function doModel() { switch ($this->action) { case 'login_post': //post execution for the login if (!osc_users_enabled()) { osc_add_flash_error_message(_m('Users are not enabled')); $this->redirectTo(osc_base_url()); } osc_csrf_check(); osc_run_hook('before_validating_login'); // e-mail or/and password is/are empty or incorrect $wrongCredentials = false; $email = Params::getParam('email'); $password = Params::getParam('password', false, false); if ($email == '') { osc_add_flash_error_message(_m('Please provide an email address')); $wrongCredentials = true; } if ($password == '') { osc_add_flash_error_message(_m('Empty passwords are not allowed. Please provide a password')); $wrongCredentials = true; } if ($wrongCredentials) { $this->redirectTo(osc_user_login_url()); } if (osc_validate_email($email)) { $user = User::newInstance()->findByEmail($email); } if (empty($user)) { $user = User::newInstance()->findByUsername($email); } if (empty($user)) { osc_add_flash_error_message(_m("The user doesn't exist")); $this->redirectTo(osc_user_login_url()); } if (!osc_verify_password($password, isset($user['s_password']) ? $user['s_password'] : '')) { osc_add_flash_error_message(_m('The password is incorrect')); $this->redirectTo(osc_user_login_url()); // @TODO if valid user, send email parameter back to the login form } else { if (@$user['s_password'] != '') { if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $user['s_password'], $cost)) { if ($cost[1] != BCRYPT_COST) { User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id'])); } } else { User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id'])); } } } // e-mail or/and IP is/are banned $banned = osc_is_banned($email); // int 0: not banned or unknown, 1: email is banned, 2: IP is banned, 3: both email & IP are banned if ($banned & 1) { osc_add_flash_error_message(_m('Your current email is not allowed')); } if ($banned & 2) { osc_add_flash_error_message(_m('Your current IP is not allowed')); } if ($banned !== 0) { $this->redirectTo(osc_user_login_url()); } osc_run_hook('before_login'); $url_redirect = osc_get_http_referer(); $page_redirect = ''; if (osc_rewrite_enabled()) { if ($url_redirect != '') { $request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $url_redirect)); $tmp_ar = explode("?", $request_uri); $request_uri = $tmp_ar[0]; $rules = Rewrite::newInstance()->listRules(); foreach ($rules as $match => $uri) { if (preg_match('#' . $match . '#', $request_uri, $m)) { $request_uri = preg_replace('#' . $match . '#', $uri, $request_uri); if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) { $page_redirect = $match[2]; if ($page_redirect == '' || $page_redirect == 'login') { $url_redirect = osc_user_dashboard_url(); } } break; } } } } require_once LIB_PATH . 'osclass/UserActions.php'; $uActions = new UserActions(false); $logged = $uActions->bootstrap_login($user['pk_i_id']); if ($logged == 0) { osc_add_flash_error_message(_m("The user doesn't exist")); } else { if ($logged == 1) { if (time() - strtotime($user['dt_access_date']) > 1200) { // EACH 20 MINUTES osc_add_flash_error_message(sprintf(_m('The user has not been validated yet. Would you like to re-send your <a href="%s">activation?</a>'), osc_user_resend_activation_link($user['pk_i_id'], $user['s_email']))); } else { osc_add_flash_error_message(_m('The user has not been validated yet')); } } else { if ($logged == 2) { osc_add_flash_error_message(_m('The user has been suspended')); } else { if ($logged == 3) { if (Params::getParam('remember') == 1) { //this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_userId', $user['pk_i_id']); Cookie::newInstance()->push('oc_userSecret', $secret); Cookie::newInstance()->set(); } if ($url_redirect == '') { $url_redirect = osc_user_dashboard_url(); } osc_run_hook("after_login", $user, $url_redirect); $this->redirectTo(osc_apply_filter('correct_login_url_redirect', $url_redirect)); } else { osc_add_flash_error_message(_m('This should never happen')); } } } } if (!$user['b_enabled']) { $this->redirectTo(osc_user_login_url()); } $this->redirectTo(osc_user_login_url()); break; case 'resend': $id = Params::getParam('id'); $email = Params::getParam('email'); $user = User::newInstance()->findByPrimaryKey($id); if ($id == '' || $email == '' || !isset($user) || $user['b_active'] == 1 || $email != $user['s_email']) { osc_add_flash_error_message(_m('Incorrect link')); $this->redirectTo(osc_user_login_url()); } if (time() - strtotime($user['dt_access_date']) > 1200) { // EACH 20 MINUTES if (osc_notify_new_user()) { osc_run_hook('hook_email_admin_new_user', $user); } if (osc_user_validation_enabled()) { osc_run_hook('hook_email_user_validation', $user, $user); } User::newInstance()->update(array('dt_access_date' => date('Y-m-d H:i:s')), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('Validation email re-sent')); } else { osc_add_flash_warning_message(_m('We have just sent you an email to validate your account, you will have to wait a few minutes to resend it again')); } $this->redirectTo(osc_user_login_url()); break; case 'recover': //form to recover the password (in this case we have the form in /gui/) $this->doView('user-recover.php'); break; case 'recover_post': //post execution to recover the password osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; // e-mail is incorrect if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) { osc_add_flash_error_message(_m('Invalid email address')); $this->redirectTo(osc_recover_user_password_url()); } $userActions = new UserActions(false); $success = $userActions->recover_password(); switch ($success) { case 0: // recover ok osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password')); $this->redirectTo(osc_base_url()); break; case 1: // e-mail does not exist osc_add_flash_error_message(_m('We were not able to identify you given the information provided')); $this->redirectTo(osc_recover_user_password_url()); break; case 2: // recaptcha wrong osc_add_flash_error_message(_m('The recaptcha code is wrong')); $this->redirectTo(osc_recover_user_password_url()); break; } break; case 'forgot': //form to recover the password (in this case we have the form in /gui/) $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user) { $this->doView('user-forgot_password.php'); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'forgot_post': osc_csrf_check(); if (Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user['b_enabled'] == 1) { if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) { User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => Params::getServerParam('REMOTE_ADDR'), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed')); $this->redirectTo(osc_user_login_url()); } else { osc_add_flash_error_message(_m("Error, the password don't match")); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); } $this->redirectTo(osc_base_url()); break; default: //login Session::newInstance()->_setReferer(osc_get_http_referer()); if (osc_logged_user_id() != '') { $this->redirectTo(osc_user_dashboard_url()); } $this->doView('user-login.php'); } }
function doModel() { switch ($this->action) { case 'logout': // unset only the required parameters in Session Session::newInstance()->_drop('adminId'); Session::newInstance()->_drop('adminUserName'); Session::newInstance()->_drop('adminName'); Session::newInstance()->_drop('adminEmail'); Session::newInstance()->_drop('adminLocale'); Cookie::newInstance()->pop('oc_adminId'); Cookie::newInstance()->pop('oc_adminSecret'); Cookie::newInstance()->pop('oc_adminLocale'); Cookie::newInstance()->set(); $this->redirectTo(osc_admin_base_url(true)); break; default: //default dashboard page (main page at oc-admin) $this->_exportVariableToView("numUsers", User::newInstance()->count()); $this->_exportVariableToView("numAdmins", Admin::newInstance()->count()); $this->_exportVariableToView("numItems", Item::newInstance()->count()); $this->_exportVariableToView("numItemsSpam", Item::newInstance()->totalItems(null, 'SPAM')); $this->_exportVariableToView("numItemsBlock", Item::newInstance()->totalItems(null, 'DISABLED')); $this->_exportVariableToView("numItemsInactive", Item::newInstance()->totalItems(null, 'INACTIVE')); $this->_exportVariableToView("numItemsPerCategory", osc_get_non_empty_categories()); $this->_exportVariableToView("newsList", osc_listNews()); $this->_exportVariableToView("comments", ItemComment::newInstance()->getLastComments(5)); //calling the view... $this->doView('main/index.php'); } }
function logout() { //destroying session Session::newInstance()->session_destroy(); Session::newInstance()->_drop('userId'); Session::newInstance()->_drop('userName'); Session::newInstance()->_drop('userEmail'); Session::newInstance()->_drop('userPhone'); Cookie::newInstance()->pop('oc_userId'); Cookie::newInstance()->pop('oc_userSecret'); Cookie::newInstance()->set(); }
function logout() { //destroying session Session::newInstance()->session_destroy(); Session::newInstance()->_drop('adminId'); Session::newInstance()->_drop('adminUserName'); Session::newInstance()->_drop('adminName'); Session::newInstance()->_drop('adminEmail'); Session::newInstance()->_drop('adminLocale'); Cookie::newInstance()->pop('oc_adminId'); Cookie::newInstance()->pop('oc_adminSecret'); Cookie::newInstance()->pop('oc_adminLocale'); Cookie::newInstance()->set(); }
function logout() { //destroying session $locale = Session::newInstance()->_get('userLocale'); Session::newInstance()->session_destroy(); Session::newInstance()->_drop('userId'); Session::newInstance()->_drop('userName'); Session::newInstance()->_drop('userEmail'); Session::newInstance()->_drop('userPhone'); Session::newInstance()->session_start(); Session::newinstance()->_set('userLocale', $locale); Cookie::newInstance()->pop('oc_userId'); Cookie::newInstance()->pop('oc_userSecret'); Cookie::newInstance()->set(); }
function osc_is_admin_user_logged_in() { if (Session::newInstance()->_get("adminId") != '') { return true; } //can already be a logged user or not, we'll take a look into the cookie if (Cookie::newInstance()->get_value('oc_adminId') != '' && Cookie::newInstance()->get_value('oc_adminSecret') != '') { $admin = Admin::newInstance()->findByIdSecret(Cookie::newInstance()->get_value('oc_adminId'), Cookie::newInstance()->get_value('oc_adminSecret')); Session::newInstance()->_set('adminId', $admin['pk_i_id']); Session::newInstance()->_set('adminUserName', $admin['s_username']); Session::newInstance()->_set('adminName', $admin['s_name']); Session::newInstance()->_set('adminEmail', $admin['s_email']); Session::newInstance()->_set('adminLocale', Cookie::newInstance()->get_value('oc_adminLocale')); return true; } return false; }
function doModel() { switch ($this->action) { case 'logout': // unset only the required parameters in Session Session::newInstance()->_drop('userId'); Session::newInstance()->_drop('userName'); Session::newInstance()->_drop('userEmail'); Session::newInstance()->_drop('userPhone'); Cookie::newInstance()->pop('oc_userId'); Cookie::newInstance()->pop('oc_userSecret'); Cookie::newInstance()->set(); $this->redirectTo(osc_base_url()); break; default: $this->doView('main.php'); } }
function doModel() { parent::doModel(); //specific things for this class switch ($this->action) { case 'bulk_actions': osc_csrf_check(); switch (Params::getParam('bulk_actions')) { case 'delete': $ids = Params::getParam("id"); if (is_array($ids)) { foreach ($ids as $id) { osc_deleteResource($id, true); } $log_ids = substr(implode(",", $ids), 0, 250); Log::newInstance()->insertLog('media', 'delete bulk', $log_ids, $log_ids, 'admin', osc_logged_admin_id()); $this->resourcesManager->deleteResourcesIds($ids); } osc_add_flash_ok_message(_m('Resource deleted'), 'admin'); break; default: if (Params::getParam("bulk_actions") != "") { osc_run_hook("media_bulk_" . Params::getParam("bulk_actions"), Params::getParam('id')); } break; } $this->redirectTo(osc_admin_base_url(true) . '?page=media'); break; case 'delete': osc_csrf_check(); $ids = Params::getParam('id'); if (is_array($ids)) { foreach ($ids as $id) { osc_deleteResource($id, true); } $log_ids = substr(implode(",", $ids), 0, 250); Log::newInstance()->insertLog('media', 'delete', $log_ids, $log_ids, 'admin', osc_logged_admin_id()); $this->resourcesManager->deleteResourcesIds($ids); } osc_add_flash_ok_message(_m('Resource deleted'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=media'); break; default: require_once osc_lib_path() . "osclass/classes/datatables/MediaDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') { Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength')); } else { Params::setParam('iDisplayLength', 10); } } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray(); $mediaDataTable = new MediaDataTable(); $mediaDataTable->table($params); $aData = $mediaDataTable->getData(); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . Params::getServerParam('QUERY_STRING', false, false); if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('aRawRows', $mediaDataTable->rawRows()); $bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected media files?'), strtolower(__('Delete'))), 'label' => __('Delete'))); $bulk_options = osc_apply_filter("media_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); $this->doView('media/index.php'); break; } }
