function doModel()
{
switch ($this->action) {
case 'login_post':
//post execution for the login
if (!osc_users_enabled()) {
osc_add_flash_error_message(_m('Users are not enabled'));
$this->redirectTo(osc_base_url());
}
osc_csrf_check();
osc_run_hook('before_validating_login');
// e-mail or/and password is/are empty or incorrect
$wrongCredentials = false;
$email = Params::getParam('email');
$password = Params::getParam('password', false, false);
if ($email == '') {
osc_add_flash_error_message(_m('Please provide an email address'));
$wrongCredentials = true;
}
if ($password == '') {
osc_add_flash_error_message(_m('Empty passwords are not allowed. Please provide a password'));
$wrongCredentials = true;
}
if ($wrongCredentials) {
$this->redirectTo(osc_user_login_url());
}
if (osc_validate_email($email)) {
$user = User::newInstance()->findByEmail($email);
}
if (empty($user)) {
$user = User::newInstance()->findByUsername($email);
}
if (empty($user)) {
osc_add_flash_error_message(_m("The user doesn't exist"));
$this->redirectTo(osc_user_login_url());
}
if (!osc_verify_password($password, isset($user['s_password']) ? $user['s_password'] : '')) {
osc_add_flash_error_message(_m('The password is incorrect'));
$this->redirectTo(osc_user_login_url());
// @TODO if valid user, send email parameter back to the login form
} else {
if (@$user['s_password'] != '') {
if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $user['s_password'], $cost)) {
if ($cost[1] != BCRYPT_COST) {
User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id']));
}
} else {
User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id']));
}
}
}
// e-mail or/and IP is/are banned
$banned = osc_is_banned($email);
// int 0: not banned or unknown, 1: email is banned, 2: IP is banned, 3: both email & IP are banned
if ($banned & 1) {
osc_add_flash_error_message(_m('Your current email is not allowed'));
}
if ($banned & 2) {
osc_add_flash_error_message(_m('Your current IP is not allowed'));
}
if ($banned !== 0) {
$this->redirectTo(osc_user_login_url());
}
osc_run_hook('before_login');
$url_redirect = osc_get_http_referer();
$page_redirect = '';
if (osc_rewrite_enabled()) {
if ($url_redirect != '') {
$request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $url_redirect));
$tmp_ar = explode("?", $request_uri);
$request_uri = $tmp_ar[0];
$rules = Rewrite::newInstance()->listRules();
foreach ($rules as $match => $uri) {
if (preg_match('#' . $match . '#', $request_uri, $m)) {
$request_uri = preg_replace('#' . $match . '#', $uri, $request_uri);
if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) {
$page_redirect = $match[2];
if ($page_redirect == '' || $page_redirect == 'login') {
$url_redirect = osc_user_dashboard_url();
}
}
break;
}
}
}
}
require_once LIB_PATH . 'osclass/UserActions.php';
$uActions = new UserActions(false);
$logged = $uActions->bootstrap_login($user['pk_i_id']);
if ($logged == 0) {
osc_add_flash_error_message(_m("The user doesn't exist"));
} else {
if ($logged == 1) {
if (time() - strtotime($user['dt_access_date']) > 1200) {
// EACH 20 MINUTES
osc_add_flash_error_message(sprintf(_m('The user has not been validated yet. Would you like to re-send your <a href="%s">activation?</a>'), osc_user_resend_activation_link($user['pk_i_id'], $user['s_email'])));
} else {
osc_add_flash_error_message(_m('The user has not been validated yet'));
}
} else {
if ($logged == 2) {
osc_add_flash_error_message(_m('The user has been suspended'));
} else {
if ($logged == 3) {
if (Params::getParam('remember') == 1) {
//this include contains de osc_genRandomPassword function
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$secret = osc_genRandomPassword();
User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id']));
Cookie::newInstance()->set_expires(osc_time_cookie());
Cookie::newInstance()->push('oc_userId', $user['pk_i_id']);
Cookie::newInstance()->push('oc_userSecret', $secret);
Cookie::newInstance()->set();
}
if ($url_redirect == '') {
$url_redirect = osc_user_dashboard_url();
}
osc_run_hook("after_login", $user, $url_redirect);
$this->redirectTo(osc_apply_filter('correct_login_url_redirect', $url_redirect));
} else {
osc_add_flash_error_message(_m('This should never happen'));
}
}
}
}
if (!$user['b_enabled']) {
$this->redirectTo(osc_user_login_url());
}
$this->redirectTo(osc_user_login_url());
break;
case 'resend':
$id = Params::getParam('id');
$email = Params::getParam('email');
$user = User::newInstance()->findByPrimaryKey($id);
if ($id == '' || $email == '' || !isset($user) || $user['b_active'] == 1 || $email != $user['s_email']) {
osc_add_flash_error_message(_m('Incorrect link'));
$this->redirectTo(osc_user_login_url());
}
if (time() - strtotime($user['dt_access_date']) > 1200) {
// EACH 20 MINUTES
if (osc_notify_new_user()) {
osc_run_hook('hook_email_admin_new_user', $user);
}
if (osc_user_validation_enabled()) {
osc_run_hook('hook_email_user_validation', $user, $user);
}
User::newInstance()->update(array('dt_access_date' => date('Y-m-d H:i:s')), array('pk_i_id' => $user['pk_i_id']));
osc_add_flash_ok_message(_m('Validation email re-sent'));
} else {
osc_add_flash_warning_message(_m('We have just sent you an email to validate your account, you will have to wait a few minutes to resend it again'));
}
$this->redirectTo(osc_user_login_url());
break;
case 'recover':
//form to recover the password (in this case we have the form in /gui/)
$this->doView('user-recover.php');
break;
case 'recover_post':
//post execution to recover the password
osc_csrf_check();
require_once LIB_PATH . 'osclass/UserActions.php';
// e-mail is incorrect
if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) {
osc_add_flash_error_message(_m('Invalid email address'));
$this->redirectTo(osc_recover_user_password_url());
}
$userActions = new UserActions(false);
$success = $userActions->recover_password();
switch ($success) {
case 0:
// recover ok
osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password'));
$this->redirectTo(osc_base_url());
break;
case 1:
// e-mail does not exist
osc_add_flash_error_message(_m('We were not able to identify you given the information provided'));
$this->redirectTo(osc_recover_user_password_url());
break;
case 2:
// recaptcha wrong
osc_add_flash_error_message(_m('The recaptcha code is wrong'));
$this->redirectTo(osc_recover_user_password_url());
break;
}
break;
case 'forgot':
//form to recover the password (in this case we have the form in /gui/)
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user) {
$this->doView('user-forgot_password.php');
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
$this->redirectTo(osc_base_url());
}
break;
case 'forgot_post':
osc_csrf_check();
if (Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') {
osc_add_flash_warning_message(_m('Password cannot be blank'));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user['b_enabled'] == 1) {
if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) {
User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => Params::getServerParam('REMOTE_ADDR'), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $user['pk_i_id']));
osc_add_flash_ok_message(_m('The password has been changed'));
$this->redirectTo(osc_user_login_url());
} else {
osc_add_flash_error_message(_m("Error, the password don't match"));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
}
$this->redirectTo(osc_base_url());
break;
default:
//login
Session::newInstance()->_setReferer(osc_get_http_referer());
if (osc_logged_user_id() != '') {
$this->redirectTo(osc_user_dashboard_url());
}
$this->doView('user-login.php');
}
}
function osc_latestTweets($num = 5)
{
require_once osc_lib_path() . 'osclass/classes/Cache.php';
$cache = new Cache('admin-twitter', 900);
if ($cache->check()) {
return $cache->retrieve();
}
$list = array();
$content = osc_file_get_contents('https://twitter.com/statuses/user_timeline/osclass.rss');
if ($content) {
$xml = simplexml_load_string($content);
if (isset($xml->error)) {
return $list;
}
$count = 0;
foreach ($xml->channel->item as $item) {
$list[] = array('link' => strval($item->link), 'title' => strval($item->title), 'pubDate' => strval($item->pubDate));
$count++;
if ($count == $num) {
break;
}
}
}
$cache->store($list);
return $list;
}
private function setCurrentThemePath()
{
if (file_exists(osc_themes_path() . $this->theme . '/')) {
$this->theme_exists = true;
$this->theme_path = osc_themes_path() . $this->theme . '/';
} else {
$this->theme_exists = false;
$this->theme_path = osc_lib_path() . 'osclass/gui/';
}
}
public function setGuiTheme()
{
$this->theme = '';
$this->theme_exists = false;
$this->theme_path = osc_lib_path() . 'osclass/gui/';
$this->theme_url = osc_base_url() . 'oc-includes/osclass/gui/';
$functions_path = $this->getCurrentThemePath() . 'functions.php';
if (file_exists($functions_path)) {
require_once $functions_path;
}
}
function doModel()
{
switch ($this->action) {
case 'spamNbots':
// calling the spam and bots view
$akismet_key = osc_akismet_key();
$akismet_status = 3;
if ($akismet_key != '') {
require_once osc_lib_path() . 'Akismet.class.php';
$akismet_obj = new Akismet(osc_base_url(), $akismet_key);
$akismet_status = 2;
if ($akismet_obj->isKeyValid()) {
$akismet_status = 1;
}
}
View::newInstance()->_exportVariableToView('akismet_status', $akismet_status);
$this->doView('settings/spamNbots.php');
break;
case 'akismet_post':
// updating spam and bots option
osc_csrf_check();
$updated = 0;
$akismetKey = Params::getParam('akismetKey');
$akismetKey = trim($akismetKey);
$updated = osc_set_preference('akismetKey', $akismetKey);
if ($akismetKey == '') {
osc_add_flash_info_message(_m('Your Akismet key has been cleared'), 'admin');
} else {
osc_add_flash_ok_message(_m('Your Akismet key has been updated'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=spamNbots');
break;
case 'recaptcha_post':
// updating spam and bots option
osc_csrf_check();
$iUpdated = 0;
$recaptchaPrivKey = Params::getParam('recaptchaPrivKey');
$recaptchaPrivKey = trim($recaptchaPrivKey);
$recaptchaPubKey = Params::getParam('recaptchaPubKey');
$recaptchaPubKey = trim($recaptchaPubKey);
$iUpdated += osc_set_preference('recaptchaPrivKey', $recaptchaPrivKey);
$iUpdated += osc_set_preference('recaptchaPubKey', $recaptchaPubKey);
if ($recaptchaPubKey == '') {
osc_add_flash_info_message(_m('Your reCAPTCHA key has been cleared'), 'admin');
} else {
osc_add_flash_ok_message(_m('Your reCAPTCHA key has been updated'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=spamNbots');
break;
}
}
function osc_show_recaptcha($section = '')
{
if (osc_recaptcha_public_key()) {
require_once osc_lib_path() . 'recaptchalib.php';
switch ($section) {
case 'recover_password':
$time = Session::newInstance()->_get('recover_time');
if (time() - $time <= 1200) {
echo recaptcha_get_html(osc_recaptcha_public_key()) . "<br />";
}
break;
default:
echo recaptcha_get_html(osc_recaptcha_public_key());
break;
}
}
}
function doModel()
{
//specific things for this class
switch ($this->action) {
case 'bulk_actions':
break;
case 'regions':
//Return regions given a countryId
$regions = Region::newInstance()->findByCountry(Params::getParam("countryId"));
echo json_encode($regions);
break;
case 'cities':
//Returns cities given a regionId
$cities = City::newInstance()->findByRegion(Params::getParam("regionId"));
echo json_encode($cities);
break;
case 'location':
// This is the autocomplete AJAX
$cities = City::newInstance()->ajax(Params::getParam("term"));
echo json_encode($cities);
break;
case 'userajax':
// This is the autocomplete AJAX
$users = User::newInstance()->ajax(Params::getParam("term"));
if (count($users) == 0) {
echo json_encode(array(0 => array('id' => '', 'label' => __('No results'), 'value' => __('No results'))));
} else {
echo json_encode($users);
}
break;
case 'date_format':
echo json_encode(array('format' => Params::getParam('format'), 'str_formatted' => osc_format_date(date('Y-m-d H:i:s'), Params::getParam('format'))));
break;
case 'runhook':
// run hooks
$hook = Params::getParam('hook');
if ($hook == '') {
echo json_encode(array('error' => 'hook parameter not defined'));
break;
}
switch ($hook) {
case 'item_form':
osc_run_hook('item_form', Params::getParam('catId'));
break;
case 'item_edit':
$catId = Params::getParam("catId");
$itemId = Params::getParam("itemId");
osc_run_hook("item_edit", $catId, $itemId);
break;
default:
osc_run_hook('ajax_admin_' . $hook);
break;
}
break;
case 'categories_order':
// Save the order of the categories
osc_csrf_check(false);
$aIds = Params::getParam('list');
$orderParent = 0;
$orderSub = 0;
$catParent = 0;
$error = 0;
$catManager = Category::newInstance();
$aRecountCat = array();
foreach ($aIds as $id => $parent) {
if ($parent == 'root') {
$res = $catManager->updateOrder($id, $orderParent);
if (is_bool($res) && !$res) {
$error = 1;
}
// find category
$auxCategory = Category::newInstance()->findByPrimaryKey($id);
// set parent category
$conditions = array('pk_i_id' => $id);
$array['fk_i_parent_id'] = NULL;
$res = $catManager->update($array, $conditions);
if (is_bool($res) && !$res) {
$error = 1;
} else {
if ($res == 1) {
// updated ok
$parentId = $auxCategory['fk_i_parent_id'];
if ($parentId) {
// update parent category stats
array_push($aRecountCat, $id);
array_push($aRecountCat, $parentId);
}
}
}
$orderParent++;
} else {
if ($parent != $catParent) {
$catParent = $parent;
$orderSub = 0;
}
$res = $catManager->updateOrder($id, $orderSub);
if (is_bool($res) && !$res) {
$error = 1;
}
// set parent category
$auxCategory = Category::newInstance()->findByPrimaryKey($id);
$auxCategoryP = Category::newInstance()->findByPrimaryKey($catParent);
$conditions = array('pk_i_id' => $id);
$array['fk_i_parent_id'] = $catParent;
$res = $catManager->update($array, $conditions);
if (is_bool($res) && !$res) {
$error = 1;
} else {
if ($res == 1) {
// updated ok
// update category parent
$prevParentId = $auxCategory['fk_i_parent_id'];
$parentId = $auxCategoryP['pk_i_id'];
array_push($aRecountCat, $prevParentId);
array_push($aRecountCat, $parentId);
}
}
$orderSub++;
}
}
// update category stats
foreach ($aRecountCat as $rId) {
osc_update_cat_stats_id($rId);
}
if ($error) {
$result = array('error' => __("An error occurred"));
} else {
$result = array('ok' => __("Order saved"));
}
echo json_encode($result);
break;
case 'category_edit_iframe':
$this->_exportVariableToView('category', Category::newInstance()->findByPrimaryKey(Params::getParam("id")));
$this->_exportVariableToView('languages', OSCLocale::newInstance()->listAllEnabled());
$this->doView("categories/iframe.php");
break;
case 'field_categories_iframe':
$selected = Field::newInstance()->categories(Params::getParam("id"));
if ($selected == null) {
$selected = array();
}
$this->_exportVariableToView("selected", $selected);
$this->_exportVariableToView("field", Field::newInstance()->findByPrimaryKey(Params::getParam("id")));
$this->_exportVariableToView("categories", Category::newInstance()->toTreeAll());
$this->doView("fields/iframe.php");
break;
case 'field_categories_post':
osc_csrf_check(false);
$error = 0;
$field = Field::newInstance()->findByName(Params::getParam("s_name"));
if (!isset($field['pk_i_id']) || isset($field['pk_i_id']) && $field['pk_i_id'] == Params::getParam("id")) {
// remove categories from a field
Field::newInstance()->cleanCategoriesFromField(Params::getParam("id"));
// no error... continue updating fields
if ($error == 0) {
$slug = Params::getParam("field_slug") != '' ? Params::getParam("field_slug") : Params::getParam("s_name");
$slug_tmp = $slug = preg_replace('|([-]+)|', '-', preg_replace('|[^a-z0-9_-]|', '-', strtolower($slug)));
$slug_k = 0;
while (true) {
$field = Field::newInstance()->findBySlug($slug);
if (!$field || $field['pk_i_id'] == Params::getParam("id")) {
break;
} else {
$slug_k++;
$slug = $slug_tmp . "_" . $slug_k;
}
}
// trim options
$s_options = '';
$aux = Params::getParam('s_options');
$aAux = explode(',', $aux);
foreach ($aAux as &$option) {
$option = trim($option);
}
$s_options = implode(',', $aAux);
$res = Field::newInstance()->update(array('s_name' => Params::getParam("s_name"), 'e_type' => Params::getParam("field_type"), 's_slug' => $slug, 'b_required' => Params::getParam("field_required") == "1" ? 1 : 0, 's_options' => $s_options), array('pk_i_id' => Params::getParam("id")));
if (is_bool($res) && !$res) {
$error = 1;
}
}
// no error... continue inserting categories-field
if ($error == 0) {
$aCategories = Params::getParam("categories");
if (is_array($aCategories) && count($aCategories) > 0) {
$res = Field::newInstance()->insertCategories(Params::getParam("id"), $aCategories);
if (!$res) {
$error = 1;
}
}
}
// error while updating?
if ($error == 1) {
$message = __("An error occurred while updating.");
}
} else {
$error = 1;
$message = __("Sorry, you already have a field with that name");
}
if ($error) {
$result = array('error' => $message);
} else {
$result = array('ok' => __("Saved"), 'text' => Params::getParam("s_name"), 'field_id' => Params::getParam("id"));
}
echo json_encode($result);
break;
case 'delete_field':
osc_csrf_check(false);
$res = Field::newInstance()->deleteByPrimaryKey(Params::getParam('id'));
if ($res > 0) {
$result = array('ok' => __('The custom field has been deleted'));
} else {
$result = array('error' => __('An error occurred while deleting'));
}
echo json_encode($result);
break;
case 'add_field':
osc_csrf_check(false);
$s_name = __('NEW custom field');
$slug_tmp = $slug = preg_replace('|([-]+)|', '-', preg_replace('|[^a-z0-9_-]|', '-', strtolower($s_name)));
$slug_k = 0;
while (true) {
$field = Field::newInstance()->findBySlug($slug);
if (!$field || $field['pk_i_id'] == Params::getParam("id")) {
break;
} else {
$slug_k++;
$slug = $slug_tmp . "_" . $slug_k;
}
}
$fieldManager = Field::newInstance();
$result = $fieldManager->insertField($s_name, 'TEXT', $slug, 0, '', array());
if ($result) {
echo json_encode(array('error' => 0, 'field_id' => $fieldManager->dao->insertedId(), 'field_name' => $s_name));
} else {
echo json_encode(array('error' => 1));
}
break;
case 'enable_category':
osc_csrf_check(false);
$id = strip_tags(Params::getParam('id'));
$enabled = Params::getParam('enabled') != '' ? Params::getParam('enabled') : 0;
$error = 0;
$result = array();
$aUpdated = array();
$mCategory = Category::newInstance();
$aCategory = $mCategory->findByPrimaryKey($id);
if ($aCategory == false) {
$result = array('error' => sprintf(__("No category with id %d exists"), $id));
echo json_encode($result);
break;
}
// root category
if ($aCategory['fk_i_parent_id'] == '') {
$mCategory->update(array('b_enabled' => $enabled), array('pk_i_id' => $id));
$mCategory->update(array('b_enabled' => $enabled), array('fk_i_parent_id' => $id));
$subCategories = $mCategory->findSubcategories($id);
$aIds = array($id);
$aUpdated[] = array('id' => $id);
foreach ($subCategories as $subcategory) {
$aIds[] = $subcategory['pk_i_id'];
$aUpdated[] = array('id' => $subcategory['pk_i_id']);
}
Item::newInstance()->enableByCategory($enabled, $aIds);
if ($enabled) {
$result = array('ok' => __('The category as well as its subcategories have been enabled'));
} else {
$result = array('ok' => __('The category as well as its subcategories have been disabled'));
}
$result['affectedIds'] = $aUpdated;
echo json_encode($result);
break;
}
// subcategory
$parentCategory = $mCategory->findRootCategory($id);
if (!$parentCategory['b_enabled']) {
$result = array('error' => __('Parent category is disabled, you can not enable that category'));
echo json_encode($result);
break;
}
$mCategory->update(array('b_enabled' => $enabled), array('pk_i_id' => $id));
if ($enabled) {
$result = array('ok' => __('The subcategory has been enabled'));
} else {
$result = array('ok' => __('The subcategory has been disabled'));
}
$result['affectedIds'] = array(array('id' => $id));
echo json_encode($result);
break;
case 'delete_category':
osc_csrf_check(false);
$id = Params::getParam("id");
$error = 0;
$categoryManager = Category::newInstance();
$res = $categoryManager->deleteByPrimaryKey($id);
if ($res > 0) {
$message = __('The categories have been deleted');
} else {
$error = 1;
$message = __('An error occurred while deleting');
}
if ($error) {
$result = array('error' => $message);
} else {
$result = array('ok' => __("Saved"));
}
echo json_encode($result);
break;
case 'edit_category_post':
osc_csrf_check(false);
$id = Params::getParam("id");
$fields['i_expiration_days'] = Params::getParam("i_expiration_days") != '' ? Params::getParam("i_expiration_days") : 0;
$error = 0;
$has_one_title = 0;
$postParams = Params::getParamsAsArray();
foreach ($postParams as $k => $v) {
if (preg_match('|(.+?)#(.+)|', $k, $m)) {
if ($m[2] == 's_name') {
if ($v != "") {
$has_one_title = 1;
$aFieldsDescription[$m[1]][$m[2]] = $v;
$s_text = $v;
} else {
$aFieldsDescription[$m[1]][$m[2]] = NULL;
$error = 1;
}
} else {
$aFieldsDescription[$m[1]][$m[2]] = $v;
}
}
}
$l = osc_language();
if ($error == 0 || $error == 1 && $has_one_title == 1) {
$categoryManager = Category::newInstance();
$res = $categoryManager->updateByPrimaryKey(array('fields' => $fields, 'aFieldsDescription' => $aFieldsDescription), $id);
$categoryManager->updateExpiration($id, $fields['i_expiration_days']);
if (is_bool($res)) {
$error = 2;
}
}
if (Params::getParam('apply_changes_to_subcategories') == 1) {
$subcategories = $categoryManager->findSubcategories($id);
foreach ($subcategories as $subc) {
$categoryManager->updateExpiration($subc['pk_i_id'], $fields['i_expiration_days']);
}
}
if ($error == 0) {
$msg = __("Category updated correctly");
} else {
if ($error == 1) {
if ($has_one_title == 1) {
$error = 4;
$msg = __('Category updated correctly, but some titles are empty');
} else {
$msg = __('Sorry, including at least a title is mandatory');
}
} else {
if ($error == 2) {
$msg = __('An error occurred while updating');
}
}
}
echo json_encode(array('error' => $error, 'msg' => $msg, 'text' => $aFieldsDescription[$l]['s_name']));
break;
case 'custom':
// Execute via AJAX custom file
$ajaxFile = Params::getParam("ajaxfile");
if ($ajaxFile == '') {
echo json_encode(array('error' => 'no action defined'));
break;
}
// valid file?
