function doModel()
{
switch ($this->action) {
case 'login_post':
//post execution for the login
if (!osc_users_enabled()) {
osc_add_flash_error_message(_m('Users are not enabled'));
$this->redirectTo(osc_base_url());
}
osc_csrf_check();
osc_run_hook('before_validating_login');
// e-mail or/and password is/are empty or incorrect
$wrongCredentials = false;
$email = Params::getParam('email');
$password = Params::getParam('password', false, false);
if ($email == '') {
osc_add_flash_error_message(_m('Please provide an email address'));
$wrongCredentials = true;
}
if ($password == '') {
osc_add_flash_error_message(_m('Empty passwords are not allowed. Please provide a password'));
$wrongCredentials = true;
}
if ($wrongCredentials) {
$this->redirectTo(osc_user_login_url());
}
if (osc_validate_email($email)) {
$user = User::newInstance()->findByEmail($email);
}
if (empty($user)) {
$user = User::newInstance()->findByUsername($email);
}
if (empty($user)) {
osc_add_flash_error_message(_m("The user doesn't exist"));
$this->redirectTo(osc_user_login_url());
}
if (!osc_verify_password($password, isset($user['s_password']) ? $user['s_password'] : '')) {
osc_add_flash_error_message(_m('The password is incorrect'));
$this->redirectTo(osc_user_login_url());
// @TODO if valid user, send email parameter back to the login form
} else {
if (@$user['s_password'] != '') {
if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $user['s_password'], $cost)) {
if ($cost[1] != BCRYPT_COST) {
User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id']));
}
} else {
User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id']));
}
}
}
// e-mail or/and IP is/are banned
$banned = osc_is_banned($email);
// int 0: not banned or unknown, 1: email is banned, 2: IP is banned, 3: both email & IP are banned
if ($banned & 1) {
osc_add_flash_error_message(_m('Your current email is not allowed'));
}
if ($banned & 2) {
osc_add_flash_error_message(_m('Your current IP is not allowed'));
}
if ($banned !== 0) {
$this->redirectTo(osc_user_login_url());
}
osc_run_hook('before_login');
$url_redirect = osc_get_http_referer();
$page_redirect = '';
if (osc_rewrite_enabled()) {
if ($url_redirect != '') {
$request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $url_redirect));
$tmp_ar = explode("?", $request_uri);
$request_uri = $tmp_ar[0];
$rules = Rewrite::newInstance()->listRules();
foreach ($rules as $match => $uri) {
if (preg_match('#' . $match . '#', $request_uri, $m)) {
$request_uri = preg_replace('#' . $match . '#', $uri, $request_uri);
if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) {
$page_redirect = $match[2];
if ($page_redirect == '' || $page_redirect == 'login') {
$url_redirect = osc_user_dashboard_url();
}
}
break;
}
}
}
}
require_once LIB_PATH . 'osclass/UserActions.php';
$uActions = new UserActions(false);
$logged = $uActions->bootstrap_login($user['pk_i_id']);
if ($logged == 0) {
osc_add_flash_error_message(_m("The user doesn't exist"));
} else {
if ($logged == 1) {
if (time() - strtotime($user['dt_access_date']) > 1200) {
// EACH 20 MINUTES
osc_add_flash_error_message(sprintf(_m('The user has not been validated yet. Would you like to re-send your <a href="%s">activation?</a>'), osc_user_resend_activation_link($user['pk_i_id'], $user['s_email'])));
} else {
osc_add_flash_error_message(_m('The user has not been validated yet'));
}
} else {
if ($logged == 2) {
osc_add_flash_error_message(_m('The user has been suspended'));
} else {
if ($logged == 3) {
if (Params::getParam('remember') == 1) {
//this include contains de osc_genRandomPassword function
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$secret = osc_genRandomPassword();
User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id']));
Cookie::newInstance()->set_expires(osc_time_cookie());
Cookie::newInstance()->push('oc_userId', $user['pk_i_id']);
Cookie::newInstance()->push('oc_userSecret', $secret);
Cookie::newInstance()->set();
}
if ($url_redirect == '') {
$url_redirect = osc_user_dashboard_url();
}
osc_run_hook("after_login", $user, $url_redirect);
$this->redirectTo(osc_apply_filter('correct_login_url_redirect', $url_redirect));
} else {
osc_add_flash_error_message(_m('This should never happen'));
}
}
}
}
if (!$user['b_enabled']) {
$this->redirectTo(osc_user_login_url());
}
$this->redirectTo(osc_user_login_url());
break;
case 'resend':
$id = Params::getParam('id');
$email = Params::getParam('email');
$user = User::newInstance()->findByPrimaryKey($id);
if ($id == '' || $email == '' || !isset($user) || $user['b_active'] == 1 || $email != $user['s_email']) {
osc_add_flash_error_message(_m('Incorrect link'));
$this->redirectTo(osc_user_login_url());
}
if (time() - strtotime($user['dt_access_date']) > 1200) {
// EACH 20 MINUTES
if (osc_notify_new_user()) {
osc_run_hook('hook_email_admin_new_user', $user);
}
if (osc_user_validation_enabled()) {
osc_run_hook('hook_email_user_validation', $user, $user);
}
User::newInstance()->update(array('dt_access_date' => date('Y-m-d H:i:s')), array('pk_i_id' => $user['pk_i_id']));
osc_add_flash_ok_message(_m('Validation email re-sent'));
} else {
osc_add_flash_warning_message(_m('We have just sent you an email to validate your account, you will have to wait a few minutes to resend it again'));
}
$this->redirectTo(osc_user_login_url());
break;
case 'recover':
//form to recover the password (in this case we have the form in /gui/)
$this->doView('user-recover.php');
break;
case 'recover_post':
//post execution to recover the password
osc_csrf_check();
require_once LIB_PATH . 'osclass/UserActions.php';
// e-mail is incorrect
if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) {
osc_add_flash_error_message(_m('Invalid email address'));
$this->redirectTo(osc_recover_user_password_url());
}
$userActions = new UserActions(false);
$success = $userActions->recover_password();
switch ($success) {
case 0:
// recover ok
osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password'));
$this->redirectTo(osc_base_url());
break;
case 1:
// e-mail does not exist
osc_add_flash_error_message(_m('We were not able to identify you given the information provided'));
$this->redirectTo(osc_recover_user_password_url());
break;
case 2:
// recaptcha wrong
osc_add_flash_error_message(_m('The recaptcha code is wrong'));
$this->redirectTo(osc_recover_user_password_url());
break;
}
break;
case 'forgot':
//form to recover the password (in this case we have the form in /gui/)
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user) {
$this->doView('user-forgot_password.php');
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
$this->redirectTo(osc_base_url());
}
break;
case 'forgot_post':
osc_csrf_check();
if (Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') {
osc_add_flash_warning_message(_m('Password cannot be blank'));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user['b_enabled'] == 1) {
if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) {
User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => Params::getServerParam('REMOTE_ADDR'), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $user['pk_i_id']));
osc_add_flash_ok_message(_m('The password has been changed'));
$this->redirectTo(osc_user_login_url());
} else {
osc_add_flash_error_message(_m("Error, the password don't match"));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
}
$this->redirectTo(osc_base_url());
break;
default:
//login
Session::newInstance()->_setReferer(osc_get_http_referer());
if (osc_logged_user_id() != '') {
$this->redirectTo(osc_user_dashboard_url());
}
$this->doView('user-login.php');
}
}
<?php
/**
* Show the form to edit a system user.
*
* @package ProjectSend
* @subpackage Users
*
*/
$allowed_levels = array(9, 8, 7);
require_once 'sys.includes.php';
$active_nav = 'users';
$database->MySQLDB();
/** Create the object */
$edit_user = new UserActions();
/** Check if the id parameter is on the URI. */
if (isset($_GET['id'])) {
$user_id = mysql_real_escape_string($_GET['id']);
/**
* Check if the id corresponds to a real user.
* Return 1 if true, 2 if false.
**/
$page_status = user_exists_id($user_id) ? 1 : 2;
} else {
/**
* Return 0 if the id is not set.
*/
$page_status = 0;
}
/**
* Get the user information from the database to use on the form.
function doModel()
{
parent::doModel();
//specific things for this class
switch ($this->action) {
case 'create':
// callign create view
$aCountries = array();
$aRegions = array();
$aCities = array();
$aCountries = Country::newInstance()->listAll();
if (isset($aCountries[0]['pk_c_code'])) {
$aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']);
}
if (isset($aRegions[0]['pk_i_id'])) {
$aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']);
}
$this->_exportVariableToView('user', null);
$this->_exportVariableToView('countries', $aCountries);
$this->_exportVariableToView('regions', $aRegions);
$this->_exportVariableToView('cities', $aCities);
$this->_exportVariableToView('locales', OSCLocale::newInstance()->listAllEnabled());
$this->doView("users/frm.php");
break;
case 'create_post':
// creating the user...
require_once LIB_PATH . 'osclass/UserActions.php';
$userActions = new UserActions(true);
$success = $userActions->add();
switch ($success) {
case 1:
osc_add_flash_ok_message(_m("The user has been created. We've sent an activation e-mail"), 'admin');
break;
case 2:
osc_add_flash_ok_message(_m('The user has been created successfully'), 'admin');
break;
case 3:
osc_add_flash_warning_message(_m('Sorry, but that e-mail is already in use'), 'admin');
break;
case 5:
osc_add_flash_warning_message(_m('The specified e-mail is not valid'), 'admin');
break;
case 6:
osc_add_flash_warning_message(_m('Sorry, the password cannot be empty'), 'admin');
break;
case 7:
osc_add_flash_warning_message(_m("Sorry, passwords don't match"), 'admin');
break;
}
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
case 'edit':
// calling the edit view
$aUser = array();
$aCountries = array();
$aRegions = array();
$aCities = array();
$aUser = $this->userManager->findByPrimaryKey(Params::getParam("id"));
$aCountries = Country::newInstance()->listAll();
$aRegions = array();
if ($aUser['fk_c_country_code'] != '') {
$aRegions = Region::newInstance()->findByCountry($aUser['fk_c_country_code']);
} else {
if (count($aCountries) > 0) {
$aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']);
}
}
$aCities = array();
if ($aUser['fk_i_region_id'] != '') {
$aCities = City::newInstance()->findByRegion($aUser['fk_i_region_id']);
} else {
if (count($aRegions) > 0) {
$aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']);
}
}
$this->_exportVariableToView("user", $aUser);
$this->_exportVariableToView("countries", $aCountries);
$this->_exportVariableToView("regions", $aRegions);
$this->_exportVariableToView("cities", $aCities);
$this->_exportVariableToView("locales", OSCLocale::newInstance()->listAllEnabled());
$this->doView("users/frm.php");
break;
case 'edit_post':
// edit post
require_once LIB_PATH . 'osclass/UserActions.php';
$userActions = new UserActions(true);
$success = $userActions->edit(Params::getParam("id"));
switch ($success) {
case 1:
osc_add_flash_error_message(_m("Passwords don't match"), 'admin');
break;
case 2:
osc_add_flash_ok_message(_m('The user has been updated and activated'), 'admin');
break;
default:
osc_add_flash_ok_message(_m('The user has been updated'), 'admin');
break;
}
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
case 'resend_activation':
//activate
require_once LIB_PATH . 'osclass/UserActions.php';
$iUpdated = 0;
$userId = Params::getParam('id');
if (!is_array($userId)) {
osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
}
$userActions = new UserActions(true);
foreach ($userId as $id) {
$iUpdated += $userActions->resend_activation($id);
}
if ($iUpdated == 0) {
osc_add_flash_error_message(_m('No users have been selected'), 'admin');
} else {
osc_add_flash_ok_message(sprintf(_mn('Activation email sent to one user', 'Activation email sent to %s users', $iUpdated), $iUpdated), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
case 'activate':
//activate
require_once LIB_PATH . 'osclass/UserActions.php';
$iUpdated = 0;
$userId = Params::getParam('id');
if (!is_array($userId)) {
osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
}
$userActions = new UserActions(true);
foreach ($userId as $id) {
$iUpdated += $userActions->activate($id);
}
if ($iUpdated == 0) {
$msg = _m('No users have been activated');
} else {
$msg = sprintf(_mn('One user has been activated', '%s users have been activated', $iUpdated), $iUpdated);
}
osc_add_flash_ok_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
case 'deactivate':
//deactivate
require_once LIB_PATH . 'osclass/UserActions.php';
$iUpdated = 0;
$userId = Params::getParam('id');
if (!is_array($userId)) {
osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
}
$userActions = new UserActions(true);
foreach ($userId as $id) {
$iUpdated += $userActions->deactivate($id);
}
if ($iUpdated == 0) {
$msg = _m('No users have been deactivated');
} else {
$msg = sprintf(_mn('One user has been deactivated', '%s users have been deactivated', $iUpdated), $iUpdated);
}
osc_add_flash_ok_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
case 'enable':
require_once LIB_PATH . 'osclass/UserActions.php';
$iUpdated = 0;
$userId = Params::getParam('id');
if (!is_array($userId)) {
osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
}
$userActions = new UserActions(true);
foreach ($userId as $id) {
$iUpdated += $userActions->enable($id);
}
if ($iUpdated == 0) {
$msg = _m('No users have been enabled');
} else {
$msg = sprintf(_mn('One user has been unblocked', '%s users have been unblocked', $iUpdated), $iUpdated);
}
osc_add_flash_ok_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
case 'disable':
require_once LIB_PATH . 'osclass/UserActions.php';
$iUpdated = 0;
$userId = Params::getParam('id');
if (!is_array($userId)) {
osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
}
$userActions = new UserActions(true);
foreach ($userId as $id) {
$iUpdated += $userActions->disable($id);
}
if ($iUpdated == 0) {
$msg = _m('No users have been disabled');
} else {
$msg = sprintf(_mn('One user has been blocked', '%s users have been blocked', $iUpdated), $iUpdated);
}
osc_add_flash_ok_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
case 'delete':
//delete
$iDeleted = 0;
$userId = Params::getParam('id');
if (!is_array($userId)) {
osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
}
foreach ($userId as $id) {
$user = $this->userManager->findByPrimaryKey($id);
Log::newInstance()->insertLog('user', 'delete', $id, $user['s_email'], 'admin', osc_logged_admin_id());
if ($this->userManager->deleteUser($id)) {
$iDeleted++;
}
}
if ($iDeleted == 0) {
$msg = _m('No users have been deleted');
} else {
$msg = sprintf(_mn('One user has been deleted', '%s users have been deleted', $iDeleted), $iDeleted);
}
osc_add_flash_ok_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
case 'settings':
// calling the users settings view
$this->doView('users/settings.php');
break;
case 'settings_post':
// updating users
$iUpdated = 0;
$enabledUserValidation = Params::getParam('enabled_user_validation');
$enabledUserValidation = $enabledUserValidation != '' ? true : false;
$enabledUserRegistration = Params::getParam('enabled_user_registration');
$enabledUserRegistration = $enabledUserRegistration != '' ? true : false;
$enabledUsers = Params::getParam('enabled_users');
$enabledUsers = $enabledUsers != '' ? true : false;
$notifyNewUser = Params::getParam('notify_new_user');
$notifyNewUser = $notifyNewUser != '' ? true : false;
$iUpdated += Preference::newInstance()->update(array('s_value' => $enabledUserValidation), array('s_name' => 'enabled_user_validation'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $enabledUserRegistration), array('s_name' => 'enabled_user_registration'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $enabledUsers), array('s_name' => 'enabled_users'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $notifyNewUser), array('s_name' => 'notify_new_user'));
if ($iUpdated > 0) {
osc_add_flash_ok_message(_m("User settings have been updated"), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=users&action=settings');
break;
default:
// manage users view
// set default iDisplayLength
if (Params::getParam('iDisplayLength') == '') {
Params::setParam('iDisplayLength', 10);
}
$p_iPage = 1;
if (is_numeric(Params::getParam('iPage')) && Params::getParam('iPage') >= 1) {
$p_iPage = Params::getParam('iPage');
}
Params::setParam('iPage', $p_iPage);
$this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength'));
$this->_exportVariableToView('sSearch', Params::getParam('sSearch'));
require_once osc_admin_base_path() . 'ajax/users_processing.php';
$users_processing = new UsersProcessingAjax(Params::getParamsAsArray("get"));
$aData = $users_processing->result();
$page = (int) Params::getParam('iPage');
if (count($aData['aaData']) == 0 && $page != 1) {
$total = (int) $aData['iTotalDisplayRecords'];
$maxPage = ceil($total / (int) $aData['iDisplayLength']);
$url = osc_admin_base_url(true) . '?' . $_SERVER['QUERY_STRING'];
if ($maxPage == 0) {
$url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url);
$this->redirectTo($url);
}
if ($page > 1) {
$url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url);
$this->redirectTo($url);
}
}
$this->_exportVariableToView('aUsers', $aData);
$this->_exportVariableToView('locales', OSCLocale::newInstance()->listAllEnabled());
$this->doView("users/index.php");
break;
}
}
function doModel()
{
switch ($this->action) {
case 'dashboard':
//dashboard...
