function doModel() { switch ($this->action) { case 'login_post': //post execution for the login if (!osc_users_enabled()) { osc_add_flash_error_message(_m('Users are not enabled')); $this->redirectTo(osc_base_url()); } osc_csrf_check(); osc_run_hook('before_validating_login'); // e-mail or/and password is/are empty or incorrect $wrongCredentials = false; $email = Params::getParam('email'); $password = Params::getParam('password', false, false); if ($email == '') { osc_add_flash_error_message(_m('Please provide an email address')); $wrongCredentials = true; } if ($password == '') { osc_add_flash_error_message(_m('Empty passwords are not allowed. Please provide a password')); $wrongCredentials = true; } if ($wrongCredentials) { $this->redirectTo(osc_user_login_url()); } if (osc_validate_email($email)) { $user = User::newInstance()->findByEmail($email); } if (empty($user)) { $user = User::newInstance()->findByUsername($email); } if (empty($user)) { osc_add_flash_error_message(_m("The user doesn't exist")); $this->redirectTo(osc_user_login_url()); } if (!osc_verify_password($password, isset($user['s_password']) ? $user['s_password'] : '')) { osc_add_flash_error_message(_m('The password is incorrect')); $this->redirectTo(osc_user_login_url()); // @TODO if valid user, send email parameter back to the login form } else { if (@$user['s_password'] != '') { if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $user['s_password'], $cost)) { if ($cost[1] != BCRYPT_COST) { User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id'])); } } else { User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id'])); } } } // e-mail or/and IP is/are banned $banned = osc_is_banned($email); // int 0: not banned or unknown, 1: email is banned, 2: IP is banned, 3: both email & IP are banned if ($banned & 1) { osc_add_flash_error_message(_m('Your current email is not allowed')); } if ($banned & 2) { osc_add_flash_error_message(_m('Your current IP is not allowed')); } if ($banned !== 0) { $this->redirectTo(osc_user_login_url()); } osc_run_hook('before_login'); $url_redirect = osc_get_http_referer(); $page_redirect = ''; if (osc_rewrite_enabled()) { if ($url_redirect != '') { $request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $url_redirect)); $tmp_ar = explode("?", $request_uri); $request_uri = $tmp_ar[0]; $rules = Rewrite::newInstance()->listRules(); foreach ($rules as $match => $uri) { if (preg_match('#' . $match . '#', $request_uri, $m)) { $request_uri = preg_replace('#' . $match . '#', $uri, $request_uri); if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) { $page_redirect = $match[2]; if ($page_redirect == '' || $page_redirect == 'login') { $url_redirect = osc_user_dashboard_url(); } } break; } } } } require_once LIB_PATH . 'osclass/UserActions.php'; $uActions = new UserActions(false); $logged = $uActions->bootstrap_login($user['pk_i_id']); if ($logged == 0) { osc_add_flash_error_message(_m("The user doesn't exist")); } else { if ($logged == 1) { if (time() - strtotime($user['dt_access_date']) > 1200) { // EACH 20 MINUTES osc_add_flash_error_message(sprintf(_m('The user has not been validated yet. Would you like to re-send your <a href="%s">activation?</a>'), osc_user_resend_activation_link($user['pk_i_id'], $user['s_email']))); } else { osc_add_flash_error_message(_m('The user has not been validated yet')); } } else { if ($logged == 2) { osc_add_flash_error_message(_m('The user has been suspended')); } else { if ($logged == 3) { if (Params::getParam('remember') == 1) { //this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_userId', $user['pk_i_id']); Cookie::newInstance()->push('oc_userSecret', $secret); Cookie::newInstance()->set(); } if ($url_redirect == '') { $url_redirect = osc_user_dashboard_url(); } osc_run_hook("after_login", $user, $url_redirect); $this->redirectTo(osc_apply_filter('correct_login_url_redirect', $url_redirect)); } else { osc_add_flash_error_message(_m('This should never happen')); } } } } if (!$user['b_enabled']) { $this->redirectTo(osc_user_login_url()); } $this->redirectTo(osc_user_login_url()); break; case 'resend': $id = Params::getParam('id'); $email = Params::getParam('email'); $user = User::newInstance()->findByPrimaryKey($id); if ($id == '' || $email == '' || !isset($user) || $user['b_active'] == 1 || $email != $user['s_email']) { osc_add_flash_error_message(_m('Incorrect link')); $this->redirectTo(osc_user_login_url()); } if (time() - strtotime($user['dt_access_date']) > 1200) { // EACH 20 MINUTES if (osc_notify_new_user()) { osc_run_hook('hook_email_admin_new_user', $user); } if (osc_user_validation_enabled()) { osc_run_hook('hook_email_user_validation', $user, $user); } User::newInstance()->update(array('dt_access_date' => date('Y-m-d H:i:s')), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('Validation email re-sent')); } else { osc_add_flash_warning_message(_m('We have just sent you an email to validate your account, you will have to wait a few minutes to resend it again')); } $this->redirectTo(osc_user_login_url()); break; case 'recover': //form to recover the password (in this case we have the form in /gui/) $this->doView('user-recover.php'); break; case 'recover_post': //post execution to recover the password osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; // e-mail is incorrect if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) { osc_add_flash_error_message(_m('Invalid email address')); $this->redirectTo(osc_recover_user_password_url()); } $userActions = new UserActions(false); $success = $userActions->recover_password(); switch ($success) { case 0: // recover ok osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password')); $this->redirectTo(osc_base_url()); break; case 1: // e-mail does not exist osc_add_flash_error_message(_m('We were not able to identify you given the information provided')); $this->redirectTo(osc_recover_user_password_url()); break; case 2: // recaptcha wrong osc_add_flash_error_message(_m('The recaptcha code is wrong')); $this->redirectTo(osc_recover_user_password_url()); break; } break; case 'forgot': //form to recover the password (in this case we have the form in /gui/) $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user) { $this->doView('user-forgot_password.php'); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'forgot_post': osc_csrf_check(); if (Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user['b_enabled'] == 1) { if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) { User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => Params::getServerParam('REMOTE_ADDR'), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed')); $this->redirectTo(osc_user_login_url()); } else { osc_add_flash_error_message(_m("Error, the password don't match")); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); } $this->redirectTo(osc_base_url()); break; default: //login Session::newInstance()->_setReferer(osc_get_http_referer()); if (osc_logged_user_id() != '') { $this->redirectTo(osc_user_dashboard_url()); } $this->doView('user-login.php'); } }
function item_adManage_posted($catId = '', $itemId) { $conn = getConnection(); $r_secret = ''; $r_secret = osc_genRandomPassword(); $conn->osc_dbExec("REPLACE INTO %st_item_adManage_limit (fk_i_item_id, r_secret, r_times) VALUES (%d, '%s', %d)", DB_TABLE_PREFIX, $itemId, $r_secret, 0); }
function doModel() { switch ($this->action) { case 'change_email_confirm': //change email confirm if (Params::getParam('userId') && Params::getParam('code')) { $userManager = new User(); $user = $userManager->findByPrimaryKey(Params::getParam('userId')); if ($user['s_pass_code'] == Params::getParam('code') && $user['b_enabled'] == 1) { $userEmailTmp = UserEmailTmp::newInstance()->findByPk(Params::getParam('userId')); $code = osc_genRandomPassword(50); $userManager->update(array('s_email' => $userEmailTmp['s_new_email']), array('pk_i_id' => $userEmailTmp['fk_i_user_id'])); Item::newInstance()->update(array('s_contact_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); ItemComment::newInstance()->update(array('s_author_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); Alerts::newInstance()->update(array('s_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); Session::newInstance()->_set('userEmail', $userEmailTmp['s_new_email']); UserEmailTmp::newInstance()->delete(array('s_new_email' => $userEmailTmp['s_new_email'])); osc_add_flash_ok_message(_m('Your email has been changed successfully')); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'activate_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $result = 0; if ($email != '' && $secret != '') { $result = Alerts::newInstance()->activate($email, $secret); } if ($result == 1) { osc_add_flash_ok_message(_m('Alert activated')); } else { osc_add_flash_error_message(_m('Ops! There was a problem trying to activate alert. Please contact the administrator')); } $this->redirectTo(osc_base_url(true)); break; case 'unsub_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); if ($email != '' && $secret != '') { Alerts::newInstance()->delete(array('s_email' => $email, 'S_secret' => $secret)); osc_add_flash_ok_message(_m('Unsubscribed correctly')); } else { osc_add_flash_error_message(_m('Ops! There was a problem trying to unsubscribe you. Please contact the administrator')); } $this->redirectTo(osc_base_url()); break; default: $this->redirectTo(osc_user_login_url()); break; } }
function basic_info() { require_once LIB_PATH . 'osclass/model/Admin.php'; require_once LIB_PATH . 'osclass/model/Preference.php'; require_once LIB_PATH . 'osclass/helpers/hSecurity.php'; if ($_POST['s_name'] == '') { $admin = 'admin'; } else { $admin = $_POST['s_name']; } if ($_POST['s_passwd'] == '') { $password = osc_genRandomPassword(); } else { $password = $_POST['s_passwd']; } Admin::newInstance()->insert(array('s_name' => 'Administrator', 's_username' => $admin, 's_password' => sha1($password), 's_email' => $_POST['email'])); $mPreference = Preference::newInstance(); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'pageTitle', 's_value' => $_POST['webtitle'], 'e_type' => 'STRING')); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'contactEmail', 's_value' => $_POST['email'], 'e_type' => 'STRING')); $body = 'Welcome ' . $_POST['webtitle'] . ',<br/><br/>'; $body .= 'Your OSClass installation at ' . WEB_PATH . ' is up and running. You can access to the administration panel with this data access:<br/>'; $body .= '<ul>'; $body .= '<li>username: '******'</li>'; $body .= '<li>password: '******'</li>'; $body .= '</ul>'; $body .= 'Regards,<br/>'; $body .= 'The <a href=\'http://osclass.org/\'>OSClass</a> team'; $sitename = strtolower($_SERVER['SERVER_NAME']); if (substr($sitename, 0, 4) == 'www.') { $sitename = substr($sitename, 4); } try { require_once LIB_PATH . 'phpmailer/class.phpmailer.php'; $mail = new PHPMailer(true); $mail->CharSet = "utf-8"; $mail->Host = "localhost"; $mail->From = 'osclass@' . $sitename; $mail->FromName = 'OSClass'; $mail->Subject = 'OSClass successfully installed!'; $mail->AddAddress($_POST['email'], 'OSClass administrator'); $mail->Body = $body; $mail->AltBody = $body; if (!$mail->Send()) { return array('email_status' => $_POST['email'] . "<br>" . $mail->ErrorInfo, 's_password' => $password); } else { return array('email_status' => '', 's_password' => $password); } } catch (phpmailerException $exception) { } }
function basic_info() { require_once LIB_PATH . 'osclass/model/Admin.php'; require_once LIB_PATH . 'osclass/helpers/hSecurity.php'; $admin = Params::getParam('s_name'); if ($admin == '') { $admin = 'admin'; } $password = Params::getParam('s_passwd', false, false); if ($password == '') { $password = osc_genRandomPassword(); } Admin::newInstance()->insert(array('s_name' => 'Administrator', 's_username' => $admin, 's_password' => osc_hash_password($password), 's_email' => Params::getParam('email'))); $mPreference = Preference::newInstance(); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'pageTitle', 's_value' => Params::getParam('webtitle'), 'e_type' => 'STRING')); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'contactEmail', 's_value' => Params::getParam('email'), 'e_type' => 'STRING')); $body = sprintf(__('Привет %s,'), Params::getParam('webtitle')) . "<br/><br/>"; $body .= sprintf(__('Osclass успешно установлен %s и запущен. Вы можете получить доступ к панели администрирования:'), WEB_PATH) . '<br/>'; $body .= '<ul>'; $body .= '<li>' . sprintf(__('username: %s'), $admin) . '</li>'; $body .= '<li>' . sprintf(__('password: %s'), $password) . '</li>'; $body .= '</ul>'; $body .= sprintf(__('Помните, если у вас появяться вопросы вы можете прочитать <a href="%1$s">документацию</a>, спросить на <a href="%2$s">форуме</a> или в <a href="%3$s">блоге</a>.'), 'http://os-class.ru/wiki', 'http://os-class.ru/frm', 'http://os-class.ru/category/articles'); $body .= sprintf(' ' . __('Osclass doesn’t run any developments but we can put you in touch with third party developers through a Premium Support. And hey, if you would like to contribute to Osclass - learn how <a href="%1$s">here</a>!'), 'http://blog.osclass.org/2012/11/22/how-to-collaborate-to-osclass/') . '<br/><br/>'; $body .= __('Аплодисменты,') . "<br/>"; $body .= __('Ваш <a href="http://os-class.ru/">Osclass Rus Team</a> team'); $sitename = strtolower($_SERVER['SERVER_NAME']); if (substr($sitename, 0, 4) == 'www.') { $sitename = substr($sitename, 4); } try { require_once LIB_PATH . 'phpmailer/class.phpmailer.php'; $mail = new PHPMailer(true); $mail->CharSet = "utf-8"; $mail->Host = "localhost"; $mail->From = 'osclass@' . $sitename; $mail->FromName = 'Osclass'; $mail->Subject = 'Osclass успешно установлен!'; $mail->AddAddress(Params::getParam('email'), 'Osclass administrator'); $mail->Body = $body; $mail->AltBody = $body; if (!$mail->Send()) { return array('email_status' => Params::getParam('email') . "<br>" . $mail->ErrorInfo, 's_password' => $password); } return array('email_status' => '', 's_password' => $password); } catch (phpmailerException $exception) { return array('email_status' => Params::getParam('email') . "<br>" . $exception->errorMessage(), 's_password' => $password); } }
function basic_info() { require_once LIB_PATH . 'osclass/model/Admin.php'; require_once LIB_PATH . 'osclass/helpers/hSecurity.php'; $admin = Params::getParam('s_name'); if ($admin == '') { $admin = 'admin'; } $password = Params::getParam('s_passwd', false, false); if ($password == '') { $password = osc_genRandomPassword(); } Admin::newInstance()->insert(array('s_name' => 'Administrator', 's_username' => $admin, 's_password' => osc_hash_password($password), 's_email' => Params::getParam('email'))); $mPreference = Preference::newInstance(); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'pageTitle', 's_value' => Params::getParam('webtitle'), 'e_type' => 'STRING')); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'contactEmail', 's_value' => Params::getParam('email'), 'e_type' => 'STRING')); $body = sprintf(__('Hi %s,'), Params::getParam('webtitle')) . "<br/><br/>"; $body .= sprintf(__('Your Osclass installation at %s is up and running. You can access the administration panel with these details:'), WEB_PATH) . '<br/>'; $body .= '<ul>'; $body .= '<li>' . sprintf(__('username: %s'), $admin) . '</li>'; $body .= '<li>' . sprintf(__('password: %s'), $password) . '</li>'; $body .= '</ul>'; $body .= sprintf(__('Remember that for any doubts you might have you can consult our <a href="%1$s">documentation</a>, <a href="%2$s">forum</a> or <a href="%3$s">blog</a>.'), 'http://doc.osclass.org/', 'http://forums.osclass.org/', 'http://blog.osclass.org/'); $body .= sprintf(' ' . __('Osclass doesn’t run any developments but we can put you in touch with third party developers through a Premium Support. And hey, if you would like to contribute to Osclass - learn how <a href="%1$s">here</a>!'), 'http://blog.osclass.org/2012/11/22/how-to-collaborate-to-osclass/') . '<br/><br/>'; $body .= __('Cheers,') . "<br/>"; $body .= __('The <a href="http://osclass.org/">Osclass</a> team'); $sitename = strtolower($_SERVER['SERVER_NAME']); if (substr($sitename, 0, 4) == 'www.') { $sitename = substr($sitename, 4); } try { require_once LIB_PATH . 'phpmailer/class.phpmailer.php'; $mail = new PHPMailer(true); $mail->CharSet = "utf-8"; $mail->Host = "localhost"; $mail->From = 'osclass@' . $sitename; $mail->FromName = 'Osclass'; $mail->Subject = 'Osclass successfully installed!'; $mail->AddAddress(Params::getParam('email'), 'Osclass administrator'); $mail->Body = $body; $mail->AltBody = $body; if (!$mail->Send()) { return array('email_status' => Params::getParam('email') . "<br>" . $mail->ErrorInfo, 's_password' => $password); } return array('email_status' => '', 's_password' => $password); } catch (phpmailerException $exception) { return array('email_status' => Params::getParam('email') . "<br>" . $exception->errorMessage(), 's_password' => $password); } }
function basic_info() { require_once LIB_PATH . 'osclass/model/Admin.php'; require_once LIB_PATH . 'osclass/helpers/hSecurity.php'; $admin = Params::getParam('s_name'); if ($admin == '') { $admin = 'admin'; } $password = Params::getParam('s_passwd', false, false); if ($password == '') { $password = osc_genRandomPassword(); } Admin::newInstance()->insert(array('s_name' => 'Administrator', 's_username' => $admin, 's_password' => sha1($password), 's_email' => Params::getParam('email'))); $mPreference = Preference::newInstance(); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'pageTitle', 's_value' => Params::getParam('webtitle'), 'e_type' => 'STRING')); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'contactEmail', 's_value' => Params::getParam('email'), 'e_type' => 'STRING')); $body = sprintf(__('Welcome %s,'), Params::getParam('webtitle')) . "<br/><br/>"; $body .= sprintf(__('Your OSClass installation at %s is up and running. You can access the administration panel with these details:'), WEB_PATH) . "<br/>"; $body .= '<ul>'; $body .= '<li>' . sprintf(__('username: %s'), $admin) . '</li>'; $body .= '<li>' . sprintf(__('password: %s'), $password) . '</li>'; $body .= '</ul>'; $body .= __('Regards,') . "<br/>"; $body .= __('The <a href="http://osclass.org/">OSClass</a> team'); $sitename = strtolower($_SERVER['SERVER_NAME']); if (substr($sitename, 0, 4) == 'www.') { $sitename = substr($sitename, 4); } try { require_once LIB_PATH . 'phpmailer/class.phpmailer.php'; $mail = new PHPMailer(true); $mail->CharSet = "utf-8"; $mail->Host = "localhost"; $mail->From = 'osclass@' . $sitename; $mail->FromName = 'OSClass'; $mail->Subject = 'OSClass successfully installed!'; $mail->AddAddress(Params::getParam('email'), 'OSClass administrator'); $mail->Body = $body; $mail->AltBody = $body; if (!$mail->Send()) { return array('email_status' => Params::getParam('email') . "<br>" . $mail->ErrorInfo, 's_password' => $password); } return array('email_status' => '', 's_password' => $password); } catch (phpmailerException $exception) { return array('email_status' => Params::getParam('email') . "<br>" . $exception->errorMessage(), 's_password' => $password); } }