if (stripos($ajaxFile, '../') !== false) {
echo json_encode(array('error' => 'no valid ajaxFile'));
break;
}
if (!file_exists(osc_plugins_path() . $ajaxFile)) {
echo json_encode(array('error' => "ajaxFile doesn't exist"));
break;
}
require_once osc_plugins_path() . $ajaxFile;
break;
case 'test_mail':
$title = sprintf(__('Test email, %s'), osc_page_title());
$body = __("Test email") . "<br><br>" . osc_page_title();
$emailParams = array('subject' => $title, 'to' => osc_contact_email(), 'to_name' => 'admin', 'body' => $body, 'alt_body' => $body);
$array = array();
if (osc_sendMail($emailParams)) {
$array = array('status' => '1', 'html' => __('Email sent successfully'));
} else {
$array = array('status' => '0', 'html' => __('An error occurred while sending email'));
}
echo json_encode($array);
break;
case 'test_mail_template':
// replace por valores por defecto
$email = Params::getParam("email");
$title = Params::getParam("title");
$body = urldecode(Params::getParam("body"));
$emailParams = array('subject' => $title, 'to' => $email, 'to_name' => 'admin', 'body' => $body, 'alt_body' => $body);
$array = array();
if (osc_sendMail($emailParams)) {
$array = array('status' => '1', 'html' => __('Email sent successfully'));
} else {
$array = array('status' => '0', 'html' => __('An error occurred while sending email'));
}
echo json_encode($array);
break;
case 'order_pages':
osc_csrf_check(false);
$order = Params::getParam("order");
$id = Params::getParam("id");
if ($order != '' && $id != '') {
$mPages = Page::newInstance();
$actual_page = $mPages->findByPrimaryKey($id);
$actual_order = $actual_page['i_order'];
$array = array();
$condition = array();
$new_order = $actual_order;
if ($order == 'up') {
$page = $mPages->findPrevPage($actual_order);
} else {
if ($order == 'down') {
$page = $mPages->findNextPage($actual_order);
}
}
if (isset($page['i_order'])) {
$mPages->update(array('i_order' => $page['i_order']), array('pk_i_id' => $id));
$mPages->update(array('i_order' => $actual_order), array('pk_i_id' => $page['pk_i_id']));
}
}
break;
/******************************
** COMPLETE UPGRADE PROCESS **
******************************/
/******************************
** COMPLETE UPGRADE PROCESS **
******************************/
case 'upgrade':
// AT THIS POINT WE KNOW IF THERE'S AN UPDATE OR NOT
osc_csrf_check(false);
$message = "";
$error = 0;
$sql_error_msg = "";
$rm_errors = 0;
$perms = osc_save_permissions();
osc_change_permissions();
$maintenance_file = ABS_PATH . '.maintenance';
$fileHandler = @fopen($maintenance_file, 'w');
fclose($fileHandler);
/***********************
**** DOWNLOAD FILE ****
***********************/
$data = osc_file_get_contents("http://osclass.org/latest_version.php");
$data = json_decode(substr($data, 1, strlen($data) - 3), true);
$source_file = $data['url'];
if ($source_file != '') {
$tmp = explode("/", $source_file);
$filename = end($tmp);
$result = osc_downloadFile($source_file, $filename);
if ($result) {
// Everything is OK, continue
/**********************
***** UNZIP FILE *****
**********************/
@mkdir(ABS_PATH . 'oc-temp', 0777);
$res = osc_unzip_file(osc_content_path() . 'downloads/' . $filename, ABS_PATH . 'oc-temp/');
if ($res == 1) {
// Everything is OK, continue
/**********************
***** COPY FILES *****
**********************/
$fail = -1;
if ($handle = opendir(ABS_PATH . 'oc-temp')) {
$fail = 0;
while (false !== ($_file = readdir($handle))) {
if ($_file != '.' && $_file != '..' && $_file != 'remove.list' && $_file != 'upgrade.sql' && $_file != 'customs.actions') {
$data = osc_copy(ABS_PATH . "oc-temp/" . $_file, ABS_PATH . $_file);
if ($data == false) {
$fail = 1;
}
}
}
closedir($handle);
//TRY TO REMOVE THE ZIP PACKAGE
@unlink(osc_content_path() . 'downloads/' . $filename);
if ($fail == 0) {
// Everything is OK, continue
/************************
*** UPGRADE DATABASE ***
************************/
$error_queries = array();
if (file_exists(osc_lib_path() . 'osclass/installer/struct.sql')) {
$sql = file_get_contents(osc_lib_path() . 'osclass/installer/struct.sql');
$conn = DBConnectionClass::newInstance();
$c_db = $conn->getOsclassDb();
$comm = new DBCommandClass($c_db);
$error_queries = $comm->updateDB(str_replace('/*TABLE_PREFIX*/', DB_TABLE_PREFIX, $sql));
}
if ($error_queries[0]) {
// Everything is OK, continue
/**********************************
** EXECUTING ADDITIONAL ACTIONS **
**********************************/
if (file_exists(osc_lib_path() . 'osclass/upgrade-funcs.php')) {
// There should be no errors here
define('AUTO_UPGRADE', true);
require_once osc_lib_path() . 'osclass/upgrade-funcs.php';
}
// Additional actions is not important for the rest of the proccess
// We will inform the user of the problems but the upgrade could continue
/****************************
** REMOVE TEMPORARY FILES **
****************************/
$path = ABS_PATH . 'oc-temp';
$rm_errors = 0;
$dir = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path), RecursiveIteratorIterator::CHILD_FIRST);
for ($dir->rewind(); $dir->valid(); $dir->next()) {
if ($dir->isDir()) {
if ($dir->getFilename() != '.' && $dir->getFilename() != '..') {
if (!rmdir($dir->getPathname())) {
$rm_errors++;
}
}
} else {
if (!unlink($dir->getPathname())) {
$rm_errors++;
}
}
}
if (!rmdir($path)) {
$rm_errors++;
}
$deleted = @unlink(ABS_PATH . '.maintenance');
if ($rm_errors == 0) {
$message = __('Everything looks good! Your Osclass installation is up-to-date');
} else {
$message = __('Nearly everything looks good! Your Osclass installation is up-to-date, but there were some errors removing temporary files. Please manually remove the "oc-temp" folder');
$error = 6;
// Some errors removing files
}
} else {
$sql_error_msg = $error_queries[2];
$message = __('Problems when upgrading the database');
$error = 5;
// Problems upgrading the database
}
} else {
$message = __('Problems when copying files. Please check your permissions. ');
$error = 4;
// Problems copying files. Maybe permissions are not correct
}
} else {
$message = __('Nothing to copy');
$error = 99;
// Nothing to copy. THIS SHOULD NEVER HAPPEN, means we don't update any file!
}
} else {
$message = __('Unzip failed');
$error = 3;
// Unzip failed
}
} else {
$message = __('Download failed');
$error = 2;
// Download failed
}
} else {
$message = __('Missing download URL');
$error = 1;
// Missing download URL
}
if ($error == 5) {
$message .= "<br /><br />" . __('We had some errors upgrading your database. The follwing queries failed:') . implode("<br />", $sql_error_msg);
}
echo $message;
foreach ($perms as $k => $v) {
@chmod($k, $v);
}
break;
/*******************************
** COMPLETE MARKET PROCESS **
*******************************/
/*******************************
** COMPLETE MARKET PROCESS **
*******************************/
case 'market':
// AT THIS POINT WE KNOW IF THERE'S AN UPDATE OR NOT
osc_csrf_check(false);
$section = Params::getParam('section');
$code = Params::getParam('code');
$plugin = false;
$re_enable = false;
$message = "";
$error = 0;
$data = array();
/************************
*** CHECK VALID CODE ***
************************/
if ($code != '' && $section != '') {
if (stripos($code, "http://") === FALSE) {
// OSCLASS OFFICIAL REPOSITORY
$url = osc_market_url($section, $code);
$data = json_decode(osc_file_get_contents($url), true);
} else {
// THIRD PARTY REPOSITORY
if (osc_market_external_sources()) {
$data = json_decode(osc_file_get_contents($code), true);
} else {
echo json_encode(array('error' => 8, 'error_msg' => __('No external sources are allowed')));
break;
}
}
/***********************
**** DOWNLOAD FILE ****
***********************/
if (isset($data['s_update_url']) && isset($data['s_source_file']) && isset($data['e_type'])) {
if ($data['e_type'] == 'THEME') {
$folder = 'themes/';
} else {
if ($data['e_type'] == 'LANGUAGE') {
$folder = 'languages/';
} else {
// PLUGINS
$folder = 'plugins/';
$plugin = Plugins::findByUpdateURI($data['s_update_url']);
if ($plugin != false) {
if (Plugins::isEnabled($plugin)) {
Plugins::runHook($plugin . '_disable');
Plugins::deactivate($plugin);
$re_enable = true;
}
}
}
}
$filename = $data['s_update_url'] . "_" . $data['s_version'] . ".zip";
$url_source_file = $data['s_source_file'];
// error_log('Source file: ' . $url_source_file);
// error_log('Filename: ' . $filename);
$result = osc_downloadFile($url_source_file, $filename);
if ($result) {
// Everything is OK, continue
/**********************
***** UNZIP FILE *****
**********************/
@mkdir(ABS_PATH . 'oc-temp', 0777);
$res = osc_unzip_file(osc_content_path() . 'downloads/' . $filename, osc_content_path() . 'downloads/oc-temp/');
if ($res == 1) {
// Everything is OK, continue
/**********************
***** COPY FILES *****
**********************/
$fail = -1;
if ($handle = opendir(osc_content_path() . 'downloads/oc-temp')) {
$folder_dest = ABS_PATH . "oc-content/" . $folder;
if (function_exists('posix_getpwuid')) {
$current_user = posix_getpwuid(posix_geteuid());
$ownerFolder = posix_getpwuid(fileowner($folder_dest));
}
$fail = 0;
while (false !== ($_file = readdir($handle))) {
if ($_file != '.' && $_file != '..') {
$copyprocess = osc_copy(osc_content_path() . "downloads/oc-temp/" . $_file, $folder_dest . $_file);
if ($copyprocess == false) {
$fail = 1;
}
}
}
closedir($handle);
// Additional actions is not important for the rest of the proccess
// We will inform the user of the problems but the upgrade could continue
// Also remove the zip package
/****************************
** REMOVE TEMPORARY FILES **
****************************/
@unlink(osc_content_path() . 'downloads/' . $filename);
$path = osc_content_path() . 'downloads/oc-temp';
$rm_errors = 0;
$dir = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path), RecursiveIteratorIterator::CHILD_FIRST);
for ($dir->rewind(); $dir->valid(); $dir->next()) {
if ($dir->isDir()) {
if ($dir->getFilename() != '.' && $dir->getFilename() != '..') {
if (!rmdir($dir->getPathname())) {
$rm_errors++;
}
}
} else {
if (!unlink($dir->getPathname())) {
$rm_errors++;
}
}
}
if (!rmdir($path)) {
$rm_errors++;
}
if ($fail == 0) {
// Everything is OK, continue
if ($data['e_type'] != 'THEME' && $data['e_type'] != 'LANGUAGE') {
if ($plugin != false && $re_enable) {
$enabled = Plugins::activate($plugin);
if ($enabled) {
Plugins::runHook($plugin . '_enable');
}
}
}
// recount plugins&themes for update
if ($section == 'plugins') {
osc_check_plugins_update(true);
} else {
if ($section == 'themes') {
osc_check_themes_update(true);
} else {
if ($section == 'languages') {
// load oc-content/
if (osc_checkLocales()) {
$message .= __('The language has been installed correctly');
} else {
$message .= __('There was a problem adding the language');
$error = 8;
}
osc_check_languages_update(true);
}
}
}
if ($rm_errors == 0) {
$message = __('Everything looks good!');
$error = 0;
} else {
$message = __('Nearly everything looks good! but there were some errors removing temporary files. Please manually remove the \\"oc-temp\\" folder');
$error = 6;
// Some errors removing files
}
} else {
$message = __('Problems when copying files. Please check your permissions. ');
if ($current_user['uid'] != $ownerFolder['uid']) {
if (function_exists('posix_getgrgid')) {
$current_group = posix_getgrgid($current_user['gid']);
$message .= '<p><strong>' . sprintf(__('NOTE: Web user and destination folder user is not the same, you might have an issue there. <br/>Do this in your console:<br/>chown -R %s:%s %s'), $current_user['name'], $current_group['name'], $folder_dest) . '</strong></p>';
}
}
$error = 4;
// Problems copying files. Maybe permissions are not correct
}
} else {
$message = __('Nothing to copy');
$error = 99;
// Nothing to copy. THIS SHOULD NEVER HAPPEN, means we don't update any file!
}
} else {
$message = __('Unzip failed');
$error = 3;
// Unzip failed
}
} else {
$message = __('Download failed');
$error = 2;
// Download failed
}
} else {
$message = __('Input code not valid');
$error = 7;
// Input code not valid
}
} else {
$message = __('Missing download URL');
$error = 1;
// Missing download URL
}
echo json_encode(array('error' => $error, 'message' => $message, 'data' => $data));
break;
case 'check_market':
// AT THIS POINT WE KNOW IF THERE'S AN UPDATE OR NOT
$section = Params::getParam('section');
$code = Params::getParam('code');
$data = array();
/************************
*** CHECK VALID CODE ***
************************/
if ($code != '' && $section != '') {
if (stripos($code, "http://") === FALSE) {
// OSCLASS OFFICIAL REPOSITORY
$data = json_decode(osc_file_get_contents(osc_market_url($section, $code)), true);
} else {
// THIRD PARTY REPOSITORY
if (osc_market_external_sources()) {
$data = json_decode(osc_file_get_contents($code), true);
} else {
echo json_encode(array('error' => 3, 'error_msg' => __('No external sources are allowed')));
break;
}
}
if (!isset($data['s_source_file']) || !isset($data['s_update_url'])) {
$data = array('error' => 2, 'error_msg' => __('Invalid code'));
}
} else {
$data = array('error' => 1, 'error_msg' => __('No code was submitted'));
}
echo json_encode($data);
break;
case 'market_data':
$section = Params::getParam('section');
$page = Params::getParam("mPage");
$featured = Params::getParam("featured");
$sort = Params::getParam("sort");
$order = Params::getParam("order");
// for the moment this value is static
$length = 9;
if ($page >= 1) {
$page--;
}
$url = osc_market_url($section) . "page/" . $page . '/';
if ($length != '' && is_numeric($length)) {
$url .= 'length/' . $length . '/';
}
if ($sort != '') {
$url .= 'order/' . $sort;
if ($order != '') {
$url .= '/' . $order;
}
}
if ($featured != '') {
$url = osc_market_featured_url($section);
}
$data = array();
$data = json_decode(osc_file_get_contents($url), true);
if (!isset($data[$section])) {
$data = array('error' => 1, 'error_msg' => __('No market data'));
}
echo 'var market_data = window.market_data || {}; market_data.' . $section . ' = ' . json_encode($data) . ';';
break;
case 'local_market':
// AVOID CROSS DOMAIN PROBLEMS OF AJAX REQUEST
$marketPage = Params::getParam("mPage");
if ($marketPage >= 1) {
$marketPage--;
}
$out = osc_file_get_contents(osc_market_url(Params::getParam("section")) . "page/" . $marketPage);
$array = json_decode($out, true);
// do pagination
$pageActual = $array['page'];
$totalPages = ceil($array['total'] / $array['sizePage']);
$params = array('total' => $totalPages, 'selected' => $pageActual, 'url' => '#{PAGE}', 'sides' => 5);
// set pagination
$pagination = new Pagination($params);
$aux = $pagination->doPagination();
$array['pagination_content'] = $aux;
// encode to json
echo json_encode($array);
break;
case 'dashboardbox_market':
$error = 0;
// make market call
$url = getPreference('marketURL') . 'dashboardbox/';
$content = '';
if (false === ($json = @osc_file_get_contents($url))) {
$error = 1;
} else {
$content = $json;
}
if ($error == 1) {
echo json_encode(array('error' => 1));
} else {
// replace content with correct urls
$content = str_replace('{URL_MARKET_THEMES}', osc_admin_base_url(true) . '?page=market&action=themes', $content);
$content = str_replace('{URL_MARKET_PLUGINS}', osc_admin_base_url(true) . '?page=market&action=plugins', $content);
echo json_encode(array('html' => $content));
}
break;
case 'location_stats':
osc_csrf_check(false);
$workToDo = osc_update_location_stats();
if ($workToDo > 0) {
$array['status'] = 'more';
$array['pending'] = $workToDo;
echo json_encode($array);
} else {
$array['status'] = 'done';
echo json_encode($array);
}
break;
case 'error_permissions':
echo json_encode(array('error' => __("You don't have the necessary permissions")));
break;
default:
echo json_encode(array('error' => __('no action defined')));
break;
}
// clear all keep variables into session
Session::newInstance()->_dropKeepForm();
Session::newInstance()->_clearVariables();
}
}
}
if (!osc_users_enabled() && osc_is_web_user_logged_in()) {
Session::newInstance()->_drop('userId');
Session::newInstance()->_drop('userName');
Session::newInstance()->_drop('userEmail');
Session::newInstance()->_drop('userPhone');
Cookie::newInstance()->pop('oc_userId');
Cookie::newInstance()->pop('oc_userSecret');
Cookie::newInstance()->set();
}
switch (Params::getParam('page')) {
case 'cron':
// cron system
define('__FROM_CRON__', true);
require_once osc_lib_path() . 'osclass/cron.php';
break;
case 'user':
// user pages (with security)
if (Params::getParam('action') == 'change_email_confirm' || Params::getParam('action') == 'activate_alert' || Params::getParam('action') == 'unsub_alert' && !osc_is_web_user_logged_in() || Params::getParam('action') == 'contact_post' || Params::getParam('action') == 'pub_profile') {
require_once osc_base_path() . 'user-non-secure.php';
$do = new CWebUserNonSecure();
$do->doModel();
} else {
require_once osc_base_path() . 'user.php';
$do = new CWebUser();
$do->doModel();
}
break;
case 'item':
// item pages
function osc_check_recaptcha()
{
require_once osc_lib_path() . 'recaptchalib.php';
if (Params::getParam("recaptcha_challenge_field") != '') {
$resp = recaptcha_check_answer(osc_recaptcha_private_key(), $_SERVER["REMOTE_ADDR"], Params::getParam("recaptcha_challenge_field"), Params::getParam("recaptcha_response_field"));
return $resp->is_valid;
}
return false;
}
$conn = getConnection();
$error_queries = $conn->osc_updateDB(str_replace('/*TABLE_PREFIX*/', DB_TABLE_PREFIX, $sql));
}
if (!$error_queries[0]) {
$skip_db_link = osc_base_url() . "oc-includes/osclass/upgrade-funcs.php?skipdb=true";
$title = __('OSClass » Has some errors');
$message = __('We encountered some problems updating the database structure. The following queries failed:');
$message .= "<br/><br/>" . implode("<br>", $error_queries[2]);
$message .= "<br/><br/>" . sprintf(__('These errors could be false-positive errors. If you\'re sure that is the case, you could <a href="%s">continue with the upgrade</a>, or <a href="http://forums.osclass.org/">ask in our forums</a>.'), $skip_db_link);
osc_die($title, $message);
}
}
// UPDATE DATABASE
if (!defined('AUTO_UPGRADE')) {
if (file_exists(osc_lib_path() . 'osclass/installer/struct.sql')) {
$sql = file_get_contents(osc_lib_path() . 'osclass/installer/struct.sql');
$conn = getConnection();
$conn->osc_updateDB(str_replace('/*TABLE_PREFIX*/', DB_TABLE_PREFIX, $sql));
}
}
Preference::newInstance()->update(array('s_value' => time()), array('s_section' => 'osclass', 's_name' => 'last_version_check'));
$conn = getConnection();
if (osc_version() < 210) {
$conn->osc_dbExec(sprintf("INSERT INTO %st_preference VALUES ('osclass', 'save_latest_searches', '0', 'BOOLEAN')", DB_TABLE_PREFIX));
$conn->osc_dbExec(sprintf("INSERT INTO %st_preference VALUES ('osclass', 'purge_latest_searches', '1000', 'STRING')", DB_TABLE_PREFIX));
$conn->osc_dbExec(sprintf("INSERT INTO %st_preference VALUES ('osclass', 'selectable_parent_categories', '1', 'BOOLEAN')", DB_TABLE_PREFIX));
$conn->osc_dbExec(sprintf("INSERT INTO %st_preference VALUES ('osclass', 'ping_search_engines', '1', 'BOOLEAN')", DB_TABLE_PREFIX));
$conn->osc_dbExec(sprintf("INSERT INTO %st_preference VALUES ('osclass', 'numImages@items', '0', 'BOOLEAN')", DB_TABLE_PREFIX));
$enableItemValidation = getBoolPreference('enabled_item_validation') ? 0 : -1;
$conn->osc_dbExec(sprintf("INSERT INTO %st_preference VALUES ('osclass', 'moderate_items', '{$enableItemValidation}', 'INTEGER')", DB_TABLE_PREFIX));
$conn->osc_dbExec(sprintf("INSERT INTO %st_preference VALUES ('osclass', 'items_wait_time', '0', 'INTEGER')", DB_TABLE_PREFIX));
function doModel()
{
parent::doModel();
//specific things for this class
switch ($this->action) {
case 'bulk_actions':
osc_csrf_check();
$id = Params::getParam('id');
if ($id) {
switch (Params::getParam('bulk_actions')) {
case 'delete_all':
$this->itemCommentManager->delete(array(DB_CUSTOM_COND => 'pk_i_id IN (' . implode(', ', $id) . ')'));
foreach ($id as $_id) {
$iUpdated = $this->itemCommentManager->delete(array('pk_i_id' => $_id));
osc_add_hook("delete_comment", $_id);
}
osc_add_flash_ok_message(_m('The comments have been deleted'), 'admin');
break;
case 'activate_all':
foreach ($id as $_id) {
$iUpdated = $this->itemCommentManager->update(array('b_active' => 1), array('pk_i_id' => $_id));
if ($iUpdated) {
$this->sendCommentActivated($_id);
}
osc_add_hook("activate_comment", $_id);
}
osc_add_flash_ok_message(_m('The comments have been approved'), 'admin');
break;
case 'deactivate_all':
foreach ($id as $_id) {
$this->itemCommentManager->update(array('b_active' => 0), array('pk_i_id' => $_id));
osc_add_hook("deactivate_comment", $_id);
}
osc_add_flash_ok_message(_m('The comments have been disapproved'), 'admin');
break;
case 'enable_all':
foreach ($id as $_id) {
$iUpdated = $this->itemCommentManager->update(array('b_enabled' => 1), array('pk_i_id' => $_id));
if ($iUpdated) {
$this->sendCommentActivated($_id);
}
osc_add_hook("enable_comment", $_id);
}
osc_add_flash_ok_message(_m('The comments have been unblocked'), 'admin');
break;
case 'disable_all':
foreach ($id as $_id) {
$this->itemCommentManager->update(array('b_enabled' => 0), array('pk_i_id' => $_id));
osc_add_hook("disable_comment", $_id);
}
osc_add_flash_ok_message(_m('The comments have been blocked'), 'admin');
break;
default:
if (Params::getParam("bulk_actions") != "") {
osc_run_hook("item_bulk_" . Params::getParam("bulk_actions"), Params::getParam('id'));
}
break;
}
}
$this->redirectTo(osc_admin_base_url(true) . "?page=comments");
break;
case 'status':
osc_csrf_check();
$id = Params::getParam('id');
$value = Params::getParam('value');
if (!$id) {
return false;
}
$id = (int) $id;
if (!is_numeric($id)) {
return false;
}
if (!in_array($value, array('ACTIVE', 'INACTIVE', 'ENABLE', 'DISABLE'))) {
return false;
}
if ($value == 'ACTIVE') {
$iUpdated = $this->itemCommentManager->update(array('b_active' => 1), array('pk_i_id' => $id));
if ($iUpdated) {
$this->sendCommentActivated($id);
}
osc_add_hook("activate_comment", $id);
osc_add_flash_ok_message(_m('The comment has been approved'), 'admin');
} else {
if ($value == 'INACTIVE') {
$iUpdated = $this->itemCommentManager->update(array('b_active' => 0), array('pk_i_id' => $id));
osc_add_hook("deactivate_comment", $id);
osc_add_flash_ok_message(_m('The comment has been disapproved'), 'admin');
} else {
if ($value == 'ENABLE') {
$iUpdated = $this->itemCommentManager->update(array('b_enabled' => 1), array('pk_i_id' => $id));
osc_add_hook("enable_comment", $id);
osc_add_flash_ok_message(_m('The comment has been enabled'), 'admin');
} else {
if ($value == 'DISABLE') {
$iUpdated = $this->itemCommentManager->update(array('b_enabled' => 0), array('pk_i_id' => $id));
osc_add_hook("disable_comment", $id);
osc_add_flash_ok_message(_m('The comment has been disabled'), 'admin');
}
}
}
}
$this->redirectTo(osc_admin_base_url(true) . "?page=comments");
break;
case 'comment_edit':
$comment = ItemComment::newInstance()->findByPrimaryKey(Params::getParam('id'));
$this->_exportVariableToView('comment', $comment);
$this->doView('comments/frm.php');
break;
case 'comment_edit_post':
osc_csrf_check();
$msg = '';
if (!osc_validate_email(Params::getParam('authorEmail'), true)) {
$msg .= _m('Email is not correct') . "<br/>";
}
if (!osc_validate_text(Params::getParam('body'), 1, true)) {
$msg .= _m('Comment is required') . "<br/>";
}
if ($msg != '') {
osc_add_flash_error_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=comments&action=comment_edit&id=" . Params::getParam('id'));
}
$this->itemCommentManager->update(array('s_title' => Params::getParam('title'), 's_body' => Params::getParam('body'), 's_author_name' => Params::getParam('authorName'), 's_author_email' => Params::getParam('authorEmail')), array('pk_i_id' => Params::getParam('id')));
osc_run_hook('edit_comment', Params::getParam('id'));
osc_add_flash_ok_message(_m('Great! We just updated your comment'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=comments");
break;
case 'delete':
osc_csrf_check();
$this->itemCommentManager->deleteByPrimaryKey(Params::getParam('id'));
osc_add_flash_ok_message(_m('The comment has been deleted'), 'admin');
osc_run_hook('delete_comment', Params::getParam('id'));
$this->redirectTo(osc_admin_base_url(true) . "?page=comments");
break;
default:
require_once osc_lib_path() . "osclass/classes/datatables/CommentsDataTable.php";
// set default iDisplayLength
if (Params::getParam('iDisplayLength') != '') {
Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength'));
Cookie::newInstance()->set();
} else {
// set a default value if it's set in the cookie
if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') {
Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength'));
} else {
Params::setParam('iDisplayLength', 10);
}
}
$this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength'));
// Table header order by related
if (Params::getParam('sort') == '') {
Params::setParam('sort', 'date');
}
if (Params::getParam('direction') == '') {
Params::setParam('direction', 'desc');
}
$page = (int) Params::getParam('iPage');
if ($page == 0) {
$page = 1;
}
Params::setParam('iPage', $page);
$params = Params::getParamsAsArray();
$commentsDataTable = new CommentsDataTable();
$commentsDataTable->table($params);
$aData = $commentsDataTable->getData();
if (count($aData['aRows']) == 0 && $page != 1) {
$total = (int) $aData['iTotalDisplayRecords'];
$maxPage = ceil($total / (int) $aData['iDisplayLength']);
$url = osc_admin_base_url(true) . '?' . Params::getServerParam('QUERY_STRING', false, false);
if ($maxPage == 0) {
$url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url);
$this->redirectTo($url);
}
if ($page > 1) {
$url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url);
$this->redirectTo($url);
}
}
$this->_exportVariableToView('aData', $aData);
$this->_exportVariableToView('aRawRows', $commentsDataTable->rawRows());
$bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Delete'))), 'label' => __('Delete')), array('value' => 'activate_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Activate'))), 'label' => __('Activate')), array('value' => 'deactivate_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Deactivate'))), 'label' => __('Deactivate')), array('value' => 'disable_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Block'))), 'label' => __('Block')), array('value' => 'enable_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Unblock'))), 'label' => __('Unblock')));
$bulk_options = osc_apply_filter("comment_bulk_filter", $bulk_options);
$this->_exportVariableToView('bulk_options', $bulk_options);
$this->doView('comments/index.php');
break;
}
}
function doModel()
{
parent::doModel();
//specific things for this class
switch ($this->action) {
case 'bulk_actions':
osc_csrf_check();
switch (Params::getParam('bulk_actions')) {
case 'delete':
$ids = Params::getParam("id");
if (is_array($ids)) {
foreach ($ids as $id) {
osc_deleteResource($id, true);
}
$log_ids = substr(implode(",", $ids), 0, 250);
Log::newInstance()->insertLog('media', 'delete bulk', $log_ids, $log_ids, 'admin', osc_logged_admin_id());
$this->resourcesManager->deleteResourcesIds($ids);
}
osc_add_flash_ok_message(_m('Resource deleted'), 'admin');
break;
default:
if (Params::getParam("bulk_actions") != "") {
osc_run_hook("media_bulk_" . Params::getParam("bulk_actions"), Params::getParam('id'));
}
break;
}
$this->redirectTo(osc_admin_base_url(true) . '?page=media');
break;
case 'delete':
osc_csrf_check();
$ids = Params::getParam('id');
if (is_array($ids)) {
foreach ($ids as $id) {
osc_deleteResource($id, true);
}
$log_ids = substr(implode(",", $ids), 0, 250);
Log::newInstance()->insertLog('media', 'delete', $log_ids, $log_ids, 'admin', osc_logged_admin_id());
$this->resourcesManager->deleteResourcesIds($ids);
}
osc_add_flash_ok_message(_m('Resource deleted'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=media');
break;
default:
require_once osc_lib_path() . "osclass/classes/datatables/MediaDataTable.php";
// set default iDisplayLength
if (Params::getParam('iDisplayLength') != '') {
Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength'));
Cookie::newInstance()->set();
} else {
// set a default value if it's set in the cookie
if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') {
Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength'));
} else {
Params::setParam('iDisplayLength', 10);
}
}
$this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength'));
// Table header order by related
if (Params::getParam('sort') == '') {
Params::setParam('sort', 'date');
}
if (Params::getParam('direction') == '') {
Params::setParam('direction', 'desc');
}
$page = (int) Params::getParam('iPage');
if ($page == 0) {
$page = 1;
}
Params::setParam('iPage', $page);
$params = Params::getParamsAsArray();
$mediaDataTable = new MediaDataTable();
$mediaDataTable->table($params);
$aData = $mediaDataTable->getData();
if (count($aData['aRows']) == 0 && $page != 1) {
$total = (int) $aData['iTotalDisplayRecords'];
$maxPage = ceil($total / (int) $aData['iDisplayLength']);
$url = osc_admin_base_url(true) . '?' . Params::getServerParam('QUERY_STRING', false, false);
if ($maxPage == 0) {
$url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url);
$this->redirectTo($url);
}
if ($page > 1) {
$url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url);
$this->redirectTo($url);
}
}
$this->_exportVariableToView('aData', $aData);
$this->_exportVariableToView('aRawRows', $mediaDataTable->rawRows());
$bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected media files?'), strtolower(__('Delete'))), 'label' => __('Delete')));
$bulk_options = osc_apply_filter("media_bulk_filter", $bulk_options);
$this->_exportVariableToView('bulk_options', $bulk_options);
$this->doView('media/index.php');
break;
}
}
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
osc_add_hook('admin_page_header', 'customPageHeader');
function customPageHeader()
{
?>
<h1><?php
printf(__('Osclass %s'), OSCLASS_VERSION);
?>
<a href="#" class="btn ico ico-32 ico-help float-right"></a>
</h1>
<?php
}
function customPageTitle($string)
{
return sprintf(__('Osclass %s » %s'), OSCLASS_VERSION, $string);
}
osc_add_filter('admin_title', 'customPageTitle');
osc_current_admin_theme_path('parts/header.php');
include osc_lib_path() . "osclass/assets/release.notes.php";
osc_current_admin_theme_path('parts/footer.php');
public function init()
{
self::$user = $this->getUser();
if (!osc_is_web_user_logged_in()) {
self::$loginUrl = self::$facebook->getLoginUrl(array('scope' => 'email'));
}
if (!self::$user) {
return self::$facebook;
}
try {
self::$user_profile = self::$facebook->api('/me');
$this->dao->select($this->getFields());
$this->dao->from($this->getTableName());
$this->dao->where('i_facebook_uid', self::$user);
$rs = $this->dao->get();
if ($rs !== false && $rs->numRows() === 1) {
$fbUser = $rs->row();
if (count($fbUser) > 0) {
require_once osc_lib_path() . 'osclass/UserActions.php';
$uActions = new UserActions(false);
$logged = $uActions->bootstrap_login($fbUser['fk_i_user_id']);
switch ($logged) {
case 0:
osc_add_flash_error_message(__('The username doesn\'t exist', 'facebook'));
break;
case 1:
osc_add_flash_error_message(__('The user has not been validated yet', 'facebook'));
break;
case 2:
osc_add_flash_error_message(__('The user has been suspended', 'facebook'));
break;
case 3:
//osc_add_flash_ok_message( __( 'Login successfull', 'facebook' ) );
break;
}
return self::$facebook;
}
}
if (!isset(self::$user_profile['email'])) {
osc_add_flash_error_message(__('Some error occured trying to connect with Facebook.', 'facebook'));
header('Location: ' . self::$logoutUrl);
exit;
}
$manager = User::newInstance();
$oscUser = $manager->findByEmail(self::$user_profile['email']);
// exists on our DB, we merge both accounts
if (count($oscUser) > 0) {
require_once osc_lib_path() . 'osclass/UserActions.php';
$uActions = new UserActions(false);
$manager->dao->from($this->getTableName());
$manager->dao->set('fk_i_user_id', $oscUser['pk_i_id']);
$manager->dao->set('i_facebook_uid', self::$user_profile['id']);
$manager->dao->insert();
osc_add_flash_ok_message(__("You already have an user with this e-mail address. We've merged your accounts", 'facebook'));
// activate user in case is not activated
$manager->update(array('b_active' => '1'), array('pk_i_id' => $oscUser['pk_i_id']));
$logged = $uActions->bootstrap_login($oscUser['pk_i_id']);
} else {
// Auto-register him
$this->register_user(self::$user_profile);
}
// redirect to log in
header('Location: ' . osc_base_url());
exit;
} catch (FacebookApiException $e) {
self::$user = null;
}
return self::$facebook;
}
case 'language':
// set language
require_once osc_lib_path() . 'osclass/controller/language.php';
$do = new CWebLanguage();
$do->doModel();
break;
case 'contact':
//contact
require_once osc_lib_path() . 'osclass/controller/contact.php';
$do = new CWebContact();
$do->doModel();
break;
case 'custom':
//contact
require_once osc_lib_path() . 'osclass/controller/custom.php';
$do = new CWebCustom();
$do->doModel();
break;
default:
// home and static pages that are mandatory...
require_once osc_lib_path() . 'osclass/controller/main.php';
$do = new CWebMain();
$do->doModel();
break;
}
if (!defined('__FROM_CRON__')) {
if (osc_auto_cron()) {
osc_doRequest(osc_base_url(), array('page' => 'cron'));
}
}
/* file end: ./index.php */
function doModel()
{
//specific things for this class
switch ($this->action) {
case 'bulk_actions':
break;
case 'regions':
//Return regions given a countryId
$regions = Region::newInstance()->findByCountry(Params::getParam("countryId"));
echo json_encode($regions);
break;
case 'cities':
//Returns cities given a regionId
$cities = City::newInstance()->findByRegion(Params::getParam("regionId"));
echo json_encode($cities);
break;
case 'location':
// This is the autocomplete AJAX
$cities = City::newInstance()->ajax(Params::getParam("term"));
echo json_encode($cities);
break;
case 'userajax':
// This is the autocomplete AJAX
$users = User::newInstance()->ajax(Params::getParam("term"));
if (count($users) == 0) {
echo json_encode(array(0 => array('id' => '', 'label' => __('No results'), 'value' => __('No results'))));
} else {
echo json_encode($users);
}
break;
case 'date_format':
echo json_encode(array('format' => Params::getParam('format'), 'str_formatted' => osc_format_date(date(Params::getParam('format')))));
break;
case 'runhook':
// run hooks
$hook = Params::getParam('hook');
if ($hook == '') {
echo json_encode(array('error' => 'hook parameter not defined'));
break;
}
switch ($hook) {
case 'item_form':
osc_run_hook('item_form', Params::getParam('catId'));
break;
case 'item_edit':
$catId = Params::getParam("catId");
$itemId = Params::getParam("itemId");
osc_run_hook("item_edit", $catId, $itemId);
break;
default:
osc_run_hook('ajax_admin_' . $hook);
break;
}
break;
case 'items':
// Return items (use external file oc-admin/ajax/item_processing.php)
require_once osc_admin_base_path() . 'ajax/items_processing.php';
$items_processing = new ItemsProcessingAjax(Params::getParamsAsArray("get"));
break;
case 'users':
// Return items (use external file oc-admin/ajax/item_processing.php)
require_once osc_admin_base_path() . 'ajax/users_processing.php';
$users_processing = new UsersProcessingAjax(Params::getParamsAsArray("get"));
break;
case 'media':
// Return items (use external file oc-admin/ajax/media_processing.php)
require_once osc_admin_base_path() . 'ajax/media_processing.php';
$media_processing = new MediaProcessingAjax(Params::getParamsAsArray("get"));
break;
case 'categories_order':
// Save the order of the categories
$aIds = Params::getParam('list');
$orderParent = 0;
$orderSub = 0;
$catParent = 0;
$error = 0;
$catManager = Category::newInstance();
$aRecountCat = array();
foreach ($aIds as $id => $parent) {
if ($parent == 'root') {
$res = $catManager->updateOrder($id, $orderParent);
if (is_bool($res) && !$res) {
$error = 1;
}
// find category
$auxCategory = Category::newInstance()->findByPrimaryKey($id);
// set parent category
$conditions = array('pk_i_id' => $id);
$array['fk_i_parent_id'] = NULL;
$res = $catManager->update($array, $conditions);
if (is_bool($res) && !$res) {
$error = 1;
} else {
if ($res == 1) {
// updated ok
$parentId = $auxCategory['fk_i_parent_id'];
if ($parentId) {
// update parent category stats
array_push($aRecountCat, $id);
array_push($aRecountCat, $parentId);
}
}
}
$orderParent++;
} else {
if ($parent != $catParent) {
$catParent = $parent;
$orderSub = 0;
}
$res = $catManager->updateOrder($id, $orderSub);
if (is_bool($res) && !$res) {
$error = 1;
}
// set parent category
$auxCategory = Category::newInstance()->findByPrimaryKey($id);
$auxCategoryP = Category::newInstance()->findByPrimaryKey($catParent);
$conditions = array('pk_i_id' => $id);
$array['fk_i_parent_id'] = $catParent;
$res = $catManager->update($array, $conditions);
if (is_bool($res) && !$res) {
$error = 1;
} else {
if ($res == 1) {
// updated ok
// update category parent
$prevParentId = $auxCategory['fk_i_parent_id'];
$parentId = $auxCategoryP['pk_i_id'];
array_push($aRecountCat, $prevParentId);
array_push($aRecountCat, $parentId);
}
}
$orderSub++;
}
}
// update category stats
foreach ($aRecountCat as $rId) {
osc_update_cat_stats_id($rId);
}
if ($error) {
$result = array('error' => __("Some error ocurred"));
} else {
$result = array('ok' => __("Order saved"));
}
echo json_encode($result);
break;
case 'category_edit_iframe':
$this->_exportVariableToView('category', Category::newInstance()->findByPrimaryKey(Params::getParam("id")));
$this->_exportVariableToView('languages', OSCLocale::newInstance()->listAllEnabled());
$this->doView("categories/iframe.php");
break;
case 'field_categories_iframe':
$selected = Field::newInstance()->categories(Params::getParam("id"));
if ($selected == null) {
$selected = array();
}
$this->_exportVariableToView("selected", $selected);
$this->_exportVariableToView("field", Field::newInstance()->findByPrimaryKey(Params::getParam("id")));
$this->_exportVariableToView("categories", Category::newInstance()->toTreeAll());
$this->doView("fields/iframe.php");
break;
case 'field_categories_post':
$error = 0;
$field = Field::newInstance()->findByName(Params::getParam("s_name"));
if (!isset($field['pk_i_id']) || isset($field['pk_i_id']) && $field['pk_i_id'] == Params::getParam("id")) {
// remove categories from a field
Field::newInstance()->cleanCategoriesFromField(Params::getParam("id"));
// no error... continue updating fields
if ($error == 0) {
$slug = Params::getParam("field_slug") != '' ? Params::getParam("field_slug") : Params::getParam("s_name");
$slug_tmp = $slug = preg_replace('|([-]+)|', '-', preg_replace('|[^a-z0-9_-]|', '-', strtolower($slug)));
$slug_k = 0;
while (true) {
$field = Field::newInstance()->findBySlug($slug);
if (!$field || $field['pk_i_id'] == Params::getParam("id")) {
break;
} else {
$slug_k++;
$slug = $slug_tmp . "_" . $slug_k;
}
}
$res = Field::newInstance()->update(array('s_name' => Params::getParam("s_name"), 'e_type' => Params::getParam("field_type"), 's_slug' => $slug, 'b_required' => Params::getParam("field_required") == "1" ? 1 : 0, 's_options' => Params::getParam('s_options')), array('pk_i_id' => Params::getParam("id")));
if (is_bool($res) && !$res) {
$error = 1;
}
}
// no error... continue inserting categories-field
if ($error == 0) {
$aCategories = Params::getParam("categories");
if (is_array($aCategories) && count($aCategories) > 0) {
$res = Field::newInstance()->insertCategories(Params::getParam("id"), $aCategories);
if (!$res) {
$error = 1;
}
}
}
// error while updating?
if ($error == 1) {
$message = __("Error while updating.");
}
} else {
$error = 1;
$message = __("Sorry, you already have one field with that name");
}
if ($error) {
$result = array('error' => $message);
} else {
$result = array('ok' => __("Saved"), 'text' => Params::getParam("s_name"), 'field_id' => $field['pk_i_id']);
}
echo json_encode($result);
break;
case 'delete_field':
$id = Params::getParam("id");
$error = 0;
$fieldManager = Field::newInstance();
$res = $fieldManager->deleteByPrimaryKey($id);
if ($res > 0) {
$message = __('The custom field have been deleted');
} else {
$error = 1;
$message = __('Error while deleting');
}
if ($error) {
$result = array('error' => $message);
} else {
$result = array('ok' => __("Saved"));
}
echo json_encode($result);
break;
case 'add_field':
$s_name = __('NEW custom field');
$slug_tmp = $slug = preg_replace('|([-]+)|', '-', preg_replace('|[^a-z0-9_-]|', '-', strtolower($s_name)));
$slug_k = 0;
while (true) {
$field = Field::newInstance()->findBySlug($slug);
if (!$field || $field['pk_i_id'] == Params::getParam("id")) {
break;
} else {
$slug_k++;
$slug = $slug_tmp . "_" . $slug_k;
}
}
$fieldManager = Field::newInstance();
$result = $fieldManager->insertField($s_name, 'TEXT', $slug, 0, '', array());
if ($result) {
echo json_encode(array('error' => 0, 'field_id' => $fieldManager->dao->insertedId(), 'field_name' => $s_name));
} else {
echo json_encode(array('error' => 1));
}
break;
case 'enable_category':
$id = strip_tags(Params::getParam('id'));
$enabled = Params::getParam('enabled') != '' ? Params::getParam('enabled') : 0;
$error = 0;
$result = array();
$aUpdated = array();
$mCategory = Category::newInstance();
$aCategory = $mCategory->findByPrimaryKey($id);
if ($aCategory == false) {
$result = array('error' => sprintf(__("It doesn't exist a category with this id: %d"), $id));
echo json_encode($result);
break;
}
// root category
if ($aCategory['fk_i_parent_id'] == '') {
$mCategory->update(array('b_enabled' => $enabled), array('pk_i_id' => $id));
$mCategory->update(array('b_enabled' => $enabled), array('fk_i_parent_id' => $id));
$subCategories = $mCategory->findSubcategories($id);
$aIds = array($id);
$aUpdated[] = array('id' => $id);
foreach ($subCategories as $subcategory) {
$aIds[] = $subcategory['pk_i_id'];
$aUpdated[] = array('id' => $subcategory['pk_i_id']);
}
Item::newInstance()->enableByCategory($enabled, $aIds);
if ($enabled) {
$result = array('ok' => __('The category and its subcategories have been enabled'));
} else {
$result = array('ok' => __('The category and its subcategories have been disabled'));
}
$result['affectedIds'] = $aUpdated;
echo json_encode($result);
break;
}
// subcategory
$parentCategory = $mCategory->findRootCategory($id);
if (!$parentCategory['b_enabled']) {
$result = array('error' => __('Parent category is disabled, you can not enable that category'));
echo json_encode($result);
break;
}
$mCategory->update(array('b_enabled' => $enabled), array('pk_i_id' => $id));
if ($enabled) {
$result = array('ok' => __('The subcategory has been enabled'));
} else {
$result = array('ok' => __('The subcategory has been disabled'));
}
$result['affectedIds'] = array(array('id' => $id));
echo json_encode($result);
break;
case 'delete_category':
$id = Params::getParam("id");
$error = 0;
$categoryManager = Category::newInstance();
$res = $categoryManager->deleteByPrimaryKey($id);
if ($res > 0) {
$message = __('The categories have been deleted');
} else {
$error = 1;
$message = __('Error while deleting');
}
if ($error) {
$result = array('error' => $message);
} else {
$result = array('ok' => __("Saved"));
}
echo json_encode($result);
break;
case 'edit_category_post':
$id = Params::getParam("id");
$fields['i_expiration_days'] = Params::getParam("i_expiration_days") != '' ? Params::getParam("i_expiration_days") : 0;
$error = 0;
$has_one_title = 0;
$postParams = Params::getParamsAsArray();
foreach ($postParams as $k => $v) {
if (preg_match('|(.+?)#(.+)|', $k, $m)) {
if ($m[2] == 's_name') {
if ($v != "") {
$has_one_title = 1;
$aFieldsDescription[$m[1]][$m[2]] = $v;
$s_text = $v;
} else {
$aFieldsDescription[$m[1]][$m[2]] = ' ';
$error = 1;
}
} else {
$aFieldsDescription[$m[1]][$m[2]] = $v;
}
}
}
$l = osc_language();
if ($error == 0 || $error == 1 && $has_one_title == 1) {
$categoryManager = Category::newInstance();
$res = $categoryManager->updateByPrimaryKey(array('fields' => $fields, 'aFieldsDescription' => $aFieldsDescription), $id);
if (is_bool($res)) {
$error = 2;
}
}
if ($error == 0) {
$msg = __("Category updated correctly");
} else {
if ($error == 1) {
if ($has_one_title == 1) {
$error = 4;
$msg = __('Category updated correctly, but some titles were empty');
} else {
$msg = __('Sorry, at least a title is needed');
}
} else {
if ($error == 2) {
$msg = __('Error while updating');
}
}
}
echo json_encode(array('error' => $error, 'msg' => $msg, 'text' => $aFieldsDescription[$l]['s_name']));
break;
case 'custom':
// Execute via AJAX custom file
$ajaxFile = Params::getParam("ajaxfile");
if ($ajaxFile == '') {
echo json_encode(array('error' => 'no action defined'));
break;
}
// valid file?
if (stripos($ajaxFile, '../') !== false) {
echo json_encode(array('error' => 'no valid ajaxFile'));
break;
}
if (!file_exists(osc_plugins_path() . $ajaxFile)) {
echo json_encode(array('error' => "ajaxFile doesn't exist"));
break;
}
require_once osc_plugins_path() . $ajaxFile;
break;
case 'test_mail':
$title = sprintf(__('Test email, %s'), osc_page_title());
$body = __("Test email") . "<br><br>" . osc_page_title();
$emailParams = array('subject' => $title, 'to' => osc_contact_email(), 'to_name' => 'admin', 'body' => $body, 'alt_body' => $body);
$array = array();
if (osc_sendMail($emailParams)) {
$array = array('status' => '1', 'html' => __('Email sent successfully'));
} else {
$array = array('status' => '0', 'html' => __('An error has occurred while sending email'));
}
echo json_encode($array);
break;
case 'order_pages':
$order = Params::getParam("order");
$id = Params::getParam("id");
if ($order != '' && $id != '') {
$mPages = Page::newInstance();
$actual_page = $mPages->findByPrimaryKey($id);
$actual_order = $actual_page['i_order'];
$array = array();
$condition = array();
$new_order = $actual_order;
if ($order == 'up') {
$page = $mPages->findPrevPage($actual_order);
} else {
if ($order == 'down') {
$page = $mPages->findNextPage($actual_order);
}
}
if (isset($page['i_order'])) {
$mPages->update(array('i_order' => $page['i_order']), array('pk_i_id' => $id));
$mPages->update(array('i_order' => $actual_order), array('pk_i_id' => $page['pk_i_id']));
}
// TO BE IMPROVED
// json for datatables
$prefLocale = osc_current_user_locale();
$this->_exportVariableToView('pages', $mPages->listAll(0));
$o_json = array();
while (osc_has_static_pages()) {
$row = array();
$page = osc_static_page();
$content = array();
if (isset($page['locale'][$prefLocale]) && !empty($page['locale'][$prefLocale]['s_title'])) {
$content = $page['locale'][$prefLocale];
} else {
$content = current($page['locale']);
}
$options = array();
$options[] = '<a href="' . osc_static_page_url() . '">' . __('View page') . '</a>';
$options[] = '<a href="' . osc_admin_base_url(true) . '?page=pages&action=edit&id=' . osc_static_page_id() . '">' . __('Edit') . '</a>';
if (!$page['b_indelible']) {
$options[] = '<a onclick="javascript:return confirm(\'' . osc_esc_js("This action can't be undone. Are you sure you want to continue?") . '\')" href="' . osc_admin_base_url(true) . '?page=pages&action=delete&id=' . osc_static_page_id() . '">' . __('Delete') . '</a>';
}
$row[] = '<input type="checkbox" name="id[]"" value="' . osc_static_page_id() . '"" />';
$row[] = $page['s_internal_name'] . '<div id="datatables_quick_edit" style="display: none;">' . implode(' · ', $options) . '</div>';
$row[] = $content['s_title'];
$row[] = osc_static_page_order() . ' <img id="up" onclick="order_up(' . osc_static_page_id() . ');" style="cursor:pointer; width:15px; height:15px;" src="' . osc_current_admin_theme_url('images/arrow_up.png') . '"/> <br/><img id="down" onclick="order_down(' . osc_static_page_id() . ');" style="cursor:pointer; width:15px; height:15px; margin-left: 10px;" src="' . osc_current_admin_theme_url('images/arrow_down.png') . '"/>';
$o_json[] = $row;
}
echo json_encode($o_json);
}
break;
/******************************
** COMPLETE UPGRADE PROCESS **
******************************/
/******************************
** COMPLETE UPGRADE PROCESS **
******************************/
case 'upgrade':
// AT THIS POINT WE KNOW IF THERE'S AN UPDATE OR NOT
$message = "";
$error = 0;
$sql_error_msg = "";
$rm_errors = 0;
$perms = osc_save_permissions();
osc_change_permissions();
$maintenance_file = ABS_PATH . '.maintenance';
$fileHandler = @fopen($maintenance_file, 'w');
fclose($fileHandler);
/***********************
**** DOWNLOAD FILE ****
***********************/
$data = osc_file_get_contents("http://osclass.org/latest_version.php");
$data = json_decode(substr($data, 1, strlen($data) - 3), true);
$source_file = $data['url'];
if ($source_file != '') {
$tmp = explode("/", $source_file);
$filename = end($tmp);
$result = osc_downloadFile($source_file, $filename);
if ($result) {
// Everything is OK, continue
/**********************
***** UNZIP FILE *****
**********************/
@mkdir(ABS_PATH . 'oc-temp', 0777);
$res = osc_unzip_file(osc_content_path() . 'downloads/' . $filename, ABS_PATH . 'oc-temp/');
if ($res == 1) {
// Everything is OK, continue
/**********************
***** COPY FILES *****
**********************/
$fail = -1;
if ($handle = opendir(ABS_PATH . 'oc-temp')) {
$fail = 0;
while (false !== ($_file = readdir($handle))) {
if ($_file != '.' && $_file != '..' && $_file != 'remove.list' && $_file != 'upgrade.sql' && $_file != 'customs.actions') {
$data = osc_copy(ABS_PATH . "oc-temp/" . $_file, ABS_PATH . $_file);
if ($data == false) {
$fail = 1;
}
}
}
closedir($handle);
if ($fail == 0) {
// Everything is OK, continue
/************************
*** UPGRADE DATABASE ***
************************/
$error_queries = array();
if (file_exists(osc_lib_path() . 'osclass/installer/struct.sql')) {
$sql = file_get_contents(osc_lib_path() . 'osclass/installer/struct.sql');
$conn = DBConnectionClass::newInstance();
$c_db = $conn->getOsclassDb();
$comm = new DBCommandClass($c_db);
$error_queries = $comm->updateDB(str_replace('/*TABLE_PREFIX*/', DB_TABLE_PREFIX, $sql));
}
if ($error_queries[0]) {
// Everything is OK, continue
/**********************************
** EXECUTING ADDITIONAL ACTIONS **
**********************************/
if (file_exists(osc_lib_path() . 'osclass/upgrade-funcs.php')) {
// There should be no errors here
define('AUTO_UPGRADE', true);
require_once osc_lib_path() . 'osclass/upgrade-funcs.php';
}
// Additional actions is not important for the rest of the proccess
// We will inform the user of the problems but the upgrade could continue
/****************************
** REMOVE TEMPORARY FILES **
****************************/
$path = ABS_PATH . 'oc-temp';
$rm_errors = 0;
$dir = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path), RecursiveIteratorIterator::CHILD_FIRST);
for ($dir->rewind(); $dir->valid(); $dir->next()) {
if ($dir->isDir()) {
if ($dir->getFilename() != '.' && $dir->getFilename() != '..') {
if (!rmdir($dir->getPathname())) {
$rm_errors++;
}
}
} else {
if (!unlink($dir->getPathname())) {
$rm_errors++;
}
}
}
if (!rmdir($path)) {
$rm_errors++;
}
$deleted = @unlink(ABS_PATH . '.maintenance');
if ($rm_errors == 0) {
$message = __('Everything was OK! Your OSClass installation is updated');
} else {
$message = __('Almost everything was OK! Your OSClass installation is updated, but there were some errors removing temporary files. Please, remove manually the "oc-temp" folder');
$error = 6;
// Some errors removing files
}
} else {
$sql_error_msg = $error_queries[2];
$message = __('Problems upgrading the database');
$error = 5;
// Problems upgrading the database
}
} else {
$message = __('Problems copying files. Maybe permissions are not correct');
$error = 4;
// Problems copying files. Maybe permissions are not correct
}
} else {
$message = __('Nothing to copy');
$error = 99;
// Nothing to copy. THIS SHOULD NEVER HAPPENS, means we dont update any file!
