/** * @return boolean */ public function add() { $aItem = $this->data; $is_spam = 0; $enabled = 1; $code = osc_genRandomPassword(); $flash_error = ''; // Requires email validation? $has_to_validate = (osc_moderate_items() != -1) ? true : false; // Check status $active = $aItem['active']; // Sanitize foreach(@$aItem['title'] as $key=>$value) { $aItem['title'][$key] = strip_tags( trim ( $value ) ); } $aItem['price'] = !is_null($aItem['price']) ? strip_tags( trim( $aItem['price'] ) ) : $aItem['price']; $contactName = strip_tags( trim( $aItem['contactName'] ) ); $contactEmail = strip_tags( trim( $aItem['contactEmail'] ) ); $aItem['cityArea'] = osc_sanitize_name( strip_tags( trim( $aItem['cityArea'] ) ) ); $aItem['address'] = osc_sanitize_name( strip_tags( trim( $aItem['address'] ) ) ); // Anonymous $contactName = (osc_validate_text($contactName,3))? $contactName : __("Anonymous"); // Validate if ( !$this->checkAllowedExt($aItem['photos']) ) { $flash_error .= _m("Image with an incorrect extension.") . PHP_EOL; } if ( !$this->checkSize($aItem['photos']) ) { $flash_error .= _m("Image is too big. Max. size") . osc_max_size_kb() ." Kb" . PHP_EOL; } $title_message = ''; foreach(@$aItem['title'] as $key => $value) { if( osc_validate_text($value, 1) && osc_validate_max($value, osc_max_characters_per_title()) ) { $title_message = ''; break; } $title_message .= (!osc_validate_text($value, 1) ? sprintf(_m("Title too short (%s)."), $key) . PHP_EOL : '' ) . (!osc_validate_max($value, osc_max_characters_per_title()) ? sprintf(_m("Title too long (%s)."), $key) . PHP_EOL : '' ); } $flash_error .= $title_message; $desc_message = ''; foreach(@$aItem['description'] as $key => $value) { if( osc_validate_text($value, 3) && osc_validate_max($value, osc_max_characters_per_description()) ) { $desc_message = ''; break; } $desc_message .= (!osc_validate_text($value, 3) ? sprintf(_m("Description too short (%s)."), $key) . PHP_EOL : '' ) . (!osc_validate_max($value, osc_max_characters_per_description()) ? sprintf(_m("Description too long (%s)."), $key). PHP_EOL : '' ); } $flash_error .= $desc_message; // akismet check spam ... if( $this->_akismet_text( $aItem['title'], $aItem['description'] , $contactName, $contactEmail) ) { $is_spam = 1; } $flash_error .= ((!osc_validate_category($aItem['catId'])) ? _m("Category invalid.") . PHP_EOL : '' ) . ((!osc_validate_number($aItem['price'])) ? _m("Price must be a number.") . PHP_EOL : '' ) . ((!osc_validate_max(number_format($aItem['price'],0,'',''), 15)) ? _m("Price too long.") . PHP_EOL : '' ) . ((!is_null($aItem['price']) && (int)$aItem['price']<0 ) ? _m('Price must be positive number.') . PHP_EOL : '' ) . ((!osc_validate_max($contactName, 35)) ? _m("Name too long.") . PHP_EOL : '' ) . ((!osc_validate_email($contactEmail)) ? _m("Email invalid.") . PHP_EOL : '' ) . ((!osc_validate_text($aItem['countryName'], 2, false)) ? _m("Country too short.") . PHP_EOL : '' ) . ((!osc_validate_max($aItem['countryName'], 50)) ? _m("Country too long.") . PHP_EOL : '' ) . ((!osc_validate_text($aItem['regionName'], 2, false)) ? _m("Region too short.") . PHP_EOL : '' ) . ((!osc_validate_max($aItem['regionName'], 50)) ? _m("Region too long.") . PHP_EOL : '' ) . ((!osc_validate_text($aItem['cityName'], 2, false)) ? _m("City too short.") . PHP_EOL : '' ) . ((!osc_validate_max($aItem['cityName'], 50)) ? _m("City too long.") . PHP_EOL : '' ) . ((!osc_validate_text($aItem['cityArea'], 2, false)) ? _m("Municipality too short.") . PHP_EOL : '' ) . ((!osc_validate_max($aItem['cityArea'], 50)) ? _m("Municipality too long.") . PHP_EOL : '' ) . ((!osc_validate_text($aItem['address'], 3, false)) ? _m("Address too short.") . PHP_EOL : '' ) . ((!osc_validate_max($aItem['address'], 100)) ? _m("Address too long.") . PHP_EOL : '' ) . ((((time() - Session::newInstance()->_get('last_submit_item')) < osc_items_wait_time()) && !