function doModel() { switch ($this->action) { case 'login_post': //post execution for the login if (Params::getParam('user') == '' && Params::getParam('password', false, false) == '') { $this->redirectTo(osc_admin_base_url()); } if (Params::getParam('user') == '') { osc_add_flash_error_message(_m('The username field is empty'), 'admin'); $this->redirectTo(osc_admin_base_url()); } if (Params::getParam('password') == '') { osc_add_flash_error_message(_m('The password field is empty'), 'admin'); $this->redirectTo(osc_admin_base_url()); } // fields are not empty $admin = Admin::newInstance()->findByUsername(Params::getParam('user')); if (!$admin) { osc_add_flash_error_message(sprintf(_m('Sorry, incorrect username. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin'); $this->redirectTo(osc_admin_base_url()); } if ($admin["s_password"] !== sha1(Params::getParam('password', false, false))) { osc_add_flash_error_message(sprintf(_m('Sorry, incorrect password. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin'); $this->redirectTo(osc_admin_base_url()); } if (Params::getParam('remember')) { // this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']); Cookie::newInstance()->push('oc_adminSecret', $secret); Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale')); Cookie::newInstance()->set(); } // we are logged in... let's go! Session::newInstance()->_set('adminId', $admin['pk_i_id']); Session::newInstance()->_set('adminUserName', $admin['s_username']); Session::newInstance()->_set('adminName', $admin['s_name']); Session::newInstance()->_set('adminEmail', $admin['s_email']); Session::newInstance()->_set('adminLocale', Params::getParam('locale')); $this->redirectTo(osc_admin_base_url()); break; case 'recover': // form to recover the password (in this case we have the form in /gui/) $this->doView('gui/recover.php'); break; case 'recover_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url()); } // post execution to recover the password $admin = Admin::newInstance()->findByEmail(Params::getParam('email')); if ($admin) { if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover'); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $newPassword = osc_genRandomPassword(40); Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id'])); $password_url = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword); osc_run_hook('hook_email_user_forgot_password', $admin, $password_url); } osc_add_flash_ok_message(_m('A new password has been sent to your e-mail'), 'admin'); $this->redirectTo(osc_admin_base_url()); break; case 'forgot': // form to recover the password (in this case we have the form in /gui/) $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if (!$admin) { osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin'); $this->redirectTo(osc_admin_base_url()); } $this->doView('gui/forgot_password.php'); break; case 'forgot_post': $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if (!$admin) { osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin'); $this->redirectTo(osc_admin_base_url()); } if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) { Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => sha1(Params::getParam('new_password', false, false))), array('pk_i_id' => $admin['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed'), 'admin'); $this->redirectTo(osc_admin_base_url()); } else { osc_add_flash_error_message(_m("Error, the password don't match"), 'admin'); $this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code'))); } break; } }
function doModel() { switch ($this->action) { case 'change_email_confirm': //change email confirm if (Params::getParam('userId') && Params::getParam('code')) { $userManager = new User(); $user = $userManager->findByPrimaryKey(Params::getParam('userId')); if ($user['s_pass_code'] == Params::getParam('code') && $user['b_enabled'] == 1) { $userEmailTmp = UserEmailTmp::newInstance()->findByPk(Params::getParam('userId')); $code = osc_genRandomPassword(50); $userManager->update(array('s_email' => $userEmailTmp['s_new_email']), array('pk_i_id' => $userEmailTmp['fk_i_user_id'])); Item::newInstance()->update(array('s_contact_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); ItemComment::newInstance()->update(array('s_author_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); Alerts::newInstance()->update(array('s_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); Session::newInstance()->_set('userEmail', $userEmailTmp['s_new_email']); UserEmailTmp::newInstance()->delete(array('s_new_email' => $userEmailTmp['s_new_email'])); osc_add_flash_ok_message(_m('Your email has been changed successfully')); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'activate_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $result = 0; if ($email != '' && $secret != '') { $result = Alerts::newInstance()->activate($email, $secret); } if ($result == 1) { osc_add_flash_ok_message(_m('Alert activated')); } else { osc_add_flash_error_message(_m('Ops! There was a problem trying to activate alert. Please contact the administrator')); } $this->redirectTo(osc_base_url(true)); break; case 'unsub_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); if ($email != '' && $secret != '') { Alerts::newInstance()->delete(array('s_email' => $email, 'S_secret' => $secret)); osc_add_flash_ok_message(_m('Unsubscribed correctly')); } else { osc_add_flash_error_message(_m('Ops! There was a problem trying to unsubscribe you. Please contact the administrator')); } $this->redirectTo(osc_base_url()); break; case 'pub_profile': $userID = Params::getParam('id'); $user = User::newInstance()->findByPrimaryKey($userID); // user doesn't exist if (!$user) { $this->redirectTo(osc_base_url()); } View::newInstance()->_exportVariableToView('user', $user); $items = Item::newInstance()->findByUserIDEnabled($user['pk_i_id'], 0, 3); View::newInstance()->_exportVariableToView('items', $items); $this->doView('user-public-profile.php'); break; case 'contact_post': $user = User::newInstance()->findByPrimaryKey(Params::getParam('id')); View::newInstance()->_exportVariableToView('user', $user); if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail')); Session::newInstance()->_setForm("yourName", Params::getParam('yourName')); Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber')); Session::newInstance()->_setForm("message_body", Params::getParam('message')); $this->redirectTo(osc_user_public_profile_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } osc_run_hook('hook_email_contact_user', Params::getParam('id'), Params::getParam('yourEmail'), Params::getParam('yourName'), Params::getParam('phoneNumber'), Params::getParam('message')); $this->redirectTo(osc_user_public_profile_url()); break; default: $this->redirectTo(osc_user_login_url()); break; } }
function doModel() { //specific things for this class switch ($this->action) { case 'bulk_actions': break; case 'regions': //Return regions given a countryId $regions = Region::newInstance()->findByCountry(Params::getParam("countryId")); echo json_encode($regions); break; case 'cities': //Returns cities given a regionId $cities = City::newInstance()->findByRegion(Params::getParam("regionId")); echo json_encode($cities); break; case 'location': // This is the autocomplete AJAX $cities = City::newInstance()->ajax(Params::getParam("term")); echo json_encode($cities); break; case 'location_countries': // This is the autocomplete AJAX $countries = Country::newInstance()->ajax(Params::getParam("term")); echo json_encode($countries); break; case 'location_regions': // This is the autocomplete AJAX $regions = Region::newInstance()->ajax(Params::getParam("term"), Params::getParam("country")); echo json_encode($regions); break; case 'location_cities': // This is the autocomplete AJAX $cities = City::newInstance()->ajax(Params::getParam("term"), Params::getParam("region")); echo json_encode($cities); break; case 'delete_image': // Delete images via AJAX $id = Params::getParam('id'); $item = Params::getParam('item'); $code = Params::getParam('code'); $secret = Params::getParam('secret'); $json = array(); if (Session::newInstance()->_get('userId') != '') { $userId = Session::newInstance()->_get('userId'); $user = User::newInstance()->findByPrimaryKey($userId); } else { $userId = null; $user = null; } // Check for required fields if (!(is_numeric($id) && is_numeric($item) && preg_match('/^([a-z0-9]+)$/i', $code))) { $json['success'] = false; $json['msg'] = _m("The selected photo couldn't be deleted, the url doesn't exist"); echo json_encode($json); return false; } $aItem = Item::newInstance()->findByPrimaryKey($item); // Check if the item exists if (count($aItem) == 0) { $json['success'] = false; $json['msg'] = _m('The item doesn\'t exist'); echo json_encode($json); return false; } // Check if the item belong to the user if ($userId != null && $userId != $aItem['fk_i_user_id']) { $json['success'] = false; $json['msg'] = _m('The item doesn\'t belong to you'); echo json_encode($json); return false; } // Check if the secret passphrase match with the item if ($userId == null && $aItem['fk_i_user_id'] == null && $secret != $aItem['s_secret']) { $json['success'] = false; $json['msg'] = _m('The item doesn\'t belong to you'); echo json_encode($json); return false; } // Does id & code combination exist? $result = ItemResource::newInstance()->existResource($id, $code); if ($result > 0) { // Delete: file, db table entry osc_deleteResource($id); ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $item, 's_name' => $code)); $json['msg'] = _m('The selected photo has been successfully deleted'); $json['success'] = 'true'; } else { $json['msg'] = _m("The selected photo couldn't be deleted"); $json['success'] = 'false'; } echo json_encode($json); return true; break; case 'alerts': // Allow to register to an alert given (not sure it's used on admin) $alert = Params::getParam("alert"); $email = Params::getParam("email"); $userid = Params::getParam("userid"); if ($alert != '' && $email != '') { if (preg_match("/^[_a-z0-9-+]+(\\.[_a-z0-9-+]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$/", $email)) { $secret = osc_genRandomPassword(); if (Alerts::newInstance()->createAlert($userid, $email, $alert, $secret)) { if ((int) $userid > 0) { $user = User::newInstance()->findByPrimaryKey($userid); if ($user['b_active'] == 1 && $user['b_enabled'] == 1) { Alerts::newInstance()->activate($email, $secret); echo '1'; return true; } else { echo '-1'; return false; } } else { osc_run_hook('hook_email_alert_validation', $alert, $email, $secret); } echo "1"; } else { echo "0"; } return true; } else { echo '-1'; return false; } } echo '0'; return false; break; case 'runhook': //Run hooks $hook = Params::getParam("hook"); switch ($hook) { case 'item_form': $catId = Params::getParam("catId"); if ($catId != '') { osc_run_hook("item_form", $catId); } else { osc_run_hook("item_form"); } break; case 'item_edit': $catId = Params::getParam("catId"); $itemId = Params::getParam("itemId"); osc_run_hook("item_edit", $catId, $itemId); break; default: if ($hook == '') { return false; } else { osc_run_hook($hook); } break; } break; case 'custom': // Execute via AJAX custom file $ajaxfile = Params::getParam("ajaxfile"); if ($ajaxfile != '') { require_once osc_plugins_path() . $ajaxfile; } else { echo json_encode(array('error' => __('no action defined'))); } break; default: echo json_encode(array('error' => __('no action defined'))); break; } // clear all keep variables into session Session::newInstance()->_dropKeepForm(); Session::newInstance()->_clearVariables(); }
function doModel() { switch ($this->action) { case 'comments': //calling the comments settings view $this->doView('settings/comments.php'); break; case 'comments_post': // updating comment $iUpdated = 0; $enabledComments = Params::getParam('enabled_comments'); $enabledComments = $enabledComments != '' ? true : false; $moderateComments = Params::getParam('moderate_comments'); $moderateComments = $moderateComments != '' ? true : false; $numModerateComments = Params::getParam('num_moderate_comments'); $commentsPerPage = Params::getParam('comments_per_page'); $notifyNewComment = Params::getParam('notify_new_comment'); $notifyNewComment = $notifyNewComment != '' ? true : false; $notifyNewCommentUser = Params::getParam('notify_new_comment_user'); $notifyNewCommentUser = $notifyNewCommentUser != '' ? true : false; $regUserPostComments = Params::getParam('reg_user_post_comments'); $regUserPostComments = $regUserPostComments != '' ? true : false; $msg = ''; if (!osc_validate_int(Params::getParam("num_moderate_comments"))) { $msg .= _m("Number of moderate comments must only contain numeric characters") . "<br/>"; } if (!osc_validate_int(Params::getParam("comments_per_page"))) { $msg .= _m("Comments per page must only contain numeric characters") . "<br/>"; } if ($msg != '') { osc_add_flash_error_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=comments'); } $iUpdated += Preference::newInstance()->update(array('s_value' => $enabledComments), array('s_name' => 'enabled_comments')); if ($moderateComments) { $iUpdated += Preference::newInstance()->update(array('s_value' => $numModerateComments), array('s_name' => 'moderate_comments')); } else { $iUpdated += Preference::newInstance()->update(array('s_value' => '-1'), array('s_name' => 'moderate_comments')); } $iUpdated += Preference::newInstance()->update(array('s_value' => $notifyNewComment), array('s_name' => 'notify_new_comment')); $iUpdated += Preference::newInstance()->update(array('s_value' => $notifyNewCommentUser), array('s_name' => 'notify_new_comment_user')); $iUpdated += Preference::newInstance()->update(array('s_value' => $commentsPerPage), array('s_name' => 'comments_per_page')); $iUpdated += Preference::newInstance()->update(array('s_value' => $regUserPostComments), array('s_name' => 'reg_user_post_comments')); if ($iUpdated > 0) { osc_add_flash_ok_message(_m("Comment settings have been updated"), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=comments'); break; case 'locations': // calling the locations settings view $location_action = Params::getParam('type'); $mCountries = new Country(); switch ($location_action) { case 'add_country': // add country $countryCode = strtoupper(Params::getParam('c_country')); $countryName = Params::getParam('country'); $exists = $mCountries->findByCode($countryCode); if (isset($exists['s_name'])) { osc_add_flash_error_message(sprintf(_m('%s already was in the database'), $countryName), 'admin'); } else { $countries_json = osc_file_get_contents('http://geo.osclass.org/geo.download.php?action=country_code&term=' . urlencode($countryCode)); $countries = json_decode($countries_json); $mCountries->insert(array('pk_c_code' => $countryCode, 's_name' => $countryName)); CountryStats::newInstance()->setNumItems($countryCode, 0); if (isset($countries->error)) { // Country is not in our GEO database // We have no region for user-typed countries } else { // Country is in our GEO database, add regions and cities $manager_region = new Region(); $regions_json = osc_file_get_contents('http://geo.osclass.org/geo.download.php?action=region&country_code=' . urlencode($countryCode) . '&term=all'); $regions = json_decode($regions_json); if (!isset($regions->error)) { if (count($regions) > 0) { foreach ($regions as $r) { $manager_region->insert(array("fk_c_country_code" => $r->country_code, "s_name" => $r->name)); $id = $manager_region->dao->insertedId(); RegionStats::newInstance()->setNumItems($id, 0); } } unset($regions); unset($regions_json); $manager_city = new City(); if (count($countries) > 0) { foreach ($countries as $c) { $regions = $manager_region->findByCountry($c->id); if (!isset($regions->error)) { if (count($regions) > 0) { foreach ($regions as $region) { $cities_json = osc_file_get_contents('http://geo.osclass.org/geo.download.php?action=city&country=' . urlencode($c->name) . '®ion=' . urlencode($region['s_name']) . '&term=all'); $cities = json_decode($cities_json); if (!isset($cities->error)) { if (count($cities) > 0) { foreach ($cities as $ci) { $manager_city->insert(array("fk_i_region_id" => $region['pk_i_id'], "s_name" => $ci->name, "fk_c_country_code" => $ci->country_code)); $id = $manager_city->dao->insertedId(); CityStats::newInstance()->setNumItems($id, 0); } } } unset($cities); unset($cities_json); } } } } } } } osc_add_flash_ok_message(sprintf(_m('%s has been added as a new country'), $countryName), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations'); break; case 'edit_country': // edit country $ok = $mCountries->update(array('s_name' => Params::getParam('e_country')), array('pk_c_code' => Params::getParam('country_code'))); if ($ok) { osc_add_flash_ok_message(_m('Country has been edited'), 'admin'); } else { osc_add_flash_error_message(_m('There were some problems editing the country'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations'); break; case 'delete_country': // delete country $countryId = Params::getParam('id'); Item::newInstance()->deleteByRegion($countryId); $mRegions = new Region(); $mCities = new City(); $aCountries = $mCountries->findByCode($countryId); $aRegions = $mRegions->findByCountry($aCountries['pk_c_code']); foreach ($aRegions as $region) { // remove city_stats CityStats::newInstance()->deleteByRegion($region['pk_i_id']); // remove region_stats RegionStats::newInstance()->delete(array('fk_i_region_id' => $region['pk_i_id'])); } //remove country stats CountryStats::newInstance()->delete(array('fk_c_country_code' => $aCountries['pk_c_code'])); $ok = $mCountries->deleteByPrimaryKey($aCountries['pk_c_code']); if ($ok) { osc_add_flash_ok_message(sprintf(_m('%s has been deleted'), $aCountries['s_name']), 'admin'); } else { osc_add_flash_error_message(sprintf(_m('There was a problem deleting %s'), $aCountries['s_name']), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations'); break; case 'add_region': // add region if (!Params::getParam('r_manual')) { $this->install_location_by_region(); } else { $mRegions = new Region(); $regionName = Params::getParam('region'); $countryCode = Params::getParam('country_c_parent'); $country = Country::newInstance()->findByCode($countryCode); $exists = $mRegions->findByName($regionName, $countryCode); if (!isset($exists['s_name'])) { $data = array('fk_c_country_code' => $countryCode, 's_name' => $regionName); $mRegions->insert($data); $id = $mRegions->dao->insertedId(); RegionStats::newInstance()->setNumItems($id, 0); osc_add_flash_ok_message(sprintf(_m('%s has been added as a new region'), $regionName), 'admin'); } else { osc_add_flash_error_message(sprintf(_m('%s already was in the database'), $regionName), 'admin'); } } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$countryCode . "&country=" . @$country['s_name']); break; case 'edit_region': // edit region $mRegions = new Region(); $newRegion = Params::getParam('e_region'); $regionId = Params::getParam('region_id'); $exists = $mRegions->findByName($newRegion); if (!isset($exists['pk_i_id']) || $exists['pk_i_id'] == $regionId) { if ($regionId != '') { $aRegion = $mRegions->findByPrimaryKey($regionId); $country = Country::newInstance()->findByCode($aRegion['fk_c_country_code']); $mRegions->update(array('s_name' => $newRegion), array('pk_i_id' => $regionId)); ItemLocation::newInstance()->update(array('s_region' => $newRegion), array('fk_i_region_id' => $regionId)); osc_add_flash_ok_message(sprintf(_m('%s has been edited'), $newRegion), 'admin'); } } else { osc_add_flash_error_message(sprintf(_m('%s already was in the database'), $newRegion), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$country['pk_c_code'] . "&country=" . @$country['s_name']); break; case 'delete_region': // delete region $mRegion = new Region(); $mCities = new City(); $regionId = Params::getParam('id'); if ($regionId != '') { Item::newInstance()->deleteByRegion($regionId); $aRegion = $mRegion->findByPrimaryKey($regionId); $country = Country::newInstance()->findByCode($aRegion['fk_c_country_code']); // remove city_stats CityStats::newInstance()->deleteByRegion($regionId); $mCities->delete(array('fk_i_region_id' => $regionId)); // remove region_stats RegionStats::newInstance()->delete(array('fk_i_region_id' => $regionId)); $mRegion->delete(array('pk_i_id' => $regionId)); osc_add_flash_ok_message(sprintf(_m('%s has been deleted'), $aRegion['s_name']), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$country['pk_c_code'] . "&country=" . @$country['s_name']); break; case 'add_city': // add city $mRegion = new Region(); $mCities = new City(); $regionId = Params::getParam('region_parent'); $countryCode = Params::getParam('country_c_parent'); $newCity = Params::getParam('city'); $exists = $mCities->findByName($newCity, $regionId); $region = $mRegion->findByPrimaryKey($regionId); $country = Country::newInstance()->findByCode($region['fk_c_country_code']); if (!isset($exists['s_name'])) { $mCities->insert(array('fk_i_region_id' => $regionId, 's_name' => $newCity, 'fk_c_country_code' => $countryCode)); $id = $mCities->dao->insertedId(); CityStats::newInstance()->setNumItems($id, 0); osc_add_flash_ok_message(sprintf(_m('%s has been