function doModel() { switch ($this->action) { case 'contact_post': //contact_post $yourName = Params::getParam('yourName'); $yourEmail = Params::getParam('yourEmail'); $subject = Params::getParam('subject'); $message = Params::getParam('message'); if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); Session::newInstance()->_setForm("yourName", $yourName); Session::newInstance()->_setForm("yourEmail", $yourEmail); Session::newInstance()->_setForm("subject", $subject); Session::newInstance()->_setForm("message_body", $message); $this->redirectTo(osc_contact_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } if (!preg_match('|.*?@.{2,}\\..{2,}|', $yourEmail)) { osc_add_flash_error_message(_m('Please enter a correct email')); Session::newInstance()->_setForm("yourName", $yourName); Session::newInstance()->_setForm("subject", $subject); Session::newInstance()->_setForm("message_body", $message); $this->redirectTo(osc_contact_url()); } $message = sprintf(__("%s (%s) left this message : %s"), $yourName, $yourEmail, $message); $params = array('reply_to' => $yourEmail, 'subject' => '[' . osc_page_title() . '] ' . __('Contact form') . ': ' . $subject, 'to' => osc_contact_email(), 'to_name' => __('Administrator'), 'body' => $message, 'alt_body' => $message); if (osc_contact_attachment()) { $attachment = Params::getFiles('attachment'); $resourceName = $attachment['name']; $tmpName = $attachment['tmp_name']; $resourceType = $attachment['type']; $path = osc_content_path() . 'uploads/' . time() . '_' . $resourceName; if (!is_writable(osc_content_path() . 'uploads/')) { osc_add_flash_error_message(_m('There have been some errors sending the message')); $this->redirectTo(osc_contact_url()); } if (!move_uploaded_file($tmpName, $path)) { unset($path); } } if (isset($path)) { $params['attachment'] = $path; } osc_sendMail($params); osc_add_flash_ok_message(_m('Your email has been sent properly. Thank you for contacting us!')); $this->redirectTo(osc_contact_url()); break; default: //contact $this->doView('contact.php'); } }
/** * Set up groups of files as sources * * @param array $options controller and Minify options * @return array Minify options * */ public function setupSources($options) { // PHP insecure by default: realpath() and other FS functions can't handle null bytes. if (Params::existParam('files')) { Params::setParam('files', str_replace("", '', (string) Params::getParam('files'))); } self::_setupDefines(); if (MINIFY_USE_CACHE) { $cacheDir = defined('MINIFY_CACHE_DIR') ? MINIFY_CACHE_DIR : ''; Minify::setCache($cacheDir); } $options['badRequestHeader'] = 'HTTP/1.0 404 Not Found'; $options['contentTypeCharset'] = MINIFY_ENCODING; // The following restrictions are to limit the URLs that minify will // respond to. Ideally there should be only one way to reference a file. if (!Params::existParam('files') || !preg_match('/^[^,]+\\.(css|js)(,[^,]+\\.\\1)*$/', Params::getParam('files'), $m) || strpos(Params::getParam('files'), '//') !== false || strpos(Params::getParam('files'), '\\') !== false || preg_match('/(?:^|[^\\.])\\.\\//', Params::getParam('files'))) { return $options; } $files = explode(',', Params::getParam('files')); if (count($files) > MINIFY_MAX_FILES) { return $options; } // strings for prepending to relative/absolute paths $prependRelPaths = dirname($_SERVER['SCRIPT_FILENAME']) . DIRECTORY_SEPARATOR; $prependAbsPaths = $_SERVER['DOCUMENT_ROOT']; $goodFiles = array(); $hasBadSource = false; $allowDirs = isset($options['allowDirs']) ? $options['allowDirs'] : MINIFY_BASE_DIR; foreach ($files as $file) { // prepend appropriate string for abs/rel paths $file = ($file[0] === '/' ? $prependAbsPaths : $prependRelPaths) . $file; // make sure a real file! $file = realpath($file); // don't allow unsafe or duplicate files if (parent::_fileIsSafe($file, $allowDirs) && !in_array($file, $goodFiles)) { $goodFiles[] = $file; $srcOptions = array('filepath' => $file); $this->sources[] = new Minify_Source($srcOptions); } else { $hasBadSource = true; break; } } if ($hasBadSource) { $this->sources = array(); } if (!MINIFY_REWRITE_CSS_URLS) { $options['rewriteCssUris'] = false; } return $options; }
function doModel() { $user_menu = false; if(Params::existParam('route')) { $routes = Rewrite::newInstance()->getRoutes(); $rid = Params::getParam('route'); $file = '../'; if(isset($routes[$rid]) && isset($routes[$rid]['file'])) { $file = $routes[$rid]['file']; $user_menu = $routes[$rid]['user_menu']; } } else { // DEPRECATED: Disclosed path in URL is deprecated, use routes instead // This will be REMOVED in 3.4 $file = Params::getParam('file'); } // valid file? if( strpos($file, '../') !== false || strpos($file, '..\\') !==false || stripos($file, '/admin/') !== false ) { //If the file is inside an "admin" folder, it should NOT be opened in frontend $this->do404(); return; } // check if the file exists if( !file_exists(osc_plugins_path() . $file) ) { $this->do404(); return; } osc_run_hook('custom_controller'); $this->_exportVariableToView('file', $file); if($user_menu) { if(osc_is_web_user_logged_in()) { Params::setParam('in_user_menu', true); $this->doView('user-custom.php'); } else { $this->redirectTo(osc_user_login_url()); } } else { $this->doView('custom.php'); } }
function doModel() { //calling the view... $locales = OSCLocale::newInstance()->listAllEnabled(); $this->_exportVariableToView('locales', $locales); switch ($this->action) { case 'item_add': // post if (!osc_users_enabled()) { osc_add_flash_message(_m('Users not enabled')); $this->redirectTo(osc_base_url(true)); } if (osc_reg_user_post() && $this->user == null) { // CHANGEME: This text osc_add_flash_message(_m('Only registered users are allowed to post items')); $this->redirectTo(osc_user_login_url()); } $countries = Country::newInstance()->listAll(); $regions = array(); if (isset($this->user['fk_c_country_code']) && $this->user['fk_c_country_code'] != '') { $regions = Region::newInstance()->getByCountry($this->user['fk_c_country_code']); } else { if (count($countries) > 0) { $regions = Region::newInstance()->getByCountry($countries[0]['pk_c_code']); } } $cities = array(); if (isset($this->user['fk_i_region_id']) && $this->user['fk_i_region_id'] != '') { $cities = City::newInstance()->listWhere("fk_i_region_id = %d", $this->user['fk_i_region_id']); } else { if (count($regions) > 0) { $cities = City::newInstance()->listWhere("fk_i_region_id = %d", $regions[0]['pk_i_id']); } } $this->_exportVariableToView('countries', $countries); $this->_exportVariableToView('regions', $regions); $this->_exportVariableToView('cities', $cities); $this->_exportVariableToView('user', $this->user); osc_run_hook('post_item'); $this->doView('item-post.php'); break; case 'item_add_post': //post_item if (!osc_users_enabled()) { osc_add_flash_message(_m('Users not allowed')); $this->redirectTo(osc_base_url(true)); } if (osc_reg_user_post() && $this->user == null) { osc_add_flash_message(_m('Only registered users are allowed to post items')); $this->redirectTo(osc_base_url(true)); } // POST ITEM ( ADD ITEM ) $mItems = new ItemActions(false); $success = $mItems->add(); if ($success) { $PcontactName = Params::getParam('contactName'); $PcontactEmail = Params::getParam('contactEmail'); $itemId = Params::getParam('itemId'); $item = array(); if (Session::newInstance()->_get('userId') == '') { $mPages = new Page(); $aPage = $mPages->findByInternalName('email_new_item_non_register_user'); $locale = osc_current_user_locale(); $content = array(); if (isset($aPage['locale'][$locale]['s_title'])) { $content = $aPage['locale'][$locale]; } else { $content = current($aPage['locale']); } $item = $this->itemManager->findByPrimaryKey($itemId); $item_url = osc_item_url(); // before page = user , action = item_edit $edit_url = osc_item_edit_url($item['s_secret'], $itemId); // before page = user , action = item_delete $delete_url = osc_item_delete_url($item['s_secret'], $itemId); $words = array(); $words[] = array('{ITEM_ID}', '{USER_NAME}', '{USER_EMAIL}', '{WEB_URL}', '{ITEM_TITLE}', '{ITEM_URL}', '{WEB_TITLE}', '{EDIT_LINK}', '{EDIT_URL}', '{DELETE_LINK}', '{DELETE_URL}'); $words[] = array($itemId, $PcontactName, $PcontactEmail, osc_base_url(), $item['s_title'], $item_url, osc_page_title(), '<a href="' . $edit_url . '">' . $edit_url . '</a>', $edit_url, '<a href="' . $delete_url . '">' . $delete_url . '</a>', $delete_url); $title = osc_mailBeauty($content['s_title'], $words); $body = osc_mailBeauty($content['s_text'], $words); $emailParams = array('subject' => $title, 'to' => $PcontactEmail, 'to_name' => $PcontactName, 'body' => $body, 'alt_body' => $body); osc_sendMail($emailParams); } osc_run_hook('posted_item', $item); $category = Category::newInstance()->findByPrimaryKey(Params::getParam('catId')); View::newInstance()->_exportVariableToView('category', $category); $this->redirectTo(osc_search_category_url()); } else { $this->redirectTo(osc_item_post_url()); } break; case 'item_edit': $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId); if (count($item) == 1) { $item = Item::newInstance()->findByPrimaryKey($id); $categories = Category::newInstance()->toTree(); $countries = Country::newInstance()->listAll(); $regions = array(); if (isset($this->user['fk_c_country_code']) && $this->user['fk_c_country_code'] != '') { $regions = Region::newInstance()->getByCountry($this->user['fk_c_country_code']); } else { if (count($countries) > 0) { $regions = Region::newInstance()->getByCountry($countries[0]['pk_c_code']); } } $cities = array(); if (isset($this->user['fk_i_region_id']) && $this->user['fk_i_region_id'] != '') { $cities = City::newInstance()->listWhere("fk_i_region_id = %d", $this->user['fk_i_region_id']); } else { if (count($regions) > 0) { $cities = City::newInstance()->listWhere("fk_i_region_id = %d", $regions[0]['pk_i_id']); } } $currencies = Currency::newInstance()->listAll(); $this->_exportVariableToView('item', $item); //$this->_exportVariableToView('user', $this->user) ; $this->doView('item-edit.php'); } else { // add a flash message [ITEM NO EXISTE] //$this->redirectTo(osc_base_url(true)); osc_add_flash_message(_m('Sorry, we don\'t have any items with that ID')); if ($this->user != null) { $this->redirectTo(osc_user_list_items_url()); } else { $this->redirectTo(osc_base_url()); } } break; case 'item_edit_post': // recoger el secret y el $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId); if (count($item) == 1) { $this->_exportVariableToView('item', $item[0]); $mItems = new ItemActions(false); $success = $mItems->edit(); if ($success) { osc_add_flash_message(_m('Great! We\'ve just updated your item')); $this->redirectTo(osc_base_url(true) . "?page=item&id={$id}"); } else { $this->redirectTo(osc_item_edit_url($secret)); } } break; case 'activate': $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId); View::newInstance()->_exportVariableToView('item', $item[0]); if ($item[0]['e_status'] == 'INACTIVE') { // ACTIVETE ITEM $mItems = new ItemActions(false); $success = $mItems->activate($item[0]['pk_i_id'], $item[0]['s_secret']); if ($success) { osc_add_flash_message(_m('The item has been validated')); } else { osc_add_flash_message(_m('The item can\'t be validated')); } } else { osc_add_flash_message(_m('The item has already been validated')); } $this->redirectTo(osc_item_url()); break; case 'item_delete': $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId); if (count($item) == 1) { $mItems = new ItemActions(false); $success = $mItems->delete($item[0]['s_secret'], $item[0]['pk_i_id']); if ($success) { osc_add_flash_message(_m('Your item has been deleted')); } else { osc_add_flash_message(_m('The item you are trying to delete couldn\'t be deleted')); } if ($this->user != null) { $this->redirectTo(osc_user_list_items_url()); } else { $this->redirectTo(osc_base_url()); } } else { osc_add_flash_message(_m('The item you are trying to delete couldn\'t be deleted')); $this->redirectTo(osc_base_url()); } break; case 'deleteResource': $id = Params::getParam('id'); $item = Params::getParam('item'); $code = Params::getParam('code'); $secret = Params::getParam('secret'); // Check for required fields if (!(is_numeric($id) && is_numeric($item) && preg_match('/^([a-z0-9]+)$/i', $code))) { osc_add_flash_message(_m("The selected photo couldn't be deleted, the url doesn't exist")); if ($this->userId == null) { $this->redirectTo(osc_base_url()); } else { $this->redirectTo(osc_user_dashboard_url()); } } $aItem = $this->itemManager->findByPrimaryKey($item); // Check if the item exists if (count($aItem) == 0) { osc_add_flash_message(_m('The item doesn\'t exist')); $this->redirectTo(osc_base_url()); } // Check if the item belong to the user if ($this->userId != null && $this->userId != $aItem['fk_i_user_id']) { osc_add_flash_message(_m('The item doesn\'t belong to you')); $this->redirectTo(osc_item_url_ns($item)); } // Check if the secret passphrase match with the item if ($this->userId == null && $secret != $aItem['s_secret']) { osc_add_flash_message(_m('The item doesn\'t belong to you')); $this->redirectTo(osc_item_url_ns($item)); } // Does id & code combination exist? $result = ItemResource::newInstance()->getResourceSecure($id, $code); if ($result > 0) { // Delete: file, db table entry osc_deleteResource($id); ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $item, 's_name' => $code)); osc_add_flash_message(_m('The selected photo has been successfully deleted')); } else { osc_add_flash_message(_m("The selected photo couldn't be deleted")); } // Redirect to item_edit. If unregistered user, include $secret. $this->redirectTo(osc_item_edit_url($secret, $item)); break; case 'mark': $mItem = new ItemActions(false); $id = Params::getParam('id'); $as = Params::getParam('as'); $item = Item::newInstance()->findByPrimaryKey($id); View::newInstance()->_exportVariableToView('item', $item); $mItem->mark($id, $as); osc_add_flash_message(_m('Thanks! That\'s very helpful')); $this->redirectTo(osc_item_url()); break; case 'send_friend': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); $this->doView('item-send-friend.php'); break; case 'send_friend_post': $mItem = new ItemActions(false); $mItem->send_friend(); $item_url = Params::getParam('item_url'); $this->redirectTo($item_url); break; case 'contact': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $category = Category::newInstance()->findByPrimaryKey($item['fk_i_category_id']); if ($category['i_expiration_days'] > 0) { $item_date = strtotime($item['dt_pub_date']) + $category['i_expiration_days'] * (24 * 3600); $date = time(); if ($item_date < $date) { // The item is expired, we can not contact the seller osc_add_flash_message(_m('We\'re sorry, but the item has expired. You can\'t contact the seller')); $this->redirectTo(osc_create_item_url($item)); } } $this->_exportVariableToView('item', $item); $this->doView('item-contact.php'); break; case 'contact_post': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_message(_m('The Recaptcha code is wrong')); $this->redirectTo(osc_item_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } $category = Category::newInstance()->findByPrimaryKey($item['fk_i_category_id']); if ($category['i_expiration_days'] > 0) { $item_date = strtotime($item['dt_pub_date']) + $category['i_expiration_days'] * (24 * 3600); $date = time(); if ($item_date < $date) { // The item is expired, we can not contact the seller osc_add_flash_message(_m('We\'re sorry, but the item has expired. You can\'t contact the seller')); $this->redirectTo(osc_item_url()); } } $mItem = new ItemActions(false); $mItem->contact(); osc_add_flash_message(_m('We\'ve just sent an e-mail to the seller')); $this->redirectTo(osc_item_url()); break; case 'add_comment': $mItem = new ItemActions(false); $status = $mItem->add_comment(); switch ($status) { case -1: $msg = _m('Sorry, we could not save your comment. Try again later'); break; case 1: $msg = _m('Your comment is awaiting moderation'); break; case 2: $msg = _m('Your comment has been approved'); break; case 3: $msg = _m('Please fill the required fields (name, email)'); break; case 4: $msg = _m('Please type a comment'); break; case 5: $msg = _m('Your comment has been marked as spam'); break; } osc_add_flash_message($msg); $this->redirectTo(Params::getParam('itemURL')); break; case 'delete_comment': $mItem = new ItemActions(false); $status = $mItem->add_comment(); $itemId = Params::getParam('id'); $commentId = Params::getParam('comment'); $item = Item::newInstance()->findByPrimaryKey($itemId); if (count($item) == 0) { osc_add_flash_message(_m('This item doesn\'t exist')); $this->redirectTo(osc_base_url(true)); } View::newInstance()->_exportVariableToView('item', $item); if ($this->userId == null) { osc_add_flash_message(_m('You have to be logged to delete a comment')); $this->redirectTo(osc_item_url()); } $commentManager = ItemComment::newInstance(); $aComment = $commentManager->findByPrimaryKey($commentId); if (count($aComment) == 0) { osc_add_flash_message(_m('The comment doesn\'t exist')); $this->redirectTo(osc_item_url()); } if ($aComment['e_status'] != 'ACTIVE') { osc_add_flash_message(_m('The comment is not active, you cannot delete it')); $this->redirectTo(osc_item_url()); } if ($aComment['fk_i_user_id'] != $this->userId) { osc_add_flash_message(_m('You cannot delete the comment')); $this->redirectTo(osc_item_url()); } $commentManager->deleteByPrimaryKey($commentId); osc_add_flash_message(_m('The comment has been deleted correctly')); $this->redirectTo(osc_item_url()); break; default: if (Params::getParam('id') == '') { $this->redirectTo(osc_base_url()); } if (Params::getParam('lang') != '') { Session::newInstance()->_set('userLocale', Params::getParam('lang')); } $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); // if item doesn't exist redirect to base url if (count($item) == 0) { osc_add_flash_message(_m('This item doesn\'t exist')); $this->redirectTo(osc_base_url(true)); } else { if ($item['e_status'] != 'ACTIVE') { if ($this->userId == $item['fk_i_user_id']) { osc_add_flash_message(_m('The item hasn\'t been validated. Please validate it in order to show it to the rest of users')); } else { osc_add_flash_message(_m('This item hasn\'t been validated')); $this->redirectTo(osc_base_url(true)); } } $mStats = new ItemStats(); $mStats->increase('i_num_views', $item['pk_i_id']); foreach ($item['locale'] as $k => $v) { $item['locale'][$k]['s_title'] = osc_apply_filter('item_title', $v['s_title']); $item['locale'][$k]['s_description'] = nl2br(osc_apply_filter('item_description', $v['s_description'])); } $this->_exportVariableToView('items', array($item)); osc_run_hook('show_item', $item); $this->doView('item.php'); } break; case 'dashboard': //dashboard... break; } }
