function doModel()
{
switch ($this->action) {
case 'login_post':
//post execution for the login
if (!osc_users_enabled()) {
osc_add_flash_error_message(_m('Users are not enabled'));
$this->redirectTo(osc_base_url());
}
osc_csrf_check();
osc_run_hook('before_validating_login');
// e-mail or/and password is/are empty or incorrect
$wrongCredentials = false;
$email = Params::getParam('email');
$password = Params::getParam('password', false, false);
if ($email == '') {
osc_add_flash_error_message(_m('Please provide an email address'));
$wrongCredentials = true;
}
if ($password == '') {
osc_add_flash_error_message(_m('Empty passwords are not allowed. Please provide a password'));
$wrongCredentials = true;
}
if ($wrongCredentials) {
$this->redirectTo(osc_user_login_url());
}
if (osc_validate_email($email)) {
$user = User::newInstance()->findByEmail($email);
}
if (empty($user)) {
$user = User::newInstance()->findByUsername($email);
}
if (empty($user)) {
osc_add_flash_error_message(_m("The user doesn't exist"));
$this->redirectTo(osc_user_login_url());
}
if (!osc_verify_password($password, isset($user['s_password']) ? $user['s_password'] : '')) {
osc_add_flash_error_message(_m('The password is incorrect'));
$this->redirectTo(osc_user_login_url());
// @TODO if valid user, send email parameter back to the login form
} else {
if (@$user['s_password'] != '') {
if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $user['s_password'], $cost)) {
if ($cost[1] != BCRYPT_COST) {
User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id']));
}
} else {
User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id']));
}
}
}
// e-mail or/and IP is/are banned
$banned = osc_is_banned($email);
// int 0: not banned or unknown, 1: email is banned, 2: IP is banned, 3: both email & IP are banned
if ($banned & 1) {
osc_add_flash_error_message(_m('Your current email is not allowed'));
}
if ($banned & 2) {
osc_add_flash_error_message(_m('Your current IP is not allowed'));
}
if ($banned !== 0) {
$this->redirectTo(osc_user_login_url());
}
osc_run_hook('before_login');
$url_redirect = osc_get_http_referer();
$page_redirect = '';
if (osc_rewrite_enabled()) {
if ($url_redirect != '') {
$request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $url_redirect));
$tmp_ar = explode("?", $request_uri);
$request_uri = $tmp_ar[0];
$rules = Rewrite::newInstance()->listRules();
foreach ($rules as $match => $uri) {
if (preg_match('#' . $match . '#', $request_uri, $m)) {
$request_uri = preg_replace('#' . $match . '#', $uri, $request_uri);
if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) {
$page_redirect = $match[2];
if ($page_redirect == '' || $page_redirect == 'login') {
$url_redirect = osc_user_dashboard_url();
}
}
break;
}
}
}
}
require_once LIB_PATH . 'osclass/UserActions.php';
$uActions = new UserActions(false);
$logged = $uActions->bootstrap_login($user['pk_i_id']);
if ($logged == 0) {
osc_add_flash_error_message(_m("The user doesn't exist"));
} else {
if ($logged == 1) {
if (time() - strtotime($user['dt_access_date']) > 1200) {
// EACH 20 MINUTES
osc_add_flash_error_message(sprintf(_m('The user has not been validated yet. Would you like to re-send your <a href="%s">activation?</a>'), osc_user_resend_activation_link($user['pk_i_id'], $user['s_email'])));
} else {
osc_add_flash_error_message(_m('The user has not been validated yet'));
}
} else {
if ($logged == 2) {
osc_add_flash_error_message(_m('The user has been suspended'));
} else {
if ($logged == 3) {
if (Params::getParam('remember') == 1) {
//this include contains de osc_genRandomPassword function
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$secret = osc_genRandomPassword();
User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id']));
Cookie::newInstance()->set_expires(osc_time_cookie());
Cookie::newInstance()->push('oc_userId', $user['pk_i_id']);
Cookie::newInstance()->push('oc_userSecret', $secret);
Cookie::newInstance()->set();
}
if ($url_redirect == '') {
$url_redirect = osc_user_dashboard_url();
}
osc_run_hook("after_login", $user, $url_redirect);
$this->redirectTo(osc_apply_filter('correct_login_url_redirect', $url_redirect));
} else {
osc_add_flash_error_message(_m('This should never happen'));
}
}
}
}
if (!$user['b_enabled']) {
$this->redirectTo(osc_user_login_url());
}
$this->redirectTo(osc_user_login_url());
break;
case 'resend':
$id = Params::getParam('id');
$email = Params::getParam('email');
$user = User::newInstance()->findByPrimaryKey($id);
if ($id == '' || $email == '' || !isset($user) || $user['b_active'] == 1 || $email != $user['s_email']) {
osc_add_flash_error_message(_m('Incorrect link'));
$this->redirectTo(osc_user_login_url());
}
if (time() - strtotime($user['dt_access_date']) > 1200) {
// EACH 20 MINUTES
if (osc_notify_new_user()) {
osc_run_hook('hook_email_admin_new_user', $user);
}
if (osc_user_validation_enabled()) {
osc_run_hook('hook_email_user_validation', $user, $user);
}
User::newInstance()->update(array('dt_access_date' => date('Y-m-d H:i:s')), array('pk_i_id' => $user['pk_i_id']));
osc_add_flash_ok_message(_m('Validation email re-sent'));
} else {
osc_add_flash_warning_message(_m('We have just sent you an email to validate your account, you will have to wait a few minutes to resend it again'));
}
$this->redirectTo(osc_user_login_url());
break;
case 'recover':
//form to recover the password (in this case we have the form in /gui/)
$this->doView('user-recover.php');
break;
case 'recover_post':
//post execution to recover the password
osc_csrf_check();
require_once LIB_PATH . 'osclass/UserActions.php';
// e-mail is incorrect
if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) {
osc_add_flash_error_message(_m('Invalid email address'));
$this->redirectTo(osc_recover_user_password_url());
}
$userActions = new UserActions(false);
$success = $userActions->recover_password();
switch ($success) {
case 0:
// recover ok
osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password'));
$this->redirectTo(osc_base_url());
break;
case 1:
// e-mail does not exist
osc_add_flash_error_message(_m('We were not able to identify you given the information provided'));
