function fbc_button()
{
if (!osc_is_web_user_logged_in()) {
echo '<div><a href="' . OSCFacebook::newInstance()->loginUrl() . '">' . __('Login with Facebook', 'facebook') . '</a></div>';
} else {
Header("Refresh:0");
//refresh page
}
}
function __construct()
{
parent::__construct();
if (!osc_users_enabled()) {
osc_add_flash_error_message(_m('Users not enabled'));
$this->redirectTo(osc_base_url());
}
if (!osc_user_registration_enabled()) {
osc_add_flash_error_message(_m('User registration is not enabled'));
$this->redirectTo(osc_base_url());
}
if (osc_is_web_user_logged_in()) {
$this->redirectTo(osc_base_url());
}
}
function doModel()
{
$user_menu = false;
if(Params::existParam('route')) {
$routes = Rewrite::newInstance()->getRoutes();
$rid = Params::getParam('route');
$file = '../';
if(isset($routes[$rid]) && isset($routes[$rid]['file'])) {
$file = $routes[$rid]['file'];
$user_menu = $routes[$rid]['user_menu'];
}
} else {
// DEPRECATED: Disclosed path in URL is deprecated, use routes instead
// This will be REMOVED in 3.4
$file = Params::getParam('file');
}
// valid file?
if( strpos($file, '../') !== false || strpos($file, '..\\') !==false || stripos($file, '/admin/') !== false ) { //If the file is inside an "admin" folder, it should NOT be opened in frontend
$this->do404();
return;
}
// check if the file exists
if( !file_exists(osc_plugins_path() . $file) ) {
$this->do404();
return;
}
osc_run_hook('custom_controller');
$this->_exportVariableToView('file', $file);
if($user_menu) {
if(osc_is_web_user_logged_in()) {
Params::setParam('in_user_menu', true);
$this->doView('user-custom.php');
} else {
$this->redirectTo(osc_user_login_url());
}
} else {
$this->doView('custom.php');
}
}
function anr_verify_captcha()
{
$secre_key = anr_get_option('secret_key');
$response = Params::getParam('g-recaptcha-response');
$remoteip = $_SERVER["REMOTE_ADDR"];
$loggedin_hide = anr_get_option('loggedin_hide');
if ((osc_is_web_user_logged_in() || osc_is_admin_user_logged_in()) && $loggedin_hide) {
return true;
}
if (!$secre_key) {
//if $secre_key is not set
return true;
}
if (!$response || !$remoteip) {
return false;
}
$request = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=" . $secre_key . "&response=" . $response . "&remoteip=" . $remoteip);
$result = json_decode($request, true);
if (true == $result['success']) {
return true;
}
return false;
}
function watchlist()
{
if (osc_is_web_user_logged_in()) {
$id = osc_item_id();
$class = '';
$title = '';
if (watchlist_exists($id)) {
$class = 'full';
$title = __('Remove from watchlist', 'watchlist');
} else {
$class = 'empty';
$title = __('Add to watchlist', 'watchlist');
}
echo '<a class="watchlist ' . $class . '" id="' . $id . '"><span title="' . $title . '"></span>';
if ($class == 'empty') {
echo __('Add to watchlist', 'watchlist');
} else {
echo __('Remove from watchlist', 'watchlist');
}
echo '</a>';
} else {
echo '<a class="watchlist empty" onclick="swal(' ' . __('You must login to save favorites', 'pop') . ' ')"><span title="' . $title . '"></span>' . __('Add to watchlist', 'watchlist') . '</a>';
}
}
Session::newInstance()->_drop('userName');
Session::newInstance()->_drop('userEmail');
Session::newInstance()->_drop('userPhone');
Cookie::newInstance()->pop('oc_userId');
Cookie::newInstance()->pop('oc_userSecret');
Cookie::newInstance()->set();
}
switch (Params::getParam('page')) {
case 'cron':
// cron system
define('__FROM_CRON__', true);
require_once osc_lib_path() . 'osclass/cron.php';
break;
case 'user':
// user pages (with security)
if (Params::getParam('action') == 'change_email_confirm' || Params::getParam('action') == 'activate_alert' || Params::getParam('action') == 'unsub_alert' && !osc_is_web_user_logged_in() || Params::getParam('action') == 'contact_post' || Params::getParam('action') == 'pub_profile') {
require_once osc_base_path() . 'user-non-secure.php';
$do = new CWebUserNonSecure();
$do->doModel();
} else {
require_once osc_base_path() . 'user.php';
$do = new CWebUser();
$do->doModel();
}
break;
case 'item':
// item pages
require_once osc_base_path() . 'item.php';
$do = new CWebItem();
$do->doModel();
break;
function isLogged()
{
return osc_is_web_user_logged_in();
}
/**
* Show form to vote a seller if item belongs to a registered user. (itemDetail)
*
* @param type $item item array or userId
*/
function voting_item_detail_user($item = null)
{
$userId = null;
if ($item == null) {
$userId = osc_item_user_id();
} else {
if (is_numeric($item)) {
$userId = $item;
} else {
if (is_array($item)) {
$userId = $item['fk_i_user_id'];
} else {
exit;
}
}
}
if (osc_get_preference('user_voting', 'voting') == 1 && is_numeric($userId) && isset($userId) && $userId > 0) {
// obtener el avg de las votaciones
$aux_vote = ModelVoting::newInstance()->getUserAvgRating($userId);
$aux_count = ModelVoting::newInstance()->getUserNumberOfVotes($userId);
$vote['vote'] = $aux_vote['vote'];
$vote['total'] = $aux_count['total'];
$vote['userId'] = $userId;
$vote['can_vote'] = false;
if (osc_is_web_user_logged_in() && can_vote_user($userId, osc_logged_user_id())) {
$vote['can_vote'] = true;
}
require 'item_detail_user.php';
}
}
function payment_pro_show_item($item)
{
if (osc_get_preference("pay_per_post", 'payment_pro') == "1" && !ModelPaymentPro::newInstance()->publishFeeIsPaid($item['pk_i_id'])) {
if (osc_is_admin_user_logged_in()) {
osc_get_flash_message('pubMessages', true);
osc_add_flash_warning_message(__('The listing hasn\'t been paid', 'payment_pro'));
} else {
if (osc_is_web_user_logged_in() && osc_logged_user_id() == $item['fk_i_user_id']) {
osc_get_flash_message('pubMessages', true);
osc_add_flash_warning_message(sprintf(__('To make this listing available to others, you need to pay a publish fee. <a href="%s">Continue and make the ad public</a>', 'payment_pro'), osc_route_url('payment-pro-user-menu')));
} else {
ob_get_clean();
Rewrite::newInstance()->set_location('error');
header('HTTP/1.1 400 Bad Request');
osc_current_web_theme_path('404.php');
exit;
}
}
}
}
function doModel()
{
//calling the view...
$locales = OSCLocale::newInstance()->listAllEnabled();
$this->_exportVariableToView('locales', $locales);
switch ($this->action) {
case 'item_add':
// post
if (osc_reg_user_post() && $this->user == null) {
osc_add_flash_warning_message(_m('Only registered users are allowed to post listings'));
$this->redirectTo(osc_user_login_url());
}
$countries = Country::newInstance()->listAll();
$regions = array();
if (isset($this->user['fk_c_country_code']) && $this->user['fk_c_country_code'] != '') {
$regions = Region::newInstance()->findByCountry($this->user['fk_c_country_code']);
} else {
if (count($countries) > 0) {
$regions = Region::newInstance()->findByCountry($countries[0]['pk_c_code']);
}
}
$cities = array();
if (isset($this->user['fk_i_region_id']) && $this->user['fk_i_region_id'] != '') {
$cities = City::newInstance()->findByRegion($this->user['fk_i_region_id']);
} else {
if (count($regions) > 0) {
$cities = City::newInstance()->findByRegion($regions[0]['pk_i_id']);
}
}
$this->_exportVariableToView('countries', $countries);
$this->_exportVariableToView('regions', $regions);
$this->_exportVariableToView('cities', $cities);
$form = count(Session::newInstance()->_getForm());
$keepForm = count(Session::newInstance()->_getKeepForm());
if ($form == 0 || $form == $keepForm) {
Session::newInstance()->_dropKeepForm();
}
if (Session::newInstance()->_getForm('countryId') != "") {
$countryId = Session::newInstance()->_getForm('countryId');
$regions = Region::newInstance()->findByCountry($countryId);
$this->_exportVariableToView('regions', $regions);
if (Session::newInstance()->_getForm('regionId') != "") {
$regionId = Session::newInstance()->_getForm('regionId');
$cities = City::newInstance()->findByRegion($regionId);
$this->_exportVariableToView('cities', $cities);
}
}
$this->_exportVariableToView('user', $this->user);
osc_run_hook('post_item');
$this->doView('item-post.php');
break;
case 'item_add_post':
//post_item
if (osc_reg_user_post() && $this->user == null) {
osc_add_flash_warning_message(_m('Only registered users are allowed to post listings'));
$this->redirectTo(osc_base_url(true));
}
$mItems = new ItemActions(false);
// prepare data for ADD ITEM
$mItems->prepareData(true);
// set all parameters into session
foreach ($mItems->data as $key => $value) {
Session::newInstance()->_setForm($key, $value);
}
$meta = Params::getParam('meta');
if (is_array($meta)) {
foreach ($meta as $key => $value) {
Session::newInstance()->_setForm('meta_' . $key, $value);
Session::newInstance()->_keepForm('meta_' . $key);
}
}
if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
$this->redirectTo(osc_item_post_url());
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
if (!osc_is_web_user_logged_in()) {
$user = User::newInstance()->findByEmail($mItems->data['contactEmail']);
// The user exists but it's not logged
if (isset($user['pk_i_id'])) {
foreach ($mItems->data as $key => $value) {
Session::newInstance()->_keepForm($key);
}
osc_add_flash_error_message(_m('A user with that email address already exists, if it is you, please log in'));
$this->redirectTo(osc_user_login_url());
}
}
// POST ITEM ( ADD ITEM )
$success = $mItems->add();
if ($success != 1 && $success != 2) {
osc_add_flash_error_message($success);
$this->redirectTo(osc_item_post_url());
} else {
Session::newInstance()->_dropkeepForm('meta_' . $key);
if ($success == 1) {
osc_add_flash_ok_message(_m('Check your inbox to validate your listing'));
} else {
osc_add_flash_ok_message(_m('Your listing has been published'));
}
$itemId = Params::getParam('itemId');