}
} else {
$message = __('Unzip failed');
$error = 3;
// Unzip failed
}
} else {
$message = __('Download failed');
$error = 2;
// Download failed
}
} else {
$message = __('Missing download URL');
$error = 1;
// Missing download URL
}
if ($error == 5) {
$message .= "<br /><br />" . __('We had some errors upgrading your database. The follwing queries failed') . implode("<br />", $sql_error_msg);
}
echo $message;
foreach ($perms as $k => $v) {
@chmod($k, $v);
}
break;
case 'location_stats':
$workToDo = LocationsTmp::newInstance()->count();
if ($workToDo > 0) {
// there are wotk to do
$aLocations = LocationsTmp::newInstance()->getLocations(1000);
foreach ($aLocations as $location) {
$id = $location['id_location'];
$type = $location['e_type'];
$data = 0;
// update locations stats
switch ($type) {
case 'COUNTRY':
$numItems = CountryStats::newInstance()->calculateNumItems($id);
$data = CountryStats::newInstance()->setNumItems($id, $numItems);
unset($numItems);
break;
case 'REGION':
$numItems = RegionStats::newInstance()->calculateNumItems($id);
$data = RegionStats::newInstance()->setNumItems($id, $numItems);
unset($numItems);
break;
case 'CITY':
$numItems = CityStats::newInstance()->calculateNumItems($id);
$data = CityStats::newInstance()->setNumItems($id, $numItems);
unset($numItems);
break;
default:
break;
}
if ($data >= 0) {
LocationsTmp::newInstance()->delete(array('e_type' => $location['e_type'], 'id_location' => $location['id_location']));
}
}
$array['status'] = 'more';
$array['pending'] = $workToDo = LocationsTmp::newInstance()->count();
echo json_encode($array);
} else {
$array['status'] = 'done';
echo json_encode($array);
}
break;
default:
echo json_encode(array('error' => __('no action defined')));
break;
}
// clear all keep variables into session
Session::newInstance()->_dropKeepForm();
Session::newInstance()->_clearVariables();
}
function doModel()
{
switch ($this->action) {
case 'login_post':
//post execution for the login
osc_csrf_check();
osc_run_hook('before_login_admin');
$url_redirect = osc_get_http_referer();
$page_redirect = '';
$password = Params::getParam('password', false, false);
if (preg_match('|[\\?&]page=([^&]+)|', $url_redirect . '&', $match)) {
$page_redirect = $match[1];
}
if ($page_redirect == '' || $page_redirect == 'login' || $url_redirect == '') {
$url_redirect = osc_admin_base_url();
}
if (Params::getParam('user') == '') {
osc_add_flash_error_message(_m('The username field is empty'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=login");
}
if (Params::getParam('password', false, false) == '') {
osc_add_flash_error_message(_m('The password field is empty'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=login");
}
// fields are not empty
$admin = Admin::newInstance()->findByUsername(Params::getParam('user'));
if (!$admin) {
osc_add_flash_error_message(sprintf(_m('Sorry, incorrect username. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=login");
}
if (!osc_verify_password($password, $admin['s_password'])) {
osc_add_flash_error_message(sprintf(_m('Sorry, incorrect password. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=login");
} else {
if (@$admin['s_password'] != '') {
if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $admin['s_password'], $cost)) {
if ($cost[1] != BCRYPT_COST) {
Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id']));
}
} else {
Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id']));
}
}
}
if (Params::getParam('remember')) {
// this include contains de osc_genRandomPassword function
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$secret = osc_genRandomPassword();
Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id']));
Cookie::newInstance()->set_expires(osc_time_cookie());
Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']);
Cookie::newInstance()->push('oc_adminSecret', $secret);
Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale'));
Cookie::newInstance()->set();
}
// we are logged in... let's go!
Session::newInstance()->_set('adminId', $admin['pk_i_id']);
Session::newInstance()->_set('adminUserName', $admin['s_username']);
Session::newInstance()->_set('adminName', $admin['s_name']);
Session::newInstance()->_set('adminEmail', $admin['s_email']);
Session::newInstance()->_set('adminLocale', Params::getParam('locale'));
osc_run_hook('login_admin', $admin);
$this->redirectTo($url_redirect);
break;
case 'recover':
// form to recover the password (in this case we have the form in /gui/)
$this->doView('gui/recover.php');
break;
case 'recover_post':
if (defined('DEMO')) {
osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url());
}
osc_csrf_check();
// post execution to recover the password
$admin = Admin::newInstance()->findByEmail(Params::getParam('email'));
if ($admin) {
if (osc_recaptcha_private_key() != '') {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The reCAPTCHA code is wrong'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover');
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$newPassword = osc_genRandomPassword(40);
Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id']));
$password_url = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword);
osc_run_hook('hook_email_user_forgot_password', $admin, $password_url);
}
osc_add_flash_ok_message(_m('A new password has been sent to your e-mail'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=login');
break;
case 'forgot':
// form to recover the password (in this case we have the form in /gui/)
$admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code'));
if (!$admin) {
osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin');
$this->redirectTo(osc_admin_base_url());
}
$this->doView('gui/forgot_password.php');
break;
case 'forgot_post':
osc_csrf_check();
$admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code'));
if (!$admin) {
osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin');
$this->redirectTo(osc_admin_base_url());
}
if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) {
Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $admin['pk_i_id']));
osc_add_flash_ok_message(_m('The password has been changed'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=login');
} else {
osc_add_flash_error_message(_m("Error, the passwords don't match"), 'admin');
$this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code')));
}
break;
default:
//osc_run_hook( 'init_admin' );
Session::newInstance()->_setReferer(osc_get_http_referer());
$this->doView('gui/login.php');
break;
}
}
<?php
}
}
function osc_meta_generator()
{
echo '<meta name="generator" content="Osclass ' . OSCLASS_VERSION . '" />';
}
osc_add_hook('header', 'osc_show_maintenance');
osc_add_hook('header', 'osc_show_maintenance_css');
osc_add_hook('header', 'osc_meta_generator');
osc_add_hook('header', 'osc_load_scripts', 10);
osc_add_hook('header', 'osc_load_styles', 10);
// register scripts
osc_register_script('jquery', osc_assets_url('js/jquery.min.js'));
osc_register_script('jquery-ui', osc_assets_url('js/jquery-ui.min.js'), 'jquery');
osc_register_script('jquery-json', osc_assets_url('js/jquery.json.js'), 'jquery');
osc_register_script('jquery-treeview', osc_assets_url('js/jquery.treeview.js'), 'jquery');
osc_register_script('jquery-nested', osc_assets_url('js/jquery.ui.nestedSortable.js'), 'jquery');
osc_register_script('jquery-validate', osc_assets_url('js/jquery.validate.min.js'), 'jquery');
osc_register_script('tabber', osc_assets_url('js/tabber-minimized.js'), 'jquery');
osc_register_script('tiny_mce', osc_assets_url('js/tiny_mce/tiny_mce.js'));
osc_register_script('colorpicker', osc_assets_url('js/colorpicker/js/colorpicker.js'));
Plugins::init();
osc_csrfguard_start();
if (!class_exists('PHPMailer')) {
require_once osc_lib_path() . 'phpmailer/class.phpmailer.php';
}
if (!class_exists('SMTP')) {
require_once osc_lib_path() . 'phpmailer/class.smtp.php';
}
/* file end: ./oc-load.php */
function pop_ajax_load_more()
{
$array = Params::getParamsAsArray();
if ($array['_page'] == 'user') {
if ($array['_action'] == 'pub_profile') {
if ($array['username'] != '') {
$_user = User::newInstance()->findByUsername($array['username']);
$array['id'] = $_user['pk_i_id'];
}
$params['author'] = $array['id'];
$params['results_per_page'] = isset($array['_offset']) ? $array['_offset'] : osc_default_results_per_page_at_search();
$params['page'] = isset($array['iPage']) ? $array['iPage'] - 1 : 0;
}
if ($array['_action'] == 'items') {
$params['author'] = osc_logged_user_id();
$params['results_per_page'] = 10;
// core default
$params['page'] = isset($array['iPage']) ? $array['iPage'] - 1 : 0;
}
osc_query_item($params);
$result = View::newInstance()->_get('customItems');
echo _pop_print_listing_card($result);
exit;
}
if ($array['_page'] == 'search' || $array['_page'] == '') {
if (osc_rewrite_enabled()) {
if (REL_WEB_URL != '/') {
$base_url = str_replace(REL_WEB_URL, '', osc_base_url());
} else {
$base_url = osc_base_url();
}
$_SERVER['REQUEST_URI'] = preg_replace('|^' . $base_url . '|', '', osc_search_url(Params::getParamsAsArray()));
osc_add_hook('before_html', 'pop_ob_start_');
osc_add_hook('after_html', 'pop_ob_clean_');
osc_add_hook('after_search', 'pop_echo_pop_print_listing_card');
}
require_once osc_lib_path() . 'osclass/controller/search.php';
$do = new CWebSearch();
$do->doModel();
exit;
}
}
function doModel()
{
switch ($this->action) {
case 'login_post':
//post execution for the login
$user = User::newInstance()->findByEmail(Params::getParam('email'));
if (!$user) {
osc_add_flash_message(_m('The username doesn\'t exist'));
$this->redirectTo(osc_user_login_url());
}
if (!$user['b_enabled']) {
osc_add_flash_message(_m('The user has not been validated yet'));
$this->redirectTo(osc_user_login_url());
}
if ($user["s_password"] == sha1(Params::getParam('password'))) {
if (Params::getParam('remember') == 1) {
//this include contains de osc_genRandomPassword function
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$secret = osc_genRandomPassword();
User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id']));
Cookie::newInstance()->set_expires(osc_time_cookie());
Cookie::newInstance()->push('oc_userId', $user['pk_i_id']);
Cookie::newInstance()->push('oc_userSecret', $secret);
Cookie::newInstance()->set();
}
//we are logged in... let's go!
Session::newInstance()->_set('userId', $user['pk_i_id']);
Session::newInstance()->_set('userName', $user['s_name']);
Session::newInstance()->_set('userEmail', $user['s_email']);
$phone = $user['s_phone_mobile'] ? $user['s_phone_mobile'] : $user['s_phone_land'];
Session::newInstance()->_set('userPhone', $phone);
} else {
osc_add_flash_message(_m('The password is incorrect'));
}
//returning logged in to the main page...
$this->redirectTo(osc_user_dashboard_url());
break;
case 'recover':
//form to recover the password (in this case we have the form in /gui/)
$this->doView('user-recover.php');
break;
case 'recover_post':
//post execution to recover the password
require_once LIB_PATH . 'osclass/UserActions.php';
$userActions = new UserActions(false);
$recaptcha_ok = $userActions->recover_password();
if ($recaptcha_ok) {
// We ALWAYS show the same message, so we don't give clues about which emails are in our database and which don't!
osc_add_flash_message(_m('We have sent you an email with the instructions to reset your password'));
$this->redirectTo(osc_base_url());
} else {
osc_add_flash_message(_m('The recaptcha code is wrong'));
$this->redirectTo(osc_recover_user_password_url());
}
break;
case 'forgot':
//form to recover the password (in this case we have the form in /gui/)
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user) {
$this->doView('user-forgot_password.php');
} else {
osc_add_flash_message(_m('Sorry, the link is not valid'));
$this->redirectTo(osc_base_url());
}
break;
case 'forgot_post':
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user) {
if (Params::getParam('new_password') == Params::getParam('new_password2')) {
User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => $_SERVER['REMOTE_ADDR'], 's_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => $user['pk_i_id']));
osc_add_flash_message(_m('The password has been changed'));
$this->redirectTo(osc_user_login_url());
} else {
osc_add_flash_message(_m('Error, the password don\'t match'));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
} else {
osc_add_flash_message(_m('Sorry, the link is not valid'));
}
$this->redirectTo(osc_base_url());
break;
default:
//login
if (osc_logged_user_id() != '') {
$this->redirectTo(osc_user_dashboard_url());
}
$this->doView('user-login.php');
}
}
function doModel()
{
switch ($this->action) {
case 'login_post':
//post execution for the login
if (!osc_users_enabled()) {
osc_add_flash_error_message(_m('Users are not enabled'));
$this->redirectTo(osc_base_url());
}
require_once LIB_PATH . 'osclass/UserActions.php';
$user = User::newInstance()->findByEmail(Params::getParam('email'));
$url_redirect = osc_user_dashboard_url();
$page_redirect = '';
if (osc_rewrite_enabled()) {
if (isset($_SERVER['HTTP_REFERER'])) {
$request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $_SERVER['HTTP_REFERER']));
$tmp_ar = explode("?", $request_uri);
$request_uri = $tmp_ar[0];
$rules = Rewrite::newInstance()->listRules();
foreach ($rules as $match => $uri) {
if (preg_match('#' . $match . '#', $request_uri, $m)) {
$request_uri = preg_replace('#' . $match . '#', $uri, $request_uri);
if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) {
$page_redirect = $match[2];
}
break;
}
}
}
} else {
if (preg_match('|[\\?&]page=([^&]+)|', $_SERVER['HTTP_REFERER'] . '&', $match)) {
$page_redirect = $match[1];
}
}
if (Params::getParam('http_referer') != '') {
Session::newInstance()->_setReferer(Params::getParam('http_referer'));
$url_redirect = Params::getParam('http_referer');
} else {
if (Session::newInstance()->_getReferer() != '') {
Session::newInstance()->_setReferer(Session::newInstance()->_getReferer());
$url_redirect = Session::newInstance()->_getReferer();
} else {
if ($page_redirect != '' && $page_redirect != 'login') {
Session::newInstance()->_setReferer($_SERVER['HTTP_REFERER']);
$url_redirect = $_SERVER['HTTP_REFERER'];
}
}
}
if (!$user) {
osc_add_flash_error_message(_m('The username doesn\'t exist'));
$this->redirectTo(osc_user_login_url());
}
if ($user["s_password"] != sha1(Params::getParam('password'))) {
osc_add_flash_error_message(_m('The password is incorrect'));
$this->redirectTo(osc_user_login_url());
}
$uActions = new UserActions(false);
$logged = $uActions->bootstrap_login($user['pk_i_id']);
if ($logged == 0) {
osc_add_flash_error_message(_m('The username doesn\'t exist'));
} else {
if ($logged == 1) {
osc_add_flash_error_message(_m('The user has not been validated yet'));
} else {
if ($logged == 2) {
osc_add_flash_error_message(_m('The user has been suspended'));
} else {
if ($logged == 3) {
if (Params::getParam('remember') == 1) {
//this include contains de osc_genRandomPassword function
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$secret = osc_genRandomPassword();
User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id']));
Cookie::newInstance()->set_expires(osc_time_cookie());
Cookie::newInstance()->push('oc_userId', $user['pk_i_id']);
Cookie::newInstance()->push('oc_userSecret', $secret);
Cookie::newInstance()->set();
}
$this->redirectTo($url_redirect);
} else {
osc_add_flash_error_message(_m('This should never happens'));
}
}
}
}
if (!$user['b_enabled']) {
$this->redirectTo(osc_user_login_url());
}
$this->redirectTo(osc_user_login_url());
break;
case 'recover':
//form to recover the password (in this case we have the form in /gui/)
$this->doView('user-recover.php');
break;
case 'recover_post':
//post execution to recover the password
require_once LIB_PATH . 'osclass/UserActions.php';
// e-mail is incorrect
if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) {
osc_add_flash_error_message(_m('Invalid email address'));
$this->redirectTo(osc_recover_user_password_url());
}
$userActions = new UserActions(false);
$success = $userActions->recover_password();
switch ($success) {
case 0:
// recover ok
osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password'));
$this->redirectTo(osc_base_url());
break;
case 1:
// e-mail does not exist
osc_add_flash_error_message(_m('We were not able to identify you given the information provided'));
$this->redirectTo(osc_recover_user_password_url());
break;
case 2:
// recaptcha wrong
osc_add_flash_error_message(_m('The recaptcha code is wrong'));
$this->redirectTo(osc_recover_user_password_url());
break;
}
break;
case 'forgot':
//form to recover the password (in this case we have the form in /gui/)
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user) {
$this->doView('user-forgot_password.php');
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
$this->redirectTo(osc_base_url());
}
break;
case 'forgot_post':
if (Params::getParam('new_password') == '' || Params::getParam('new_password2') == '') {
osc_add_flash_warning_message(_m('Password cannot be blank'));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user['b_enabled'] == 1) {
if (Params::getParam('new_password') == Params::getParam('new_password2')) {
User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => $_SERVER['REMOTE_ADDR'], 's_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => $user['pk_i_id']));
osc_add_flash_ok_message(_m('The password has been changed'));
$this->redirectTo(osc_user_login_url());
} else {
osc_add_flash_error_message(_m('Error, the password don\'t match'));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
}
$this->redirectTo(osc_base_url());
break;
default:
//login
if (osc_logged_user_id() != '') {
$this->redirectTo(osc_user_dashboard_url());
}
$this->doView('user-login.php');
}
}
function doModel()
{
//calling the view...