$this->redirectTo(osc_recover_user_password_url());
break;
case 2:
// recaptcha wrong
osc_add_flash_error_message(_m('The recaptcha code is wrong'));
$this->redirectTo(osc_recover_user_password_url());
break;
}
break;
case 'forgot':
//form to recover the password (in this case we have the form in /gui/)
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user) {
$this->doView('user-forgot_password.php');
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
$this->redirectTo(osc_base_url());
}
break;
case 'forgot_post':
osc_csrf_check();
if (Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') {
osc_add_flash_warning_message(_m('Password cannot be blank'));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user['b_enabled'] == 1) {
if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) {
User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => Params::getServerParam('REMOTE_ADDR'), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $user['pk_i_id']));
osc_add_flash_ok_message(_m('The password has been changed'));
$this->redirectTo(osc_user_login_url());
} else {
osc_add_flash_error_message(_m("Error, the password don't match"));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
}
$this->redirectTo(osc_base_url());
break;
default:
//login
Session::newInstance()->_setReferer(osc_get_http_referer());
if (osc_logged_user_id() != '') {
$this->redirectTo(osc_user_dashboard_url());
}
$this->doView('user-login.php');
}
}
public function add_comment()
{
if(!osc_comments_enabled()) {
return 7;
}
$aItem = $this->prepareDataForFunction('add_comment');
$authorName = trim(strip_tags($aItem['authorName']));
$authorEmail = trim(strip_tags($aItem['authorEmail']));
$body = trim(strip_tags($aItem['body']));
$title = trim(strip_tags($aItem['title']));
$itemId = $aItem['id'];
$userId = $aItem['userId'];
$status_num = -1;
$banned = osc_is_banned(trim(strip_tags($aItem['authorEmail'])));
if($banned==1 || $banned==2) {
Session::newInstance()->_setForm('commentAuthorName', $authorName);
Session::newInstance()->_setForm('commentTitle', $title);
Session::newInstance()->_setForm('commentBody', $body);
Session::newInstance()->_setForm('commentAuthorEmail', $authorEmail);
return 5;
}
$item = $this->manager->findByPrimaryKey($itemId);
View::newInstance()->_exportVariableToView('item', $item);
$itemURL = osc_item_url();
$itemURL = '<a href="'.$itemURL.'" >'.$itemURL.'</a>';
Params::setParam('itemURL', $itemURL);
if(osc_reg_user_post_comments() && !osc_is_web_user_logged_in()) {
Session::newInstance()->_setForm('commentAuthorName', $authorName);
Session::newInstance()->_setForm('commentTitle', $title);
Session::newInstance()->_setForm('commentBody', $body);
return 6;
}
if( !preg_match('|^.*?@.{2,}\..{2,3}$|', $authorEmail)) {
Session::newInstance()->_setForm('commentAuthorName', $authorName);
Session::newInstance()->_setForm('commentTitle', $title);
Session::newInstance()->_setForm('commentBody', $body);
return 3;
}
if( ($body == '') ) {
Session::newInstance()->_setForm('commentAuthorName', $authorName);
Session::newInstance()->_setForm('commentAuthorEmail', $authorEmail);
Session::newInstance()->_setForm('commentTitle', $title);
return 4;
}
$num_moderate_comments = osc_moderate_comments();
if($userId==null) {
$num_comments = 0;
} else {
$user = User::newInstance()->findByPrimaryKey($userId);
$num_comments = $user['i_comments'];
}
if ($num_moderate_comments == -1 || ($num_moderate_comments != 0 && $num_comments >= $num_moderate_comments)) {
$status = 'ACTIVE';
$status_num = 2;
} else {
$status = 'INACTIVE';
$status_num = 1;
}
if (osc_akismet_key()) {
require_once LIB_PATH . 'Akismet.class.php';
$akismet = new Akismet(osc_base_url(), osc_akismet_key());
$akismet->setCommentAuthor($authorName);
$akismet->setCommentAuthorEmail($authorEmail);
$akismet->setCommentContent($body);
$akismet->setPermalink($itemURL);
$status = $akismet->isCommentSpam() ? 'SPAM' : $status;
if($status == 'SPAM') {
$status_num = 5;
}
}
$mComments = ItemComment::newInstance();
$aComment = array('dt_pub_date' => date('Y-m-d H:i:s')
,'fk_i_item_id' => $itemId
,'s_author_name' => $authorName
,'s_author_email' => $authorEmail
,'s_title' => $title
,'s_body' => $body
,'b_active' => ($status=='ACTIVE' ? 1 : 0)
,'b_enabled' => 1
,'fk_i_user_id' => $userId);
osc_run_hook('before_add_comment', $aComment);
if( $mComments->insert($aComment) ) {
$commentID = $mComments->dao->insertedId();
if($status_num == 2 && $userId != null) { // COMMENT IS ACTIVE
$user = User::newInstance()->findByPrimaryKey($userId);
if( $user ) {
User::newInstance()->update( array( 'i_comments' => $user['i_comments'] + 1)
,array( 'pk_i_id' => $user['pk_i_id'] ) );
}
}
//Notify admin
if ( osc_notify_new_comment() ) {
osc_run_hook('hook_email_new_comment_admin', $aItem);
}
//Notify user
if ( osc_notify_new_comment_user() ) {
osc_run_hook('hook_email_new_comment_user', $aItem);
}
osc_run_hook( 'add_comment', $commentID );
return $status_num;
}
return -1;
}
function doModel()
{
switch ($this->action) {
case 'contact_post':
//contact_post
osc_csrf_check();
$yourName = Params::getParam('yourName');
$yourEmail = Params::getParam('yourEmail');
$subject = Params::getParam('subject');
$message = Params::getParam('message');
if (osc_recaptcha_private_key() != '') {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
Session::newInstance()->_setForm('yourName', $yourName);
Session::newInstance()->_setForm('yourEmail', $yourEmail);
Session::newInstance()->_setForm('subject', $subject);
Session::newInstance()->_setForm('message_body', $message);
$this->redirectTo(osc_contact_url());
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
$banned = osc_is_banned($yourEmail);
if ($banned == 1) {
osc_add_flash_error_message(_m('Your current email is not allowed'));
$this->redirectTo(osc_contact_url());
} else {
if ($banned == 2) {
osc_add_flash_error_message(_m('Your current IP is not allowed'));
$this->redirectTo(osc_contact_url());
}
}
$user = User::newInstance()->newInstance()->findByEmail($yourEmail);
if (isset($user['b_active']) && ($user['b_active'] == 0 || $user['b_enabled'] == 0)) {
