public function add($id, $profile = FALSE)
{
if ($id != get_user()->get_id()) {
$this->load->model('ProfileUserModel');
$this->ProfileUserModel->add_friend($id, get_user()->get_id());
// Set status message
set_status_message('Friend have been added');
}
if ($profile) {
return redirect(profile_route($id));
}
return redirect('friends');
}
public function index()
{
if ($_POST) {
//gets the interests from the request
$interests = $this->input->post('interests');
//explodes the string into array
$interests = procesTags($interests);
//update interest in database
$this->load->Model('InterestUserModel');
$this->InterestUserModel->update_interests($interests, get_user()->get_id());
// Set status message
set_status_message('Your interests have been saved');
//redirect to profile main page
return redirect(settings_route());
}
$this->load->model('InterestUserModel');
$data['interests'] = $this->InterestUserModel->user_interests_toString(get_user()->get_id());
$data['action'] = interests_edit_route();
$data['submit_value'] = "Save";
//default fallback
$this->template->load('settings/addInterestView', $data);
}
public function edit($id = "")
{
// Should work with is_admin -> should be allowed to change settings for everyone
if ($_POST) {
//Post request
// Set delimiters - hide this away (extend controller etc...)
$this->form_validation->set_error_delimiters('<span class="error">', '</span>');
//validate form
if ($this->form_validation->run('updateprofile')) {
//get the values from the form
$id = $this->input->post('id');
$email = $this->input->post('email');
$firstname = $this->input->post('firstname');
$lastname = $this->input->post('lastname');
$city = $this->input->post('city');
$zip = $this->input->post('zip');
$country = $this->input->post('country');
//updates the user
$this->load->model('user/UserModel', 'UserModel');
$this->UserModel->update($id, array('firstname' => $firstname, 'lastname' => $lastname, 'city' => $city, 'zip' => $zip, 'country' => $country));
//success confirm message to user
set_status_message('Your changes have been saved');
//redirects
return redirect(settings_route());
}
}
//Set userid
$userid = get_user()->get_id();
//check if id is sent with request and set userid
if ($id != "") {
$userid = $id;
}
// Get authenticated user by email
$this->load->model('user/UserModel', 'UserModel');
$viewdata['user'] = $this->UserModel->get_by_id($userid);
// default fallback
$this->template->load('settings/edit', $viewdata);
}
function update_404redirect()
{
$data = array('error' => array(), 'data' => array('rid' => intval($_POST['rid']), 'alias' => clean_slweg($_POST['alias']), 'id' => trim($_POST['id']) === '' ? '' : intval($_POST['id']), 'aid' => trim($_POST['aid']) === '' || !intval($_POST['aid']) ? '' : intval($_POST['aid']), 'type' => empty($_POST['type']) || !in_array($_POST['type'], array('alias', 'id', 'aid', 'link')) ? '' : clean_slweg($_POST['type']), 'active' => empty($_POST['active']) ? 0 : 1, 'shortcut' => empty($_POST['shortcut']) ? 0 : 1, 'code' => empty($_POST['code']) || !in_array($_POST['code'], array('301', '307', '404', '401', '503')) ? '' : clean_slweg($_POST['code']), 'target' => clean_slweg($_POST['target']), 'changed' => date('Y-m-d H:i:s')));
if (!$data['data']['aid'] && !$data['data']['alias'] && $data['data']['id'] == '' && !isset($_POST['delete_' . md5($data['data']['rid'])])) {
$data['error'][] = $GLOBALS['BL']['be_redirect_error1'];
}
if ($data['data']['type'] && $data['data']['target'] === '') {
$data['error'][] = $GLOBALS['BL']['be_redirect_error2'];
} elseif (($data['data']['type'] == 'id' || $data['data']['type'] == 'aid') && !is_intval($data['data']['target'])) {
$data['error'][] = $GLOBALS['BL']['be_redirect_error3'];
}
if (count($data['error'])) {
