function doModel() { switch ($this->action) { case 'login_post': //post execution for the login if (!osc_users_enabled()) { osc_add_flash_error_message(_m('Users are not enabled')); $this->redirectTo(osc_base_url()); } osc_csrf_check(); osc_run_hook('before_validating_login'); // e-mail or/and password is/are empty or incorrect $wrongCredentials = false; $email = Params::getParam('email'); $password = Params::getParam('password', false, false); if ($email == '') { osc_add_flash_error_message(_m('Please provide an email address')); $wrongCredentials = true; } if ($password == '') { osc_add_flash_error_message(_m('Empty passwords are not allowed. Please provide a password')); $wrongCredentials = true; } if ($wrongCredentials) { $this->redirectTo(osc_user_login_url()); } if (osc_validate_email($email)) { $user = User::newInstance()->findByEmail($email); } if (empty($user)) { $user = User::newInstance()->findByUsername($email); } if (empty($user)) { osc_add_flash_error_message(_m("The user doesn't exist")); $this->redirectTo(osc_user_login_url()); } if (!osc_verify_password($password, isset($user['s_password']) ? $user['s_password'] : '')) { osc_add_flash_error_message(_m('The password is incorrect')); $this->redirectTo(osc_user_login_url()); // @TODO if valid user, send email parameter back to the login form } else { if (@$user['s_password'] != '') { if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $user['s_password'], $cost)) { if ($cost[1] != BCRYPT_COST) { User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id'])); } } else { User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id'])); } } } // e-mail or/and IP is/are banned $banned = osc_is_banned($email); // int 0: not banned or unknown, 1: email is banned, 2: IP is banned, 3: both email & IP are banned if ($banned & 1) { osc_add_flash_error_message(_m('Your current email is not allowed')); } if ($banned & 2) { osc_add_flash_error_message(_m('Your current IP is not allowed')); } if ($banned !== 0) { $this->redirectTo(osc_user_login_url()); } osc_run_hook('before_login'); $url_redirect = osc_get_http_referer(); $page_redirect = ''; if (osc_rewrite_enabled()) { if ($url_redirect != '') { $request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $url_redirect)); $tmp_ar = explode("?", $request_uri); $request_uri = $tmp_ar[0]; $rules = Rewrite::newInstance()->listRules(); foreach ($rules as $match => $uri) { if (preg_match('#' . $match . '#', $request_uri, $m)) { $request_uri = preg_replace('#' . $match . '#', $uri, $request_uri); if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) { $page_redirect = $match[2]; if ($page_redirect == '' || $page_redirect == 'login') { $url_redirect = osc_user_dashboard_url(); } } break; } } } } require_once LIB_PATH . 'osclass/UserActions.php'; $uActions = new UserActions(false); $logged = $uActions->bootstrap_login($user['pk_i_id']); if ($logged == 0) { osc_add_flash_error_message(_m("The user doesn't exist")); } else { if ($logged == 1) { if (time() - strtotime($user['dt_access_date']) > 1200) { // EACH 20 MINUTES osc_add_flash_error_message(sprintf(_m('The user has not been validated yet. Would you like to re-send your <a href="%s">activation?</a>'), osc_user_resend_activation_link($user['pk_i_id'], $user['s_email']))); } else { osc_add_flash_error_message(_m('The user has not been validated yet')); } } else { if ($logged == 2) { osc_add_flash_error_message(_m('The user has been suspended')); } else { if ($logged == 3) { if (Params::getParam('remember') == 1) { //this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_userId', $user['pk_i_id']); Cookie::newInstance()->push('oc_userSecret', $secret); Cookie::newInstance()->set(); } if ($url_redirect == '') { $url_redirect = osc_user_dashboard_url(); } osc_run_hook("after_login", $user, $url_redirect); $this->redirectTo(osc_apply_filter('correct_login_url_redirect', $url_redirect)); } else { osc_add_flash_error_message(_m('This should never happen')); } } } } if (!$user['b_enabled']) { $this->redirectTo(osc_user_login_url()); } $this->redirectTo(osc_user_login_url()); break; case 'resend': $id = Params::getParam('id'); $email = Params::getParam('email'); $user = User::newInstance()->findByPrimaryKey($id); if ($id == '' || $email == '' || !isset($user) || $user['b_active'] == 1 || $email != $user['s_email']) { osc_add_flash_error_message(_m('Incorrect link')); $this->redirectTo(osc_user_login_url()); } if (time() - strtotime($user['dt_access_date']) > 1200) { // EACH 20 MINUTES if (osc_notify_new_user()) { osc_run_hook('hook_email_admin_new_user', $user); } if (osc_user_validation_enabled()) { osc_run_hook('hook_email_user_validation', $user, $user); } User::newInstance()->update(array('dt_access_date' => date('Y-m-d H:i:s')), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('Validation email re-sent')); } else { osc_add_flash_warning_message(_m('We have just sent you an email to validate your account, you will have to wait a few minutes to resend it again')); } $this->redirectTo(osc_user_login_url()); break; case 'recover': //form to recover the password (in this case we have the form in /gui/) $this->doView('user-recover.php'); break; case 'recover_post': //post execution to recover the password osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; // e-mail is incorrect if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) { osc_add_flash_error_message(_m('Invalid email address')); $this->redirectTo(osc_recover_user_password_url()); } $userActions = new UserActions(false); $success = $userActions->recover_password(); switch ($success) { case 0: // recover ok osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password')); $this->redirectTo(osc_base_url()); break; case 1: // e-mail does not exist osc_add_flash_error_message(_m('We were not able to identify you given the information provided')); $this->redirectTo(osc_recover_user_password_url()); break; case 2: // recaptcha wrong osc_add_flash_error_message(_m('The recaptcha code is wrong')); $this->redirectTo(osc_recover_user_password_url()); break; } break; case 'forgot': //form to recover the password (in this case we have the form in /gui/) $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user) { $this->doView('user-forgot_password.php'); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'forgot_post': osc_csrf_check(); if (Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user['b_enabled'] == 1) { if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) { User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => Params::getServerParam('REMOTE_ADDR'), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed')); $this->redirectTo(osc_user_login_url()); } else { osc_add_flash_error_message(_m("Error, the password don't match")); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); } $this->redirectTo(osc_base_url()); break; default: //login Session::newInstance()->_setReferer(osc_get_http_referer()); if (osc_logged_user_id() != '') { $this->redirectTo(osc_user_dashboard_url()); } $this->doView('user-login.php'); } }