osc_add_flash_error_message(_m('Your current email is not allowed'));
$this->redirectTo(osc_contact_url());
}
if (!preg_match('|.*?@.{2,}\\..{2,}|', $yourEmail)) {
osc_add_flash_error_message(_m('Please enter a correct email'));
Session::newInstance()->_setForm('yourName', $yourName);
Session::newInstance()->_setForm('subject', $subject);
Session::newInstance()->_setForm('message_body', $message);
$this->redirectTo(osc_contact_url());
}
$message_name = sprintf(__('Name: %s'), $yourName);
$message_email = sprintf(__('Email: %s'), $yourEmail);
$message_subject = sprintf(__('Subject: %s'), $subject);
$message_body = sprintf(__('Message: %s'), $message);
$message_date = sprintf(__('Date: %s at %s'), date('l F d, Y'), date('g:i a'));
$message_IP = sprintf(__('IP Address: %s'), get_ip());
$message = <<<MESSAGE
{$message_name}
{$message_email}
{$message_subject}
{$message_body}
{$message_date}
{$message_IP}
MESSAGE;
$params = array('from' => osc_contact_email(), 'to' => osc_contact_email(), 'to_name' => osc_page_title(), 'reply_to' => $yourEmail, 'subject' => '[' . osc_page_title() . '] ' . __('Contact'), 'body' => nl2br($message));
$error = false;
if (osc_contact_attachment()) {
$attachment = Params::getFiles('attachment');
if (isset($attachment['error']) && $attachment['error'] == UPLOAD_ERR_OK) {
$mime_array = array('text/php', 'text/x-php', 'application/php', 'application/x-php', 'application/x-httpd-php', 'application/x-httpd-php-source', 'application/x-javascript');
$resourceName = $attachment['name'];
$tmpName = $attachment['tmp_name'];
$resourceType = $attachment['type'];
if (function_exists('mime_content_type')) {
$resourceType = mime_content_type($tmpName);
}
if (function_exists('finfo_open')) {
$finfo = finfo_open(FILEINFO_MIME);
$output = finfo_file($finfo, $tmpName);
finfo_close($finfo);
$output = explode("; ", $output);
if (is_array($output)) {
$output = $output[0];
}
$resourceType = $output;
}
// check mime file
if (!in_array($resourceType, $mime_array)) {
$emailAttachment = array('path' => $tmpName, 'name' => $resourceName);
$error = false;
} else {
$error = true;
}
// --- check mime file
} else {
$error = true;
}
}
if (!$error) {
if (isset($emailAttachment)) {
$params['attachment'] = $emailAttachment;
}
osc_run_hook('pre_contact_post', $params);
osc_sendMail(osc_apply_filter('contact_params', $params));
if (isset($tmpName)) {
@unlink($tmpName);
}
osc_add_flash_ok_message(_m('Your email has been sent properly. Thank you for contacting us!'));
} else {
osc_add_flash_error_message(_m('The file you tried to upload does not have a valid extension'));
}
$this->redirectTo(osc_contact_url());
break;
default:
//contact
$this->doView('contact.php');
}
}
function doModel()
{
//calling the view...
$locales = OSCLocale::newInstance()->listAllEnabled();
$this->_exportVariableToView('locales', $locales);
switch ($this->action) {
case 'item_add':
// post
if (osc_reg_user_post() && $this->user == null) {
osc_add_flash_warning_message(_m('Only registered users are allowed to post listings'));
Session::newInstance()->_setReferer(osc_item_post_url());
$this->redirectTo(osc_user_login_url());
}
$countries = Country::newInstance()->listAll();
$regions = array();
if (isset($this->user['fk_c_country_code']) && $this->user['fk_c_country_code'] != '') {
$regions = Region::newInstance()->findByCountry($this->user['fk_c_country_code']);
} else {
if (count($countries) > 0) {
$regions = Region::newInstance()->findByCountry($countries[0]['pk_c_code']);
}
}
$cities = array();
if (isset($this->user['fk_i_region_id']) && $this->user['fk_i_region_id'] != '') {
$cities = City::newInstance()->findByRegion($this->user['fk_i_region_id']);
} else {
if (count($regions) > 0) {
$cities = City::newInstance()->findByRegion($regions[0]['pk_i_id']);
}
}
$this->_exportVariableToView('countries', $countries);
$this->_exportVariableToView('regions', $regions);
$this->_exportVariableToView('cities', $cities);
$form = count(Session::newInstance()->_getForm());
$keepForm = count(Session::newInstance()->_getKeepForm());
if ($form == 0 || $form == $keepForm) {
Session::newInstance()->_dropKeepForm();
}
if (Session::newInstance()->_getForm('countryId') != "") {
$countryId = Session::newInstance()->_getForm('countryId');
$regions = Region::newInstance()->findByCountry($countryId);
$this->_exportVariableToView('regions', $regions);
if (Session::newInstance()->_getForm('regionId') != "") {
$regionId = Session::newInstance()->_getForm('regionId');
$cities = City::newInstance()->findByRegion($regionId);
$this->_exportVariableToView('cities', $cities);
}
}
$this->_exportVariableToView('user', $this->user);
osc_run_hook('post_item');
$this->doView('item-post.php');
break;
case 'item_add_post':
//post_item
osc_csrf_check();
if (osc_reg_user_post() && $this->user == null) {
osc_add_flash_warning_message(_m('Only registered users are allowed to post listings'));
$this->redirectTo(osc_base_url(true));
}
$mItems = new ItemActions(false);
// prepare data for ADD ITEM
$mItems->prepareData(true);
// set all parameters into session
foreach ($mItems->data as $key => $value) {
Session::newInstance()->_setForm($key, $value);
}
$meta = Params::getParam('meta');
if (is_array($meta)) {
foreach ($meta as $key => $value) {
Session::newInstance()->_setForm('meta_' . $key, $value);
Session::newInstance()->_keepForm('meta_' . $key);
}
}
if (osc_recaptcha_items_enabled() && osc_recaptcha_private_key() != '') {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
$this->redirectTo(osc_item_post_url());
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
if (!osc_is_web_user_logged_in()) {
$user = User::newInstance()->findByEmail($mItems->data['contactEmail']);
// The user exists but it's not logged
if (isset($user['pk_i_id'])) {
foreach ($mItems->data as $key => $value) {
Session::newInstance()->_keepForm($key);
}
osc_add_flash_error_message(_m('A user with that email address already exists, if it is you, please log in'));
$this->redirectTo(osc_user_login_url());
}
}
$banned = osc_is_banned($mItems->data['contactEmail']);
if ($banned == 1) {