$this->is_admin) ? _m("Too fast. You should wait a little to publish your ad.") . PHP_EOL : '' ); $_meta = Field::newInstance()->findByCategory($aItem['catId']); $meta = Params::getParam("meta"); foreach($_meta as $_m) { $meta[$_m['pk_i_id']] = (isset($meta[$_m['pk_i_id']]))?$meta[$_m['pk_i_id']]:''; } if($meta!='' && count($meta)>0) { $mField = Field::newInstance(); foreach($meta as $k => $v) { if($v=='') { $field = $mField->findByPrimaryKey($k); if($field['b_required']==1) { $flash_error .= sprintf(_m("%s field is required."), $field['s_name']) . PHP_EOL; } } } } // hook pre add or edit // DEPRECATED: pre_item_post will be removed in 3.4 osc_run_hook('pre_item_post'); osc_run_hook('pre_item_add', $aItem); // Handle error if ($flash_error) { $success = $flash_error; } else { if($aItem['price']!='') { $aItem['currency'] = $aItem['currency']; } else { $aItem['currency'] = NULL; } $this->manager->insert(array( 'fk_i_user_id' => $aItem['userId'], 'dt_pub_date' => date('Y-m-d H:i:s'), 'fk_i_category_id' => $aItem['catId'], 'i_price' => $aItem['price'], 'fk_c_currency_code' => $aItem['currency'], 's_contact_name' => $contactName, 's_contact_email' => $contactEmail, 's_secret' => $code, 'b_active' => ($active=='ACTIVE'?1:0), 'b_enabled' => $enabled, 'b_show_email' => $aItem['showEmail'], 'b_spam' => $is_spam, 's_ip' => $aItem['s_ip'] )); if(!$this->is_admin) { // Track spam delay: Session Session::newInstance()->_set('last_submit_item', time()); // Track spam delay: Cookie Cookie::newInstance()->set_expires( osc_time_cookie() ); Cookie::newInstance()->push('last_submit_item', time()); Cookie::newInstance()->set(); } $itemId = $this->manager->dao->insertedId(); Log::newInstance()->insertLog('item', 'add', $itemId, current(array_values($aItem['title'])), $this->is_admin?'admin':'user', $this->is_admin?osc_logged_admin_id():osc_logged_user_id()); Params::setParam('itemId', $itemId); // INSERT title and description locales $this->insertItemLocales('ADD', $aItem['title'], $aItem['description'], $itemId ); $location = array( 'fk_i_item_id' => $itemId, 'fk_c_country_code' => $aItem['countryId'], 's_country' => $aItem['countryName'], 'fk_i_region_id' => $aItem['regionId'], 's_region' => $aItem['regionName'], 'fk_i_city_id' => $aItem['cityId'], 's_city' => $aItem['cityName'], 's_city_area' => $aItem['cityArea'], 's_address' => $aItem['address'], 'd_coord_lat' => $aItem['d_coord_lat'], 'd_coord_long' => $aItem['d_coord_long'], 's_zip' => $aItem['s_zip'] ); $locationManager = ItemLocation::newInstance(); $locationManager->insert($location); $this->uploadItemResources( $aItem['photos'] , $itemId); // update dt_expiration at t_item $dt_expiration = Item::newInstance()->updateExpirationDate($itemId, $aItem['dt_expiration']); /** * META FIELDS */ if($meta!='' && count($meta)>0) { $mField = Field::newInstance(); foreach($meta as $k => $v) { // if dateinterval if(is_array($v) && !isset($v['from']) && !isset($v['to']) ) { $v = implode(',', $v); } $mField->replace($itemId, $k, $v); } } // We need at least one record in t_item_stats $mStats = new ItemStats(); $mStats->emptyRow($itemId); $item = $this->manager->findByPrimaryKey($itemId); $aItem['item'] = $item; Session::newInstance()->_set('last_publish_time', time()); if(!$this->is_admin) { $this->sendEmails($aItem); } if($active=='INACTIVE') { $success = 1; } else { $aAux = array( 'fk_i_user_id' => $aItem['userId'], 'fk_i_category_id' => $aItem['catId'], 'fk_c_country_code' => $location['fk_c_country_code'], 'fk_i_region_id' => $location['fk_i_region_id'], 'fk_i_city_id' => $location['fk_i_city_id'] ); // if is_spam not increase stats if($is_spam == 0) { $this->_increaseStats($aAux); } $success = 2; } // THIS HOOK IS FINE, YAY! osc_run_hook('posted_item', $item); } return $success; }