$item = $this->itemManager->findByPrimaryKey($itemId);
osc_run_hook('posted_item', $item);
$category = Category::newInstance()->findByPrimaryKey(Params::getParam('catId'));
View::newInstance()->_exportVariableToView('category', $category);
$this->redirectTo(osc_search_category_url());
}
break;
case 'item_edit':
// edit item
$secret = Params::getParam('secret');
$id = Params::getParam('id');
$item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", addslashes($id), addslashes($secret), addslashes($this->userId));
if (count($item) == 1) {
$item = Item::newInstance()->findByPrimaryKey($id);
$form = count(Session::newInstance()->_getForm());
$keepForm = count(Session::newInstance()->_getKeepForm());
if ($form == 0 || $form == $keepForm) {
Session::newInstance()->_dropKeepForm();
}
$this->_exportVariableToView('item', $item);
osc_run_hook("before_item_edit", $item);
$this->doView('item-edit.php');
} else {
// add a flash message [ITEM NO EXISTE]
osc_add_flash_error_message(_m("Sorry, we don't have any listings with that ID"));
if ($this->user != null) {
$this->redirectTo(osc_user_list_items_url());
} else {
$this->redirectTo(osc_base_url());
}
}
break;
case 'item_edit_post':
// recoger el secret y el
$secret = Params::getParam('secret');
$id = Params::getParam('id');
$item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", addslashes($id), addslashes($secret), addslashes($this->userId));
if (count($item) == 1) {
$this->_exportVariableToView('item', $item[0]);
$mItems = new ItemActions(false);
// prepare data for ADD ITEM
$mItems->prepareData(false);
// set all parameters into session
foreach ($mItems->data as $key => $value) {
Session::newInstance()->_setForm($key, $value);
}
$meta = Params::getParam('meta');
if (is_array($meta)) {
foreach ($meta as $key => $value) {
Session::newInstance()->_setForm('meta_' . $key, $value);
Session::newInstance()->_keepForm('meta_' . $key);
}
}
if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
$this->redirectTo(osc_item_edit_url());
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
$success = $mItems->edit();
osc_run_hook('edited_item', Item::newInstance()->findByPrimaryKey($id));
if ($success == 1) {
osc_add_flash_ok_message(_m("Great! We've just updated your listing"));
View::newInstance()->_exportVariableToView("item", Item::newInstance()->findByPrimaryKey($id));
$this->redirectTo(osc_item_url());
} else {
osc_add_flash_error_message($success);
$this->redirectTo(osc_item_edit_url($secret));
}
}
break;
case 'activate':
$secret = Params::getParam('secret');
$id = Params::getParam('id');
$item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s') OR (i.fk_i_user_id = '%d'))", addslashes($id), addslashes($secret), addslashes($this->userId));
// item doesn't exist
if (count($item) == 0) {
$this->do404();
return;
}
View::newInstance()->_exportVariableToView('item', $item[0]);
if ($item[0]['b_active'] == 0) {
// ACTIVETE ITEM
$mItems = new ItemActions(false);
$success = $mItems->activate($item[0]['pk_i_id'], $item[0]['s_secret']);
if ($success) {
osc_add_flash_ok_message(_m('The listing has been validated'));
} else {
osc_add_flash_error_message(_m("The listing can't be validated"));
}
} else {
osc_add_flash_warning_message(_m('The listing has already been validated'));
}
$this->redirectTo(osc_item_url());
break;
case 'item_delete':
$secret = Params::getParam('secret');
$id = Params::getParam('id');
$item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s') OR (i.fk_i_user_id = '%d'))", addslashes($id), addslashes($secret), addslashes($this->userId));
if (count($item) == 1) {
$mItems = new ItemActions(false);
$success = $mItems->delete($item[0]['s_secret'], $item[0]['pk_i_id']);
if ($success) {
osc_add_flash_ok_message(_m('Your listing has been deleted'));
} else {
osc_add_flash_error_message(_m("The listing you are trying to delete couldn't be deleted"));
}
if ($this->user != null) {
$this->redirectTo(osc_user_list_items_url());
} else {
$this->redirectTo(osc_base_url());
}
} else {
osc_add_flash_error_message(_m("The listing you are trying to delete couldn't be deleted"));
$this->redirectTo(osc_base_url());
}
break;
case 'mark':
$id = Params::getParam('id');
$as = Params::getParam('as');
$item = Item::newInstance()->findByPrimaryKey($id);
View::newInstance()->_exportVariableToView('item', $item);
require_once osc_lib_path() . 'osclass/user-agents.php';
foreach ($user_agents as $ua) {
if (preg_match('|' . $ua . '|', @$_SERVER['HTTP_USER_AGENT'])) {
// mark item if it's not a bot
$mItem = new ItemActions(false);
$mItem->mark($id, $as);
break;
}
}
osc_add_flash_ok_message(_m("Thanks! That's very helpful"));
$this->redirectTo(osc_item_url());
break;
case 'send_friend':
$item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
$this->_exportVariableToView('item', $item);
$this->doView('item-send-friend.php');
break;
case 'send_friend_post':
$item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
$this->_exportVariableToView('item', $item);
Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail'));
Session::newInstance()->_setForm("yourName", Params::getParam('yourName'));
Session::newInstance()->_setForm("friendName", Params::getParam('friendName'));
Session::newInstance()->_setForm("friendEmail", Params::getParam('friendEmail'));
Session::newInstance()->_setForm("message_body", Params::getParam('message'));
if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
$this->redirectTo(osc_item_send_friend_url());
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
$mItem = new ItemActions(false);
$success = $mItem->send_friend();
if ($success) {
Session::newInstance()->_clearVariables();
$this->redirectTo(osc_item_url());
} else {
$this->redirectTo(osc_item_send_friend_url());
}
break;
case 'contact':
$item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
if (empty($item)) {
osc_add_flash_error_message(_m("This listing doesn't exist"));
$this->redirectTo(osc_base_url(true));
} else {
$this->_exportVariableToView('item', $item);
if (osc_item_is_expired()) {
osc_add_flash_error_message(_m("We're sorry, but the listing has expired. You can't contact the seller"));
$this->redirectTo(osc_item_url());
}
if (osc_reg_user_can_contact() && osc_is_web_user_logged_in() || !osc_reg_user_can_contact()) {
$this->doView('item-contact.php');
} else {
osc_add_flash_error_message(_m("You can't contact the seller, only registered users can"));
$this->redirectTo(osc_item_url());
}
}
break;
case 'contact_post':
$item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
$this->_exportVariableToView('item', $item);
if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail'));
Session::newInstance()->_setForm("yourName", Params::getParam('yourName'));
Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber'));
Session::newInstance()->_setForm("message_body", Params::getParam('message'));
$this->redirectTo(osc_item_url());
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
if (osc_isExpired($item['dt_expiration'])) {
osc_add_flash_error_message(_m("We're sorry, but the listing has expired. You can't contact the seller"));
$this->redirectTo(osc_item_url());
}
$mItem = new ItemActions(false);
$result = $mItem->contact();
if (is_string($result)) {
osc_add_flash_error_message($result);
} else {
osc_add_flash_ok_message(_m("We've just sent an e-mail to the seller"));
}
$this->redirectTo(osc_item_url());
break;
case 'add_comment':
$mItem = new ItemActions(false);
$status = $mItem->add_comment();
switch ($status) {
case -1:
$msg = _m('Sorry, we could not save your comment. Try again later');
osc_add_flash_error_message($msg);
break;
case 1:
$msg = _m('Your comment is awaiting moderation');
osc_add_flash_info_message($msg);
break;
case 2:
$msg = _m('Your comment has been approved');
osc_add_flash_ok_message($msg);
break;
case 3:
$msg = _m('Please fill the required field (email)');
osc_add_flash_warning_message($msg);
break;
case 4:
$msg = _m('Please type a comment');
osc_add_flash_warning_message($msg);
break;
case 5:
$msg = _m('Your comment has been marked as spam');
osc_add_flash_error_message($msg);
break;
}
$this->redirectTo(osc_item_url());
break;
case 'delete_comment':
$mItem = new ItemActions(false);
$status = $mItem->add_comment();
$itemId = Params::getParam('id');
$commentId = Params::getParam('comment');
$item = Item::newInstance()->findByPrimaryKey($itemId);
if (count($item) == 0) {
osc_add_flash_error_message(_m("This listing doesn't exist"));
$this->redirectTo(osc_base_url(true));
}
View::newInstance()->_exportVariableToView('item', $item);
if ($this->userId == null) {
osc_add_flash_error_message(_m('You must be logged in to delete a comment'));
$this->redirectTo(osc_item_url());
}
$commentManager = ItemComment::newInstance();
$aComment = $commentManager->findByPrimaryKey($commentId);
if (count($aComment) == 0) {
osc_add_flash_error_message(_m("The comment doesn't exist"));
$this->redirectTo(osc_item_url());
}
if ($aComment['b_active'] != 1) {
osc_add_flash_error_message(_m('The comment is not active, you cannot delete it'));
$this->redirectTo(osc_item_url());
}
if ($aComment['fk_i_user_id'] != $this->userId) {
osc_add_flash_error_message(_m('The comment was not added by you, you cannot delete it'));
$this->redirectTo(osc_item_url());
}
$commentManager->deleteByPrimaryKey($commentId);
osc_add_flash_ok_message(_m('The comment has been deleted'));
$this->redirectTo(osc_item_url());
break;
default:
// if there isn't ID, show an error 404
if (Params::getParam('id') == '') {
$this->do404();
return;
}
if (Params::getParam('lang') != '') {
Session::newInstance()->_set('userLocale', Params::getParam('lang'));