$data['data']['active'] = 0;
set_status_message(implode('<br />', $data['error']), 'error');
} else {
$data['error'] = NULL;
$rid = $data['data']['rid'];
unset($data['data']['rid']);
if ($rid) {
// Mark for deletion
if (isset($_POST['delete_' . md5($rid)])) {
$data['data']['active'] = 9;
$result = _dbQuery('DELETE FROM ' . DB_PREPEND . 'phpwcms_redirect WHERE rid=' . $rid, 'DELETE');
} else {
$result = _dbUpdate('phpwcms_redirect', $data['data'], 'rid=' . $rid);
}
} else {
$result = _dbInsert('phpwcms_redirect', $data['data']);
if (isset($result['INSERT_ID'])) {
$rid = $result['INSERT_ID'];
}
}
$data['data']['rid'] = $rid;
if ($result) {
if ($data['data']['active'] == 9) {
set_status_message(str_replace('{ID}', $data['data']['rid'], $GLOBALS['BL']['be_action_deleted']), 'success');
headerRedirect('phpwcms.php?' . get_token_get_string('csrftoken') . '&do=admin&p=14');
} else {
set_status_message($GLOBALS['BL']['be_successfully_saved'], 'success');
}
} else {
set_status_message($GLOBALS['BL']['be_error_while_save'], 'error');
}
}
return $data;
}
}
if (!empty($_POST['status_send'])) {
$plugin['order_status'][] = 'SENT';
}
if (!empty($_POST['status_back'])) {
$plugin['order_status'][] = 'RETURN';
}
if (!empty($_POST['status_done'])) {
$plugin['order_status'][] = 'COMPLETED';
}
$plugin['order_status'] = implode('-', $plugin['order_status']);
if ($plugin['order_status'] == '') {
$plugin['order_status'] = 'NEW-ORDER';
}
$sql = 'UPDATE ' . DB_PREPEND . "phpwcms_shop_orders SET order_status='" . aporeplace($plugin['order_status']) . "' ";
$sql .= "WHERE order_id=" . intval($_POST['order_status']);
if (_dbQuery($sql, 'UPDATE')) {
set_status_message($BLM['shopprod_status_msg'], 'success');
}
}
$sql = 'SELECT *, UNIX_TIMESTAMP(order_date) AS order_date_unix FROM ' . DB_PREPEND . 'phpwcms_shop_orders ';
$sql .= "WHERE order_id = " . intval($_GET['show']);
$plugin['data'] = _dbQuery($sql);
if (isset($plugin['data'][0])) {
$plugin['data'] = $plugin['data'][0];
$plugin['data']['order_data'] = @unserialize($plugin['data']['order_data']);
} else {
headerRedirect(shop_url('controller=order', ''));
}
$BLM['shopprod_payby_INVOICE'] = $BLM['shopprod_payby_onbill'];
}
$sql = "UPDATE " . DB_PREPEND . "phpwcms_article SET " . "article_cid=" . $article["article_catid"] . "," . "article_title=" . _dbEscape($article["article_title"]) . ", " . "article_alias=" . _dbEscape($article["article_alias"]) . ", " . "article_keyword=" . _dbEscape($article["article_keyword"]) . ", " . "article_aktiv=" . $article["article_aktiv"] . ", " . "article_begin=" . _dbEscape($article["article_begin"]) . ", " . "article_end=" . _dbEscape($article["article_end"]) . ", " . "article_subtitle=" . _dbEscape($article["article_subtitle"]) . ", " . "article_summary=" . _dbEscape($article["article_summary"]) . ", " . "article_redirect=" . _dbEscape($article["article_redirect"]) . ", " . "article_sort=" . _dbEscape($article["article_sort"]) . ", " . "article_username="******"article_username"]) . ", " . "article_notitle=" . $article["article_notitle"] . ", " . "article_hidesummary=" . $article["article_hidesummary"] . ", " . "article_image=" . _dbEscape(serialize($article['image'])) . ", " . "article_cache=" . _dbEscape($article["article_timeout"]) . ", " . "article_nosearch=" . _dbEscape($article['article_nosearch']) . ", " . "article_nositemap=" . $article['article_nositemap'] . ", " . "article_aliasid=" . $article['article_aliasid'] . ", " . "article_headerdata=" . $article['article_headerdata'] . ", " . "article_morelink=" . $article['article_morelink'] . ", " . "article_noteaser=" . $article['article_noteaser'] . ", " . "article_pagetitle=" . _dbEscape($article['article_pagetitle']) . ", " . "article_paginate=" . $article['article_paginate'] . ", " . "article_priorize=" . $article['article_priorize'] . ", " . "article_norss=" . $article['article_norss'] . ", " . "article_archive_status=" . $article['article_archive_status'] . ", " . "article_menutitle=" . _dbEscape($article["article_menutitle"]) . "," . "article_description=" . _dbEscape($article["article_description"]) . ", " . "article_lang=" . _dbEscape($article["article_lang"]) . ", " . "article_lang_type=" . _dbEscape($article["article_lang_type"]) . ", " . "article_lang_id=" . _dbEscape($article["article_lang_id"]) . ", " . "article_opengraph=" . $article["article_opengraph"] . ', ' . "article_canonical=" . _dbEscape($article["article_canonical"]);
if ($_SESSION["wcs_user_admin"]) {
$sql .= ", article_uid=" . $article["article_uid"];
}
$sql .= " WHERE article_id=" . $article["article_id"];
$result = _dbQuery($sql, 'UPDATE');
}
if ($result) {
update_cache();
// set cache timeout = 0
_dbSaveCategories($article["article_keyword"], 'article', $article["article_id"], ',');
$update = isset($_POST['updatesubmit']) ? '&aktion=1' : '';
headerRedirect(PHPWCMS_URL . 'phpwcms.php?do=articles&p=2&s=1' . $update . '&id=' . $article["article_id"]);
}
} else {
set_status_message($BL['be_admin_usr_err'] . ': ' . implode(', ', $article_err), 'warning');
}
}
// check if it is recommend to overwrite template defaults
if (!isset($article["acat_overwrite"])) {
if ($article['article_catid']) {
$article["acat_overwrite"] = _dbGet('phpwcms_articlecat', 'acat_overwrite', 'acat_trash != 9 AND acat_id = ' . $article['article_catid'], '', '', 1);
$article["acat_overwrite"] = empty($article["acat_overwrite"][0]['acat_overwrite']) ? '' : $article["acat_overwrite"][0]['acat_overwrite'];
} elseif ($article['article_catid'] === 0 && !empty($indexpage['acat_overwrite'])) {
$article["acat_overwrite"] = $indexpage['acat_overwrite'];
} else {
$article["acat_overwrite"] = '';
}
}
// include template defaults which should be overwritten by custom settings
if ($article["acat_overwrite"] && is_file(PHPWCMS_TEMPLATE . 'inc_settings/template_default/' . $article["acat_overwrite"])) {
$login_passed = 1;
}
mysql_free_result($result);
}
if ($login_passed) {
// Store login information in DB
$check = mysql_query("SELECT COUNT(*) FROM " . DB_PREPEND . "phpwcms_userlog WHERE logged_user='******' AND logged_in=1", $db);
if ($row = mysql_fetch_row($check)) {
if (!$row[0]) {
// User not yet logged in, create new
mysql_query("INSERT INTO " . DB_PREPEND . "phpwcms_userlog " . "(logged_user, logged_username, logged_start, logged_change, " . "logged_in, logged_ip) VALUES ('" . aporeplace($wcs_user) . "', '" . aporeplace($_SESSION["wcs_user_name"]) . "', " . time() . ", " . time() . ", 1, '" . aporeplace(getRemoteIP()) . "')", $db);
}
}
mysql_free_result($check);
$_SESSION['PHPWCMS_ROOT'] = PHPWCMS_ROOT;
set_status_message('Welcome ' . $wcs_user . '!');
if ($ref_url) {
if (($token_position = strpos($ref_url, 'csrftoken')) !== false) {
$ref_url = substr_replace($ref_url, '', $token_position, 42);
$ref_url = str_replace('?&', '?', $ref_url);
$ref_url = str_replace('&&', '&', $ref_url);
}
$backend_redirect = $ref_url . '&';
} else {
$backend_redirect = PHPWCMS_URL . 'phpwcms.php?';
}
headerRedirect($backend_redirect . get_token_get_string('csrftoken') . '&' . session_name() . '=' . session_id());
} else {
$err = 1;
}
} elseif (isset($_POST['json']) && intval($_POST['json']) != 1) {
if ($plugin['id'] && !isset($plugin['error'])) {
$plugin['data'] = _dbGet('phpwcms_content', '*', 'cnt_status!=9 AND cnt_module=' . _dbEscape(MODULE_KEY) . ' AND cnt_id=' . $plugin['id']);
if (isset($plugin['data'][0])) {
$plugin['data'] = $plugin['data'][0];
$plugin['data']['cnt_object'] = @unserialize($plugin['data']['cnt_object']);