function doModel() { switch ($this->action) { case 'change_email_confirm': //change email confirm if (Params::getParam('userId') && Params::getParam('code')) { $userManager = new User(); $user = $userManager->findByPrimaryKey(Params::getParam('userId')); if ($user['s_pass_code'] == Params::getParam('code') && $user['b_enabled'] == 1) { $userEmailTmp = UserEmailTmp::newInstance()->findByPk(Params::getParam('userId')); $code = osc_genRandomPassword(50); $userManager->update(array('s_email' => $userEmailTmp['s_new_email']), array('pk_i_id' => $userEmailTmp['fk_i_user_id'])); Item::newInstance()->update(array('s_contact_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); ItemComment::newInstance()->update(array('s_author_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); Alerts::newInstance()->update(array('s_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); Session::newInstance()->_set('userEmail', $userEmailTmp['s_new_email']); UserEmailTmp::newInstance()->delete(array('s_new_email' => $userEmailTmp['s_new_email'])); osc_add_flash_ok_message(_m('Your email has been changed successfully')); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'activate_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $result = 0; if ($email != '' && $secret != '') { $result = Alerts::newInstance()->activate($email, $secret); } if ($result == 1) { osc_add_flash_ok_message(_m('Alert activated')); } else { osc_add_flash_error_message(_m('Ops! There was a problem trying to activate alert. Please contact the administrator')); } $this->redirectTo(osc_base_url(true)); break; case 'unsub_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); if ($email != '' && $secret != '') { Alerts::newInstance()->delete(array('s_email' => $email, 'S_secret' => $secret)); osc_add_flash_ok_message(_m('Unsubscribed correctly')); } else { osc_add_flash_error_message(_m('Ops! There was a problem trying to unsubscribe you. Please contact the administrator')); } $this->redirectTo(osc_base_url()); break; case 'pub_profile': $userID = Params::getParam('id'); $user = User::newInstance()->findByPrimaryKey($userID); // user doesn't exist if (!$user) { $this->redirectTo(osc_base_url()); } View::newInstance()->_exportVariableToView('user', $user); $items = Item::newInstance()->findByUserIDEnabled($user['pk_i_id'], 0, 3); View::newInstance()->_exportVariableToView('items', $items); $this->doView('user-public-profile.php'); break; case 'contact_post': $user = User::newInstance()->findByPrimaryKey(Params::getParam('id')); View::newInstance()->_exportVariableToView('user', $user); if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail')); Session::newInstance()->_setForm("yourName", Params::getParam('yourName')); Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber')); Session::newInstance()->_setForm("message_body", Params::getParam('message')); $this->redirectTo(osc_user_public_profile_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } osc_run_hook('hook_email_contact_user', Params::getParam('id'), Params::getParam('yourEmail'), Params::getParam('yourName'), Params::getParam('phoneNumber'), Params::getParam('message')); $this->redirectTo(osc_user_public_profile_url()); break; default: $this->redirectTo(osc_user_login_url()); break; } }
function doModel() { switch ($this->action) { case 'login_post': //post execution for the login if (Params::getParam('user') == '' && Params::getParam('password', false, false) == '') { $this->redirectTo(osc_admin_base_url()); } if (Params::getParam('user') == '') { osc_add_flash_error_message(_m('The username field is empty'), 'admin'); $this->redirectTo(osc_admin_base_url()); } if (Params::getParam('password') == '') { osc_add_flash_error_message(_m('The password field is empty'), 'admin'); $this->redirectTo(osc_admin_base_url()); } // fields are not empty $admin = Admin::newInstance()->findByUsername(Params::getParam('user')); if (!$admin) { osc_add_flash_error_message(sprintf(_m('Sorry, incorrect username. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin'); $this->redirectTo(osc_admin_base_url()); } if ($admin["s_password"] !== sha1(Params::getParam('password', false, false))) { osc_add_flash_error_message(sprintf(_m('Sorry, incorrect password. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin'); $this->redirectTo(osc_admin_base_url()); } if (Params::getParam('remember')) { // this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']); Cookie::newInstance()->push('oc_adminSecret', $secret); Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale')); Cookie::newInstance()->set(); } // we are logged in... let's go! Session::newInstance()->_set('adminId', $admin['pk_i_id']); Session::newInstance()->_set('adminUserName', $admin['s_username']); Session::newInstance()->_set('adminName', $admin['s_name']); Session::newInstance()->_set('adminEmail', $admin['s_email']); Session::newInstance()->_set('adminLocale', Params::getParam('locale')); $this->redirectTo(osc_admin_base_url()); break; case 'recover': // form to recover the password (in this case we have the form in /gui/) $this->doView('gui/recover.php'); break; case 'recover_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url()); } // post execution to recover the password $admin = Admin::newInstance()->findByEmail(Params::getParam('email')); if ($admin) { if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover'); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $newPassword = osc_genRandomPassword(40); Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id'])); $password_url = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword); osc_run_hook('hook_email_user_forgot_password', $admin, $password_url); } osc_add_flash_ok_message(_m('A new password has been sent to your e-mail'), 'admin'); $this->redirectTo(osc_admin_base_url()); break; case 'forgot': // form to recover the password (in this case we have the form in /gui/) $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if (!$admin) { osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin'); $this->redirectTo(osc_admin_base_url()); } $this->doView('gui/forgot_password.php'); break; case 'forgot_post': $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if (!$admin) { osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin'); $this->redirectTo(osc_admin_base_url()); } if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) { Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => sha1(Params::getParam('new_password', false, false))), array('pk_i_id' => $admin['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed'), 'admin'); $this->redirectTo(osc_admin_base_url()); } else { osc_add_flash_error_message(_m("Error, the password don't match"), 'admin'); $this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code'))); } break; } }
function recover_password() { $user = User::newInstance()->findByEmail(Params::getParam('s_email')); Session::newInstance()->_set('recover_time', time()); if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!$this->recaptcha()) { return 2; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } if (!$user || $user['b_enabled'] == 0) { return 1; } $code = osc_genRandomPassword(30); $date = date('Y-m-d H:i:s'); User::newInstance()->update(array('s_pass_code' => $code, 's_pass_date' => $date, 's_pass_ip' => $_SERVER['REMOTE_ADDR']), array('pk_i_id' => $user['pk_i_id'])); $password_url = osc_forgot_user_password_confirm_url($user['pk_i_id'], $code); osc_run_hook('hook_email_user_forgot_password', $user, $password_url); return 0; }
function doModel() { parent::doModel(); //specific things for this class switch ($this->action) { case 'add': $this->doView("appearance/add.php"); break; case 'add_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=appearance'); } osc_csrf_check(); $filePackage = Params::getFiles('package'); if (isset($filePackage['size']) && $filePackage['size'] != 0) { $path = osc_themes_path(); (int) ($status = osc_unzip_file($filePackage['tmp_name'], $path)); @unlink($filePackage['tmp_name']); } else { $status = 3; } switch ($status) { case 0: $msg = _m('The theme folder is not writable'); osc_add_flash_error_message($msg, 'admin'); break; case 1: $msg = _m('The theme has been installed correctly'); osc_add_flash_ok_message($msg, 'admin'); break; case 2: $msg = _m('The zip file is not valid'); osc_add_flash_error_message($msg, 'admin'); break; case 3: $msg = _m('No file was uploaded'); osc_add_flash_error_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=appearance&action=add"); break; case -1: default: $msg = _m('There was a problem adding the theme'); osc_add_flash_error_message($msg, 'admin'); break; } $this->redirectTo(osc_admin_base_url(true) . "?page=appearance"); break; case 'delete': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=appearance'); } osc_csrf_check(); $theme = Params::getParam('webtheme'); if ($theme != '') { if ($theme != osc_current_web_theme()) { if (file_exists(osc_content_path() . "themes/" . $theme . "/functions.php")) { include osc_content_path() . "themes/" . $theme . "/functions.php"; } osc_run_hook("theme_delete_" . $theme); if (osc_deleteDir(osc_content_path() . "themes/" . $theme . "/")) { osc_add_flash_ok_message(_m("Theme removed successfully"), "admin"); } else { osc_add_flash_error_message(_m("There was a problem removing the theme"), "admin"); } } else { osc_add_flash_error_message(_m("Current theme can not be deleted"), "admin"); } } else { osc_add_flash_error_message(_m("No theme selected"), "admin"); } $this->redirectTo(osc_admin_base_url(true) . "?page=appearance"); break; /* widgets */ /* widgets */ case 'widgets': $info = WebThemes::newInstance()->loadThemeInfo(osc_theme()); $this->_exportVariableToView("info", $info); $this->doView('appearance/widgets.php'); break; case 'add_widget': $this->doView('appearance/add_widget.php'); break; case 'edit_widget': $id = Params::getParam('id'); $widget = Widget::newInstance()->findByPrimaryKey($id); $this->_exportVariableToView("widget", $widget); $this->doView('appearance/add_widget.php'); break; case 'delete_widget': osc_csrf_check(); Widget::newInstance()->delete(array('pk_i_id' => Params::getParam('id'))); osc_add_flash_ok_message(_m('Widget removed correctly'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=appearance&action=widgets"); break; case 'edit_widget_post': osc_csrf_check(); if (!osc_validate_text(Params::getParam("description"))) { osc_add_flash_error_message(_m('Description field is required'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=appearance&action=widgets"); } $res = Widget::newInstance()->update(array('s_description' => Params::getParam('description'), 's_content' => Params::getParam('content', false, false)), array('pk_i_id' => Params::getParam('id'))); if ($res) { osc_add_flash_ok_message(_m('Widget updated correctly'), 'admin'); } else { osc_add_flash_error_message(_m('Widget cannot be updated correctly'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . "?page=appearance&action=widgets"); break; case 'add_widget_post': osc_csrf_check(); if (!osc_validate_text(Params::getParam("description"))) { osc_add_flash_error_message(_m('Description field is required'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=appearance&action=widgets"); } Widget::newInstance()->insert(array('s_location' => Params::getParam('location'), 'e_kind' => 'html', 's_description' => Params::getParam('description'), 's_content' => Params::getParam('content', false, false))); osc_add_flash_ok_message(_m('Widget added correctly'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=appearance&action=widgets"); break; /* /widget */ /* /widget */ case 'activate': osc_csrf_check(); osc_set_preference('theme', Params::getParam('theme')); osc_add_flash_ok_message(_m('Theme activated correctly'), 'admin'); osc_run_hook("theme_activate", Params::getParam('theme')); $this->redirectTo(osc_admin_base_url(true) . "?page=appearance"); break; case 'render': if (Params::existParam('route')) { $routes = Rewrite::newInstance()->getRoutes(); $rid = Params::getParam('route'); $file = '../'; if (isset($routes[$rid]) && isset($routes[$rid]['file'])) { $file = $routes[$rid]['file']; } } else { // DEPRECATED: Disclosed path in URL is deprecated, use routes instead // This will be REMOVED in 3.6 $file = Params::getParam('file'); // We pass the GET variables (in case we have somes) if (preg_match('|(.+?)\\?(.*)|', $file, $match)) { $file = $match[1]; if (preg_match_all('|&([^=]+)=([^&]*)|', urldecode('&' . $match[2] . '&'), $get_vars)) { for ($var_k = 0; $var_k < count($get_vars[1]); $var_k++) { Params::setParam($get_vars[1][$var_k], $get_vars[2][$var_k]); } } } else { $file = Params::getParam('file'); } } if (strpos($file, '../') !== false || strpos($file, '..\\') !== false || !file_exists(osc_base_path() . $file)) { osc_add_flash_warning_message(__('Error loading theme custom file'), 'admin'); } $this->_exportVariableToView('file', osc_base_path() . $file); $this->doView('appearance/view.php'); break; default: if (Params::getParam('checkUpdated') != '') { osc_admin_toolbar_update_themes(true); } $themes = WebThemes::newInstance()->getListThemes(); //preparing variables for the view $this->_exportVariableToView("themes", $themes); $this->doView('appearance/index.php'); break; } }
public static function processPayment() { if (osc_get_preference('coinjar_sandbox', 'payment') != 1) { $coinjar = new CoinJar(payment_decrypt(osc_get_preference('coinjar_merchant_user', 'payment')), payment_decrypt(osc_get_preference('coinjar_merchant_password', 'payment')), payment_decrypt(osc_get_preference('coinjar_api_key', 'payment'))); } else { $coinjar = new CoinJar(payment_decrypt(osc_get_preference('coinjar_sb_merchant_user', 'payment')), payment_decrypt(osc_get_preference('coinjar_sb_merchant_password', 'payment')), payment_decrypt(osc_get_preference('coinjar_sb_api_key', 'payment')), true); } // data from the post (it's supposed to be sent by CoinJar, is sent by POST!) if (Params::existParam('uuid') && Params::existParam('amount') && Params::existParam('currency') && Params::existParam('status') && Params::existParam('ipn_digest')) { if (Params::getParam('status') == 'COMPLETED') { $digest = $coinjar->IPNDigest(Params::getParam('uuid'), Params::getParam('amount'), Params::getParam('currency'), Params::getParam('status')); if ($digest == Params::getParam('ipn_digest')) { $order = json_decode($coinjar->order(Params::getParam('uuid'))); if ($order != null) { if (Params::getParam('amount') == $order->order->amount && Params::getParam('currency') == $order->order->currency && Params::getParam('status') == $order->order->status) { $payment = ModelPayment::newInstance()->getPayment($order->order->uuid); if (!$payment) { $data = payment_get_custom(Params::getParam('extra')); $product_type = explode('x', Params::getParam('item_number')); // SAVE TRANSACTION LOG $payment_id = ModelPayment::newInstance()->saveLog($data['concept'], $order->order->uuid, $order->order->amount, $order->order->currenct, $data['email'], $data['user'], $data['itemid'], $product_type[0], 'COINJAR'); //source if ($product_type[0] == '101') { ModelPayment::newInstance()->payPublishFee($product_type[2], $payment_id); } else { if ($product_type[0] == '201') { ModelPayment::newInstance()->payPremiumFee($product_type[2], $payment_id); } else { ModelPayment::newInstance()->addWallet($data['user'], $order->order->amount); } } return PAYMENT_COMPLETED; } else { return PAYMENT_ALREADY_PAID; } } } } } } return PAYMENT_PENDING; }
/** * Set up groups of files as sources * * @param array $options controller and Minify options * * @return array Minify options */ public function setupSources($options) { // PHP insecure by default: realpath() and other FS functions can't handle null bytes. foreach (array('g', 'b', 'f') as $key) { if (Params::existParam($key)) { Params::setParam($key, str_replace("", '', (string) Params::getParam($key))); } } // filter controller options $cOptions = array_merge(array('allowDirs' => '//', 'groupsOnly' => false, 'groups' => array(), 'noMinPattern' => '@[-\\.]min\\.(?:js|css)$@i'), isset($options['minApp']) ? $options['minApp'] : array()); unset($options['minApp']); $sources = array(); $this->selectionId = ''; $firstMissingResource = null; if (Params::existParam('g')) { // add group(s) $this->selectionId .= 'g=' . Params::getParam('g'); $keys = explode(',', Params::getParam('g')); if ($keys != array_unique($keys)) { $this->log("Duplicate group key found."); return $options; } $keys = explode(',', Params::getParam('g')); foreach ($keys as $key) { if (!isset($cOptions['groups'][$key])) { $this->log("A group configuration for \"{$key}\" was not found"); return $options; } $files = $cOptions['groups'][$key]; // if $files is a single object, casting will break it if (is_object($files)) { $files = array($files); } elseif (!is_array($files)) { $files = (array) $files; } foreach ($files as $file) { if ($file instanceof Minify_Source) { $sources[] = $file; continue; } if (0 === strpos($file, '//')) { $file = $_SERVER['DOCUMENT_ROOT'] . substr($file, 1); } $realpath = realpath($file); if ($realpath && is_file($realpath)) { $sources[] = $this->_getFileSource($realpath, $cOptions); } else { $this->log("The path \"{$file}\" (realpath \"{$realpath}\") could not be found (or was not a file)"); if (null === $firstMissingResource) { $firstMissingResource = basename($file); continue; } else { $secondMissingResource = basename($file); $this->log("More than one file was missing: '{$firstMissingResource}', '{$secondMissingResource}'"); return $options; } } } if ($sources) { try { $this->checkType($sources[0]); } catch (Exception $e) { $this->log($e->getMessage()); return $options; } } } } if (!$cOptions['groupsOnly'] && Params::existParam('f')) { // try user files // The following restrictions are to limit the URLs that minify will // respond to. if (!preg_match('/^[^,]+\\.(css|js)(?:,[^,]+\\.\\1)*$/', Params::getParam('f'), $m) || strpos(Params::getParam('f'), '//') !== false || strpos(Params::getParam('f'), '\\') !== false) { $this->log("GET param 'f' was invalid"); return $options; } $ext = ".{$m[1]}"; try { $this->checkType($m[1]); } catch (Exception $e) { $this->log($e->getMessage()); return $options; } $files = explode(',', Params::getParam('f')); if ($files != array_unique($files)) { $this->log("Duplicate files were specified"); return $options; } if (Params::existParam('b')) { // check for validity if (preg_match('@^[^/]+(?:/[^/]+)*$@', Params::getParam('b')) && false === strpos(Params::getParam('b'), '..') && Params::getParam('b') !== '.') { // valid base $base = "/{" . Params::getParam('b') . "}/"; } else { $this->log("GET param 'b' was invalid"); return $options; } } else { $base = '/'; } $allowDirs = array(); foreach ((array) $cOptions['allowDirs'] as $allowDir) { $allowDirs[] = realpath(str_replace('//', $_SERVER['DOCUMENT_ROOT'] . '/', $allowDir)); } $basenames = array(); // just for cache id foreach ($files as $file) { $uri = $base . $file; $path = $_SERVER['DOCUMENT_ROOT'] . $uri; $realpath = realpath($path); if (false === $realpath || !is_file($realpath)) { $this->log("The path \"{$path}\" (realpath \"{$realpath}\") could not be found (or was not a file)"); if (null === $firstMissingResource) { $firstMissingResource = $uri; continue; } else { $secondMissingResource = $uri; $this->log("More than one file was missing: '{$firstMissingResource}', '{$secondMissingResource}`'"); return $options; } } try { parent::checkNotHidden($realpath); parent::checkAllowDirs($realpath, $allowDirs, $uri); } catch (Exception $e) { $this->log($e->getMessage()); return $options; } $sources[] = $this->_getFileSource($realpath, $cOptions); $basenames[] = basename($realpath, $ext); } if ($this->selectionId) { $this->selectionId .= '_f='; } $this->selectionId .= implode(',', $basenames) . $ext; } if ($sources) { if (null !== $firstMissingResource) { array_unshift($sources, new Minify_Source(array('id' => 'missingFile', 'lastModified' => 0, 'content' => "/* Minify: at least one missing file. See " . Minify::URL_DEBUG . " */\n", 'minifier' => ''))); } $this->sources = $sources; } else { $this->log("No sources to serve"); } return $options; }
