function doModel() { switch ($this->action) { case 'login_post': //post execution for the login if (!osc_users_enabled()) { osc_add_flash_error_message(_m('Users are not enabled')); $this->redirectTo(osc_base_url()); } osc_csrf_check(); osc_run_hook('before_validating_login'); // e-mail or/and password is/are empty or incorrect $wrongCredentials = false; $email = Params::getParam('email'); $password = Params::getParam('password', false, false); if ($email == '') { osc_add_flash_error_message(_m('Please provide an email address')); $wrongCredentials = true; } if ($password == '') { osc_add_flash_error_message(_m('Empty passwords are not allowed. Please provide a password')); $wrongCredentials = true; } if ($wrongCredentials) { $this->redirectTo(osc_user_login_url()); } if (osc_validate_email($email)) { $user = User::newInstance()->findByEmail($email); } if (empty($user)) { $user = User::newInstance()->findByUsername($email); } if (empty($user)) { osc_add_flash_error_message(_m("The user doesn't exist")); $this->redirectTo(osc_user_login_url()); } if (!osc_verify_password($password, isset($user['s_password']) ? $user['s_password'] : '')) { osc_add_flash_error_message(_m('The password is incorrect')); $this->redirectTo(osc_user_login_url()); // @TODO if valid user, send email parameter back to the login form } else { if (@$user['s_password'] != '') { if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $user['s_password'], $cost)) { if ($cost[1] != BCRYPT_COST) { User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id'])); } } else { User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id'])); } } } // e-mail or/and IP is/are banned $banned = osc_is_banned($email); // int 0: not banned or unknown, 1: email is banned, 2: IP is banned, 3: both email & IP are banned if ($banned & 1) { osc_add_flash_error_message(_m('Your current email is not allowed')); } if ($banned & 2) { osc_add_flash_error_message(_m('Your current IP is not allowed')); } if ($banned !== 0) { $this->redirectTo(osc_user_login_url()); } osc_run_hook('before_login'); $url_redirect = osc_get_http_referer(); $page_redirect = ''; if (osc_rewrite_enabled()) { if ($url_redirect != '') { $request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $url_redirect)); $tmp_ar = explode("?", $request_uri); $request_uri = $tmp_ar[0]; $rules = Rewrite::newInstance()->listRules(); foreach ($rules as $match => $uri) { if (preg_match('#' . $match . '#', $request_uri, $m)) { $request_uri = preg_replace('#' . $match . '#', $uri, $request_uri); if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) { $page_redirect = $match[2]; if ($page_redirect == '' || $page_redirect == 'login') { $url_redirect = osc_user_dashboard_url(); } } break; } } } } require_once LIB_PATH . 'osclass/UserActions.php'; $uActions = new UserActions(false); $logged = $uActions->bootstrap_login($user['pk_i_id']); if ($logged == 0) { osc_add_flash_error_message(_m("The user doesn't exist")); } else { if ($logged == 1) { if (time() - strtotime($user['dt_access_date']) > 1200) { // EACH 20 MINUTES osc_add_flash_error_message(sprintf(_m('The user has not been validated yet. Would you like to re-send your <a href="%s">activation?</a>'), osc_user_resend_activation_link($user['pk_i_id'], $user['s_email']))); } else { osc_add_flash_error_message(_m('The user has not been validated yet')); } } else { if ($logged == 2) { osc_add_flash_error_message(_m('The user has been suspended')); } else { if ($logged == 3) { if (Params::getParam('remember') == 1) { //this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_userId', $user['pk_i_id']); Cookie::newInstance()->push('oc_userSecret', $secret); Cookie::newInstance()->set(); } if ($url_redirect == '') { $url_redirect = osc_user_dashboard_url(); } osc_run_hook("after_login", $user, $url_redirect); $this->redirectTo(osc_apply_filter('correct_login_url_redirect', $url_redirect)); } else { osc_add_flash_error_message(_m('This should never happen')); } } } } if (!$user['b_enabled']) { $this->redirectTo(osc_user_login_url()); } $this->redirectTo(osc_user_login_url()); break; case 'resend': $id = Params::getParam('id'); $email = Params::getParam('email'); $user = User::newInstance()->findByPrimaryKey($id); if ($id == '' || $email == '' || !isset($user) || $user['b_active'] == 1 || $email != $user['s_email']) { osc_add_flash_error_message(_m('Incorrect link')); $this->redirectTo(osc_user_login_url()); } if (time() - strtotime($user['dt_access_date']) > 1200) { // EACH 20 MINUTES if (osc_notify_new_user()) { osc_run_hook('hook_email_admin_new_user', $user); } if (osc_user_validation_enabled()) { osc_run_hook('hook_email_user_validation', $user, $user); } User::newInstance()->update(array('dt_access_date' => date('Y-m-d H:i:s')), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('Validation email re-sent')); } else { osc_add_flash_warning_message(_m('We have just sent you an email to validate your account, you will have to wait a few minutes to resend it again')); } $this->redirectTo(osc_user_login_url()); break; case 'recover': //form to recover the password (in this case we have the form in /gui/) $this->doView('user-recover.php'); break; case 'recover_post': //post execution to recover the password osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; // e-mail is incorrect if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) { osc_add_flash_error_message(_m('Invalid email address')); $this->redirectTo(osc_recover_user_password_url()); } $userActions = new UserActions(false); $success = $userActions->recover_password(); switch ($success) { case 0: // recover ok osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password')); $this->redirectTo(osc_base_url()); break; case 1: // e-mail does not exist osc_add_flash_error_message(_m('We were not able to identify you given the information provided')); $this->redirectTo(osc_recover_user_password_url()); break; case 2: // recaptcha wrong osc_add_flash_error_message(_m('The recaptcha code is wrong')); $this->redirectTo(osc_recover_user_password_url()); break; } break; case 'forgot': //form to recover the password (in this case we have the form in /gui/) $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user) { $this->doView('user-forgot_password.php'); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'forgot_post': osc_csrf_check(); if (Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user['b_enabled'] == 1) { if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) { User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => Params::getServerParam('REMOTE_ADDR'), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed')); $this->redirectTo(osc_user_login_url()); } else { osc_add_flash_error_message(_m("Error, the password don't match")); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); } $this->redirectTo(osc_base_url()); break; default: //login Session::newInstance()->_setReferer(osc_get_http_referer()); if (osc_logged_user_id() != '') { $this->redirectTo(osc_user_dashboard_url()); } $this->doView('user-login.php'); } }
function add() { if (osc_recaptcha_private_key() != '' && !$this->is_admin) { if (!$this->recaptcha()) { return 4; } } $input = $this->prepareData(true); if (!osc_validate_email($input['s_email'])) { return 5; } $email_taken = $this->manager->findByEmail($input['s_email']); if ($email_taken == null) { $this->manager->insert($input); $userId = $this->manager->getConnection()->get_last_id(); if (is_array(Params::getParam('s_info'))) { foreach (Params::getParam('s_info') as $key => $value) { $this->manager->updateDescription($userId, $key, $value); } } Log::newInstance()->insertLog('user', 'add', $userId, $input['s_email'], $this->is_admin ? 'admin' : 'user', $this->is_admin ? osc_logged_admin_id() : $userId); osc_run_hook('user_register_completed', $userId); if (osc_user_validation_enabled() && !$this->is_admin) { $user = $this->manager->findByPrimaryKey($userId); osc_run_hook('hook_email_user_validation', $user, $input); return 1; } else { User::newInstance()->update(array('b_active' => '1'), array('pk_i_id' => $userId)); return 2; } return 0; } else { return 3; } }
public function contact() { $flash_error = ''; $aItem = $this->prepareDataForFunction( 'contact' ); // check parameters if ( !osc_validate_text($aItem['yourName']) ){ $flash_error = __("Your name: this field is required") . PHP_EOL; } if( !osc_validate_email($aItem['yourEmail'], true) ){ $flash_error .= __("Invalid email address") . PHP_EOL; } if( !osc_validate_text($aItem['message']) ){ $flash_error .= __("Message: this field is required") . PHP_EOL; } if($flash_error != ''){ return $flash_error; } else { osc_run_hook('hook_email_item_inquiry', $aItem); } }