added as a new city'), $newCity), 'admin'); } else { osc_add_flash_error_message(sprintf(_m('%s already was in the database'), $newCity), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$country['pk_c_code'] . "&country=" . @$country['s_name'] . "®ion=" . $regionId); break; case 'edit_city': // edit city $mRegion = new Region(); $mCities = new City(); $newCity = Params::getParam('e_city'); $cityId = Params::getParam('city_id'); $exists = $mCities->findByName($newCity); if (!isset($exists['pk_i_id']) || $exists['pk_i_id'] == $cityId) { $city = $mCities->findByPrimaryKey($cityId); $region = $mRegion->findByPrimaryKey($city['fk_i_region_id']); $country = Country::newInstance()->findByCode($region['fk_c_country_code']); $mCities->update(array('s_name' => $newCity), array('pk_i_id' => $cityId)); ItemLocation::newInstance()->update(array('s_city' => $newCity), array('fk_i_city_id' => $cityId)); osc_add_flash_ok_message(sprintf(_m('%s has been edited'), $newCity), 'admin'); } else { osc_add_flash_error_message(sprintf(_m('%s already was in the database'), $newCity), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$country['pk_c_code'] . "&country=" . @$country['s_name'] . "®ion=" . @$region['pk_i_id']); break; case 'delete_city': // delete city $mRegion = new Region(); $mCities = new City(); $cityId = Params::getParam('id'); Item::newInstance()->deleteByCity($cityId); $aCity = $mCities->findByPrimaryKey($cityId); // remove region_stats $region = $mRegion->findByPrimaryKey($aCity['fk_i_region_id']); $country = Country::newInstance()->findByCode($region['fk_c_country_code']); CityStats::newInstance()->delete(array('fk_i_city_id' => $cityId)); $mCities->delete(array('pk_i_id' => $cityId)); osc_add_flash_ok_message(sprintf(_m('%s has been deleted'), $aCity['s_name']), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=locations&country_code=' . @$country['pk_c_code'] . "&country=" . @$country['s_name'] . "®ion=" . @$region['pk_i_id']); break; } $aCountries = $mCountries->listAll(); $this->_exportVariableToView('aCountries', $aCountries); $this->doView('settings/locations.php'); break; case 'permalinks': // calling the permalinks view $htaccess = Params::getParam('htaccess_status'); $file = Params::getParam('file_status'); $this->_exportVariableToView('htaccess', $htaccess); $this->_exportVariableToView('file', $file); $this->doView('settings/permalinks.php'); break; case 'permalinks_post': // updating permalinks option $htaccess_file = osc_base_path() . '.htaccess'; $rewriteEnabled = Params::getParam('rewrite_enabled') ? true : false; if ($rewriteEnabled) { Preference::newInstance()->update(array('s_value' => '1'), array('s_name' => 'rewriteEnabled')); $rewrite_base = REL_WEB_URL; $htaccess = <<<HTACCESS <IfModule mod_rewrite.c> RewriteEngine On RewriteBase {$rewrite_base} RewriteRule ^index\\.php\$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . {$rewrite_base}index.php [L] </IfModule> HTACCESS; // 1. OK (ok) // 2. OK no apache module detected (warning) // 3. No se puede crear + apache // 4. No se puede crear + no apache $status = 3; if (file_exists($htaccess_file)) { if (is_writable($htaccess_file) && file_put_contents($htaccess_file, $htaccess)) { $status = 1; } } else { if (is_writable(osc_base_path()) && file_put_contents($htaccess_file, $htaccess)) { $status = 1; } } if (!@apache_mod_loaded('mod_rewrite')) { $status++; } $errors = 0; $item_url = substr(str_replace('//', '/', Params::getParam('rewrite_item_url') . '/'), 0, -1); if (!osc_validate_text($item_url)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $item_url), array('s_name' => 'rewrite_item_url')); } $page_url = substr(str_replace('//', '/', Params::getParam('rewrite_page_url') . '/'), 0, -1); if (!osc_validate_text($page_url)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $page_url), array('s_name' => 'rewrite_page_url')); } $cat_url = substr(str_replace('//', '/', Params::getParam('rewrite_cat_url') . '/'), 0, -1); if (!osc_validate_text($cat_url)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $cat_url), array('s_name' => 'rewrite_cat_url')); } $search_url = substr(str_replace('//', '/', Params::getParam('rewrite_search_url') . '/'), 0, -1); if (!osc_validate_text($search_url)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $search_url), array('s_name' => 'rewrite_search_url')); } if (!osc_validate_text(Params::getParam('rewrite_search_country'))) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_country')), array('s_name' => 'rewrite_search_country')); } if (!osc_validate_text(Params::getParam('rewrite_search_region'))) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_region')), array('s_name' => 'rewrite_search_region')); } if (!osc_validate_text(Params::getParam('rewrite_search_city'))) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_city')), array('s_name' => 'rewrite_search_city')); } if (!osc_validate_text(Params::getParam('rewrite_search_city_area'))) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_city_area')), array('s_name' => 'rewrite_search_city_area')); } if (!osc_validate_text(Params::getParam('rewrite_search_category'))) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_category')), array('s_name' => 'rewrite_search_category')); } if (!osc_validate_text(Params::getParam('rewrite_search_user'))) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_user')), array('s_name' => 'rewrite_search_user')); } if (!osc_validate_text(Params::getParam('rewrite_search_pattern'))) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => Params::getParam('rewrite_search_pattern')), array('s_name' => 'rewrite_search_pattern')); } $rewrite_contact = substr(str_replace('//', '/', Params::getParam('rewrite_contact') . '/'), 0, -1); if (!osc_validate_text($rewrite_contact)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_contact), array('s_name' => 'rewrite_contact')); } $rewrite_feed = substr(str_replace('//', '/', Params::getParam('rewrite_feed') . '/'), 0, -1); if (!osc_validate_text($rewrite_feed)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_feed), array('s_name' => 'rewrite_feed')); } $rewrite_language = substr(str_replace('//', '/', Params::getParam('rewrite_language') . '/'), 0, -1); if (!osc_validate_text($rewrite_language)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_language), array('s_name' => 'rewrite_language')); } $rewrite_item_mark = substr(str_replace('//', '/', Params::getParam('rewrite_item_mark') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_mark)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_item_mark), array('s_name' => 'rewrite_item_mark')); } $rewrite_item_send_friend = substr(str_replace('//', '/', Params::getParam('rewrite_item_send_friend') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_send_friend)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_item_send_friend), array('s_name' => 'rewrite_item_send_friend')); } $rewrite_item_contact = substr(str_replace('//', '/', Params::getParam('rewrite_item_contact') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_contact)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_item_contact), array('s_name' => 'rewrite_item_contact')); } $rewrite_item_new = substr(str_replace('//', '/', Params::getParam('rewrite_item_new') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_new)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_item_new), array('s_name' => 'rewrite_item_new')); } $rewrite_item_activate = substr(str_replace('//', '/', Params::getParam('rewrite_item_activate') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_activate)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_item_activate), array('s_name' => 'rewrite_item_activate')); } $rewrite_item_edit = substr(str_replace('//', '/', Params::getParam('rewrite_item_edit') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_edit)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_item_edit), array('s_name' => 'rewrite_item_edit')); } $rewrite_item_delete = substr(str_replace('//', '/', Params::getParam('rewrite_item_delete') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_delete)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_item_delete), array('s_name' => 'rewrite_item_delete')); } $rewrite_item_resource_delete = substr(str_replace('//', '/', Params::getParam('rewrite_item_resource_delete') . '/'), 0, -1); if (!osc_validate_text($rewrite_item_resource_delete)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_item_resource_delete), array('s_name' => 'rewrite_item_resource_delete')); } $rewrite_user_login = substr(str_replace('//', '/', Params::getParam('rewrite_user_login') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_login)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_login), array('s_name' => 'rewrite_user_login')); } $rewrite_user_dashboard = substr(str_replace('//', '/', Params::getParam('rewrite_user_dashboard') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_dashboard)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_dashboard), array('s_name' => 'rewrite_user_dashboard')); } $rewrite_user_logout = substr(str_replace('//', '/', Params::getParam('rewrite_user_logout') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_logout)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_logout), array('s_name' => 'rewrite_user_logout')); } $rewrite_user_register = substr(str_replace('//', '/', Params::getParam('rewrite_user_register') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_register)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_register), array('s_name' => 'rewrite_user_register')); } $rewrite_user_activate = substr(str_replace('//', '/', Params::getParam('rewrite_user_activate') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_activate)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_activate), array('s_name' => 'rewrite_user_activate')); } $rewrite_user_activate_alert = substr(str_replace('//', '/', Params::getParam('rewrite_user_activate_alert') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_activate_alert)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_activate_alert), array('s_name' => 'rewrite_user_activate_alert')); } $rewrite_user_profile = substr(str_replace('//', '/', Params::getParam('rewrite_user_profile') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_profile)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_profile), array('s_name' => 'rewrite_user_profile')); } $rewrite_user_items = substr(str_replace('//', '/', Params::getParam('rewrite_user_items') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_items)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_items), array('s_name' => 'rewrite_user_items')); } $rewrite_user_alerts = substr(str_replace('//', '/', Params::getParam('rewrite_user_alerts') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_alerts)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_alerts), array('s_name' => 'rewrite_user_alerts')); } $rewrite_user_recover = substr(str_replace('//', '/', Params::getParam('rewrite_user_recover') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_recover)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_recover), array('s_name' => 'rewrite_user_recover')); } $rewrite_user_forgot = substr(str_replace('//', '/', Params::getParam('rewrite_user_forgot') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_forgot)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_forgot), array('s_name' => 'rewrite_user_forgot')); } $rewrite_user_change_password = substr(str_replace('//', '/', Params::getParam('rewrite_user_change_password') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_change_password)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_change_password), array('s_name' => 'rewrite_user_change_password')); } $rewrite_user_change_email = substr(str_replace('//', '/', Params::getParam('rewrite_user_change_email') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_change_email)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_change_email), array('s_name' => 'rewrite_user_change_email')); } $rewrite_user_change_email_confirm = substr(str_replace('//', '/', Params::getParam('rewrite_user_change_email_confirm') . '/'), 0, -1); if (!osc_validate_text($rewrite_user_change_email_confirm)) { $errors += 1; } else { Preference::newInstance()->update(array('s_value' => $rewrite_user_change_email_confirm), array('s_name' => 'rewrite_user_change_email_confirm')); } osc_reset_preferences(); $rewrite = Rewrite::newInstance(); osc_run_hook("before_rewrite_rules", array(&$rewrite)); $rewrite->clearRules(); /***************************** ********* Add rules ********* *****************************/ // Contact rules $rewrite->addRule('^' . osc_get_preference('rewrite_contact') . '/?$', 'index.php?page=contact'); // Feed rules $rewrite->addRule('^' . osc_get_preference('rewrite_feed') . '/?$', 'index.php?page=search&sFeed=rss'); $rewrite->addRule('^' . osc_get_preference('rewrite_feed') . '/(.+)/?$', 'index.php?page=search&sFeed=$1'); // Language rules $rewrite->addRule('^' . osc_get_preference('rewrite_language') . '/(.*?)/?$', 'index.php?page=language&locale=$1'); // Search rules $rewrite->addRule('^' . $search_url . '$', 'index.php?page=search'); $rewrite->addRule('^' . $search_url . '/(.*)$', 'index.php?page=search&sParams=$1'); // Item rules $rewrite->addRule('^' . osc_get_preference('rewrite_item_mark') . '/(.*?)/([0-9]+)/?$', 'index.php?page=item&action=mark&as=$1&id=$2'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_send_friend') . '/([0-9]+)/?$', 'index.php?page=item&action=send_friend&id=$1'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_contact') . '/([0-9]+)/?$', 'index.php?page=item&action=contact&id=$1'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_new') . '/?$', 'index.php?page=item&action=item_add'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_new') . '/([0-9]+)/?$', 'index.php?page=item&action=item_add&catId=$1'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_activate') . '/([0-9]+)/(.*?)/?$', 'index.php?page=item&action=activate&id=$1&secret=$2'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_edit') . '/([0-9]+)/(.*?)/?$', 'index.php?page=item&action=item_edit&id=$1&secret=$2'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_delete') . '/([0-9]+)/(.*?)/?$', 'index.php?page=item&action=item_delete&id=$1&secret=$2'); $rewrite->addRule('^' . osc_get_preference('rewrite_item_resource_delete') . '/([0-9]+)/([0-9]+)/([0-9A-Za-z]+)/?(.*?)/?$', 'index.php?page=item&action=deleteResource&id=$1&item=$2&code=$3&secret=$4'); // Item rules $id_pos = stripos($item_url, '{ITEM_ID}'); $title_pos = stripos($item_url, '{ITEM_TITLE}'); $cat_pos = stripos($item_url, '{CATEGORIES'); $param_pos = 1; if ($title_pos !== false && $id_pos > $title_pos) { $param_pos++; } if ($cat_pos !== false && $id_pos > $cat_pos) { $param_pos++; } $comments_pos = 1; if ($id_pos !== false) { $comments_pos++; } if ($title_pos !== false) { $comments_pos++; } if ($cat_pos !== false) { $comments_pos++; } $rewrite->addRule('^' . str_replace('{ITEM_CITY}', '.*', str_replace('{CATEGORIES}', '.*', str_replace('{ITEM_TITLE}', '.*', str_replace('{ITEM_ID}', '([0-9]+)', $item_url . '\\?comments-page=([0-9al]*)')))) . '$', 'index.php?page=item&id=$1&comments-page=$2'); $rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{ITEM_CITY}', '.*', str_replace('{CATEGORIES}', '.*', str_replace('{ITEM_TITLE}', '.*', str_replace('{ITEM_ID}', '([0-9]+)', $item_url . '\\?comments-page=([0-9al]*)')))) . '$', 'index.php?page=item&id=$3&lang=$1_$2&comments-page=$4'); $rewrite->addRule('^' . str_replace('{ITEM_CITY}', '.*', str_replace('{CATEGORIES}', '.*', str_replace('{ITEM_TITLE}', '.*', str_replace('{ITEM_ID}', '([0-9]+)', $item_url)))) . '$', 'index.php?page=item&id=$1'); $rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{ITEM_CITY}', '.*', str_replace('{CATEGORIES}', '.*', str_replace('{ITEM_TITLE}', '.*', str_replace('{ITEM_ID}', '([0-9]+)', $item_url)))) . '$', 'index.php?page=item&id=$3&lang=$1_$2'); // User rules $rewrite->addRule('^' . osc_get_preference('rewrite_user_login') . '/?$', 'index.php?page=login'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_dashboard') . '/?$', 'index.php?page=user&action=dashboard'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_logout') . '/?$', 'index.php?page=main&action=logout'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_register') . '/?$', 'index.php?page=register&action=register'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_activate') . '/([0-9]+)/(.*?)/?$', 'index.php?page=register&action=validate&id=$1&code=$2'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_activate_alert') . '/([a-zA-Z0-9]+)/(.+)$', 'index.php?page=user&action=activate_alert&email=$2&secret=$1'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_profile') . '/?$', 'index.php?page=user&action=profile'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_profile') . '/([0-9]+)/?$', 'index.php?page=user&action=pub_profile&id=$1'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_items') . '/?$', 'index.php?page=user&action=items'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_alerts') . '/?$', 'index.php?page=user&action=alerts'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_recover') . '/?$', 'index.php?page=login&action=recover'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_forgot') . '/([0-9]+)/(.*)/?$', 'index.php?page=login&action=forgot&userId=$1&code=$2'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_change_password') . '/?$', 'index.php?page=user&action=change_password'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_change_email') . '/?$', 'index.php?page=user&action=change_email'); $rewrite->addRule('^' . osc_get_preference('rewrite_user_change_email_confirm') . '/([0-9]+)/(.*?)/?$', 'index.php?page=user&action=change_email_confirm&userId=$1&code=$2'); // Page rules $pos_pID = stripos($page_url, '{PAGE_ID}'); $pos_pSlug = stripos($page_url, '{PAGE_SLUG}'); $pID_pos = 1; $pSlug_pos = 1; if (is_numeric($pos_pID) && is_numeric($pos_pSlug)) { // set the order of the parameters if ($pos_pID > $pos_pSlug) { $pID_pos++; } else { $pSlug_pos++; } $rewrite->addRule('^' . str_replace('{PAGE_SLUG}', '([\\p{L}\\p{N}_\\-,]+)', str_replace('{PAGE_ID}', '([0-9]+)', $page_url)) . '/?$', 'index.php?page=page&id=$' . $pID_pos . "&slug=\$" . $pSlug_pos); $rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{PAGE_SLUG}', '([\\p{L}\\p{N}_\\-,]+)', str_replace('{PAGE_ID}', '([0-9]+)', $page_url)) . '/?$', 'index.php?page=page&lang=$1_$2&id=$' . ($pID_pos + 2) . '&slug=$' . ($pSlug_pos + 2)); } else { if (is_numeric($pos_pID)) { $rewrite->addRule('^' . str_replace('{PAGE_ID}', '([0-9]+)', $page_url) . '/?$', 'index.php?page=page&id=$1'); $rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{PAGE_ID}', '([0-9]+)', $page_url) . '/?$', 'index.php?page=page&lang=$1_$2&id=$3'); } else { $rewrite->addRule('^' . str_replace('{PAGE_SLUG}', '([\\p{L}\\p{N}_\\-,]+)', $page_url) . '/?$', 'index.php?page=page&slug=$1'); $rewrite->addRule('^([a-z]{2})_([A-Z]{2})/' . str_replace('{PAGE_SLUG}', '([\\p{L}\\p{N}_\\-,]+)', $page_url) . '/?$', 'index.php?page=page&lang=$1_$2&slug=$3'); } } // Clean archive files $rewrite->addRule('^(.+?)\\.php(.*)$', '$1.php$2'); // Category rules $id_pos = stripos($item_url, '{CATEGORY_ID}'); $title_pos = stripos($item_url, '{CATEGORY_SLUG}'); $cat_pos = stripos($item_url, '{CATEGORIES'); $param_pos = 1; if ($title_pos !== false && $id_pos > $title_pos) { $param_pos++; } if ($cat_pos !== false && $id_pos > $cat_pos) { $param_pos++; } $rewrite->addRule('^' . str_replace('{CATEGORIES}', '(.+)', str_replace('{CATEGORY_SLUG}', '([^/]+)', str_replace('{CATEGORY_ID}', '([0-9]+)', $cat_url))) . '$', 'index.php?page=search&sCategory=$' . $param_pos); osc_run_hook("after_rewrite_rules", array(&$rewrite)); //Write rule to DB $rewrite->setRules(); $msg_error = '<br/>' . _m('All fields are required.') . " " . sprintf(_mn('One field was not updated', '%s fields were not updated', $errors), $errors); switch ($status) { case 1: $msg = _m("Permalinks structure updated"); if ($errors > 0) { $msg .