function doModel() { switch ($this->action) { case 'login_post': //post execution for the login if (!osc_users_enabled()) { osc_add_flash_error_message(_m('Users are not enabled')); $this->redirectTo(osc_base_url()); } require_once LIB_PATH . 'osclass/UserActions.php'; $user = User::newInstance()->findByEmail(Params::getParam('email')); $url_redirect = osc_user_dashboard_url(); $page_redirect = ''; if (osc_rewrite_enabled()) { if (isset($_SERVER['HTTP_REFERER'])) { $request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $_SERVER['HTTP_REFERER'])); $tmp_ar = explode("?", $request_uri); $request_uri = $tmp_ar[0]; $rules = Rewrite::newInstance()->listRules(); foreach ($rules as $match => $uri) { if (preg_match('#' . $match . '#', $request_uri, $m)) { $request_uri = preg_replace('#' . $match . '#', $uri, $request_uri); if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) { $page_redirect = $match[2]; } break; } } } } else { if (preg_match('|[\\?&]page=([^&]+)|', $_SERVER['HTTP_REFERER'] . '&', $match)) { $page_redirect = $match[1]; } } if (Params::getParam('http_referer') != '') { Session::newInstance()->_setReferer(Params::getParam('http_referer')); $url_redirect = Params::getParam('http_referer'); } else { if (Session::newInstance()->_getReferer() != '') { Session::newInstance()->_setReferer(Session::newInstance()->_getReferer()); $url_redirect = Session::newInstance()->_getReferer(); } else { if ($page_redirect != '' && $page_redirect != 'login') { Session::newInstance()->_setReferer($_SERVER['HTTP_REFERER']); $url_redirect = $_SERVER['HTTP_REFERER']; } } } if (!$user) { osc_add_flash_error_message(_m('The username doesn\'t exist')); $this->redirectTo(osc_user_login_url()); } if ($user["s_password"] != sha1(Params::getParam('password'))) { osc_add_flash_error_message(_m('The password is incorrect')); $this->redirectTo(osc_user_login_url()); } $uActions = new UserActions(false); $logged = $uActions->bootstrap_login($user['pk_i_id']); if ($logged == 0) { osc_add_flash_error_message(_m('The username doesn\'t exist')); } else { if ($logged == 1) { osc_add_flash_error_message(_m('The user has not been validated yet')); } else { if ($logged == 2) { osc_add_flash_error_message(_m('The user has been suspended')); } else { if ($logged == 3) { if (Params::getParam('remember') == 1) { //this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_userId', $user['pk_i_id']); Cookie::newInstance()->push('oc_userSecret', $secret); Cookie::newInstance()->set(); } $this->redirectTo($url_redirect); } else { osc_add_flash_error_message(_m('This should never happens')); } } } } if (!$user['b_enabled']) { $this->redirectTo(osc_user_login_url()); } $this->redirectTo(osc_user_login_url()); break; case 'recover': //form to recover the password (in this case we have the form in /gui/) $this->doView('user-recover.php'); break; case 'recover_post': //post execution to recover the password require_once LIB_PATH . 'osclass/UserActions.php'; // e-mail is incorrect if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) { osc_add_flash_error_message(_m('Invalid email address')); $this->redirectTo(osc_recover_user_password_url()); } $userActions = new UserActions(false); $success = $userActions->recover_password(); switch ($success) { case 0: // recover ok osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password')); $this->redirectTo(osc_base_url()); break; case 1: // e-mail does not exist osc_add_flash_error_message(_m('We were not able to identify you given the information provided')); $this->redirectTo(osc_recover_user_password_url()); break; case 2: // recaptcha wrong osc_add_flash_error_message(_m('The recaptcha code is wrong')); $this->redirectTo(osc_recover_user_password_url()); break; } break; case 'forgot': //form to recover the password (in this case we have the form in /gui/) $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user) { $this->doView('user-forgot_password.php'); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'forgot_post': if (Params::getParam('new_password') == '' || Params::getParam('new_password2') == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user['b_enabled'] == 1) { if (Params::getParam('new_password') == Params::getParam('new_password2')) { User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => $_SERVER['REMOTE_ADDR'], 's_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed')); $this->redirectTo(osc_user_login_url()); } else { osc_add_flash_error_message(_m('Error, the password don\'t match')); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); } $this->redirectTo(osc_base_url()); break; default: //login if (osc_logged_user_id() != '') { $this->redirectTo(osc_user_dashboard_url()); } $this->doView('user-login.php'); } }
function doModel() { parent::doModel(); //specific things for this class switch ($this->action) { case 'edit': if (Params::getParam("id") == '') { $this->redirectTo(osc_admin_base_url(true) . "?page=pages"); } $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } $templates = osc_apply_filter('page_templates', WebThemes::newInstance()->getAvailableTemplates()); $this->_exportVariableToView('templates', $templates); $this->_exportVariableToView("page", $this->pageManager->findByPrimaryKey(Params::getParam("id"))); $this->doView("pages/frm.php"); break; case 'edit_post': osc_csrf_check(); $id = Params::getParam("id"); $b_link = Params::getParam("b_link") != '' ? 1 : 0; $s_internal_name = Params::getParam("s_internal_name"); $s_internal_name = osc_sanitizeString($s_internal_name); $meta = Params::getParam('meta'); $this->pageManager->updateMeta($id, json_encode($meta)); $aFieldsDescription = array(); $postParams = Params::getParamsAsArray('', false); $not_empty = false; foreach ($postParams as $k => $v) { if (preg_match('|(.+?)#(.+)|', $k, $m)) { if ($m[2] == 's_title' && $v != '') { $not_empty = true; } $aFieldsDescription[$m[1]][$m[2]] = $v; } } Session::newInstance()->_setForm('aFieldsDescription', $aFieldsDescription); if ($s_internal_name == '') { osc_add_flash_error_message(_m('You have to set an internal name'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=pages&action=edit&id=" . $id); } if (!WebThemes::newInstance()->isValidPage($s_internal_name)) { osc_add_flash_error_message(_m('You have to set a different internal name'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=pages&action=edit&id=" . $id); } Session::newInstance()->_setForm('s_internal_name', $s_internal_name); if ($not_empty) { foreach ($aFieldsDescription as $k => $_data) { $this->pageManager->updateDescription($id, $k, $_data['s_title'], $_data['s_text']); } if (!$this->pageManager->internalNameExists($id, $s_internal_name)) { if (!$this->pageManager->isIndelible($id)) { $this->pageManager->updateInternalName($id, $s_internal_name); $this->pageManager->updateLink($id, $b_link); } osc_run_hook('edit_page', $id); Session::newInstance()->_clearVariables(); osc_add_flash_ok_message(_m('The page has been updated'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=pages"); } osc_add_flash_error_message(_m("You can't repeat internal name"), 'admin'); } else { osc_add_flash_error_message(_m("The page couldn't be updated, at least one title should not be empty"), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . "?page=pages&action=edit&id=" . $id); break; case 'add': $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } $templates = osc_apply_filter('page_templates', WebThemes::newInstance()->getAvailableTemplates()); $this->_exportVariableToView('templates', $templates); $this->_exportVariableToView("page", array()); $this->doView("pages/frm.php"); break; case 'add_post': osc_csrf_check(); $s_internal_name = Params::getParam("s_internal_name"); $b_link = Params::getParam("b_link") != '' ? 1 : 0; $s_internal_name = osc_sanitizeString($s_internal_name); $meta = Params::getParam('meta'); $aFieldsDescription = array(); $postParams = Params::getParamsAsArray('', false); $not_empty = false; foreach ($postParams as $k => $v) { if (preg_match('|(.+?)#(.+)|', $k, $m)) { if ($m[2] == 's_title' && $v != '') { $not_empty = true; } $aFieldsDescription[$m[1]][$m[2]] = $v; } } Session::newInstance()->_setForm('aFieldsDescription', $aFieldsDescription); if ($s_internal_name == '') { osc_add_flash_error_message(_m('You have to set an internal name'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=pages&action=add"); } if (!WebThemes::newInstance()->isValidPage($s_internal_name)) { osc_add_flash_error_message(_m('You have to set a different internal name'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=pages&action=add"); } $aFields = array('s_internal_name' => $s_internal_name, 'b_indelible' => '0', 's_meta' => json_encode($meta), 'b_link' => $b_link); Session::newInstance()->_setForm('s_internal_name', $s_internal_name); $page = $this->pageManager->findByInternalName($s_internal_name); if (!isset($page['pk_i_id'])) { if ($not_empty) { $result = $this->pageManager->insert($aFields, $aFieldsDescription); Session::newInstance()->_clearVariables(); osc_add_flash_ok_message(_m('The page has been added'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=pages"); } else { osc_add_flash_error_message(_m("The page couldn't be added, at least one title should not be empty"), 'admin'); } } else { osc_add_flash_error_message(_m("Oops! That internal name is already in use. We can't make the changes"), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . "?page=pages&action=add"); break; case 'delete': osc_csrf_check(); $id = Params::getParam("id"); $page_deleted_correcty = 0; $page_deleted_error = 0; $page_indelible = 0; if (!is_array($id)) { $id = array($id); } foreach ($id as $_id) { $result = (int) $this->pageManager->deleteByPrimaryKey($_id); switch ($result) { case -1: $page_indelible++; break; case 0: $page_deleted_error++; break; case 1: $page_deleted_correcty++; } } if ($page_indelible > 0) { if ($page_indelible == 1) { osc_add_flash_error_message(_m("One page can't be deleted because it is indelible"), 'admin'); } else { osc_add_flash_error_message(sprintf(_m("%s pages couldn't be deleted because they are indelible"), $page_indelible), 'admin'); } } if ($page_deleted_error > 0) { if ($page_deleted_error == 1) { osc_add_flash_error_message(_m("One page couldn't be deleted"), 'admin'); } else { osc_add_flash_error_message(sprintf(_m("%s pages couldn't be deleted"), $page_deleted_error), 'admin'); } } if ($page_deleted_correcty > 0) { if ($page_deleted_correcty == 1) { osc_add_flash_ok_message(_m('One page has been deleted correctly'), 'admin'); } else { osc_add_flash_ok_message(sprintf(_m('%s pages have been deleted correctly'), $page_deleted_correcty), 'admin'); } } $this->redirectTo(osc_admin_base_url(true) . "?page=pages"); break; default: if (Params::getParam("action") != "") { osc_run_hook("page_bulk_" . Params::getParam("action"), Params::getParam('id')); } require_once osc_lib_path() . "osclass/classes/datatables/PagesDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie $listing_iDisplayLength = (int) Cookie::newInstance()->get_value('listing_iDisplayLength'); if ($listing_iDisplayLength == 0) { $listing_iDisplayLength = 10; } Params::setParam('iDisplayLength', $listing_iDisplayLength); } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray(); $pagesDataTable = new PagesDataTable(); $pagesDataTable->table($params); $aData = $pagesDataTable->getData(); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . Params::getServerParam('QUERY_STRING', false, false); if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('aRawRows', $pagesDataTable->rawRows()); $bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected pages?'), strtolower(__('Delete'))), 'label' => __('Delete'))); $bulk_options = osc_apply_filter("page_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); $this->doView("pages/index.php"); break; } }
require_once LIB_PATH . 'osclass/helpers/hErrors.php'; $title = 'OSClass » Error'; $message = sprintf(__('We are sorry for any inconvenience. %s is under maintenance mode') . '.', osc_page_title()); osc_die($title, $message); } else { define('__OSC_MAINTENANCE__', true); } } if (!osc_users_enabled() && osc_is_web_user_logged_in()) { Session::newInstance()->_drop('userId'); Session::newInstance()->_drop('userName'); Session::newInstance()->_drop('userEmail'); Session::newInstance()->_drop('userPhone'); Cookie::newInstance()->pop('oc_userId'); Cookie::newInstance()->pop('oc_userSecret'); Cookie::newInstance()->set(); } switch (Params::getParam('page')) { case 'cron': // cron system define('__FROM_CRON__', true); require_once osc_lib_path() . 'osclass/cron.php'; break; case 'user': // user pages (with security) if (Params::getParam('action') == 'change_email_confirm' || Params::getParam('action') == 'activate_alert' || Params::getParam('action') == 'unsub_alert' && !osc_is_web_user_logged_in() || Params::getParam('action') == 'contact_post' || Params::getParam('action') == 'pub_profile') { require_once osc_base_path() . 'user-non-secure.php'; $do = new CWebUserNonSecure(); $do->doModel(); } else { require_once osc_base_path() . 'user.php';
