE">' . __('Block') . '</a>'; } else { $actions[] = '<a class="btn btn-red float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=ENABLE">' . __('Unblock') . '</a>'; } if ($item['b_premium']) { $actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status_premium&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=0">' . __('Unmark as premium') . '</a>'; } else { $actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status_premium&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=1">' . __('Mark as premium') . '</a>'; } if ($item['b_spam']) { $actions[] = '<a class="btn btn-red float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status_spam&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=0">' . __('Unmark as spam') . '</a>'; } else { $actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status_spam&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=1">' . __('Mark as spam') . '</a>'; } $this->_exportVariableToView("actions", $actions); $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } // save referer if belongs to manage items // redirect only if ManageItems or ReportedListngs if (isset($_SERVER['HTTP_REFERER'])) { $referer = $_SERVER['HTTP_REFERER']; if (preg_match('/page=items/', $referer)) { if (preg_match("/action=([\\p{L}|_|-]+)/u", $referer, $matches)) { if ($matches[1] == 'items_reported') { Session::newInstance()->_set('osc_admin_referer', $referer); } } else { // no actions - Manage Listings Session::newInstance()->_set('osc_admin_referer', $referer); } } } $this->_exportVariableToView("item", $item); $this->_exportVariableToView("new_item", FALSE); osc_run_hook("before_item_edit", $item); $this->doView('items/frm.php'); break; case 'item_edit_post': osc_csrf_check(); $mItems = new ItemActions(true); $mItems->prepareData(false); // set all parameters into session foreach ($mItems->data as $key => $value) { Session::newInstance()->_setForm($key, $value); } $meta = Params::getParam('meta'); if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_setForm('meta_' . $key, $value); Session::newInstance()->_keepForm('meta_' . $key); } } $success = $mItems->edit(); if ($success == 1) { osc_add_flash_ok_message(_m('Changes saved correctly'), 'admin'); $url = osc_admin_base_url(true) . "?page=items"; // if Referer is saved that means referer is ManageListings or ReportListings if (Session::newInstance()->_get('osc_admin_referer') != '') { $url = Session::newInstance()->_get('osc_admin_referer'); } Session::newInstance()->_clearVariables(); $this->redirectTo($url); } else { osc_add_flash_error_message($success, 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=items&action=item_edit&id=" . Params::getParam('id')); } break; case 'deleteResource': //delete resource osc_csrf_check(); $id = Params::getParam('id'); $name = Params::getParam('name'); $fkid = Params::getParam('fkid'); // delete files osc_deleteResource($id, true); Log::newInstance()->insertLog('items', 'deleteResource', $id, $id, 'admin', osc_logged_admin_id()); $result = ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $fkid, 's_name' => $name)); if ($result === false) { osc_add_flash_error_message(_m('An error has occurred'), 'admin'); } else { osc_add_flash_ok_message(_m('Resource deleted'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . "?page=items"); break; case 'post': // add item $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } $this->_exportVariableToView("new_item", TRUE); osc_run_hook('post_item'); $this->doView('items/frm.php'); break; case 'post_item': //post item osc_csrf_check(); $mItem = new ItemActions(true); $mItem->prepareData(true); // set all parameters into session foreach ($mItem->data as $key => $value) { Session::newInstance()->_setForm($key, $value); } $meta = Params::getParam('meta'); if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_setForm('meta_' . $key, $value); Session::newInstance()->_keepForm('meta_' . $key); } } $success = $mItem->add(); if ($success == 1 || $success == 2) { $url = osc_admin_base_url(true) . "?page=items"; // if Referer is saved that means referer is ManageListings or ReportListings if (Session::newInstance()->_get('osc_admin_referer') != '') { Session::newInstance()->_drop('osc_admin_referer'); $url = Session::newInstance()->_get('osc_admin_referer'); } Session::newInstance()->_clearVariables(); osc_add_flash_ok_message(_m('A new listing has been added'), 'admin'); $this->redirectTo($url); } else { osc_add_flash_error_message($success, 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=items&action=post"); } break; case 'settings': // calling the items settings view $this->doView('items/settings.php'); break; case 'settings_post': // update item settings osc_csrf_check(); $iUpdated = 0; $enabledRecaptchaItems = Params::getParam('enabled_recaptcha_items'); $enabledRecaptchaItems = $enabledRecaptchaItems == '1' ? true : false; $moderateItems = Params::getParam('moderate_items'); $moderateItems = $moderateItems != '' ? true : false; $numModerateItems = Params::getParam('num_moderate_items'); $itemsWaitTime = Params::getParam('items_wait_time'); $loggedUserItemValidation = Params::getParam('logged_user_item_validation'); $loggedUserItemValidation = $loggedUserItemValidation != '' ? true : false; $regUserPost = Params::getParam('reg_user_post'); $regUserPost = $regUserPost != '' ? true : false; $notifyNewItem = Params::getParam('notify_new_item'); $notifyNewItem = $notifyNewItem != '' ? true : false; $notifyContactItem = Params::getParam('notify_contact_item'); $notifyContactItem = $notifyContactItem != '' ? true : false; $notifyContactFriends = Params::getParam('notify_contact_friends'); $notifyContactFriends = $notifyContactFriends != '' ? true : false; $enabledFieldPriceItems = Params::getParam('enableField#f_price@items'); $enabledFieldPriceItems = $enabledFieldPriceItems != '' ? true : false; $enabledFieldImagesItems = Params::getParam('enableField#images@items'); $enabledFieldImagesItems = $enabledFieldImagesItems != '' ? true : false; $numImagesItems = Params::getParam('numImages@items'); if ($numImagesItems == '') { $numImagesItems = 0; } $regUserCanContact = Params::getParam('reg_user_can_contact'); $regUserCanContact = $regUserCanContact != '' ? true : false; $contactItemAttachment = Params::getParam('item_attachment'); $contactItemAttachment = $contactItemAttachment != '' ? true : false; $msg = ''; if (!osc_validate_int(Params::getParam("items_wait_time"))) { $msg .= _m("Wait time must only contain numeric characters") . "<br/>"; } if (Params::getParam("num_moderate_items") != '' && !osc_validate_int(Params::getParam("num_moderate_items"))) { $msg .= _m("Number of moderated listings must only contain numeric characters") . "<br/>"; } if (!osc_validate_int($numImagesItems)) { $msg .= _m("Images per listing must only contain numeric characters") . "<br/>"; } if ($msg != '') { osc_add_flash_error_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=items&action=settings'); } $iUpdated += Preference::newInstance()->update(array('s_value' => $enabledRecaptchaItems), array('s_name' => 'enabled_recaptcha_items')); if ($moderateItems) { $iUpdated += Preference::newInstance()->update(array('s_value' => $numModerateItems), array('s_name' => 'moderate_items')); } else { $iUpdated += Preference::newInstance()->update(array('s_value' => '-1'), array('s_name' => 'moderate_items')); } $iUpdated += Preference::newInstance()->update(array('s_value' => $loggedUserItemValidation), array('s_name' => 'logged_user_item_validation')); $iUpdated += Preference::newInstance()->update(array('s_value' => $regUserPost), array('s_name' => 'reg_user_post')); $iUpdated += Preference::newInstance()->update(array('s_value' => $notifyNewItem), array('s_name' => 'notify_new_item')); $iUpdated += Preference::newInstance()->update(array('s_value' => $notifyContactItem), array('s_name' => 'notify_contact_item')); $iUpdated += Preference::newInstance()->update(array('s_value' => $notifyContactFriends), array('s_name' => 'notify_contact_friends')); $iUpdated += Preference::newInstance()->update(array('s_value' => $enabledFieldPriceItems), array('s_name' => 'enableField#f_price@items')); $iUpdated += Preference::newInstance()->update(array('s_value' => $enabledFieldImagesItems), array('s_name' => 'enableField#images@items')); $iUpdated += Preference::newInstance()->update(array('s_value' => $itemsWaitTime), array('s_name' => 'items_wait_time')); $iUpdated += Preference::newInstance()->update(array('s_value' => $numImagesItems), array('s_name' => 'numImages@items')); $iUpdated += Preference::newInstance()->update(array('s_value' => $regUserCanContact), array('s_name' => 'reg_user_can_contact')); $iUpdated += Preference::newInstance()->update(array('s_value' => $contactItemAttachment), array('s_name' => 'item_attachment')); if ($iUpdated > 0) { osc_add_flash_ok_message(_m("Listings' settings have been updated"), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=items&action=settings'); break; case 'items_reported': require_once osc_lib_path() . "osclass/classes/datatables/ItemsDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') { Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength')); } else { Params::setParam('iDisplayLength', 10); } } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray("get"); $itemsDataTable = new ItemsDataTable(); $itemsDataTable->tableReported($params); $aData = $itemsDataTable->getData(); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . $_SERVER['QUERY_STRING']; if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('aRawRows', $itemsDataTable->rawRows()); //calling the view... $this->doView('items/reported.php'); break; default: // default require_once osc_lib_path() . "osclass/classes/datatables/ItemsDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') { Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength')); } else { Params::setParam('iDisplayLength', 10); } } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray("get"); $itemsDataTable = new ItemsDataTable(); $itemsDataTable->table($params); $aData = $itemsDataTable->getData(); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . $_SERVER['QUERY_STRING']; if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('withFilters', $itemsDataTable->withFilters()); $this->_exportVariableToView('aRawRows', $itemsDataTable->rawRows()); $bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Delete'))), 'label' => __('Delete')), array('value' => 'activate_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Activate'))), 'label' => __('Activate')), array('value' => 'deactivate_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Deactivate'))), 'label' => __('Deactivate')), array('value' => 'disable_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Block'))), 'label' => __('Block')), array('value' => 'enable_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Unblock'))), 'label' => __('Unblock')), array('value' => 'premium_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Mark as premium'))), 'label' => __('Mark as premium')), array('value' => 'depremium_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Unmark as premium'))), 'label' => __('Unmark as premium')), array('value' => 'spam_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Mark as spam'))), 'label' => __('Mark as spam')), array('value' => 'despam_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Unmark as spam'))), 'label' => __('Unmark as spam'))); $bulk_options = osc_apply_filter("item_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); //calling the view... $this->doView('items/index.php'); } }
function doModel() { parent::doModel(); //specific things for this class switch ($this->action) { case 'add': $this->doView("appearance/add.php"); break; case 'add_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=appearance'); } osc_csrf_check(); $filePackage = Params::getFiles('package'); if (isset($filePackage['size']) && $filePackage['size'] != 0) { $path = osc_themes_path(); (int) ($status = osc_unzip_file($filePackage['tmp_name'], $path)); } else { $status = 3; } switch ($status) { case 0: $msg = _m('The theme folder is not writable'); osc_add_flash_error_message($msg, 'admin'); break; case 1: $msg = _m('The theme has been installed correctly'); osc_add_flash_ok_message($msg, 'admin'); break; case 2: $msg = _m('The zip file is not valid'); osc_add_flash_error_message($msg, 'admin'); break; case 3: $msg = _m('No file was uploaded'); osc_add_flash_error_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=appearance&action=add"); break; case -1: default: $msg = _m('There was a problem adding the theme'); osc_add_flash_error_message($msg, 'admin'); break; } $this->redirectTo(osc_admin_base_url(true) . "?page=appearance"); break; case 'delete': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=appearance'); } osc_csrf_check(); $theme = Params::getParam('webtheme'); if ($theme != '') { if ($theme != osc_current_web_theme()) { if (osc_deleteDir(osc_content_path() . "themes/" . $theme . "/")) { osc_add_flash_ok_message(_m("Theme removed successfully"), "admin"); } else { osc_add_flash_error_message(_m("There was a problem removing the theme"), "admin"); } } else { osc_add_flash_error_message(_m("Current theme can not be deleted"), "admin"); } } else { osc_add_flash_error_message(_m("No theme selected"), "admin"); } $this->redirectTo(osc_admin_base_url(true) . "?page=appearance"); break; /* widgets */ /* widgets */ case 'widgets': $info = WebThemes::newInstance()->loadThemeInfo(osc_theme()); $this->_exportVariableToView("info", $info); $this->doView('appearance/widgets.php'); break; case 'add_widget': $this->doView('appearance/add_widget.php'); break; case 'edit_widget': $id = Params::getParam('id'); $widget = Widget::newInstance()->findByPrimaryKey($id); $this->_exportVariableToView("widget", $widget); $this->doView('appearance/add_widget.php'); break; case 'delete_widget': osc_csrf_check(); Widget::newInstance()->delete(array('pk_i_id' => Params::getParam('id'))); osc_add_flash_ok_message(_m('Widget removed correctly'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=appearance&action=widgets"); break; case 'edit_widget_post': osc_csrf_check(); if (!osc_validate_text(Params::getParam("description"))) { osc_add_flash_error_message(_m('Description field is required'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=appearance&action=widgets"); } $res = Widget::newInstance()->update(array('s_description' => Params::getParam('description'), 's_content' => Params::getParam('content', false, false)), array('pk_i_id' => Params::getParam('id'))); if ($res) { osc_add_flash_ok_message(_m('Widget updated correctly'), 'admin'); } else { osc_add_flash_ok_message(_m('Widget cannot be updated correctly'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . "?page=appearance&action=widgets"); break; case 'add_widget_post': osc_csrf_check(); if (!osc_validate_text(Params::getParam("description"))) { osc_add_flash_error_message(_m('Description field is required'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=appearance&action=widgets"); } Widget::newInstance()->insert(array('s_location' => Params::getParam('location'), 'e_kind' => 'html', 's_description' => Params::getParam('description'), 's_content' => Params::getParam('content', false, false))); osc_add_flash_ok_message(_m('Widget added correctly'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=appearance&action=widgets"); break; /* /widget */ /* /widget */ case 'activate': osc_csrf_check(); Preference::newInstance()->update(array('s_value' => Params::getParam('theme')), array('s_section' => 'osclass', 's_name' => 'theme')); osc_add_flash_ok_message(_m('Theme activated correctly'), 'admin'); osc_run_hook("theme_activate", Params::getParam('theme')); $this->redirectTo(osc_admin_base_url(true) . "?page=appearance"); break; case 'render': $this->_exportVariableToView('file', osc_base_path() . Params::getParam("file")); $this->doView('appearance/view.php'); break; default: // $marketError = Params::getParam('marketError'); // $slug = Params::getParam('slug'); // if($marketError!='') { // if($marketError == '0') { // no error installed ok // $help = '<br/><br/><b>' . __('You only need to activate or preview the theme').'</b>'; // osc_add_flash_ok_message( __('Everything was OK!') . ' ( ' . $slug .' ) ' . $help, 'admin'); // } else { // osc_add_flash_error_message( __('Error occurred') . ' ( ' . $slug .' ) ', 'admin'); // } // } // force the recount of themes that need to be updated if (Params::getParam('checkUpdated') != '') { osc_admin_toolbar_update_themes(true); } $themes = WebThemes::newInstance()->getListThemes(); //preparing variables for the view $this->_exportVariableToView("themes", $themes); $this->doView('appearance/index.php'); break; } }
function doModel() { switch ($this->action) { case 'login_post': //post execution for the login osc_csrf_check(); osc_run_hook('before_login_admin'); $url_redirect = osc_get_http_referer(); $page_redirect = ''; $password = Params::getParam('password', false, false); if (preg_match('|[\\?&]page=([^&]+)|', $url_redirect . '&', $match)) { $page_redirect = $match[1]; } if ($page_redirect == '' || $page_redirect == 'login' || $url_redirect == '') { $url_redirect = osc_admin_base_url(); } if (Params::getParam('user') == '') { osc_add_flash_error_message(_m('The username field is empty'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } if (Params::getParam('password', false, false) == '') { osc_add_flash_error_message(_m('The password field is empty'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } // fields are not empty $admin = Admin::newInstance()->findByUsername(Params::getParam('user')); if (!$admin) { osc_add_flash_error_message(sprintf(_m('Sorry, incorrect username. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } if (!osc_verify_password($password, $admin['s_password'])) { osc_add_flash_error_message(sprintf(_m('Sorry, incorrect password. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } else { if (@$admin['s_password'] != '') { if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $admin['s_password'], $cost)) { if ($cost[1] != BCRYPT_COST) { Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id'])); } } else { Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id'])); } } } if (Params::getParam('remember')) { // this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']); Cookie::newInstance()->push('oc_adminSecret', $secret); Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale')); Cookie::newInstance()->set(); } // we are logged in... let's go! Session::newInstance()->_set('adminId', $admin['pk_i_id']); Session::newInstance()->_set('adminUserName', $admin['s_username']); Session::newInstance()->_set('adminName', $admin['s_name']); Session::newInstance()->_set('adminEmail', $admin['s_email']); Session::newInstance()->_set('adminLocale', Params::getParam('locale')); osc_run_hook('login_admin', $admin); $this->redirectTo($url_redirect); break; case 'recover': // form to recover the password (in this case we have the form in /gui/) $this->doView('gui/recover.php'); break; case 'recover_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url()); } osc_csrf_check(); // post execution to recover the password $admin = Admin::newInstance()->findByEmail(Params::getParam('email')); if ($admin) { if (osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The reCAPTCHA code is wrong'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover'); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $newPassword = osc_genRandomPassword(40); Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id'])); $password_url = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword); osc_run_hook('hook_email_user_forgot_password', $admin, $password_url); } osc_add_flash_ok_message(_m('A new password has been sent to your e-mail'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login'); break; case 'forgot': // form to recover the password (in this case we have the form in /gui/) $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if (!$admin) { osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin'); $this->redirectTo(osc_admin_base_url()); } $this->doView('gui/forgot_password.php'); break; case 'forgot_post': osc_csrf_check(); $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if (!$admin) { osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin'); $this->redirectTo(osc_admin_base_url()); } if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) { Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $admin['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login'); } else { osc_add_flash_error_message(_m("Error, the passwords don't match"), 'admin'); $this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code'))); } break; default: //osc_run_hook( 'init_admin' ); Session::newInstance()->_setReferer(osc_get_http_referer()); $this->doView('gui/login.php'); break; } }
function doModel() { switch ($this->action) { case 'comments': //calling the comments settings view $this->doView('settings/comments.php'); break; case 'comments_post': // updating comment osc_csrf_check(); $iUpdated = 0; $enabledComments = Params::getParam('enabled_comments'); $enabledComments = $enabledComments != '' ? true : false; $moderateComments = Params::getParam('moderate_comments'); $moderateComments = $moderateComments != '' ? true : false; $numModerateComments = Params::getParam('num_moderate_comments'); $commentsPerPage = Params::getParam('comments_per_page'); $notifyNewComment = Params::getParam('notify_new_comment'); $notifyNewComment = $notifyNewComment != '' ? true : false; $notifyNewCommentUser = Params::getParam('notify_new_comment_user'); $notifyNewCommentUser = $notifyNewCommentUser != '' ? true : false; $regUserPostComments = Params::getParam('reg_user_post_comments'); $regUserPostComments = $regUserPostComments != '' ? true : false; $msg = ''; if (!osc_validate_int(Params::getParam("num_moderate_comments"))) { $msg .= _m("Number of moderate comments must only contain numeric characters") . "<br/>"; } if (!osc_validate_int(Params::getParam("comments_per_page"))) { $msg .= _m("Comments per page must only contain numeric characters") . "<br/>"; } if ($msg != '') { osc_add_flash_error_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=comments'); } $iUpdated += Preference::newInstance()->update(array('s_value' => $enabledComments), array('s_name' => 'enabled_comments')); if ($moderateComments) { $iUpdated += Preference::newInstance()->update(array('s_value' => $numModerateComments), array('s_name' => 'moderate_comments')); } else { $iUpdated += Preference::newInstance()->update(array('s_value' => '-1'), array('s_name' => 'moderate_comments')); } $iUpdated += Preference::newInstance()->update(array('s_value' => $notifyNewComment), array('s_name' => 'notify_new_comment')); $iUpdated += Preference::newInstance()->update(array('s_value' => $notifyNewCommentUser), array('s_name' => 'notify_new_comment_user')); $iUpdated += Preference::newInstance()->update(array('s_value' => $commentsPerPage), array('s_name' => 'comments_per_page')); $iUpdated += Preference::newInstance()->update(array('s_value' => $regUserPostComments), array('s_name' => 'reg_user_post_comments')); if ($iUpdated > 0) { osc_add_flash_ok_message(_m("Comment settings have been updated"), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=comments'); break; case 'locations': // calling the locations settings view $location_action = Params::getParam('type'); $mCountries = new Country(); switch ($location_action) { case 'add_country': // add country osc_csrf_check(); $countryCode = strtoupper(Params::getParam('c_country')); $countryName = Params::getParam('country'); $exists = $mCountries->findByCode($countryCode); if (isset($exists['s_name'])) { osc_add_flash_error_message(sprintf(_m('%s already was in the database'), $countryName), 'admin'); } else { if (Params::getParam('c_manual') == 1) { $mCountries->insert(array('pk_c_code' => $countryCode, 's_name' => $countryName)); osc_add_flash_ok_message(sprintf(_m('%s has been added as a new country'), $countryName), 'admin'); } else { if (!osc_validate_min($countryCode, 1) || !osc_validate_min($countryName, 1)) { osc_add_flash_error_message(_m('Country code and name should have at least two characters'), 'admin'); } else { $data_sql = osc_file_get_contents('http://geo.osclass.org/newgeo.download.php?action=country&term=' . urlencode($countryCode)); if ($data_sql != '') { $conn = DBConnectionClass::newInstance(); $c_db = $conn->getOsclassDb(); $comm = new DBCommandClass($c_db); $comm->query("SET FOREIGN_KEY_CHECKS = 0"); $comm->importSQL($data_sql); $comm->query("SET FOREIGN_KEY_CHECKS = 1"); } else { $mCountries->insert(array('pk_c_code' => $countryCode, 's_name' => $countryName)); } osc_add_flash_ok_message(sprintf(_m('%s has been added as a new country'), $countryName), 'admin'); } } } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations'); break; case 'edit_country': // edit country osc_csrf_check(); if (!osc_validate_min(Params::getParam('e_country'), 1)) { osc_add_flash_error_message(_m('Country name cannot be blank'), 'admin'); } else { $ok = $mCountries->update(array('s_name' => Params::getParam('e_country')), array('pk_c_code' => Params::getParam('country_code'))); if ($ok) { osc_add_flash_ok_message(_m('Country has been edited'), 'admin'); } else { osc_add_flash_error_message(_m('There were some problems editing the country'), 'admin'); } } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations'); break; case 'delete_country': // delete country osc_csrf_check(); $countryIds = Params::getParam('id'); if (is_array($countryIds)) { $locations = 0; $del_locations = 0; foreach ($countryIds as $countryId) { $ok = $mCountries->deleteByPrimaryKey($countryId); } if ($ok == 0) { $del_locations++; } else { $locations += $ok; } if ($locations == 0) { osc_add_flash_ok_message(sprintf(_n('One location has been deleted', '%s locations have been deleted', $del_locations), $del_locations), 'admin'); } else { osc_add_flash_error_message(_m('There was a problem deleting locations'), 'admin'); } } else { osc_add_flash_error_message(_m('No country was selected'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations'); break; case 'add_region': // add region osc_csrf_check(); if (!Params::getParam('r_manual')) { $regionId = Params::getParam('region_id'); $regionName = Params::getParam('region'); if ($regionId != '') { $data_sql = osc_file_get_contents('http://geo.osclass.org/newgeo.download.php?action=region&term=' . urlencode($regionId)); $conn = DBConnectionClass::newInstance(); $c_db = $conn->getOsclassDb(); $comm = new DBCommandClass($c_db); $comm->query("SET FOREIGN_KEY_CHECKS = 0"); $comm->importSQL($data_sql); $comm->query("SET FOREIGN_KEY_CHECKS = 1"); osc_add_flash_ok_message(sprintf(_m('%s has been added as a new region'), $regionName), 'admin'); } else { osc_add_flash_error_message(sprintf(_m("%s can't be added"), $regionName), 'admin'); } } else { $mRegions = new