}
$item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
// if item doesn't exist show an error 404
if (count($item) == 0) {
$this->do404();
return;
}
if ($item['b_active'] != 1) {
if ($this->userId == $item['fk_i_user_id']) {
osc_add_flash_warning_message(_m("The listing hasn't been validated. Please validate it in order to make it public"));
} else {
osc_add_flash_warning_message(_m("This listing hasn't been validated"));
$this->redirectTo(osc_base_url(true));
}
} else {
if ($item['b_enabled'] == 0) {
osc_add_flash_warning_message(_m('The listing has been suspended'));
$this->redirectTo(osc_base_url(true));
}
}
if (!osc_is_admin_user_logged_in()) {
require_once osc_lib_path() . 'osclass/user-agents.php';
foreach ($user_agents as $ua) {
if (preg_match('|' . $ua . '|', @$_SERVER['HTTP_USER_AGENT'])) {
$mStats = new ItemStats();
$mStats->increase('i_num_views', $item['pk_i_id']);
break;
}
}
}
foreach ($item['locale'] as $k => $v) {
$item['locale'][$k]['s_title'] = osc_apply_filter('item_title', $v['s_title']);
$item['locale'][$k]['s_description'] = nl2br(osc_apply_filter('item_description', $v['s_description']));
}
if ($item['fk_i_user_id'] != '') {
$user = User::newInstance()->findByPrimaryKey($item['fk_i_user_id']);
$this->_exportVariableToView('user', $user);
}
$this->_exportVariableToView('item', $item);
osc_run_hook('show_item', $item);
// redirect to the correct url just in case it has changed
$itemURI = str_replace(osc_base_url(), '', osc_item_url());
$URI = preg_replace('|^' . REL_WEB_URL . '|', '', $_SERVER['REQUEST_URI']);
// do not clean QUERY_STRING if permalink is not enabled
if (osc_rewrite_enabled()) {
$URI = str_replace('?' . $_SERVER['QUERY_STRING'], '', $URI);
} else {
$params_keep = array('page', 'id');
$params = array();
foreach (Params::getParamsAsArray('get') as $k => $v) {
if (in_array($k, $params_keep)) {
$params[] = "{$k}={$v}";
}
}
$URI = 'index.php?' . implode('&', $params);
}
// redirect to the correct url
if ($itemURI != $URI) {
$this->redirectTo(osc_base_url() . $itemURI);
}
$this->doView('item.php');
break;
}
}
/**
* Return an array with all data necessary for do the action (ADD OR EDIT)
* @param <type> $is_add
* @return array
*/
public function prepareData($is_add)
{
$aItem = array();
// prepare user
$userId = null;
if ($this->is_admin) {
if (Params::getParam('userId') != '') {
$userId = Params::getParam('userId');
}
} else {
$userId = Session::newInstance()->_get('userId');
if ($userId == '') {
$userId = NULL;
}
}
if ($is_add) {
// ADD
if ($this->is_admin) {
$active = 'ACTIVE';
} else {
if (osc_moderate_items() > 0) {
// HAS TO VALIDATE
if (!osc_is_web_user_logged_in()) {
// NO USER IS LOGGED, VALIDATE
$active = 'INACTIVE';
} else {
// USER IS LOGGED
if (osc_logged_user_item_validation()) {
//USER IS LOGGED, BUT NO NEED TO VALIDATE
$active = 'ACTIVE';
} else {
// USER IS LOGGED, NEED TO VALIDATE, CHECK NUMBER OF PREVIOUS ITEMS
$user = User::newInstance()->findByPrimaryKey(osc_logged_user_id());
if ($user['i_items'] < osc_moderate_items()) {
$active = 'INACTIVE';
} else {
$active = 'ACTIVE';
}
}
}
} else {
if (osc_moderate_items() == 0) {
if (osc_is_web_user_logged_in() && osc_logged_user_item_validation()) {
$active = 'ACTIVE';
} else {
$active = 'INACTIVE';
}
} else {
$active = 'ACTIVE';
}
}
}
if ($userId != null) {
$data = User::newInstance()->findByPrimaryKey($userId);
$aItem['contactName'] = $data['s_name'];
$aItem['contactEmail'] = $data['s_email'];
Params::setParam('contactName', $data['s_name']);
Params::setParam('contactEmail', $data['s_email']);
} else {
$aItem['contactName'] = Params::getParam('contactName');
$aItem['contactEmail'] = Params::getParam('contactEmail');
}
$aItem['active'] = $active;
$aItem['userId'] = $userId;
} else {
// EDIT
$aItem['secret'] = Params::getParam('secret');
$aItem['idItem'] = Params::getParam('id');
if ($userId != null) {
$data = User::newInstance()->findByPrimaryKey($userId);
$aItem['contactName'] = $data['s_name'];
$aItem['contactEmail'] = $data['s_email'];
Params::setParam('contactName', $data['s_name']);
Params::setParam('contactEmail', $data['s_email']);
} else {
$aItem['contactName'] = Params::getParam('contactName');
$aItem['contactEmail'] = Params::getParam('contactEmail');
}
$aItem['userId'] = $userId;
}
// get params
$aItem['catId'] = Params::getParam('catId');
$aItem['countryId'] = Params::getParam('countryId');
$aItem['country'] = Params::getParam('country');
$aItem['region'] = Params::getParam('region');
$aItem['regionId'] = Params::getParam('regionId');
$aItem['city'] = Params::getParam('city');
$aItem['cityId'] = Params::getParam('cityId');
$aItem['price'] = Params::getParam('price') != '' ? Params::getParam('price') : null;
$aItem['cityArea'] = Params::getParam('cityArea');
$aItem['address'] = Params::getParam('address');
$aItem['currency'] = Params::getParam('currency');
$aItem['showEmail'] = Params::getParam('showEmail') != '' ? 1 : 0;
$aItem['title'] = Params::getParam('title');
$aItem['description'] = Params::getParam('description');
$aItem['photos'] = Params::getFiles('photos');
// check params
$country = Country::newInstance()->findByCode($aItem['countryId']);
if (count($country) > 0) {
$countryId = $country['pk_c_code'];
$countryName = $country['s_name'];
} else {
$countryId = null;
$countryName = $aItem['country'];
}
$aItem['countryId'] = $countryId;
$aItem['countryName'] = $countryName;
if ($aItem['regionId'] != '') {
if (intval($aItem['regionId'])) {
$region = Region::newInstance()->findByPrimaryKey($aItem['regionId']);
if (count($region) > 0) {
$regionId = $region['pk_i_id'];
$regionName = $region['s_name'];
}
}
} else {
$regionId = null;
$regionName = $aItem['region'];
if ($aItem['countryId'] != '') {
$auxRegion = Region::newInstance()->findByName($aItem['region'], $aItem['countryId']);
if ($auxRegion) {
$regionId = $auxRegion['pk_i_id'];
$regionName = $auxRegion['s_name'];
}
}
}
$aItem['regionId'] = $regionId;
$aItem['regionName'] = $regionName;
if ($aItem['cityId'] != '') {
if (intval($aItem['cityId'])) {
$city = City::newInstance()->findByPrimaryKey($aItem['cityId']);
if (count($city) > 0) {
$cityId = $city['pk_i_id'];
$cityName = $city['s_name'];
}
}
} else {
$cityId = null;
$cityName = $aItem['city'];
if ($aItem['countryId'] != '') {
$auxCity = City::newInstance()->findByName($aItem['city'], $aItem['regionId']);
if ($auxCity) {
$cityId = $auxCity['pk_i_id'];
$cityName = $auxCity['s_name'];
}
}
}
$aItem['cityId'] = $cityId;
$aItem['cityName'] = $cityName;
if ($aItem['cityArea'] == '') {
$aItem['cityArea'] = null;
}
if ($aItem['address'] == '') {
$aItem['address'] = null;
}
if (!is_null($aItem['price'])) {
$price = str_replace(osc_locale_thousands_sep(), '', trim($aItem['price']));
$price = str_replace(osc_locale_dec_point(), '.', $price);
$aItem['price'] = $price * 1000000;
//$aItem['price'] = (float) $aItem['price'];
}
if ($aItem['catId'] == '') {
$aItem['catId'] = 0;
}
if ($aItem['currency'] == '') {
$aItem['currency'] = null;
}
$this->data = $aItem;
}
* the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
define('ABS_PATH', dirname($_SERVER['SCRIPT_FILENAME']) . '/');
require_once ABS_PATH . 'oc-load.php';
switch (Params::getParam('page')) {
case 'user':
// user pages (with security)
if (Params::getParam('action') == 'change_email_confirm' || Params::getParam('action') == 'unsub_alert' && !osc_is_web_user_logged_in()) {
require_once osc_base_path() . 'user-non-secure.php';
$do = new CWebUserNonSecure();
$do->doModel();
} else {
require_once osc_base_path() . 'user.php';
$do = new CWebUser();
$do->doModel();
}
break;
case 'item':
// item pages
require_once osc_base_path() . 'item.php';
$do = new CWebItem();
$do->doModel();
break;
public static function ajaxPayment()
{
$status = self::processPayment();
$data = payment_get_custom(Params::getParam('extra'));
$product_type = explode('x', $data['product']);
if ($status == PAYMENT_COMPLETED) {
osc_add_flash_ok_message(sprintf(__('Success! Please write down this transaction ID in case you have any problem: %s', 'payment'), Params::getParam('stripe_transaction_id')));
if ($product_type[0] == 101) {
$item = Item::newInstance()->findByPrimaryKey($product_type[2]);
$category = Category::newInstance()->findByPrimaryKey($item['fk_i_category_id']);
View::newInstance()->_exportVariableToView('category', $category);
payment_js_redirect_to(osc_search_category_url());
} else {
if ($product_type[0] == 201) {
if (osc_is_web_user_logged_in()) {
payment_js_redirect_to(osc_route_url('payment-user-menu'));
} else {
View::newInstance()->_exportVariableToView('item', Item::newInstance()->findByPrimaryKey($product_type[2]));
payment_js_redirect_to(osc_item_url());
}
} else {
if (osc_is_web_user_logged_in()) {
payment_js_redirect_to(osc_route_url('payment-user-pack'));
} else {
// THIS SHOULD NOT HAPPEN
payment_js_redirect_to(osc_base_path());
}
}
}
} else {
if ($status == PAYMENT_ALREADY_PAID) {
osc_add_flash_warning_message(__('Warning! This payment was already paid', 'payment'));
} else {
osc_add_flash_error_message(_e('There were an error processing your payment', 'payment'));
}
if ($product_type[0] == 301) {
if (osc_is_web_user_logged_in()) {
payment_js_redirect_to(osc_route_url('payment-user-pack'));
} else {
// THIS SHOULD NOT HAPPEN
payment_js_redirect_to(osc_base_path());
}
} else {
if (osc_is_web_user_logged_in()) {
payment_js_redirect_to(osc_route_url('payment-user-menu'));
} else {
View::newInstance()->_exportVariableToView('item', Item::newInstance()->findByPrimaryKey($product_type[2]));
payment_js_redirect_to(osc_item_url());
}
}
}
}
function doModel()
{
//calling the view...