= $msg_error; osc_add_flash_warning_message($msg, 'admin'); } else { osc_add_flash_ok_message($msg, 'admin'); } break; case 2: $msg = _m("Permalinks structure updated."); $msg .= " "; $msg .= _m("However, we can't check if Apache module <b>mod_rewrite</b> is loaded. If you experience some problems with the URLs, you should deactivate <em>Friendly URLs</em>"); if ($errors > 0) { $msg .= $msg_error; } osc_add_flash_warning_message($msg, 'admin'); break; case 3: $msg = _m("File <b>.htaccess</b> couldn't be filled out with the right content."); $msg .= " "; $msg .= _m("Here's the content you have to add to the <b>.htaccess</b> file. If you can't create the file, please deactivate the <em>Friendly URLs</em> option."); $msg .= "</p><pre>" . htmlentities($htaccess, ENT_COMPAT, "UTF-8") . '</pre><p>'; if ($errors > 0) { $msg .= $msg_error; } osc_add_flash_error_message($msg, 'admin'); break; case 4: $msg = _m("File <b>.htaccess</b> couldn't be filled out with the right content."); $msg .= " "; $msg .= _m("Here's the content you have to add to the <b>.htaccess</b> file. If you can't create the file or experience some problems with the URLs, please deactivate the <em>Friendly URLs</em> option."); $msg .= "</p><pre>" . htmlentities($htaccess, ENT_COMPAT, "UTF-8") . '</pre><p>'; if ($errors > 0) { $msg .= $msg_error; } osc_add_flash_error_message($msg, 'admin'); break; } } else { Preference::newInstance()->update(array('s_value' => '0'), array('s_name' => 'rewriteEnabled')); Preference::newInstance()->update(array('s_value' => '0'), array('s_name' => 'mod_rewrite_loaded')); osc_add_flash_ok_message(_m('Friendly URLs successfully deactivated'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=permalinks'); break; case 'spamNbots': // calling the spam and bots view $akismet_key = osc_akismet_key(); $akismet_status = 3; if ($akismet_key != '') { require_once osc_lib_path() . 'Akismet.class.php'; $akismet_obj = new Akismet(osc_base_url(), $akismet_key); $akismet_status = 2; if ($akismet_obj->isKeyValid()) { $akismet_status = 1; } } View::newInstance()->_exportVariableToView('akismet_status', $akismet_status); $this->doView('settings/spamNbots.php'); break; case 'akismet_post': // updating spam and bots option $updated = 0; $akismetKey = Params::getParam('akismetKey'); $akismetKey = trim($akismetKey); $updated = Preference::newInstance()->update(array('s_value' => $akismetKey), array('s_name' => 'akismetKey')); if ($akismetKey == '') { osc_add_flash_info_message(_m('Your Akismet key has been cleared'), 'admin'); } else { osc_add_flash_ok_message(_m('Your Akismet key has been updated'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=spamNbots'); break; case 'recaptcha_post': // updating spam and bots option $iUpdated = 0; $recaptchaPrivKey = Params::getParam('recaptchaPrivKey'); $recaptchaPrivKey = trim($recaptchaPrivKey); $recaptchaPubKey = Params::getParam('recaptchaPubKey'); $recaptchaPubKey = trim($recaptchaPubKey); $iUpdated += Preference::newInstance()->update(array('s_value' => $recaptchaPrivKey), array('s_name' => 'recaptchaPrivKey')); $iUpdated += Preference::newInstance()->update(array('s_value' => $recaptchaPubKey), array('s_name' => 'recaptchaPubKey')); if ($recaptchaPubKey == '') { osc_add_flash_info_message(_m('Your reCAPTCHA key has been cleared'), 'admin'); } else { osc_add_flash_ok_message(_m('Your reCAPTCHA key has been updated'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=spamNbots'); break; case 'currencies': // currencies settings $currencies_action = Params::getParam('type'); switch ($currencies_action) { case 'add': // calling add currency view $aCurrency = array('pk_c_code' => '', 's_name' => '', 's_description' => ''); $this->_exportVariableToView('aCurrency', $aCurrency); $this->_exportVariableToView('typeForm', 'add_post'); $this->doView('settings/currency_form.php'); break; case 'add_post': // adding a new currency $currencyCode = Params::getParam('pk_c_code'); $currencyName = Params::getParam('s_name'); $currencyDescription = Params::getParam('s_description'); // cleaning parameters $currencyName = strip_tags($currencyName); $currencyDescription = strip_tags($currencyDescription); $currencyCode = strip_tags($currencyCode); $currencyCode = trim($currencyCode); if (!preg_match('/^.{1,3}$/', $currencyCode)) { osc_add_flash_error_message(_m('The currency code is not in the correct format'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies'); } $fields = array('pk_c_code' => $currencyCode, 's_name' => $currencyName, 's_description' => $currencyDescription); $isInserted = Currency::newInstance()->insert($fields); if ($isInserted) { osc_add_flash_ok_message(_m('Currency added'), 'admin'); } else { osc_add_flash_error_message(_m("Currency couldn't be added"), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies'); break; case 'edit': // calling edit currency view $currencyCode = Params::getParam('code'); $currencyCode = strip_tags($currencyCode); $currencyCode = trim($currencyCode); if ($currencyCode == '') { osc_add_flash_warning_message(sprintf(_m("The currency code '%s' doesn't exist"), $currencyCode), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies'); } $aCurrency = Currency::newInstance()->findByPrimaryKey($currencyCode); if (!$aCurrency) { osc_add_flash_warning_message(sprintf(_m("The currency code '%s' doesn't exist"), $currencyCode), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies'); } $this->_exportVariableToView('aCurrency', $aCurrency); $this->_exportVariableToView('typeForm', 'edit_post'); $this->doView('settings/currency_form.php'); break; case 'edit_post': // updating currency $currencyName = Params::getParam('s_name'); $currencyDescription = Params::getParam('s_description'); $currencyCode = Params::getParam('pk_c_code'); // cleaning parameters $currencyName = strip_tags($currencyName); $currencyDescription = strip_tags($currencyDescription); $currencyCode = strip_tags($currencyCode); $currencyCode = trim($currencyCode); if (!preg_match('/.{1,3}/', $currencyCode)) { osc_add_flash_error_message(_m('Error: the currency code is not in the correct format'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies'); } $updated = Currency::newInstance()->update(array('s_name' => $currencyName, 's_description' => $currencyDescription), array('pk_c_code' => $currencyCode)); if ($updated == 1) { osc_add_flash_ok_message(_m('Currency updated'), 'admin'); } else { osc_add_flash_info_message(_m('No changes were made'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies'); break; case 'delete': // deleting a currency $rowChanged = 0; $aCurrencyCode = Params::getParam('code'); if (!is_array($aCurrencyCode)) { $aCurrencyCode = array($aCurrencyCode); } $msg_current = ''; foreach ($aCurrencyCode as $currencyCode) { if (preg_match('/.{1,3}/', $currencyCode) && $currencyCode != osc_currency()) { $rowChanged += Currency::newInstance()->delete(array('pk_c_code' => $currencyCode)); } // foreign key error if (Currency::newInstance()->getErrorLevel() == '1451') { $msg_current .= sprintf('</p><p>' . _m("%s couldn't be deleted because it has listings associated to it"), $currencyCode); } else { if ($currencyCode == osc_currency()) { $msg_current .= sprintf('</p><p>' . _m("%s couldn't be deleted because it's the default currency"), $currencyCode); } } } $msg = ''; $status = ''; switch ($rowChanged) { case '0': $msg = _m('No currencies have been deleted'); $status = 'error'; break; case '1': $msg = _m('One currency has been deleted'); $status = 'ok'; break; default: $msg = sprintf(_m('%s currencies have been deleted'), $rowChanged); $status = 'ok'; break; } if ($status == 'ok' && $msg_current != '') { $status = 'warning'; } switch ($status) { case 'error': osc_add_flash_error_message($msg . $msg_current, 'admin'); break; case 'warning': osc_add_flash_warning_message($msg . $msg_current, 'admin'); break; case 'ok': osc_add_flash_ok_message($msg, 'admin'); break; } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=currencies'); break; default: // calling the currencies view $aCurrencies = Currency::newInstance()->listAll(); $this->_exportVariableToView('aCurrencies', $aCurrencies); $this->doView('settings/currencies.php'); break; } break; case 'mailserver': // calling the mailserver view $this->doView('settings/mailserver.php'); break; case 'mailserver_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=mailserver'); } // updating mailserver $iUpdated = 0; $mailserverAuth = Params::getParam('mailserver_auth'); $mailserverAuth = $mailserverAuth != '' ? true : false; $mailserverPop = Params::getParam('mailserver_pop'); $mailserverPop = $mailserverPop != '' ? true : false; $mailserverType = Params::getParam('mailserver_type'); $mailserverHost = Params::getParam('mailserver_host'); $mailserverPort = Params::getParam('mailserver_port'); $mailserverUsername = Params::getParam('mailserver_username'); $mailserverPassword = Params::getParam('mailserver_password'); $mailserverSsl = Params::getParam('mailserver_ssl'); if (!in_array($mailserverType, array('custom', 'gmail'))) { osc_add_flash_error_message(_m('Mail server type is incorrect'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=mailserver'); } $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverAuth), array('s_name' => 'mailserver_auth')); $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverPop), array('s_name' => 'mailserver_pop')); $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverType), array('s_name' => 'mailserver_type')); $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverHost), array('s_name' => 'mailserver_host')); $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverPort), array('s_name' => 'mailserver_port')); $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverUsername), array('s_name' => 'mailserver_username')); $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverPassword), array('s_name' => 'mailserver_password')); $iUpdated += Preference::newInstance()->update(array('s_value' => $mailserverSsl), array('s_name' => 'mailserver_ssl')); if ($iUpdated > 0) { osc_add_flash_ok_message(_m('Mail server configuration has changed'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=mailserver'); break; case 'media': // calling the media view $max_upload = (int) ini_get('upload_max_filesize'); $max_post = (int) ini_get('post_max_size'); $memory_limit = (int) ini_get('memory_limit'); $upload_mb = min($max_upload, $max_post, $memory_limit) * 1024; $this->_exportVariableToView('max_size_upload', $upload_mb); $this->doView('settings/media.php'); break; case 'media_post': // updating the media config $status = 'ok'; $error = ''; $iUpdated = 0; $maxSizeKb = Params::getParam('maxSizeKb'); $allowedExt = Params::getParam('allowedExt'); $dimThumbnail = Params::getParam('dimThumbnail'); $dimPreview = Params::getParam('dimPreview'); $dimNormal = Params::getParam('dimNormal'); $keepOriginalImage = Params::getParam('keep_original_image'); $use_imagick = Params::getParam('use_imagick'); $type_watermark = Params::getParam('watermark_type'); $watermark_color = Params::getParam('watermark_text_color'); $watermark_text = Params::getParam('watermark_text'); switch ($type_watermark) { case 'none': $iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_text_color')); $iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_text')); $iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_image')); break; case 'text': $iUpdated += Preference::newInstance()->update(array('s_value' => $watermark_color), array('s_name' => 'watermark_text_color')); $iUpdated += Preference::newInstance()->update(array('s_value' => $watermark_text), array('s_name' => 'watermark_text')); $iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_image')); $iUpdated += Preference::newInstance()->update(array('s_value' => Params::getParam('watermark_text_place')), array('s_name' => 'watermark_place')); break; case 'image': // upload image & move to path if ($_FILES['watermark_image']['error'] == UPLOAD_ERR_OK) { if ($_FILES['watermark_image']['type'] == 'image/png') { $tmpName = $_FILES['watermark_image']['tmp_name']; $path = osc_content_path() . 'uploads/watermark.png'; if (move_uploaded_file($tmpName, $path)) { $iUpdated += Preference::newInstance()->update(array('s_value' => $path), array('s_name' => 'watermark_image')); } else { $error .= _m('There was a problem uploading the watermark image') . "<br />"; } } else { $error .= _m('The watermark image has to be a .PNG file') . "<br />"; } } else { $error .= _m('There was a problem uploading the watermark image') . "<br />"; } $iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_text_color')); $iUpdated += Preference::newInstance()->update(array('s_value' => ''), array('s_name' => 'watermark_text')); $iUpdated += Preference::newInstance()->update(array('s_value' => Params::getParam('watermark_image_place')), array('s_name' => 'watermark_place')); break; default: break; } // format parameters $maxSizeKb = strip_tags($maxSizeKb); $allowedExt = strip_tags($allowedExt); $dimThumbnail = strip_tags($dimThumbnail); $dimPreview = strip_tags($dimPreview); $dimNormal = strip_tags($dimNormal); $keepOriginalImage = $keepOriginalImage != '' ? true : false; $use_imagick = $use_imagick != '' ? true : false; // is imagick extension loaded? if (!@extension_loaded('imagick')) { $use_imagick = false; } // max size allowed by PHP configuration? $max_upload = (int) ini_get('upload_max_filesize'); $max_post = (int) ini_get('post_max_size'); $memory_limit = (int) ini_get('memory_limit'); $upload_mb = min($max_upload, $max_post, $memory_limit) * 1024; // set maxSizeKB equals to PHP configuration if it's bigger if ($maxSizeKb > $upload_mb) { $status = 'warning'; $maxSizeKb = $upload_mb; // flash message text warning $error .= sprintf(_m("You cannot set a maximum file size higher than the one allowed in the PHP configuration: <b>%d KB</b>"), $upload_mb); } $iUpdated += Preference::newInstance()->update(array('s_value' => $maxSizeKb), array('s_name' => 'maxSizeKb')); $iUpdated += Preference::newInstance()->update(array('s_value' => $allowedExt), array('s_name' => 'allowedExt')); $iUpdated += Preference::newInstance()->update(array('s_value' => $dimThumbnail), array('s_name' => 'dimThumbnail')); $iUpdated += Preference::newInstance()->update(array('s_value' => $dimPreview), array('s_name' => 'dimPreview')); $iUpdated += Preference::newInstance()->update(array('s_value' => $dimNormal), array('s_name' => 'dimNormal')); $iUpdated += Preference::newInstance()->update(array('s_value' => $keepOriginalImage), array('s_name' => 'keep_original_image')); $iUpdated += Preference::newInstance()->update(array('s_value' => $use_imagick), array('s_name' => 'use_imagick')); if ($error != '') { switch ($status) { case 'error': osc_add_flash_error_message($error, 'admin'); break; case 'warning': osc_add_flash_warning_message($error, 'admin'); break; default: osc_add_flash_ok_message($error, 'admin'); break; } } else { osc_add_flash_ok_message(_m('Media config has been updated'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=media'); break; case 'images_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=media'); } $wat = new Watermark(); $aResources = ItemResource::newInstance()->getAllResources(); foreach ($aResources as $resource) { osc_run_hook('regenerate_image', $resource); $path = osc_content_path() . 'uploads/'; // comprobar que no haya original $img_original = $path . $resource['pk_i_id'] . "_original*"; $aImages = glob($img_original); // there is original image if (count($aImages) == 1) { $image_tmp = $aImages[0]; } else { $img_normal = $path . $resource['pk_i_id'] . ".*"; $aImages = glob($img_normal); if (count($aImages) == 1) { $image_tmp = $aImages[0]; } else { $img_thumbnail = $path . $resource['pk_i_id'] . "_thumbnail*"; $aImages = glob($img_thumbnail); $image_tmp = $aImages[0]; } } // extension preg_match('/\\.(.*)$/', $image_tmp, $matches); if (isset($matches[1])) { $extension = $matches[1]; // Create normal size $path_normal = $path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '.jpg'; $size = explode('x', osc_normal_dimensions()); ImageResizer::fromFile($image_tmp)->resizeTo($size[0], $size[1])->saveToFile($path); if (osc_is_watermark_text()) { $wat->doWatermarkText($path, osc_watermark_text_color(), osc_watermark_text(), 'image/jpeg'); } elseif (osc_is_watermark_image()) { $wat->doWatermarkImage($path, 'image/jpeg'); } // Create preview $path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '_preview.jpg'; $size = explode('x', osc_preview_dimensions()); ImageResizer::fromFile($path_normal)->resizeTo($size[0], $size[1])->saveToFile($path); // Create thumbnail $path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '_thumbnail.jpg'; $size = explode('x', osc_thumbnail_dimensions()); ImageResizer::fromFile($path_normal)->resizeTo($size[0], $size[1])->saveToFile($path); // update resource info ItemResource::newInstance()->update(array('s_path' => 'oc-content/uploads/', 's_name' => osc_genRandomPassword(), 's_extension' => 'jpg', 's_content_type' => 'image/jpeg'), array('pk_i_id' => $resource['pk_i_id'])); osc_run_hook('regenerated_image', ItemResource::newInstance()->findByPrimaryKey($resource['pk_i_id'])); // si extension es direfente a jpg, eliminar las imagenes con $extension si hay if ($extension != 'jpg') { @unlink(osc_content_path() . 'uploads/' . $resource['pk_i_id'] . "." . $extension); @unlink(osc_content_path() . 'uploads/' . $resource['pk_i_id'] . "_original." . $extension); @unlink(osc_content_path() . 'uploads/' . $resource['pk_i_id'] . "_preview." . $extension); @unlink(osc_content_path() . 'uploads/' . $resource['pk_i_id'] . "_thumbnail." . $extension); } // .... } else { // no es imagen o imagen sin extesión } } osc_add_flash_ok_message(_m('Re-generation complete'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=media'); break; case 'update': // update index view $iUpdated = 0; $sPageTitle = Params::getParam('pageTitle'); $sPageDesc = Params::getParam('pageDesc'); $sContactEmail = Params::getParam('contactEmail'); $sLanguage = Params::getParam('language'); $sDateFormat = Params::getParam('dateFormat'); $sCurrency = Params::getParam('currency'); $sWeekStart = Params::getParam('weekStart'); $sTimeFormat = Params::getParam('timeFormat'); $sTimezone = Params::getParam('timezone'); $sNumRssItems = Params::getParam('num_rss_items'); $maxLatestItems = Params::getParam('max_latest_items_at_home'); $numItemsSearch = Params::getParam('default_results_per_page'); $contactAttachment = Params::getParam('enabled_attachment'); $selectableParent = Params::getParam('selectable_parent_categories'); $bAutoCron = Params::getParam('auto_cron'); $bMarketSources = Params::getParam('market_external_sources') == 1 ? 1 : 0; // preparing parameters $sPageTitle = strip_tags($sPageTitle); $sPageDesc = strip_tags($sPageDesc); $sContactEmail = strip_tags($sContactEmail); $sLanguage = strip_tags($sLanguage); $sDateFormat = strip_tags($sDateFormat); $sCurrency = strip_tags($sCurrency); $sWeekStart = strip_tags($sWeekStart); $sTimeFormat = strip_tags($sTimeFormat); $sNumRssItems = (int) strip_tags($sNumRssItems); $maxLatestItems = (int) strip_tags($maxLatestItems); $numItemsSearch = (int) $numItemsSearch; $contactAttachment = $contactAttachment != '' ? true : false; $bAutoCron = $bAutoCron != '' ? true : false; $error = ""; $msg = ''; if (!osc_validate_text($sPageTitle)) { $msg .= _m("Page title field is required") . "<br/>"; } if (!osc_validate_text($sContactEmail)) { $msg .= _m("Contact email field is required") . "<br/>"; } if (!osc_validate_int($sNumRssItems)) { $msg .= _m("Number of listings in the RSS has to be a numeric value") . "<br/>"; } if (!osc_validate_int($maxLatestItems)) { $msg .= _m("Max latest listings has to be a numeric value") . "<br/>"; } if (!osc_validate_int($numItemsSearch)) { $msg .