function doModel() { switch ($this->action) { case 'change_email_confirm': //change email confirm if (Params::getParam('userId') && Params::getParam('code')) { $userManager = new User(); $user = $userManager->findByPrimaryKey(Params::getParam('userId')); if ($user['s_pass_code'] == Params::getParam('code') && $user['b_enabled'] == 1) { $userEmailTmp = UserEmailTmp::newInstance()->findByPk(Params::getParam('userId')); $code = osc_genRandomPassword(50); $userManager->update(array('s_email' => $userEmailTmp['s_new_email']), array('pk_i_id' => $userEmailTmp['fk_i_user_id'])); Item::newInstance()->update(array('s_contact_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); ItemComment::newInstance()->update(array('s_author_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); Alerts::newInstance()->update(array('s_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); Session::newInstance()->_set('userEmail', $userEmailTmp['s_new_email']); UserEmailTmp::newInstance()->delete(array('s_new_email' => $userEmailTmp['s_new_email'])); osc_add_flash_ok_message(_m('Your email has been changed successfully')); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'activate_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $result = 0; if ($email != '' && $secret != '') { $result = Alerts::newInstance()->activate($email, $secret); } if ($result == 1) { osc_add_flash_ok_message(_m('Alert activated')); } else { osc_add_flash_error_message(_m('Ops! There was a problem trying to activate alert. Please contact the administrator')); } $this->redirectTo(osc_base_url(true)); break; case 'unsub_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); if ($email != '' && $secret != '') { Alerts::newInstance()->delete(array('s_email' => $email, 'S_secret' => $secret)); osc_add_flash_ok_message(_m('Unsubscribed correctly')); } else { osc_add_flash_error_message(_m('Ops! There was a problem trying to unsubscribe you. Please contact the administrator')); } $this->redirectTo(osc_base_url()); break; default: $this->redirectTo(osc_user_login_url()); break; } }
function osc_runAlert($type = null, $last_exec = null) { if (!in_array($type, array('HOURLY', 'DAILY', 'WEEKLY', 'INSTANT'))) { return; } if ($last_exec == null) { $cron = Cron::newInstance()->getCronByType($type); if (is_array($cron)) { $last_exec = $cron['d_last_exec']; } else { $last_exec = '0000-00-00 00:00:00'; } } $internal_name = 'alert_email_hourly'; switch ($type) { case 'HOURLY': $internal_name = 'alert_email_hourly'; break; case 'DAILY': $internal_name = 'alert_email_daily'; break; case 'WEEKLY': $internal_name = 'alert_email_weekly'; break; case 'INSTANT': $internal_name = 'alert_email_instant'; break; } $active = TRUE; $searches = Alerts::newInstance()->findByTypeGroup($type, $active); foreach ($searches as $s_search) { // Get if there're new ads on this search $json = $s_search['s_search']; $array_conditions = (array) json_decode($json); $new_search = Search::newInstance(); $new_search->setJsonAlert($array_conditions); $new_search->addConditions(sprintf(" %st_item.dt_pub_date > '%s' ", DB_TABLE_PREFIX, $last_exec)); $items = $new_search->doSearch(); $totalItems = $new_search->count(); if (count($items) > 0) { // If we have new items from last check // Catch the user subscribed to this search $users = Alerts::newInstance()->findUsersBySearchAndType($s_search['s_search'], $type, $active); if (count($users) > 0) { $ads = ''; foreach ($items as $item) { $ads .= '<a href="' . osc_item_url_ns($item['pk_i_id']) . '">' . $item['s_title'] . '</a><br/>'; } foreach ($users as $user) { osc_run_hook('hook_' . $internal_name, $user, $ads, $s_search, $items, $totalItems); AlertsStats::newInstance()->increase(date('Y-m-d')); } } } } }
public function table($params) { $this->addTableHeader(); $this->getDBParams($params); $alerts = Alerts::newInstance()->search($this->start, $this->limit, $this->order_by['column_name'], $this->order_by['type'], $this->search); $this->processData($alerts); $this->total = $alerts['total_results']; $this->total_filtered = $alerts['rows']; return $this->getData(); }
function customFrmText() { $user = __get('user'); $return = array(); if (isset($user['pk_i_id'])) { $return['edit'] = true; $return['title'] = __('Edit user'); $return['action_frm'] = 'edit_post'; $return['btn_text'] = __('Update user'); $return['alerts'] = Alerts::newInstance()->findByUser($user['pk_i_id'], true); } else { $return['edit'] = false; $return['title'] = __('Add new user'); $return['action_frm'] = 'create_post'; $return['btn_text'] = __('Add new user'); $return['alerts'] = array(); } return $return; }
function edit($userId) { $input = $this->prepareData(false); $this->manager->update($input, array('pk_i_id' => $userId)); if ($this->is_admin) { Item::newInstance()->update(array('s_contact_name' => $input['s_name'], 's_contact_email' => $input['s_email']), array('fk_i_user_id' => $userId)); ItemComment::newInstance()->update(array('s_author_name' => $input['s_name'], 's_author_email' => $input['s_email']), array('fk_i_user_id' => $userId)); Alerts::newInstance()->update(array('s_email' => $input['s_email']), array('fk_i_user_id' => $userId)); Log::newInstance()->insertLog('user', 'edit', $userId, $input['s_email'], $this->is_admin ? 'admin' : 'user', $this->is_admin ? osc_logged_admin_id() : osc_logged_user_id()); } else { Item::newInstance()->update(array('s_contact_name' => $input['s_name']), array('fk_i_user_id' => $userId)); ItemComment::newInstance()->update(array('s_author_name' => $input['s_name']), array('fk_i_user_id' => $userId)); $user = $this->manager->findByPrimaryKey($userId); Log::newInstance()->insertLog('user', 'edit', $userId, $user['s_email'], $this->is_admin ? 'admin' : 'user', $this->is_admin ? osc_logged_admin_id() : osc_logged_user_id()); } Session::newInstance()->_set('userName', $input['s_name']); $phone = $input['s_phone_mobile'] ? $input['s_phone_mobile'] : $input['s_phone_land']; Session::newInstance()->_set('userPhone', $phone); if (is_array(Params::getParam('s_info'))) { foreach (Params::getParam('s_info') as $key => $value) { $this->manager->updateDescription($userId, $key, $value); } } osc_run_hook('user_edit_completed', $userId); if ($this->is_admin) { $iUpdated = 0; if (Params::getParam("b_enabled") != '' && Params::getParam("b_enabled") == 1) { $iUpdated += $this->manager->update(array('b_enabled' => 1), array('pk_i_id' => $userId)); } else { $iUpdated += $this->manager->update(array('b_enabled' => 0), array('pk_i_id' => $userId)); } if (Params::getParam("b_active") != '' && Params::getParam("b_active") == 1) { $iUpdated += $this->manager->update(array('b_active' => 1), array('pk_i_id' => $userId)); } else { $iUpdated += $this->manager->update(array('b_active' => 0), array('pk_i_id' => $userId)); } if ($iUpdated > 0) { return 2; } } return 0; }
function doModel() { //specific things for this class switch ($this->action) { case 'bulk_actions': break; case 'regions': //Return regions given a countryId $regions = Region::newInstance()->getByCountry(Params::getParam("countryId")); echo json_encode($regions); break; case 'cities': //Returns cities given a regionId $cities = City::newInstance()->getByRegion(Params::getParam("regionId")); echo json_encode($cities); break; case 'location': // This is the autocomplete AJAX $cities = City::newInstance()->ajax(Params::getParam("term")); echo json_encode($cities); break; case 'alerts': // Allow to register to an alert given (not sure it's used on admin) $alert = Params::getParam("alert"); $email = Params::getParam("email"); $userid = Params::getParam("userid"); if ($alert != '' && $email != '') { if (preg_match("/^[_a-z0-9-+]+(\\.[_a-z0-9-+]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$/", $email)) { Alerts::newInstance()->createAlert($userid, $email, $alert); echo "1"; } else { echo '0'; } return true; } echo '0'; return false; break; case 'runhook': //Run hooks $hook = Params::getParam("hook"); switch ($hook) { case 'item_form': $catId = Params::getParam("catId"); if ($catId != '') { osc_run_hook("item_form", $catId); } else { osc_run_hook("item_form"); } break; case 'item_edit': $catId = Params::getParam("catId"); $itemId = Params::getParam("itemId"); osc_run_hook("item_edit", $catId, $itemId); break; default: if ($hook == '') { return false; } else { osc_run_hook($hook); } break; } break; case 'custom': // Execute via AJAX custom file $ajaxfile = Params::getParam("ajaxfile"); if ($ajaxfile != '') { require_once osc_plugins_path() . $ajaxfile; } else { echo json_encode(array('error' => __('no action defined'))); } break; default: echo json_encode(array('error' => __('no action defined'))); break; } }
function doModel() { switch ($this->action) { case 'dashboard': //dashboard... $max_items = Params::getParam('max_items') != '' ? Params::getParam('max_items') : 5; $aItems = Item::newInstance()->findByUserIDEnabled(osc_logged_user_id(), 0, $max_items); //calling the view... $this->_exportVariableToView('items', $aItems); $this->_exportVariableToView('max_items', $max_items); $this->doView('user-dashboard.php'); break; case 'profile': //profile... $user = User::newInstance()->findByPrimaryKey(osc_logged_user_id()); $aCountries = Country::newInstance()->listAll(); $aRegions = array(); if ($user['fk_c_country_code'] != '') { $aRegions = Region::newInstance()->findByCountry($user['fk_c_country_code']); } elseif (count($aCountries) > 0) { $aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']); } $aCities = array(); if ($user['fk_i_region_id'] != '') { $aCities = City::newInstance()->findByRegion($user['fk_i_region_id']); } else { if (count($aRegions) > 0) { $aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']); } } //calling the view... $this->_exportVariableToView('countries', $aCountries); $this->_exportVariableToView('regions', $aRegions); $this->_exportVariableToView('cities', $aCities); $this->_exportVariableToView('user', $user); $this->_exportVariableToView('locales', OSCLocale::newInstance()->listAllEnabled()); $this->doView('user-profile.php'); break; case 'profile_post': //profile post... osc_csrf_check(); $userId = Session::newInstance()->_get('userId'); require_once LIB_PATH . 