$locales = OSCLocale::newInstance()->listAllEnabled();
$this->_exportVariableToView('locales', $locales);
switch ($this->action) {
case 'item_add':
// post
if (osc_reg_user_post() && $this->user == null) {
// CHANGEME: This text
osc_add_flash_error_message(_m('Only registered users are allowed to post items'));
$this->redirectTo(osc_user_login_url());
}
$countries = Country::newInstance()->listAll();
$regions = array();
if (isset($this->user['fk_c_country_code']) && $this->user['fk_c_country_code'] != '') {
$regions = Region::newInstance()->getByCountry($this->user['fk_c_country_code']);
} else {
if (count($countries) > 0) {
$regions = Region::newInstance()->getByCountry($countries[0]['pk_c_code']);
}
}
$cities = array();
if (isset($this->user['fk_i_region_id']) && $this->user['fk_i_region_id'] != '') {
$cities = City::newInstance()->listWhere("fk_i_region_id = %d", $this->user['fk_i_region_id']);
} else {
if (count($regions) > 0) {
$cities = City::newInstance()->listWhere("fk_i_region_id = %d", $regions[0]['pk_i_id']);
}
}
$this->_exportVariableToView('countries', $countries);
$this->_exportVariableToView('regions', $regions);
$this->_exportVariableToView('cities', $cities);
$form = count(Session::newInstance()->_getForm());
$keepForm = count(Session::newInstance()->_getKeepForm());
if ($form == 0 || $form == $keepForm) {
Session::newInstance()->_dropKeepForm();
}
if (Session::newInstance()->_getForm('countryId') != "") {
$countryId = Session::newInstance()->_getForm('countryId');
$regions = Region::newInstance()->getByCountry($countryId);
$this->_exportVariableToView('regions', $regions);
if (Session::newInstance()->_getForm('regionId') != "") {
$regionId = Session::newInstance()->_getForm('regionId');
$cities = City::newInstance()->listWhere("fk_i_region_id = %d", $regionId);
$this->_exportVariableToView('cities', $cities);
}
}
$this->_exportVariableToView('user', $this->user);
osc_run_hook('post_item');
$this->doView('item-post.php');
break;
case 'item_add_post':
//post_item
if (osc_reg_user_post() && $this->user == null) {
osc_add_flash_error_message(_m('Only registered users are allowed to post items'));
$this->redirectTo(osc_base_url(true));
}
$mItems = new ItemActions(false);
// prepare data for ADD ITEM
$mItems->prepareData(true);
// set all parameters into session
foreach ($mItems->data as $key => $value) {
Session::newInstance()->_setForm($key, $value);
}
$meta = Params::getParam('meta');
if (is_array($meta)) {
foreach ($meta as $key => $value) {
Session::newInstance()->_setForm('meta_' . $key, $value);
Session::newInstance()->_keepForm('meta_' . $key);
}
}
if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
$this->redirectTo(osc_item_post_url());
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
// POST ITEM ( ADD ITEM )
$success = $mItems->add();
if ($success != 1 && $success != 2) {
osc_add_flash_error_message($success);
$this->redirectTo(osc_item_post_url());
} else {
Session::newInstance()->_dropkeepForm('meta_' . $key);
if ($success == 1) {
osc_add_flash_ok_message(_m('Check your inbox to verify your email address'));
} else {
osc_add_flash_ok_message(_m('Your item has been published'));
}
$itemId = Params::getParam('itemId');
$item = $this->itemManager->findByPrimaryKey($itemId);
osc_run_hook('posted_item', $item);
$category = Category::newInstance()->findByPrimaryKey(Params::getParam('catId'));
View::newInstance()->_exportVariableToView('category', $category);
$this->redirectTo(osc_search_category_url());
}
break;
case 'item_edit':
// edit item
$secret = Params::getParam('secret');
$id = Params::getParam('id');
$item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId);
if (count($item) == 1) {
$item = Item::newInstance()->findByPrimaryKey($id);
$form = count(Session::newInstance()->_getForm());
$keepForm = count(Session::newInstance()->_getKeepForm());
if ($form == 0 || $form == $keepForm) {
Session::newInstance()->_dropKeepForm();
}
$this->_exportVariableToView('item', $item);
osc_run_hook("before_item_edit", $item);
$this->doView('item-edit.php');
} else {
// add a flash message [ITEM NO EXISTE]
osc_add_flash_error_message(_m('Sorry, we don\'t have any items with that ID'));
if ($this->user != null) {
$this->redirectTo(osc_user_list_items_url());
} else {
$this->redirectTo(osc_base_url());
}
}
break;
case 'item_edit_post':
// recoger el secret y el
$secret = Params::getParam('secret');
$id = Params::getParam('id');
$item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId);
if (count($item) == 1) {
$this->_exportVariableToView('item', $item[0]);
$mItems = new ItemActions(false);
// prepare data for ADD ITEM
$mItems->prepareData(false);
// set all parameters into session
foreach ($mItems->data as $key => $value) {
Session::newInstance()->_setForm($key, $value);
}
$meta = Params::getParam('meta');
if (is_array($meta)) {
foreach ($meta as $key => $value) {
Session::newInstance()->_setForm('meta_' . $key, $value);
Session::newInstance()->_keepForm('meta_' . $key);
}
}
if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
$this->redirectTo(osc_item_post_url());
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
$success = $mItems->edit();
osc_run_hook('edited_item', Item::newInstance()->findByPrimaryKey($id));
if ($success == 1) {
osc_add_flash_ok_message(_m('Great! We\'ve just updated your item'));
$this->redirectTo(osc_base_url(true) . "?page=item&id={$id}");
} else {
osc_add_flash_error_message($success);
$this->redirectTo(osc_item_edit_url($secret));
}
}
break;
case 'activate':
$secret = Params::getParam('secret');
$id = Params::getParam('id');
$item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId);
View::newInstance()->_exportVariableToView('item', $item[0]);
if ($item[0]['b_active'] == 0) {
// ACTIVETE ITEM
$mItems = new ItemActions(false);
$success = $mItems->activate($item[0]['pk_i_id'], $item[0]['s_secret']);
if ($success) {
osc_add_flash_ok_message(_m('The item has been validated'));
} else {
osc_add_flash_error_message(_m('The item can\'t be validated'));
}
} else {
osc_add_flash_error_message(_m('The item has already been validated'));
}
$this->redirectTo(osc_item_url());
break;
case 'item_delete':
$secret = Params::getParam('secret');
$id = Params::getParam('id');
$item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId);
if (count($item) == 1) {
$mItems = new ItemActions(false);
$success = $mItems->delete($item[0]['s_secret'], $item[0]['pk_i_id']);
if ($success) {
osc_add_flash_ok_message(_m('Your item has been deleted'));
} else {
osc_add_flash_error_message(_m('The item you are trying to delete couldn\'t be deleted'));
}
if ($this->user != null) {
$this->redirectTo(osc_user_list_items_url());
} else {
$this->redirectTo(osc_base_url());
}
} else {
osc_add_flash_error_message(_m('The item you are trying to delete couldn\'t be deleted'));
$this->redirectTo(osc_base_url());
}
break;
case 'mark':
$mItem = new ItemActions(false);
$id = Params::getParam('id');
$as = Params::getParam('as');
$item = Item::newInstance()->findByPrimaryKey($id);
View::newInstance()->_exportVariableToView('item', $item);
$mItem->mark($id, $as);
osc_add_flash_ok_message(_m('Thanks! That\'s very helpful'));
$this->redirectTo(osc_item_url());
break;
case 'send_friend':
$item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
$this->_exportVariableToView('item', $item);
$this->doView('item-send-friend.php');
break;
case 'send_friend_post':
$item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
$this->_exportVariableToView('item', $item);
Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail'));
Session::newInstance()->_setForm("yourName", Params::getParam('yourName'));
Session::newInstance()->_setForm("friendName", Params::getParam('friendName'));
Session::newInstance()->_setForm("friendEmail", Params::getParam('friendEmail'));
Session::newInstance()->_setForm("message_body", Params::getParam('message'));
if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
$this->redirectTo(osc_item_send_friend_url());
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
$mItem = new ItemActions(false);
$success = $mItem->send_friend();
if ($success) {
Session::newInstance()->_clearVariables();
$this->redirectTo(osc_item_url());
} else {
$this->redirectTo(osc_item_send_friend_url());
}
break;
case 'contact':
$item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
if (empty($item)) {
osc_add_flash_error_message(_m('This item doesn\'t exist'));
$this->redirectTo(osc_base_url(true));
} else {
$this->_exportVariableToView('item', $item);
if (osc_item_is_expired()) {
osc_add_flash_error_message(_m('We\'re sorry, but the item has expired. You can\'t contact the seller'));
$this->redirectTo(osc_item_url());
}
if (osc_reg_user_can_contact() && osc_is_web_user_logged_in() || !osc_reg_user_can_contact()) {
$this->doView('item-contact.php');
} else {
osc_add_flash_error_message(_m('You can\'t contact the seller, only registered users can'));
$this->redirectTo(osc_item_url());
}
}
break;
case 'contact_post':
$item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
$this->_exportVariableToView('item', $item);
if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail'));
Session::newInstance()->_setForm("yourName", Params::getParam('yourName'));
Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber'));
Session::newInstance()->_setForm("message_body", Params::getParam('message'));
$this->redirectTo(osc_item_url());
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
$category = Category::newInstance()->findByPrimaryKey($item['fk_i_category_id']);
if ($category['i_expiration_days'] > 0) {
$item_date = strtotime($item['dt_pub_date']) + $category['i_expiration_days'] * (24 * 3600);
$date = time();
if ($item_date < $date && $item['b_premium'] != 1) {
// The item is expired, we can not contact the seller
osc_add_flash_error_message(_m('We\'re sorry, but the item has expired. You can\'t contact the seller'));
$this->redirectTo(osc_item_url());
}
}
$mItem = new ItemActions(false);
$result = $mItem->contact();
if (is_string($result)) {
osc_add_flash_error_message($result);
} else {
osc_add_flash_ok_message(_m('We\'ve just sent an e-mail to the seller'));
}
$this->redirectTo(osc_item_url());
break;
case 'add_comment':
$mItem = new ItemActions(false);
$status = $mItem->add_comment();
switch ($status) {
case -1:
$msg = _m('Sorry, we could not save your comment. Try again later');
osc_add_flash_error_message($msg);
break;
case 1:
$msg = _m('Your comment is awaiting moderation');
osc_add_flash_error_message($msg);
break;
case 2:
$msg = _m('Your comment has been approved');
osc_add_flash_ok_message($msg);
break;
case 3:
$msg = _m('Please fill the required fields (name, email)');
osc_add_flash_error_message($msg);
break;
case 4:
$msg = _m('Please type a comment');
osc_add_flash_error_message($msg);
break;
case 5:
$msg = _m('Your comment has been marked as spam');
osc_add_flash_error_message($msg);
break;
}
$this->redirectTo(osc_item_url());
break;
case 'delete_comment':
$mItem = new ItemActions(false);
$status = $mItem->add_comment();
$itemId = Params::getParam('id');
$commentId = Params::getParam('comment');
$item = Item::newInstance()->findByPrimaryKey($itemId);
if (count($item) == 0) {
osc_add_flash_error_message(_m('This item doesn\'t exist'));
$this->redirectTo(osc_base_url(true));
}
View::newInstance()->_exportVariableToView('item', $item);
if ($this->userId == null) {
osc_add_flash_error_message(_m('You must be logged in to delete a comment'));
$this->redirectTo(osc_item_url());
}
$commentManager = ItemComment::newInstance();
$aComment = $commentManager->findByPrimaryKey($commentId);
if (count($aComment) == 0) {
osc_add_flash_error_message(_m('The comment doesn\'t exist'));
$this->redirectTo(osc_item_url());
}
if ($aComment['b_active'] != 1) {
osc_add_flash_error_message(_m('The comment is not active, you cannot delete it'));
$this->redirectTo(osc_item_url());
}
if ($aComment['fk_i_user_id'] != $this->userId) {
osc_add_flash_error_message(_m('The comment was not added by you, you cannot delete it'));
$this->redirectTo(osc_item_url());
}
$commentManager->deleteByPrimaryKey($commentId);
osc_add_flash_ok_message(_m('The comment has been deleted'));
$this->redirectTo(osc_item_url());
break;
default:
if (Params::getParam('id') == '') {
$this->redirectTo(osc_base_url());
}
if (Params::getParam('lang') != '') {
Session::newInstance()->_set('userLocale', Params::getParam('lang'));
}
$item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
// if item doesn't exist redirect to base url
if (count($item) == 0) {
osc_add_flash_error_message(_m('This item doesn\'t exist'));
$this->redirectTo(osc_base_url(true));
} else {
if ($item['b_active'] != 1) {
if ($this->userId == $item['fk_i_user_id']) {
osc_add_flash_error_message(_m('The item hasn\'t been validated. Please validate it in order to show it to the rest of users'));
} else {
osc_add_flash_error_message(_m('This item hasn\'t been validated'));
$this->redirectTo(osc_base_url(true));
}
} else {
if ($item['b_enabled'] == 0) {
osc_add_flash_error_message(_m('The item has been suspended'));
$this->redirectTo(osc_base_url(true));
}
}
$mStats = new ItemStats();
$mStats->increase('i_num_views', $item['pk_i_id']);
foreach ($item['locale'] as $k => $v) {
$item['locale'][$k]['s_title'] = osc_apply_filter('item_title', $v['s_title']);
$item['locale'][$k]['s_description'] = nl2br(osc_apply_filter('item_description', $v['s_description']));
}
$this->_exportVariableToView('items', array($item));
osc_run_hook('show_item', $item);
$this->doView('item.php');
}
break;
case 'dashboard':
//dashboard...