$locales = OSCLocale::newInstance()->listAllEnabled();
$this->_exportVariableToView('locales', $locales);
switch ($this->action) {
case 'item_add':
// post
if (osc_reg_user_post() && $this->user == null) {
osc_add_flash_warning_message(_m('Only registered users are allowed to post listings'));
$this->redirectTo(osc_user_login_url());
}
$countries = Country::newInstance()->listAll();
$regions = array();
if (isset($this->user['fk_c_country_code']) && $this->user['fk_c_country_code'] != '') {
$regions = Region::newInstance()->findByCountry($this->user['fk_c_country_code']);
} else {
if (count($countries) > 0) {
$regions = Region::newInstance()->findByCountry($countries[0]['pk_c_code']);
}
}
$cities = array();
if (isset($this->user['fk_i_region_id']) && $this->user['fk_i_region_id'] != '') {
$cities = City::newInstance()->findByRegion($this->user['fk_i_region_id']);
} else {
if (count($regions) > 0) {
$cities = City::newInstance()->findByRegion($regions[0]['pk_i_id']);
}
}
$this->_exportVariableToView('countries', $countries);
$this->_exportVariableToView('regions', $regions);
$this->_exportVariableToView('cities', $cities);
$form = count(Session::newInstance()->_getForm());
$keepForm = count(Session::newInstance()->_getKeepForm());
if ($form == 0 || $form == $keepForm) {
Session::newInstance()->_dropKeepForm();
}
if (Session::newInstance()->_getForm('countryId') != "") {
$countryId = Session::newInstance()->_getForm('countryId');
$regions = Region::newInstance()->findByCountry($countryId);
$this->_exportVariableToView('regions', $regions);
if (Session::newInstance()->_getForm('regionId') != "") {
$regionId = Session::newInstance()->_getForm('regionId');
$cities = City::newInstance()->findByRegion($regionId);
$this->_exportVariableToView('cities', $cities);
}
}
$this->_exportVariableToView('user', $this->user);
osc_run_hook('post_item');
$this->doView('item-post.php');
break;
case 'item_add_post':
//post_item
if (osc_reg_user_post() && $this->user == null) {
osc_add_flash_warning_message(_m('Only registered users are allowed to post listings'));
$this->redirectTo(osc_base_url(true));
}
$mItems = new ItemActions(false);
// prepare data for ADD ITEM
$mItems->prepareData(true);
// set all parameters into session
foreach ($mItems->data as $key => $value) {
Session::newInstance()->_setForm($key, $value);
}
$meta = Params::getParam('meta');
if (is_array($meta)) {
foreach ($meta as $key => $value) {
Session::newInstance()->_setForm('meta_' . $key, $value);
Session::newInstance()->_keepForm('meta_' . $key);
}
}
if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
$this->redirectTo(osc_item_post_url());
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
if (!osc_is_web_user_logged_in()) {
$user = User::newInstance()->findByEmail($mItems->data['contactEmail']);
// The user exists but it's not logged
if (isset($user['pk_i_id'])) {
foreach ($mItems->data as $key => $value) {
Session::newInstance()->_keepForm($key);
}
osc_add_flash_error_message(_m('A user with that email address already exists, if it is you, please log in'));
$this->redirectTo(osc_user_login_url());
}
}
// POST ITEM ( ADD ITEM )
$success = $mItems->add();
if ($success != 1 && $success != 2) {
osc_add_flash_error_message($success);
$this->redirectTo(osc_item_post_url());
} else {
Session::newInstance()->_dropkeepForm('meta_' . $key);
if ($success == 1) {
osc_add_flash_ok_message(_m('Check your inbox to validate your listing'));
} else {
osc_add_flash_ok_message(_m('Your listing has been published'));
}
$itemId = Params::getParam('itemId');
$item = $this->itemManager->findByPrimaryKey($itemId);
osc_run_hook('posted_item', $item);
$category = Category::newInstance()->findByPrimaryKey(Params::getParam('catId'));
View::newInstance()->_exportVariableToView('category', $category);
$this->redirectTo(osc_search_category_url());
}
break;
case 'item_edit':
// edit item
$secret = Params::getParam('secret');
$id = Params::getParam('id');
$item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", addslashes($id), addslashes($secret), addslashes($this->userId));
if (count($item) == 1) {
$item = Item::newInstance()->findByPrimaryKey($id);
$form = count(Session::newInstance()->_getForm());
$keepForm = count(Session::newInstance()->_getKeepForm());
if ($form == 0 || $form == $keepForm) {
Session::newInstance()->_dropKeepForm();
}
$this->_exportVariableToView('item', $item);
osc_run_hook("before_item_edit", $item);
$this->doView('item-edit.php');
} else {
// add a flash message [ITEM NO EXISTE]
osc_add_flash_error_message(_m("Sorry, we don't have any listings with that ID"));
if ($this->user != null) {
$this->redirectTo(osc_user_list_items_url());
} else {
$this->redirectTo(osc_base_url());
}
}
break;
case 'item_edit_post':
// recoger el secret y el
$secret = Params::getParam('secret');
$id = Params::getParam('id');
$item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", addslashes($id), addslashes($secret), addslashes($this->userId));
if (count($item) == 1) {
$this->_exportVariableToView('item', $item[0]);
$mItems = new ItemActions(false);
// prepare data for ADD ITEM
$mItems->prepareData(false);
// set all parameters into session
foreach ($mItems->data as $key => $value) {
Session::newInstance()->_setForm($key, $value);
}
$meta = Params::getParam('meta');
if (is_array($meta)) {
foreach ($meta as $key => $value) {
Session::newInstance()->_setForm('meta_' . $key, $value);
Session::newInstance()->_keepForm('meta_' . $key);
}
}
if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
$this->redirectTo(osc_item_edit_url());
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
$success = $mItems->edit();
osc_run_hook('edited_item', Item::newInstance()->findByPrimaryKey($id));
if ($success == 1) {
osc_add_flash_ok_message(_m("Great! We've just updated your listing"));
View::newInstance()->_exportVariableToView("item", Item::newInstance()->findByPrimaryKey($id));
$this->redirectTo(osc_item_url());
} else {
osc_add_flash_error_message($success);
$this->redirectTo(osc_item_edit_url($secret));
}
}
break;
case 'activate':
$secret = Params::getParam('secret');
$id = Params::getParam('id');
$item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s') OR (i.fk_i_user_id = '%d'))", addslashes($id), addslashes($secret), addslashes($this->userId));
// item doesn't exist
if (count($item) == 0) {
$this->do404();
return;
}
View::newInstance()->_exportVariableToView('item', $item[0]);
if ($item[0]['b_active'] == 0) {
// ACTIVETE ITEM
$mItems = new ItemActions(false);
$success = $mItems->activate($item[0]['pk_i_id'], $item[0]['s_secret']);
if ($success) {
osc_add_flash_ok_message(_m('The listing has been validated'));
} else {
osc_add_flash_error_message(_m("The listing can't be validated"));
}
} else {
osc_add_flash_warning_message(_m('The listing has already been validated'));
}
$this->redirectTo(osc_item_url());
break;
case 'item_delete':
$secret = Params::getParam('secret');
$id = Params::getParam('id');
$item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s') OR (i.fk_i_user_id = '%d'))", addslashes($id), addslashes($secret), addslashes($this->userId));
if (count($item) == 1) {
$mItems = new ItemActions(false);
$success = $mItems->delete($item[0]['s_secret'], $item[0]['pk_i_id']);
if ($success) {
osc_add_flash_ok_message(_m('Your listing has been deleted'));
} else {
osc_add_flash_error_message(_m("The listing you are trying to delete couldn't be deleted"));
}
if ($this->user != null) {
$this->redirectTo(osc_user_list_items_url());
} else {
$this->redirectTo(osc_base_url());
}
} else {
osc_add_flash_error_message(_m("The listing you are trying to delete couldn't be deleted"));
$this->redirectTo(osc_base_url());
}
break;
case 'mark':
$id = Params::getParam('id');
$as = Params::getParam('as');
$item = Item::newInstance()->findByPrimaryKey($id);
View::newInstance()->_exportVariableToView('item', $item);
require_once osc_lib_path() . 'osclass/user-agents.php';
foreach ($user_agents as $ua) {
if (preg_match('|' . $ua . '|', @$_SERVER['HTTP_USER_AGENT'])) {
// mark item if it's not a bot
$mItem = new ItemActions(false);
$mItem->mark($id, $as);
break;
}
}
osc_add_flash_ok_message(_m("Thanks! That's very helpful"));
$this->redirectTo(osc_item_url());
break;
case 'send_friend':
$item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
$this->_exportVariableToView('item', $item);
$this->doView('item-send-friend.php');
break;
case 'send_friend_post':
$item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
$this->_exportVariableToView('item', $item);
Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail'));
Session::newInstance()->_setForm("yourName", Params::getParam('yourName'));
Session::newInstance()->_setForm("friendName", Params::getParam('friendName'));
Session::newInstance()->_setForm("friendEmail", Params::getParam('friendEmail'));
Session::newInstance()->_setForm("message_body", Params::getParam('message'));
if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
$this->redirectTo(osc_item_send_friend_url());
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
$mItem = new ItemActions(false);
$success = $mItem->send_friend();
if ($success) {
Session::newInstance()->_clearVariables();
$this->redirectTo(osc_item_url());
} else {
$this->redirectTo(osc_item_send_friend_url());
}
break;
case 'contact':
$item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
if (empty($item)) {
osc_add_flash_error_message(_m("This listing doesn't exist"));
$this->redirectTo(osc_base_url(true));
} else {
$this->_exportVariableToView('item', $item);
if (osc_item_is_expired()) {
osc_add_flash_error_message(_m("We're sorry, but the listing has expired. You can't contact the seller"));
$this->redirectTo(osc_item_url());
}
if (osc_reg_user_can_contact() && osc_is_web_user_logged_in() || !osc_reg_user_can_contact()) {
$this->doView('item-contact.php');
} else {
osc_add_flash_error_message(_m("You can't contact the seller, only registered users can"));
$this->redirectTo(osc_item_url());
}
}
break;
case 'contact_post':
$item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
$this->_exportVariableToView('item', $item);
if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail'));
Session::newInstance()->_setForm("yourName", Params::getParam('yourName'));
Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber'));
Session::newInstance()->_setForm("message_body", Params::getParam('message'));
$this->redirectTo(osc_item_url());
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
if (osc_isExpired($item['dt_expiration'])) {
osc_add_flash_error_message(_m("We're sorry, but the listing has expired. You can't contact the seller"));
$this->redirectTo(osc_item_url());
}
$mItem = new ItemActions(false);
$result = $mItem->contact();
if (is_string($result)) {
osc_add_flash_error_message($result);
} else {
osc_add_flash_ok_message(_m("We've just sent an e-mail to the seller"));
}
$this->redirectTo(osc_item_url());
break;
case 'add_comment':
$mItem = new ItemActions(false);
$status = $mItem->add_comment();
switch ($status) {
case -1:
$msg = _m('Sorry, we could not save your comment. Try again later');
osc_add_flash_error_message($msg);
break;
case 1:
$msg = _m('Your comment is awaiting moderation');
osc_add_flash_info_message($msg);
break;
case 2:
$msg = _m('Your comment has been approved');
osc_add_flash_ok_message($msg);
break;
case 3:
$msg = _m('Please fill the required field (email)');
osc_add_flash_warning_message($msg);
break;
case 4:
$msg = _m('Please type a comment');
osc_add_flash_warning_message($msg);
break;
case 5:
$msg = _m('Your comment has been marked as spam');
osc_add_flash_error_message($msg);
break;
}
$this->redirectTo(osc_item_url());
break;
case 'delete_comment':
$mItem = new ItemActions(false);
$status = $mItem->add_comment();
$itemId = Params::getParam('id');
$commentId = Params::getParam('comment');
$item = Item::newInstance()->findByPrimaryKey($itemId);
if (count($item) == 0) {
osc_add_flash_error_message(_m("This listing doesn't exist"));
$this->redirectTo(osc_base_url(true));
}
View::newInstance()->_exportVariableToView('item', $item);
if ($this->userId == null) {
osc_add_flash_error_message(_m('You must be logged in to delete a comment'));
$this->redirectTo(osc_item_url());
}
$commentManager = ItemComment::newInstance();
$aComment = $commentManager->findByPrimaryKey($commentId);
if (count($aComment) == 0) {
osc_add_flash_error_message(_m("The comment doesn't exist"));
$this->redirectTo(osc_item_url());
}
if ($aComment['b_active'] != 1) {
osc_add_flash_error_message(_m('The comment is not active, you cannot delete it'));
$this->redirectTo(osc_item_url());
}
if ($aComment['fk_i_user_id'] != $this->userId) {
osc_add_flash_error_message(_m('The comment was not added by you, you cannot delete it'));
$this->redirectTo(osc_item_url());
}
$commentManager->deleteByPrimaryKey($commentId);
osc_add_flash_ok_message(_m('The comment has been deleted'));
$this->redirectTo(osc_item_url());
break;
default:
// if there isn't ID, show an error 404
if (Params::getParam('id') == '') {
$this->do404();
return;
}
if (Params::getParam('lang') != '') {
Session::newInstance()->_set('userLocale', Params::getParam('lang'));
}
$item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
// if item doesn't exist show an error 404
if (count($item) == 0) {
$this->do404();
return;
}
if ($item['b_active'] != 1) {
if ($this->userId == $item['fk_i_user_id']) {
osc_add_flash_warning_message(_m("The listing hasn't been validated. Please validate it in order to make it public"));
} else {
osc_add_flash_warning_message(_m("This listing hasn't been validated"));
$this->redirectTo(osc_base_url(true));
}
} else {
if ($item['b_enabled'] == 0) {
osc_add_flash_warning_message(_m('The listing has been suspended'));
$this->redirectTo(osc_base_url(true));
}
}
if (!osc_is_admin_user_logged_in()) {
require_once osc_lib_path() . 'osclass/user-agents.php';
foreach ($user_agents as $ua) {
if (preg_match('|' . $ua . '|', @$_SERVER['HTTP_USER_AGENT'])) {
$mStats = new ItemStats();
$mStats->increase('i_num_views', $item['pk_i_id']);
break;
}
}
}
foreach ($item['locale'] as $k => $v) {
$item['locale'][$k]['s_title'] = osc_apply_filter('item_title', $v['s_title']);
$item['locale'][$k]['s_description'] = nl2br(osc_apply_filter('item_description', $v['s_description']));
}
if ($item['fk_i_user_id'] != '') {
$user = User::newInstance()->findByPrimaryKey($item['fk_i_user_id']);
$this->_exportVariableToView('user', $user);
}
$this->_exportVariableToView('item', $item);
osc_run_hook('show_item', $item);
// redirect to the correct url just in case it has changed
$itemURI = str_replace(osc_base_url(), '', osc_item_url());
$URI = preg_replace('|^' . REL_WEB_URL . '|', '', $_SERVER['REQUEST_URI']);
// do not clean QUERY_STRING if permalink is not enabled
if (osc_rewrite_enabled()) {
$URI = str_replace('?' . $_SERVER['QUERY_STRING'], '', $URI);
} else {
$params_keep = array('page', 'id');
$params = array();
foreach (Params::getParamsAsArray('get') as $k => $v) {
if (in_array($k, $params_keep)) {
$params[] = "{$k}={$v}";
}
}
$URI = 'index.php?' . implode('&', $params);
}
// redirect to the correct url
if ($itemURI != $URI) {
$this->redirectTo(osc_base_url() . $itemURI);
}
$this->doView('item.php');
break;
}
}
?>
><?php
_e('Saturday');
?>
</option>
</select>
</div>
</div>
<div class="form-row">
<div class="form-label"><?php
_e('Timezone');
?>
</div>
<div class="form-controls">
<?php
require osc_lib_path() . 'osclass/timezones.php';
?>
<select name="timezone" id="timezone">
<?php
$selected_tz = osc_timezone();
?>
<option value="" selected="selected"><?php
_e('Select a timezone...');
?>
</option>
<?php
foreach ($timezone as $tz) {
?>
<option value="<?php
echo $tz;
?>
function make_userlogin()
{
if (isset($_GET['page'])) {
return;
}
$facebookData = FacebookClassified::newInstance()->selectFacebookData();
$api_id = osc_get_preference('facebook_api_id', 'classified');
$api_secret = osc_get_preference('facebook_api_secret', 'classified');
if (isset($_GET['code']) and !empty($_GET['code'])) {
$code = $_GET['code'];
if (!empty($code)) {
$get_access_data = facebookall_get_fb_contents("https://graph.facebook.com/v2.3/oauth/access_token?" . 'client_id=' . $api_id . '&redirect_uri=' . urlencode(osc_base_url()) . '&client_secret=' . $api_secret . '&code=' . urlencode($code));
$access_data = json_decode($get_access_data, true);
}
if (empty($access_data['access_token'])) {
$get_access_data = facebookall_get_fb_contents("https://graph.facebook.com/v2.3/oauth/access_token?" . 'client_id=' . $api_id . '&redirect_uri=' . urlencode(osc_base_url()) . '&client_secret=' . $api_secret . '&code=' . urlencode($code));
$access_data = json_decode($get_access_data, true);
}
if (!empty($access_data['access_token'])) {
$access_token = $access_data['access_token'];
} else {
echo 'Error : Could not get access token please check your app settings for more about this error<br> Or Follow our doc setion <a href="http://sourceaddons.com/documentation">Documentation Section</a>.';
exit;
}
?>
<script>
window.opener.FbAll.parentRedirect({'action' : 'fball', 'fball_access_token' : '<?php
echo $access_token;
?>
'});
window.close();
</script>
<?php
}
if (!empty($_REQUEST['fball_access_token']) and isset($_REQUEST['fball_redirect'])) {
$user_info = json_decode(facebookall_get_fb_contents("https://graph.facebook.com/v2.3/me?access_token=" . $_REQUEST['fball_access_token']));
Session::newInstance()->_set('fb-token', $_REQUEST['fball_access_token']);
$user_data = get_userprofile_data($user_info);
if (!empty($user_data['email']) and !empty($user_data['id'])) {
// Filter username form data.
if (!empty($user_data['name'])) {
$username = $user_data['name'];
} else {
if (!empty($user_data['first_name']) && !empty($user_data['last_name'])) {
$username = $user_data['first_name'] . $user_data['last_name'];
} else {
$user_emailname = explode('@', $user_data['email']);
$username = $user_emailname[0];
}
}
$user_login = $username;
$new_user = false;
$user_id = get_userid($user_data['id']);
if (empty($user_id)) {
//Not Registered As Facebook User
$u_data = User::newInstance()->findByEmail($user_data['email']);
if (!empty($u_data)) {
//Registered As OSClass but not as Facebook User
$user = User::newInstance()->findByEmail($user_data['email']);
insert_facebook_user_data($user['pk_i_id'], $user_data['id']);
} else {
//New User Not Registered as Facebook User And OSClass User
$new_user = true;
register_user($user_data);
}
}
$manager = User::newInstance();
$oscUser = $manager->findByEmail($user_data['email']);
$email = $oscUser['pk_i_id'];
require_once osc_lib_path() . 'osclass/UserActions.php';
$uActions = new UserActions(false);
$logged = $uActions->bootstrap_login($oscUser['pk_i_id']);
// Redirect user.
osc_redirect_to(osc_user_dashboard_url());
/*
if (!empty ($_GET['redirect_to'])) {
$redirect_to = $_GET['redirect_to'];
wp_safe_redirect ($redirect_to);
}
else {
$redirect_to = facebookall_redirect_loggedin_user();
wp_redirect ($redirect_to);
}
exit();
}
*/
}
}
}
}
}
} else {
$message = __('Nothing to copy');
}
break;
case 'execute-sql':
if (file_exists(osc_lib_path() . 'osclass/installer/struct.sql')) {
$sql = file_get_contents(osc_lib_path() . 'osclass/installer/struct.sql');
$conn = DBConnectionClass::newInstance();
$c_db = $conn->getOsclassDb();
$comm = new DBCommandClass($c_db);
$comm->updateDB(str_replace('/*TABLE_PREFIX*/', DB_TABLE_PREFIX, $sql));
$message = __('Tables updated correctly');
} else {
$message = __('No tables update to execute');
}
break;
case 'execute-actions':
if (file_exists(osc_lib_path() . 'osclass/upgrade-funcs.php')) {
require_once osc_lib_path() . 'osclass/upgrade-funcs.php';
$message = __('Custom actions executed');
} else {
$message = __('No action to execute');
}
break;
default:
osc_renderAdminSection('tools/upgrade.php', __('Update'));
break;
}
echo $message;
function doModel()
{
parent::doModel();
if (osc_is_moderator() && ($this->action == 'settings' || $this->action == 'settings_post')) {
osc_add_flash_error_message(_m("You don't have enough permissions"), "admin");
$this->redirectTo(osc_admin_base_url());
}
//specific things for this class
switch ($this->action) {
case 'bulk_actions':
osc_csrf_check();
$mItems = new ItemActions(true);
switch (Params::getParam('bulk_actions')) {
case 'enable_all':
$id = Params::getParam('id');
if ($id) {
$numSuccess = 0;
foreach ($id as $_id) {
if ($mItems->enable($_id)) {
$numSuccess++;
}
}
osc_add_flash_ok_message(sprintf(_mn('%d listing has been enabled', '%d listings have been enabled', $numSuccess), $numSuccess), 'admin');
}
break;
case 'disable_all':
$id = Params::getParam('id');
if ($id) {
$numSuccess = 0;
foreach ($id as $_id) {
if ($mItems->disable((int) $_id)) {
$numSuccess++;
}
}
osc_add_flash_ok_message(sprintf(_mn('%d listing has been disabled', '%d listings have been disabled', $numSuccess), $numSuccess), 'admin');
}
break;
case 'activate_all':
$id = Params::getParam('id');
if ($id) {
$numSuccess = 0;
foreach ($id as $_id) {
if ($mItems->activate($_id)) {
$numSuccess++;
}
}
osc_add_flash_ok_message(sprintf(_mn('%d listing has been activated', '%d listings have been activated', $numSuccess), $numSuccess), 'admin');
}
break;
case 'deactivate_all':
$id = Params::getParam('id');
if ($id) {
$numSuccess = 0;
foreach ($id as $_id) {
if ($mItems->deactivate($_id)) {
$numSuccess++;
}
}
osc_add_flash_ok_message(sprintf(_m('%d listing has been deactivated', '%d listings have been deactivated', $numSuccess), $numSuccess), 'admin');
}
break;
case 'premium_all':
$id = Params::getParam('id');
if ($id) {
$numSuccess = 0;
foreach ($id as $_id) {
if ($mItems->premium($_id)) {
$numSuccess++;
}
}
osc_add_flash_ok_message(sprintf(_mn('%d listing has been marked as premium', '%d listings have been marked as premium', $numSuccess), $numSuccess), 'admin');
}
break;
case 'depremium_all':
$id = Params::getParam('id');
if ($id) {
$numSuccess = 0;
foreach ($id as $_id) {
if ($mItems->premium($_id, false)) {
$numSuccess++;
}
}
osc_add_flash_ok_message(sprintf(_mn('%d change has been made', '%d changes have been made', $numSuccess), $numSuccess), 'admin');
}
break;
case 'spam_all':
$id = Params::getParam('id');
if ($id) {
$numSuccess = 0;
foreach ($id as $_id) {
if ($mItems->spam($_id)) {
$numSuccess++;
}
}
osc_add_flash_ok_message(sprintf(_mn('%d listing has been marked as spam', '%d listings have been marked as spam', $numSuccess), $numSuccess), 'admin');
}
break;
case 'despam_all':
$id = Params::getParam('id');
if ($id) {
$numSuccess = 0;
foreach ($id as $_id) {
if ($mItems->spam($_id, false)) {
$numSuccess++;
}
}
osc_add_flash_ok_message(sprintf(_mn('%d change has been made', '%d changes have been made', $numSuccess), $numSuccess), 'admin');
}
break;
case 'delete_all':
$id = Params::getParam('id');
$success = false;
if ($id) {
$numSuccess = 0;
foreach ($id as $i) {
if ($i) {
$item = $this->itemManager->findByPrimaryKey($i);
$success = $mItems->delete($item['s_secret'], $item['pk_i_id']);
if ($success) {
$numSuccess++;
}
}
}
osc_add_flash_ok_message(sprintf(_mn('%d listing has been deleted', '%d listings have been deleted', $numSuccess), $numSuccess), 'admin');
}
break;
case 'clear_spam_all':
$id = Params::getParam('id');
$success = false;
if ($id) {
$numSuccess = 0;
foreach ($id as $i) {
if ($i) {
$success = $this->itemManager->clearStat($i, 'spam');
if ($success) {
$numSuccess++;
}
}
}
osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked as spam', '%d listings have been unmarked as spam', $numSuccess), $numSuccess), 'admin');
}
break;
case 'clear_bad_all':
$id = Params::getParam('id');
$success = false;
if ($id) {
$numSuccess = 0;
foreach ($id as $i) {
if ($i) {
$success = $this->itemManager->clearStat($i, 'bad');
if ($success) {
$numSuccess++;
}
}
}
osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked as missclassified', '%d listings have been unmarked as missclassified', $numSuccess), $numSuccess), 'admin');
}
break;
case 'clear_dupl_all':
$id = Params::getParam('id');
$success = false;
if ($id) {
$numSuccess = 0;
foreach ($id as $i) {
if ($i) {
$success = $this->itemManager->clearStat($i, 'duplicated');
if ($success) {
$numSuccess++;
}
}
}
osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked as duplicated', '%d listings have been unmarked as duplicated', $numSuccess), $numSuccess), 'admin');
}
break;
case 'clear_expi_all':
$id = Params::getParam('id');
$success = false;
if ($id) {
$numSuccess = 0;
foreach ($id as $i) {
if ($i) {
$success = $this->itemManager->clearStat($i, 'expired');
if ($success) {
$numSuccess++;
}
}
}
osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked as expired', '%d listings have been unmarked as expired', $numSuccess), $numSuccess), 'admin');
}
break;
case 'clear_offe_all':
$id = Params::getParam('id');
$success = false;
if ($id) {
$numSuccess = 0;
foreach ($id as $i) {
if ($i) {
$success = $this->itemManager->clearStat($i, 'offensive');
if ($success) {
$numSuccess++;
}
}
}
osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked as offensive', '%d listings have been unmarked as offensive', $numSuccess), $numSuccess), 'admin');
}
break;
case 'clear_all':
$id = Params::getParam('id');
$success = false;
if ($id) {
$numSuccess = 0;
foreach ($id as $i) {
if ($i) {
$success = $this->itemManager->clearStat($i, 'all');
if ($success) {
$numSuccess++;
}
}
}
osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked', '%d listings have been unmarked', $numSuccess), $numSuccess), 'admin');
}
break;
default:
if (Params::getParam("bulk_actions") != "") {
osc_run_hook("item_bulk_" . Params::getParam("bulk_actions"), Params::getParam('id'));
}
break;
}
$this->redirectTo($_SERVER['HTTP_REFERER']);
break;
case 'delete':
//delete
osc_csrf_check();
$id = Params::getParam('id');
$success = false;
foreach ($id as $i) {
if ($i) {
$aItem = $this->itemManager->findByPrimaryKey($i);
$mItems = new ItemActions(true);
$success = $mItems->delete($aItem['s_secret'], $aItem['pk_i_id']);
}
}
if ($success) {
osc_add_flash_ok_message(_m('The listing has been deleted'), 'admin');
} else {
osc_add_flash_error_message(_m("The listing couldn't be deleted"), 'admin');
}