function doModel() { parent::doModel(); //specific things for this class switch ($this->action) { case 'bulk_actions': osc_csrf_check(); $id = Params::getParam('id'); if ($id) { switch (Params::getParam('bulk_actions')) { case 'delete_all': $this->itemCommentManager->delete(array(DB_CUSTOM_COND => 'pk_i_id IN (' . implode(', ', $id) . ')')); foreach ($id as $_id) { $iUpdated = $this->itemCommentManager->delete(array('pk_i_id' => $_id)); osc_add_hook("delete_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been deleted'), 'admin'); break; case 'activate_all': foreach ($id as $_id) { $iUpdated = $this->itemCommentManager->update(array('b_active' => 1), array('pk_i_id' => $_id)); if ($iUpdated) { $this->sendCommentActivated($_id); } osc_add_hook("activate_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been approved'), 'admin'); break; case 'deactivate_all': foreach ($id as $_id) { $this->itemCommentManager->update(array('b_active' => 0), array('pk_i_id' => $_id)); osc_add_hook("deactivate_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been disapproved'), 'admin'); break; case 'enable_all': foreach ($id as $_id) { $iUpdated = $this->itemCommentManager->update(array('b_enabled' => 1), array('pk_i_id' => $_id)); if ($iUpdated) { $this->sendCommentActivated($_id); } osc_add_hook("enable_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been unblocked'), 'admin'); break; case 'disable_all': foreach ($id as $_id) { $this->itemCommentManager->update(array('b_enabled' => 0), array('pk_i_id' => $_id)); osc_add_hook("disable_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been blocked'), 'admin'); break; default: if (Params::getParam("bulk_actions") != "") { osc_run_hook("item_bulk_" . Params::getParam("bulk_actions"), Params::getParam('id')); } break; } } $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; case 'status': osc_csrf_check(); $id = Params::getParam('id'); $value = Params::getParam('value'); if (!$id) { return false; } $id = (int) $id; if (!is_numeric($id)) { return false; } if (!in_array($value, array('ACTIVE', 'INACTIVE', 'ENABLE', 'DISABLE'))) { return false; } if ($value == 'ACTIVE') { $iUpdated = $this->itemCommentManager->update(array('b_active' => 1), array('pk_i_id' => $id)); if ($iUpdated) { $this->sendCommentActivated($id); } osc_add_hook("activate_comment", $id); osc_add_flash_ok_message(_m('The comment has been approved'), 'admin'); } else { if ($value == 'INACTIVE') { $iUpdated = $this->itemCommentManager->update(array('b_active' => 0), array('pk_i_id' => $id)); osc_add_hook("deactivate_comment", $id); osc_add_flash_ok_message(_m('The comment has been disapproved'), 'admin'); } else { if ($value == 'ENABLE') { $iUpdated = $this->itemCommentManager->update(array('b_enabled' => 1), array('pk_i_id' => $id)); osc_add_hook("enable_comment", $id); osc_add_flash_ok_message(_m('The comment has been enabled'), 'admin'); } else { if ($value == 'DISABLE') { $iUpdated = $this->itemCommentManager->update(array('b_enabled' => 0), array('pk_i_id' => $id)); osc_add_hook("disable_comment", $id); osc_add_flash_ok_message(_m('The comment has been disabled'), 'admin'); } } } } $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; case 'comment_edit': $comment = ItemComment::newInstance()->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('comment', $comment); $this->doView('comments/frm.php'); break; case 'comment_edit_post': osc_csrf_check(); $msg = ''; if (!osc_validate_email(Params::getParam('authorEmail'), true)) { $msg .= _m('Email is not correct') . "<br/>"; } if (!osc_validate_text(Params::getParam('body'), 1, true)) { $msg .= _m('Comment is required') . "<br/>"; } if ($msg != '') { osc_add_flash_error_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=comments&action=comment_edit&id=" . Params::getParam('id')); } $this->itemCommentManager->update(array('s_title' => Params::getParam('title'), 's_body' => Params::getParam('body'), 's_author_name' => Params::getParam('authorName'), 's_author_email' => Params::getParam('authorEmail')), array('pk_i_id' => Params::getParam('id'))); osc_run_hook('edit_comment', Params::getParam('id')); osc_add_flash_ok_message(_m('Great! We just updated your comment'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; case 'delete': osc_csrf_check(); $this->itemCommentManager->deleteByPrimaryKey(Params::getParam('id')); osc_add_flash_ok_message(_m('The comment has been deleted'), 'admin'); osc_run_hook('delete_comment', Params::getParam('id')); $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; default: require_once osc_lib_path() . "osclass/classes/datatables/CommentsDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') { Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength')); } else { Params::setParam('iDisplayLength', 10); } } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray(); $commentsDataTable = new CommentsDataTable(); $commentsDataTable->table($params); $aData = $commentsDataTable->getData(); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . Params::getServerParam('QUERY_STRING', false, false); if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('aRawRows', $commentsDataTable->rawRows()); $bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Delete'))), 'label' => __('Delete')), array('value' => 'activate_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Activate'))), 'label' => __('Activate')), array('value' => 'deactivate_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Deactivate'))), 'label' => __('Deactivate')), array('value' => 'disable_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Block'))), 'label' => __('Block')), array('value' => 'enable_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Unblock'))), 'label' => __('Unblock'))); $bulk_options = osc_apply_filter("comment_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); $this->doView('comments/index.php'); break; } }
function doModel() { switch ($this->action) { case 'dashboard': //dashboard... $max_items = Params::getParam('max_items') != '' ? Params::getParam('max_items') : 5; $aItems = Item::newInstance()->findByUserIDEnabled(osc_logged_user_id(), 0, $max_items); //calling the view... $this->_exportVariableToView('items', $aItems); $this->_exportVariableToView('max_items', $max_items); $this->doView('user-dashboard.php'); break; case 'profile': //profile... $user = User::newInstance()->findByPrimaryKey(osc_logged_user_id()); $aCountries = Country::newInstance()->listAll(); $aRegions = array(); if ($user['fk_c_country_code'] != '') { $aRegions = Region::newInstance()->findByCountry($user['fk_c_country_code']); } elseif (count($aCountries) > 0) { $aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']); } $aCities = array(); if ($user['fk_i_region_id'] != '') { $aCities = City::newInstance()->findByRegion($user['fk_i_region_id']); } else { if (count($aRegions) > 0) { $aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']); } } //calling the view... $this->_exportVariableToView('countries', $aCountries); $this->_exportVariableToView('regions', $aRegions); $this->_exportVariableToView('cities', $aCities); $this->_exportVariableToView('user', $user); $this->_exportVariableToView('locales', OSCLocale::newInstance()->listAllEnabled()); $this->doView('user-profile.php'); break; case 'profile_post': //profile post... osc_csrf_check(); $userId = Session::newInstance()->_get('userId'); require_once LIB_PATH . 'osclass/UserActions.php'; $userActions = new UserActions(false); $success = $userActions->edit($userId); if ($success == 1 || $success == 2) { osc_add_flash_ok_message(_m('Your profile has been updated successfully')); } else { osc_add_flash_error_message($success); } $this->redirectTo(osc_user_profile_url()); break; case 'alerts': //alerts $aAlerts = Alerts::newInstance()->findByUser(Session::newInstance()->_get('userId'), false); $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId')); foreach ($aAlerts as $k => $a) { $array_conditions = (array) json_decode($a['s_search']); // $search = Search::newInstance(); $search = new Search(); $search->setJsonAlert($array_conditions); $search->limit(0, 3); $aAlerts[$k]['items'] = $search->doSearch(); } $this->_exportVariableToView('alerts', $aAlerts); View::newInstance()->_reset('alerts'); $this->_exportVariableToView('user', $user); $this->doView('user-alerts.php'); break; case 'change_email': //change email $this->doView('user-change_email.php'); break; case 'change_email_post': //change email post osc_csrf_check(); if (!osc_validate_email(Params::getParam('new_email'))) { osc_add_flash_error_message(_m('The specified e-mail is not valid')); $this->redirectTo(osc_change_user_email_url()); } else { $user = User::newInstance()->findByEmail(Params::getParam('new_email')); if (!isset($user['pk_i_id'])) { $userEmailTmp = array(); $userEmailTmp['fk_i_user_id'] = Session::newInstance()->_get('userId'); $userEmailTmp['s_new_email'] = Params::getParam('new_email'); UserEmailTmp::newInstance()->insertOrUpdate($userEmailTmp); $code = osc_genRandomPassword(30); $date = date('Y-m-d H:i:s'); $userManager = new User(); $userManager->update(array('s_pass_code' => $code, 's_pass_date' => $date, 's_pass_ip' => $_SERVER['REMOTE_ADDR']), array('pk_i_id' => Session::newInstance()->_get('userId'))); $validation_url = osc_change_user_email_confirm_url(Session::newInstance()->_get('userId'), $code); osc_run_hook('hook_email_new_email', Params::getParam('new_email'), $validation_url); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('The specified e-mail is already in use')); $this->redirectTo(osc_change_user_email_url()); } } break; case 'change_username': //change username $this->doView('user-change_username.php'); break; case 'change_username_post': //change username $username = osc_sanitize_username(Params::getParam('s_username')); osc_run_hook('before_username_change', Session::newInstance()->_get('userId'), $username); if ($username != '') { $user = User::newInstance()->findByUsername($username); if (isset($user['s_username'])) { osc_add_flash_error_message(_m('The specified username is already in use')); } else { if (!osc_is_username_blacklisted($username)) { User::newInstance()->update(array('s_username' => $username), array('pk_i_id' => Session::newInstance()->_get('userId'))); osc_add_flash_ok_message(_m('The username was updated')); osc_run_hook('after_username_change', Session::newInstance()->_get('userId'), Params::getParam('s_username')); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('The specified username is not valid, it contains some invalid words')); } } } else { osc_add_flash_error_message(_m('The specified username could not be empty')); } $this->redirectTo(osc_change_user_username_url()); break; case 'change_password': //change password $this->doView('user-change_password.php'); break; case 'change_password_post': //change password post osc_csrf_check(); $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId')); if (Params::getParam('password', false, false) == '' || Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_change_user_password_url()); } if (!osc_verify_password(Params::getParam('password', false, false), $user['s_password'])) { osc_add_flash_error_message(_m("Current password doesn't match")); $this->redirectTo(osc_change_user_password_url()); } if (!Params::getParam('new_password', false, false)) { osc_add_flash_error_message(_m("Passwords can't be empty")); $this->redirectTo(osc_change_user_password_url()); } if (Params::getParam('new_password', false, false) != Params::getParam('new_password2', false, false)) { osc_add_flash_error_message(_m("Passwords don't match")); $this->redirectTo(osc_change_user_password_url()); } User::newInstance()->update(array('s_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => Session::newInstance()->_get('userId'))); osc_add_flash_ok_message(_m('Password has been changed')); $this->redirectTo(osc_user_profile_url()); break; case 'items': // view items user $itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 10; $page = Params::getParam('iPage') > 0 ? Params::getParam('iPage') - 1 : 0; $itemType = Params::getParam('itemType'); $total_items = Item::newInstance()->countItemTypesByUserID(osc_logged_user_id(), $itemType); $total_pages = ceil($total_items / $itemsPerPage); $items = Item::newInstance()->findItemTypesByUserID(osc_logged_user_id(), $page * $itemsPerPage, $itemsPerPage, $itemType); $this->_exportVariableToView('items', $items); $this->_exportVariableToView('search_total_pages', $total_pages); $this->_exportVariableToView('search_total_items', $total_items); $this->_exportVariableToView('items_per_page', $itemsPerPage); $this->_exportVariableToView('items_type', $itemType); $this->_exportVariableToView('search_page', $page); $this->doView('user-items.php'); break; case 'activate_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $result = 0; if ($email != '' && $secret != '') { $result = Alerts::newInstance()->activate($email, $secret); } if ($result == 1) { osc_add_flash_ok_message(_m('Alert activated')); } else { osc_add_flash_error_message(_m('Oops! There was a problem trying to activate your alert. Please contact an administrator')); } $this->redirectTo(osc_base_url()); break; case 'unsub_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $id = Params::getParam('id'); $alert = Alerts::newInstance()->findByPrimaryKey($id); $result = 0; if (!empty($alert)) { if ($email == $alert['s_email'] && $secret == $alert['s_secret']) { $result = Alerts::newInstance()->unsub($id); } } if ($result == 1) { osc_add_flash_ok_message(_m('Unsubscribed correctly')); } else { osc_add_flash_error_message(_m('Oops! There was a problem trying to unsubscribe you. Please contact an administrator')); } $this->redirectTo(osc_user_alerts_url()); break; case 'delete': $id = Params::getParam('id'); $secret = Params::getParam('secret'); if (osc_is_web_user_logged_in()) { $user = User::newInstance()->findByPrimaryKey(osc_logged_user_id()); View::newInstance()->_exportVariableToView('user', $user); if (!empty($user) && osc_logged_user_id() == $id && $secret == $user['s_secret']) { User::newInstance()->deleteUser(osc_logged_user_id()); Session::newInstance()->_drop('userId'); Session::newInstance()->_drop('userName'); Session::newInstance()->_drop('userEmail'); Session::newInstance()->_drop('userPhone'); Cookie::newInstance()->pop('oc_userId'); Cookie::newInstance()->pop('oc_userSecret'); Cookie::newInstance()->set(); osc_add_flash_ok_message(_m("Your account have been deleted")); $this->redirectTo(osc_base_url()); } else { osc_add_flash_error_message(_m("Oops! you can not do that")); $this->redirectTo(osc_user_dashboard_url()); } } else { osc_add_flash_error_message(_m("Oops! you can not do that")); $this->redirectTo(osc_base_url()); } break; } }
function doModel() { parent::doModel(); switch($this->action) { case('add'): // callin add view $this->_exportVariableToView( 'admin', null ); $this->doView('admins/frm.php'); break; case('add_post'): if( defined('DEMO') ) { osc_add_flash_warning_message( _m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } osc_csrf_check(); // adding a new admin $sPassword = Params::getParam('s_password', false, false); $sName = Params::getParam('s_name'); $sEmail = Params::getParam('s_email'); $sUserName = Params::getParam('s_username'); $bModerator = Params::getParam('b_moderator')==0?0:1; // cleaning parameters $sPassword = strip_tags($sPassword); $sPassword = trim($sPassword); $sName = strip_tags($sName); $sName = trim($sName); $sEmail = strip_tags($sEmail); $sEmail = trim($sEmail); $sUserName = strip_tags($sUserName); $sUserName = trim($sUserName); // Checks for legit data if( !osc_validate_email($sEmail, true) ) { osc_add_flash_warning_message( _m("Email invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } if( !osc_validate_username($sUserName) ) { osc_add_flash_warning_message( _m("Username invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } if( $sName == '' ) { osc_add_flash_warning_message( _m("Name invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true).'?page=admins&action=add'); } if( $sPassword == '' ) { osc_add_flash_warning_message( _m("Password invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } $admin = $this->adminManager->findByEmail($sEmail); if( $admin ) { osc_add_flash_warning_message( _m("Email already in use"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } $admin = $this->adminManager->findByUsername($sUserName); if( $admin ) { osc_add_flash_warning_message( _m("Username already in use"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } $array = array( 's_password' => osc_hash_password($sPassword), 's_name' => $sName, 's_email' => $sEmail, 's_username' => $sUserName, 'b_moderator' => $bModerator ); $isInserted = $this->adminManager->insert($array); if( $isInserted ) { // send email osc_run_hook('hook_email_new_admin', array( 's_name' => $sName, 's_username' => $sUserName, 's_password' => $sPassword, 's_email' => $sEmail ) ); osc_add_flash_ok_message( _m('The admin has been added'), 'admin'); } else { osc_add_flash_error_message( _m('There has been an error adding a new admin'), 'admin'); } $this->redirectTo(osc_admin_base_url(true).'