function __construct() { // this is necessary because if HTTP_HOST doesn't have the PORT the parse_url is null $current_host = parse_url(Params::getServerParam('HTTP_HOST'), PHP_URL_HOST); if ($current_host === null) { $current_host = Params::getServerParam('HTTP_HOST'); } if (parse_url(osc_base_url(), PHP_URL_HOST) !== $current_host) { // first check if it's http or https $url = 'http://'; if (osc_is_ssl()) { $url = 'https://'; } // append the domain $url .= parse_url(osc_base_url(), PHP_URL_HOST); // append the port number if it's necessary $http_port = parse_url(Params::getServerParam('HTTP_HOST'), PHP_URL_PORT); if ($http_port !== 80) { $url .= ':' . parse_url(Params::getServerParam('HTTP_HOST'), PHP_URL_PORT); } // append the request $url .= Params::getServerParam('REQUEST_URI', false, false); $this->redirectTo($url); } $this->subdomain_params($current_host); $this->page = Params::getParam('page'); $this->action = Params::getParam('action'); $this->ajax = false; $this->time = list($sm, $ss) = explode(' ', microtime()); WebThemes::newInstance(); osc_run_hook('init'); }
function showAuthFailPage() { if (Params::getParam('page') == 'ajax') { echo json_encode(array('error' => 1, 'msg' => __('Session timed out'))); exit; } else { //Session::newInstance()->session_start(); Session::newInstance()->_setReferer(osc_base_url() . preg_replace('|^' . REL_WEB_URL . '|', '', Params::getServerParam('REQUEST_URI', false, false))); header("Location: " . osc_admin_base_url(true) . "?page=login"); exit; } }
function doModel() { $locale = Params::getParam('locale'); if (preg_match('/.{2}_.{2}/', $locale)) { Session::newinstance()->_set('userLocale', $locale); } $redirect_url = ''; if (Params::getServerParam('HTTP_REFERER', false, false) != '') { $redirect_url = Params::getServerParam('HTTP_REFERER', false, false); } else { $redirect_url = osc_base_url(true); } $this->redirectTo($redirect_url); }
function basic_info() { require_once LIB_PATH . 'osclass/model/Admin.php'; require_once LIB_PATH . 'osclass/helpers/hSecurity.php'; $admin = Params::getParam('s_name'); if ($admin == '') { $admin = 'admin'; } $password = Params::getParam('s_passwd', false, false); if ($password == '') { $password = osc_genRandomPassword(); } Admin::newInstance()->insert(array('s_name' => 'Administrator', 's_username' => $admin, 's_password' => osc_hash_password($password), 's_email' => Params::getParam('email'))); $mPreference = Preference::newInstance(); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'pageTitle', 's_value' => Params::getParam('webtitle'), 'e_type' => 'STRING')); $mPreference->insert(array('s_section' => 'osclass', 's_name' => 'contactEmail', 's_value' => Params::getParam('email'), 'e_type' => 'STRING')); $body = sprintf(__('Hi %s,'), Params::getParam('webtitle')) . "<br/><br/>"; $body .= sprintf(__('Your Osclass installation at %s is up and running. You can access the administration panel with these details:'), WEB_PATH) . '<br/>'; $body .= '<ul>'; $body .= '<li>' . sprintf(__('username: %s'), $admin) . '</li>'; $body .= '<li>' . sprintf(__('password: %s'), $password) . '</li>'; $body .= '</ul>'; $body .= sprintf(__('Remember that for any doubts you might have you can consult our <a href="%1$s">documentation</a>, <a href="%2$s">forum</a> or <a href="%3$s">blog</a>.'), 'http://doc.osclass.org/', 'http://forums.osclass.org/', 'http://blog.osclass.org/'); $body .= sprintf(' ' . __('Osclass doesn’t run any developments but we can put you in touch with third party developers through a Premium Support. And hey, if you would like to contribute to Osclass - learn how <a href="%1$s">here</a>!'), 'http://blog.osclass.org/2012/11/22/how-to-collaborate-to-osclass/') . '<br/><br/>'; $body .= __('Cheers,') . "<br/>"; $body .= __('The <a href="http://osclass.org/">Osclass</a> team'); $sitename = strtolower(Params::getServerParam('SERVER_NAME')); if (substr($sitename, 0, 4) == 'www.') { $sitename = substr($sitename, 4); } try { require_once LIB_PATH . 'phpmailer/class.phpmailer.php'; $mail = new PHPMailer(true); $mail->CharSet = "utf-8"; $mail->Host = "localhost"; $mail->From = 'osclass@' . $sitename; $mail->FromName = 'Osclass'; $mail->Subject = 'Osclass successfully installed!'; $mail->AddAddress(Params::getParam('email'), 'Osclass administrator'); $mail->Body = $body; $mail->AltBody = $body; if (!$mail->Send()) { return array('email_status' => Params::getParam('email') . "<br>" . $mail->ErrorInfo, 's_password' => $password); } return array('email_status' => '', 's_password' => $password); } catch (phpmailerException $exception) { return array('email_status' => Params::getParam('email') . "<br>" . $exception->errorMessage(), 's_password' => $password); } }
/** * @param string $blogURL The URL of your blog. * @param string $wordPressAPIKey WordPress API key. */ public function __construct($blogURL, $wordPressAPIKey) { $this->blogURL = $blogURL; $this->wordPressAPIKey = $wordPressAPIKey; // Set some default values $this->apiPort = 80; $this->akismetServer = 'rest.akismet.com'; $this->akismetVersion = '1.1'; // Start to populate the comment data $this->comment['blog'] = $blogURL; $this->comment['user_agent'] = Params::getServerParam('HTTP_USER_AGENT'); if (Params::existServerParam('HTTP_REFERER')) { $this->comment['referrer'] = Params::getServerParam('HTTP_REFERER', false, false); } /* * This is necessary if the server PHP5 is running on has been set up to run PHP4 and * PHP5 concurently and is actually running through a separate proxy al a these instructions: * http://www.schlitt.info/applications/blog/archives/83_How_to_run_PHP4_and_PHP_5_parallel.html * and http://wiki.coggeshall.org/37.html * Otherwise the user_ip appears as the IP address of the PHP4 server passing the requests to the * PHP5 one... */ $this->comment['user_ip'] = Params::getServerParam('REMOTE_ADDR') != getenv('SERVER_ADDR') ? Params::getServerParam('REMOTE_ADDR') : getenv('HTTP_X_FORWARDED_FOR'); }
function doModel() { parent::doModel(); if (osc_is_moderator() && ($this->action == 'settings' || $this->action == 'settings_post')) { osc_add_flash_error_message(_m("You don't have enough permissions"), "admin"); $this->redirectTo(osc_admin_base_url()); } //specific things for this class switch ($this->action) { case 'bulk_actions': osc_csrf_check(); $mItems = new ItemActions(true); switch (Params::getParam('bulk_actions')) { case 'enable_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->enable($_id)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been enabled', '%d listings have been enabled', $numSuccess), $numSuccess), 'admin'); } break; case 'disable_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->disable((int) $_id)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been disabled', '%d listings have been disabled', $numSuccess), $numSuccess), 'admin'); } break; case 'activate_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->activate($_id)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been activated', '%d listings have been activated', $numSuccess), $numSuccess), 'admin'); } break; case 'deactivate_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->deactivate($_id)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_m('%d listing has been deactivated', '%d listings have been deactivated', $numSuccess), $numSuccess), 'admin'); } break; case 'premium_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->premium($_id)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been marked as premium', '%d listings have been