function doModel()
{
parent::doModel();
switch($this->action) {
case('add'): // callin add view
$this->_exportVariableToView( 'admin', null );
$this->doView('admins/frm.php');
break;
case('add_post'): if( defined('DEMO') ) {
osc_add_flash_warning_message( _m("This action can't be done because it's a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
osc_csrf_check();
// adding a new admin
$sPassword = Params::getParam('s_password', false, false);
$sName = Params::getParam('s_name');
$sEmail = Params::getParam('s_email');
$sUserName = Params::getParam('s_username');
$bModerator = Params::getParam('b_moderator')==0?0:1;
// cleaning parameters
$sPassword = strip_tags($sPassword);
$sPassword = trim($sPassword);
$sName = strip_tags($sName);
$sName = trim($sName);
$sEmail = strip_tags($sEmail);
$sEmail = trim($sEmail);
$sUserName = strip_tags($sUserName);
$sUserName = trim($sUserName);
// Checks for legit data
if( !osc_validate_email($sEmail, true) ) {
osc_add_flash_warning_message( _m("Email invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
if( !osc_validate_username($sUserName) ) {
osc_add_flash_warning_message( _m("Username invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
if( $sName == '' ) {
osc_add_flash_warning_message( _m("Name invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true).'?page=admins&action=add');
}
if( $sPassword == '' ) {
osc_add_flash_warning_message( _m("Password invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
$admin = $this->adminManager->findByEmail($sEmail);
if( $admin ) {
osc_add_flash_warning_message( _m("Email already in use"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
$admin = $this->adminManager->findByUsername($sUserName);
if( $admin ) {
osc_add_flash_warning_message( _m("Username already in use"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
$array = array(
's_password' => osc_hash_password($sPassword),
's_name' => $sName,
's_email' => $sEmail,
's_username' => $sUserName,
'b_moderator' => $bModerator
);
$isInserted = $this->adminManager->insert($array);
if( $isInserted ) {
// send email
osc_run_hook('hook_email_new_admin', array(
's_name' => $sName,
's_username' => $sUserName,
's_password' => $sPassword,
's_email' => $sEmail
)
);
osc_add_flash_ok_message( _m('The admin has been added'), 'admin');
} else {
osc_add_flash_error_message( _m('There has been an error adding a new admin'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true).'?page=admins');
break;
case('edit'): // calling edit admin view
$adminEdit = null;
$adminId = Params::getParam('id');
if( $adminId != '' ) {
$adminEdit = $this->adminManager->findByPrimaryKey((int) $adminId);
} elseif( Session::newInstance()->_get('adminId') != '') {
$adminEdit = $this->adminManager->findByPrimaryKey( Session::newInstance()->_get('adminId') );
}
if( count($adminEdit) == 0 ) {
osc_add_flash_error_message( _m('There is no admin with this id'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
$this->_exportVariableToView("admin", $adminEdit);
$this->doView('admins/frm.php');
break;
case('edit_post'): if( defined('DEMO') ) {
osc_add_flash_warning_message( _m("This action can't be done because it's a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
osc_csrf_check();
// updating a new admin
$iUpdated = 0;
$adminId = Params::getParam('id');
$sPassword = Params::getParam('s_password', false, false);
$sPassword2 = Params::getParam('s_password2', false, false);
$sOldPassword = Params::getParam('old_password', false, false);
$sName = Params::getParam('s_name');
$sEmail = Params::getParam('s_email');
$sUserName = Params::getParam('s_username');
$bModerator = Params::getParam('b_moderator')==0?0:1;
// cleaning parameters
$sPassword = strip_tags($sPassword);
$sPassword = trim($sPassword);
$sPassword2 = strip_tags($sPassword2);
$sPassword2 = trim($sPassword2);
$sName = strip_tags($sName);
$sName = trim($sName);
$sEmail = strip_tags($sEmail);
$sEmail = trim($sEmail);
$sUserName = strip_tags($sUserName);
$sUserName = trim($sUserName);
// Checks for legit data
if( !osc_validate_email($sEmail, true) ) {
osc_add_flash_warning_message( _m("Email invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
if( !osc_validate_username($sUserName) ) {