Region(); $regionName = Params::getParam('region'); $countryCode = Params::getParam('country_c_parent'); $country = Country::newInstance()->findByCode($countryCode); if (!osc_validate_min($regionName, 1)) { osc_add_flash_error_message(_m('Region name cannot be blank'), 'admin'); } else { $exists = $mRegions->findByName($regionName, $countryCode); if (!isset($exists['s_name'])) { $data = array('fk_c_country_code' => $countryCode, 's_name' => $regionName); $mRegions->insert($data); $id = $mRegions->dao->insertedId(); RegionStats::newInstance()->setNumItems($id, 0); osc_add_flash_ok_message(sprintf(_m('%s has been added as a new region'), $regionName), 'admin'); } else { osc_add_flash_error_message(sprintf(_m('%s already was in the database'), $regionName), 'admin'); } } } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$countryCode . "&country=" . @$country['s_name']); break; case 'edit_region': // edit region osc_csrf_check(); $mRegions = new Region(); $newRegion = Params::getParam('e_region'); $regionId = Params::getParam('region_id'); if (!osc_validate_min($newRegion, 1)) { osc_add_flash_error_message(_m('Region name cannot be blank'), 'admin'); } else { $exists = $mRegions->findByName($newRegion); if (!isset($exists['pk_i_id']) || $exists['pk_i_id'] == $regionId) { if ($regionId != '') { $aRegion = $mRegions->findByPrimaryKey($regionId); $country = Country::newInstance()->findByCode($aRegion['fk_c_country_code']); $mRegions->update(array('s_name' => $newRegion), array('pk_i_id' => $regionId)); ItemLocation::newInstance()->update(array('s_region' => $newRegion), array('fk_i_region_id' => $regionId)); osc_add_flash_ok_message(sprintf(_m('%s has been edited'), $newRegion), 'admin'); } } else { osc_add_flash_error_message(sprintf(_m('%s already was in the database'), $newRegion), 'admin'); } } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$country['pk_c_code'] . "&country=" . @$country['s_name']); break; case 'delete_region': // delete region osc_csrf_check(); $mRegion = new Region(); $regionIds = Params::getParam('id'); if (is_array($regionIds)) { $locations = 0; $del_locations = 0; if (count($regionIds) > 0) { $region = $mRegion->findByPrimaryKey($regionIds[0]); $country = Country::newInstance()->findByCode($region['fk_c_country_code']); foreach ($regionIds as $regionId) { if ($regionId != '') { $ok = $mRegion->deleteByPrimaryKey($regionId); if ($ok == 0) { $del_locations++; } else { $locations += $ok; } } } } if ($locations == 0) { osc_add_flash_ok_message(sprintf(_n('One location has been deleted', '%s locations have been deleted', $del_locations), $del_locations), 'admin'); } else { osc_add_flash_error_message(_m('There was a problem deleting locations'), 'admin'); } } else { osc_add_flash_error_message(_m('No region was selected'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$country['pk_c_code'] . "&country=" . @$country['s_name']); break; case 'add_city': // add city osc_csrf_check(); if (!Params::getParam('ci_manual')) { $cityId = Params::getParam('city_id'); $cityName = Params::getParam('city'); if ($cityId != '') { $data_sql = osc_file_get_contents('http://geo.osclass.org/newgeo.download.php?action=city&term=' . urlencode($cityId)); $conn = DBConnectionClass::newInstance(); $c_db = $conn->getOsclassDb(); $comm = new DBCommandClass($c_db); $comm->query("SET FOREIGN_KEY_CHECKS = 0"); $comm->importSQL($data_sql); $comm->query("SET FOREIGN_KEY_CHECKS = 1"); osc_add_flash_ok_message(sprintf(_m('%s has been added as a new city'), $cityName), 'admin'); } else { osc_add_flash_error_message(sprintf(_m("%s can't be added"), $cityName), 'admin'); } } else { $mRegion = new Region(); $mCities = new City(); $regionId = Params::getParam('region_parent'); $countryCode = Params::getParam('country_c_parent'); $newCity = Params::getParam('city'); if (!osc_validate_min($newCity, 1)) { osc_add_flash_error_message(_m('New city name cannot be blank'), 'admin'); } else { $exists = $mCities->findByName($newCity, $regionId); $region = $mRegion->findByPrimaryKey($regionId); $country = Country::newInstance()->findByCode($region['fk_c_country_code']); if (!isset($exists['s_name'])) { $mCities->insert(array('fk_i_region_id' => $regionId, 's_name' => $newCity, 'fk_c_country_code' => $countryCode)); $id = $mCities->dao->insertedId(); CityStats::newInstance()->setNumItems($id, 0); osc_add_flash_ok_message(sprintf(_m('%s has been added as a new city'), $newCity), 'admin'); } else { osc_add_flash_error_message(sprintf(_m('%s already was in the database'), $newCity), 'admin'); } } } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$country['pk_c_code'] . "&country=" . @$country['s_name'] . "®ion=" . $regionId); break; case 'edit_city': // edit city osc_csrf_check(); $mRegion = new Region(); $mCities = new City(); $newCity = Params::getParam('e_city'); $cityId = Params::getParam('city_id'); if (!osc_validate_min($newCity, 1)) { osc_add_flash_error_message(_m('City name cannot be blank'), 'admin'); } else { $exists = $mCities->findByName($newCity); if (!isset($exists['pk_i_id']) || $exists['pk_i_id'] == $cityId) { $city = $mCities->findByPrimaryKey($cityId); $region = $mRegion->findByPrimaryKey($city['fk_i_region_id']); $country = Country::newInstance()->findByCode($region['fk_c_country_code']); $mCities->update(array('s_name' => $newCity), array('pk_i_id' => $cityId)); ItemLocation::newInstance()->update(array('s_city' => $newCity), array('fk_i_city_id' => $cityId)); osc_add_flash_ok_message(sprintf(_m('%s has been edited'), $newCity), 'admin'); } else { osc_add_flash_error_message(sprintf(_m('%s already was in the database'), $newCity), 'admin'); } } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$country['pk_c_code'] . "&country=" . @$country['s_name'] . "®ion=" . @$region['pk_i_id']); break; case 'delete_city': // delete city osc_csrf_check(); $mCities = new City(); $cityIds = Params::getParam('id'); if (is_array($cityIds)) { $locations = 0; $del_locations = 0; $cCity = end($cityIds); $cCity = $mCities->findByPrimaryKey($cCity); $region = Region::newInstance()->findByPrimaryKey($cCity['fk_i_region_id']); $country = Country::newInstance()->findByCode($cCity['fk_c_country_code']); foreach ($cityIds as $cityId) { $ok = $mCities->deleteByPrimaryKey($cityId); if ($ok == 0) { $del_locations++; } else { $locations += $ok; } } if ($locations == 0) { osc_add_flash_ok_message(sprintf(_n('One location has been deleted', '%d locations have been deleted', $del_locations), $del_locations), 'admin'); } else { osc_add_flash_error_message(_m('There was a problem deleting locations'), 'admin'); } } else { osc_add_flash_error_message(_m('No city was selected'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$country['pk_c_code'] . "&country=" . @$country['s_name'] . "®ion=" . @$region['pk_i_id']); break; } $aCountries = $mCountries->listAll(); $this->_exportVariableToView('aCountries', $aCountries); $this->doView('settings/locations.php'); break; case 'permalinks': // calling the permalinks view $htaccess = Params::getParam('htaccess_status'); $file = Params::getParam('file_status'); $this->_exportVariableToView('htaccess', $htaccess); $this->_exportVariableToView('file', $file); $this->doView('settings/permalinks.php'); break; case 'permalinks_post': // updating permalinks option osc_csrf_check(); $htaccess_file = osc_base_path() . '.htaccess'; $rewriteEnabled = Params::getParam('rewrite_enabled') ? true : false; if ($rewriteEnabled) { Preference::newInstance()->update(array('s_value' => '1'), array('s_name' => 'rewriteEnabled')); $rewrite_base = REL_WEB_URL; $htaccess = <<<HTACCESS <IfModule mod_rewrite.c> RewriteEngine On RewriteBase {$rewrite_base} RewriteRule ^index\\.php\$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . {$rewrite_base}index.php [L] </IfModule> HTACCESS; // 1. OK (ok) // 2. OK no apache module detected (warning) // 3. No se puede crear + apache // 4. No se puede crear + no apache $status = 3; if (file_exists($htaccess_file)) { if (is_writable($htaccess_file) && file_put_contents($htaccess_file, $htaccess)) { $status = 1; } } else { if (is_writable(osc_base_path()) && file_put_contents($htaccess_file, $htaccess)) { $status = 1; } } if (!@apache_mod_loaded('mod_rewrite')) { $status++; } $errors = 0; $item_url = substr(str_replace('//', '/', Params::getParam('rewrite_item_url') . '/'), 0, -1); if (!osc_validate_text($item_url)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $item_url), array('s_name' => 'rewrite_item_url')); } $page_url = substr(str_replace('//', '/', Params::getParam('rewrite_page_url') . '/'), 0, -1); if (!osc_validate_text($page_url)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $page_url), array('s_name' => 'rewrite_page_url')); } $cat_url = substr(str_replace('//', '/', Params::getParam('rewrite_cat_url') . '/'), 0, -1); if (!osc_validate_text($cat_url)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $cat_url), array('s_name' => 'rewrite_cat_url')); } $search_url = substr(str_replace('//', '/', Params::getParam('rewrite_search_url') . '/'), 0, -1); if (!osc_validate_text($search_url)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $search_url), array('s_name' => 'rewrite_search_url')); } if (!osc_validate_text(Params::getParam('rewrite_search_country'))) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_country')), array('s_name' => 'rewrite_search_country')); } if (!osc_validate_text(Params::getParam('rewrite_search_region'))) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_region')), array('s_name' => 'rewrite_search_region')); } if (!osc_validate_text(Params::getParam('rewrite_search_city'))) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_city')), array('s_name' => 'rewrite_search_city')); } if (!osc_validate_text(Params::getParam('rewrite_search_city_area'))) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_city_area')), array('s_name' => 'rewrite_search_city_area')); } if (!osc_validate_text(Params::getParam('rewrite_search_category'))) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_category')), array('s_name' => 'rewrite_search_category')); } if (!osc_validate_text(Params::getParam('rewrite_search_user'))) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_user')), array('s_name' => 'rewrite_search_user')); } if (!osc_validate_text(Params::getParam('rewrite_search_pattern'))) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_pattern')), array('s_name' => 'rewrite_search_pattern')); } $rewrite_contact = substr(str_replace('//', '/', Params::getParam('rewrite_contact') . '/'), 0, -1); if (!osc_validate_text($rewrite_contact)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_contact), array('s_name' => 'rewrite_contact')); } $rewrite_feed = substr(str_replace('//', '/', Params::getParam('rewrite_feed') . '/'), 0, -1); if (!osc_validate_text($rewrite_feed)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_feed), array('s_name' => 'rewrite_feed')); } $rewrite_language = substr(str_replace('//', '/', Params::getParam('rewrite_language') . '/'), 0, -1); if (!osc_validate_text($rewrite_language)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_language), array('s_name' => 'rewrite_language')); } $rewrite_item_mark = substr(str_replace('//', '/', Params::getParam('rewrite_item_mark') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_mark)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_item_mark), array('s_name' => 'rewrite_item_mark')); } $rewrite_item_send_friend = substr(str_replace('//', '/', Params::getParam('rewrite_item_send_friend') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_send_friend)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_item_send_friend), array('s_name' => 'rewrite_item_send_friend')); } $rewrite_item_contact = substr(str_replace('//', '/', Params::getParam('rewrite_item_contact') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_contact)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_item_contact), array('s_name' => 'rewrite_item_contact')); } $rewrite_item_new = substr(str_replace('//', '/', Params::getParam('rewrite_item_new') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_new)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_item_new), array('s_name' => 'rewrite_item_new')); } $rewrite_item_activate = substr(str_replace('//', '/', Params::getParam('rewrite_item_activate') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_activate)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_item_activate), array('s_name' => 'rewrite_item_activate')); } $rewrite_item_edit = substr(str_replace('//', '/', Params::getParam('rewrite_item_edit') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_edit)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_item_edit), array('s_name' => 'rewrite_item_edit')); } $rewrite_item_delete = substr(str_replace('//', '/', Params::getParam('rewrite_item_delete') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_delete)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_item_delete), array('s_name' => 'rewrite_item_delete')); } $rewrite_item_resource_delete = substr(str_replace('//', '/', Params::getParam('rewrite_item_resource_delete') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_resource_delete)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_item_resource_delete), array('s_name' => 'rewrite_item_resource_delete')); } $rewrite_user_login = substr(str_replace('//', '/', Params::getParam('rewrite_user_login') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_login)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_login), array('s_name' => 'rewrite_user_login')); } $rewrite_user_dashboard = substr(str_replace('//', '/', Params::getParam('rewrite_user_dashboard') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_dashboard)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_dashboard), array('s_name' => 'rewrite_user_dashboard')); } $rewrite_user_logout = substr(str_replace('//', '/', Params::getParam('rewrite_user_logout') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_logout)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_logout), array('s_name' => 'rewrite_user_logout')); } $rewrite_user_register = substr(str_replace('//', '/', Params::getParam('rewrite_user_register') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_register)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_register), array('s_name' => 'rewrite_user_register')); } $rewrite_user_activate = substr(str_replace('//', '/', Params::getParam('rewrite_user_activate') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_activate)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_activate), array('s_name' => 'rewrite_user_activate')); } $rewrite_user_activate_alert = substr(str_replace('//', '/', Params::getParam('rewrite_user_activate_alert') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_activate_alert)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_activate_alert), array('s_name' => 'rewrite_user_activate_alert')); } $rewrite_user_profile = substr(str_replace('//', '/', Params::getParam('rewrite_user_profile') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_profile)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_profile), array('s_name' => 'rewrite_user_profile')); } $rewrite_user_items = substr(str_replace('//', '/', Params::getParam('rewrite_user_items') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_items)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_items), array('s_name' => 'rewrite_user_items')); } $rewrite_user_alerts = substr(str_replace('//', '/', Params::getParam('rewrite_user_alerts') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_alerts)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_alerts), array('s_name' => 'rewrite_user_alerts')); } $rewrite_user_recover = substr(str_replace('//', '/', Params::getParam('rewrite_user_recover') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_recover)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_recover), array('s_name' => 'rewrite_user_recover')); } $rewrite_user_forgot = substr(str_replace('//', '/', Params::getParam('rewrite_user_forgot') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_forgot)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_forgot), array('s_name' => 'rewrite_user_forgot')); } $rewrite_user_change_password = substr(str_replace('//', '/', Params::getParam('rewrite_user_change_password') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_change_password)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_change_password), array('s_name' => 'rewrite_user_change_password')); } $rewrite_user_change_email = substr(str_replace('//', '/', Params::getParam('rewrite_user_change_email') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_change_email)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_change_email), array('s_name' => 'rewrite_user_change_email')); } $rewrite_user_change_username = substr(str_replace('//', '/', Params::getParam('rewrite_user_change_username') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_change_username)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_change_username), array('s_name' => 'rewrite_user_change_username')); } $rewrite_user_change_email_confirm = substr(str_replace('//', '/', Params::getParam('rewrite_user_change_email_confirm') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_change_email_confirm)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_change_email_confirm), array('s_name' => 'rewrite_user_change_email_confirm')); } osc_reset_preferences(); $rewrite = Rewrite::newInstance(); osc_run_hook("before_rewrite_rules", array(&$rewrite)); $rewrite->clearRules(); /***************************** ********* Add rules ********* *****************************/ // Contact rules $rewrite->addRule('^' . osc_get_preference('rewrite_contact') . '/?$', 'index.php?page=contact'); // Feed rules $rewrite->addRule('^' . osc_get_preference('rewrite_feed') . '/?$', 'index.php?page=search&sFeed=rss'); $rewrite->addRule('^' . osc_get_preference('rewrite_feed') . '/(.+)/?$', 'index.php?page=search&sFeed=$1'); // Language rules $rewrite->addRule('^' . osc_get_preference('rewrite_language') . '/(.*?)/?$', 'index.php?page=language&locale=$1'); // Search rules $rewrite->addRule('^' . $search_url . '$', 'index.php?page=search'); $rewrite->addRule('^' . $search_url . '/(.*)$', 'index.php?page=search&sParams=$1'); // Item rules $rewrite->addRule('^' . osc_get_preference('rewrite_item_mark') . '/(.*?)/([0-9]+)/?$', 'index.php?page=item&action=mark&as=$1&id=$2'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_send_friend') . '/([0-9]+)/?$', 'index.php?page=item&action=send_friend&id=$1'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_contact') . '/([0-9]+)/?$', 'index.php?page=item&action=contact&id=$1'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_new') . '/?$', 'index.php?page=item&action=item_add'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_new') . '/([0-9]+)/?$', 'index.php?page=item&action=item_add&catId=$1'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_activate') . '/([0-9]+)/(.*?)/?$', 'index.php?page=item&action=activate&id=$1&secret=$2'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_edit') . '/([0-9]+)/(.*?)/?$', 'index.php?page=item&action=item_edit&id=$1&secret=$2'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_delete') . '/([0-9]+)/(.*?)/?$', 'index.php?page=item&action=item_delete&id=$1&secret=$2'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_resource_delete') . '/([0-9]+)/([0-9]+)/([0-9A-Za-z]+)/?(.*?)/?$', 'index.php?page=item&action=deleteResource&id=$1&item=$2&code=$3&secret=$4'); // Item rules $id_pos = stripos($item_url, '{ITEM_ID}'); $title_pos = stripos($item_url, '{ITEM_TITLE}'); $cat_pos = stripos($item_url, '{CATEGORIES'); $param_pos = 1; if ($title_pos !== false && $id_pos > $title_pos) { $param_pos++; } if ($cat_pos !== false && $id_pos > $cat_pos) { $param_pos++; } $comments_pos = 1; if ($id_pos !== false) { $comments_pos++; } if ($title_pos !== false) { $comments_pos++; } if ($cat_pos !== false) { $comments_pos++; } $rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{ITEM_CITY}', '.*', str_replace('{CATEGORIES}', '.*', str_replace('{ITEM_TITLE}', '.*', str_replace('{ITEM_ID}', '([0-9]+)', $item_url . '\\?comments-page=([0-9al]*)')))) . '$', 'index.php?page=item&id=$3&lang=$1_$2&comments-page=$4'); $rewrite->addRule('^' . str_replace('{ITEM_CITY}', '.*', str_replace('{CATEGORIES}', '.*', str_replace('{ITEM_TITLE}', '.*', str_replace('{ITEM_ID}', '([0-9]+)', $item_url . '\\?comments-page=([0-9al]*)')))) . '$', 'index.php?page=item&id=$1&comments-page=$2'); $rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{ITEM_CITY}', '.*', str_replace('{CATEGORIES}', '.*', str_replace('{ITEM_TITLE}', '.*', str_replace('{ITEM_ID}', '([0-9]+)', $item_url)))) . '$', 'index.php?page=item&id=$3&lang=$1_$2'); $rewrite->addRule('^' . str_replace('{ITEM_CITY}', '.*', str_replace('{CATEGORIES}', '.*', str_replace('{ITEM_TITLE}', '.*', str_replace('{ITEM_ID}', '([0-9]+)', $item_url)))) . '$', 'index.php?page=item&id=$1'); // User rules $rewrite->addRule('^' . osc_get_preference('rewrite_user_login') . '/?$', 'index.php?page=login'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_dashboard') . '/?$', 'index.php?page=user&action=dashboard'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_logout') . '/?$', 'index.php?page=main&action=logout'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_register') . '/?$', 'index.php?page=register&action=register'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_activate') . '/([0-9]+)/(.*?)/?$', 'index.php?page=register&action=validate&id=$1&code=$2'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_activate_alert') . '/([0-9]+)/([a-zA-Z0-9]+)/(.+)$', 'index.php?page=user&action=activate_alert&id=$1&email=$3&secret=$2'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_profile') . '/?$', 'index.php?page=user&action=profile'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_profile') . '/([0-9]+)/?$', 'index.php?page=user&action=pub_profile&id=$1'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_profile') . '/(.+)/?$', 'index.php?page=user&action=pub_profile&username=$1'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_items') . '/?$', 'index.php?page=user&action=items'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_alerts') . '/?$', 'index.php?page=user&action=alerts'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_recover') . '/?$', 'index.php?page=login&action=recover'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_forgot') . '/([0-9]+)/(.*)/?$', 'index.php?page=login&action=forgot&userId=$1&code=$2'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_change_password') . '/?$', 'index.php?page=user&action=change_password'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_change_email') . '/?$', 'index.php?page=user&action=change_email'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_change_username') . '/?$', 'index.php?page=user&action=change_username'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_change_email_confirm') . '/([0-9]+)/(.*?)/?$', 'index.php?page=user&action=change_email_confirm&userId=$1&code=$2'); // Page rules $pos_pID = stripos($page_url, '{PAGE_ID}'); $pos_pSlug = stripos($page_url, '{PAGE_SLUG}'); $pID_pos = 1; $pSlug_pos = 1; if (is_numeric($pos_pID) && is_numeric($pos_pSlug)) { // set the order of the parameters if ($pos_pID > $pos_pSlug) { $pID_pos++; } else { $pSlug_pos++; } $rewrite->addRule('^' . str_replace('{PAGE_SLUG}', '([\\p{L}\\p{N}_\\-,]+)', str_replace('{PAGE_ID}', '([0-9]+)', $page_url)) . '/?$', 'index.php?page=page&id=$' . $pID_pos . "&slug=\$" . $pSlug_pos); $rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{PAGE_SLUG}', '([\\p{L}\\p{N}_\\-,]+)', str_replace('{PAGE_ID}', '([0-9]+)', $page_url)) . '/?$', 'index.php?page=page&lang=$1_$2&id=$' . ($pID_pos + 2) . '&slug=$' . ($pSlug_pos + 2)); } else { if (is_numeric($pos_pID)) { $rewrite->addRule('^' . str_replace('{PAGE_ID}', '([0-9]+)', $page_url) . '/?$', 'index.php?page=page&id=$1'); $rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{PAGE_ID}', '([0-9]+)', $page_url) . '/?$', 'index.php?page=page&lang=$1_$2&id=$3'); } else { $rewrite->addRule('^' . str_replace('{PAGE_SLUG}', '([\\p{L}\\p{N}_\\-,]+)', $page_url) . '/?$', 'index.php?page=page&slug=$1'); $rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{PAGE_SLUG}', '([\\p{L}\\p{N}_\\-,]+)', $page_url) . '/?$', 'index.php?page=page&lang=$1_$2&slug=$3'); } } // Clean archive files $rewrite->addRule('^(.+?)\\.php(.*)$', '$1.php$2'); // Category rules $id_pos = stripos($item_url, '{CATEGORY_ID}'); $title_pos = stripos($item_url, '{CATEGORY_SLUG}'); $cat_pos = stripos($item_url, '{CATEGORIES'); $param_pos = 1; if ($title_pos !== false && $id_pos > $title_pos) { $param_pos++; } if ($cat_pos !== false && $id_pos > $cat_pos) { $param_pos++; } $rewrite->addRule('^' . str_replace('{CATEGORIES}', '(.+)', str_replace('{CATEGORY_SLUG}', '([^/]+)', str_replace('{CATEGORY_ID}', '([0-9]+)', $cat_url))) . '/([0-9]+)$', 'index.php?page=search&sCategory=$' . $param_pos . '&iPage=$' . ($param_pos + 1)); $rewrite->addRule('^' . str_replace('{CATEGORIES}', '(.+)', str_replace('{CATEGORY_SLUG}', '([^/]+)', str_replace('{CATEGORY_ID}', '([0-9]+)', $cat_url))) . '$', 'index.php?page=search&sCategory=$' . $param_pos); osc_run_hook("after_rewrite_rules", array(&$rewrite)); //Write rule to DB $rewrite->setRules(); $msg_error = '<br/>' . _m('All fields are required.') . " " . sprintf(_mn('One field was not updated', '%s fields were not updated', $errors), $errors); switch ($status) { case 1: $msg = _m("Permalinks structure updated"); if ($errors > 0) { $msg .= $msg_error; osc_add_flash_warning_message($msg, 'admin'); } else { osc_add_flash_ok_message($msg, 'admin'); } break; case 2: $msg = _m("Permalinks structure updated."); $msg .= " "; $msg .= _m("However, we can't check if Apache module <b>mod_rewrite</b> is loaded. If you experience some problems with the URLs, you should deactivate <em>Friendly URLs</em>"); if ($errors > 0) { $msg .= $msg_error; } osc_add_flash_warning_message($msg, 'admin'); break; case 3: $msg = _m("File <b>.htaccess</b> couldn't be filled out with the right content."); $msg .= " "; $msg .= _m("Here's the content you have to add to the <b>.htaccess</b> file. If you can't create the file, please deactivate the <em>Friendly URLs</em> option."); $msg .= "</p><pre>" . htmlentities($htaccess, ENT_COMPAT, "UTF-8") . '</pre><p>'; if ($errors > 0) { $msg .= $msg_error; } osc_add_flash_error_message($msg, 'admin'); break; case 4: $msg = _m("File <b>.htaccess</b> couldn't be filled out with the right content."); $msg .= " "; $msg .= _m("Here's the content you have to add to the <b>.htaccess</b> file. If you can't create the file or experience some problems with the URLs, please deactivate the <em>Friendly URLs</em> option."); $msg .= "</p><pre>" . htmlentities($htaccess, ENT_COMPAT, "UTF-8") . '</pre><p>'; if ($errors > 0) { $msg .