$max_items = Params::getParam('max_items') != '' ? Params::getParam('max_items') : 5;
$aItems = Item::newInstance()->findByUserIDEnabled(osc_logged_user_id(), 0, $max_items);
//calling the view...
$this->_exportVariableToView('items', $aItems);
$this->_exportVariableToView('max_items', $max_items);
$this->doView('user-dashboard.php');
break;
case 'profile':
//profile...
$user = User::newInstance()->findByPrimaryKey(osc_logged_user_id());
$aCountries = Country::newInstance()->listAll();
$aRegions = array();
if ($user['fk_c_country_code'] != '') {
$aRegions = Region::newInstance()->findByCountry($user['fk_c_country_code']);
} elseif (count($aCountries) > 0) {
$aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']);
}
$aCities = array();
if ($user['fk_i_region_id'] != '') {
$aCities = City::newInstance()->findByRegion($user['fk_i_region_id']);
} else {
if (count($aRegions) > 0) {
$aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']);
}
}
//calling the view...
$this->_exportVariableToView('countries', $aCountries);
$this->_exportVariableToView('regions', $aRegions);
$this->_exportVariableToView('cities', $aCities);
$this->_exportVariableToView('user', $user);
$this->_exportVariableToView('locales', OSCLocale::newInstance()->listAllEnabled());
$this->doView('user-profile.php');
break;
case 'profile_post':
//profile post...
osc_csrf_check();
$userId = Session::newInstance()->_get('userId');
require_once LIB_PATH . 'osclass/UserActions.php';
$userActions = new UserActions(false);
$success = $userActions->edit($userId);
if ($success == 1 || $success == 2) {
osc_add_flash_ok_message(_m('Your profile has been updated successfully'));
} else {
osc_add_flash_error_message($success);
}
$this->redirectTo(osc_user_profile_url());
break;
case 'alerts':
//alerts
$aAlerts = Alerts::newInstance()->findByUser(Session::newInstance()->_get('userId'), false);
$user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId'));
foreach ($aAlerts as $k => $a) {
$array_conditions = (array) json_decode($a['s_search']);
// $search = Search::newInstance();
$search = new Search();
$search->setJsonAlert($array_conditions);
$search->limit(0, 3);
$aAlerts[$k]['items'] = $search->doSearch();
}
$this->_exportVariableToView('alerts', $aAlerts);
View::newInstance()->_reset('alerts');
$this->_exportVariableToView('user', $user);
$this->doView('user-alerts.php');
break;
case 'change_email':
//change email
$this->doView('user-change_email.php');
break;
case 'change_email_post':
//change email post
osc_csrf_check();
if (!osc_validate_email(Params::getParam('new_email'))) {
osc_add_flash_error_message(_m('The specified e-mail is not valid'));
$this->redirectTo(osc_change_user_email_url());
} else {
$user = User::newInstance()->findByEmail(Params::getParam('new_email'));
if (!isset($user['pk_i_id'])) {
$userEmailTmp = array();
$userEmailTmp['fk_i_user_id'] = Session::newInstance()->_get('userId');
$userEmailTmp['s_new_email'] = Params::getParam('new_email');
UserEmailTmp::newInstance()->insertOrUpdate($userEmailTmp);
$code = osc_genRandomPassword(30);
$date = date('Y-m-d H:i:s');
$userManager = new User();
$userManager->update(array('s_pass_code' => $code, 's_pass_date' => $date, 's_pass_ip' => $_SERVER['REMOTE_ADDR']), array('pk_i_id' => Session::newInstance()->_get('userId')));
$validation_url = osc_change_user_email_confirm_url(Session::newInstance()->_get('userId'), $code);
osc_run_hook('hook_email_new_email', Params::getParam('new_email'), $validation_url);
$this->redirectTo(osc_user_profile_url());
} else {
osc_add_flash_error_message(_m('The specified e-mail is already in use'));
$this->redirectTo(osc_change_user_email_url());
}
}
break;
case 'change_username':
//change username
$this->doView('user-change_username.php');
break;
case 'change_username_post':
//change username
$username = osc_sanitize_username(Params::getParam('s_username'));
osc_run_hook('before_username_change', Session::newInstance()->_get('userId'), $username);
if ($username != '') {
$user = User::newInstance()->findByUsername($username);
if (isset($user['s_username'])) {
osc_add_flash_error_message(_m('The specified username is already in use'));
} else {
if (!osc_is_username_blacklisted($username)) {
User::newInstance()->update(array('s_username' => $username), array('pk_i_id' => Session::newInstance()->_get('userId')));
osc_add_flash_ok_message(_m('The username was updated'));
osc_run_hook('after_username_change', Session::newInstance()->_get('userId'), Params::getParam('s_username'));
$this->redirectTo(osc_user_profile_url());
} else {
osc_add_flash_error_message(_m('The specified username is not valid, it contains some invalid words'));
}
}
} else {
osc_add_flash_error_message(_m('The specified username could not be empty'));
}
$this->redirectTo(osc_change_user_username_url());
break;
case 'change_password':
//change password
$this->doView('user-change_password.php');
break;
case 'change_password_post':
//change password post
osc_csrf_check();
$user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId'));
if (Params::getParam('password', false, false) == '' || Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') {
osc_add_flash_warning_message(_m('Password cannot be blank'));
$this->redirectTo(osc_change_user_password_url());
}
if (!osc_verify_password(Params::getParam('password', false, false), $user['s_password'])) {
osc_add_flash_error_message(_m("Current password doesn't match"));
$this->redirectTo(osc_change_user_password_url());
}
if (!Params::getParam('new_password', false, false)) {
osc_add_flash_error_message(_m("Passwords can't be empty"));
$this->redirectTo(osc_change_user_password_url());
}
if (Params::getParam('new_password', false, false) != Params::getParam('new_password2', false, false)) {
osc_add_flash_error_message(_m("Passwords don't match"));
$this->redirectTo(osc_change_user_password_url());
}
User::newInstance()->update(array('s_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => Session::newInstance()->_get('userId')));
osc_add_flash_ok_message(_m('Password has been changed'));
$this->redirectTo(osc_user_profile_url());
break;
case 'items':
// view items user
$itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 10;
$page = Params::getParam('iPage') > 0 ? Params::getParam('iPage') - 1 : 0;
$itemType = Params::getParam('itemType');
$total_items = Item::newInstance()->countItemTypesByUserID(osc_logged_user_id(), $itemType);
$total_pages = ceil($total_items / $itemsPerPage);
$items = Item::newInstance()->findItemTypesByUserID(osc_logged_user_id(), $page * $itemsPerPage, $itemsPerPage, $itemType);
$this->_exportVariableToView('items', $items);
$this->_exportVariableToView('search_total_pages', $total_pages);
$this->_exportVariableToView('search_total_items', $total_items);
$this->_exportVariableToView('items_per_page', $itemsPerPage);
$this->_exportVariableToView('items_type', $itemType);
$this->_exportVariableToView('search_page', $page);
$this->doView('user-items.php');
break;
case 'activate_alert':
$email = Params::getParam('email');
$secret = Params::getParam('secret');
$result = 0;
if ($email != '' && $secret != '') {
$result = Alerts::newInstance()->activate($email, $secret);
}
if ($result == 1) {
osc_add_flash_ok_message(_m('Alert activated'));
} else {
osc_add_flash_error_message(_m('Oops! There was a problem trying to activate your alert. Please contact an administrator'));
}
$this->redirectTo(osc_base_url());
break;
case 'unsub_alert':
$email = Params::getParam('email');
$secret = Params::getParam('secret');
$id = Params::getParam('id');
$alert = Alerts::newInstance()->findByPrimaryKey($id);
$result = 0;
if (!empty($alert)) {
if ($email == $alert['s_email'] && $secret == $alert['s_secret']) {
$result = Alerts::newInstance()->unsub($id);
}
}
if ($result == 1) {
osc_add_flash_ok_message(_m('Unsubscribed correctly'));
} else {
osc_add_flash_error_message(_m('Oops! There was a problem trying to unsubscribe you. Please contact an administrator'));
}
$this->redirectTo(osc_user_alerts_url());
break;
case 'delete':
$id = Params::getParam('id');
$secret = Params::getParam('secret');
if (osc_is_web_user_logged_in()) {
$user = User::newInstance()->findByPrimaryKey(osc_logged_user_id());
View::newInstance()->_exportVariableToView('user', $user);
if (!empty($user) && osc_logged_user_id() == $id && $secret == $user['s_secret']) {
User::newInstance()->deleteUser(osc_logged_user_id());
Session::newInstance()->_drop('userId');
Session::newInstance()->_drop('userName');
Session::newInstance()->_drop('userEmail');
Session::newInstance()->_drop('userPhone');
Cookie::newInstance()->pop('oc_userId');
Cookie::newInstance()->pop('oc_userSecret');
Cookie::newInstance()->set();
osc_add_flash_ok_message(_m("Your account have been deleted"));
$this->redirectTo(osc_base_url());
} else {
osc_add_flash_error_message(_m("Oops! you can not do that"));
$this->redirectTo(osc_user_dashboard_url());
}
} else {
osc_add_flash_error_message(_m("Oops! you can not do that"));
$this->redirectTo(osc_base_url());
}
break;
}
}
function doModel()
{
switch ($this->action) {
case 'login_post':
//post execution for the login
if (!osc_users_enabled()) {
osc_add_flash_error_message(_m('Users are not enabled'));
$this->redirectTo(osc_base_url());
}
require_once LIB_PATH . 'osclass/UserActions.php';
$user = User::newInstance()->findByEmail(Params::getParam('email'));
$url_redirect = osc_user_dashboard_url();
$page_redirect = '';
if (osc_rewrite_enabled()) {
if (isset($_SERVER['HTTP_REFERER'])) {
$request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $_SERVER['HTTP_REFERER']));
$tmp_ar = explode("?", $request_uri);
$request_uri = $tmp_ar[0];
$rules = Rewrite::newInstance()->listRules();
foreach ($rules as $match => $uri) {
if (preg_match('#' . $match . '#', $request_uri, $m)) {
$request_uri = preg_replace('#' . $match . '#', $uri, $request_uri);
if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) {
$page_redirect = $match[2];
}
break;
}
}
}
} else {
if (preg_match('|[\\?&]page=([^&]+)|', $_SERVER['HTTP_REFERER'] . '&', $match)) {
$page_redirect = $match[1];
}
}
if (Params::getParam('http_referer') != '') {
Session::newInstance()->_setReferer(Params::getParam('http_referer'));
$url_redirect = Params::getParam('http_referer');
} else {
if (Session::newInstance()->_getReferer() != '') {
Session::newInstance()->_setReferer(Session::newInstance()->_getReferer());
$url_redirect = Session::newInstance()->_getReferer();
} else {
if ($page_redirect != '' && $page_redirect != 'login') {
Session::newInstance()->_setReferer($_SERVER['HTTP_REFERER']);
$url_redirect = $_SERVER['HTTP_REFERER'];
}
}
}
if (!$user) {
osc_add_flash_error_message(_m('The username doesn\'t exist'));
$this->redirectTo(osc_user_login_url());
}
if ($user["s_password"] != sha1(Params::getParam('password'))) {
osc_add_flash_error_message(_m('The password is incorrect'));
$this->redirectTo(osc_user_login_url());
}
$uActions = new UserActions(false);
$logged = $uActions->bootstrap_login($user['pk_i_id']);
if ($logged == 0) {
osc_add_flash_error_message(_m('The username doesn\'t exist'));
} else {
if ($logged == 1) {
osc_add_flash_error_message(_m('The user has not been validated yet'));
} else {
if ($logged == 2) {
osc_add_flash_error_message(_m('The user has been suspended'));
} else {
if ($logged == 3) {
if (Params::getParam('remember') == 1) {
//this include contains de osc_genRandomPassword function
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$secret = osc_genRandomPassword();
User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id']));
Cookie::newInstance()->set_expires(osc_time_cookie());
Cookie::newInstance()->push('oc_userId', $user['pk_i_id']);
Cookie::newInstance()->push('oc_userSecret', $secret);
Cookie::newInstance()->set();
}