'osclass/UserActions.php'; $userActions = new UserActions(false); $success = $userActions->edit($userId); if ($success == 1 || $success == 2) { osc_add_flash_ok_message(_m('Your profile has been updated successfully')); } else { osc_add_flash_error_message($success); } $this->redirectTo(osc_user_profile_url()); break; case 'alerts': //alerts $aAlerts = Alerts::newInstance()->findByUser(Session::newInstance()->_get('userId'), false); $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId')); foreach ($aAlerts as $k => $a) { $array_conditions = (array) json_decode($a['s_search']); // $search = Search::newInstance(); $search = new Search(); $search->setJsonAlert($array_conditions); $search->limit(0, 3); $aAlerts[$k]['items'] = $search->doSearch(); } $this->_exportVariableToView('alerts', $aAlerts); View::newInstance()->_reset('alerts'); $this->_exportVariableToView('user', $user); $this->doView('user-alerts.php'); break; case 'change_email': //change email $this->doView('user-change_email.php'); break; case 'change_email_post': //change email post osc_csrf_check(); if (!osc_validate_email(Params::getParam('new_email'))) { osc_add_flash_error_message(_m('The specified e-mail is not valid')); $this->redirectTo(osc_change_user_email_url()); } else { $user = User::newInstance()->findByEmail(Params::getParam('new_email')); if (!isset($user['pk_i_id'])) { $userEmailTmp = array(); $userEmailTmp['fk_i_user_id'] = Session::newInstance()->_get('userId'); $userEmailTmp['s_new_email'] = Params::getParam('new_email'); UserEmailTmp::newInstance()->insertOrUpdate($userEmailTmp); $code = osc_genRandomPassword(30); $date = date('Y-m-d H:i:s'); $userManager = new User(); $userManager->update(array('s_pass_code' => $code, 's_pass_date' => $date, 's_pass_ip' => $_SERVER['REMOTE_ADDR']), array('pk_i_id' => Session::newInstance()->_get('userId'))); $validation_url = osc_change_user_email_confirm_url(Session::newInstance()->_get('userId'), $code); osc_run_hook('hook_email_new_email', Params::getParam('new_email'), $validation_url); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('The specified e-mail is already in use')); $this->redirectTo(osc_change_user_email_url()); } } break; case 'change_username': //change username $this->doView('user-change_username.php'); break; case 'change_username_post': //change username $username = osc_sanitize_username(Params::getParam('s_username')); osc_run_hook('before_username_change', Session::newInstance()->_get('userId'), $username); if ($username != '') { $user = User::newInstance()->findByUsername($username); if (isset($user['s_username'])) { osc_add_flash_error_message(_m('The specified username is already in use')); } else { if (!osc_is_username_blacklisted($username)) { User::newInstance()->update(array('s_username' => $username), array('pk_i_id' => Session::newInstance()->_get('userId'))); osc_add_flash_ok_message(_m('The username was updated')); osc_run_hook('after_username_change', Session::newInstance()->_get('userId'), Params::getParam('s_username')); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('The specified username is not valid, it contains some invalid words')); } } } else { osc_add_flash_error_message(_m('The specified username could not be empty')); } $this->redirectTo(osc_change_user_username_url()); break; case 'change_password': //change password $this->doView('user-change_password.php'); break; case 'change_password_post': //change password post osc_csrf_check(); $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId')); if (Params::getParam('password', false, false) == '' || Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_change_user_password_url()); } if (!osc_verify_password(Params::getParam('password', false, false), $user['s_password'])) { osc_add_flash_error_message(_m("Current password doesn't match")); $this->redirectTo(osc_change_user_password_url()); } if (!Params::getParam('new_password', false, false)) { osc_add_flash_error_message(_m("Passwords can't be empty")); $this->redirectTo(osc_change_user_password_url()); } if (Params::getParam('new_password', false, false) != Params::getParam('new_password2', false, false)) { osc_add_flash_error_message(_m("Passwords don't match")); $this->redirectTo(osc_change_user_password_url()); } User::newInstance()->update(array('s_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => Session::newInstance()->_get('userId'))); osc_add_flash_ok_message(_m('Password has been changed')); $this->redirectTo(osc_user_profile_url()); break; case 'items': // view items user $itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 10; $page = Params::getParam('iPage') > 0 ? Params::getParam('iPage') - 1 : 0; $itemType = Params::getParam('itemType'); $total_items = Item::newInstance()->countItemTypesByUserID(osc_logged_user_id(), $itemType); $total_pages = ceil($total_items / $itemsPerPage); $items = Item::newInstance()->findItemTypesByUserID(osc_logged_user_id(), $page * $itemsPerPage, $itemsPerPage, $itemType); $this->_exportVariableToView('items', $items); $this->_exportVariableToView('search_total_pages', $total_pages); $this->_exportVariableToView('search_total_items', $total_items); $this->_exportVariableToView('items_per_page', $itemsPerPage); $this->_exportVariableToView('items_type', $itemType); $this->_exportVariableToView('search_page', $page); $this->doView('user-items.php'); break; case 'activate_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $result = 0; if ($email != '' && $secret != '') { $result = Alerts::newInstance()->activate($email, $secret); } if ($result == 1) { osc_add_flash_ok_message(_m('Alert activated')); } else { osc_add_flash_error_message(_m('Oops! There was a problem trying to activate your alert. Please contact an administrator')); } $this->redirectTo(osc_base_url()); break; case 'unsub_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $id = Params::getParam('id'); $alert = Alerts::newInstance()->findByPrimaryKey($id); $result = 0; if (!empty($alert)) { if ($email == $alert['s_email'] && $secret == $alert['s_secret']) { $result = Alerts::newInstance()->unsub($id); } } if ($result == 1) { osc_add_flash_ok_message(_m('Unsubscribed correctly')); } else { osc_add_flash_error_message(_m('Oops! There was a problem trying to unsubscribe you. Please contact an administrator')); } $this->redirectTo(osc_user_alerts_url()); break; case 'delete': $id = Params::getParam('id'); $secret = Params::getParam('secret'); if (osc_is_web_user_logged_in()) { $user = User::newInstance()->findByPrimaryKey(osc_logged_user_id()); View::newInstance()->_exportVariableToView('user', $user); if (!empty($user) && osc_logged_user_id() == $id && $secret == $user['s_secret']) { User::newInstance()->deleteUser(osc_logged_user_id()); Session::newInstance()->_drop('userId'); Session::newInstance()->_drop('userName'); Session::newInstance()->_drop('userEmail'); Session::newInstance()->_drop('userPhone'); Cookie::newInstance()->pop('oc_userId'); Cookie::newInstance()->pop('oc_userSecret'); Cookie::newInstance()->set(); osc_add_flash_ok_message(_m("Your account have been deleted")); $this->redirectTo(osc_base_url()); } else { osc_add_flash_error_message(_m("Oops! you can not do that")); $this->redirectTo(osc_user_dashboard_url()); } } else { osc_add_flash_error_message(_m("Oops! you can not do that")); $this->redirectTo(osc_base_url()); } break; } }
function edit($userId) { $input = $this->prepareData(false); // hook pre add or edit osc_run_hook('pre_user_post'); $flash_error = ''; $error = array(); if($this->is_admin) { $user_email = $this->manager->findByEmail($input['s_email']); if(isset($user_email['pk_i_id']) && $user_email['pk_i_id']!=$userId) { $flash_error .= sprintf(_m('The specified e-mail is already used by %s') , $user_email['s_username']) . PHP_EOL; $error[] = 3; } } if($input['s_name']=='') { $flash_error .= _m('The name cannot be empty').PHP_EOL; $error[] = 10; } if($this->is_admin){ if( Params::getParam('s_password', false, false) != Params::getParam('s_password2', false, false) ) { $flash_error .= _m("Passwords don't match") . PHP_EOL; $error[] = 7; } } if($flash_error!='') { return $flash_error; } $this->manager->update($input, array('pk_i_id' => $userId)); if($this->is_admin) { Item::newInstance()->update( array('s_contact_name' => $input['s_name'], 's_contact_email' => $input['s_email']), array('fk_i_user_id' => $userId) ); ItemComment::newInstance()->update( array('s_author_name' => $input['s_name'], 's_author_email' => $input['s_email']), array('fk_i_user_id' => $userId) ); Alerts::newInstance()->update( array('s_email' => $input['s_email']), array('fk_i_user_id' => $userId) ); Log::newInstance()->insertLog( 'user', 'edit', $userId, $input['s_email'], $this->is_admin ? 'admin' : 'user', $this->is_admin ? osc_logged_admin_id() : osc_logged_user_id() ); } else { Item::newInstance()->update( array('s_contact_name' => $input['s_name']), array('fk_i_user_id' => $userId) ); ItemComment::newInstance()->update( array('s_author_name' => $input['s_name']), array('fk_i_user_id' => $userId) ); $user = $this->manager->findByPrimaryKey($userId); Log::newInstance()->insertLog('user', 'edit', $userId, $user['s_email'], $this->is_admin ? 'admin' : 'user', $this->is_admin ? osc_logged_admin_id() : osc_logged_user_id() ); } if(!$this->is_admin) { Session::newInstance()->_set('userName', $input['s_name']); $phone = ($input['s_phone_mobile'])? $input['s_phone_mobile'] : $input['s_phone_land']; Session::newInstance()->_set('userPhone', $phone); } if ( is_array( Params::getParam('s_info') ) ) { foreach (Params::getParam('s_info') as $key => $value) { $this->manager->updateDescription($userId, $key, $value); } } osc_run_hook('user_edit_completed', $userId); if ( $this->is_admin ) { $iUpdated = 0; if( (Params::getParam("b_enabled") != '') && (Params::getParam("b_enabled") == 1 ) ) { $iUpdated += $this->manager->update( array('b_enabled' => 1), array('pk_i_id' => $userId) ); } else { $iUpdated += $this->manager->update( array('b_enabled' => 0), array('pk_i_id' => $userId) ); } if( (Params::getParam("b_active") != '') && (Params::getParam("b_active") == 1) ) { $iUpdated += $this->manager->update( array('b_active' => 1), array('pk_i_id' => $userId) ); } else { $iUpdated += $this->manager->update( array('b_active' => 0), array('pk_i_id' => $userId) ); } if($iUpdated > 0) { return 2; } } return 1; }
function doModel() { switch ($this->action) { case 'dashboard': //dashboard... $max_items = Params::getParam('max_items') != '' ? Params::getParam('max_items') : 5; $aItems = Item::newInstance()->findByUserIDEnabled(Session::newInstance()->_get('userId'), 0, $max_items); //calling the view... $this->_exportVariableToView('items', $aItems); $this->_exportVariableToView('max_items', $max_items); $this->doView('user-dashboard.php'); break; case 'profile': //profile... $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId')); $aCountries = Country::newInstance()->listAll(); $aRegions = array(); if ($user['fk_c_country_code'] != '') { $aRegions = Region::newInstance()->findByCountry($user['fk_c_country_code']); } elseif (count($aCountries) > 0) { $aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']); } $aCities = array(); if ($user['fk_i_region_id'] != '') { $aCities = City::newInstance()->findByRegion($user['fk_i_region_id']); } else { if (count($aRegions) > 0) { $aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']); } } //calling the view... $this->_exportVariableToView('countries', $aCountries); $this->_exportVariableToView('regions', $aRegions); $this->_exportVariableToView('cities', $aCities); $this->_exportVariableToView('user', $user); $this->doView('user-profile.php'); break; case 'profile_post': //profile post... $userId = Session::newInstance()->_get('userId'); require_once LIB_PATH . 'osclass/UserActions.php'; $userActions = new UserActions(false); $success = $userActions->edit($userId); osc_add_flash_ok_message(_m('Your profile has been updated successfully')); $this->redirectTo(osc_user_profile_url()); break; case 'alerts': //alerts $aAlerts = Alerts::newInstance()->findByUser(Session::newInstance()->_get('userId')); $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId')); foreach ($aAlerts as $k => $a) { $search = osc_unserialize(base64_decode($a['s_search'])); $search->limit(0, 3); $aAlerts[$k]['items'] = $search->doSearch(); } $this->_exportVariableToView('alerts', $aAlerts); View::newInstance()->_reset('alerts'); $this->_exportVariableToView('user', $user); $this->doView('user-alerts.php'); break; case 'change_email': //change email $this->doView('user-change_email.php'); break; case 'change_email_post': //change email post if (!preg_match("/^[_a-z0-9-\\+]+(\\.