function doModel() { parent::doModel(); //specific things for this class switch ($this->action) { case 'bulk_actions': osc_csrf_check(); $id = Params::getParam('id'); if ($id) { switch (Params::getParam('bulk_actions')) { case 'delete_all': $this->itemCommentManager->delete(array(DB_CUSTOM_COND => 'pk_i_id IN (' . implode(', ', $id) . ')')); foreach ($id as $_id) { $iUpdated = $this->itemCommentManager->delete(array('pk_i_id' => $_id)); osc_add_hook("delete_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been deleted'), 'admin'); break; case 'activate_all': foreach ($id as $_id) { $iUpdated = $this->itemCommentManager->update(array('b_active' => 1), array('pk_i_id' => $_id)); if ($iUpdated) { $this->sendCommentActivated($_id); } osc_add_hook("activate_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been approved'), 'admin'); break; case 'deactivate_all': foreach ($id as $_id) { $this->itemCommentManager->update(array('b_active' => 0), array('pk_i_id' => $_id)); osc_add_hook("deactivate_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been disapproved'), 'admin'); break; case 'enable_all': foreach ($id as $_id) { $iUpdated = $this->itemCommentManager->update(array('b_enabled' => 1), array('pk_i_id' => $_id)); if ($iUpdated) { $this->sendCommentActivated($_id); } osc_add_hook("enable_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been unblocked'), 'admin'); break; case 'disable_all': foreach ($id as $_id) { $this->itemCommentManager->update(array('b_enabled' => 0), array('pk_i_id' => $_id)); osc_add_hook("disable_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been blocked'), 'admin'); break; default: if (Params::getParam("bulk_actions") != "") { osc_run_hook("item_bulk_" . Params::getParam("bulk_actions"), Params::getParam('id')); } break; } } $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; case 'status': osc_csrf_check(); $id = Params::getParam('id'); $value = Params::getParam('value'); if (!$id) { return false; } $id = (int) $id; if (!is_numeric($id)) { return false; } if (!in_array($value, array('ACTIVE', 'INACTIVE', 'ENABLE', 'DISABLE'))) { return false; } if ($value == 'ACTIVE') { $iUpdated = $this->itemCommentManager->update(array('b_active' => 1), array('pk_i_id' => $id)); if ($iUpdated) { $this->sendCommentActivated($id); } osc_add_hook("activate_comment", $id); osc_add_flash_ok_message(_m('The comment has been approved'), 'admin'); } else { if ($value == 'INACTIVE') { $iUpdated = $this->itemCommentManager->update(array('b_active' => 0), array('pk_i_id' => $id)); osc_add_hook("deactivate_comment", $id); osc_add_flash_ok_message(_m('The comment has been disapproved'), 'admin'); } else { if ($value == 'ENABLE') { $iUpdated = $this->itemCommentManager->update(array('b_enabled' => 1), array('pk_i_id' => $id)); osc_add_hook("enable_comment", $id); osc_add_flash_ok_message(_m('The comment has been enabled'), 'admin'); } else { if ($value == 'DISABLE') { $iUpdated = $this->itemCommentManager->update(array('b_enabled' => 0), array('pk_i_id' => $id)); osc_add_hook("disable_comment", $id); osc_add_flash_ok_message(_m('The comment has been disabled'), 'admin'); } } } } $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; case 'comment_edit': $comment = ItemComment::newInstance()->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('comment', $comment); $this->doView('comments/frm.php'); break; case 'comment_edit_post': osc_csrf_check(); $msg = ''; if (!osc_validate_email(Params::getParam('authorEmail'), true)) { $msg .= _m('Email is not correct') . "<br/>"; } if (!osc_validate_text(Params::getParam('body'), 1, true)) { $msg .= _m('Comment is required') . "<br/>"; } if ($msg != '') { osc_add_flash_error_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=comments&action=comment_edit&id=" . Params::getParam('id')); } $this->itemCommentManager->update(array('s_title' => Params::getParam('title'), 's_body' => Params::getParam('body'), 's_author_name' => Params::getParam('authorName'), 's_author_email' => Params::getParam('authorEmail')), array('pk_i_id' => Params::getParam('id'))); osc_run_hook('edit_comment', Params::getParam('id')); osc_add_flash_ok_message(_m('Great! We just updated your comment'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; case 'delete': osc_csrf_check(); $this->itemCommentManager->deleteByPrimaryKey(Params::getParam('id')); osc_add_flash_ok_message(_m('The comment has been deleted'), 'admin'); osc_run_hook('delete_comment', Params::getParam('id')); $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; default: require_once osc_lib_path() . "osclass/classes/datatables/CommentsDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') { Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength')); } else { Params::setParam('iDisplayLength', 10); } } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray(); $commentsDataTable = new CommentsDataTable(); $commentsDataTable->table($params); $aData = $commentsDataTable->getData(); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . Params::getServerParam('QUERY_STRING', false, false); if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('aRawRows', $commentsDataTable->rawRows()); $bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Delete'))), 'label' => __('Delete')), array('value' => 'activate_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Activate'))), 'label' => __('Activate')), array('value' => 'deactivate_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Deactivate'))), 'label' => __('Deactivate')), array('value' => 'disable_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Block'))), 'label' => __('Block')), array('value' => 'enable_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Unblock'))), 'label' => __('Unblock'))); $bulk_options = osc_apply_filter("comment_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); $this->doView('comments/index.php'); break; } }
function doModel() { parent::doModel(); if (osc_is_moderator() && ($this->action == 'settings' || $this->action == 'settings_post')) { osc_add_flash_error_message(_m("You don't have enough permissions"), "admin"); $this->redirectTo(osc_admin_base_url()); } //specific things for this class switch ($this->action) { case 'bulk_actions': osc_csrf_check(); $mItems = new ItemActions(true); switch (Params::getParam('bulk_actions')) { case 'enable_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->enable($_id)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been enabled', '%d listings have been enabled', $numSuccess), $numSuccess), 'admin'); } break; case 'disable_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->disable((int) $_id)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been disabled', '%d listings have been disabled', $numSuccess), $numSuccess), 'admin'); } break; case 'activate_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->activate($_id)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been activated', '%d listings have been activated', $numSuccess), $numSuccess), 'admin'); } break; case 'deactivate_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->deactivate($_id)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_m('%d listing has been deactivated', '%d listings have been deactivated', $numSuccess), $numSuccess), 'admin'); } break; case 'premium_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->premium($_id)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been marked as premium', '%d listings have been marked as premium', $numSuccess), $numSuccess), 'admin'); } break; case 'depremium_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->premium($_id, false)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_mn('%d change has been made', '%d changes have been made', $numSuccess), $numSuccess), 'admin'); } break; case 'spam_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->spam($_id)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been marked as spam', '%d listings have been marked as spam', $numSuccess), $numSuccess), 'admin'); } break; case 'despam_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->spam($_id, false)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_mn('%d change has been made', '%d changes have been made', $numSuccess), $numSuccess), 'admin'); } break; case 'delete_all': $id = Params::getParam('id'); $success = false; if ($id) { $numSuccess = 0; foreach ($id as $i) { if ($i) { $item = $this->itemManager->findByPrimaryKey($i); $success = $mItems->delete($item['s_secret'], $item['pk_i_id']); if ($success) { $numSuccess++; } } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been deleted', '%d listings have been deleted', $numSuccess), $numSuccess), 'admin'); } break; case 'clear_spam_all': $id = Params::getParam('id'); $success = false; if ($id) { $numSuccess = 0; foreach ($id as $i) { if ($i) { $success = $this->itemManager->clearStat($i, 'spam'); if ($success) { $numSuccess++; } } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked as spam', '%d listings have been unmarked as spam', $numSuccess), $numSuccess), 'admin'); } break; case 'clear_bad_all': $id = Params::getParam('id'); $success = false; if ($id) { $numSuccess = 0; foreach ($id as $i) { if ($i) { $success = $this->itemManager->clearStat($i, 'bad'); if ($success) { $numSuccess++; } } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked as missclassified', '%d listings have been unmarked as missclassified', $numSuccess), $numSuccess), 'admin'); } break; case 'clear_dupl_all': $id = Params::getParam('id'); $success = false; if ($id) { $numSuccess = 0; foreach ($id as $i) { if ($i) { $success = $this->itemManager->clearStat($i, 'duplicated'); if ($success) { $numSuccess++; } } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked as duplicated', '%d listings have been unmarked as duplicated', $numSuccess), $numSuccess), 'admin'); } break; case 'clear_expi_all': $id = Params::getParam('id'); $success = false; if ($id) { $numSuccess = 0; foreach ($id as $i) { if ($i) { $success = $this->itemManager->clearStat($i, 'expired'); if ($success) { $numSuccess++; } } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked as expired', '%d listings have been unmarked as expired', $numSuccess), $numSuccess), 'admin'); } break; case 'clear_offe_all': $id = Params::getParam('id'); $success = false; if ($id) { $numSuccess = 0; foreach ($id as $i) { if ($i) { $success = $this->itemManager->clearStat($i, 'offensive'); if ($success) { $numSuccess++; } } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked as offensive', '%d listings have been unmarked as offensive', $numSuccess), $numSuccess), 'admin'); } break; case 'clear_all': $id = Params::getParam('id'); $success = false; if ($id) { $numSuccess = 0; foreach ($id as $i) { if ($i) { $success = $this->itemManager->clearStat($i, 'all'); if ($success) { $numSuccess++; } } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked', '%d listings have been unmarked', $numSuccess), $numSuccess), 'admin'); } break; default: if (Params::getParam("bulk_actions") != "") { osc_run_hook("item_bulk_" . Params::getParam("bulk_actions"), Params::getParam('id')); } break; } $this->redirectTo($_SERVER['HTTP_REFERER']); break; case 'delete': //delete osc_csrf_check(); $id = Params::getParam('id'); $success = false; foreach ($id as $i) { if ($i) { $aItem = $this->itemManager->findByPrimaryKey($i); $mItems = new ItemActions(true); $success = $mItems->delete($aItem['s_secret'], $aItem['pk_i_id']); } } if ($success) { osc_add_flash_ok_message(_m('The listing has been deleted'), 'admin'); } else { osc_add_flash_error_message(_m("The listing couldn't be deleted"), 'admin'); } $this->redirectTo($_SERVER['HTTP_REFERER']); break; case 'status': //status osc_csrf_check(); $id = Params::getParam('id'); $value = Params::getParam('value'); if (!$id) { return false; } $id = (int) $id; if (!is_numeric($id)) { return false; } if (!in_array($value, array('ACTIVE', 'INACTIVE', 'ENABLE', 'DISABLE'))) { return false; } $item = $this->itemManager->findByPrimaryKey($id); $mItems = new ItemActions(true); switch ($value) { case 'ACTIVE': $success = $mItems->activate($id); if ($success && $success > 0) { osc_add_flash_ok_message(_m('The listing has been activated'), 'admin'); } else { if (!$success) { osc_add_flash_error_message(_m('An error has occurred'), 'admin'); } else { osc_add_flash_error_message(_m("The listing can't be activated because it's blocked"), 'admin'); } } break; case 'INACTIVE': $success = $mItems->deactivate($id); if ($success && $success > 0) { osc_add_flash_ok_message(_m('The listing has been deactivated'), 'admin'); } else { osc_add_flash_error_message(_m('An error has occurred'), 'admin'); } break; case 'ENABLE': $success = $mItems->enable($id); if ($success && $success > 0) { osc_add_flash_ok_message(_m('The listing has been enabled'), 'admin'); } else { osc_add_flash_error_message(_m('An error has occurred'), 'admin'); } break; case 'DISABLE': $success = $mItems->disable($id); if ($success && $success > 0) { osc_add_flash_ok_message(_m('The listing has been disabled'), 'admin'); } else { osc_add_flash_error_message(_m('An error has occurred'), 'admin'); } break; } $this->redirectTo($_SERVER['HTTP_REFERER']); break; case 'status_premium': //status premium osc_csrf_check(); $id = Params::getParam('id'); $value = Params::getParam('value'); if (!$id) { return false; } $id = (int) $id; if (!is_numeric($id)) { return false; } if (!in_array($value, array(0, 1))) { return false; } $mItems = new ItemActions(true); if ($mItems->premium($id, $value == 1 ? true : false)) { osc_add_flash_ok_message(_m('Changes have been applied'), 'admin'); } else { osc_add_flash_error_message(_m('An error has occurred'), 'admin'); } $this->redirectTo($_SERVER['HTTP_REFERER']); break; case 'status_spam': //status spam osc_csrf_check(); $id = Params::getParam('id'); $value = Params::getParam('value'); if (!$id) { return false; } $id = (int) $id; if (!is_numeric($id)) { return false; } if (!in_array($value, array(0, 1))) { return false; } $mItems = new ItemActions(true); if ($mItems->spam($id, $value == 1 ? true : false)) { osc_add_flash_ok_message(_m('Changes have been applied'), 'admin'); } else { osc_add_flash_error_message(_m('An error has occurred'), 'admin'); } $this->redirectTo($_SERVER['HTTP_REFERER']); break; case 'clear_stat': osc_csrf_check(); $id = Params::getParam('id'); $stat = Params::getParam('stat'); if (!$id) { return false; } if (!