function doModel() { //calling the view... $locales = OSCLocale::newInstance()->listAllEnabled(); $this->_exportVariableToView('locales', $locales); switch ($this->action) { case 'item_add': // post if (osc_reg_user_post() && $this->user == null) { // CHANGEME: This text osc_add_flash_error_message(_m('Only registered users are allowed to post items')); $this->redirectTo(osc_user_login_url()); } $countries = Country::newInstance()->listAll(); $regions = array(); if (isset($this->user['fk_c_country_code']) && $this->user['fk_c_country_code'] != '') { $regions = Region::newInstance()->getByCountry($this->user['fk_c_country_code']); } else { if (count($countries) > 0) { $regions = Region::newInstance()->getByCountry($countries[0]['pk_c_code']); } } $cities = array(); if (isset($this->user['fk_i_region_id']) && $this->user['fk_i_region_id'] != '') { $cities = City::newInstance()->listWhere("fk_i_region_id = %d", $this->user['fk_i_region_id']); } else { if (count($regions) > 0) { $cities = City::newInstance()->listWhere("fk_i_region_id = %d", $regions[0]['pk_i_id']); } } $this->_exportVariableToView('countries', $countries); $this->_exportVariableToView('regions', $regions); $this->_exportVariableToView('cities', $cities); $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } if (Session::newInstance()->_getForm('countryId') != "") { $countryId = Session::newInstance()->_getForm('countryId'); $regions = Region::newInstance()->getByCountry($countryId); $this->_exportVariableToView('regions', $regions); if (Session::newInstance()->_getForm('regionId') != "") { $regionId = Session::newInstance()->_getForm('regionId'); $cities = City::newInstance()->listWhere("fk_i_region_id = %d", $regionId); $this->_exportVariableToView('cities', $cities); } } $this->_exportVariableToView('user', $this->user); osc_run_hook('post_item'); $this->doView('item-post.php'); break; case 'item_add_post': //post_item if (osc_reg_user_post() && $this->user == null) { osc_add_flash_error_message(_m('Only registered users are allowed to post items')); $this->redirectTo(osc_base_url(true)); } $mItems = new ItemActions(false); // prepare data for ADD ITEM $mItems->prepareData(true); // set all parameters into session foreach ($mItems->data as $key => $value) { Session::newInstance()->_setForm($key, $value); } $meta = Params::getParam('meta'); if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_setForm('meta_' . $key, $value); Session::newInstance()->_keepForm('meta_' . $key); } } if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); $this->redirectTo(osc_item_post_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } // POST ITEM ( ADD ITEM ) $success = $mItems->add(); if ($success != 1 && $success != 2) { osc_add_flash_error_message($success); $this->redirectTo(osc_item_post_url()); } else { Session::newInstance()->_dropkeepForm('meta_' . $key); if ($success == 1) { osc_add_flash_ok_message(_m('Check your inbox to verify your email address')); } else { osc_add_flash_ok_message(_m('Your item has been published')); } $itemId = Params::getParam('itemId'); $item = $this->itemManager->findByPrimaryKey($itemId); osc_run_hook('posted_item', $item); $category = Category::newInstance()->findByPrimaryKey(Params::getParam('catId')); View::newInstance()->_exportVariableToView('category', $category); $this->redirectTo(osc_search_category_url()); } break; case 'item_edit': // edit item $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId); if (count($item) == 1) { $item = Item::newInstance()->findByPrimaryKey($id); $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } $this->_exportVariableToView('item', $item); osc_run_hook("before_item_edit", $item); $this->doView('item-edit.php'); } else { // add a flash message [ITEM NO EXISTE] osc_add_flash_error_message(_m('Sorry, we don\'t have any items with that ID')); if ($this->user != null) { $this->redirectTo(osc_user_list_items_url()); } else { $this->redirectTo(osc_base_url()); } } break; case 'item_edit_post': // recoger el secret y el $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId); if (count($item) == 1) { $this->_exportVariableToView('item', $item[0]); $mItems = new ItemActions(false); // prepare data for ADD ITEM $mItems->prepareData(false); // set all parameters into session foreach ($mItems->data as $key => $value) { Session::newInstance()->_setForm($key, $value); } $meta = Params::getParam('meta'); if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_setForm('meta_' . $key, $value); Session::newInstance()->_keepForm('meta_' . $key); } } if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); $this->redirectTo(osc_item_post_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } $success = $mItems->edit(); osc_run_hook('edited_item', Item::newInstance()->findByPrimaryKey($id)); if ($success == 1) { osc_add_flash_ok_message(_m('Great! We\'ve just updated your item')); $this->redirectTo(osc_base_url(true) . "?page=item&id={$id}"); } else { osc_add_flash_error_message($success); $this->redirectTo(osc_item_edit_url($secret)); } } break; case 'activate': $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId); View::newInstance()->_exportVariableToView('item', $item[0]); if ($item[0]['b_active'] == 0) { // ACTIVETE ITEM $mItems = new ItemActions(false); $success = $mItems->activate($item[0]['pk_i_id'], $item[0]['s_secret']); if ($success) { osc_add_flash_ok_message(_m('The item has been validated')); } else { osc_add_flash_error_message(_m('The item can\'t be validated')); } } else { osc_add_flash_error_message(_m('The item has already been validated')); } $this->redirectTo(osc_item_url()); break; case 'item_delete': $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId); if (count($item) == 1) { $mItems = new ItemActions(false); $success = $mItems->delete($item[0]['s_secret'], $item[0]['pk_i_id']); if ($success) { osc_add_flash_ok_message(_m('Your item has been deleted')); } else { osc_add_flash_error_message(_m('The item you are trying to delete couldn\'t be deleted')); } if ($this->user != null) { $this->redirectTo(osc_user_list_items_url()); } else { $this->redirectTo(osc_base_url()); } } else { osc_add_flash_error_message(_m('The item you are trying to delete couldn\'t be deleted')); $this->redirectTo(osc_base_url()); } break; case 'mark': $mItem = new ItemActions(false); $id = Params::getParam('id'); $as = Params::getParam('as'); $item = Item::newInstance()->findByPrimaryKey($id); View::newInstance()->_exportVariableToView('item', $item); $mItem->mark($id, $as); osc_add_flash_ok_message(_m('Thanks! That\'s very helpful')); $this->redirectTo(osc_item_url()); break; case 'send_friend': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); $this->doView('item-send-friend.php'); break; case 'send_friend_post': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail')); Session::newInstance()->_setForm("yourName", Params::getParam('yourName')); Session::newInstance()->_setForm("friendName", Params::getParam('friendName')); Session::newInstance()->_setForm("friendEmail", Params::getParam('friendEmail')); Session::newInstance()->_setForm("message_body", Params::getParam('message')); if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); $this->redirectTo(osc_item_send_friend_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } $mItem = new ItemActions(false); $success = $mItem->send_friend(); if ($success) { Session::newInstance()->_clearVariables(); $this->redirectTo(osc_item_url()); } else { $this->redirectTo(osc_item_send_friend_url()); } break; case 'contact': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); if (empty($item)) { osc_add_flash_error_message(_m('This item doesn\'t exist')); $this->redirectTo(osc_base_url(true)); } else { $this->_exportVariableToView('item', $item); if (osc_item_is_expired()) { osc_add_flash_error_message(_m('We\'re sorry, but the item has expired. You can\'t contact the seller')); $this->redirectTo(osc_item_url()); } if (osc_reg_user_can_contact() && osc_is_web_user_logged_in() || !osc_reg_user_can_contact()) { $this->doView('item-contact.php'); } else { osc_add_flash_error_message(_m('You can\'t contact the seller, only registered users can')); $this->redirectTo(osc_item_url()); } } break; case 'contact_post': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail')); Session::newInstance()->_setForm("yourName", Params::getParam('yourName')); Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber')); Session::newInstance()->_setForm("message_body", Params::getParam('message')); $this->redirectTo(osc_item_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } $category = Category::newInstance()->findByPrimaryKey($item['fk_i_category_id']); if ($category['i_expiration_days'] > 0) { $item_date = strtotime($item['dt_pub_date']) + $category['i_expiration_days'] * (24 * 3600); $date = time(); if ($item_date < $date && $item['b_premium'] != 1) { // The item is expired, we can not contact the seller osc_add_flash_error_message(_m('We\'re sorry, but the item has expired. You can\'t contact the seller')); $this->redirectTo(osc_item_url()); } } $mItem = new ItemActions(false); $result = $mItem->contact(); if (is_string($result)) { osc_add_flash_error_message($result); } else { osc_add_flash_ok_message(_m('We\'ve just sent an e-mail to the seller')); } $this->redirectTo(osc_item_url()); break; case 'add_comment': $mItem = new ItemActions(false); $status = $mItem->add_comment(); switch ($status) { case -1: $msg = _m('Sorry, we could not save your comment. Try again later'); osc_add_flash_error_message($msg); break; case 1: $msg = _m('Your comment is awaiting moderation'); osc_add_flash_error_message($msg); break; case 2: $msg = _m('Your comment has been approved'); osc_add_flash_ok_message($msg); break; case 3: $msg = _m('Please fill the required fields (name, email)'); osc_add_flash_error_message($msg); break; case 4: $msg = _m('Please type a comment'); osc_add_flash_error_message($msg); break; case 5: $msg = _m('Your comment has been marked as spam'); osc_add_flash_error_message($msg); break; } $this->redirectTo(osc_item_url()); break; case 'delete_comment': $mItem = new ItemActions(false); $status = $mItem->add_comment(); $itemId = Params::getParam('id'); $commentId = Params::getParam('comment'); $item = Item::newInstance()->findByPrimaryKey($itemId); if (count($item) == 0) { osc_add_flash_error_message(_m('This item doesn\'t exist')); $this->redirectTo(osc_base_url(true)); } View::newInstance()->_exportVariableToView('item', $item); if ($this->userId == null) { osc_add_flash_error_message(_m('You must be logged in to delete a comment')); $this->redirectTo(osc_item_url()); } $commentManager = ItemComment::newInstance(); $aComment = $commentManager->findByPrimaryKey($commentId); if (count($aComment) == 0) { osc_add_flash_error_message(_m('The comment doesn\'t exist')); $this->redirectTo(osc_item_url()); } if ($aComment['b_active'] != 1) { osc_add_flash_error_message(_m('The comment is not active, you cannot delete it')); $this->redirectTo(osc_item_url()); } if ($aComment['fk_i_user_id'] != $this->userId) { osc_add_flash_error_message(_m('The comment was not added by you, you cannot delete it')); $this->redirectTo(osc_item_url()); } $commentManager->deleteByPrimaryKey($commentId); osc_add_flash_ok_message(_m('The comment has been deleted')); $this->redirectTo(osc_item_url()); break; default: if (Params::getParam('id') == '') { $this->redirectTo(osc_base_url()); } if (Params::getParam('lang') != '') { Session::newInstance()->_set('userLocale', Params::getParam('lang')); } $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); // if item doesn't exist redirect to base url if (count($item) == 0) { osc_add_flash_error_message(_m('This item doesn\'t exist')); $this->redirectTo(osc_base_url(true)); } else { if ($item['b_active'] != 1) { if ($this->userId == $item['fk_i_user_id']) { osc_add_flash_error_message(_m('The item hasn\'t been validated. Please validate it in order to show it to the rest of users')); } else { osc_add_flash_error_message(_m('This item hasn\'t been validated')); $this->redirectTo(osc_base_url(true)); } } else { if ($item['b_enabled'] == 0) { osc_add_flash_error_message(_m('The item has been suspended')); $this->redirectTo(osc_base_url(true)); } } $mStats = new ItemStats(); $mStats->increase('i_num_views', $item['pk_i_id']); foreach ($item['locale'] as $k => $v) { $item['locale'][$k]['s_title'] = osc_apply_filter('item_title', $v['s_title']); $item['locale'][$k]['s_description'] = nl2br(osc_apply_filter('item_description', $v['s_description'])); } $this->_exportVariableToView('items', array($item)); osc_run_hook('show_item', $item); $this->doView('item.php'); } break; case 'dashboard': //dashboard... break; } }
function doModel() { osc_run_hook('before_search'); $mCategories = new Category(); //////////////////////////////// //GETTING AND FIXING SENT DATA// //////////////////////////////// $p_sCategory = Params::getParam('sCategory'); if (!is_array($p_sCategory)) { if ($p_sCategory == '') { $p_sCategory = array(); } else { $p_sCategory = explode(",", $p_sCategory); } } $p_sCityArea = Params::getParam('sCityArea'); if (!is_array($p_sCityArea)) { if ($p_sCityArea == '') { $p_sCityArea = array(); } else { $p_sCityArea = explode(",", $p_sCityArea); } } $p_sCity = Params::getParam('sCity'); if (!is_array($p_sCity)) { if ($p_sCity == '') { $p_sCity = array(); } else { $p_sCity = explode(",", $p_sCity); } } $p_sRegion = Params::getParam('sRegion'); if (!is_array($p_sRegion)) { if ($p_sRegion == '') { $p_sRegion = array(); } else { $p_sRegion = explode(",", $p_sRegion); } } $p_sCountry = Params::getParam('sCountry'); if (!is_array($p_sCountry)) { if ($p_sCountry == '') { $p_sCountry = array(); } else { $p_sCountry = explode(",", $p_sCountry); } } $p_sPattern = strip_tags(Params::getParam('sPattern')); $p_sUser = strip_tags(Params::getParam('sUser')); // ADD TO THE LIST OF LAST SEARCHES if (osc_save_latest_searches()) { if (trim($p_sPattern) != '') { LatestSearches::newInstance()->insert(array('s_search' => trim($p_sPattern), 'd_date' => date('Y-m-d H:i:s'))); } } $p_bPic = Params::getParam('bPic'); $p_bPic == 1 ? $p_bPic = 1 : ($p_bPic = 0); $p_sPriceMin = Params::getParam('sPriceMin'); $p_sPriceMax = Params::getParam('sPriceMax'); //WE CAN ONLY USE THE FIELDS RETURNED BY Search::getAllowedColumnsForSorting() $p_sOrder = Params::getParam('sOrder'); if (!in_array($p_sOrder, Search::getAllowedColumnsForSorting())) { $p_sOrder = osc_default_order_field_at_search(); } //ONLY 0 ( => 'asc' ), 1 ( => 'desc' ) AS ALLOWED VALUES $p_iOrderType = Params::getParam('iOrderType'); $allowedTypesForSorting = Search::getAllowedTypesForSorting(); $orderType = osc_default_order_type_at_search(); foreach ($allowedTypesForSorting as $k => $v) { if ($p_iOrderType == $v) { $orderType = $k; break; } } $p_iOrderType = $orderType; $p_sFeed = Params::getParam('sFeed'); $p_iPage = intval(Params::getParam('iPage')); if ($p_sFeed != '') { $p_sPageSize = 1000; } $p_sShowAs = Params::getParam('sShowAs'); $aValidShowAsValues = array('list', 'gallery'); if (!in_array($p_sShowAs, $aValidShowAsValues)) { $p_sShowAs = osc_default_show_as_at_search(); } // search results: it's blocked with the maxResultsPerPage@search defined in t_preferences $p_iPageSize = intval(Params::getParam('iPagesize')); if ($p_iPageSize > 0) { if ($p_iPageSize > osc_max_results_per_page_at_search()) { $p_iPageSize = osc_max_results_per_page_at_search(); } } else { $p_iPageSize = osc_default_results_per_page_at_search(); } //FILTERING CATEGORY $bAllCategoriesChecked = false; if (count($p_sCategory) > 0) { foreach ($p_sCategory as $category) { $this->mSearch->addCategory($category); } } else { $bAllCategoriesChecked = true; } //FILTERING CITY_AREA foreach ($p_sCityArea as $city_area) { $this->mSearch->addCityArea($city_area); } $p_sCityArea = implode(", ", $p_sCityArea); //FILTERING CITY foreach ($p_sCity as $city) { $this->mSearch->addCity($city); } $p_sCity = implode(", ", $p_sCity); //FILTERING REGION foreach ($p_sRegion as $region) { $this->mSearch->addRegion($region); } $p_sRegion = implode(", ", $p_sRegion); //FILTERING COUNTRY foreach ($p_sCountry as $country) { $this->mSearch->addCountry($country); } $p_sCountry = implode(", ", $p_sCountry); // FILTERING PATTERN if ($p_sPattern != '') { $this->mSearch->addConditions(sprintf("MATCH(d.s_title, d.s_description) AGAINST('%s' IN BOOLEAN MODE)", $p_sPattern)); $osc_request['sPattern'] = $p_sPattern; } // FILTERING USER if ($p_sUser != '') { $this->mSearch->fromUser(explode(",", $p_sUser)); } // FILTERING IF WE ONLY WANT ITEMS WITH PICS if ($p_bPic) { $this->mSearch->withPicture(true); } //FILTERING BY RANGE PRICE $this->mSearch->priceRange($p_sPriceMin, $p_sPriceMax); //ORDERING THE SEARCH RESULTS $this->mSearch->order($p_sOrder, $allowedTypesForSorting[$p_iOrderType]); //SET PAGE $this->mSearch->page($p_iPage, $p_iPageSize); osc_run_hook('search_conditions', Params::getParamsAsArray()); if (!Params::existParam('sFeed')) { // RETRIEVE ITEMS AND TOTAL $aItems = $this->mSearch->doSearch(); $iTotalItems = $this->mSearch->count(); $iStart = $p_iPage * $p_iPageSize; $iEnd = min(($p_iPage + 1) * $p_iPageSize, $iTotalItems); $iNumPages = ceil($iTotalItems / $p_iPageSize); osc_run_hook('search', $this->mSearch); //preparing variables... //$this->_exportVariableToView('non_empty_categories', $aCategories) ; $this->_exportVariableToView('search_start', $iStart); $this->_exportVariableToView('search_end', $iEnd); $this->_exportVariableToView('search_category', $p_sCategory); $this->_exportVariableToView('search_order_type', $p_iOrderType); $this->_exportVariableToView('search_order', $p_sOrder); $this->_exportVariableToView('search_pattern', $p_sPattern); $this->_exportVariableToView('search_from_user', $p_sUser); $this->_exportVariableToView('search_total_pages', $iNumPages); $this->_exportVariableToView('search_page', $p_iPage); $this->_exportVariableToView('search_has_pic', $p_bPic); $this->_exportVariableToView('search_region', $p_sRegion); $this->_exportVariableToView('search_city', $p_sCity); $this->_exportVariableToView('search_price_min', $p_sPriceMin); $this->_exportVariableToView('search_price_max', $p_sPriceMax); $this->_exportVariableToView('search_total_items', $iTotalItems); $this->_exportVariableToView('items', $aItems); $this->_exportVariableToView('search_show_as', $p_sShowAs); $this->_exportVariableToView('search', $this->mSearch); $this->_exportVariableToView('search_alert', base64_encode(serialize($this->mSearch))); //calling the view... $this->doView('search.php'); } else { $this->mSearch->page(0, osc_num_rss_items()); // RETRIEVE ITEMS AND TOTAL $iTotalItems = $this->mSearch->count(); $aItems = $this->mSearch->doSearch(); $this->_exportVariableToView('items', $aItems); if ($p_sFeed == '' || $p_sFeed == 'rss') { // FEED REQUESTED! header('Content-type: text/xml; charset=utf-8'); $feed = new RSSFeed(); $feed->setTitle(__('Latest items added') . ' - ' . osc_page_title()); $feed->setLink(osc_base_url()); $feed->setDescription(__('Latest items added in') . ' ' . osc_page_title()); if (osc_count_items() > 0) { while (osc_has_items()) { if (osc_count_item_resources() > 0) { osc_has_item_resources(); $feed->addItem(array('title' => osc_item_title(), 'link' => htmlentities(osc_item_url()), 'description' => osc_item_description(), 'dt_pub_date' => osc_item_pub_date(), 'image' => array('url' => htmlentities(osc_resource_thumbnail_url()), 'title' => osc_item_title(), 'link' => htmlentities(osc_item_url())))); } else { $feed->addItem(array('title' => osc_item_title(), 'link' => htmlentities(osc_item_url()), 'description' => osc_item_description(), 'dt_pub_date' => osc_item_pub_date())); } } } osc_run_hook('feed', $feed); $feed->dumpXML(); } else { osc_run_hook('feed_' . $p_sFeed, $aItems); } } }