$this->redirectTo($url_redirect);
} else {
osc_add_flash_error_message(_m('This should never happens'));
}
}
}
}
if (!$user['b_enabled']) {
$this->redirectTo(osc_user_login_url());
}
$this->redirectTo(osc_user_login_url());
break;
case 'recover':
//form to recover the password (in this case we have the form in /gui/)
$this->doView('user-recover.php');
break;
case 'recover_post':
//post execution to recover the password
require_once LIB_PATH . 'osclass/UserActions.php';
// e-mail is incorrect
if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) {
osc_add_flash_error_message(_m('Invalid email address'));
$this->redirectTo(osc_recover_user_password_url());
}
$userActions = new UserActions(false);
$success = $userActions->recover_password();
switch ($success) {
case 0:
// recover ok
osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password'));
$this->redirectTo(osc_base_url());
break;
case 1:
// e-mail does not exist
osc_add_flash_error_message(_m('We were not able to identify you given the information provided'));
$this->redirectTo(osc_recover_user_password_url());
break;
case 2:
// recaptcha wrong
osc_add_flash_error_message(_m('The recaptcha code is wrong'));
$this->redirectTo(osc_recover_user_password_url());
break;
}
break;
case 'forgot':
//form to recover the password (in this case we have the form in /gui/)
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user) {
$this->doView('user-forgot_password.php');
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
$this->redirectTo(osc_base_url());
}
break;
case 'forgot_post':
if (Params::getParam('new_password') == '' || Params::getParam('new_password2') == '') {
osc_add_flash_warning_message(_m('Password cannot be blank'));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user['b_enabled'] == 1) {
if (Params::getParam('new_password') == Params::getParam('new_password2')) {
User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => $_SERVER['REMOTE_ADDR'], 's_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => $user['pk_i_id']));
osc_add_flash_ok_message(_m('The password has been changed'));
$this->redirectTo(osc_user_login_url());
} else {
osc_add_flash_error_message(_m('Error, the password don\'t match'));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
}
$this->redirectTo(osc_base_url());
break;
default:
//login
if (osc_logged_user_id() != '') {
$this->redirectTo(osc_user_dashboard_url());
}
$this->doView('user-login.php');
}
}
function make_userlogin()
{
if (isset($_GET['page'])) {
return;
}
$facebookData = FacebookClassified::newInstance()->selectFacebookData();
$api_id = osc_get_preference('facebook_api_id', 'classified');
$api_secret = osc_get_preference('facebook_api_secret', 'classified');
if (isset($_GET['code']) and !empty($_GET['code'])) {
$code = $_GET['code'];
if (!empty($code)) {
$get_access_data = facebookall_get_fb_contents("https://graph.facebook.com/v2.3/oauth/access_token?" . 'client_id=' . $api_id . '&redirect_uri=' . urlencode(osc_base_url()) . '&client_secret=' . $api_secret . '&code=' . urlencode($code));
$access_data = json_decode($get_access_data, true);
}
if (empty($access_data['access_token'])) {
$get_access_data = facebookall_get_fb_contents("https://graph.facebook.com/v2.3/oauth/access_token?" . 'client_id=' . $api_id . '&redirect_uri=' . urlencode(osc_base_url()) . '&client_secret=' . $api_secret . '&code=' . urlencode($code));
$access_data = json_decode($get_access_data, true);
}
if (!empty($access_data['access_token'])) {
$access_token = $access_data['access_token'];
} else {
echo 'Error : Could not get access token please check your app settings for more about this error<br> Or Follow our doc setion <a href="http://sourceaddons.com/documentation">Documentation Section</a>.';
exit;
}
?>
<script>
window.opener.FbAll.parentRedirect({'action' : 'fball', 'fball_access_token' : '<?php
echo $access_token;
?>
'});
window.close();
</script>
<?php
}
if (!empty($_REQUEST['fball_access_token']) and isset($_REQUEST['fball_redirect'])) {
$user_info = json_decode(facebookall_get_fb_contents("https://graph.facebook.com/v2.3/me?access_token=" . $_REQUEST['fball_access_token']));
Session::newInstance()->_set('fb-token', $_REQUEST['fball_access_token']);
$user_data = get_userprofile_data($user_info);
if (!empty($user_data['email']) and !empty($user_data['id'])) {
// Filter username form data.
if (!empty($user_data['name'])) {
$username = $user_data['name'];
} else {
if (!empty($user_data['first_name']) && !empty($user_data['last_name'])) {
$username = $user_data['first_name'] . $user_data['last_name'];
} else {
$user_emailname = explode('@', $user_data['email']);
$username = $user_emailname[0];
}
}
$user_login = $username;
$new_user = false;
$user_id = get_userid($user_data['id']);
if (empty($user_id)) {
//Not Registered As Facebook User
$u_data = User::newInstance()->findByEmail($user_data['email']);
if (!empty($u_data)) {
//Registered As OSClass but not as Facebook User
$user = User::newInstance()->findByEmail($user_data['email']);
insert_facebook_user_data($user['pk_i_id'], $user_data['id']);
} else {
//New User Not Registered as Facebook User And OSClass User
$new_user = true;
register_user($user_data);
}
}
$manager = User::newInstance();
$oscUser = $manager->findByEmail($user_data['email']);
$email = $oscUser['pk_i_id'];
require_once osc_lib_path() . 'osclass/UserActions.php';
$uActions = new UserActions(false);
$logged = $uActions->bootstrap_login($oscUser['pk_i_id']);
// Redirect user.
osc_redirect_to(osc_user_dashboard_url());
/*
if (!empty ($_GET['redirect_to'])) {
$redirect_to = $_GET['redirect_to'];
wp_safe_redirect ($redirect_to);
}
else {
$redirect_to = facebookall_redirect_loggedin_user();
wp_redirect ($redirect_to);
}
exit();
}
*/
}
}
}
function doModel()
{
switch ($this->action) {
case 'register':
//register user
$this->doView('user-register.php');
break;
case 'register_post':
//register user
if (!osc_users_enabled()) {
osc_add_flash_error_message(_m('Users are not enabled'));
$this->redirectTo(osc_base_url());
}
require_once LIB_PATH . 'osclass/UserActions.php';
$userActions = new UserActions(false);
$success = $userActions->add();
switch ($success) {
case 1:
osc_add_flash_ok_message(_m('The user has been created. An activation email has been sent'));
$this->redirectTo(osc_base_url());
break;
case 2:
osc_add_flash_ok_message(_m('Your account has been created successfully'));
$this->doView('user-login.php');
break;
case 3:
osc_add_flash_error_message(_m('The specified e-mail is already in use'));
$this->doView('user-register.php');
break;
case 4:
osc_add_flash_error_message(_m('The reCAPTCHA was not introduced correctly'));
$this->doView('user-register.php');
break;
case 5:
osc_add_flash_error_message(_m('The email is not valid'));
$this->doView('user-register.php');
break;
}
break;
case 'validate':
//validate account
$id = intval(Params::getParam('id'));
$code = Params::getParam('code');
$userManager = new User();
$user = $userManager->findByIdSecret($id, $code);
if ($user) {
if ($user['b_active'] == 0) {
$userManager = new User();
$userManager->update(array('b_active' => '1'), array('pk_i_id' => $id, 's_secret' => $code));
osc_run_hook('hook_email_user_registration', $user);
osc_run_hook('validate_user', $user);
osc_add_flash_ok_message(_m('Your account has been validated'));
// Auto-login
Session::newInstance()->_set('userId', $user['pk_i_id']);
Session::newInstance()->_set('userName', $user['s_name']);
Session::newInstance()->_set('userEmail', $user['s_email']);
$phone = $user['s_phone_mobile'] ? $user['s_phone_mobile'] : $user['s_phone_land'];
Session::newInstance()->_set('userPhone', $phone);
} else {
osc_add_flash_error_message(_m('Your account has already been validated'));
}
} else {
osc_add_flash_error_message(_m('The link is not valid anymore. Sorry for the inconvenience!'));
}
$this->redirectTo(osc_base_url());
break;
}
}
function doModel()
{
switch ($this->action) {
case 'register':
//register user
$this->doView('user-register.php');
break;
case 'register_post':
//register user
osc_csrf_check();
if (!osc_users_enabled()) {
osc_add_flash_error_message(_m('Users are not enabled'));
$this->redirectTo(osc_base_url());
}
osc_run_hook('before_user_register');
$banned = osc_is_banned(Params::getParam('s_email'));
if ($banned == 1) {
osc_add_flash_error_message(_m('Your current email is not allowed'));
$this->redirectTo(osc_register_account_url());
} else {
if ($banned == 2) {
osc_add_flash_error_message(_m('Your current IP is not allowed'));
$this->redirectTo(osc_register_account_url());
}
}
require_once LIB_PATH . 'osclass/UserActions.php';
$userActions = new UserActions(false);
$success = $userActions->add();
switch ($success) {
case 1:
osc_add_flash_ok_message(_m('The user has been created. An activation email has been sent'));
$this->redirectTo(osc_base_url());
break;
case 2:
osc_add_flash_ok_message(_m('Your account has been created successfully'));
$this->doView('user-login.php');
break;
case 3:
osc_add_flash_warning_message(_m('The specified e-mail is already in use'));
$this->doView('user-register.php');
break;
case 4:
osc_add_flash_error_message(_m('The reCAPTCHA was not entered correctly'));
$this->doView('user-register.php');
break;
case 5:
osc_add_flash_warning_message(_m('The email is not valid'));
$this->doView('user-register.php');
break;
case 6:
osc_add_flash_warning_message(_m('The password cannot be empty'));
$this->doView('user-register.php');
break;
case 7:
osc_add_flash_warning_message(_m("Passwords don't match"));
$this->doView('user-register.php');
break;
case 8:
osc_add_flash_warning_message(_m("Username is already taken"));
$this->doView('user-register.php');
break;
case 9:
osc_add_flash_warning_message(_m("The specified username is not valid, it contains some invalid words"));
$this->doView('user-register.php');
break;
}
break;
case 'validate':
//validate account
$id = intval(Params::getParam('id'));
$code = Params::getParam('code');
$userManager = new User();
$user = $userManager->findByIdSecret($id, $code);
if (!$user) {
osc_add_flash_error_message(_m('The link is not valid anymore. Sorry for the inconvenience!'));
$this->redirectTo(osc_base_url());
}
if ($user['b_active'] == 1) {
osc_add_flash_error_message(_m('Your account has already been validated'));
$this->redirectTo(osc_base_url());
}
$userManager = new User();
$userManager->update(array('b_active' => '1'), array('pk_i_id' => $id, 's_secret' => $code));
// Auto-login
Session::newInstance()->_set('userId', $user['pk_i_id']);
Session::newInstance()->_set('userName', $user['s_name']);
Session::newInstance()->_set('userEmail', $user['s_email']);
$phone = $user['s_phone_mobile'] ? $user['s_phone_mobile'] : $user['s_phone_land'];
Session::newInstance()->_set('userPhone', $phone);
osc_run_hook('hook_email_user_registration', $user);
osc_run_hook('validate_user', $user);
osc_add_flash_ok_message(_m('Your account has been validated'));
$this->redirectTo(osc_base_url());
break;
}
}
function doModel()
{
parent::doModel();
//specific things for this class
switch ($this->action) {
case 'create':
// callign create view
$aCountries = array();
$aRegions = array();
$aCities = array();
$aCountries = Country::newInstance()->listAll();
if (isset($aCountries[0]['pk_c_code'])) {
$aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']);
}
if (isset($aRegions[0]['pk_i_id'])) {
$aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']);
}
$this->_exportVariableToView('user', null);
$this->_exportVariableToView('countries', $aCountries);
$this->_exportVariableToView('regions', $aRegions);
$this->_exportVariableToView('cities', $aCities);
$this->_exportVariableToView('locales', OSCLocale::newInstance()->listAllEnabled());
$this->doView("users/frm.php");
break;
case 'create_post':
// creating the user...
