function doModel()
{
switch ($this->action) {
case 'login_post':
//post execution for the login
if (!osc_users_enabled()) {
osc_add_flash_error_message(_m('Users are not enabled'));
$this->redirectTo(osc_base_url());
}
osc_csrf_check();
osc_run_hook('before_validating_login');
// e-mail or/and password is/are empty or incorrect
$wrongCredentials = false;
$email = Params::getParam('email');
$password = Params::getParam('password', false, false);
if ($email == '') {
osc_add_flash_error_message(_m('Please provide an email address'));
$wrongCredentials = true;
}
if ($password == '') {
osc_add_flash_error_message(_m('Empty passwords are not allowed. Please provide a password'));
$wrongCredentials = true;
}
if ($wrongCredentials) {
$this->redirectTo(osc_user_login_url());
}
if (osc_validate_email($email)) {
$user = User::newInstance()->findByEmail($email);
}
if (empty($user)) {
$user = User::newInstance()->findByUsername($email);
}
if (empty($user)) {
osc_add_flash_error_message(_m("The user doesn't exist"));
$this->redirectTo(osc_user_login_url());
}
if (!osc_verify_password($password, isset($user['s_password']) ? $user['s_password'] : '')) {
osc_add_flash_error_message(_m('The password is incorrect'));
$this->redirectTo(osc_user_login_url());
// @TODO if valid user, send email parameter back to the login form
} else {
if (@$user['s_password'] != '') {
if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $user['s_password'], $cost)) {
if ($cost[1] != BCRYPT_COST) {
User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id']));
}
} else {
User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id']));
}
}
}
// e-mail or/and IP is/are banned
$banned = osc_is_banned($email);
// int 0: not banned or unknown, 1: email is banned, 2: IP is banned, 3: both email & IP are banned
if ($banned & 1) {
osc_add_flash_error_message(_m('Your current email is not allowed'));
}
if ($banned & 2) {
osc_add_flash_error_message(_m('Your current IP is not allowed'));
}
if ($banned !== 0) {
$this->redirectTo(osc_user_login_url());
}
osc_run_hook('before_login');
$url_redirect = osc_get_http_referer();
$page_redirect = '';
if (osc_rewrite_enabled()) {
if ($url_redirect != '') {
$request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $url_redirect));
$tmp_ar = explode("?", $request_uri);
$request_uri = $tmp_ar[0];
$rules = Rewrite::newInstance()->listRules();
foreach ($rules as $match => $uri) {
if (preg_match('#' . $match . '#', $request_uri, $m)) {
$request_uri = preg_replace('#' . $match . '#', $uri, $request_uri);
if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) {
$page_redirect = $match[2];
if ($page_redirect == '' || $page_redirect == 'login') {
$url_redirect = osc_user_dashboard_url();
}
}
break;
}
}
}
}
require_once LIB_PATH . 'osclass/UserActions.php';
$uActions = new UserActions(false);
$logged = $uActions->bootstrap_login($user['pk_i_id']);
if ($logged == 0) {
osc_add_flash_error_message(_m("The user doesn't exist"));
} else {
if ($logged == 1) {
if (time() - strtotime($user['dt_access_date']) > 1200) {
// EACH 20 MINUTES
osc_add_flash_error_message(sprintf(_m('The user has not been validated yet. Would you like to re-send your <a href="%s">activation?</a>'), osc_user_resend_activation_link($user['pk_i_id'], $user['s_email'])));
} else {
osc_add_flash_error_message(_m('The user has not been validated yet'));
}
} else {
if ($logged == 2) {
osc_add_flash_error_message(_m('The user has been suspended'));
} else {
if ($logged == 3) {
if (Params::getParam('remember') == 1) {
//this include contains de osc_genRandomPassword function
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$secret = osc_genRandomPassword();
User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id']));
Cookie::newInstance()->set_expires(osc_time_cookie());
Cookie::newInstance()->push('oc_userId', $user['pk_i_id']);
Cookie::newInstance()->push('oc_userSecret', $secret);
Cookie::newInstance()->set();
}
if ($url_redirect == '') {
$url_redirect = osc_user_dashboard_url();
}
osc_run_hook("after_login", $user, $url_redirect);
$this->redirectTo(osc_apply_filter('correct_login_url_redirect', $url_redirect));
} else {
osc_add_flash_error_message(_m('This should never happen'));
}
}
}
}
if (!$user['b_enabled']) {
$this->redirectTo(osc_user_login_url());
}
$this->redirectTo(osc_user_login_url());
break;
case 'resend':
$id = Params::getParam('id');
$email = Params::getParam('email');
$user = User::newInstance()->findByPrimaryKey($id);
if ($id == '' || $email == '' || !isset($user) || $user['b_active'] == 1 || $email != $user['s_email']) {
osc_add_flash_error_message(_m('Incorrect link'));
$this->redirectTo(osc_user_login_url());
}
if (time() - strtotime($user['dt_access_date']) > 1200) {
// EACH 20 MINUTES
if (osc_notify_new_user()) {
osc_run_hook('hook_email_admin_new_user', $user);
}