function doModel() { $mCategories = new Category(); $aCategories = $mCategories->findRootCategories(); $mCategoryStats = new CategoryStats(); //////////////////////////////// //GETTING AND FIXING SENT DATA// //////////////////////////////// $p_sCategory = Params::getParam('sCategory'); if (!is_array($p_sCategory)) { if ($p_sCategory == '') { $p_sCategory = array(); } else { $p_sCategory = explode(",", $p_sCategory); } } $p_sCity = Params::getParam('sCity'); if (!is_array($p_sCity)) { if ($p_sCity == '') { $p_sCity = array(); } else { $p_sCity = explode(",", $p_sCity); } } $p_sRegion = Params::getParam('sRegion'); if (!is_array($p_sRegion)) { if ($p_sRegion == '') { $p_sRegion = array(); } else { $p_sRegion = explode(",", $p_sRegion); } } $p_sCountry = Params::getParam('sCountry'); if (!is_array($p_sCountry)) { if ($p_sCountry == '') { $p_sCountry = array(); } else { $p_sCountry = explode(",", $p_sCountry); } } $p_sPattern = strip_tags(Params::getParam('sPattern')); $p_bPic = Params::getParam('bPic'); $p_bPic == 1 ? $p_bPic = 1 : ($p_bPic = 0); $p_sPriceMin = Params::getParam('sPriceMin'); $p_sPriceMax = Params::getParam('sPriceMax'); //WE CAN ONLY USE THE FIELDS RETURNED BY Search::getAllowedColumnsForSorting() $p_sOrder = Params::getParam('sOrder'); if (!in_array($p_sOrder, Search::getAllowedColumnsForSorting())) { $p_sOrder = osc_default_order_field_at_search(); } //ONLY 0 ( => 'asc' ), 1 ( => 'desc' ) AS ALLOWED VALUES $p_iOrderType = Params::getParam('iOrderType'); $allowedTypesForSorting = Search::getAllowedTypesForSorting(); $orderType = osc_default_order_type_at_search(); foreach ($allowedTypesForSorting as $k => $v) { if ($p_iOrderType == $v) { $orderType = $k; break; } } $p_iOrderType = $orderType; $p_sFeed = Params::getParam('sFeed'); $p_iPage = intval(Params::getParam('iPage')); if ($p_sFeed != '') { $p_sPageSize = 1000; } $p_sShowAs = Params::getParam('sShowAs'); $aValidShowAsValues = array('list', 'gallery'); if (!in_array($p_sShowAs, $aValidShowAsValues)) { $p_sShowAs = osc_default_show_as_at_search(); } // search results: it's blocked with the maxResultsPerPage@search defined in t_preferences $p_iPageSize = intval(Params::getParam('iPagesize')); if ($p_iPageSize > 0) { if ($p_iPageSize > osc_max_results_per_page_at_search()) { $p_iPageSize = osc_max_results_per_page_at_search(); } } else { $p_iPageSize = osc_default_results_per_page_at_search(); } //FILTERING CATEGORY $bAllCategoriesChecked = false; if (count($p_sCategory) > 0) { foreach ($p_sCategory as $category) { $this->mSearch->addCategory($category); } } else { $bAllCategoriesChecked = true; } //FILTERING CITY foreach ($p_sCity as $city) { $this->mSearch->addCity($city); } $p_sCity = implode(", ", $p_sCity); //FILTERING REGION foreach ($p_sRegion as $region) { $this->mSearch->addRegion($region); } $p_sRegion = implode(", ", $p_sRegion); //FILTERING COUNTRY foreach ($p_sCountry as $country) { $this->mSearch->addCountry($country); } $p_sCountry = implode(", ", $p_sCountry); // FILTERING PATTERN if ($p_sPattern != '') { $this->mSearch->addConditions(sprintf("(d.s_title LIKE '%%%s%%' OR d.s_description LIKE '%%%s%%')", $p_sPattern, $p_sPattern)); $osc_request['sPattern'] = $p_sPattern; } // FILTERING IF WE ONLY WANT ITEMS WITH PICS if ($p_bPic) { $this->mSearch->withPicture(true); } //FILTERING BY RANGE PRICE $this->mSearch->priceRange($p_sPriceMin, $p_sPriceMax); //ORDERING THE SEARCH RESULTS $this->mSearch->order($p_sOrder, $allowedTypesForSorting[$p_iOrderType]); //SET PAGE $this->mSearch->page($p_iPage, $p_iPageSize); osc_run_hook('search_conditions', Params::getParamsAsArray()); $this->mSearch->addConditions(sprintf("%st_item.e_status = 'ACTIVE' ", DB_TABLE_PREFIX)); // RETRIEVE ITEMS AND TOTAL $iTotalItems = $this->mSearch->count(); $aItems = $this->mSearch->doSearch(); if (!Params::existParam('sFeed')) { $iStart = $p_iPage * $p_iPageSize; $iEnd = min(($p_iPage + 1) * $p_iPageSize, $iTotalItems); //Static data, which is the point? /*$aOrders = array( __('Newly listed') => array('sOrder' => 'dt_pub_date', 'iOrderType' => 'desc') ,__('Lower price first') => array('sOrder' => 'f_price', 'iOrderType' => 'asc') ,__('Higher price first') => array('sOrder' => 'f_price', 'iOrderType' => 'desc') );*/ $iNumPages = ceil($iTotalItems / $p_iPageSize); //Categories for select at view "search.php" $mCategories = new Category(); $aCategories = $mCategories->findRootCategories(); $mCategoryStats = new CategoryStats(); $aCategories = $mCategories->toTree(); foreach ($aCategories as $k => $v) { $iCategoryNumItems = CategoryStats::newInstance()->getNumItems($v); if ($iCategoryNumItems > 0) { $aCategories[$k]['total'] = $iCategoryNumItems; } else { unset($aCategories[$k]); } } osc_run_hook('search', $this->mSearch); //preparing variables... $this->_exportVariableToView('categories', $aCategories); $this->_exportVariableToView('search_start', $iStart); $this->_exportVariableToView('search_end', $iEnd); $this->_exportVariableToView('search_category', $p_sCategory); $this->_exportVariableToView('search_order_type', $p_iOrderType); $this->_exportVariableToView('search_order', $p_sOrder); $this->_exportVariableToView('search_pattern', $p_sPattern); $this->_exportVariableToView('search_total_pages', $iNumPages); $this->_exportVariableToView('search_page', $p_iPage); $this->_exportVariableToView('search_has_pic', $p_bPic); $this->_exportVariableToView('search_city', $p_sCity); $this->_exportVariableToView('search_price_min', $p_sPriceMin); $this->_exportVariableToView('search_price_max', $p_sPriceMax); $this->_exportVariableToView('search_total_items', $iTotalItems); $this->_exportVariableToView('items', $aItems); $this->_exportVariableToView('search_show_as', $p_sShowAs); $this->_exportVariableToView('search', $this->mSearch); //calling the view... $this->doView('search.php'); } else { $this->_exportVariableToView('items', $aItems); if ($p_sFeed == '' || $p_sFeed == 'rss') { // FEED REQUESTED! header('Content-type: text/xml; charset=utf-8'); $feed = new RSSFeed(); $feed->setTitle(__('Latest items added') . ' - ' . osc_page_title()); $feed->setLink(osc_base_url()); $feed->setDescription(__('Latest items added in') . ' ' . osc_page_title()); if (osc_count_items() > 0) { while (osc_has_items()) { $feed->addItem(array('title' => osc_item_title(), 'link' => htmlentities(osc_item_url()), 'description' => osc_item_description())); } } osc_run_hook('feed', $feed); $feed->dumpXML(); } else { osc_run_hook('feed_' . $p_sFeed, $aItems); } } }
} if ($min_allowDebugFlag) { /* $min_serveOptions['debug'] = Minify_DebugDetector::shouldDebugRequest($_COOKIE, $_GET, $_SERVER['REQUEST_URI']);*/ } if ($min_errorLogger) { if (true === $min_errorLogger) { $min_errorLogger = FirePHP::getInstance(true); } Minify_Logger::setLogger($min_errorLogger); } // check for URI versioning if (preg_match('/&\\d/', $_SERVER['QUERY_STRING'])) { $min_serveOptions['maxAge'] = 31536000; } if (Params::existParam('g')) { // well need groups config $min_serveOptions['minApp']['groups'] = (require MINIFY_MIN_DIR . '/groupsConfig.php'); } if (Params::existParam('f') || Params::existParam('g')) { // serve! if (!isset($min_serveController)) { $min_serveController = new Minify_Controller_MinApp(); } Minify::serve($min_serveController, $min_serveOptions); } elseif ($min_enableBuilder) { header('Location: builder/'); exit; } else { header("Location: /"); exit; }
function doModel() { //specific things for this class switch ($this->action) { case 'bulk_actions': break; case 'regions': //Return regions given a countryId $regions = Region::newInstance()->findByCountry(Params::getParam("countryId")); echo json_encode($regions); break; case 'cities': //Returns cities given a regionId $cities = City::newInstance()->findByRegion(Params::getParam("regionId")); echo json_encode($cities); break; case 'location': // This is the autocomplete AJAX $cities = City::newInstance()->ajax(Params::getParam("term")); echo json_encode($cities); break; case 'userajax': // This is the autocomplete AJAX $users = User::newInstance()->ajax(Params::getParam("term")); if (count($users) == 0) { echo json_encode(array(0 => array('id' => '', 'label' => __('No results'), 'value' => __('No results')))); } else { echo json_encode($users); } break; case 'date_format': echo json_encode(array('format' => Params::getParam('format'), 'str_formatted' => osc_format_date(date('Y-m-d H:i:s'), Params::getParam('format')))); break; case 'runhook': // run hooks $hook = Params::getParam('hook'); if ($hook == '') { echo json_encode(array('error' => 'hook parameter not defined')); break; } switch ($hook) { case 'item_form': osc_run_hook('item_form', Params::getParam('catId')); break; case 'item_edit': $catId = Params::getParam("catId"); $itemId = Params::getParam("itemId"); osc_run_hook("item_edit", $catId, $itemId); break; default: osc_run_hook('ajax_admin_' . $hook); break; } break; case 'categories_order': // Save the order of the categories osc_csrf_check(false); $aIds = Params::getParam('list'); $order = array(); $error = 0; $catManager = Category::newInstance(); $aRecountCat = array(); foreach ($aIds as $cat) { if (!isset($order[$cat['p']])) { $order[$cat['p']] = 0; } $res = $catManager->update(array('fk_i_parent_id' => $cat['p'] == 'root' ? NULL : $cat['p'], 'i_position' => $order[$cat['p']]), array('pk_i_id' => $cat['c'])); if (is_bool($res) && !$res) { $error = 1; } else { if ($res == 1) { $aRecountCat[] = $cat['c']; } } $order[$cat['p']] = $order[$cat['p']] + 1; } // update category stats foreach ($aRecountCat as $rId) { osc_update_cat_stats_id($rId); } if ($error) { $result = array('error' => __("An error occurred")); } else { $result = array('ok' => __("Order saved")); } echo json_encode($result); break; case 'category_edit_iframe': $this->_exportVariableToView('category', Category::newInstance()->findByPrimaryKey(Params::getParam("id"), 'all')); if (count(Category::newInstance()->findSubcategories(Params::getParam("id"))) > 0) { $this->_exportVariableToView('has_subcategories', true); } else { $this->_exportVariableToView('has_subcategories', false); } $this->_exportVariableToView('languages', OSCLocale::newInstance()->listAllEnabled()); $this->doView("categories/iframe.php"); break; case 'field_categories_iframe': $selected = Field::newInstance()->categories(Params::getParam("id")); if ($selected == null) { $selected = array(); } $this->_exportVariableToView("selected", $selected); $this->_exportVariableToView("field", Field::newInstance()->findByPrimaryKey(Params::getParam("id"))); $this->_exportVariableToView("categories", Category::newInstance()->toTreeAll()); $this->doView("fields/iframe.php"); break; case 'field_categories_post': osc_csrf_check(false); $error = 0; $field = Field::newInstance()->findByName(Params::getParam("s_name")); if (!isset($field['pk_i_id']) || isset($field['pk_i_id']) && $field['pk_i_id'] == Params::getParam("id")) { // remove categories from a field Field::newInstance()->cleanCategoriesFromField(Params::getParam("id")); // no error... continue updating fields if ($error == 0) { $slug = Params::getParam("field_slug") != '' ? Params::getParam("field_slug") : Params::getParam("s_name"); $slug_tmp = $slug = preg_replace('|([-]+)|', '-', preg_replace('|[^a-z0-9_-]|', '-', strtolower($slug))); $slug_k = 0; while (true) { $field = Field::newInstance()->findBySlug($slug); if (!$field || $field['pk_i_id'] == Params::getParam("id")) { break; } else { $slug_k++; $slug = $slug_tmp . "_" . $slug_k; } } // trim options $s_options = ''; $aux = Params::getParam('s_options'); $aAux = explode(',', $aux); foreach ($aAux as &$option) { $option = trim($option); } $s_options = implode(',', $aAux); $res = Field::newInstance()->update(array('s_name' => Params::getParam("s_name"), 'e_type' => Params::getParam("field_type"), 's_slug' => $slug, 'b_required' => Params::getParam("field_required") == "1" ? 1 : 0, 'b_searchable' => Params::getParam("field_searchable") == "1" ? 1 : 0, 's_options' => $s_options), array('pk_i_id' => Params::getParam("id"))); if (is_bool($res) && !$res) { $error = 1; } } // no error... continue inserting categories-field if ($error == 0) { $aCategories = Params::getParam("categories"); if (is_array($aCategories) && count($aCategories) > 0) { $res = Field::newInstance()->insertCategories(Params::getParam("id"), $aCategories); if (!$res) { $error = 1; } } } // error while updating? if ($error == 1) { $message = __("An error occurred while updating."); } } else { $error = 1; $message = __("Sorry, you already have a field with that name"); } if ($error) { $result = array('error' => $message); } else { $result = array('ok' => __("Saved"), 'text' => Params::getParam("s_name"), 'field_id' => Params::getParam("id")); } echo json_encode($result); break; case 'delete_field': osc_csrf_check(false); $res = Field::newInstance()->deleteByPrimaryKey(Params::getParam('id')); if ($res > 0) { $result = array('ok' => __('The custom field has been deleted')); } else { $result = array('error' => __('An error occurred while deleting')); } echo json_encode($result); break; case 'add_field': osc_csrf_check(false); $s_name = __('NEW custom field'); $slug_tmp = $slug = preg_replace('|([-]+)|', '-', preg_replace('|[^a-z0-9_-]|', '-', strtolower($s_name))); $slug_k = 0; while (true) { $field = Field::newInstance()->findBySlug($slug); if (!$field || $field['pk_i_id'] == Params::getParam("id")) { break; } else { $slug_k++; $slug = $slug_tmp . "_" . $slug_k; } } $fieldManager = Field::newInstance(); $result = $fieldManager->insertField($s_name, 'TEXT', $slug, 0, '', array()); if ($result) { echo json_encode(array('error' => 0, 'field_id' => $fieldManager->dao->insertedId(), 'field_name' => $s_name)); } else { echo json_encode(array('error' => 1)); } break; case 'enable_category': osc_csrf_check(false); $id = strip_tags(Params::getParam('id')); $enabled = Params::getParam('enabled') != '' ? Params::getParam('enabled') : 0; $error = 0; $result = array(); $aUpdated = array(); $mCategory = Category::newInstance(); $aCategory = $mCategory->findByPrimaryKey($id); if ($aCategory == false) { $result = array('error' => sprintf(__("No category with id %d exists"), $id)); echo json_encode($result); break; } // root category if ($aCategory['fk_i_parent_id'] == '') { $mCategory->update(array('b_enabled' => $enabled), array('pk_i_id' => $id)); $mCategory->update(array('b_enabled' => $enabled), array('fk_i_parent_id' => $id)); $subCategories = $mCategory->findSubcategories($id); $aIds = array($id); $aUpdated[] = array('id' => $id); foreach ($subCategories as $subcategory) { $aIds[] = $subcategory['pk_i_id']; $aUpdated[] = array('id' => $subcategory['pk_i_id']); } Item::newInstance()->enableByCategory($enabled, $aIds); if ($enabled) { $result = array('ok' => __('The category as well as its subcategories have been enabled')); } else { $result = array('ok' => __('The category as well as its subcategories have been disabled')); } $result['affectedIds'] = $aUpdated; echo json_encode($result); break; } // subcategory $parentCategory = $mCategory->findRootCategory($id); if (!$parentCategory['b_enabled']) { $result = array('error' => __('Parent category is disabled, you can not enable that category')); echo json_encode($result); break; } $mCategory->update(array('b_enabled' => $enabled), array('pk_i_id' => $id)); if ($enabled) { $result = array('ok' => __('The subcategory has been enabled')); } else { $result = array('ok' => __('The subcategory has been disabled')); } $result['affectedIds'] = array(array('id' => $id)); echo json_encode($result); break; case 'delete_category': osc_csrf_check(false); $id = Params::getParam("id"); $error = 0; $categoryManager = Category::newInstance(); $res = $categoryManager->deleteByPrimaryKey($id); if ($res > 0) { $message = __('The categories have been deleted'); } else { $error = 1; $message = __('An error occurred while deleting'); } if ($error) { $result = array('error' => $message); } else { $result = array('ok' => __("Saved")); } echo json_encode($result); break; case 'edit_category_post': osc_csrf_check(false); $id = Params::getParam("id"); $fields['i_expiration_days'] = Params::getParam("i_expiration_days") != '' ? Params::getParam("i_expiration_days") : 0; $fields['b_price_enabled'] = Params::getParam('b_price_enabled') != '' ? 1 : 0; $apply_changes_to_subcategories = Params::getParam('apply_changes_to_subcategories') == 1 ? true : false; $error = 0; $has_one_title = 0; $postParams = Params::getParamsAsArray(); foreach ($postParams as $k => $v) { if (preg_match('|(.+?)#(.+)|', $k, $m)) { if ($m[2] == 's_name') { if ($v != "") { $has_one_title = 1; $aFieldsDescription[$m[1]][$m[2]] = $v; $s_text = $v; } else { $aFieldsDescription[$m[1]][$m[2]] = NULL; $error = 1; } } else { $aFieldsDescription[$m[1]][$m[2]] = $v; } } } $l = osc_language(); if ($error == 0 || $error == 1 && $has_one_title == 1) { $categoryManager = Category::newInstance(); $res = $categoryManager->updateByPrimaryKey(array('fields' => $fields, 'aFieldsDescription' => $aFieldsDescription), $id); $categoryManager->updateExpiration($id, $fields['i_expiration_days'], $apply_changes_to_subcategories); $categoryManager->updatePriceEnabled($id, $fields['b_price_enabled'], $apply_changes_to_subcategories); if (is_bool($res)) { $error = 2; } } if ($error == 0) { $msg = __("Category updated correctly"); } else { if ($error == 1) { if ($has_one_title == 1) { $error = 4; $msg = __('Category updated correctly, but some titles are empty'); } else { $msg = __('Sorry, including at least a title is mandatory'); } } else { if ($error == 2) { $msg = __('An error occurred while updating'); } } } echo json_encode(array('error' => $error, 'msg' => $msg, 'text' => $aFieldsDescription[$l]['s_name'])); break; case 'custom': // Execute via AJAX custom file if (Params::existParam('route')) { $routes = Rewrite::newInstance()->getRoutes(); $rid = Params::getParam('route'); $file = '../'; if (isset($routes[$rid]) && isset($routes[$rid]['file'])) { $file = $routes[$rid]['file']; } } else { $file = Params::getParam("ajaxfile"); } if ($file == '') { echo json_encode(array('error' => 'no action defined')); break; } // valid file? if (stripos($file, '../') !== false || stripos($file, '..\\') !