marked as premium', $numSuccess), $numSuccess), 'admin'); } break; case 'depremium_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->premium($_id, false)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_mn('%d change has been made', '%d changes have been made', $numSuccess), $numSuccess), 'admin'); } break; case 'spam_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->spam($_id)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been marked as spam', '%d listings have been marked as spam', $numSuccess), $numSuccess), 'admin'); } break; case 'despam_all': $id = Params::getParam('id'); if ($id) { $numSuccess = 0; foreach ($id as $_id) { if ($mItems->spam($_id, false)) { $numSuccess++; } } osc_add_flash_ok_message(sprintf(_mn('%d change has been made', '%d changes have been made', $numSuccess), $numSuccess), 'admin'); } break; case 'delete_all': $id = Params::getParam('id'); $success = false; if ($id) { $numSuccess = 0; foreach ($id as $i) { if ($i) { $item = $this->itemManager->findByPrimaryKey($i); $success = $mItems->delete($item['s_secret'], $item['pk_i_id']); if ($success) { $numSuccess++; } } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been deleted', '%d listings have been deleted', $numSuccess), $numSuccess), 'admin'); } break; case 'clear_spam_all': $id = Params::getParam('id'); $success = false; if ($id) { $numSuccess = 0; foreach ($id as $i) { if ($i) { $success = $this->itemManager->clearStat($i, 'spam'); if ($success) { $numSuccess++; } } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked as spam', '%d listings have been unmarked as spam', $numSuccess), $numSuccess), 'admin'); } break; case 'clear_bad_all': $id = Params::getParam('id'); $success = false; if ($id) { $numSuccess = 0; foreach ($id as $i) { if ($i) { $success = $this->itemManager->clearStat($i, 'bad'); if ($success) { $numSuccess++; } } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked as missclassified', '%d listings have been unmarked as missclassified', $numSuccess), $numSuccess), 'admin'); } break; case 'clear_dupl_all': $id = Params::getParam('id'); $success = false; if ($id) { $numSuccess = 0; foreach ($id as $i) { if ($i) { $success = $this->itemManager->clearStat($i, 'duplicated'); if ($success) { $numSuccess++; } } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked as duplicated', '%d listings have been unmarked as duplicated', $numSuccess), $numSuccess), 'admin'); } break; case 'clear_expi_all': $id = Params::getParam('id'); $success = false; if ($id) { $numSuccess = 0; foreach ($id as $i) { if ($i) { $success = $this->itemManager->clearStat($i, 'expired'); if ($success) { $numSuccess++; } } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked as expired', '%d listings have been unmarked as expired', $numSuccess), $numSuccess), 'admin'); } break; case 'clear_offe_all': $id = Params::getParam('id'); $success = false; if ($id) { $numSuccess = 0; foreach ($id as $i) { if ($i) { $success = $this->itemManager->clearStat($i, 'offensive'); if ($success) { $numSuccess++; } } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked as offensive', '%d listings have been unmarked as offensive', $numSuccess), $numSuccess), 'admin'); } break; case 'clear_all': $id = Params::getParam('id'); $success = false; if ($id) { $numSuccess = 0; foreach ($id as $i) { if ($i) { $success = $this->itemManager->clearStat($i, 'all'); if ($success) { $numSuccess++; } } } osc_add_flash_ok_message(sprintf(_mn('%d listing has been unmarked', '%d listings have been unmarked', $numSuccess), $numSuccess), 'admin'); } break; default: if (Params::getParam("bulk_actions") != "") { osc_run_hook("item_bulk_" . Params::getParam("bulk_actions"), Params::getParam('id')); } break; } $this->redirectTo(Params::getServerParam('HTTP_REFERER', false, false)); break; case 'delete': //delete osc_csrf_check(); $id = Params::getParam('id'); $success = false; foreach ($id as $i) { if ($i) { $aItem = $this->itemManager->findByPrimaryKey($i); $mItems = new ItemActions(true); $success = $mItems->delete($aItem['s_secret'], $aItem['pk_i_id']); } } if ($success) { osc_add_flash_ok_message(_m('The listing has been deleted'), 'admin'); } else { osc_add_flash_error_message(_m("The listing couldn't be deleted"), 'admin'); } $this->redirectTo(Params::getServerParam('HTTP_REFERER', false, false)); break; case 'status': //status osc_csrf_check(); $id = Params::getParam('id'); $value = Params::getParam('value'); if (!$id) { return false; } $id = (int) $id; if (!is_numeric($id)) { return false; } if (!in_array($value, array('ACTIVE', 'INACTIVE', 'ENABLE', 'DISABLE'))) { return false; } $item = $this->itemManager->findByPrimaryKey($id); $mItems = new ItemActions(true); switch ($value) { case 'ACTIVE': $success = $mItems->activate($id); if ($success && $success > 0) { osc_add_flash_ok_message(_m('The listing has been activated'), 'admin'); } else { if (!$success) { osc_add_flash_error_message(_m('An error has occurred'), 'admin'); } else { osc_add_flash_error_message(_m("The listing can't be activated because it's blocked"), 'admin'); } } break; case 'INACTIVE': $success = $mItems->deactivate($id); if ($success && $success > 0) { osc_add_flash_ok_message(_m('The listing has been deactivated'), 'admin'); } else { osc_add_flash_error_message(_m('An error has occurred'), 'admin'); } break; case 'ENABLE': $success = $mItems->enable($id); if ($success && $success > 0) { osc_add_flash_ok_message(_m('The listing has been enabled'), 'admin'); } else { osc_add_flash_error_message(_m('An error has occurred'), 'admin'); } break; case 'DISABLE': $success = $mItems->disable($id); if ($success && $success > 0) { osc_add_flash_ok_message(_m('The listing has been disabled'), 'admin'); } else { osc_add_flash_error_message(_m('An error has occurred'), 'admin'); } break; } $this->redirectTo(Params::getServerParam('HTTP_REFERER', false, false)); break; case 'status_premium': //status premium osc_csrf_check(); $id = Params::getParam('id'); $value = Params::getParam('value'); if (!$id) { return false; } $id = (int) $id; if (!is_numeric($id)) { return false; } if (!in_array($value, array(0, 1))) { return false; } $mItems = new ItemActions(true); if ($mItems->premium($id, $value == 1 ? true : false)) { osc_add_flash_ok_message(_m('Changes have been applied'), 'admin'); } else { osc_add_flash_error_message(_m('An error has occurred'), 'admin'); } $this->redirectTo(Params::getServerParam('HTTP_REFERER', false, false)); break; case 'status_spam': //status spam osc_csrf_check(); $id = Params::getParam('id'); $value = Params::getParam('value'); if (!$id) { return false; } $id = (int) $id; if (!is_numeric($id)) { return false; } if (!in_array($value, array(0, 1))) { return false; } $mItems = new ItemActions(true); if ($mItems->spam($id, $value == 1 ? true : false)) { osc_add_flash_ok_message(_m('Changes have been applied'), 'admin'); } else { osc_add_flash_error_message(_m('An error has occurred'), 'admin'); } $this->redirectTo(Params::getServerParam('HTTP_REFERER', false, false)); break; case 'clear_stat': osc_csrf_check(); $id = Params::getParam('id'); $stat = Params::getParam('stat'); if (!$id) { return false; } if (!