osc_add_flash_error_message(_m('Your current email is not allowed'));
$this->redirectTo(osc_item_post_url());
} else {
if ($banned == 2) {
osc_add_flash_error_message(_m('Your current IP is not allowed'));
$this->redirectTo(osc_item_post_url());
}
}
// POST ITEM ( ADD ITEM )
$success = $mItems->add();
if ($success != 1 && $success != 2) {
osc_add_flash_error_message($success);
$this->redirectTo(osc_item_post_url());
} else {
if (is_array($meta)) {
foreach ($meta as $key => $value) {
Session::newInstance()->_dropKeepForm('meta_' . $key);
}
}
Session::newInstance()->_clearVariables();
if ($success == 1) {
osc_add_flash_ok_message(_m('Check your inbox to validate your listing'));
} else {
osc_add_flash_ok_message(_m('Your listing has been published'));
}
$itemId = Params::getParam('itemId');
$category = Category::newInstance()->findByPrimaryKey(Params::getParam('catId'));
View::newInstance()->_exportVariableToView('category', $category);
$this->redirectTo(osc_search_category_url());
}
break;
case 'item_edit':
// edit item
$secret = Params::getParam('secret');
$id = Params::getParam('id');
$item = $this->itemManager->listWhere("i.pk_i_id = %d AND ((i.s_secret = %s AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = %d))", (int) $id, $secret, (int) $this->userId);
if (count($item) == 1) {
$item = Item::newInstance()->findByPrimaryKey($id);
$form = count(Session::newInstance()->_getForm());
$keepForm = count(Session::newInstance()->_getKeepForm());
if ($form == 0 || $form == $keepForm) {
Session::newInstance()->_dropKeepForm();
}
$this->_exportVariableToView('item', $item);
osc_run_hook("before_item_edit", $item);
$this->doView('item-edit.php');
} else {
// add a flash message [ITEM NO EXISTE]
osc_add_flash_error_message(_m("Sorry, we don't have any listings with that ID"));
if ($this->user != null) {
$this->redirectTo(osc_user_list_items_url());
} else {
$this->redirectTo(osc_base_url());
}
}
break;
case 'item_edit_post':
osc_csrf_check();
$secret = Params::getParam('secret');
$id = Params::getParam('id');
$item = $this->itemManager->listWhere("i.pk_i_id = %d AND ((i.s_secret = %s AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = %d))", (int) $id, $secret, (int) $this->userId);
if (count($item) == 1) {
$this->_exportVariableToView('item', $item[0]);
$mItems = new ItemActions(false);
// prepare data for ADD ITEM
$mItems->prepareData(false);
// set all parameters into session
foreach ($mItems->data as $key => $value) {
Session::newInstance()->_setForm($key, $value);
}
$meta = Params::getParam('meta');
if (is_array($meta)) {
foreach ($meta as $key => $value) {
Session::newInstance()->_setForm('meta_' . $key, $value);
Session::newInstance()->_keepForm('meta_' . $key);
}
}
if (osc_recaptcha_items_enabled() && osc_recaptcha_private_key() != '') {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
$this->redirectTo(osc_item_edit_url($secret, $id));
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
$success = $mItems->edit();
if ($success == 1) {
osc_add_flash_ok_message(_m("Great! We've just updated your listing"));
View::newInstance()->_exportVariableToView("item", Item::newInstance()->findByPrimaryKey($id));
$this->redirectTo(osc_item_url());
} else {
osc_add_flash_error_message($success);
$this->redirectTo(osc_item_edit_url($secret, $id));
}
}
break;
case 'activate':
$secret = Params::getParam('secret');
$id = Params::getParam('id');
$item = $this->itemManager->listWhere("i.pk_i_id = %d AND ((i.s_secret = %s) OR (i.fk_i_user_id = %d))", (int) $id, $secret, (int) $this->userId);
// item doesn't exist
if (count($item) == 0) {
$this->do404();
return;
}
View::newInstance()->_exportVariableToView('item', $item[0]);
if ($item[0]['b_active'] == 0) {
// ACTIVETE ITEM
$mItems = new ItemActions(false);
$success = $mItems->activate($item[0]['pk_i_id'], $item[0]['s_secret']);
if ($success) {
osc_add_flash_ok_message(_m('The listing has been validated'));
} else {
osc_add_flash_error_message(_m("The listing can't be validated"));
}
} else {
osc_add_flash_warning_message(_m('The listing has already been validated'));
}
$this->redirectTo(osc_item_url());
break;
case 'item_delete':
$secret = Params::getParam('secret');
$id = Params::getParam('id');
$item = $this->itemManager->listWhere("i.pk_i_id = %d AND ((i.s_secret = %s) OR (i.fk_i_user_id = %d))", (int) $id, $secret, (int) $this->userId);
if (count($item) == 1) {
$mItems = new ItemActions(false);
$success = $mItems->delete($item[0]['s_secret'], $item[0]['pk_i_id']);
if ($success) {
osc_add_flash_ok_message(_m('Your listing has been deleted'));
} else {
osc_add_flash_error_message(_m("The listing you are trying to delete couldn't be deleted"));
}
if ($this->user != null) {
$this->redirectTo(osc_user_list_items_url());
} else {
$this->redirectTo(osc_base_url());
}
} else {
osc_add_flash_error_message(_m("The listing you are trying to delete couldn't be deleted"));
$this->redirectTo(osc_base_url());
}
break;
case 'deleteResources':
// Delete images via AJAX
$id = Params::getParam('id');
$item = Params::getParam('item');
$code = Params::getParam('code');
$secret = Params::getParam('secret');
if (Session::newInstance()->_get('userId') != '') {
$userId = Session::newInstance()->_get('userId');
$user = User::newInstance()->findByPrimaryKey($userId);
} else {
$userId = null;
$user = null;
}
if (!(is_numeric($id) && is_numeric($item) && preg_match('/^([a-z0-9]+)$/i', $code))) {
osc_add_flash_error_message(_m("The selected photo couldn't be deleted, the url doesn't exist"));
$this->redirectTo(osc_item_edit_url($secret, $item));
}
$aItem = Item::newInstance()->findByPrimaryKey($item);
if (count($aItem) == 0) {
osc_add_flash_error_message(_m("The listing doesn't exist"));
$this->redirectTo(osc_item_edit_url($secret, $item));
}
if (!osc_is_admin_user_logged_in()) {
if ($userId != null && $userId != $aItem['fk_i_user_id']) {
osc_add_flash_error_message(_m("The listing doesn't belong to you"));
$this->redirectTo(osc_item_edit_url($secret, $item));
}
if ($userId == null && $aItem['fk_i_user_id'] == null && $secret != $aItem['s_secret']) {
osc_add_flash_error_message(_m("The listing doesn't belong to you"));