= _m("Number of listings on search has to be a numeric value") . "<br/>"; } if ($msg != '') { osc_add_flash_error_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings'); } $iUpdated += Preference::newInstance()->update(array('s_value' => $sPageTitle), array('s_section' => 'osclass', 's_name' => 'pageTitle')); $iUpdated += Preference::newInstance()->update(array('s_value' => $sPageDesc), array('s_section' => 'osclass', 's_name' => 'pageDesc')); if (!defined('DEMO')) { $iUpdated += Preference::newInstance()->update(array('s_value' => $sContactEmail), array('s_section' => 'osclass', 's_name' => 'contactEmail')); } $iUpdated += Preference::newInstance()->update(array('s_value' => $sLanguage), array('s_section' => 'osclass', 's_name' => 'language')); $iUpdated += Preference::newInstance()->update(array('s_value' => $sDateFormat), array('s_section' => 'osclass', 's_name' => 'dateFormat')); $iUpdated += Preference::newInstance()->update(array('s_value' => $sCurrency), array('s_section' => 'osclass', 's_name' => 'currency')); $iUpdated += Preference::newInstance()->update(array('s_value' => $sWeekStart), array('s_section' => 'osclass', 's_name' => 'weekStart')); $iUpdated += Preference::newInstance()->update(array('s_value' => $sTimeFormat), array('s_section' => 'osclass', 's_name' => 'timeFormat')); $iUpdated += Preference::newInstance()->update(array('s_value' => $sTimezone), array('s_section' => 'osclass', 's_name' => 'timezone')); $iUpdated += Preference::newInstance()->update(array('s_value' => $bMarketSources), array('s_section' => 'osclass', 's_name' => 'marketAllowExternalSources')); if (is_int($sNumRssItems)) { $iUpdated += Preference::newInstance()->update(array('s_value' => $sNumRssItems), array('s_section' => 'osclass', 's_name' => 'num_rss_items')); } else { if ($error != '') { $error .= "</p><p>"; } $error .= _m('Number of listings in the RSS must be an integer'); } if (is_int($maxLatestItems)) { $iUpdated += Preference::newInstance()->update(array('s_value' => $maxLatestItems), array('s_section' => 'osclass', 's_name' => 'maxLatestItems@home')); } else { if ($error != '') { $error .= "</p><p>"; } $error .= _m('Number of recent listings displayed at home must be an integer'); } $iUpdated += Preference::newInstance()->update(array('s_value' => $numItemsSearch), array('s_section' => 'osclass', 's_name' => 'defaultResultsPerPage@search')); $iUpdated += Preference::newInstance()->update(array('s_value' => $contactAttachment), array('s_name' => 'contact_attachment')); $iUpdated += Preference::newInstance()->update(array('s_value' => $bAutoCron), array('s_name' => 'auto_cron')); $iUpdated += Preference::newInstance()->update(array('s_value' => $selectableParent), array('s_name' => 'selectable_parent_categories')); if ($iUpdated > 0) { if ($error != '') { osc_add_flash_error_message($error . "</p><p>" . _m('General settings have been updated'), 'admin'); } else { osc_add_flash_ok_message(_m('General settings have been updated'), 'admin'); } } else { if ($error != '') { osc_add_flash_error_message($error, 'admin'); } } $this->redirectTo(osc_admin_base_url(true) . '?page=settings'); break; case 'check_updates': osc_admin_toolbar_update_themes(true); osc_admin_toolbar_update_plugins(true); osc_add_flash_ok_message(_m('Last check') . ': ' . date("Y-m-d H:i"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings'); break; case 'latestsearches': //calling the comments settings view $this->doView('settings/searches.php'); break; case 'latestsearches_post': // updating comment if (Params::getParam('save_latest_searches') == 'on') { Preference::newInstance()->update(array('s_value' => 1), array('s_name' => 'save_latest_searches')); } else { Preference::newInstance()->update(array('s_value' => 0), array('s_name' => 'save_latest_searches')); } if (Params::getParam('customPurge') == '') { osc_add_flash_error_message(_m('Custom number could not be left empty'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=latestsearches'); } else { Preference::newInstance()->update(array('s_value' => Params::getParam('customPurge')), array('s_name' => 'purge_latest_searches')); osc_add_flash_ok_message(_m('Last search settings have been updated'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=settings&action=latestsearches'); } break; default: // calling the view $aLanguages = OSCLocale::newInstance()->listAllEnabled(); $aCurrencies = Currency::newInstance()->listAll(); $this->_exportVariableToView('aLanguages', $aLanguages); $this->_exportVariableToView('aCurrencies', $aCurrencies); $this->doView('settings/index.php'); break; } }
<?php $adManage_plugin_data = Plugins::getInfo('advanced_ad_management/index.php'); if (Params::getParam('addExistingAds') == 1) { $conn = getConnection(); $allItem = $conn->osc_dbFetchResults("SELECT DISTINCT * FROM %st_item_description", DB_TABLE_PREFIX); $dao_preference = new Preference(); foreach ($allItem as $itemB) { $r_secret = ''; $r_secret = osc_genRandomPassword(); $conn->osc_dbExec("REPLACE INTO %st_item_adManage_limit (fk_i_item_id, r_secret, r_times) VALUES (%d, '%s', %d)", DB_TABLE_PREFIX, $itemB['fk_i_item_id'], $r_secret, 0); } $dao_preference->update(array("s_value" => '1'), array("s_section" => "plugin-item_adManage", "s_name" => "adManageed_installed")); unset($dao_preference); echo '<script>location.href="' . osc_admin_base_url(true) . '?page=plugins&action=renderplugin&file=advanced_ad_management/admin.php"</script>'; } // end of the addExistingAds section //Master setting for expired days. //Jesse's Ad Expiration plugin. $days = ''; if (Params::getParam('days') != '') { $days = Params::getParam('days'); } else { $conn = getConnection(); $data = $conn->osc_dbFetchResult("SELECT * FROM %st_category", DB_TABLE_PREFIX); $days = $data['i_expiration_days']; } if (Params::getParam('option') == 'update') { if ($days > 999) { $days = 999; }
function doModel() { switch ($this->action) { case 'dashboard': //dashboard... $max_items = Params::getParam('max_items') != '' ? Params::getParam('max_items') : 5; $aItems = Item::newInstance()->findByUserIDEnabled(Session::newInstance()->_get('userId'), 0, $max_items); //calling the view... $this->_exportVariableToView('items', $aItems); $this->_exportVariableToView('max_items', $max_items); $this->doView('user-dashboard.php'); break; case 'profile': //profile... $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId')); $aCountries = Country::newInstance()->listAll(); $aRegions = array(); if ($user['fk_c_country_code'] != '') { $aRegions = Region::newInstance()->findByCountry($user['fk_c_country_code']); } elseif (count($aCountries) > 0) { $aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']); } $aCities = array(); if ($user['fk_i_region_id'] != '') { $aCities = City::newInstance()->findByRegion($user['fk_i_region_id']); } else { if (count($aRegions) > 0) { $aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']); } } //calling the view... $this->_exportVariableToView('countries', $aCountries); $this->_exportVariableToView('regions', $aRegions); $this->_exportVariableToView('cities', $aCities); $this->_exportVariableToView('user', $user); $this->doView('user-profile.php'); break; case 'profile_post': //profile post... $userId = Session::newInstance()->_get('userId'); require_once LIB_PATH . 'osclass/UserActions.php'; $userActions = new UserActions(false); $success = $userActions->edit($userId); osc_add_flash_ok_message(_m('Your profile has been updated successfully')); $this->redirectTo(osc_user_profile_url()); break; case 'alerts': //alerts $aAlerts = Alerts::newInstance()->findByUser(Session::newInstance()->_get('userId')); $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId')); foreach ($aAlerts as $k => $a) { $search = osc_unserialize(base64_decode($a['s_search'])); $search->limit(0, 3); $aAlerts[$k]['items'] = $search->doSearch(); } $this->_exportVariableToView('alerts', $aAlerts); View::newInstance()->_reset('alerts'); $this->_exportVariableToView('user', $user); $this->doView('user-alerts.php'); break; case 'change_email': //change email $this->doView('user-change_email.php'); break; case 'change_email_post': //change email post if (!preg_match("/^[_a-z0-9-\\+]+(\\.[_a-z0-9-\\+]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$/", Params::getParam('new_email'))) { osc_add_flash_error_message(_m('The specified e-mail is not valid')); $this->redirectTo(osc_change_user_email_url()); } else { $user = User::newInstance()->findByEmail(Params::getParam('new_email')); if (!isset($user['pk_i_id'])) { $userEmailTmp = array(); $userEmailTmp['fk_i_user_id'] = Session::newInstance()->_get('userId'); $userEmailTmp['s_new_email'] = Params::getParam('new_email'); UserEmailTmp::newInstance()->insertOrUpdate($userEmailTmp); $code = osc_genRandomPassword(30); $date = date('Y-m-d H:i:s'); $userManager = new User(); $userManager->update(array('s_pass_code' => $code, 's_pass_date' => $date, 's_pass_ip' => $_SERVER['REMOTE_ADDR']), array('pk_i_id' => Session::newInstance()->_get('userId'))); $validation_url = osc_change_user_email_confirm_url(Session::newInstance()->_get('userId'), $code); osc_run_hook('hook_email_new_email', Params::getParam('new_email'), $validation_url); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('The specified e-mail is already in use')); $this->redirectTo(osc_change_user_email_url()); } } break; case 'change_password': //change password $this->doView('user-change_password.php'); break; case 'change_password_post': //change password post $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId')); if (Params::getParam('password') == '' || Params::getParam('new_password') == '' || Params::getParam('new_password2') == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_change_user_password_url()); } if ($user['s_password'] != sha1(Params::getParam('password'))) { osc_add_flash_error_message(_m('Current password doesn\'t match')); $this->redirectTo(osc_change_user_password_url()); } if (!Params::getParam('new_password')) { osc_add_flash_error_message(_m('Passwords can\'t be empty')); $this->redirectTo(osc_change_user_password_url()); } if (Params::getParam('new_password') != Params::getParam('new_password2')) { osc_add_flash_error_message(_m('Passwords don\'t match')); $this->redirectTo(osc_change_user_password_url()); } User::newInstance()->update(array('s_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => Session::newInstance()->_get('userId'))); osc_add_flash_ok_message(_m('Password has been changed')); $this->redirectTo(osc_user_profile_url()); break; case 'items': // view items user $itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 5; $page = Params::getParam('iPage') != '' ? Params::getParam('iPage') : 0; $total_items = Item::newInstance()->countByUserIDEnabled($_SESSION['userId']); $total_pages = ceil($total_items / $itemsPerPage); $items = Item::newInstance()->findByUserIDEnabled($_SESSION['userId'], $page * $itemsPerPage, $itemsPerPage); $this->_exportVariableToView('items', $items); $this->_exportVariableToView('list_total_pages', $total_pages); $this->_exportVariableToView('list_total_items', $total_items); $this->_exportVariableToView('items_per_page', $itemsPerPage); $this->_exportVariableToView('list_page', $page); $this->doView('user-items.php'); break; case 'activate_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $result = 0; if ($email != '' && $secret != '') { $result = Alerts::newInstance()->activate($email, $secret); } if ($result == 1) { osc_add_flash_ok_message(_m('Alert activated')); } else { osc_add_flash_error_message(_m('Ops! There was a problem trying to activate alert. Please contact the administrator')); } $this->redirectTo(osc_base_url(true)); break; case 'unsub_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); if ($email != '' && $secret != '') { Alerts::newInstance()->delete(array('s_email' => $email, 's_secret' => $secret)); osc_add_flash_ok_message(_m('Unsubscribed correctly')); } else { osc_add_flash_error_message(_m('Ops! There was a problem trying to unsubscribe you. Please contact the administrator')); } $this->redirectTo(osc_user_alerts_url()); break; case 'deleteResource': $id = Params::getParam('id'); $name = Params::getParam('name'); $fkid = Params::getParam('fkid'); osc_deleteResource($id); ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $fkid, 's_name' => $name)); $this->redirectTo(osc_base_url(true) . "?page=item&action=item_edit&id=" . $fkid); break; } }
function doModel() { switch ($this->action) { case 'login_post': //post execution for the login if (!osc_users_enabled()) { osc_add_flash_error_message(_m('Users are not enabled')); $this->redirectTo(osc_base_url()); } require_once LIB_PATH . 'osclass/UserActions.php'; $user = User::newInstance()->findByEmail(Params::getParam('email')); $url_redirect = osc_user_dashboard_url(); $page_redirect = ''; if (osc_rewrite_enabled()) { if (isset($_SERVER['HTTP_REFERER'])) { $request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $_SERVER['HTTP_REFERER'])); $tmp_ar = explode("?", $request_uri); $request_uri = $tmp_ar[0]; $rules = Rewrite::newInstance()->listRules(); foreach ($rules as $match => $uri) { if (preg_match('#' . $match . '#', $request_uri, $m)) { $request_uri = preg_replace('#' . $match . '#', $uri, $request_uri); if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) { $page_redirect = $match[2]; } break; } } } } else { if (preg_match('|[\\?&]page=([^&]+)|', $_SERVER['HTTP_REFERER'] . '&', $match)) { $page_redirect = $match[1]; } } if (Params::getParam('http_referer') != '') { Session::newInstance()->_setReferer(Params::getParam('http_referer')); $url_redirect = Params::getParam('http_referer'); } else { if (Session::newInstance()->_getReferer() != '') { Session::newInstance()->_setReferer(Session::newInstance()->_getReferer()); $url_redirect = Session::newInstance()->_getReferer(); } else { if ($page_redirect != '' && $page_redirect != 'login') { Session::newInstance()->_setReferer($_SERVER['HTTP_REFERER']); $url_redirect = $_SERVER['HTTP_REFERER']; } } } if (!$user) { osc_add_flash_error_message(_m('The username doesn\'t exist')); $this->redirectTo(osc_user_login_url()); } if ($user["s_password"] != sha1(Params::getParam('password'))) { osc_add_flash_error_message(_m('The password is incorrect')); $this->redirectTo(osc_user_login_url()); } $uActions = new UserActions(false); $logged = $uActions->bootstrap_login($user['pk_i_id']); if ($logged == 0) { osc_add_flash_error_message(_m('The username doesn\'t exist')); } else { if ($logged == 1) { osc_add_flash_error_message(_m('The user has not been validated yet')); } else { if ($logged == 2) { osc_add_flash_error_message(_m('The user has been suspended')); } else { if ($logged == 3) { if (Params::getParam('remember') == 1) { //this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_userId', $user['pk_i_id']); Cookie::newInstance()->push('oc_userSecret', $secret); Cookie::newInstance()->set(); } $this->redirectTo($url_redirect); } else { osc_add_flash_error_message(_m('This should never happens')); } } } } if (!$user['b_enabled']) { $this->redirectTo(osc_user_login_url()); } $this->redirectTo(osc_user_login_url()); break; case 'recover': //form to recover the password (in this case we have the form in /gui/) $this->doView('user-recover.php'); break; case 'recover_post': //post execution to recover the password require_once LIB_PATH . 'osclass/UserActions.php'; // e-mail is incorrect if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) { osc_add_flash_error_message(_m('Invalid email address')); $this->redirectTo(osc_recover_user_password_url()); } $userActions = new UserActions(false); $success = $userActions->recover_password(); switch ($success) { case 0: // recover ok osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password')); $this->redirectTo(osc_base_url()); break; case 1: // e-mail does not exist osc_add_flash_error_message(_m('We were not able to identify you given the information provided')); $this->redirectTo(osc_recover_user_password_url()); break; case 2: // recaptcha wrong osc_add_flash_error_message(_m('The recaptcha code is wrong')); $this->redirectTo(osc_recover_user_password_url()); break; } break; case 'forgot': //form to recover the password (in this case we have the form in /gui/) $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user) { $this->doView('user-forgot_password.php'); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'forgot_post': if (Params::getParam('new_password') == '' || Params::getParam('new_password2') == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user['b_enabled'] == 1) { if (Params::getParam('new_password') == Params::getParam('new_password2')) { User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => $_SERVER['REMOTE_ADDR'], 's_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed')); $this->redirectTo(osc_user_login_url()); } else { osc_add_flash_error_message(_m('Error, the password don\'t match')); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); } $this->redirectTo(osc_base_url()); break; default: //login if (osc_logged_user_id() != '') { $this->redirectTo(osc_user_dashboard_url()); } $this->doView('user-login.php'); } }
public function uploadItemResources($aResources,$itemId) { if($aResources != '') { $itemResourceManager = ItemResource::newInstance(); $folder = osc_uploads_path().(floor($itemId/100))."/"; $numImagesItems = osc_max_images_per_item(); $numImages = $itemResourceManager->countResources($itemId); foreach ($aResources['error'] as $key => $error) { if($numImagesItems==0 || ($numImagesItems>0 && $numImages<$numImagesItems)) { if ($error == UPLOAD_ERR_OK) { $tmpName = $aResources['tmp_name'][$key]; $imgres = ImageResizer::fromFile($tmpName); $extension = osc_apply_filter('upload_image_extension', $imgres->getExt()); $mime = osc_apply_filter('upload_image_mime', $imgres->getMime()); // Create normal size $normal_path = $path = $tmpName."_normal"; $size = explode('x', osc_normal_dimensions()); $img = ImageResizer::fromFile($tmpName)->autoRotate()->resizeTo($size[0], $size[1]); if( osc_is_watermark_text() ) { $img->doWatermarkText(osc_watermark_text(), osc_watermark_text_color()); } else if ( osc_is_watermark_image() ){ $img->doWatermarkImage(); } $img->saveToFile($path, $extension); // Create preview $path = $tmpName."_preview"; $size = explode('x', osc_preview_dimensions()); ImageResizer::fromFile($normal_path)->resizeTo($size[0], $size[1])->saveToFile($path, $extension); // Create thumbnail $path = $tmpName."_thumbnail"; $size = explode('x', osc_thumbnail_dimensions()); ImageResizer::fromFile($normal_path)->resizeTo($size[0], $size[1])->saveToFile($path, $extension); $numImages++; $itemResourceManager->insert(array( 'fk_i_item_id' => $itemId )); $resourceId = $itemResourceManager->dao->insertedId(); if(!is_dir($folder)) { if (!@mkdir($folder, 0755, true)) { return 3; // PATH CAN NOT BE CREATED } } osc_copy($tmpName.'_normal', $folder.$resourceId.'.'.$extension); osc_copy($tmpName.'_preview', $folder.$resourceId.'_preview.'.$extension); osc_copy($tmpName.'_thumbnail', $folder.$resourceId.'_thumbnail.'.$extension); if( osc_keep_original_image() ) { $path = $folder.$resourceId.'_original.'.$extension; osc_copy($tmpName, $path); } @unlink($tmpName."_normal"); @unlink($tmpName."_preview"); @unlink($tmpName."_thumbnail"); @unlink($tmpName); $s_path = str_replace(osc_base_path(), '', $folder); $itemResourceManager->update( array( 's_path' => $s_path ,'s_name' => osc_genRandomPassword() ,'s_extension' => $extension ,'s_content_type' => $mime ) ,array( 'pk_i_id' => $resourceId ,'fk_i_item_id' => $itemId ) ); osc_run_hook('uploaded_file', ItemResource::newInstance()->findByPrimaryKey($resourceId)); } } } unset($itemResourceManager); } return 0; // NO PROBLEMS }
function register_user($user) { $manager = User::newInstance(); $input['s_name'] = $user['name']; $input['s_email'] = $user['email']; $input['s_password'] = sha1(osc_genRandomPassword()); $input['dt_reg_date'] = date('Y-m-d H:i:s'); $input['s_secret'] = osc_genRandomPassword(); $email_taken = $manager->findByEmail($input['s_email']); if ($email_taken == null) { $manager->insert($input); $userID = $manager->dao->insertedId(); $result = $manager->dao->replace(); osc_run_hook('user_register_completed', $userID); $userDB = $manager->findByPrimaryKey($userID); if (osc_notify_new_user()) { osc_run_hook('hook_email_admin_new_user', $userDB); } if (osc_version() >= 310) { $manager->update(array('b_active' => '1', 's_username' => $userID), array('pk_i_id' => $userID)); } else { $manager->update(array('b_active' => '1'), array('pk_i_id' => $userID)); } insert_facebook_user_data($userID, $user['id']); osc_run_hook('hook_email_user_registration', $userDB); osc_run_hook('validate_user', $userDB); osc_add_flash_ok_message(sprintf(__('Your account has been created successfully', 'facebook'), osc_page_title())); } }