[_a-z0-9-\\+]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$/", Params::getParam('new_email'))) { osc_add_flash_error_message(_m('The specified e-mail is not valid')); $this->redirectTo(osc_change_user_email_url()); } else { $user = User::newInstance()->findByEmail(Params::getParam('new_email')); if (!isset($user['pk_i_id'])) { $userEmailTmp = array(); $userEmailTmp['fk_i_user_id'] = Session::newInstance()->_get('userId'); $userEmailTmp['s_new_email'] = Params::getParam('new_email'); UserEmailTmp::newInstance()->insertOrUpdate($userEmailTmp); $code = osc_genRandomPassword(30); $date = date('Y-m-d H:i:s'); $userManager = new User(); $userManager->update(array('s_pass_code' => $code, 's_pass_date' => $date, 's_pass_ip' => $_SERVER['REMOTE_ADDR']), array('pk_i_id' => Session::newInstance()->_get('userId'))); $validation_url = osc_change_user_email_confirm_url(Session::newInstance()->_get('userId'), $code); osc_run_hook('hook_email_new_email', Params::getParam('new_email'), $validation_url); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('The specified e-mail is already in use')); $this->redirectTo(osc_change_user_email_url()); } } break; case 'change_password': //change password $this->doView('user-change_password.php'); break; case 'change_password_post': //change password post $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId')); if (Params::getParam('password') == '' || Params::getParam('new_password') == '' || Params::getParam('new_password2') == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_change_user_password_url()); } if ($user['s_password'] != sha1(Params::getParam('password'))) { osc_add_flash_error_message(_m('Current password doesn\'t match')); $this->redirectTo(osc_change_user_password_url()); } if (!Params::getParam('new_password')) { osc_add_flash_error_message(_m('Passwords can\'t be empty')); $this->redirectTo(osc_change_user_password_url()); } if (Params::getParam('new_password') != Params::getParam('new_password2')) { osc_add_flash_error_message(_m('Passwords don\'t match')); $this->redirectTo(osc_change_user_password_url()); } User::newInstance()->update(array('s_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => Session::newInstance()->_get('userId'))); osc_add_flash_ok_message(_m('Password has been changed')); $this->redirectTo(osc_user_profile_url()); break; case 'items': // view items user $itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 5; $page = Params::getParam('iPage') != '' ? Params::getParam('iPage') : 0; $total_items = Item::newInstance()->countByUserIDEnabled($_SESSION['userId']); $total_pages = ceil($total_items / $itemsPerPage); $items = Item::newInstance()->findByUserIDEnabled($_SESSION['userId'], $page * $itemsPerPage, $itemsPerPage); $this->_exportVariableToView('items', $items); $this->_exportVariableToView('list_total_pages', $total_pages); $this->_exportVariableToView('list_total_items', $total_items); $this->_exportVariableToView('items_per_page', $itemsPerPage); $this->_exportVariableToView('list_page', $page); $this->doView('user-items.php'); break; case 'activate_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $result = 0; if ($email != '' && $secret != '') { $result = Alerts::newInstance()->activate($email, $secret); } if ($result == 1) { osc_add_flash_ok_message(_m('Alert activated')); } else { osc_add_flash_error_message(_m('Ops! There was a problem trying to activate alert. Please contact the administrator')); } $this->redirectTo(osc_base_url(true)); break; case 'unsub_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); if ($email != '' && $secret != '') { Alerts::newInstance()->delete(array('s_email' => $email, 's_secret' => $secret)); osc_add_flash_ok_message(_m('Unsubscribed correctly')); } else { osc_add_flash_error_message(_m('Ops! There was a problem trying to unsubscribe you. Please contact the administrator')); } $this->redirectTo(osc_user_alerts_url()); break; case 'deleteResource': $id = Params::getParam('id'); $name = Params::getParam('name'); $fkid = Params::getParam('fkid'); osc_deleteResource($id); ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $fkid, 's_name' => $name)); $this->redirectTo(osc_base_url(true) . "?page=item&action=item_edit&id=" . $fkid); break; } }
function osc_runAlert($type = null) { if ($type == null) { return; } $internal_name = 'alert_email_hourly'; switch ($type) { case 'HOURLY': $internal_name = 'alert_email_hourly'; break; case 'DAILY': $internal_name = 'alert_email_daily'; break; case 'WEEKLY': $internal_name = 'alert_email_weekly'; break; case 'INSTANT': $internal_name = 'alert_email_instant'; break; } $searches = Alerts::newInstance()->getAlertsByTypeGroup($type); foreach ($searches as $s_search) { $a_search = Search::newInstance(); // Get if there're new ads on this search $a_search = osc_unserialize(base64_decode($s_search['s_search'])); $crons = Cron::newInstance()->getCronByType($type); if (isset($crons[0])) { $last_exec = $crons[0]['d_last_exec']; } else { $last_exec = '0000-00-00 00:00:00'; } $a_search->addConditions(sprintf(" %st_item.dt_pub_date > '%s' ", DB_TABLE_PREFIX, $last_exec)); $totalItems = $a_search->count(); $items = $a_search->doSearch(); if (count($items) > 0) { //If we have new items from last check //Catch the user subscribed to this search $users = Alerts::newInstance()->getUsersBySearchAndType($s_search['s_search'], $type); if (count($users) > 0) { $prefLocale = osc_language(); $page = Page::newInstance()->findByInternalName($internal_name); $page = Page::newInstance()->findByInternalName($internal_name); $page_description = $page['locale']; $_title = $page_description[$prefLocale]['s_title']; $_body = $page_description[$prefLocale]['s_text']; $ads = ""; foreach ($items as $item) { $ads .= '<a href="' . osc_item_url_ns($item['pk_i_id']) . '">' . $item['s_title'] . '</a><br/>'; } foreach ($users as $user) { if ($user['fk_i_user_id'] != 0) { $user = User::newInstance()->findByPrimaryKey($user['fk_i_user_id']); } else { $user['s_name'] = $user['s_email']; } $unsub_link = osc_user_unsubscribe_alert_url($user['s_email'], $s_search['s_search']); //osc_create_url(array('file' => 'user', 'action' => 'unsub_alert', 'email' => $user['s_email'], 'alert' => $s_search['s_search'])) ; $unsub_link = '<a href="' . $unsub_link . '">unsubscribe alert</a>'; $words = array(); $words[] = array('{USER_NAME}', '{USER_EMAIL}', '{ADS}', '{UNSUB_LINK}'); $words[] = array($user['s_name'], $user['s_email'], $ads, $unsub_link); $title = osc_mailBeauty($_title, $words); $body = osc_mailBeauty($_body, $words); $params = array('subject' => $title, 'to' => $user['s_email'], 'to_name' => $user['s_name'], 'body' => $body, 'alt_body' => $body); osc_sendMail($params); } } } } }
function doModel() { switch ($this->action) { case 'dashboard': //dashboard... $max_items = Params::getParam('max_items') != '' ? Params::getParam('max_items') : 5; $aItems = Item::newInstance()->findByUserID(Session::newInstance()->_get('userId'), 0, $max_items); //Item::newInstance()->listWhere("fk_i_user_id = ".Session::newInstance()->_get('userId')); //calling the view... $this->_exportVariableToView('items', $aItems); $this->_exportVariableToView('max_items', $max_items); $this->doView('user-dashboard.php'); break; case 'profile': //profile... $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId')); $aCountries = Country::newInstance()->listAll(); $aRegions = array(); if ($user['fk_c_country_code'] != '') { $aRegions = Region::newInstance()->getByCountry($user['fk_c_country_code']); } elseif (count($aCountries) > 0) { $aRegions = Region::newInstance()->getByCountry($aCountries[0]['pk_c_code']); } $aCities = array(); if ($user['fk_i_region_id'] != '') { $aCities = City::newInstance()->listWhere("fk_i_region_id = %d", $user['fk_i_region_id']); } else { if (count($aRegions) > 0) { $aCities = City::newInstance()->listWhere("fk_i_region_id = %d", $aRegions[0]['pk_i_id']); } } //calling the view... $this->_exportVariableToView('countries', $aCountries); $this->_exportVariableToView('regions', $aRegions); $this->_exportVariableToView('cities', $aCities); $this->_exportVariableToView('user', $user); $this->doView('user-profile.php'); break; case 'profile_post': //profile post... $userId = Session::newInstance()->_get('userId'); require_once LIB_PATH . 'osclass/UserActions.php'; $userActions = new UserActions(false); $success = $userActions->edit($userId); // This has been moved to special area (only password changes) /*if( $success == 1 ) { osc_add_flash_message( _m('Passwords don\'t match') ) ; } else {*/ osc_add_flash_message(_m('Your profile has been updated successfully')); //} $this->redirectTo(osc_user_profile_url()); break; case 'alerts': //alerts $aAlerts = Alerts::newInstance()->getAlertsFromUser(Session::newInstance()->_get('userId')); $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId')); foreach ($aAlerts as $k => $a) { $search = osc_unserialize(base64_decode($a['s_search'])); $search->limit(0, 3); $aAlerts[$k]['items'] = $search->doSearch(); } $this->_exportVariableToView('alerts', $aAlerts); View::newInstance()->_reset('alerts'); $this->_exportVariableToView('user', $user); $this->doView('user-alerts.php'); break; case 'change_email': //change email $this->doView('user-change_email.php'); break; case 'change_email_post': //change email post if (!preg_match("/^[_a-z0-9-\\+]+(\\.