if (osc_user_validation_enabled()) {
osc_run_hook('hook_email_user_validation', $user, $user);
}
User::newInstance()->update(array('dt_access_date' => date('Y-m-d H:i:s')), array('pk_i_id' => $user['pk_i_id']));
osc_add_flash_ok_message(_m('Validation email re-sent'));
} else {
osc_add_flash_warning_message(_m('We have just sent you an email to validate your account, you will have to wait a few minutes to resend it again'));
}
$this->redirectTo(osc_user_login_url());
break;
case 'recover':
//form to recover the password (in this case we have the form in /gui/)
$this->doView('user-recover.php');
break;
case 'recover_post':
//post execution to recover the password
osc_csrf_check();
require_once LIB_PATH . 'osclass/UserActions.php';
// e-mail is incorrect
if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) {
osc_add_flash_error_message(_m('Invalid email address'));
$this->redirectTo(osc_recover_user_password_url());
}
$userActions = new UserActions(false);
$success = $userActions->recover_password();
switch ($success) {
case 0:
// recover ok
osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password'));
$this->redirectTo(osc_base_url());
break;
case 1:
// e-mail does not exist
osc_add_flash_error_message(_m('We were not able to identify you given the information provided'));
$this->redirectTo(osc_recover_user_password_url());
break;
case 2:
// recaptcha wrong
osc_add_flash_error_message(_m('The recaptcha code is wrong'));
$this->redirectTo(osc_recover_user_password_url());
break;
}
break;
case 'forgot':
//form to recover the password (in this case we have the form in /gui/)
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user) {
$this->doView('user-forgot_password.php');
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
$this->redirectTo(osc_base_url());
}
break;
case 'forgot_post':
osc_csrf_check();
if (Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') {
osc_add_flash_warning_message(_m('Password cannot be blank'));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user['b_enabled'] == 1) {
if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) {
User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => Params::getServerParam('REMOTE_ADDR'), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $user['pk_i_id']));
osc_add_flash_ok_message(_m('The password has been changed'));
$this->redirectTo(osc_user_login_url());
} else {
osc_add_flash_error_message(_m("Error, the password don't match"));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
}
$this->redirectTo(osc_base_url());
break;
default:
//login
Session::newInstance()->_setReferer(osc_get_http_referer());
if (osc_logged_user_id() != '') {
$this->redirectTo(osc_user_dashboard_url());
}
$this->doView('user-login.php');
}
}
function doModel()
{
switch ($this->action) {
case 'login_post':
//post execution for the login
osc_csrf_check();
osc_run_hook('before_login_admin');
$url_redirect = osc_get_http_referer();
$page_redirect = '';
$password = Params::getParam('password', false, false);
if (preg_match('|[\\?&]page=([^&]+)|', $url_redirect . '&', $match)) {
$page_redirect = $match[1];
}
if ($page_redirect == '' || $page_redirect == 'login' || $url_redirect == '') {
$url_redirect = osc_admin_base_url();
}
if (Params::getParam('user') == '') {
osc_add_flash_error_message(_m('The username field is empty'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=login");
}
if (Params::getParam('password', false, false) == '') {
osc_add_flash_error_message(_m('The password field is empty'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=login");
}
// fields are not empty
$admin = Admin::newInstance()->findByUsername(Params::getParam('user'));
if (!$admin) {
osc_add_flash_error_message(sprintf(_m('Sorry, incorrect username. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=login");
}
if (!osc_verify_password($password, $admin['s_password'])) {
osc_add_flash_error_message(sprintf(_m('Sorry, incorrect password. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=login");
} else {
if (@$admin['s_password'] != '') {
if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $admin['s_password'], $cost)) {
if ($cost[1] != BCRYPT_COST) {
Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id']));
}
} else {
Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id']));
}
}
}
if (Params::getParam('remember')) {
// this include contains de osc_genRandomPassword function
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$secret = osc_genRandomPassword();
Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id']));
Cookie::newInstance()->set_expires(osc_time_cookie());
Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']);
Cookie::newInstance()->push('oc_adminSecret', $secret);
Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale'));
Cookie::newInstance()->set();
}
// we are logged in... let's go!