break;
}
}
echo osc_route_url('seller-items', array('seller' => osc_item_user_id()));
?>
" >See other items from seller</a>
<?php
}
?>
<a href="<?php
echo osc_route_url('watchlist');
?>
" >Check my Watchlist</a>
<?php
if (osc_comments_enabled()) {
?>
<?php
if (osc_reg_user_post_comments() && osc_is_web_user_logged_in() || !osc_reg_user_post_comments()) {
?>
<?php
if (nc_osc_show_fb_comment()) {
?>
<div class="fb-comments"
data-href="<?php
echo getUrl();
?>
"
data-numposts="5" data-colorscheme="light">
</div>
<?php
} else {
?>
function profile_picture_upload()
{
// Configuration - Your Options ///////////////////////////////////////////////////////
// Specify display width of picture (height will be automatically calculated proprotionally)
$maxwidth = '120';
$allowed_filetypes = array('.jpg', '.gif', '.bmp', '.png');
// These will be the types of file that will pass the validation.
$max_filesize = 524288;
// Maximum filesize in BYTES (currently 0.5MB).
$upload_path = osc_plugins_path() . 'profile_picture/images/';
$button_text = __('Upload Profile Picture', 'flatter');
////// ***** No modifications below here should be needed ***** /////////////////////
// First, check to see if user has existing profile picture...
$user_id = osc_logged_user_id();
// the user id of the user profile we're at
$conn = getConnection();
$result = $conn->osc_dbFetchResult("SELECT user_id, pic_ext FROM %st_profile_picture WHERE user_id = '%d' ", DB_TABLE_PREFIX, $user_id);
if ($result > 0) {
list($width, $height, $type, $attr) = getimagesize($upload_path . 'profile' . $user_id . $result['pic_ext']);
// Calculate display heigh/width based on max size specified
$ratio = $width / $height;
$height = $maxwidth / $ratio;
echo '<script language="javascript">function ShowDiv(){document.getElementById("HiddenDiv").style.display = \'\';}</script>';
echo '<script language="javascript">function deletePhoto(){document.forms["deleteForm"].submit();}</script>';
$modtime = filemtime($upload_path . 'profile' . $user_id . $result['pic_ext']);
//ensures browser cache is refreshed if newer version of picture exists
echo '<img src="' . osc_base_url() . 'oc-content/plugins/profile_picture/images/profile' . $user_id . $result['pic_ext'] . '?' . $modtime . '" width="' . $maxwidth . '" height="' . $height . '">';
// display picture
} else {
// show default photo since they haven't uploaded one
echo '<img src="' . osc_base_url() . 'oc-content/plugins/profile_picture/no_picture.jpg" width="' . $width . '" height="' . $height . '">';
}
if (osc_is_web_user_logged_in()) {
if ($result > 0) {
echo '<div><a class="upload" href="javascript:ShowDiv();"><i class="fa fa-cog"></i> ' . __('Change picture', 'flatter') . '</a><a class="pdelete" href="javascript:deletePhoto();"><i class="fa fa-times"></i> ' . __('Delete', 'flatter') . '</a></div>';
echo '<div id="HiddenDiv" style="display:none;">';
// hides form if user already has a profile picture and displays a link to form instead
}
$url = !empty($_SERVER['HTTPS']) ? "https://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] : "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
echo '
<form name="newpic" method="post" enctype="multipart/form-data" action="' . $url . '">
<input type="file" name="userfile" id="file"><br>
<input class="btn btn-primary" name="Submit" type="submit" value="' . $button_text . '">
</form>
<form name="deleteForm" method="POST" action="' . $url . '"><input type="hidden" name="deletePhoto"></form>
';
//echo
if ($result > 0) {
echo '</div>';
}
}
//if logged-in
if (isset($_POST['Submit'])) {
$filename = $_FILES['userfile']['name'];
// Get the name of the file (including file extension).
$ext = substr($filename, strpos($filename, '.'), strlen($filename) - 1);
// Get the extension from the filename.
// Check if the filetype is allowed, if not DIE and inform the user.
if (!in_array($ext, $allowed_filetypes)) {
die('The file you attempted to upload is not allowed.');
}
// Now check the filesize, if it is too large then DIE and inform the user.
if (filesize($_FILES['userfile']['tmp_name']) > $max_filesize) {
die('The file you attempted to upload is too large.');
}
// Check if we can upload to the specified path, if not DIE and inform the user.
if (!is_writable($upload_path)) {
die('You cannot upload to the specified directory, please CHMOD it to 777.');
}
// Upload the file to your specified path.
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_path . 'profile' . $user_id . $ext)) {
if ($result == 0) {
$conn->osc_dbExec("INSERT INTO %st_profile_picture (user_id, pic_ext) VALUES ('%d', '%s')", DB_TABLE_PREFIX, $user_id, $ext);
} else {
$conn->osc_dbExec("UPDATE %st_profile_picture SET pic_ext = '%s' WHERE user_id = '%d' ", DB_TABLE_PREFIX, $ext, $user_id);
}
echo '<script type="text/javascript">window.location = document.URL;</script>';
} else {
echo 'There was an error during the file upload. Please try again.';
// It failed :(.
}
}
if (isset($_POST['deletePhoto'])) {
$conn->osc_dbExec("DELETE FROM %st_profile_picture WHERE user_id = '%d' ", DB_TABLE_PREFIX, $user_id);
echo '<script type="text/javascript">window.location = document.URL;</script>';
}
}
<?php
$is_expired = osc_item_is_expired();
$is_user = osc_logged_user_id() != osc_item_user_id();
$is_can_contact = osc_reg_user_can_contact() && osc_is_web_user_logged_in() || !osc_reg_user_can_contact();
$is_comments_enabled = osc_comments_enabled();
$is_can_comment = osc_reg_user_post_comments() && osc_is_web_user_logged_in() || !osc_reg_user_post_comments();
?>
<!DOCTYPE html>
<html dir="ltr" lang="<?php
echo str_replace('_', '-', osc_current_user_locale());
?>
">
<head>
<?php
osc_current_web_theme_path('head.php');
?>
<script type="text/javascript" src="<?php
echo osc_current_web_theme_js_url('fancybox/jquery.fancybox-1.3.4.js');
?>
"></script>
<script type="text/javascript" src="<?php
echo osc_current_web_theme_js_url('bootstrap-modal.js');
?>
"></script>
<link href="<?php
echo osc_current_web_theme_js_url('fancybox/jquery.fancybox-1.3.4.css');
?>
" rel="stylesheet" type="text/css" />
<script type="text/javascript">
$(document).ready(function(){
function osclass_pm_supertoolbar()
{
if (!osc_is_web_user_logged_in()) {
return false;
}
/*if( Rewrite::newInstance()->get_location() != 'item' ) {
return false;
}*/
//if( osc_item_user_id() != osc_logged_user_id() ) {
// return false;
//}
$toolbar = SuperToolBar::newInstance();
$newPMs = ModelPM::newInstance()->getRecipientMessages(osc_logged_user_id(), 1, 1, 'pm_id', 'DESC');
$countPMs = count($newPMs);
$pm_url = osc_render_file_url(osc_plugin_folder(__FILE__) . 'user-inbox.php');
$totalNew = '';
if ($countPMs > 0) {
$totalNew = '(' . $countPMs . ')';
}
$toolbar->addOption('<a href="' . $pm_url . '" />' . __('Inbox', 'osclass_pm') . ' ' . $totalNew . '</a>');
}
function seo_item_edit($catId = null, $item_id = null)
{
$allow_custom_meta = osc_get_preference('allSeo_allow_custom_meta', 'plugin-all_in_one');
if ($allow_custom_meta == 1 or osc_is_admin_user_logged_in()) {
include_once 'item_edit.php';
} else {
if ($allow_custom_meta == 2 and osc_is_web_user_logged_in() or osc_is_admin_user_logged_in()) {
include_once 'item_edit.php';
}
}
}
function doModel()
{
//specific things for this class
switch ($this->action) {
case 'bulk_actions':
break;
case 'regions':
//Return regions given a countryId
$regions = Region::newInstance()->findByCountry(Params::getParam("countryId"));
echo json_encode($regions);
break;
case 'cities':
//Returns cities given a regionId
$cities = City::newInstance()->findByRegion(Params::getParam("regionId"));
echo json_encode($cities);
break;
case 'location':
// This is the autocomplete AJAX
$cities = City::newInstance()->ajax(Params::getParam("term"));
foreach ($cities as $k => $city) {
$cities[$k]['label'] = $city['label'] . " (" . $city['region'] . ")";
}
echo json_encode($cities);
break;
case 'location_countries':
// This is the autocomplete AJAX
$countries = Country::newInstance()->ajax(Params::getParam("term"));
echo json_encode($countries);
break;
case 'location_regions':
// This is the autocomplete AJAX
$regions = Region::newInstance()->ajax(Params::getParam("term"), Params::getParam("country"));
echo json_encode($regions);
break;
case 'location_cities':
// This is the autocomplete AJAX
$cities = City::newInstance()->ajax(Params::getParam("term"), Params::getParam("region"));
echo json_encode($cities);
break;
case 'delete_image':
// Delete images via AJAX
$ajax_photo = Params::getParam('ajax_photo');
$id = Params::getParam('id');
$item = Params::getParam('item');
$code = Params::getParam('code');
$secret = Params::getParam('secret');
$json = array();
if ($ajax_photo != '') {
$files = Session::newInstance()->_get('ajax_files');
$success = false;
foreach ($files as $uuid => $file) {
if ($file == $ajax_photo) {
$filename = $files[$uuid];
unset($files[$uuid]);
Session::newInstance()->_set('ajax_files', $files);
$success = @unlink(osc_content_path() . 'uploads/temp/' . $filename);
break;
}
}
echo json_encode(array('success' => $success, 'msg' => $success ? _m('The selected photo has been successfully deleted') : _m("The selected photo couldn't be deleted")));
return false;
}
if (Session::newInstance()->_get('userId') != '') {
$userId = Session::newInstance()->_get('userId');
$user = User::newInstance()->findByPrimaryKey($userId);
} else {
$userId = null;
$user = null;
}
// Check for required fields
if (!(is_numeric($id) && is_numeric($item) && preg_match('/^([a-z0-9]+)$/i', $code))) {
$json['success'] = false;
$json['msg'] = _m("The selected photo couldn't be deleted, the url doesn't exist");
echo json_encode($json);
return false;
}
$aItem = Item::newInstance()->findByPrimaryKey($item);
// Check if the item exists
if (count($aItem) == 0) {
$json['success'] = false;
$json['msg'] = _m("The listing doesn't exist");
echo json_encode($json);
return false;
}
if (!osc_is_admin_user_logged_in()) {
// Check if the item belong to the user
if ($userId != null && $userId != $aItem['fk_i_user_id']) {
$json['success'] = false;
$json['msg'] = _m("The listing doesn't belong to you");
echo json_encode($json);
return false;
}
// Check if the secret passphrase match with the item
if ($userId == null && $aItem['fk_i_user_id'] == null && $secret != $aItem['s_secret']) {
$json['success'] = false;
$json['msg'] = _m("The listing doesn't belong to you");
echo json_encode($json);
return false;
}
}
// Does id & code combination exist?