$this->redirectTo(osc_item_edit_url($secret, $item));
}
}
$result = ItemResource::newInstance()->existResource($id, $code);
if ($result > 0) {
$resource = ItemResource::newInstance()->findByPrimaryKey($id);
if ($resource['fk_i_item_id'] == $item) {
osc_deleteResource($id, false);
Log::newInstance()->insertLog('item', 'deleteResource', $id, $id, 'user', osc_logged_user_id());
ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $item, 's_name' => $code));
osc_add_flash_ok_message(_m('The selected photo has been successfully deleted'));
} else {
osc_add_flash_error_message(_m("The selected photo does not belong to you"));
}
} else {
osc_add_flash_error_message(_m("The selected photo couldn't be deleted"));
}
$this->redirectTo(osc_item_edit_url($secret, $item));
break;
case 'mark':
$id = Params::getParam('id');
$as = Params::getParam('as');
$item = Item::newInstance()->findByPrimaryKey($id);
View::newInstance()->_exportVariableToView('item', $item);
require_once osc_lib_path() . 'osclass/user-agents.php';
foreach ($user_agents as $ua) {
if (preg_match('|' . $ua . '|', Params::getServerParam('HTTP_USER_AGENT'))) {
// mark item if it's not a bot
$mItem = new ItemActions(false);
$mItem->mark($id, $as);
break;
}
}
osc_add_flash_ok_message(_m("Thanks! That's very helpful"));
$this->redirectTo(osc_item_url());
break;
case 'send_friend':
$item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
$this->_exportVariableToView('item', $item);
$this->doView('item-send-friend.php');
break;
case 'send_friend_post':
osc_csrf_check();
$item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
$this->_exportVariableToView('item', $item);
Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail'));
Session::newInstance()->_setForm("yourName", Params::getParam('yourName'));
Session::newInstance()->_setForm("friendName", Params::getParam('friendName'));
Session::newInstance()->_setForm("friendEmail", Params::getParam('friendEmail'));
Session::newInstance()->_setForm("message_body", Params::getParam('message'));
if (osc_recaptcha_private_key() != '') {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
$this->redirectTo(osc_item_send_friend_url());
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
osc_run_hook('pre_item_send_friend_post', $item);
$mItem = new ItemActions(false);
$success = $mItem->send_friend();
osc_run_hook('post_item_send_friend_post', $item);
if ($success) {
Session::newInstance()->_clearVariables();
$this->redirectTo(osc_item_url());
} else {
$this->redirectTo(osc_item_send_friend_url());
}
break;
case 'contact':
$item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
if (empty($item)) {
osc_add_flash_error_message(_m("This listing doesn't exist"));
$this->redirectTo(osc_base_url(true));
} else {
$this->_exportVariableToView('item', $item);
if (osc_item_is_expired()) {
osc_add_flash_error_message(_m("We're sorry, but the listing has expired. You can't contact the seller"));
$this->redirectTo(osc_item_url());
}
if (osc_reg_user_can_contact() && osc_is_web_user_logged_in() || !osc_reg_user_can_contact()) {
$this->doView('item-contact.php');
} else {
osc_add_flash_error_message(_m("You can't contact the seller, only registered users can"));
$this->redirectTo(osc_item_url());
}
}
break;
case 'contact_post':
osc_csrf_check();
if (osc_reg_user_can_contact() && !osc_is_web_user_logged_in()) {
osc_add_flash_warning_message(_m("You can't contact the seller, only registered users can"));
$this->redirectTo(osc_base_url(true));
}
$item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
$this->_exportVariableToView('item', $item);
if (osc_recaptcha_private_key() != '') {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail'));
Session::newInstance()->_setForm("yourName", Params::getParam('yourName'));
Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber'));
Session::newInstance()->_setForm("message_body", Params::getParam('message'));
$this->redirectTo(osc_item_url());
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
$banned = osc_is_banned(Params::getParam('yourEmail'));
if ($banned == 1) {
osc_add_flash_error_message(_m('Your current email is not allowed'));
$this->redirectTo(osc_item_url());
} else {
if ($banned == 2) {
osc_add_flash_error_message(_m('Your current IP is not allowed'));
$this->redirectTo(osc_item_url());
}
}
if (osc_isExpired($item['dt_expiration'])) {
osc_add_flash_error_message(_m("We're sorry, but the listing has expired. You can't contact the seller"));
$this->redirectTo(osc_item_url());
}
osc_run_hook('pre_item_contact_post', $item);
$mItem = new ItemActions(false);
$result = $mItem->contact();
osc_run_hook('post_item_contact_post', $item);
if (is_string($result)) {
osc_add_flash_error_message($result);
} else {
osc_add_flash_ok_message(_m("We've just sent an e-mail to the seller"));
}
$this->redirectTo(osc_item_url());
break;
case 'add_comment':
osc_csrf_check();
$mItem = new ItemActions(false);
$status = $mItem->add_comment();
switch ($status) {
case -1:
$msg = _m('Sorry, we could not save your comment. Try again later');
osc_add_flash_error_message($msg);
break;
case 1:
$msg = _m('Your comment is awaiting moderation');
osc_add_flash_info_message($msg);
break;
case 2:
$msg = _m('Your comment has been approved');
osc_add_flash_ok_message($msg);
break;
case 3:
$msg = _m('Please fill the required field (email)');
osc_add_flash_warning_message($msg);
break;
case 4:
$msg = _m('Please type a comment');
osc_add_flash_warning_message($msg);
break;
case 5:
$msg = _m('Your comment has been marked as spam');
osc_add_flash_error_message($msg);
break;
case 6:
$msg = _m('You need to be logged to comment');
osc_add_flash_error_message($msg);
break;
case 7:
$msg = _m('Sorry, comments are disabled');
osc_add_flash_error_message($msg);
break;
}
//View::newInstance()->_exportVariableToView('item', Item::newInstance()->findByPrimaryKey(Params::getParam('id')));
$this->redirectTo(osc_item_url());
break;
case 'delete_comment':
osc_csrf_check();
$mItem = new ItemActions(false);
$status = $mItem->add_comment();
// @TOFIX @FIXME $status never used + ?? need to add_comment() before deleting it??