$stat) { return false; } $id = (int) $id; if (!is_numeric($id)) { return false; } $success = $this->itemManager->clearStat($id, $stat); if ($success) { osc_add_flash_ok_message(_m('The listing has been unmarked as') . " {$stat}", 'admin'); } else { osc_add_flash_error_message(_m("The listing hasn't been unmarked as") . " {$stat}", 'admin'); } $this->redirectTo(Params::getServerParam('HTTP_REFERER', false, false)); break; case 'item_edit': // edit item $id = Params::getParam('id'); $item = Item::newInstance()->findByPrimaryKey($id); if (count($item) <= 0) { $this->redirectTo(osc_admin_base_url(true) . "?page=items"); } $csrf_token = osc_csrf_token_url(); if ($item['b_active']) { $actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=INACTIVE">' . __('Deactivate') . '</a>'; } else { $actions[] = '<a class="btn btn-red float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=ACTIVE">' . __('Activate') . '</a>'; } if ($item['b_enabled']) { $actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=DISABLE">' . __('Block') . '</a>'; } else { $actions[] = '<a class="btn btn-red float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=ENABLE">' . __('Unblock') . '</a>'; } if ($item['b_premium']) { $actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status_premium&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=0">' . __('Unmark as premium') . '</a>'; } else { $actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status_premium&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=1">' . __('Mark as premium') . '</a>'; } if ($item['b_spam']) { $actions[] = '<a class="btn btn-red float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status_spam&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=0">' . __('Unmark as spam') . '</a>'; } else { $actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=items&action=status_spam&id=' . $item['pk_i_id'] . '&' . $csrf_token . '&value=1">' . __('Mark as spam') . '</a>'; } $this->_exportVariableToView("actions", $actions); $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } // save referer if belongs to manage items // redirect only if ManageItems or ReportedListngs if (Params::existServerParam('HTTP_REFERER')) { $referer = Params::getServerParam('HTTP_REFERER', false, false); if (preg_match('/page=items/', $referer)) { if (preg_match("/action=([\\p{L}|_|-]+)/u", $referer, $matches)) { if ($matches[1] == 'items_reported') { Session::newInstance()->_set('osc_admin_referer', $referer); } } else { // no actions - Manage Listings Session::newInstance()->_set('osc_admin_referer', $referer); } } } $this->_exportVariableToView("item", $item); $this->_exportVariableToView("new_item", FALSE); osc_run_hook("before_item_edit", $item); $this->doView('items/frm.php'); break; case 'item_edit_post': osc_csrf_check(); $mItems = new ItemActions(true); $mItems->prepareData(false); // set all parameters into session foreach ($mItems->data as $key => $value) { Session::newInstance()->_setForm($key, $value); } $meta = Params::getParam('meta'); if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_setForm('meta_' . $key, $value); Session::newInstance()->_keepForm('meta_' . $key); } } $success = $mItems->edit(); if ($success == 1) { osc_add_flash_ok_message(_m('Changes saved correctly'), 'admin'); $url = osc_admin_base_url(true) . "?page=items"; // if Referer is saved that means referer is ManageListings or ReportListings if (Session::newInstance()->_get('osc_admin_referer') != '') { $url = Session::newInstance()->_get('osc_admin_referer'); } Session::newInstance()->_clearVariables(); if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_dropKeepForm('meta_' . $key); } } $this->redirectTo($url); } else { osc_add_flash_error_message($success, 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=items&action=item_edit&id=" . Params::getParam('id')); } break; case 'deleteResource': //delete resource osc_csrf_check(); $id = Params::getParam('id'); $name = Params::getParam('name'); $fkid = Params::getParam('fkid'); // delete files osc_deleteResource($id, true); Log::newInstance()->insertLog('items', 'deleteResource', $id, $id, 'admin', osc_logged_admin_id()); $result = ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $fkid, 's_name' => $name)); if ($result === false) { osc_add_flash_error_message(_m('An error has occurred'), 'admin'); } else { osc_add_flash_ok_message(_m('Resource deleted'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . "?page=items"); break; case 'post': // add item $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } $this->_exportVariableToView("new_item", TRUE); osc_run_hook('post_item'); $this->doView('items/frm.php'); break; case 'post_item': //post item osc_csrf_check(); $mItem = new ItemActions(true); $mItem->prepareData(true); // set all parameters into session foreach ($mItem->data as $key => $value) { Session::newInstance()->_setForm($key, $value); } $meta = Params::getParam('meta'); if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_setForm('meta_' . $key, $value); Session::newInstance()->_keepForm('meta_' . $key); } } $success = $mItem->add(); if ($success == 1 || $success == 2) { $url = osc_admin_base_url(true) . "?page=items"; // if Referer is saved that means referer is ManageListings or ReportListings if (Session::newInstance()->_get('osc_admin_referer') != '') { $url = Session::newInstance()->_get('osc_admin_referer'); Session::newInstance()->_drop('osc_admin_referer'); } Session::newInstance()->_clearVariables(); if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_dropKeepForm('meta_' . $key); } } osc_add_flash_ok_message(_m('A new listing has been added'), 'admin'); $this->redirectTo($url); } else { osc_add_flash_error_message($success, 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=items&action=post"); } break; case 'settings': // calling the items settings view $this->doView('items/settings.php'); break; case 'settings_post': // update item settings osc_csrf_check(); $iUpdated = 0; $enabledRecaptchaItems = Params::getParam('enabled_recaptcha_items'); $enabledRecaptchaItems = $enabledRecaptchaItems == '1' ? true : false; $moderateItems = Params::getParam('moderate_items'); $moderateItems = $moderateItems != '' ? true : false; $numModerateItems = Params::getParam('num_moderate_items'); $itemsWaitTime = Params::getParam('items_wait_time'); $loggedUserItemValidation = Params::getParam('logged_user_item_validation'); $loggedUserItemValidation = $loggedUserItemValidation != '' ? true : false; $regUserPost = Params::getParam('reg_user_post'); $regUserPost = $regUserPost != '' ? true : false; $notifyNewItem = Params::getParam('notify_new_item'); $notifyNewItem = $notifyNewItem != '' ? true : false; $notifyContactItem = Params::getParam('notify_contact_item'); $notifyContactItem = $notifyContactItem != '' ? true : false; $notifyContactFriends = Params::getParam('notify_contact_friends'); $notifyContactFriends = $notifyContactFriends != '' ? true : false; $enabledFieldPriceItems = Params::getParam('enableField#f_price@items'); $enabledFieldPriceItems = $enabledFieldPriceItems != '' ? true : false; $enabledFieldImagesItems = Params::getParam('enableField#images@items'); $enabledFieldImagesItems = $enabledFieldImagesItems != '' ? true : false; $numImagesItems = Params::getParam('numImages@items'); if ($numImagesItems == '') { $numImagesItems = 0; } $regUserCanContact = Params::getParam('reg_user_can_contact'); $regUserCanContact = $regUserCanContact != '' ? true : false; $contactItemAttachment = Params::getParam('item_attachment'); $contactItemAttachment = $contactItemAttachment != '' ? true : false; $warnExpiration = Params::getParam('warn_expiration'); $warnExpiration = (int) $warnExpiration; $titleLength = Params::getParam('max_chars_per_title'); $descriptionLength = Params::getParam('max_chars_per_description'); $msg = ''; if (!osc_validate_int(Params::getParam("items_wait_time"))) { $msg .