$result = ItemResource::newInstance()->existResource($id, $code);
if ($result > 0) {
$resource = ItemResource::newInstance()->findByPrimaryKey($id);
if ($resource['fk_i_item_id'] == $item) {
// Delete: file, db table entry
if (defined(OC_ADMIN)) {
osc_deleteResource($id, true);
Log::newInstance()->insertLog('ajax', 'deleteimage', $id, $id, 'admin', osc_logged_admin_id());
} else {
osc_deleteResource($id, false);
Log::newInstance()->insertLog('ajax', 'deleteimage', $id, $id, 'user', osc_logged_user_id());
}
ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $item, 's_name' => $code));
$json['msg'] = _m('The selected photo has been successfully deleted');
$json['success'] = 'true';
} else {
$json['msg'] = _m("The selected photo does not belong to you");
$json['success'] = 'false';
}
} else {
$json['msg'] = _m("The selected photo couldn't be deleted");
$json['success'] = 'false';
}
echo json_encode($json);
return true;
break;
case 'alerts':
// Allow to register to an alert given (not sure it's used on admin)
$encoded_alert = Params::getParam("alert");
$alert = osc_decrypt_alert(base64_decode($encoded_alert));
// check alert integrity / signature
$stringToSign = osc_get_alert_public_key() . $encoded_alert;
$signature = hex2b64(hmacsha1(osc_get_alert_private_key(), $stringToSign));
$server_signature = Session::newInstance()->_get('alert_signature');
if ($server_signature != $signature) {
echo '-2';
return false;
}
$email = Params::getParam("email");
$userid = Params::getParam("userid");
if (osc_is_web_user_logged_in()) {
$userid = osc_logged_user_id();
$user = User::newInstance()->findByPrimaryKey($userid);
$email = $user['s_email'];
}
if ($alert != '' && $email != '') {
if (osc_validate_email($email)) {
$secret = osc_genRandomPassword();
if ($alertID = Alerts::newInstance()->createAlert($userid, $email, $alert, $secret)) {
if ((int) $userid > 0) {
$user = User::newInstance()->findByPrimaryKey($userid);
if ($user['b_active'] == 1 && $user['b_enabled'] == 1) {
Alerts::newInstance()->activate($alertID);
echo '1';
return true;
} else {
echo '-1';
return false;
}
} else {
$aAlert = Alerts::newInstance()->findByPrimaryKey($alertID);
osc_run_hook('hook_email_alert_validation', $aAlert, $email, $secret);
}
echo "1";
} else {
echo "0";
}
return true;
} else {
echo '-1';
return false;
}
}
echo '0';
return false;
break;
case 'runhook':
// run hooks
$hook = Params::getParam('hook');
if ($hook == '') {
echo json_encode(array('error' => 'hook parameter not defined'));
break;
}
switch ($hook) {
case 'item_form':
osc_run_hook('item_form', Params::getParam('catId'));
break;
case 'item_edit':
$catId = Params::getParam("catId");
$itemId = Params::getParam("itemId");
osc_run_hook("item_edit", $catId, $itemId);
break;
default:
osc_run_hook('ajax_' . $hook);
break;
}
break;
case 'custom':
// Execute via AJAX custom file
if (Params::existParam('route')) {
$routes = Rewrite::newInstance()->getRoutes();
$rid = Params::getParam('route');
$file = '../';
if (isset($routes[$rid]) && isset($routes[$rid]['file'])) {
$file = $routes[$rid]['file'];
}
} else {
// DEPRECATED: Disclosed path in URL is deprecated, use routes instead
// This will be REMOVED in 3.4
$file = Params::getParam('ajaxfile');
}
if ($file == '') {
echo json_encode(array('error' => 'no action defined'));
break;
}
// valid file?
if (strpos($file, '../') !== false || strpos($file, '..\\') !== false || stripos($file, '/admin/') !== false) {
//If the file is inside an "admin" folder, it should NOT be opened in frontend
echo json_encode(array('error' => 'no valid ajaxFile'));
break;
}
if (!file_exists(osc_plugins_path() . $file)) {
echo json_encode(array('error' => "ajaxFile doesn't exist"));
break;
}
require_once osc_plugins_path() . $file;
break;
case 'check_username_availability':
$username = osc_sanitize_username(Params::getParam('s_username'));
if (!osc_is_username_blacklisted($username)) {
$user = User::newInstance()->findByUsername($username);
if (isset($user['s_username'])) {
echo json_encode(array('exists' => 1, 's_username' => $username));
} else {
echo json_encode(array('exists' => 0, 's_username' => $username));
}
} else {
echo json_encode(array('exists' => 1, 's_username' => $username));
}
break;
case 'ajax_upload':
// Include the uploader class
require_once LIB_PATH . "AjaxUploader.php";
$uploader = new AjaxUploader();
$original = pathinfo($uploader->getOriginalName());
$filename = uniqid("qqfile_") . "." . $original['extension'];
$result = $uploader->handleUpload(osc_content_path() . 'uploads/temp/' . $filename);
$result['uploadName'] = $filename;
echo htmlspecialchars(json_encode($result), ENT_NOQUOTES);
break;
case 'ajax_validate':
$id = Params::getParam('id');
if (!is_numeric($id)) {
echo json_encode(array('success' => false));
die;
}
$secret = Params::getParam('secret');
$item = Item::newInstance()->findByPrimaryKey($id);
if ($item['s_secret'] != $secret) {
echo json_encode(array('success' => false));
die;
}
$nResources = ItemResource::newInstance()->countResources($id);
$result = array('success' => $nResources < osc_max_images_per_item(), 'count' => $nResources);
echo json_encode($result);
break;
case 'delete_ajax_upload':
$files = Session::newInstance()->_get('ajax_files');
$success = false;
$filename = '';
if (isset($files[Params::getParam('qquuid')]) && $files[Params::getParam('qquuid')] != '') {
$filename = $files[Params::getParam('qquuid')];
unset($files[Params::getParam('qquuid')]);
Session::newInstance()->_set('ajax_files', $files);
$success = @unlink(osc_content_path() . 'uploads/temp/' . $filename);
}
echo json_encode(array('success' => $success, 'uploadName' => $filename));
break;
default:
echo json_encode(array('error' => __('no action defined')));
break;
}
// clear all keep variables into session
Session::newInstance()->_dropKeepForm();
Session::newInstance()->_clearVariables();
}
<?php
$i_userId = osc_logged_user_id();
if (Params::getParam('delete') != '' && osc_is_web_user_logged_in()) {
delete_item(Params::getParam('delete'), $i_userId);
}
$itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 5;
$iPage = Params::getParam('iPage') != '' ? Params::getParam('iPage') : 0;
Search::newInstance()->addConditions(sprintf("%st_item_watchlist.fk_i_user_id = %d", DB_TABLE_PREFIX, $i_userId));
Search::newInstance()->addConditions(sprintf("%st_item_watchlist.fk_i_item_id = %st_item.pk_i_id", DB_TABLE_PREFIX, DB_TABLE_PREFIX));
Search::newInstance()->addTable(sprintf("%st_item_watchlist", DB_TABLE_PREFIX));
Search::newInstance()->page($iPage, $itemsPerPage);
$aItems = Search::newInstance()->doSearch();
$iTotalItems = Search::newInstance()->count();
$iNumPages = ceil($iTotalItems / $itemsPerPage);
View::newInstance()->_exportVariableToView('items', $aItems);
View::newInstance()->_exportVariableToView('search_total_pages', $iNumPages);
View::newInstance()->_exportVariableToView('search_page', $iPage);
// delete item from watchlist
function delete_item($item, $uid)
{
$conn = getConnection();
$conn->osc_dbExec("DELETE FROM %st_item_watchlist WHERE fk_i_item_id = %d AND fk_i_user_id = %d LIMIT 1", DB_TABLE_PREFIX, $item, $uid);
}
?>
<div class="row">
<?php
osc_current_web_theme_path('user-sidebar.php');
?>
<div class="col-sm-8 col-md-9">
<h1 class="title">
* modify it under the terms of the GNU Affero General Public License
* as published by the Free Software Foundation, either version 3 of
* the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
?>
<div id="sidebar" class="columns">
<?php
if (!osc_is_web_user_logged_in() || osc_logged_user_id() != osc_item_user_id()) {
?>
<form action="<?php
echo osc_base_url(true);
?>
" method="post" name="mask_as_form" id="mask_as_form">
<input type="hidden" name="id" value="<?php
echo osc_item_id();
?>
" />
<input type="hidden" name="as" value="spam" />
<input type="hidden" name="action" value="mark" />
<input type="hidden" name="page" value="item" />
<select name="as" id="as" class="mark_as">
<option><?php
_e("Mark as...", 'osclassclsx');
<!--<div class="box fb-comments" data-href="<?php
echo osc_item_url();
?>
" data-numposts="5"></div>-->
<?php
if (osc_comments_enabled()) {
// item_comments();
}
?>
</div>
<div class="col-sm-6 col-md-4">
<div class="item-detail">
<?php
if (osc_is_web_user_logged_in() && osc_logged_user_id() == osc_item_user_id()) {
?>
<div class="toolbar admin-options">
<a class="link" href="<?php
echo osc_item_edit_url();
?>
" rel="nofollow">
<i class="fa fa-pencil"></i>
<?php
_e('Edit', 'pop');
?>
</a>
<a class="link" href="#" onclick="confirmDelete('#dialog-delete-item','<?php
echo osc_item_delete_url();
public function init()
{
self::$user = $this->getUser();
if (!osc_is_web_user_logged_in()) {
self::$loginUrl = self::$facebook->getLoginUrl(array('scope' => 'email'));
}
if (!self::$user) {
return self::$facebook;
}
try {
self::$user_profile = self::$facebook->api('/me');
$this->dao->select($this->getFields());
$this->dao->from($this->getTableName());
$this->dao->where('i_facebook_uid', self::$user);
$rs = $this->dao->get();
if ($rs !== false && $rs->numRows() === 1) {
$fbUser = $rs->row();
if (count($fbUser) > 0) {
require_once osc_lib_path() . 'osclass/UserActions.php';
$uActions = new UserActions(false);
$logged = $uActions->bootstrap_login($fbUser['fk_i_user_id']);
switch ($logged) {
case 0:
osc_add_flash_error_message(__('The username doesn\'t exist', 'facebook'));
break;
case 1:
osc_add_flash_error_message(__('The user has not been validated yet', 'facebook'));
break;
case 2:
osc_add_flash_error_message(__('The user has been suspended', 'facebook'));
break;
case 3:
//osc_add_flash_ok_message( __( 'Login successfull', 'facebook' ) );
break;
}
return self::$facebook;
}
}
if (!isset(self::$user_profile['email'])) {
osc_add_flash_error_message(__('Some error occured trying to connect with Facebook.', 'facebook'));
header('Location: ' . self::$logoutUrl);
exit;
}
$manager = User::newInstance();
