function doModel() { switch ($this->action) { case 'login_post': //post execution for the login if (!osc_users_enabled()) { osc_add_flash_error_message(_m('Users are not enabled')); $this->redirectTo(osc_base_url()); } osc_csrf_check(); osc_run_hook('before_validating_login'); // e-mail or/and password is/are empty or incorrect $wrongCredentials = false; $email = Params::getParam('email'); $password = Params::getParam('password', false, false); if ($email == '') { osc_add_flash_error_message(_m('Please provide an email address')); $wrongCredentials = true; } if ($password == '') { osc_add_flash_error_message(_m('Empty passwords are not allowed. Please provide a password')); $wrongCredentials = true; } if ($wrongCredentials) { $this->redirectTo(osc_user_login_url()); } if (osc_validate_email($email)) { $user = User::newInstance()->findByEmail($email); } if (empty($user)) { $user = User::newInstance()->findByUsername($email); } if (empty($user)) { osc_add_flash_error_message(_m("The user doesn't exist")); $this->redirectTo(osc_user_login_url()); } if (!osc_verify_password($password, isset($user['s_password']) ? $user['s_password'] : '')) { osc_add_flash_error_message(_m('The password is incorrect')); $this->redirectTo(osc_user_login_url()); // @TODO if valid user, send email parameter back to the login form } else { if (@$user['s_password'] != '') { if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $user['s_password'], $cost)) { if ($cost[1] != BCRYPT_COST) { User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id'])); } } else { User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id'])); } } } // e-mail or/and IP is/are banned $banned = osc_is_banned($email); // int 0: not banned or unknown, 1: email is banned, 2: IP is banned, 3: both email & IP are banned if ($banned & 1) { osc_add_flash_error_message(_m('Your current email is not allowed')); } if ($banned & 2) { osc_add_flash_error_message(_m('Your current IP is not allowed')); } if ($banned !== 0) { $this->redirectTo(osc_user_login_url()); } osc_run_hook('before_login'); $url_redirect = osc_get_http_referer(); $page_redirect = ''; if (osc_rewrite_enabled()) { if ($url_redirect != '') { $request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $url_redirect)); $tmp_ar = explode("?", $request_uri); $request_uri = $tmp_ar[0]; $rules = Rewrite::newInstance()->listRules(); foreach ($rules as $match => $uri) { if (preg_match('#' . $match . '#', $request_uri, $m)) { $request_uri = preg_replace('#' . $match . '#', $uri, $request_uri); if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) { $page_redirect = $match[2]; if ($page_redirect == '' || $page_redirect == 'login') { $url_redirect = osc_user_dashboard_url(); } } break; } } } } require_once LIB_PATH . 'osclass/UserActions.php'; $uActions = new UserActions(false); $logged = $uActions->bootstrap_login($user['pk_i_id']); if ($logged == 0) { osc_add_flash_error_message(_m("The user doesn't exist")); } else { if ($logged == 1) { if (time() - strtotime($user['dt_access_date']) > 1200) { // EACH 20 MINUTES osc_add_flash_error_message(sprintf(_m('The user has not been validated yet. Would you like to re-send your <a href="%s">activation?</a>'), osc_user_resend_activation_link($user['pk_i_id'], $user['s_email']))); } else { osc_add_flash_error_message(_m('The user has not been validated yet')); } } else { if ($logged == 2) { osc_add_flash_error_message(_m('The user has been suspended')); } else { if ($logged == 3) { if (Params::getParam('remember') == 1) { //this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_userId', $user['pk_i_id']); Cookie::newInstance()->push('oc_userSecret', $secret); Cookie::newInstance()->set(); } if ($url_redirect == '') { $url_redirect = osc_user_dashboard_url(); } osc_run_hook("after_login", $user, $url_redirect); $this->redirectTo(osc_apply_filter('correct_login_url_redirect', $url_redirect)); } else { osc_add_flash_error_message(_m('This should never happen')); } } } } if (!$user['b_enabled']) { $this->redirectTo(osc_user_login_url()); } $this->redirectTo(osc_user_login_url()); break; case 'resend': $id = Params::getParam('id'); $email = Params::getParam('email'); $user = User::newInstance()->findByPrimaryKey($id); if ($id == '' || $email == '' || !isset($user) || $user['b_active'] == 1 || $email != $user['s_email']) { osc_add_flash_error_message(_m('Incorrect link')); $this->redirectTo(osc_user_login_url()); } if (time() - strtotime($user['dt_access_date']) > 1200) { // EACH 20 MINUTES if (osc_notify_new_user()) { osc_run_hook('hook_email_admin_new_user', $user); } if (osc_user_validation_enabled()) { osc_run_hook('hook_email_user_validation', $user, $user); } User::newInstance()->update(array('dt_access_date' => date('Y-m-d H:i:s')), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('Validation email re-sent')); } else { osc_add_flash_warning_message(_m('We have just sent you an email to validate your account, you will have to wait a few minutes to resend it again')); } $this->redirectTo(osc_user_login_url()); break; case 'recover': //form to recover the password (in this case we have the form in /gui/) $this->doView('user-recover.php'); break; case 'recover_post': //post execution to recover the password osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; // e-mail is incorrect if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) { osc_add_flash_error_message(_m('Invalid email address')); $this->redirectTo(osc_recover_user_password_url()); } $userActions = new UserActions(false); $success = $userActions->recover_password(); switch ($success) { case 0: // recover ok osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password')); $this->redirectTo(osc_base_url()); break; case 1: // e-mail does not exist osc_add_flash_error_message(_m('We were not able to identify you given the information provided')); $this->redirectTo(osc_recover_user_password_url()); break; case 2: // recaptcha wrong osc_add_flash_error_message(_m('The recaptcha code is wrong')); $this->redirectTo(osc_recover_user_password_url()); break; } break; case 'forgot': //form to recover the password (in this case we have the form in /gui/) $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user) { $this->doView('user-forgot_password.php'); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'forgot_post': osc_csrf_check(); if (Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user['b_enabled'] == 1) { if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) { User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => Params::getServerParam('REMOTE_ADDR'), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed')); $this->redirectTo(osc_user_login_url()); } else { osc_add_flash_error_message(_m("Error, the password don't match")); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); } $this->redirectTo(osc_base_url()); break; default: //login Session::newInstance()->_setReferer(osc_get_http_referer()); if (osc_logged_user_id() != '') { $this->redirectTo(osc_user_dashboard_url()); } $this->doView('user-login.php'); } }