$itemId = Params::getParam('id');
$commentId = Params::getParam('comment');
$item = Item::newInstance()->findByPrimaryKey($itemId);
if (count($item) == 0) {
osc_add_flash_error_message(_m("This listing doesn't exist"));
$this->redirectTo(osc_base_url(true));
}
View::newInstance()->_exportVariableToView('item', $item);
if ($this->userId == null) {
osc_add_flash_error_message(_m('You must be logged in to delete a comment'));
$this->redirectTo(osc_item_url());
}
$commentManager = ItemComment::newInstance();
$aComment = $commentManager->findByPrimaryKey($commentId);
if (count($aComment) == 0) {
osc_add_flash_error_message(_m("The comment doesn't exist"));
$this->redirectTo(osc_item_url());
}
if ($aComment['b_active'] != 1) {
osc_add_flash_error_message(_m('The comment is not active, you cannot delete it'));
$this->redirectTo(osc_item_url());
}
if ($aComment['fk_i_user_id'] != $this->userId) {
osc_add_flash_error_message(_m('The comment was not added by you, you cannot delete it'));
$this->redirectTo(osc_item_url());
}
$commentManager->deleteByPrimaryKey($commentId);
osc_add_flash_ok_message(_m('The comment has been deleted'));
$this->redirectTo(osc_item_url());
break;
default:
// if there isn't ID, show an error 404
if (Params::getParam('id') == '') {
$this->do404();
return;
}
if (Params::getParam('lang') != '') {
Session::newInstance()->_set('userLocale', Params::getParam('lang'));
}
$item = osc_apply_filter('pre_show_item', $this->itemManager->findByPrimaryKey(Params::getParam('id')));
// if item doesn't exist show an error 410
if (count($item) == 0) {
$this->do410();
return;
}
if ($item['b_active'] != 1) {
if ($this->userId == $item['fk_i_user_id'] && $this->userId != '' || osc_is_admin_user_logged_in()) {
osc_add_flash_warning_message(_m("The listing hasn't been validated. Please validate it in order to make it public"));
} else {
$this->do400();
return;
}
} else {
if ($item['b_enabled'] == 0) {
if (osc_is_admin_user_logged_in()) {
osc_add_flash_warning_message(_m("The listing hasn't been enabled. Please enable it in order to make it public"));
} else {
if (osc_is_web_user_logged_in() && osc_logged_user_id() == $item['fk_i_user_id']) {
osc_add_flash_warning_message(_m("The listing has been blocked or is awaiting moderation from the admin"));
} else {
$this->do400();
return;
}
}
}
}
if (!osc_is_admin_user_logged_in() && !($item['fk_i_user_id'] != '' && $item['fk_i_user_id'] == osc_logged_user_id())) {
require_once osc_lib_path() . 'osclass/user-agents.php';
foreach ($user_agents as $ua) {
if (preg_match('|' . $ua . '|', Params::getServerParam('HTTP_USER_AGENT'))) {
$mStats = new ItemStats();
$mStats->increase('i_num_views', $item['pk_i_id']);
break;
}
}
}
foreach ($item['locale'] as $k => $v) {
$item['locale'][$k]['s_title'] = osc_apply_filter('item_title', $v['s_title']);
$item['locale'][$k]['s_description'] = nl2br(osc_apply_filter('item_description', $v['s_description']));
}
if ($item['fk_i_user_id'] != '') {
$user = User::newInstance()->findByPrimaryKey($item['fk_i_user_id']);
$this->_exportVariableToView('user', $user);
}
$this->_exportVariableToView('item', $item);
osc_run_hook('show_item', $item);
// redirect to the correct url just in case it has changed
$itemURI = str_replace(osc_base_url(), '', osc_item_url());
$URI = preg_replace('|^' . REL_WEB_URL . '|', '', Params::getServerParam('REQUEST_URI', false, false));
// do not clean QUERY_STRING if permalink is not enabled
if (osc_rewrite_enabled()) {
$URI = str_replace('?' . Params::getServerParam('QUERY_STRING', false, false), '', $URI);
} else {
$params_keep = array('page', 'id');
$params = array();
foreach (Params::getParamsAsArray('get') as $k => $v) {
if (in_array($k, $params_keep)) {
$params[] = "{$k}={$v}";
}
}
$URI = 'index.php?' . implode('&', $params);
}
// redirect to the correct url
if ($itemURI != $URI) {
$this->redirectTo(osc_base_url() . $itemURI, 301);
}
$this->doView('item.php');
break;
}
}
function doModel()
{
switch ($this->action) {
case 'register':
//register user
$this->doView('user-register.php');
break;
case 'register_post':
//register user
osc_csrf_check();
if (!osc_users_enabled()) {
osc_add_flash_error_message(_m('Users are not enabled'));
$this->redirectTo(osc_base_url());
}
osc_run_hook('before_user_register');
$banned = osc_is_banned(Params::getParam('s_email'));
if ($banned == 1) {
osc_add_flash_error_message(_m('Your current email is not allowed'));
$this->redirectTo(osc_register_account_url());
} else {
if ($banned == 2) {
osc_add_flash_error_message(_m('Your current IP is not allowed'));
$this->redirectTo(osc_register_account_url());
}
}
require_once LIB_PATH . 'osclass/UserActions.php';
$userActions = new UserActions(false);
$success = $userActions->add();
switch ($success) {
case 1:
osc_add_flash_ok_message(_m('The user has been created. An activation email has been sent'));
$this->redirectTo(osc_base_url());
break;
case 2:
osc_add_flash_ok_message(_m('Your account has been created successfully'));
$this->doView('user-login.php');
break;
case 3:
osc_add_flash_warning_message(_m('The specified e-mail is already in use'));
$this->doView('user-register.php');
break;
case 4:
osc_add_flash_error_message(_m('The reCAPTCHA was not entered correctly'));
$this->doView('user-register.php');
break;
case 5:
osc_add_flash_warning_message(_m('The email is not valid'));
$this->doView('user-register.php');
break;
case 6:
osc_add_flash_warning_message(_m('The password cannot be empty'));
$this->doView('user-register.php');
break;
case 7:
osc_add_flash_warning_message(_m("Passwords don't match"));
$this->doView('user-register.php');
break;
case 8:
osc_add_flash_warning_message(_m("Username is already taken"));
$this->doView('user-register.php');
break;
case 9:
osc_add_flash_warning_message(_m("The specified username is not valid, it contains some invalid words"));
$this->doView('user-register.php');
break;
}
break;
case 'validate':
//validate account
$id = intval(Params::getParam('id'));
$code = Params::getParam('code');
$userManager = new User();
$user = $userManager->findByIdSecret($id, $code);
if (!$user) {
osc_add_flash_error_message(_m('The link is not valid anymore. Sorry for the inconvenience!'));
$this->redirectTo(osc_base_url());
}
if ($user['b_active'] == 1) {
osc_add_flash_error_message(_m('Your account has already been validated'));
$this->redirectTo(osc_base_url());
}
$userManager = new User();
$userManager->update(array('b_active' => '1'), array('pk_i_id' => $id, 's_secret' => $code));
// Auto-login
Session::newInstance()->_set('userId', $user['pk_i_id']);
Session::newInstance()->_set('userName', $user['s_name']);
Session::newInstance()->_set('userEmail', $user['s_email']);
$phone = $user['s_phone_mobile'] ? $user['s_phone_mobile'] : $user['s_phone_land'];
Session::newInstance()->_set('userPhone', $phone);