$oscUser = $manager->findByEmail(self::$user_profile['email']);
// exists on our DB, we merge both accounts
if (count($oscUser) > 0) {
require_once osc_lib_path() . 'osclass/UserActions.php';
$uActions = new UserActions(false);
$manager->dao->from($this->getTableName());
$manager->dao->set('fk_i_user_id', $oscUser['pk_i_id']);
$manager->dao->set('i_facebook_uid', self::$user_profile['id']);
$manager->dao->insert();
osc_add_flash_ok_message(__("You already have an user with this e-mail address. We've merged your accounts", 'facebook'));
// activate user in case is not activated
$manager->update(array('b_active' => '1'), array('pk_i_id' => $oscUser['pk_i_id']));
$logged = $uActions->bootstrap_login($oscUser['pk_i_id']);
} else {
// Auto-register him
$this->register_user(self::$user_profile);
}
// redirect to log in
header('Location: ' . osc_base_url());
exit;
} catch (FacebookApiException $e) {
self::$user = null;
}
return self::$facebook;
}
<?php
_e("The listing is expired. You can't contact the publisher.", 'bender');
?>
</p>
<?php
} else {
if (osc_logged_user_id() == osc_item_user_id() && osc_logged_user_id() != 0) {
?>
<p>
<?php
_e("It's your own listing, you can't contact the publisher.", 'bender');
?>
</p>
<?php
} else {
if (osc_reg_user_can_contact() && !osc_is_web_user_logged_in()) {
?>
<p>
<?php
_e("You must log in or register a new account in order to contact the advertiser", 'bender');
?>
</p>
<p class="contact_button">
<strong><a href="<?php
echo osc_user_login_url();
?>
"><?php
_e('Login', 'bender');
?>
</a></strong>
<strong><a href="<?php
?>
</div>
</div>
<label for="showEmail" style="width: 250px;"><?php
_e('Show e-mail on the listing page', 'classified');
?>
</label>
</div>
<?php
}
?>
<?php
ItemForm::plugin_post_item();
?>
<?php
if (osc_recaptcha_items_enabled() && !osc_is_web_user_logged_in()) {
?>
<div class="form-group control-group">
<div class="controls">
<?php
osc_show_recaptcha();
?>
</div>
</div>
<?php
}
?>
<div class="form-group control-group centered">
<?php
if (nc_osc_premium_fee_enabled()) {
?>
/**
* Return an array with all data necessary for do the action (ADD OR EDIT)
* @param <type> $is_add
* @return array
*/
public function prepareData( $is_add )
{
$aItem = array();
$data = array();
$userId = null;
if( $this->is_admin ) {
// user
$data = User::newInstance()->findByEmail(Params::getParam('contactEmail'));
if( isset($data['pk_i_id']) && is_numeric($data['pk_i_id']) ) {
$userId = $data['pk_i_id'];
}
} else {
$userId = Session::newInstance()->_get('userId');
if( $userId == '' ) {
$userId = NULL;
} elseif ($userId != NULL) {
$data = User::newInstance()->findByPrimaryKey( $userId );
}
}
if( $userId != null ) {
$aItem['contactName'] = $data['s_name'];
$aItem['contactEmail'] = $data['s_email'];
Params::setParam('contactName', $data['s_name']);
Params::setParam('contactEmail', $data['s_email']);
} else {
$aItem['contactName'] = Params::getParam('contactName');
$aItem['contactEmail'] = Params::getParam('contactEmail');
}
$aItem['userId'] = $userId;
if( $is_add ) { // ADD
if($this->is_admin) {
$active = 'ACTIVE';
} else {
if(osc_moderate_items()>0) { // HAS TO VALIDATE
if(!osc_is_web_user_logged_in()) { // NO USER IS LOGGED, VALIDATE
$active = 'INACTIVE';
} else { // USER IS LOGGED
if(osc_logged_user_item_validation()) { //USER IS LOGGED, BUT NO NEED TO VALIDATE
$active = 'ACTIVE';
} else { // USER IS LOGGED, NEED TO VALIDATE, CHECK NUMBER OF PREVIOUS ITEMS
$user = User::newInstance()->findByPrimaryKey(osc_logged_user_id());
if($user['i_items']<osc_moderate_items()) {
$active = 'INACTIVE';
} else {
$active = 'ACTIVE';
}
}
}
} else if(osc_moderate_items()==0 ){
if(osc_is_web_user_logged_in() && osc_logged_user_item_validation() ) {
$active = 'ACTIVE';
} else {
$active = 'INACTIVE';
}
} else {
$active = 'ACTIVE';
}
}
$aItem['active'] = $active;
} else { // EDIT
$aItem['secret'] = Params::getParam('secret');
$aItem['idItem'] = Params::getParam('id');
}
// get params
$aItem['catId'] = Params::getParam('catId');
$aItem['countryId'] = Params::getParam('countryId');
$aItem['country'] = Params::getParam('country');
$aItem['region'] = Params::getParam('region');
$aItem['regionId'] = Params::getParam('regionId');
$aItem['city'] = Params::getParam('city');
$aItem['cityId'] = Params::getParam('cityId');
$aItem['price'] = (Params::getParam('price') != '') ? Params::getParam('price') : null;
$aItem['cityArea'] = Params::getParam('cityArea');
$aItem['address'] = Params::getParam('address');
$aItem['currency'] = Params::getParam('currency');
$aItem['showEmail'] = (Params::getParam('showEmail') != '') ? 1 : 0;
$aItem['title'] = Params::getParam('title');
$aItem['description'] = Params::getParam('description');
$aItem['photos'] = Params::getFiles('photos');
$ajax_photos = Params::getParam('ajax_photos');
$aItem['s_ip'] = get_ip();
$aItem['d_coord_lat'] = (Params::getParam('d_coord_lat') != '') ? Params::getParam('d_coord_lat') : null;
$aItem['d_coord_long'] = (Params::getParam('d_coord_long') != '') ? Params::getParam('d_coord_long') : null;
$aItem['s_zip'] = (Params::getParam('zip') != '') ? Params::getParam('zip') : null;
// $ajax_photos is an array of filenames of the photos uploaded by ajax to a temporary folder
// fake insert them into the array of the form-uploaded photos
if(is_array($ajax_photos)) {
foreach($ajax_photos as $photo) {
if(file_exists(osc_content_path().'uploads/temp/'.$photo)) {
$aItem['photos']['name'][] = $photo;
$aItem['photos']['type'][] = 'image/*';
$aItem['photos']['tmp_name'][] = osc_content_path().'uploads/temp/'.$photo;
$aItem['photos']['error'][] = UPLOAD_ERR_OK;
$aItem['photos']['size'][] = 0;
}
}
}
if($is_add || $this->is_admin) {
$dt_expiration = Params::getParam('dt_expiration');
if($dt_expiration==-1) {
$aItem['dt_expiration'] = '';
} else if($dt_expiration!='' && (preg_match('|^([0-9]+)$|', $dt_expiration, $match) || preg_match('|([0-9]{4})-([0-9]{2})-([0-9]{2}) ([0-9]{2}):([0-9]{2}):([0-9]{2})|', $dt_expiration, $match))) {
$aItem['dt_expiration'] = $dt_expiration;
} else {
$_category = Category::newInstance()->findByPrimaryKey($aItem['catId']);
$aItem['dt_expiration'] = $_category['i_expiration_days'];
}
unset($dt_expiration);
} else {
$aItem['dt_expiration'] = '';
};
// check params
$country = Country::newInstance()->findByCode($aItem['countryId']);
if( count($country) > 0 ) {
$countryId = $country['pk_c_code'];
$countryName = $country['s_name'];
} else {
$countryId = null;
$countryName = $aItem['country'];
}
$aItem['countryId'] = $countryId;
$aItem['countryName'] = $countryName;
if( $aItem['regionId'] != '' ) {
if( intval($aItem['regionId']) ) {
$region = Region::newInstance()->findByPrimaryKey($aItem['regionId']);
if( count($region) > 0 ) {
$regionId = $region['pk_i_id'];
$regionName = $region['s_name'];
}
}
} else {
$regionId = null;
$regionName = $aItem['region'];
if( $aItem['countryId'] != '' ) {
$auxRegion = Region::newInstance()->findByName($aItem['region'], $aItem['countryId'] );
if($auxRegion){
$regionId = $auxRegion['pk_i_id'];
$regionName = $auxRegion['s_name'];
}
}
}
$aItem['regionId'] = $regionId;
$aItem['regionName'] = $regionName;
if( $aItem['cityId'] != '' ) {
if( intval($aItem['cityId']) ) {
$city = City::newInstance()->findByPrimaryKey($aItem['cityId']);
if( count($city) > 0 ) {
$cityId = $city['pk_i_id'];
$cityName = $city['s_name'];
}
}
} else {
$cityId = null;
$cityName = $aItem['city'];
if( $aItem['countryId'] != '' ) {
$auxCity = City::newInstance()->findByName($aItem['city'], $aItem['regionId'] );
if($auxCity){
$cityId = $auxCity['pk_i_id'];
$cityName = $auxCity['s_name'];
}
}
}
$aItem['cityId'] = $cityId;
$aItem['cityName'] = $cityName;
if( $aItem['cityArea'] == '' ) {
$aItem['cityArea'] = null;
}
if( $aItem['address'] == '' ) {
$aItem['address'] = null;
}
if( !is_null($aItem['price']) ) {
$price = str_replace(osc_locale_thousands_sep(), '', trim($aItem['price']));
$price = str_replace(osc_locale_dec_point(), '.', $price);
$aItem['price'] = $price*1000000;
//$aItem['price'] = (float) $aItem['price'];
}
if( $aItem['catId'] == ''){
$aItem['catId'] = 0;
}
if( $aItem['currency'] == '' ) {
$aItem['currency'] = null;
}
$this->data = $aItem;
}
function moreedit_item_edit()
{
if (Params::getParam('page') == 'item' && Params::getParam('action') == 'item_edit') {
if (osc_get_preference('disable_edit', 'moreedit') == '1') {
osc_add_flash_error_message(__('Sorry, editing is not allowed', 'moreedit'));
if (osc_is_web_user_logged_in()) {
header("location: " . osc_user_dashboard_url());
} else {
header("location: " . osc_base_url());
}
exit;
}
if (osc_get_preference('moderate_edit', 'moreedit') == '1') {
osc_add_flash_info_message(__('Your ad will be needed to be moderated by an admin after you edit it. Until it gets approved it will not be visible to the rest of the users', 'moreedit'));
}
}
}
case "UNFOLLOW":
if (osc_is_web_user_logged_in()) {
$user_id = osc_logged_user_id();
$seller_id = Params::getParam("seller-id");
$return_url = Params::getParam("return_url");
nc_osc_delete_follow($user_id, $seller_id);
header('Location:' . htmlspecialchars_decode($return_url));
}
break;
case "ADD-WATCHLIST":
if (osc_is_web_user_logged_in()) {
$user_id = osc_logged_user_id();
$item_id = Params::getParam("item_id");
$return_url = Params::getParam("return_url");
nc_osc_add_watchllist($user_id, $item_id);
$aItem = Item::newInstance()->findByPrimaryKey($item_id);
$item_title = $aItem['s_title'];
osc_add_flash_ok_message($item_title . " is added to your watch list.");
header('Location:' . htmlspecialchars_decode($return_url));
}
break;
case "REMOVE-WATCHLIST":
if (osc_is_web_user_logged_in()) {
$user_id = osc_logged_user_id();
$item_id = Params::getParam("item_id");
$return_url = Params::getParam("return_url");
nc_osc_remove_watchlist($user_id, $item_id);
header('Location:' . htmlspecialchars_decode($return_url));
}
break;
}
function doModel()
{
switch ($this->action) {
case 'dashboard':
//dashboard...