$plugin['data']['id'] = $plugin['data']['cnt_id'];
if (count($plugin['data']['cnt_object'])) {
foreach ($plugin['data']['cnt_object'] as $key => $value) {
$plugin['data']['cnt_object-' . $key] = $value;
}
}
$plugin['fields']['cnt_object-feed_import_trigger_url'] = 'TEXTAREA-DISABLED';
$plugin['data']['cnt_object-feed_import_trigger_url'] = PHPWCMS_URL . 'index.php?feedimport=' . md5($plugin['data']['cnt_id'] . $plugin['data']['cnt_text']);
} else {
$plugin['data'] = false;
set_status_message(sprintf($BLM['error_false_id'], $plugin['id']), 'warning');
headerRedirect(MODULE_HREF_DECODE);
}
}
// default values
if (empty($plugin['data'])) {
$plugin['data'] = array('id' => 0);
foreach ($plugin['fields'] as $key => $value) {
switch ($value) {
case 'RADIO':
case 'HIDDEN':
case 'DATESELECT':
case 'TEXTAREA':
case 'SELECT':
case 'STRING':
$plugin['data'][$key] = '';
function edit()
{
$this->newsId = intval($_GET['cntid']);
$this->data = array();
if (isset($_GET['status'])) {
$status = intval($_GET['status']);
switch ($status) {
case 0:
case 1:
case 9:
_dbUpdate('phpwcms_content', array('cnt_status' => $status), 'cnt_id=' . $this->newsId);
set_status_message($status == 9 ? $this->BL['be_action_deleted'] : $this->BL['be_action_status'], 'success', array('ID' => $this->newsId));
break;
default:
set_status_message($this->BL['be_action_notvalid'], 'warning');
}
headerRedirect($this->base_url_decoded);
}
$start_date = 0;
$end_date = 0;
$this->data = array('cnt_id' => 0, 'cnt_pid' => 0, 'cnt_status' => intval($this->phpwcms['set_news_active']), 'cnt_livedate' => '0000-00-00 00:00:00', 'cnt_killdate' => '0000-00-00 00:00:00', 'cnt_archive_status' => 1, 'cnt_alias' => '', 'cnt_name' => '', 'cnt_title' => '', 'cnt_subtitle' => '', 'cnt_editor' => '', 'cnt_place' => '', 'cnt_teasertext' => '', 'cnt_text' => '', 'cnt_duplicate' => 0, 'cnt_lang' => '', 'cnt_prio' => 0, 'cnt_readmore' => 1, 'cnt_image' => array('id' => 0, 'name' => '', 'zoom' => 0, 'lightbox' => 0, 'caption' => '', 'link' => ''), 'cnt_files' => array('id' => array(), 'caption' => '', 'gallery' => 0, 'gallery_download' => 0), 'cnt_link' => '', 'cnt_linktext' => '', 'cnt_category' => '', 'cnt_livedate' => '', 'cnt_killdate' => '', 'cnt_sort' => 0, 'cnt_opengraph' => empty($this->phpwcms['set_sociallink']['news']) ? 0 : 1, 'cnt_textformat' => 'plain', 'cnt_searchoff' => 0);
// check form post
if (isset($_POST['cnt_name'])) {
$post = $this->getPostData();
$post_error = false;
if (!empty($_POST['cnt_duplicate'])) {
$this->newsId = 0;
$duplicate = 1;
$post['cnt_created'] = now();
} else {
$duplicate = 0;
}
// 1st check if we have a name because it's mandatory
if ($post['cnt_name'] == '') {
$post_error = true;
set_status_message($this->BL['be_news_name_mandatory'], 'warning');
$post['cnt_duplicate'] = $duplicate;
}
// do db work
if ($post_error === false) {
$values = $post;
$values['cnt_object'] = serialize($values['cnt_object']);
$success = false;
// store new dataset
if ($this->newsId == 0) {
$result = _dbInsert('phpwcms_content', $values);
if (isset($result['INSERT_ID'])) {
$this->newsId = $result['INSERT_ID'];
$success = true;
set_status_message($this->BL['be_successfully_saved'] . LF . $post['cnt_name'], 'success');
}
// update existing dataset
} else {
$result = _dbUpdate('phpwcms_content', $values, 'cnt_id=' . $this->newsId);
if ($result != false) {
$success = true;
set_status_message($this->BL['be_successfully_updated'] . LF . $post['cnt_name'], 'success');
}
}
// if success
if ($success) {
// save categories
if ($this->newsId) {
_dbSaveCategories($post['cnt_object']['cnt_category'], 'news', $this->newsId, ',');
}
// redirect to form again
if ($this->newsId && isset($_POST['submit'])) {
headerRedirect($this->base_url_decoded . '&cntid=' . $this->newsId . '&action=edit');