[_a-z0-9-\\+]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$/", Params::getParam('new_email'))) { osc_add_flash_message(_m('The specified e-mail is not valid')); $this->redirectTo(osc_change_user_email_url()); } else { $user = User::newInstance()->findByEmail(Params::getParam('new_email')); if (!isset($user['pk_i_id'])) { if (osc_user_validation_enabled()) { $userEmailTmp = array(); $userEmailTmp['fk_i_user_id'] = Session::newInstance()->_get('userId'); $userEmailTmp['s_new_email'] = Params::getParam('new_email'); UserEmailTmp::newInstance()->insertOrUpdate($userEmailTmp); $code = osc_genRandomPassword(30); $date = date('Y-m-d H:i:s'); $userManager = new User(); $userManager->update(array('s_pass_code' => $code, 's_pass_date' => $date, 's_pass_ip' => $_SERVER['REMOTE_ADDR']), array('pk_i_id' => Session::newInstance()->_get('userId'))); $locale = osc_current_user_locale(); $aPage = Page::newInstance()->findByInternalName('email_new_email'); if (isset($aPage['locale'][$locale]['s_title'])) { $content = $aPage['locale'][$locale]; } else { $content = current($aPage['locale']); } if (!is_null($content)) { $validation_url = osc_change_user_email_confirm_url(Session::newInstance()->_get('userId'), $code); $words = array(); $words[] = array('{USER_NAME}', '{USER_EMAIL}', '{WEB_URL}', '{WEB_TITLE}', '{VALIDATION_LINK}', '{VALIDATION_URL}'); $words[] = array(Session::newInstance()->_get('userName'), Params::getParam('new_email'), osc_base_url(), osc_page_title(), '<a href="' . $validation_url . '" >' . $validation_url . '</a>', $validation_url); $title = osc_mailBeauty($content['s_title'], $words); $body = osc_mailBeauty($content['s_text'], $words); $params = array('subject' => $title, 'to' => Params::getParam('new_email'), 'to_name' => Session::newInstance()->_get('userName'), 'body' => $body, 'alt_body' => $body); osc_sendMail($params); osc_add_flash_message(_m('We have sent you an e-mail. Follow the instructions to validate the changes')); } else { osc_add_flash_message(_m('We tried to sent you an e-mail, but it failed. Please, contact the administrator')); } $this->redirectTo(osc_user_profile_url()); } else { User::newInstance()->update(array('s_email' => Params::getParam('new_email')), array('pk_i_id' => Params::getParam('userId'))); osc_add_flash_message(_m('Your email has been changed successfully')); $this->redirectTo(osc_user_profile_url()); } } else { osc_add_flash_message(_m('The specified e-mail is already in use')); $this->redirectTo(osc_change_user_email_url()); } } break; case 'change_password': //change password $this->doView('user-change_password.php'); break; case 'change_password_post': //change password post $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId')); if ($user['s_password'] != sha1(Params::getParam('password'))) { osc_add_flash_message(_m('Current password doesn\'t match')); $this->redirectTo(osc_change_user_password_url()); } elseif (!Params::getParam('new_password')) { osc_add_flash_message(_m('Passwords can\'t be empty')); $this->redirectTo(osc_change_user_password_url()); } elseif (Params::getParam('new_password') != Params::getParam('new_password2')) { osc_add_flash_message(_m('Passwords don\'t match')); $this->redirectTo(osc_change_user_password_url()); } User::newInstance()->update(array('s_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => Session::newInstance()->_get('userId'))); osc_add_flash_message(_m('Password has been changed')); $this->redirectTo(osc_user_profile_url()); break; case 'items': // view items user $itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 5; $page = Params::getParam('iPage') != '' ? Params::getParam('iPage') : 0; $total_items = Item::newInstance()->countByUserID($_SESSION['userId']); $total_pages = ceil($total_items / $itemsPerPage); $items = Item::newInstance()->findByUserID($_SESSION['userId'], $page * $itemsPerPage, $itemsPerPage); $this->_exportVariableToView('items', $items); $this->_exportVariableToView('list_total_pages', $total_pages); $this->_exportVariableToView('list_total_items', $total_items); $this->_exportVariableToView('items_per_page', $itemsPerPage); $this->_exportVariableToView('list_page', $page); $this->doView('user-items.php'); break; case 'unsub_alert': $email = Params::getParam('email'); $alert = Params::getParam('alert'); if ($email != '' && $alert != '') { Alerts::newInstance()->delete(array('s_email' => $email, 's_search' => $alert)); osc_add_flash_message(__('Unsubscribed correctly.')); } else { osc_add_flash_message(__('Ops! There was a problem trying to unsubscribe you. Please contact the administrator.')); } $this->redirectTo(osc_user_alerts_url()); break; } }
function doModel() { //specific things for this class switch ($this->action) { case 'bulk_actions': break; case 'regions': //Return regions given a countryId $regions = Region::newInstance()->getByCountry(Params::getParam("countryId")); echo json_encode($regions); break; case 'cities': //Returns cities given a regionId $cities = City::newInstance()->getByRegion(Params::getParam("regionId")); echo json_encode($cities); break; case 'location': // This is the autocomplete AJAX $cities = City::newInstance()->ajax(Params::getParam("term")); echo json_encode($cities); break; case 'alerts': // Allow to register to an alert given (not sure it's used on admin) $alert = Params::getParam("alert"); $email = Params::getParam("email"); $userid = Params::getParam("userid"); if ($alert != '' && $email != '') { Alerts::newInstance()->insert(array('fk_i_user_id' => $userid, 's_email' => $email, 's_search' => $alert, 'e_type' => 'DAILY')); echo "1"; return true; } echo '0'; return false; break; case 'runhook': //Run hooks $hook = Params::getParam("hook"); switch ($hook) { case 'item_form': $catId = Params::getParam("catId"); if ($catId != '') { osc_run_hook("item_form", $catId); } else { osc_run_hook("item_form"); } break; case 'item_edit': $catId = Params::getParam("catId"); $itemId = Params::getParam("itemId"); osc_run_hook("item_edit", $catId, $itemId); break; default: if ($hook == '') { return false; } else { osc_run_hook($hook); } break; } break; case 'items': // Return items (use external file oc-admin/ajax/item_processing.php) require_once osc_admin_base_path() . 'ajax/items_processing.php'; $items_processing = new items_processing_ajax(Params::getParamsAsArray("get")); break; case 'custom': // Execute via AJAX custom file $ajaxfile = Params::getParam("ajaxfile"); if ($ajaxfile != '') { require_once osc_admin_base_path() . $ajaxfile; } else { echo json_encode(array('error' => __('no action defined'))); } break; /****************************** ** COMPLETE UPGRADE PROCESS ** ******************************/ /****************************** ** COMPLETE UPGRADE PROCESS ** ******************************/ case 'upgrade': // AT THIS POINT WE KNOW IF THERE'S AN UPDATE OR NOT $message = ""; $error = 0; $remove_error_msg = ""; $sql_error_msg = ""; $rm_errors = 0; $perms = osc_save_permissions(); osc_change_permissions(); /*********************** **** DOWNLOAD FILE **** ***********************/ if (Params::getParam('file') != '') { $tmp = explode("/", Params::getParam('file')); $filename = end($tmp); $result = osc_downloadFile(Params::getParam('file'), $filename); if ($result) { // Everything is OK, continue /********************** ***** UNZIP FILE ***** **********************/ @mkdir(ABS_PATH . 'oc-temp', 0777); $res = osc_unzip_file(osc_content_path() . 'downloads/' . $filename, ABS_PATH . 'oc-temp/'); if ($res == 1) { // Everything is OK, continue /********************** ***** COPY FILES ***** **********************/ $fail = -1; if ($handle = opendir(ABS_PATH . 'oc-temp')) { $fail = 0; while (false !== ($_file = readdir($handle))) { if ($_file != '.' && $_file != '..' && $_file != 'remove.list' && $_file != 'upgrade.sql' && $_file != 'customs.actions') { $data = osc_copy(ABS_PATH . "oc-temp/" . $_file, ABS_PATH . $_file); if ($data == false) { $fail = 1; } } } closedir($handle); if ($fail == 0) { // Everything is OK, continue /********************** **** REMOVE FILES **** **********************/ if (file_exists(ABS_PATH . 'oc-temp/remove.list')) { $lines = file(ABS_PATH . 'oc-temp/remove.list', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); foreach ($lines as $line_num => $r_file) { $unlink = @unlink(ABS_PATH . $r_file); if (!$unlink) { $remove_error_msg .= __('Error removing file: ') . $r_file . "<br/>"; } } } // Removing files is not important for the rest of the proccess // We will inform the user of the problems but the upgrade could continue /************************ *** UPGRADE DATABASE *** ************************/ $error_queries = array(); if (file_exists(osc_lib_path() . 'osclass/installer/struct.sql')) { $sql = file_get_contents(osc_lib_path() . 'osclass/installer/struct.sql'); $conn = getConnection(); $error_queries = $conn->osc_updateDB(str_replace('/*TABLE_PREFIX*/', DB_TABLE_PREFIX, $sql)); } if ($error_queries[0]) { // Everything is OK, continue /********************************** ** EXECUTING ADDITIONAL ACTIONS ** **********************************/ if (file_exists(osc_lib_path() . 'osclass/upgrade-funcs.php')) { // There should be no errors here require_once osc_lib_path() . 'osclass/upgrade-funcs.php'; } // Additional actions is not important for the rest of the proccess // We will inform the user of the problems but the upgrade could continue /**************************** ** REMOVE TEMPORARY FILES ** ****************************/ $path = ABS_PATH . 'oc-temp'; $rm_errors = 0; $dir = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path), RecursiveIteratorIterator::CHILD_FIRST); for ($dir->rewind(); $dir->valid(); $dir->next()) { if ($dir->isDir()) { if ($dir->getFilename() != '.' && $dir->getFilename() != '..') { if (!rmdir($dir->getPathname())) { $rm_errors++; } } } else { if (!unlink($dir->getPathname())) { $rm_errors++; } } } if (!rmdir($path)) { $rm_errors++; } if ($rm_errors == 0) { $message = __('Everything was OK! Your OSClass installation is updated'); } else { $message = __('Almost everything was OK! Your OSClass installation is updated, but there were some errors removing temporary files. Please, remove manually the "oc-temp" folder', 'admin'); $error = 6; // Some errors removing files } } else { $sql_error_msg = $error_queries[2]; $message = __('Problems upgrading the database', 'admin'); $error = 5; // Problems upgrading the database } } else { $message = __('Problems copying files. Maybe permissions are not correct', 'admin'); $error = 4; // Problems copying files. Maybe permissions are not correct } } else { $message = __('Nothing to copy', 'admin'); $error = 99; // Nothing to copy. THIS SHOULD NEVER HAPPENS, means we dont update any file! } } else { $message = __('Unzip failed', 'admin'); $error = 3; // Unzip failed } } else { $message = __('Download failed', 'admin'); $error = 2; // Download failed } } else { $message = __('Missing download URL', 'admin'); $error = 1; // Missing download URL } if ($remove_error_msg != '') { if ($error == 0) { $message .= "<br /><br />" . __('We had some errors removing files, those are not super-sensitive errors, so we continued upgrading your installation. Please remove the following files (you already have OSClass upgraded, but to ensure maximun performance)', 'admin'); } } if ($error == 5) { $message .= "<br /><br />" . __('We had some errors upgrading your database. The follwing queries failed', 'admin') . implode("<br />", $sql_error_msg); } echo $message; foreach ($perms as $k => $v) { chmod($k, $v); } break; default: echo json_encode(array('error' => __('no action defined'))); break; } }