$max_items = Params::getParam('max_items') != '' ? Params::getParam('max_items') : 5;
$aItems = Item::newInstance()->findByUserIDEnabled(osc_logged_user_id(), 0, $max_items);
//calling the view...
$this->_exportVariableToView('items', $aItems);
$this->_exportVariableToView('max_items', $max_items);
$this->doView('user-dashboard.php');
break;
case 'profile':
//profile...
$user = User::newInstance()->findByPrimaryKey(osc_logged_user_id());
$aCountries = Country::newInstance()->listAll();
$aRegions = array();
if ($user['fk_c_country_code'] != '') {
$aRegions = Region::newInstance()->findByCountry($user['fk_c_country_code']);
} elseif (count($aCountries) > 0) {
$aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']);
}
$aCities = array();
if ($user['fk_i_region_id'] != '') {
$aCities = City::newInstance()->findByRegion($user['fk_i_region_id']);
} else {
if (count($aRegions) > 0) {
$aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']);
}
}
//calling the view...
$this->_exportVariableToView('countries', $aCountries);
$this->_exportVariableToView('regions', $aRegions);
$this->_exportVariableToView('cities', $aCities);
$this->_exportVariableToView('user', $user);
$this->_exportVariableToView('locales', OSCLocale::newInstance()->listAllEnabled());
$this->doView('user-profile.php');
break;
case 'profile_post':
//profile post...
osc_csrf_check();
$userId = Session::newInstance()->_get('userId');
require_once LIB_PATH . 'osclass/UserActions.php';
$userActions = new UserActions(false);
$success = $userActions->edit($userId);
if ($success == 1 || $success == 2) {
osc_add_flash_ok_message(_m('Your profile has been updated successfully'));
} else {
osc_add_flash_error_message($success);
}
$this->redirectTo(osc_user_profile_url());
break;
case 'alerts':
//alerts
$aAlerts = Alerts::newInstance()->findByUser(Session::newInstance()->_get('userId'), false);
$user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId'));
foreach ($aAlerts as $k => $a) {
$array_conditions = (array) json_decode($a['s_search']);
// $search = Search::newInstance();
$search = new Search();
$search->setJsonAlert($array_conditions);
$search->limit(0, 3);
$aAlerts[$k]['items'] = $search->doSearch();
}
$this->_exportVariableToView('alerts', $aAlerts);
View::newInstance()->_reset('alerts');
$this->_exportVariableToView('user', $user);
$this->doView('user-alerts.php');
break;
case 'change_email':
//change email
$this->doView('user-change_email.php');
break;
case 'change_email_post':
//change email post
osc_csrf_check();
if (!osc_validate_email(Params::getParam('new_email'))) {
osc_add_flash_error_message(_m('The specified e-mail is not valid'));
$this->redirectTo(osc_change_user_email_url());
} else {
$user = User::newInstance()->findByEmail(Params::getParam('new_email'));
if (!isset($user['pk_i_id'])) {
$userEmailTmp = array();
$userEmailTmp['fk_i_user_id'] = Session::newInstance()->_get('userId');
$userEmailTmp['s_new_email'] = Params::getParam('new_email');
UserEmailTmp::newInstance()->insertOrUpdate($userEmailTmp);
$code = osc_genRandomPassword(30);
$date = date('Y-m-d H:i:s');
$userManager = new User();
$userManager->update(array('s_pass_code' => $code, 's_pass_date' => $date, 's_pass_ip' => $_SERVER['REMOTE_ADDR']), array('pk_i_id' => Session::newInstance()->_get('userId')));
$validation_url = osc_change_user_email_confirm_url(Session::newInstance()->_get('userId'), $code);
osc_run_hook('hook_email_new_email', Params::getParam('new_email'), $validation_url);
$this->redirectTo(osc_user_profile_url());
} else {
osc_add_flash_error_message(_m('The specified e-mail is already in use'));
$this->redirectTo(osc_change_user_email_url());
}
}
break;
case 'change_username':
//change username
$this->doView('user-change_username.php');
break;
case 'change_username_post':
//change username
$username = osc_sanitize_username(Params::getParam('s_username'));
osc_run_hook('before_username_change', Session::newInstance()->_get('userId'), $username);
if ($username != '') {
$user = User::newInstance()->findByUsername($username);
if (isset($user['s_username'])) {
osc_add_flash_error_message(_m('The specified username is already in use'));
} else {
if (!osc_is_username_blacklisted($username)) {
User::newInstance()->update(array('s_username' => $username), array('pk_i_id' => Session::newInstance()->_get('userId')));
osc_add_flash_ok_message(_m('The username was updated'));
osc_run_hook('after_username_change', Session::newInstance()->_get('userId'), Params::getParam('s_username'));
$this->redirectTo(osc_user_profile_url());
} else {
osc_add_flash_error_message(_m('The specified username is not valid, it contains some invalid words'));
}
}
} else {
osc_add_flash_error_message(_m('The specified username could not be empty'));
}
$this->redirectTo(osc_change_user_username_url());
break;
case 'change_password':
//change password
$this->doView('user-change_password.php');
break;
case 'change_password_post':
//change password post
osc_csrf_check();
$user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId'));
if (Params::getParam('password', false, false) == '' || Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') {
osc_add_flash_warning_message(_m('Password cannot be blank'));
$this->redirectTo(osc_change_user_password_url());
}
if (!osc_verify_password(Params::getParam('password', false, false), $user['s_password'])) {
osc_add_flash_error_message(_m("Current password doesn't match"));
$this->redirectTo(osc_change_user_password_url());
}
if (!Params::getParam('new_password', false, false)) {
osc_add_flash_error_message(_m("Passwords can't be empty"));
$this->redirectTo(osc_change_user_password_url());
}
if (Params::getParam('new_password', false, false) != Params::getParam('new_password2', false, false)) {
osc_add_flash_error_message(_m("Passwords don't match"));
$this->redirectTo(osc_change_user_password_url());
}
User::newInstance()->update(array('s_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => Session::newInstance()->_get('userId')));
osc_add_flash_ok_message(_m('Password has been changed'));
$this->redirectTo(osc_user_profile_url());
break;
case 'items':
// view items user
$itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 10;
$page = Params::getParam('iPage') > 0 ? Params::getParam('iPage') - 1 : 0;
$itemType = Params::getParam('itemType');
$total_items = Item::newInstance()->countItemTypesByUserID(osc_logged_user_id(), $itemType);
$total_pages = ceil($total_items / $itemsPerPage);
$items = Item::newInstance()->findItemTypesByUserID(osc_logged_user_id(), $page * $itemsPerPage, $itemsPerPage, $itemType);
$this->_exportVariableToView('items', $items);
$this->_exportVariableToView('search_total_pages', $total_pages);
$this->_exportVariableToView('search_total_items', $total_items);
$this->_exportVariableToView('items_per_page', $itemsPerPage);
$this->_exportVariableToView('items_type', $itemType);
$this->_exportVariableToView('search_page', $page);
$this->doView('user-items.php');
break;
case 'activate_alert':
$email = Params::getParam('email');
$secret = Params::getParam('secret');
$result = 0;
if ($email != '' && $secret != '') {
$result = Alerts::newInstance()->activate($email, $secret);
}
if ($result == 1) {
osc_add_flash_ok_message(_m('Alert activated'));
} else {
osc_add_flash_error_message(_m('Oops! There was a problem trying to activate your alert. Please contact an administrator'));
}
$this->redirectTo(osc_base_url());
break;
case 'unsub_alert':
$email = Params::getParam('email');
$secret = Params::getParam('secret');
$id = Params::getParam('id');
$alert = Alerts::newInstance()->findByPrimaryKey($id);
$result = 0;
if (!empty($alert)) {
if ($email == $alert['s_email'] && $secret == $alert['s_secret']) {
$result = Alerts::newInstance()->unsub($id);
}
}
if ($result == 1) {
osc_add_flash_ok_message(_m('Unsubscribed correctly'));
} else {
osc_add_flash_error_message(_m('Oops! There was a problem trying to unsubscribe you. Please contact an administrator'));
}
$this->redirectTo(osc_user_alerts_url());
break;
case 'delete':
$id = Params::getParam('id');
$secret = Params::getParam('secret');
if (osc_is_web_user_logged_in()) {
$user = User::newInstance()->findByPrimaryKey(osc_logged_user_id());
View::newInstance()->_exportVariableToView('user', $user);
if (!empty($user) && osc_logged_user_id() == $id && $secret == $user['s_secret']) {
User::newInstance()->deleteUser(osc_logged_user_id());
Session::newInstance()->_drop('userId');
Session::newInstance()->_drop('userName');
Session::newInstance()->_drop('userEmail');
Session::newInstance()->_drop('userPhone');
Cookie::newInstance()->pop('oc_userId');
Cookie::newInstance()->pop('oc_userSecret');
Cookie::newInstance()->set();
osc_add_flash_ok_message(_m("Your account have been deleted"));
$this->redirectTo(osc_base_url());
} else {
osc_add_flash_error_message(_m("Oops! you can not do that"));
$this->redirectTo(osc_user_dashboard_url());
}
} else {
osc_add_flash_error_message(_m("Oops! you can not do that"));
$this->redirectTo(osc_base_url());
}
break;
}
}