== false) { echo json_encode(array('error' => 'no valid file')); break; } if (!file_exists(osc_plugins_path() . $file)) { echo json_encode(array('error' => "file doesn't exist")); break; } require_once osc_plugins_path() . $file; break; case 'test_mail': $title = sprintf(__('Test email, %s'), osc_page_title()); $body = __("Test email") . "<br><br>" . osc_page_title(); $emailParams = array('subject' => $title, 'to' => osc_contact_email(), 'to_name' => 'admin', 'body' => $body, 'alt_body' => $body); $array = array(); if (osc_sendMail($emailParams)) { $array = array('status' => '1', 'html' => __('Email sent successfully')); } else { $array = array('status' => '0', 'html' => __('An error occurred while sending email')); } echo json_encode($array); break; case 'test_mail_template': // replace por valores por defecto $email = Params::getParam("email"); $title = Params::getParam("title"); $body = Params::getParam("body", false, false); $emailParams = array('subject' => $title, 'to' => $email, 'to_name' => 'admin', 'body' => $body, 'alt_body' => $body); $array = array(); if (osc_sendMail($emailParams)) { $array = array('status' => '1', 'html' => __('Email sent successfully')); } else { $array = array('status' => '0', 'html' => __('An error occurred while sending email')); } echo json_encode($array); break; case 'order_pages': osc_csrf_check(false); $order = Params::getParam("order"); $id = Params::getParam("id"); if ($order != '' && $id != '') { $mPages = Page::newInstance(); $actual_page = $mPages->findByPrimaryKey($id); $actual_order = $actual_page['i_order']; $array = array(); $condition = array(); $new_order = $actual_order; if ($order == 'up') { $page = $mPages->findPrevPage($actual_order); } else { if ($order == 'down') { $page = $mPages->findNextPage($actual_order); } } if (isset($page['i_order'])) { $mPages->update(array('i_order' => $page['i_order']), array('pk_i_id' => $id)); $mPages->update(array('i_order' => $actual_order), array('pk_i_id' => $page['pk_i_id'])); } } break; case 'check_version': $data = osc_file_get_contents('http://osclass.org/latest_version_v1.php?callback=?'); $data = preg_replace('|^\\?\\((.*?)\\);$|', '$01', $data); $json = json_decode($data); if (isset($json->version)) { if ($json->version > osc_version()) { osc_set_preference('update_core_json', $data); echo json_encode(array('error' => 0, 'msg' => __('Update available'))); } else { osc_set_preference('update_core_json', ''); echo json_encode(array('error' => 0, 'msg' => __('No update available'))); } osc_set_preference('last_version_check', time()); } else { // Latest version couldn't be checked (site down?) osc_set_preference('last_version_check', time() - 82800); // 82800 = 23 hours, so repeat check in one hour echo json_encode(array('error' => 1, 'msg' => __('Version could not be checked'))); } break; case 'check_languages': $total = _osc_check_languages_update(); echo json_encode(array('msg' => __('Checked updates'), 'total' => $total)); break; case 'check_themes': $total = _osc_check_themes_update(); echo json_encode(array('msg' => __('Checked updates'), 'total' => $total)); break; case 'check_plugins': $total = _osc_check_plugins_update(); echo json_encode(array('msg' => __('Checked updates'), 'total' => $total)); break; /****************************** ** COMPLETE UPGRADE PROCESS ** ******************************/ /****************************** ** COMPLETE UPGRADE PROCESS ** ******************************/ case 'upgrade': // AT THIS POINT WE KNOW IF THERE'S AN UPDATE OR NOT osc_csrf_check(); $result = osc_do_upgrade(); if (!defined('__FROM_CRON__') || !__FROM_CRON__) { if ($result['error'] == 0) { osc_add_flash_ok_message($result['message'], 'admin'); } else { if ($result['error'] == 6) { osc_add_flash_warning_message($result['message'], 'admin'); } } } echo json_encode($result); break; /******************************* ** COMPLETE MARKET PROCESS ** *******************************/ /******************************* ** COMPLETE MARKET PROCESS ** *******************************/ case 'market': // AT THIS POINT WE KNOW IF THERE'S AN UPDATE OR NOT osc_csrf_check(false); $result = osc_market(Params::getParam('section'), Params::getParam('code')); echo json_encode($result); break; case 'check_market': // AT THIS POINT WE KNOW IF THERE'S AN UPDATE OR NOT $section = Params::getParam('section'); $code = Params::getParam('code'); $data = array(); /************************ *** CHECK VALID CODE *** ************************/ if ($code != '' && $section != '') { if (stripos($code, "http://") === FALSE) { // OSCLASS OFFICIAL REPOSITORY $data = json_decode(osc_file_get_contents(osc_market_url($section, $code), array('api_key' => osc_market_api_connect())), true); } else { // THIRD PARTY REPOSITORY if (osc_market_external_sources()) { $data = json_decode(osc_file_get_contents($code), true); } else { echo json_encode(array('error' => 3, 'error_msg' => __('No external sources are allowed'))); break; } } if (!isset($data['s_source_file']) || !isset($data['s_update_url'])) { //$data = array('error' => 2, 'error_msg' => __('Invalid code')); } } else { $data = array('error' => 1, 'error_msg' => __('No code was submitted')); } echo json_encode($data); break; case 'market_data': $section = Params::getParam('section'); $page = Params::getParam("mPage"); $featured = Params::getParam("featured"); $sort = Params::getParam("sort"); $order = Params::getParam("order"); // for the moment this value is static $length = 9; if ($page >= 1) { $page--; } $url = osc_market_url($section) . "page/" . $page . '/'; if ($length != '' && is_numeric($length)) { $url .= 'length/' . $length . '/'; } if ($sort != '') { $url .= 'order/' . $sort; if ($order != '') { $url .= '/' . $order; } } if ($featured != '') { $url = osc_market_featured_url($section); } $data = array(); $data = json_decode(osc_file_get_contents($url, array('api_key' => osc_market_api_connect())), true); if (!isset($data[$section])) { $data = array('error' => 1, 'error_msg' => __('No market data')); } echo 'var market_data = window.market_data || {}; market_data.' . $section . ' = ' . json_encode($data) . ';'; break; case 'local_market': // AVOID CROSS DOMAIN PROBLEMS OF AJAX REQUEST $marketPage = Params::getParam("mPage"); if ($marketPage >= 1) { $marketPage--; } $out = osc_file_get_contents(osc_market_url(Params::getParam("section")) . "page/" . $marketPage, array('api_key' => osc_market_api_connect())); $array = json_decode($out, true); // do pagination $pageActual = $array['page']; $totalPages = ceil($array['total'] / $array['sizePage']); $params = array('total' => $totalPages, 'selected' => $pageActual, 'url' => '#{PAGE}', 'sides' => 5); // set pagination $pagination = new Pagination($params); $aux = $pagination->doPagination(); $array['pagination_content'] = $aux; // encode to json echo json_encode($array); break; case 'market_connect': $json = osc_file_get_contents(osc_market_url() . 'connect/', array('s_email' => Params::getParam('s_email'), 's_password' => Params::getParam('s_password'))); $data = json_decode($json, true); if ($data['error'] == 0) { osc_set_preference('marketAPIConnect', $data['api_key']); unset($data['api_key']); $json = json_encode($data); } echo $json; break; case 'dashboardbox_market': $error = 0; // make market call $url = osc_get_preference('marketURL') . 'dashboardbox/'; $content = ''; if (false === ($json = @osc_file_get_contents($url))) { $error = 1; } else { $content = $json; } if ($error == 1) { echo json_encode(array('error' => 1)); } else { // replace content with correct urls $content = str_replace('{URL_MARKET_THEMES}', osc_admin_base_url(true) . '?page=market&action=themes', $content); $content = str_replace('{URL_MARKET_PLUGINS}', osc_admin_base_url(true) . '?page=market&action=plugins', $content); echo json_encode(array('html' => $content)); } break; case 'market_header': $error = 0; // make market call $url = osc_get_preference('marketURL') . 'market_header/'; $content = ''; if (false === ($json = @osc_file_get_contents($url))) { $error = 1; } else { $content = $json; } if ($error == 1) { echo json_encode(array('error' => 1)); } else { echo json_encode(array('html' => $content)); } break; case 'location_stats': osc_csrf_check(false); $workToDo = osc_update_location_stats(); if ($workToDo > 0) { $array['status'] = 'more'; $array['pending'] = $workToDo; echo json_encode($array); } else { $array['status'] = 'done'; echo json_encode($array); } break; case 'country_slug': $exists = Country::newInstance()->findBySlug(Params::getParam('slug')); if (isset($exists['s_slug'])) { echo json_encode(array('error' => 1, 'country' => $exists)); } else { echo json_encode(array('error' => 0)); } break; case 'region_slug': $exists = Region::newInstance()->findBySlug(Params::getParam('slug')); if (isset($exists['s_slug'])) { echo json_encode(array('error' => 1, 'region' => $exists)); } else { echo json_encode(array('error' => 0)); } break; case 'city_slug': $exists = City::newInstance()->findBySlug(Params::getParam('slug')); if (isset($exists['s_slug'])) { echo json_encode(array('error' => 1, 'city' => $exists)); } else { echo json_encode(array('error' => 0)); } break; case 'error_permissions': echo json_encode(array('error' => __("You don't have the necessary permissions"))); break; default: echo json_encode(array('error' => __('no action defined'))); break; } // clear all keep variables into session Session::newInstance()->_dropKeepForm(); Session::newInstance()->_clearVariables(); }
function doModel() { parent::doModel(); //specific things for this class switch ($this->action) { case 'add': $this->doView("plugins/add.php"); break; case 'add_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); } osc_csrf_check(); $package = Params::getFiles("package"); if (isset($package['size']) && $package['size'] != 0) { $path = osc_plugins_path(); (int) ($status = osc_unzip_file($package['tmp_name'], $path)); @unlink($package['tmp_name']); } else { $status = 3; } switch ($status) { case 0: $msg = _m('The plugin folder is not writable'); osc_add_flash_error_message($msg, 'admin'); break; case 1: $msg = _m('The plugin has been uploaded correctly'); osc_add_flash_ok_message($msg, 'admin'); break; case 2: $msg = _m('The zip file is not valid'); osc_add_flash_error_message($msg, 'admin'); break; case 3: $msg = _m('No file was uploaded'); osc_add_flash_error_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=plugins&action=add"); break; case -1: default: $msg = _m('There was a problem adding the plugin'); osc_add_flash_error_message($msg, 'admin'); break; } $this->redirectTo(osc_admin_base_url(true) . "?page=plugins"); break; case 'install': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); } osc_csrf_check(); $pn = Params::getParam('plugin'); // set header just in case it's triggered some fatal error header("Location: " . osc_admin_base_url(true) . "?page=plugins&error=" . $pn, true, '302'); $installed = Plugins::install($pn); if (is_array($installed)) { switch ($installed['error_code']) { case 'error_output': osc_add_flash_error_message(sprintf(_m('The plugin generated %d characters of <strong>unexpected output</strong> during the installation. Output: "%s"'), strlen($installed['output']), $installed['output']), 'admin'); break; case 'error_installed': osc_add_flash_error_message(_m('Plugin is already installed'), 'admin'); break; case 'error_file': osc_add_flash_error_message(_m("Plugin couldn't be installed because their files are missing"), 'admin'); break; case 'custom_error': osc_add_flash_error_message(sprintf(_m("Plugin couldn't be installed because of: %s"), $installed['msg']), 'admin'); break; default: osc_add_flash_error_message(_m("Plugin couldn't be installed"), 'admin'); break; } } else { osc_add_flash_ok_message(_m('Plugin installed'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); break; case 'uninstall': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); } osc_csrf_check(); if (Plugins::uninstall(Params::getParam("plugin"))) { osc_add_flash_ok_message(_m('Plugin uninstalled'), 'admin'); } else { osc_add_flash_error_message(_m("Plugin couldn't be uninstalled"), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); break; case 'enable': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); } osc_csrf_check(); if (Plugins::activate(Params::getParam('plugin'))) { osc_add_flash_ok_message(_m('Plugin enabled'), 'admin'); } else { osc_add_flash_error_message(_m('Plugin is already enabled'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); break; case 'disable': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); } osc_csrf_check(); if (Plugins::deactivate(Params::getParam('plugin'))) { osc_add_flash_ok_message(_m('Plugin disabled'), 'admin'); } else { osc_add_flash_error_message(_m('Plugin is already disabled'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); break; case 'admin': $plugin = Params::getParam("plugin"); if ($plugin != "") { osc_run_hook($plugin . '_configure'); } break; case 'admin_post': osc_run_hook('admin_post'); break; case 'renderplugin': if (Params::existParam('route')) { $routes = Rewrite::newInstance()->getRoutes(); $rid = Params::getParam('route'); $file = '../'; if (isset($routes[$rid]) && isset($routes[$rid]['file'])) { $file = $routes[$rid]['file']; } } else { // DEPRECATED: Disclosed path in URL is deprecated, use routes instead // This will be REMOVED in 3.4 $file = Params::getParam('file'); // We pass the GET variables (in case we have somes) if (preg_match('|(.+?)\\?(.*)|', $file, $match)) { $file = $match[1]; if (preg_match_all('|&([^=]+)=([^&]*)|', urldecode('&' . $match[2] . '&'), $get_vars)) { for ($var_k = 0; $var_k < count($get_vars[1]); $var_k++) { Params::setParam($get_vars[1][$var_k], $get_vars[2][$var_k]); } } } else { $file = Params::getParam('file'); } } osc_run_hook('renderplugin_controller'); if (stripos($file, '../') === false && stripos($file, '..\\') === false && $file != "") { $this->_exportVariableToView("file", osc_plugins_path() . $file); $this->doView("plugins/view.php"); } break; case 'configure': $plugin = Params::getParam("plugin"); if ($plugin != '') { $plugin_data = Plugins::getInfo($plugin); $this->_exportVariableToView("categories", Category::newInstance()->toTreeAll()); $this->_exportVariableToView("selected", PluginCategory::newInstance()->listSelected($plugin_data['short_name'])); $this->_exportVariableToView("plugin_data", $plugin_data); $this->doView("plugins/configuration.php"); } else { $this->redirectTo(osc_admin_base_url(true) . "?page=plugins"); } break; case 'configure_post': osc_csrf_check(); $plugin_short_name = Params::getParam("plugin_short_name"); $categories = Params::getParam("categories"); if ($plugin_short_name != "") { Plugins::cleanCategoryFromPlugin($plugin_short_name); if (isset($categories)) { Plugins::addToCategoryPlugin($categories, $plugin_short_name); } osc_run_hook('plugin_categories_' . Params::getParam('plugin'), $categories); osc_add_flash_ok_message(_m('Configuration was saved'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=plugins"); } osc_add_flash_error_message(_m('No plugin selected'), 'admin'); $this->doView('plugins/index.php'); break; case 'delete': osc_csrf_check(); $plugin = str_replace('/index.php', '', Params::getParam("plugin")); $path = preg_replace('([\\/]+)', '/', CONTENT_PATH . 'plugins/' . $plugin); if ($plugin != "" && strpos($plugin, '../') === false && strpos($plugin, '..\\') === false && $path != CONTENT_PATH . 'plugins/') { if (osc_deleteDir($path)) { osc_add_flash_ok_message(_m('The files were deleted'), 'admin'); } else { osc_add_flash_error_message(sprintf(_m('There were an error deleting the files, please check the permissions of the files in %s'), $path . "/"), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . "?page=plugins"); } osc_add_flash_error_message(_m('No plugin selected'), 'admin'); $this->doView('plugins/index.php'); break; case 'error_plugin': // force php errors and simulate plugin installation to show the errors in the iframe if (!OSC_DEBUG) { error_reporting(E_ALL | E_STRICT); } @ini_set('display_errors', 1); include osc_plugins_path() . Params::getParam('plugin'); Plugins::install(Params::getParam('plugin')); exit; break; default: if (Params::getParam('checkUpdated') != '') { osc_admin_toolbar_update_plugins(true); } if (Params::getParam('iDisplayLength') == '') { Params::setParam('iDisplayLength', 25); } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); $p_iPage = 1; if (is_numeric(Params::getParam('iPage')) && Params::getParam('iPage') >= 1) { $p_iPage = Params::getParam('iPage'); } Params::setParam('iPage', $p_iPage); $aPlugin = Plugins::listAll(); $active_plugins = osc_get_plugins(); // pagination $start = ($p_iPage - 1) * Params::getParam('iDisplayLength'); $limit = Params::getParam('iDisplayLength'); $count = count($aPlugin); $displayRecords = $limit; if ($start + $limit > $count) { $displayRecords = $start + $limit - $count; } // -------------------------------------------------------- $aData = array(); $aInfo = array(); $max = $start + $limit; if ($max > $count) { $max = $count; } $aPluginsToUpdate = json_decode(osc_get_preference('plugins_to_update')); $bPluginsToUpdate = is_array($aPluginsToUpdate) ? true : false; for ($i = $start; $i < $max; $i++) { $plugin = $aPlugin[$i]; $row = array(); $pInfo = osc_plugin_get_info($plugin); // prepare row 1 $installed = 0; if (osc_plugin_is_installed($plugin)) { $installed = 1; } $enabled = 0; if (osc_plugin_is_enabled($plugin)) { $enabled = 1; } // prepare row 2 $sUpdate = ''; // get plugins to update from t_preference if ($bPluginsToUpdate) { if (in_array(@$pInfo['plugin_update_uri'], $aPluginsToUpdate)) { $sUpdate = '<a class="market_update market-popup" href="#' . htmlentities($pInfo['plugin_update_uri']) . '">' . __("There's a new update available") . '</a>'; } } // prepare row 4 $sConfigure = ''; if (isset($active_plugins[$plugin . '_configure'])) { $sConfigure = '<a href="' . osc_admin_base_url(true) . '?page=plugins&action=admin&plugin=' . $pInfo['filename'] . "&" . osc_csrf_token_url() . '">' . __('Configure') . '</a>'; } // prepare row 5 $sEnable = ''; if ($installed) { if ($enabled) { $sEnable = '<a href="' . osc_admin_base_url(true) . '?page=plugins&action=disable&plugin=' . $pInfo['filename'] . "&" . osc_csrf_token_url() . '">' . __('Disable') . '</a>'; } else { $sEnable = '<a href="' . osc_admin_base_url(true) . '?page=plugins&action=enable&plugin=' . $pInfo['filename'] . "&" . osc_csrf_token_url() . '">' . __('Enable') . '</a>'; } } // prepare row 6 if ($installed) { $sInstall = '<a onclick="javascript:return uninstall_dialog(\'' . $pInfo['filename'] . '\', \'' . $pInfo['plugin_name'] . '\');" href="' . osc_admin_base_url(true) . '?page=plugins&action=uninstall&plugin=' . $pInfo['filename'] . "&" . osc_csrf_token_url() . '">' . __('Uninstall') . '</a>'; } else { $sInstall = '<a href="' . osc_admin_base_url(true) . '?page=plugins&action=install&plugin=' . $pInfo['filename'] . "&" . osc_csrf_token_url() . '">' . __('Install') . '</a>'; } $sDelete = ''; if (!$installed) { $sDelete = '<a href="javascript:delete_plugin(\'' . $pInfo['filename'] . '\');" >' . __('Delete') . '</a>'; } $sHelp = ''; if ($pInfo['support_uri'] != '') { $sHelp = '<span class="plugin-support-icon plugin-tooltip" ><a target="_blank" href="' . osc_sanitize_url($pInfo['support_uri']) . '" ><img src="' . osc_current_admin_theme_url('images/question.png') . '" alt="' . osc_esc_html(__('Problems with this plugin? Ask for support.')) . '" ></a></span>'; } $sSiteUrl = ''; if ($pInfo['plugin_uri'] != '') { $sSiteUrl = ' | <a target="_blank" href="' . $pInfo['plugin_uri'] . '">' . __('Plugins Site') . '</a>'; } if ($pInfo['author_uri'] != '') { $sAuthor = __('By') . ' <a target="_blank" href="' . $pInfo['author_uri'] . '">' . $pInfo['author'] . '</a>'; } else { $sAuthor = __('By') . ' ' . $pInfo['author']; } $row[] = '<input type="hidden" name="installed" value="' . $installed . '" enabled="' . $enabled . '" />' . $pInfo['plugin_name'] . $sHelp . '<div>' . $sUpdate . '</div>'; $row[] = $pInfo['description'] . '<br />' . __('Version:') . $pInfo['version'] . ' | ' . $sAuthor . $sSiteUrl; $row[] = $sUpdate != '' ? $sUpdate : ' '; $row[] = $sConfigure != '' ? $sConfigure : ' '; $row[] = $sEnable != '' ? $sEnable : ' '; $row[] = $sInstall != '' ? $sInstall : ' '; $row[] = $sDelete != '' ? $sDelete : ' '; $aData[] = $row; if (@$pInfo['plugin_update_uri'] != '') { $aInfo[@$pInfo['plugin_update_uri']] = $pInfo; } else { $aInfo[$i] = $pInfo; } } $array['iTotalRecords'] = $displayRecords; $array['iTotalDisplayRecords'] = count($aPlugin); $array['iDisplayLength'] = $limit; $array['aaData'] = $aData; $array['aaInfo'] = $aInfo; // -------------------------------------------------------- $page = (int) Params::getParam('iPage'); if (count($array['aaData']) == 0 && $page != 1) { $total = (int) $array['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $array['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . Params::getServerParam('QUERY_STRING', false, false); if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aPlugins', $array); $this->doView("plugins/index.php"); break; } }