Session::newInstance()->_set('adminId', $admin['pk_i_id']);
Session::newInstance()->_set('adminUserName', $admin['s_username']);
Session::newInstance()->_set('adminName', $admin['s_name']);
Session::newInstance()->_set('adminEmail', $admin['s_email']);
Session::newInstance()->_set('adminLocale', Params::getParam('locale'));
osc_run_hook('login_admin', $admin);
$this->redirectTo($url_redirect);
break;
case 'recover':
// form to recover the password (in this case we have the form in /gui/)
$this->doView('gui/recover.php');
break;
case 'recover_post':
if (defined('DEMO')) {
osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url());
}
osc_csrf_check();
// post execution to recover the password
$admin = Admin::newInstance()->findByEmail(Params::getParam('email'));
if ($admin) {
if (osc_recaptcha_private_key() != '') {
if (!osc_check_recaptcha()) {
osc_add_flash_error_message(_m('The reCAPTCHA code is wrong'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover');
return false;
// BREAK THE PROCESS, THE RECAPTCHA IS WRONG
}
}
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$newPassword = osc_genRandomPassword(40);
Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id']));
$password_url = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword);
osc_run_hook('hook_email_user_forgot_password', $admin, $password_url);
}
osc_add_flash_ok_message(_m('A new password has been sent to your e-mail'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=login');
break;
case 'forgot':
// form to recover the password (in this case we have the form in /gui/)
$admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code'));
if (!$admin) {
osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin');
$this->redirectTo(osc_admin_base_url());
}
$this->doView('gui/forgot_password.php');
break;
case 'forgot_post':
osc_csrf_check();
$admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code'));
if (!$admin) {
osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin');
$this->redirectTo(osc_admin_base_url());
}
if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) {
Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $admin['pk_i_id']));
osc_add_flash_ok_message(_m('The password has been changed'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=login');
} else {
osc_add_flash_error_message(_m("Error, the passwords don't match"), 'admin');
$this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code')));
}
break;
default:
//osc_run_hook( 'init_admin' );
Session::newInstance()->_setReferer(osc_get_http_referer());
$this->doView('gui/login.php');
break;
}
}
function doModel()
{
switch ($this->action) {
case 'login_post':
//post execution for the login
if (!osc_users_enabled()) {
osc_add_flash_error_message(_m('Users are not enabled'));
$this->redirectTo(osc_base_url());
}
require_once LIB_PATH . 'osclass/UserActions.php';
$user = User::newInstance()->findByEmail(Params::getParam('email'));
$url_redirect = osc_get_http_referer();
$page_redirect = '';
if (osc_rewrite_enabled()) {
if ($url_redirect != '') {
$request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $url_redirect));
$tmp_ar = explode("?", $request_uri);
$request_uri = $tmp_ar[0];
$rules = Rewrite::newInstance()->listRules();
foreach ($rules as $match => $uri) {
if (preg_match('#' . $match . '#', $request_uri, $m)) {
$request_uri = preg_replace('#' . $match . '#', $uri, $request_uri);
if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) {
$page_redirect = $match[2];
if ($page_redirect == '' || $page_redirect == 'login') {
$url_redirect = osc_user_dashboard_url();
}
}
break;
}
}
}
} else {
if (preg_match('|[\\?&]page=([^&]+)|', $url_redirect . '&', $match)) {
$page_redirect = $match[1];
}
}
if ($url_redirect == '') {
$url_redirect = osc_user_dashboard_url();
}
if (!$user) {
osc_add_flash_error_message(_m("The user doesn't exist"));
$this->redirectTo(osc_user_login_url());
}
if ($user["s_password"] != sha1(Params::getParam('password', false, false))) {
osc_add_flash_error_message(_m('The password is incorrect'));