osc_add_flash_warning_message( _m("Username invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
if( $sName == '' ) {
osc_add_flash_warning_message( _m("Name invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
$aAdmin = $this->adminManager->findByPrimaryKey($adminId);
if( count($aAdmin) == 0 ) {
osc_add_flash_error_message( _m("This admin doesn't exist"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
if( $aAdmin['s_email'] != $sEmail ) {
if($this->adminManager->findByEmail( $sEmail ) ) {
osc_add_flash_warning_message( _m('Existing email'), 'admin');
$this->redirectTo(osc_admin_base_url(true).'?page=admins&action=edit&id=' . $adminId);
}
}
if( $aAdmin['s_username'] != $sUserName ) {
if( $this->adminManager->findByUsername( $sUserName ) ) {
osc_add_flash_warning_message( _m('Existing username'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
}
$conditions = array('pk_i_id' => $adminId);
$array = array();
if(osc_logged_admin_id()==$adminId) {
if($sOldPassword != '' ) {
if( $sPassword=='' ) {
osc_add_flash_warning_message( _m("Password invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
} else {
$firstCondition = osc_verify_password($sOldPassword, $aAdmin['s_password']);
$secondCondition = ( $sPassword == $sPassword2 );
if( $firstCondition && $secondCondition ) {
$array['s_password'] = osc_hash_password($sPassword);
} else {
osc_add_flash_warning_message( _m("The password couldn't be updated. Passwords don't match"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
}
}
} else {
if( $sPassword!='') {
if($sPassword == $sPassword2) {
$array['s_password'] = osc_hash_password($sPassword);
} else {
osc_add_flash_warning_message( _m("The password couldn't be updated. Passwords don't match"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
}
}
if($adminId!=osc_logged_admin_id()) {
$array['b_moderator'] = $bModerator;
}
$array['s_name'] = Params::getParam('s_name');
$array['s_username'] = $sUserName;
$array['s_email'] = $sEmail;
$iUpdated = $this->adminManager->update($array, $conditions);
if( $iUpdated > 0 ) {
osc_add_flash_ok_message( _m('The admin has been updated'), 'admin');
}
if( $this->isModerator() ) {
$this->redirectTo(osc_admin_base_url(true));
} else {
$this->redirectTo(osc_admin_base_url(true).'?page=admins');
}
break;
case('delete'): if( defined('DEMO') ) {
osc_add_flash_warning_message( _m("This action can't be done because it's a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
osc_csrf_check();
// deleting and admin
$isDeleted = false;
$adminId = Params::getParam('id');
if( !is_array($adminId) ) {
osc_add_flash_error_message( _m("The admin id isn't in the correct format"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
// Verification to avoid an administrator trying to remove to itself
if( in_array(Session::newInstance()->_get('adminId'), $adminId) ) {
osc_add_flash_error_message( _m("The operation hasn't been completed. You're trying to remove yourself!"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
$isDeleted = $this->adminManager->deleteBatch( $adminId );
if( $isDeleted ) {
osc_add_flash_ok_message( _m('The admin has been deleted correctly'), 'admin');
} else {
osc_add_flash_error_message( _m('The admin couldn\'t be deleted'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
break;
default:
if(Params::getParam("action")!="") {
osc_run_hook("admin_bulk_".Params::getParam("action"), Params::getParam('id'));
}
if( Params::getParam('iDisplayLength') == '' ) {
Params::setParam('iDisplayLength', 10 );
}
$p_iPage = 1;
if( is_numeric(Params::getParam('iPage')) && Params::getParam('iPage') >= 1 ) {
$p_iPage = Params::getParam('iPage');
}
Params::setParam('iPage', $p_iPage);
$admins = $this->adminManager->listAll();
// pagination
$start = ($p_iPage-1) * Params::getParam('iDisplayLength');
$limit = Params::getParam('iDisplayLength');
$count = count( $admins );
$displayRecords = $limit;
if( ($start+$limit ) > $count ) {
$displayRecords = ($start+$limit) - $count;
}
// ----
$aData = array();
$max = ($start+$limit);
if($max > $count) $max = $count;
for($i = $start; $i < $max; $i++) {
$admin = $admins[$i];
$options = array();
$options[] = '<a href="' . osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $admin['pk_i_id'] . '">' . __('Edit') . '</a>';