= _m("Wait time must only contain numeric characters") . "<br/>"; } if (Params::getParam("num_moderate_items") != '' && !osc_validate_int(Params::getParam("num_moderate_items"))) { $msg .= _m("Number of moderated listings must only contain numeric characters") . "<br/>"; } if (!osc_validate_int($numImagesItems)) { $msg .= _m("Images per listing must only contain numeric characters") . "<br/>"; } if (!osc_validate_int($warnExpiration)) { $msg .= _m("Number of expiration days has to be a numeric value") . "<br/>"; } if (!osc_validate_int($titleLength)) { $msg .= _m("Title Length has to be a numeric value") . "<br/>"; } if (!osc_validate_int($descriptionLength)) { $msg .= _m("Description Length has to be a numeric value") . "<br/>"; } if ($msg != '') { osc_add_flash_error_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=items&action=settings'); } $iUpdated += osc_set_preference('enabled_recaptcha_items', $enabledRecaptchaItems); if ($moderateItems) { $iUpdated += osc_set_preference('moderate_items', $numModerateItems); } else { $iUpdated += osc_set_preference('moderate_items', '-1'); } $iUpdated += osc_set_preference('logged_user_item_validation', $loggedUserItemValidation); $iUpdated += osc_set_preference('reg_user_post', $regUserPost); $iUpdated += osc_set_preference('notify_new_item', $notifyNewItem); $iUpdated += osc_set_preference('notify_contact_item', $notifyContactItem); $iUpdated += osc_set_preference('notify_contact_friends', $notifyContactFriends); $iUpdated += osc_set_preference('enableField#f_price@items', $enabledFieldPriceItems); $iUpdated += osc_set_preference('enableField#images@items', $enabledFieldImagesItems); $iUpdated += osc_set_preference('items_wait_time', $itemsWaitTime); $iUpdated += osc_set_preference('numImages@items', $numImagesItems); $iUpdated += osc_set_preference('reg_user_can_contact', $regUserCanContact); $iUpdated += osc_set_preference('item_attachment', $contactItemAttachment); $iUpdated += osc_set_preference('warn_expiration', $warnExpiration); $iUpdated += osc_set_preference('title_character_length', $titleLength); $iUpdated += osc_set_preference('description_character_length', $descriptionLength); if ($iUpdated > 0) { osc_add_flash_ok_message(_m("Listings' settings have been updated"), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=items&action=settings'); break; case 'items_reported': require_once osc_lib_path() . "osclass/classes/datatables/ItemsDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') { Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength')); } else { Params::setParam('iDisplayLength', 10); } } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray(); $itemsDataTable = new ItemsDataTable(); $itemsDataTable->tableReported($params); $aData = $itemsDataTable->getData(); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . Params::getServerParam('QUERY_STRING', false, false); if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('aRawRows', $itemsDataTable->rawRows()); //calling the view... $this->doView('items/reported.php'); break; default: // default require_once osc_lib_path() . "osclass/classes/datatables/ItemsDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') { Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength')); } else { Params::setParam('iDisplayLength', 10); } } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray(); $itemsDataTable = new ItemsDataTable(); $aData = $itemsDataTable->table($params); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . Params::getServerParam('QUERY_STRING', false, false); if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('withFilters', $itemsDataTable->withFilters()); $this->_exportVariableToView('aRawRows', $itemsDataTable->rawRows()); $bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Delete'))), 'label' => __('Delete')), array('value' => 'activate_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Activate'))), 'label' => __('Activate')), array('value' => 'deactivate_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Deactivate'))), 'label' => __('Deactivate')), array('value' => 'disable_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Block'))), 'label' => __('Block')), array('value' => 'enable_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Unblock'))), 'label' => __('Unblock')), array('value' => 'premium_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Mark as premium'))), 'label' => __('Mark as premium')), array('value' => 'depremium_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Unmark as premium'))), 'label' => __('Unmark as premium')), array('value' => 'spam_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Mark as spam'))), 'label' => __('Mark as spam')), array('value' => 'despam_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected listings?'), strtolower(__('Unmark as spam'))), 'label' => __('Unmark as spam'))); $bulk_options = osc_apply_filter("item_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); //calling the view... $this->doView('items/index.php'); } }
public function init() { if (Params::existServerParam('REQUEST_URI')) { if (preg_match('|[\\?&]{1}http_referer=(.*)$|', urldecode(Params::getServerParam('REQUEST_URI', false, false)), $ref_match)) { $this->http_referer = $ref_match[1]; $_SERVER['REQUEST_URI'] = preg_replace('|[\\?&]{1}http_referer=(.*)$|', "", urldecode(Params::getServerParam('REQUEST_URI', false, false))); } $request_uri = preg_replace('@^' . REL_WEB_URL . '@', "", urldecode(Params::getServerParam('REQUEST_URI', false, false))); $this->raw_request_uri = $request_uri; $route_used = false; foreach ($this->routes as $id => $route) { // UNCOMMENT TO DEBUG //echo 'Request URI: '.$request_uri." # Match : ".$route['regexp']." # URI to go : ".$route['url']." <br />"; if (preg_match('#^' . $route['regexp'] . '#', $request_uri, $m)) { if (!preg_match_all('#\\{([^\\}]+)\\}#', $route['url'], $args)) { $args[1] = array(); } $l = count($m); for ($p = 1; $p < $l; $p++) { if (isset($args[1][$p - 1])) { Params::setParam($args[1][$p - 1], $m[$p]); } else { Params::setParam('route_param_' . $p, $m[$p]); } } Params::setParam('page', 'custom'); Params::setParam('route', $id); $route_used = true; $this->location = $route['location']; $this->section = $route['section']; $this->title = $route['title']; break; } } if (!$route_used) { if (osc_rewrite_enabled()) { $tmp_ar = explode("?", $request_uri); $request_uri = $tmp_ar[0]; // if try to access directly to a php file if (preg_match('#^(.+?)\\.php(.*)$#', $request_uri)) { $file = explode("?", $request_uri); if (!file_exists(ABS_PATH . $file[0])) { Rewrite::newInstance()->set_location('error'); header('HTTP/1.1 404 Not Found'); osc_current_web_theme_path('404.php'); exit; } } foreach ($this->rules as $match => $uri) { // UNCOMMENT TO DEBUG // echo 'Request URI: '.$request_uri." # Match : ".$match." # URI to go : ".$uri." <br />"; if (preg_match('#^' . $match . '#', $request_uri, $m)) { $request_uri = preg_replace('#' . $match . '#', $uri, $request_uri); break; } } } $this->extractParams($request_uri); $this->request_uri = $request_uri; if (Params::getParam('page') != '') { $this->location = Params::getParam('page'); } if (Params::getParam('action') != '') { $this->section = Params::getParam('action'); } } } }