$this->redirectTo(osc_user_login_url());
}
$uActions = new UserActions(false);
$logged = $uActions->bootstrap_login($user['pk_i_id']);
if ($logged == 0) {
osc_add_flash_error_message(_m("The user doesn't exist"));
} else {
if ($logged == 1) {
osc_add_flash_error_message(_m('The user has not been validated yet'));
} else {
if ($logged == 2) {
osc_add_flash_error_message(_m('The user has been suspended'));
} else {
if ($logged == 3) {
if (Params::getParam('remember') == 1) {
//this include contains de osc_genRandomPassword function
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$secret = osc_genRandomPassword();
User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id']));
Cookie::newInstance()->set_expires(osc_time_cookie());
Cookie::newInstance()->push('oc_userId', $user['pk_i_id']);
Cookie::newInstance()->push('oc_userSecret', $secret);
Cookie::newInstance()->set();
}
$this->redirectTo($url_redirect);
} else {
osc_add_flash_error_message(_m('This should never happen'));
}
}
}
}
if (!$user['b_enabled']) {
$this->redirectTo(osc_user_login_url());
}
$this->redirectTo(osc_user_login_url());
break;
case 'recover':
//form to recover the password (in this case we have the form in /gui/)
$this->doView('user-recover.php');
break;
case 'recover_post':
//post execution to recover the password
require_once LIB_PATH . 'osclass/UserActions.php';
// e-mail is incorrect
if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) {
osc_add_flash_error_message(_m('Invalid email address'));
$this->redirectTo(osc_recover_user_password_url());
}
$userActions = new UserActions(false);
$success = $userActions->recover_password();
switch ($success) {
case 0:
// recover ok
osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password'));
$this->redirectTo(osc_base_url());
break;
case 1:
// e-mail does not exist
osc_add_flash_error_message(_m('We were not able to identify you given the information provided'));
$this->redirectTo(osc_recover_user_password_url());
break;
case 2:
// recaptcha wrong
osc_add_flash_error_message(_m('The recaptcha code is wrong'));
$this->redirectTo(osc_recover_user_password_url());
break;
}
break;
case 'forgot':
//form to recover the password (in this case we have the form in /gui/)
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user) {
$this->doView('user-forgot_password.php');
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
$this->redirectTo(osc_base_url());
}
break;
case 'forgot_post':
if (Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') {
osc_add_flash_warning_message(_m('Password cannot be blank'));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user['b_enabled'] == 1) {
if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) {
User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => $_SERVER['REMOTE_ADDR'], 's_password' => sha1(Params::getParam('new_password', false, false))), array('pk_i_id' => $user['pk_i_id']));
osc_add_flash_ok_message(_m('The password has been changed'));
$this->redirectTo(osc_user_login_url());
} else {
osc_add_flash_error_message(_m("Error, the password don't match"));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
}
$this->redirectTo(osc_base_url());
break;
default:
//login
Session::newInstance()->_setReferer(osc_get_http_referer());
if (osc_logged_user_id() != '') {
$this->redirectTo(osc_user_dashboard_url());
}
$this->doView('user-login.php');
}
}
/**
* Check is CSRF token is valid, die in other case
*
* @since 3.1
*/
function osc_csrf_check() {
$error = false;
$str_error = '';
if(Params::getParam('CSRFName')=='' || Params::getParam('CSRFToken')=='') {
$str_error = _m('Probable invalid request.') ;
$error = true;
} else {
$name = Params::getParam('CSRFName');
$token = Params::getParam('CSRFToken');
if (!osc_csrfguard_validate_token($name, $token)) {
$str_error = _m('Invalid CSRF token.');
$error = true;
}
}
if( defined('IS_AJAX') ) {
if($error && IS_AJAX === true ) {
echo json_encode(array(
'error' => 1,
'msg' => $str_error
));
exit;
}
}
// ¿ check if is ajax request ?