osc_run_hook('hook_email_user_registration', $user);
osc_run_hook('validate_user', $user);
osc_add_flash_ok_message(_m('Your account has been validated'));
$this->redirectTo(osc_base_url());
break;
}
}
function doModel()
{
switch ($this->action) {
case 'change_email_confirm':
//change email confirm
if (Params::getParam('userId') && Params::getParam('code')) {
$userManager = new User();
$user = $userManager->findByPrimaryKey(Params::getParam('userId'));
if ($user['s_pass_code'] == Params::getParam('code') && $user['b_enabled'] == 1) {
$userEmailTmp = UserEmailTmp::newInstance()->findByPrimaryKey(Params::getParam('userId'));
$code = osc_genRandomPassword(50);
$userManager->update(array('s_email' => $userEmailTmp['s_new_email']), array('pk_i_id' => $userEmailTmp['fk_i_user_id']));
Item::newInstance()->update(array('s_contact_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id']));
ItemComment::newInstance()->update(array('s_author_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id']));
Alerts::newInstance()->update(array('s_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id']));
Session::newInstance()->_set('userEmail', $userEmailTmp['s_new_email']);
UserEmailTmp::newInstance()->delete(array('s_new_email' => $userEmailTmp['s_new_email']));
osc_add_flash_ok_message(_m('Your email has been changed successfully'));
$this->redirectTo(osc_user_profile_url());
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
$this->redirectTo(osc_base_url());
}
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
$this->redirectTo(osc_base_url());
}
break;
case 'activate_alert':
$email = Params::getParam('email');
$secret = Params::getParam('secret');
$id = Params::getParam('id');
$alert = Alerts::newInstance()->findByPrimaryKey($id);
$result = 0;
if (!empty($alert)) {
if ($email == $alert['s_email'] && $secret == $alert['s_secret']) {
$user = User::newInstance()->findByEmail($alert['s_email']);
if (isset($user['pk_i_id'])) {
Alerts::newInstance()->update(array('fk_i_user_id' => $user['pk_i_id']), array('pk_i_id' => $id));
}
$result = Alerts::newInstance()->activate($id);
}
}
if ($result == 1) {
osc_add_flash_ok_message(_m('Alert activated'));
} else {
osc_add_flash_error_message(_m('Oops! There was a problem trying to activate your alert. Please contact an administrator'));
}
$this->redirectTo(osc_base_url());
break;
case 'unsub_alert':
$email = Params::getParam('email');
$secret = Params::getParam('secret');
$id = Params::getParam('id');
$alert = Alerts::newInstance()->findByPrimaryKey($id);
$result = 0;
if (!empty($alert)) {
if ($email == $alert['s_email'] && $secret == $alert['s_secret']) {
$result = Alerts::newInstance()->unsub($id);
}
}
if ($result == 1) {
osc_add_flash_ok_message(_m('Unsubscribed correctly'));
} else {
osc_add_flash_error_message(_m('Oops! There was a problem trying to unsubscribe you. Please contact an administrator'));
}
$this->redirectTo(osc_base_url());
break;
case 'pub_profile':
if (Params::getParam('username') != '') {
$user = User::newInstance()->findByUsername(Params::getParam('username'));
} else {
$user = User::newInstance()->findByPrimaryKey(Params::getParam('id'));
}
// user doesn't exist, show 404 error
if (!$user) {
$this->do404();
return;
}
$itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 10;
$page = Params::getParam('iPage') > 0 ? Params::getParam('iPage') - 1 : 0;
$total_items = Item::newInstance()->countItemTypesByUserID($user['pk_i_id'], 'active');
if ($itemsPerPage == 'all') {
$total_pages = 1;
$items = Item::newInstance()->findItemTypesByUserID($user['pk_i_id'], 0, null, 'active');
} else {
$total_pages = ceil($total_items / $itemsPerPage);
$items = Item::newInstance()->findItemTypesByUserID($user['pk_i_id'], $page * $itemsPerPage, $itemsPerPage, 'active');
}
View::newInstance()->_exportVariableToView('user', $user);
$this->_exportVariableToView('items', $items);
$this->_exportVariableToView('search_total_pages', $total_pages);
$this->_exportVariableToView('search_total_items', $total_items);
$this->_exportVariableToView('items_per_page', $itemsPerPage);
$this->_exportVariableToView('search_page', $page);
$this->_exportVariableToView('canonical', osc_user_public_profile_url());
$this->doView('user-public-profile.php');
break;
case 'contact_post':
$user = User::newInstance()->findByPrimaryKey(Params::getParam('id'));
View::newInstance()->_exportVariableToView('user', $user);
if (osc_recaptcha_private_key() != '') {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail'));
Session::newInstance()->_setForm("yourName", Params::getParam('yourName'));
Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber'));
Session::newInstance()->_setForm("message_body", Params::getParam('message'));
$this->redirectTo(osc_user_public_profile_url());
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
$banned = osc_is_banned(Params::getParam('yourEmail'));
if ($banned == 1) {
osc_add_flash_error_message(_m('Your current email is not allowed'));
$this->redirectTo(osc_user_public_profile_url());
} else {
if ($banned == 2) {
osc_add_flash_error_message(_m('Your current IP is not allowed'));
$this->redirectTo(osc_user_public_profile_url());
}
}
osc_run_hook('hook_email_contact_user', Params::getParam('id'), Params::getParam('yourEmail'), Params::getParam('yourName'), Params::getParam('phoneNumber'), Params::getParam('message'));
osc_add_flash_ok_message(_m('Your email has been sent properly.'));
$this->redirectTo(osc_user_public_profile_url());
break;
default:
$this->redirectTo(osc_user_login_url());
break;
}
}
function doModel()
{
switch ($this->action) {
case 'login_post':
//post execution for the login
if (!osc_users_enabled()) {
osc_add_flash_error_message(_m('Users are not enabled'));
$this->redirectTo(osc_base_url());
}
osc_csrf_check();
require_once LIB_PATH . 'osclass/UserActions.php';
$user = User::newInstance()->findByEmail(Params::getParam('email'));
if (!$user) {
$user = User::newInstance()->findByUsername(Params::getParam('email'));
}
$url_redirect = osc_get_http_referer();
$page_redirect = '';
if (osc_rewrite_enabled()) {
if ($url_redirect != '') {
$request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $url_redirect));
$tmp_ar = explode("?", $request_uri);
$request_uri = $tmp_ar[0];
$rules = Rewrite::newInstance()->listRules();
foreach ($rules as $match => $uri) {
if (preg_match('#' . $match . '#', $request_uri, $m)) {
$request_uri = preg_replace('#' . $match . '#', $uri, $request_uri);
if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) {
$page_redirect = $match[2];
if ($page_redirect == '' || $page_redirect == 'login') {
$url_redirect = osc_user_dashboard_url();
}
}
break;
}
}
}
//} else if(preg_match('|[\?&]page=([^&]+)|', $url_redirect.'&', $match)) {
// $page_redirect = $match[1];
}