function doModel() { //specific things for this class switch ($this->action) { case 'bulk_actions': break; case 'regions': //Return regions given a countryId $regions = Region::newInstance()->getByCountry(Params::getParam("countryId")); echo json_encode($regions); break; case 'cities': //Returns cities given a regionId $cities = City::newInstance()->getByRegion(Params::getParam("regionId")); echo json_encode($cities); break; case 'location': // This is the autocomplete AJAX $cities = City::newInstance()->ajax(Params::getParam("term")); echo json_encode($cities); break; case 'alerts': // Allow to register to an alert given (not sure it's used on admin) $alert = Params::getParam("alert"); $email = Params::getParam("email"); $userid = Params::getParam("userid"); if ($alert != '' && $email != '') { Alerts::newInstance()->insert(array('fk_i_user_id' => $userid, 's_email' => $email, 's_search' => $alert, 'e_type' => 'DAILY')); echo "1"; return true; } echo '0'; break; case 'runhook': //Run hooks $hook = Params::getParam("hook"); switch ($hook) { case 'item_form': $catId = Params::getParam("catId"); if ($catId != '') { osc_run_hook("item_form", $catId); } else { osc_run_hook("item_form"); } break; case 'item_edit': $catId = Params::getParam("catId"); $itemId = Params::getParam("itemId"); osc_run_hook("item_edit", $catId, $itemId); break; default: if ($hook == '') { return false; } else { osc_run_hook($hook); } break; } break; case 'items': // Return items (use external file oc-admin/ajax/item_processing.php) require_once osc_admin_base_path() . 'ajax/items_processing.php'; $items_processing = new items_processing_ajax(Params::getParamsAsArray("get")); break; case 'media': // Return items (use external file oc-admin/ajax/media_processing.php) require_once osc_admin_base_path() . 'ajax/media_processing.php'; $media_processing = new media_processing_ajax(Params::getParamsAsArray("get")); break; case 'categories_order': // Save the order of the categories $aIds = Params::getParam('list'); $orderParent = 0; $orderSub = 0; $catParent = 0; $catManager = Category::newInstance(); foreach ($aIds as $id => $parent) { if ($parent == 'root') { if (!$catManager->update_order($id, $orderParent)) { $error = 1; } // set parent category $conditions = array('pk_i_id' => $id); $array['fk_i_parent_id'] = DB_CONST_NULL; if (!$catManager->update($array, $conditions) > 0) { $error = 1; } $orderParent++; } else { if ($parent != $catParent) { $catParent = $parent; $orderSub = 0; } if (!$catManager->update_order($id, $orderSub)) { $error = 1; } // set parent category $conditions = array('pk_i_id' => $id); $array['fk_i_parent_id'] = $catParent; if (!$catManager->update($array, $conditions) > 0) { $error = 1; } $orderSub++; } } $result = "{"; $error = 0; if ($error) { $result .= '"error" : "' . __("Some error ocurred") . '"'; } else { $result .= '"ok" : "' . __("Order saved") . '"'; } $result .= "}"; echo $result; break; case 'category_edit_iframe': $this->_exportVariableToView("category", Category::newInstance()->findByPrimaryKey(Params::getParam("id"))); $this->_exportVariableToView("languages", OSCLocale::newInstance()->listAllEnabled()); $this->doView("categories/iframe.php"); break; case 'field_categories_iframe': $selected = Field::newInstance()->categories(Params::getParam("id")); if ($selected == null) { $selected = array(); } $this->_exportVariableToView("selected", $selected); $this->_exportVariableToView("field", Field::newInstance()->findByPrimaryKey(Params::getParam("id"))); $this->_exportVariableToView("categories", Category::newInstance()->toTreeAll()); $this->doView("fields/iframe.php"); break; case 'field_categories_post': $error = 0; if (!$error) { try { $field = Field::newInstance()->findByName(Params::getParam("s_name")); if (!isset($field['pk_i_id']) || isset($field['pk_i_id']) && $field['pk_i_id'] == Params::getParam("id")) { Field::newInstance()->cleanCategoriesFromField(Params::getParam("id")); $slug = Params::getParam("field_slug") != '' ? Params::getParam("field_slug") : Params::getParam("id"); $slug = preg_replace('|([-]+)|', '-', preg_replace('|[^a-z0-9_-]|', '-', strtolower($slug))); Field::newInstance()->update(array('s_name' => Params::getParam("s_name"), 'e_type' => Params::getParam("field_type"), 's_slug' => $slug, 'b_required' => Params::getParam("field_required") == "1" ? 1 : 0, 's_options' => Params::getParam('s_options')), array('pk_i_id' => Params::getParam("id"))); Field::newInstance()->insertCategories(Params::getParam("id"), Params::getParam("categories")); } else { $error = 1; $message = __("Sorry, you already have one field with that name"); } } catch (Exception $e) { $error = 1; $message = __("Error while updating."); } } $result = "{"; if ($error) { $result .= '"error" : "'; $result .= $message; $result .= '"'; } else { $result .= '"ok" : "' . __("Saved") . '", "text" : "' . Params::getParam("s_name") . '"'; } $result .= "}"; echo $result; break; case 'delete_field': $id = Params::getParam("id"); $error = 0; try { $fieldManager = Field::newInstance(); $fieldManager->deleteByPrimaryKey($id); $message = __('The custom field have been deleted'); } catch (Exception $e) { $error = 1; $message = __('Error while deleting'); } $result = "{"; if ($error) { $result .= '"error" : "'; $result .= $message; $result .= '"'; } else { $result .= '"ok" : "Saved." '; } $result .= "}"; echo $result; break; case 'enable_category': $id = Params::getParam("id"); $enabled = Params::getParam("enabled") != '' ? Params::getParam("enabled") : 0; $error = 0; $aUpdated = ""; try { if ($id != '') { $categoryManager = Category::newInstance(); $categoryManager->update(array('b_enabled' => $enabled), array('pk_i_id' => $id)); if ($enabled == 1) { $msg = __('The category has been enabled'); } else { $msg = __('The category has been disabled'); } $categoryManager->update(array('b_enabled' => $enabled), array('fk_i_parent_id' => $id)); $aUpdated = $categoryManager->listWhere("fk_i_parent_id = {$id}"); if ($enabled == 1) { $msg .= "<br>" . __('The subcategories has been enabled'); } else { $msg .= "<br>" . __('The subcategories has been disabled'); } } else { $error = 1; $msg = __('There was a problem with this page. The ID for the category hasn\'t been set'); } $message = $msg; } catch (Exception $e) { $error = 1; $message = __('Error: %s') . " " . $e->getMessage(); } $result = "{"; $error = 0; if ($error) { $result .= '"error" : "' . $message . '"'; } else { $result .= '"ok" : "' . $message . '"'; if (count($aUpdated) > 0) { $result .= ', "afectedIds": ['; foreach ($aUpdated as $category) { $result .= '{ "id" : "' . $category['pk_i_id'] . '" },'; } $result = substr($result, 0, -1); $result .= ']'; } else { $result .= ', "afectedIds": []'; } } $result .= "}"; echo $result; break; case 'delete_category': $id = Params::getParam("id"); $error = 0; try { $categoryManager = Category::newInstance(); $categoryManager->deleteByPrimaryKey($id); $message = __('The categories have been deleted'); } catch (Exception $e) { $error = 1; $message = __('Error while deleting'); } $result = "{"; if ($error) { $result .= '"error" : "'; $result .= $message; $result .= '"'; } else { $result .= '"ok" : "Saved." '; } $result .= "}"; echo $result; break; case 'edit_category_post': $id = Params::getParam("id"); $fields['i_expiration_days'] = Params::getParam("i_expiration_days") != '' ? Params::getParam("i_expiration_days") : 0; $error = 0; $postParams = Params::getParamsAsArray(); foreach ($postParams as $k => $v) { if (preg_match('|(.+?)#(.+)|', $k, $m)) { if ($m[2] == 's_name') { if ($v != "") { $aFieldsDescription[$m[1]][$m[2]] = $v; } else { $error = 1; $message = __("All titles are required"); } } else { $aFieldsDescription[$m[1]][$m[2]] = $v; } } } $l = osc_language(); if (!$error) { try { $categoryManager = Category::newInstance(); $categoryManager->updateByPrimaryKey($fields, $aFieldsDescription, $id); } catch (Exception $e) { $error = 1; $message = __("Error while updating."); } } $result = "{"; if ($error) { $result .= '"error" : "'; $result .= $message; $result .= '"'; } else { $result .= '"ok" : "' . __("Saved") . '", "text" : "' . $aFieldsDescription[$l]['s_name'] . '"'; } $result .= "}"; echo $result; break; case 'custom': // Execute via AJAX custom file $ajaxfile = Params::getParam("ajaxfile"); if ($ajaxfile != '') { require_once osc_admin_base_path() . $ajaxfile; } else { echo json_encode(array('error' => __('no action defined'))); } break; case 'test_mail': $title = __('Test email') . ", " . osc_page_title(); $body = __("Test email") . "<br><br>" . osc_page_title(); $emailParams = array('subject' => $title, 'to' => osc_contact_email(), 'to_name' => 'admin', 'body' => $body, 'alt_body' => $body); $array = array(); if (osc_sendMail($emailParams)) { $array = array('status' => '1', 'html' => __('Email sent successfully')); } else { $array = array('status' => '0', 'html' => __('An error has occurred while sending email')); } echo json_encode($array); break; case 'order_pages': $order = Params::getParam("order"); $id = Params::getParam("id"); $count = osc_count_static_pages(); if ($order != '' && $id != '') { $mPages = Page::newInstance(); $actual_page = $mPages->findByPrimaryKey($id); $actual_order = $actual_page['i_order']; $array = array(); $condition = array(); $new_order = $actual_order; if ($order == 'up') { if ($actual_order > 0) { $new_order = $actual_order - 1; } } else { if ($order == 'down') { if ($actual_order != $count - 1) { $new_order = $actual_order + 1; } } } if ($new_order != $actual_order) { $auxpage = $mPages->findByOrder($new_order); $array = array('i_order' => $actual_order); $conditions = array('pk_i_id' => $auxpage['pk_i_id']); $mPages->update($array, $conditions); $array = array('i_order' => $new_order); $conditions = array('pk_i_id' => $id); $mPages->update($array, $conditions); } else { } // json for datatables $prefLocale = osc_current_admin_locale(); $aPages = $mPages->listAll(0); $json = "["; foreach ($aPages as $key => $page) { $body = array(); if (isset($page['locale'][$prefLocale]) && !empty($page['locale'][$prefLocale]['s_title'])) { $body = $page['locale'][$prefLocale]; } else { $body = current($page['locale']); } $p_body = str_replace("'", "\\'", trim(strip_tags($body['s_title']), "\"'")); $json .= "[\"<input type='checkbox' name='id[]' value='" . $page['pk_i_id'] . "' />\","; $json .= "\"" . $page['s_internal_name'] . "<div id='datatables_quick_edit'>"; $json .= "<a href='" . osc_static_page_url() . "'>" . __('View page') . "</a> | "; $json .= "<a href='" . osc_admin_base_url(true) . "?page=pages&action=edit&id=" . $page['pk_i_id'] . "'>"; $json .= __('Edit') . "</a>"; if (!$page['b_indelible']) { $json .= " | "; $json .= "<a onclick=\\\"javascript:return confirm('"; $json .= __('This action can\\\\\'t be undone. Are you sure you want to continue?') . "')\\\" "; $json .= " href='" . osc_admin_base_url(true) . "?page=pages&action=delete&id=" . $page['pk_i_id'] . "'>"; $json .= __('Delete') . "</a>"; } $json .= "</div>\","; $json .= "\"" . $p_body . "\","; $json .= "\"<img id='up' onclick='order_up(" . $page['pk_i_id'] . ");' style='cursor:pointer;width:15;height:15px;' src='" . osc_current_admin_theme_url('images/arrow_up.png') . "'/> <br/> <img id='down' onclick='order_down(" . $page['pk_i_id'] . ");' style='cursor:pointer;width:15;height:15px;' src='" . osc_current_admin_theme_url('images/arrow_down.png') . "'/>\"]"; if ($key != count($aPages) - 1) { $json .= ','; } else { $json .= ''; } } $json .= "]"; echo $json; } break; /****************************** ** COMPLETE UPGRADE PROCESS ** ******************************/ /****************************** ** COMPLETE UPGRADE PROCESS ** ******************************/ case 'upgrade': // AT THIS POINT WE KNOW IF THERE'S AN UPDATE OR NOT $message = ""; $error = 0; $remove_error_msg = ""; $sql_error_msg = ""; $rm_errors = 0; $perms = osc_save_permissions(); osc_change_permissions(); $maintenance_file = ABS_PATH . '.maintenance'; $fileHandler = @fopen($maintenance_file, 'w'); fclose($fileHandler); /*********************** **** DOWNLOAD FILE **** ***********************/ if (Params::getParam('file') != '') { $tmp = explode("/", Params::getParam('file')); $filename = end($tmp); $result = osc_downloadFile(Params::getParam('file'), $filename); if ($result) { // Everything is OK, continue /********************** ***** UNZIP FILE ***** **********************/ @mkdir(ABS_PATH . 