$stat) { return false; } $id = (int) $id; if (!is_numeric($id)) { return false; } $success = $this->itemManager->clearStat($id, $stat); if ($success) { osc_add_flash_ok_message(_m('The listing has been unmarked as') . " {$stat}", 'admin'); } else { osc_add_flash_error_message(_m("The listing hasn't been unmarked as") . " {$stat}", 'admin'); } $this->redirectTo($_SERVER['HTTP_REFERER']); break; case 'item_edit': // edit item $id = Params::getParam('id'); $item = Item::newInstance()->findByPrimaryKey($id); if (count($item) <= 0) { $this->redirectTo(osc_admin_base_url(true) . "?page=items"); } $csrf_token = osc_csrf_token_url(); if ($item['b_active']) { $actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=INACTIVE">' . __('Deactivate') . '</a>'; } else { $actions[] = '<a class="btn btn-red float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=ACTIVE">' . __('Activate') . '</a>'; } if ($item['b_enabled']) { $actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=DISABLE">' . __('Block') . '</a>'; } else { $actions[] = '<a class="btn btn-red float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=ENABLE">' . __('Unblock') . '</a>'; } if ($item['b_premium']) { $actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status_premium&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=0">' . __('Unmark as premium') . '</a>'; } else { $actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status_premium&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=1">' . __('Mark as premium') . '</a>'; } if ($item['b_spam']) { $actions[] = '<a class="btn btn-red float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status_spam&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=0">' . __('Unmark as spam') . '</a>'; } else { $actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status_spam&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=1">' . __('Mark as spam') . '</a>'; } $this->_exportVariableToView("actions", $actions); $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } // save referer if belongs to manage items // redirect only if ManageItems or ReportedListngs if (isset($_SERVER['HTTP_REFERER'])) { $referer = $_SERVER['HTTP_REFERER']; if (preg_match('/page=items/', $referer)) { if (preg_match("/action=([\\p{L}|_|-]+)/u", $referer, $matches)) { if ($matches[1] == 'items_reported') { Session::newInstance()->_set('osc_admin_referer', $referer); } } else { // no actions - Manage Listings Session::newInstance()->_set('osc_admin_referer', $referer); } } } $this->_exportVariableToView("item", $item); $this->_exportVariableToView("new_item", FALSE); osc_run_hook("before_item_edit", $item); $this->doView('items/frm.php'); break; case 'item_edit_post': osc_csrf_check(); $mItems = new ItemActions(true); $mItems->prepareData(false); // set all parameters into session foreach ($mItems->data as $key => $value) { Session::newInstance()->_setForm($key, $value); } $meta = Params::getParam('meta'); if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_setForm('meta_' . $key, $value); Session::newInstance()->_keepForm('meta_' . $key); } } $success = $mItems->edit(); if ($success == 1) { osc_add_flash_ok_message(_m('Changes saved correctly'), 'admin'); $url = osc_admin_base_url(true) . "?page=items"; // if Referer is saved that means referer is ManageListings or ReportListings if (Session::newInstance()->_get('osc_admin_referer') != '') { $url = Session::newInstance()->_get('osc_admin_referer'); } Session::newInstance()->_clearVariables(); $this->redirectTo($url); } else { osc_add_flash_error_message($success, 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=items&action=item_edit&id=" . Params::getParam('id')); } break; case 'deleteResource': //delete resource osc_csrf_check(); $id = Params::getParam('id'); $name = Params::getParam('name'); $fkid = Params::getParam('fkid'); // delete files osc_deleteResource($id, true); Log::newInstance()->insertLog('items', 'deleteResource', $id, $id, 'admin', osc_logged_admin_id()); $result = ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $fkid, 's_name' => $name)); if ($result === false) { osc_add_flash_error_message(_m('An error has occurred'), 'admin'); } else { osc_add_flash_ok_message(_m('Resource deleted'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . "?page=items"); break; case 'post': // add item $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } $this->_exportVariableToView("new_item", TRUE); osc_run_hook('post_item'); $this->doView('items/frm.php'); break; case 'post_item': //post item osc_csrf_check(); $mItem = new ItemActions(true); $mItem->prepareData(true); // set all parameters into session foreach ($mItem->data as $key => $value) { Session::newInstance()->_setForm($key, $value); } $meta = Params::getParam('meta'); if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_setForm('meta_' . $key, $value); Session::newInstance()->_keepForm('meta_' . $key); } } $success = $mItem->add(); if ($success == 1 || $success == 2) { $url = osc_admin_base_url(true) . "?page=items"; // if Referer is saved that means referer is ManageListings or ReportListings if (Session::newInstance()->_get('osc_admin_referer') != '') { Session::newInstance()->_drop('osc_admin_referer'); $url = Session::newInstance()->_get('osc_admin_referer'); } Session::newInstance()->_clearVariables(); osc_add_flash_ok_message(_m('A new listing has been added'), 'admin'); $this->redirectTo($url); } else { osc_add_flash_error_message($success, 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=items&action=post"); } break; case 'settings': // calling the items settings view $this->doView('items/settings.php'); break; case 'settings_post': // update item settings osc_csrf_check(); $iUpdated = 0; $enabledRecaptchaItems = Params::getParam('enabled_recaptcha_items'); $enabledRecaptchaItems = $enabledRecaptchaItems == '1' ? true : false; $moderateItems = Params::getParam('moderate_items'); $moderateItems = $moderateItems != '' ? true : false; $numModerateItems = Params::getParam('num_moderate_items'); $itemsWaitTime = Params::getParam('items_wait_time'); $loggedUserItemValidation = Params::getParam('logged_user_item_validation'); $loggedUserItemValidation = $loggedUserItemValidation != '' ? true : false; $regUserPost = Params::getParam('reg_user_post'); $regUserPost = $regUserPost != '' ? true : false; $notifyNewItem = Params::getParam('notify_new_item'); $notifyNewItem = $notifyNewItem != '' ? true : false; $notifyContactItem = Params::getParam('notify_contact_item'); $notifyContactItem = $notifyContactItem != '' ? true : false; $notifyContactFriends = Params::getParam('notify_contact_friends'); $notifyContactFriends = $notifyContactFriends != '' ? true : false; $enabledFieldPriceItems = Params::getParam('enableField#f_price@items'); $enabledFieldPriceItems = $enabledFieldPriceItems != '' ? true : false; $enabledFieldImagesItems = Params::getParam('enableField#images@items'); $enabledFieldImagesItems = $enabledFieldImagesItems != '' ? true : false; $numImagesItems = Params::getParam('numImages@items'); if ($numImagesItems == '') { $numImagesItems = 0; } $regUserCanContact = Params::getParam('reg_user_can_contact'); $regUserCanContact = $regUserCanContact != '' ? true : false; $contactItemAttachment = Params::getParam('item_attachment'); $contactItemAttachment = $contactItemAttachment != '' ? true : false; $msg = ''; if (!osc_validate_int(Params::getParam("items_wait_time"))) { $msg .= _m("Wait time must only contain numeric characters") . "<br/>"; } if (Params::getParam("num_moderate_items") != '' && !osc_validate_int(Params::getParam("num_moderate_items"))) { $msg .= _m("Number of moderated listings must only contain numeric characters") . "<br/>"; } if (!osc_validate_int($numImagesItems)) { $msg .= _m("Images per listing must only contain numeric characters") . "<br/>"; } if ($msg != '') { osc_add_flash_error_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=items&action=settings'); } $iUpdated += Preference::newInstance()->update(array('s_value' => $enabledRecaptchaItems), array('s_name' => 'enabled_recaptcha_items')); if ($moderateItems) { $iUpdated += Preference::newInstance()->update(array('s_value' => $numModerateItems), array('s_name' => 'moderate_items')); } else { $iUpdated += Preference::newInstance()->update(array('s_value' => '-1'), array('s_name' => 'moderate_items')); } $iUpdated += Preference::newInstance()->update(array('s_value' => $loggedUserItemValidation), array('s_name' => 'logged_user_item_validation')); $iUpdated += Preference::newInstance()->update(array('s_value' => $regUserPost), array('s_name' => 'reg_user_post')); $iUpdated += Preference::newInstance()->update(array('s_value' => $notifyNewItem), array('s_name' => 'notify_new_item')); $iUpdated += Preference::newInstance()->update(array('s_value' => $notifyContactItem), array('s_name' => 'notify_contact_item')); $iUpdated += Preference::newInstance()->update(array('s_value' => $notifyContactFriends), array('s_name' => 'notify_contact_friends')); $iUpdated += Preference::newInstance()->update(array('s_value' => $enabledFieldPriceItems), array('s_name' => 'enableField#f_price@items')); $iUpdated += Preference::newInstance()->update(array('s_value' => $enabledFieldImagesItems), array('s_name' => 'enableField#images@items')); $iUpdated += Preference::newInstance()->update(array('s_value' => $itemsWaitTime), array('s_name' => 'items_wait_time')); $iUpdated += Preference::newInstance()->update(array('s_value' => $numImagesItems), array('s_name' => 'numImages@items')); $iUpdated += Preference::newInstance()->update(array('s_value' => $regUserCanContact), array('s_name' => 'reg_user_can_contact')); $iUpdated += Preference::newInstance()->update(array('s_value' => $contactItemAttachment), array('s_name' => 'item_attachment')); if ($iUpdated > 0) { osc_add_flash_ok_message(_m("Listings' settings have been updated"), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=items&action=settings'); break; case 'items_reported': require_once osc_lib_path() . "osclass/classes/datatables/ItemsDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') { Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength')); } else { Params::setParam('iDisplayLength', 10); } } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray("get"); $itemsDataTable = new ItemsDataTable(); $itemsDataTable->tableReported($params); $aData = $itemsDataTable->getData(); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . $_SERVER['QUERY_STRING']; if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('aRawRows', $itemsDataTable->rawRows()); //calling the view... $this->doView('items/reported.php'); break; default: // default require_once osc_lib_path() . "osclass/classes/datatables/ItemsDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') { Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength')); } else { Params::setParam('iDisplayLength', 10); } } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray("get"); $itemsDataTable = new ItemsDataTable(); $itemsDataTable->table($params); $aData = $itemsDataTable->getData(); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . $_SERVER['QUERY_STRING']; if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('withFilters', $itemsDataTable->withFilters()); $this->_exportVariableToView('aRawRows', $itemsDataTable->rawRows()); $bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Delete'))), 'label' => __('Delete')), array('value' => 'activate_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Activate'))), 'label' => __('Activate')), array('value' => 'deactivate_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Deactivate'))), 'label' => __('Deactivate')), array('value' => 'disable_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Block'))), 'label' => __('Block')), array('value' => 'enable_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Unblock'))), 'label' => __('Unblock')), array('value' => 'premium_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Mark as premium'))), 'label' => __('Mark as premium')), array('value' => 'depremium_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Unmark as premium'))), 'label' => __('Unmark as premium')), array('value' => 'spam_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Mark as spam'))), 'label' => __('Mark as spam')), array('value' => 'despam_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Unmark as spam'))), 'label' => __('Unmark as spam'))); $bulk_options = osc_apply_filter("item_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); //calling the view... $this->doView('items/index.php'); } }