?page=admins'); break; case('edit'): // calling edit admin view $adminEdit = null; $adminId = Params::getParam('id'); if( $adminId != '' ) { $adminEdit = $this->adminManager->findByPrimaryKey((int) $adminId); } elseif( Session::newInstance()->_get('adminId') != '') { $adminEdit = $this->adminManager->findByPrimaryKey( Session::newInstance()->_get('adminId') ); } if( count($adminEdit) == 0 ) { osc_add_flash_error_message( _m('There is no admin with this id'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } $this->_exportVariableToView("admin", $adminEdit); $this->doView('admins/frm.php'); break; case('edit_post'): if( defined('DEMO') ) { osc_add_flash_warning_message( _m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } osc_csrf_check(); // updating a new admin $iUpdated = 0; $adminId = Params::getParam('id'); $sPassword = Params::getParam('s_password', false, false); $sPassword2 = Params::getParam('s_password2', false, false); $sOldPassword = Params::getParam('old_password', false, false); $sName = Params::getParam('s_name'); $sEmail = Params::getParam('s_email'); $sUserName = Params::getParam('s_username'); $bModerator = Params::getParam('b_moderator')==0?0:1; // cleaning parameters $sPassword = strip_tags($sPassword); $sPassword = trim($sPassword); $sPassword2 = strip_tags($sPassword2); $sPassword2 = trim($sPassword2); $sName = strip_tags($sName); $sName = trim($sName); $sEmail = strip_tags($sEmail); $sEmail = trim($sEmail); $sUserName = strip_tags($sUserName); $sUserName = trim($sUserName); // Checks for legit data if( !osc_validate_email($sEmail, true) ) { osc_add_flash_warning_message( _m("Email invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } if( !osc_validate_username($sUserName) ) { osc_add_flash_warning_message( _m("Username invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } if( $sName == '' ) { osc_add_flash_warning_message( _m("Name invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } $aAdmin = $this->adminManager->findByPrimaryKey($adminId); if( count($aAdmin) == 0 ) { osc_add_flash_error_message( _m("This admin doesn't exist"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } if( $aAdmin['s_email'] != $sEmail ) { if($this->adminManager->findByEmail( $sEmail ) ) { osc_add_flash_warning_message( _m('Existing email'), 'admin'); $this->redirectTo(osc_admin_base_url(true).'?page=admins&action=edit&id=' . $adminId); } } if( $aAdmin['s_username'] != $sUserName ) { if( $this->adminManager->findByUsername( $sUserName ) ) { osc_add_flash_warning_message( _m('Existing username'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } } $conditions = array('pk_i_id' => $adminId); $array = array(); if(osc_logged_admin_id()==$adminId) { if($sOldPassword != '' ) { if( $sPassword=='' ) { osc_add_flash_warning_message( _m("Password invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } else { $firstCondition = osc_verify_password($sOldPassword, $aAdmin['s_password']); $secondCondition = ( $sPassword == $sPassword2 ); if( $firstCondition && $secondCondition ) { $array['s_password'] = osc_hash_password($sPassword); } else { osc_add_flash_warning_message( _m("The password couldn't be updated. Passwords don't match"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } } } } else { if( $sPassword!='') { if($sPassword == $sPassword2) { $array['s_password'] = osc_hash_password($sPassword); } else { osc_add_flash_warning_message( _m("The password couldn't be updated. Passwords don't match"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } } } if($adminId!=osc_logged_admin_id()) { $array['b_moderator'] = $bModerator; } $array['s_name'] = Params::getParam('s_name'); $array['s_username'] = $sUserName; $array['s_email'] = $sEmail; $iUpdated = $this->adminManager->update($array, $conditions); if( $iUpdated > 0 ) { osc_add_flash_ok_message( _m('The admin has been updated'), 'admin'); } if( $this->isModerator() ) { $this->redirectTo(osc_admin_base_url(true)); } else { $this->redirectTo(osc_admin_base_url(true).'?page=admins'); } break; case('delete'): if( defined('DEMO') ) { osc_add_flash_warning_message( _m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } osc_csrf_check(); // deleting and admin $isDeleted = false; $adminId = Params::getParam('id'); if( !is_array($adminId) ) { osc_add_flash_error_message( _m("The admin id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } // Verification to avoid an administrator trying to remove to itself if( in_array(Session::newInstance()->_get('adminId'), $adminId) ) { osc_add_flash_error_message( _m("The operation hasn't been completed. You're trying to remove yourself!"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } $isDeleted = $this->adminManager->deleteBatch( $adminId ); if( $isDeleted ) { osc_add_flash_ok_message( _m('The admin has been deleted correctly'), 'admin'); } else { osc_add_flash_error_message( _m('The admin couldn\'t be deleted'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); break; default: if(Params::getParam("action")!="") { osc_run_hook("admin_bulk_".Params::getParam("action"), Params::getParam('id')); } if( Params::getParam('iDisplayLength') == '' ) { Params::setParam('iDisplayLength', 10 ); } $p_iPage = 1; if( is_numeric(Params::getParam('iPage')) && Params::getParam('iPage') >= 1 ) { $p_iPage = Params::getParam('iPage'); } Params::setParam('iPage', $p_iPage); $admins = $this->adminManager->listAll(); // pagination $start = ($p_iPage-1) * Params::getParam('iDisplayLength'); $limit = Params::getParam('iDisplayLength'); $count = count( $admins ); $displayRecords = $limit; if( ($start+$limit ) > $count ) { $displayRecords = ($start+$limit) - $count; } // ---- $aData = array(); $max = ($start+$limit); if($max > $count) $max = $count; for($i = $start; $i < $max; $i++) { $admin = $admins[$i]; $options = array(); $options[] = '<a href="' . osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $admin['pk_i_id'] . '">' . __('Edit') . '</a>'; $options[] = '<a onclick="return delete_dialog(\'' . $admin['pk_i_id'] . '\');" href="' . osc_admin_base_url(true) . '?page=admins&action=delete&id[]=' . $admin['pk_i_id'] . '">' . __('Delete') . '</a>'; $auxOptions = '<ul>'.PHP_EOL; foreach( $options as $actual ) { $auxOptions .= '<li>'.$actual.'</li>'.PHP_EOL; } $actions = '<div class="actions">'.$auxOptions.'</div>'.PHP_EOL; $row = array(); $row[] = '<input type="checkbox" name="id[]" value="' . $admin['pk_i_id'] . '" />'; $row[] = $admin['s_username'] . $actions; $row[] = $admin['s_name']; $row[] = $admin['s_email']; $aData[] = $row; } $array['iTotalRecords'] = $displayRecords; $array['iTotalDisplayRecords'] = count($admins); $array['iDisplayLength'] = $limit; $array['aaData'] = $aData; $page = (int)Params::getParam('iPage'); if(count($array['aaData']) == 0 && $page!=1) { $total = (int)$array['iTotalDisplayRecords']; $maxPage = ceil( $total / (int)$array['iDisplayLength'] ); $url = osc_admin_base_url(true).'?'.$_SERVER['QUERY_STRING']; if($maxPage==0) { $url = preg_replace('/&iPage=(\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if($page > 1) { $url = preg_replace('/&iPage=(\d)+/', '&iPage='.$maxPage, $url); $this->redirectTo($url); } } $bulk_options = array( array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected admins?'), strtolower(__('Delete'))), 'label' => __('Delete')) ); $bulk_options = osc_apply_filter("admin_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); $this->_exportVariableToView('aAdmins', $array); // calling manage admins view $this->doView('admins/index.php'); break; } }
function add() { $error = array(); $flash_error = ''; if( (osc_recaptcha_private_key() != '') && !$this->is_admin ) { if( !osc_check_recaptcha() ) { $flash_error .= _m('The reCAPTCHA was not entered correctly') . PHP_EOL; $error[] = 4; } } if( Params::getParam('s_password', false, false) == '' ) { $flash_error .= _m('The password cannot be empty') . PHP_EOL; $error[] = 6; } if( Params::getParam('s_password', false, false) != Params::getParam('s_password2', false, false) ) { $flash_error .= _m("Passwords don't match") . PHP_EOL; $error[] = 7; } $input = $this->prepareData(true); if( $input['s_name']=='' ) { $flash_error .= _m('The name cannot be empty') . PHP_EOL; $error[] = 10; } if( !osc_validate_email($input['s_email']) ) { $flash_error .= _m('The email is not valid') . PHP_EOL; $error[] = 5; } $email_taken = $this->manager->findByEmail($input['s_email']); if( $email_taken != false ) { osc_run_hook('register_email_taken', $input['s_email']); $flash_error .= _m('The specified e-mail is already in use') . PHP_EOL; $error[] = 3; } if($input['s_username']!='') { $username_taken = $this->manager->findByUsername($input['s_username']); if( !$error && $username_taken != false ) { $flash_error .= _m("Username is already taken") . PHP_EOL; $error[] = 8; } if(osc_is_username_blacklisted($input['s_username'])) { $flash_error .= _m("The specified username is not valid, it contains some invalid words") . PHP_EOL; $error[] = 9; } } if($flash_error!='') { osc_run_hook('user_register_failed', $error); return $flash_error; } // hook pre add or edit osc_run_hook('pre_user_post'); $this->manager->insert($input); $userId = $this->manager->dao->insertedId(); if($input['s_username']=='') { $this->manager->update( array('s_username' => $userId) ,array('pk_i_id' => $userId) ); } if ( is_array( Params::getParam('s_info') ) ) { foreach (Params::getParam('s_info') as $key => $value) { $this->manager->updateDescription($userId, $key, $value); } } Log::newInstance()->insertLog('user', 'add', $userId, $input['s_email'], $this->is_admin ? 'admin' : 'user', $this->is_admin ? osc_logged_admin_id() : $userId); // update items with s_contact_email the same as new user email $aItems = Item::newInstance()->findByEmail( $input['s_email'] ); foreach( $aItems as $aux ) { if( Item::newInstance()->update(array('fk_i_user_id' => $userId, 's_contact_name' => $input['s_name']), array('pk_i_id' => $aux['pk_i_id']) ) ) { $this->manager->increaseNumItems($userId); } } // update alerts user id with the same email Alerts::newInstance()->update(array('fk_i_user_id' => $userId), array('s_email' => $input['s_email'])); $user = $this->manager->findByPrimaryKey($userId); if( osc_notify_new_user() && !$this->is_admin ) { osc_run_hook('hook_email_admin_new_user', $user); } if( osc_user_validation_enabled() && !$this->is_admin ) { osc_run_hook('hook_email_user_validation', $user, $input); $success = 1; } else { $this->manager->update( array('b_active' => '1') ,array('pk_i_id' => $userId) ); $success = 2; } osc_run_hook('user_register_completed', $userId); return $success; }