function doModel() { switch ($this->action) { case 'login_post': //post execution for the login $admin = Admin::newInstance()->findByUsername(Params::getParam('user')); if ($admin) { if ($admin["s_password"] == sha1(Params::getParam('password'))) { if (Params::getParam('remember')) { //this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']); Cookie::newInstance()->push('oc_adminSecret', $secret); Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale')); Cookie::newInstance()->set(); } //we are logged in... let's go! Session::newInstance()->_set('adminId', $admin['pk_i_id']); Session::newInstance()->_set('adminUserName', $admin['s_username']); Session::newInstance()->_set('adminName', $admin['s_name']); Session::newInstance()->_set('adminEmail', $admin['s_email']); Session::newInstance()->_set('adminLocale', Params::getParam('locale')); } else { osc_add_flash_message(_m('The password is incorrect'), 'admin'); } } else { osc_add_flash_message(_m('That username does not exist'), 'admin'); } //returning logged in to the main page... $this->redirectTo(osc_admin_base_url()); break; case 'recover': //form to recover the password (in this case we have the form in /gui/) //#dev.conquer: we cannot use the doView here and only here $this->doView('gui/recover.php'); break; case 'recover_post': //post execution to recover the password $admin = Admin::newInstance()->findByEmail(Params::getParam('email')); if ($admin) { if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_message(_m('The Recaptcha code is wrong'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover'); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $newPassword = osc_genRandomPassword(40); Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id'])); $password_link = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword); $aPage = Page::newInstance()->findByInternalName('email_user_forgot_password'); $content = array(); $locale = osc_current_user_locale(); if (isset($aPage['locale'][$locale]['s_title'])) { $content = $aPage['locale'][$locale]; } else { $content = current($aPage['locale']); } if (!is_null($content)) { $words = array(); $words[] = array('{USER_NAME}', '{USER_EMAIL}', '{WEB_TITLE}', '{IP_ADDRESS}', '{PASSWORD_LINK}', '{DATE_TIME}'); $words[] = array($admin['s_name'], $admin['s_email'], osc_page_title(), $_SERVER['REMOTE_ADDR'], $password_link, date(osc_time_format() . ' ' . osc_date_format())); $title = osc_mailBeauty($content['s_title'], $words); $body = osc_mailBeauty($content['s_text'], $words); $emailParams = array('subject' => $title, 'to' => $admin['s_email'], 'to_name' => $admin['s_name'], 'body' => $body, 'alt_body' => $body); osc_sendMail($emailParams); } } osc_add_flash_message(_m('A new password has been sent to your e-mail'), 'admin'); $this->redirectTo(osc_admin_base_url()); break; case 'forgot': //form to recover the password (in this case we have the form in /gui/) $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if ($admin) { $this->doView('gui/forgot_password.php'); } else { osc_add_flash_message(_m('Sorry, the link is not valid'), 'admin'); $this->redirectTo(osc_admin_base_url()); } break; case 'forgot_post': $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if ($admin) { if (Params::getParam('new_password') == Params::getParam('new_password2')) { Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => $admin['pk_i_id'])); osc_add_flash_message(_m('The password has been changed'), 'admin'); $this->redirectTo(osc_admin_base_url()); } else { osc_add_flash_message(_m('Error, the password don\'t match'), 'admin'); $this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code'))); } } else { osc_add_flash_message(_m('Sorry, the link is not valid'), 'admin'); } $this->redirectTo(osc_admin_base_url()); break; } }
function doModel() { osc_run_hook('before_search'); if (osc_rewrite_enabled()) { // IF rewrite is not enabled, skip this part, preg_match is always time&resources consuming task $p_sParams = "/" . Params::getParam('sParams', false, false); if (preg_match_all('|\\/([^,]+),([^\\/]*)|', $p_sParams, $m)) { $l = count($m[0]); for ($k = 0; $k < $l; $k++) { switch ($m[1][$k]) { case osc_get_preference('rewrite_search_country'): $m[1][$k] = 'sCountry'; break; case osc_get_preference('rewrite_search_region'): $m[1][$k] = 'sRegion'; break; case osc_get_preference('rewrite_search_city'): $m[1][$k] = 'sCity'; break; case osc_get_preference('rewrite_search_city_area'): $m[1][$k] = 'sCityArea'; break; case osc_get_preference('rewrite_search_category'): $m[1][$k] = 'sCategory'; break; case osc_get_preference('rewrite_search_user'): $m[1][$k] = 'sUser'; break; case osc_get_preference('rewrite_search_pattern'): $m[1][$k] = 'sPattern'; break; default: // custom fields if (preg_match("/meta(\\d+)-?(.*)?/", $m[1][$k], $results)) { $meta_key = $m[1][$k]; $meta_value = $m[2][$k]; $array_r = array(); if (Params::existParam('meta')) { $array_r = Params::getParam('meta'); } if ($results[2] == '') { // meta[meta_id] = meta_value $meta_key = $results[1]; $array_r[$meta_key] = $meta_value; } else { // meta[meta_id][meta_key] = meta_value $meta_key = $results[1]; $meta_key2 = $results[2]; $array_r[$meta_key][$meta_key2] = $meta_value; } $m[1][$k] = 'meta'; $m[2][$k] = $array_r; } break; } Params::setParam($m[1][$k], $m[2][$k]); } Params::unsetParam('sParams'); } } $uriParams = Params::getParamsAsArray(); $searchUri = osc_search_url($uriParams); if ($this->uri != 'feed') { if (str_replace("%20", '+', $searchUri) != str_replace("%20", '+', WEB_PATH . $this->uri)) { $this->redirectTo($searchUri, 301); } } //////////////////////////////// //GETTING AND FIXING SENT DATA// //////////////////////////////// $p_sCategory = Params::getParam('sCategory'); if (!is_array($p_sCategory)) { if ($p_sCategory == '') { $p_sCategory = array(); } else { $p_sCategory = explode(",", $p_sCategory); } } $p_sCityArea = Params::getParam('sCityArea'); if (!is_array($p_sCityArea)) { if ($p_sCityArea == '') { $p_sCityArea = array(); } else { $p_sCityArea = explode(",", $p_sCityArea); } } $p_sCity = Params::getParam('sCity'); if (!is_array($p_sCity)) { if ($p_sCity == '') { $p_sCity = array(); } else { $p_sCity = explode(",", $p_sCity); } } $p_sRegion = Params::getParam('sRegion'); if (!is_array($p_sRegion)) { if ($p_sRegion == '') { $p_sRegion = array(); } else { $p_sRegion = explode(",", $p_sRegion); } } $p_sCountry = Params::getParam('sCountry'); if (!is_array($p_sCountry)) { if ($p_sCountry == '') { $p_sCountry = array(); } else { $p_sCountry = explode(",", $p_sCountry); } } $p_sUser = Params::getParam('sUser'); if (!is_array($p_sUser)) { if ($p_sUser == '') { $p_sUser = ''; } else { $p_sUser = explode(",", $p_sUser); } } $p_sLocale = Params::getParam('sLocale'); if (!is_array($p_sLocale)) { if ($p_sLocale == '') { $p_sLocale = ''; } else { $p_sLocale = explode(",", $p_sLocale); } } $p_sPattern = trim(strip_tags(Params::getParam('sPattern'))); // ADD TO THE LIST OF LAST SEARCHES if (osc_save_latest_searches() && (!Params::existParam('iPage') || Params::getParam('iPage') == 1)) { $savePattern = osc_apply_filter('save_latest_searches_pattern', $p_sPattern); if ($savePattern != '') { LatestSearches::newInstance()->insert(array('s_search' => $savePattern, 'd_date' => date('Y-m-d H:i:s'))); } } $p_bPic = Params::getParam('bPic'); $p_bPic = $p_bPic == 1 ? 1 : 0; $p_bPremium = Params::getParam('bPremium'); $p_bPremium = $p_bPremium == 1 ? 1 : 0; $p_sPriceMin = Params::getParam('sPriceMin'); $p_sPriceMax = Params::getParam('sPriceMax'); //WE CAN ONLY USE THE FIELDS RETURNED BY Search::getAllowedColumnsForSorting() $p_sOrder = Params::getParam('sOrder'); if (!in_array($p_sOrder, Search::getAllowedColumnsForSorting())) { $p_sOrder = osc_default_order_field_at_search(); } $old_order = $p_sOrder; //ONLY 0 ( => 'asc' ), 1 ( => 'desc' ) AS ALLOWED VALUES $p_iOrderType = Params::getParam('iOrderType'); $allowedTypesForSorting = Search::getAllowedTypesForSorting(); $orderType = osc_default_order_type_at_search(); foreach ($allowedTypesForSorting as $k => $v) { if ($p_iOrderType == $v) { $orderType = $k; break; } } $p_iOrderType = $orderType; $p_sFeed = Params::getParam('sFeed'); $p_iPage = 0; if (is_numeric(Params::getParam('iPage')) && Params::getParam('iPage') > 0) { $p_iPage = intval(Params::getParam('iPage')) - 1; } if ($p_sFeed != '') { $p_sPageSize = 1000; } $p_sShowAs = Params::getParam('sShowAs'); $aValidShowAsValues = array('list', 'gallery'); if (!in_array($p_sShowAs, $aValidShowAsValues)) { $p_sShowAs = osc_default_show_as_at_search(); } // search results: it's blocked with the maxResultsPerPage@search defined in t_preferences $p_iPageSize = intval(Params::getParam('iPagesize')); if ($p_iPageSize > 0) { if ($p_iPageSize > osc_max_results_per_page_at_search()) { $p_iPageSize = osc_max_results_per_page_at_search(); } } else { $p_iPageSize = osc_default_results_per_page_at_search(); } //FILTERING CATEGORY $bAllCategoriesChecked = false; $successCat = false; if (count($p_sCategory) > 0) { foreach ($p_sCategory as $category) { $successCat = $this->mSearch->addCategory($category) || $successCat; } } else { $bAllCategoriesChecked = true; } //FILTERING CITY_AREA foreach ($p_sCityArea as $city_area) { $this->mSearch->addCityArea($city_area); } $p_sCityArea = implode(", ", $p_sCityArea); //FILTERING CITY foreach ($p_sCity as $city) { $this->mSearch->addCity($city); } $p_sCity = implode(", ", $p_sCity); //FILTERING REGION foreach ($p_sRegion as $region) { $this->mSearch->addRegion($region); } $p_sRegion = implode(", ", $p_sRegion); //FILTERING COUNTRY foreach ($p_sCountry as $country) { $this->mSearch->addCountry($country); } $p_sCountry = implode(", ", $p_sCountry); // FILTERING PATTERN if ($p_sPattern != '') { $this->mSearch->addPattern($p_sPattern); $osc_request['sPattern'] = $p_sPattern; } else { // hardcoded - if there isn't a search pattern, order by dt_pub_date desc if ($p_sOrder == 'relevance') { $p_sOrder = 'dt_pub_date'; foreach ($allowedTypesForSorting as $k => $v) { if ($p_iOrderType == 'desc') { $orderType = $k; break; } } $p_iOrderType = $orderType; } } // FILTERING USER if ($p_sUser != '') { $this->mSearch->fromUser($p_sUser); } // FILTERING LOCALE $this->mSearch->addLocale($p_sLocale); // FILTERING IF WE ONLY WANT ITEMS WITH PICS if ($p_bPic) { $this->mSearch->withPicture(true); } // FILTERING IF WE ONLY WANT PREMIUM ITEMS if ($p_bPremium) { $this->mSearch->onlyPremium(true); } //FILTERING BY RANGE PRICE $this->mSearch->priceRange($p_sPriceMin, $p_sPriceMax); //ORDERING THE SEARCH RESULTS $this->mSearch->order($p_sOrder, $allowedTypesForSorting[$p_iOrderType]); //SET PAGE if ($p_sFeed == 'rss') { // If param sFeed=rss, just output last 'osc_num_rss_items()' $this->mSearch->page(0, osc_num_rss_items()); } else { $this->mSearch->page($p_iPage, $p_iPageSize); } // CUSTOM FIELDS $custom_fields = Params::getParam('meta'); $fields = Field::newInstance()->findIDSearchableByCategories($p_sCategory); $table = DB_TABLE_PREFIX . 't_item_meta'; if (is_array($custom_fields)) { foreach ($custom_fields as $key => $aux) { if (in_array($key, $fields)) { $field = Field::newInstance()->findByPrimaryKey($key); switch ($field['e_type']) { case 'TEXTAREA': case 'TEXT': case 'URL': if ($aux != '') { $aux = "%{$aux}%"; $sql = "SELECT fk_i_item_id FROM {$table} WHERE "; $str_escaped = Search::newInstance()->dao->escape($aux); $sql .= $table . '.fk_i_field_id = ' . $key . ' AND '; $sql .= $table . ".s_value LIKE " . $str_escaped; $this->mSearch->addConditions(DB_TABLE_PREFIX . 't_item.pk_i_id IN (' . $sql . ')'); } break; case 'DROPDOWN': case 'RADIO': if ($aux != '') { $sql = "SELECT fk_i_item_id FROM {$table} WHERE "; $str_escaped = Search::newInstance()->dao->escape($aux); $sql .= $table . '.fk_i_field_id = ' . $key . ' AND '; $sql .= $table . ".s_value = " . $str_escaped; $this->mSearch->addConditions(DB_TABLE_PREFIX . 't_item.pk_i_id IN (' . $sql . ')'); } break; case 'CHECKBOX': if ($aux != '') { $sql = "SELECT fk_i_item_id FROM {$table} WHERE "; $sql .= $table . '.fk_i_field_id = ' . $key . ' AND '; $sql .= $table . ".s_value = 1"; $this->mSearch->addConditions(DB_TABLE_PREFIX . 't_item.pk_i_id IN (' . $sql . ')'); } break; case 'DATE': if ($aux != '') { $y = (int) date('Y', $aux); $m = (int) date('n', $aux); $d = (int) date('j', $aux); $start = mktime('0', '0', '0', $m, $d, $y); $end = mktime('23', '59', '59', $m, $d, $y); $sql = "SELECT fk_i_item_id FROM {$table} WHERE "; $sql .= $table . '.fk_i_field_id = ' . $key . ' AND '; $sql .= $table . ".s_value >= " . $start . " AND "; $sql .= $table . ".s_value <= " . $end; $this->mSearch->addConditions(DB_TABLE_PREFIX . 't_item.pk_i_id IN (' . $sql . ')'); } break; case 'DATEINTERVAL': if (is_array($aux) && (!empty($aux['from']) && !empty($aux['to']))) { $from = $aux['from']; $to = $aux['to']; $start = $from; $end = $to; $sql = "SELECT fk_i_item_id FROM {$table} WHERE "; $sql .= $table . '.fk_i_field_id = ' . $key . ' AND '; $sql .= $start . " >= " . $table . ".s_value AND s_multi = 'from'"; $sql1 = "SELECT fk_i_item_id FROM {$table} WHERE "; $sql1 .= $table . ".fk_i_field_id = " . $key . " AND "; $sql1 .= $end . " <= " . $table . ".s_value AND s_multi = 'to'"; $sql_interval = "select a.fk_i_item_id from (" . $sql . ") a where a.fk_i_item_id IN (" . $sql1 . ")"; $this->mSearch->addConditions(DB_TABLE_PREFIX . 't_item.pk_i_id IN (' . $sql_interval . ')'); } break; default: break; } } } } osc_run_hook('search_conditions', Params::getParamsAsArray()); // RETRIEVE ITEMS AND TOTAL $key = md5(osc_base_url() . $this->mSearch->toJson()); $found = null; $cache = osc_cache_get($key, $found); $aItems = null; $iTotalItems = null; if ($cache) { $aItems = $cache['aItems']; $iTotalItems = $cache['iTotalItems']; } else { $aItems = $this->mSearch->doSearch(); $iTotalItems = $this->mSearch->count(); $_cache['aItems'] = $aItems; $_cache['iTotalItems'] = $iTotalItems; osc_cache_set($key, $_cache, OSC_CACHE_TTL); } $iStart = $p_iPage * $p_iPageSize; $iEnd = min(($p_iPage + 1) * $p_iPageSize, $iTotalItems); $iNumPages = ceil($iTotalItems / $p_iPageSize); // works with cache enabled ? osc_run_hook('search', $this->mSearch); //preparing variables... $countryName = $p_sCountry; if (strlen($p_sCountry) == 2) { $c = Country::newInstance()->findByCode($p_sCountry); if ($c) { $countryName = $c['s_name']; } } $regionName = $p_sRegion; if (is_numeric($p_sRegion)) { $r = Region::newInstance()->findByPrimaryKey($p_sRegion); if ($r) { $regionName = $r['s_name']; } } $cityName = $p_sCity; if (is_numeric($p_sCity)) { $c = City::newInstance()->findByPrimaryKey($p_sCity); if ($c) { $cityName = $c['s_name']; } } $this->_exportVariableToView('search_start', $iStart); $this->_exportVariableToView('search_end', $iEnd); $this->_exportVariableToView('search_category', $p_sCategory); // hardcoded - non pattern and order by relevance $p_sOrder = $old_order; $this->_exportVariableToView('search_order_type', $p_iOrderType); $this->_exportVariableToView('search_order', $p_sOrder); $this->_exportVariableToView('search_pattern', $p_sPattern); $this->_exportVariableToView('search_from_user', $p_sUser); $this->_exportVariableToView('search_total_pages', $iNumPages); $this->_exportVariableToView('search_page', $p_iPage); $this->_exportVariableToView('search_has_pic', $p_bPic); $this->_exportVariableToView('search_only_premium', $p_bPremium); $this->_exportVariableToView('search_country', $countryName); $this->_exportVariableToView('search_region', $regionName); $this->_exportVariableToView('search_city', $cityName); $this->_exportVariableToView('search_price_min', $p_sPriceMin); $this->_exportVariableToView('search_price_max', $p_sPriceMax); $this->_exportVariableToView('search_total_items', $iTotalItems); $this->_exportVariableToView('items', $aItems); $this->_exportVariableToView('search_show_as', $p_sShowAs); $this->_exportVariableToView('search', $this->mSearch); // json $json = $this->mSearch->toJson(); $encoded_alert = base64_encode(osc_encrypt_alert($json)); // Create the HMAC signature and convert the resulting hex hash into base64 $stringToSign = osc_get_alert_public_key() . $encoded_alert; $signature = hex2b64(hmacsha1(osc_get_alert_private_key(), $stringToSign)); $server_signature = Session::newInstance()->_set('alert_signature', $signature); $this->_exportVariableToView('search_alert', $encoded_alert); // calling the view... if (count($aItems) === 0) { header('HTTP/1.1 404 Not Found'); } osc_run_hook("after_search"); if (!Params::existParam('sFeed')) { $this->doView('search.php'); } else { if ($p_sFeed == '' || $p_sFeed == 'rss') { // FEED REQUESTED! header('Content-type: text/xml; charset=utf-8'); $feed = new RSSFeed(); $feed->setTitle(__('Latest listings added') . ' - ' . osc_page_title()); $feed->setLink(osc_base_url()); $feed->setDescription(__('Latest listings added in') . ' ' . osc_page_title()); if (osc_count_items() > 0) { while (osc_has_items()) { if (osc_count_item_resources() > 0) { osc_has_item_resources(); $feed->addItem(array('title' => osc_item_title(), 'link' => htmlentities(osc_item_url(), ENT_COMPAT, "UTF-8"), 'description' => osc_item_description(), 'country' => osc_item_country(), 'region' => osc_item_region(), 'city' => osc_item_city(), 'city_area' => osc_item_city_area(), 'category' => osc_item_category(), 'dt_pub_date' => osc_item_pub_date(), 'image' => array('url' => htmlentities(osc_resource_thumbnail_url(), ENT_COMPAT, "UTF-8"), 'title' => osc_item_title(), 'link' => htmlentities(osc_item_url(), ENT_COMPAT, "UTF-8")))); } else { $feed->addItem(array('title' => osc_item_title(), 'link' => htmlentities(osc_item_url(), ENT_COMPAT, "UTF-8"), 'description' => osc_item_description(), 'country' => osc_item_country(), 'region' => osc_item_region(), 'city' => osc_item_city(), 'city_area' => osc_item_city_area(), 'category' => osc_item_category(), 'dt_pub_date' => osc_item_pub_date())); } } } osc_run_hook('feed', $feed); $feed->dumpXML(); } else { osc_run_hook('feed_' . $p_sFeed, $aItems); } } }