function doModel() { switch ($this->action) { case 'login_post': //post execution for the login if (Params::getParam('user') == '' && Params::getParam('password', false, false) == '') { $this->redirectTo(osc_admin_base_url()); } if (Params::getParam('user') == '') { osc_add_flash_error_message(_m('The username field is empty'), 'admin'); $this->redirectTo(osc_admin_base_url()); } if (Params::getParam('password') == '') { osc_add_flash_error_message(_m('The password field is empty'), 'admin'); $this->redirectTo(osc_admin_base_url()); } // fields are not empty $admin = Admin::newInstance()->findByUsername(Params::getParam('user')); if (!$admin) { osc_add_flash_error_message(sprintf(_m('Sorry, incorrect username. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin'); $this->redirectTo(osc_admin_base_url()); } if ($admin["s_password"] !== sha1(Params::getParam('password', false, false))) { osc_add_flash_error_message(sprintf(_m('Sorry, incorrect password. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin'); $this->redirectTo(osc_admin_base_url()); } if (Params::getParam('remember')) { // this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']); Cookie::newInstance()->push('oc_adminSecret', $secret); Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale')); Cookie::newInstance()->set(); } // we are logged in... let's go! Session::newInstance()->_set('adminId', $admin['pk_i_id']); Session::newInstance()->_set('adminUserName', $admin['s_username']); Session::newInstance()->_set('adminName', $admin['s_name']); Session::newInstance()->_set('adminEmail', $admin['s_email']); Session::newInstance()->_set('adminLocale', Params::getParam('locale')); $this->redirectTo(osc_admin_base_url()); break; case 'recover': // form to recover the password (in this case we have the form in /gui/) $this->doView('gui/recover.php'); break; case 'recover_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url()); } // post execution to recover the password $admin = Admin::newInstance()->findByEmail(Params::getParam('email')); if ($admin) { if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover'); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $newPassword = osc_genRandomPassword(40); Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id'])); $password_url = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword); osc_run_hook('hook_email_user_forgot_password', $admin, $password_url); } osc_add_flash_ok_message(_m('A new password has been sent to your e-mail'), 'admin'); $this->redirectTo(osc_admin_base_url()); break; case 'forgot': // form to recover the password (in this case we have the form in /gui/) $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if (!$admin) { osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin'); $this->redirectTo(osc_admin_base_url()); } $this->doView('gui/forgot_password.php'); break; case 'forgot_post': $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if (!$admin) { osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin'); $this->redirectTo(osc_admin_base_url()); } if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) { Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => sha1(Params::getParam('new_password', false, false))), array('pk_i_id' => $admin['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed'), 'admin'); $this->redirectTo(osc_admin_base_url()); } else { osc_add_flash_error_message(_m("Error, the password don't match"), 'admin'); $this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code'))); } break; } }
function doModel() { switch ($this->action) { case 'dashboard': //dashboard... $max_items = Params::getParam('max_items') != '' ? Params::getParam('max_items') : 5; $aItems = Item::newInstance()->findByUserIDEnabled(osc_logged_user_id(), 0, $max_items); //calling the view... $this->_exportVariableToView('items', $aItems); $this->_exportVariableToView('max_items', $max_items); $this->doView('user-dashboard.php'); break; case 'profile': //profile... $user = User::newInstance()->findByPrimaryKey(osc_logged_user_id()); $aCountries = Country::newInstance()->listAll(); $aRegions = array(); if ($user['fk_c_country_code'] != '') { $aRegions = Region::newInstance()->findByCountry($user['fk_c_country_code']); } elseif (count($aCountries) > 0) { $aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']); } $aCities = array(); if ($user['fk_i_region_id'] != '') { $aCities = City::newInstance()->findByRegion($user['fk_i_region_id']); } else { if (count($aRegions) > 0) { $aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']); } } //calling the view... $this->_exportVariableToView('countries', $aCountries); $this->_exportVariableToView('regions', $aRegions); $this->_exportVariableToView('cities', $aCities); $this->_exportVariableToView('user', $user); $this->_exportVariableToView('locales', OSCLocale::newInstance()->listAllEnabled()); $this->doView('user-profile.php'); break; case 'profile_post': //profile post... osc_csrf_check(); $userId = Session::newInstance()->_get('userId'); require_once LIB_PATH . 'osclass/UserActions.php'; $userActions = new UserActions(false); $success = $userActions->edit($userId); if ($success == 1 || $success == 2) { osc_add_flash_ok_message(_m('Your profile has been updated successfully')); } else { osc_add_flash_error_message($success); } $this->redirectTo(osc_user_profile_url()); break; case 'alerts': //alerts $aAlerts = Alerts::newInstance()->findByUser(Session::newInstance()->_get('userId'), false); $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId')); foreach ($aAlerts as $k => $a) { $array_conditions = (array) json_decode($a['s_search']); // $search = Search::newInstance(); $search = new Search(); $search->setJsonAlert($array_conditions); $search->limit(0, 3); $aAlerts[$k]['items'] = $search->doSearch(); } $this->_exportVariableToView('alerts', $aAlerts); View::newInstance()->_reset('alerts'); $this->_exportVariableToView('user', $user); $this->doView('user-alerts.php'); break; case 'change_email': //change email $this->doView('user-change_email.php'); break; case 'change_email_post': //change email post osc_csrf_check(); if (!osc_validate_email(Params::getParam('new_email'))) { osc_add_flash_error_message(_m('The specified e-mail is not valid')); $this->redirectTo(osc_change_user_email_url()); } else { $user = User::newInstance()->findByEmail(Params::getParam('new_email')); if (!isset($user['pk_i_id'])) { $userEmailTmp = array(); $userEmailTmp['fk_i_user_id'] = Session::newInstance()->_get('userId'); $userEmailTmp['s_new_email'] = Params::getParam('new_email'); UserEmailTmp::newInstance()->insertOrUpdate($userEmailTmp); $code = osc_genRandomPassword(30); $date = date('Y-m-d H:i:s'); $userManager = new User(); $userManager->update(array('s_pass_code' => $code, 's_pass_date' => $date, 's_pass_ip' => $_SERVER['REMOTE_ADDR']), array('pk_i_id' => Session::newInstance()->_get('userId'))); $validation_url = osc_change_user_email_confirm_url(Session::newInstance()->_get('userId'), $code); osc_run_hook('hook_email_new_email', Params::getParam('new_email'), $validation_url); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('The specified e-mail is already in use')); $this->redirectTo(osc_change_user_email_url()); } } break; case 'change_username': //change username $this->doView('user-change_username.php'); break; case 'change_username_post': //change username $username = osc_sanitize_username(Params::getParam('s_username')); osc_run_hook('before_username_change', Session::newInstance()->_get('userId'), $username); if ($username != '') { $user = User::newInstance()->findByUsername($username); if (isset($user['s_username'])) { osc_add_flash_error_message(_m('The specified username is already in use')); } else { if (!osc_is_username_blacklisted($username)) { User::newInstance()->update(array('s_username' => $username), array('pk_i_id' => Session::newInstance()->_get('userId'))); osc_add_flash_ok_message(_m('The username was updated')); osc_run_hook('after_username_change', Session::newInstance()->_get('userId'), Params::getParam('s_username')); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('The specified username is not valid, it contains some invalid words')); } } } else { osc_add_flash_error_message(_m('The specified username could not be empty')); } $this->redirectTo(osc_change_user_username_url()); break; case 'change_password': //change password $this->doView('user-change_password.php'); break; case 'change_password_post': //change password post osc_csrf_check(); $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId')); if (Params::getParam('password', false, false) == '' || Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_change_user_password_url()); } if (!osc_verify_password(Params::getParam('password', false, false), $user['s_password'])) { osc_add_flash_error_message(_m("Current password doesn't match")); $this->redirectTo(osc_change_user_password_url()); } if (!Params::getParam('new_password', false, false)) { osc_add_flash_error_message(_m("Passwords can't be empty")); $this->redirectTo(osc_change_user_password_url()); } if (Params::getParam('new_password', false, false) != Params::getParam('new_password2', false, false)) { osc_add_flash_error_message(_m("Passwords don't match")); $this->redirectTo(osc_change_user_password_url()); } User::newInstance()->update(array('s_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => Session::newInstance()->_get('userId'))); osc_add_flash_ok_message(_m('Password has been changed')); $this->redirectTo(osc_user_profile_url()); break; case 'items': // view items user $itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 10; $page = Params::getParam('iPage') > 0 ? Params::getParam('iPage') - 1 : 0; $itemType = Params::getParam('itemType'); $total_items = Item::newInstance()->countItemTypesByUserID(osc_logged_user_id(), $itemType); $total_pages = ceil($total_items / $itemsPerPage); $items = Item::newInstance()->findItemTypesByUserID(osc_logged_user_id(), $page * $itemsPerPage, $itemsPerPage, $itemType); $this->_exportVariableToView('items', $items); $this->_exportVariableToView('search_total_pages', $total_pages); $this->_exportVariableToView('search_total_items', $total_items); $this->_exportVariableToView('items_per_page', $itemsPerPage); $this->_exportVariableToView('items_type', $itemType); $this->_exportVariableToView('search_page', $page); $this->doView('user-items.php'); break; case 'activate_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $result = 0; if ($email != '' && $secret != '') { $result = Alerts::newInstance()->activate($email, $secret); } if ($result == 1) { osc_add_flash_ok_message(_m('Alert activated')); } else { osc_add_flash_error_message(_m('Oops! There was a problem trying to activate your alert. Please contact an administrator')); } $this->redirectTo(osc_base_url()); break; case 'unsub_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $id = Params::getParam('id'); $alert = Alerts::newInstance()->findByPrimaryKey($id); $result = 0; if (!empty($alert)) { if ($email == $alert['s_email'] && $secret == $alert['s_secret']) { $result = Alerts::newInstance()->unsub($id); } } if ($result == 1) { osc_add_flash_ok_message(_m('Unsubscribed correctly')); } else { osc_add_flash_error_message(_m('Oops! There was a problem trying to unsubscribe you. Please contact an administrator')); } $this->redirectTo(osc_user_alerts_url()); break; case 'delete': $id = Params::getParam('id'); $secret = Params::getParam('secret'); if (osc_is_web_user_logged_in()) { $user = User::newInstance()->findByPrimaryKey(osc_logged_user_id()); View::newInstance()->_exportVariableToView('user', $user); if (!empty($user) && osc_logged_user_id() == $id && $secret == $user['s_secret']) { User::newInstance()->deleteUser(osc_logged_user_id()); Session::newInstance()->_drop('userId'); Session::newInstance()->_drop('userName'); Session::newInstance()->_drop('userEmail'); Session::newInstance()->_drop('userPhone'); Cookie::newInstance()->pop('oc_userId'); Cookie::newInstance()->pop('oc_userSecret'); Cookie::newInstance()->set(); osc_add_flash_ok_message(_m("Your account have been deleted")); $this->redirectTo(osc_base_url()); } else { osc_add_flash_error_message(_m("Oops! you can not do that")); $this->redirectTo(osc_user_dashboard_url()); } } else { osc_add_flash_error_message(_m("Oops! you can not do that")); $this->redirectTo(osc_base_url()); } break; } }
<?php require_once PAYMENT_PRO_PATH . "CheckoutInvoicesDataTable.php"; if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie $listing_iDisplayLength = (int) Cookie::newInstance()->get_value('listing_iDisplayLength'); if ($listing_iDisplayLength == 0) { $listing_iDisplayLength = 10; } Params::setParam('iDisplayLength', $listing_iDisplayLength); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray(); $invoicesDataTable = new CheckoutInvoicesDataTable(); $invoicesDataTable->table($params); $aData = $invoicesDataTable->getData(); View::newInstance()->_exportVariableToView('aData', $aData); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . $_SERVER['QUERY_STRING']; if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); ob_get_clean();