require_once LIB_PATH . 'osclass/UserActions.php';
$userActions = new UserActions(true);
$success = $userActions->add();
switch ($success) {
case 1:
osc_add_flash_ok_message(_m('The user has been created. We\'ve sent an activation e-mail'), 'admin');
break;
case 2:
osc_add_flash_ok_message(_m('The user has been created successfully'), 'admin');
break;
case 3:
osc_add_flash_warning_message(_m('Sorry, but that e-mail is already in use'), 'admin');
break;
case 5:
osc_add_flash_warning_message(_m('The specified e-mail is not valid'), 'admin');
break;
case 6:
osc_add_flash_warning_message(_m('Sorry, the password cannot be empty'), 'admin');
break;
case 7:
osc_add_flash_warning_message(_m("Sorry, passwords don't match"), 'admin');
break;
}
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
case 'edit':
// calling the edit view
$aUser = array();
$aCountries = array();
$aRegions = array();
$aCities = array();
$aUser = $this->userManager->findByPrimaryKey(Params::getParam("id"));
$aCountries = Country::newInstance()->listAll();
$aRegions = array();
if ($aUser['fk_c_country_code'] != '') {
$aRegions = Region::newInstance()->findByCountry($aUser['fk_c_country_code']);
} else {
if (count($aCountries) > 0) {
$aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']);
}
}
$aCities = array();
if ($aUser['fk_i_region_id'] != '') {
$aCities = City::newInstance()->findByRegion($aUser['fk_i_region_id']);
} else {
if (count($aRegions) > 0) {
$aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']);
}
}
$this->_exportVariableToView("user", $aUser);
$this->_exportVariableToView("countries", $aCountries);
$this->_exportVariableToView("regions", $aRegions);
$this->_exportVariableToView("cities", $aCities);
$this->_exportVariableToView("locales", OSCLocale::newInstance()->listAllEnabled());
$this->doView("users/frm.php");
break;
case 'edit_post':
// edit post
require_once LIB_PATH . 'osclass/UserActions.php';
$userActions = new UserActions(true);
$success = $userActions->edit(Params::getParam("id"));
switch ($success) {
case 1:
osc_add_flash_error_message(_m('Passwords don\'t match'), 'admin');
break;
case 2:
osc_add_flash_ok_message(_m('The user has been updated and activated'), 'admin');
break;
default:
osc_add_flash_ok_message(_m('The user has been updated'), 'admin');
break;
}
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
case 'activate':
//activate
require_once LIB_PATH . 'osclass/UserActions.php';
$iUpdated = 0;
$userId = Params::getParam('id');
if (!is_array($userId)) {
osc_add_flash_error_message(_m('User id isn\'t in the correct format'), 'admin');
}
$userActions = new UserActions(true);
foreach ($userId as $id) {
$iUpdated += $userActions->activate($id);
}
switch ($iUpdated) {
case 0:
$msg = _m('No user has been activated');
break;
case 1:
$msg = _m('One user has been activated');
break;
default:
$msg = sprintf(_m('%s users have been activated'), $iUpdated);
break;
}
osc_add_flash_ok_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
case 'deactivate':
//deactivate
require_once LIB_PATH . 'osclass/UserActions.php';
$iUpdated = 0;
$userId = Params::getParam('id');
if (!is_array($userId)) {
osc_add_flash_error_message(_m('User id isn\'t in the correct format'), 'admin');
}
$userActions = new UserActions(true);
foreach ($userId as $id) {
$iUpdated += $userActions->deactivate($id);
}
switch ($iUpdated) {
case 0:
$msg = _m('No user has been deactivated');
break;
case 1:
$msg = _m('One user has been deactivated');
break;
default:
$msg = sprintf(_m('%s users have been deactivated'), $iUpdated);
break;
}
osc_add_flash_ok_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
case 'enable':
require_once LIB_PATH . 'osclass/UserActions.php';
$iUpdated = 0;
$userId = Params::getParam('id');
if (!is_array($userId)) {
osc_add_flash_error_message(_m('User id isn\'t in the correct format'), 'admin');
}
$userActions = new UserActions(true);
foreach ($userId as $id) {
$iUpdated += $userActions->enable($id);
}
switch ($iUpdated) {
case 0:
$msg = _m('No user has been enabled');
break;
case 1:
$msg = _m('One user has been enabled');
break;
default:
$msg = sprintf(_m('%s users have been enabled'), $iUpdated);
break;
}
osc_add_flash_ok_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
case 'disable':
require_once LIB_PATH . 'osclass/UserActions.php';
$iUpdated = 0;
$userId = Params::getParam('id');
if (!is_array($userId)) {
osc_add_flash_error_message(_m('User id isn\'t in the correct format'), 'admin');
}
$userActions = new UserActions(true);
foreach ($userId as $id) {
$iUpdated += $userActions->disable($id);
}
switch ($iUpdated) {
case 0:
$msg = _m('No user has been disabled');
break;
case 1:
$msg = _m('One user has been disabled');
break;
default:
$msg = sprintf(_m('%s users have been disabled'), $iUpdated);
break;
}
osc_add_flash_ok_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
case 'delete':
//delete
$iDeleted = 0;
$userId = Params::getParam('id');
if (!is_array($userId)) {
osc_add_flash_error_message(_m('User id isn\'t in the correct format'), 'admin');
}
foreach ($userId as $id) {
$user = $this->userManager->findByPrimaryKey($id);
Log::newInstance()->insertLog('user', 'delete', $id, $user['s_email'], 'admin', osc_logged_admin_id());
if ($this->userManager->deleteUser($id)) {
$iDeleted++;
}
}
switch ($iDeleted) {
case 0:
$msg = _m('No user has been deleted');
break;
case 1:
$msg = _m('One user has been deleted');
break;
default:
$msg = sprintf(_m('%s users have been deleted'), $iDeleted);
break;
}
osc_add_flash_ok_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
case 'settings':
// calling the users settings view
$this->doView('users/settings.php');
break;
case 'settings_post':
// updating users
$iUpdated = 0;
$enabledUserValidation = Params::getParam('enabled_user_validation');
$enabledUserValidation = $enabledUserValidation != '' ? true : false;
$enabledUserRegistration = Params::getParam('enabled_user_registration');
$enabledUserRegistration = $enabledUserRegistration != '' ? true : false;
$enabledUsers = Params::getParam('enabled_users');
$enabledUsers = $enabledUsers != '' ? true : false;
$notifyNewUser = Params::getParam('notify_new_user');
$notifyNewUser = $notifyNewUser != '' ? true : false;
$iUpdated += Preference::newInstance()->update(array('s_value' => $enabledUserValidation), array('s_name' => 'enabled_user_validation'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $enabledUserRegistration), array('s_name' => 'enabled_user_registration'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $enabledUsers), array('s_name' => 'enabled_users'));
$iUpdated += Preference::newInstance()->update(array('s_value' => $notifyNewUser), array('s_name' => 'notify_new_user'));
if ($iUpdated > 0) {
osc_add_flash_ok_message(_m('Users\' settings have been updated'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=users&action=settings');
break;
default:
// manage users view
$aUsers = $this->userManager->listAll();
$this->_exportVariableToView("users", $aUsers);
$this->doView("users/index.php");
break;
}
}
function doModel()
{
switch ($this->action) {
case 'dashboard':
//dashboard...
$max_items = Params::getParam('max_items') != '' ? Params::getParam('max_items') : 5;
$aItems = Item::newInstance()->findByUserID(Session::newInstance()->_get('userId'), 0, $max_items);
//Item::newInstance()->listWhere("fk_i_user_id = ".Session::newInstance()->_get('userId'));
//calling the view...
$this->_exportVariableToView('items', $aItems);
$this->_exportVariableToView('max_items', $max_items);
$this->doView('user-dashboard.php');
break;
case 'profile':
//profile...
$user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId'));
$aCountries = Country::newInstance()->listAll();
$aRegions = array();
if ($user['fk_c_country_code'] != '') {
$aRegions = Region::newInstance()->getByCountry($user['fk_c_country_code']);
} elseif (count($aCountries) > 0) {
$aRegions = Region::newInstance()->getByCountry($aCountries[0]['pk_c_code']);
}
$aCities = array();
if ($user['fk_i_region_id'] != '') {
$aCities = City::newInstance()->listWhere("fk_i_region_id = %d", $user['fk_i_region_id']);
} else {
if (count($aRegions) > 0) {
$aCities = City::newInstance()->listWhere("fk_i_region_id = %d", $aRegions[0]['pk_i_id']);
}
}
//calling the view...
$this->_exportVariableToView('countries', $aCountries);
$this->_exportVariableToView('regions', $aRegions);
$this->_exportVariableToView('cities', $aCities);
$this->_exportVariableToView('user', $user);
$this->doView('user-profile.php');
break;
case 'profile_post':
//profile post...