if($error) {
if(OC_ADMIN) {
osc_add_flash_error_message($str_error, 'admin');
} else {
osc_add_flash_error_message($str_error);
}
$url = osc_get_http_referer();
// be sure that drop session referer
Session::newInstance()->_dropReferer();
if($url!='') {
osc_redirect_to($url);
}
if(OC_ADMIN) {
osc_redirect_to( osc_admin_base_url(true) );
} else {
osc_redirect_to( osc_base_url(true) );
}
}
}
function doModel()
{
parent::doModel();
//specific things for this class
switch ($this->action) {
case 'add':
$this->doView("plugins/add.php");
break;
case 'add_post':
if (defined('DEMO')) {
osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=plugins');
}
osc_csrf_check();
$package = Params::getFiles("package");
if (isset($package['size']) && $package['size'] != 0) {
$path = osc_plugins_path();
(int) ($status = osc_unzip_file($package['tmp_name'], $path));
} else {
$status = 3;
}
switch ($status) {
case 0:
$msg = _m('The plugin folder is not writable');
osc_add_flash_error_message($msg, 'admin');
break;
case 1:
$msg = _m('The plugin has been uploaded correctly');
osc_add_flash_ok_message($msg, 'admin');
break;
case 2:
$msg = _m('The zip file is not valid');
osc_add_flash_error_message($msg, 'admin');
break;
case 3:
$msg = _m('No file was uploaded');
osc_add_flash_error_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=plugins&action=add");
break;
case -1:
default:
$msg = _m('There was a problem adding the plugin');
osc_add_flash_error_message($msg, 'admin');
break;
}
$this->redirectTo(osc_admin_base_url(true) . "?page=plugins");
break;
case 'install':
if (defined('DEMO')) {
osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=plugins');
}
osc_csrf_check();
$pn = Params::getParam('plugin');
// set header just in case it's triggered some fatal error
header("Location: " . osc_admin_base_url(true) . "?page=plugins&error=" . $pn, true, '302');
$installed = Plugins::install($pn);
if (is_array($installed)) {
switch ($installed['error_code']) {
case 'error_output':
osc_add_flash_error_message(sprintf(_m('The plugin generated %d characters of <strong>unexpected output</strong> during the installation'), strlen($installed['output'])), 'admin');
break;
case 'error_installed':
osc_add_flash_error_message(_m('Plugin is already installed'), 'admin');
break;
case 'error_file':
osc_add_flash_error_message(_m("Plugin couldn't be installed because their files are missing"), 'admin');
break;
case 'custom_error':
osc_add_flash_error_message(sprintf(_m("Plugin couldn't be installed because of: %s"), $installed['msg']), 'admin');
break;
default:
osc_add_flash_error_message(_m("Plugin couldn't be installed"), 'admin');
break;
}
} else {
osc_add_flash_ok_message(_m('Plugin installed'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=plugins');
break;
case 'uninstall':
if (defined('DEMO')) {
osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=plugins');
}
osc_csrf_check();
if (Plugins::uninstall(Params::getParam("plugin"))) {
osc_add_flash_ok_message(_m('Plugin uninstalled'), 'admin');
} else {
osc_add_flash_error_message(_m("Plugin couldn't be uninstalled"), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=plugins');
break;
case 'enable':
if (defined('DEMO')) {
osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=plugins');
}
osc_csrf_check();
if (Plugins::activate(Params::getParam('plugin'))) {
osc_add_flash_ok_message(_m('Plugin enabled'), 'admin');
} else {