function seo_country_region_list() { $countries = ModelSeoLocation::newInstance()->getCountryList(); foreach ($countries as $c) { $level = 1; $detail = ModelSeoLocation::newInstance()->getAttrByCountryCode($c['pk_c_code']); $regions = ModelSeoLocation::newInstance()->getRegionList($c['pk_c_code']); $elem = '<i class="fa fa-angle-right level"></i>'; //Update if anything if (Params::getParam('plugin_action') == 'done' and (Params::getParam('seo_title' . $c['pk_c_code']) or Params::getParam('seo_desc' . $c['pk_c_code']) or Params::getParam('seo_keywords' . $c['pk_c_code']))) { if (Params::getParam('seo_title' . $c['pk_c_code']) != '' or Params::getParam('seo_desc' . $c['pk_c_code']) != '' or Params::getParam('seo_keywords' . $c['pk_c_code']) != '') { if (isset($detail['seo_country_code'])) { ModelSeoLocation::newInstance()->updateCtrAttr($c['pk_c_code'], Params::getParam('seo_title' . $c['pk_c_code']), Params::getParam('seo_desc' . $c['pk_c_code']), Params::getParam('seo_keywords' . $c['pk_c_code'])); } else { ModelSeoLocation::newInstance()->insertCtrAttr($c['pk_c_code'], Params::getParam('seo_title' . $c['pk_c_code']), Params::getParam('seo_desc' . $c['pk_c_code']), Params::getParam('seo_keywords' . $c['pk_c_code'])); } } } if (Params::getParam('plugin_action') == 'done' and Params::existParam('seo_title' . $c['pk_c_code']) and Params::existParam('seo_desc' . $c['pk_c_code']) and Params::existParam('seo_keywords' . $c['pk_c_code']) and Params::getParam('seo_title' . $c['pk_c_code']) == '' and Params::getParam('seo_desc' . $c['pk_c_code']) == '' and Params::getParam('seo_keywords' . $c['pk_c_code']) == '') { if (isset($detail['seo_country_code'])) { ModelSeoLocation::newInstance()->deleteCountry($detail['seo_country_code']); } } $detail = ModelSeoLocation::newInstance()->getAttrByCountryCode($c['pk_c_code']); echo '<div class="cat-row level' . $level . '">'; echo '<div class="cat-elem id">' . $c['pk_c_code'] . '</div>'; echo '<div class="cat-elem name">' . $c['s_name'] . '</div>'; echo '<div class="cat-elem titl"><input type="text" name="seo_title' . $c['pk_c_code'] . '" id="seo_title" disabled value="' . $detail['seo_title'] . '" size="20" /></div>'; echo '<div class="cat-elem desc"><input type="text" name="seo_desc' . $c['pk_c_code'] . '" id="seo_desc" disabled value="' . $detail['seo_desc'] . '" size="20" /></div>'; echo '<div class="cat-elem keywords"><input type="text" name="seo_keywords' . $c['pk_c_code'] . '" id="seo_keywords" disabled value="' . $detail['seo_keywords'] . '" size="20" /></div>'; echo '<div class="cat-elem lock"><a id="' . $c['pk_c_code'] . '" class="unlock-link" href="#"><i class="fa fa-lock"></i>' . __('Unlock', 'all_in_one') . '</a></div>'; echo '</div>'; // REGION LIST OF PARTICULAR COUNTRY foreach ($regions as $r) { $level = 2; $detail = ModelSeoLocation::newInstance()->getAttrByRegionId($r['pk_i_id']); $regions = ModelSeoLocation::newInstance()->getRegionList($r['pk_i_id']); $elem = '<i class="fa fa-angle-right level"></i>'; //Update if anything if (Params::getParam('plugin_action') == 'done' and (Params::getParam('seo_title' . $r['pk_i_id']) or Params::getParam('seo_desc' . $r['pk_i_id']) or Params::getParam('seo_keywords' . $r['pk_i_id']))) { if (Params::getParam('seo_title' . $r['pk_i_id']) != '' or Params::getParam('seo_desc' . $r['pk_i_id']) != '' or Params::getParam('seo_keywords' . $r['pk_i_id']) != '') { if (isset($detail['seo_region_id'])) { ModelSeoLocation::newInstance()->updateRegAttr($r['pk_i_id'], Params::getParam('seo_title' . $r['pk_i_id']), Params::getParam('seo_desc' . $r['pk_i_id']), Params::getParam('seo_keywords' . $r['pk_i_id'])); } else { ModelSeoLocation::newInstance()->insertRegAttr($r['pk_i_id'], Params::getParam('seo_title' . $r['pk_i_id']), Params::getParam('seo_desc' . $r['pk_i_id']), Params::getParam('seo_keywords' . $r['pk_i_id'])); } } } if (Params::getParam('plugin_action') == 'done' and Params::existParam('seo_title' . $r['pk_i_id']) and Params::existParam('seo_desc' . $r['pk_i_id']) and Params::existParam('seo_keywords' . $r['pk_i_id']) and Params::getParam('seo_title' . $r['pk_i_id']) == '' and Params::getParam('seo_desc' . $r['pk_i_id']) == '' and Params::getParam('seo_keywords' . $r['pk_i_id']) == '') { if (isset($detail['seo_region_id'])) { ModelSeoLocation::newInstance()->deleteRegion($detail['seo_region_id']); } } $detail = ModelSeoLocation::newInstance()->getAttrByRegionId($r['pk_i_id']); echo '<div class="cat-row level' . $level . '">'; echo '<div class="cat-elem id">' . $r['pk_i_id'] . '</div>'; echo '<div class="cat-elem name">' . $arrows . ' ' . $r['s_name'] . '</div>'; echo '<div class="cat-elem titl"><input type="text" name="seo_title' . $r['pk_i_id'] . '" id="seo_title" disabled value="' . $detail['seo_title'] . '" size="20" /></div>'; echo '<div class="cat-elem desc"><input type="text" name="seo_desc' . $r['pk_i_id'] . '" id="seo_desc" disabled value="' . $detail['seo_desc'] . '" size="20" /></div>'; echo '<div class="cat-elem keywords"><input type="text" name="seo_keywords' . $r['pk_i_id'] . '" id="seo_keywords" disabled value="' . $detail['seo_keywords'] . '" size="20" /></div>'; echo '<div class="cat-elem lock"><a id="' . $r['pk_i_id'] . '" class="unlock-link" href="#"><i class="fa fa-lock"></i>' . __('Unlock', 'all_in_one') . '</a></div>'; echo '</div>'; } // END REGION LIST } }
function doModel() { //calling the view... $locales = OSCLocale::newInstance()->listAllEnabled(); $this->_exportVariableToView('locales', $locales); switch ($this->action) { case 'item_add': // post if (osc_reg_user_post() && $this->user == null) { osc_add_flash_warning_message(_m('Only registered users are allowed to post listings')); $this->redirectTo(osc_user_login_url()); } $countries = Country::newInstance()->listAll(); $regions = array(); if (isset($this->user['fk_c_country_code']) && $this->user['fk_c_country_code'] != '') { $regions = Region::newInstance()->findByCountry($this->user['fk_c_country_code']); } else { if (count($countries) > 0) { $regions = Region::newInstance()->findByCountry($countries[0]['pk_c_code']); } } $cities = array(); if (isset($this->user['fk_i_region_id']) && $this->user['fk_i_region_id'] != '') { $cities = City::newInstance()->findByRegion($this->user['fk_i_region_id']); } else { if (count($regions) > 0) { $cities = City::newInstance()->findByRegion($regions[0]['pk_i_id']); } } $this->_exportVariableToView('countries', $countries); $this->_exportVariableToView('regions', $regions); $this->_exportVariableToView('cities', $cities); $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } if (Session::newInstance()->_getForm('countryId') != "") { $countryId = Session::newInstance()->_getForm('countryId'); $regions = Region::newInstance()->findByCountry($countryId); $this->_exportVariableToView('regions', $regions); if (Session::newInstance()->_getForm('regionId') != "") { $regionId = Session::newInstance()->_getForm('regionId'); $cities = City::newInstance()->findByRegion($regionId); $this->_exportVariableToView('cities', $cities); } } $this->_exportVariableToView('user', $this->user); osc_run_hook('post_item'); $this->doView('item-post.php'); break; case 'item_add_post': //post_item if (osc_reg_user_post() && $this->user == null) { osc_add_flash_warning_message(_m('Only registered users are allowed to post listings')); $this->redirectTo(osc_base_url(true)); } $mItems = new ItemActions(false); // prepare data for ADD ITEM $mItems->prepareData(true); // set all parameters into session foreach ($mItems->data as $key => $value) { Session::newInstance()->_setForm($key, $value); } $meta = Params::getParam('meta'); if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_setForm('meta_' . $key, $value); Session::newInstance()->_keepForm('meta_' . $key); } } if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); $this->redirectTo(osc_item_post_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } if (!osc_is_web_user_logged_in()) { $user = User::newInstance()->findByEmail($mItems->data['contactEmail']); // The user exists but it's not logged if (isset($user['pk_i_id'])) { foreach ($mItems->data as $key => $value) { Session::newInstance()->_keepForm($key); } osc_add_flash_error_message(_m('A user with that email address already exists, if it is you, please log in')); $this->redirectTo(osc_user_login_url()); } } // POST ITEM ( ADD ITEM ) $success = $mItems->add(); if ($success != 1 && $success != 2) { osc_add_flash_error_message($success); $this->redirectTo(osc_item_post_url()); } else { Session::newInstance()->_dropkeepForm('meta_' . $key); if ($success == 1) { osc_add_flash_ok_message(_m('Check your inbox to validate your listing')); } else { osc_add_flash_ok_message(_m('Your listing has been published')); } $itemId = Params::getParam('itemId'); $item = $this->itemManager->findByPrimaryKey($itemId); osc_run_hook('posted_item', $item); $category = Category::newInstance()->findByPrimaryKey(Params::getParam('catId')); View::newInstance()->_exportVariableToView('category', $category); $this->redirectTo(osc_search_category_url()); } break; case 'item_edit': // edit item $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", addslashes($id), addslashes($secret), addslashes($this->userId)); if (count($item) == 1) { $item = Item::newInstance()->findByPrimaryKey($id); $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } $this->_exportVariableToView('item', $item); osc_run_hook("before_item_edit", $item); $this->doView('item-edit.php'); } else { // add a flash message [ITEM NO EXISTE] osc_add_flash_error_message(_m("Sorry, we don't have any listings with that ID")); if ($this->user != null) { $this->redirectTo(osc_user_list_items_url()); } else { $this->redirectTo(osc_base_url()); } } break; case 'item_edit_post': // recoger el secret y el $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", addslashes($id), addslashes($secret), addslashes($this->userId)); if (count($item) == 1) { $this->_exportVariableToView('item', $item[0]); $mItems = new ItemActions(false); // prepare data for ADD ITEM $mItems->prepareData(false); // set all parameters into session foreach ($mItems->data as $key => $value) { Session::newInstance()->_setForm($key, $value); } $meta = Params::getParam('meta'); if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_setForm('meta_' . $key, $value); Session::newInstance()->_keepForm('meta_' . $key); } } if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); $this->redirectTo(osc_item_edit_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } $success = $mItems->edit(); osc_run_hook('edited_item', Item::newInstance()->findByPrimaryKey($id)); if ($success == 1) { osc_add_flash_ok_message(_m("Great! We've just updated your listing")); View::newInstance()->_exportVariableToView("item", Item::newInstance()->findByPrimaryKey($id)); $this->redirectTo(osc_item_url()); } else { osc_add_flash_error_message($success); $this->redirectTo(osc_item_edit_url($secret)); } } break; case 'activate': $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s') OR (i.fk_i_user_id = '%d'))", addslashes($id), addslashes($secret), addslashes($this->userId)); // item doesn't exist if (count($item) == 0) { $this->do404(); return; } View::newInstance()->_exportVariableToView('item', $item[0]); if ($item[0]['b_active'] == 0) { // ACTIVETE ITEM $mItems = new ItemActions(false); $success = $mItems->activate($item[0]['pk_i_id'], $item[0]['s_secret']); if ($success) { osc_add_flash_ok_message(_m('The listing has been validated')); } else { osc_add_flash_error_message(_m("The listing can't be validated")); } } else { osc_add_flash_warning_message(_m('The listing has already been validated')); } $this->redirectTo(osc_item_url()); break; case 'item_delete': $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s') OR (i.fk_i_user_id = '%d'))", addslashes($id), addslashes($secret), addslashes($this->userId)); if (count($item) == 1) { $mItems = new ItemActions(false); $success = $mItems->delete($item[0]['s_secret'], $item[0]['pk_i_id']); if ($success) { osc_add_flash_ok_message(_m('Your listing has been deleted')); } else { osc_add_flash_error_message(_m("The listing you are trying to delete couldn't be deleted")); } if ($this->user != null) { $this->redirectTo(osc_user_list_items_url()); } else { $this->redirectTo(osc_base_url()); } } else { osc_add_flash_error_message(_m("The listing you are trying to delete couldn't be deleted")); $this->redirectTo(osc_base_url()); } break; case 'mark': $id = Params::getParam('id'); $as = Params::getParam('as'); $item = Item::newInstance()->findByPrimaryKey($id); View::newInstance()->_exportVariableToView('item', $item); require_once osc_lib_path() . 'osclass/user-agents.php'; foreach ($user_agents as $ua) { if (preg_match('|' . $ua . '|', @$_SERVER['HTTP_USER_AGENT'])) { // mark item if it's not a bot $mItem = new ItemActions(false); $mItem->mark($id, $as); break; } } osc_add_flash_ok_message(_m("Thanks! That's very helpful")); $this->redirectTo(osc_item_url()); break; case 'send_friend': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); $this->doView('item-send-friend.php'); break; case 'send_friend_post': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail')); Session::newInstance()->_setForm("yourName", Params::getParam('yourName')); Session::newInstance()->_setForm("friendName", Params::getParam('friendName')); Session::newInstance()->_setForm("friendEmail", Params::getParam('friendEmail')); Session::newInstance()->_setForm("message_body", Params::getParam('message')); if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); $this->redirectTo(osc_item_send_friend_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } $mItem = new ItemActions(false); $success = $mItem->send_friend(); if ($success) { Session::newInstance()->_clearVariables(); $this->redirectTo(osc_item_url()); } else { $this->redirectTo(osc_item_send_friend_url()); } break; case 'contact': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); if (empty($item)) { osc_add_flash_error_message(_m("This listing doesn't exist")); $this->redirectTo(osc_base_url(true)); } else { $this->_exportVariableToView('item', $item); if (osc_item_is_expired()) { osc_add_flash_error_message(_m("We're sorry, but the listing has expired. You can't contact the seller")); $this->redirectTo(osc_item_url()); } if (osc_reg_user_can_contact() && osc_is_web_user_logged_in() || !osc_reg_user_can_contact()) { $this->doView('item-contact.php'); } else { osc_add_flash_error_message(_m("You can't contact the seller, only registered users can")); $this->redirectTo(osc_item_url()); } } break; case 'contact_post': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail')); Session::newInstance()->_setForm("yourName", Params::getParam('yourName')); Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber')); Session::newInstance()->_setForm("message_body", Params::getParam('message')); $this->redirectTo(osc_item_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } if (osc_isExpired($item['dt_expiration'])) { osc_add_flash_error_message(_m("We're sorry, but the listing has expired. You can't contact the seller")); $this->redirectTo(osc_item_url()); } $mItem = new ItemActions(false); $result = $mItem->contact(); if (is_string($result)) { osc_add_flash_error_message($result); } else { osc_add_flash_ok_message(_m("We've just sent an e-mail to the seller")); } $this->redirectTo(osc_item_url()); break; case 'add_comment': $mItem = new ItemActions(false); $status = $mItem->add_comment(); switch ($status) { case -1: $msg = _m('Sorry, we could not save your comment. Try again later'); osc_add_flash_error_message($msg); break; case 1: $msg = _m('Your comment is awaiting moderation'); osc_add_flash_info_message($msg); break; case 2: $msg = _m('Your comment has been approved'); osc_add_flash_ok_message($msg); break; case 3: $msg = _m('Please fill the required field (email)'); osc_add_flash_warning_message($msg); break; case 4: $msg = _m('Please type a comment'); osc_add_flash_warning_message($msg); break; case 5: $msg = _m('Your comment has been marked as spam'); osc_add_flash_error_message($msg); break; } $this->redirectTo(osc_item_url()); break; case 'delete_comment': $mItem = new ItemActions(false); $status = $mItem->add_comment(); $itemId = Params::getParam('id'); $commentId = Params::getParam('comment'); $item = Item::newInstance()->findByPrimaryKey($itemId); if (count($item) == 0) { osc_add_flash_error_message(_m("This listing doesn't exist")); $this->redirectTo(osc_base_url(true)); } View::newInstance()->_exportVariableToView('item', $item); if ($this->userId == null) { osc_add_flash_error_message(_m('You must be logged in to delete a comment')); $this->redirectTo(osc_item_url()); } $commentManager = ItemComment::newInstance(); $aComment = $commentManager->findByPrimaryKey($commentId); if (count($aComment) == 0) { osc_add_flash_error_message(_m("The comment doesn't exist")); $this->redirectTo(osc_item_url()); } if ($aComment['b_active'] != 1) { osc_add_flash_error_message(_m('The comment is not active, you cannot delete it')); $this->redirectTo(osc_item_url()); } if ($aComment['fk_i_user_id'] != $this->userId) { osc_add_flash_error_message(_m('The comment was not added by you, you cannot delete it')); $this->redirectTo(osc_item_url()); } $commentManager->deleteByPrimaryKey($commentId); osc_add_flash_ok_message(_m('The comment has been deleted')); $this->redirectTo(osc_item_url()); break; default: // if there isn't ID, show an error 404 if (Params::getParam('id') == '') { $this->do404(); return; } if (Params::getParam('lang') != '') { Session::newInstance()->_set('userLocale', Params::getParam('lang')); } $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); // if item doesn't exist show an error 404 if (count($item) == 0) { $this->do404(); return; } if ($item['b_active'] != 1) { if ($this->userId == $item['fk_i_user_id']) { osc_add_flash_warning_message(_m("The listing hasn't been validated. Please validate it in order to make it public")); } else { osc_add_flash_warning_message(_m("This listing hasn't been validated")); $this->redirectTo(osc_base_url(true)); } } else { if ($item['b_enabled'] == 0) { osc_add_flash_warning_message(_m('The listing has been suspended')); $this->redirectTo(osc_base_url(true)); } } if (!osc_is_admin_user_logged_in()) { require_once osc_lib_path() . 'osclass/user-agents.php'; foreach ($user_agents as $ua) { if (preg_match('|' . $ua . '|', @$_SERVER['HTTP_USER_AGENT'])) { $mStats = new ItemStats(); $mStats->increase('i_num_views', $item['pk_i_id']); break; } } } foreach ($item['locale'] as $k => $v) { $item['locale'][$k]['s_title'] = osc_apply_filter('item_title', $v['s_title']); $item['locale'][$k]['s_description'] = nl2br(osc_apply_filter('item_description', $v['s_description'])); } if ($item['fk_i_user_id'] != '') { $user = User::newInstance()->findByPrimaryKey($item['fk_i_user_id']); $this->_exportVariableToView('user', $user); } $this->_exportVariableToView('item', $item); osc_run_hook('show_item', $item); // redirect to the correct url just in case it has changed $itemURI = str_replace(osc_base_url(), '', osc_item_url()); $URI = preg_replace('|^' . REL_WEB_URL . '|', '', $_SERVER['REQUEST_URI']); // do not clean QUERY_STRING if permalink is not enabled if (osc_rewrite_enabled()) { $URI = str_replace('?' . $_SERVER['QUERY_STRING'], '', $URI); } else { $params_keep = array('page', 'id'); $params = array(); foreach (Params::getParamsAsArray('get') as $k => $v) { if (in_array($k, $params_keep)) { $params[] = "{$k}={$v}"; } } $URI = 'index.php?' . implode('&', $params); } // redirect to the correct url if ($itemURI != $URI) { $this->redirectTo(osc_base_url() . $itemURI); } $this->doView('item.php'); break; } }