function item_success_item_validate() { if (Params::getParam('page') == 'item' && Params::getParam('action') == 'activate') { $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = Item::newInstance()->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s') OR (i.fk_i_user_id = '%d'))", addslashes($id), addslashes($secret), addslashes(osc_logged_user_id())); // item doesn't exist if (count($item) == 0) { Rewrite::newInstance()->set_location('error'); header('HTTP/1.1 404 Not Found'); osc_current_web_theme_path('404.php'); exit; } View::newInstance()->_exportVariableToView('item', $item[0]); if ($item[0]['b_active'] == 0) { // ACTIVETE ITEM $mItems = new ItemActions(false); $success = $mItems->activate($item[0]['pk_i_id'], $item[0]['s_secret']); if ($success) { osc_add_flash_ok_message(_m('The listing has been validated')); item_success_redirect(Item::newInstance()->findByPrimaryKey($item[0]['pk_i_id'])); exit; } else { osc_add_flash_error_message(_m("The listing can't be validated")); } } else { osc_add_flash_warning_message(_m('The listing has already been validated')); } osc_redirect_to(osc_item_url()); } }
/** * Remove resources from disk * @param <type> $id * @param boolean $admin * @return boolean */ function osc_deleteResource($id, $admin) { if (defined('DEMO')) { return false; } if (is_array($id)) { $id = $id[0]; } $resource = ItemResource::newInstance()->findByPrimaryKey($id); if (!is_null($resource)) { Log::newInstance()->insertLog('item', 'delete resource', $resource['pk_i_id'], $id, $admin ? 'admin' : 'user', $admin ? osc_logged_admin_id() : osc_logged_user_id()); $backtracel = ''; foreach (debug_backtrace() as $k => $v) { if ($v['function'] == "include" || $v['function'] == "include_once" || $v['function'] == "require_once" || $v['function'] == "require") { $backtracel .= "#" . $k . " " . $v['function'] . "(" . $v['args'][0] . ") called@ [" . $v['file'] . ":" . $v['line'] . "] / "; } else { $backtracel .= "#" . $k . " " . $v['function'] . " called@ [" . $v['file'] . ":" . $v['line'] . "] / "; } } Log::newInstance()->insertLog('item', 'delete resource backtrace', $resource['pk_i_id'], $backtracel, $admin ? 'admin' : 'user', $admin ? osc_logged_admin_id() : osc_logged_user_id()); @unlink(osc_base_path() . $resource['s_path'] . $resource['pk_i_id'] . "." . $resource['s_extension']); @unlink(osc_base_path() . $resource['s_path'] . $resource['pk_i_id'] . "_original." . $resource['s_extension']); @unlink(osc_base_path() . $resource['s_path'] . $resource['pk_i_id'] . "_thumbnail." . $resource['s_extension']); @unlink(osc_base_path() . $resource['s_path'] . $resource['pk_i_id'] . "_preview." . $resource['s_extension']); osc_run_hook('delete_resource', $resource); } }
function watchlist_exists($id) { $conn = getConnection(); $detail = $conn->osc_dbFetchResult("SELECT * FROM %st_item_watchlist WHERE fk_i_item_id = %d and fk_i_user_id = %d", DB_TABLE_PREFIX, $id, osc_logged_user_id()); //If nothing returned then we can process if (isset($detail['fk_i_item_id'])) { return true; } return false; }
function __construct() { parent::__construct(); $this->itemManager = Item::newInstance(); // here allways userId == '' if (osc_is_web_user_logged_in()) { $this->userId = osc_logged_user_id(); $this->user = User::newInstance()->findByPrimaryKey($this->userId); } else { $this->userId = null; $this->user = null; } }
/** * Show form to vote a seller if item belongs to a registered user. (itemDetail) * * @param type $item item array or userId */ function voting_item_detail_user($item = null) { $userId = null; if ($item == null) { $userId = osc_item_user_id(); } else { if (is_numeric($item)) { $userId = $item; } else { if (is_array($item)) { $userId = $item['fk_i_user_id']; } else { exit; } } } if (osc_get_preference('user_voting', 'voting') == 1 && is_numeric($userId) && isset($userId) && $userId > 0) { // obtener el avg de las votaciones $aux_vote = ModelVoting::newInstance()->getUserAvgRating($userId); $aux_count = ModelVoting::newInstance()->getUserNumberOfVotes($userId); $vote['vote'] = $aux_vote['vote']; $vote['total'] = $aux_count['total']; $vote['userId'] = $userId; $vote['can_vote'] = false; if (osc_is_web_user_logged_in() && can_vote_user($userId, osc_logged_user_id())) { $vote['can_vote'] = true; } require 'item_detail_user.php'; } }
/** * Return an array with all data necessary for do the action (ADD OR EDIT) * @param <type> $is_add * @return array */ public function prepareData( $is_add ) { $aItem = array(); $data = array(); $userId = null; if( $this->is_admin ) { // user $data = User::newInstance()->findByEmail(Params::getParam('contactEmail')); if( isset($data['pk_i_id']) && is_numeric($data['pk_i_id']) ) { $userId = $data['pk_i_id']; } } else { $userId = Session::newInstance()->_get('userId'); if( $userId == '' ) { $userId = NULL; } elseif ($userId != NULL) { $data = User::newInstance()->findByPrimaryKey( $userId ); } } if( $userId != null ) { $aItem['contactName'] = $data['s_name']; $aItem['contactEmail'] = $data['s_email']; Params::setParam('contactName', $data['s_name']); Params::setParam('contactEmail', $data['s_email']); } else { $aItem['contactName'] = Params::getParam('contactName'); $aItem['contactEmail'] = Params::getParam('contactEmail'); } $aItem['userId'] = $userId; if( $is_add ) { // ADD if($this->is_admin) { $active = 'ACTIVE'; } else { if(osc_moderate_items()>0) { // HAS TO VALIDATE if(!osc_is_web_user_logged_in()) { // NO USER IS LOGGED, VALIDATE $active = 'INACTIVE'; } else { // USER IS LOGGED if(osc_logged_user_item_validation()) { //USER IS LOGGED, BUT NO NEED TO VALIDATE $active = 'ACTIVE'; } else { // USER IS LOGGED, NEED TO VALIDATE, CHECK NUMBER OF PREVIOUS ITEMS $user = User::newInstance()->findByPrimaryKey(osc_logged_user_id()); if($user['i_items']<osc_moderate_items()) { $active = 'INACTIVE'; } else { $active = 'ACTIVE'; } } } } else if(osc_moderate_items()==0 ){ if(osc_is_web_user_logged_in() && osc_logged_user_item_validation() ) { $active = 'ACTIVE'; } else { $active = 'INACTIVE'; } } else { $active = 'ACTIVE'; } } $aItem['active'] = $active; } else { // EDIT $aItem['secret'] = Params::getParam('secret'); $aItem['idItem'] = Params::getParam('id'); } // get params $aItem['catId'] = Params::getParam('catId'); $aItem['countryId'] = Params::getParam('countryId'); $aItem['country'] = Params::getParam('country'); $aItem['region'] = Params::getParam('region'); $aItem['regionId'] = Params::getParam('regionId'); $aItem['city'] = Params::getParam('city'); $aItem['cityId'] = Params::getParam('cityId'); $aItem['price'] = (Params::getParam('price') != '') ? Params::getParam('price') : null; $aItem['cityArea'] = Params::getParam('cityArea'); $aItem['address'] = Params::getParam('address'); $aItem['currency'] = Params::getParam('currency'); $aItem['showEmail'] = (Params::getParam('showEmail') != '') ? 1 : 0; $aItem['title'] = Params::getParam('title'); $aItem['description'] = Params::getParam('description'); $aItem['photos'] = Params::getFiles('photos'); $ajax_photos = Params::getParam('ajax_photos'); $aItem['s_ip'] = get_ip(); $aItem['d_coord_lat'] = (Params::getParam('d_coord_lat') != '') ? Params::getParam('d_coord_lat') : null; $aItem['d_coord_long'] = (Params::getParam('d_coord_long') != '') ? Params::getParam('d_coord_long') : null; $aItem['s_zip'] = (Params::getParam('zip') != '') ? Params::getParam('zip') : null; // $ajax_photos is an array of filenames of the photos uploaded by ajax to a temporary folder // fake insert them into the array of the form-uploaded photos if(is_array($ajax_photos)) { foreach($ajax_photos as $photo) { if(file_exists(osc_content_path().'uploads/temp/'.$photo)) { $aItem['photos']['name'][] = $photo; $aItem['photos']['type'][] = 'image/*'; $aItem['photos']['tmp_name'][] = osc_content_path().'uploads/temp/'.$photo; $aItem['photos']['error'][] = UPLOAD_ERR_OK; $aItem['photos']['size'][] = 0; } } } if($is_add || $this->is_admin) { $dt_expiration = Params::getParam('dt_expiration'); if($dt_expiration==-1) { $aItem['dt_expiration'] = ''; } else if($dt_expiration!