$userId = Session::newInstance()->_get('userId');
require_once LIB_PATH . 'osclass/UserActions.php';
$userActions = new UserActions(false);
$success = $userActions->edit($userId);
// This has been moved to special area (only password changes)
/*if( $success == 1 ) {
osc_add_flash_message( _m('Passwords don\'t match') ) ;
} else {*/
osc_add_flash_message(_m('Your profile has been updated successfully'));
//}
$this->redirectTo(osc_user_profile_url());
break;
case 'alerts':
//alerts
$aAlerts = Alerts::newInstance()->getAlertsFromUser(Session::newInstance()->_get('userId'));
$user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId'));
foreach ($aAlerts as $k => $a) {
$search = osc_unserialize(base64_decode($a['s_search']));
$search->limit(0, 3);
$aAlerts[$k]['items'] = $search->doSearch();
}
$this->_exportVariableToView('alerts', $aAlerts);
View::newInstance()->_reset('alerts');
$this->_exportVariableToView('user', $user);
$this->doView('user-alerts.php');
break;
case 'change_email':
//change email
$this->doView('user-change_email.php');
break;
case 'change_email_post':
//change email post
if (!preg_match("/^[_a-z0-9-\\+]+(\\.[_a-z0-9-\\+]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$/", Params::getParam('new_email'))) {
osc_add_flash_message(_m('The specified e-mail is not valid'));
$this->redirectTo(osc_change_user_email_url());
} else {
$user = User::newInstance()->findByEmail(Params::getParam('new_email'));
if (!isset($user['pk_i_id'])) {
if (osc_user_validation_enabled()) {
$userEmailTmp = array();
$userEmailTmp['fk_i_user_id'] = Session::newInstance()->_get('userId');
$userEmailTmp['s_new_email'] = Params::getParam('new_email');
UserEmailTmp::newInstance()->insertOrUpdate($userEmailTmp);
$code = osc_genRandomPassword(30);
$date = date('Y-m-d H:i:s');
$userManager = new User();
$userManager->update(array('s_pass_code' => $code, 's_pass_date' => $date, 's_pass_ip' => $_SERVER['REMOTE_ADDR']), array('pk_i_id' => Session::newInstance()->_get('userId')));
$locale = osc_current_user_locale();
$aPage = Page::newInstance()->findByInternalName('email_new_email');
if (isset($aPage['locale'][$locale]['s_title'])) {
$content = $aPage['locale'][$locale];
} else {
$content = current($aPage['locale']);
}
if (!is_null($content)) {
$validation_url = osc_change_user_email_confirm_url(Session::newInstance()->_get('userId'), $code);
$words = array();
$words[] = array('{USER_NAME}', '{USER_EMAIL}', '{WEB_URL}', '{WEB_TITLE}', '{VALIDATION_LINK}', '{VALIDATION_URL}');
$words[] = array(Session::newInstance()->_get('userName'), Params::getParam('new_email'), osc_base_url(), osc_page_title(), '<a href="' . $validation_url . '" >' . $validation_url . '</a>', $validation_url);
$title = osc_mailBeauty($content['s_title'], $words);
$body = osc_mailBeauty($content['s_text'], $words);
$params = array('subject' => $title, 'to' => Params::getParam('new_email'), 'to_name' => Session::newInstance()->_get('userName'), 'body' => $body, 'alt_body' => $body);
osc_sendMail($params);
osc_add_flash_message(_m('We have sent you an e-mail. Follow the instructions to validate the changes'));
} else {
osc_add_flash_message(_m('We tried to sent you an e-mail, but it failed. Please, contact the administrator'));
}
$this->redirectTo(osc_user_profile_url());
} else {
User::newInstance()->update(array('s_email' => Params::getParam('new_email')), array('pk_i_id' => Params::getParam('userId')));
osc_add_flash_message(_m('Your email has been changed successfully'));
$this->redirectTo(osc_user_profile_url());
}
} else {
osc_add_flash_message(_m('The specified e-mail is already in use'));
$this->redirectTo(osc_change_user_email_url());
}
}
break;
case 'change_password':
//change password
$this->doView('user-change_password.php');
break;
case 'change_password_post':
//change password post
$user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId'));
if ($user['s_password'] != sha1(Params::getParam('password'))) {
osc_add_flash_message(_m('Current password doesn\'t match'));
$this->redirectTo(osc_change_user_password_url());
} elseif (!Params::getParam('new_password')) {
osc_add_flash_message(_m('Passwords can\'t be empty'));
$this->redirectTo(osc_change_user_password_url());
} elseif (Params::getParam('new_password') != Params::getParam('new_password2')) {
osc_add_flash_message(_m('Passwords don\'t match'));
$this->redirectTo(osc_change_user_password_url());
}
User::newInstance()->update(array('s_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => Session::newInstance()->_get('userId')));
osc_add_flash_message(_m('Password has been changed'));
$this->redirectTo(osc_user_profile_url());
break;
case 'items':
// view items user
$itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 5;
$page = Params::getParam('iPage') != '' ? Params::getParam('iPage') : 0;
$total_items = Item::newInstance()->countByUserID($_SESSION['userId']);
$total_pages = ceil($total_items / $itemsPerPage);
$items = Item::newInstance()->findByUserID($_SESSION['userId'], $page * $itemsPerPage, $itemsPerPage);
$this->_exportVariableToView('items', $items);
$this->_exportVariableToView('list_total_pages', $total_pages);
$this->_exportVariableToView('list_total_items', $total_items);
$this->_exportVariableToView('items_per_page', $itemsPerPage);
$this->_exportVariableToView('list_page', $page);
$this->doView('user-items.php');
break;
case 'unsub_alert':
$email = Params::getParam('email');
$alert = Params::getParam('alert');
if ($email != '' && $alert != '') {
Alerts::newInstance()->delete(array('s_email' => $email, 's_search' => $alert));
osc_add_flash_message(__('Unsubscribed correctly.'));
} else {
osc_add_flash_message(__('Ops! There was a problem trying to unsubscribe you. Please contact the administrator.'));
}
$this->redirectTo(osc_user_alerts_url());
break;
}
}
if (@$j->ok && $ok_message && (!$ok_message_optional || !@$j->warnings)) {
$Conf->confirmMsg($ok_message);
}
}
if ($Me->privChair && @$_REQUEST["modifygo"] && check_post() && isset($papersel)) {
if (@$_REQUEST["modifytype"] == "disableaccount") {
modify_confirm(UserActions::disable($papersel, $Me), "Accounts disabled.", true);
} else {
if (@$_REQUEST["modifytype"] == "enableaccount") {
modify_confirm(UserActions::enable($papersel, $Me), "Accounts enabled.", true);
} else {
if (@$_REQUEST["modifytype"] == "resetpassword") {
modify_confirm(UserActions::reset_password($papersel, $Me), "Passwords reset. <a href=\"" . hoturl_post("users", "t=" . urlencode($_REQUEST["t"]) . "&modifygo=1&modifytype=sendaccount&pap=" . join("+", $papersel)) . "\">Send account information to those accounts</a>", false);
} else {
if (@$_REQUEST["modifytype"] == "sendaccount") {
modify_confirm(UserActions::send_account_info($papersel, $Me), "Account information sent.", false);
}
}
}
}
redirectSelf(array("modifygo" => null, "modifytype" => null));
}
function do_tags()
{
global $Conf, $Me, $papersel;
// check tags
$tagger = new Tagger($Me);
$t1 = array();
$errors = array();
foreach (preg_split('/[\\s,]+/', (string) @$_REQUEST["tag"]) as $t) {
if ($t === "") {
}
if (isset($_REQUEST["redirect"])) {
go(hoturl("index"));
} else {
if ($newProfile) {
$Conf->save_session("profile_redirect", $cj);
}
redirectSelf();
}
}
} else {
if (isset($_REQUEST["merge"]) && !$newProfile && $Acct->contactId == $Me->contactId) {
go(hoturl("mergeaccounts"));
} else {
if (isset($_REQUEST["clickthrough"])) {
UserActions::save_clickthrough($Acct);
}
}
}
}
}
}
function databaseTracks($who)
{
global $Conf;
$tracks = (object) array("soleAuthor" => array(), "author" => array(), "review" => array(), "comment" => array());
// find authored papers
$result = $Conf->qe("select Paper.paperId, count(pc.contactId)\n from Paper\n join PaperConflict c on (c.paperId=Paper.paperId and c.contactId={$who} and c.conflictType>=" . CONFLICT_AUTHOR . ")\n join PaperConflict pc on (pc.paperId=Paper.paperId and pc.conflictType>=" . CONFLICT_AUTHOR . ")\n group by Paper.paperId order by Paper.paperId");
while ($row = edb_row($result)) {
if ($row[1] == 1) {
$tracks->soleAuthor[] = $row[0];
function doModel()
{
switch ($this->action) {
case 'register':
//register user
$this->doView('user-register.php');
break;
case 'register_post':
//register user
require_once LIB_PATH . 'osclass/UserActions.php';
$userActions = new UserActions(false);
$success = $userActions->add();
switch ($success) {
case 1:
osc_add_flash_message(_m('The user has been created. An activation email has been sent'));
$this->redirectTo(osc_base_url());
break;
case 2:
osc_add_flash_message(_m('Your account has been created successfully'));
$this->doView('user-login.php');
break;
case 3:
osc_add_flash_message(_m('The specified e-mail is already in use'));
$this->doView('user-register.php');
break;
case 4:
osc_add_flash_message(_m('The reCAPTCHA was not introduced correctly'));
$this->doView('user-register.php');
break;
}
break;
case 'validate':
//validate account
$id = intval(Params::getParam('id'));
$code = Params::getParam('code');
$userManager = new User();
$user = $userManager->findByIdSecret($id, $code);
if ($user) {
if (!$user['b_enabled']) {
$userManager = new User();
$userManager->update(array('b_enabled' => '1'), array('pk_i_id' => $id, 's_secret' => $code));
$pageManager = new Page();
$locale = osc_current_user_locale();
$aPage = $pageManager->findByInternalName('email_user_registration');
$content = array();
if (isset($aPage['locale'][$locale]['s_title'])) {
$content = $aPage['locale'][$locale];
} else {
$content = current($aPage['locale']);
}
if (!is_null($content)) {
$words = array();
$words[] = array('{USER_NAME}', '{USER_EMAIL}', '{WEB_TITLE}', '{WEB_URL}');
$words[] = array($user['s_name'], $user['s_email'], osc_page_title(), osc_base_url());
$title = osc_mailBeauty($content['s_title'], $words);
$body = osc_mailBeauty($content['s_text'], $words);
$emailParams = array('subject' => $title, 'to' => $user['s_email'], 'to_name' => $user['s_name'], 'body' => $body, 'alt_body' => $body);
osc_sendMail($emailParams);
}
osc_run_hook('validate_user', $user);
osc_add_flash_message(_m('Your account has been validated'));
// Auto-login
Session::newInstance()->_set('userId', $user['pk_i_id']);
Session::newInstance()->_set('userName', $user['s_name']);
Session::newInstance()->_set('userEmail', $user['s_email']);
$phone = $user['s_phone_mobile'] ? $user['s_phone_mobile'] : $user['s_phone_land'];
Session::newInstance()->_set('userPhone', $phone);
} else {
osc_add_flash_message(_m('Your account has already been activated'));
}
} else {
osc_add_flash_message(_m('The link is not valid anymore. Sorry for the inconvenience!'));
}
$this->redirectTo(osc_base_url());
break;
}
}
*/
$allowed_levels = array(9);
require_once 'sys.includes.php';
if (!check_for_admin()) {
return;
}
$active_nav = 'users';
$page_title = __('Add system user', 'cftp_admin');
include 'header.php';
/**
* Set checkboxes as 1 to defaul them to checked when first entering
* the form
*/
$add_user_data_active = 1;
if ($_POST) {
$new_user = new UserActions();
/**
* Clean the posted form values to be used on the user actions,
* and again on the form if validation failed.
*/
$add_user_data_name = encode_html($_POST['add_user_form_name']);
$add_user_data_email = encode_html($_POST['add_user_form_email']);
$add_user_data_level = encode_html($_POST['add_user_form_level']);
$add_user_data_user = encode_html($_POST['add_user_form_user']);
$add_user_data_active = isset($_POST["add_user_form_active"]) ? 1 : 0;
/** Arguments used on validation and user creation. */
$new_arguments = array('id' => '', 'username' => $add_user_data_user, 'password' => $_POST['add_user_form_pass'], 'name' => $add_user_data_name, 'email' => $add_user_data_email, 'role' => $add_user_data_level, 'active' => $add_user_data_active, 'type' => 'new_user');
/** Validate the information from the posted form. */
$new_validate = $new_user->validate_user($new_arguments);
/** Create the user if validation is correct. */
if ($new_validate == 1) {
function doModel()
{
parent::doModel();
//specific things for this class
switch ($this->action) {
case 'create':
// calling create view
$aRegions = array();
$aCities = array();
$aCountries = Country::newInstance()->listAll();
if (isset($aCountries[0]['pk_c_code'])) {
$aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']);
}
if (isset($aRegions[0]['pk_i_id'])) {
$aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']);
}
$this->_exportVariableToView('user', null);
$this->_exportVariableToView('countries', $aCountries);
$this->_exportVariableToView('regions', $aRegions);
$this->_exportVariableToView('cities', $aCities);
$this->_exportVariableToView('locales', OSCLocale::newInstance()->listAllEnabled());
$this->doView("users/frm.php");
break;
case 'create_post':
// creating the user...