osc_add_flash_error_message(_m('Plugin is already enabled'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=plugins');
break;
case 'disable':
if (defined('DEMO')) {
osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=plugins');
}
osc_csrf_check();
if (Plugins::deactivate(Params::getParam('plugin'))) {
osc_add_flash_ok_message(_m('Plugin disabled'), 'admin');
} else {
osc_add_flash_error_message(_m('Plugin is already disabled'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=plugins');
break;
case 'admin':
$plugin = Params::getParam("plugin");
if ($plugin != "") {
Plugins::runHook($plugin . '_configure');
}
break;
case 'admin_post':
Plugins::runHook('admin_post');
break;
case 'renderplugin':
$file = Params::getParam("file");
if ($file != "") {
// We pass the GET variables (in case we have somes)
if (preg_match('|(.+?)\\?(.*)|', $file, $match)) {
$file = $match[1];
if (preg_match_all('|&([^=]+)=([^&]*)|', urldecode('&' . $match[2] . '&'), $get_vars)) {
for ($var_k = 0; $var_k < count($get_vars[1]); $var_k++) {
//$_GET[$get_vars[1][$var_k]] = $get_vars[2][$var_k];
//$_REQUEST[$get_vars[1][$var_k]] = $get_vars[2][$var_k];
Params::setParam($get_vars[1][$var_k], $get_vars[2][$var_k]);
}
}
} else {
$file = $_REQUEST['file'];
}
$this->_exportVariableToView("file", osc_plugins_path() . $file);
//osc_renderPluginView($file);
$this->doView("plugins/view.php");
}
break;
case 'configure':
$plugin = Params::getParam("plugin");
if ($plugin != '') {
$plugin_data = Plugins::getInfo($plugin);
$this->_exportVariableToView("categories", Category::newInstance()->toTreeAll());
$this->_exportVariableToView("selected", PluginCategory::newInstance()->listSelected($plugin_data['short_name']));
$this->_exportVariableToView("plugin_data", $plugin_data);
$this->doView("plugins/configuration.php");
} else {
$this->redirectTo(osc_admin_base_url(true) . "?page=plugins");
}
break;
case 'configure_post':
osc_csrf_check();
$plugin_short_name = Params::getParam("plugin_short_name");
$categories = Params::getParam("categories");
if ($plugin_short_name != "") {
Plugins::cleanCategoryFromPlugin($plugin_short_name);
if (isset($categories)) {
Plugins::addToCategoryPlugin($categories, $plugin_short_name);
}
osc_add_flash_ok_message(_m('Configuration was saved'), 'admin');
$this->redirectTo(osc_get_http_referer());
}
osc_add_flash_error_message(_m('No plugin selected'), 'admin');
$this->doView('plugins/index.php');
break;
case 'error_plugin':
// force php errors and simulate plugin installation to show the errors in the iframe
if (!OSC_DEBUG) {
error_reporting(E_ALL | E_STRICT);
}
@ini_set('display_errors', 1);
include osc_plugins_path() . Params::getParam('plugin');
Plugins::install(Params::getParam('plugin'));
exit;
break;
default:
// $marketError = Params::getParam('marketError');
// $slug = Params::getParam('slug');
// if($marketError!='') {
// if($marketError == '0') { // no error installed ok
// $extra = '<br/><br/><b>' . __('You only need to install and configure the plugin.') . '</b>';
// osc_add_flash_ok_message( __('Everything was OK!') . ' ( ' . $slug . ' ) ' . $extra , 'admin');
// } else {
// osc_add_flash_error_message( __('Error occurred') . ' ' . $slug , 'admin');
// }
// }
if (Params::getParam('checkUpdated') != '') {
osc_admin_toolbar_update_plugins(true);
}
if (Params::getParam('iDisplayLength') == '') {
Params::setParam('iDisplayLength', 10);
}
// ?