='' && (preg_match('|^([0-9]+)$|', $dt_expiration, $match) || preg_match('|([0-9]{4})-([0-9]{2})-([0-9]{2}) ([0-9]{2}):([0-9]{2}):([0-9]{2})|', $dt_expiration, $match))) { $aItem['dt_expiration'] = $dt_expiration; } else { $_category = Category::newInstance()->findByPrimaryKey($aItem['catId']); $aItem['dt_expiration'] = $_category['i_expiration_days']; } unset($dt_expiration); } else { $aItem['dt_expiration'] = ''; }; // check params $country = Country::newInstance()->findByCode($aItem['countryId']); if( count($country) > 0 ) { $countryId = $country['pk_c_code']; $countryName = $country['s_name']; } else { $countryId = null; $countryName = $aItem['country']; } $aItem['countryId'] = $countryId; $aItem['countryName'] = $countryName; if( $aItem['regionId'] != '' ) { if( intval($aItem['regionId']) ) { $region = Region::newInstance()->findByPrimaryKey($aItem['regionId']); if( count($region) > 0 ) { $regionId = $region['pk_i_id']; $regionName = $region['s_name']; } } } else { $regionId = null; $regionName = $aItem['region']; if( $aItem['countryId'] != '' ) { $auxRegion = Region::newInstance()->findByName($aItem['region'], $aItem['countryId'] ); if($auxRegion){ $regionId = $auxRegion['pk_i_id']; $regionName = $auxRegion['s_name']; } } } $aItem['regionId'] = $regionId; $aItem['regionName'] = $regionName; if( $aItem['cityId'] != '' ) { if( intval($aItem['cityId']) ) { $city = City::newInstance()->findByPrimaryKey($aItem['cityId']); if( count($city) > 0 ) { $cityId = $city['pk_i_id']; $cityName = $city['s_name']; } } } else { $cityId = null; $cityName = $aItem['city']; if( $aItem['countryId'] != '' ) { $auxCity = City::newInstance()->findByName($aItem['city'], $aItem['regionId'] ); if($auxCity){ $cityId = $auxCity['pk_i_id']; $cityName = $auxCity['s_name']; } } } $aItem['cityId'] = $cityId; $aItem['cityName'] = $cityName; if( $aItem['cityArea'] == '' ) { $aItem['cityArea'] = null; } if( $aItem['address'] == '' ) { $aItem['address'] = null; } if( !is_null($aItem['price']) ) { $price = str_replace(osc_locale_thousands_sep(), '', trim($aItem['price'])); $price = str_replace(osc_locale_dec_point(), '.', $price); $aItem['price'] = $price*1000000; //$aItem['price'] = (float) $aItem['price']; } if( $aItem['catId'] == ''){ $aItem['catId'] = 0; } if( $aItem['currency'] == '' ) { $aItem['currency'] = null; } $this->data = $aItem; }
/** * Return an array with all data necessary for do the action (ADD OR EDIT) * @param <type> $is_add * @return array */ public function prepareData($is_add) { $aItem = array(); // prepare user $userId = null; if ($this->is_admin) { if (Params::getParam('userId') != '') { $userId = Params::getParam('userId'); } } else { $userId = Session::newInstance()->_get('userId'); if ($userId == '') { $userId = NULL; } } if ($is_add) { // ADD if ($this->is_admin) { $active = 'ACTIVE'; } else { if (osc_moderate_items() > 0) { // HAS TO VALIDATE if (!osc_is_web_user_logged_in()) { // NO USER IS LOGGED, VALIDATE $active = 'INACTIVE'; } else { // USER IS LOGGED if (osc_logged_user_item_validation()) { //USER IS LOGGED, BUT NO NEED TO VALIDATE $active = 'ACTIVE'; } else { // USER IS LOGGED, NEED TO VALIDATE, CHECK NUMBER OF PREVIOUS ITEMS $user = User::newInstance()->findByPrimaryKey(osc_logged_user_id()); if ($user['i_items'] < osc_moderate_items()) { $active = 'INACTIVE'; } else { $active = 'ACTIVE'; } } } } else { if (osc_moderate_items() == 0) { if (osc_is_web_user_logged_in() && osc_logged_user_item_validation()) { $active = 'ACTIVE'; } else { $active = 'INACTIVE'; } } else { $active = 'ACTIVE'; } } } if ($userId != null) { $data = User::newInstance()->findByPrimaryKey($userId); $aItem['contactName'] = $data['s_name']; $aItem['contactEmail'] = $data['s_email']; Params::setParam('contactName', $data['s_name']); Params::setParam('contactEmail', $data['s_email']); } else { $aItem['contactName'] = Params::getParam('contactName'); $aItem['contactEmail'] = Params::getParam('contactEmail'); } $aItem['active'] = $active; $aItem['userId'] = $userId; } else { // EDIT $aItem['secret'] = Params::getParam('secret'); $aItem['idItem'] = Params::getParam('id'); if ($userId != null) { $data = User::newInstance()->findByPrimaryKey($userId); $aItem['contactName'] = $data['s_name']; $aItem['contactEmail'] = $data['s_email']; Params::setParam('contactName', $data['s_name']); Params::setParam('contactEmail', $data['s_email']); } else { $aItem['contactName'] = Params::getParam('contactName'); $aItem['contactEmail'] = Params::getParam('contactEmail'); } $aItem['userId'] = $userId; } // get params $aItem['catId'] = Params::getParam('catId'); $aItem['countryId'] = Params::getParam('countryId'); $aItem['country'] = Params::getParam('country'); $aItem['region'] = Params::getParam('region'); $aItem['regionId'] = Params::getParam('regionId'); $aItem['city'] = Params::getParam('city'); $aItem['cityId'] = Params::getParam('cityId'); $aItem['price'] = Params::getParam('price') != '' ? Params::getParam('price') : null; $aItem['cityArea'] = Params::getParam('cityArea'); $aItem['address'] = Params::getParam('address'); $aItem['currency'] = Params::getParam('currency'); $aItem['showEmail'] = Params::getParam('showEmail') != '' ? 1 : 0; $aItem['title'] = Params::getParam('title'); $aItem['description'] = Params::getParam('description'); $aItem['photos'] = Params::getFiles('photos'); // check params $country = Country::newInstance()->findByCode($aItem['countryId']); if (count($country) > 0) { $countryId = $country['pk_c_code']; $countryName = $country['s_name']; } else { $countryId = null; $countryName = $aItem['country']; } $aItem['countryId'] = $countryId; $aItem['countryName'] = $countryName; if ($aItem['regionId'] != '') { if (intval($aItem['regionId'])) { $region = Region::newInstance()->findByPrimaryKey($aItem['regionId']); if (count($region) > 0) { $regionId = $region['pk_i_id']; $regionName = $region['s_name']; } } } else { $regionId = null; $regionName = $aItem['region']; if ($aItem['countryId'] != '') { $auxRegion = Region::newInstance()->findByName($aItem['region'], $aItem['countryId']); if ($auxRegion) { $regionId = $auxRegion['pk_i_id']; $regionName = $auxRegion['s_name']; } } } $aItem['regionId'] = $regionId; $aItem['regionName'] = $regionName; if ($aItem['cityId'] != '') { if (intval($aItem['cityId'])) { $city = City::newInstance()->findByPrimaryKey($aItem['cityId']); if (count($city) > 0) { $cityId = $city['pk_i_id']; $cityName = $city['s_name']; } } } else { $cityId = null; $cityName = $aItem['city']; if ($aItem['countryId'] != '') { $auxCity = City::newInstance()->findByName($aItem['city'], $aItem['regionId']); if ($auxCity) { $cityId = $auxCity['pk_i_id']; $cityName = $auxCity['s_name']; } } } $aItem['cityId'] = $cityId; $aItem['cityName'] = $cityName; if ($aItem['cityArea'] == '') { $aItem['cityArea'] = null; } if ($aItem['address'] == '') { $aItem['address'] = null; } if (!is_null($aItem['price'])) { $price = str_replace(osc_locale_thousands_sep(), '', trim($aItem['price'])); $price = str_replace(osc_locale_dec_point(), '.', $price); $aItem['price'] = $price * 1000000; //$aItem['price'] = (float) $aItem['price']; } if ($aItem['catId'] == '') { $aItem['catId'] = 0; } if ($aItem['currency'] == '') { $aItem['currency'] = null; } $this->data = $aItem; }