osc_csrf_check();
require_once LIB_PATH . 'osclass/UserActions.php';
$userActions = new UserActions(true);
$success = $userActions->add();
switch ($success) {
case 1:
osc_add_flash_ok_message(_m("The user has been created. We've sent an activation e-mail"), 'admin');
break;
case 2:
osc_add_flash_ok_message(_m('The user has been created successfully'), 'admin');
break;
default:
osc_add_flash_error_message($success, 'admin');
break;
}
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
case 'edit':
// calling the edit view
$aUser = $this->userManager->findByPrimaryKey(Params::getParam("id"));
$aCountries = Country::newInstance()->listAll();
$aRegions = array();
if ($aUser['fk_c_country_code'] != '') {
$aRegions = Region::newInstance()->findByCountry($aUser['fk_c_country_code']);
} else {
if (count($aCountries) > 0) {
$aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']);
}
}
$aCities = array();
if ($aUser['fk_i_region_id'] != '') {
$aCities = City::newInstance()->findByRegion($aUser['fk_i_region_id']);
} else {
if (count($aRegions) > 0) {
$aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']);
}
}
$csrf_token = osc_csrf_token_url();
if ($aUser['b_active']) {
$actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=users&action=deactivate&id[]=' . $aUser['pk_i_id'] . '&' . $csrf_token . '&value=INACTIVE">' . __('Deactivate') . '</a>';
} else {
$actions[] = '<a class="btn btn-red float-left" href="' . osc_admin_base_url(true) . '?page=users&action=activate&id[]=' . $aUser['pk_i_id'] . '&' . $csrf_token . '&value=ACTIVE">' . __('Activate') . '</a>';
}
if ($aUser['b_enabled']) {
$actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=users&action=disable&id[]=' . $aUser['pk_i_id'] . '&' . $csrf_token . '&value=DISABLE">' . __('Block') . '</a>';
} else {
$actions[] = '<a class="btn btn-red float-left" href="' . osc_admin_base_url(true) . '?page=users&action=enable&id[]=' . $aUser['pk_i_id'] . '&' . $csrf_token . '&value=ENABLE">' . __('Unblock') . '</a>';
}
$this->_exportVariableToView("actions", $actions);
$this->_exportVariableToView("user", $aUser);
$this->_exportVariableToView("countries", $aCountries);
$this->_exportVariableToView("regions", $aRegions);
$this->_exportVariableToView("cities", $aCities);
$this->_exportVariableToView("locales", OSCLocale::newInstance()->listAllEnabled());
$this->doView("users/frm.php");
break;
case 'edit_post':
// edit post
osc_csrf_check();
require_once LIB_PATH . 'osclass/UserActions.php';
$userActions = new UserActions(true);
$success = $userActions->edit(Params::getParam("id"));
if ($success == 1) {
osc_add_flash_ok_message(_m('The user has been updated'), 'admin');
} else {
if ($success == 2) {
osc_add_flash_ok_message(_m('The user has been updated and activated'), 'admin');
} else {
osc_add_flash_error_message($success);
$this->redirectTo(osc_admin_base_url(true) . '?page=users&action=edit&id=' . Params::getParam('id'));
}
}
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
case 'resend_activation':
//activate
osc_csrf_check();
require_once LIB_PATH . 'osclass/UserActions.php';
$iUpdated = 0;
$userId = Params::getParam('id');
if (!is_array($userId)) {
osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
}
$userActions = new UserActions(true);
foreach ($userId as $id) {
$iUpdated += $userActions->resend_activation($id);
}
if ($iUpdated == 0) {
osc_add_flash_error_message(_m('No users have been selected'), 'admin');
} else {
osc_add_flash_ok_message(sprintf(_mn('Activation email sent to one user', 'Activation email sent to %s users', $iUpdated), $iUpdated), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
case 'activate':
//activate
osc_csrf_check();
require_once LIB_PATH . 'osclass/UserActions.php';
$iUpdated = 0;
$userId = Params::getParam('id');
if (!is_array($userId)) {
osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
}
$userActions = new UserActions(true);
foreach ($userId as $id) {
$iUpdated += $userActions->activate($id);
}
if ($iUpdated == 0) {
$msg = _m('No users have been activated');
} else {
$msg = sprintf(_mn('One user has been activated', '%s users have been activated', $iUpdated), $iUpdated);
}
osc_add_flash_ok_message($msg, 'admin');
$this->redirectTo($_SERVER['HTTP_REFERER']);
break;
case 'deactivate':
//deactivate
osc_csrf_check();
require_once LIB_PATH . 'osclass/UserActions.php';
$iUpdated = 0;
$userId = Params::getParam('id');
if (!is_array($userId)) {
osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
}
$userActions = new UserActions(true);
foreach ($userId as $id) {
$iUpdated += $userActions->deactivate($id);
}
if ($iUpdated == 0) {
$msg = _m('No users have been deactivated');
} else {
$msg = sprintf(_mn('One user has been deactivated', '%s users have been deactivated', $iUpdated), $iUpdated);
}
osc_add_flash_ok_message($msg, 'admin');
$this->redirectTo($_SERVER['HTTP_REFERER']);
break;
case 'enable':
osc_csrf_check();
require_once LIB_PATH . 'osclass/UserActions.php';
$iUpdated = 0;
$userId = Params::getParam('id');
if (!is_array($userId)) {
osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
}
$userActions = new UserActions(true);
foreach ($userId as $id) {
$iUpdated += $userActions->enable($id);
}
if ($iUpdated == 0) {
$msg = _m('No users have been enabled');
} else {
$msg = sprintf(_mn('One user has been unblocked', '%s users have been unblocked', $iUpdated), $iUpdated);
}
osc_add_flash_ok_message($msg, 'admin');
$this->redirectTo($_SERVER['HTTP_REFERER']);
break;
case 'disable':
osc_csrf_check();
require_once LIB_PATH . 'osclass/UserActions.php';
$iUpdated = 0;
$userId = Params::getParam('id');
if (!is_array($userId)) {
osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
}
$userActions = new UserActions(true);
foreach ($userId as $id) {
$iUpdated += $userActions->disable($id);
}
if ($iUpdated == 0) {
$msg = _m('No users have been disabled');
} else {
$msg = sprintf(_mn('One user has been blocked', '%s users have been blocked', $iUpdated), $iUpdated);
}
osc_add_flash_ok_message($msg, 'admin');
$this->redirectTo($_SERVER['HTTP_REFERER']);
break;
case 'delete':
//delete
osc_csrf_check();
$iDeleted = 0;
$userId = Params::getParam('id');
if (!is_array($userId)) {
osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
}
foreach ($userId as $id) {
$user = $this->userManager->findByPrimaryKey($id);
Log::newInstance()->insertLog('user', 'delete', $id, $user['s_email'], 'admin', osc_logged_admin_id());
if ($this->userManager->deleteUser($id)) {
$iDeleted++;
}
}
if ($iDeleted == 0) {
$msg = _m('No users have been deleted');
} else {
$msg = sprintf(_mn('One user has been deleted', '%s users have been deleted', $iDeleted), $iDeleted);
}
osc_add_flash_ok_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
case 'delete_alerts':
//delete
$iDeleted = 0;
$alertId = Params::getParam('alert_id');
if (!is_array($alertId)) {
osc_add_flash_error_message(_m("Alert id isn't in the correct format"), 'admin');
if (Params::getParam('user_id') == '') {
$this->redirectTo(osc_admin_base_url(true) . '?page=users&action=alerts');
} else {
$this->redirectTo(osc_admin_base_url(true) . '?page=users&action=edit&id=' . Params::getParam('user_id'));
}
}
$mAlerts = new Alerts();
foreach ($alertId as $id) {
Log::newInstance()->insertLog('user', 'delete_alerts', $id, $id, 'admin', osc_logged_admin_id());
$iDeleted += $mAlerts->delete(array('pk_i_id' => $id));
}
if ($iDeleted == 0) {
$msg = _m('No alerts have been deleted');
} else {
$msg = sprintf(_mn('One alert has been deleted', '%s alerts have been deleted', $iDeleted), $iDeleted);
}
osc_add_flash_ok_message($msg, 'admin');
if (Params::getParam('user_id') == '') {
$this->redirectTo(osc_admin_base_url(true) . '?page=users&action=alerts');
} else {
$this->redirectTo(osc_admin_base_url(true) . '?page=users&action=edit&id=' . Params::getParam('user_id'));
}
break;
case 'status_alerts':
//delete
$status = Params::getParam("status");
$iUpdated = 0;
$alertId = Params::getParam('alert_id');
if (!is_array($alertId)) {
osc_add_flash_error_message(_m("Alert id isn't in the correct format"), 'admin');
if (Params::getParam('user_id') == '') {
$this->redirectTo(osc_admin_base_url(true) . '?page=users&action=alerts');
} else {
$this->redirectTo(osc_admin_base_url(true) . '?page=users&action=edit&id=' . Params::getParam('user_id'));
}
}
$mAlerts = new Alerts();
foreach ($alertId as $id) {
if ($status == 1) {
$iUpdated += $mAlerts->activate($id);
} else {
$iUpdated += $mAlerts->deactivate($id);
}
}
if ($status == 1) {
if ($iUpdated == 0) {
$msg = _m('No alerts have been activated');
} else {
$msg = sprintf(_mn('One alert has been activated', '%s alerts have been activated', $iUpdated), $iUpdated);
}
} else {
if ($iUpdated == 0) {
$msg = _m('No alerts have been deactivated');
} else {
$msg = sprintf(_mn('One alert has been deactivated', '%s alerts have been deactivated', $iUpdated), $iUpdated);
}
}
osc_add_flash_ok_message($msg, 'admin');
if (Params::getParam('user_id') == '') {
$this->redirectTo(osc_admin_base_url(true) . '?page=users&action=alerts');
} else {
$this->redirectTo(osc_admin_base_url(true) . '?page=users&action=edit&id=' . Params::getParam('user_id'));
}
break;
case 'settings':
// calling the users settings view
$this->doView('users/settings.php');
break;
case 'settings_post':
// updating users
osc_csrf_check();
$iUpdated = 0;
$enabledUserValidation = Params::getParam('enabled_user_validation');
$enabledUserValidation = $enabledUserValidation != '' ? true : false;
$enabledUserRegistration = Params::getParam('enabled_user_registration');
$enabledUserRegistration = $enabledUserRegistration != '' ? true : false;
$enabledUsers = Params::getParam('enabled_users');
$enabledUsers = $enabledUsers != '' ? true : false;
$notifyNewUser = Params::getParam('notify_new_user');
$notifyNewUser = $notifyNewUser != '' ? true : false;
$usernameBlacklistTmp = explode(",", Params::getParam('username_blacklist'));
foreach ($usernameBlacklistTmp as $k => $v) {
$usernameBlacklistTmp[$k] = strtolower(trim($v));
}
$usernameBlacklist = implode(",", $usernameBlacklistTmp);
$iUpdated += osc_set_preference('enabled_user_validation', $enabledUserValidation);
$iUpdated += osc_set_preference('enabled_user_registration', $enabledUserRegistration);
$iUpdated += osc_set_preference('enabled_users', $enabledUsers);
$iUpdated += osc_set_preference('notify_new_user', $notifyNewUser);
$iUpdated += osc_set_preference('username_blacklist', $usernameBlacklist);
if ($iUpdated > 0) {
osc_add_flash_ok_message(_m("User settings have been updated"), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=users&action=settings');
break;
case 'alerts':
// manage alerts view
require_once osc_lib_path() . "osclass/classes/datatables/AlertsDataTable.php";
// set default iDisplayLength
if (Params::getParam('iDisplayLength') != '') {
Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength'));
Cookie::newInstance()->set();
} else {
// set a default value if it's set in the cookie
if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') {
Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength'));
} else {
Params::setParam('iDisplayLength', 10);
}
}
$this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength'));
// Table header order by related
if (Params::getParam('sort') == '') {
Params::setParam('sort', 'date');
}
if (Params::getParam('direction') == '') {
Params::setParam('direction', 'desc');
}
$page = (int) Params::getParam('iPage');
if ($page == 0) {
$page = 1;
}
Params::setParam('iPage', $page);
$params = Params::getParamsAsArray();
$alertsDataTable = new AlertsDataTable();
$alertsDataTable->table($params);
$aData = $alertsDataTable->getData();
if (count($aData['aRows']) == 0 && $page != 1) {
$total = (int) $aData['iTotalDisplayRecords'];
$maxPage = ceil($total / (int) $aData['iDisplayLength']);
$url = osc_admin_base_url(true) . '?' . $_SERVER['QUERY_STRING'];
if ($maxPage == 0) {
$url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url);
$this->redirectTo($url);
}
if ($page > 1) {
$url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url);
$this->redirectTo($url);
}
}
$this->_exportVariableToView('aData', $aData);
$this->_exportVariableToView('aRawRows', $alertsDataTable->rawRows());
$this->doView("users/alerts.php");
break;
case 'ban':
// manage ban rules view
if (Params::getParam("action") != "") {
osc_run_hook("ban_rules_bulk_" . Params::getParam("action"), Params::getParam('id'));
}
require_once osc_lib_path() . "osclass/classes/datatables/BanRulesDataTable.php";
// set default iDisplayLength
if (Params::getParam('iDisplayLength') != '') {
Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength'));
Cookie::newInstance()->set();
} else {
// set a default value if it's set in the cookie
if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') {
Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength'));
} else {
Params::setParam('iDisplayLength', 10);
}
}
$this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength'));
// Table header order by related
if (Params::getParam('sort') == '') {
Params::setParam('sort', 'date');
}
if (Params::getParam('direction') == '') {
Params::setParam('direction', 'desc');
}
$page = (int) Params::getParam('iPage');
if ($page == 0) {
$page = 1;
}
Params::setParam('iPage', $page);
$params = Params::getParamsAsArray();
$banRulesDataTable = new BanRulesDataTable();
$banRulesDataTable->table($params);
$aData = $banRulesDataTable->getData();
if (count($aData['aRows']) == 0 && $page != 1) {
$total = (int) $aData['iTotalDisplayRecords'];
$maxPage = ceil($total / (int) $aData['iDisplayLength']);
$url = osc_admin_base_url(true) . '?' . $_SERVER['QUERY_STRING'];
if ($maxPage == 0) {
$url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url);
$this->redirectTo($url);
}
if ($page > 1) {
$url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url);
$this->redirectTo($url);
}
}
$this->_exportVariableToView('aData', $aData);
$this->_exportVariableToView('aRawRows', $banRulesDataTable->rawRows());
$bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete_ban_rule', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected ban rules?'), strtolower(__('Delete'))), 'label' => __('Delete')));
$bulk_options = osc_apply_filter("ban_rule_bulk_filter", $bulk_options);
$this->_exportVariableToView('bulk_options', $bulk_options);
//calling the view...