function doModel() { //specific things for this class switch ($this->action) { case 'bulk_actions': break; case 'regions': //Return regions given a countryId $regions = Region::newInstance()->findByCountry(Params::getParam("countryId")); echo json_encode($regions); break; case 'cities': //Returns cities given a regionId $cities = City::newInstance()->findByRegion(Params::getParam("regionId")); echo json_encode($cities); break; case 'location': // This is the autocomplete AJAX $cities = City::newInstance()->ajax(Params::getParam("term")); foreach ($cities as $k => $city) { $cities[$k]['label'] = $city['label'] . " (" . $city['region'] . ")"; } echo json_encode($cities); break; case 'location_countries': // This is the autocomplete AJAX $countries = Country::newInstance()->ajax(Params::getParam("term")); echo json_encode($countries); break; case 'location_regions': // This is the autocomplete AJAX $regions = Region::newInstance()->ajax(Params::getParam("term"), Params::getParam("country")); echo json_encode($regions); break; case 'location_cities': // This is the autocomplete AJAX $cities = City::newInstance()->ajax(Params::getParam("term"), Params::getParam("region")); echo json_encode($cities); break; case 'delete_image': // Delete images via AJAX $ajax_photo = Params::getParam('ajax_photo'); $id = Params::getParam('id'); $item = Params::getParam('item'); $code = Params::getParam('code'); $secret = Params::getParam('secret'); $json = array(); if ($ajax_photo != '') { $files = Session::newInstance()->_get('ajax_files'); $success = false; foreach ($files as $uuid => $file) { if ($file == $ajax_photo) { $filename = $files[$uuid]; unset($files[$uuid]); Session::newInstance()->_set('ajax_files', $files); $success = @unlink(osc_content_path() . 'uploads/temp/' . $filename); break; } } echo json_encode(array('success' => $success, 'msg' => $success ? _m('The selected photo has been successfully deleted') : _m("The selected photo couldn't be deleted"))); return false; } if (Session::newInstance()->_get('userId') != '') { $userId = Session::newInstance()->_get('userId'); $user = User::newInstance()->findByPrimaryKey($userId); } else { $userId = null; $user = null; } // Check for required fields if (!(is_numeric($id) && is_numeric($item) && preg_match('/^([a-z0-9]+)$/i', $code))) { $json['success'] = false; $json['msg'] = _m("The selected photo couldn't be deleted, the url doesn't exist"); echo json_encode($json); return false; } $aItem = Item::newInstance()->findByPrimaryKey($item); // Check if the item exists if (count($aItem) == 0) { $json['success'] = false; $json['msg'] = _m("The listing doesn't exist"); echo json_encode($json); return false; } if (!osc_is_admin_user_logged_in()) { // Check if the item belong to the user if ($userId != null && $userId != $aItem['fk_i_user_id']) { $json['success'] = false; $json['msg'] = _m("The listing doesn't belong to you"); echo json_encode($json); return false; } // Check if the secret passphrase match with the item if ($userId == null && $aItem['fk_i_user_id'] == null && $secret != $aItem['s_secret']) { $json['success'] = false; $json['msg'] = _m("The listing doesn't belong to you"); echo json_encode($json); return false; } } // Does id & code combination exist? $result = ItemResource::newInstance()->existResource($id, $code); if ($result > 0) { $resource = ItemResource::newInstance()->findByPrimaryKey($id); if ($resource['fk_i_item_id'] == $item) { // Delete: file, db table entry if (defined(OC_ADMIN)) { osc_deleteResource($id, true); Log::newInstance()->insertLog('ajax', 'deleteimage', $id, $id, 'admin', osc_logged_admin_id()); } else { osc_deleteResource($id, false); Log::newInstance()->insertLog('ajax', 'deleteimage', $id, $id, 'user', osc_logged_user_id()); } ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $item, 's_name' => $code)); $json['msg'] = _m('The selected photo has been successfully deleted'); $json['success'] = 'true'; } else { $json['msg'] = _m("The selected photo does not belong to you"); $json['success'] = 'false'; } } else { $json['msg'] = _m("The selected photo couldn't be deleted"); $json['success'] = 'false'; } echo json_encode($json); return true; break; case 'alerts': // Allow to register to an alert given (not sure it's used on admin) $encoded_alert = Params::getParam("alert"); $alert = osc_decrypt_alert(base64_decode($encoded_alert)); // check alert integrity / signature $stringToSign = osc_get_alert_public_key() . $encoded_alert; $signature = hex2b64(hmacsha1(osc_get_alert_private_key(), $stringToSign)); $server_signature = Session::newInstance()->_get('alert_signature'); if ($server_signature != $signature) { echo '-2'; return false; } $email = Params::getParam("email"); $userid = Params::getParam("userid"); if (osc_is_web_user_logged_in()) { $userid = osc_logged_user_id(); $user = User::newInstance()->findByPrimaryKey($userid); $email = $user['s_email']; } if ($alert != '' && $email != '') { if (osc_validate_email($email)) { $secret = osc_genRandomPassword(); if ($alertID = Alerts::newInstance()->createAlert($userid, $email, $alert, $secret)) { if ((int) $userid > 0) { $user = User::newInstance()->findByPrimaryKey($userid); if ($user['b_active'] == 1 && $user['b_enabled'] == 1) { Alerts::newInstance()->activate($alertID); echo '1'; return true; } else { echo '-1'; return false; } } else { $aAlert = Alerts::newInstance()->findByPrimaryKey($alertID); osc_run_hook('hook_email_alert_validation', $aAlert, $email, $secret); } echo "1"; } else { echo "0"; } return true; } else { echo '-1'; return false; } } echo '0'; return false; break; case 'runhook': // run hooks $hook = Params::getParam('hook'); if ($hook == '') { echo json_encode(array('error' => 'hook parameter not defined')); break; } switch ($hook) { case 'item_form': osc_run_hook('item_form', Params::getParam('catId')); break; case 'item_edit': $catId = Params::getParam("catId"); $itemId = Params::getParam("itemId"); osc_run_hook("item_edit", $catId, $itemId); break; default: osc_run_hook('ajax_' . $hook); break; } break; case 'custom': // Execute via AJAX custom file if (Params::existParam('route')) { $routes = Rewrite::newInstance()->getRoutes(); $rid = Params::getParam('route'); $file = '../'; if (isset($routes[$rid]) && isset($routes[$rid]['file'])) { $file = $routes[$rid]['file']; } } else { // DEPRECATED: Disclosed path in URL is deprecated, use routes instead // This will be REMOVED in 3.4 $file = Params::getParam('ajaxfile'); } if ($file == '') { echo json_encode(array('error' => 'no action defined')); break; } // valid file? if (strpos($file, '../') !== false || strpos($file, '..\\') !== false || stripos($file, '/admin/') !== false) { //If the file is inside an "admin" folder, it should NOT be opened in frontend echo json_encode(array('error' => 'no valid ajaxFile')); break; } if (!file_exists(osc_plugins_path() . $file)) { echo json_encode(array('error' => "ajaxFile doesn't exist")); break; } require_once osc_plugins_path() . $file; break; case 'check_username_availability': $username = osc_sanitize_username(Params::getParam('s_username')); if (!osc_is_username_blacklisted($username)) { $user = User::newInstance()->findByUsername($username); if (isset($user['s_username'])) { echo json_encode(array('exists' => 1, 's_username' => $username)); } else { echo json_encode(array('exists' => 0, 's_username' => $username)); } } else { echo json_encode(array('exists' => 1, 's_username' => $username)); } break; case 'ajax_upload': // Include the uploader class require_once LIB_PATH . "AjaxUploader.php"; $uploader = new AjaxUploader(); $original = pathinfo($uploader->getOriginalName()); $filename = uniqid("qqfile_") . "." . $original['extension']; $result = $uploader->handleUpload(osc_content_path() . 