function doModel() { switch ($this->action) { case 'login_post': //post execution for the login if (!osc_users_enabled()) { osc_add_flash_error_message(_m('Users are not enabled')); $this->redirectTo(osc_base_url()); } require_once LIB_PATH . 'osclass/UserActions.php'; $user = User::newInstance()->findByEmail(Params::getParam('email')); $url_redirect = osc_user_dashboard_url(); $page_redirect = ''; if (osc_rewrite_enabled()) { if (isset($_SERVER['HTTP_REFERER'])) { $request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $_SERVER['HTTP_REFERER'])); $tmp_ar = explode("?", $request_uri); $request_uri = $tmp_ar[0]; $rules = Rewrite::newInstance()->listRules(); foreach ($rules as $match => $uri) { if (preg_match('#' . $match . '#', $request_uri, $m)) { $request_uri = preg_replace('#' . $match . '#', $uri, $request_uri); if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) { $page_redirect = $match[2]; } break; } } } } else { if (preg_match('|[\\?&]page=([^&]+)|', $_SERVER['HTTP_REFERER'] . '&', $match)) { $page_redirect = $match[1]; } } if (Params::getParam('http_referer') != '') { Session::newInstance()->_setReferer(Params::getParam('http_referer')); $url_redirect = Params::getParam('http_referer'); } else { if (Session::newInstance()->_getReferer() != '') { Session::newInstance()->_setReferer(Session::newInstance()->_getReferer()); $url_redirect = Session::newInstance()->_getReferer(); } else { if ($page_redirect != '' && $page_redirect != 'login') { Session::newInstance()->_setReferer($_SERVER['HTTP_REFERER']); $url_redirect = $_SERVER['HTTP_REFERER']; } } } if (!$user) { osc_add_flash_error_message(_m('The username doesn\'t exist')); $this->redirectTo(osc_user_login_url()); } if ($user["s_password"] != sha1(Params::getParam('password'))) { osc_add_flash_error_message(_m('The password is incorrect')); $this->redirectTo(osc_user_login_url()); } $uActions = new UserActions(false); $logged = $uActions->bootstrap_login($user['pk_i_id']); if ($logged == 0) { osc_add_flash_error_message(_m('The username doesn\'t exist')); } else { if ($logged == 1) { osc_add_flash_error_message(_m('The user has not been validated yet')); } else { if ($logged == 2) { osc_add_flash_error_message(_m('The user has been suspended')); } else { if ($logged == 3) { if (Params::getParam('remember') == 1) { //this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_userId', $user['pk_i_id']); Cookie::newInstance()->push('oc_userSecret', $secret); Cookie::newInstance()->set(); } $this->redirectTo($url_redirect); } else { osc_add_flash_error_message(_m('This should never happens')); } } } } if (!$user['b_enabled']) { $this->redirectTo(osc_user_login_url()); } $this->redirectTo(osc_user_login_url()); break; case 'recover': //form to recover the password (in this case we have the form in /gui/) $this->doView('user-recover.php'); break; case 'recover_post': //post execution to recover the password require_once LIB_PATH . 'osclass/UserActions.php'; // e-mail is incorrect if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) { osc_add_flash_error_message(_m('Invalid email address')); $this->redirectTo(osc_recover_user_password_url()); } $userActions = new UserActions(false); $success = $userActions->recover_password(); switch ($success) { case 0: // recover ok osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password')); $this->redirectTo(osc_base_url()); break; case 1: // e-mail does not exist osc_add_flash_error_message(_m('We were not able to identify you given the information provided')); $this->redirectTo(osc_recover_user_password_url()); break; case 2: // recaptcha wrong osc_add_flash_error_message(_m('The recaptcha code is wrong')); $this->redirectTo(osc_recover_user_password_url()); break; } break; case 'forgot': //form to recover the password (in this case we have the form in /gui/) $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user) { $this->doView('user-forgot_password.php'); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'forgot_post': if (Params::getParam('new_password') == '' || Params::getParam('new_password2') == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user['b_enabled'] == 1) { if (Params::getParam('new_password') == Params::getParam('new_password2')) { User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => $_SERVER['REMOTE_ADDR'], 's_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed')); $this->redirectTo(osc_user_login_url()); } else { osc_add_flash_error_message(_m('Error, the password don\'t match')); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); } $this->redirectTo(osc_base_url()); break; default: //login if (osc_logged_user_id() != '') { $this->redirectTo(osc_user_dashboard_url()); } $this->doView('user-login.php'); } }
$user_picture_url = osc_current_web_theme_url('images/user_default.gif'); } ?> <div class="user-avatar"> <img src="<?php echo $user_picture_url; ?> " width="50" height="50" /> </div> <div > <span class="name"><?php echo osc_logged_user_name(); ?> </span> <a href="<?php echo osc_user_public_profile_url(osc_logged_user_id()); ?> "><?php _e('Public profile', 'pop'); ?> </a> </div> </div> <div class="user-menu box"> <?php echo osc_private_user_menu(get_user_menu()); ?> </div> </div> </div> <div id="dialog-delete-account" title="<?php
if (can_vote($itemId, $userId, $hash)) { ModelVoting::newInstance()->insertItemVote($itemId, $userId, $iVote, $hash); } } else { if ($user == 1 && is_null($hash)) { if (can_vote($itemId, $userId, $hash)) { ModelVoting::newInstance()->insertItemVote($itemId, $userId, $iVote, $hash); } } } } // return updated voting $item = Item::newInstance()->findByPrimaryKey($itemId); View::newInstance()->_exportVariableToView('item', $item); if (osc_is_this_category('voting', osc_item_category_id())) { $aux_vote = ModelVoting::newInstance()->getItemAvgRating(osc_item_id()); $aux_count = ModelVoting::newInstance()->getItemNumberOfVotes(osc_item_id()); $vote['vote'] = $aux_vote['vote']; $vote['total'] = $aux_count['total']; $vote['can_vote'] = true; if (osc_get_preference('user', 'voting') == 1) { if (!osc_is_web_user_logged_in()) { $vote['can_vote'] = false; } } if (!can_vote(osc_item_id(), osc_logged_user_id(), $hash)) { $vote['can_vote'] = false; } require 'view_votes.php'; } }
</div> </form> </div> </div> </div> <div class="tab-pane" id="deleteprofile"> <div class="delete-profile"> <p><?php _e('Are you sure you want to delete your account?', 'flatter'); ?> </p> <a class="btn btn-danger" onclick="javascript:return confirm('<?php echo osc_esc_js(__('Are you sure you want to continue?', 'flatter')); ?> ')" href="<?php echo osc_base_url() . '?page=user&action=delete&id=' . osc_logged_user_id() . '&secret=' . osc_user_field("s_secret"); ?> " class="opt_delete_account"><?php _e('Delete', 'flatter'); ?> </a> </div> </div> </div> </div> </div> <div class="col-sm-3 visible-xs" style="margin-top:15px;"> <?php osc_run_hook('before-main');
<?php require_once PAYMENT_PRO_PATH . 'CheckoutDataTable.php'; $products = payment_pro_cart_get(); $extra = array('user' => osc_logged_user_id(), 'email' => osc_logged_user_email()); $checkoutDataTable = new CheckoutDataTable(); $checkoutDataTable->table($products); $aData = $checkoutDataTable->getData(); $aRawRows = $checkoutDataTable->rawRows(); $columns = $aData['aColumns']; $rows = $aData['aRows']; ?> <style type="text/css"> .payments-ul { list-style-type:none; } .payments-ul li { display: inline-block; } .payments-preview { float:left; width: 40%; } .payments-options { float:left; width: 60%; } table.table { width: 100%; max-width: 100%;