function prepareData($is_add) { $input = array(); if ($is_add) { $input['s_secret'] = osc_genRandomPassword(); $input['dt_reg_date'] = date('Y-m-d H:i:s'); } else { $input['dt_mod_date'] = date('Y-m-d H:i:s'); } //only for administration, in the public website this two params are edited separately if ($this->is_admin || $is_add) { $input['s_email'] = Params::getParam('s_email'); if (Params::getParam('s_password', false, false) != Params::getParam('s_password2', false, false)) { return 1; } //if we want to change the password if (Params::getParam('s_password', false, false) != '') { $input['s_password'] = sha1(Params::getParam('s_password', false, false)); } } $input['s_name'] = Params::getParam('s_name'); $input['s_website'] = Params::getParam('s_website'); $input['s_phone_land'] = Params::getParam('s_phone_land'); $input['s_phone_mobile'] = Params::getParam('s_phone_mobile'); //locations... $country = Country::newInstance()->findByCode(Params::getParam('countryId')); if (count($country) > 0) { $countryId = $country['pk_c_code']; $countryName = $country['s_name']; } else { $countryId = null; $countryName = null; } if (intval(Params::getParam('regionId'))) { $region = Region::newInstance()->findByPrimaryKey(Params::getParam('regionId')); if (count($region) > 0) { $regionId = $region['pk_i_id']; $regionName = $region['s_name']; } } else { $regionId = null; $regionName = Params::getParam('region'); } if (intval(Params::getParam('cityId'))) { $city = City::newInstance()->findByPrimaryKey(Params::getParam('cityId')); if (count($city) > 0) { $cityId = $city['pk_i_id']; $cityName = $city['s_name']; } } else { $cityId = null; $cityName = Params::getParam('city'); } $input['fk_c_country_code'] = $countryId; $input['s_country'] = $countryName; $input['fk_i_region_id'] = $regionId; $input['s_region'] = $regionName; $input['fk_i_city_id'] = $cityId; $input['s_city'] = $cityName; $input['s_city_area'] = Params::getParam('cityArea'); $input['s_address'] = Params::getParam('address'); $input['b_company'] = Params::getParam('b_company') != '' && Params::getParam('b_company') != 0 ? 1 : 0; return $input; }
function osc_random_string($length) { $buffer = ''; $buffer_valid = false; if (function_exists('mcrypt_create_iv') && !defined('PHALANGER')) { $buffer = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM); if ($buffer) { $buffer_valid = true; } } if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) { $buffer = openssl_random_pseudo_bytes($length); if ($buffer) { $buffer_valid = true; } } if (!$buffer_valid && is_readable('/dev/urandom')) { $f = fopen('/dev/urandom', 'r'); $read = strlen($buffer); while ($read < $length) { $buffer .= fread($f, $length - $read); $read = strlen($buffer); } fclose($f); if ($read >= $length) { $buffer_valid = true; } } if (!$buffer_valid || strlen($buffer) < $length) { $bl = strlen($buffer); for ($i = 0; $i < $length; $i++) { if ($i < $bl) { $buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255)); } else { $buffer .= chr(mt_rand(0, 255)); } } } if(!$buffer_valid) { $buffer = osc_genRandomPassword(2*$length); } return substr(str_replace('+', '.', base64_encode($buffer)), 0, $length); }
function doModel() { switch ($this->action) { case 'import': // calling import view $this->doView('tools/import.php'); break; case 'import_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=import'); } // calling $sql = Params::getFiles('sql'); if (isset($sql['size']) && $sql['size'] != 0) { $content_file = file_get_contents($sql['tmp_name']); $conn = DBConnectionClass::newInstance(); $c_db = $conn->getOsclassDb(); $comm = new DBCommandClass($c_db); if ($comm->importSQL($content_file)) { osc_add_flash_ok_message(_m('Import complete'), 'admin'); } else { osc_add_flash_error_message(_m('There was a problem importing data to the database'), 'admin'); } } else { osc_add_flash_error_message(_m('No file was uploaded'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=import'); break; case 'images': // calling images view $this->doView('tools/images.php'); break; case 'images_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=images'); } $preferences = Preference::newInstance()->toArray(); $wat = new Watermark(); $aResources = ItemResource::newInstance()->getAllResources(); foreach ($aResources as $resource) { osc_run_hook('regenerate_image', $resource); $path = osc_content_path() . 'uploads/'; // comprobar que no haya original $img_original = $path . $resource['pk_i_id'] . "_original*"; $aImages = glob($img_original); // there is original image if (count($aImages) == 1) { $image_tmp = $aImages[0]; } else { $img_normal = $path . $resource['pk_i_id'] . ".*"; $aImages = glob($img_normal); if (count($aImages) == 1) { $image_tmp = $aImages[0]; } else { $img_thumbnail = $path . $resource['pk_i_id'] . "_thumbnail*"; $aImages = glob($img_thumbnail); $image_tmp = $aImages[0]; } } // extension preg_match('/\\.(.*)$/', $image_tmp, $matches); if (isset($matches[1])) { $extension = $matches[1]; // Create normal size $path_normal = $path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '.jpg'; $size = explode('x', osc_normal_dimensions()); ImageResizer::fromFile($image_tmp)->resizeTo($size[0], $size[1])->saveToFile($path); if (osc_is_watermark_text()) { $wat->doWatermarkText($path, osc_watermark_text_color(), osc_watermark_text(), 'image/jpeg'); } elseif (osc_is_watermark_image()) { $wat->doWatermarkImage($path, 'image/jpeg'); } // Create preview $path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '_preview.jpg'; $size = explode('x', osc_preview_dimensions()); ImageResizer::fromFile($path_normal)->resizeTo($size[0], $size[1])->saveToFile($path); // Create thumbnail $path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '_thumbnail.jpg'; $size = explode('x', osc_thumbnail_dimensions()); ImageResizer::fromFile($path_normal)->resizeTo($size[0], $size[1])->saveToFile($path); // update resource info ItemResource::newInstance()->update(array('s_path' => 'oc-content/uploads/', 's_name' => osc_genRandomPassword(), 's_extension' => 'jpg', 's_content_type' => 'image/jpeg'), array('pk_i_id' => $resource['pk_i_id'])); osc_run_hook('regenerated_image', ItemResource::newInstance()->findByPrimaryKey($resource['pk_i_id'])); // si extension es direfente a jpg, eliminar las imagenes con $extension si hay if ($extension != 'jpg') { $files_to_remove = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . "*" . $extension; $fs = glob($files_to_remove); if (is_array($fs)) { array_map("unlink", $fs); } } // .... } else { // no es imagen o imagen sin extesión } } osc_add_flash_ok_message(_m('Re-generation complete'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=images'); break; case 'upgrade': $this->doView('tools/upgrade.php'); break; case 'backup': $this->doView('tools/backup.php'); break; case 'backup-sql': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup'); } //databasse dump... if (Params::getParam('bck_dir') != '') { $path = trim(Params::getParam('bck_dir')); if (substr($path, -1, 1) != "/") { $path .= '/'; } } else { $path = osc_base_path(); } $filename = 'OSClass_mysqlbackup.' . date('YmdHis') . '.sql'; switch (osc_dbdump($path, $filename)) { case -1: $msg = _m('Path is empty'); osc_add_flash_error_message($msg, 'admin'); break; case -2: $msg = sprintf(_m('Could not connect with the database. Error: %s'), mysql_error()); osc_add_flash_error_message($msg, 'admin'); break; case -3: $msg = sprintf(_m('Could not select the database. Error: %s'), mysql_error()); osc_add_flash_error_message($msg, 'admin'); break; case -4: $msg = _m('There are no tables to back up'); osc_add_flash_error_message($msg, 'admin'); break; case -5: $msg = _m('The folder is not writable'); osc_add_flash_error_message($msg, 'admin'); break; default: $msg = _m('Backup has been done properly'); osc_add_flash_ok_message($msg, 'admin'); break; } $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup'); break; case 'backup-zip': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup'); } //zip of the code just to back it up if (Params::getParam('bck_dir') != '') { $archive_name = trim(Params::getParam('bck_dir')); if (substr(trim($archive_name), -1, 1) != "/") { $archive_name .= '/'; } $archive_name = Params::getParam('bck_dir') . '/OSClass_backup.' . date('YmdHis') . '.zip'; } else { $archive_name = osc_base_path() . "OSClass_backup." . date('YmdHis') . ".zip"; } $archive_folder = osc_base_path(); if (osc_zip_folder($archive_folder, $archive_name)) { $msg = _m('Archiving successful!'); osc_add_flash_ok_message($msg, 'admin'); } else { $msg = _m('Error, the zip file was not created at the specified directory'); osc_add_flash_error_message($msg, 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup'); break; case 'backup_post': $this->doView('tools/backup.php'); break; case 'maintenance': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin'); $this->doView('tools/maintenance.php'); break; } $mode = Params::getParam('mode'); if ($mode == 'on') { $maintenance_file = ABS_PATH . '.maintenance'; $fileHandler = @fopen($maintenance_file, 'w'); if ($fileHandler) { osc_add_flash_ok_message(_m('Maintenance mode is ON'), 'admin'); } else { osc_add_flash_error_message(_m('There was an error creating .maintenance file, please create it manually at the root folder'), 'admin'); } fclose($fileHandler); $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=maintenance'); } else { if ($mode == 'off') { $deleted = @unlink(ABS_PATH . '.maintenance'); if ($deleted) { osc_add_flash_ok_message(_m('Maintenance mode is OFF'), 'admin'); } else { osc_add_flash_error_message(_m('There was an error removing .maintenance file, please remove it manually from the root folder'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=maintenance'); } } $this->doView('tools/maintenance.php'); break; default: } }
function doModel() { switch ($this->action) { case 'change_email_confirm': //change email confirm if (Params::getParam('userId') && Params::getParam('code')) { $userManager = new User(); $user = $userManager->findByPrimaryKey(Params::getParam('userId')); if ($user['s_pass_code'] == Params::getParam('code') && $user['b_enabled'] == 1) { $userEmailTmp = UserEmailTmp::newInstance()->findByPrimaryKey(Params::getParam('userId')); $code = osc_genRandomPassword(50); $userManager->update(array('s_email' => $userEmailTmp['s_new_email']), array('pk_i_id' => $userEmailTmp['fk_i_user_id'])); Item::newInstance()->update(array('s_contact_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); ItemComment::newInstance()->update(array('s_author_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); Alerts::newInstance()->update(array('s_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); Session::newInstance()->_set('userEmail', $userEmailTmp['s_new_email']); UserEmailTmp::newInstance()->delete(array('s_new_email' => $userEmailTmp['s_new_email'])); osc_add_flash_ok_message(_m('Your email has been changed successfully')); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'activate_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $id = Params::getParam('id'); $alert = Alerts::newInstance()->findByPrimaryKey($id); $result = 0; if (!empty($alert)) { if ($email == $alert['s_email'] && $secret == $alert['s_secret']) { $user = User::newInstance()->findByEmail($alert['s_email']); if (isset($user['pk_i_id'])) { Alerts::newInstance()->update(array('fk_i_user_id' => $user['pk_i_id']), array('pk_i_id' => $id)); } $result = Alerts::newInstance()->activate($id); } } if ($result == 1) { osc_add_flash_ok_message(_m('Alert activated')); } else { osc_add_flash_error_message(_m('Oops! There was a problem trying to activate your alert. Please contact an administrator')); } $this->redirectTo(osc_base_url()); break; case 'unsub_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $id = Params::getParam('id'); $alert = Alerts::newInstance()->findByPrimaryKey($id); $result = 0; if (!empty($alert)) { if ($email == $alert['s_email'] && $secret == $alert['s_secret']) { $result = Alerts::newInstance()->unsub($id); } } if ($result == 1) { osc_add_flash_ok_message(_m('Unsubscribed correctly')); } else { osc_add_flash_error_message(_m('Oops! There was a problem trying to unsubscribe you. Please contact an administrator')); } $this->redirectTo(osc_base_url()); break; case 'pub_profile': if (Params::getParam('username') != '') { $user = User::newInstance()->findByUsername(Params::getParam('username')); } else { $user = User::newInstance()->findByPrimaryKey(Params::getParam('id')); } // user doesn't exist, show 404 error if (!$user) { $this->do404(); return; } $itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 10; $page = Params::getParam('iPage') > 0 ? Params::getParam('iPage') - 1 : 0; $total_items = Item::newInstance()->countItemTypesByUserID($user['pk_i_id'], 'active'); if ($itemsPerPage == 'all') { $total_pages = 1; $items = Item::newInstance()->findItemTypesByUserID($user['pk_i_id'], 0, null, 'active'); } else { $total_pages = ceil($total_items / $itemsPerPage); $items = Item::newInstance()->findItemTypesByUserID($user['pk_i_id'], $page * $itemsPerPage, $itemsPerPage, 'active'); } View::newInstance()->_exportVariableToView('user', $user); $this->_exportVariableToView('items', $items); $this->_exportVariableToView('search_total_pages', $total_pages); $this->_exportVariableToView('search_total_items', $total_items); $this->_exportVariableToView('items_per_page', $itemsPerPage); $this->_exportVariableToView('search_page', $page); $this->_exportVariableToView('canonical', osc_user_public_profile_url()); $this->doView('user-public-profile.php'); break; case 'contact_post': $user = User::newInstance()->findByPrimaryKey(Params::getParam('id')); View::newInstance()->_exportVariableToView('user', $user); if (osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail')); Session::newInstance()->_setForm("yourName", Params::getParam('yourName')); Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber')); Session::newInstance()->_setForm("message_body", Params::getParam('message')); $this->redirectTo(osc_user_public_profile_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } $banned = osc_is_banned(Params::getParam('yourEmail')); if ($banned == 1) { osc_add_flash_error_message(_m('Your current email is not allowed')); $this->redirectTo(osc_user_public_profile_url()); } else { if ($banned == 2) { osc_add_flash_error_message(_m('Your current IP is not allowed')); $this->redirectTo(osc_user_public_profile_url()); } } osc_run_hook('hook_email_contact_user', Params::getParam('id'), Params::getParam('yourEmail'), Params::getParam('yourName'), Params::getParam('phoneNumber'), Params::getParam('message')); osc_add_flash_ok_message(_m('Your email has been sent properly.')); $this->redirectTo(osc_user_public_profile_url()); break; default: $this->redirectTo(osc_user_login_url()); break; } }
function doModel() { //specific things for this class switch ($this->action) { case 'bulk_actions': break; case 'regions': //Return regions given a countryId $regions = Region::newInstance()->findByCountry(Params::getParam("countryId")); echo json_encode($regions); break; case 'cities': //Returns cities given a regionId $cities = City::newInstance()->findByRegion(Params::getParam("regionId")); echo json_encode($cities); break; case 'location': // This is the autocomplete AJAX $cities = City::newInstance()->ajax(Params::getParam("term")); foreach ($cities as $k => $city) { $cities[$k]['label'] = $city['label'] . " (" . $city['region'] . ")"; } echo json_encode($cities); break; case 'location_countries': // This is the autocomplete AJAX $countries = Country::newInstance()->ajax(Params::getParam("term")); echo json_encode($countries); break; case 'location_regions': // This is the autocomplete AJAX $regions = Region::newInstance()->ajax(Params::getParam("term"), Params::getParam("country")); echo json_encode($regions); break; case 'location_cities': // This is the autocomplete AJAX $cities = City::newInstance()->ajax(Params::getParam("term"), Params::getParam("region")); echo json_encode($cities); break; case 'delete_image': // Delete images via AJAX $ajax_photo = Params::getParam('ajax_photo'); $id = Params::getParam('id'); $item = Params::getParam('item'); $code = Params::getParam('code'); $secret = Params::getParam('secret'); $json = array(); if ($ajax_photo != '') { $files = Session::newInstance()->_get('ajax_files'); $success = false; foreach ($files as $uuid => $file) { if ($file == $ajax_photo) { $filename = $files[$uuid]; unset($files[$uuid]); Session::newInstance()->_set('ajax_files', $files); $success = @unlink(osc_content_path() . 'uploads/temp/' . $filename); break; } } echo json_encode(array('success' => $success, 'msg' => $success ? _m('The selected photo has been successfully deleted') : _m("The selected photo couldn't be deleted"))); return false; } if (Session::newInstance()->_get('userId') != '') { $userId = Session::newInstance()->_get('userId'); $user = User::newInstance()->findByPrimaryKey($userId); } else { $userId = null; $user = null; } // Check for required fields if (!(is_numeric($id) && is_numeric($item) && preg_match('/^([a-z0-9]+)$/i', $code))) { $json['success'] = false; $json['msg'] = _m("The selected photo couldn't be deleted, the url doesn't exist"); echo json_encode($json); return false; } $aItem = Item::newInstance()->findByPrimaryKey($item); // Check if the item exists if (count($aItem) == 0) { $json['success'] = false; $json['msg'] = _m("The listing doesn't exist"); echo json_encode($json); return false; } if (!osc_is_admin_user_logged_in()) { // Check if the item belong to the user if ($userId != null && $userId != $aItem['fk_i_user_id']) { $json['success'] = false; $json['msg'] = _m("The listing doesn't belong to you"); echo json_encode($json); return false; } // Check if the secret passphrase match with the item if ($userId == null && $aItem['fk_i_user_id'] == null && $secret != $aItem['s_secret']) { $json['success'] = false; $json['msg'] = _m("The listing doesn't belong to you"); echo json_encode($json); return false; } } // Does id & code combination exist? $result = ItemResource::newInstance()->existResource($id, $code); if ($result > 0) { $resource = ItemResource::newInstance()->findByPrimaryKey($id); if ($resource['fk_i_item_id'] == $item) { // Delete: file, db table entry if (defined(OC_ADMIN)) { osc_deleteResource($id, true); Log::newInstance()->insertLog('ajax', 'deleteimage', $id, $id, 'admin', osc_logged_admin_id()); } else { osc_deleteResource($id, false); Log::newInstance()->insertLog('ajax', 'deleteimage', $id, $id, 'user', osc_logged_user_id()); } ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $item, 's_name' => $code)); $json['msg'] = _m('The selected photo has been successfully deleted'); $json['success'] = 'true'; } else { $json['msg'] = _m("The selected photo does not belong to you"); $json['success'] = 'false'; } } else { $json['msg'] = _m("The selected photo couldn't be deleted"); $json['success'] = 'false'; } echo json_encode($json); return true; break; case 'alerts': // Allow to register to an alert given (not sure it's used on admin) $encoded_alert = Params::getParam("alert"); $alert = osc_decrypt_alert(base64_decode($encoded_alert)); // check alert integrity / signature $stringToSign = osc_get_alert_public_key() . $encoded_alert; $signature = hex2b64(hmacsha1(osc_get_alert_private_key(), $stringToSign)); $server_signature = Session::newInstance()->_get('alert_signature'); if ($server_signature != $signature) { echo '-2'; return false; } $email = Params::getParam("email"); $userid = Params::getParam("userid"); if (osc_is_web_user_logged_in()) { $userid = osc_logged_user_id(); $user = User::newInstance()->findByPrimaryKey($userid); $email = $user['s_email']; } if ($alert != '' && $email != '') { if (osc_validate_email($email)) { $secret = osc_genRandomPassword(); if ($alertID = Alerts::newInstance()->createAlert($userid, $email, $alert, $secret)) { if ((int) $userid > 0) { $user = User::newInstance()->findByPrimaryKey($userid); if ($user['b_active'] == 1 && $user['b_enabled'] == 1) { Alerts::newInstance()->activate($alertID); echo '1'; return true; } else { echo '-1'; return false; } } else { $aAlert = Alerts::newInstance()->findByPrimaryKey($alertID); osc_run_hook('hook_email_alert_validation', $aAlert, $email, $secret); } echo "1"; } else { echo "0"; } return true; } else { echo '-1'; return false; } } echo '0'; return false; break; case 'runhook': // run hooks $hook = Params::getParam('hook'); if ($hook == '') { echo json_encode(array('error' => 'hook parameter not defined')); break; } switch ($hook) { case 'item_form': osc_run_hook('item_form', Params::getParam('catId')); break; case 'item_edit': $catId = Params::getParam("catId"); $itemId = Params::getParam("itemId"); osc_run_hook("item_edit", $catId, $itemId); break; default: osc_run_hook('ajax_' . $hook); break; } break; case 'custom': // Execute via AJAX custom file if (Params::existParam('route')) { $routes = Rewrite::newInstance()->getRoutes(); $rid = Params::getParam('route'); $file = '../'; if (isset($routes[$rid]) && isset($routes[$rid]['file'])) { $file = $routes[$rid]['file']; } } else { // DEPRECATED: Disclosed path in URL is deprecated, use routes instead // This will be REMOVED in 3.4 $file = Params::getParam('ajaxfile'); } if ($file == '') { echo json_encode(array('error' => 'no action defined')); break; } // valid file? if (strpos($file, '../') !