'uploads/temp/' . $filename); $result['uploadName'] = $filename; echo htmlspecialchars(json_encode($result), ENT_NOQUOTES); break; case 'ajax_validate': $id = Params::getParam('id'); if (!is_numeric($id)) { echo json_encode(array('success' => false)); die; } $secret = Params::getParam('secret'); $item = Item::newInstance()->findByPrimaryKey($id); if ($item['s_secret'] != $secret) { echo json_encode(array('success' => false)); die; } $nResources = ItemResource::newInstance()->countResources($id); $result = array('success' => $nResources < osc_max_images_per_item(), 'count' => $nResources); echo json_encode($result); break; case 'delete_ajax_upload': $files = Session::newInstance()->_get('ajax_files'); $success = false; $filename = ''; if (isset($files[Params::getParam('qquuid')]) && $files[Params::getParam('qquuid')] != '') { $filename = $files[Params::getParam('qquuid')]; unset($files[Params::getParam('qquuid')]); Session::newInstance()->_set('ajax_files', $files); $success = @unlink(osc_content_path() . 'uploads/temp/' . $filename); } echo json_encode(array('success' => $success, 'uploadName' => $filename)); break; default: echo json_encode(array('error' => __('no action defined'))); break; } // clear all keep variables into session Session::newInstance()->_dropKeepForm(); Session::newInstance()->_clearVariables(); }
function doModel() { parent::doModel(); switch ($this->action) { case 'add': // callin add view $this->_exportVariableToView('admin', null); $this->doView('admins/frm.php'); break; case 'add_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } // adding a new admin $sPassword = Params::getParam('s_password', false, false); $sName = Params::getParam('s_name'); $sEmail = Params::getParam('s_email'); $sUserName = Params::getParam('s_username'); // cleaning parameters $sPassword = strip_tags($sPassword); $sPassword = trim($sPassword); $sName = strip_tags($sName); $sName = trim($sName); $sEmail = strip_tags($sEmail); $sEmail = trim($sEmail); $sUserName = strip_tags($sUserName); $sUserName = trim($sUserName); // Checks for legit data if (!osc_validate_email($sEmail, true)) { osc_add_flash_warning_message(_m("Email invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } if (!osc_validate_username($sUserName)) { osc_add_flash_warning_message(_m("Username invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } if ($sName == '') { osc_add_flash_warning_message(_m("Name invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } if ($sPassword == '') { osc_add_flash_warning_message(_m("Password invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } $admin = $this->adminManager->findByEmail($sEmail); if ($admin) { osc_add_flash_warning_message(_m("Email already in use"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } $admin = $this->adminManager->findByUsername($sUserName); if ($admin) { osc_add_flash_warning_message(_m("Username already in use"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } $array = array('s_password' => sha1($sPassword), 's_name' => $sName, 's_email' => $sEmail, 's_username' => $sUserName); $isInserted = $this->adminManager->insert($array); if ($isInserted) { osc_add_flash_ok_message(_m('The admin has been added'), 'admin'); } else { osc_add_flash_error_message(_m('There have been an error adding a new admin'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); break; case 'edit': // calling edit admin view $adminEdit = null; $adminId = Params::getParam('id'); if ($adminId != '') { $adminEdit = $this->adminManager->findByPrimaryKey((int) $adminId); } elseif (Session::newInstance()->_get('adminId') != '') { $adminEdit = $this->adminManager->findByPrimaryKey(Session::newInstance()->_get('adminId')); } if (count($adminEdit) == 0) { osc_add_flash_error_message(_m('There is no admin admin with this id'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } $this->_exportVariableToView("admin", $adminEdit); $this->doView('admins/frm.php'); break; case 'edit_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } // updating a new admin $iUpdated = 0; $adminId = Params::getParam('id'); $sPassword = Params::getParam('s_password', false, false); $sPassword2 = Params::getParam('s_password2', false, false); $sOldPassword = Params::getParam('old_password', false, false); $sName = Params::getParam('s_name'); $sEmail = Params::getParam('s_email'); $sUserName = Params::getParam('s_username'); // cleaning parameters $sPassword = strip_tags($sPassword); $sPassword = trim($sPassword); $sPassword2 = strip_tags($sPassword2); $sPassword2 = trim($sPassword2); $sName = strip_tags($sName); $sName = trim($sName); $sEmail = strip_tags($sEmail); $sEmail = trim($sEmail); $sUserName = strip_tags($sUserName); $sUserName = trim($sUserName); // Checks for legit data if (!osc_validate_email($sEmail, true)) { osc_add_flash_warning_message(_m("Email invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } if (!osc_validate_username($sUserName)) { osc_add_flash_warning_message(_m("Username invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } if ($sName == '') { osc_add_flash_warning_message(_m("Name invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } $aAdmin = $this->adminManager->findByPrimaryKey($adminId); if (count($aAdmin) == 0) { osc_add_flash_error_message(_m("This admin doesn't exist"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } if ($aAdmin['s_email'] != $sEmail) { if ($this->adminManager->findByEmail($sEmail)) { osc_add_flash_warning_message(_m('Existing email'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } } if ($aAdmin['s_username'] != $sUserName) { if ($this->adminManager->findByUsername($sUserName)) { osc_add_flash_warning_message(_m('Existing username'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } } $conditions = array('pk_i_id' => $adminId); $array = array(); if (osc_logged_admin_id() == $adminId) { if ($sOldPassword != '') { if ($sPassword == '') { osc_add_flash_warning_message(_m("Password invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } else { $firstCondition = sha1($sOldPassword) == $aAdmin['s_password']; $secondCondition = $sPassword == $sPassword2; if ($firstCondition && $secondCondition) { $array['s_password'] = sha1($sPassword); } else { osc_add_flash_warning_message(_m("The password couldn't be updated. Passwords don't match"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } } } } else { if ($sPassword != '' && $sPassword == $sPassword2) { $array['s_password'] = sha1($sPassword); } else { osc_add_flash_warning_message(_m("The password couldn't be updated. Passwords don't match"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } } $array['s_name'] = Params::getParam('s_name'); $array['s_username'] = $sUserName; $array['s_email'] = $sEmail; $iUpdated = $this->adminManager->update($array, $conditions); if ($iUpdated > 0) { osc_add_flash_ok_message(_m('The admin has been updated'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); break; case 'delete': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } // deleting and admin $isDeleted = false; $adminId = Params::getParam('id'); if (!is_array($adminId)) { osc_add_flash_error_message(_m("The admin id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } // Verification to avoid an administrator trying to remove to itself if (in_array(Session::newInstance()->_get('adminId'), $adminId)) { osc_add_flash_error_message(_m("The operation hasn't been completed. You're trying to remove yourself!"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } $isDeleted = $this->adminManager->deleteBatch($adminId); if ($isDeleted) { osc_add_flash_ok_message(_m('The admin has been deleted correctly'), 'admin'); } else { osc_add_flash_error_message(_m('The admin couldn\'t be deleted'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); break; default: // calling manage admins view $admins = $this->adminManager->listAll(); $this->_exportVariableToView('admins', $admins); $this->doView('admins/index.php'); break; } }