function osc_show_pagination_admin($aData) { $pageActual = isset($aData['iPage']) ? $aData['iPage'] : Params::getParam('iPage'); $urlActual = osc_admin_base_url(true) . '?' . Params::getServerParam('QUERY_STRING', false, false); $urlActual = preg_replace('/&iPage=(\\d+)?/', '', $urlActual); $pageTotal = ceil($aData['iTotalDisplayRecords'] / $aData['iDisplayLength']); $params = array('total' => $pageTotal, 'selected' => $pageActual - 1, 'url' => $urlActual . '&iPage={PAGE}', 'sides' => 5); ?> <div class="has-pagination"> <?php osc_run_hook('before_show_pagination_admin'); ?> <?php if ($pageTotal > 1) { ?> <form method="get" action="<?php echo $urlActual; ?> " style="display:inline;"> <?php foreach (Params::getParamsAsArray('get') as $key => $value) { ?> <?php if ($key != 'iPage') { ?> <input type="hidden" name="<?php echo osc_esc_html($key); ?> " value="<?php echo osc_esc_html($value); ?> " /> <?php } } ?> <ul> <li> <span class="list-first"><?php _e('Page'); ?> </span> </li> <li class="pagination-input"> <input id="gotoPage" type="text" name="iPage" value="<?php echo osc_esc_html($pageActual); ?> "/><button type="submit"><?php _e('Go!'); ?> </button> </li> </ul> </form> <?php $pagination = new Pagination($params); $aux = $pagination->doPagination(); echo $aux; } osc_run_hook('after_show_pagination_admin'); ?> </div> <?php }
function doModel() { parent::doModel(); //specific things for this class switch ($this->action) { case 'bulk_actions': osc_csrf_check(); switch (Params::getParam('bulk_actions')) { case 'delete': $ids = Params::getParam("id"); if (is_array($ids)) { foreach ($ids as $id) { osc_deleteResource($id, true); } $log_ids = substr(implode(",", $ids), 0, 250); Log::newInstance()->insertLog('media', 'delete bulk', $log_ids, $log_ids, 'admin', osc_logged_admin_id()); $this->resourcesManager->deleteResourcesIds($ids); } osc_add_flash_ok_message(_m('Resource deleted'), 'admin'); break; default: if (Params::getParam("bulk_actions") != "") { osc_run_hook("media_bulk_" . Params::getParam("bulk_actions"), Params::getParam('id')); } break; } $this->redirectTo(osc_admin_base_url(true) . '?page=media'); break; case 'delete': osc_csrf_check(); $ids = Params::getParam('id'); if (is_array($ids)) { foreach ($ids as $id) { osc_deleteResource($id, true); } $log_ids = substr(implode(",", $ids), 0, 250); Log::newInstance()->insertLog('media', 'delete', $log_ids, $log_ids, 'admin', osc_logged_admin_id()); $this->resourcesManager->deleteResourcesIds($ids); } osc_add_flash_ok_message(_m('Resource deleted'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=media'); break; default: require_once osc_lib_path() . "osclass/classes/datatables/MediaDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') { Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength')); } else { Params::setParam('iDisplayLength', 10); } } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray(); $mediaDataTable = new MediaDataTable(); $mediaDataTable->table($params); $aData = $mediaDataTable->getData(); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . Params::getServerParam('QUERY_STRING', false, false); if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('aRawRows', $mediaDataTable->rawRows()); $bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected media files?'), strtolower(__('Delete'))), 'label' => __('Delete'))); $bulk_options = osc_apply_filter("media_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); $this->doView('media/index.php'); break; } }
function doModel() { parent::doModel(); //specific things for this class switch ($this->action) { case 'edit': if (Params::getParam("id") == '') { $this->redirectTo(osc_admin_base_url(true) . "?page=emails"); } $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } $this->_exportVariableToView("email", $this->emailManager->findByPrimaryKey(Params::getParam("id"))); $this->doView("emails/frm.php"); break; case 'edit_post': osc_csrf_check(); $id = Params::getParam("id"); $s_internal_name = Params::getParam("s_internal_name"); $aFieldsDescription = array(); $postParams = Params::getParamsAsArray('', false); $not_empty = false; foreach ($postParams as $k => $v) { if (preg_match('|(.+?)#(.+)|', $k, $m)) { if ($m[2] == 's_title' && $v != '') { $not_empty = true; } $aFieldsDescription[$m[1]][$m[2]] = $v; } } Session::newInstance()->_setForm('s_internal_name', $s_internal_name); Session::newInstance()->_setForm('aFieldsDescription', $aFieldsDescription); if ($not_empty) { foreach ($aFieldsDescription as $k => $_data) { $this->emailManager->updateDescription($id, $k, $_data['s_title'], $_data['s_text']); } if (!$this->emailManager->internalNameExists($id, $s_internal_name)) { if (!$this->emailManager->isIndelible($id)) { $this->emailManager->updateInternalName($id, $s_internal_name); } Session::newInstance()->_clearVariables(); osc_add_flash_ok_message(_m('The email/alert has been updated'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=emails"); } osc_add_flash_error_message(_m('You can\'t repeat internal name'), 'admin'); } else { osc_add_flash_error_message(_m('The email couldn\'t be updated, at least one title should not be empty'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . "?page=emails&action=edit&id=" . $id); break; default: //- if (Params::getParam('iDisplayLength') == '') { Params::setParam('iDisplayLength', 10); } $p_iPage = 1; if (is_numeric(Params::getParam('iPage')) && Params::getParam('iPage') >= 1) { $p_iPage = Params::getParam('iPage'); } Params::setParam('iPage', $p_iPage); $prefLocale = osc_current_admin_locale(); $emails = $this->emailManager->listAll(1); // pagination $start = ($p_iPage - 1) * Params::getParam('iDisplayLength'); $limit = Params::getParam('iDisplayLength'); $count = count($emails); $displayRecords = $limit; if ($start + $limit > $count) { $displayRecords = $start + $limit - $count; } // ---- $aData = array(); $max = $start + $limit; if ($max > $count) { $max = $count; } for ($i = $start; $i < $max; $i++) { $email = $emails[$i]; if (isset($email['locale'][$prefLocale]) && !empty($email['locale'][$prefLocale]['s_title'])) { $title = $email['locale'][$prefLocale]; } else { $title = current($email['locale']); } $options = array(); $options[] = '<a href="' . osc_admin_base_url(true) . '?page=emails&action=edit&id=' . $email["pk_i_id"] . '">' . __('Edit') . '</a>'; $auxOptions = '<ul>' . PHP_EOL; foreach ($options as $actual) { $auxOptions .= '<li>' . $actual . '</li>' . PHP_EOL; } $actions = '<div class="actions">' . $auxOptions . '</div>' . PHP_EOL; $row = array(); $row[] = $email['s_internal_name'] . $actions; $row[] = $title['s_title']; $aData[] = $row; } // ---- $array['iTotalRecords'] = $displayRecords; $array['iTotalDisplayRecords'] = count($emails); $array['iDisplayLength'] = $limit; $array['aaData'] = $aData; $page = (int) Params::getParam('iPage'); if (count($array['aaData']) == 0 && $page != 1) { $total = (int) $array['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $array['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . Params::getServerParam('QUERY_STRING', false, false); if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aEmails', $array); $this->doView("emails/index.php"); } }