'oc-temp', 0777); $res = osc_unzip_file(osc_content_path() . 'downloads/' . $filename, ABS_PATH . 'oc-temp/'); if ($res == 1) { // Everything is OK, continue /********************** ***** COPY FILES ***** **********************/ $fail = -1; if ($handle = opendir(ABS_PATH . 'oc-temp')) { $fail = 0; while (false !== ($_file = readdir($handle))) { if ($_file != '.' && $_file != '..' && $_file != 'remove.list' && $_file != 'upgrade.sql' && $_file != 'customs.actions') { $data = osc_copy(ABS_PATH . "oc-temp/" . $_file, ABS_PATH . $_file); if ($data == false) { $fail = 1; } } } closedir($handle); if ($fail == 0) { // Everything is OK, continue /********************** **** REMOVE FILES **** **********************/ if (file_exists(ABS_PATH . 'oc-temp/remove.list')) { $lines = file(ABS_PATH . 'oc-temp/remove.list', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); foreach ($lines as $line_num => $r_file) { $unlink = @unlink(ABS_PATH . $r_file); if (!$unlink) { $remove_error_msg .= sprintf(__('Error removing file: %s'), $r_file) . "<br/>"; } } } // Removing files is not important for the rest of the proccess // We will inform the user of the problems but the upgrade could continue /************************ *** UPGRADE DATABASE *** ************************/ $error_queries = array(); if (file_exists(osc_lib_path() . 'osclass/installer/struct.sql')) { $sql = file_get_contents(osc_lib_path() . 'osclass/installer/struct.sql'); $conn = getConnection(); $error_queries = $conn->osc_updateDB(str_replace('/*TABLE_PREFIX*/', DB_TABLE_PREFIX, $sql)); } if ($error_queries[0]) { // Everything is OK, continue /********************************** ** EXECUTING ADDITIONAL ACTIONS ** **********************************/ if (file_exists(osc_lib_path() . 'osclass/upgrade-funcs.php')) { // There should be no errors here define('AUTO_UPGRADE', true); require_once osc_lib_path() . 'osclass/upgrade-funcs.php'; } // Additional actions is not important for the rest of the proccess // We will inform the user of the problems but the upgrade could continue /**************************** ** REMOVE TEMPORARY FILES ** ****************************/ $path = ABS_PATH . 'oc-temp'; $rm_errors = 0; $dir = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path), RecursiveIteratorIterator::CHILD_FIRST); for ($dir->rewind(); $dir->valid(); $dir->next()) { if ($dir->isDir()) { if ($dir->getFilename() != '.' && $dir->getFilename() != '..') { if (!rmdir($dir->getPathname())) { $rm_errors++; } } } else { if (!unlink($dir->getPathname())) { $rm_errors++; } } } if (!rmdir($path)) { $rm_errors++; } $deleted = @unlink(ABS_PATH . '.maintenance'); if ($rm_errors == 0) { $message = __('Everything was OK! Your OSClass installation is updated'); } else { $message = __('Almost everything was OK! Your OSClass installation is updated, but there were some errors removing temporary files. Please, remove manually the "oc-temp" folder'); $error = 6; // Some errors removing files } } else { $sql_error_msg = $error_queries[2]; $message = __('Problems upgrading the database'); $error = 5; // Problems upgrading the database } } else { $message = __('Problems copying files. Maybe permissions are not correct'); $error = 4; // Problems copying files. Maybe permissions are not correct } } else { $message = __('Nothing to copy'); $error = 99; // Nothing to copy. THIS SHOULD NEVER HAPPENS, means we dont update any file! } } else { $message = __('Unzip failed'); $error = 3; // Unzip failed } } else { $message = __('Download failed'); $error = 2; // Download failed } } else { $message = __('Missing download URL'); $error = 1; // Missing download URL } if ($remove_error_msg != '') { if ($error == 0) { $message .= "<br /><br />" . __('We had some errors removing files, those are not super-sensitive errors, so we continued upgrading your installation. Please remove the following files (you already have OSClass upgraded, but to ensure maximun performance)'); } } if ($error == 5) { $message .= "<br /><br />" . __('We had some errors upgrading your database. The follwing queries failed') . implode("<br />", $sql_error_msg); } echo $message; foreach ($perms as $k => $v) { @chmod($k, $v); } break; default: echo json_encode(array('error' => __('no action defined'))); break; } // clear all keep variables into session Session::newInstance()->_dropKeepForm(); Session::newInstance()->_clearVariables(); }
function doModel() { //specific things for this class switch ($this->action) { case 'bulk_actions': break; case 'regions': //Return regions given a countryId $regions = Region::newInstance()->findByCountry(Params::getParam("countryId")); echo json_encode($regions); break; case 'cities': //Returns cities given a regionId $cities = City::newInstance()->findByRegion(Params::getParam("regionId")); echo json_encode($cities); break; case 'location': // This is the autocomplete AJAX $cities = City::newInstance()->ajax(Params::getParam("term")); echo json_encode($cities); break; case 'location_countries': // This is the autocomplete AJAX $countries = Country::newInstance()->ajax(Params::getParam("term")); echo json_encode($countries); break; case 'location_regions': // This is the autocomplete AJAX $regions = Region::newInstance()->ajax(Params::getParam("term"), Params::getParam("country")); echo json_encode($regions); break; case 'location_cities': // This is the autocomplete AJAX $cities = City::newInstance()->ajax(Params::getParam("term"), Params::getParam("region")); echo json_encode($cities); break; case 'delete_image': // Delete images via AJAX $id = Params::getParam('id'); $item = Params::getParam('item'); $code = Params::getParam('code'); $secret = Params::getParam('secret'); $json = array(); if (Session::newInstance()->_get('userId') != '') { $userId = Session::newInstance()->_get('userId'); $user = User::newInstance()->findByPrimaryKey($userId); } else { $userId = null; $user = null; } // Check for required fields if (!(is_numeric($id) && is_numeric($item) && preg_match('/^([a-z0-9]+)$/i', $code))) { $json['success'] = false; $json['msg'] = _m("The selected photo couldn't be deleted, the url doesn't exist"); echo json_encode($json); return false; } $aItem = Item::newInstance()->findByPrimaryKey($item); // Check if the item exists if (count($aItem) == 0) { $json['success'] = false; $json['msg'] = _m('The item doesn\'t exist'); echo json_encode($json); return false; } // Check if the item belong to the user if ($userId != null && $userId != $aItem['fk_i_user_id']) { $json['success'] = false; $json['msg'] = _m('The item doesn\'t belong to you'); echo json_encode($json); return false; } // Check if the secret passphrase match with the item if ($userId == null && $aItem['fk_i_user_id'] == null && $secret != $aItem['s_secret']) { $json['success'] = false; $json['msg'] = _m('The item doesn\'t belong to you'); echo json_encode($json); return false; } // Does id & code combination exist? $result = ItemResource::newInstance()->existResource($id, $code); if ($result > 0) { // Delete: file, db table entry osc_deleteResource($id); ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $item, 's_name' => $code)); $json['msg'] = _m('The selected photo has been successfully deleted'); $json['success'] = 'true'; } else { $json['msg'] = _m("The selected photo couldn't be deleted"); $json['success'] = 'false'; } echo json_encode($json); return true; break; case 'alerts': // Allow to register to an alert given (not sure it's used on admin) $alert = Params::getParam("alert"); $email = Params::getParam("email"); $userid = Params::getParam("userid"); if ($alert != '' && $email != '') { if (preg_match("/^[_a-z0-9-+]+(\\.[_a-z0-9-+]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$/", $email)) { $secret = osc_genRandomPassword(); if (Alerts::newInstance()->createAlert($userid, $email, $alert, $secret)) { if ((int) $userid > 0) { $user = User::newInstance()->findByPrimaryKey($userid); if ($user['b_active'] == 1 && $user['b_enabled'] == 1) { Alerts::newInstance()->activate($email, $secret); echo '1'; return true; } else { echo '-1'; return false; } } else { osc_run_hook('hook_email_alert_validation', $alert, $email, $secret); } echo "1"; } else { echo "0"; } return true; } else { echo '-1'; return false; } } echo '0'; return false; break; case 'runhook': //Run hooks $hook = Params::getParam("hook"); switch ($hook) { case 'item_form': $catId = Params::getParam("catId"); if ($catId != '') { osc_run_hook("item_form", $catId); } else { osc_run_hook("item_form"); } break; case 'item_edit': $catId = Params::getParam("catId"); $itemId = Params::getParam("itemId"); osc_run_hook("item_edit", $catId, $itemId); break; default: if ($hook == '') { return false; } else { osc_run_hook($hook); } break; } break; case 'custom': // Execute via AJAX custom file $ajaxfile = Params::getParam("ajaxfile"); if ($ajaxfile != '') { require_once osc_plugins_path() . $ajaxfile; } else { echo json_encode(array('error' => __('no action defined'))); } break; default: echo json_encode(array('error' => __('no action defined'))); break; } // clear all keep variables into session Session::newInstance()->_dropKeepForm(); Session::newInstance()->_clearVariables(); }
function doModel() { //specific things for this class switch ($this->action) { case 'bulk_actions': break; case 'regions': //Return regions given a countryId $regions = Region::newInstance()->findByCountry(Params::getParam("countryId")); echo json_encode($regions); break; case 'cities': //Returns cities given a regionId $cities = City::newInstance()->findByRegion(Params::getParam("regionId")); echo json_encode($cities); break; case 'location': // This is the autocomplete AJAX $cities = City::newInstance()->ajax(Params::getParam("term")); foreach ($cities as $k => $city) { $cities[$k]['label'] = $city['label'] . " (" . $city['region'] . ")"; } echo json_encode($cities); break; case 'location_countries': // This is the autocomplete AJAX $countries = Country::newInstance()->ajax(Params::getParam("term")); echo json_encode($countries); break; case 'location_regions': // This is the autocomplete AJAX $regions = Region::newInstance()->ajax(Params::getParam("term"), Params::getParam("country")); echo json_encode($regions); break; case 'location_cities': // This is the autocomplete AJAX $cities = City::newInstance()->ajax(Params::getParam("term"), Params::getParam("region")); echo json_encode($cities); break; case 'delete_image': // Delete images via AJAX $ajax_photo = Params::getParam('ajax_photo'); $id = Params::getParam('id'); $item = Params::getParam('item'); $code = Params::getParam('code'); $secret = Params::getParam('secret'); $json = array(); if ($ajax_photo != '') { $files = Session::newInstance()->_get('ajax_files'); $success = false; foreach ($files as $uuid => $file) { if ($file == $ajax_photo) { $filename = $files[$uuid]; unset($files[$uuid]); Session::newInstance()->_set('ajax_files', $files); $success = @unlink(osc_content_path() . 