= $msg_error; } osc_add_flash_error_message($msg, 'admin'); break; } } else { Preference::newInstance()->update(array('s_value' => '0'), array('s_name' => 'rewriteEnabled')); Preference::newInstance()->update(array('s_value' => '0'), array('s_name' => 'mod_rewrite_loaded')); osc_add_flash_ok_message(_m('Friendly URLs successfully deactivated'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=permalinks'); break; case 'spamNbots': // calling the spam and bots view $akismet_key = osc_akismet_key(); $akismet_status = 3; if ($akismet_key != '') { require_once osc_lib_path() . 'Akismet.class.php'; $akismet_obj = new Akismet(osc_base_url(), $akismet_key); $akismet_status = 2; if ($akismet_obj->isKeyValid()) { $akismet_status = 1; } } View::newInstance()->_exportVariableToView('akismet_status', $akismet_status); $this->doView('settings/spamNbots.php'); break; case 'akismet_post': // updating spam and bots option osc_csrf_check(); $updated = 0; $akismetKey = Params::getParam('akismetKey'); $akismetKey = trim($akismetKey); $updated = Preference::newInstance()->update(array('s_value' => $akismetKey), array('s_name' => 'akismetKey')); if ($akismetKey == '') { osc_add_flash_info_message(_m('Your Akismet key has been cleared'), 'admin'); } else { osc_add_flash_ok_message(_m('Your Akismet key has been updated'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=spamNbots'); break; case 'recaptcha_post': // updating spam and bots option osc_csrf_check(); $iUpdated = 0; $recaptchaPrivKey = Params::getParam('recaptchaPrivKey'); $recaptchaPrivKey = trim($recaptchaPrivKey); $recaptchaPubKey = Params::getParam('recaptchaPubKey'); $recaptchaPubKey = trim($recaptchaPubKey); $iUpdated += Preference::newInstance()->update(array('s_value' => $recaptchaPrivKey), array('s_name' => 'recaptchaPrivKey')); $iUpdated += Preference::newInstance()->update(array('s_value' => $recaptchaPubKey), array('s_name' => 'recaptchaPubKey')); if ($recaptchaPubKey == '') { osc_add_flash_info_message(_m('Your reCAPTCHA key has been cleared'), 'admin'); } else { osc_add_flash_ok_message(_m('Your reCAPTCHA key has been updated'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=spamNbots'); break; case 'currencies': // currencies settings $currencies_action = Params::getParam('type'); switch ($currencies_action) { case 'add': // calling add currency view $aCurrency = array('pk_c_code' => '', 's_name' => '', 's_description' => ''); $this->_exportVariableToView('aCurrency', $aCurrency); $this->_exportVariableToView('typeForm', 'add_post'); $this->doView('settings/currency_form.php'); break; case 'add_post': // adding a new currency osc_csrf_check(); $currencyCode = Params::getParam('pk_c_code'); $currencyName = Params::getParam('s_name'); $currencyDescription = Params::getParam('s_description'); // cleaning parameters $currencyName = strip_tags($currencyName); $currencyDescription = strip_tags($currencyDescription); $currencyCode = strip_tags($currencyCode); $currencyCode = trim($currencyCode); if (!preg_match('/^.{1,3}$/', $currencyCode)) { osc_add_flash_error_message(_m('The currency code is not in the correct format'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies'); } $fields = array('pk_c_code' => $currencyCode, 's_name' => $currencyName, 's_description' => $currencyDescription); $isInserted = Currency::newInstance()->insert($fields); if ($isInserted) { osc_add_flash_ok_message(_m('Currency added'), 'admin'); } else { osc_add_flash_error_message(_m("Currency couldn't be added"), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies'); break; case 'edit': // calling edit currency view $currencyCode = Params::getParam('code'); $currencyCode = strip_tags($currencyCode); $currencyCode = trim($currencyCode); if ($currencyCode == '') { osc_add_flash_warning_message(sprintf(_m("The currency code '%s' doesn't exist"), $currencyCode), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies'); } $aCurrency = Currency::newInstance()->findByPrimaryKey($currencyCode); if (!$aCurrency) { osc_add_flash_warning_message(sprintf(_m("The currency code '%s' doesn't exist"), $currencyCode), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies'); } $this->_exportVariableToView('aCurrency', $aCurrency); $this->_exportVariableToView('typeForm', 'edit_post'); $this->doView('settings/currency_form.php'); break; case 'edit_post': // updating currency osc_csrf_check(); $currencyName = Params::getParam('s_name'); $currencyDescription = Params::getParam('s_description'); $currencyCode = Params::getParam('pk_c_code'); // cleaning parameters $currencyName = strip_tags($currencyName); $currencyDescription = strip_tags($currencyDescription); $currencyCode = strip_tags($currencyCode); $currencyCode = trim($currencyCode); if (!preg_match('/.{1,3}/', $currencyCode)) { osc_add_flash_error_message(_m('Error: the currency code is not in the correct format'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies'); } $updated = Currency::newInstance()->update(array('s_name' => $currencyName, 's_description' => $currencyDescription), array('pk_c_code' => $currencyCode)); if ($updated == 1) { osc_add_flash_ok_message(_m('Currency updated'), 'admin'); } else { osc_add_flash_info_message(_m('No changes were made'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies'); break; case 'delete': // deleting a currency osc_csrf_check(); $rowChanged = 0; $aCurrencyCode = Params::getParam('code'); if (!is_array($aCurrencyCode)) { $aCurrencyCode = array($aCurrencyCode); } $msg_current = ''; foreach ($aCurrencyCode as $currencyCode) { if (preg_match('/.{1,3}/', $currencyCode) && $currencyCode != osc_currency()) { $rowChanged += Currency::newInstance()->delete(array('pk_c_code' => $currencyCode)); } // foreign key error if (Currency::newInstance()->getErrorLevel() == '1451') { $msg_current .= sprintf('</p><p>' . _m("%s couldn't be deleted because it has listings associated to it"), $currencyCode); } else { if ($currencyCode == osc_currency()) { $msg_current .= sprintf('</p><p>' . _m("%s couldn't be deleted because it's the default currency"), $currencyCode); } } } $msg = ''; $status = ''; switch ($rowChanged) { case '0': $msg = _m('No currencies have been deleted'); $status = 'error'; break; case '1': $msg = _m('One currency has been deleted'); $status = 'ok'; break; default: $msg = sprintf(_m('%s currencies have been deleted'), $rowChanged); $status = 'ok'; break; } if ($status == 'ok' && $msg_current != '') { $status = 'warning'; } switch ($status) { case 'error': osc_add_flash_error_message($msg . $msg_current, 'admin'); break; case 'warning': osc_add_flash_warning_message($msg . $msg_current, 'admin'); break; case 'ok': osc_add_flash_ok_message($msg, 'admin'); break; } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies'); break; default: // calling the currencies view $aCurrencies = Currency::newInstance()->listAll(); $this->_exportVariableToView('aCurrencies', $aCurrencies); $this->doView('settings/currencies.php'); break; } break; case 'mailserver': // calling the mailserver view $this->doView('settings/mailserver.php'); break; case 'mailserver_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=mailserver'); } osc_csrf_check(); // updating mailserver $iUpdated = 0; $mailserverAuth = Params::getParam('mailserver_auth'); $mailserverAuth = $mailserverAuth != '' ? true : false; $mailserverPop = Params::getParam('mailserver_pop'); $mailserverPop = $mailserverPop != '' ? true : false; $mailserverType = Params::getParam('mailserver_type'); $mailserverHost = Params::getParam('mailserver_host'); $mailserverPort = Params::getParam('mailserver_port'); $mailserverUsername = Params::getParam('mailserver_username'); $mailserverPassword = Params::getParam('mailserver_password'); $mailserverSsl = Params::getParam('mailserver_ssl'); if (!in_array($mailserverType, array('custom', 'gmail'))) { osc_add_flash_error_message(_m('Mail server type is incorrect'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=mailserver'); } $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverAuth), array('s_name' => 'mailserver_auth')); $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverPop), array('s_name' => 'mailserver_pop')); $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverType), array('s_name' => 'mailserver_type')); $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverHost), array('s_name' => 'mailserver_host')); $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverPort), array('s_name' => 'mailserver_port')); $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverUsername), array('s_name' => 'mailserver_username')); $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverPassword), array('s_name' => 'mailserver_password')); $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverSsl), array('s_name' => 'mailserver_ssl')); if ($iUpdated > 0) { osc_add_flash_ok_message(_m('Mail server configuration has changed'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=mailserver'); break; case 'media': // calling the media view $max_upload = (int) ini_get('upload_max_filesize'); $max_post = (int) ini_get('post_max_size'); $memory_limit = (int) ini_get('memory_limit'); $upload_mb = min($max_upload, $max_post, $memory_limit) * 1024; $this->_exportVariableToView('max_size_upload', $upload_mb); $this->doView('settings/media.php'); break; case 'media_post': // updating the media config osc_csrf_check(); $status = 'ok'; $error = ''; $iUpdated = 0; $maxSizeKb = Params::getParam('maxSizeKb'); $dimThumbnail = Params::getParam('dimThumbnail'); $dimPreview = Params::getParam('dimPreview'); $dimNormal = Params::getParam('dimNormal'); $keepOriginalImage = Params::getParam('keep_original_image'); $use_imagick = Params::getParam('use_imagick'); $type_watermark = Params::getParam('watermark_type'); $watermark_color = Params::getParam('watermark_text_color'); $watermark_text = Params::getParam('watermark_text'); switch ($type_watermark) { case 'none': $iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_text_color')); $iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_text')); $iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_image')); break; case 'text': $iUpdated += Preference::newInstance()->update(array('s_value' => $watermark_color), array('s_name' => 'watermark_text_color')); $iUpdated += Preference::newInstance()->update(array('s_value' => $watermark_text), array('s_name' => 'watermark_text')); $iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_image')); $iUpdated += Preference::newInstance()->update(array('s_value' => Params::getParam('watermark_text_place')), array('s_name' => 'watermark_place')); break; case 'image': // upload image & move to path if ($_FILES['watermark_image']['error'] == UPLOAD_ERR_OK) { if ($_FILES['watermark_image']['type'] == 'image/png') { $tmpName = $_FILES['watermark_image']['tmp_name']; $path = osc_content_path() . 'uploads/watermark.png'; if (move_uploaded_file($tmpName, $path)) { $iUpdated += Preference::newInstance()->update(array('s_value' => $path), array('s_name' => 'watermark_image')); } else { $error .= _m('There was a problem uploading the watermark image') . "<br />"; } } else { $error .= _m('The watermark image has to be a .PNG file') . "<br />"; } } else { $error .= _m('There was a problem uploading the watermark image') . "<br />"; } $iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_text_color')); $iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_text')); $iUpdated += Preference::newInstance()->update(array('s_value' => Params::getParam('watermark_image_place')), array('s_name' => 'watermark_place')); break; default: break; } // format parameters $maxSizeKb = strip_tags($maxSizeKb); $dimThumbnail = strip_tags($dimThumbnail); $dimPreview = strip_tags($dimPreview); $dimNormal = strip_tags($dimNormal); $keepOriginalImage = $keepOriginalImage != '' ? true : false; $use_imagick = $use_imagick != '' ? true : false; // is imagick extension loaded? if (!@extension_loaded('imagick')) { $use_imagick = false; } // max size allowed by PHP configuration? $max_upload = (int) ini_get('upload_max_filesize'); $max_post = (int) ini_get('post_max_size'); $memory_limit = (int) ini_get('memory_limit'); $upload_mb = min($max_upload, $max_post, $memory_limit) * 1024; // set maxSizeKB equals to PHP configuration if it's bigger if ($maxSizeKb > $upload_mb) { $status = 'warning'; $maxSizeKb = $upload_mb; // flash message text warning $error .= sprintf(_m("You cannot set a maximum file size higher than the one allowed in the PHP configuration: <b>%d KB</b>"), $upload_mb); } $iUpdated += Preference::newInstance()->update(array('s_value' => $maxSizeKb), array('s_name' => 'maxSizeKb')); $iUpdated += Preference::newInstance()->update(array('s_value' => $dimThumbnail), array('s_name' => 'dimThumbnail')); $iUpdated += Preference::newInstance()->update(array('s_value' => $dimPreview), array('s_name' => 'dimPreview')); $iUpdated += Preference::newInstance()->update(array('s_value' => $dimNormal), array('s_name' => 'dimNormal')); $iUpdated += Preference::newInstance()->update(array('s_value' => $keepOriginalImage), array('s_name' => 'keep_original_image')); $iUpdated += Preference::newInstance()->update(array('s_value' => $use_imagick), array('s_name' => 'use_imagick')); if ($error != '') { switch ($status) { case 'error': osc_add_flash_error_message($error, 'admin'); break; case 'warning': osc_add_flash_warning_message($error, 'admin'); break; default: osc_add_flash_ok_message($error, 'admin'); break; } } else { osc_add_flash_ok_message(_m('Media config has been updated'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=media'); break; case 'images_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=media'); } osc_csrf_check(); $wat = new Watermark(); $aResources = ItemResource::newInstance()->getAllResources(); foreach ($aResources as $resource) { osc_run_hook('regenerate_image', $resource); $path = osc_content_path() . 'uploads/'; // comprobar que no haya original $img_original = $path . $resource['pk_i_id'] . "_original*"; $aImages = glob($img_original); // there is original image if (count($aImages) == 1) { $image_tmp = $aImages[0]; } else { $img_normal = $path . $resource['pk_i_id'] . ".*"; $aImages = glob($img_normal); if (count($aImages) == 1) { $image_tmp = $aImages[0]; } else { $img_thumbnail = $path . $resource['pk_i_id'] . "_thumbnail*"; $aImages = glob($img_thumbnail); $image_tmp = $aImages[0]; } } // extension preg_match('/\\.(.*)$/', $image_tmp, $matches); if (isset($matches[1])) { $extension = $matches[1]; // Create normal size $path_normal = $path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '.jpg'; $size = explode('x', osc_normal_dimensions()); ImageResizer::fromFile($image_tmp)->resizeTo($size[0], $size[1])->saveToFile($path); if (osc_is_watermark_text()) { $wat->doWatermarkText($path, osc_watermark_text_color(), osc_watermark_text(), 'image/jpeg'); } elseif (osc_is_watermark_image()) { $wat->doWatermarkImage($path, 'image/jpeg'); } // Create preview $path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '_preview.jpg'; $size = explode('x', osc_preview_dimensions()); ImageResizer::fromFile($path_normal)->resizeTo($size[0], $size[1])->saveToFile($path); // Create thumbnail $path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '_thumbnail.jpg'; $size = explode('x', osc_thumbnail_dimensions()); ImageResizer::fromFile($path_normal)->resizeTo($size[0], $size[1])->saveToFile($path); // update resource info ItemResource::newInstance()->update(array('s_path' => 'oc-content/uploads/', 's_name' => osc_genRandomPassword(), 's_extension' => 'jpg', 's_content_type' => 'image/jpeg'), array('pk_i_id' => $resource['pk_i_id'])); osc_run_hook('regenerated_image', ItemResource::newInstance()->findByPrimaryKey($resource['pk_i_id'])); // si extension es direfente a jpg, eliminar las imagenes con $extension si hay if ($extension != 'jpg') { @unlink(osc_content_path() . 'uploads/' . $resource['pk_i_id'] . "." . $extension); @unlink(osc_content_path() . 'uploads/' . $resource['pk_i_id'] . "_original." . $extension); @unlink(osc_content_path() . 'uploads/' . $resource['pk_i_id'] . "_preview." . $extension); @unlink(osc_content_path() . 'uploads/' . $resource['pk_i_id'] . "_thumbnail." . $extension); } // .... } else { // no es imagen o imagen sin extesión } } osc_add_flash_ok_message(_m('Re-generation complete'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=media'); break; case 'update': // update index view osc_csrf_check(); $iUpdated = 0; $sPageTitle = Params::getParam('pageTitle'); $sPageDesc = Params::getParam('pageDesc'); $sContactEmail = Params::getParam('contactEmail'); $sLanguage = Params::getParam('language'); $sDateFormat = Params::getParam('dateFormat'); $sCurrency = Params::getParam('currency'); $sWeekStart = Params::getParam('weekStart'); $sTimeFormat = Params::getParam('timeFormat'); $sTimezone = Params::getParam('timezone'); $sNumRssItems = Params::getParam('num_rss_items'); $maxLatestItems = Params::getParam('max_latest_items_at_home'); $numItemsSearch = Params::getParam('default_results_per_page'); $contactAttachment = Params::getParam('enabled_attachment'); $selectableParent = Params::getParam('selectable_parent_categories'); $bAutoCron = Params::getParam('auto_cron'); $bMarketSources = Params::getParam('market_external_sources') == 1 ? 1 : 0; // preparing parameters $sPageTitle = strip_tags($sPageTitle); $sPageDesc = strip_tags($sPageDesc); $sContactEmail = strip_tags($sContactEmail); $sLanguage = strip_tags($sLanguage); $sDateFormat = strip_tags($sDateFormat); $sCurrency = strip_tags($sCurrency); $sWeekStart = strip_tags($sWeekStart); $sTimeFormat = strip_tags($sTimeFormat); $sNumRssItems = (int) strip_tags($sNumRssItems); $maxLatestItems = (int) strip_tags($maxLatestItems); $numItemsSearch = (int) $numItemsSearch; $contactAttachment = $contactAttachment != '' ? true : false; $bAutoCron = $bAutoCron != '' ? true : false; $error = ""; $msg = ''; if (!osc_validate_text($sPageTitle)) { $msg .= _m("Page title field is required") . "<br/>"; } if (!osc_validate_text($sContactEmail)) { $msg .= _m("Contact email field is required") . "<br/>"; } if (!osc_validate_int($sNumRssItems)) { $msg .= _m("Number of listings in the RSS has to be a numeric value") . "<br/>"; } if (!osc_validate_int($maxLatestItems)) { $msg .= _m("Max latest listings has to be a numeric value") . "<br/>"; } if (!osc_validate_int($numItemsSearch)) { $msg .= _m("Number of listings on search has to be a numeric value") . "<br/>"; } if ($msg != '') { osc_add_flash_error_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings'); } $iUpdated += Preference::newInstance()->update(array('s_value' => $sPageTitle), array('s_section' => 'osclass', 's_name' => 'pageTitle')); $iUpdated += Preference::newInstance()->update(array('s_value' => $sPageDesc), array('s_section' => 'osclass', 's_name' => 'pageDesc')); if (!defined('DEMO')) { $iUpdated += Preference::newInstance()->update(array('s_value' => $sContactEmail), array('s_section' => 'osclass', 's_name' => 'contactEmail')); } $iUpdated += Preference::newInstance()->update(array('s_value' => $sLanguage), array('s_section' => 'osclass', 's_name' => 'language')); $iUpdated += Preference::newInstance()->update(array('s_value' => $sDateFormat), array('s_section' => 'osclass', 's_name' => 'dateFormat')); $iUpdated += Preference::newInstance()->update(array('s_value' => $sCurrency), array('s_section' => 'osclass', 's_name' => 'currency')); $iUpdated += Preference::newInstance()->update(array('s_value' => $sWeekStart), array('s_section' => 'osclass', 's_name' => 'weekStart')); $iUpdated += Preference::newInstance()->update(array('s_value' => $sTimeFormat), array('s_section' => 'osclass', 's_name' => 'timeFormat')); $iUpdated += Preference::newInstance()->update(array('s_value' => $sTimezone), array('s_section' => 'osclass', 's_name' => 'timezone')); $iUpdated += Preference::newInstance()->update(array('s_value' => $bMarketSources), array('s_section' => 'osclass', 's_name' => 'marketAllowExternalSources')); if (is_int($sNumRssItems)) { $iUpdated += Preference::newInstance()->update(array('s_value' => $sNumRssItems), array('s_section' => 'osclass', 's_name' => 'num_rss_items')); } else { if ($error != '') { $error .= "</p><p>"; } $error .= _m('Number of listings in the RSS must be an integer'); } if (is_int($maxLatestItems)) { $iUpdated += Preference::newInstance()->update(array('s_value' => $maxLatestItems), array('s_section' => 'osclass', 's_name' => 'maxLatestItems@home')); } else { if ($error != '') { $error .= "</p><p>"; } $error .= _m('Number of recent listings displayed at home must be an integer'); } $iUpdated += Preference::newInstance()->update(array('s_value' => $numItemsSearch), array('s_section' => 'osclass', 's_name' => 'defaultResultsPerPage@search')); $iUpdated += Preference::newInstance()->update(array('s_value' => $contactAttachment), array('s_name' => 'contact_attachment')); $iUpdated += Preference::newInstance()->update(array('s_value' => $bAutoCron), array('s_name' => 'auto_cron')); $iUpdated += Preference::newInstance()->update(array('s_value' => $selectableParent), array('s_name' => 'selectable_parent_categories')); if ($iUpdated > 0) { if ($error != '') { osc_add_flash_error_message($error . "</p><p>" . _m('General settings have been updated'), 'admin'); } else { osc_add_flash_ok_message(_m('General settings have been updated'), 'admin'); } } else { if ($error != '') { osc_add_flash_error_message($error, 'admin'); } } $this->redirectTo(osc_admin_base_url(true) . '?page=settings'); break; case 'check_updates': osc_admin_toolbar_update_themes(true); osc_admin_toolbar_update_plugins(true); osc_add_flash_ok_message(_m('Last check') . ': ' . date("Y-m-d H:i"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings'); break; case 'latestsearches': //calling the comments settings view $this->doView('settings/searches.php'); break; case 'latestsearches_post': // updating comment osc_csrf_check(); if (Params::getParam('save_latest_searches') == 'on') { Preference::newInstance()->update(array('s_value' => 1), array('s_name' => 'save_latest_searches')); } else { Preference::newInstance()->update(array('s_value' => 0), array('s_name' => 'save_latest_searches')); } if (Params::getParam('customPurge') == '') { osc_add_flash_error_message(_m('Custom number could not be left empty'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=latestsearches'); } else { Preference::newInstance()->update(array('s_value' => Params::getParam('customPurge')), array('s_name' => 'purge_latest_searches')); osc_add_flash_ok_message(_m('Last search settings have been updated'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=latestsearches'); } break; default: // calling the view $aLanguages = OSCLocale::newInstance()->listAllEnabled(); $aCurrencies = Currency::newInstance()->listAll(); $this->_exportVariableToView('aLanguages', $aLanguages); $this->_exportVariableToView('aCurrencies', $aCurrencies); $this->doView('settings/index.php'); break; } }
function doModel() { parent::doModel(); //specific things for this class switch ($this->action) { case 'create': // calling create view $aRegions = array(); $aCities = array(); $aCountries = Country::newInstance()->listAll(); if (isset($aCountries[0]['pk_c_code'])) { $aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']); } if (isset($aRegions[0]['pk_i_id'])) { $aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']); } $this->_exportVariableToView('user', null); $this->_exportVariableToView('countries', $aCountries); $this->_exportVariableToView('regions', $aRegions); $this->_exportVariableToView('cities', $aCities); $this->_exportVariableToView('locales', OSCLocale::newInstance()->listAllEnabled()); $this->doView("users/frm.php"); break; case 'create_post': // creating the user... osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; $userActions = new UserActions(true); $success = $userActions->add(); switch ($success) { case 1: osc_add_flash_ok_message(_m("The user has been created. We've sent an activation e-mail"), 'admin'); break; case 2: osc_add_flash_ok_message(_m('The user has been created successfully'), 'admin'); break; default: osc_add_flash_error_message($success, 'admin'); break; } $this->redirectTo(osc_admin_base_url(true) . '?page=users'); break; case 'edit': // calling the edit view $aUser = $this->userManager->findByPrimaryKey(Params::getParam("id")); $aCountries = Country::newInstance()->listAll(); $aRegions = array(); if ($aUser['fk_c_country_code'] != '') { $aRegions = Region::newInstance()->findByCountry($aUser['fk_c_country_code']); } else { if (count($aCountries) > 0) { $aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']); } } $aCities = array(); if ($aUser['fk_i_region_id'] != '') { $aCities = City::newInstance()->findByRegion($aUser['fk_i_region_id']); } else { if (count($aRegions) > 0) { $aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']); } } $csrf_token = osc_csrf_token_url(); if ($aUser['b_active']) { $actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=users&action=deactivate&id[]=' . $aUser['pk_i_id'] . '&' . $csrf_token . '&value=INACTIVE">' . __('Deactivate') . '</a>'; } else { $actions[] = '<a class="btn btn-red float-left" href="' . osc_admin_base_url(true) . '?page=users&action=activate&id[]=' . $aUser['pk_i_id'] . '&' . $csrf_token . '&value=ACTIVE">' . __('Activate') . '</a>'; } if ($aUser['b_enabled']) { $actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=users&action=disable&id[]=' . $aUser['pk_i_id'] . '&' . $csrf_token . '&value=DISABLE">' . __('Block') . '</a>'; } else { $actions[] = '<a class="btn btn-red float-left" href="' . osc_admin_base_url(true) . '?page=users&action=enable&id[]=' . $aUser['pk_i_id'] . '&' . $csrf_token . '&value=ENABLE">' . __('Unblock') . '</a>'; } $this->_exportVariableToView("actions", $actions); $this->_exportVariableToView("user", $aUser); $this->_exportVariableToView("countries", $aCountries); $this->_exportVariableToView("regions", $aRegions); $this->_exportVariableToView("cities", $aCities); $this->_exportVariableToView("locales", OSCLocale::newInstance()->listAllEnabled()); $this->doView("users/frm.php"); break; case 'edit_post': // edit post osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; $userActions = new UserActions(true); $success = $userActions->edit(Params::getParam("id")); if ($success == 1) { osc_add_flash_ok_message(_m('The user has been updated'), 'admin'); } else { if ($success == 2) { osc_add_flash_ok_message(_m('The user has been updated and activated'), 'admin'); } else { osc_add_flash_error_message($success); $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=edit&id=' . Params::getParam('id')); } } $this->redirectTo(osc_admin_base_url(true) . '?page=users'); break; case 'resend_activation': //activate osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; $iUpdated = 0; $userId = Params::getParam('id'); if (!is_array($userId)) { osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users'); } $userActions = new UserActions(true); foreach ($userId as $id) { $iUpdated += $userActions->resend_activation($id); } if ($iUpdated == 0) { osc_add_flash_error_message(_m('No users have been selected'), 'admin'); } else { osc_add_flash_ok_message(sprintf(_mn('Activation email sent to one user', 'Activation email sent to %s users', $iUpdated), $iUpdated), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=users'); break; case 'activate': //activate osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; $iUpdated = 0; $userId = Params::getParam('id'); if (!is_array($userId)) { osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users'); } $userActions = new UserActions(true); foreach ($userId as $id) { $iUpdated += $userActions->activate($id); } if ($iUpdated == 0) { $msg = _m('No users have been activated'); } else { $msg = sprintf(_mn('One user has been activated', '%s users have been activated', $iUpdated), $iUpdated); } osc_add_flash_ok_message($msg, 'admin'); $this->redirectTo($_SERVER['HTTP_REFERER']); break; case 'deactivate': //deactivate osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; $iUpdated = 0; $userId = Params::getParam('id'); if (!is_array($userId)) { osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users'); } $userActions = new UserActions(true); foreach ($userId as $id) { $iUpdated += $userActions->deactivate($id); } if ($iUpdated == 0) { $msg = _m('No users have been deactivated'); } else { $msg = sprintf(_mn('One user has been deactivated', '%s users have been deactivated', $iUpdated), $iUpdated); } osc_add_flash_ok_message($msg, 'admin'); $this->redirectTo($_SERVER['HTTP_REFERER']); break; case 'enable': osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; $iUpdated = 0; $userId = Params::getParam('id'); if (!is_array($userId)) { osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users'); } $userActions = new UserActions(true); foreach ($userId as $id) { $iUpdated += $userActions->enable($id); } if ($iUpdated == 0) { $msg = _m('No users have been enabled'); } else { $msg = sprintf(_mn('One user has been unblocked', '%s users have been unblocked', $iUpdated), $iUpdated); } osc_add_flash_ok_message($msg, 'admin'); $this->redirectTo($_SERVER['HTTP_REFERER']); break; case 'disable': osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; $iUpdated = 0; $userId = Params::getParam('id'); if (!is_array($userId)) { osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users'); } $userActions = new UserActions(true); foreach ($userId as $id) { $iUpdated += $userActions->disable($id); } if ($iUpdated == 0) { $msg = _m('No users have been disabled'); } else { $msg = sprintf(_mn('One user has been blocked', '%s users have been blocked', $iUpdated), $iUpdated); } osc_add_flash_ok_message($msg, 'admin'); $this->redirectTo($_SERVER['HTTP_REFERER']); break; case 'delete': //delete osc_csrf_check(); $iDeleted = 0; $userId = Params::getParam('id'); if (!is_array($userId)) { osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users'); } foreach ($userId as $id) { $user = $this->userManager->findByPrimaryKey($id); Log::newInstance()->insertLog('user', 'delete', $id, $user['s_email'], 'admin', osc_logged_admin_id()); if ($this->userManager->deleteUser($id)) { $iDeleted++; } } if ($iDeleted == 0) { $msg = _m('No users have been deleted'); } else { $msg = sprintf(_mn('One user has been deleted', '%s users have been deleted', $iDeleted), $iDeleted); } osc_add_flash_ok_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users'); break; case 'delete_alerts': //delete $iDeleted = 0; $alertId = Params::getParam('alert_id'); if (!is_array($alertId)) { osc_add_flash_error_message(_m("Alert id isn't in the correct format"), 'admin'); if (Params::getParam('user_id') == '') { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=alerts'); } else { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=edit&id=' . Params::getParam('user_id')); } } $mAlerts = new Alerts(); foreach ($alertId as $id) { Log::newInstance()->insertLog('user', 'delete_alerts', $id, $id, 'admin', osc_logged_admin_id()); $iDeleted += $mAlerts->delete(array('pk_i_id' => $id)); } if ($iDeleted == 0) { $msg = _m('No alerts have been deleted'); } else { $msg = sprintf(_mn('One alert has been deleted', '%s alerts have been deleted', $iDeleted), $iDeleted); } osc_add_flash_ok_message($msg, 'admin'); if (Params::getParam('user_id') == '') { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=alerts'); } else { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=edit&id=' . Params::getParam('user_id')); } break; case 'status_alerts': //delete $status = Params::getParam("status"); $iUpdated = 0; $alertId = Params::getParam('alert_id'); if (!is_array($alertId)) { osc_add_flash_error_message(_m("Alert id isn't in the correct format"), 'admin'); if (Params::getParam('user_id') == '') { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=alerts'); } else { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=edit&id=' . Params::getParam('user_id')); } } $mAlerts = new Alerts(); foreach ($alertId as $id) { if ($status == 1) { $iUpdated += $mAlerts->activate($id); } else { $iUpdated += $mAlerts->deactivate($id); } } if ($status == 1) { if ($iUpdated == 0) { $msg = _m('No alerts have been activated'); } else { $msg = sprintf(_mn('One alert has been activated', '%s alerts have been activated', $iUpdated), $iUpdated); } } else { if ($iUpdated == 0) { $msg = _m('No alerts have been deactivated'); } else { $msg = sprintf(_mn('One alert has been deactivated', '%s alerts have been deactivated', $iUpdated), $iUpdated); } } osc_add_flash_ok_message($msg, 'admin'); if (Params::getParam('user_id') == '') { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=alerts'); } else { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=edit&id=' . Params::getParam('user_id')); } break; case 'settings': // calling the users settings view $this->doView('users/settings.php'); break; case 'settings_post': // updating users osc_csrf_check(); $iUpdated = 0; $enabledUserValidation = Params::getParam('enabled_user_validation'); $enabledUserValidation = $enabledUserValidation != '' ? true : false; $enabledUserRegistration = Params::getParam('enabled_user_registration'); $enabledUserRegistration = $enabledUserRegistration != '' ? true : false; $enabledUsers = Params::getParam('enabled_users'); $enabledUsers = $enabledUsers != '' ? true : false; $notifyNewUser = Params::getParam('notify_new_user'); $notifyNewUser = $notifyNewUser != '' ? true : false; $usernameBlacklistTmp = explode(",", Params::getParam('username_blacklist')); foreach ($usernameBlacklistTmp as $k => $v) { $usernameBlacklistTmp[$k] = strtolower(trim($v)); } $usernameBlacklist = implode(",", $usernameBlacklistTmp); $iUpdated += osc_set_preference('enabled_user_validation', $enabledUserValidation); $iUpdated += osc_set_preference('enabled_user_registration', $enabledUserRegistration); $iUpdated += osc_set_preference('enabled_users', $enabledUsers); $iUpdated += osc_set_preference('notify_new_user', $notifyNewUser); $iUpdated += osc_set_preference('username_blacklist', $usernameBlacklist); if ($iUpdated > 0) { osc_add_flash_ok_message(_m("User settings have been updated"), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=settings'); break; case 'alerts': // manage alerts view require_once osc_lib_path() . "osclass/classes/datatables/AlertsDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') { Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength')); } else { Params::setParam('iDisplayLength', 10); } } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray(); $alertsDataTable = new AlertsDataTable(); $alertsDataTable->table($params); $aData = $alertsDataTable->getData(); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . $_SERVER['QUERY_STRING']; if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('aRawRows', $alertsDataTable->rawRows()); $this->doView("users/alerts.php"); break; case 'ban': // manage ban rules view if (Params::getParam("action") != "") { osc_run_hook("ban_rules_bulk_" . Params::getParam("action"), Params::getParam('id')); } require_once osc_lib_path() . "osclass/classes/datatables/BanRulesDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') { Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength')); } else { Params::setParam('iDisplayLength', 10); } } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray(); $banRulesDataTable = new BanRulesDataTable(); $banRulesDataTable->table($params); $aData = $banRulesDataTable->getData(); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . $_SERVER['QUERY_STRING']; if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('aRawRows', $banRulesDataTable->rawRows()); $bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete_ban_rule', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected ban rules?'), strtolower(__('Delete'))), 'label' => __('Delete'))); $bulk_options = osc_apply_filter("ban_rule_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); //calling the view... $this->doView('users/ban.php'); break; case 'edit_ban_rule': $this->_exportVariableToView('rule', BanRule::newInstance()->findByPrimaryKey(Params::getParam('id'))); $this->doView('users/ban_frm.php'); break; case 'edit_ban_rule_post': osc_csrf_check(); if (Params::getParam('s_ip') == '' && Params::getParam('s_email') == '') { osc_add_flash_warning_message(_m("Both rules can not be empty"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban'); } BanRule::newInstance()->update(array('s_name' => Params::getParam('s_name'), 's_ip' => Params::getParam('s_ip'), 's_email' => strtolower(Params::getParam('s_email'))), array('pk_i_id' => Params::getParam('id'))); osc_add_flash_ok_message(_m('Rule updated correctly'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban'); break; case 'create_ban_rule': $this->_exportVariableToView('rule', null); $this->doView('users/ban_frm.php'); break; case 'create_ban_rule_post': osc_csrf_check(); if (Params::getParam('s_ip') == '' && Params::getParam('s_email') == '') { osc_add_flash_warning_message(_m("Both rules can not be empty"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban'); } BanRule::newInstance()->insert(array('s_name' => Params::getParam('s_name'), 's_ip' => Params::getParam('s_ip'), 's_email' => strtolower(Params::getParam('s_email')))); osc_add_flash_ok_message(_m('Rule saved correctly'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban'); break; case 'delete_ban_rule': //delete ban rules osc_csrf_check(); $iDeleted = 0; $ruleId = Params::getParam('id'); if (!is_array($ruleId)) { osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban'); } $ruleMgr = BanRule::newInstance(); foreach ($ruleId as $id) { if ($ruleMgr->deleteByPrimaryKey($id)) { $iDeleted++; } } if ($iDeleted == 0) { $msg = _m('No rules have been deleted'); } else { $msg = sprintf(_mn('One ban rule has been deleted', '%s ban rules have been deleted', $iDeleted), $iDeleted); } osc_add_flash_ok_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban'); break; default: // manage users view if (Params::getParam("action") != "") { osc_run_hook("user_bulk_" . Params::getParam("action"), Params::getParam('id')); } require_once osc_lib_path() . "osclass/classes/datatables/UsersDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') { Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength')); } else { Params::setParam('iDisplayLength', 10); } } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray(); $usersDataTable = new UsersDataTable(); $usersDataTable->table($params); $aData = $usersDataTable->getData(); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . $_SERVER['QUERY_STRING']; if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('withFilters', $usersDataTable->withFilters()); $this->_exportVariableToView('aRawRows', $usersDataTable->rawRows()); $bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'activate', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Activate'))), 'label' => __('Activate')), array('value' => 'deactivate', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Deactivate'))), 'label' => __('Deactivate')), array('value' => 'enable', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Unblock'))), 'label' => __('Unblock')), array('value' => 'disable', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Block'))), 'label' => __('Block')), array('value' => 'delete', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Delete'))), 'label' => __('Delete'))); if (osc_user_validation_enabled()) { $bulk_options[] = array('value' => 'resend_activation', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Resend the activation to'))), 'label' => __('Resend activation')); } $bulk_options = osc_apply_filter("user_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); //calling the view... $this->doView('users/index.php'); break; } }
function doModel() { switch ($this->action) { case 'permalinks': // calling the permalinks view $htaccess = Params::getParam('htaccess_status'); $file = Params::getParam('file_status'); $this->_exportVariableToView('htaccess', $htaccess); $this->_exportVariableToView('file', $file); $this->doView('settings/permalinks.php'); break; case 'permalinks_post': // updating permalinks option osc_csrf_check(); $htaccess_file = osc_base_path() . '.htaccess'; $rewriteEnabled = Params::getParam('rewrite_enabled') ? true : false; $rewrite_base = REL_WEB_URL; $htaccess = <<<HTACCESS <IfModule mod_rewrite.c> RewriteEngine On RewriteBase {$rewrite_base} RewriteRule ^index\\.php\$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . {$rewrite_base}index.php [L] </IfModule> HTACCESS; if ($rewriteEnabled) { osc_set_preference('rewriteEnabled', '1'); // 1. OK (ok) // 2. OK no apache module detected (warning) // 3. No se puede crear + apache // 4. No se puede crear + no apache // 5. .htaccess exists, no overwrite $status = 3; if (file_exists($htaccess_file)) { $status = 5; } else { if (is_writable(osc_base_path()) && file_put_contents($htaccess_file, $htaccess)) { $status = 1; } } if (!@apache_mod_loaded('mod_rewrite')) { $status++; } $errors = 0; $item_url = substr(str_replace('//', '/', Params::getParam('rewrite_item_url') . '/'), 0, -1); if (!osc_validate_text($item_url)) { $errors += 1; } else { osc_set_preference('rewrite_item_url', $item_url); } $page_url = substr(str_replace('//', '/', Params::getParam('rewrite_page_url') . '/'), 0, -1); if (!osc_validate_text($page_url)) { $errors += 1; } else { osc_set_preference('rewrite_page_url', $page_url); } $cat_url = substr(str_replace('//', '/', Params::getParam('rewrite_cat_url') . '/'), 0, -1); // DEPRECATED: backward compatibility, remove in 3.4 $cat_url = str_replace('{CATEGORY_SLUG}', '{CATEGORY_NAME}', $cat_url); if (!osc_validate_text($cat_url)) { $errors += 1; } else { osc_set_preference('rewrite_cat_url', $cat_url); } $search_url = substr(str_replace('//', '/', Params::getParam('rewrite_search_url') . '/'), 0, -1); if (!osc_validate_text($search_url)) { $errors += 1; } else { osc_set_preference('rewrite_search_url', $search_url); } if (!osc_validate_text(Params::getParam('rewrite_search_country'))) { $errors += 1; } else { osc_set_preference('rewrite_search_country', Params::getParam('rewrite_search_country')); } if (!osc_validate_text(Params::getParam('rewrite_search_region'))) { $errors += 1; } else { osc_set_preference('rewrite_search_region', Params::getParam('rewrite_search_region')); } if (!osc_validate_text(Params::getParam('rewrite_search_city'))) { $errors += 1; } else { osc_set_preference('rewrite_search_city', Params::getParam('rewrite_search_city')); } if (!osc_validate_text(Params::getParam('rewrite_search_city_area'))) { $errors += 1; } else { osc_set_preference('rewrite_search_city_area', Params::getParam('rewrite_search_city_area')); } if (!osc_validate_text(Params::getParam('rewrite_search_category'))) { $errors += 1; } else { osc_set_preference('rewrite_search_category', Params::getParam('rewrite_search_category')); } if (!osc_validate_text(Params::getParam('rewrite_search_user'))) { $errors += 1; } else { osc_set_preference('rewrite_search_user', Params::getParam('rewrite_search_user')); } if (!osc_validate_text(Params::getParam('rewrite_search_pattern'))) { $errors += 1; } else { osc_set_preference('rewrite_search_pattern', Params::getParam('rewrite_search_pattern')); } $rewrite_contact = substr(str_replace('//', '/', Params::getParam('rewrite_contact') . '/'), 0, -1); if (!osc_validate_text($rewrite_contact)) { $errors += 1; } else { osc_set_preference('rewrite_contact', $rewrite_contact); } $rewrite_feed = substr(str_replace('//', '/', Params::getParam('rewrite_feed') . '/'), 0, -1); if (!osc_validate_text($rewrite_feed)) { $errors += 1; } else { osc_set_preference('rewrite_feed', $rewrite_feed); } $rewrite_language = substr(str_replace('//', '/', Params::getParam('rewrite_language') . '/'), 0, -1); if (!osc_validate_text($rewrite_language)) { $errors += 1; } else { osc_set_preference('rewrite_language', $rewrite_language); } $rewrite_item_mark = substr(str_replace('//', '/', Params::getParam('rewrite_item_mark') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_mark)) { $errors += 1; } else { osc_set_preference('rewrite_item_mark', $rewrite_item_mark); } $rewrite_item_send_friend = substr(str_replace('//', '/', Params::getParam('rewrite_item_send_friend') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_send_friend)) { $errors += 1; } else { osc_set_preference('rewrite_item_send_friend', $rewrite_item_send_friend); } $rewrite_item_contact = substr(str_replace('//', '/', Params::getParam('rewrite_item_contact') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_contact)) { $errors += 1; } else { osc_set_preference('rewrite_item_contact', $rewrite_item_contact); } $rewrite_item_new = substr(str_replace('//', '/', Params::getParam('rewrite_item_new') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_new)) { $errors += 1; } else { osc_set_preference('rewrite_item_new', $rewrite_item_new); } $rewrite_item_activate = substr(str_replace('//', '/', Params::getParam('rewrite_item_activate') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_activate)) { $errors += 1; } else { osc_set_preference('rewrite_item_activate', $rewrite_item_activate); } $rewrite_item_edit = substr(str_replace('//', '/', Params::getParam('rewrite_item_edit') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_edit)) { $errors += 1; } else { osc_set_preference('rewrite_item_edit', $rewrite_item_edit); } $rewrite_item_delete = substr(str_replace('//', '/', Params::getParam('rewrite_item_delete') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_delete)) { $errors += 1; } else { osc_set_preference('rewrite_item_delete', $rewrite_item_delete); } $rewrite_item_resource_delete = substr(str_replace('//', '/', Params::getParam('rewrite_item_resource_delete') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_resource_delete)) { $errors += 1; } else { osc_set_preference('rewrite_item_resource_delete', $rewrite_item_resource_delete); } $rewrite_user_login = substr(str_replace('//', '/', Params::getParam('rewrite_user_login') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_login)) { $errors += 1; } else { osc_set_preference('rewrite_user_login', $rewrite_user_login); } $rewrite_user_dashboard = substr(str_replace('//', '/', Params::getParam('rewrite_user_dashboard') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_dashboard)) { $errors += 1; } else { osc_set_preference('rewrite_user_dashboard', $rewrite_user_dashboard); } $rewrite_user_logout = substr(str_replace('//', '/', Params::getParam('rewrite_user_logout') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_logout)) { $errors += 1; } else { osc_set_preference('rewrite_user_logout', $rewrite_user_logout); } $rewrite_user_register = substr(str_replace('//', '/', Params::getParam('rewrite_user_register') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_register)) { $errors += 1; } else { osc_set_preference('rewrite_user_register', $rewrite_user_register); } $rewrite_user_activate = substr(str_replace('//', '/', Params::getParam('rewrite_user_activate') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_activate)) { $errors += 1; } else { osc_set_preference('rewrite_user_activate', $rewrite_user_activate); } $rewrite_user_activate_alert = substr(str_replace('//', '/', Params::getParam('rewrite_user_activate_alert') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_activate_alert)) { $errors += 1; } else { osc_set_preference('rewrite_user_activate_alert', $rewrite_user_activate_alert); } $rewrite_user_profile = substr(str_replace('//', '/', Params::getParam('rewrite_user_profile') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_profile)) { $errors += 1; } else { osc_set_preference('rewrite_user_profile', $rewrite_user_profile); } $rewrite_user_items = substr(str_replace('//', '/', Params::getParam('rewrite_user_items') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_items)) { $errors += 1; } else { osc_set_preference('rewrite_user_items', $rewrite_user_items); } $rewrite_user_alerts = substr(str_replace('//', '/', Params::getParam('rewrite_user_alerts') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_alerts)) { $errors += 1; } else { osc_set_preference('rewrite_user_alerts', $rewrite_user_alerts); } $rewrite_user_recover = substr(str_replace('//', '/', Params::getParam('rewrite_user_recover') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_recover)) { $errors += 1; } else { osc_set_preference('rewrite_user_recover', $rewrite_user_recover); } $rewrite_user_forgot = substr(str_replace('//', '/', Params::getParam('rewrite_user_forgot') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_forgot)) { $errors += 1; } else { osc_set_preference('rewrite_user_forgot', $rewrite_user_forgot); } $rewrite_user_change_password = substr(str_replace('//', '/', Params::getParam('rewrite_user_change_password') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_change_password)) { $errors += 1; } else { osc_set_preference('rewrite_user_change_password', $rewrite_user_change_password); } $rewrite_user_change_email = substr(str_replace('//', '/', Params::getParam('rewrite_user_change_email') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_change_email)) { $errors += 1; } else { osc_set_preference('rewrite_user_change_email', $rewrite_user_change_email); } $rewrite_user_change_username = substr(str_replace('//', '/', Params::getParam('rewrite_user_change_username') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_change_username)) { $errors += 1; } else { osc_set_preference('rewrite_user_change_username', $rewrite_user_change_username); } $rewrite_user_change_email_confirm = substr(str_replace('//', '/', Params::getParam('rewrite_user_change_email_confirm') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_change_email_confirm)) { $errors += 1; } else { osc_set_preference('rewrite_user_change_email_confirm', $rewrite_user_change_email_confirm); } osc_reset_preferences(); $rewrite = Rewrite::newInstance(); osc_run_hook("before_rewrite_rules", array(&$rewrite)); $rewrite->clearRules(); /***************************** ********* Add rules ********* *****************************/ // Contact rules $rewrite->addRule('^' . osc_get_preference('rewrite_contact') . '/?$', 'index.php?page=contact'); // Feed rules $rewrite->addRule('^' . osc_get_preference('rewrite_feed') . '/?$', 'index.php?page=search&sFeed=rss'); $rewrite->addRule('^' . osc_get_preference('rewrite_feed') . '/(.+)/?$', 'index.php?page=search&sFeed=$1'); // Language rules $rewrite->addRule('^' . osc_get_preference('rewrite_language') . '/(.*?)/?$', 'index.php?page=language&locale=$1'); // Search rules $rewrite->addRule('^' . $search_url . '$', 'index.php?page=search'); $rewrite->addRule('^' . $search_url . '/(.*)$', 'index.php?page=search&sParams=$1'); // Item rules $rewrite->addRule('^' . osc_get_preference('rewrite_item_mark') . '/(.*?)/([0-9]+)/?$', 'index.php?page=item&action=mark&as=$1&id=$2'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_send_friend') . '/([0-9]+)/?$', 'index.php?page=item&action=send_friend&id=$1'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_contact') . '/([0-9]+)/?$', 'index.php?page=item&action=contact&id=$1'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_new') . '/?$', 'index.php?page=item&action=item_add'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_new') . '/([0-9]+)/?$', 'index.php?page=item&action=item_add&catId=$1'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_activate') . '/([0-9]+)/(.*?)/?$', 'index.php?page=item&action=activate&id=$1&secret=$2'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_edit') . '/([0-9]+)/(.*?)/?$', 'index.php?page=item&action=item_edit&id=$1&secret=$2'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_delete') . '/([0-9]+)/(.*?)/?$', 'index.php?page=item&action=item_delete&id=$1&secret=$2'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_resource_delete') . '/([0-9]+)/([0-9]+)/([0-9A-Za-z]+)/?(.*?)/?$', 'index.php?page=item&action=deleteResource&id=$1&item=$2&code=$3&secret=$4'); // Item rules $id_pos = stripos($item_url, '{ITEM_ID}'); $title_pos = stripos($item_url, '{ITEM_TITLE}'); $cat_pos = stripos($item_url, '{CATEGORIES'); $param_pos = 1; if ($title_pos !== false && $id_pos > $title_pos) { $param_pos++; } if ($cat_pos !== false && $id_pos > $cat_pos) { $param_pos++; } $comments_pos = 1; if ($id_pos !== false) { $comments_pos++; } if ($title_pos !== false) { $comments_pos++; } if ($cat_pos !== false) { $comments_pos++; } $rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{ITEM_CITY}', '.*', str_replace('{CATEGORIES}', '.*', str_replace('{ITEM_TITLE}', '.*', str_replace('{ITEM_ID}', '([0-9]+)', $item_url . '\\?comments-page=([0-9al]*)')))) . '$', 'index.php?page=item&id=$3&lang=$1_$2&comments-page=$4'); $rewrite->addRule('^' . str_replace('{ITEM_CITY}', '.*', str_replace('{CATEGORIES}', '.*', str_replace('{ITEM_TITLE}', '.*', str_replace('{ITEM_ID}', '([0-9]+)', $item_url . '\\?comments-page=([0-9al]*)')))) . '$', 'index.php?page=item&id=$1&comments-page=$2'); $rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{ITEM_CITY}', '.*', str_replace('{CATEGORIES}', '.*', str_replace('{ITEM_TITLE}', '.*', str_replace('{ITEM_ID}', '([0-9]+)', $item_url)))) . '$', 'index.php?page=item&id=$3&lang=$1_$2'); $rewrite->addRule('^' . str_replace('{ITEM_CITY}', '.*', str_replace('{CATEGORIES}', '.*', str_replace('{ITEM_TITLE}', '.*', str_replace('{ITEM_ID}', '([0-9]+)', $item_url)))) . '$', 'index.php?page=item&id=$1'); // User rules $rewrite->addRule('^' . osc_get_preference('rewrite_user_login') . '/?$', 'index.php?page=login'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_dashboard') . '/?$', 'index.php?page=user&action=dashboard'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_logout') . '/?$', 'index.php?page=main&action=logout'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_register') . '/?$', 'index.php?page=register&action=register'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_activate') . '/([0-9]+)/(.*?)/?