function doModel() { switch ($this->action) { case 'login_post': //post execution for the login $admin = Admin::newInstance()->findByUsername(Params::getParam('user')); if ($admin) { if ($admin["s_password"] == sha1(Params::getParam('password'))) { if (Params::getParam('remember')) { //this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']); Cookie::newInstance()->push('oc_adminSecret', $secret); Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale')); Cookie::newInstance()->set(); } //we are logged in... let's go! Session::newInstance()->_set('adminId', $admin['pk_i_id']); Session::newInstance()->_set('adminUserName', $admin['s_username']); Session::newInstance()->_set('adminName', $admin['s_name']); Session::newInstance()->_set('adminEmail', $admin['s_email']); Session::newInstance()->_set('adminLocale', Params::getParam('locale')); } else { osc_add_flash_message(_m('The password is incorrect'), 'admin'); } } else { osc_add_flash_message(_m('That username does not exist'), 'admin'); } //returning logged in to the main page... $this->redirectTo(osc_admin_base_url()); break; case 'recover': //form to recover the password (in this case we have the form in /gui/) //#dev.conquer: we cannot use the doView here and only here $this->doView('gui/recover.php'); break; case 'recover_post': //post execution to recover the password $admin = Admin::newInstance()->findByEmail(Params::getParam('email')); if ($admin) { if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_message(_m('The Recaptcha code is wrong'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover'); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $newPassword = osc_genRandomPassword(40); Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id'])); $password_link = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword); $aPage = Page::newInstance()->findByInternalName('email_user_forgot_password'); $content = array(); $locale = osc_current_user_locale(); if (isset($aPage['locale'][$locale]['s_title'])) { $content = $aPage['locale'][$locale]; } else { $content = current($aPage['locale']); } if (!is_null($content)) { $words = array(); $words[] = array('{USER_NAME}', '{USER_EMAIL}', '{WEB_TITLE}', '{IP_ADDRESS}', '{PASSWORD_LINK}', '{DATE_TIME}'); $words[] = array($admin['s_name'], $admin['s_email'], osc_page_title(), $_SERVER['REMOTE_ADDR'], $password_link, date(osc_time_format() . ' ' . osc_date_format())); $title = osc_mailBeauty($content['s_title'], $words); $body = osc_mailBeauty($content['s_text'], $words); $emailParams = array('subject' => $title, 'to' => $admin['s_email'], 'to_name' => $admin['s_name'], 'body' => $body, 'alt_body' => $body); osc_sendMail($emailParams); } } osc_add_flash_message(_m('A new password has been sent to your e-mail'), 'admin'); $this->redirectTo(osc_admin_base_url()); break; case 'forgot': //form to recover the password (in this case we have the form in /gui/) $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if ($admin) { $this->doView('gui/forgot_password.php'); } else { osc_add_flash_message(_m('Sorry, the link is not valid'), 'admin'); $this->redirectTo(osc_admin_base_url()); } break; case 'forgot_post': $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if ($admin) { if (Params::getParam('new_password') == Params::getParam('new_password2')) { Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => $admin['pk_i_id'])); osc_add_flash_message(_m('The password has been changed'), 'admin'); $this->redirectTo(osc_admin_base_url()); } else { osc_add_flash_message(_m('Error, the password don\'t match'), 'admin'); $this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code'))); } } else { osc_add_flash_message(_m('Sorry, the link is not valid'), 'admin'); } $this->redirectTo(osc_admin_base_url()); break; } }
/** * @return boolean */ public function add() { $success = true; $aItem = $this->data; $code = osc_genRandomPassword(); $flash_error = ''; // Initiate HTML Purifier require_once LIB_PATH . 'htmlpurifier/HTMLPurifier.auto.php'; $config = HTMLPurifier_Config::createDefault(); $config->set('HTML.Allowed', 'b,strong,i,em,u,a[href|title],ul,ol,li,p[style],br,span[style]'); $config->set('CSS.AllowedProperties', 'font,font-size,font-weight,font-style,font-family,text-decoration,padding-left,color,background-color,text-align'); $config->set('Cache.SerializerPath', ABS_PATH . 'oc-content/uploads'); $purifier = new HTMLPurifier($config); // Requires email validation? $has_to_validate = osc_moderate_items() != -1 ? true : false; // Check status $active = $aItem['active']; // Sanitize foreach (@$aItem['title'] as $key => $value) { $aItem['title'][$key] = strip_tags(trim($value)); } foreach (@$aItem['description'] as $key => $value) { $aItem['description'][$key] = $purifier->purify($value); } $aItem['price'] = !is_null($aItem['price']) ? strip_tags(trim($aItem['price'])) : $aItem['price']; $contactName = osc_sanitize_name(strip_tags(trim($aItem['contactName']))); $contactEmail = strip_tags(trim($aItem['contactEmail'])); $aItem['cityArea'] = osc_sanitize_name(strip_tags(trim($aItem['cityArea']))); $aItem['address'] = osc_sanitize_name(strip_tags(trim($aItem['address']))); // Anonymous $contactName = osc_validate_text($contactName, 3) ? $contactName : __("Anonymous"); // Validate if (!$this->checkAllowedExt($aItem['photos'])) { $flash_error .= _m("Image with incorrect extension.") . PHP_EOL; } if (!$this->checkSize($aItem['photos'])) { $flash_error .= _m("Images too big. Max. size ") . osc_max_size_kb() . " Kb" . PHP_EOL; } $title_message = ''; foreach (@$aItem['title'] as $key => $value) { if (osc_validate_text($value, 1) && osc_validate_max($value, 100)) { $title_message = ''; break; } $title_message .= (!osc_validate_text($value, 1) ? _m("Title too short.") . PHP_EOL : '') . (!osc_validate_max($value, 100) ? _m("Title too long.") . PHP_EOL : ''); } $flash_error .= $title_message; $desc_message = ''; foreach (@$aItem['description'] as $key => $value) { if (osc_validate_text($value, 3) && osc_validate_max($value, 5000)) { $desc_message = ''; break; } $desc_message .= (!osc_validate_text($value, 3) ? _m("Description too short.") . PHP_EOL : '') . (!osc_validate_max($value, 5000) ? _m("Description too long.") . PHP_EOL : ''); } $flash_error .= $desc_message; $flash_error .= (!osc_validate_category($aItem['catId']) ? _m("Category invalid.") . PHP_EOL : '') . (!osc_validate_number($aItem['price']) ? _m("Price must be number.") . PHP_EOL : '') . (!osc_validate_max($aItem['price'], 15) ? _m("Price too long.") . PHP_EOL : '') . (!osc_validate_max($contactName, 35) ? _m("Name too long.") . PHP_EOL : '') . (!osc_validate_email($contactEmail) ? _m("Email invalid.") . PHP_EOL : '') . (!osc_validate_text($aItem['countryName'], 3, false) ? _m("Country too short.") . PHP_EOL : '') . (!osc_validate_max($aItem['countryName'], 50) ? _m("Country too long.") . PHP_EOL : '') . (!osc_validate_text($aItem['regionName'], 3, false) ? _m("Region too short.") . PHP_EOL : '') . (!osc_validate_max($aItem['regionName'], 50) ? _m("Region too long.") . PHP_EOL : '') . (!osc_validate_text($aItem['cityName'], 3, false) ? _m("City too short.") . PHP_EOL : '') . (!osc_validate_max($aItem['cityName'], 50) ? _m("City too long.") . PHP_EOL : '') . (!osc_validate_text($aItem['cityArea'], 3, false) ? _m("Municipality too short.") . PHP_EOL : '') . (!osc_validate_max($aItem['cityArea'], 50) ? _m("Municipality too long.") . PHP_EOL : '') . (!osc_validate_text($aItem['address'], 3, false) ? _m("Address too short.") . PHP_EOL : '') . (!osc_validate_max($aItem['address'], 100) ? _m("Address too long.") . PHP_EOL : '') . (time() - Session::newInstance()->_get('last_submit_item') < osc_items_wait_time() && !$this->is_admin ? _m("Too fast. You should wait a little to publish your ad.") . PHP_EOL : ''); $meta = Params::getParam("meta"); if ($meta != '' && count($meta) > 0) { $mField = Field::newInstance(); foreach ($meta as $k => $v) { if ($v == '') { $field = $mField->findByPrimaryKey($k); if ($field['b_required'] == 1) { $flash_error .= sprintf(_m("%s field is required."), $field['s_name']); } } } } // hook pre add or edit osc_run_hook('pre_item_post'); // Handle error if ($flash_error) { return $flash_error; } else { $this->manager->insert(array('fk_i_user_id' => $aItem['userId'], 'dt_pub_date' => date('Y-m-d H:i:s'), 'fk_i_category_id' => $aItem['catId'], 'i_price' => $aItem['price'], 'fk_c_currency_code' => $aItem['currency'], 's_contact_name' => $contactName, 's_contact_email' => $contactEmail, 's_secret' => $code, 'b_active' => $active == 'ACTIVE' ? 1 : 0, 'b_enabled' => 1, 'b_show_email' => $aItem['showEmail'])); if (!$this->is_admin) { // Track spam delay: Session Session::newInstance()->_set('last_submit_item', time()); // Track spam delay: Cookie Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('last_submit_item', time()); Cookie::newInstance()->set(); } $itemId = $this->manager->dao->insertedId(); Log::newInstance()->insertLog('item', 'add', $itemId, current(array_values($aItem['title'])), $this->is_admin ? 'admin' : 'user', $this->is_admin ? osc_logged_admin_id() : osc_logged_user_id()); Params::setParam('itemId', $itemId); // INSERT title and description locales $this->insertItemLocales('ADD', $aItem['title'], $aItem['description'], $itemId); // INSERT location item $location = array('fk_i_item_id' => $itemId, 'fk_c_country_code' => $aItem['countryId'], 's_country' => $aItem['countryName'], 'fk_i_region_id' => $aItem['regionId'], 's_region' => $aItem['regionName'], 'fk_i_city_id' => $aItem['cityId'], 's_city' => $aItem['cityName'], 's_city_area' => $aItem['cityArea'], 's_address' => $aItem['address']); $locationManager = ItemLocation::newInstance(); $locationManager->insert($location); $this->uploadItemResources($aItem['photos'], $itemId); /** * META FIELDS */ if ($meta != '' && count($meta) > 0) { $mField = Field::newInstance(); foreach ($meta as $k => $v) { $mField->replace($itemId, $k, $v); } } osc_run_hook('item_form_post', $aItem['catId'], $itemId); // We need at least one record in t_item_stats $mStats = new ItemStats(); $mStats->emptyRow($itemId); $item = $this->manager->findByPrimaryKey($itemId); $aItem['item'] = $item; osc_run_hook('after_item_post'); Session::newInstance()->_set('last_publish_time', time()); if (!$this->is_admin) { $this->sendEmails($aItem); } if ($active == 'INACTIVE') { return 1; } else { if ($aItem['userId'] != null) { $user = User::newInstance()->findByPrimaryKey($aItem['userId']); if ($user) { User::newInstance()->update(array('i_items' => $user['i_items'] + 1), array('pk_i_id' => $user['pk_i_id'])); } } CategoryStats::newInstance()->increaseNumItems($aItem['catId']); return 2; } } return $success; }
/** * Validate time between two items added/comments * * @param string $type * @return boolean */ function osc_validate_spam_delay($type = 'item') { if ($type == 'item') { $delay = osc_item_spam_delay(); $saved_as = 'last_submit_item'; } else { $delay = osc_comment_spam_delay(); $saved_as = 'last_submit_comment'; } // check $_SESSION if (Session::newInstance()->_get($saved_as) + $delay > time() || Cookie::newInstance()->get_value($saved_as) + $delay > time()) { return false; } return true; }
function doModel() { parent::doModel(); //specific things for this class switch ($this->action) { case 'create': // calling create view $aRegions = array(); $aCities = array(); $aCountries = Country::newInstance()->listAll(); if (isset($aCountries[0]['pk_c_code'])) { $aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']); } if (isset($aRegions[0]['pk_i_id'])) { $aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']); } $this->_exportVariableToView('user', null); $this->_exportVariableToView('countries', $aCountries); $this->_exportVariableToView('regions', $aRegions); $this->_exportVariableToView('cities', $aCities); $this->_exportVariableToView('locales', OSCLocale::newInstance()->listAllEnabled()); $this->doView("users/frm.php"); break; case 'create_post': // creating the user... osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; $userActions = new UserActions(true); $success = $userActions->add(); switch ($success) { case 1: osc_add_flash_ok_message(_m("The user has been created. We've sent an activation e-mail"), 'admin'); break; case 2: osc_add_flash_ok_message(_m('The user has been created successfully'), 'admin'); break; default: osc_add_flash_error_message($success, 'admin'); break; } $this->redirectTo(osc_admin_base_url(true) . '?page=users'); break; case 'edit': // calling the edit view $aUser = $this->userManager->findByPrimaryKey(Params::getParam("id")); $aCountries = Country::newInstance()->listAll(); $aRegions = array(); if ($aUser['fk_c_country_code'] != '') { $aRegions = Region::newInstance()->findByCountry($aUser['fk_c_country_code']); } else { if (count($aCountries) > 0) { $aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']); } } $aCities = array(); if ($aUser['fk_i_region_id'] != '') { $aCities = City::newInstance()->findByRegion($aUser['fk_i_region_id']); } else { if (count($aRegions) > 0) { $aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']); } } $csrf_token = osc_csrf_token_url(); if ($aUser['b_active']) { $actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=users&action=deactivate&id[]=' . $aUser['pk_i_id'] . '&' . $csrf_token . '&value=INACTIVE">' . __('Deactivate') . '</a>'; } else { $actions[] = '<a class="btn btn-red float-left" href="' . osc_admin_base_url(true) . '?page=users&action=activate&id[]=' . $aUser['pk_i_id'] . '&' . $csrf_token . '&value=ACTIVE">' . __('Activate') . '</a>'; } if ($aUser['b_enabled']) { $actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=users&action=disable&id[]=' . $aUser['pk_i_id'] . '&' . $csrf_token . '&value=DISABLE">' . __('Block') . '</a>'; } else { $actions[] = '<a class="btn btn-red float-left" href="' . osc_admin_base_url(true) . '?page=users&action=enable&id[]=' . $aUser['pk_i_id'] . '&' . $csrf_token . '&value=ENABLE">' . __('Unblock') . '</a>'; } $this->_exportVariableToView("actions", $actions); $this->_exportVariableToView("user", $aUser); $this->_exportVariableToView("countries", $aCountries); $this->_exportVariableToView("regions", $aRegions); $this->_exportVariableToView("cities", $aCities); $this->_exportVariableToView("locales", OSCLocale::newInstance()->listAllEnabled()); $this->doView("users/frm.php"); break; case 'edit_post': // edit post osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; $userActions = new UserActions(true); $success = $userActions->edit(Params::getParam("id")); if ($success == 1) { osc_add_flash_ok_message(_m('The user has been updated'), 'admin'); } else { if ($success == 2) { osc_add_flash_ok_message(_m('The user has been updated and activated'), 'admin'); } else { osc_add_flash_error_message($success); $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=edit&id=' . Params::getParam('id')); } } $this->redirectTo(osc_admin_base_url(true) . '?page=users'); break; case 'resend_activation': //activate osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; $iUpdated = 0; $userId = Params::getParam('id'); if (!is_array($userId)) { osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users'); } $userActions = new UserActions(true); foreach ($userId as $id) { $iUpdated += $userActions->resend_activation($id); } if ($iUpdated == 0) { osc_add_flash_error_message(_m('No users have been selected'), 'admin'); } else { osc_add_flash_ok_message(sprintf(_mn('Activation