$this->redirectTo($_SERVER['HTTP_REFERER']);
break;
case 'status':
//status
osc_csrf_check();
$id = Params::getParam('id');
$value = Params::getParam('value');
if (!$id) {
return false;
}
$id = (int) $id;
if (!is_numeric($id)) {
return false;
}
if (!in_array($value, array('ACTIVE', 'INACTIVE', 'ENABLE', 'DISABLE'))) {
return false;
}
$item = $this->itemManager->findByPrimaryKey($id);
$mItems = new ItemActions(true);
switch ($value) {
case 'ACTIVE':
$success = $mItems->activate($id);
if ($success && $success > 0) {
osc_add_flash_ok_message(_m('The listing has been activated'), 'admin');
} else {
if (!$success) {
osc_add_flash_error_message(_m('An error has occurred'), 'admin');
} else {
osc_add_flash_error_message(_m("The listing can't be activated because it's blocked"), 'admin');
}
}
break;
case 'INACTIVE':
$success = $mItems->deactivate($id);
if ($success && $success > 0) {
osc_add_flash_ok_message(_m('The listing has been deactivated'), 'admin');
} else {
osc_add_flash_error_message(_m('An error has occurred'), 'admin');
}
break;
case 'ENABLE':
$success = $mItems->enable($id);
if ($success && $success > 0) {
osc_add_flash_ok_message(_m('The listing has been enabled'), 'admin');
} else {
osc_add_flash_error_message(_m('An error has occurred'), 'admin');
}
break;
case 'DISABLE':
$success = $mItems->disable($id);
if ($success && $success > 0) {
osc_add_flash_ok_message(_m('The listing has been disabled'), 'admin');
} else {
osc_add_flash_error_message(_m('An error has occurred'), 'admin');
}
break;
}
$this->redirectTo($_SERVER['HTTP_REFERER']);
break;
case 'status_premium':
//status premium
osc_csrf_check();
$id = Params::getParam('id');
$value = Params::getParam('value');
if (!$id) {
return false;
}
$id = (int) $id;
if (!is_numeric($id)) {
return false;
}
if (!in_array($value, array(0, 1))) {
return false;
}
$mItems = new ItemActions(true);
if ($mItems->premium($id, $value == 1 ? true : false)) {
osc_add_flash_ok_message(_m('Changes have been applied'), 'admin');
} else {
osc_add_flash_error_message(_m('An error has occurred'), 'admin');
}
$this->redirectTo($_SERVER['HTTP_REFERER']);
break;
case 'status_spam':
//status spam
osc_csrf_check();
$id = Params::getParam('id');
$value = Params::getParam('value');
if (!$id) {
return false;
}
$id = (int) $id;
if (!is_numeric($id)) {
return false;
}
if (!in_array($value, array(0, 1))) {
return false;
}
$mItems = new ItemActions(true);
if ($mItems->spam($id, $value == 1 ? true : false)) {
osc_add_flash_ok_message(_m('Changes have been applied'), 'admin');
} else {
osc_add_flash_error_message(_m('An error has occurred'), 'admin');
}
$this->redirectTo($_SERVER['HTTP_REFERER']);
break;
case 'clear_stat':
osc_csrf_check();
$id = Params::getParam('id');
$stat = Params::getParam('stat');
if (!$id) {
return false;
}
if (!$stat) {
return false;
}
$id = (int) $id;
if (!is_numeric($id)) {
return false;
}
$success = $this->itemManager->clearStat($id, $stat);
if ($success) {
osc_add_flash_ok_message(_m('The listing has been unmarked as') . " {$stat}", 'admin');
} else {
osc_add_flash_error_message(_m("The listing hasn't been unmarked as") . " {$stat}", 'admin');
}
$this->redirectTo($_SERVER['HTTP_REFERER']);
break;
case 'item_edit':
// edit item
$id = Params::getParam('id');
$item = Item::newInstance()->findByPrimaryKey($id);
if (count($item) <= 0) {
$this->redirectTo(osc_admin_base_url(true) . "?page=items");
}
$csrf_token = osc_csrf_token_url();
if ($item['b_active']) {
$actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=INACTIVE">' . __('Deactivate') . '</a>';
} else {
$actions[] = '<a class="btn btn-red float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=ACTIVE">' . __('Activate') . '</a>';
}
if ($item['b_enabled']) {
$actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=DISABLE">' . __('Block') . '</a>';
} else {
$actions[] = '<a class="btn btn-red float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=ENABLE">' . __('Unblock') . '</a>';
}
if ($item['b_premium']) {
$actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status_premium&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=0">' . __('Unmark as premium') . '</a>';
} else {
$actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status_premium&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=1">' . __('Mark as premium') . '</a>';
}
if ($item['b_spam']) {
$actions[] = '<a class="btn btn-red float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status_spam&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=0">' . __('Unmark as spam') . '</a>';
} else {
$actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status_spam&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=1">' . __('Mark as spam') . '</a>';
}
$this->_exportVariableToView("actions", $actions);
$form = count(Session::newInstance()->_getForm());
$keepForm = count(Session::newInstance()->_getKeepForm());
if ($form == 0 || $form == $keepForm) {
Session::newInstance()->_dropKeepForm();
}
// save referer if belongs to manage items
// redirect only if ManageItems or ReportedListngs
if (isset($_SERVER['HTTP_REFERER'])) {
$referer = $_SERVER['HTTP_REFERER'];
if (preg_match('/page=items/', $referer)) {
if (preg_match("/action=([\\p{L}|_|-]+)/u", $referer, $matches)) {
if ($matches[1] == 'items_reported') {
Session::newInstance()->_set('osc_admin_referer', $referer);
}
} else {
// no actions - Manage Listings
Session::newInstance()->_set('osc_admin_referer', $referer);
}
}
}
$this->_exportVariableToView("item", $item);
$this->_exportVariableToView("new_item", FALSE);
osc_run_hook("before_item_edit", $item);
$this->doView('items/frm.php');
break;
case 'item_edit_post':
osc_csrf_check();
$mItems = new ItemActions(true);
$mItems->prepareData(false);
// set all parameters into session
foreach ($mItems->data as $key => $value) {
Session::newInstance()->_setForm($key, $value);
}
$meta = Params::getParam('meta');
if (is_array($meta)) {
foreach ($meta as $key => $value) {
Session::newInstance()->_setForm('meta_' . $key, $value);
Session::newInstance()->_keepForm('meta_' . $key);
}
}
$success = $mItems->edit();
if ($success == 1) {
osc_add_flash_ok_message(_m('Changes saved correctly'), 'admin');
$url = osc_admin_base_url(true) . "?page=items";
// if Referer is saved that means referer is ManageListings or ReportListings
if (Session::newInstance()->_get('osc_admin_referer') != '') {
$url = Session::newInstance()->_get('osc_admin_referer');
}
Session::newInstance()->_clearVariables();
$this->redirectTo($url);
} else {
osc_add_flash_error_message($success, 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=items&action=item_edit&id=" . Params::getParam('id'));
}
break;
case 'deleteResource':
//delete resource
osc_csrf_check();
$id = Params::getParam('id');
$name = Params::getParam('name');
$fkid = Params::getParam('fkid');
// delete files
osc_deleteResource($id, true);
Log::newInstance()->insertLog('items', 'deleteResource', $id, $id, 'admin', osc_logged_admin_id());
$result = ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $fkid, 's_name' => $name));
if ($result === false) {
osc_add_flash_error_message(_m('An error has occurred'), 'admin');
} else {
osc_add_flash_ok_message(_m('Resource deleted'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . "?page=items");
break;
case 'post':
// add item
$form = count(Session::newInstance()->_getForm());
$keepForm = count(Session::newInstance()->_getKeepForm());
if ($form == 0 || $form == $keepForm) {
Session::newInstance()->_dropKeepForm();
}
$this->_exportVariableToView("new_item", TRUE);
osc_run_hook('post_item');
$this->doView('items/frm.php');
break;
case 'post_item':
//post item
osc_csrf_check();
$mItem = new ItemActions(true);
$mItem->prepareData(true);
// set all parameters into session
foreach ($mItem->data as $key => $value) {
Session::newInstance()->_setForm($key, $value);
}
$meta = Params::getParam('meta');
if (is_array($meta)) {
foreach ($meta as $key => $value) {
Session::newInstance()->_setForm('meta_' . $key, $value);
Session::newInstance()->_keepForm('meta_' . $key);
}
}
$success = $mItem->add();
if ($success == 1 || $success == 2) {
$url = osc_admin_base_url(true) . "?page=items";
// if Referer is saved that means referer is ManageListings or ReportListings
if (Session::newInstance()->_get('osc_admin_referer') != '') {
Session::newInstance()->_drop('osc_admin_referer');
$url = Session::newInstance()->_get('osc_admin_referer');
}
Session::newInstance()->_clearVariables();
osc_add_flash_ok_message(_m('A new listing has been added'), 'admin');
$this->redirectTo($url);
} else {
osc_add_flash_error_message($success, 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=items&action=post");
}
break;
case 'settings':
// calling the items settings view
$this->doView('items/settings.php');
break;
case 'settings_post':
// update item settings
osc_csrf_check();
$iUpdated = 0;
$enabledRecaptchaItems = Params::getParam('enabled_recaptcha_items');
$enabledRecaptchaItems = $enabledRecaptchaItems == '1' ? true : false;
$moderateItems = Params::getParam('moderate_items');
$moderateItems = $moderateItems != '' ? true : false;
$numModerateItems = Params::getParam('num_moderate_items');
$itemsWaitTime = Params::getParam('items_wait_time');
$loggedUserItemValidation = Params::getParam('logged_user_item_validation');
$loggedUserItemValidation = $loggedUserItemValidation != '' ? true : false;
$regUserPost = Params::getParam('reg_user_post');
$regUserPost = $regUserPost != '' ? true : false;
$notifyNewItem = Params::getParam('notify_new_item');
$notifyNewItem = $notifyNewItem != '' ? true : false;
$notifyContactItem = Params::getParam('notify_contact_item');
$notifyContactItem = $notifyContactItem != '' ? true : false;
$notifyContactFriends = Params::getParam('notify_contact_friends');
$notifyContactFriends = $notifyContactFriends != '' ? true : false;
$enabledFieldPriceItems = Params::getParam('enableField#f_price@items');
$enabledFieldPriceItems = $enabledFieldPriceItems != '' ? true : false;
$enabledFieldImagesItems = Params::getParam('enableField#images@items');
$enabledFieldImagesItems = $enabledFieldImagesItems != '' ? true : false;
$numImagesItems = Params::getParam('numImages@items');
if ($numImagesItems == '') {
$numImagesItems = 0;
}
$regUserCanContact = Params::getParam('reg_user_can_contact');
$regUserCanContact = $regUserCanContact != '' ? true : false;
$contactItemAttachment = Params::getParam('item_attachment');
$contactItemAttachment = $contactItemAttachment != '' ? true : false;
$msg = '';
if (!osc_validate_int(Params::getParam("items_wait_time"))) {
$msg .= _m("Wait time must only contain numeric characters") . "<br/>";
}
if (Params::getParam("num_moderate_items") != '' && !osc_validate_int(Params::getParam("num_moderate_items"))) {
$msg .= _m("Number of moderated listings must only contain numeric characters") . "<br/>";
}
if (!osc_validate_int($numImagesItems)) {
$msg .= _m("Images per listing must only contain numeric characters") . "<br/>";
}
if ($msg != '') {
osc_add_flash_error_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=items&action=settings');
}
$iUpdated += Preference::newInstance()->update(array('s_value' => $enabledRecaptchaItems), array('s_name' => 'enabled_recaptcha_items'));
if ($moderateItems) {
$iUpdated += Preference::newInstance()->update(array('s_value' => $numModerateItems), array('s_name' => 'moderate_items'));
} else {
$iUpdated += Preference::newInstance()->update(array('s_value' => '-1'), array('s_name' => 'moderate_items'));
}
$iUpdated += Preference::newInstance()->update(array('s_value' => $loggedUserItemValidation), array('s_name' => 'logged_user_item_validation'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $regUserPost), array('s_name' => 'reg_user_post'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $notifyNewItem), array('s_name' => 'notify_new_item'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $notifyContactItem), array('s_name' => 'notify_contact_item'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $notifyContactFriends), array('s_name' => 'notify_contact_friends'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $enabledFieldPriceItems), array('s_name' => 'enableField#f_price@items'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $enabledFieldImagesItems), array('s_name' => 'enableField#images@items'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $itemsWaitTime), array('s_name' => 'items_wait_time'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $numImagesItems), array('s_name' => 'numImages@items'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $regUserCanContact), array('s_name' => 'reg_user_can_contact'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $contactItemAttachment), array('s_name' => 'item_attachment'));
if ($iUpdated > 0) {
osc_add_flash_ok_message(_m("Listings' settings have been updated"), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=items&action=settings');
break;
case 'items_reported':
require_once osc_lib_path() . "osclass/classes/datatables/ItemsDataTable.php";
// set default iDisplayLength
if (Params::getParam('iDisplayLength') != '') {
Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength'));
Cookie::newInstance()->set();
} else {
// set a default value if it's set in the cookie
if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') {
Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength'));
} else {
Params::setParam('iDisplayLength', 10);
}
}
$this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength'));
// Table header order by related
if (Params::getParam('sort') == '') {
Params::setParam('sort', 'date');
}
if (Params::getParam('direction') == '') {
Params::setParam('direction', 'desc');
}
$page = (int) Params::getParam('iPage');
if ($page == 0) {
$page = 1;
}
Params::setParam('iPage', $page);
$params = Params::getParamsAsArray("get");
$itemsDataTable = new ItemsDataTable();
$itemsDataTable->tableReported($params);
$aData = $itemsDataTable->getData();
if (count($aData['aRows']) == 0 && $page != 1) {
$total = (int) $aData['iTotalDisplayRecords'];
$maxPage = ceil($total / (int) $aData['iDisplayLength']);
$url = osc_admin_base_url(true) . '?' . $_SERVER['QUERY_STRING'];
if ($maxPage == 0) {
$url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url);
$this->redirectTo($url);
}
if ($page > 1) {
$url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url);
$this->redirectTo($url);
}
}
$this->_exportVariableToView('aData', $aData);
$this->_exportVariableToView('aRawRows', $itemsDataTable->rawRows());
//calling the view...
$this->doView('items/reported.php');
break;
default:
// default
require_once osc_lib_path() . "osclass/classes/datatables/ItemsDataTable.php";
// set default iDisplayLength
if (Params::getParam('iDisplayLength') != '') {
Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength'));
Cookie::newInstance()->set();
} else {
// set a default value if it's set in the cookie
if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') {
Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength'));
} else {
Params::setParam('iDisplayLength', 10);
}
}
$this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength'));
// Table header order by related
if (Params::getParam('sort') == '') {
Params::setParam('sort', 'date');
}
if (Params::getParam('direction') == '') {
Params::setParam('direction', 'desc');
}
$page = (int) Params::getParam('iPage');
if ($page == 0) {
$page = 1;
}
Params::setParam('iPage', $page);
$params = Params::getParamsAsArray("get");
$itemsDataTable = new ItemsDataTable();
$itemsDataTable->table($params);
$aData = $itemsDataTable->getData();
if (count($aData['aRows']) == 0 && $page != 1) {
$total = (int) $aData['iTotalDisplayRecords'];
$maxPage = ceil($total / (int) $aData['iDisplayLength']);
$url = osc_admin_base_url(true) . '?' . $_SERVER['QUERY_STRING'];
if ($maxPage == 0) {
$url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url);
$this->redirectTo($url);
}
if ($page > 1) {
$url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url);
$this->redirectTo($url);
}
}
$this->_exportVariableToView('aData', $aData);
$this->_exportVariableToView('withFilters', $itemsDataTable->withFilters());
$this->_exportVariableToView('aRawRows', $itemsDataTable->rawRows());
$bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Delete'))), 'label' => __('Delete')), array('value' => 'activate_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Activate'))), 'label' => __('Activate')), array('value' => 'deactivate_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Deactivate'))), 'label' => __('Deactivate')), array('value' => 'disable_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Block'))), 'label' => __('Block')), array('value' => 'enable_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Unblock'))), 'label' => __('Unblock')), array('value' => 'premium_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Mark as premium'))), 'label' => __('Mark as premium')), array('value' => 'depremium_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Unmark as premium'))), 'label' => __('Unmark as premium')), array('value' => 'spam_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Mark as spam'))), 'label' => __('Mark as spam')), array('value' => 'despam_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Unmark as spam'))), 'label' => __('Unmark as spam')));
$bulk_options = osc_apply_filter("item_bulk_filter", $bulk_options);
$this->_exportVariableToView('bulk_options', $bulk_options);
//calling the view...
$this->doView('items/index.php');
}
}
$comm->query(sprintf("INSERT INTO %st_pages (s_internal_name, b_indelible, dt_pub_date) VALUES ('email_new_admin', 1, '%s' )", DB_TABLE_PREFIX, date('Y-m-d H:i:s')));
$comm->query(sprintf("INSERT INTO %st_pages_description (fk_i_pages_id, fk_c_locale_code, s_title, s_text) VALUES (%d, 'en_US', '{WEB_TITLE} - Success creating admin account!', '<p>Hi {ADMIN_NAME},</p><p>The admin of {WEB_LINK} has created an account for you,</p><ul><li>Username: {USERNAME}</li><li>Password: {PASSWORD}</li></ul><p>You can access the admin panel here {WEB_ADMIN_LINK}.</p><p>Thank you!</p><p>Regards,</p>')", DB_TABLE_PREFIX, $comm->insertedId()));
osc_set_preference('warn_expiration', '0', 'osclass', 'INTEGER');
$comm->query(sprintf("INSERT INTO %st_pages (s_internal_name, b_indelible, dt_pub_date) VALUES ('email_warn_expiration', 1, '%s' )", DB_TABLE_PREFIX, date('Y-m-d H:i:s')));
$comm->query(sprintf("INSERT INTO %st_pages_description (fk_i_pages_id, fk_c_locale_code, s_title, s_text) VALUES (%d, 'en_US', '{WEB_TITLE} - Your ad is about to expire', '<p>Hi {USER_NAME},</p><p>Your listing <a href=\"{ITEM_URL}\">{ITEM_TITLE}</a> is about to expire at {WEB_LINK}.')", DB_TABLE_PREFIX, $comm->insertedId()));
osc_set_preference('force_aspect_image', '0', 'osclass', 'BOOLEAN');
}
if (osc_version() < 321) {
if (function_exists('osc_calculate_location_slug')) {
osc_calculate_location_slug(osc_subdomain_type());
}
}
if (osc_version() < 330) {
@mkdir(osc_content_path() . 'uploads/temp/');
@mkdir(osc_content_path() . 'downloads/oc-temp/', 0777);
@unlink(osc_lib_path() . 'osclass/classes/Watermark.php');
osc_set_preference('title_character_length', '100', 'osclass', 'INTEGER');
osc_set_preference('description_character_length', '5000', 'osclass', 'INTEGER');
}
if (osc_version() < 340) {
$comm->query(sprintf("ALTER TABLE `%st_widget` ADD INDEX `idx_s_description` (`s_description`);", DB_TABLE_PREFIX));
osc_set_preference('force_jpeg', '0', 'osclass', 'BOOLEAN');
@unlink(ABS_PATH . '.maintenance');
// THESE LINES PROBABLY HIT LOW TIMEOUT SCRIPTS, RUN THE LAST OF THE UPGRADE PROCESS
//osc_calculate_location_slug('country');
//osc_calculate_location_slug('region');
//osc_calculate_location_slug('city');
}
if (osc_version() < 343) {
// update t_alerts - Save them in plain json instead of base64
$mAlerts = Alerts::newInstance();
function doModel()
{
switch ($this->action) {
case 'comments':
//calling the comments settings view
$this->doView('settings/comments.php');
break;
case 'comments_post':
// updating comment
$iUpdated = 0;
$enabledComments = Params::getParam('enabled_comments');
$enabledComments = $enabledComments != '' ? true : false;
$moderateComments = Params::getParam('moderate_comments');
$moderateComments = $moderateComments != '' ? true : false;
$numModerateComments = Params::getParam('num_moderate_comments');
$commentsPerPage = Params::getParam('comments_per_page');
$notifyNewComment = Params::getParam('notify_new_comment');
$notifyNewComment = $notifyNewComment != '' ? true : false;
$notifyNewCommentUser = Params::getParam('notify_new_comment_user');
$notifyNewCommentUser = $notifyNewCommentUser != '' ? true : false;
$regUserPostComments = Params::getParam('reg_user_post_comments');
$regUserPostComments = $regUserPostComments != '' ? true : false;
$msg = '';
if (!osc_validate_int(Params::getParam("num_moderate_comments"))) {
$msg .= _m("Number of moderate comments must only contain numeric characters") . "<br/>";
}
if (!osc_validate_int(Params::getParam("comments_per_page"))) {
$msg .= _m("Comments per page must only contain numeric characters") . "<br/>";
}
if ($msg != '') {
osc_add_flash_error_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=comments');
}
$iUpdated += Preference::newInstance()->update(array('s_value' => $enabledComments), array('s_name' => 'enabled_comments'));
if ($moderateComments) {
$iUpdated += Preference::newInstance()->update(array('s_value' => $numModerateComments), array('s_name' => 'moderate_comments'));
} else {
$iUpdated += Preference::newInstance()->update(array('s_value' => '-1'), array('s_name' => 'moderate_comments'));
}
$iUpdated += Preference::newInstance()->update(array('s_value' => $notifyNewComment), array('s_name' => 'notify_new_comment'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $notifyNewCommentUser), array('s_name' => 'notify_new_comment_user'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $commentsPerPage), array('s_name' => 'comments_per_page'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $regUserPostComments), array('s_name' => 'reg_user_post_comments'));
if ($iUpdated > 0) {
osc_add_flash_ok_message(_m("Comment settings have been updated"), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=comments');
break;
case 'locations':
// calling the locations settings view
$location_action = Params::getParam('type');
$mCountries = new Country();
switch ($location_action) {
case 'add_country':
// add country
$countryCode = strtoupper(Params::getParam('c_country'));
$countryName = Params::getParam('country');
$exists = $mCountries->findByCode($countryCode);
if (isset($exists['s_name'])) {
osc_add_flash_error_message(sprintf(_m('%s already was in the database'), $countryName), 'admin');
} else {
$countries_json = osc_file_get_contents('http://geo.osclass.org/geo.download.php?action=country_code&term=' . urlencode($countryCode));
$countries = json_decode($countries_json);
$mCountries->insert(array('pk_c_code' => $countryCode, 's_name' => $countryName));
CountryStats::newInstance()->setNumItems($countryCode, 0);
if (isset($countries->error)) {
// Country is not in our GEO database
// We have no region for user-typed countries
} else {
// Country is in our GEO database, add regions and cities
$manager_region = new Region();
$regions_json = osc_file_get_contents('http://geo.osclass.org/geo.download.php?action=region&country_code=' . urlencode($countryCode) . '&term=all');
$regions = json_decode($regions_json);
if (!isset($regions->error)) {
if (count($regions) > 0) {
foreach ($regions as $r) {
$manager_region->insert(array("fk_c_country_code" => $r->country_code, "s_name" => $r->name));
$id = $manager_region->dao->insertedId();
RegionStats::newInstance()->setNumItems($id, 0);
}
}
unset($regions);
unset($regions_json);
$manager_city = new City();
if (count($countries) > 0) {
foreach ($countries as $c) {
$regions = $manager_region->findByCountry($c->id);
if (!isset($regions->error)) {
if (count($regions) > 0) {
foreach ($regions as $region) {
$cities_json = osc_file_get_contents('http://geo.osclass.org/geo.download.php?action=city&country=' . urlencode($c->name) . '®ion=' . urlencode($region['s_name']) . '&term=all');
$cities = json_decode($cities_json);
if (!isset($cities->error)) {
if (count($cities) > 0) {
foreach ($cities as $ci) {
$manager_city->insert(array("fk_i_region_id" => $region['pk_i_id'], "s_name" => $ci->name, "fk_c_country_code" => $ci->country_code));
$id = $manager_city->dao->insertedId();
CityStats::newInstance()->setNumItems($id, 0);
}
}
}
unset($cities);
unset($cities_json);
}
}
}
}
}
}
}
osc_add_flash_ok_message(sprintf(_m('%s has been added as a new country'), $countryName), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations');
break;
case 'edit_country':
// edit country
$ok = $mCountries->update(array('s_name' => Params::getParam('e_country')), array('pk_c_code' => Params::getParam('country_code')));
if ($ok) {
osc_add_flash_ok_message(_m('Country has been edited'), 'admin');
} else {
osc_add_flash_error_message(_m('There were some problems editing the country'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations');
break;
case 'delete_country':
// delete country
$countryId = Params::getParam('id');
Item::newInstance()->deleteByRegion($countryId);
$mRegions = new Region();
$mCities = new City();
$aCountries = $mCountries->findByCode($countryId);
$aRegions = $mRegions->findByCountry($aCountries['pk_c_code']);
foreach ($aRegions as $region) {
// remove city_stats
CityStats::newInstance()->deleteByRegion($region['pk_i_id']);
// remove region_stats
RegionStats::newInstance()->delete(array('fk_i_region_id' => $region['pk_i_id']));
}
//remove country stats
CountryStats::newInstance()->delete(array('fk_c_country_code' => $aCountries['pk_c_code']));
$ok = $mCountries->deleteByPrimaryKey($aCountries['pk_c_code']);
if ($ok) {
osc_add_flash_ok_message(sprintf(_m('%s has been deleted'), $aCountries['s_name']), 'admin');
} else {
osc_add_flash_error_message(sprintf(_m('There was a problem deleting %s'), $aCountries['s_name']), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations');
break;