$', 'index.php?page=register&action=validate&id=$1&code=$2'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_activate_alert') . '/([0-9]+)/([a-zA-Z0-9]+)/(.+)$', 'index.php?page=user&action=activate_alert&id=$1&email=$3&secret=$2'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_profile') . '/?$', 'index.php?page=user&action=profile'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_profile') . '/([0-9]+)/?$', 'index.php?page=user&action=pub_profile&id=$1'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_profile') . '/(.+)/?$', 'index.php?page=user&action=pub_profile&username=$1'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_items') . '/?$', 'index.php?page=user&action=items'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_alerts') . '/?$', 'index.php?page=user&action=alerts'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_recover') . '/?$', 'index.php?page=login&action=recover'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_forgot') . '/([0-9]+)/(.*)/?$', 'index.php?page=login&action=forgot&userId=$1&code=$2'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_change_password') . '/?$', 'index.php?page=user&action=change_password'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_change_email') . '/?$', 'index.php?page=user&action=change_email'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_change_username') . '/?$', 'index.php?page=user&action=change_username'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_change_email_confirm') . '/([0-9]+)/(.*?)/?$', 'index.php?page=user&action=change_email_confirm&userId=$1&code=$2'); // Page rules $pos_pID = stripos($page_url, '{PAGE_ID}'); $pos_pSlug = stripos($page_url, '{PAGE_SLUG}'); $pID_pos = 1; $pSlug_pos = 1; if (is_numeric($pos_pID) && is_numeric($pos_pSlug)) { // set the order of the parameters if ($pos_pID > $pos_pSlug) { $pID_pos++; } else { $pSlug_pos++; } $rewrite->addRule('^' . str_replace('{PAGE_SLUG}', '([\\p{L}\\p{N}_\\-,]+)', str_replace('{PAGE_ID}', '([0-9]+)', $page_url)) . '/?$', 'index.php?page=page&id=$' . $pID_pos . "&slug=\$" . $pSlug_pos); $rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{PAGE_SLUG}', '([\\p{L}\\p{N}_\\-,]+)', str_replace('{PAGE_ID}', '([0-9]+)', $page_url)) . '/?$', 'index.php?page=page&lang=$1_$2&id=$' . ($pID_pos + 2) . '&slug=$' . ($pSlug_pos + 2)); } else { if (is_numeric($pos_pID)) { $rewrite->addRule('^' . str_replace('{PAGE_ID}', '([0-9]+)', $page_url) . '/?$', 'index.php?page=page&id=$1'); $rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{PAGE_ID}', '([0-9]+)', $page_url) . '/?$', 'index.php?page=page&lang=$1_$2&id=$3'); } else { $rewrite->addRule('^' . str_replace('{PAGE_SLUG}', '([\\p{L}\\p{N}_\\-,]+)', $page_url) . '/?$', 'index.php?page=page&slug=$1'); $rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{PAGE_SLUG}', '([\\p{L}\\p{N}_\\-,]+)', $page_url) . '/?$', 'index.php?page=page&lang=$1_$2&slug=$3'); } } // Clean archive files $rewrite->addRule('^(.+?)\\.php(.*)$', '$1.php$2'); // Category rules $id_pos = stripos($item_url, '{CATEGORY_ID}'); $title_pos = stripos($item_url, '{CATEGORY_NAME}'); $cat_pos = stripos($item_url, '{CATEGORIES'); $param_pos = 1; if ($title_pos !== false && $id_pos > $title_pos) { $param_pos++; } if ($cat_pos !== false && $id_pos > $cat_pos) { $param_pos++; } $rewrite->addRule('^' . str_replace('{CATEGORIES}', '(.+)', str_replace('{CATEGORY_NAME}', '([^/]+)', str_replace('{CATEGORY_ID}', '([0-9]+)', $cat_url))) . '/([0-9]+)$', 'index.php?page=search&sCategory=$' . $param_pos . '&iPage=$' . ($param_pos + 1)); $rewrite->addRule('^' . str_replace('{CATEGORIES}', '(.+)', str_replace('{CATEGORY_NAME}', '([^/]+)', str_replace('{CATEGORY_ID}', '([0-9]+)', $cat_url))) . '/?$', 'index.php?page=search&sCategory=$' . $param_pos); $rewrite->addRule('^(.+)/([0-9]+)$', 'index.php?page=search&iPage=$2'); $rewrite->addRule('^(.+)$', 'index.php?page=search'); osc_run_hook("after_rewrite_rules", array(&$rewrite)); //Write rule to DB $rewrite->setRules(); osc_set_preference('seo_url_search_prefix', rtrim(Params::getParam('seo_url_search_prefix'), '/')); $msg_error = '<br/>' . _m('All fields are required.') . " " . sprintf(_mn('One field was not updated', '%s fields were not updated', $errors), $errors); switch ($status) { case 1: $msg = _m("Permalinks structure updated"); if ($errors > 0) { $msg .= $msg_error; osc_add_flash_warning_message($msg, 'admin'); } else { osc_add_flash_ok_message($msg, 'admin'); } break; case 2: $msg = _m("Permalinks structure updated."); $msg .= " "; $msg .= _m("However, we can't check if Apache module <b>mod_rewrite</b> is loaded. If you experience some problems with the URLs, you should deactivate <em>Friendly URLs</em>"); if ($errors > 0) { $msg .= $msg_error; } osc_add_flash_warning_message($msg, 'admin'); break; case 3: $msg = _m("File <b>.htaccess</b> couldn't be filled out with the right content."); $msg .= " "; $msg .= _m("Here's the content you have to add to the <b>.htaccess</b> file. If you can't create the file, please deactivate the <em>Friendly URLs</em> option."); $msg .= "</p><pre>" . htmlentities($htaccess, ENT_COMPAT, "UTF-8") . '</pre><p>'; if ($errors > 0) { $msg .= $msg_error; } osc_add_flash_error_message($msg, 'admin'); break; case 4: $msg = _m("File <b>.htaccess</b> couldn't be filled out with the right content."); $msg .= " "; $msg .= _m("Here's the content you have to add to the <b>.htaccess</b> file. If you can't create the file or experience some problems with the URLs, please deactivate the <em>Friendly URLs</em> option."); $msg .= "</p><pre>" . htmlentities($htaccess, ENT_COMPAT, "UTF-8") . '</pre><p>'; if ($errors > 0) { $msg .= $msg_error; } osc_add_flash_error_message($msg, 'admin'); break; case 5: $warning = false; if (file_exists($htaccess_file)) { $htaccess_content = file_get_contents($htaccess_file); if ($htaccess_content != $htaccess) { $msg = _m("File <b>.htaccess</b> already exists and was not modified."); $msg .= " "; $msg .= _m("Here's the content you have to add to the <b>.htaccess</b> file. If you can't modify the file or experience some problems with the URLs, please deactivate the <em>Friendly URLs</em> option."); $msg .= "</p><pre>" . htmlentities($htaccess, ENT_COMPAT, "UTF-8") . '</pre><p>'; $warning = true; } else { $msg = _m("Permalinks structure updated"); } } if ($errors > 0) { $msg .= $msg_error; } if ($errors > 0 || $warning) { osc_add_flash_warning_message($msg, 'admin'); } else { osc_add_flash_ok_message($msg, 'admin'); } break; } } else { osc_set_preference('rewriteEnabled', 0); osc_set_preference('mod_rewrite_loaded', 0); $deleted = true; if (file_exists($htaccess_file)) { $htaccess_content = file_get_contents($htaccess_file); if ($htaccess_content == $htaccess) { $deleted = @unlink($htaccess_file); $same_content = true; } else { $deleted = false; $same_content = false; } } if ($deleted) { osc_add_flash_ok_message(_m('Friendly URLs successfully deactivated'), 'admin'); } else { if ($same_content) { osc_add_flash_warning_message(_m('Friendly URLs deactivated, but .htaccess file could not be deleted. Please, remove it manually'), 'admin'); } else { osc_add_flash_warning_message(_m('Friendly URLs deactivated, but .htaccess file was modified outside Osclass and was not deleted'), 'admin'); } } } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=permalinks'); break; } }
function doModel() { switch($this->action) { case('check_updates'): osc_admin_toolbar_update_themes(true); osc_admin_toolbar_update_plugins(true); osc_add_flash_ok_message( _m('Last check') . ': ' . date("Y-m-d H:i") , 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings'); break; case('update'): // update index view osc_csrf_check(); $iUpdated = 0; $sPageTitle = Params::getParam('pageTitle'); $sPageDesc = Params::getParam('pageDesc'); $sContactEmail = Params::getParam('contactEmail'); $sLanguage = Params::getParam('language'); $sDateFormat = Params::getParam('dateFormat'); $sCurrency = Params::getParam('currency'); $sWeekStart = Params::getParam('weekStart'); $sTimeFormat = Params::getParam('timeFormat'); $sTimezone = Params::getParam('timezone'); $sNumRssItems = Params::getParam('num_rss_items'); $maxLatestItems = Params::getParam('max_latest_items_at_home'); $numItemsSearch = Params::getParam('default_results_per_page'); $contactAttachment = Params::getParam('enabled_attachment'); $selectableParent = Params::getParam('selectable_parent_categories'); $bAutoCron = Params::getParam('auto_cron'); $bMarketSources = (Params::getParam('market_external_sources') != '' ? true: false); $sAutoUpdate = join("|", Params::getParam('auto_update')); // preparing parameters $sPageTitle = trim(strip_tags($sPageTitle)); $sPageDesc = trim(strip_tags($sPageDesc)); $sContactEmail = trim(strip_tags($sContactEmail)); $sLanguage = trim(strip_tags($sLanguage)); $sDateFormat = trim(strip_tags($sDateFormat)); $sCurrency = trim(strip_tags($sCurrency)); $sWeekStart = trim(strip_tags($sWeekStart)); $sTimeFormat = trim(strip_tags($sTimeFormat)); $sNumRssItems = (int) trim(strip_tags($sNumRssItems)); $maxLatestItems = (int) trim(strip_tags($maxLatestItems)); $numItemsSearch = (int) $numItemsSearch; $contactAttachment = ($contactAttachment != '' ? true : false); $bAutoCron = ($bAutoCron != '' ? true : false); $error = ""; $msg = ''; if(!osc_validate_text($sPageTitle)) { $msg .= _m("Page title field is required")."<br/>"; } if(!osc_validate_text($sContactEmail)) { $msg .= _m("Contact email field is required")."<br/>"; } if(!osc_validate_int($sNumRssItems)) { $msg .= _m("Number of listings in the RSS has to be a numeric value")."<br/>"; } if(!osc_validate_int($maxLatestItems)) { $msg .= _m("Max latest listings has to be a numeric value")."<br/>"; } if(!osc_validate_int($numItemsSearch)) { $msg .= _m("Number of listings on search has to be a numeric value")."<br/>"; } if($msg!='') { osc_add_flash_error_message( $msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings'); } $iUpdated += osc_set_preference('pageTitle', $sPageTitle); $iUpdated += osc_set_preference('pageDesc', $sPageDesc); if( !defined('DEMO') ) { $iUpdated += osc_set_preference('contactEmail', $sContactEmail); } $iUpdated += osc_set_preference('language', $sLanguage); $iUpdated += osc_set_preference('dateFormat', $sDateFormat); $iUpdated += osc_set_preference('currency', $sCurrency); $iUpdated += osc_set_preference('weekStart', $sWeekStart); $iUpdated += osc_set_preference('timeFormat', $sTimeFormat); $iUpdated += osc_set_preference('timezone', $sTimezone); $iUpdated += osc_set_preference('marketAllowExternalSources', $bMarketSources); $iUpdated += osc_set_preference('auto_update', $sAutoUpdate); if(is_int($sNumRssItems)) { $iUpdated += osc_set_preference('num_rss_items', $sNumRssItems); } else { if($error != '') $error .= "</p><p>"; $error .= _m('Number of listings in the RSS must be an integer'); } if(is_int($maxLatestItems)) { $iUpdated += osc_set_preference('maxLatestItems@home', $maxLatestItems); } else { if($error != '') $error .= "</p><p>"; $error .= _m('Number of recent listings displayed at home must be an integer'); } $iUpdated += osc_set_preference('defaultResultsPerPage@search', $numItemsSearch); $iUpdated += osc_set_preference('contact_attachment', $contactAttachment); $iUpdated += osc_set_preference('auto_cron', $bAutoCron); $iUpdated += osc_set_preference('selectable_parent_categories', $selectableParent); if( $iUpdated > 0 ) { if( $error != '' ) { osc_add_flash_error_message( $error . "</p><p>" . _m('General settings have been updated'), 'admin'); } else { osc_add_flash_ok_message( _m('General settings have been updated'), 'admin'); } } else if($error != '') { osc_add_flash_error_message( $error , 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings'); break; default: // calling the view $aLanguages = OSCLocale::newInstance()->listAllEnabled(); $aCurrencies = Currency::newInstance()->listAll(); $this->_exportVariableToView('aLanguages', $aLanguages); $this->_exportVariableToView('aCurrencies', $aCurrencies); $this->doView('settings/index.php'); break; } }
function doModel() { //calling the view... $locales = OSCLocale::newInstance()->listAllEnabled(); $this->_exportVariableToView('locales', $locales); switch ($this->action) { case 'item_add': // post if (osc_reg_user_post() && $this->user == null) { osc_add_flash_warning_message(_m('Only registered users are allowed to post listings')); Session::newInstance()->_setReferer(osc_item_post_url()); $this->redirectTo(osc_user_login_url()); } $countries = Country::newInstance()->listAll(); $regions = array(); if (isset($this->user['fk_c_country_code']) && $this->user['fk_c_country_code'] != '') { $regions = Region::newInstance()->findByCountry($this->user['fk_c_country_code']); } else { if (count($countries) > 0) { $regions = Region::newInstance()->findByCountry($countries[0]['pk_c_code']); } } $cities = array(); if (isset($this->user['fk_i_region_id']) && $this->user['fk_i_region_id'] != '') { $cities = City::newInstance()->findByRegion($this->user['fk_i_region_id']); } else { if (count($regions) > 0) { $cities = City::newInstance()->findByRegion($regions[0]['pk_i_id']); } } $this->_exportVariableToView('countries', $countries); $this->_exportVariableToView('regions', $regions); $this->_exportVariableToView('cities', $cities); $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } if (Session::newInstance()->_getForm('countryId') != "") { $countryId = Session::newInstance()->_getForm('countryId'); $regions = Region::newInstance()->findByCountry($countryId); $this->_exportVariableToView('regions', $regions); if (Session::newInstance()->_getForm('regionId') != "") { $regionId = Session::newInstance()->_getForm('regionId'); $cities = City::newInstance()->findByRegion($regionId); $this->_exportVariableToView('cities', $cities); } } $this->_exportVariableToView('user', $this->user); osc_run_hook('post_item'); $this->doView('item-post.php'); break; case 'item_add_post': //post_item osc_csrf_check(); if (osc_reg_user_post() && $this->user == null) { osc_add_flash_warning_message(_m('Only registered users are allowed to post listings')); $this->redirectTo(osc_base_url(true)); } $mItems = new ItemActions(false); // prepare data for ADD ITEM $mItems->prepareData(true); // set all parameters into session foreach ($mItems->data as $key => $value) { Session::newInstance()->_setForm($key, $value); } $meta = Params::getParam('meta'); if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_setForm('meta_' . $key, $value); Session::newInstance()->_keepForm('meta_' . $key); } } if (osc_recaptcha_items_enabled() && osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); $this->redirectTo(osc_item_post_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } if (!osc_is_web_user_logged_in()) { $user = User::newInstance()->findByEmail($mItems->data['contactEmail']); // The user exists but it's not logged if (isset($user['pk_i_id'])) { foreach ($mItems->data as $key => $value) { Session::newInstance()->_keepForm($key); } osc_add_flash_error_message(_m('A user with that email address already exists, if it is you, please log in')); $this->redirectTo(osc_user_login_url()); } } $banned = osc_is_banned($mItems->data['contactEmail']); if ($banned == 1) { osc_add_flash_error_message(_m('Your current email is not allowed')); $this->redirectTo(osc_item_post_url()); } else { if ($banned == 2) { osc_add_flash_error_message(_m('Your current IP is not allowed')); $this->redirectTo(osc_item_post_url()); } } // POST ITEM ( ADD ITEM ) $success = $mItems->add(); if ($success != 1 && $success != 2) { osc_add_flash_error_message($success); $this->redirectTo(osc_item_post_url()); } else { if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_dropKeepForm('meta_' . $key); } } Session::newInstance()->_clearVariables(); if ($success == 1) { osc_add_flash_ok_message(_m('Check your inbox to validate your listing')); } else { osc_add_flash_ok_message(_m('Your listing has been published')); } $itemId = Params::getParam('itemId'); $category = Category::newInstance()->findByPrimaryKey(Params::getParam('catId')); View::newInstance()->_exportVariableToView('category', $category); $this->redirectTo(osc_search_category_url()); } break; case 'item_edit': // edit item $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = %d AND ((i.s_secret = %s AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = %d))", (int) $id, $secret, (int) $this->userId); if (count($item) == 1) { $item = Item::newInstance()->findByPrimaryKey($id); $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } $this->_exportVariableToView('item', $item); osc_run_hook("before_item_edit", $item); $this->doView('item-edit.php'); } else { // add a flash message [ITEM NO EXISTE] osc_add_flash_error_message(_m("Sorry, we don't have any listings with that ID")); if ($this->user != null) { $this->redirectTo(osc_user_list_items_url()); } else { $this->redirectTo(osc_base_url()); } } break; case 'item_edit_post': osc_csrf_check(); $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = %d AND ((i.s_secret = %s AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = %d))", (int) $id, $secret, (int) $this->userId); if (count($item) == 1) { $this->_exportVariableToView('item', $item[0]); $mItems = new ItemActions(false); // prepare data for ADD ITEM $mItems->prepareData(false); // set all parameters into session foreach ($mItems->data as $key => $value) { Session::newInstance()->_setForm($key, $value); } $meta = Params::getParam('meta'); if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_setForm('meta_' . $key, $value); Session::newInstance()->_keepForm('meta_' . $key); } } if (osc_recaptcha_items_enabled() && osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); $this->redirectTo(osc_item_edit_url($secret, $id)); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } $success = $mItems->edit(); if ($success == 1) { osc_add_flash_ok_message(_m("Great! We've just updated your listing")); View::newInstance()->_exportVariableToView("item", Item::newInstance()->findByPrimaryKey($id)); $this->redirectTo(osc_item_url()); } else { osc_add_flash_error_message($success); $this->redirectTo(osc_item_edit_url($secret, $id)); } } break; case 'activate': $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = %d AND ((i.s_secret = %s) OR (i.fk_i_user_id = %d))", (int) $id, $secret, (int) $this->userId); // item doesn't exist if (count($item) == 0) { $this->do404(); return; } View::newInstance()->_exportVariableToView('item', $item[0]); if ($item[0]['b_active'] == 0) { // ACTIVETE ITEM $mItems = new ItemActions(false); $success = $mItems->activate($item[0]['pk_i_id'], $item[0]['s_secret']); if ($success) { osc_add_flash_ok_message(_m('The listing has been validated')); } else { osc_add_flash_error_message(_m("The listing can't be validated")); } } else { osc_add_flash_warning_message(_m('The listing has already been validated')); } $this->redirectTo(osc_item_url()); break; case 'item_delete': $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = %d AND ((i.s_secret = %s) OR (i.fk_i_user_id = %d))", (int) $id, $secret, (int) $this->userId); if (count($item) == 1) { $mItems = new ItemActions(false); $success = $mItems->delete($item[0]['s_secret'], $item[0]['pk_i_id']); if ($success) { osc_add_flash_ok_message(_m('Your listing has been deleted')); } else { osc_add_flash_error_message(_m("The listing you are trying to delete couldn't be deleted")); } if ($this->user != null) { $this->redirectTo(osc_user_list_items_url()); } else { $this->redirectTo(osc_base_url()); } } else { osc_add_flash_error_message(_m("The listing you are trying to delete couldn't be deleted")); $this->redirectTo(osc_base_url()); } break; case 'deleteResources': // Delete images via AJAX $id = Params::getParam('id'); $item = Params::getParam('item'); $code = Params::getParam('code'); $secret = Params::getParam('secret'); if (Session::newInstance()->_get('userId') != '') { $userId = Session::newInstance()->_get('userId'); $user = User::newInstance()->findByPrimaryKey($userId); } else { $userId = null; $user = null; } if (!(is_numeric($id) && is_numeric($item) && preg_match('/^([a-z0-9]+)$/i', $code))) { osc_add_flash_error_message(_m("The selected photo couldn't be deleted, the url doesn't exist")); $this->redirectTo(osc_item_edit_url($secret, $item)); } $aItem = Item::newInstance()->findByPrimaryKey($item); if (count($aItem) == 0) { osc_add_flash_error_message(_m("The listing doesn't exist")); $this->redirectTo(osc_item_edit_url($secret, $item)); } if (!osc_is_admin_user_logged_in()) { if ($userId != null && $userId != $aItem['fk_i_user_id']) { osc_add_flash_error_message(_m("The listing doesn't belong to you")); $this->redirectTo(osc_item_edit_url($secret, $item)); } if ($userId == null && $aItem['fk_i_user_id'] == null && $secret != $aItem['s_secret']) { osc_add_flash_error_message(_m("The listing doesn't belong to you")); $this->redirectTo(osc_item_edit_url($secret, $item)); } } $result = ItemResource::newInstance()->existResource($id, $code); if ($result > 0) { $resource = ItemResource::newInstance()->findByPrimaryKey($id); if ($resource['fk_i_item_id'] == $item) { osc_deleteResource($id, false); Log::newInstance()->insertLog('item', 'deleteResource', $id, $id, 'user', osc_logged_user_id()); ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $item, 's_name' => $code)); osc_add_flash_ok_message(_m('The selected photo has been successfully deleted')); } else { osc_add_flash_error_message(_m("The selected photo does not belong to you")); } } else { osc_add_flash_error_message(_m("The selected photo couldn't be deleted")); } $this->redirectTo(osc_item_edit_url($secret, $item)); break; case 'mark': $id = Params::getParam('id'); $as = Params::getParam('as'); $item = Item::newInstance()->findByPrimaryKey($id); View::newInstance()->_exportVariableToView('item', $item); require_once osc_lib_path() . 'osclass/user-agents.php'; foreach ($user_agents as $ua) { if (preg_match('|' . $ua . '|', Params::getServerParam('HTTP_USER_AGENT'))) { // mark item if it's not a bot $mItem = new ItemActions(false); $mItem->mark($id, $as); break; } } osc_add_flash_ok_message(_m("Thanks! That's very helpful")); $this->redirectTo(osc_item_url()); break; case 'send_friend': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); $this->doView('item-send-friend.php'); break; case 'send_friend_post': osc_csrf_check(); $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail')); Session::newInstance()->_setForm("yourName", Params::getParam('yourName')); Session::newInstance()->_setForm("friendName", Params::getParam('friendName')); Session::newInstance()->_setForm("friendEmail", Params::getParam('friendEmail')); Session::newInstance()->_setForm("message_body", Params::getParam('message')); if (osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); $this->redirectTo(osc_item_send_friend_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } osc_run_hook('pre_item_send_friend_post', $item); $mItem = new ItemActions(false); $success = $mItem->send_friend(); osc_run_hook('post_item_send_friend_post', $item); if ($success) { Session::newInstance()->_clearVariables(); $this->redirectTo(osc_item_url()); } else { $this->redirectTo(osc_item_send_friend_url()); } break; case 'contact': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); if (empty($item)) { osc_add_flash_error_message(_m("This listing doesn't exist")); $this->redirectTo(osc_base_url(true)); } else { $this->_exportVariableToView('item', $item); if (osc_item_is_expired()) { osc_add_flash_error_message(_m("We're sorry, but the listing has expired. You can't contact the seller")); $this->redirectTo(osc_item_url()); } if (osc_reg_user_can_contact() && osc_is_web_user_logged_in() || !osc_reg_user_can_contact()) { $this->doView('item-contact.php'); } else { osc_add_flash_error_message(_m("You can't contact the seller, only registered users can")); $this->redirectTo(osc_item_url()); } } break; case 'contact_post': osc_csrf_check(); if (osc_reg_user_can_contact() && !osc_is_web_user_logged_in()) { osc_add_flash_warning_message(_m("You can't contact the seller, only registered users can")); $this->redirectTo(osc_base_url(true)); } $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); if (osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail')); Session::newInstance()->_setForm("yourName", Params::getParam('yourName')); Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber')); Session::newInstance()->_setForm("message_body", Params::getParam('message')); $this->redirectTo(osc_item_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } $banned = osc_is_banned(Params::getParam('yourEmail')); if ($banned == 1) { osc_add_flash_error_message(_m('Your current email is not allowed')); $this->redirectTo(osc_item_url()); } else { if ($banned == 2) { osc_add_flash_error_message(_m('Your current IP is not allowed')); $this->redirectTo(osc_item_url()); } } if (osc_isExpired($item['dt_expiration'])) { osc_add_flash_error_message(_m("We're sorry, but the listing has expired. You can't contact the seller")); $this->redirectTo(osc_item_url()); } osc_run_hook('pre_item_contact_post', $item); $mItem = new ItemActions(false); $result = $mItem->contact(); osc_run_hook('post_item_contact_post', $item); if (is_string($result)) { osc_add_flash_error_message($result); } else { osc_add_flash_ok_message(_m("We've just sent an e-mail to the seller")); } $this->redirectTo(osc_item_url()); break; case 'add_comment': osc_csrf_check(); $mItem = new ItemActions(false); $status = $mItem->add_comment(); switch ($status) { case -1: $msg = _m('Sorry, we could not save your comment. Try again later'); osc_add_flash_error_message($msg); break; case 1: $msg = _m('Your comment is awaiting moderation'); osc_add_flash_info_message($msg); break; case 2: $msg = _m('Your comment has been approved'); osc_add_flash_ok_message($msg); break; case 3: $msg = _m('Please fill the required field (email)'); osc_add_flash_warning_message($msg); break; case 4: $msg = _m('Please type a comment'); osc_add_flash_warning_message($msg); break; case 5: $msg = _m('Your comment has been marked as spam'); osc_add_flash_error_message($msg); break; case 6: $msg = _m('You need to be logged to comment'); osc_add_flash_error_message($msg); break; case 7: $msg = _m('Sorry, comments are disabled'); osc_add_flash_error_message($msg); break; } //View::newInstance()->_exportVariableToView('item', Item::newInstance()->findByPrimaryKey(Params::getParam('id'))); $this->redirectTo(osc_item_url()); break; case 'delete_comment': osc_csrf_check(); $mItem = new ItemActions(false); $status = $mItem->add_comment(); // @TOFIX @FIXME $status never used + ?? need to add_comment() before deleting it?? $itemId = Params::getParam('id'); $commentId = Params::getParam('comment'); $item = Item::newInstance()->findByPrimaryKey($itemId); if (count($item) == 0) { osc_add_flash_error_message(_m("This listing doesn't exist")); $this->redirectTo(osc_base_url(true)); } View::newInstance()->_exportVariableToView('item', $item); if ($this->userId == null) { osc_add_flash_error_message(_m('You must be logged in to delete a comment')); $this->redirectTo(osc_item_url()); } $commentManager = ItemComment::newInstance(); $aComment = $commentManager->findByPrimaryKey($commentId); if (count($aComment) == 0) { osc_add_flash_error_message(_m("The comment doesn't exist")); $this->redirectTo(osc_item_url()); } if ($aComment['b_active'] != 1) { osc_add_flash_error_message(_m('The comment is not active, you cannot delete it')); $this->redirectTo(osc_item_url()); } if ($aComment['fk_i_user_id'] != $this->userId) { osc_add_flash_error_message(_m('The comment was not added by you, you cannot delete it')); $this->redirectTo(osc_item_url()); } $commentManager->deleteByPrimaryKey($commentId); osc_add_flash_ok_message(_m('The comment has been deleted')); $this->redirectTo(osc_item_url()); break; default: // if there isn't ID, show an error 404 if (Params::getParam('id') == '') { $this->do404(); return; } if (Params::getParam('lang') != '') { Session::newInstance()->_set('userLocale', Params::getParam('lang')); } $item = osc_apply_filter('pre_show_item', $this->itemManager->findByPrimaryKey(Params::getParam('id'))); // if item doesn't exist show an error 410 if (count($item) == 0) { $this->do410(); return; } if ($item['b_active'] != 1) { if ($this->userId == $item['fk_i_user_id'] && $this->userId != '' || osc_is_admin_user_logged_in()) { osc_add_flash_warning_message(_m("The listing hasn't been validated. Please validate it in order to make it public")); } else { $this->do400(); return; } } else { if ($item['b_enabled'] == 0) { if (osc_is_admin_user_logged_in()) { osc_add_flash_warning_message(_m("The listing hasn't been enabled. Please enable it in order to make it public")); } else { if (osc_is_web_user_logged_in() && osc_logged_user_id() == $item['fk_i_user_id']) { osc_add_flash_warning_message(_m("The listing has been blocked or is awaiting moderation from the admin")); } else { $this->do400(); return; } } } } if (!osc_is_admin_user_logged_in() && !($item['fk_i_user_id'] != '' && $item['fk_i_user_id'] == osc_logged_user_id())) { require_once osc_lib_path() . 'osclass/user-agents.php'; foreach ($user_agents as $ua) { if (preg_match('|' . $ua . '|', Params::getServerParam('HTTP_USER_AGENT'))) { $mStats = new ItemStats(); $mStats->increase('i_num_views', $item['pk_i_id']); break; } } } foreach ($item['locale'] as $k => $v) { $item['locale'][$k]['s_title'] = osc_apply_filter('item_title', $v['s_title']); $item['locale'][$k]['s_description'] = nl2br(osc_apply_filter('item_description', $v['s_description'])); } if ($item['fk_i_user_id'] != '') { $user = User::newInstance()->findByPrimaryKey($item['fk_i_user_id']); $this->_exportVariableToView('user', $user); } $this->_exportVariableToView('item', $item); osc_run_hook('show_item', $item); // redirect to the correct url just in case it has changed $itemURI = str_replace(osc_base_url(), '', osc_item_url()); $URI = preg_replace('|^' . REL_WEB_URL . '|', '', Params::getServerParam('REQUEST_URI', false, false)); // do not clean QUERY_STRING if permalink is not enabled if (osc_rewrite_enabled()) { $URI = str_replace('?' . Params::getServerParam('QUERY_STRING', false, false), '', $URI); } else { $params_keep = array('page', 'id'); $params = array(); foreach (Params::getParamsAsArray('get') as $k => $v) { if (in_array($k, $params_keep)) { $params[] = "{$k}={$v}"; } } $URI = 'index.php?' . implode('&', $params); } // redirect to the correct url if ($itemURI != $URI) { $this->redirectTo(osc_base_url() . $itemURI, 301); } $this->doView('item.php'); break; } }