/** * @return boolean */ public function add() { $success = true; $aItem = $this->data; $code = osc_genRandomPassword(); $flash_error = ''; // Initiate HTML Purifier require_once LIB_PATH . 'htmlpurifier/HTMLPurifier.auto.php'; $config = HTMLPurifier_Config::createDefault(); $config->set('HTML.Allowed', 'b,strong,i,em,u,a[href|title],ul,ol,li,p[style],br,span[style]'); $config->set('CSS.AllowedProperties', 'font,font-size,font-weight,font-style,font-family,text-decoration,padding-left,color,background-color,text-align'); $config->set('Cache.SerializerPath', ABS_PATH . 'oc-content/uploads'); $purifier = new HTMLPurifier($config); // Requires email validation? $has_to_validate = osc_moderate_items() != -1 ? true : false; // Check status $active = $aItem['active']; // Sanitize foreach (@$aItem['title'] as $key => $value) { $aItem['title'][$key] = strip_tags(trim($value)); } foreach (@$aItem['description'] as $key => $value) { $aItem['description'][$key] = $purifier->purify($value); } $aItem['price'] = !is_null($aItem['price']) ? strip_tags(trim($aItem['price'])) : $aItem['price']; $contactName = osc_sanitize_name(strip_tags(trim($aItem['contactName']))); $contactEmail = strip_tags(trim($aItem['contactEmail'])); $aItem['cityArea'] = osc_sanitize_name(strip_tags(trim($aItem['cityArea']))); $aItem['address'] = osc_sanitize_name(strip_tags(trim($aItem['address']))); // Anonymous $contactName = osc_validate_text($contactName, 3) ? $contactName : __("Anonymous"); // Validate if (!$this->checkAllowedExt($aItem['photos'])) { $flash_error .= _m("Image with incorrect extension.") . PHP_EOL; } if (!$this->checkSize($aItem['photos'])) { $flash_error .= _m("Images too big. Max. size ") . osc_max_size_kb() . " Kb" . PHP_EOL; } $title_message = ''; foreach (@$aItem['title'] as $key => $value) { if (osc_validate_text($value, 1) && osc_validate_max($value, 100)) { $title_message = ''; break; } $title_message .= (!osc_validate_text($value, 1) ? _m("Title too short.") . PHP_EOL : '') . (!osc_validate_max($value, 100) ? _m("Title too long.") . PHP_EOL : ''); } $flash_error .= $title_message; $desc_message = ''; foreach (@$aItem['description'] as $key => $value) { if (osc_validate_text($value, 3) && osc_validate_max($value, 5000)) { $desc_message = ''; break; } $desc_message .= (!osc_validate_text($value, 3) ? _m("Description too short.") . PHP_EOL : '') . (!osc_validate_max($value, 5000) ? _m("Description too long.") . PHP_EOL : ''); } $flash_error .= $desc_message; $flash_error .= (!osc_validate_category($aItem['catId']) ? _m("Category invalid.") . PHP_EOL : '') . (!osc_validate_number($aItem['price']) ? _m("Price must be number.") . PHP_EOL : '') . (!osc_validate_max($aItem['price'], 15) ? _m("Price too long.") . PHP_EOL : '') . (!osc_validate_max($contactName, 35) ? _m("Name too long.") . PHP_EOL : '') . (!osc_validate_email($contactEmail) ? _m("Email invalid.") . PHP_EOL : '') . (!osc_validate_text($aItem['countryName'], 3, false) ? _m("Country too short.") . PHP_EOL : '') . (!osc_validate_max($aItem['countryName'], 50) ? _m("Country too long.") . PHP_EOL : '') . (!osc_validate_text($aItem['regionName'], 3, false) ? _m("Region too short.") . PHP_EOL : '') . (!osc_validate_max($aItem['regionName'], 50) ? _m("Region too long.") . PHP_EOL : '') . (!osc_validate_text($aItem['cityName'], 3, false) ? _m("City too short.") . PHP_EOL : '') . (!osc_validate_max($aItem['cityName'], 50) ? _m("City too long.") . PHP_EOL : '') . (!osc_validate_text($aItem['cityArea'], 3, false) ? _m("Municipality too short.") . PHP_EOL : '') . (!osc_validate_max($aItem['cityArea'], 50) ? _m("Municipality too long.") . PHP_EOL : '') . (!osc_validate_text($aItem['address'], 3, false) ? _m("Address too short.") . PHP_EOL : '') . (!osc_validate_max($aItem['address'], 100) ? _m("Address too long.") . PHP_EOL : '') . (time() - Session::newInstance()->_get('last_submit_item') < osc_items_wait_time() && !$this->is_admin ? _m("Too fast. You should wait a little to publish your ad.") . PHP_EOL : ''); $meta = Params::getParam("meta"); if ($meta != '' && count($meta) > 0) { $mField = Field::newInstance(); foreach ($meta as $k => $v) { if ($v == '') { $field = $mField->findByPrimaryKey($k); if ($field['b_required'] == 1) { $flash_error .= sprintf(_m("%s field is required."), $field['s_name']); } } } } // hook pre add or edit osc_run_hook('pre_item_post'); // Handle error if ($flash_error) { return $flash_error; } else { $this->manager->insert(array('fk_i_user_id' => $aItem['userId'], 'dt_pub_date' => date('Y-m-d H:i:s'), 'fk_i_category_id' => $aItem['catId'], 'i_price' => $aItem['price'], 'fk_c_currency_code' => $aItem['currency'], 's_contact_name' => $contactName, 's_contact_email' => $contactEmail, 's_secret' => $code, 'b_active' => $active == 'ACTIVE' ? 1 : 0, 'b_enabled' => 1, 'b_show_email' => $aItem['showEmail'])); if (!$this->is_admin) { // Track spam delay: Session Session::newInstance()->_set('last_submit_item', time()); // Track spam delay: Cookie Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('last_submit_item', time()); Cookie::newInstance()->set(); } $itemId = $this->manager->dao->insertedId(); Log::newInstance()->insertLog('item', 'add', $itemId, current(array_values($aItem['title'])), $this->is_admin ? 'admin' : 'user', $this->is_admin ? osc_logged_admin_id() : osc_logged_user_id()); Params::setParam('itemId', $itemId); // INSERT title and description locales $this->insertItemLocales('ADD', $aItem['title'], $aItem['description'], $itemId); // INSERT location item $location = array('fk_i_item_id' => $itemId, 'fk_c_country_code' => $aItem['countryId'], 's_country' => $aItem['countryName'], 'fk_i_region_id' => $aItem['regionId'], 's_region' => $aItem['regionName'], 'fk_i_city_id' => $aItem['cityId'], 's_city' => $aItem['cityName'], 's_city_area' => $aItem['cityArea'], 's_address' => $aItem['address']); $locationManager = ItemLocation::newInstance(); $locationManager->insert($location); $this->uploadItemResources($aItem['photos'], $itemId); /** * META FIELDS */ if ($meta != '' && count($meta) > 0) { $mField = Field::newInstance(); foreach ($meta as $k => $v) { $mField->replace($itemId, $k, $v); } } osc_run_hook('item_form_post', $aItem['catId'], $itemId); // We need at least one record in t_item_stats $mStats = new ItemStats(); $mStats->emptyRow($itemId); $item = $this->manager->findByPrimaryKey($itemId); $aItem['item'] = $item; osc_run_hook('after_item_post'); Session::newInstance()->_set('last_publish_time', time()); if (!$this->is_admin) { $this->sendEmails($aItem); } if ($active == 'INACTIVE') { return 1; } else { if ($aItem['userId'] != null) { $user = User::newInstance()->findByPrimaryKey($aItem['userId']); if ($user) { User::newInstance()->update(array('i_items' => $user['i_items'] + 1), array('pk_i_id' => $user['pk_i_id'])); } } CategoryStats::newInstance()->increaseNumItems($aItem['catId']); return 2; } } return $success; }