$options[] = '<a onclick="return delete_dialog(\'' . $admin['pk_i_id'] . '\');" href="' . osc_admin_base_url(true) . '?page=admins&action=delete&id[]=' . $admin['pk_i_id'] . '">' . __('Delete') . '</a>';
$auxOptions = '<ul>'.PHP_EOL;
foreach( $options as $actual ) {
$auxOptions .= '<li>'.$actual.'</li>'.PHP_EOL;
}
$actions = '<div class="actions">'.$auxOptions.'</div>'.PHP_EOL;
$row = array();
$row[] = '<input type="checkbox" name="id[]" value="' . $admin['pk_i_id'] . '" />';
$row[] = $admin['s_username'] . $actions;
$row[] = $admin['s_name'];
$row[] = $admin['s_email'];
$aData[] = $row;
}
$array['iTotalRecords'] = $displayRecords;
$array['iTotalDisplayRecords'] = count($admins);
$array['iDisplayLength'] = $limit;
$array['aaData'] = $aData;
$page = (int)Params::getParam('iPage');
if(count($array['aaData']) == 0 && $page!=1) {
$total = (int)$array['iTotalDisplayRecords'];
$maxPage = ceil( $total / (int)$array['iDisplayLength'] );
$url = osc_admin_base_url(true).'?'.$_SERVER['QUERY_STRING'];
if($maxPage==0) {
$url = preg_replace('/&iPage=(\d)+/', '&iPage=1', $url);
$this->redirectTo($url);
}
if($page > 1) {
$url = preg_replace('/&iPage=(\d)+/', '&iPage='.$maxPage, $url);
$this->redirectTo($url);
}
}
$bulk_options = array(
array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')),
array('value' => 'delete', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected admins?'), strtolower(__('Delete'))), 'label' => __('Delete'))
);
$bulk_options = osc_apply_filter("admin_bulk_filter", $bulk_options);
$this->_exportVariableToView('bulk_options', $bulk_options);
$this->_exportVariableToView('aAdmins', $array);
// calling manage admins view
$this->doView('admins/index.php');
break;
}
}
function doModel()
{
parent::doModel();
switch ($this->action) {
case 'add':
// callin add view
$this->_exportVariableToView('admin', null);
$this->doView('admins/frm.php');
break;
case 'add_post':
if (defined('DEMO')) {
osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
// adding a new admin
$sPassword = Params::getParam('s_password', false, false);
$sName = Params::getParam('s_name');
$sEmail = Params::getParam('s_email');
$sUserName = Params::getParam('s_username');
// cleaning parameters
$sPassword = strip_tags($sPassword);
$sPassword = trim($sPassword);
$sName = strip_tags($sName);
$sName = trim($sName);
$sEmail = strip_tags($sEmail);
$sEmail = trim($sEmail);
$sUserName = strip_tags($sUserName);
$sUserName = trim($sUserName);
// Checks for legit data
if (!osc_validate_email($sEmail, true)) {
osc_add_flash_warning_message(_m("Email invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
if (!osc_validate_username($sUserName)) {
osc_add_flash_warning_message(_m("Username invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
if ($sName == '') {
osc_add_flash_warning_message(_m("Name invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
if ($sPassword == '') {
osc_add_flash_warning_message(_m("Password invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
$admin = $this->adminManager->findByEmail($sEmail);
if ($admin) {
osc_add_flash_warning_message(_m("Email already in use"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
$admin = $this->adminManager->findByUsername($sUserName);
if ($admin) {
osc_add_flash_warning_message(_m("Username already in use"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
$array = array('s_password' => sha1($sPassword), 's_name' => $sName, 's_email' => $sEmail, 's_username' => $sUserName);
$isInserted = $this->adminManager->insert($array);
if ($isInserted) {
osc_add_flash_ok_message(_m('The admin has been added'), 'admin');
} else {
osc_add_flash_error_message(_m('There have been an error adding a new admin'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
break;
case 'edit':
// calling edit admin view
$adminEdit = null;
$adminId = Params::getParam('id');
if ($adminId != '') {
$adminEdit = $this->adminManager->findByPrimaryKey((int) $adminId);
} elseif (Session::newInstance()->_get('adminId') != '') {
$adminEdit = $this->adminManager->findByPrimaryKey(Session::newInstance()->_get('adminId'));
}
if (count($adminEdit) == 0) {
osc_add_flash_error_message(_m('There is no admin admin with this id'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