function doModel() { switch ($this->action) { case 'contact_post': //contact_post osc_csrf_check(); $yourName = Params::getParam('yourName'); $yourEmail = Params::getParam('yourEmail'); $subject = Params::getParam('subject'); $message = Params::getParam('message'); if (osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); Session::newInstance()->_setForm('yourName', $yourName); Session::newInstance()->_setForm('yourEmail', $yourEmail); Session::newInstance()->_setForm('subject', $subject); Session::newInstance()->_setForm('message_body', $message); $this->redirectTo(osc_contact_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } if (!preg_match('|.*?@.{2,}\\..{2,}|', $yourEmail)) { osc_add_flash_error_message(_m('Please enter a correct email')); Session::newInstance()->_setForm('yourName', $yourName); Session::newInstance()->_setForm('subject', $subject); Session::newInstance()->_setForm('message_body', $message); $this->redirectTo(osc_contact_url()); } $message_name = sprintf(__('Name: %s'), $yourName); $message_email = sprintf(__('Email: %s'), $yourEmail); $message_subject = sprintf(__('Subject: %s'), $subject); $message_body = sprintf(__('Message: %s'), $message); $message_date = sprintf(__('Date: %s at %s'), date('l F d, Y'), date('g:i a')); $message_IP = sprintf(__('IP Address: %s'), get_ip()); $message = <<<MESSAGE {$message_name} {$message_email} {$message_subject} {$message_body} {$message_date} {$message_IP} MESSAGE; $params = array('from' => osc_contact_email(), 'to' => osc_contact_email(), 'to_name' => osc_page_title(), 'reply_to' => $yourEmail, 'subject' => '[' . osc_page_title() . '] ' . __('Contact'), 'body' => nl2br($message)); if (osc_contact_attachment()) { $attachment = Params::getFiles('attachment'); if (isset($attachment['tmp_name'])) { $resourceName = $attachment['name']; $tmpName = $attachment['tmp_name']; $resourceType = $attachment['type']; $path = osc_content_path() . 'uploads/' . time() . '_' . $resourceName; if (!is_writable(osc_content_path() . 'uploads/')) { osc_add_flash_error_message(_m('There have been some errors sending the message')); $this->redirectTo(osc_contact_url()); } if (!move_uploaded_file($tmpName, $path)) { unset($path); } } } if (isset($path)) { $params['attachment'] = $path; } osc_run_hook('pre_contact_post', $params); osc_sendMail(osc_apply_filter('contact_params', $params)); osc_add_flash_ok_message(_m('Your email has been sent properly. Thank you for contacting us!')); $this->redirectTo(osc_contact_url()); break; default: //contact $this->doView('contact.php'); } }
function doModel() { switch ($this->action) { case 'add': // caliing add view $this->doView('languages/add.php'); break; case 'add_post': // adding a new language if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); } osc_csrf_check(); $filePackage = Params::getFiles('package'); if (isset($filePackage['size']) && $filePackage['size'] != 0) { $path = osc_translations_path(); (int) ($status = osc_unzip_file($filePackage['tmp_name'], $path)); @unlink($filePackage['tmp_name']); } else { $status = 3; } switch ($status) { case 0: $msg = _m('The translation folder is not writable'); osc_add_flash_error_message($msg, 'admin'); break; case 1: if (osc_checkLocales()) { $msg = _m('The language has been installed correctly'); osc_add_flash_ok_message($msg, 'admin'); } else { $msg = _m('There was a problem adding the language'); osc_add_flash_error_message($msg, 'admin'); } break; case 2: $msg = _m('The zip file is not valid'); osc_add_flash_error_message($msg, 'admin'); break; case 3: $msg = _m('No file was uploaded'); osc_add_flash_warning_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=languages&action=add"); break; case -1: default: $msg = _m('There was a problem adding the language'); osc_add_flash_error_message($msg, 'admin'); break; } $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); break; case 'edit': // editing a language $sLocale = Params::getParam('id'); if (!preg_match('/.{2}_.{2}/', $sLocale)) { osc_add_flash_error_message(_m('Language id isn\'t in the correct format'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); } $aLocale = $this->localeManager->findByPrimaryKey($sLocale); if (count($aLocale) == 0) { osc_add_flash_error_message(_m('Language id doesn\'t exist'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); } $this->_exportVariableToView("aLocale", $aLocale); $this->doView('languages/frm.php'); break; case 'edit_post': // edit language post osc_csrf_check(); $iUpdated = 0; $languageCode = Params::getParam('pk_c_code'); $enabledWebstie = Params::getParam('b_enabled'); $enabledBackoffice = Params::getParam('b_enabled_bo'); $languageName = Params::getParam('s_name'); $languageShortName = Params::getParam('s_short_name'); $languageDescription = Params::getParam('s_description'); $languageCurrencyFormat = Params::getParam('s_currency_format'); $languageDecPoint = Params::getParam('s_dec_point'); $languageNumDec = Params::getParam('i_num_dec'); $languageThousandsSep = Params::getParam('s_thousands_sep'); $languageDateFormat = Params::getParam('s_date_format'); $languageStopWords = Params::getParam('s_stop_words'); // formatting variables if (!preg_match('/.{2}_.{2}/', $languageCode)) { osc_add_flash_error_message(_m('Language id isn\'t in the correct format'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); } $enabledWebstie = $enabledWebstie != '' ? true : false; $enabledBackoffice = $enabledBackoffice != '' ? true : false; $languageName = strip_tags($languageName); $languageName = trim($languageName); $languageShortName = strip_tags($languageShortName); $languageShortName = trim($languageShortName); $languageDescription = strip_tags($languageDescription); $languageDescription = trim($languageDescription); $languageCurrencyFormat = strip_tags($languageCurrencyFormat); $languageCurrencyFormat = trim($languageCurrencyFormat); $languageDateFormat = strip_tags($languageDateFormat); $languageDateFormat = trim($languageDateFormat); $languageStopWords = strip_tags($languageStopWords); $languageStopWords = trim($languageStopWords); $msg = ''; if (!osc_validate_text($languageName)) { $msg .= _m("Language name field is required") . "<br/>"; } if (!osc_validate_text($languageShortName)) { $msg .= _m("Language short name field is required") . "<br/>"; } if (!osc_validate_text($languageDescription)) { $msg .= _m("Language description field is required") . "<br/>"; } if (!osc_validate_text($languageCurrencyFormat)) { $msg .= _m("Currency format field is required") . "<br/>"; } if (!osc_validate_int($languageNumDec)) { $msg .= _m("Number of decimals must only contain numeric characters") . "<br/>"; } if ($msg != '') { osc_add_flash_error_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=languages&action=edit&id=' . $languageCode); } $array = array('b_enabled' => $enabledWebstie, 'b_enabled_bo' => $enabledBackoffice, 's_name' => $languageName, 's_short_name' => $languageShortName, 's_description' => $languageDescription, 's_currency_format' => $languageCurrencyFormat, 's_dec_point' => $languageDecPoint, 'i_num_dec' => $languageNumDec, 's_thousands_sep' => $languageThousandsSep, 's_date_format' => $languageDateFormat, 's_stop_words' => $languageStopWords); $iUpdated = $this->localeManager->update($array, array('pk_c_code' => $languageCode)); if ($iUpdated > 0) { osc_add_flash_ok_message(sprintf(_m('%s has been updated'), $languageShortName), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); break; case 'enable_selected': osc_csrf_check(); $msg = _m('Selected languages have been enabled for the website'); $iUpdated = 0; $aValues = array('b_enabled' => 1); $id = Params::getParam('id'); if (!is_array($id)) { osc_add_flash_warning_message(_m("The language ids aren't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); } foreach ($id as $i) { osc_translate_categories($i); $iUpdated += $this->localeManager->update($aValues, array('pk_c_code' => $i)); } if ($iUpdated > 0) { osc_add_flash_ok_message($msg, 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); break; case 'disable_selected': osc_csrf_check(); $msg = _m('Selected languages have been disabled for the website'); $msg_warning = ''; $iUpdated = 0; $aValues = array('b_enabled' => 0); $id = Params::getParam('id'); if (!is_array($id)) { osc_add_flash_warning_message(_m("The language ids aren't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); } foreach ($id as $i) { if (osc_language() == $i) { $msg_warning = sprintf(_m("%s can't be disabled because it's the default language"), osc_language()); continue; } $iUpdated += $this->localeManager->update($aValues, array('pk_c_code' => $i)); } if ($msg_warning != '') { if ($iUpdated > 0) { osc_add_flash_warning_message($msg . '</p><p>' . $msg_warning, 'admin'); } else { osc_add_flash_warning_message($msg_warning, 'admin'); } } else { osc_add_flash_ok_message($msg, 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); break; case 'enable_bo_selected': osc_csrf_check(); $msg = _m('Selected languages have been enabled for the backoffice (oc-admin)'); $iUpdated = 0; $aValues = array('b_enabled_bo' => 1); $id = Params::getParam('id'); if (!is_array($id)) { osc_add_flash_warning_message(_m("The language ids aren't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); } foreach ($id as $i) { osc_translate_categories($i); $iUpdated += $this->localeManager->update($aValues, array('pk_c_code' => $i)); } if ($iUpdated > 0) { osc_add_flash_ok_message($msg, 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); break; case 'disable_bo_selected': osc_csrf_check(); $msg = _m('Selected languages have been disabled for the backoffice (oc-admin)'); $msg_warning = ''; $iUpdated = 0; $aValues = array('b_enabled_bo' => 0); $id = Params::getParam('id'); if (!is_array($id)) { osc_add_flash_warning_message(_m("The language ids aren't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); } foreach ($id as $i) { if (osc_language() == $i) { $msg_warning = sprintf(_m("%s can't be disabled because it's the default language"), osc_language()); continue; } $iUpdated += $this->localeManager->update($aValues, array('pk_c_code' => $i)); } if ($msg_warning != '') { if ($iUpdated > 0) { osc_add_flash_warning_message($msg . '</p><p>' . $msg_warning, 'admin'); } else { osc_add_flash_warning_message($msg_warning, 'admin'); } } else { osc_add_flash_ok_message($msg, 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); break; case 'delete': osc_csrf_check(); if (is_array(Params::getParam('id'))) { $default_lang = osc_language(); foreach (Params::getParam('id') as $code) { if ($default_lang != $code) { if ($this->localeManager->deleteLocale($code)) { if (!osc_deleteDir(osc_translations_path() . $code)) { osc_add_flash_error_message(sprintf(_m("Directory '%s' couldn't be removed"), $code), 'admin'); } else { osc_add_flash_ok_message(sprintf(_m('Directory "%s" has been successfully removed'), $code), 'admin'); } } else { osc_add_flash_error_message(sprintf(_m("Directory '%s' couldn't be removed;)"), $code), 'admin'); } } else { osc_add_flash_error_message(sprintf(_m("Directory '%s' couldn't be removed because it's the default language. Set another language as default first and try again"), $code), 'admin'); } } } $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); break; default: if (Params::getParam('checkUpdated') != '') { osc_admin_toolbar_update_languages(true); } if (Params::getParam("action") != "") { osc_run_hook("language_bulk_" . Params::getParam("action"), Params::getParam('id')); } // ----- if (Params::getParam('iDisplayLength') == '') { Params::setParam('iDisplayLength', 10); } // ? $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); $p_iPage = 1; if (is_numeric(Params::getParam('iPage')) && Params::getParam('iPage') >= 1) { $p_iPage = Params::getParam('iPage'); } Params::setParam('iPage', $p_iPage); $aLanguages = OSCLocale::newInstance()->listAll(); // pagination $start = ($p_iPage - 1) * Params::getParam('iDisplayLength'); $limit = Params::getParam('iDisplayLength'); $count = count($aLanguages); $displayRecords = $limit; if ($start + $limit > $count) { $displayRecords = $start + $limit - $count; } // ---- $aLanguagesToUpdate = json_decode(osc_get_preference('languages_to_update')); $bLanguagesToUpdate = is_array($aLanguagesToUpdate) ? true : false; // ---- $aData = array(); $max = $start + $limit; if ($max > $count) { $max = $count; } for ($i = $start; $i < $max; $i++) { $l = $aLanguages[$i]; $row = array(); $row[] = '<input type="checkbox" name="id[]" value="' . $l['pk_c_code'] . '" />'; $options = array(); $options[] = '<a href="' . osc_admin_base_url(true) . '?page=languages&action=edit&id=' . $l['pk_c_code'] . '">' . __('Edit') . '</a>'; $options[] = '<a href="' . osc_admin_base_url(true) . '?page=languages&action=' . ($l['b_enabled'] == 1 ? 'disable_selected' : 'enable_selected') . '&id[]=' . $l['pk_c_code'] . '&' . osc_csrf_token_url() . '">' . ($l['b_enabled'] == 1 ? __('Disable (website)') : __('Enable (website)')) . '</a> '; $options[] = '<a href="' . osc_admin_base_url(true) . '?page=languages&action=' . ($l['b_enabled_bo'] == 1 ? 'disable_bo_selected' : 'enable_bo_selected') . '&id[]=' . $l['pk_c_code'] . '&' . osc_csrf_token_url() . '">' . ($l['b_enabled_bo'] == 1 ? __('Disable (oc-admin)') : __('Enable (oc-admin)')) . '</a>'; $options[] = '<a onclick="return delete_dialog(\'' . $l['pk_c_code'] . '\');" href="' . osc_admin_base_url(true) . '?page=languages&action=delete&id[]=' . $l['pk_c_code'] . '&' . osc_csrf_token_url() . '">' . __('Delete') . '</a>'; $auxOptions = '<ul>' . PHP_EOL; foreach ($options as $actual) { $auxOptions .= '<li>' . $actual . '</li>' . PHP_EOL; } $actions = '<div class="actions">' . $auxOptions . '</div>' . PHP_EOL; $sUpdate = ''; // get languages to update from t_preference if ($bLanguagesToUpdate) { if (in_array($l['pk_c_code'], $aLanguagesToUpdate)) { $sUpdate = '<a class="btn-market-update btn-market-popup" href="#' . htmlentities($l['pk_c_code']) . '">' . __("Update here") . '</a>'; } } $row[] = $l['s_name'] . $sUpdate . $actions; $row[] = $l['s_short_name']; $row[] = $l['s_description']; $row[] = $l['b_enabled'] ? __('Yes') : __('No'); $row[] = $l['b_enabled_bo'] ? __('Yes') : __('No'); $aData[] = $row; } // ---- $array['iTotalRecords'] = $displayRecords; $array['iTotalDisplayRecords'] = count($aLanguages); $array['iDisplayLength'] = $limit; $array['aaData'] = $aData; $page = (int) Params::getParam('iPage'); if (count($array['aaData']) == 0 && $page != 1) { $total = (int) $array['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $array['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . $_SERVER['QUERY_STRING']; if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aLanguages', $array); $bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'enable_selected', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected languages?'), strtolower(__('Enable (Website)'))), 'label' => __('Enable (Website)')), array('value' => 'disable_selected', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected languages?'), strtolower(__('Disable (Website)'))), 'label' => __('Disable (Website)')), array('value' => 'enable_bo_selected', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected languages?'), strtolower(__('Enable (oc-admin)'))), 'label' => __('Enable (oc-admin)')), array('value' => 'disable_bo_selected', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected languages?'), strtolower(__('Disable (oc-admin)'))), 'label' => __('Disable (oc-admin)')), array('value' => 'delete', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected languages?'), strtolower(__('Delete'))), 'label' => __('Delete'))); $bulk_options = osc_apply_filter("language_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); $this->doView('languages/index.php'); break; } }
function doModel() { parent::doModel(); if (time() - (int) osc_market_data_update() > 86400) { //84600 = 24*60*60 $json = osc_file_get_contents(osc_market_url() . 'categories/', array('api_key' => osc_market_api_connect())); $data = @json_decode($json, true); if (is_array($data)) { osc_set_preference('marketCategories', $json); osc_set_preference('marketDataUpdate', time()); osc_reset_preferences(); } } switch ($this->action) { case 'buy': osc_csrf_check(); $json = osc_file_get_contents(osc_market_url() . 'token/', array('api_key' => osc_market_api_connect())); $data = json_decode($json, true); osc_redirect_to(Params::getParam('url') . '?token=' . @$data['token']); break; case 'purchases': case 'plugins': case 'themes': case 'languages': $section = $this->action; $title = array('plugins' => __('Recommended plugins for You'), 'themes' => __('Recommended themes for You'), 'languages' => __('Languages for this version'), 'purchases' => __('My purchases')); // page number $marketPage = Params::getParam("mPage"); $url_actual = osc_admin_base_url(true) . '?page=market&action=' . $section . '&mPage=' . $marketPage; if ($marketPage >= 1) { $marketPage--; } // api $url = osc_market_url($section) . (Params::getParam('sCategory') != '' ? 'category/' . Params::getParam('sCategory') . '/' : '') . "page/" . $marketPage . '/length/9/'; // default sort $sort_actual = ''; $sort_download = $url_actual . '&sort=downloads&order=desc'; $sort_updated = $url_actual . '&sort=updated&order=desc'; // sorting options (default) $_order = 'desc'; $order_download = $_order; $order_updated = $_order; $sort = Params::getParam("sort"); $order = Params::getParam("order"); if ($sort == '') { $sort = 'updated'; } if ($order == '') { $order = $_order; } $aux = $order == 'desc' ? 'asc' : 'desc'; switch ($sort) { case 'downloads': $sort_actual = '&sort=downloads&order='; $sort_download = $url_actual . $sort_actual . $aux; $sort_actual .= $order; $order_download = $order; // market api call $url .= 'order/downloads/' . $order; break; case 'updated': $sort_actual = '&sort=updated&order='; $sort_updated = $url_actual . $sort_actual . $aux; $sort_actual .= $order; $order_updated = $order; // market api call $url .= 'order/updated/' . $order; break; default: break; } // pageSize or length attribute is hardcoded $out = osc_file_get_contents($url, array('api_key' => osc_market_api_connect())); $array = json_decode($out, true); $output_pagination = ''; if (is_numeric($array['total']) && $array['total'] > 0) { $totalPages = ceil($array['total'] / $array['sizePage']); $pageActual = $array['page']; $params = array('total' => $totalPages, 'selected' => $pageActual, 'url' => osc_admin_base_url(true) . '?page=market' . '&action=' . $section . '&mPage={PAGE}' . $sort_actual, 'sides' => 5); // set pagination $pagination = new Pagination($params); $output_pagination = $pagination->doPagination(); } else { $array['total'] = 0; } // export variable to view $this->_exportVariableToView("sort", $sort); $this->_exportVariableToView("title", $title); $this->_exportVariableToView("section", $section); $this->_exportVariableToView("array", $array); $this->_exportVariableToView("sort_download", $sort_download); $this->_exportVariableToView("sort_updated", $sort_updated); $this->_exportVariableToView("order_download", $order_download); $this->_exportVariableToView("order_updated", $order_updated); $this->_exportVariableToView("market_categories", json_decode(osc_market_categories(), true)); $this->_exportVariableToView('pagination', $output_pagination); $this->doView("market/section.php"); break; default: $aPlugins = array(); $aThemes = array(); $aLanguages = array(); $out_plugin = osc_file_get_contents(osc_market_featured_url('plugins', 6)); $array_plugins = json_decode($out_plugin, true); if (isset($array_plugins)) { $aPlugins = $array_plugins['plugins']; } $out_themes = osc_file_get_contents(osc_market_featured_url('themes', 6)); $array_themes = json_decode($out_themes, true); if (isset($array_themes)) { $aThemes = $array_themes['themes']; } $out_languages = osc_file_get_contents(osc_market_featured_url('languages', 6)); $array_languages = json_decode($out_languages, true); if (isset($array_languages)) { $aLanguages = $array_languages['languages']; } $count = json_decode(osc_file_get_contents(osc_market_count_url()), true); if (!isset($count['pluginsTotal'])) { $count['pluginsTotal'] = 0; } if (!isset($count['themesTotal'])) { $count['themesTotal'] = 0; } if (!isset($count['languagesTotal'])) { $count['languagesTotal'] = 0; } $this->_exportVariableToView("count", $count); $this->_exportVariableToView("aPlugins", $aPlugins); $this->_exportVariableToView("aThemes", $aThemes); $this->_exportVariableToView("aLanguages", $aLanguages); $this->_exportVariableToView("market_categories", json_decode(osc_market_categories(), true)); $this->doView("market/index.php"); break; } }
function doModel() { switch ($this->action) { case 'login_post': //post execution for the login if (!osc_users_enabled()) { osc_add_flash_error_message(_m('Users are not enabled')); $this->redirectTo(osc_base_url()); } osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; $user = User::newInstance()->findByEmail(Params::getParam('email')); if (!$user) { $user = User::newInstance()->findByUsername(Params::getParam('email')); } $url_redirect = osc_get_http_referer(); $page_redirect = ''; if (osc_rewrite_enabled()) { if ($url_redirect != '') { $request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $url_redirect)); $tmp_ar = explode("?", $request_uri); $request_uri = $tmp_ar[0]; $rules = Rewrite::newInstance()->listRules(); foreach ($rules as $match => $uri) { if (preg_match('#' . $match . '#', $request_uri, $m)) { $request_uri = preg_replace('#' . $match . '#', $uri, $request_uri); if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) { $page_redirect = $match[2]; if ($page_redirect == '' || $page_redirect == 'login') { $url_redirect = osc_user_dashboard_url(); } } break; } } } //} else if(preg_match('|[\?&]page=([^&]+)|', $url_redirect.'&', $match)) { // $page_redirect = $match[1]; } if ($url_redirect == '') { $url_redirect = osc_user_dashboard_url(); } if (!$user) { osc_add_flash_error_message(_m("The user doesn't exist")); $this->redirectTo(osc_user_login_url()); } if ($user["s_password"] != sha1(Params::getParam('password', false, false))) { osc_add_flash_error_message(_m('The password is incorrect')); $this->redirectTo(osc_user_login_url()); } $banned = osc_is_banned(Params::getParam('email')); if ($banned == 1) { osc_add_flash_error_message(_m('Your current email is not allowed')); $this->redirectTo(osc_user_login_url()); } else { if ($banned == 2) { osc_add_flash_error_message(_m('Your current IP is not allowed')); $this->redirectTo(osc_user_login_url()); } } $uActions = new UserActions(false); $logged = $uActions->bootstrap_login($user['pk_i_id']); if ($logged == 0) { osc_add_flash_error_message(_m("The user doesn't exist")); } else { if ($logged == 1) { osc_add_flash_error_message(_m('The user has not been validated yet')); } else { if ($logged == 2) { osc_add_flash_error_message(_m('The user has been suspended')); } else { if ($logged == 3) { if (Params::getParam('remember') == 1) { //this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_userId', $user['pk_i_id']); Cookie::newInstance()->push('oc_userSecret', $secret); Cookie::newInstance()->set(); } osc_run_hook("after_login", $user); $this->redirectTo(osc_apply_filter('correct_login_url_redirect', $url_redirect)); } else { osc_add_flash_error_message(_m('This should never happen')); } } } } if (!$user['b_enabled']) { $this->redirectTo(osc_user_login_url()); } $this->redirectTo(osc_user_login_url()); break; case 'recover': //form to recover the password (in this case we have the form in /gui/) $this->doView('user-recover.php'); break; case 'recover_post': //post execution to recover the password osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; // e-mail is incorrect if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) { osc_add_flash_error_message(_m('Invalid email address')); $this->redirectTo(osc_recover_user_password_url()); } $userActions = new UserActions(false); $success = $userActions->recover_password(); switch ($success) { case 0: // recover ok osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password')); $this->redirectTo(osc_base_url()); break; case 1: // e-mail does not exist osc_add_flash_error_message(_m('We were not able to identify you given the information provided')); $this->redirectTo(osc_recover_user_password_url()); break; case 2: // recaptcha wrong osc_add_flash_error_message(_m('The recaptcha code is wrong')); $this->redirectTo(osc_recover_user_password_url()); break; } break; case 'forgot': //form to recover the password (in this case we have the form in /gui/) $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user) { $this->doView('user-forgot_password.php'); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'forgot_post': osc_csrf_check(); if (Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user['b_enabled'] == 1) { if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) { User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => $_SERVER['REMOTE_ADDR'], 's_password' => sha1(Params::getParam('new_password', false, false))), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed')); $this->redirectTo(osc_user_login_url()); } else { osc_add_flash_error_message(_m("Error, the password don't match")); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); } $this->redirectTo(osc_base_url()); break; default: //login Session::newInstance()->_setReferer(osc_get_http_referer()); if (osc_logged_user_id() != '') { $this->redirectTo(osc_user_dashboard_url()); } $this->doView('user-login.php'); } }