$this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength'));
$p_iPage = 1;
if (is_numeric(Params::getParam('iPage')) && Params::getParam('iPage') >= 1) {
$p_iPage = Params::getParam('iPage');
}
Params::setParam('iPage', $p_iPage);
$aPlugin = Plugins::listAll();
$active_plugins = osc_get_plugins();
// pagination
$start = ($p_iPage - 1) * Params::getParam('iDisplayLength');
$limit = Params::getParam('iDisplayLength');
$count = count($aPlugin);
$displayRecords = $limit;
if ($start + $limit > $count) {
$displayRecords = $start + $limit - $count;
}
// --------------------------------------------------------
$aData = array();
$aInfo = array();
$max = $start + $limit;
if ($max > $count) {
$max = $count;
}
$aPluginsToUpdate = json_decode(getPreference('plugins_to_update'));
$bPluginsToUpdate = is_array($aPluginsToUpdate) ? true : false;
for ($i = $start; $i < $max; $i++) {
$plugin = $aPlugin[$i];
$row = array();
$pInfo = osc_plugin_get_info($plugin);
// prepare row 1
$installed = 0;
if (osc_plugin_is_installed($plugin)) {
$installed = 1;
}
$enabled = 0;
if (osc_plugin_is_enabled($plugin)) {
$enabled = 1;
}
// prepare row 2
$sUpdate = '';
// get plugins to update from t_preference
if ($bPluginsToUpdate) {
if (in_array(@$pInfo['plugin_update_uri'], $aPluginsToUpdate)) {
$sUpdate = '<a class="market_update market-popup" href="#' . htmlentities($pInfo['plugin_update_uri']) . '">' . __("There's a new update available") . '</a>';
}
}
// prepare row 4
$sConfigure = '';
if (isset($active_plugins[$plugin . '_configure'])) {
$sConfigure = '<a href="' . osc_admin_base_url(true) . '?page=plugins&action=admin&plugin=' . $pInfo['filename'] . "&" . osc_csrf_token_url() . '">' . __('Configure') . '</a>';
}
// prepare row 5
$sEnable = '';
if ($installed) {
if ($enabled) {
$sEnable = '<a href="' . osc_admin_base_url(true) . '?page=plugins&action=disable&plugin=' . $pInfo['filename'] . "&" . osc_csrf_token_url() . '">' . __('Disable') . '</a>';
} else {
$sEnable = '<a href="' . osc_admin_base_url(true) . '?page=plugins&
action=enable&plugin=' . $pInfo['filename'] . "&" . osc_csrf_token_url() . '">' . __('Enable') . '</a>';
}
}
// prepare row 6
$sInstall = '';
if ($installed) {
$sInstall = '<a onclick="javascript:return uninstall_dialog(\'' . $pInfo['filename'] . '\');" href="' . osc_admin_base_url(true) . '?page=plugins&action=uninstall&
plugin=' . $pInfo['filename'] . "&" . osc_csrf_token_url() . '">' . __('Uninstall') . '</a>';
} else {
$sInstall = '<a href="' . osc_admin_base_url(true) . '?page=plugins&
action=install&plugin=' . $pInfo['filename'] . "&" . osc_csrf_token_url() . '">' . __('Install') . '</a>';
}
$row[] = '<input type="hidden" name="installed" value="' . $installed . '" enabled="' . $enabled . '" />' . $pInfo['plugin_name'] . '<div>' . $sUpdate . '</div>';
$row[] = $pInfo['description'];
$row[] = $sUpdate != '' ? $sUpdate : ' ';
$row[] = $sConfigure != '' ? $sConfigure : ' ';
$row[] = $sEnable != '' ? $sEnable : ' ';
$row[] = $sInstall != '' ? $sInstall : ' ';
$aData[] = $row;
if (@$pInfo['plugin_update_uri'] != '') {
$aInfo[@$pInfo['plugin_update_uri']] = $pInfo;
} else {
$aInfo[$i] = $pInfo;
}
}
$array['iTotalRecords'] = $displayRecords;
$array['iTotalDisplayRecords'] = count($aPlugin);
$array['iDisplayLength'] = $limit;
$array['aaData'] = $aData;
$array['aaInfo'] = $aInfo;
// --------------------------------------------------------
$page = (int) Params::getParam('iPage');
if (count($array['aaData']) == 0 && $page != 1) {
$total = (int) $array['iTotalDisplayRecords'];
$maxPage = ceil($total / (int) $array['iDisplayLength']);
$url = osc_admin_base_url(true) . '?' . $_SERVER['QUERY_STRING'];
if ($maxPage == 0) {
$url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url);
$this->redirectTo($url);
}
if ($page > 1) {
$url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url);
$this->redirectTo($url);
}
}
$this->_exportVariableToView('aPlugins', $array);
$this->doView("plugins/index.php");
break;
}
}