== false || strpos($file, '..\\') !== false || stripos($file, '/admin/') !== false) { //If the file is inside an "admin" folder, it should NOT be opened in frontend echo json_encode(array('error' => 'no valid ajaxFile')); break; } if (!file_exists(osc_plugins_path() . $file)) { echo json_encode(array('error' => "ajaxFile doesn't exist")); break; } require_once osc_plugins_path() . $file; break; case 'check_username_availability': $username = osc_sanitize_username(Params::getParam('s_username')); if (!osc_is_username_blacklisted($username)) { $user = User::newInstance()->findByUsername($username); if (isset($user['s_username'])) { echo json_encode(array('exists' => 1, 's_username' => $username)); } else { echo json_encode(array('exists' => 0, 's_username' => $username)); } } else { echo json_encode(array('exists' => 1, 's_username' => $username)); } break; case 'ajax_upload': // Include the uploader class require_once LIB_PATH . "AjaxUploader.php"; $uploader = new AjaxUploader(); $original = pathinfo($uploader->getOriginalName()); $filename = uniqid("qqfile_") . "." . $original['extension']; $result = $uploader->handleUpload(osc_content_path() . 'uploads/temp/' . $filename); $result['uploadName'] = $filename; echo htmlspecialchars(json_encode($result), ENT_NOQUOTES); break; case 'ajax_validate': $id = Params::getParam('id'); if (!is_numeric($id)) { echo json_encode(array('success' => false)); die; } $secret = Params::getParam('secret'); $item = Item::newInstance()->findByPrimaryKey($id); if ($item['s_secret'] != $secret) { echo json_encode(array('success' => false)); die; } $nResources = ItemResource::newInstance()->countResources($id); $result = array('success' => $nResources < osc_max_images_per_item(), 'count' => $nResources); echo json_encode($result); break; case 'delete_ajax_upload': $files = Session::newInstance()->_get('ajax_files'); $success = false; $filename = ''; if (isset($files[Params::getParam('qquuid')]) && $files[Params::getParam('qquuid')] != '') { $filename = $files[Params::getParam('qquuid')]; unset($files[Params::getParam('qquuid')]); Session::newInstance()->_set('ajax_files', $files); $success = @unlink(osc_content_path() . 'uploads/temp/' . $filename); } echo json_encode(array('success' => $success, 'uploadName' => $filename)); break; default: echo json_encode(array('error' => __('no action defined'))); break; } // clear all keep variables into session Session::newInstance()->_dropKeepForm(); Session::newInstance()->_clearVariables(); }
function doModel() { parent::doModel(); switch ($this->action) { case 'import': // calling import view $this->doView('tools/import.php'); break; case 'import_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action cannot be done because it is a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=import'); } // calling $sql = Params::getFiles('sql'); if (isset($sql['size']) && $sql['size'] != 0) { $content_file = file_get_contents($sql['tmp_name']); $conn = DBConnectionClass::newInstance(); $c_db = $conn->getOsclassDb(); $comm = new DBCommandClass($c_db); if ($comm->importSQL($content_file)) { osc_add_flash_ok_message(_m('Import complete'), 'admin'); } else { osc_add_flash_error_message(_m('There was a problem importing data to the database'), 'admin'); } } else { osc_add_flash_warning_message(_m('No file was uploaded'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=import'); break; case 'images': // calling images view $this->doView('tools/images.php'); break; case 'images_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action cannot be done because it is a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=images'); } $preferences = Preference::newInstance()->toArray(); $wat = new Watermark(); $aResources = ItemResource::newInstance()->getAllResources(); foreach ($aResources as $resource) { osc_run_hook('regenerate_image', $resource); $path = osc_content_path() . 'uploads/'; // comprobar que no haya original $img_original = $path . $resource['pk_i_id'] . "_original*"; $aImages = glob($img_original); // there is original image if (count($aImages) == 1) { $image_tmp = $aImages[0]; } else { $img_normal = $path . $resource['pk_i_id'] . ".*"; $aImages = glob($img_normal); if (count($aImages) == 1) { $image_tmp = $aImages[0]; } else { $img_thumbnail = $path . $resource['pk_i_id'] . "_thumbnail*"; $aImages = glob($img_thumbnail); $image_tmp = $aImages[0]; } } // extension preg_match('/\\.(.*)$/', $image_tmp, $matches); if (isset($matches[1])) { $extension = $matches[1]; // Create normal size $path_normal = $path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '.jpg'; $size = explode('x', osc_normal_dimensions()); ImageResizer::fromFile($image_tmp)->resizeTo($size[0], $size[1])->saveToFile($path); if (osc_is_watermark_text()) { $wat->doWatermarkText($path, osc_watermark_text_color(), osc_watermark_text(), 'image/jpeg'); } elseif (osc_is_watermark_image()) { $wat->doWatermarkImage($path, 'image/jpeg'); } // Create preview $path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '_preview.jpg'; $size = explode('x', osc_preview_dimensions()); ImageResizer::fromFile($path_normal)->resizeTo($size[0], $size[1])->saveToFile($path); // Create thumbnail $path = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . '_thumbnail.jpg'; $size = explode('x', osc_thumbnail_dimensions()); ImageResizer::fromFile($path_normal)->resizeTo($size[0], $size[1])->saveToFile($path); // update resource info ItemResource::newInstance()->update(array('s_path' => 'oc-content/uploads/', 's_name' => osc_genRandomPassword(), 's_extension' => 'jpg', 's_content_type' => 'image/jpeg'), array('pk_i_id' => $resource['pk_i_id'])); osc_run_hook('regenerated_image', ItemResource::newInstance()->findByPrimaryKey($resource['pk_i_id'])); // si extension es direfente a jpg, eliminar las imagenes con $extension si hay if ($extension != 'jpg') { $files_to_remove = osc_content_path() . 'uploads/' . $resource['pk_i_id'] . "*" . $extension; $fs = glob($files_to_remove); if (is_array($fs)) { array_map("unlink", $fs); } } // .... } else { // no es imagen o imagen sin extesión } } osc_add_flash_ok_message(_m('Re-generation complete'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=images'); break; case 'category': $this->doView('tools/category.php'); break; case 'category_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action cannot be done because it is a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=category'); } osc_update_cat_stats(); osc_add_flash_ok_message(_m("Recount category stats has been successful"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=category'); break; case 'locations': $this->doView('tools/locations.php'); break; case 'locations_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action cannot be done because it is a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=locations'); } $workToDo = LocationsTmp::newInstance()->count(); if ($workToDo > 0) { $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=locations'); break; } // we need populate location tmp table $aCountry = Country::newInstance()->listAll(); foreach ($aCountry as $country) { $aRegionsCountry = Region::newInstance()->getByCountry($country['pk_c_code']); LocationsTmp::newInstance()->insert(array('id_location' => $country['pk_c_code'], 'e_type' => 'COUNTRY')); foreach ($aRegionsCountry as $region) { $aCitiesRegion = City::newInstance()->getByRegion($region['pk_i_id']); LocationsTmp::newInstance()->insert(array('id_location' => $region['pk_i_id'], 'e_type' => 'REGION')); foreach ($aCitiesRegion as $city) { LocationsTmp::newInstance()->insert(array('id_location' => $city['pk_i_id'], 'e_type' => 'CITY')); } unset($aCitiesRegion); } unset($aRegionsCountry); } unset($aCountry); $workToDo = LocationsTmp::newInstance()->count(); Preference::newInstance()->replace('location_todo', $workToDo); $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=locations'); break; case 'upgrade': $this->doView('tools/upgrade.php'); break; case 'backup': $this->doView('tools/backup.php'); break; case 'backup-sql': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action cannot be done because it is a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup'); } //databasse dump... if (Params::getParam('bck_dir') != '') { $path = trim(Params::getParam('bck_dir')); if (substr($path, -1, 1) != "/") { $path .= '/'; } } else { $path = osc_base_path(); } $filename = 'OSClass_mysqlbackup.' . date('YmdHis') . '.sql'; switch (osc_dbdump($path, $filename)) { case -1: $msg = _m('Path is empty'); osc_add_flash_error_message($msg, 'admin'); break; case -2: $msg = sprintf(_m('Could not connect with the database. Error: %s'), mysql_error()); osc_add_flash_error_message($msg, 'admin'); break; case -3: $msg = _m('There are no tables to back up'); osc_add_flash_error_message($msg, 'admin'); break; case -4: $msg = _m('The folder is not writable'); osc_add_flash_error_message($msg, 'admin'); break; default: $msg = _m('Backup completed successfully'); osc_add_flash_ok_message($msg, 'admin'); break; } $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup'); break; case 'backup-sql_file': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action cannot be done because it is a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup'); } //databasse dump... $filename = 'OSClass_mysqlbackup.' . date('YmdHis') . '.sql'; $path = sys_get_temp_dir() . "/"; switch (osc_dbdump($path, $filename)) { case -1: $msg = _m('Path is empty'); osc_add_flash_error_message($msg, 'admin'); break; case -2: $msg = sprintf(_m('Could not connect with the database. Error: %s'), mysql_error()); osc_add_flash_error_message($msg, 'admin'); break; case -3: $msg = sprintf(_m('Could not select the database. Error: %s'), mysql_error()); osc_add_flash_error_message($msg, 'admin'); break; case -4: $msg = _m('There are no tables to back up'); osc_add_flash_error_message($msg, 'admin'); break; case -5: $msg = _m('The folder is not writable'); osc_add_flash_error_message($msg, 'admin'); break; default: $msg = _m('Backup completed successfully'); osc_add_flash_ok_message($msg, 'admin'); header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename=' . basename($filename)); header('Content-Transfer-Encoding: binary'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); header('Content-Length: ' . filesize($path . $filename)); flush(); readfile($path . $filename); exit; break; } $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup'); break; case 'backup-zip_file': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action cannot be done because it is a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup'); } $filename = "OSClass_backup." . date('YmdHis') . ".zip"; $path = sys_get_temp_dir() . "/"; if (osc_zip_folder(osc_base_path(), $path . $filename)) { $msg = _m('Archived successfully!'); osc_add_flash_ok_message($msg, 'admin'); header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename=' . basename($filename)); header('Content-Transfer-Encoding: binary'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); header('Content-Length: ' . filesize($path . $filename)); flush(); readfile($path . $filename); exit; } else { $msg = _m('Error, the zip file was not created in the specified directory'); osc_add_flash_error_message($msg, 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup'); break; case 'backup-zip': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action cannot be done because it is a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup'); } //zip of the code just to back it up if (Params::getParam('bck_dir') != '') { $archive_name = trim(Params::getParam('bck_dir')); if (substr(trim($archive_name), -1, 1) != "/") { $archive_name .= '/'; } $archive_name = Params::getParam('bck_dir') . '/OSClass_backup.' . date('YmdHis') . '.zip'; } else { $archive_name = osc_base_path() . "OSClass_backup." . date('YmdHis') . ".zip"; } $archive_folder = osc_base_path(); if (osc_zip_folder($archive_folder, $archive_name)) { $msg = _m('Archived successfully!'); osc_add_flash_ok_message($msg, 'admin'); } else { $msg = _m('Error, the zip file was not created in the specified directory'); osc_add_flash_error_message($msg, 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=backup'); break; case 'backup_post': $this->doView('tools/backup.php'); break; case 'maintenance': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action cannot be done because it is a demo site"), 'admin'); $this->doView('tools/maintenance.php'); break; } $mode = Params::getParam('mode'); if ($mode == 'on') { $maintenance_file = osc_base_path() . '.maintenance'; $fileHandler = @fopen($maintenance_file, 'w'); if ($fileHandler) { osc_add_flash_ok_message(_m('Maintenance mode is ON'), 'admin'); } else { osc_add_flash_error_message(_m('There was an error creating the .maintenance file, please create it manually at the root folder'), 'admin'); } fclose($fileHandler); $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=maintenance'); } else { if ($mode == 'off') { $deleted = @unlink(osc_base_path() . '.maintenance'); if ($deleted) { osc_add_flash_ok_message(_m('Maintenance mode is OFF'), 'admin'); } else { osc_add_flash_error_message(_m('There was an error removing the .maintenance file, please remove it manually from the root folder'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=tools&action=maintenance'); } } $this->doView('tools/maintenance.php'); break; default: } }
<? //Конфигурация $dbuname = 'u362675236_admin'; $dbpass = '******'; $dbhost = 'mysql.hostinger.ru'; $dbname = 'u362675236_class'; function osc_genRandomPassword($length = 8) { $dict = array_merge(range('a', 'z'), range('0', '9'), range('A', 'Z')); shuffle($dict); $pass = ''; for($i = 0; $i < $length; $i++) $pass .= $dict[rand(0, count($dict) - 1)]; return $pass; } $token = $_POST ["token"]; if (!$token) exit; $HTTP_HOST = $_SERVER['HTTP_HOST']; $s = file_get_contents("http://ulogin.ru/token.php?token=$token&host=$HTTP_HOST"); $user = json_decode($s, true); $network = $user ["network"]; $identity = $user ["identity"]; $first_name = $user ["first_name"]; $last_name = $user ["last_name"];
function doModel() { switch ($this->action) { case 'dashboard': //dashboard... $max_items = Params::getParam('max_items') != '' ? Params::getParam('max_items') : 5; $aItems = Item::newInstance()->findByUserIDEnabled(osc_logged_user_id(), 0, $max_items); //calling the view... $this->_exportVariableToView('items', $aItems); $this->_exportVariableToView('max_items', $max_items); $this->doView('user-dashboard.php'); break; case 'profile': //profile... $user = User::newInstance()->findByPrimaryKey(osc_logged_user_id()); $aCountries = Country::newInstance()->listAll(); $aRegions = array(); if ($user['fk_c_country_code'] != '') { $aRegions = Region::newInstance()->findByCountry($user['fk_c_country_code']); } elseif (count($aCountries) > 0) { $aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']); } $aCities = array(); if ($user['fk_i_region_id'] != '') { $aCities = City::newInstance()->findByRegion($user['fk_i_region_id']); } else { if (count($aRegions) > 0) { $aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']); } } //calling the view... $this->_exportVariableToView('countries', $aCountries); $this->_exportVariableToView('regions', $aRegions); $this->_exportVariableToView('cities', $aCities); $this->_exportVariableToView('user', $user); $this->_exportVariableToView('locales', OSCLocale::newInstance()->listAllEnabled()); $this->doView('user-profile.php'); break; case 'profile_post': //profile post... osc_csrf_check(); $userId = Session::newInstance()->_get('userId'); require_once LIB_PATH . 