<?php if (Params::getParam('id') != '') { $id = Params::getParam('id'); if (osc_is_web_user_logged_in()) { //check if the item is not already in the watchlist $conn = getConnection(); $detail = $conn->osc_dbFetchResult("SELECT * FROM %st_item_watchlist WHERE fk_i_item_id = %d and fk_i_user_id = %d", DB_TABLE_PREFIX, $id, osc_logged_user_id()); //If nothing returned then we can process if (!isset($detail['fk_i_item_id'])) { $conn = getConnection(); $conn->osc_dbExec("INSERT INTO %st_item_watchlist (fk_i_item_id, fk_i_user_id) VALUES (%d, '%d')", DB_TABLE_PREFIX, $id, osc_logged_user_id()); $title = __('Remove from watchlist', 'watchlist'); echo '<a class="watchlist full" id="' . $id . '"><span title="' . $title . '"></span>' . $title . '</a>'; } else { // remove from watchlist $conn = getConnection(); $conn->osc_dbExec("DELETE FROM %st_item_watchlist WHERE fk_i_item_id = '%d'", DB_TABLE_PREFIX, $id); $title = __('Add to watchlist', 'watchlist'); echo '<a class="watchlist empty" id="' . $id . '"><span title="' . $title . '"></span>' . $title . '</a>'; } } else { //error user is not login in //echo '<a href="' . osc_user_login_url() . '">' . __('Please login', 'watchlist') . '</a>'; } }
</a> <?php } ?> </div> <?php } ?> <?php } ?> <?php if (!osc_item_is_expired()) { ?> <?php if (osc_logged_user_id() != osc_item_user_id()) { ?> <?php if (osc_reg_user_can_contact() && osc_is_web_user_logged_in() || !osc_reg_user_can_contact()) { ?> <div id="contact"> <h2><?php _e("Contact publisher", 'modern'); ?> </h2> <p class="name"><?php _e('Name', 'modern'); ?> : <?php echo osc_item_contact_name(); ?>
<!--<div class="box fb-comments" data-href="<?php echo osc_item_url(); ?> " data-numposts="5"></div>--> <?php if (osc_comments_enabled()) { // item_comments(); } ?> </div> <div class="col-sm-6 col-md-4"> <div class="item-detail"> <?php if (osc_is_web_user_logged_in() && osc_logged_user_id() == osc_item_user_id()) { ?> <div class="toolbar admin-options"> <a class="link" href="<?php echo osc_item_edit_url(); ?> " rel="nofollow"> <i class="fa fa-pencil"></i> <?php _e('Edit', 'pop'); ?> </a> <a class="link" href="#" onclick="confirmDelete('#dialog-delete-item','<?php echo osc_item_delete_url();
echo osc_comment_title(); ?> <em> <?php _e("by", 'osclasswizards'); ?> <?php echo osc_comment_author_name(); ?> :</em></h4> <p><?php echo nl2br(osc_comment_body()); ?> </p> <?php if (osc_comment_user_id() && osc_comment_user_id() == osc_logged_user_id()) { ?> <p> <a rel="nofollow" href="<?php echo osc_delete_comment_url(); ?> " title="<?php _e('Delete your comment', 'osclasswizards'); ?> "> <?php _e('Delete', 'osclasswizards'); ?> </a> </p> <?php } ?>
<?php if (osc_is_web_user_logged_in()) { $recipPMs = ModelPM::newInstance()->getSenderMessages(osc_logged_user_id(), 1, 'pm_id', 'DESC'); $recipCount = count($recipPMs); ?> <div class="content user_account"> <h1> <strong><?php _e('Outbox', 'osclass_pm'); ?> </strong> </h1> <div id="sidebar"> <?php echo osc_private_user_menu(); ?> </div> <div id="main"> <h2><?php _e('Outbox', 'osclass_pm'); ?> </h2> <form action="<?php echo osc_base_url() . 'oc-content/plugins/osclass_pm/user-proc.php'; ?> " method="POST"> <input type="hidden" name="page" value="custom" /> <input type="hidden" name="file" value="osclass_pm/user-proc.php" /> <input type="hidden" name="box" value="outbox" /> <input type="hidden" name="option" value="delMessages" />
?> <div id="rate_this" class="modal fade"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h4 class="modal-title">Rate this Seller</h4> </div> <form name="ratings" id="ratings" method="post" action=""> <input type="hidden" name="seller_rating" value="submit_it" /> <div class="modal-body" style="background-color:#ccc;"> <div id="ratings" style="padding:15px;"> <div id="jRate"></div><div id="rating-onchange-value">Your Rating: </div> <input type="hidden" name="rating_data" id="rating_data"/> <input type="hidden" name="rating_user" id="rating_user" value="<?php echo osc_logged_user_id(); ?> " /> <input type="hidden" name="rating_seller" id="rating_seller" value="<?php echo osc_item_user_id(); ?> " /> </div> <button type="submit" class="btn btn-primary" >Submit Ratings</button> </div> </form> <div class="modal-footer"> <button type="button" class="btn btn-default" data-dismiss="modal">Close</button> </div> </div><!-- /.modal-content -->
function nc_osc_check_watchlist() { return WatchList::newInstance()->checkItemAdded(osc_logged_user_id(), osc_item_id()); }
</p> </td> </tr> <?php $class = $class == 'even' ? 'odd' : 'even'; ?> <?php } ?> </tbody> </table> </div> </div> <div id="sidebar"> <?php if (osc_logged_user_id() != osc_user_id()) { ?> <?php if (osc_reg_user_can_contact() && osc_is_web_user_logged_in() || !osc_reg_user_can_contact()) { ?> <div id="contact"> <h2><?php _e("Contact publisher", 'modern'); ?> </h2> <ul id="error_list"></ul> <?php ContactForm::js_validation(); ?> <form action="<?php echo osc_base_url(true);
function doModel() { //calling the view... $locales = OSCLocale::newInstance()->listAllEnabled(); $this->_exportVariableToView('locales', $locales); switch ($this->action) { case 'item_add': // post if (osc_reg_user_post() && $this->user == null) { osc_add_flash_warning_message(_m('Only registered users are allowed to post listings')); Session::newInstance()->_setReferer(osc_item_post_url()); $this->redirectTo(osc_user_login_url()); } $countries = Country::newInstance()->listAll(); $regions = array(); if (isset($this->user['fk_c_country_code']) && $this->user['fk_c_country_code'] != '') { $regions = Region::newInstance()->findByCountry($this->user['fk_c_country_code']); } else { if (count($countries) > 0) { $regions = Region::newInstance()->findByCountry($countries[0]['pk_c_code']); } } $cities = array(); if (isset($this->user['fk_i_region_id']) && $this->user['fk_i_region_id'] != '') { $cities = City::newInstance()->findByRegion($this->user['fk_i_region_id']); } else { if (count($regions) > 0) { $cities = City::newInstance()->findByRegion($regions[0]['pk_i_id']); } } $this->_exportVariableToView('countries', $countries); $this->_exportVariableToView('regions', $regions); $this->_exportVariableToView('cities', $cities); $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } if (Session::newInstance()->_getForm('countryId') != "") { $countryId = Session::newInstance()->_getForm('countryId'); $regions = Region::newInstance()->findByCountry($countryId); $this->_exportVariableToView('regions', $regions); if (Session::newInstance()->_getForm('regionId') != "") { $regionId = Session::newInstance()->_getForm('regionId'); $cities = City::newInstance()->findByRegion($regionId); $this->_exportVariableToView('cities', $cities); } } $this->_exportVariableToView('user', $this->user); osc_run_hook('post_item'); $this->doView('item-post.php'); break; case 'item_add_post': //post_item osc_csrf_check(); if (osc_reg_user_post() && $this->user == null) { osc_add_flash_warning_message(_m('Only registered users are allowed to post listings')); $this->redirectTo(osc_base_url(true)); } $mItems = new ItemActions(false); // prepare data for ADD ITEM $mItems->prepareData(true); // set all parameters into session foreach ($mItems->data as $key => $value) { Session::newInstance()->_setForm($key, $value); } $meta = Params::getParam('meta'); if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_setForm('meta_' . $key, $value); Session::newInstance()->_keepForm('meta_' . $key); } } if (osc_recaptcha_items_enabled() && osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); $this->redirectTo(osc_item_post_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } if (!osc_is_web_user_logged_in()) { $user = User::newInstance()->findByEmail($mItems->data['contactEmail']); // The user exists but it's not logged if (isset($user['pk_i_id'])) { foreach ($mItems->data as $key => $value) { Session::newInstance()->_keepForm($key); } osc_add_flash_error_message(_m('A