function doModel() { //specific things for this class switch ($this->action) { case 'bulk_actions': break; case 'regions': //Return regions given a countryId $regions = Region::newInstance()->findByCountry(Params::getParam("countryId")); echo json_encode($regions); break; case 'cities': //Returns cities given a regionId $cities = City::newInstance()->findByRegion(Params::getParam("regionId")); echo json_encode($cities); break; case 'location': // This is the autocomplete AJAX $cities = City::newInstance()->ajax(Params::getParam("term")); foreach ($cities as $k => $city) { $cities[$k]['label'] = $city['label'] . " (" . $city['region'] . ")"; } echo json_encode($cities); break; case 'location_countries': // This is the autocomplete AJAX $countries = Country::newInstance()->ajax(Params::getParam("term")); echo json_encode($countries); break; case 'location_regions': // This is the autocomplete AJAX $regions = Region::newInstance()->ajax(Params::getParam("term"), Params::getParam("country")); echo json_encode($regions); break; case 'location_cities': // This is the autocomplete AJAX $cities = City::newInstance()->ajax(Params::getParam("term"), Params::getParam("region")); echo json_encode($cities); break; case 'delete_image': // Delete images via AJAX $id = Params::getParam('id'); $item = Params::getParam('item'); $code = Params::getParam('code'); $secret = Params::getParam('secret'); $json = array(); if (Session::newInstance()->_get('userId') != '') { $userId = Session::newInstance()->_get('userId'); $user = User::newInstance()->findByPrimaryKey($userId); } else { $userId = null; $user = null; } // Check for required fields if (!(is_numeric($id) && is_numeric($item) && preg_match('/^([a-z0-9]+)$/i', $code))) { $json['success'] = false; $json['msg'] = _m("The selected photo couldn't be deleted, the url doesn't exist"); echo json_encode($json); return false; } $aItem = Item::newInstance()->findByPrimaryKey($item); // Check if the item exists if (count($aItem) == 0) { $json['success'] = false; $json['msg'] = _m("The listing doesn't exist"); echo json_encode($json); return false; } if (!osc_is_admin_user_logged_in()) { // Check if the item belong to the user if ($userId != null && $userId != $aItem['fk_i_user_id']) { $json['success'] = false; $json['msg'] = _m("The listing doesn't belong to you"); echo json_encode($json); return false; } // Check if the secret passphrase match with the item if ($userId == null && $aItem['fk_i_user_id'] == null && $secret != $aItem['s_secret']) { $json['success'] = false; $json['msg'] = _m("The listing doesn't belong to you"); echo json_encode($json); return false; } } // Does id & code combination exist? $result = ItemResource::newInstance()->existResource($id, $code); if ($result > 0) { $resource = ItemResource::newInstance()->findByPrimaryKey($id); if ($resource['fk_i_item_id'] == $item) { // Delete: file, db table entry if (defined(OC_ADMIN)) { osc_deleteResource($id, true); Log::newInstance()->insertLog('ajax', 'deleteimage', $id, $id, 'admin', osc_logged_admin_id()); } else { osc_deleteResource($id, false); Log::newInstance()->insertLog('ajax', 'deleteimage', $id, $id, 'user', osc_logged_user_id()); } ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $item, 's_name' => $code)); $json['msg'] = _m('The selected photo has been successfully deleted'); $json['success'] = 'true'; } else { $json['msg'] = _m("The selected photo does not belong to you"); $json['success'] = 'false'; } } else { $json['msg'] = _m("The selected photo couldn't be deleted"); $json['success'] = 'false'; } echo json_encode($json); return true; break; case 'alerts': // Allow to register to an alert given (not sure it's used on admin) $alert = Params::getParam("alert"); $email = Params::getParam("email"); $userid = Params::getParam("userid"); if ($alert != '' && $email != '') { if (osc_validate_email($email)) { $secret = osc_genRandomPassword(); if ($alertID = Alerts::newInstance()->createAlert($userid, $email, $alert, $secret)) { if ((int) $userid > 0) { $user = User::newInstance()->findByPrimaryKey($userid); if ($user['b_active'] == 1 && $user['b_enabled'] == 1) { Alerts::newInstance()->activate($alertID); echo '1'; return true; } else { echo '-1'; return false; } } else { $aAlert = Alerts::newInstance()->findByPrimaryKey($alertID); osc_run_hook('hook_email_alert_validation', $aAlert, $email, $secret); } echo "1"; } else { echo "0"; } return true; } else { echo '-1'; return false; } } echo '0'; return false; break; case 'runhook': // run hooks $hook = Params::getParam('hook'); if ($hook == '') { echo json_encode(array('error' => 'hook parameter not defined')); break; } switch ($hook) { case 'item_form': osc_run_hook('item_form', Params::getParam('catId')); break; case 'item_edit': $catId = Params::getParam("catId"); $itemId = Params::getParam("itemId"); osc_run_hook("item_edit", $catId, $itemId); break; default: osc_run_hook('ajax_' . $hook); break; } break; case 'custom': // Execute via AJAX custom file $ajaxFile = Params::getParam("ajaxfile"); if ($ajaxFile == '') { echo json_encode(array('error' => 'no action defined')); break; } // valid file? if (stripos($ajaxFile, '../') !== false) { echo json_encode(array('error' => 'no valid ajaxFile')); break; } if (!file_exists(osc_plugins_path() . $ajaxFile)) { echo json_encode(array('error' => "ajaxFile doesn't exist")); break; } require_once osc_plugins_path() . $ajaxFile; break; case 'check_username_availability': $username = osc_sanitize_username(Params::getParam('s_username')); if (!osc_is_username_blacklisted($username)) { $user = User::newInstance()->findByUsername($username); if (isset($user['s_username'])) { echo json_encode(array('exists' => 1, 's_username' => $username)); } else { echo json_encode(array('exists' => 0, 's_username' => $username)); } } else { echo json_encode(array('exists' => 1, 's_username' => $username)); } break; default: echo json_encode(array('error' => __('no action defined'))); break; } // clear all keep variables into session Session::newInstance()->_dropKeepForm(); Session::newInstance()->_clearVariables(); }
function doModel() { parent::doModel(); //specific things for this class switch ($this->action) { case 'bulk_actions': $id = Params::getParam('id'); if ($id) { switch (Params::getParam('bulk_actions')) { case 'delete_all': $this->itemCommentManager->delete(array(DB_CUSTOM_COND => 'pk_i_id IN (' . implode(', ', $id) . ')')); foreach ($id as $_id) { $iUpdated = $this->itemCommentManager->delete(array('pk_i_id' => $_id)); osc_add_hook("delete_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been deleted'), 'admin'); break; case 'activate_all': foreach ($id as $_id) { $iUpdated = $this->itemCommentManager->update(array('b_active' => 1), array('pk_i_id' => $_id)); if ($iUpdated) { $this->sendCommentActivated($_id); } osc_add_hook("activate_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been approved'), 'admin'); break; case 'deactivate_all': foreach ($id as $_id) { $this->itemCommentManager->update(array('b_active' => 0), array('pk_i_id' => $_id)); osc_add_hook("deactivate_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been disapproved'), 'admin'); break; case 'enable_all': foreach ($id as $_id) { $iUpdated = $this->itemCommentManager->update(array('b_enabled' => 1), array('pk_i_id' => $_id)); if ($iUpdated) { $this->sendCommentActivated($_id); } osc_add_hook("enable_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been unblocked'), 'admin'); break; case 'disable_all': foreach ($id as $_id) { $this->itemCommentManager->update(array('b_enabled' => 0), array('pk_i_id' => $_id)); osc_add_hook("disable_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been blocked'), 'admin'); break; } } $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; case 'status': $id = Params::getParam('id'); $value = Params::getParam('value'); if (!$id) { return false; } $id = (int) $id; if (!is_numeric($id)) { return false; } if (!in_array($value, array('ACTIVE', 'INACTIVE', 'ENABLE', 'DISABLE'))) { return false; } if ($value == 'ACTIVE') { $iUpdated = $this->itemCommentManager->update(array('b_active' => 1), array('pk_i_id' => $id)); if ($iUpdated) { $this->sendCommentActivated($id); } osc_add_hook("activate_comment", $id); osc_add_flash_ok_message(_m('The comment has been approved'), 'admin'); } else { if ($value == 'INACTIVE') { $iUpdated = $this->itemCommentManager->update(array('b_active' => 0), array('pk_i_id' => $id)); osc_add_hook("deactivate_comment", $id); osc_add_flash_ok_message(_m('The comment has been disapproved'), 'admin'); } else { if ($value == 'ENABLE') { $iUpdated = $this->itemCommentManager->update(array('b_enabled' => 1), array('pk_i_id' => $id)); osc_add_hook("enable_comment", $id); osc_add_flash_ok_message(_m('The comment has been enabled'), 'admin'); } else { if ($value == 'DISABLE') { $iUpdated = $this->itemCommentManager->update(array('b_enabled' => 0), array('pk_i_id' => $id)); osc_add_hook("disable_comment", $id); osc_add_flash_ok_message(_m('The comment has been disabled'), 'admin'); } } } } $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; case 'comment_edit': $comment = ItemComment::newInstance()->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('comment', $comment); $this->doView('comments/frm.php'); break; case 'comment_edit_post': $msg = ''; if (!osc_validate_email(Params::getParam('authorEmail'), true)) { $msg .= _m('Email is not correct') . "<br/>"; } if (!osc_validate_text(Params::getParam('body'), 1, true)) { $msg .