case 'add_region':
// add region
if (!Params::getParam('r_manual')) {
$this->install_location_by_region();
} else {
$mRegions = new Region();
$regionName = Params::getParam('region');
$countryCode = Params::getParam('country_c_parent');
$country = Country::newInstance()->findByCode($countryCode);
$exists = $mRegions->findByName($regionName, $countryCode);
if (!isset($exists['s_name'])) {
$data = array('fk_c_country_code' => $countryCode, 's_name' => $regionName);
$mRegions->insert($data);
$id = $mRegions->dao->insertedId();
RegionStats::newInstance()->setNumItems($id, 0);
osc_add_flash_ok_message(sprintf(_m('%s has been added as a new region'), $regionName), 'admin');
} else {
osc_add_flash_error_message(sprintf(_m('%s already was in the database'), $regionName), 'admin');
}
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$countryCode . "&country=" . @$country['s_name']);
break;
case 'edit_region':
// edit region
$mRegions = new Region();
$newRegion = Params::getParam('e_region');
$regionId = Params::getParam('region_id');
$exists = $mRegions->findByName($newRegion);
if (!isset($exists['pk_i_id']) || $exists['pk_i_id'] == $regionId) {
if ($regionId != '') {
$aRegion = $mRegions->findByPrimaryKey($regionId);
$country = Country::newInstance()->findByCode($aRegion['fk_c_country_code']);
$mRegions->update(array('s_name' => $newRegion), array('pk_i_id' => $regionId));
ItemLocation::newInstance()->update(array('s_region' => $newRegion), array('fk_i_region_id' => $regionId));
osc_add_flash_ok_message(sprintf(_m('%s has been edited'), $newRegion), 'admin');
}
} else {
osc_add_flash_error_message(sprintf(_m('%s already was in the database'), $newRegion), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$country['pk_c_code'] . "&country=" . @$country['s_name']);
break;
case 'delete_region':
// delete region
$mRegion = new Region();
$mCities = new City();
$regionId = Params::getParam('id');
if ($regionId != '') {
Item::newInstance()->deleteByRegion($regionId);
$aRegion = $mRegion->findByPrimaryKey($regionId);
$country = Country::newInstance()->findByCode($aRegion['fk_c_country_code']);
// remove city_stats
CityStats::newInstance()->deleteByRegion($regionId);
$mCities->delete(array('fk_i_region_id' => $regionId));
// remove region_stats
RegionStats::newInstance()->delete(array('fk_i_region_id' => $regionId));
$mRegion->delete(array('pk_i_id' => $regionId));
osc_add_flash_ok_message(sprintf(_m('%s has been deleted'), $aRegion['s_name']), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$country['pk_c_code'] . "&country=" . @$country['s_name']);
break;
case 'add_city':
// add city
$mRegion = new Region();
$mCities = new City();
$regionId = Params::getParam('region_parent');
$countryCode = Params::getParam('country_c_parent');
$newCity = Params::getParam('city');
$exists = $mCities->findByName($newCity, $regionId);
$region = $mRegion->findByPrimaryKey($regionId);
$country = Country::newInstance()->findByCode($region['fk_c_country_code']);
if (!isset($exists['s_name'])) {
$mCities->insert(array('fk_i_region_id' => $regionId, 's_name' => $newCity, 'fk_c_country_code' => $countryCode));
$id = $mCities->dao->insertedId();
CityStats::newInstance()->setNumItems($id, 0);
osc_add_flash_ok_message(sprintf(_m('%s has been added as a new city'), $newCity), 'admin');
} else {
osc_add_flash_error_message(sprintf(_m('%s already was in the database'), $newCity), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$country['pk_c_code'] . "&country=" . @$country['s_name'] . "®ion=" . $regionId);
break;
case 'edit_city':
// edit city
$mRegion = new Region();
$mCities = new City();
$newCity = Params::getParam('e_city');
$cityId = Params::getParam('city_id');
$exists = $mCities->findByName($newCity);
if (!isset($exists['pk_i_id']) || $exists['pk_i_id'] == $cityId) {
$city = $mCities->findByPrimaryKey($cityId);
$region = $mRegion->findByPrimaryKey($city['fk_i_region_id']);
$country = Country::newInstance()->findByCode($region['fk_c_country_code']);
$mCities->update(array('s_name' => $newCity), array('pk_i_id' => $cityId));
ItemLocation::newInstance()->update(array('s_city' => $newCity), array('fk_i_city_id' => $cityId));
osc_add_flash_ok_message(sprintf(_m('%s has been edited'), $newCity), 'admin');
} else {
osc_add_flash_error_message(sprintf(_m('%s already was in the database'), $newCity), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$country['pk_c_code'] . "&country=" . @$country['s_name'] . "®ion=" . @$region['pk_i_id']);
break;
case 'delete_city':
// delete city
$mRegion = new Region();
$mCities = new City();
$cityId = Params::getParam('id');
Item::newInstance()->deleteByCity($cityId);
$aCity = $mCities->findByPrimaryKey($cityId);
// remove region_stats
$region = $mRegion->findByPrimaryKey($aCity['fk_i_region_id']);
$country = Country::newInstance()->findByCode($region['fk_c_country_code']);
CityStats::newInstance()->delete(array('fk_i_city_id' => $cityId));
$mCities->delete(array('pk_i_id' => $cityId));
osc_add_flash_ok_message(sprintf(_m('%s has been deleted'), $aCity['s_name']), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$country['pk_c_code'] . "&country=" . @$country['s_name'] . "®ion=" . @$region['pk_i_id']);
break;
}
$aCountries = $mCountries->listAll();
$this->_exportVariableToView('aCountries', $aCountries);
$this->doView('settings/locations.php');
break;
case 'permalinks':
// calling the permalinks view
$htaccess = Params::getParam('htaccess_status');
$file = Params::getParam('file_status');
$this->_exportVariableToView('htaccess', $htaccess);
$this->_exportVariableToView('file', $file);
$this->doView('settings/permalinks.php');
break;
case 'permalinks_post':
// updating permalinks option
$htaccess_file = osc_base_path() . '.htaccess';
$rewriteEnabled = Params::getParam('rewrite_enabled') ? true : false;
if ($rewriteEnabled) {
Preference::newInstance()->update(array('s_value' => '1'), array('s_name' => 'rewriteEnabled'));
$rewrite_base = REL_WEB_URL;
$htaccess = <<<HTACCESS
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase {$rewrite_base}
RewriteRule ^index\\.php\$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . {$rewrite_base}index.php [L]
</IfModule>
HTACCESS;
// 1. OK (ok)
// 2. OK no apache module detected (warning)
// 3. No se puede crear + apache
// 4. No se puede crear + no apache
$status = 3;
if (file_exists($htaccess_file)) {
if (is_writable($htaccess_file) && file_put_contents($htaccess_file, $htaccess)) {
$status = 1;
}
} else {
if (is_writable(osc_base_path()) && file_put_contents($htaccess_file, $htaccess)) {
$status = 1;
}
}
if (!@apache_mod_loaded('mod_rewrite')) {
$status++;
}
$errors = 0;
$item_url = substr(str_replace('//', '/', Params::getParam('rewrite_item_url') . '/'), 0, -1);
if (!osc_validate_text($item_url)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $item_url), array('s_name' => 'rewrite_item_url'));
}
$page_url = substr(str_replace('//', '/', Params::getParam('rewrite_page_url') . '/'), 0, -1);
if (!osc_validate_text($page_url)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $page_url), array('s_name' => 'rewrite_page_url'));
}
$cat_url = substr(str_replace('//', '/', Params::getParam('rewrite_cat_url') . '/'), 0, -1);
if (!osc_validate_text($cat_url)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $cat_url), array('s_name' => 'rewrite_cat_url'));
}
$search_url = substr(str_replace('//', '/', Params::getParam('rewrite_search_url') . '/'), 0, -1);
if (!osc_validate_text($search_url)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $search_url), array('s_name' => 'rewrite_search_url'));
}
if (!osc_validate_text(Params::getParam('rewrite_search_country'))) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_country')), array('s_name' => 'rewrite_search_country'));
}
if (!osc_validate_text(Params::getParam('rewrite_search_region'))) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_region')), array('s_name' => 'rewrite_search_region'));
}
if (!osc_validate_text(Params::getParam('rewrite_search_city'))) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_city')), array('s_name' => 'rewrite_search_city'));
}
if (!osc_validate_text(Params::getParam('rewrite_search_city_area'))) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_city_area')), array('s_name' => 'rewrite_search_city_area'));
}
if (!osc_validate_text(Params::getParam('rewrite_search_category'))) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_category')), array('s_name' => 'rewrite_search_category'));
}
if (!osc_validate_text(Params::getParam('rewrite_search_user'))) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_user')), array('s_name' => 'rewrite_search_user'));
}
if (!osc_validate_text(Params::getParam('rewrite_search_pattern'))) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_pattern')), array('s_name' => 'rewrite_search_pattern'));
}
$rewrite_contact = substr(str_replace('//', '/', Params::getParam('rewrite_contact') . '/'), 0, -1);
if (!osc_validate_text($rewrite_contact)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_contact), array('s_name' => 'rewrite_contact'));
}
$rewrite_feed = substr(str_replace('//', '/', Params::getParam('rewrite_feed') . '/'), 0, -1);
if (!osc_validate_text($rewrite_feed)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_feed), array('s_name' => 'rewrite_feed'));
}
$rewrite_language = substr(str_replace('//', '/', Params::getParam('rewrite_language') . '/'), 0, -1);
if (!osc_validate_text($rewrite_language)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_language), array('s_name' => 'rewrite_language'));
}
$rewrite_item_mark = substr(str_replace('//', '/', Params::getParam('rewrite_item_mark') . '/'), 0, -1);
if (!osc_validate_text($rewrite_item_mark)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_item_mark), array('s_name' => 'rewrite_item_mark'));
}
$rewrite_item_send_friend = substr(str_replace('//', '/', Params::getParam('rewrite_item_send_friend') . '/'), 0, -1);
if (!osc_validate_text($rewrite_item_send_friend)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_item_send_friend), array('s_name' => 'rewrite_item_send_friend'));
}
$rewrite_item_contact = substr(str_replace('//', '/', Params::getParam('rewrite_item_contact') . '/'), 0, -1);
if (!osc_validate_text($rewrite_item_contact)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_item_contact), array('s_name' => 'rewrite_item_contact'));
}
$rewrite_item_new = substr(str_replace('//', '/', Params::getParam('rewrite_item_new') . '/'), 0, -1);
if (!osc_validate_text($rewrite_item_new)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_item_new), array('s_name' => 'rewrite_item_new'));
}
$rewrite_item_activate = substr(str_replace('//', '/', Params::getParam('rewrite_item_activate') . '/'), 0, -1);
if (!osc_validate_text($rewrite_item_activate)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_item_activate), array('s_name' => 'rewrite_item_activate'));
}
$rewrite_item_edit = substr(str_replace('//', '/', Params::getParam('rewrite_item_edit') . '/'), 0, -1);
if (!osc_validate_text($rewrite_item_edit)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_item_edit), array('s_name' => 'rewrite_item_edit'));
}
$rewrite_item_delete = substr(str_replace('//', '/', Params::getParam('rewrite_item_delete') . '/'), 0, -1);
if (!osc_validate_text($rewrite_item_delete)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_item_delete), array('s_name' => 'rewrite_item_delete'));
}
$rewrite_item_resource_delete = substr(str_replace('//', '/', Params::getParam('rewrite_item_resource_delete') . '/'), 0, -1);
if (!osc_validate_text($rewrite_item_resource_delete)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_item_resource_delete), array('s_name' => 'rewrite_item_resource_delete'));
}
$rewrite_user_login = substr(str_replace('//', '/', Params::getParam('rewrite_user_login') . '/'), 0, -1);
if (!osc_validate_text($rewrite_user_login)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_user_login), array('s_name' => 'rewrite_user_login'));
}
$rewrite_user_dashboard = substr(str_replace('//', '/', Params::getParam('rewrite_user_dashboard') . '/'), 0, -1);
if (!osc_validate_text($rewrite_user_dashboard)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_user_dashboard), array('s_name' => 'rewrite_user_dashboard'));
}
$rewrite_user_logout = substr(str_replace('//', '/', Params::getParam('rewrite_user_logout') . '/'), 0, -1);
if (!osc_validate_text($rewrite_user_logout)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_user_logout), array('s_name' => 'rewrite_user_logout'));
}
$rewrite_user_register = substr(str_replace('//', '/', Params::getParam('rewrite_user_register') . '/'), 0, -1);
if (!osc_validate_text($rewrite_user_register)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_user_register), array('s_name' => 'rewrite_user_register'));
}
$rewrite_user_activate = substr(str_replace('//', '/', Params::getParam('rewrite_user_activate') . '/'), 0, -1);
if (!osc_validate_text($rewrite_user_activate)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_user_activate), array('s_name' => 'rewrite_user_activate'));
}
$rewrite_user_activate_alert = substr(str_replace('//', '/', Params::getParam('rewrite_user_activate_alert') . '/'), 0, -1);
if (!osc_validate_text($rewrite_user_activate_alert)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_user_activate_alert), array('s_name' => 'rewrite_user_activate_alert'));
}
$rewrite_user_profile = substr(str_replace('//', '/', Params::getParam('rewrite_user_profile') . '/'), 0, -1);
if (!osc_validate_text($rewrite_user_profile)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_user_profile), array('s_name' => 'rewrite_user_profile'));
}
$rewrite_user_items = substr(str_replace('//', '/', Params::getParam('rewrite_user_items') . '/'), 0, -1);
if (!osc_validate_text($rewrite_user_items)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_user_items), array('s_name' => 'rewrite_user_items'));
}
$rewrite_user_alerts = substr(str_replace('//', '/', Params::getParam('rewrite_user_alerts') . '/'), 0, -1);
if (!osc_validate_text($rewrite_user_alerts)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_user_alerts), array('s_name' => 'rewrite_user_alerts'));
}
$rewrite_user_recover = substr(str_replace('//', '/', Params::getParam('rewrite_user_recover') . '/'), 0, -1);
if (!osc_validate_text($rewrite_user_recover)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_user_recover), array('s_name' => 'rewrite_user_recover'));
}
$rewrite_user_forgot = substr(str_replace('//', '/', Params::getParam('rewrite_user_forgot') . '/'), 0, -1);
if (!osc_validate_text($rewrite_user_forgot)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_user_forgot), array('s_name' => 'rewrite_user_forgot'));
}
$rewrite_user_change_password = substr(str_replace('//', '/', Params::getParam('rewrite_user_change_password') . '/'), 0, -1);
if (!osc_validate_text($rewrite_user_change_password)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_user_change_password), array('s_name' => 'rewrite_user_change_password'));
}
$rewrite_user_change_email = substr(str_replace('//', '/', Params::getParam('rewrite_user_change_email') . '/'), 0, -1);
if (!osc_validate_text($rewrite_user_change_email)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_user_change_email), array('s_name' => 'rewrite_user_change_email'));
}
$rewrite_user_change_email_confirm = substr(str_replace('//', '/', Params::getParam('rewrite_user_change_email_confirm') . '/'), 0, -1);
if (!osc_validate_text($rewrite_user_change_email_confirm)) {
$errors += 1;
} else {
Preference::newInstance()->update(array('s_value' => $rewrite_user_change_email_confirm), array('s_name' => 'rewrite_user_change_email_confirm'));
}
osc_reset_preferences();
$rewrite = Rewrite::newInstance();
osc_run_hook("before_rewrite_rules", array(&$rewrite));
$rewrite->clearRules();
/*****************************
********* Add rules *********
*****************************/
// Contact rules
$rewrite->addRule('^' . osc_get_preference('rewrite_contact') . '/?$', 'index.php?page=contact');
// Feed rules
$rewrite->addRule('^' . osc_get_preference('rewrite_feed') . '/?$', 'index.php?page=search&sFeed=rss');
$rewrite->addRule('^' . osc_get_preference('rewrite_feed') . '/(.+)/?$', 'index.php?page=search&sFeed=$1');
// Language rules
$rewrite->addRule('^' . osc_get_preference('rewrite_language') . '/(.*?)/?$', 'index.php?page=language&locale=$1');
// Search rules
$rewrite->addRule('^' . $search_url . '$', 'index.php?page=search');
$rewrite->addRule('^' . $search_url . '/(.*)$', 'index.php?page=search&sParams=$1');
// Item rules
$rewrite->addRule('^' . osc_get_preference('rewrite_item_mark') . '/(.*?)/([0-9]+)/?$', 'index.php?page=item&action=mark&as=$1&id=$2');
$rewrite->addRule('^' . osc_get_preference('rewrite_item_send_friend') . '/([0-9]+)/?$', 'index.php?page=item&action=send_friend&id=$1');
$rewrite->addRule('^' . osc_get_preference('rewrite_item_contact') . '/([0-9]+)/?$', 'index.php?page=item&action=contact&id=$1');
$rewrite->addRule('^' . osc_get_preference('rewrite_item_new') . '/?$', 'index.php?page=item&action=item_add');
$rewrite->addRule('^' . osc_get_preference('rewrite_item_new') . '/([0-9]+)/?$', 'index.php?page=item&action=item_add&catId=$1');
$rewrite->addRule('^' . osc_get_preference('rewrite_item_activate') . '/([0-9]+)/(.*?)/?$', 'index.php?page=item&action=activate&id=$1&secret=$2');
$rewrite->addRule('^' . osc_get_preference('rewrite_item_edit') . '/([0-9]+)/(.*?)/?$', 'index.php?page=item&action=item_edit&id=$1&secret=$2');
$rewrite->addRule('^' . osc_get_preference('rewrite_item_delete') . '/([0-9]+)/(.*?)/?$', 'index.php?page=item&action=item_delete&id=$1&secret=$2');
$rewrite->addRule('^' . osc_get_preference('rewrite_item_resource_delete') . '/([0-9]+)/([0-9]+)/([0-9A-Za-z]+)/?(.*?)/?$', 'index.php?page=item&action=deleteResource&id=$1&item=$2&code=$3&secret=$4');
// Item rules
$id_pos = stripos($item_url, '{ITEM_ID}');
$title_pos = stripos($item_url, '{ITEM_TITLE}');
$cat_pos = stripos($item_url, '{CATEGORIES');
$param_pos = 1;
if ($title_pos !== false && $id_pos > $title_pos) {
$param_pos++;
}
if ($cat_pos !== false && $id_pos > $cat_pos) {
$param_pos++;
}
$comments_pos = 1;
if ($id_pos !== false) {
$comments_pos++;
}
if ($title_pos !== false) {
$comments_pos++;
}
if ($cat_pos !== false) {
$comments_pos++;
}
$rewrite->addRule('^' . str_replace('{ITEM_CITY}', '.*', str_replace('{CATEGORIES}', '.*', str_replace('{ITEM_TITLE}', '.*', str_replace('{ITEM_ID}', '([0-9]+)', $item_url . '\\?comments-page=([0-9al]*)')))) . '$', 'index.php?page=item&id=$1&comments-page=$2');
$rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{ITEM_CITY}', '.*', str_replace('{CATEGORIES}', '.*', str_replace('{ITEM_TITLE}', '.*', str_replace('{ITEM_ID}', '([0-9]+)', $item_url . '\\?comments-page=([0-9al]*)')))) . '$', 'index.php?page=item&id=$3&lang=$1_$2&comments-page=$4');
$rewrite->addRule('^' . str_replace('{ITEM_CITY}', '.*', str_replace('{CATEGORIES}', '.*', str_replace('{ITEM_TITLE}', '.*', str_replace('{ITEM_ID}', '([0-9]+)', $item_url)))) . '$', 'index.php?page=item&id=$1');
$rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{ITEM_CITY}', '.*', str_replace('{CATEGORIES}', '.*', str_replace('{ITEM_TITLE}', '.*', str_replace('{ITEM_ID}', '([0-9]+)', $item_url)))) . '$', 'index.php?page=item&id=$3&lang=$1_$2');
// User rules
$rewrite->addRule('^' . osc_get_preference('rewrite_user_login') . '/?$', 'index.php?page=login');
$rewrite->addRule('^' . osc_get_preference('rewrite_user_dashboard') . '/?$', 'index.php?page=user&action=dashboard');
$rewrite->addRule('^' . osc_get_preference('rewrite_user_logout') . '/?$', 'index.php?page=main&action=logout');
$rewrite->addRule('^' . osc_get_preference('rewrite_user_register') . '/?$', 'index.php?page=register&action=register');
$rewrite->addRule('^' . osc_get_preference('rewrite_user_activate') . '/([0-9]+)/(.*?)/?$', 'index.php?page=register&action=validate&id=$1&code=$2');
$rewrite->addRule('^' . osc_get_preference('rewrite_user_activate_alert') . '/([a-zA-Z0-9]+)/(.+)$', 'index.php?page=user&action=activate_alert&email=$2&secret=$1');
$rewrite->addRule('^' . osc_get_preference('rewrite_user_profile') . '/?$', 'index.php?page=user&action=profile');
$rewrite->addRule('^' . osc_get_preference('rewrite_user_profile') . '/([0-9]+)/?$', 'index.php?page=user&action=pub_profile&id=$1');
$rewrite->addRule('^' . osc_get_preference('rewrite_user_items') . '/?$', 'index.php?page=user&action=items');
$rewrite->addRule('^' . osc_get_preference('rewrite_user_alerts') . '/?$', 'index.php?page=user&action=alerts');
$rewrite->addRule('^' . osc_get_preference('rewrite_user_recover') . '/?$', 'index.php?page=login&action=recover');
$rewrite->addRule('^' . osc_get_preference('rewrite_user_forgot') . '/([0-9]+)/(.*)/?$', 'index.php?page=login&action=forgot&userId=$1&code=$2');
$rewrite->addRule('^' . osc_get_preference('rewrite_user_change_password') . '/?$', 'index.php?page=user&action=change_password');
$rewrite->addRule('^' . osc_get_preference('rewrite_user_change_email') . '/?$', 'index.php?page=user&action=change_email');
$rewrite->addRule('^' . osc_get_preference('rewrite_user_change_email_confirm') . '/([0-9]+)/(.*?)/?$', 'index.php?page=user&action=change_email_confirm&userId=$1&code=$2');
// Page rules
$pos_pID = stripos($page_url, '{PAGE_ID}');
$pos_pSlug = stripos($page_url, '{PAGE_SLUG}');
$pID_pos = 1;
$pSlug_pos = 1;
if (is_numeric($pos_pID) && is_numeric($pos_pSlug)) {
// set the order of the parameters
if ($pos_pID > $pos_pSlug) {
$pID_pos++;
} else {
$pSlug_pos++;
}
$rewrite->addRule('^' . str_replace('{PAGE_SLUG}', '([\\p{L}\\p{N}_\\-,]+)', str_replace('{PAGE_ID}', '([0-9]+)', $page_url)) . '/?$', 'index.php?page=page&id=$' . $pID_pos . "&slug=\$" . $pSlug_pos);
$rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{PAGE_SLUG}', '([\\p{L}\\p{N}_\\-,]+)', str_replace('{PAGE_ID}', '([0-9]+)', $page_url)) . '/?$', 'index.php?page=page&lang=$1_$2&id=$' . ($pID_pos + 2) . '&slug=$' . ($pSlug_pos + 2));
} else {
if (is_numeric($pos_pID)) {
$rewrite->addRule('^' . str_replace('{PAGE_ID}', '([0-9]+)', $page_url) . '/?$', 'index.php?page=page&id=$1');
$rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{PAGE_ID}', '([0-9]+)', $page_url) . '/?$', 'index.php?page=page&lang=$1_$2&id=$3');
} else {
$rewrite->addRule('^' . str_replace('{PAGE_SLUG}', '([\\p{L}\\p{N}_\\-,]+)', $page_url) . '/?$', 'index.php?page=page&slug=$1');
$rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{PAGE_SLUG}', '([\\p{L}\\p{N}_\\-,]+)', $page_url) . '/?$', 'index.php?page=page&lang=$1_$2&slug=$3');
}
}
// Clean archive files
$rewrite->addRule('^(.+?)\\.php(.*)$', '$1.php$2');
// Category rules
$id_pos = stripos($item_url, '{CATEGORY_ID}');
$title_pos = stripos($item_url, '{CATEGORY_SLUG}');
$cat_pos = stripos($item_url, '{CATEGORIES');
$param_pos = 1;
if ($title_pos !== false && $id_pos > $title_pos) {
$param_pos++;
}
if ($cat_pos !== false && $id_pos > $cat_pos) {
$param_pos++;
}
$rewrite->addRule('^' . str_replace('{CATEGORIES}', '(.+)', str_replace('{CATEGORY_SLUG}', '([^/]+)', str_replace('{CATEGORY_ID}', '([0-9]+)', $cat_url))) . '$', 'index.php?page=search&sCategory=$' . $param_pos);
osc_run_hook("after_rewrite_rules", array(&$rewrite));
//Write rule to DB
$rewrite->setRules();
$msg_error = '<br/>' . _m('All fields are required.') . " " . sprintf(_mn('One field was not updated', '%s fields were not updated', $errors), $errors);
switch ($status) {
case 1:
$msg = _m("Permalinks structure updated");
if ($errors > 0) {
$msg .= $msg_error;
osc_add_flash_warning_message($msg, 'admin');
} else {
osc_add_flash_ok_message($msg, 'admin');
}
break;
case 2:
$msg = _m("Permalinks structure updated.");
$msg .= " ";
$msg .= _m("However, we can't check if Apache module <b>mod_rewrite</b> is loaded. If you experience some problems with the URLs, you should deactivate <em>Friendly URLs</em>");
if ($errors > 0) {
$msg .= $msg_error;
}
osc_add_flash_warning_message($msg, 'admin');
break;
case 3:
$msg = _m("File <b>.htaccess</b> couldn't be filled out with the right content.");
$msg .= " ";
$msg .= _m("Here's the content you have to add to the <b>.htaccess</b> file. If you can't create the file, please deactivate the <em>Friendly URLs</em> option.");
$msg .= "</p><pre>" . htmlentities($htaccess, ENT_COMPAT, "UTF-8") . '</pre><p>';
if ($errors > 0) {
$msg .= $msg_error;
}
osc_add_flash_error_message($msg, 'admin');
break;
case 4:
$msg = _m("File <b>.htaccess</b> couldn't be filled out with the right content.");
$msg .= " ";
$msg .= _m("Here's the content you have to add to the <b>.htaccess</b> file. If you can't create the file or experience some problems with the URLs, please deactivate the <em>Friendly URLs</em> option.");
$msg .= "</p><pre>" . htmlentities($htaccess, ENT_COMPAT, "UTF-8") . '</pre><p>';
if ($errors > 0) {
$msg .= $msg_error;
}
osc_add_flash_error_message($msg, 'admin');
break;
}
} else {
Preference::newInstance()->update(array('s_value' => '0'), array('s_name' => 'rewriteEnabled'));
Preference::newInstance()->update(array('s_value' => '0'), array('s_name' => 'mod_rewrite_loaded'));
osc_add_flash_ok_message(_m('Friendly URLs successfully deactivated'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=permalinks');
break;
case 'spamNbots':
// calling the spam and bots view
$akismet_key = osc_akismet_key();
$akismet_status = 3;
if ($akismet_key != '') {
require_once osc_lib_path() . 'Akismet.class.php';
$akismet_obj = new Akismet(osc_base_url(), $akismet_key);
$akismet_status = 2;
if ($akismet_obj->isKeyValid()) {
$akismet_status = 1;
}
}
View::newInstance()->_exportVariableToView('akismet_status', $akismet_status);
$this->doView('settings/spamNbots.php');
break;
case 'akismet_post':
// updating spam and bots option
$updated = 0;
$akismetKey = Params::getParam('akismetKey');
$akismetKey = trim($akismetKey);
$updated = Preference::newInstance()->update(array('s_value' => $akismetKey), array('s_name' => 'akismetKey'));
if ($akismetKey == '') {
osc_add_flash_info_message(_m('Your Akismet key has been cleared'), 'admin');
} else {