email sent to one user', 'Activation email sent to %s users', $iUpdated), $iUpdated), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=users'); break; case 'activate': //activate osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; $iUpdated = 0; $userId = Params::getParam('id'); if (!is_array($userId)) { osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users'); } $userActions = new UserActions(true); foreach ($userId as $id) { $iUpdated += $userActions->activate($id); } if ($iUpdated == 0) { $msg = _m('No users have been activated'); } else { $msg = sprintf(_mn('One user has been activated', '%s users have been activated', $iUpdated), $iUpdated); } osc_add_flash_ok_message($msg, 'admin'); $this->redirectTo($_SERVER['HTTP_REFERER']); break; case 'deactivate': //deactivate osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; $iUpdated = 0; $userId = Params::getParam('id'); if (!is_array($userId)) { osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users'); } $userActions = new UserActions(true); foreach ($userId as $id) { $iUpdated += $userActions->deactivate($id); } if ($iUpdated == 0) { $msg = _m('No users have been deactivated'); } else { $msg = sprintf(_mn('One user has been deactivated', '%s users have been deactivated', $iUpdated), $iUpdated); } osc_add_flash_ok_message($msg, 'admin'); $this->redirectTo($_SERVER['HTTP_REFERER']); break; case 'enable': osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; $iUpdated = 0; $userId = Params::getParam('id'); if (!is_array($userId)) { osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users'); } $userActions = new UserActions(true); foreach ($userId as $id) { $iUpdated += $userActions->enable($id); } if ($iUpdated == 0) { $msg = _m('No users have been enabled'); } else { $msg = sprintf(_mn('One user has been unblocked', '%s users have been unblocked', $iUpdated), $iUpdated); } osc_add_flash_ok_message($msg, 'admin'); $this->redirectTo($_SERVER['HTTP_REFERER']); break; case 'disable': osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; $iUpdated = 0; $userId = Params::getParam('id'); if (!is_array($userId)) { osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users'); } $userActions = new UserActions(true); foreach ($userId as $id) { $iUpdated += $userActions->disable($id); } if ($iUpdated == 0) { $msg = _m('No users have been disabled'); } else { $msg = sprintf(_mn('One user has been blocked', '%s users have been blocked', $iUpdated), $iUpdated); } osc_add_flash_ok_message($msg, 'admin'); $this->redirectTo($_SERVER['HTTP_REFERER']); break; case 'delete': //delete osc_csrf_check(); $iDeleted = 0; $userId = Params::getParam('id'); if (!is_array($userId)) { osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users'); } foreach ($userId as $id) { $user = $this->userManager->findByPrimaryKey($id); Log::newInstance()->insertLog('user', 'delete', $id, $user['s_email'], 'admin', osc_logged_admin_id()); if ($this->userManager->deleteUser($id)) { $iDeleted++; } } if ($iDeleted == 0) { $msg = _m('No users have been deleted'); } else { $msg = sprintf(_mn('One user has been deleted', '%s users have been deleted', $iDeleted), $iDeleted); } osc_add_flash_ok_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users'); break; case 'delete_alerts': //delete $iDeleted = 0; $alertId = Params::getParam('alert_id'); if (!is_array($alertId)) { osc_add_flash_error_message(_m("Alert id isn't in the correct format"), 'admin'); if (Params::getParam('user_id') == '') { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=alerts'); } else { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=edit&id=' . Params::getParam('user_id')); } } $mAlerts = new Alerts(); foreach ($alertId as $id) { Log::newInstance()->insertLog('user', 'delete_alerts', $id, $id, 'admin', osc_logged_admin_id()); $iDeleted += $mAlerts->delete(array('pk_i_id' => $id)); } if ($iDeleted == 0) { $msg = _m('No alerts have been deleted'); } else { $msg = sprintf(_mn('One alert has been deleted', '%s alerts have been deleted', $iDeleted), $iDeleted); } osc_add_flash_ok_message($msg, 'admin'); if (Params::getParam('user_id') == '') { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=alerts'); } else { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=edit&id=' . Params::getParam('user_id')); } break; case 'status_alerts': //delete $status = Params::getParam("status"); $iUpdated = 0; $alertId = Params::getParam('alert_id'); if (!is_array($alertId)) { osc_add_flash_error_message(_m("Alert id isn't in the correct format"), 'admin'); if (Params::getParam('user_id') == '') { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=alerts'); } else { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=edit&id=' . Params::getParam('user_id')); } } $mAlerts = new Alerts(); foreach ($alertId as $id) { if ($status == 1) { $iUpdated += $mAlerts->activate($id); } else { $iUpdated += $mAlerts->deactivate($id); } } if ($status == 1) { if ($iUpdated == 0) { $msg = _m('No alerts have been activated'); } else { $msg = sprintf(_mn('One alert has been activated', '%s alerts have been activated', $iUpdated), $iUpdated); } } else { if ($iUpdated == 0) { $msg = _m('No alerts have been deactivated'); } else { $msg = sprintf(_mn('One alert has been deactivated', '%s alerts have been deactivated', $iUpdated), $iUpdated); } } osc_add_flash_ok_message($msg, 'admin'); if (Params::getParam('user_id') == '') { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=alerts'); } else { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=edit&id=' . Params::getParam('user_id')); } break; case 'settings': // calling the users settings view $this->doView('users/settings.php'); break; case 'settings_post': // updating users osc_csrf_check(); $iUpdated = 0; $enabledUserValidation = Params::getParam('enabled_user_validation'); $enabledUserValidation = $enabledUserValidation != '' ? true : false; $enabledUserRegistration = Params::getParam('enabled_user_registration'); $enabledUserRegistration = $enabledUserRegistration != '' ? true : false; $enabledUsers = Params::getParam('enabled_users'); $enabledUsers = $enabledUsers != '' ? true : false; $notifyNewUser = Params::getParam('notify_new_user'); $notifyNewUser = $notifyNewUser != '' ? true : false; $usernameBlacklistTmp = explode(",", Params::getParam('username_blacklist')); foreach ($usernameBlacklistTmp as $k => $v) { $usernameBlacklistTmp[$k] = strtolower(trim($v)); } $usernameBlacklist = implode(",", $usernameBlacklistTmp); $iUpdated += osc_set_preference('enabled_user_validation', $enabledUserValidation); $iUpdated += osc_set_preference('enabled_user_registration', $enabledUserRegistration); $iUpdated += osc_set_preference('enabled_users', $enabledUsers); $iUpdated += osc_set_preference('notify_new_user', $notifyNewUser); $iUpdated += osc_set_preference('username_blacklist', $usernameBlacklist); if ($iUpdated > 0) { osc_add_flash_ok_message(_m("User settings have been updated"), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=settings'); break; case 'alerts': // manage alerts view require_once osc_lib_path() . "osclass/classes/datatables/AlertsDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') { Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength')); } else { Params::setParam('iDisplayLength', 10); } } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray(); $alertsDataTable = new AlertsDataTable(); $alertsDataTable->table($params); $aData = $alertsDataTable->getData(); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . $_SERVER['QUERY_STRING']; if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('aRawRows', $alertsDataTable->rawRows()); $this->doView("users/alerts.php"); break; case 'ban': // manage ban rules view if (Params::getParam("action") != "") { osc_run_hook("ban_rules_bulk_" . Params::getParam("action"), Params::getParam('id')); } require_once osc_lib_path() . "osclass/classes/datatables/BanRulesDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') { Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength')); } else { Params::setParam('iDisplayLength', 10); } } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray(); $banRulesDataTable = new BanRulesDataTable(); $banRulesDataTable->table($params); $aData = $banRulesDataTable->getData(); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . $_SERVER['QUERY_STRING']; if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('aRawRows', $banRulesDataTable->rawRows()); $bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete_ban_rule', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected ban rules?'), strtolower(__('Delete'))), 'label' => __('Delete'))); $bulk_options = osc_apply_filter("ban_rule_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); //calling the view... $this->doView('users/ban.php'); break; case 'edit_ban_rule': $this->_exportVariableToView('rule', BanRule::newInstance()->findByPrimaryKey(Params::getParam('id'))); $this->doView('users/ban_frm.php'); break; case 'edit_ban_rule_post': osc_csrf_check(); if (Params::getParam('s_ip') == '' && Params::getParam('s_email') == '') { osc_add_flash_warning_message(_m("Both rules can not be empty"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban'); } BanRule::newInstance()->update(array('s_name' => Params::getParam('s_name'), 's_ip' => Params::getParam('s_ip'), 's_email' => strtolower(Params::getParam('s_email'))), array('pk_i_id' => Params::getParam('id'))); osc_add_flash_ok_message(_m('Rule updated correctly'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban'); break; case 'create_ban_rule': $this->_exportVariableToView('rule', null); $this->doView('users/ban_frm.php'); break; case 'create_ban_rule_post': osc_csrf_check(); if (Params::getParam('s_ip') == '' && Params::getParam('s_email') == '') { osc_add_flash_warning_message(_m("Both rules can not be empty"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban'); } BanRule::newInstance()->insert(array('s_name' => Params::getParam('s_name'), 's_ip' => Params::getParam('s_ip'), 's_email' => strtolower(Params::getParam('s_email')))); osc_add_flash_ok_message(_m('Rule saved correctly'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban'); break; case 'delete_ban_rule': //delete ban rules osc_csrf_check(); $iDeleted = 0; $ruleId = Params::getParam('id'); if (!is_array($ruleId)) { osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban'); } $ruleMgr = BanRule::newInstance(); foreach ($ruleId as $id) { if ($ruleMgr->deleteByPrimaryKey($id)) { $iDeleted++; } } if ($iDeleted == 0) { $msg = _m('No rules have been deleted'); } else { $msg = sprintf(_mn('One ban rule has been deleted', '%s ban rules have been deleted', $iDeleted), $iDeleted); } osc_add_flash_ok_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban'); break; default: // manage users view if (Params::getParam("action") != "") { osc_run_hook("user_bulk_" . Params::getParam("action"), Params::getParam('id')); } require_once osc_lib_path() . "osclass/classes/datatables/UsersDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') { Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength')); } else { Params::setParam('iDisplayLength', 10); } } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray(); $usersDataTable = new UsersDataTable(); $usersDataTable->table($params); $aData = $usersDataTable->getData(); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . $_SERVER['QUERY_STRING']; if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('withFilters', $usersDataTable->withFilters()); $this->_exportVariableToView('aRawRows', $usersDataTable->rawRows()); $bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'activate', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Activate'))), 'label' => __('Activate')), array('value' => 'deactivate', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Deactivate'))), 'label' => __('Deactivate')), array('value' => 'enable', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Unblock'))), 'label' => __('Unblock')), array('value' => 'disable', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Block'))), 'label' => __('Block')), array('value' => 'delete', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Delete'))), 'label' => __('Delete'))); if (osc_user_validation_enabled()) { $bulk_options[] = array('value' => 'resend_activation', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Resend the activation to'))), 'label' => __('Resend activation')); } $bulk_options = osc_apply_filter("user_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); //calling the view... $this->doView('users/index.php'); break; } }