user with that email address already exists, if it is you, please log in')); $this->redirectTo(osc_user_login_url()); } } $banned = osc_is_banned($mItems->data['contactEmail']); if ($banned == 1) { osc_add_flash_error_message(_m('Your current email is not allowed')); $this->redirectTo(osc_item_post_url()); } else { if ($banned == 2) { osc_add_flash_error_message(_m('Your current IP is not allowed')); $this->redirectTo(osc_item_post_url()); } } // POST ITEM ( ADD ITEM ) $success = $mItems->add(); if ($success != 1 && $success != 2) { osc_add_flash_error_message($success); $this->redirectTo(osc_item_post_url()); } else { if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_dropKeepForm('meta_' . $key); } } Session::newInstance()->_clearVariables(); if ($success == 1) { osc_add_flash_ok_message(_m('Check your inbox to validate your listing')); } else { osc_add_flash_ok_message(_m('Your listing has been published')); } $itemId = Params::getParam('itemId'); $category = Category::newInstance()->findByPrimaryKey(Params::getParam('catId')); View::newInstance()->_exportVariableToView('category', $category); $this->redirectTo(osc_search_category_url()); } break; case 'item_edit': // edit item $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = %d AND ((i.s_secret = %s AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = %d))", (int) $id, $secret, (int) $this->userId); if (count($item) == 1) { $item = Item::newInstance()->findByPrimaryKey($id); $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } $this->_exportVariableToView('item', $item); osc_run_hook("before_item_edit", $item); $this->doView('item-edit.php'); } else { // add a flash message [ITEM NO EXISTE] osc_add_flash_error_message(_m("Sorry, we don't have any listings with that ID")); if ($this->user != null) { $this->redirectTo(osc_user_list_items_url()); } else { $this->redirectTo(osc_base_url()); } } break; case 'item_edit_post': osc_csrf_check(); $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = %d AND ((i.s_secret = %s AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = %d))", (int) $id, $secret, (int) $this->userId); if (count($item) == 1) { $this->_exportVariableToView('item', $item[0]); $mItems = new ItemActions(false); // prepare data for ADD ITEM $mItems->prepareData(false); // set all parameters into session foreach ($mItems->data as $key => $value) { Session::newInstance()->_setForm($key, $value); } $meta = Params::getParam('meta'); if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_setForm('meta_' . $key, $value); Session::newInstance()->_keepForm('meta_' . $key); } } if (osc_recaptcha_items_enabled() && osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); $this->redirectTo(osc_item_edit_url($secret, $id)); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } $success = $mItems->edit(); if ($success == 1) { osc_add_flash_ok_message(_m("Great! We've just updated your listing")); View::newInstance()->_exportVariableToView("item", Item::newInstance()->findByPrimaryKey($id)); $this->redirectTo(osc_item_url()); } else { osc_add_flash_error_message($success); $this->redirectTo(osc_item_edit_url($secret, $id)); } } break; case 'activate': $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = %d AND ((i.s_secret = %s) OR (i.fk_i_user_id = %d))", (int) $id, $secret, (int) $this->userId); // item doesn't exist if (count($item) == 0) { $this->do404(); return; } View::newInstance()->_exportVariableToView('item', $item[0]); if ($item[0]['b_active'] == 0) { // ACTIVETE ITEM $mItems = new ItemActions(false); $success = $mItems->activate($item[0]['pk_i_id'], $item[0]['s_secret']); if ($success) { osc_add_flash_ok_message(_m('The listing has been validated')); } else { osc_add_flash_error_message(_m("The listing can't be validated")); } } else { osc_add_flash_warning_message(_m('The listing has already been validated')); } $this->redirectTo(osc_item_url()); break; case 'item_delete': $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = %d AND ((i.s_secret = %s) OR (i.fk_i_user_id = %d))", (int) $id, $secret, (int) $this->userId); if (count($item) == 1) { $mItems = new ItemActions(false); $success = $mItems->delete($item[0]['s_secret'], $item[0]['pk_i_id']); if ($success) { osc_add_flash_ok_message(_m('Your listing has been deleted')); } else { osc_add_flash_error_message(_m("The listing you are trying to delete couldn't be deleted")); } if ($this->user != null) { $this->redirectTo(osc_user_list_items_url()); } else { $this->redirectTo(osc_base_url()); } } else { osc_add_flash_error_message(_m("The listing you are trying to delete couldn't be deleted")); $this->redirectTo(osc_base_url()); } break; case 'deleteResources': // Delete images via AJAX $id = Params::getParam('id'); $item = Params::getParam('item'); $code = Params::getParam('code'); $secret = Params::getParam('secret'); if (Session::newInstance()->_get('userId') != '') { $userId = Session::newInstance()->_get('userId'); $user = User::newInstance()->findByPrimaryKey($userId); } else { $userId = null; $user = null; } if (!(is_numeric($id) && is_numeric($item) && preg_match('/^([a-z0-9]+)$/i', $code))) { osc_add_flash_error_message(_m("The selected photo couldn't be deleted, the url doesn't exist")); $this->redirectTo(osc_item_edit_url($secret, $item)); } $aItem = Item::newInstance()->findByPrimaryKey($item); if (count($aItem) == 0) { osc_add_flash_error_message(_m("The listing doesn't exist")); $this->redirectTo(osc_item_edit_url($secret, $item)); } if (!osc_is_admin_user_logged_in()) { if ($userId != null && $userId != $aItem['fk_i_user_id']) { osc_add_flash_error_message(_m("The listing doesn't belong to you")); $this->redirectTo(osc_item_edit_url($secret, $item)); } if ($userId == null && $aItem['fk_i_user_id'] == null && $secret != $aItem['s_secret']) { osc_add_flash_error_message(_m("The listing doesn't belong to you")); $this->redirectTo(osc_item_edit_url($secret, $item)); } } $result = ItemResource::newInstance()->existResource($id, $code); if ($result > 0) { $resource = ItemResource::newInstance()->findByPrimaryKey($id); if ($resource['fk_i_item_id'] == $item) { osc_deleteResource($id, false); Log::newInstance()->insertLog('item', 'deleteResource', $id, $id, 'user', osc_logged_user_id()); ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $item, 's_name' => $code)); osc_add_flash_ok_message(_m('The selected photo has been successfully deleted')); } else { osc_add_flash_error_message(_m("The selected photo does not belong to you")); } } else { osc_add_flash_error_message(_m("The selected photo couldn't be deleted")); } $this->redirectTo(osc_item_edit_url($secret, $item)); break; case 'mark': $id = Params::getParam('id'); $as = Params::getParam('as'); $item = Item::newInstance()->findByPrimaryKey($id); View::newInstance()->_exportVariableToView('item', $item); require_once osc_lib_path() . 