'uploads/temp/' . $filename); break; } } echo json_encode(array('success' => $success, 'msg' => $success ? _m('The selected photo has been successfully deleted') : _m("The selected photo couldn't be deleted"))); return false; } if (Session::newInstance()->_get('userId') != '') { $userId = Session::newInstance()->_get('userId'); $user = User::newInstance()->findByPrimaryKey($userId); } else { $userId = null; $user = null; } // Check for required fields if (!(is_numeric($id) && is_numeric($item) && preg_match('/^([a-z0-9]+)$/i', $code))) { $json['success'] = false; $json['msg'] = _m("The selected photo couldn't be deleted, the url doesn't exist"); echo json_encode($json); return false; } $aItem = Item::newInstance()->findByPrimaryKey($item); // Check if the item exists if (count($aItem) == 0) { $json['success'] = false; $json['msg'] = _m("The listing doesn't exist"); echo json_encode($json); return false; } if (!osc_is_admin_user_logged_in()) { // Check if the item belong to the user if ($userId != null && $userId != $aItem['fk_i_user_id']) { $json['success'] = false; $json['msg'] = _m("The listing doesn't belong to you"); echo json_encode($json); return false; } // Check if the secret passphrase match with the item if ($userId == null && $aItem['fk_i_user_id'] == null && $secret != $aItem['s_secret']) { $json['success'] = false; $json['msg'] = _m("The listing doesn't belong to you"); echo json_encode($json); return false; } } // Does id & code combination exist? $result = ItemResource::newInstance()->existResource($id, $code); if ($result > 0) { $resource = ItemResource::newInstance()->findByPrimaryKey($id); if ($resource['fk_i_item_id'] == $item) { // Delete: file, db table entry if (defined(OC_ADMIN)) { osc_deleteResource($id, true); Log::newInstance()->insertLog('ajax', 'deleteimage', $id, $id, 'admin', osc_logged_admin_id()); } else { osc_deleteResource($id, false); Log::newInstance()->insertLog('ajax', 'deleteimage', $id, $id, 'user', osc_logged_user_id()); } ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $item, 's_name' => $code)); $json['msg'] = _m('The selected photo has been successfully deleted'); $json['success'] = 'true'; } else { $json['msg'] = _m("The selected photo does not belong to you"); $json['success'] = 'false'; } } else { $json['msg'] = _m("The selected photo couldn't be deleted"); $json['success'] = 'false'; } echo json_encode($json); return true; break; case 'alerts': // Allow to register to an alert given (not sure it's used on admin) $encoded_alert = Params::getParam("alert"); $alert = osc_decrypt_alert(base64_decode($encoded_alert)); // check alert integrity / signature $stringToSign = osc_get_alert_public_key() . $encoded_alert; $signature = hex2b64(hmacsha1(osc_get_alert_private_key(), $stringToSign)); $server_signature = Session::newInstance()->_get('alert_signature'); if ($server_signature != $signature) { echo '-2'; return false; } $email = Params::getParam("email"); $userid = Params::getParam("userid"); if (osc_is_web_user_logged_in()) { $userid = osc_logged_user_id(); $user = User::newInstance()->findByPrimaryKey($userid); $email = $user['s_email']; } if ($alert != '' && $email != '') { if (osc_validate_email($email)) { $secret = osc_genRandomPassword(); if ($alertID = Alerts::newInstance()->createAlert($userid, $email, $alert, $secret)) { if ((int) $userid > 0) { $user = User::newInstance()->findByPrimaryKey($userid); if ($user['b_active'] == 1 && $user['b_enabled'] == 1) { Alerts::newInstance()->activate($alertID); echo '1'; return true; } else { echo '-1'; return false; } } else { $aAlert = Alerts::newInstance()->findByPrimaryKey($alertID); osc_run_hook('hook_email_alert_validation', $aAlert, $email, $secret); } echo "1"; } else { echo "0"; } return true; } else { echo '-1'; return false; } } echo '0'; return false; break; case 'runhook': // run hooks $hook = Params::getParam('hook'); if ($hook == '') { echo json_encode(array('error' => 'hook parameter not defined')); break; } switch ($hook) { case 'item_form': osc_run_hook('item_form', Params::getParam('catId')); break; case 'item_edit': $catId = Params::getParam("catId"); $itemId = Params::getParam("itemId"); osc_run_hook("item_edit", $catId, $itemId); break; default: osc_run_hook('ajax_' . $hook); break; } break; case 'custom': // Execute via AJAX custom file if (Params::existParam('route')) { $routes = Rewrite::newInstance()->getRoutes(); $rid = Params::getParam('route'); $file = '../'; if (isset($routes[$rid]) && isset($routes[$rid]['file'])) { $file = $routes[$rid]['file']; } } else { // DEPRECATED: Disclosed path in URL is deprecated, use routes instead // This will be REMOVED in 3.4 $file = Params::getParam('ajaxfile'); } if ($file == '') { echo json_encode(array('error' => 'no action defined')); break; } // valid file? if (strpos($file, '../') !== false || strpos($file, '..\\') !== false || stripos($file, '/admin/') !== false) { //If the file is inside an "admin" folder, it should NOT be opened in frontend echo json_encode(array('error' => 'no valid ajaxFile')); break; } if (!file_exists(osc_plugins_path() . $file)) { echo json_encode(array('error' => "ajaxFile doesn't exist")); break; } require_once osc_plugins_path() . $file; break; case 'check_username_availability': $username = osc_sanitize_username(Params::getParam('s_username')); if (!osc_is_username_blacklisted($username)) { $user = User::newInstance()->findByUsername($username); if (isset($user['s_username'])) { echo json_encode(array('exists' => 1, 's_username' => $username)); } else { echo json_encode(array('exists' => 0, 's_username' => $username)); } } else { echo json_encode(array('exists' => 1, 's_username' => $username)); } break; case 'ajax_upload': // Include the uploader class require_once LIB_PATH . "AjaxUploader.php"; $uploader = new AjaxUploader(); $original = pathinfo($uploader->getOriginalName()); $filename = uniqid("qqfile_") . "." . $original['extension']; $result = $uploader->handleUpload(osc_content_path() . 'uploads/temp/' . $filename); $result['uploadName'] = $filename; echo htmlspecialchars(json_encode($result), ENT_NOQUOTES); break; case 'ajax_validate': $id = Params::getParam('id'); if (!is_numeric($id)) { echo json_encode(array('success' => false)); die; } $secret = Params::getParam('secret'); $item = Item::newInstance()->findByPrimaryKey($id); if ($item['s_secret'] != $secret) { echo json_encode(array('success' => false)); die; } $nResources = ItemResource::newInstance()->countResources($id); $result = array('success' => $nResources < osc_max_images_per_item(), 'count' => $nResources); echo json_encode($result); break; case 'delete_ajax_upload': $files = Session::newInstance()->_get('ajax_files'); $success = false; $filename = ''; if (isset($files[Params::getParam('qquuid')]) && $files[Params::getParam('qquuid')] != '') { $filename = $files[Params::getParam('qquuid')]; unset($files[Params::getParam('qquuid')]); Session::newInstance()->_set('ajax_files', $files); $success = @unlink(osc_content_path() . 'uploads/temp/' . $filename); } echo json_encode(array('success' => $success, 'uploadName' => $filename)); break; default: echo json_encode(array('error' => __('no action defined'))); break; } // clear all keep variables into session Session::newInstance()->_dropKeepForm(); Session::newInstance()->_clearVariables(); }
function doModel() { switch ($this->action) { case 'change_email_confirm': //change email confirm if (Params::getParam('userId') && Params::getParam('code')) { $userManager = new User(); $user = $userManager->findByPrimaryKey(Params::getParam('userId')); if ($user['s_pass_code'] == Params::getParam('code') && $user['b_enabled'] == 1) { $userEmailTmp = UserEmailTmp::newInstance()->findByPk(Params::getParam('userId')); $code = osc_genRandomPassword(50); $userManager->update(array('s_email' => $userEmailTmp['s_new_email']), array('pk_i_id' => $userEmailTmp['fk_i_user_id'])); Item::newInstance()->update(array('s_contact_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); ItemComment::newInstance()->update(array('s_author_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); Alerts::newInstance()->update(array('s_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); Session::newInstance()->_set('userEmail', $userEmailTmp['s_new_email']); UserEmailTmp::newInstance()->delete(array('s_new_email' => $userEmailTmp['s_new_email'])); osc_add_flash_ok_message(_m('Your email has been changed successfully')); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'activate_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $result = 0; if ($email != '' && $secret != '') { $result = Alerts::newInstance()->activate($email, $secret); } if ($result == 1) { osc_add_flash_ok_message(_m('Alert activated')); } else { osc_add_flash_error_message(_m('Ops! There was a problem trying to activate alert. Please contact the administrator')); } $this->redirectTo(osc_base_url(true)); break; case 'unsub_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); if ($email != '' && $secret != '') { Alerts::newInstance()->delete(array('s_email' => $email, 'S_secret' => $secret)); osc_add_flash_ok_message(_m('Unsubscribed correctly')); } else { osc_add_flash_error_message(_m('Ops! There was a problem trying to unsubscribe you. Please contact the administrator')); } $this->redirectTo(osc_base_url()); break; case 'pub_profile': $userID = Params::getParam('id'); $user = User::newInstance()->findByPrimaryKey($userID); // user doesn't exist if (!$user) { $this->redirectTo(osc_base_url()); } View::newInstance()->_exportVariableToView('user', $user); $items = Item::newInstance()->findByUserIDEnabled($user['pk_i_id'], 0, 3); View::newInstance()->_exportVariableToView('items', $items); $this->doView('user-public-profile.php'); break; case 'contact_post': $user = User::newInstance()->findByPrimaryKey(Params::getParam('id')); View::newInstance()->_exportVariableToView('user', $user); if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail')); Session::newInstance()->_setForm("yourName", Params::getParam('yourName')); Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber')); Session::newInstance()->_setForm("message_body", Params::getParam('message')); $this->redirectTo(osc_user_public_profile_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } osc_run_hook('hook_email_contact_user', Params::getParam('id'), Params::getParam('yourEmail'), Params::getParam('yourName'), Params::getParam('phoneNumber'), Params::getParam('message')); $this->redirectTo(osc_user_public_profile_url()); break; default: $this->redirectTo(osc_user_login_url()); break; } }