// back to listing
} else {
headerRedirect($this->base_url_decoded);
}
// error while storing data
} else {
set_status_message($BL['be_error_while_save'] . trim(html(' ' . mysql_errno() . ': ' . mysql_error())), 'warning');
}
}
$this->data = array_merge($this->data, $post);
} elseif ($this->newsId > 0) {
$result = _dbGet('phpwcms_content', '*', 'cnt_status!=9 AND cnt_id=' . $this->newsId, '', '', '1');
if (isset($result[0])) {
$result[0]['cnt_object'] = @unserialize($result[0]['cnt_object']);
if (is_array($result[0]['cnt_object']['cnt_image'])) {
$result[0]['cnt_image'] = array_merge($this->data['cnt_image'], $result[0]['cnt_object']['cnt_image']);
}
if (is_array($result[0]['cnt_object']['cnt_files'])) {
$result[0]['cnt_files'] = array_merge($this->data['cnt_files'], $result[0]['cnt_object']['cnt_files']);
}
if (isset($result[0]['cnt_object']['cnt_link'])) {
$result[0]['cnt_link'] = $result[0]['cnt_object']['cnt_link'];
}
if (isset($result[0]['cnt_object']['cnt_linktext'])) {
$result[0]['cnt_linktext'] = $result[0]['cnt_object']['cnt_linktext'];
}
if (isset($result[0]['cnt_object']['cnt_category'])) {
$result[0]['cnt_category'] = $result[0]['cnt_object']['cnt_category'];
}
if (isset($result[0]['cnt_object']['cnt_readmore'])) {
$result[0]['cnt_readmore'] = $result[0]['cnt_object']['cnt_readmore'];
}
if (isset($result[0]['cnt_object']['cnt_textformat'])) {
$result[0]['cnt_textformat'] = $result[0]['cnt_object']['cnt_textformat'];
}
if (isset($result[0]['cnt_object']['cnt_searchoff'])) {
$result[0]['cnt_searchoff'] = $result[0]['cnt_object']['cnt_searchoff'];
}
$this->data = array_merge($this->data, $result[0]);
} else {
set_status_message($this->BL['be_data_select_failed'], 'warning');
headerRedirect($this->base_url_decoded);
}
}
$start_date = strtotime($this->data['cnt_livedate']);
$end_date = strtotime($this->data['cnt_killdate']);
$sort_date = intval($this->data['cnt_sort']);
if ($start_date <= 0) {
$this->data['cnt_livedate'] = '0000-00-00 00:00:00';
$this->data['cnt_date_start'] = '';
$this->data['cnt_time_start'] = '';
} else {
$this->data['cnt_date_start'] = date($this->BL['default_date'], $start_date);
$this->data['cnt_time_start'] = date($this->BL['default_time'], $start_date);
}
if ($end_date <= 0) {
$this->data['cnt_killdate'] = '0000-00-00 00:00:00';
$this->data['cnt_date_end'] = '';
$this->data['cnt_time_end'] = '';
} else {
$this->data['cnt_date_end'] = date($this->BL['default_date'], $end_date);
$this->data['cnt_time_end'] = date($this->BL['default_time'], $end_date);
}
// sort date
if ($sort_date <= 0) {
$this->data['cnt_sort'] = 0;
$this->data['cnt_sort_date'] = '';
$this->data['cnt_sort_time'] = '';
} else {
$this->data['cnt_sort_date'] = date($this->BL['default_date'], $sort_date);
$this->data['cnt_sort_time'] = date($this->BL['default_time'], $sort_date);
}
}
public function changepassword($email = '', $code = '')
{
// If get request with email/code parameters treat it like a post
// This will be the case when people click the link in the email
if ($email != '') {
$_POST['email'] = urldecode($email);
}
if ($code != '') {
$_POST['resetcode'] = $code;
}
// If there is any post data
if ($_POST) {
// Post data is found
$this->load->model("user/ChangePasswordInput");
// Check if input is valid
if ($this->ChangePasswordInput->is_valid()) {
// Try to validate
$this->load->model('user/UserModel');
$success = $this->UserModel->change_password($this->ChangePasswordInput);
if ($success) {
// Set status message
set_status_message('Your password have been changed. Please login');
// Redirct
return redirect(login_route());
}
$this->form_validation->add_error('resetcode', 'The reset code is invalid.');
}
}
// Default fallback
$this->template->load('user/changepassword');
}