$this->doView('users/ban.php');
break;
case 'edit_ban_rule':
$this->_exportVariableToView('rule', BanRule::newInstance()->findByPrimaryKey(Params::getParam('id')));
$this->doView('users/ban_frm.php');
break;
case 'edit_ban_rule_post':
osc_csrf_check();
if (Params::getParam('s_ip') == '' && Params::getParam('s_email') == '') {
osc_add_flash_warning_message(_m("Both rules can not be empty"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban');
}
BanRule::newInstance()->update(array('s_name' => Params::getParam('s_name'), 's_ip' => Params::getParam('s_ip'), 's_email' => strtolower(Params::getParam('s_email'))), array('pk_i_id' => Params::getParam('id')));
osc_add_flash_ok_message(_m('Rule updated correctly'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban');
break;
case 'create_ban_rule':
$this->_exportVariableToView('rule', null);
$this->doView('users/ban_frm.php');
break;
case 'create_ban_rule_post':
osc_csrf_check();
if (Params::getParam('s_ip') == '' && Params::getParam('s_email') == '') {
osc_add_flash_warning_message(_m("Both rules can not be empty"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban');
}
BanRule::newInstance()->insert(array('s_name' => Params::getParam('s_name'), 's_ip' => Params::getParam('s_ip'), 's_email' => strtolower(Params::getParam('s_email'))));
osc_add_flash_ok_message(_m('Rule saved correctly'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban');
break;
case 'delete_ban_rule':
//delete ban rules
osc_csrf_check();
$iDeleted = 0;
$ruleId = Params::getParam('id');
if (!is_array($ruleId)) {
osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban');
}
$ruleMgr = BanRule::newInstance();
foreach ($ruleId as $id) {
if ($ruleMgr->deleteByPrimaryKey($id)) {
$iDeleted++;
}
}
if ($iDeleted == 0) {
$msg = _m('No rules have been deleted');
} else {
$msg = sprintf(_mn('One ban rule has been deleted', '%s ban rules have been deleted', $iDeleted), $iDeleted);
}
osc_add_flash_ok_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban');
break;
default:
// manage users view
if (Params::getParam("action") != "") {
osc_run_hook("user_bulk_" . Params::getParam("action"), Params::getParam('id'));
}
require_once osc_lib_path() . "osclass/classes/datatables/UsersDataTable.php";
// set default iDisplayLength
if (Params::getParam('iDisplayLength') != '') {
Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength'));
Cookie::newInstance()->set();
} else {
// set a default value if it's set in the cookie
if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') {
Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength'));
} else {
Params::setParam('iDisplayLength', 10);
}
}
$this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength'));
// Table header order by related
if (Params::getParam('sort') == '') {
Params::setParam('sort', 'date');
}
if (Params::getParam('direction') == '') {
Params::setParam('direction', 'desc');
}
$page = (int) Params::getParam('iPage');
if ($page == 0) {
$page = 1;
}
Params::setParam('iPage', $page);
$params = Params::getParamsAsArray();
$usersDataTable = new UsersDataTable();
$usersDataTable->table($params);
$aData = $usersDataTable->getData();
if (count($aData['aRows']) == 0 && $page != 1) {
$total = (int) $aData['iTotalDisplayRecords'];
$maxPage = ceil($total / (int) $aData['iDisplayLength']);
$url = osc_admin_base_url(true) . '?' . $_SERVER['QUERY_STRING'];
if ($maxPage == 0) {
$url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url);
$this->redirectTo($url);
}
if ($page > 1) {
$url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url);
$this->redirectTo($url);
}
}
$this->_exportVariableToView('aData', $aData);
$this->_exportVariableToView('withFilters', $usersDataTable->withFilters());
$this->_exportVariableToView('aRawRows', $usersDataTable->rawRows());
$bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'activate', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Activate'))), 'label' => __('Activate')), array('value' => 'deactivate', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Deactivate'))), 'label' => __('Deactivate')), array('value' => 'enable', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Unblock'))), 'label' => __('Unblock')), array('value' => 'disable', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Block'))), 'label' => __('Block')), array('value' => 'delete', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Delete'))), 'label' => __('Delete')));
if (osc_user_validation_enabled()) {
$bulk_options[] = array('value' => 'resend_activation', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Resend the activation to'))), 'label' => __('Resend activation'));
}
$bulk_options = osc_apply_filter("user_bulk_filter", $bulk_options);
$this->_exportVariableToView('bulk_options', $bulk_options);
//calling the view...
$this->doView('users/index.php');
break;
}
}
$users = edb_first_columns(Dbl::qe_raw("select contactId from ContactInfo where (roles&" . Contact::ROLE_PCLIKE . ")=0 and not extension"));
} else {
if ($_GET["enable_user"] == "extension") {
$users = edb_first_columns(Dbl::qe_raw("select contactId from ContactInfo where (roles&" . Contact::ROLE_PCLIKE . ")=0 and extension"));
} else {
if ($_GET["enable_user"] == "pc") {
$users = edb_first_columns(Dbl::qe_raw("select contactId from ContactInfo where (roles&" . Contact::ROLE_PC . ")!=0"));
} else {
$users = edb_first_columns(Dbl::qe("select contactId from ContactInfo where email like ?", $_GET["enable_user"]));
}
}
}
if (!count($users)) {
$Conf->warnMsg("No users match.");
} else {
UserActions::enable($users, $Me);
redirectSelf();
}
}
$title = !$Me->is_empty() && !isset($_REQUEST["signin"]) ? "Home" : "Sign in";
$Conf->header($title, "home");
$xsep = " <span class='barsep'> | </span> ";
if ($Me->privChair) {
echo "<div id='clock_drift_container'></div>";
}
// Sidebar
echo "<div class='homeside'>";
echo "<noscript><div class='homeinside'>", "<strong>HotCRP requires Javascript.</strong> ", "Many features will work without Javascript, but not all.<br />", "<a style='font-size:smaller' href='http://read.seas.harvard.edu/~kohler/hotcrp/'>Report bad compatibility problems</a></div></noscript>";
// Conference management
if ($Me->privChair) {
echo "<div id='homemgmt' class='homeinside'>\n <h4>Administration</h4>\n <ul>\n <!-- <li><a href='", hoturl("settings"), "'>Settings</a></li>\n <li><a href='", hoturl("users", "t=all"), "'>Users</a></li> -->\n <li><a href='", hoturl("mail"), "'>Send mail</a></li>\n <li><a href='", hoturl_post("index", "report=nonanonymous"), "'>Overall grade report</a></li>\n <!-- <li><a href='", hoturl("log"), "'>Action log</a></li> -->\n </ul>\n</div>\n";
function doModel()
{
switch ($this->action) {
case 'dashboard':
//dashboard...
$max_items = Params::getParam('max_items') != '' ? Params::getParam('max_items') : 5;
$aItems = Item::newInstance()->findByUserIDEnabled(Session::newInstance()->_get('userId'), 0, $max_items);
//calling the view...
$this->_exportVariableToView('items', $aItems);
$this->_exportVariableToView('max_items', $max_items);
$this->doView('user-dashboard.php');
break;
case 'profile':
//profile...
$user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId'));
$aCountries = Country::newInstance()->listAll();
$aRegions = array();
if ($user['fk_c_country_code'] != '') {
$aRegions = Region::newInstance()->findByCountry($user['fk_c_country_code']);
} elseif (count($aCountries) > 0) {
$aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']);
}
$aCities = array();
if ($user['fk_i_region_id'] != '') {
$aCities = City::newInstance()->findByRegion($user['fk_i_region_id']);
} else {
if (count($aRegions) > 0) {
$aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']);
}
}
//calling the view...
$this->_exportVariableToView('countries', $aCountries);
$this->_exportVariableToView('regions', $aRegions);
$this->_exportVariableToView('cities', $aCities);
$this->_exportVariableToView('user', $user);
$this->doView('user-profile.php');
break;
case 'profile_post':
//profile post...
$userId = Session::newInstance()->_get('userId');
require_once LIB_PATH . 'osclass/UserActions.php';
$userActions = new UserActions(false);
$success = $userActions->edit($userId);
osc_add_flash_ok_message(_m('Your profile has been updated successfully'));
$this->redirectTo(osc_user_profile_url());
break;
case 'alerts':
//alerts
$aAlerts = Alerts::newInstance()->findByUser(Session::newInstance()->_get('userId'));
$user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId'));
foreach ($aAlerts as $k => $a) {
$search = osc_unserialize(base64_decode($a['s_search']));
$search->limit(0, 3);
$aAlerts[$k]['items'] = $search->doSearch();
}
$this->_exportVariableToView('alerts', $aAlerts);
View::newInstance()->_reset('alerts');
$this->_exportVariableToView('user', $user);
$this->doView('user-alerts.php');
break;
case 'change_email':
//change email
$this->doView('user-change_email.php');
break;
case 'change_email_post':
//change email post
if (!preg_match("/^[_a-z0-9-\\+]+(\\.[_a-z0-9-\\+]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$/", Params::getParam('new_email'))) {
osc_add_flash_error_message(_m('The specified e-mail is not valid'));
$this->redirectTo(osc_change_user_email_url());
} else {
$user = User::newInstance()->findByEmail(Params::getParam('new_email'));
if (!isset($user['pk_i_id'])) {
$userEmailTmp = array();
$userEmailTmp['fk_i_user_id'] = Session::newInstance()->_get('userId');
$userEmailTmp['s_new_email'] = Params::getParam('new_email');
UserEmailTmp::newInstance()->insertOrUpdate($userEmailTmp);
$code = osc_genRandomPassword(30);
$date = date('Y-m-d H:i:s');
$userManager = new User();
$userManager->update(array('s_pass_code' => $code, 's_pass_date' => $date, 's_pass_ip' => $_SERVER['REMOTE_ADDR']), array('pk_i_id' => Session::newInstance()->_get('userId')));
$validation_url = osc_change_user_email_confirm_url(Session::newInstance()->_get('userId'), $code);
osc_run_hook('hook_email_new_email', Params::getParam('new_email'), $validation_url);
$this->redirectTo(osc_user_profile_url());
} else {
osc_add_flash_error_message(_m('The specified e-mail is already in use'));
$this->redirectTo(osc_change_user_email_url());
}
}
break;
case 'change_password':
//change password
$this->doView('user-change_password.php');
break;
case 'change_password_post':
//change password post
$user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId'));
if (Params::getParam('password') == '' || Params::getParam('new_password') == '' || Params::getParam('new_password2') == '') {
osc_add_flash_warning_message(_m('Password cannot be blank'));
$this->redirectTo(osc_change_user_password_url());
}
if ($user['s_password'] != sha1(Params::getParam('password'))) {
osc_add_flash_error_message(_m('Current password doesn\'t match'));
$this->redirectTo(osc_change_user_password_url());
}
if (!Params::getParam('new_password')) {
osc_add_flash_error_message(_m('Passwords can\'t be empty'));
$this->redirectTo(osc_change_user_password_url());
}
if (Params::getParam('new_password') != Params::getParam('new_password2')) {
osc_add_flash_error_message(_m('Passwords don\'t match'));
$this->redirectTo(osc_change_user_password_url());
}
User::newInstance()->update(array('s_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => Session::newInstance()->_get('userId')));
osc_add_flash_ok_message(_m('Password has been changed'));
$this->redirectTo(osc_user_profile_url());
break;
case 'items':
// view items user
$itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 5;
$page = Params::getParam('iPage') != '' ? Params::getParam('iPage') : 0;
$total_items = Item::newInstance()->countByUserIDEnabled($_SESSION['userId']);
$total_pages = ceil($total_items / $itemsPerPage);
$items = Item::newInstance()->findByUserIDEnabled($_SESSION['userId'], $page * $itemsPerPage, $itemsPerPage);
$this->_exportVariableToView('items', $items);
$this->_exportVariableToView('list_total_pages', $total_pages);
$this->_exportVariableToView('list_total_items', $total_items);
$this->_exportVariableToView('items_per_page', $itemsPerPage);
$this->_exportVariableToView('list_page', $page);
$this->doView('user-items.php');
break;
case 'activate_alert':
$email = Params::getParam('email');
$secret = Params::getParam('secret');
$result = 0;
if ($email != '' && $secret != '') {
$result = Alerts::newInstance()->activate($email, $secret);
}
if ($result == 1) {
osc_add_flash_ok_message(_m('Alert activated'));
} else {
osc_add_flash_error_message(_m('Ops! There was a problem trying to activate alert. Please contact the administrator'));
}
$this->redirectTo(osc_base_url(true));
break;
case 'unsub_alert':
$email = Params::getParam('email');
$secret = Params::getParam('secret');
if ($email != '' && $secret != '') {
Alerts::newInstance()->delete(array('s_email' => $email, 's_secret' => $secret));
osc_add_flash_ok_message(_m('Unsubscribed correctly'));
} else {
osc_add_flash_error_message(_m('Ops! There was a problem trying to unsubscribe you. Please contact the administrator'));
}
$this->redirectTo(osc_user_alerts_url());
break;
case 'deleteResource':
$id = Params::getParam('id');
$name = Params::getParam('name');
$fkid = Params::getParam('fkid');
osc_deleteResource($id);
ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $fkid, 's_name' => $name));
$this->redirectTo(osc_base_url(true) . "?page=item&action=item_edit&id=" . $fkid);
break;
}
}
function doModel()
{
parent::doModel();
//specific things for this class
switch ($this->action) {
case 'create':
// callign create view
$aCountries = array();
$aRegions = array();
$aCities = array();
$aCountries = Country::newInstance()->listAll();
if (isset($aCountries[0]['pk_c_code'])) {
$aRegions = Region::newInstance()->getByCountry($aCountries[0]['pk_c_code']);
}
if (isset($aRegions[0]['pk_i_id'])) {
$aCities = City::newInstance()->listWhere("fk_i_region_id = %d", $aRegions[0]['pk_i_id']);
}
$this->_exportVariableToView("user", null);
$this->_exportVariableToView("countries", $aCountries);
$this->_exportVariableToView("regions", $aRegions);
$this->_exportVariableToView("cities", $aCities);
$this->_exportVariableToView("locales", OSCLocale::newInstance()->listAllEnabled());
$this->doView("users/frm.php");
break;
case 'create_post':
// creating the user...