function doModel() { switch ($this->action) { case 'change_email_confirm': //change email confirm if (Params::getParam('userId') && Params::getParam('code')) { $userManager = new User(); $user = $userManager->findByPrimaryKey(Params::getParam('userId')); if ($user['s_pass_code'] == Params::getParam('code') && $user['b_enabled'] == 1) { $userEmailTmp = UserEmailTmp::newInstance()->findByPrimaryKey(Params::getParam('userId')); $code = osc_genRandomPassword(50); $userManager->update(array('s_email' => $userEmailTmp['s_new_email']), array('pk_i_id' => $userEmailTmp['fk_i_user_id'])); Item::newInstance()->update(array('s_contact_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); ItemComment::newInstance()->update(array('s_author_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); Alerts::newInstance()->update(array('s_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); Session::newInstance()->_set('userEmail', $userEmailTmp['s_new_email']); UserEmailTmp::newInstance()->delete(array('s_new_email' => $userEmailTmp['s_new_email'])); osc_add_flash_ok_message(_m('Your email has been changed successfully')); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'activate_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $id = Params::getParam('id'); $alert = Alerts::newInstance()->findByPrimaryKey($id); $result = 0; if (!empty($alert)) { if ($email == $alert['s_email'] && $secret == $alert['s_secret']) { $user = User::newInstance()->findByEmail($alert['s_email']); if (isset($user['pk_i_id'])) { Alerts::newInstance()->update(array('fk_i_user_id' => $user['pk_i_id']), array('pk_i_id' => $id)); } $result = Alerts::newInstance()->activate($id); } } if ($result == 1) { osc_add_flash_ok_message(_m('Alert activated')); } else { osc_add_flash_error_message(_m('Oops! There was a problem trying to activate your alert. Please contact an administrator')); } $this->redirectTo(osc_base_url()); break; case 'unsub_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $id = Params::getParam('id'); $alert = Alerts::newInstance()->findByPrimaryKey($id); $result = 0; if (!empty($alert)) { if ($email == $alert['s_email'] && $secret == $alert['s_secret']) { $result = Alerts::newInstance()->unsub($id); } } if ($result == 1) { osc_add_flash_ok_message(_m('Unsubscribed correctly')); } else { osc_add_flash_error_message(_m('Oops! There was a problem trying to unsubscribe you. Please contact an administrator')); } $this->redirectTo(osc_base_url()); break; case 'pub_profile': if (Params::getParam('username') != '') { $user = User::newInstance()->findByUsername(Params::getParam('username')); } else { $user = User::newInstance()->findByPrimaryKey(Params::getParam('id')); } // user doesn't exist, show 404 error if (!$user) { $this->do404(); return; } $itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 10; $page = Params::getParam('iPage') > 0 ? Params::getParam('iPage') - 1 : 0; $total_items = Item::newInstance()->countItemTypesByUserID($user['pk_i_id'], 'active'); if ($itemsPerPage == 'all') { $total_pages = 1; $items = Item::newInstance()->findItemTypesByUserID($user['pk_i_id'], 0, null, 'active'); } else { $total_pages = ceil($total_items / $itemsPerPage); $items = Item::newInstance()->findItemTypesByUserID($user['pk_i_id'], $page * $itemsPerPage, $itemsPerPage, 'active'); } View::newInstance()->_exportVariableToView('user', $user); $this->_exportVariableToView('items', $items); $this->_exportVariableToView('search_total_pages', $total_pages); $this->_exportVariableToView('search_total_items', $total_items); $this->_exportVariableToView('items_per_page', $itemsPerPage); $this->_exportVariableToView('search_page', $page); $this->_exportVariableToView('canonical', osc_user_public_profile_url()); $this->doView('user-public-profile.php'); break; case 'contact_post': $user = User::newInstance()->findByPrimaryKey(Params::getParam('id')); View::newInstance()->_exportVariableToView('user', $user); if (osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail')); Session::newInstance()->_setForm("yourName", Params::getParam('yourName')); Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber')); Session::newInstance()->_setForm("message_body", Params::getParam('message')); $this->redirectTo(osc_user_public_profile_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } $banned = osc_is_banned(Params::getParam('yourEmail')); if ($banned == 1) { osc_add_flash_error_message(_m('Your current email is not allowed')); $this->redirectTo(osc_user_public_profile_url()); } else { if ($banned == 2) { osc_add_flash_error_message(_m('Your current IP is not allowed')); $this->redirectTo(osc_user_public_profile_url()); } } osc_run_hook('hook_email_contact_user', Params::getParam('id'), Params::getParam('yourEmail'), Params::getParam('yourName'), Params::getParam('phoneNumber'), Params::getParam('message')); osc_add_flash_ok_message(_m('Your email has been sent properly.')); $this->redirectTo(osc_user_public_profile_url()); break; default: $this->redirectTo(osc_user_login_url()); break; } }
/** * Convert alerts < 2.4, updating s_search with json encoded to based64. * * @param string $alert base64+serialized */ function convertAlert($alert) { // decode search model $data = base64_decode($alert['s_search']); if (is_serialized($data)) { // don't attempt to unserialize data that wasn't serialized going in $data = unserialize($data); // if search model, convert alert if (get_class($data) == 'Search') { // get json $json = $data->toJson(true); // insert new alert with json $aCondition = array('s_email' => $alert['s_email'], 'b_active' => $alert['b_active'], 'e_type' => $alert['e_type']); if ($alert['fk_i_user_id'] != '') { $aCondition['fk_i_user_id'] = (int) $alert['fk_i_user_id']; } if ($alert['s_secret'] != '') { $aCondition['s_secret'] = $alert['s_secret']; } Alerts::newInstance()->update(array('s_search' => base64_encode($json)), $aCondition); } } }
function doModel() { //specific things for this class switch ($this->action) { case 'bulk_actions': break; case 'regions': //Return regions given a countryId $regions = Region::newInstance()->findByCountry(Params::getParam("countryId")); echo json_encode($regions); break; case 'cities': //Returns cities given a regionId $cities = City::newInstance()->findByRegion(Params::getParam("regionId")); echo json_encode($cities); break; case 'location': // This is the autocomplete AJAX $cities = City::newInstance()->ajax(Params::getParam("term")); foreach ($cities as $k => $city) { $cities[$k]['label'] = $city['label'] . " (" . $city['region'] . ")"; } echo json_encode($cities); break; case 'location_countries': // This is the autocomplete AJAX $countries = Country::newInstance()->ajax(Params::getParam("term")); echo json_encode($countries); break; case 'location_regions': // This is the autocomplete AJAX $regions = Region::newInstance()->ajax(Params::getParam("term"), Params::getParam("country")); echo json_encode($regions); break; case 'location_cities': // This is the autocomplete AJAX $cities = City::newInstance()->ajax(Params::getParam("term"), Params::getParam("region")); echo json_encode($cities); break; case 'delete_image': // Delete images via AJAX $id = Params::getParam('id'); $item = Params::getParam('item'); $code = Params::getParam('code'); $secret = Params::getParam('secret'); $json = array(); if (Session::newInstance()->_get('userId') != '') { $userId = Session::newInstance()->_get('userId'); $user = User::newInstance()->findByPrimaryKey($userId); } else { $userId = null; $user = null; } // Check for required fields if (!(is_numeric($id) && is_numeric($item) && preg_match('/^([a-z0-9]+)$/i', $code))) { $json['success'] = false; $json['msg'] = _m("The selected photo couldn't be deleted, the url doesn't exist"); echo json_encode($json); return false; } $aItem = Item::newInstance()->findByPrimaryKey($item); // Check if the item exists if (count($aItem) == 0) { $json['success'] = false; $json['msg'] = _m("The listing doesn't exist"); echo json_encode($json); return false; } if (!osc_is_admin_user_logged_in()) { // Check if the item belong to the user if ($userId != null && $userId != $aItem['fk_i_user_id']) { $json['success'] = false; $json['msg'] = _m("The listing doesn't belong to you"); echo json_encode($json); return false; } // Check if the secret passphrase match with the item if ($userId == null && $aItem['fk_i_user_id'] == null && $secret != $aItem['s_secret']) { $json['success'] = false; $json['msg'] = _m("The listing doesn't belong to you"); echo json_encode($json); return false; } } // Does id & code combination exist? $result = ItemResource::newInstance()->existResource($id, $code); if ($result > 0) { $resource = ItemResource::newInstance()->findByPrimaryKey($id); if ($resource['fk_i_item_id'] == $item) { // Delete: file, db table entry if (defined(OC_ADMIN)) { osc_deleteResource($id, true); Log::newInstance()->insertLog('ajax', 'deleteimage', $id, $id, 'admin', osc_logged_admin_id()); } else { osc_deleteResource($id, false); Log::newInstance()->insertLog('ajax', 'deleteimage', $id, $id, 'user', osc_logged_user_id()); } ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $item, 's_name' => $code)); $json['msg'] = _m('The selected photo has been successfully deleted'); $json['success'] = 'true'; } else { $json['msg'] = _m("The selected photo does not belong to you"); $json['success'] = 'false'; } } else { $json['msg'] = _m("The selected photo couldn't be deleted"); $json['success'] = 'false'; } echo json_encode($json); return true; break; case 'alerts': // Allow to register to an alert given (not sure it's used on admin) $alert = Params::getParam("alert"); $email = Params::getParam("email"); $userid = Params::getParam("userid"); if ($alert != '' && $email != '') { if (osc_validate_email($email)) { $secret = osc_genRandomPassword(); if ($alertID = Alerts::newInstance()->createAlert($userid, $email, $alert, $secret)) { if ((int) $userid > 0) { $user = User::newInstance()->findByPrimaryKey($userid); if ($user['b_active'] == 1 && $user['b_enabled'] == 1) { Alerts::newInstance()->activate($alertID); echo '1'; return true; } else { echo '-1'; return false; } } else { $aAlert = Alerts::newInstance()->findByPrimaryKey($alertID); osc_run_hook('hook_email_alert_validation', $aAlert, $email, $secret); } echo "1"; } else { echo "0"; } return true; } else { echo '-1'; return false; } } echo '0'; return false; break; case 'runhook': // run hooks $hook = Params::getParam('hook'); if ($hook == '') { echo json_encode(array('error' => 'hook parameter not defined')); break; } switch ($hook) { case 'item_form': osc_run_hook('item_form', Params::getParam('catId')); break; case 'item_edit': $catId = Params::getParam("catId"); $itemId = Params::getParam("itemId"); osc_run_hook("item_edit", $catId, $itemId); break; default: osc_run_hook('ajax_' . $hook); break; } break; case 'custom': // Execute via AJAX custom file $ajaxFile = Params::getParam("ajaxfile"); if ($ajaxFile == '') { echo json_encode(array('error' => 'no action defined')); break; } // valid file? if (stripos($ajaxFile, '../') !== false) { echo json_encode(array('error' => 'no valid ajaxFile')); break; } if (!file_exists(osc_plugins_path() . $ajaxFile)) { echo json_encode(array('error' => "ajaxFile doesn't exist")); break; } require_once osc_plugins_path() . $ajaxFile; break; case 'check_username_availability': $username = osc_sanitize_username(Params::getParam('s_username')); if (!osc_is_username_blacklisted($username)) { $user = User::newInstance()->findByUsername($username); if (isset($user['s_username'])) { echo json_encode(array('exists' => 1, 's_username' => $username)); } else { echo json_encode(array('exists' => 0, 's_username' => $username)); } } else { echo json_encode(array('exists' => 1, 's_username' => $username)); } break; default: echo json_encode(array('error' => __('no action defined'))); break; } // clear all keep variables into session Session::newInstance()->_dropKeepForm(); Session::newInstance()->_clearVariables(); }