osc_add_flash_ok_message(_m('Your Akismet key has been updated'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=spamNbots');
break;
case 'recaptcha_post':
// updating spam and bots option
$iUpdated = 0;
$recaptchaPrivKey = Params::getParam('recaptchaPrivKey');
$recaptchaPrivKey = trim($recaptchaPrivKey);
$recaptchaPubKey = Params::getParam('recaptchaPubKey');
$recaptchaPubKey = trim($recaptchaPubKey);
$iUpdated += Preference::newInstance()->update(array('s_value' => $recaptchaPrivKey), array('s_name' => 'recaptchaPrivKey'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $recaptchaPubKey), array('s_name' => 'recaptchaPubKey'));
if ($recaptchaPubKey == '') {
osc_add_flash_info_message(_m('Your reCAPTCHA key has been cleared'), 'admin');
} else {
osc_add_flash_ok_message(_m('Your reCAPTCHA key has been updated'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=spamNbots');
break;
case 'currencies':
// currencies settings
$currencies_action = Params::getParam('type');
switch ($currencies_action) {
case 'add':
// calling add currency view
$aCurrency = array('pk_c_code' => '', 's_name' => '', 's_description' => '');
$this->_exportVariableToView('aCurrency', $aCurrency);
$this->_exportVariableToView('typeForm', 'add_post');
$this->doView('settings/currency_form.php');
break;
case 'add_post':
// adding a new currency
$currencyCode = Params::getParam('pk_c_code');
$currencyName = Params::getParam('s_name');
$currencyDescription = Params::getParam('s_description');
// cleaning parameters
$currencyName = strip_tags($currencyName);
$currencyDescription = strip_tags($currencyDescription);
$currencyCode = strip_tags($currencyCode);
$currencyCode = trim($currencyCode);
if (!preg_match('/^.{1,3}$/', $currencyCode)) {
osc_add_flash_error_message(_m('The currency code is not in the correct format'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies');
}
$fields = array('pk_c_code' => $currencyCode, 's_name' => $currencyName, 's_description' => $currencyDescription);
$isInserted = Currency::newInstance()->insert($fields);
if ($isInserted) {
osc_add_flash_ok_message(_m('Currency added'), 'admin');
} else {
osc_add_flash_error_message(_m("Currency couldn't be added"), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies');
break;
case 'edit':
// calling edit currency view
$currencyCode = Params::getParam('code');
$currencyCode = strip_tags($currencyCode);
$currencyCode = trim($currencyCode);
if ($currencyCode == '') {
osc_add_flash_warning_message(sprintf(_m("The currency code '%s' doesn't exist"), $currencyCode), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies');
}
$aCurrency = Currency::newInstance()->findByPrimaryKey($currencyCode);
if (!$aCurrency) {
osc_add_flash_warning_message(sprintf(_m("The currency code '%s' doesn't exist"), $currencyCode), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies');
}
$this->_exportVariableToView('aCurrency', $aCurrency);
$this->_exportVariableToView('typeForm', 'edit_post');
$this->doView('settings/currency_form.php');
break;
case 'edit_post':
// updating currency
$currencyName = Params::getParam('s_name');
$currencyDescription = Params::getParam('s_description');
$currencyCode = Params::getParam('pk_c_code');
// cleaning parameters
$currencyName = strip_tags($currencyName);
$currencyDescription = strip_tags($currencyDescription);
$currencyCode = strip_tags($currencyCode);
$currencyCode = trim($currencyCode);
if (!preg_match('/.{1,3}/', $currencyCode)) {
osc_add_flash_error_message(_m('Error: the currency code is not in the correct format'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies');
}
$updated = Currency::newInstance()->update(array('s_name' => $currencyName, 's_description' => $currencyDescription), array('pk_c_code' => $currencyCode));
if ($updated == 1) {
osc_add_flash_ok_message(_m('Currency updated'), 'admin');
} else {
osc_add_flash_info_message(_m('No changes were made'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies');
break;
case 'delete':
// deleting a currency
$rowChanged = 0;
$aCurrencyCode = Params::getParam('code');
if (!is_array($aCurrencyCode)) {
$aCurrencyCode = array($aCurrencyCode);
}
$msg_current = '';
foreach ($aCurrencyCode as $currencyCode) {
if (preg_match('/.{1,3}/', $currencyCode) && $currencyCode != osc_currency()) {
$rowChanged += Currency::newInstance()->delete(array('pk_c_code' => $currencyCode));
}
// foreign key error
if (Currency::newInstance()->getErrorLevel() == '1451') {
$msg_current .= sprintf('</p><p>' . _m("%s couldn't be deleted because it has listings associated to it"), $currencyCode);
} else {
if ($currencyCode == osc_currency()) {
$msg_current .= sprintf('</p><p>' . _m("%s couldn't be deleted because it's the default currency"), $currencyCode);
}
}
}
$msg = '';
$status = '';
switch ($rowChanged) {
case '0':
$msg = _m('No currencies have been deleted');
$status = 'error';
break;
case '1':
$msg = _m('One currency has been deleted');
$status = 'ok';
break;
default:
$msg = sprintf(_m('%s currencies have been deleted'), $rowChanged);
$status = 'ok';
break;
}
if ($status == 'ok' && $msg_current != '') {
$status = 'warning';
}
switch ($status) {
case 'error':
osc_add_flash_error_message($msg . $msg_current, 'admin');
break;
case 'warning':
osc_add_flash_warning_message($msg . $msg_current, 'admin');
break;
case 'ok':
osc_add_flash_ok_message($msg, 'admin');
break;
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies');
break;
default:
// calling the currencies view
$aCurrencies = Currency::newInstance()->listAll();
$this->_exportVariableToView('aCurrencies', $aCurrencies);
$this->doView('settings/currencies.php');
break;
}
break;
case 'mailserver':
// calling the mailserver view
$this->doView('settings/mailserver.php');
break;
case 'mailserver_post':
if (defined('DEMO')) {
osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=mailserver');
}
// updating mailserver
$iUpdated = 0;
$mailserverAuth = Params::getParam('mailserver_auth');
$mailserverAuth = $mailserverAuth != '' ? true : false;
$mailserverPop = Params::getParam('mailserver_pop');
$mailserverPop = $mailserverPop != '' ? true : false;
$mailserverType = Params::getParam('mailserver_type');
$mailserverHost = Params::getParam('mailserver_host');
$mailserverPort = Params::getParam('mailserver_port');
$mailserverUsername = Params::getParam('mailserver_username');
$mailserverPassword = Params::getParam('mailserver_password');
$mailserverSsl = Params::getParam('mailserver_ssl');
if (!in_array($mailserverType, array('custom', 'gmail'))) {
osc_add_flash_error_message(_m('Mail server type is incorrect'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=mailserver');
}
$iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverAuth), array('s_name' => 'mailserver_auth'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverPop), array('s_name' => 'mailserver_pop'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverType), array('s_name' => 'mailserver_type'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverHost), array('s_name' => 'mailserver_host'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverPort), array('s_name' => 'mailserver_port'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverUsername), array('s_name' => 'mailserver_username'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverPassword), array('s_name' => 'mailserver_password'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverSsl), array('s_name' => 'mailserver_ssl'));
if ($iUpdated > 0) {
osc_add_flash_ok_message(_m('Mail server configuration has changed'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=mailserver');
break;
case 'media':
// calling the media view
$max_upload = (int) ini_get('upload_max_filesize');
$max_post = (int) ini_get('post_max_size');
$memory_limit = (int) ini_get('memory_limit');
$upload_mb = min($max_upload, $max_post, $memory_limit) * 1024;
$this->_exportVariableToView('max_size_upload', $upload_mb);
$this->doView('settings/media.php');
break;
case 'media_post':
// updating the media config
$status = 'ok';
$error = '';
$iUpdated = 0;
$maxSizeKb = Params::getParam('maxSizeKb');
$allowedExt = Params::getParam('allowedExt');
$dimThumbnail = Params::getParam('dimThumbnail');
$dimPreview = Params::getParam('dimPreview');
$dimNormal = Params::getParam('dimNormal');
$keepOriginalImage = Params::getParam('keep_original_image');
$use_imagick = Params::getParam('use_imagick');
$type_watermark = Params::getParam('watermark_type');
$watermark_color = Params::getParam('watermark_text_color');
$watermark_text = Params::getParam('watermark_text');
switch ($type_watermark) {
case 'none':
$iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_text_color'));
$iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_text'));
$iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_image'));
break;
case 'text':
$iUpdated += Preference::newInstance()->update(array('s_value' => $watermark_color), array('s_name' => 'watermark_text_color'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $watermark_text), array('s_name' => 'watermark_text'));
$iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_image'));
$iUpdated += Preference::newInstance()->update(array('s_value' => Params::getParam('watermark_text_place')), array('s_name' => 'watermark_place'));
break;
case 'image':
// upload image & move to path
if ($_FILES['watermark_image']['error'] == UPLOAD_ERR_OK) {
if ($_FILES['watermark_image']['type'] == 'image/png') {
$tmpName = $_FILES['watermark_image']['tmp_name'];
$path = osc_content_path() . 'uploads/watermark.png';
if (move_uploaded_file($tmpName, $path)) {
$iUpdated += Preference::newInstance()->update(array('s_value' => $path), array('s_name' => 'watermark_image'));
} else {
$error .= _m('There was a problem uploading the watermark image') . "<br />";
}
} else {
$error .= _m('The watermark image has to be a .PNG file') . "<br />";
}
} else {
$error .= _m('There was a problem uploading the watermark image') . "<br />";
}
$iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_text_color'));
$iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_text'));
$iUpdated += Preference::newInstance()->update(array('s_value' => Params::getParam('watermark_image_place')), array('s_name' => 'watermark_place'));
break;
default:
break;
}
// format parameters
$maxSizeKb = strip_tags($maxSizeKb);
$allowedExt = strip_tags($allowedExt);
$dimThumbnail = strip_tags($dimThumbnail);
$dimPreview = strip_tags($dimPreview);
$dimNormal = strip_tags($dimNormal);
$keepOriginalImage = $keepOriginalImage != '' ? true : false;
$use_imagick = $use_imagick != '' ? true : false;
// is imagick extension loaded?
if (!@extension_loaded('imagick')) {
$use_imagick = false;
}
// max size allowed by PHP configuration?
$max_upload = (int) ini_get('upload_max_filesize');
$max_post = (int) ini_get('post_max_size');
$memory_limit = (int) ini_get('memory_limit');
$upload_mb = min($max_upload, $max_post, $memory_limit) * 1024;
// set maxSizeKB equals to PHP configuration if it's bigger
if ($maxSizeKb > $upload_mb) {
$status = 'warning';
$maxSizeKb = $upload_mb;
// flash message text warning
$error .= sprintf(_m("You cannot set a maximum file size higher than the one allowed in the PHP configuration: <b>%d KB</b>"), $upload_mb);
}
$iUpdated += Preference::newInstance()->update(array('s_value' => $maxSizeKb), array('s_name' => 'maxSizeKb'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $allowedExt), array('s_name' => 'allowedExt'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $dimThumbnail), array('s_name' => 'dimThumbnail'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $dimPreview), array('s_name' => 'dimPreview'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $dimNormal), array('s_name' => 'dimNormal'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $keepOriginalImage), array('s_name' => 'keep_original_image'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $use_imagick), array('s_name' => 'use_imagick'));
if ($error != '') {
switch ($status) {
case 'error':
osc_add_flash_error_message($error, 'admin');
break;
case 'warning':
osc_add_flash_warning_message($error, 'admin');
break;
default:
osc_add_flash_ok_message($error, 'admin');
break;
}
} else {
osc_add_flash_ok_message(_m('Media config has been updated'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=media');
break;
case 'images_post':
if (defined('DEMO')) {
osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=media');
}
$wat = new Watermark();
$aResources = ItemResource::newInstance()->getAllResources();
foreach ($aResources as $resource) {
osc_run_hook('regenerate_image', $resource);
$path = osc_content_path() . 'uploads/';
// comprobar que no haya original
$img_original = $path . $resource['pk_i_id'] . "_original*";
$aImages = glob($img_original);
// there is original image
if (count($aImages) == 1) {
$image_tmp = $aImages[0];
} else {
$img_normal = $path . $resource['pk_i_id'] . ".*";
$aImages = glob($img_normal);
if (count($aImages) == 1) {
$image_tmp = $aImages[0];
} else {
$img_thumbnail = $path . $resource['pk_i_id'] . "_thumbnail*";
$aImages = glob($img_thumbnail);
$image_tmp = $aImages[0];
}
}
// extension
preg_match('/\\.(.*)$/', $image_tmp, $matches);
if (isset($matches[1])) {
$extension = $matches[1];
// Create normal size
$path_normal = $path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '.jpg';
$size = explode('x', osc_normal_dimensions());
ImageResizer::fromFile($image_tmp)->resizeTo($size[0], $size[1])->saveToFile($path);
if (osc_is_watermark_text()) {
$wat->doWatermarkText($path, osc_watermark_text_color(), osc_watermark_text(), 'image/jpeg');
} elseif (osc_is_watermark_image()) {
$wat->doWatermarkImage($path, 'image/jpeg');
}
// Create preview
$path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '_preview.jpg';
$size = explode('x', osc_preview_dimensions());
ImageResizer::fromFile($path_normal)->resizeTo($size[0], $size[1])->saveToFile($path);
// Create thumbnail
$path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '_thumbnail.jpg';
$size = explode('x', osc_thumbnail_dimensions());
ImageResizer::fromFile($path_normal)->resizeTo($size[0], $size[1])->saveToFile($path);
// update resource info
ItemResource::newInstance()->update(array('s_path' => 'oc-content/uploads/', 's_name' => osc_genRandomPassword(), 's_extension' => 'jpg', 's_content_type' => 'image/jpeg'), array('pk_i_id' => $resource['pk_i_id']));
osc_run_hook('regenerated_image', ItemResource::newInstance()->findByPrimaryKey($resource['pk_i_id']));
// si extension es direfente a jpg, eliminar las imagenes con $extension si hay
if ($extension != 'jpg') {
@unlink(osc_content_path() . 'uploads/' . $resource['pk_i_id'] . "." . $extension);
@unlink(osc_content_path() . 'uploads/' . $resource['pk_i_id'] . "_original." . $extension);
@unlink(osc_content_path() . 'uploads/' . $resource['pk_i_id'] . "_preview." . $extension);
@unlink(osc_content_path() . 'uploads/' . $resource['pk_i_id'] . "_thumbnail." . $extension);
}
// ....
} else {
// no es imagen o imagen sin extesión
}
}
osc_add_flash_ok_message(_m('Re-generation complete'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=media');
break;
case 'update':
// update index view
$iUpdated = 0;
$sPageTitle = Params::getParam('pageTitle');
$sPageDesc = Params::getParam('pageDesc');
$sContactEmail = Params::getParam('contactEmail');
$sLanguage = Params::getParam('language');
$sDateFormat = Params::getParam('dateFormat');
$sCurrency = Params::getParam('currency');
$sWeekStart = Params::getParam('weekStart');
$sTimeFormat = Params::getParam('timeFormat');
$sTimezone = Params::getParam('timezone');
$sNumRssItems = Params::getParam('num_rss_items');
$maxLatestItems = Params::getParam('max_latest_items_at_home');
$numItemsSearch = Params::getParam('default_results_per_page');
$contactAttachment = Params::getParam('enabled_attachment');
$selectableParent = Params::getParam('selectable_parent_categories');
$bAutoCron = Params::getParam('auto_cron');
$bMarketSources = Params::getParam('market_external_sources') == 1 ? 1 : 0;
// preparing parameters
$sPageTitle = strip_tags($sPageTitle);
$sPageDesc = strip_tags($sPageDesc);
$sContactEmail = strip_tags($sContactEmail);
$sLanguage = strip_tags($sLanguage);
$sDateFormat = strip_tags($sDateFormat);
$sCurrency = strip_tags($sCurrency);
$sWeekStart = strip_tags($sWeekStart);
$sTimeFormat = strip_tags($sTimeFormat);
$sNumRssItems = (int) strip_tags($sNumRssItems);
$maxLatestItems = (int) strip_tags($maxLatestItems);
$numItemsSearch = (int) $numItemsSearch;
$contactAttachment = $contactAttachment != '' ? true : false;
$bAutoCron = $bAutoCron != '' ? true : false;
$error = "";
$msg = '';
if (!osc_validate_text($sPageTitle)) {
$msg .= _m("Page title field is required") . "<br/>";
}
if (!osc_validate_text($sContactEmail)) {
$msg .= _m("Contact email field is required") . "<br/>";
}
if (!osc_validate_int($sNumRssItems)) {
$msg .= _m("Number of listings in the RSS has to be a numeric value") . "<br/>";
}
if (!osc_validate_int($maxLatestItems)) {
$msg .= _m("Max latest listings has to be a numeric value") . "<br/>";
}
if (!osc_validate_int($numItemsSearch)) {
$msg .= _m("Number of listings on search has to be a numeric value") . "<br/>";
}
if ($msg != '') {
osc_add_flash_error_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings');
}
$iUpdated += Preference::newInstance()->update(array('s_value' => $sPageTitle), array('s_section' => 'osclass', 's_name' => 'pageTitle'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $sPageDesc), array('s_section' => 'osclass', 's_name' => 'pageDesc'));
if (!defined('DEMO')) {
$iUpdated += Preference::newInstance()->update(array('s_value' => $sContactEmail), array('s_section' => 'osclass', 's_name' => 'contactEmail'));
}
$iUpdated += Preference::newInstance()->update(array('s_value' => $sLanguage), array('s_section' => 'osclass', 's_name' => 'language'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $sDateFormat), array('s_section' => 'osclass', 's_name' => 'dateFormat'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $sCurrency), array('s_section' => 'osclass', 's_name' => 'currency'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $sWeekStart), array('s_section' => 'osclass', 's_name' => 'weekStart'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $sTimeFormat), array('s_section' => 'osclass', 's_name' => 'timeFormat'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $sTimezone), array('s_section' => 'osclass', 's_name' => 'timezone'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $bMarketSources), array('s_section' => 'osclass', 's_name' => 'marketAllowExternalSources'));
if (is_int($sNumRssItems)) {
$iUpdated += Preference::newInstance()->update(array('s_value' => $sNumRssItems), array('s_section' => 'osclass', 's_name' => 'num_rss_items'));
} else {
if ($error != '') {
$error .= "</p><p>";
}
$error .= _m('Number of listings in the RSS must be an integer');
}
if (is_int($maxLatestItems)) {
$iUpdated += Preference::newInstance()->update(array('s_value' => $maxLatestItems), array('s_section' => 'osclass', 's_name' => 'maxLatestItems@home'));
} else {
if ($error != '') {
$error .= "</p><p>";
}
$error .= _m('Number of recent listings displayed at home must be an integer');
}
$iUpdated += Preference::newInstance()->update(array('s_value' => $numItemsSearch), array('s_section' => 'osclass', 's_name' => 'defaultResultsPerPage@search'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $contactAttachment), array('s_name' => 'contact_attachment'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $bAutoCron), array('s_name' => 'auto_cron'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $selectableParent), array('s_name' => 'selectable_parent_categories'));
if ($iUpdated > 0) {
if ($error != '') {
osc_add_flash_error_message($error . "</p><p>" . _m('General settings have been updated'), 'admin');
} else {
osc_add_flash_ok_message(_m('General settings have been updated'), 'admin');
}
} else {
if ($error != '') {
osc_add_flash_error_message($error, 'admin');
}
}
$this->redirectTo(osc_admin_base_url(true) . '?page=settings');
break;
case 'check_updates':
osc_admin_toolbar_update_themes(true);
osc_admin_toolbar_update_plugins(true);
osc_add_flash_ok_message(_m('Last check') . ': ' . date("Y-m-d H:i"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings');
break;
case 'latestsearches':
//calling the comments settings view
$this->doView('settings/searches.php');
break;
case 'latestsearches_post':
// updating comment
if (Params::getParam('save_latest_searches') == 'on') {
Preference::newInstance()->update(array('s_value' => 1), array('s_name' => 'save_latest_searches'));
} else {
Preference::newInstance()->update(array('s_value' => 0), array('s_name' => 'save_latest_searches'));
}
if (Params::getParam('customPurge') == '') {
osc_add_flash_error_message(_m('Custom number could not be left empty'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=latestsearches');
} else {
Preference::newInstance()->update(array('s_value' => Params::getParam('customPurge')), array('s_name' => 'purge_latest_searches'));
osc_add_flash_ok_message(_m('Last search settings have been updated'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=latestsearches');
}
break;
default:
// calling the view
$aLanguages = OSCLocale::newInstance()->listAllEnabled();
$aCurrencies = Currency::newInstance()->listAll();
$this->_exportVariableToView('aLanguages', $aLanguages);
$this->_exportVariableToView('aCurrencies', $aCurrencies);
$this->doView('settings/index.php');
break;
}
}
echo osc_recaptcha_private_key() ? osc_esc_html(osc_recaptcha_private_key()) : '';
?>
" />
</div>
</div>
<?php
if (osc_recaptcha_public_key() != '') {
?>
<div class="form-row">
<div class="form-label"><?php
_e('If you see the reCAPTCHA form it means that you have correctly entered the public key');
?>
</div>
<div class="form-controls">
<?php
require_once osc_lib_path() . 'recaptchalib.php';
$publickey = osc_recaptcha_public_key();
echo recaptcha_get_html($publickey, false);
?>
</div>
</div>
<?php
}
?>
<div class="form-actions">
<input type="submit" id="submit_recaptcha" value="<?php
echo osc_esc_html(__('Save changes'));
?>
" class="btn btn-submit" />
</div>
</div>
function doModel()
{
switch ($this->action) {
case 'login_post':
//post execution for the login
if (Params::getParam('user') == '' && Params::getParam('password', false, false) == '') {
$this->redirectTo(osc_admin_base_url());
}
if (Params::getParam('user') == '') {
osc_add_flash_error_message(_m('The username field is empty'), 'admin');
$this->redirectTo(osc_admin_base_url());
}
if (Params::getParam('password') == '') {
osc_add_flash_error_message(_m('The password field is empty'), 'admin');
$this->redirectTo(osc_admin_base_url());
}
// fields are not empty
$admin = Admin::newInstance()->findByUsername(Params::getParam('user'));
if (!$admin) {
osc_add_flash_error_message(sprintf(_m('Sorry, incorrect username. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin');
$this->redirectTo(osc_admin_base_url());
}
if ($admin["s_password"] !== sha1(Params::getParam('password', false, false))) {
osc_add_flash_error_message(sprintf(_m('Sorry, incorrect password. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin');
$this->redirectTo(osc_admin_base_url());
}
if (Params::getParam('remember')) {
// this include contains de osc_genRandomPassword function
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$secret = osc_genRandomPassword();
Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id']));
Cookie::newInstance()->set_expires(osc_time_cookie());
Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']);
Cookie::newInstance()->push('oc_adminSecret', $secret);
Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale'));
Cookie::newInstance()->set();
}
// we are logged in... let's go!
Session::newInstance()->_set('adminId', $admin['pk_i_id']);
Session::newInstance()->_set('adminUserName', $admin['s_username']);
Session::newInstance()->_set('adminName', $admin['s_name']);
Session::newInstance()->_set('adminEmail', $admin['s_email']);
Session::newInstance()->_set('adminLocale', Params::getParam('locale'));
$this->redirectTo(osc_admin_base_url());
break;
case 'recover':
// form to recover the password (in this case we have the form in /gui/)
$this->doView('gui/recover.php');
break;
case 'recover_post':
if (defined('DEMO')) {
osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url());
}
// post execution to recover the password
$admin = Admin::newInstance()->findByEmail(Params::getParam('email'));
if ($admin) {
if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The Recaptcha code is wrong'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover');
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$newPassword = osc_genRandomPassword(40);
Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id']));
$password_url = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword);
osc_run_hook('hook_email_user_forgot_password', $admin, $password_url);
}
osc_add_flash_ok_message(_m('A new password has been sent to your e-mail'), 'admin');
$this->redirectTo(osc_admin_base_url());
break;
case 'forgot':
// form to recover the password (in this case we have the form in /gui/)
$admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code'));
if (!$admin) {
osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin');
$this->redirectTo(osc_admin_base_url());
}
$this->doView('gui/forgot_password.php');
break;
case 'forgot_post':
$admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code'));
if (!$admin) {
osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin');
$this->redirectTo(osc_admin_base_url());
}
if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) {
Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => sha1(Params::getParam('new_password', false, false))), array('pk_i_id' => $admin['pk_i_id']));
osc_add_flash_ok_message(_m('The password has been changed'), 'admin');
$this->redirectTo(osc_admin_base_url());
} else {
osc_add_flash_error_message(_m("Error, the password don't match"), 'admin');
$this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code')));
}
break;
}
}