$this->_exportVariableToView("admin", $adminEdit);
$this->doView('admins/frm.php');
break;
case 'edit_post':
if (defined('DEMO')) {
osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
// updating a new admin
$iUpdated = 0;
$adminId = Params::getParam('id');
$sPassword = Params::getParam('s_password', false, false);
$sPassword2 = Params::getParam('s_password2', false, false);
$sOldPassword = Params::getParam('old_password', false, false);
$sName = Params::getParam('s_name');
$sEmail = Params::getParam('s_email');
$sUserName = Params::getParam('s_username');
// cleaning parameters
$sPassword = strip_tags($sPassword);
$sPassword = trim($sPassword);
$sPassword2 = strip_tags($sPassword2);
$sPassword2 = trim($sPassword2);
$sName = strip_tags($sName);
$sName = trim($sName);
$sEmail = strip_tags($sEmail);
$sEmail = trim($sEmail);
$sUserName = strip_tags($sUserName);
$sUserName = trim($sUserName);
// Checks for legit data
if (!osc_validate_email($sEmail, true)) {
osc_add_flash_warning_message(_m("Email invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
if (!osc_validate_username($sUserName)) {
osc_add_flash_warning_message(_m("Username invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
if ($sName == '') {
osc_add_flash_warning_message(_m("Name invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
$aAdmin = $this->adminManager->findByPrimaryKey($adminId);
if (count($aAdmin) == 0) {
osc_add_flash_error_message(_m("This admin doesn't exist"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
if ($aAdmin['s_email'] != $sEmail) {
if ($this->adminManager->findByEmail($sEmail)) {
osc_add_flash_warning_message(_m('Existing email'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
}
if ($aAdmin['s_username'] != $sUserName) {
if ($this->adminManager->findByUsername($sUserName)) {
osc_add_flash_warning_message(_m('Existing username'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
}
$conditions = array('pk_i_id' => $adminId);
$array = array();
if (osc_logged_admin_id() == $adminId) {
if ($sOldPassword != '') {
if ($sPassword == '') {
osc_add_flash_warning_message(_m("Password invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
} else {
$firstCondition = sha1($sOldPassword) == $aAdmin['s_password'];
$secondCondition = $sPassword == $sPassword2;
if ($firstCondition && $secondCondition) {
$array['s_password'] = sha1($sPassword);
} else {
osc_add_flash_warning_message(_m("The password couldn't be updated. Passwords don't match"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
}
}
} else {
if ($sPassword != '' && $sPassword == $sPassword2) {
$array['s_password'] = sha1($sPassword);
} else {
osc_add_flash_warning_message(_m("The password couldn't be updated. Passwords don't match"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
}
$array['s_name'] = Params::getParam('s_name');
$array['s_username'] = $sUserName;
$array['s_email'] = $sEmail;
$iUpdated = $this->adminManager->update($array, $conditions);
if ($iUpdated > 0) {
osc_add_flash_ok_message(_m('The admin has been updated'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
break;
case 'delete':
if (defined('DEMO')) {
osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
// deleting and admin
$isDeleted = false;
$adminId = Params::getParam('id');
if (!is_array($adminId)) {
osc_add_flash_error_message(_m("The admin id isn't in the correct format"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
// Verification to avoid an administrator trying to remove to itself
if (in_array(Session::newInstance()->_get('adminId'), $adminId)) {
osc_add_flash_error_message(_m("The operation hasn't been completed. You're trying to remove yourself!"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
$isDeleted = $this->adminManager->deleteBatch($adminId);
if ($isDeleted) {
osc_add_flash_ok_message(_m('The admin has been deleted correctly'), 'admin');
} else {
osc_add_flash_error_message(_m('The admin couldn\'t be deleted'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
break;
default:
// calling manage admins view
$admins = $this->adminManager->listAll();
$this->_exportVariableToView('admins', $admins);
$this->doView('admins/index.php');
break;
}
}