= _m('Comment is required') . "<br/>"; } if ($msg != '') { osc_add_flash_error_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=comments&action=comment_edit&id=" . Params::getParam('id')); } $this->itemCommentManager->update(array('s_title' => Params::getParam('title'), 's_body' => Params::getParam('body'), 's_author_name' => Params::getParam('authorName'), 's_author_email' => Params::getParam('authorEmail')), array('pk_i_id' => Params::getParam('id'))); osc_run_hook('edit_comment', Params::getParam('id')); osc_add_flash_ok_message(_m('Great! We just updated your comment'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; case 'delete': $this->itemCommentManager->deleteByPrimaryKey(Params::getParam('id')); osc_add_flash_ok_message(_m('The comment has been deleted'), 'admin'); osc_run_hook('delete_comment', Params::getParam('id')); $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; default: if (Params::getParam('iDisplayLength') == '') { Params::setParam('iDisplayLength', 10); } // showAll == '' // -> show all comments filtered // showAll != '' // -> show comments which are not // -> diplayed at frontend if (Params::getParam('showAll') == '' || Params::getParam('showAll') == '1') { Params::setParam('showAll', true); } else { Params::setParam('showAll', false); } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); require_once osc_admin_base_path() . 'ajax/comments_processing.php'; $params = Params::getParamsAsArray("get"); $comments_processing = new CommentsProcessingAjax($params); $aData = $comments_processing->result($params); $page = (int) Params::getParam('iPage'); if (count($aData['aaData']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . $_SERVER['QUERY_STRING']; if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aComments', $aData); $this->doView('comments/index.php'); break; } }
function add() { $success = 0; $error = false; if (!$error && osc_recaptcha_private_key() != '' && !$this->is_admin) { if (!osc_check_recaptcha()) { $error = 4; } } if (!$error && Params::getParam('s_password', false, false) == '') { $error = 6; } if (!$error && Params::getParam('s_password', false, false) != Params::getParam('s_password2', false, false)) { $error = 7; } $input = $this->prepareData(true); if (!$error && !osc_validate_email($input['s_email'])) { $error = 5; } $email_taken = $this->manager->findByEmail($input['s_email']); if (!$error && $email_taken != null) { osc_run_hook('register_email_taken', $input['s_email']); $error = 3; } if (!$error && $input['s_username'] != '') { $username_taken = $this->manager->findByUsername($input['s_username']); if (!$error && $username_taken != null) { $error = 8; } if (osc_is_username_blacklisted($input['s_username'])) { $error = 9; } } // hook pre add or edit osc_run_hook('pre_user_post'); if (is_numeric($error) && $error > 0) { osc_run_hook('user_register_failed', $error); return $error; } $this->manager->insert($input); $userId = $this->manager->dao->insertedId(); if ($input['s_username'] == '') { $this->manager->update(array('s_username' => $userId), array('pk_i_id' => $userId)); } if (is_array(Params::getParam('s_info'))) { foreach (Params::getParam('s_info') as $key => $value) { $this->manager->updateDescription($userId, $key, $value); } } Log::newInstance()->insertLog('user', 'add', $userId, $input['s_email'], $this->is_admin ? 'admin' : 'user', $this->is_admin ? osc_logged_admin_id() : $userId); // update items with s_contact_email the same as new user email $aItems = Item::newInstance()->findByEmail($input['s_email']); foreach ($aItems as $aux) { if (Item::newInstance()->update(array('fk_i_user_id' => $userId, 's_contact_name' => $input['s_name']), array('pk_i_id' => $aux['pk_i_id']))) { $this->manager->increaseNumItems($userId); } } // update alerts user id with the same email $aAlerts = Alerts::newInstance()->findByEmail($input['s_email']); foreach ($aAlerts as $aux) { Alerts::newInstance()->update(array('fk_i_user_id' => $userId), array('s_email' => $input['s_email'])); } $user = $this->manager->findByPrimaryKey($userId); if (osc_notify_new_user() && !$this->is_admin) { osc_run_hook('hook_email_admin_new_user', $user); } if (osc_user_validation_enabled() && !$this->is_admin) { osc_run_hook('hook_email_user_validation', $user, $input); $success = 1; } else { $this->manager->update(array('b_active' => '1'), array('pk_i_id' => $userId)); $success = 2; } osc_run_hook('user_register_completed', $userId); return $success; }
function doModel() { parent::doModel(); //specific things for this class switch ($this->action) { case 'bulk_actions': $id = Params::getParam('id'); if ($id) { switch (Params::getParam('bulk_actions')) { case 'delete_all': $this->itemCommentManager->delete(array(DB_CUSTOM_COND => 'pk_i_id IN (' . implode(', ', $id) . ')')); foreach ($id as $_id) { $iUpdated = $this->itemCommentManager->delete(array('pk_i_id' => $_id)); osc_add_hook("delete_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been deleted'), 'admin'); break; case 'activate_all': foreach ($id as $_id) { $iUpdated = $this->itemCommentManager->update(array('b_active' => 1), array('pk_i_id' => $_id)); if ($iUpdated) { $this->sendCommentActivated($_id); } osc_add_hook("activate_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been approved'), 'admin'); break; case 'deactivate_all': foreach ($id as $_id) { $this->itemCommentManager->update(array('b_active' => 0), array('pk_i_id' => $_id)); osc_add_hook("deactivate_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been disapproved'), 'admin'); break; case 'enable_all': foreach ($id as $_id) { $iUpdated = $this->itemCommentManager->update(array('b_enabled' => 1), array('pk_i_id' => $_id)); if ($iUpdated) { $this->sendCommentActivated($_id); } osc_add_hook("enable_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been approved'), 'admin'); break; case 'disable_all': foreach ($id as $_id) { $this->itemCommentManager->update(array('b_enabled' => 0), array('pk_i_id' => $_id)); osc_add_hook("disable_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been disapproved'), 'admin'); break; } } $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; case 'status': $id = Params::getParam('id'); $value = Params::getParam('value'); if (!$id) { return false; } $id = (int) $id; if (!is_numeric($id)) { return false; } if (!in_array($value, array('ACTIVE', 'INACTIVE', 'ENABLE', 'DISABLE'))) { return false; } if ($value == 'ACTIVE') { $iUpdated = $this->itemCommentManager->update(array('b_active' => 1), array('pk_i_id' => $id)); if ($iUpdated) { $this->sendCommentActivated($id); } osc_add_hook("activate_comment", $id); osc_add_flash_ok_message(_m('The comment has been approved'), 'admin'); } else { if ($value == 'INACTIVE') { $iUpdated = $this->itemCommentManager->update(array('b_active' => 0), array('pk_i_id' => $id)); osc_add_hook("deactivate_comment", $id); osc_add_flash_ok_message(_m('The comment has been disapproved'), 'admin'); } else { if ($value == 'ENABLE') { $iUpdated = $this->itemCommentManager->update(array('b_enabled' => 1), array('pk_i_id' => $id)); osc_add_hook("enable_comment", $id); osc_add_flash_ok_message(_m('The comment has been enabled'), 'admin'); } else { if ($value == 'DISABLE') { $iUpdated = $this->itemCommentManager->update(array('b_enabled' => 0), array('pk_i_id' => $id)); osc_add_hook("disable_comment", $id); osc_add_flash_ok_message(_m('The comment has been disabled'), 'admin'); } } } } $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; case 'comment_edit': $comment = ItemComment::newInstance()->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('comment', $comment); $this->doView('comments/frm.php'); break; case 'comment_edit_post': $msg = ''; if (!osc_validate_email(Params::getParam('authorEmail'), true)) { $msg .= _m('Email is not correct') . "<br/>"; } if (!osc_validate_text(Params::getParam('body'), 1, true)) { $msg .= _m('Comment is required') . "<br/>"; } if ($msg != '') { osc_add_flash_error_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=comments&action=comment_edit&id=" . Params::getParam('id')); } $this->itemCommentManager->update(array('s_title' => Params::getParam('title'), 's_body' => Params::getParam('body'), 's_author_name' => Params::getParam('authorName'), 's_author_email' => Params::getParam('authorEmail')), array('pk_i_id' => Params::getParam('id'))); osc_run_hook('edit_comment', Params::getParam('id')); osc_add_flash_ok_message(_m('Great! We just updated your comment'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; case 'delete': $this->itemCommentManager->deleteByPrimaryKey(Params::getParam('id')); osc_add_flash_ok_message(_m('The comment have been deleted'), 'admin'); osc_run_hook('delete_comment', Params::getParam('id')); $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; default: if (Params::getParam('id') != '') { $comments = $this->itemCommentManager->getAllComments(Params::getParam('id')); } else { $comments = $this->itemCommentManager->getAllComments(); } $this->_exportVariableToView('comments', $comments); $this->doView('comments/index.php'); break; } }