function doModel() { //specific things for this class switch ($this->action) { case 'bulk_actions': break; case 'regions': //Return regions given a countryId $regions = Region::newInstance()->findByCountry(Params::getParam("countryId")); echo json_encode($regions); break; case 'cities': //Returns cities given a regionId $cities = City::newInstance()->findByRegion(Params::getParam("regionId")); echo json_encode($cities); break; case 'location': // This is the autocomplete AJAX $cities = City::newInstance()->ajax(Params::getParam("term")); echo json_encode($cities); break; case 'userajax': // This is the autocomplete AJAX $users = User::newInstance()->ajax(Params::getParam("term")); if (count($users) == 0) { echo json_encode(array(0 => array('id' => '', 'label' => __('No results'), 'value' => __('No results')))); } else { echo json_encode($users); } break; case 'date_format': echo json_encode(array('format' => Params::getParam('format'), 'str_formatted' => osc_format_date(date('Y-m-d H:i:s'), Params::getParam('format')))); break; case 'runhook': // run hooks $hook = Params::getParam('hook'); if ($hook == '') { echo json_encode(array('error' => 'hook parameter not defined')); break; } switch ($hook) { case 'item_form': osc_run_hook('item_form', Params::getParam('catId')); break; case 'item_edit': $catId = Params::getParam("catId"); $itemId = Params::getParam("itemId"); osc_run_hook("item_edit", $catId, $itemId); break; default: osc_run_hook('ajax_admin_' . $hook); break; } break; case 'categories_order': // Save the order of the categories osc_csrf_check(false); $aIds = Params::getParam('list'); $orderParent = 0; $orderSub = 0; $catParent = 0; $error = 0; $catManager = Category::newInstance(); $aRecountCat = array(); foreach ($aIds as $id => $parent) { if ($parent == 'root') { $res = $catManager->updateOrder($id, $orderParent); if (is_bool($res) && !$res) { $error = 1; } // find category $auxCategory = Category::newInstance()->findByPrimaryKey($id); // set parent category $conditions = array('pk_i_id' => $id); $array['fk_i_parent_id'] = NULL; $res = $catManager->update($array, $conditions); if (is_bool($res) && !$res) { $error = 1; } else { if ($res == 1) { // updated ok $parentId = $auxCategory['fk_i_parent_id']; if ($parentId) { // update parent category stats array_push($aRecountCat, $id); array_push($aRecountCat, $parentId); } } } $orderParent++; } else { if ($parent != $catParent) { $catParent = $parent; $orderSub = 0; } $res = $catManager->updateOrder($id, $orderSub); if (is_bool($res) && !$res) { $error = 1; } // set parent category $auxCategory = Category::newInstance()->findByPrimaryKey($id); $auxCategoryP = Category::newInstance()->findByPrimaryKey($catParent); $conditions = array('pk_i_id' => $id); $array['fk_i_parent_id'] = $catParent; $res = $catManager->update($array, $conditions); if (is_bool($res) && !$res) { $error = 1; } else { if ($res == 1) { // updated ok // update category parent $prevParentId = $auxCategory['fk_i_parent_id']; $parentId = $auxCategoryP['pk_i_id']; array_push($aRecountCat, $prevParentId); array_push($aRecountCat, $parentId); } } $orderSub++; } } // update category stats foreach ($aRecountCat as $rId) { osc_update_cat_stats_id($rId); } if ($error) { $result = array('error' => __("An error occurred")); } else { $result = array('ok' => __("Order saved")); } echo json_encode($result); break; case 'category_edit_iframe': $this->_exportVariableToView('category', Category::newInstance()->findByPrimaryKey(Params::getParam("id"))); $this->_exportVariableToView('languages', OSCLocale::newInstance()->listAllEnabled()); $this->doView("categories/iframe.php"); break; case 'field_categories_iframe': $selected = Field::newInstance()->categories(Params::getParam("id")); if ($selected == null) { $selected = array(); } $this->_exportVariableToView("selected", $selected); $this->_exportVariableToView("field", Field::newInstance()->findByPrimaryKey(Params::getParam("id"))); $this->_exportVariableToView("categories", Category::newInstance()->toTreeAll()); $this->doView("fields/iframe.php"); break; case 'field_categories_post': osc_csrf_check(false); $error = 0; $field = Field::newInstance()->findByName(Params::getParam("s_name")); if (!isset($field['pk_i_id']) || isset($field['pk_i_id']) && $field['pk_i_id'] == Params::getParam("id")) { // remove categories from a field Field::newInstance()->cleanCategoriesFromField(Params::getParam("id")); // no error... continue updating fields if ($error == 0) { $slug = Params::getParam("field_slug") != '' ? Params::getParam("field_slug") : Params::getParam("s_name"); $slug_tmp = $slug = preg_replace('|([-]+)|', '-', preg_replace('|[^a-z0-9_-]|', '-', strtolower($slug))); $slug_k = 0; while (true) { $field = Field::newInstance()->findBySlug($slug); if (!$field || $field['pk_i_id'] == Params::getParam("id")) { break; } else { $slug_k++; $slug = $slug_tmp . "_" . $slug_k; } } // trim options $s_options = ''; $aux = Params::getParam('s_options'); $aAux = explode(',', $aux); foreach ($aAux as &$option) { $option = trim($option); } $s_options = implode(',', $aAux); $res = Field::newInstance()->update(array('s_name' => Params::getParam("s_name"), 'e_type' => Params::getParam("field_type"), 's_slug' => $slug, 'b_required' => Params::getParam("field_required") == "1" ? 1 : 0, 's_options' => $s_options), array('pk_i_id' => Params::getParam("id"))); if (is_bool($res) && !$res) { $error = 1; } } // no error... continue inserting categories-field if ($error == 0) { $aCategories = Params::getParam("categories"); if (is_array($aCategories) && count($aCategories) > 0) { $res = Field::newInstance()->insertCategories(Params::getParam("id"), $aCategories); if (!$res) { $error = 1; } } } // error while updating? if ($error == 1) { $message = __("An error occurred while updating."); } } else { $error = 1; $message = __("Sorry, you already have a field with that name"); } if ($error) { $result = array('error' => $message); } else { $result = array('ok' => __("Saved"), 'text' => Params::getParam("s_name"), 'field_id' => Params::getParam("id")); } echo json_encode($result); break; case 'delete_field': osc_csrf_check(false); $res = Field::newInstance()->deleteByPrimaryKey(Params::getParam('id')); if ($res > 0) { $result = array('ok' => __('The custom field has been deleted')); } else { $result = array('error' => __('An error occurred while deleting')); } echo json_encode($result); break; case 'add_field': osc_csrf_check(false); $s_name = __('NEW custom field'); $slug_tmp = $slug = preg_replace('|([-]+)|', '-', preg_replace('|[^a-z0-9_-]|', '-', strtolower($s_name))); $slug_k = 0; while (true) { $field = Field::newInstance()->findBySlug($slug); if (!$field || $field['pk_i_id'] == Params::getParam("id")) { break; } else { $slug_k++; $slug = $slug_tmp . "_" . $slug_k; } } $fieldManager = Field::newInstance(); $result = $fieldManager->insertField($s_name, 'TEXT', $slug, 0, '', array()); if ($result) { echo json_encode(array('error' => 0, 'field_id' => $fieldManager->dao->insertedId(), 'field_name' => $s_name)); } else { echo json_encode(array('error' => 1)); } break; case 'enable_category': osc_csrf_check(false); $id = strip_tags(Params::getParam('id')); $enabled = Params::getParam('enabled') != '' ? Params::getParam('enabled') : 0; $error = 0; $result = array(); $aUpdated = array(); $mCategory = Category::newInstance(); $aCategory = $mCategory->findByPrimaryKey($id); if ($aCategory == false) { $result = array('error' => sprintf(__("No category with id %d exists"), $id)); echo json_encode($result); break; } // root category if ($aCategory['fk_i_parent_id'] == '') { $mCategory->update(array('b_enabled' => $enabled), array('pk_i_id' => $id)); $mCategory->update(array('b_enabled' => $enabled), array('fk_i_parent_id' => $id)); $subCategories = $mCategory->findSubcategories($id); $aIds = array($id); $aUpdated[] = array('id' => $id); foreach ($subCategories as $subcategory) { $aIds[] = $subcategory['pk_i_id']; $aUpdated[] = array('id' => $subcategory['pk_i_id']); } Item::newInstance()->enableByCategory($enabled, $aIds); if ($enabled) { $result = array('ok' => __('The category as well as its subcategories have been enabled')); } else { $result = array('ok' => __('The category as well as its subcategories have been disabled')); } $result['affectedIds'] = $aUpdated; echo json_encode($result); break; } // subcategory $parentCategory = $mCategory->findRootCategory($id); if (!$parentCategory['b_enabled']) { $result = array('error' => __('Parent category is disabled, you can not enable that category')); echo json_encode($result); break; } $mCategory->update(array('b_enabled' => $enabled), array('pk_i_id' => $id)); if ($enabled) { $result = array('ok' => __('The subcategory has been enabled')); } else { $result = array('ok' => __('The subcategory has been disabled')); } $result['affectedIds'] = array(array('id' => $id)); echo json_encode($result); break; case 'delete_category': osc_csrf_check(false); $id = Params::getParam("id"); $error = 0; $categoryManager = Category::newInstance(); $res = $categoryManager->deleteByPrimaryKey($id); if ($res > 0) { $message = __('The categories have been deleted'); } else { $error = 1; $message = __('An error occurred while deleting'); } if ($error) { $result = array('error' => $message); } else { $result = array('ok' => __("Saved")); } echo json_encode($result); break; case 'edit_category_post': osc_csrf_check(false); $id = Params::getParam("id"); $fields['i_expiration_days'] = Params::getParam("i_expiration_days") != '' ? Params::getParam("i_expiration_days") : 0; $error = 0; $has_one_title = 0; $postParams = Params::getParamsAsArray(); foreach ($postParams as $k => $v) { if (preg_match('|(.+?)#(.+)|', $k, $m)) { if ($m[2] == 's_name') { if ($v != "") { $has_one_title = 1; $aFieldsDescription[$m[1]][$m[2]] = $v; $s_text = $v; } else { $aFieldsDescription[$m[1]][$m[2]] = NULL; $error = 1; } } else { $aFieldsDescription[$m[1]][$m[2]] = $v; } } } $l = osc_language(); if ($error == 0 || $error == 1 && $has_one_title == 1) { $categoryManager = Category::newInstance(); $res = $categoryManager->updateByPrimaryKey(array('fields' => $fields, 'aFieldsDescription' => $aFieldsDescription), $id); $categoryManager->updateExpiration($id, $fields['i_expiration_days']); if (is_bool($res)) { $error = 2; } } if (Params::getParam('apply_changes_to_subcategories') == 1) { $subcategories = $categoryManager->findSubcategories($id); foreach ($subcategories as $subc) { $categoryManager->updateExpiration($subc['pk_i_id'], $fields['i_expiration_days']); } } if ($error == 0) { $msg = __("Category updated correctly"); } else { if ($error == 1) { if ($has_one_title == 1) { $error = 4; $msg = __('Category updated correctly, but some titles are empty'); } else { $msg = __('Sorry, including at least a title is mandatory'); } } else { if ($error == 2) { $msg = __('An error occurred while updating'); } } } echo json_encode(array('error' => $error, 'msg' => $msg, 'text' => $aFieldsDescription[$l]['s_name'])); break; case 'custom': // Execute via AJAX custom file $ajaxFile = Params::getParam("ajaxfile"); if ($ajaxFile == '') { echo json_encode(array('error' => 'no action defined')); break; } // valid file? if (stripos($ajaxFile, '../') !== false) { echo json_encode(array('error' => 'no valid ajaxFile')); break; } if (!file_exists(osc_plugins_path() . $ajaxFile)) { echo json_encode(array('error' => "ajaxFile doesn't exist")); break; } require_once osc_plugins_path() . $ajaxFile; break; case 'test_mail': $title = sprintf(__('Test email, %s'), osc_page_title()); $body = __("Test email") . "<br><br>" . osc_page_title(); $emailParams = array('subject' => $title, 'to' => osc_contact_email(), 'to_name' => 'admin', 'body' => $body, 'alt_body' => $body); $array = array(); if (osc_sendMail($emailParams)) { $array = array('status' => '1', 'html' => __('Email sent successfully')); } else { $array = array('status' => '0', 'html' => __('An error occurred while sending email')); } echo json_encode($array); break; case 'test_mail_template': // replace por valores por defecto $email = Params::getParam("email"); $title = Params::getParam("title"); $body = urldecode(Params::getParam("body")); $emailParams = array('subject' => $title, 'to' => $email, 'to_name' => 'admin', 'body' => $body, 'alt_body' => $body); $array = array(); if (osc_sendMail($emailParams)) { $array = array('status' => '1', 'html' => __('Email sent successfully')); } else { $array = array('status' => '0', 'html' => __('An error occurred while sending email')); } echo json_encode($array); break; case 'order_pages': osc_csrf_check(false); $order = Params::getParam("order"); $id = Params::getParam("id"); if ($order != '' && $id != '') { $mPages = Page::newInstance(); $actual_page = $mPages->findByPrimaryKey($id); $actual_order = $actual_page['i_order']; $array = array(); $condition = array(); $new_order = $actual_order; if ($order == 'up') { $page = $mPages->findPrevPage($actual_order); } else { if ($order == 'down') { $page = $mPages->findNextPage($actual_order); } } if (isset($page['i_order'])) { $mPages->update(array('i_order' => $page['i_order']), array('pk_i_id' => $id)); $mPages->update(array('i_order' => $actual_order), array('pk_i_id' => $page['pk_i_id'])); } } break; /****************************** ** COMPLETE UPGRADE PROCESS ** ******************************/ /****************************** ** COMPLETE UPGRADE PROCESS ** ******************************/ case 'upgrade': // AT THIS POINT WE KNOW IF THERE'S AN UPDATE OR NOT osc_csrf_check(false); $message = ""; $error = 0; $sql_error_msg = ""; $rm_errors = 0; $perms = osc_save_permissions(); osc_change_permissions(); $maintenance_file = ABS_PATH . '.maintenance'; $fileHandler = @fopen($maintenance_file, 'w'); fclose($fileHandler); /*********************** **** DOWNLOAD FILE **** ***********************/ $data = osc_file_get_contents("http://osclass.org/latest_version.php"); $data = json_decode(substr($data, 1, strlen($data) - 3), true); $source_file = $data['url']; if ($source_file != '') { $tmp = explode("/", $source_file); $filename = end($tmp); $result = osc_downloadFile($source_file, $filename); if ($result) { // Everything is OK, continue /********************** ***** UNZIP FILE ***** **********************/ @mkdir(ABS_PATH . 'oc-temp', 0777); $res = osc_unzip_file(osc_content_path() . 'downloads/' . $filename, ABS_PATH . 'oc-temp/'); if ($res == 1) { // Everything is OK, continue /********************** ***** COPY FILES ***** **********************/ $fail = -1; if ($handle = opendir(ABS_PATH . 'oc-temp')) { $fail = 0; while (false !== ($_file = readdir($handle))) { if ($_file != '.' && $_file != '..' && $_file != 'remove.list' && $_file != 'upgrade.sql' && $_file != 'customs.actions') { $data = osc_copy(ABS_PATH . "oc-temp/" . $_file, ABS_PATH . $_file); if ($data == false) { $fail = 1; } } } closedir($handle); //TRY TO REMOVE THE ZIP PACKAGE @unlink(osc_content_path() . 'downloads/' . $filename); if ($fail == 0) { // Everything is OK, continue /************************ *** UPGRADE DATABASE *** ************************/ $error_queries = array(); if (file_exists(osc_lib_path() . 'osclass/installer/struct.sql')) { $sql = file_get_contents(osc_lib_path() . 'osclass/installer/struct.sql'); $conn = DBConnectionClass::newInstance(); $c_db = $conn->getOsclassDb(); $comm = new DBCommandClass($c_db); $error_queries = $comm->updateDB(str_replace('/*TABLE_PREFIX*/', DB_TABLE_PREFIX, $sql)); } if ($error_queries[0]) { // Everything is OK, continue /********************************** ** EXECUTING ADDITIONAL ACTIONS ** **********************************/ if (file_exists(osc_lib_path() . 'osclass/upgrade-funcs.php')) { // There should be no errors here define('AUTO_UPGRADE', true); require_once osc_lib_path() . 'osclass/upgrade-funcs.php'; } // Additional actions is not important for the rest of the proccess // We will inform the user of the problems but the upgrade could continue /**************************** ** REMOVE TEMPORARY FILES ** ****************************/ $path = ABS_PATH . 'oc-temp'; $rm_errors = 0; $dir = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path), RecursiveIteratorIterator::CHILD_FIRST); for ($dir->rewind(); $dir->valid(); $dir->next()) { if ($dir->isDir()) { if ($dir->getFilename() != '.' && $dir->getFilename() != '..') { if (!rmdir($dir->getPathname())) { $rm_errors++; } } } else { if (!unlink($dir->getPathname())) { $rm_errors++; } } } if (!rmdir($path)) { $rm_errors++; } $deleted = @unlink(ABS_PATH . '.maintenance'); if ($rm_errors == 0) { $message = __('Everything looks good! Your Osclass installation is up-to-date'); } else { $message = __('Nearly everything looks good! Your Osclass installation is up-to-date, but there were some errors removing temporary files. Please manually remove the "oc-temp" folder'); $error = 6; // Some errors removing files } } else { $sql_error_msg = $error_queries[2]; $message = __('Problems when upgrading the database'); $error = 5; // Problems upgrading the database } } else { $message = __('Problems when copying files. Please check your permissions. '); $error = 4; // Problems copying files. Maybe permissions are not correct } } else { $message = __('Nothing to copy'); $error = 99; // Nothing to copy. THIS SHOULD NEVER HAPPEN, means we don't update any file! } } else { $message = __('Unzip failed'); $error = 3; // Unzip failed } } else { $message = __('Download failed'); $error = 2; // Download failed } } else { $message = __('Missing download URL'); $error = 1; // Missing download URL } if ($error == 5) { $message .= "<br /><br />" . __('We had some errors upgrading your database. The follwing queries failed:') . implode("<br />", $sql_error_msg); } echo $message; foreach ($perms as $k => $v) { @chmod($k, $v); } break; /******************************* ** COMPLETE MARKET PROCESS ** *******************************/ /******************************* ** COMPLETE MARKET PROCESS ** *******************************/ case 'market': // AT THIS POINT WE KNOW IF THERE'S AN UPDATE OR NOT osc_csrf_check(false); $section = Params::getParam('section'); $code = Params::getParam('code'); $plugin = false; $re_enable = false; $message = ""; $error = 0; $data = array(); /************************ *** CHECK VALID CODE *** ************************/ if ($code != '' && $section != '') { if (stripos($code, "http://") === FALSE) { // OSCLASS OFFICIAL REPOSITORY $url = osc_market_url($section, $code); $data = json_decode(osc_file_get_contents($url), true); } else { // THIRD PARTY REPOSITORY if (osc_market_external_sources()) { $data = json_decode(osc_file_get_contents($code), true); } else { echo json_encode(array('error' => 8, 'error_msg' => __('No external sources are allowed'))); break; } } /*********************** **** DOWNLOAD FILE **** ***********************/ if (isset($data['s_update_url']) && isset($data['s_source_file']) && isset($data['e_type'])) { if ($data['e_type'] == 'THEME') { $folder = 'themes/'; } else { if ($data['e_type'] == 'LANGUAGE') { $folder = 'languages/'; } else { // PLUGINS $folder = 'plugins/'; $plugin = Plugins::findByUpdateURI($data['s_update_url']); if ($plugin != false) { if (Plugins::isEnabled($plugin)) { Plugins::runHook($plugin . '_disable'); Plugins::deactivate($plugin); $re_enable = true; } } } } $filename = $data['s_update_url'] . "_" . $data['s_version'] . ".zip"; $url_source_file = $data['s_source_file']; // error_log('Source file: ' . $url_source_file); // error_log('Filename: ' . $filename); $result = osc_downloadFile($url_source_file, $filename); if ($result) { // Everything is OK, continue /********************** ***** UNZIP FILE ***** **********************/ @mkdir(ABS_PATH . 'oc-temp', 0777); $res = osc_unzip_file(osc_content_path() . 'downloads/' . $filename, osc_content_path() . 'downloads/oc-temp/'); if ($res == 1) { // Everything is OK, continue /********************** ***** COPY FILES ***** **********************/ $fail = -1; if ($handle = opendir(osc_content_path() . 'downloads/oc-temp')) { $folder_dest = ABS_PATH . "oc-content/" . $folder; if (function_exists('posix_getpwuid')) { $current_user = posix_getpwuid(posix_geteuid()); $ownerFolder = posix_getpwuid(fileowner($folder_dest)); } $fail = 0; while (false !== ($_file = readdir($handle))) { if ($_file != '.' && $_file != '..') { $copyprocess = osc_copy(osc_content_path() . "downloads/oc-temp/" . $_file, $folder_dest . $_file); if ($copyprocess == false) { $fail = 1; } } } closedir($handle); // Additional actions is not important for the rest of the proccess // We will inform the user of the problems but the upgrade could continue // Also remove the zip package /**************************** ** REMOVE TEMPORARY FILES ** ****************************/ @unlink(osc_content_path() . 'downloads/' . $filename); $path = osc_content_path() . 'downloads/oc-temp'; $rm_errors = 0; $dir = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path), RecursiveIteratorIterator::CHILD_FIRST); for ($dir->rewind(); $dir->valid(); $dir->next()) { if ($dir->isDir()) { if ($dir->getFilename() != '.' && $dir->getFilename() != '..') { if (!rmdir($dir->getPathname())) { $rm_errors++; } } } else { if (!unlink($dir->getPathname())) { $rm_errors++; } } } if (!rmdir($path)) { $rm_errors++; } if ($fail == 0) { // Everything is OK, continue if ($data['e_type'] != 'THEME' && $data['e_type'] != 'LANGUAGE') { if ($plugin != false && $re_enable) { $enabled = Plugins::activate($plugin); if ($enabled) { Plugins::runHook($plugin . '_enable'); } } } // recount plugins&themes for update if ($section == 'plugins') { osc_check_plugins_update(true); } else { if ($section == 'themes') { osc_check_themes_update(true); } else { if ($section == 'languages') { // load oc-content/ if (osc_checkLocales()) { $message .= __('The language has been installed correctly'); } else { $message .= __('There was a problem adding the language'); $error = 8; } osc_check_languages_update(true); } } } if ($rm_errors == 0) { $message = __('Everything looks good!'); $error = 0; } else { $message = __('Nearly everything looks good! but there were some errors removing temporary files. Please manually remove the \\"oc-temp\\" folder'); $error = 6; // Some errors removing files } } else { $message = __('Problems when copying files. Please check your permissions. '); if ($current_user['uid'] != $ownerFolder['uid']) { if (function_exists('posix_getgrgid')) { $current_group = posix_getgrgid($current_user['gid']); $message .= '<p><strong>' . sprintf(__('NOTE: Web user and destination folder user is not the same, you might have an issue there. <br/>Do this in your console:<br/>chown -R %s:%s %s'), $current_user['name'], $current_group['name'], $folder_dest) . '</strong></p>'; } } $error = 4; // Problems copying files. Maybe permissions are not correct } } else { $message = __('Nothing to copy'); $error = 99; // Nothing to copy. THIS SHOULD NEVER HAPPEN, means we don't update any file! } } else { $message = __('Unzip failed'); $error = 3; // Unzip failed } } else { $message = __('Download failed'); $error = 2; // Download failed } } else { $message = __('Input code not valid'); $error = 7; // Input code not valid } } else { $message = __('Missing download URL'); $error = 1; // Missing download URL } echo json_encode(array('error' => $error, 'message' => $message, 'data' => $data)); break; case 'check_market': // AT THIS POINT WE KNOW IF THERE'S AN UPDATE OR NOT $section = Params::getParam('section'); $code = Params::getParam('code'); $data = array(); /************************ *** CHECK VALID CODE *** ************************/ if ($code != '' && $section != '') { if (stripos($code, "http://") === FALSE) { // OSCLASS OFFICIAL REPOSITORY $data = json_decode(osc_file_get_contents(osc_market_url($section, $code)), true); } else { // THIRD PARTY REPOSITORY if (osc_market_external_sources()) { $data = json_decode(osc_file_get_contents($code), true); } else { echo json_encode(array('error' => 3, 'error_msg' => __('No external sources are allowed'))); break; } } if (!isset($data['s_source_file']) || !isset($data['s_update_url'])) { $data = array('error' => 2, 'error_msg' => __('Invalid code')); } } else { $data = array('error' => 1, 'error_msg' => __('No code was submitted')); } echo json_encode($data); break; case 'market_data': $section = Params::getParam('section'); $page = Params::getParam("mPage"); $featured = Params::getParam("featured"); $sort = Params::getParam("sort"); $order = Params::getParam("order"); // for the moment this value is static $length = 9; if ($page >= 1) { $page--; } $url = osc_market_url($section) . "page/" . $page . '/'; if ($length != '' && is_numeric($length)) { $url .= 'length/' . $length . '/'; } if ($sort != '') { $url .= 'order/' . $sort; if ($order != '') { $url .= '/' . $order; } } if ($featured != '') { $url = osc_market_featured_url($section); } $data = array(); $data = json_decode(osc_file_get_contents($url), true); if (!isset($data[$section])) { $data = array('error' => 1, 'error_msg' => __('No market data')); } echo 'var market_data = window.market_data || {}; market_data.' . $section . ' = ' . json_encode($data) . ';'; break; case 'local_market': // AVOID CROSS DOMAIN PROBLEMS OF AJAX REQUEST $marketPage = Params::getParam("mPage"); if ($marketPage >= 1) { $marketPage--; } $out = osc_file_get_contents(osc_market_url(Params::getParam("section")) . "page/" . $marketPage); $array = json_decode($out, true); // do pagination $pageActual = $array['page']; $totalPages = ceil($array['total'] / $array['sizePage']); $params = array('total' => $totalPages, 'selected' => $pageActual, 'url' => '#{PAGE}', 'sides' => 5); // set pagination $pagination = new Pagination($params); $aux = $pagination->doPagination(); $array['pagination_content'] = $aux; // encode to json echo json_encode($array); break; case 'dashboardbox_market': $error = 0; // make market call $url = getPreference('marketURL') . 'dashboardbox/'; $content = ''; if (false === ($json = @osc_file_get_contents($url))) { $error = 1; } else { $content = $json; } if ($error == 1) { echo json_encode(array('error' => 1)); } else { // replace content with correct urls $content = str_replace('{URL_MARKET_THEMES}', osc_admin_base_url(true) . '?page=market&action=themes', $content); $content = str_replace('{URL_MARKET_PLUGINS}', osc_admin_base_url(true) . '?page=market&action=plugins', $content); echo json_encode(array('html' => $content)); } break; case 'location_stats': osc_csrf_check(false); $workToDo = osc_update_location_stats(); if ($workToDo > 0) { $array['status'] = 'more'; $array['pending'] = $workToDo; echo json_encode($array); } else { $array['status'] = 'done'; echo json_encode($array); } break; case 'error_permissions': echo json_encode(array('error' => __("You don't have the necessary permissions"))); break; default: echo json_encode(array('error' => __('no action defined'))); break; } // clear all keep variables into session Session::newInstance()->_dropKeepForm(); Session::newInstance()->_clearVariables(); }