if ($url_redirect == '') {
$url_redirect = osc_user_dashboard_url();
}
if (!$user) {
osc_add_flash_error_message(_m("The user doesn't exist"));
$this->redirectTo(osc_user_login_url());
}
if ($user["s_password"] != sha1(Params::getParam('password', false, false))) {
osc_add_flash_error_message(_m('The password is incorrect'));
$this->redirectTo(osc_user_login_url());
}
$banned = osc_is_banned(Params::getParam('email'));
if ($banned == 1) {
osc_add_flash_error_message(_m('Your current email is not allowed'));
$this->redirectTo(osc_user_login_url());
} else {
if ($banned == 2) {
osc_add_flash_error_message(_m('Your current IP is not allowed'));
$this->redirectTo(osc_user_login_url());
}
}
$uActions = new UserActions(false);
$logged = $uActions->bootstrap_login($user['pk_i_id']);
if ($logged == 0) {
osc_add_flash_error_message(_m("The user doesn't exist"));
} else {
if ($logged == 1) {
osc_add_flash_error_message(_m('The user has not been validated yet'));
} else {
if ($logged == 2) {
osc_add_flash_error_message(_m('The user has been suspended'));
} else {
if ($logged == 3) {
if (Params::getParam('remember') == 1) {
//this include contains de osc_genRandomPassword function
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$secret = osc_genRandomPassword();
User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id']));
Cookie::newInstance()->set_expires(osc_time_cookie());
Cookie::newInstance()->push('oc_userId', $user['pk_i_id']);
Cookie::newInstance()->push('oc_userSecret', $secret);
Cookie::newInstance()->set();
}
osc_run_hook("after_login", $user);
$this->redirectTo(osc_apply_filter('correct_login_url_redirect', $url_redirect));
} else {
osc_add_flash_error_message(_m('This should never happen'));
}
}
}
}
if (!$user['b_enabled']) {
$this->redirectTo(osc_user_login_url());
}
$this->redirectTo(osc_user_login_url());
break;
case 'recover':
//form to recover the password (in this case we have the form in /gui/)
$this->doView('user-recover.php');
break;
case 'recover_post':
//post execution to recover the password
osc_csrf_check();
require_once LIB_PATH . 'osclass/UserActions.php';
// e-mail is incorrect
if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) {
osc_add_flash_error_message(_m('Invalid email address'));
$this->redirectTo(osc_recover_user_password_url());
}
$userActions = new UserActions(false);
$success = $userActions->recover_password();
switch ($success) {
case 0:
// recover ok
osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password'));
$this->redirectTo(osc_base_url());
break;
case 1:
// e-mail does not exist
osc_add_flash_error_message(_m('We were not able to identify you given the information provided'));
$this->redirectTo(osc_recover_user_password_url());
break;
case 2:
// recaptcha wrong
osc_add_flash_error_message(_m('The recaptcha code is wrong'));
$this->redirectTo(osc_recover_user_password_url());
break;
}
break;
case 'forgot':
//form to recover the password (in this case we have the form in /gui/)
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user) {
$this->doView('user-forgot_password.php');
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
$this->redirectTo(osc_base_url());
}
break;
case 'forgot_post':
osc_csrf_check();
if (Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') {
osc_add_flash_warning_message(_m('Password cannot be blank'));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user['b_enabled'] == 1) {
if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) {
User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => $_SERVER['REMOTE_ADDR'], 's_password' => sha1(Params::getParam('new_password', false, false))), array('pk_i_id' => $user['pk_i_id']));
osc_add_flash_ok_message(_m('The password has been changed'));
$this->redirectTo(osc_user_login_url());
} else {
osc_add_flash_error_message(_m("Error, the password don't match"));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
}
$this->redirectTo(osc_base_url());
break;
default:
//login
Session::newInstance()->_setReferer(osc_get_http_referer());
if (osc_logged_user_id() != '') {
$this->redirectTo(osc_user_dashboard_url());
}
$this->doView('user-login.php');
}
}
function doModel()
{
switch ($this->action) {
case 'register':
//register user
$this->doView('user-register.php');
break;
case 'register_post':
//register user
osc_csrf_check();
if (!osc_users_enabled()) {
osc_add_flash_error_message(_m('Users are not enabled'));
$this->redirectTo(osc_base_url());
}
osc_run_hook('before_user_register');
$banned = osc_is_banned(Params::getParam('s_email'));
if ($banned == 1) {
osc_add_flash_error_message(_m('Your current email is not allowed'));
$this->redirectTo(osc_register_account_url());
} else {
if ($banned == 2) {
osc_add_flash_error_message(_m('Your current IP is not allowed'));
$this->redirectTo(osc_register_account_url());
}
}
require_once LIB_PATH . 'osclass/UserActions.php';
$userActions = new UserActions(false);
$success = $userActions->add();
if ($success == 1) {
osc_add_flash_ok_message(_m('The user has been created. An activation email has been sent'));
$this->redirectTo(osc_base_url());
} else {
if ($success == 2) {
osc_add_flash_ok_message(_m('Your account has been created successfully'));
Params::setParam('action', 'login_post');
Params::setParam('email', Params::getParam('s_email'));
Params::setParam('password', Params::getParam('s_password', false, false));
require_once osc_lib_path() . 'osclass/controller/login.php';
$do = new CWebLogin();
$do->doModel();
} else {
osc_add_flash_error_message($success);
$this->redirectTo(osc_register_account_url());
}
}
break;
case 'validate':
//validate account
$id = intval(Params::getParam('id'));
$code = Params::getParam('code');
$userManager = new User();
$user = $userManager->findByIdSecret($id, $code);
if (!$user) {
osc_add_flash_error_message(_m('The link is not valid anymore. Sorry for the inconvenience!'));
$this->redirectTo(osc_base_url());
}
if ($user['b_active'] == 1) {
osc_add_flash_error_message(_m('Your account has already been validated'));
$this->redirectTo(osc_base_url());
}
$userManager = new User();
$success = $userManager->update(array('b_active' => '1'), array('pk_i_id' => $id, 's_secret' => $code));
if ($success) {
// Auto-login
Session::newInstance()->_set('userId', $user['pk_i_id']);
Session::newInstance()->_set('userName', $user['s_name']);
Session::newInstance()->_set('userEmail', $user['s_email']);
$phone = $user['s_phone_mobile'] ? $user['s_phone_mobile'] : $user['s_phone_land'];
Session::newInstance()->_set('userPhone', $phone);
osc_run_hook('hook_email_user_registration', $user);
osc_run_hook('validate_user', $user);
osc_add_flash_ok_message(_m('Your account has been validated'));
} else {
osc_add_flash_ok_message(_m('Account validation failed'));
}
$this->redirectTo(osc_base_url());
break;
}
}