'osclass/user-agents.php'; foreach ($user_agents as $ua) { if (preg_match('|' . $ua . '|', Params::getServerParam('HTTP_USER_AGENT'))) { // mark item if it's not a bot $mItem = new ItemActions(false); $mItem->mark($id, $as); break; } } osc_add_flash_ok_message(_m("Thanks! That's very helpful")); $this->redirectTo(osc_item_url()); break; case 'send_friend': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); $this->doView('item-send-friend.php'); break; case 'send_friend_post': osc_csrf_check(); $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail')); Session::newInstance()->_setForm("yourName", Params::getParam('yourName')); Session::newInstance()->_setForm("friendName", Params::getParam('friendName')); Session::newInstance()->_setForm("friendEmail", Params::getParam('friendEmail')); Session::newInstance()->_setForm("message_body", Params::getParam('message')); if (osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); $this->redirectTo(osc_item_send_friend_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } osc_run_hook('pre_item_send_friend_post', $item); $mItem = new ItemActions(false); $success = $mItem->send_friend(); osc_run_hook('post_item_send_friend_post', $item); if ($success) { Session::newInstance()->_clearVariables(); $this->redirectTo(osc_item_url()); } else { $this->redirectTo(osc_item_send_friend_url()); } break; case 'contact': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); if (empty($item)) { osc_add_flash_error_message(_m("This listing doesn't exist")); $this->redirectTo(osc_base_url(true)); } else { $this->_exportVariableToView('item', $item); if (osc_item_is_expired()) { osc_add_flash_error_message(_m("We're sorry, but the listing has expired. You can't contact the seller")); $this->redirectTo(osc_item_url()); } if (osc_reg_user_can_contact() && osc_is_web_user_logged_in() || !osc_reg_user_can_contact()) { $this->doView('item-contact.php'); } else { osc_add_flash_error_message(_m("You can't contact the seller, only registered users can")); $this->redirectTo(osc_item_url()); } } break; case 'contact_post': osc_csrf_check(); if (osc_reg_user_can_contact() && !osc_is_web_user_logged_in()) { osc_add_flash_warning_message(_m("You can't contact the seller, only registered users can")); $this->redirectTo(osc_base_url(true)); } $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); if (osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail')); Session::newInstance()->_setForm("yourName", Params::getParam('yourName')); Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber')); Session::newInstance()->_setForm("message_body", Params::getParam('message')); $this->redirectTo(osc_item_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } $banned = osc_is_banned(Params::getParam('yourEmail')); if ($banned == 1) { osc_add_flash_error_message(_m('Your current email is not allowed')); $this->redirectTo(osc_item_url()); } else { if ($banned == 2) { osc_add_flash_error_message(_m('Your current IP is not allowed')); $this->redirectTo(osc_item_url()); } } if (osc_isExpired($item['dt_expiration'])) { osc_add_flash_error_message(_m("We're sorry, but the listing has expired. You can't contact the seller")); $this->redirectTo(osc_item_url()); } osc_run_hook('pre_item_contact_post', $item); $mItem = new ItemActions(false); $result = $mItem->contact(); osc_run_hook('post_item_contact_post', $item); if (is_string($result)) { osc_add_flash_error_message($result); } else { osc_add_flash_ok_message(_m("We've just sent an e-mail to the seller")); } $this->redirectTo(osc_item_url()); break; case 'add_comment': osc_csrf_check(); $mItem = new ItemActions(false); $status = $mItem->add_comment(); switch ($status) { case -1: $msg = _m('Sorry, we could not save your comment. Try again later'); osc_add_flash_error_message($msg); break; case 1: $msg = _m('Your comment is awaiting moderation'); osc_add_flash_info_message($msg); break; case 2: $msg = _m('Your comment has been approved'); osc_add_flash_ok_message($msg); break; case 3: $msg = _m('Please fill the required field (email)'); osc_add_flash_warning_message($msg); break; case 4: $msg = _m('Please type a comment'); osc_add_flash_warning_message($msg); break; case 5: $msg = _m('Your comment has been marked as spam'); osc_add_flash_error_message($msg); break; case 6: $msg = _m('You need to be logged to comment'); osc_add_flash_error_message($msg); break; case 7: $msg = _m('Sorry, comments are disabled'); osc_add_flash_error_message($msg); break; } //View::newInstance()->_exportVariableToView('item', Item::newInstance()->findByPrimaryKey(Params::getParam('id'))); $this->redirectTo(osc_item_url()); break; case 'delete_comment': osc_csrf_check(); $mItem = new ItemActions(false); $status = $mItem->add_comment(); // @TOFIX @FIXME $status never used + ?? need to add_comment() before deleting it?? $itemId = Params::getParam('id'); $commentId = Params::getParam('comment'); $item = Item::newInstance()->findByPrimaryKey($itemId); if (count($item) == 0) { osc_add_flash_error_message(_m("This listing doesn't exist")); $this->redirectTo(osc_base_url(true)); } View::newInstance()->_exportVariableToView('item', $item); if ($this->userId == null) { osc_add_flash_error_message(_m('You must be logged in to delete a comment')); $this->redirectTo(osc_item_url()); } $commentManager = ItemComment::newInstance(); $aComment = $commentManager->findByPrimaryKey($commentId); if (count($aComment) == 0) { osc_add_flash_error_message(_m("The comment doesn't exist")); $this->redirectTo(osc_item_url()); } if ($aComment['b_active'] != 1) { osc_add_flash_error_message(_m('The comment is not active, you cannot delete it')); $this->redirectTo(osc_item_url()); } if ($aComment['fk_i_user_id'] != $this->userId) { osc_add_flash_error_message(_m('The comment was not added by you, you cannot delete it')); $this->redirectTo(osc_item_url()); } $commentManager->deleteByPrimaryKey($commentId); osc_add_flash_ok_message(_m('The comment has been deleted')); $this->redirectTo(osc_item_url()); break; default: // if there isn't ID, show an error 404 if (Params::getParam('id') == '') { $this->do404(); return; } if (Params::getParam('lang') != '') { Session::newInstance()->_set('userLocale', Params::getParam('lang')); } $item = osc_apply_filter('pre_show_item', $this->itemManager->findByPrimaryKey(Params::getParam('id'))); // if item doesn't exist show an error 410 if (count($item) == 0) { $this->do410(); return; } if ($item['b_active'] != 1) { if ($this->userId == $item['fk_i_user_id'] && $this->userId != '' || osc_is_admin_user_logged_in()) { osc_add_flash_warning_message(_m("The listing hasn't been validated. Please validate it in order to make it public")); } else { $this->do400(); return; } } else { if ($item['b_enabled'] == 0) { if (osc_is_admin_user_logged_in()) { osc_add_flash_warning_message(_m("The listing hasn't been enabled. Please enable it in order to make it public")); } else { if (osc_is_web_user_logged_in() && osc_logged_user_id() == $item['fk_i_user_id']) { osc_add_flash_warning_message(_m("The listing has been blocked or is awaiting moderation from the admin")); } else { $this->do400(); return; } } } } if (!osc_is_admin_user_logged_in() && !($item['fk_i_user_id'] != '' && $item['fk_i_user_id'] == osc_logged_user_id())) { require_once osc_lib_path() . 'osclass/user-agents.php'; foreach ($user_agents as $ua) { if (preg_match('|' . $ua . '|', Params::getServerParam('HTTP_USER_AGENT'))) { $mStats = new ItemStats(); $mStats->increase('i_num_views', $item['pk_i_id']); break; } } } foreach ($item['locale'] as $k => $v) { $item['locale'][$k]['s_title'] = osc_apply_filter('item_title', $v['s_title']); $item['locale'][$k]['s_description'] = nl2br(osc_apply_filter('item_description', $v['s_description'])); } if ($item['fk_i_user_id'] != '') { $user = User::newInstance()->findByPrimaryKey($item['fk_i_user_id']); $this->_exportVariableToView('user', $user); } $this->_exportVariableToView('item', $item); osc_run_hook('show_item', $item); // redirect to the correct url just in case it has changed $itemURI = str_replace(osc_base_url(), '', osc_item_url()); $URI = preg_replace('|^' . REL_WEB_URL . '|', '', Params::getServerParam('REQUEST_URI', false, false)); // do not clean QUERY_STRING if permalink is not enabled if (osc_rewrite_enabled()) { $URI = str_replace('?' . Params::getServerParam('QUERY_STRING', false, false), '', $URI); } else { $params_keep = array('page', 'id'); $params = array(); foreach (Params::getParamsAsArray('get') as $k => $v) { if (in_array($k, $params_keep)) { $params[] = "{$k}={$v}"; } } $URI = 'index.php?' . implode('&', $params); } // redirect to the correct url if ($itemURI != $URI) { $this->redirectTo(osc_base_url() . $itemURI, 301); } $this->doView('item.php'); break; } }