require_once LIB_PATH . 'osclass/UserActions.php';
$userActions = new UserActions(true);
$success = $userActions->add();
switch ($success) {
case 1:
osc_add_flash_message(_m('The user has been created. We\'ve sent an activation e-mail'), 'admin');
break;
case 2:
osc_add_flash_message(_m('The user has been created and activated'), 'admin');
break;
case 3:
osc_add_flash_message(_m('Sorry, but that e-mail is already in use'), 'admin');
break;
}
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
case 'edit':
// calling the edit view
$aUser = array();
$aCountries = array();
$aRegions = array();
$aCities = array();
$aUser = $this->userManager->findByPrimaryKey(Params::getParam("id"));
$aCountries = Country::newInstance()->listAll();
$aRegions = array();
if ($aUser['fk_c_country_code'] != '') {
$aRegions = Region::newInstance()->getByCountry($aUser['fk_c_country_code']);
} else {
if (count($aCountries) > 0) {
$aRegions = Region::newInstance()->getByCountry($aCountries[0]['pk_c_code']);
}
}
$aCities = array();
if ($aUser['fk_i_region_id'] != '') {
$aCities = City::newInstance()->listWhere("fk_i_region_id = %d", $aUser['fk_i_region_id']);
} else {
if (count($aRegions) > 0) {
$aCities = City::newInstance()->listWhere("fk_i_region_id = %d", $aRegions[0]['pk_i_id']);
}
}
$this->_exportVariableToView("user", $aUser);
$this->_exportVariableToView("countries", $aCountries);
$this->_exportVariableToView("regions", $aRegions);
$this->_exportVariableToView("cities", $aCities);
$this->_exportVariableToView("locales", OSCLocale::newInstance()->listAllEnabled());
$this->doView("users/frm.php");
break;
case 'edit_post':
// edit post
require_once LIB_PATH . 'osclass/UserActions.php';
$userActions = new UserActions(true);
$success = $userActions->edit(Params::getParam("id"));
switch ($success) {
case 1:
osc_add_flash_message(_m('Passwords don\'t match'), 'admin');
break;
case 2:
osc_add_flash_message(_m('The user has been updated and activated'), 'admin');
break;
default:
osc_add_flash_message(_m('The user has been updated'), 'admin');
break;
}
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
case 'activate':
//activate
$iUpdated = 0;
$userId = Params::getParam('id');
if (!is_array($userId)) {
osc_add_flash_message(_m('User id isn\'t in the correct format'), 'admin');
}
foreach ($userId as $id) {
$conditions = array('pk_i_id' => $id);
$values = array('b_enabled' => 1);
$iUpdated += $this->userManager->update($values, $conditions);
}
switch ($iUpdated) {
case 0:
$msg = _m('No user has been activated');
break;
case 1:
$msg = _m('One user has been activated');
break;
default:
$msg = sprintf(_m('%s users have been activated'), $iUpdated);
break;
}
osc_add_flash_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
case 'deactivate':
//deactivate
$iUpdated = 0;
$userId = Params::getParam('id');
if (!is_array($userId)) {
osc_add_flash_message(_m('User id isn\'t in the correct format'), 'admin');
}
foreach ($userId as $id) {
$conditions = array('pk_i_id' => $id);
$values = array('b_enabled' => 0);
$iUpdated += $this->userManager->update($values, $conditions);
}
switch ($iUpdated) {
case 0:
$msg = _m('No user has been deactivated');
break;
case 1:
$msg = _m('One user has been deactivated');
break;
default:
$msg = sprintf(_m('%s users have been deactivated'), $iUpdated);
break;
}
osc_add_flash_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
case 'delete':
//delete
$iDeleted = 0;
$userId = Params::getParam('id');
if (!is_array($userId)) {
osc_add_flash_message(_m('User id isn\'t in the correct format'), 'admin');
}
foreach ($userId as $id) {
if ($this->userManager->deleteUser($id)) {
$iDeleted++;
}
}
switch ($iDeleted) {
case 0:
$msg = _m('No user has been deleted');
break;
case 1:
$msg = _m('One user has been deleted');
break;
default:
$msg = sprintf(_m('%s users have been deleted'), $iDeleted);
break;
}
osc_add_flash_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=users');
break;
default:
// manage users view
$aUsers = $this->userManager->listAll();
$this->_exportVariableToView("users", $aUsers);
$this->doView("users/index.php");
break;
}
}
public function init()
{
self::$user = $this->getUser();
if (!osc_is_web_user_logged_in()) {
self::$loginUrl = self::$facebook->getLoginUrl(array('scope' => 'email'));
}
if (!self::$user) {
return self::$facebook;
}
try {
self::$user_profile = self::$facebook->api('/me');
$this->dao->select($this->getFields());
$this->dao->from($this->getTableName());
$this->dao->where('i_facebook_uid', self::$user);
$rs = $this->dao->get();
if ($rs !== false && $rs->numRows() === 1) {
$fbUser = $rs->row();
if (count($fbUser) > 0) {
require_once osc_lib_path() . 'osclass/UserActions.php';
$uActions = new UserActions(false);
$logged = $uActions->bootstrap_login($fbUser['fk_i_user_id']);
switch ($logged) {
case 0:
osc_add_flash_error_message(__('The username doesn\'t exist', 'facebook'));
break;
case 1:
osc_add_flash_error_message(__('The user has not been validated yet', 'facebook'));
break;
case 2:
osc_add_flash_error_message(__('The user has been suspended', 'facebook'));
break;
case 3:
//osc_add_flash_ok_message( __( 'Login successfull', 'facebook' ) );
break;
}
return self::$facebook;
}
}
if (!isset(self::$user_profile['email'])) {
osc_add_flash_error_message(__('Some error occured trying to connect with Facebook.', 'facebook'));
header('Location: ' . self::$logoutUrl);
exit;
}
$manager = User::newInstance();
$oscUser = $manager->findByEmail(self::$user_profile['email']);
// exists on our DB, we merge both accounts
if (count($oscUser) > 0) {
require_once osc_lib_path() . 'osclass/UserActions.php';
$uActions = new UserActions(false);
$manager->dao->from($this->getTableName());
$manager->dao->set('fk_i_user_id', $oscUser['pk_i_id']);
$manager->dao->set('i_facebook_uid', self::$user_profile['id']);
$manager->dao->insert();
osc_add_flash_ok_message(__("You already have an user with this e-mail address. We've merged your accounts", 'facebook'));
// activate user in case is not activated
$manager->update(array('b_active' => '1'), array('pk_i_id' => $oscUser['pk_i_id']));
$logged = $uActions->bootstrap_login($oscUser['pk_i_id']);
} else {
// Auto-register him
$this->register_user(self::$user_profile);
}
// redirect to log in
header('Location: ' . osc_base_url());
exit;
} catch (FacebookApiException $e) {
self::$user = null;
}
return self::$facebook;
}
echo system_message('error', $msg);
}
}
if ($affected_users > 0) {
$msg = __('The selected users were marked as inactive.', 'cftp_admin');
echo system_message('ok', $msg);
$log_action_number = 28;
}
break;
case 'delete':
foreach ($selected_users as $work_user) {
/**
* A user should not be able to delete himself
*/
if ($work_user != $my_info['id']) {
$this_user = new UserActions();
$delete_user = $this_user->delete_user($work_user);
$affected_users++;
} else {
$msg = __('You cannot delete your own account.', 'cftp_admin');
echo system_message('error', $msg);
}
}
if ($affected_users > 0) {
$msg = __('The selected users were deleted.', 'cftp_admin');
echo system_message('ok', $msg);
$log_action_number = 16;
}
break;
}
/** Record the action log */
function doModel()
{
switch ($this->action) {
case 'login_post':
//post execution for the login
$user = User::newInstance()->findByEmail(Params::getParam('email'));
if (!$user) {
osc_add_flash_message(_m('The username doesn\'t exist'));
$this->redirectTo(osc_user_login_url());
}
if (!$user['b_enabled']) {
osc_add_flash_message(_m('The user has not been validated yet'));
$this->redirectTo(osc_user_login_url());
}
if ($user["s_password"] == sha1(Params::getParam('password'))) {
if (Params::getParam('remember') == 1) {
//this include contains de osc_genRandomPassword function
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$secret = osc_genRandomPassword();
User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id']));
Cookie::newInstance()->set_expires(osc_time_cookie());
Cookie::newInstance()->push('oc_userId', $user['pk_i_id']);
Cookie::newInstance()->push('oc_userSecret', $secret);
Cookie::newInstance()->set();
}
//we are logged in... let's go!
Session::newInstance()->_set('userId', $user['pk_i_id']);
Session::newInstance()->_set('userName', $user['s_name']);
Session::newInstance()->_set('userEmail', $user['s_email']);
$phone = $user['s_phone_mobile'] ? $user['s_phone_mobile'] : $user['s_phone_land'];
Session::newInstance()->_set('userPhone', $phone);
} else {
osc_add_flash_message(_m('The password is incorrect'));
}
//returning logged in to the main page...
$this->redirectTo(osc_user_dashboard_url());
break;
case 'recover':
//form to recover the password (in this case we have the form in /gui/)
$this->doView('user-recover.php');
break;
case 'recover_post':
//post execution to recover the password
require_once LIB_PATH . 'osclass/UserActions.php';
$userActions = new UserActions(false);
$recaptcha_ok = $userActions->recover_password();
if ($recaptcha_ok) {
// We ALWAYS show the same message, so we don't give clues about which emails are in our database and which don't!
osc_add_flash_message(_m('We have sent you an email with the instructions to reset your password'));
$this->redirectTo(osc_base_url());
} else {
osc_add_flash_message(_m('The recaptcha code is wrong'));
$this->redirectTo(osc_recover_user_password_url());
}
break;
case 'forgot':
//form to recover the password (in this case we have the form in /gui/)
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user) {
$this->doView('user-forgot_password.php');
} else {
osc_add_flash_message(_m('Sorry, the link is not valid'));
$this->redirectTo(osc_base_url());
}
break;
case 'forgot_post':
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user) {
if (Params::getParam('new_password') == Params::getParam('new_password2')) {
User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => $_SERVER['REMOTE_ADDR'], 's_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => $user['pk_i_id']));
osc_add_flash_message(_m('The password has been changed'));
$this->redirectTo(osc_user_login_url());
} else {
osc_add_flash_message(_m('Error, the password don\'t match'));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
} else {
osc_add_flash_message(_m('Sorry, the link is not valid'));
}
$this->redirectTo(osc_base_url());
break;
default:
//login
if (osc_logged_user_id() != '') {
$this->redirectTo(osc_user_dashboard_url());
}
$this->doView('user-login.php');
}
}
if ($Me->is_empty()) {
$Me->escape();
}
global $User, $Pset, $Info, $Commit;
$User = $Me;
if (isset($_REQUEST["u"]) && (!$Me->isPC || !($User = ContactView::prepare_user($_REQUEST["u"])))) {
redirectSelf(array("u" => null));
}
assert($User == $Me || $Me->isPC);
assert($Me->privChair);
if (@$_POST["enable"] && check_post()) {
UserActions::enable(array($User->contactId), $Me);
redirectSelf();
}
if (@$_POST["disable"] && check_post()) {
UserActions::disable(array($User->contactId), $Me);
redirectSelf();
}
if (@$_POST["update"] && check_post()) {
$ck = $cv = array();
$roles = 0;
if (@$_POST["pctype"] === "chair") {
$roles |= Contact::ROLE_CHAIR | Contact::ROLE_PC;
} else {
if (@$_POST["pctype"] === "pc") {
$roles |= Contact::ROLE_PC;
}
}
if (@$_POST["sysadmin"]) {
$roles |= Contact::ROLE_ADMIN;
}
function doModel()
{
switch ($this->action) {
case 'register':
//register user
$this->doView('user-register.php');
break;
case 'register_post':
//register user
osc_csrf_check();
if (!osc_users_enabled()) {
osc_add_flash_error_message(_m('Users are not enabled'));
$this->redirectTo(osc_base_url());
}
osc_run_hook('before_user_register');
$banned = osc_is_banned(Params::getParam('s_email'));
if ($banned == 1) {
osc_add_flash_error_message(_m('Your current email is not allowed'));
$this->redirectTo(osc_register_account_url());
} else {
if ($banned == 2) {
osc_add_flash_error_message(_m('Your current IP is not allowed'));
$this->redirectTo(osc_register_account_url());
}
}
require_once LIB_PATH . 'osclass/UserActions.php';
$userActions = new UserActions(false);
$success = $userActions->add();
if ($success == 1) {
osc_add_flash_ok_message(_m('The user has been created. An activation email has been sent'));
$this->redirectTo(osc_base_url());
} else {
if ($success == 2) {
osc_add_flash_ok_message(_m('Your account has been created successfully'));
Params::setParam('action', 'login_post');
Params::setParam('email', Params::getParam('s_email'));
Params::setParam('password', Params::getParam('s_password', false, false));
require_once osc_lib_path() . 'osclass/controller/login.php';
$do = new CWebLogin();
$do->doModel();
} else {
osc_add_flash_error_message($success);
$this->redirectTo(osc_register_account_url());
}
}
break;
case 'validate':
//validate account
$id = intval(Params::getParam('id'));
$code = Params::getParam('code');
$userManager = new User();
$user = $userManager->findByIdSecret($id, $code);
if (!$user) {
osc_add_flash_error_message(_m('The link is not valid anymore. Sorry for the inconvenience!'));
$this->redirectTo(osc_base_url());
}
if ($user['b_active'] == 1) {
osc_add_flash_error_message(_m('Your account has already been validated'));
$this->redirectTo(osc_base_url());
}
$userManager = new User();
$success = $userManager->update(array('b_active' => '1'), array('pk_i_id' => $id, 's_secret' => $code));
if ($success) {
// Auto-login
Session::newInstance()->_set('userId', $user['pk_i_id']);
Session::newInstance()->_set('userName', $user['s_name']);
Session::newInstance()->_set('userEmail', $user['s_email']);
$phone = $user['s_phone_mobile'] ? $user['s_phone_mobile'] : $user['s_phone_land'];
Session::newInstance()->_set('userPhone', $phone);
osc_run_hook('hook_email_user_registration', $user);
osc_run_hook('validate_user', $user);
osc_add_flash_ok_message(_m('Your account has been validated'));
} else {
osc_add_flash_ok_message(_m('Account validation failed'));
}
$this->redirectTo(osc_base_url());
break;
}
}