function doModel() { //specific things for this class switch ($this->action) { case 'bulk_actions': break; case 'regions': //Return regions given a countryId $regions = Region::newInstance()->findByCountry(Params::getParam("countryId")); echo json_encode($regions); break; case 'cities': //Returns cities given a regionId $cities = City::newInstance()->findByRegion(Params::getParam("regionId")); echo json_encode($cities); break; case 'location': // This is the autocomplete AJAX $cities = City::newInstance()->ajax(Params::getParam("term")); foreach ($cities as $k => $city) { $cities[$k]['label'] = $city['label'] . " (" . $city['region'] . ")"; } echo json_encode($cities); break; case 'location_countries': // This is the autocomplete AJAX $countries = Country::newInstance()->ajax(Params::getParam("term")); echo json_encode($countries); break; case 'location_regions': // This is the autocomplete AJAX $regions = Region::newInstance()->ajax(Params::getParam("term"), Params::getParam("country")); echo json_encode($regions); break; case 'location_cities': // This is the autocomplete AJAX $cities = City::newInstance()->ajax(Params::getParam("term"), Params::getParam("region")); echo json_encode($cities); break; case 'delete_image': // Delete images via AJAX $ajax_photo = Params::getParam('ajax_photo'); $id = Params::getParam('id'); $item = Params::getParam('item'); $code = Params::getParam('code'); $secret = Params::getParam('secret'); $json = array(); if ($ajax_photo != '') { $files = Session::newInstance()->_get('ajax_files'); $success = false; foreach ($files as $uuid => $file) { if ($file == $ajax_photo) { $filename = $files[$uuid]; unset($files[$uuid]); Session::newInstance()->_set('ajax_files', $files); $success = @unlink(osc_content_path() . 'uploads/temp/' . $filename); break; } } echo json_encode(array('success' => $success, 'msg' => $success ? _m('The selected photo has been successfully deleted') : _m("The selected photo couldn't be deleted"))); return false; } if (Session::newInstance()->_get('userId') != '') { $userId = Session::newInstance()->_get('userId'); $user = User::newInstance()->findByPrimaryKey($userId); } else { $userId = null; $user = null; } // Check for required fields if (!(is_numeric($id) && is_numeric($item) && preg_match('/^([a-z0-9]+)$/i', $code))) { $json['success'] = false; $json['msg'] = _m("The selected photo couldn't be deleted, the url doesn't exist"); echo json_encode($json); return false; } $aItem = Item::newInstance()->findByPrimaryKey($item); // Check if the item exists if (count($aItem) == 0) { $json['success'] = false; $json['msg'] = _m("The listing doesn't exist"); echo json_encode($json); return false; } if (!osc_is_admin_user_logged_in()) { // Check if the item belong to the user if ($userId != null && $userId != $aItem['fk_i_user_id']) { $json['success'] = false; $json['msg'] = _m("The listing doesn't belong to you"); echo json_encode($json); return false; } // Check if the secret passphrase match with the item if ($userId == null && $aItem['fk_i_user_id'] == null && $secret != $aItem['s_secret']) { $json['success'] = false; $json['msg'] = _m("The listing doesn't belong to you"); echo json_encode($json); return false; } } // Does id & code combination exist? $result = ItemResource::newInstance()->existResource($id, $code); if ($result > 0) { $resource = ItemResource::newInstance()->findByPrimaryKey($id); if ($resource['fk_i_item_id'] == $item) { // Delete: file, db table entry if (defined(OC_ADMIN)) { osc_deleteResource($id, true); Log::newInstance()->insertLog('ajax', 'deleteimage', $id, $id, 'admin', osc_logged_admin_id()); } else { osc_deleteResource($id, false); Log::newInstance()->insertLog('ajax', 'deleteimage', $id, $id, 'user', osc_logged_user_id()); } ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $item, 's_name' => $code)); $json['msg'] = _m('The selected photo has been successfully deleted'); $json['success'] = 'true'; } else { $json['msg'] = _m("The selected photo does not belong to you"); $json['success'] = 'false'; } } else { $json['msg'] = _m("The selected photo couldn't be deleted"); $json['success'] = 'false'; } echo json_encode($json); return true; break; case 'alerts': // Allow to register to an alert given (not sure it's used on admin) $encoded_alert = Params::getParam("alert"); $alert = osc_decrypt_alert(base64_decode($encoded_alert)); // check alert integrity / signature $stringToSign = osc_get_alert_public_key() . $encoded_alert; $signature = hex2b64(hmacsha1(osc_get_alert_private_key(), $stringToSign)); $server_signature = Session::newInstance()->_get('alert_signature'); if ($server_signature != $signature) { echo '-2'; return false; } $email = Params::getParam("email"); $userid = Params::getParam("userid"); if (osc_is_web_user_logged_in()) { $userid = osc_logged_user_id(); $user = User::newInstance()->findByPrimaryKey($userid); $email = $user['s_email']; } if ($alert != '' && $email != '') { if (osc_validate_email($email)) { $secret = osc_genRandomPassword(); if ($alertID = Alerts::newInstance()->createAlert($userid, $email, $alert, $secret)) { if ((int) $userid > 0) { $user = User::newInstance()->findByPrimaryKey($userid); if ($user['b_active'] == 1 && $user['b_enabled'] == 1) { Alerts::newInstance()->activate($alertID); echo '1'; return true; } else { echo '-1'; return false; } } else { $aAlert = Alerts::newInstance()->findByPrimaryKey($alertID); osc_run_hook('hook_email_alert_validation', $aAlert, $email, $secret); } echo "1"; } else { echo "0"; } return true; } else { echo '-1'; return false; } } echo '0'; return false; break; case 'runhook': // run hooks $hook = Params::getParam('hook'); if ($hook == '') { echo json_encode(array('error' => 'hook parameter not defined')); break; } switch ($hook) { case 'item_form': osc_run_hook('item_form', Params::getParam('catId')); break; case 'item_edit': $catId = Params::getParam("catId"); $itemId = Params::getParam("itemId"); osc_run_hook("item_edit", $catId, $itemId); break; default: osc_run_hook('ajax_' . $hook); break; } break; case 'custom': // Execute via AJAX custom file if (Params::existParam('route')) { $routes = Rewrite::newInstance()->getRoutes(); $rid = Params::getParam('route'); $file = '../'; if (isset($routes[$rid]) && isset($routes[$rid]['file'])) { $file = $routes[$rid]['file']; } } else { // DEPRECATED: Disclosed path in URL is deprecated, use routes instead // This will be REMOVED in 3.4 $file = Params::getParam('ajaxfile'); } if ($file == '') { echo json_encode(array('error' => 'no action defined')); break; } // valid file? if (strpos($file, '../') !== false || strpos($file, '..\\') !== false || stripos($file, '/admin/') !== false) { //If the file is inside an "admin" folder, it should NOT be opened in frontend echo json_encode(array('error' => 'no valid ajaxFile')); break; } if (!file_exists(osc_plugins_path() . $file)) { echo json_encode(array('error' => "ajaxFile doesn't exist")); break; } require_once osc_plugins_path() . $file; break; case 'check_username_availability': $username = osc_sanitize_username(Params::getParam('s_username')); if (!osc_is_username_blacklisted($username)) { $user = User::newInstance()->findByUsername($username); if (isset($user['s_username'])) { echo json_encode(array('exists' => 1, 's_username' => $username)); } else { echo json_encode(array('exists' => 0, 's_username' => $username)); } } else { echo json_encode(array('exists' => 1, 's_username' => $username)); } break; case 'ajax_upload': // Include the uploader class require_once LIB_PATH . "AjaxUploader.php"; $uploader = new AjaxUploader(); $original = pathinfo($uploader->getOriginalName()); $filename = uniqid("qqfile_") . "." . $original['extension']; $result = $uploader->handleUpload(osc_content_path() . 'uploads/temp/' . $filename); $result['uploadName'] = $filename; echo htmlspecialchars(json_encode($result), ENT_NOQUOTES); break; case 'ajax_validate': $id = Params::getParam('id'); if (!is_numeric($id)) { echo json_encode(array('success' => false)); die; } $secret = Params::getParam('secret'); $item = Item::newInstance()->findByPrimaryKey($id); if ($item['s_secret'] != $secret) { echo json_encode(array('success' => false)); die; } $nResources = ItemResource::newInstance()->countResources($id); $result = array('success' => $nResources < osc_max_images_per_item(), 'count' => $nResources); echo json_encode($result); break; case 'delete_ajax_upload': $files = Session::newInstance()->_get('ajax_files'); $success = false; $filename = ''; if (isset($files[Params::getParam('qquuid')]) && $files[Params::getParam('qquuid')] != '') { $filename = $files[Params::getParam('qquuid')]; unset($files[Params::getParam('qquuid')]); Session::newInstance()->_set('ajax_files', $files); $success = @unlink(osc_content_path() . 'uploads/temp/' . $filename); } echo json_encode(array('success' => $success, 'uploadName' => $filename)); break; default: echo json_encode(array('error' => __('no action defined'))); break; } // clear all keep variables into session Session::newInstance()->_dropKeepForm(); Session::newInstance()->_clearVariables(); }
function doModel() { osc_run_hook('before_search'); $mCategories = Category::newInstance(); if (osc_rewrite_enabled()) { // IF rewrite is not enabled, skip this part, preg_match is always time&resources consuming task $p_sParams = "/" . Params::getParam('sParams', false, false); if (preg_match_all('|\\/([^,]+),([^\\/]*)|', $p_sParams, $m)) { $l = count($m[0]); for ($k = 0; $k < $l; $k++) { switch ($m[1][$k]) { case osc_get_preference('rewrite_search_country'): $m[1][$k] = 'sCountry'; break; case osc_get_preference('rewrite_search_region'): $m[1][$k] = 'sRegion'; break; case osc_get_preference('rewrite_search_city'): $m[1][$k] = 'sCity'; break; case osc_get_preference('rewrite_search_city_area'): $m[1][$k] = 'sCityArea'; break; case osc_get_preference('rewrite_search_category'): $m[1][$k] = 'sCategory'; break; case osc_get_preference('rewrite_search_user'): $m[1][$k] = 'sUser'; break; case osc_get_preference('rewrite_search_pattern'): $m[1][$k] = 'sPattern'; break; default: break; } $_REQUEST[$m[1][$k]] = $m[2][$k]; $_GET[$m[1][$k]] = $m[2][$k]; unset($_REQUEST['sParams']); unset($_GET['sParams']); unset($_POST['sParams']); } } } //////////////////////////////// //GETTING AND FIXING SENT DATA// //////////////////////////////// $p_sCategory = Params::getParam('sCategory'); if (!is_array($p_sCategory)) { if ($p_sCategory == '') { $p_sCategory = array(); } else { $p_sCategory = explode(",", $p_sCategory); } } $p_sCityArea = Params::getParam('sCityArea'); if (!is_array($p_sCityArea)) { if ($p_sCityArea == '') { $p_sCityArea = array(); } else { $p_sCityArea = explode(",", $p_sCityArea); } } $p_sCity = Params::getParam('sCity'); if (!is_array($p_sCity)) { if ($p_sCity == '') { $p_sCity = array(); } else { $p_sCity = explode(",", $p_sCity); } } $p_sRegion = Params::getParam('sRegion'); if (!is_array($p_sRegion)) { if ($p_sRegion == '') { $p_sRegion = array(); } else { $p_sRegion = explode(",", $p_sRegion); } } $p_sCountry = Params::getParam('sCountry'); if (!is_array($p_sCountry)) { if ($p_sCountry == '') { $p_sCountry = array(); } else { $p_sCountry = explode(",", $p_sCountry); } } $p_sUser = Params::getParam('sUser'); if (!is_array($p_sUser)) { if ($p_sUser == '') { $p_sUser = ''; } else { $p_sUser = explode(",", $p_sUser); } } $p_sPattern = strip_tags(Params::getParam('sPattern')); // ADD TO THE LIST OF LAST SEARCHES if (osc_save_latest_searches()) { if (trim($p_sPattern) != '') { LatestSearches::newInstance()->insert(array('s_search' => trim($p_sPattern), 'd_date' => date('Y-m-d H:i:s'))); } } $p_bPic = Params::getParam('bPic'); $p_bPic == 1 ? $p_bPic = 1 : ($p_bPic = 0); $p_sPriceMin = Params::getParam('sPriceMin'); $p_sPriceMax = Params::getParam('sPriceMax'); //WE CAN ONLY USE THE FIELDS RETURNED BY Search::getAllowedColumnsForSorting() $p_sOrder = Params::getParam('sOrder'); if (!in_array($p_sOrder, Search::getAllowedColumnsForSorting())) { $p_sOrder = osc_default_order_field_at_search(); } $old_order = $p_sOrder; //ONLY 0 ( => 'asc' ), 1 ( => 'desc' ) AS ALLOWED VALUES $p_iOrderType = Params::getParam('iOrderType'); $allowedTypesForSorting = Search::getAllowedTypesForSorting(); $orderType = osc_default_order_type_at_search(); foreach ($allowedTypesForSorting as $k => $v) { if ($p_iOrderType == $v) { $orderType = $k; break; } } $p_iOrderType = $orderType; $p_sFeed = Params::getParam('sFeed'); $p_iPage = 0; if (is_numeric(Params::getParam('iPage')) && Params::getParam('iPage') > 0) { $p_iPage = intval(Params::getParam('iPage')) - 1; } if ($p_sFeed != '') { $p_sPageSize = 1000; } $p_sShowAs = Params::getParam('sShowAs'); $aValidShowAsValues = array('list', 'gallery'); if (!in_array($p_sShowAs, $aValidShowAsValues)) { $p_sShowAs = osc_default_show_as_at_search(); } // search results: it's blocked with the maxResultsPerPage@search defined in t_preferences $p_iPageSize = intval(Params::getParam('iPagesize')); if ($p_iPageSize > 0) { if ($p_iPageSize > osc_max_results_per_page_at_search()) { $p_iPageSize = osc_max_results_per_page_at_search(); } } else { $p_iPageSize = osc_default_results_per_page_at_search(); } //FILTERING CATEGORY $bAllCategoriesChecked = false; if (count($p_sCategory) > 0) { foreach ($p_sCategory as $category) { $this->mSearch->addCategory($category); } } else { $bAllCategoriesChecked = true; } //FILTERING CITY_AREA foreach ($p_sCityArea as $city_area) { $this->mSearch->addCityArea($city_area); } $p_sCityArea = implode(", ", $p_sCityArea); //FILTERING CITY foreach ($p_sCity as $city) { $this->mSearch->addCity($city); } $p_sCity = implode(", ", $p_sCity); //FILTERING REGION foreach ($p_sRegion as $region) { $this->mSearch->addRegion($region); } $p_sRegion = implode(", ", $p_sRegion); //FILTERING COUNTRY foreach ($p_sCountry as $country) { $this->mSearch->addCountry($country); } $p_sCountry = implode(", ", $p_sCountry); // FILTERING PATTERN if ($p_sPattern != '') { $this->mSearch->addPattern($p_sPattern); $osc_request['sPattern'] = $p_sPattern; } else { // hardcoded - if there isn't a search pattern, order by dt_pub_date desc if ($p_sOrder == 'relevance') { $p_sOrder = 'dt_pub_date'; foreach ($allowedTypesForSorting as $k => $v) { if ($p_iOrderType == 'desc') { $orderType = $k; break; } } $p_iOrderType = $orderType; } } // FILTERING USER if ($p_sUser != '') { $this->mSearch->fromUser($p_sUser); } // FILTERING IF WE ONLY WANT ITEMS WITH PICS if ($p_bPic) { $this->mSearch->withPicture(true); } //FILTERING BY RANGE PRICE $this->mSearch->priceRange($p_sPriceMin, $p_sPriceMax); //ORDERING THE SEARCH RESULTS $this->mSearch->order($p_sOrder, $allowedTypesForSorting[$p_iOrderType]); //SET PAGE $this->mSearch->page($p_iPage, $p_iPageSize); osc_run_hook('search_conditions', Params::getParamsAsArray()); if (!Params::existParam('sFeed')) { // RETRIEVE ITEMS AND TOTAL $aItems = $this->mSearch->doSearch(); $iTotalItems = $this->mSearch->count(); $iStart = $p_iPage * $p_iPageSize; $iEnd = min(($p_iPage + 1) * $p_iPageSize, $iTotalItems); $iNumPages = ceil($iTotalItems / $p_iPageSize); osc_run_hook('search', $this->mSearch); //preparing variables... $regionName = $p_sRegion; if (is_numeric($p_sRegion)) { $r = Region::newInstance()->findByPrimaryKey($p_sRegion); if ($r) { $regionName = $r['s_name']; } } $cityName = $p_sCity; if (is_numeric($p_sCity)) { $c = City::newInstance()->findByPrimaryKey($p_sCity); if ($c) { $cityName = $c['s_name']; } } //$this->_exportVariableToView('non_empty_categories', $aCategories) ; $this->_exportVariableToView('search_start', $iStart); $this->_exportVariableToView('search_end', $iEnd); $this->_exportVariableToView('search_category', $p_sCategory); // hardcoded - non pattern and order by relevance $p_sOrder = $old_order; $this->_exportVariableToView('search_order_type', $p_iOrderType); $this->_exportVariableToView('search_order', $p_sOrder); $this->_exportVariableToView('search_pattern', $p_sPattern); $this->_exportVariableToView('search_from_user', $p_sUser); $this->_exportVariableToView('search_total_pages', $iNumPages); $this->_exportVariableToView('search_page', $p_iPage); $this->_exportVariableToView('search_has_pic', $p_bPic); $this->_exportVariableToView('search_region', $regionName); $this->_exportVariableToView('search_city', $cityName); $this->_exportVariableToView('search_price_min', $p_sPriceMin); $this->_exportVariableToView('search_price_max', $p_sPriceMax); $this->_exportVariableToView('search_total_items', $iTotalItems); $this->_exportVariableToView('items', $aItems); $this->_exportVariableToView('search_show_as', $p_sShowAs); $this->_exportVariableToView('search', $this->mSearch); // json $json = $this->mSearch->toJson(); $this->_exportVariableToView('search_alert', base64_encode($json)); //calling the view... $this->doView('search.php'); } else { $this->mSearch->page(0, osc_num_rss_items()); // RETRIEVE ITEMS AND TOTAL $iTotalItems = $this->mSearch->count(); $aItems = $this->mSearch->doSearch(); $this->_exportVariableToView('items', $aItems); if ($p_sFeed == '' || $p_sFeed == 'rss') { // FEED REQUESTED! header('Content-type: text/xml; charset=utf-8'); $feed = new RSSFeed(); $feed->setTitle(__('Latest listings added') . ' - ' . osc_page_title()); $feed->setLink(osc_base_url()); $feed->setDescription(__('Latest listings added in') . ' ' . osc_page_title()); if (osc_count_items() > 0) { while (osc_has_items()) { if (osc_count_item_resources() > 0) { osc_has_item_resources(); $feed->addItem(array('title' => osc_item_title(), 'link' => htmlentities(osc_item_url(), ENT_COMPAT, "UTF-8"), 'description' => osc_item_description(), 'dt_pub_date' => osc_item_pub_date(), 'image' => array('url' => htmlentities(osc_resource_thumbnail_url(), ENT_COMPAT, "UTF-8"), 'title' => osc_item_title(), 'link' => htmlentities(osc_item_url(), ENT_COMPAT, "UTF-8")))); } else { $feed->addItem(array('title' => osc_item_title(), 'link' => htmlentities(osc_item_url(), ENT_COMPAT, "UTF-8"), 'description' => osc_item_description(), 'dt_pub_date' => osc_item_pub_date())); } } } osc_run_hook('feed', $feed); $feed->dumpXML(); } else { osc_run_hook('feed_' . $p_sFeed, $aItems); } } }
<?php if (Params::existParam('minify_enabled')) { $enabled = (int) Params::getParam('minify_enabled'); if (osc_set_preference('minify_enabled', $enabled, 'minify', 'BOOLEAN')) { die(json_encode(array('status' => true))); } die(json_encode(array('status' => false, 'message' => 'a error ocurred during update!'))); } die(json_encode(array('status' => false)));