function doModel() { switch ($this->action) { case 'media': // calling the media view $max_upload = (int) ini_get('upload_max_filesize'); $max_post = (int) ini_get('post_max_size'); $memory_limit = (int) ini_get('memory_limit'); $upload_mb = min($max_upload, $max_post, $memory_limit) * 1024; $this->_exportVariableToView('max_size_upload', $upload_mb); $this->doView('settings/media.php'); break; case 'media_post': // updating the media config osc_csrf_check(); $status = 'ok'; $error = ''; $iUpdated = 0; $maxSizeKb = Params::getParam('maxSizeKb'); $dimThumbnail = strtolower(Params::getParam('dimThumbnail')); $dimPreview = strtolower(Params::getParam('dimPreview')); $dimNormal = strtolower(Params::getParam('dimNormal')); $keepOriginalImage = Params::getParam('keep_original_image'); $forceAspectImage = Params::getParam('force_aspect_image'); $forceJPEG = Params::getParam('force_jpeg'); $use_imagick = Params::getParam('use_imagick'); $type_watermark = Params::getParam('watermark_type'); $watermark_color = Params::getParam('watermark_text_color'); $watermark_text = Params::getParam('watermark_text'); switch ($type_watermark) { case 'none': $iUpdated += osc_set_preference('watermark_text_color', ''); $iUpdated += osc_set_preference('watermark_text', ''); $iUpdated += osc_set_preference('watermark_image', ''); break; case 'text': $iUpdated += osc_set_preference('watermark_text_color', $watermark_color); $iUpdated += osc_set_preference('watermark_text', $watermark_text); $iUpdated += osc_set_preference('watermark_image', ''); $iUpdated += osc_set_preference('watermark_place', Params::getParam('watermark_text_place')); break; case 'image': // upload image & move to path $watermark_file = Params::getFiles('watermark_image'); if ($watermark_file['tmp_name'] != '' && $watermark_file['size'] > 0) { if ($watermark_file['error'] == UPLOAD_ERR_OK) { if ($watermark_file['type'] == 'image/png') { $tmpName = $watermark_file['tmp_name']; $path = osc_content_path() . 'uploads/watermark.png'; if (move_uploaded_file($tmpName, $path)) { $iUpdated += osc_set_preference('watermark_image', $path); } else { $status = 'error'; $error .= _m('There was a problem uploading the watermark image') . "<br />"; } } else { $status = 'error'; $error .= _m('The watermark image has to be a .PNG file') . "<br />"; } } else { $status = 'error'; $error .= _m('There was a problem uploading the watermark image') . "<br />"; } } $iUpdated += osc_set_preference('watermark_text_color', ''); $iUpdated += osc_set_preference('watermark_text', ''); $iUpdated += osc_set_preference('watermark_place', Params::getParam('watermark_image_place')); break; default: break; } // format parameters $maxSizeKb = trim(strip_tags($maxSizeKb)); $dimThumbnail = trim(strip_tags($dimThumbnail)); $dimPreview = trim(strip_tags($dimPreview)); $dimNormal = trim(strip_tags($dimNormal)); $keepOriginalImage = $keepOriginalImage != '' ? true : false; $forceAspectImage = $forceAspectImage != '' ? true : false; $forceJPEG = $forceJPEG != '' ? true : false; $use_imagick = $use_imagick != '' ? true : false; if (!preg_match('|([0-9]+)x([0-9]+)|', $dimThumbnail, $match)) { $dimThumbnail = is_numeric($dimThumbnail) ? $dimThumbnail . "x" . $dimThumbnail : "100x100"; } if (!preg_match('|([0-9]+)x([0-9]+)|', $dimPreview, $match)) { $dimPreview = is_numeric($dimPreview) ? $dimPreview . "x" . $dimPreview : "100x100"; } if (!preg_match('|([0-9]+)x([0-9]+)|', $dimNormal, $match)) { $dimNormal = is_numeric($dimNormal) ? $dimNormal . "x" . $dimNormal : "100x100"; } // is imagick extension loaded? if (!@extension_loaded('imagick')) { $use_imagick = false; } // max size allowed by PHP configuration? $max_upload = (int) ini_get('upload_max_filesize'); $max_post = (int) ini_get('post_max_size'); $memory_limit = (int) ini_get('memory_limit'); $upload_mb = min($max_upload, $max_post, $memory_limit) * 1024; // set maxSizeKB equals to PHP configuration if it's bigger if ($maxSizeKb > $upload_mb) { $status = 'warning'; $maxSizeKb = $upload_mb; // flash message text warning $error .= sprintf(_m("You cannot set a maximum file size higher than the one allowed in the PHP configuration: <b>%d KB</b>"), $upload_mb); } $iUpdated += osc_set_preference('maxSizeKb', $maxSizeKb); $iUpdated += osc_set_preference('dimThumbnail', $dimThumbnail); $iUpdated += osc_set_preference('dimPreview', $dimPreview); $iUpdated += osc_set_preference('dimNormal', $dimNormal); $iUpdated += osc_set_preference('keep_original_image', $keepOriginalImage); $iUpdated += osc_set_preference('force_aspect_image', $forceAspectImage); $iUpdated += osc_set_preference('force_jpeg', $forceJPEG); $iUpdated += osc_set_preference('use_imagick', $use_imagick); if ($error != '') { switch ($status) { case 'error': osc_add_flash_error_message($error, 'admin'); break; case 'warning': osc_add_flash_warning_message($error, 'admin'); break; default: osc_add_flash_ok_message($error, 'admin'); break; } } else { osc_add_flash_ok_message(_m('Media config has been updated'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=media'); break; case 'images_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=media'); } osc_csrf_check(); $aResources = ItemResource::newInstance()->getAllResources(); foreach ($aResources as $resource) { osc_run_hook('regenerate_image', $resource); if (strpos($resource['s_content_type'], 'image') !== false) { if (file_exists(osc_base_path() . $resource['s_path'] . $resource['pk_i_id'] . "_original." . $resource['s_extension'])) { $image_tmp = osc_base_path() . $resource['s_path'] . $resource['pk_i_id'] . "_original." . $resource['s_extension']; $use_original = true; } else { if (file_exists(osc_base_path() . $resource['s_path'] . $resource['pk_i_id'] . "." . $resource['s_extension'])) { $image_tmp = osc_base_path() . $resource['s_path'] . $resource['pk_i_id'] . "." . $resource['s_extension']; $use_original = false; } else { if (file_exists(osc_base_path() . $resource['s_path'] . $resource['pk_i_id'] . "_preview." . $resource['s_extension'])) { $image_tmp = osc_base_path() . $resource['s_path'] . $resource['pk_i_id'] . "_preview." . $resource['s_extension']; $use_original = false; } else { $use_original = false; continue; } } } // Create normal size $path_normal = $path = osc_base_path() . $resource['s_path'] . $resource['pk_i_id'] . '.' . $resource['s_extension']; $size = explode('x', osc_normal_dimensions()); $img = ImageResizer::fromFile($image_tmp)->resizeTo($size[0], $size[1]); if ($use_original) { if (osc_is_watermark_text()) { $img->doWatermarkText(osc_watermark_text(), osc_watermark_text_color()); } elseif (osc_is_watermark_image()) { $img->doWatermarkImage(); } } $img->saveToFile($path); // Create preview $path = osc_base_path() . $resource['s_path'] . $resource['pk_i_id'] . '_preview.' . $resource['s_extension']; $size = explode('x', osc_preview_dimensions()); ImageResizer::fromFile($path_normal)->resizeTo($size[0], $size[1])->saveToFile($path); // Create thumbnail $path = osc_base_path() . $resource['s_path'] . $resource['pk_i_id'] . '_thumbnail.' . $resource['s_extension']; $size = explode('x', osc_thumbnail_dimensions()); ImageResizer::fromFile($path_normal)->resizeTo($size[0], $size[1])->saveToFile($path); osc_run_hook('regenerated_image', ItemResource::newInstance()->findByPrimaryKey($resource['pk_i_id'])); } else { // no es imagen o imagen sin extesión } } osc_add_flash_ok_message(_m('Re-generation complete'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=media'); break; } }
function doModel() { switch ($this->action) { case 'contact_post': //contact_post osc_csrf_check(); $yourName = Params::getParam('yourName'); $yourEmail = Params::getParam('yourEmail'); $subject = Params::getParam('subject'); $message = Params::getParam('message'); if (osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); Session::newInstance()->_setForm('yourName', $yourName); Session::newInstance()->_setForm('yourEmail', $yourEmail); Session::newInstance()->_setForm('subject', $subject); Session::newInstance()->_setForm('message_body', $message); $this->redirectTo(osc_contact_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } $banned = osc_is_banned($yourEmail); if ($banned == 1) { osc_add_flash_error_message(_m('Your current email is not allowed')); $this->redirectTo(osc_contact_url()); } else { if ($banned == 2) { osc_add_flash_error_message(_m('Your current IP is not allowed')); $this->redirectTo(osc_contact_url()); } } $user = User::newInstance()->newInstance()->findByEmail($yourEmail); if (isset($user['b_active']) && ($user['b_active'] == 0 || $user['b_enabled'] == 0)) { osc_add_flash_error_message(_m('Your current email is not allowed')); $this->redirectTo(osc_contact_url()); } if (!preg_match('|.*?@.{2,}\\..{2,}|', $yourEmail)) { osc_add_flash_error_message(_m('Please enter a correct email')); Session::newInstance()->_setForm('yourName', $yourName); Session::newInstance()->_setForm('subject', $subject); Session::newInstance()->_setForm('message_body', $message); $this->redirectTo(osc_contact_url()); } $message_name = sprintf(__('Name: %s'), $yourName); $message_email = sprintf(__('Email: %s'), $yourEmail); $message_subject = sprintf(__('Subject: %s'), $subject); $message_body = sprintf(__('Message: %s'), $message); $message_date = sprintf(__('Date: %s at %s'), date('l F d, Y'), date('g:i a')); $message_IP = sprintf(__('IP Address: %s'), get_ip()); $message = <<<MESSAGE {$message_name} {$message_email} {$message_subject} {$message_body} {$message_date} {$message_IP} MESSAGE; $params = array('from' => osc_contact_email(), 'to' => osc_contact_email(), 'to_name' => osc_page_title(), 'reply_to' => $yourEmail, 'subject' => '[' . osc_page_title() . '] ' . __('Contact'), 'body' => nl2br($message)); $error = false; if (osc_contact_attachment()) { $attachment = Params::getFiles('attachment'); if (isset($attachment['error']) && $attachment['error'] == UPLOAD_ERR_OK) { $mime_array = array('text/php', 'text/x-php', 'application/php', 'application/x-php', 'application/x-httpd-php', 'application/x-httpd-php-source', 'application/x-javascript'); $resourceName = $attachment['name']; $tmpName = $attachment['tmp_name']; $resourceType = $attachment['type']; if (function_exists('mime_content_type')) { $resourceType = mime_content_type($tmpName); } if (function_exists('finfo_open')) { $finfo = finfo_open(FILEINFO_MIME); $output = finfo_file($finfo, $tmpName); finfo_close($finfo); $output = explode("; ", $output); if (is_array($output)) { $output = $output[0]; } $resourceType = $output; } // check mime file if (!in_array($resourceType, $mime_array)) { $emailAttachment = array('path' => $tmpName, 'name' => $resourceName); $error = false; } else { $error = true; } // --- check mime file } else { $error = true; } } if (!$error) { if (isset($emailAttachment)) { $params['attachment'] = $emailAttachment; } osc_run_hook('pre_contact_post', $params); osc_sendMail(osc_apply_filter('contact_params', $params)); if (isset($tmpName)) { @unlink($tmpName); } osc_add_flash_ok_message(_m('Your email has been sent properly. Thank you for contacting us!')); } else { osc_add_flash_error_message(_m('The file you tried to upload does not have a valid extension')); } $this->redirectTo(osc_contact_url()); break; default: //contact $this->doView('contact.php'); } }
function doModel() { parent::doModel(); //specific things for this class switch ($this->action) { case 'add': $this->doView("appearance/add.php"); break; case 'add_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=appearance'); } osc_csrf_check(); $filePackage = Params::getFiles('package'); if (isset($filePackage['size']) && $filePackage['size'] != 0) { $path = osc_themes_path(); (int) ($status = osc_unzip_file($filePackage['tmp_name'], $path)); @unlink($filePackage['tmp_name']); } else { $status = 3; } switch ($status) { case 0: $msg = _m('The theme folder is not writable'); osc_add_flash_error_message($msg, 'admin'); break; case 1: $msg = _m('The theme has been installed correctly'); osc_add_flash_ok_message($msg, 'admin'); break; case 2: $msg = _m('The zip file is not valid'); osc_add_flash_error_message($msg, 'admin'); break; case 3: $msg = _m('No file was uploaded'); osc_add_flash_error_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=appearance&action=add"); break; case -1: default: $msg = _m('There was a problem adding the theme'); osc_add_flash_error_message($msg, 'admin'); break; } $this->redirectTo(osc_admin_base_url(true) . "?page=appearance"); break; case 'delete': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=appearance'); } osc_csrf_check(); $theme = Params::getParam('webtheme'); if ($theme != '') { if ($theme != osc_current_web_theme()) { if (file_exists(osc_content_path() . "themes/" . $theme . "/functions.php")) { include osc_content_path() . "themes/" . $theme . "/functions.php"; } osc_run_hook("theme_delete_" . $theme); if (osc_deleteDir(osc_content_path() . "themes/" . $theme . "/")) { osc_add_flash_ok_message(_m("Theme removed successfully"), "admin"); } else { osc_add_flash_error_message(_m("There was a problem removing the theme"), "admin"); } } else { osc_add_flash_error_message(_m("Current theme can not be deleted"), "admin"); } } else { osc_add_flash_error_message(_m("No theme selected"), "admin"); } $this->redirectTo(osc_admin_base_url(true) . "?page=appearance"); break; /* widgets */ /* widgets */ case 'widgets': $info = WebThemes::newInstance()->loadThemeInfo(osc_theme()); $this->_exportVariableToView("info", $info); $this->doView('appearance/widgets.php'); break; case 'add_widget': $this->doView('appearance/add_widget.php'); break; case 'edit_widget': $id = Params::getParam('id'); $widget = Widget::newInstance()->findByPrimaryKey($id); $this->_exportVariableToView("widget", $widget); $this->doView('appearance/add_widget.php'); break; case 'delete_widget': osc_csrf_check(); Widget::newInstance()->delete(array('pk_i_id' => Params::getParam('id'))); osc_add_flash_ok_message(_m('Widget removed correctly'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=appearance&action=widgets"); break; case 'edit_widget_post': osc_csrf_check(); if (!osc_validate_text(Params::getParam("description"))) { osc_add_flash_error_message(_m('Description field is required'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=appearance&action=widgets"); } $res = Widget::newInstance()->update(array('s_description' => Params::getParam('description'), 's_content' => Params::getParam('content', false, false)), array('pk_i_id' => Params::getParam('id'))); if ($res) { osc_add_flash_ok_message(_m('Widget updated correctly'), 'admin'); } else { osc_add_flash_error_message(_m('Widget cannot be updated correctly'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . "?page=appearance&action=widgets"); break; case 'add_widget_post': osc_csrf_check(); if (!osc_validate_text(Params::getParam("description"))) { osc_add_flash_error_message(_m('Description field is required'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=appearance&action=widgets"); } Widget::newInstance()->insert(array('s_location' => Params::getParam('location'), 'e_kind' => 'html', 's_description' => Params::getParam('description'), 's_content' => Params::getParam('content', false, false))); osc_add_flash_ok_message(_m('Widget added correctly'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=appearance&action=widgets"); break; /* /widget */ /* /widget */ case 'activate': osc_csrf_check(); osc_set_preference('theme', Params::getParam('theme')); osc_add_flash_ok_message(_m('Theme activated correctly'), 'admin'); osc_run_hook("theme_activate", Params::getParam('theme')); $this->redirectTo(osc_admin_base_url(true) . "?page=appearance"); break; case 'render': if (Params::existParam('route')) { $routes = Rewrite::newInstance()->getRoutes(); $rid = Params::getParam('route'); $file = '../'; if (isset($routes[$rid]) && isset($routes[$rid]['file'])) { $file = $routes[$rid]['file']; } } else { // DEPRECATED: Disclosed path in URL is deprecated, use routes instead // This will be REMOVED in 3.6 $file = Params::getParam('file'); // We pass the GET variables (in case we have somes) if (preg_match('|(.+?)\\?(.*)|', $file, $match)) { $file = $match[1]; if (preg_match_all('|&([^=]+)=([^&]*)|', urldecode('&' . $match[2] . '&'), $get_vars)) { for ($var_k = 0; $var_k < count($get_vars[1]); $var_k++) { Params::setParam($get_vars[1][$var_k], $get_vars[2][$var_k]); } } } else { $file = Params::getParam('file'); } } if (strpos($file, '../') !== false || strpos($file, '..\\') !== false || !file_exists(osc_base_path() . $file)) { osc_add_flash_warning_message(__('Error loading theme custom file'), 'admin'); } $this->_exportVariableToView('file', osc_base_path() . $file); $this->doView('appearance/view.php'); break; default: if (Params::getParam('checkUpdated') != '') { osc_admin_toolbar_update_themes(true); } $themes = WebThemes::newInstance()->getListThemes(); //preparing variables for the view $this->_exportVariableToView("themes", $themes); $this->doView('appearance/index.php'); break; } }
function doModel() { parent::doModel(); //specific things for this class switch ($this->action) { case 'bulk_actions': osc_csrf_check(); $id = Params::getParam('id'); if ($id) { switch (Params::getParam('bulk_actions')) { case 'delete_all': $this->itemCommentManager->delete(array(DB_CUSTOM_COND => 'pk_i_id IN (' . implode(', ', $id) . ')')); foreach ($id as $_id) { $iUpdated = $this->itemCommentManager->delete(array('pk_i_id' => $_id)); osc_add_hook("delete_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been deleted'), 'admin'); break; case 'activate_all': foreach ($id as $_id) { $iUpdated = $this->itemCommentManager->update(array('b_active' => 1), array('pk_i_id' => $_id)); if ($iUpdated) { $this->sendCommentActivated($_id); } osc_add_hook("activate_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been approved'), 'admin'); break; case 'deactivate_all': foreach ($id as $_id) { $this->itemCommentManager->update(array('b_active' => 0), array('pk_i_id' => $_id)); osc_add_hook("deactivate_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been disapproved'), 'admin'); break; case 'enable_all': foreach ($id as $_id) { $iUpdated = $this->itemCommentManager->update(array('b_enabled' => 1), array('pk_i_id' => $_id)); if ($iUpdated) { $this->sendCommentActivated($_id); } osc_add_hook("enable_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been unblocked'), 'admin'); break; case 'disable_all': foreach ($id as $_id) { $this->itemCommentManager->update(array('b_enabled' => 0), array('pk_i_id' => $_id)); osc_add_hook("disable_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been blocked'), 'admin'); break; default: if (Params::getParam("bulk_actions") != "") { osc_run_hook("item_bulk_" . Params::getParam("bulk_actions"), Params::getParam('id')); } break; } } $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; case 'status': osc_csrf_check(); $id = Params::getParam('id'); $value = Params::getParam('value'); if (!$id) { return false; } $id = (int) $id; if (!is_numeric($id)) { return false; } if (!in_array($value, array('ACTIVE', 'INACTIVE', 'ENABLE', 'DISABLE'))) { return false; } if ($value == 'ACTIVE') { $iUpdated = $this->itemCommentManager->update(array('b_active' => 1), array('pk_i_id' => $id)); if ($iUpdated) { $this->sendCommentActivated($id); } osc_add_hook("activate_comment", $id); osc_add_flash_ok_message(_m('The comment has been approved'), 'admin'); } else { if ($value == 'INACTIVE') { $iUpdated = $this->itemCommentManager->update(array('b_active' => 0), array('pk_i_id' => $id)); osc_add_hook("deactivate_comment", $id); osc_add_flash_ok_message(_m('The comment has been disapproved'), 'admin'); } else { if ($value == 'ENABLE') { $iUpdated = $this->itemCommentManager->update(array('b_enabled' => 1), array('pk_i_id' => $id)); osc_add_hook("enable_comment", $id); osc_add_flash_ok_message(_m('The comment has been enabled'), 'admin'); } else { if ($value == 'DISABLE') { $iUpdated = $this->itemCommentManager->update(array('b_enabled' => 0), array('pk_i_id' => $id)); osc_add_hook("disable_comment", $id); osc_add_flash_ok_message(_m('The comment has been disabled'), 'admin'); } } } } $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; case 'comment_edit': $comment = ItemComment::newInstance()->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('comment', $comment); $this->doView('comments/frm.php'); break; case 'comment_edit_post': osc_csrf_check(); $msg = ''; if (!osc_validate_email(Params::getParam('authorEmail'), true)) { $msg .= _m('Email is not correct') . "<br/>"; } if (!osc_validate_text(Params::getParam('body'), 1, true)) { $msg .= _m('Comment is required') . "<br/>"; } if ($msg != '') { osc_add_flash_error_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=comments&action=comment_edit&id=" . Params::getParam('id')); } $this->itemCommentManager->update(array('s_title' => Params::getParam('title'), 's_body' => Params::getParam('body'), 's_author_name' => Params::getParam('authorName'), 's_author_email' => Params::getParam('authorEmail')), array('pk_i_id' => Params::getParam('id'))); osc_run_hook('edit_comment', Params::getParam('id')); osc_add_flash_ok_message(_m('Great! We just updated your comment'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; case 'delete': osc_csrf_check(); $this->itemCommentManager->deleteByPrimaryKey(Params::getParam('id')); osc_add_flash_ok_message(_m('The comment has been deleted'), 'admin'); osc_run_hook('delete_comment', Params::getParam('id')); $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; default: require_once osc_lib_path() . "osclass/classes/datatables/CommentsDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') { Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength')); } else { Params::setParam('iDisplayLength', 10); } } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray(); $commentsDataTable = new CommentsDataTable(); $commentsDataTable->table($params); $aData = $commentsDataTable->getData(); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . Params::getServerParam('QUERY_STRING', false, false); if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('aRawRows', $commentsDataTable->rawRows()); $bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Delete'))), 'label' => __('Delete')), array('value' => 'activate_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Activate'))), 'label' => __('Activate')), array('value' => 'deactivate_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Deactivate'))), 'label' => __('Deactivate')), array('value' => 'disable_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Block'))), 'label' => __('Block')), array('value' => 'enable_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Unblock'))), 'label' => __('Unblock'))); $bulk_options = osc_apply_filter("comment_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); $this->doView('comments/index.php'); break; } }
function doModel() { parent::doModel(); //specific things for this class switch ($this->action) { case 'bulk_actions': osc_csrf_check(); switch (Params::getParam('bulk_actions')) { case 'delete': $ids = Params::getParam("id"); if (is_array($ids)) { foreach ($ids as $id) { osc_deleteResource($id, true); } $log_ids = substr(implode(",", $ids), 0, 250); Log::newInstance()->insertLog('media', 'delete bulk', $log_ids, $log_ids, 'admin', osc_logged_admin_id()); $this->resourcesManager->deleteResourcesIds($ids); } osc_add_flash_ok_message(_m('Resource deleted'), 'admin'); break; default: if (Params::getParam("bulk_actions") != "") { osc_run_hook("media_bulk_" . Params::getParam("bulk_actions"), Params::getParam('id')); } break; } $this->redirectTo(osc_admin_base_url(true) . '?page=media'); break; case 'delete': osc_csrf_check(); $ids = Params::getParam('id'); if (is_array($ids)) { foreach ($ids as $id) { osc_deleteResource($id, true); } $log_ids = substr(implode(",", $ids), 0, 250); Log::newInstance()->insertLog('media', 'delete', $log_ids, $log_ids, 'admin', osc_logged_admin_id()); $this->resourcesManager->deleteResourcesIds($ids); } osc_add_flash_ok_message(_m('Resource deleted'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=media'); break; default: require_once osc_lib_path() . "osclass/classes/datatables/MediaDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') { Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength')); } else { Params::setParam('iDisplayLength', 10); } } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray(); $mediaDataTable = new MediaDataTable(); $mediaDataTable->table($params); $aData = $mediaDataTable->getData(); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . Params::getServerParam('QUERY_STRING', false, false); if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('aRawRows', $mediaDataTable->rawRows()); $bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected media files?'), strtolower(__('Delete'))), 'label' => __('Delete'))); $bulk_options = osc_apply_filter("media_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); $this->doView('media/index.php'); break; } }