<div id="contact" class="widget-box form-container form-vertical"> <h2><?php _e("Contact publisher", 'bender'); ?> </h2> <?php if (osc_item_is_expired()) { ?> <p> <?php _e("The listing is expired. You can't contact the publisher.", 'bender'); ?> </p> <?php } else { if (osc_logged_user_id() == osc_item_user_id() && osc_logged_user_id() != 0) { ?> <p> <?php _e("It's your own listing, you can't contact the publisher.", 'bender'); ?> </p> <?php } else { if (osc_reg_user_can_contact() && !osc_is_web_user_logged_in()) { ?> <p> <?php _e("You must log in or register a new account in order to contact the advertiser", 'bender'); ?> </p>
?> <br/> </div> <div class="payments-options"> <?php _e("In order to make visible your ad to other users, it's required to pay a fee", 'payment'); ?> .<br/> <?php echo sprintf(__('The current fee for this category is: %.2f %s', 'payment'), $category_fee, osc_get_preference('currency', 'payment')); ?> <br/> <ul class="payments-ul"> <?php if (osc_is_web_user_logged_in()) { $wallet = ModelPayment::newInstance()->getWallet(osc_logged_user_id()); if (isset($wallet['formatted_amount']) && $wallet['formatted_amount'] >= $category_fee) { wallet_button($category_fee, sprintf(__('Publish fee for item %d at %s', 'payment'), $item['pk_i_id'], osc_page_title()), "101x" . $item['fk_i_category_id'] . "x" . $item['pk_i_id'], array('user' => $item['fk_i_user_id'], 'itemid' => $item['pk_i_id'], 'email' => $item['s_contact_email'])); } else { payment_buttons($category_fee, sprintf(__('Publish fee for item %d at %s', 'payment'), $item['pk_i_id'], osc_page_title()), "101x" . $item['fk_i_category_id'] . "x" . $item['pk_i_id'], array('user' => $item['fk_i_user_id'], 'itemid' => $item['pk_i_id'], 'email' => $item['s_contact_email'])); } } else { payment_buttons($category_fee, sprintf(__('Publish fee for item %d at %s', 'payment'), $item['pk_i_id'], osc_page_title()), "101x" . $item['fk_i_category_id'] . "x" . $item['pk_i_id'], array('user' => $item['fk_i_user_id'], 'itemid' => $item['pk_i_id'], 'email' => $item['s_contact_email'])); } ?> </ul> </div> <div style="clear:both;"></div> <?php payment_buttons_js(); ?>
/** * Delete resources by primary key * * @access public * @since 3.1.1 * @param int $id item id * @return bool */ public function deleteResourcesFromHD( $id ) { $resources = ItemResource::newInstance()->getAllResourcesFromItem($id); Log::newInstance()->insertLog('Item', 'deleteResourcesFromHD', $id, $id, OC_ADMIN?'admin':'user', OC_ADMIN?osc_logged_admin_id():osc_logged_user_id()); $log_ids = ''; foreach($resources as $resource) { osc_deleteResource($resource['pk_i_id'], OC_ADMIN); $log_ids .= $resource['pk_i_id'].","; } Log::newInstance()->insertLog('Item', 'deleteResourcesFromHD', $id, substr($log_ids,0, 250), OC_ADMIN?'admin':'user', OC_ADMIN?osc_logged_admin_id():osc_logged_user_id()); }
public static function user_id_hidden() { parent::generic_input_hidden('alert_userId', osc_logged_user_id()); return true; }
<?php $conn = getConnection(); $newPMdrafts = $conn->osc_dbFetchResults("SELECT * FROM %st_pm_drafts WHERE sender_id = '%d' ORDER BY pm_id DESC", DB_TABLE_PREFIX, osc_logged_user_id()); $countPMdrafts = count($newPMdrafts); ?> <div class="content user_account"> <div id="main"> </div> </div>
<?php $i_userId = osc_logged_user_id(); if (Params::getParam('delete') != '' && osc_is_web_user_logged_in()) { delete_item(Params::getParam('delete'), $i_userId); } $itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 5; $iPage = Params::getParam('iPage') != '' ? Params::getParam('iPage') : 0; Search::newInstance()->addConditions(sprintf("%st_item_watchlist.fk_i_user_id = %d", DB_TABLE_PREFIX, $i_userId)); Search::newInstance()->addConditions(sprintf("%st_item_watchlist.fk_i_item_id = %st_item.pk_i_id", DB_TABLE_PREFIX, DB_TABLE_PREFIX)); Search::newInstance()->addTable(sprintf("%st_item_watchlist", DB_TABLE_PREFIX)); Search::newInstance()->page($iPage, $itemsPerPage); $aItems = Search::newInstance()->doSearch(); $iTotalItems = Search::newInstance()->count(); $iNumPages = ceil($iTotalItems / $itemsPerPage); View::newInstance()->_exportVariableToView('items', $aItems); View::newInstance()->_exportVariableToView('search_total_pages', $iNumPages); View::newInstance()->_exportVariableToView('search_page', $iPage); // delete item from watchlist function delete_item($item, $uid) { $conn = getConnection(); $conn->osc_dbExec("DELETE FROM %st_item_watchlist WHERE fk_i_item_id = %d AND fk_i_user_id = %d LIMIT 1", DB_TABLE_PREFIX, $item, $uid); } ?> <div class="row"> <?php osc_current_web_theme_path('user-sidebar.php'); ?> <div class="col-sm-8 col-md-9"> <h1 class="title">
case "UNFOLLOW": if (osc_is_web_user_logged_in()) { $user_id = osc_logged_user_id(); $seller_id = Params::getParam("seller-id"); $return_url = Params::getParam("return_url"); nc_osc_delete_follow($user_id, $seller_id); header('Location:' . htmlspecialchars_decode($return_url)); } break; case "ADD-WATCHLIST": if (osc_is_web_user_logged_in()) { $user_id = osc_logged_user_id(); $item_id = Params::getParam("item_id"); $return_url = Params::getParam("return_url"); nc_osc_add_watchllist($user_id, $item_id); $aItem = Item::newInstance()->findByPrimaryKey($item_id); $item_title = $aItem['s_title']; osc_add_flash_ok_message($item_title . " is added to your watch list."); header('Location:' . htmlspecialchars_decode($return_url)); } break; case "REMOVE-WATCHLIST": if (osc_is_web_user_logged_in()) { $user_id = osc_logged_user_id(); $item_id = Params::getParam("item_id"); $return_url = Params::getParam("return_url"); nc_osc_remove_watchlist($user_id, $item_id); header('Location:' . htmlspecialchars_decode($return_url)); } break; }
function pop_ajax_load_more() { $array = Params::getParamsAsArray(); if ($array['_page'] == 'user') { if ($array['_action'] == 'pub_profile') { if ($array['username'] != '') { $_user = User::newInstance()->findByUsername($array['username']); $array['id'] = $_user['pk_i_id']; } $params['author'] = $array['id']; $params['results_per_page'] = isset($array['_offset']) ? $array['_offset'] : osc_default_results_per_page_at_search(); $params['page'] = isset($array['iPage']) ? $array['iPage'] - 1 : 0; } if ($array['_action'] == 'items') { $params['author'] = osc_logged_user_id(); $params['results_per_page'] = 10; // core default $params['page'] = isset($array['iPage']) ? $array['iPage'] - 1 : 0; } osc_query_item($params); $result = View::newInstance()->_get('customItems'); echo _pop_print_listing_card($result); exit; } if ($array['_page'] == 'search' || $array['_page'] == '') { if (osc_rewrite_enabled()) { if (REL_WEB_URL != '/') { $base_url = str_replace(REL_WEB_URL, '', osc_base_url()); } else { $base_url = osc_base_url(); } $_SERVER['REQUEST_URI'] = preg_replace('|^' . $base_url . '|', '', osc_search_url(Params::getParamsAsArray())); osc_add_hook('before_html', 'pop_ob_start_'); osc_add_hook('after_html', 'pop_ob_clean_'); osc_add_hook('after_search', 'pop_echo_pop_print_listing_card'); } require_once osc_lib_path() . 'osclass/controller/search.php'; $do = new CWebSearch(); $do->doModel(); exit; } }