function doModel() { switch ($this->action) { case 'login_post': //post execution for the login osc_csrf_check(); osc_run_hook('before_login_admin'); $url_redirect = osc_get_http_referer(); $page_redirect = ''; $password = Params::getParam('password', false, false); if (preg_match('|[\\?&]page=([^&]+)|', $url_redirect . '&', $match)) { $page_redirect = $match[1]; } if ($page_redirect == '' || $page_redirect == 'login' || $url_redirect == '') { $url_redirect = osc_admin_base_url(); } if (Params::getParam('user') == '') { osc_add_flash_error_message(_m('The username field is empty'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } if (Params::getParam('password', false, false) == '') { osc_add_flash_error_message(_m('The password field is empty'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } // fields are not empty $admin = Admin::newInstance()->findByUsername(Params::getParam('user')); if (!$admin) { osc_add_flash_error_message(sprintf(_m('Sorry, incorrect username. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } if (!osc_verify_password($password, $admin['s_password'])) { osc_add_flash_error_message(sprintf(_m('Sorry, incorrect password. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } else { if (@$admin['s_password'] != '') { if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $admin['s_password'], $cost)) { if ($cost[1] != BCRYPT_COST) { Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id'])); } } else { Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id'])); } } } if (Params::getParam('remember')) { // this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']); Cookie::newInstance()->push('oc_adminSecret', $secret); Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale')); Cookie::newInstance()->set(); } // we are logged in... let's go! Session::newInstance()->_set('adminId', $admin['pk_i_id']); Session::newInstance()->_set('adminUserName', $admin['s_username']); Session::newInstance()->_set('adminName', $admin['s_name']); Session::newInstance()->_set('adminEmail', $admin['s_email']); Session::newInstance()->_set('adminLocale', Params::getParam('locale')); osc_run_hook('login_admin', $admin); $this->redirectTo($url_redirect); break; case 'recover': // form to recover the password (in this case we have the form in /gui/) $this->doView('gui/recover.php'); break; case 'recover_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url()); } osc_csrf_check(); // post execution to recover the password $admin = Admin::newInstance()->findByEmail(Params::getParam('email')); if ($admin) { if (osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The reCAPTCHA code is wrong'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover'); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $newPassword = osc_genRandomPassword(40); Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id'])); $password_url = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword); osc_run_hook('hook_email_user_forgot_password', $admin, $password_url); } osc_add_flash_ok_message(_m('A new password has been sent to your e-mail'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login'); break; case 'forgot': // form to recover the password (in this case we have the form in /gui/) $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if (!$admin) { osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin'); $this->redirectTo(osc_admin_base_url()); } $this->doView('gui/forgot_password.php'); break; case 'forgot_post': osc_csrf_check(); $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if (!$admin) { osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin'); $this->redirectTo(osc_admin_base_url()); } if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) { Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $admin['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login'); } else { osc_add_flash_error_message(_m("Error, the passwords don't match"), 'admin'); $this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code'))); } break; default: //osc_run_hook( 'init_admin' ); Session::newInstance()->_setReferer(osc_get_http_referer()); $this->doView('gui/login.php'); break; } }
/** * @return boolean */ public function add() { $aItem = $this->data; $is_spam = 0; $enabled = 1; $code = osc_genRandomPassword(); $flash_error = ''; // Requires email validation? $has_to_validate = (osc_moderate_items() != -1) ? true : false; // Check status $active = $aItem['active']; // Sanitize foreach(@$aItem['title'] as $key=>$value) { $aItem['title'][$key] = strip_tags( trim ( $value ) ); } $aItem['price'] = !is_null($aItem['price']) ? strip_tags( trim( $aItem['price'] ) ) : $aItem['price']; $contactName = strip_tags( trim( $aItem['contactName'] ) ); $contactEmail = strip_tags( trim( $aItem['contactEmail'] ) ); $aItem['cityArea'] = osc_sanitize_name( strip_tags( trim( $aItem['cityArea'] ) ) ); $aItem['address'] = osc_sanitize_name( strip_tags( trim( $aItem['address'] ) ) ); // Anonymous $contactName = (osc_validate_text($contactName,3))? $contactName : __("Anonymous"); // Validate if ( !$this->checkAllowedExt($aItem['photos']) ) { $flash_error .= _m("Image with an incorrect extension.") . PHP_EOL; } if ( !$this->checkSize($aItem['photos']) ) { $flash_error .= _m("Image is too big. Max. size") . osc_max_size_kb() ." Kb" . PHP_EOL; } $title_message = ''; foreach(@$aItem['title'] as $key => $value) { if( osc_validate_text($value, 1) && osc_validate_max($value, osc_max_characters_per_title()) ) { $title_message = ''; break; } $title_message .= (!osc_validate_text($value, 1) ? sprintf(_m("Title too short (%s)."), $key) . PHP_EOL : '' ) . (!osc_validate_max($value, osc_max_characters_per_title()) ? sprintf(_m("Title too long (%s)."), $key) . PHP_EOL : '' ); } $flash_error .= $title_message; $desc_message = ''; foreach(@$aItem['description'] as $key => $value) { if( osc_validate_text($value, 3) && osc_validate_max($value, osc_max_characters_per_description()) ) { $desc_message = ''; break; } $desc_message .= (!osc_validate_text($value, 3) ? sprintf(_m("Description too short (%s)."), $key) . PHP_EOL : '' ) . (!osc_validate_max($value, osc_max_characters_per_description()) ? sprintf(_m("Description too long (%s)."), $key). PHP_EOL : '' ); } $flash_error .= $desc_message; // akismet check spam ... if( $this->_akismet_text( $aItem['title'], $aItem['description'] , $contactName, $contactEmail) ) { $is_spam = 1; } $flash_error .= ((!osc_validate_category($aItem['catId'])) ? _m("Category invalid.") . PHP_EOL : '' ) . ((!osc_validate_number($aItem['price'])) ? _m("Price must be a number.") . PHP_EOL : '' ) . ((!osc_validate_max(number_format($aItem['price'],0,'',''), 15)) ? _m("Price too long.") . PHP_EOL : '' ) . ((!is_null($aItem['price']) && (int)$aItem['price']<0 ) ? _m('Price must be positive number.') . PHP_EOL : '' ) . ((!osc_validate_max($contactName, 35)) ? _m("Name too long.") . PHP_EOL : '' ) . ((!osc_validate_email($contactEmail)) ? _m("Email invalid.") . PHP_EOL : '' ) . ((!osc_validate_text($aItem['countryName'], 2, false)) ? _m("Country too short.") . PHP_EOL : '' ) . ((!osc_validate_max($aItem['countryName'], 50)) ? _m("Country too long.") . PHP_EOL : '' ) . ((!osc_validate_text($aItem['regionName'], 2, false)) ? _m("Region too short.") . PHP_EOL : '' ) . ((!osc_validate_max($aItem['regionName'], 50)) ? _m("Region too long.") . PHP_EOL : '' ) . ((!osc_validate_text($aItem['cityName'], 2, false)) ? _m("City too short.") . PHP_EOL : '' ) . ((!osc_validate_max($aItem['cityName'], 50)) ? _m("City too long.") . PHP_EOL : '' ) . ((!osc_validate_text($aItem['cityArea'], 2, false)) ? _m("Municipality too short.") . PHP_EOL : '' ) . ((!osc_validate_max($aItem['cityArea'], 50)) ? _m("Municipality too long.") . PHP_EOL : '' ) . ((!osc_validate_text($aItem['address'], 3, false)) ? _m("Address too short.") . PHP_EOL : '' ) . ((!osc_validate_max($aItem['address'], 100)) ? _m("Address too long.") . PHP_EOL : '' ) . ((((time() - Session::newInstance()->_get('last_submit_item')) < osc_items_wait_time()) && !$this->is_admin) ? _m("Too fast. You should wait a little to publish your ad.") . PHP_EOL : '' ); $_meta = Field::newInstance()->findByCategory($aItem['catId']); $meta = Params::getParam("meta"); foreach($_meta as $_m) { $meta[$_m['pk_i_id']] = (isset($meta[$_m['pk_i_id']]))?$meta[$_m['pk_i_id']]:''; } if($meta!='' && count($meta)>0) { $mField = Field::newInstance(); foreach($meta as $k => $v) { if($v=='') { $field = $mField->findByPrimaryKey($k); if($field['b_required']==1) { $flash_error .= sprintf(_m("%s field is required."), $field['s_name']) . PHP_EOL; } } } } // hook pre add or edit // DEPRECATED: pre_item_post will be removed in 3.4 osc_run_hook('pre_item_post'); osc_run_hook('pre_item_add', $aItem); // Handle error if ($flash_error) { $success = $flash_error; } else { if($aItem['price']!='') { $aItem['currency'] = $aItem['currency']; } else { $aItem['currency'] = NULL; } $this->manager->insert(array( 'fk_i_user_id' => $aItem['userId'], 'dt_pub_date' => date('Y-m-d H:i:s'), 'fk_i_category_id' => $aItem['catId'], 'i_price' => $aItem['price'], 'fk_c_currency_code' => $aItem['currency'], 's_contact_name' => $contactName, 's_contact_email' => $contactEmail, 's_secret' => $code, 'b_active' => ($active=='ACTIVE'?1:0), 'b_enabled' => $enabled, 'b_show_email' => $aItem['showEmail'], 'b_spam' => $is_spam, 's_ip' => $aItem['s_ip'] )); if(!$this->is_admin) { // Track spam delay: Session Session::newInstance()->_set('last_submit_item', time()); // Track spam delay: Cookie Cookie::newInstance()->set_expires( osc_time_cookie() ); Cookie::newInstance()->push('last_submit_item', time()); Cookie::newInstance()->set(); } $itemId = $this->manager->dao->insertedId(); Log::newInstance()->insertLog('item', 'add', $itemId, current(array_values($aItem['title'])), $this->is_admin?'admin':'user', $this->is_admin?osc_logged_admin_id():osc_logged_user_id()); Params::setParam('itemId', $itemId); // INSERT title and description locales $this->insertItemLocales('ADD', $aItem['title'], $aItem['description'], $itemId ); $location = array( 'fk_i_item_id' => $itemId, 'fk_c_country_code' => $aItem['countryId'], 's_country' => $aItem['countryName'], 'fk_i_region_id' => $aItem['regionId'], 's_region' => $aItem['regionName'], 'fk_i_city_id' => $aItem['cityId'], 's_city' => $aItem['cityName'], 's_city_area' => $aItem['cityArea'], 's_address' => $aItem['address'], 'd_coord_lat' => $aItem['d_coord_lat'], 'd_coord_long' => $aItem['d_coord_long'], 's_zip' => $aItem['s_zip'] ); $locationManager = ItemLocation::newInstance(); $locationManager->insert($location); $this->uploadItemResources( $aItem['photos'] , $itemId); // update dt_expiration at t_item $dt_expiration = Item::newInstance()->updateExpirationDate($itemId, $aItem['dt_expiration']); /** * META FIELDS */ if($meta!='' && count($meta)>0) { $mField = Field::newInstance(); foreach($meta as $k => $v) { // if dateinterval if(is_array($v) && !isset($v['from']) && !isset($v['to']) ) { $v = implode(',', $v); } $mField->replace($itemId, $k, $v); } } // We need at least one record in t_item_stats $mStats = new ItemStats(); $mStats->emptyRow($itemId); $item = $this->manager->findByPrimaryKey($itemId); $aItem['item'] = $item; Session::newInstance()->_set('last_publish_time', time()); if(!$this->is_admin) { $this->sendEmails($aItem); } if($active=='INACTIVE') { $success = 1; } else { $aAux = array( 'fk_i_user_id' => $aItem['userId'], 'fk_i_category_id' => $aItem['catId'], 'fk_c_country_code' => $location['fk_c_country_code'], 'fk_i_region_id' => $location['fk_i_region_id'], 'fk_i_city_id' => $location['fk_i_city_id'] ); // if is_spam not increase stats if($is_spam == 0) { $this->_increaseStats($aAux); } $success = 2; } // THIS HOOK IS FINE, YAY! osc_run_hook('posted_item', $item); } return $success; }
function doModel() { switch ($this->action) { case 'login_post': //post execution for the login $user = User::newInstance()->findByEmail(Params::getParam('email')); if (!$user) { osc_add_flash_message(_m('The username doesn\'t exist')); $this->redirectTo(osc_user_login_url()); } if (!$user['b_enabled']) { osc_add_flash_message(_m('The user has not been validated yet')); $this->redirectTo(osc_user_login_url()); } if ($user["s_password"] == sha1(Params::getParam('password'))) { if (Params::getParam('remember') == 1) { //this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_userId', $user['pk_i_id']); Cookie::newInstance()->push('oc_userSecret', $secret); Cookie::newInstance()->set(); } //we are logged in... let's go! Session::newInstance()->_set('userId', $user['pk_i_id']); Session::newInstance()->_set('userName', $user['s_name']); Session::newInstance()->_set('userEmail', $user['s_email']); $phone = $user['s_phone_mobile'] ? $user['s_phone_mobile'] : $user['s_phone_land']; Session::newInstance()->_set('userPhone', $phone); } else { osc_add_flash_message(_m('The password is incorrect')); } //returning logged in to the main page... $this->redirectTo(osc_user_dashboard_url()); break; case 'recover': //form to recover the password (in this case we have the form in /gui/) $this->doView('user-recover.php'); break; case 'recover_post': //post execution to recover the password require_once LIB_PATH . 'osclass/UserActions.php'; $userActions = new UserActions(false); $recaptcha_ok = $userActions->recover_password(); if ($recaptcha_ok) { // We ALWAYS show the same message, so we don't give clues about which emails are in our database and which don't! osc_add_flash_message(_m('We have sent you an email with the instructions to reset your password')); $this->redirectTo(osc_base_url()); } else { osc_add_flash_message(_m('The recaptcha code is wrong')); $this->redirectTo(osc_recover_user_password_url()); } break; case 'forgot': //form to recover the password (in this case we have the form in /gui/) $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user) { $this->doView('user-forgot_password.php'); } else { osc_add_flash_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'forgot_post': $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user) { if (Params::getParam('new_password') == Params::getParam('new_password2')) { User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => $_SERVER['REMOTE_ADDR'], 's_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_message(_m('The password has been changed')); $this->redirectTo(osc_user_login_url()); } else { osc_add_flash_message(_m('Error, the password don\'t match')); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } } else { osc_add_flash_message(_m('Sorry, the link is not valid')); } $this->redirectTo(osc_base_url()); break; default: //login if (osc_logged_user_id() != '') { $this->redirectTo(osc_user_dashboard_url()); } $this->doView('user-login.php'); } }