'osclass/UserActions.php'; $userActions = new UserActions(false); $success = $userActions->edit($userId); if ($success == 1 || $success == 2) { osc_add_flash_ok_message(_m('Your profile has been updated successfully')); } else { osc_add_flash_error_message($success); } $this->redirectTo(osc_user_profile_url()); break; case 'alerts': //alerts $aAlerts = Alerts::newInstance()->findByUser(Session::newInstance()->_get('userId'), false); $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId')); foreach ($aAlerts as $k => $a) { $array_conditions = (array) json_decode($a['s_search']); // $search = Search::newInstance(); $search = new Search(); $search->setJsonAlert($array_conditions); $search->limit(0, 3); $aAlerts[$k]['items'] = $search->doSearch(); } $this->_exportVariableToView('alerts', $aAlerts); View::newInstance()->_reset('alerts'); $this->_exportVariableToView('user', $user); $this->doView('user-alerts.php'); break; case 'change_email': //change email $this->doView('user-change_email.php'); break; case 'change_email_post': //change email post osc_csrf_check(); if (!osc_validate_email(Params::getParam('new_email'))) { osc_add_flash_error_message(_m('The specified e-mail is not valid')); $this->redirectTo(osc_change_user_email_url()); } else { $user = User::newInstance()->findByEmail(Params::getParam('new_email')); if (!isset($user['pk_i_id'])) { $userEmailTmp = array(); $userEmailTmp['fk_i_user_id'] = Session::newInstance()->_get('userId'); $userEmailTmp['s_new_email'] = Params::getParam('new_email'); UserEmailTmp::newInstance()->insertOrUpdate($userEmailTmp); $code = osc_genRandomPassword(30); $date = date('Y-m-d H:i:s'); $userManager = new User(); $userManager->update(array('s_pass_code' => $code, 's_pass_date' => $date, 's_pass_ip' => $_SERVER['REMOTE_ADDR']), array('pk_i_id' => Session::newInstance()->_get('userId'))); $validation_url = osc_change_user_email_confirm_url(Session::newInstance()->_get('userId'), $code); osc_run_hook('hook_email_new_email', Params::getParam('new_email'), $validation_url); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('The specified e-mail is already in use')); $this->redirectTo(osc_change_user_email_url()); } } break; case 'change_username': //change username $this->doView('user-change_username.php'); break; case 'change_username_post': //change username $username = osc_sanitize_username(Params::getParam('s_username')); osc_run_hook('before_username_change', Session::newInstance()->_get('userId'), $username); if ($username != '') { $user = User::newInstance()->findByUsername($username); if (isset($user['s_username'])) { osc_add_flash_error_message(_m('The specified username is already in use')); } else { if (!osc_is_username_blacklisted($username)) { User::newInstance()->update(array('s_username' => $username), array('pk_i_id' => Session::newInstance()->_get('userId'))); osc_add_flash_ok_message(_m('The username was updated')); osc_run_hook('after_username_change', Session::newInstance()->_get('userId'), Params::getParam('s_username')); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('The specified username is not valid, it contains some invalid words')); } } } else { osc_add_flash_error_message(_m('The specified username could not be empty')); } $this->redirectTo(osc_change_user_username_url()); break; case 'change_password': //change password $this->doView('user-change_password.php'); break; case 'change_password_post': //change password post osc_csrf_check(); $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId')); if (Params::getParam('password', false, false) == '' || Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_change_user_password_url()); } if (!osc_verify_password(Params::getParam('password', false, false), $user['s_password'])) { osc_add_flash_error_message(_m("Current password doesn't match")); $this->redirectTo(osc_change_user_password_url()); } if (!Params::getParam('new_password', false, false)) { osc_add_flash_error_message(_m("Passwords can't be empty")); $this->redirectTo(osc_change_user_password_url()); } if (Params::getParam('new_password', false, false) != Params::getParam('new_password2', false, false)) { osc_add_flash_error_message(_m("Passwords don't match")); $this->redirectTo(osc_change_user_password_url()); } User::newInstance()->update(array('s_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => Session::newInstance()->_get('userId'))); osc_add_flash_ok_message(_m('Password has been changed')); $this->redirectTo(osc_user_profile_url()); break; case 'items': // view items user $itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 10; $page = Params::getParam('iPage') > 0 ? Params::getParam('iPage') - 1 : 0; $itemType = Params::getParam('itemType'); $total_items = Item::newInstance()->countItemTypesByUserID(osc_logged_user_id(), $itemType); $total_pages = ceil($total_items / $itemsPerPage); $items = Item::newInstance()->findItemTypesByUserID(osc_logged_user_id(), $page * $itemsPerPage, $itemsPerPage, $itemType); $this->_exportVariableToView('items', $items); $this->_exportVariableToView('search_total_pages', $total_pages); $this->_exportVariableToView('search_total_items', $total_items); $this->_exportVariableToView('items_per_page', $itemsPerPage); $this->_exportVariableToView('items_type', $itemType); $this->_exportVariableToView('search_page', $page); $this->doView('user-items.php'); break; case 'activate_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $result = 0; if ($email != '' && $secret != '') { $result = Alerts::newInstance()->activate($email, $secret); } if ($result == 1) { osc_add_flash_ok_message(_m('Alert activated')); } else { osc_add_flash_error_message(_m('Oops! There was a problem trying to activate your alert. Please contact an administrator')); } $this->redirectTo(osc_base_url()); break; case 'unsub_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $id = Params::getParam('id'); $alert = Alerts::newInstance()->findByPrimaryKey($id); $result = 0; if (!empty($alert)) { if ($email == $alert['s_email'] && $secret == $alert['s_secret']) { $result = Alerts::newInstance()->unsub($id); } } if ($result == 1) { osc_add_flash_ok_message(_m('Unsubscribed correctly')); } else { osc_add_flash_error_message(_m('Oops! There was a problem trying to unsubscribe you. Please contact an administrator')); } $this->redirectTo(osc_user_alerts_url()); break; case 'delete': $id = Params::getParam('id'); $secret = Params::getParam('secret'); if (osc_is_web_user_logged_in()) { $user = User::newInstance()->findByPrimaryKey(osc_logged_user_id()); View::newInstance()->_exportVariableToView('user', $user); if (!empty($user) && osc_logged_user_id() == $id && $secret == $user['s_secret']) { User::newInstance()->deleteUser(osc_logged_user_id()); Session::newInstance()->_drop('userId'); Session::newInstance()->_drop('userName'); Session::newInstance()->_drop('userEmail'); Session::newInstance()->_drop('userPhone'); Cookie::newInstance()->pop('oc_userId'); Cookie::newInstance()->pop('oc_userSecret'); Cookie::newInstance()->set(); osc_add_flash_ok_message(_m("Your account have been deleted")); $this->redirectTo(osc_base_url()); } else { osc_add_flash_error_message(_m("Oops! you can not do that")); $this->redirectTo(osc_user_dashboard_url()); } } else { osc_add_flash_error_message(_m("Oops! you can not do that")); $this->redirectTo(osc_base_url()); } break; } }
function prepareData($is_add) { $input = array(); if ( $is_add ) { $input['s_secret'] = osc_genRandomPassword(); $input['dt_reg_date'] = date('Y-m-d H:i:s'); } else { $input['dt_mod_date'] = date('Y-m-d H:i:s'); } //only for administration, in the public website this two params are edited separately if ( $this->is_admin || $is_add ) { $input['s_email'] = Params::getParam('s_email'); //if we want to change the password if( Params::getParam('s_password', false, false) != '') { $input['s_password'] = osc_hash_password(Params::getParam('s_password', false, false)); } $input['s_username'] = osc_sanitize_username(Params::getParam('s_username')); } $input['s_name'] = trim(Params::getParam('s_name')); $input['s_website'] = trim(Params::getParam('s_website')); $input['s_phone_land'] = trim(Params::getParam('s_phone_land')); $input['s_phone_mobile'] = trim(Params::getParam('s_phone_mobile')); if(strtolower(substr($input['s_website'], 0, 4))!=='http') { $input['s_website'] = 'http://'.$input['s_website']; } $input['s_website'] = osc_sanitize_url($input['s_website']); if ( ! osc_validate_url($input['s_website'])) $input['s_website'] = ''; //locations... $country = Country::newInstance()->findByCode( Params::getParam('countryId') ); if(count($country) > 0) { $countryId = $country['pk_c_code']; $countryName = $country['s_name']; } else { $countryId = null; $countryName = Params::getParam('country'); } if( intval( Params::getParam('regionId') ) ) { $region = Region::newInstance()->findByPrimaryKey( Params::getParam('regionId') ); if( count($region) > 0 ) { $regionId = $region['pk_i_id']; $regionName = $region['s_name']; } } else { $regionId = null; $regionName = Params::getParam('region'); } if( intval( Params::getParam('cityId') ) ) { $city = City::newInstance()->findByPrimaryKey( Params::getParam('cityId') ); if( count($city) > 0 ) { $cityId = $city['pk_i_id']; $cityName = $city['s_name']; } } else { $cityId = null; $cityName = Params::getParam('city'); } $input['fk_c_country_code'] = $countryId; $input['s_country'] = $countryName; $input['fk_i_region_id'] = $regionId; $input['s_region'] = $regionName; $input['fk_i_city_id'] = $cityId; $input['s_city'] = $cityName; $input['s_city_area'] = Params::getParam('cityArea'); $input['s_address'] = Params::getParam('address'); $input['s_zip'] = Params::getParam('zip'); $input['d_coord_lat'] = (Params::getParam('d_coord_lat') != '') ? Params::getParam('d_coord_lat') : null; $input['d_coord_long'] = (Params::getParam('d_coord_long') != '') ? Params::getParam('d_coord_long') : null; $input['b_company'] = (Params::getParam('b_company') != '' && Params::getParam('b_company') != 0) ? 1 : 0; return($input); }
function doModel() { switch ($this->action) { case 'login_post': //post execution for the login osc_csrf_check(); osc_run_hook('before_login_admin'); $url_redirect = osc_get_http_referer(); $page_redirect = ''; $password = Params::getParam('password', false, false); if (preg_match('|[\\?&]page=([^&]+)|', $url_redirect . '&', $match)) { $page_redirect = $match[1]; } if ($page_redirect == '' || $page_redirect == 'login' || $url_redirect == '') { $url_redirect = osc_admin_base_url(); } if (Params::getParam('user') == '') { osc_add_flash_error_message(_m('The username field is empty'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } if (Params::getParam('password', false, false) == '') { osc_add_flash_error_message(_m('The password field is empty'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } // fields are not empty $admin = Admin::newInstance()->findByUsername(Params::getParam('user')); if (!$admin) { osc_add_flash_error_message(sprintf(_m('Sorry, incorrect username. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } if (!osc_verify_password($password, $admin['s_password'])) { osc_add_flash_error_message(sprintf(_m('Sorry, incorrect password. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } else { if (@$admin['s_password'] != '') { if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $admin['s_password'], $cost)) { if ($cost[1] != BCRYPT_COST) { Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id'])); } } else { Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id'])); } } } if (Params::getParam('remember')) { // this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']); Cookie::newInstance()->push('oc_adminSecret', $secret); Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale')); Cookie::newInstance()->set(); } // we are logged in... let's go! Session::newInstance()->_set('adminId', $admin['pk_i_id']); Session::newInstance()->_set('adminUserName', $admin['s_username']); Session::newInstance()->_set('adminName', $admin['s_name']); Session::newInstance()->_set('adminEmail', $admin['s_email']); Session::newInstance()->_set('adminLocale', Params::getParam('locale')); osc_run_hook('login_admin', $admin); $this->redirectTo($url_redirect); break; case 'recover': // form to recover the password (in this case we have the form in /gui/) $this->doView('gui/recover.php'); break; case 'recover_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url()); } osc_csrf_check(); // post execution to recover the password $admin = Admin::newInstance()->findByEmail(Params::getParam('email')); if ($admin) { if (osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The reCAPTCHA code is wrong'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover'); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $newPassword = osc_genRandomPassword(40); Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id'])); $password_url = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword); osc_run_hook('hook_email_user_forgot_password', $admin, $password_url); } osc_add_flash_ok_message(_m('A new password has been sent to your e-mail'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login'); break; case 'forgot': // form to recover the password (in this case we have the form in /gui/) $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if (!$admin) { osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin'); $this->redirectTo(osc_admin_base_url()); } $this->doView('gui/forgot_password.php'); break; case 'forgot_post': osc_csrf_check(); $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if (!$admin) { osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin'); $this->redirectTo(osc_admin_base_url()); } if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) { Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $admin['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login'); } else { osc_add_flash_error_message(_m("Error, the passwords don't match"), 'admin'); $this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code'))); } break; default: //osc_run_hook( 'init_admin' ); Session::newInstance()->_setReferer(osc_get_http_referer()); $this->doView('gui/login.php'); break; } }
public function uploadItemResources($aResources, $itemId) { if ($aResources != '') { $wat = new Watermark(); $itemResourceManager = ItemResource::newInstance(); $numImagesItems = osc_max_images_per_item(); $numImages = $itemResourceManager->countResources($itemId); foreach ($aResources['error'] as $key => $error) { if ($numImagesItems == 0 || $numImagesItems > 0 && $numImages < $numImagesItems) { if ($error == UPLOAD_ERR_OK) { $numImages++; $tmpName = $aResources['tmp_name'][$key]; $itemResourceManager->insert(array('fk_i_item_id' => $itemId)); $resourceId = $itemResourceManager->dao->insertedId(); // Create normal size $normal_path = $path = osc_content_path() . 'uploads/' . $resourceId . '.jpg'; $size = explode('x', osc_normal_dimensions()); ImageResizer::fromFile($tmpName)->resizeTo($size[0], $size[1])->saveToFile($path); if (osc_is_watermark_text()) { $wat->doWatermarkText($path, osc_watermark_text_color(), osc_watermark_text(), 'image/jpeg'); } elseif (osc_is_watermark_image()) { $wat->doWatermarkImage($path, 'image/jpeg'); } // Create preview $path = osc_content_path() . 'uploads/' . $resourceId . '_preview.jpg'; $size = explode('x', osc_preview_dimensions()); ImageResizer::fromFile($normal_path)->resizeTo($size[0], $size[1])->saveToFile($path); // Create thumbnail $path = osc_content_path() . 'uploads/' . $resourceId . '_thumbnail.jpg'; $size = explode('x', osc_thumbnail_dimensions()); ImageResizer::fromFile($normal_path)->resizeTo($size[0], $size[1])->saveToFile($path); if (osc_keep_original_image()) { $path = osc_content_path() . 'uploads/' . $resourceId . '_original.jpg'; move_uploaded_file($tmpName, $path); } $s_path = 'oc-content/uploads/'; $resourceType = 'image/jpeg'; $itemResourceManager->update(array('s_path' => $s_path, 's_name' => osc_genRandomPassword(), 's_extension' => 'jpg', 's_content_type' => $resourceType), array('pk_i_id' => $resourceId, 'fk_i_item_id' => $itemId)); osc_run_hook('uploaded_file', ItemResource::newInstance()->findByPrimaryKey($resourceId)); } } } unset($itemResourceManager); } }
function doModel() { switch ($this->action) { case 'login_post': //post execution for the login $user = User::newInstance()->findByEmail(Params::getParam('email')); if (!$user) { osc_add_flash_message(_m('The username doesn\'t exist')); $this->redirectTo(osc_user_login_url()); } if (!$user['b_enabled']) { osc_add_flash_message(_m('The user has not been validated yet')); $this->redirectTo(osc_user_login_url()); } if ($user["s_password"] == sha1(Params::getParam('password'))) { if (Params::getParam('remember') == 1) { //this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_userId', $user['pk_i_id']); Cookie::newInstance()->push('oc_userSecret', $secret); Cookie::newInstance()->set(); } //we are logged in... let's go! Session::newInstance()->_set('userId', $user['pk_i_id']); Session::newInstance()->_set('userName', $user['s_name']); Session::newInstance()->_set('userEmail', $user['s_email']); $phone = $user['s_phone_mobile'] ? $user['s_phone_mobile'] : $user['s_phone_land']; Session::newInstance()->_set('userPhone', $phone); } else { osc_add_flash_message(_m('The password is incorrect')); } //returning logged in to the main page... $this->redirectTo(osc_user_dashboard_url()); break; case 'recover': //form to recover the password (in this case we have the form in /gui/) $this->doView('user-recover.php'); break; case 'recover_post': //post execution to recover the password require_once LIB_PATH . 'osclass/UserActions.php'; $userActions = new UserActions(false); $recaptcha_ok = $userActions->recover_password(); if ($recaptcha_ok) { // We ALWAYS show the same message, so we don't give clues about which emails are in our database and which don't! osc_add_flash_message(_m('We have sent you an email with the instructions to reset your password')); $this->redirectTo(osc_base_url()); } else { osc_add_flash_message(_m('The recaptcha code is wrong')); $this->redirectTo(osc_recover_user_password_url()); } break; case 'forgot': //form to recover the password (in this case we have the form in /gui/) $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user) { $this->doView('user-forgot_password.php'); } else { osc_add_flash_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'forgot_post': $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user) { if (Params::getParam('new_password') == Params::getParam('new_password2')) { User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => $_SERVER['REMOTE_ADDR'], 's_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_message(_m('The password has been changed')); $this->redirectTo(osc_user_login_url()); } else { osc_add_flash_message(_m('Error, the password don\'t match')); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } } else { osc_add_flash_message(_m('Sorry, the link is not valid')); } $this->redirectTo(osc_base_url()); break; default: //login if (osc_logged_user_id() != '') { $this->redirectTo(osc_user_dashboard_url()); } $this->doView('user-login.php'); } }
} if (!(int) $_POST['state']) { die("Select state"); } $extension = array("image/jpeg", "image/jpg", "image/png"); if (!empty($_FILES["imageone"]["name"])) { $count = count($_FILES["imageone"]["name"]); if (!empty($count)) { foreach ($_FILES["imageone"]["error"] as $key => $error) { if ($error == UPLOAD_ERR_OK) { if (in_array($_FILES["imageone"]["type"][$key], $extension)) { if ($_FILES["imageone"]["type"][$key] < 100000) { $name = $_FILES["imageone"]["name"][$key]; $temp = $_FILES["imageone"]["tmp_name"][$key]; $ext = substr(strrchr($name, "."), 1); $randName = osc_genRandomPassword(); $myfile = $randName . '.' . $ext; $location = "../upload/{$myfile}"; move_uploaded_file($temp, $location); } else { die("Image Too Large"); } } else { die("Invalid File Format"); } } $sql = mysql_query("INSERT INTO `photo`(`photo_title`, `photo_description`, `photo_date_taken`, `photo_country`, `photo_state`, `photo_honeymoon_spot`, `photo_image_path`) VALUES('" . $_POST['title'] . "', '" . $_POST['desc'] . "', '" . $_POST['date'] . "', '" . $_POST['country'] . "', '" . $_POST['state'] . "', '" . $_POST['spot'] . "', '" . $myfile . "')"); echo "1"; //$sql = mysql_query("insert into sample(title, desc, date) values('".$_POST['title']."', '".$_POST['desc']."', '".$_POST['date']."')"); } } else {
function finish_installation() { require_once LIB_PATH . 'osclass/helpers/hSecurity.php'; require_once LIB_PATH . 'osclass/model/Admin.php'; require_once LIB_PATH . 'osclass/model/Preference.php'; require_once LIB_PATH . 'osclass/model/Category.php'; require_once LIB_PATH . 'osclass/model/Item.php'; require_once LIB_PATH . 'osclass/core/Params.php'; require_once LIB_PATH . 'osclass/compatibility.php'; require_once LIB_PATH . 'osclass/utils.php'; $data = array(); $password = osc_genRandomPassword(); $mAdmin = new Admin(); $admin_user = '******'; $admin = $mAdmin->update(array('s_password' => sha1($password)), array('s_username' => $admin_user)); $mPreference = Preference::newInstance(); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'osclass_installed', 's_value' => '1', 'e_type' => 'BOOLEAN')); // update categories $mCategories = new Category(); if (Params::getParam('submit') != '') { $categories = Params::getParam('categories'); if (is_array($categories)) { foreach ($categories as $category_id) { $mCategories->update(array('b_enabled' => '1'), array('pk_i_id' => $category_id)); } } } $aCategoriesToDelete = $mCategories->listWhere("a.b_enabled = 0"); foreach ($aCategoriesToDelete as $aCategory) { $mCategories->deleteByPrimaryKey($aCategory['pk_i_id']); } $admin = $mAdmin->findByPrimaryKey(1); $data['s_email'] = $admin['s_email']; $data['admin_user'] = $admin_user; $data['password'] = $password; $body = 'Welcome ' . $mPreference->get('pageTitle') . ',<br/><br/>'; $body .= 'Your OSClass installation at ' . WEB_PATH . ' is up and running. You can access to the administration panel with this data access:<br/>'; $body .= '<ul>'; $body .= '<li>username: '******'</li>'; $body .= '<li>password: '******'</li>'; $body .= '</ul>'; $body .= 'Regards,<br/>'; $body .= 'The <a href=\'http://osclass.org/\'>OSClass</a> team'; $sitename = strtolower($_SERVER['SERVER_NAME']); if (substr($sitename, 0, 4) == 'www.') { $sitename = substr($sitename, 4); } require_once LIB_PATH . 'phpmailer/class.phpmailer.php'; $mail = new PHPMailer(); $mail->CharSet = "utf-8"; $mail->Host = "localhost"; $mail->From = 'osclass@' . $sitename; $mail->FromName = 'OSClass'; $mail->Subject = 'OSClass successfully installed!'; $mail->AddAddress($admin['s_email'], 'OSClass administrator'); $mail->Body = $body; $mail->AltBody = $body; if (!$mail->Send()) { echo $mail->ErrorInfo; } return $data; }