function recover_password() { $user = User::newInstance()->findByEmail(Params::getParam('s_email')); Session::newInstance()->_set('recover_time', time()); if (osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { return 2; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } if (!$user || $user['b_enabled'] == 0) { return 1; } $code = osc_genRandomPassword(30); $date = date('Y-m-d H:i:s'); User::newInstance()->update(array('s_pass_code' => $code, 's_pass_date' => $date, 's_pass_ip' => Params::getServerParam('REMOTE_ADDR')), array('pk_i_id' => $user['pk_i_id'])); $password_url = osc_forgot_user_password_confirm_url($user['pk_i_id'], $code); osc_run_hook('hook_email_user_forgot_password', $user, $password_url); return 0; }
function get_ip() { if (Params::getServerParam('HTTP_CLIENT_IP') != '') { return Params::getServerParam('HTTP_CLIENT_IP'); } if (Params::getServerParam('HTTP_X_FORWARDED_FOR') != '') { $ip_array = explode(',', Params::getServerParam('HTTP_X_FORWARDED_FOR')); foreach ($ip_array as $ip) { return trim($ip); } } return Params::getServerParam('REMOTE_ADDR'); }
function doModel() { switch ($this->action) { case 'add': // caliing add view $this->doView('languages/add.php'); break; case 'add_post': // adding a new language if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); } osc_csrf_check(); $filePackage = Params::getFiles('package'); if (isset($filePackage['size']) && $filePackage['size'] != 0) { $path = osc_translations_path(); (int) ($status = osc_unzip_file($filePackage['tmp_name'], $path)); @unlink($filePackage['tmp_name']); } else { $status = 3; } switch ($status) { case 0: $msg = _m('The translation folder is not writable'); osc_add_flash_error_message($msg, 'admin'); break; case 1: if (osc_checkLocales()) { $msg = _m('The language has been installed correctly'); osc_add_flash_ok_message($msg, 'admin'); } else { $msg = _m('There was a problem adding the language'); osc_add_flash_error_message($msg, 'admin'); } break; case 2: $msg = _m('The zip file is not valid'); osc_add_flash_error_message($msg, 'admin'); break; case 3: $msg = _m('No file was uploaded'); osc_add_flash_warning_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=languages&action=add"); break; case -1: default: $msg = _m('There was a problem adding the language'); osc_add_flash_error_message($msg, 'admin'); break; } $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); break; case 'edit': // editing a language $sLocale = Params::getParam('id'); if (!preg_match('/.{2}_.{2}/', $sLocale)) { osc_add_flash_error_message(_m('Language id isn\'t in the correct format'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); } $aLocale = $this->localeManager->findByPrimaryKey($sLocale); if (count($aLocale) == 0) { osc_add_flash_error_message(_m('Language id doesn\'t exist'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); } $this->_exportVariableToView("aLocale", $aLocale); $this->doView('languages/frm.php'); break; case 'edit_post': // edit language post osc_csrf_check(); $iUpdated = 0; $languageCode = Params::getParam('pk_c_code'); $enabledWebstie = Params::getParam('b_enabled'); $enabledBackoffice = Params::getParam('b_enabled_bo'); $languageName = Params::getParam('s_name'); $languageShortName = Params::getParam('s_short_name'); $languageDescription = Params::getParam('s_description'); $languageCurrencyFormat = Params::getParam('s_currency_format'); $languageDecPoint = Params::getParam('s_dec_point'); $languageNumDec = Params::getParam('i_num_dec'); $languageThousandsSep = Params::getParam('s_thousands_sep'); $languageDateFormat = Params::getParam('s_date_format'); $languageStopWords = Params::getParam('s_stop_words'); // formatting variables if (!preg_match('/.{2}_.{2}/', $languageCode)) { osc_add_flash_error_message(_m('Language id isn\'t in the correct format'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); } $enabledWebstie = $enabledWebstie != '' ? true : false; $enabledBackoffice = $enabledBackoffice != '' ? true : false; $languageName = strip_tags($languageName); $languageName = trim($languageName); $languageShortName = strip_tags($languageShortName); $languageShortName = trim($languageShortName); $languageDescription = strip_tags($languageDescription); $languageDescription = trim($languageDescription); $languageCurrencyFormat = strip_tags($languageCurrencyFormat); $languageCurrencyFormat = trim($languageCurrencyFormat); $languageDateFormat = strip_tags($languageDateFormat); $languageDateFormat = trim($languageDateFormat); $languageStopWords = strip_tags($languageStopWords); $languageStopWords = trim($languageStopWords); $msg = ''; if (!osc_validate_text($languageName)) { $msg .= _m("Language name field is required") . "<br/>"; } if (!osc_validate_text($languageShortName)) { $msg .= _m("Language short name field is required") . "<br/>"; } if (!osc_validate_text($languageDescription)) { $msg .= _m("Language description field is required") . "<br/>"; } if (!osc_validate_text($languageCurrencyFormat)) { $msg .= _m("Currency format field is required") . "<br/>"; } if (!osc_validate_int($languageNumDec)) { $msg .= _m("Number of decimals must only contain numeric characters") . "<br/>"; } if ($msg != '') { osc_add_flash_error_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=languages&action=edit&id=' . $languageCode); } $array = array('b_enabled' => $enabledWebstie, 'b_enabled_bo' => $enabledBackoffice, 's_name' => $languageName, 's_short_name' => $languageShortName, 's_description' => $languageDescription, 's_currency_format' => $languageCurrencyFormat, 's_dec_point' => $languageDecPoint, 'i_num_dec' => $languageNumDec, 's_thousands_sep' => $languageThousandsSep, 's_date_format' => $languageDateFormat, 's_stop_words' => $languageStopWords); $iUpdated = $this->localeManager->update($array, array('pk_c_code' => $languageCode)); if ($iUpdated > 0) { osc_add_flash_ok_message(sprintf(_m('%s has been updated'), $languageShortName), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); break; case 'enable_selected': osc_csrf_check(); $msg = _m('Selected languages have been enabled for the website'); $iUpdated = 0; $aValues = array('b_enabled' => 1); $id = Params::getParam('id'); if (!is_array($id)) { osc_add_flash_warning_message(_m("The language ids aren't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); } foreach ($id as $i) { osc_translate_categories($i); $iUpdated += $this->localeManager->update($aValues, array('pk_c_code' => $i)); } if ($iUpdated > 0) { osc_add_flash_ok_message($msg, 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); break; case 'disable_selected': osc_csrf_check(); $msg = _m('Selected languages have been disabled for the website'); $msg_warning = ''; $iUpdated = 0; $aValues = array('b_enabled' => 0); $id = Params::getParam('id'); if (!is_array($id)) { osc_add_flash_warning_message(_m("The language ids aren't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); } foreach ($id as $i) { if (osc_language() == $i) { $msg_warning = sprintf(_m("%s can't be disabled because it's the default language"), osc_language()); continue; } $iUpdated += $this->localeManager->update($aValues, array('pk_c_code' => $i)); } if ($msg_warning != '') { if ($iUpdated > 0) { osc_add_flash_warning_message($msg . '</p><p>' . $msg_warning, 'admin'); } else { osc_add_flash_warning_message($msg_warning, 'admin'); } } else { osc_add_flash_ok_message($msg, 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); break; case 'enable_bo_selected': osc_csrf_check(); $msg = _m('Selected languages have been enabled for the backoffice (oc-admin)'); $iUpdated = 0; $aValues = array('b_enabled_bo' => 1); $id = Params::getParam('id'); if (!is_array($id)) { osc_add_flash_warning_message(_m("The language ids aren't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); } foreach ($id as $i) { osc_translate_categories($i); $iUpdated += $this->localeManager->update($aValues, array('pk_c_code' => $i)); } if ($iUpdated > 0) { osc_add_flash_ok_message($msg, 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); break; case 'disable_bo_selected': osc_csrf_check(); $msg = _m('Selected languages have been disabled for the backoffice (oc-admin)'); $msg_warning = ''; $iUpdated = 0; $aValues = array('b_enabled_bo' => 0); $id = Params::getParam('id'); if (!is_array($id)) { osc_add_flash_warning_message(_m("The language ids aren't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); } foreach ($id as $i) { if (osc_language() == $i) { $msg_warning = sprintf(_m("%s can't be disabled because it's the default language"), osc_language()); continue; } $iUpdated += $this->localeManager->update($aValues, array('pk_c_code' => $i)); } if ($msg_warning != '') { if ($iUpdated > 0) { osc_add_flash_warning_message($msg . '</p><p>' . $msg_warning, 'admin'); } else { osc_add_flash_warning_message($msg_warning, 'admin'); } } else { osc_add_flash_ok_message($msg, 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); break; case 'delete': osc_csrf_check(); if (is_array(Params::getParam('id'))) { $default_lang = osc_language(); foreach (Params::getParam('id') as $code) { if ($default_lang != $code) { if ($this->localeManager->deleteLocale($code)) { if (!osc_deleteDir(osc_translations_path() . $code)) { osc_add_flash_error_message(sprintf(_m("Directory '%s' couldn't be removed"), $code), 'admin'); } else { osc_add_flash_ok_message(sprintf(_m('Directory "%s" has been successfully removed'), $code), 'admin'); } } else { osc_add_flash_error_message(sprintf(_m("Directory '%s' couldn't be removed;)"), $code), 'admin'); } } else { osc_add_flash_error_message(sprintf(_m("Directory '%s' couldn't be removed because it's the default language. Set another language as default first and try again"), $code), 'admin'); } } } $this->redirectTo(osc_admin_base_url(true) . '?page=languages'); break; default: if (Params::getParam('checkUpdated') != '') { osc_admin_toolbar_update_languages(true); } if (Params::getParam("action") != "") { osc_run_hook("language_bulk_" . Params::getParam("action"), Params::getParam('id')); } // ----- if (Params::getParam('iDisplayLength') == '') { Params::setParam('iDisplayLength', 10); } // ? $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); $p_iPage = 1; if (is_numeric(Params::getParam('iPage')) && Params::getParam('iPage') >= 1) { $p_iPage = Params::getParam('iPage'); } Params::setParam('iPage', $p_iPage); $aLanguages = OSCLocale::newInstance()->listAll(); // pagination $start = ($p_iPage - 1) * Params::getParam('iDisplayLength'); $limit = Params::getParam('iDisplayLength'); $count = count($aLanguages); $displayRecords = $limit; if ($start + $limit > $count) { $displayRecords = $start + $limit - $count; } // ---- $aLanguagesToUpdate = json_decode(osc_get_preference('languages_to_update')); $bLanguagesToUpdate = is_array($aLanguagesToUpdate) ? true : false; // ---- $aData = array(); $max = $start + $limit; if ($max > $count) { $max = $count; } for ($i = $start; $i < $max; $i++) { $l = $aLanguages[$i]; $row = array(); $row[] = '<input type="checkbox" name="id[]" value="' . $l['pk_c_code'] . '" />'; $options = array(); $options[] = '<a href="' . osc_admin_base_url(true) . '?page=languages&action=edit&id=' . $l['pk_c_code'] . '">' . __('Edit') . '</a>'; $options[] = '<a href="' . osc_admin_base_url(true) . '?page=languages&action=' . ($l['b_enabled'] == 1 ? 'disable_selected' : 'enable_selected') . '&id[]=' . $l['pk_c_code'] . '&' . osc_csrf_token_url() . '">' . ($l['b_enabled'] == 1 ? __('Disable (website)') : __('Enable (website)')) . '</a> '; $options[] = '<a href="' . osc_admin_base_url(true) . '?page=languages&action=' . ($l['b_enabled_bo'] == 1 ? 'disable_bo_selected' : 'enable_bo_selected') . '&id[]=' . $l['pk_c_code'] . '&' . osc_csrf_token_url() . '">' . ($l['b_enabled_bo'] == 1 ? __('Disable (oc-admin)') : __('Enable (oc-admin)')) . '</a>'; $options[] = '<a onclick="return delete_dialog(\'' . $l['pk_c_code'] . '\');" href="' . osc_admin_base_url(true) . '?page=languages&action=delete&id[]=' . $l['pk_c_code'] . '&' . osc_csrf_token_url() . '">' . __('Delete') . '</a>'; $auxOptions = '<ul>' . PHP_EOL; foreach ($options as $actual) { $auxOptions .= '<li>' . $actual . '</li>' . PHP_EOL; } $actions = '<div class="actions">' . $auxOptions . '</div>' . PHP_EOL; $sUpdate = ''; // get languages to update from t_preference if ($bLanguagesToUpdate) { if (in_array($l['pk_c_code'], $aLanguagesToUpdate)) { $sUpdate = '<a class="btn-market-update btn-market-popup" href="#' . htmlentities($l['pk_c_code']) . '">' . __("Update here") . '</a>'; } } $row[] = $l['s_name'] . $sUpdate . $actions; $row[] = $l['s_short_name']; $row[] = $l['s_description']; $row[] = $l['b_enabled'] ? __('Yes') : __('No'); $row[] = $l['b_enabled_bo'] ? __('Yes') : __('No'); $aData[] = $row; } // ---- $array['iTotalRecords'] = $displayRecords; $array['iTotalDisplayRecords'] = count($aLanguages); $array['iDisplayLength'] = $limit; $array['aaData'] = $aData; $page = (int) Params::getParam('iPage'); if (count($array['aaData']) == 0 && $page != 1) { $total = (int) $array['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $array['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . Params::getServerParam('QUERY_STRING', false, false); if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aLanguages', $array); $bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'enable_selected', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected languages?'), strtolower(__('Enable (Website)'))), 'label' => __('Enable (Website)')), array('value' => 'disable_selected', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected languages?'), strtolower(__('Disable (Website)'))), 'label' => __('Disable (Website)')), array('value' => 'enable_bo_selected', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected languages?'), strtolower(__('Enable (oc-admin)'))), 'label' => __('Enable (oc-admin)')), array('value' => 'disable_bo_selected', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected languages?'), strtolower(__('Disable (oc-admin)'))), 'label' => __('Disable (oc-admin)')), array('value' => 'delete', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected languages?'), strtolower(__('Delete'))), 'label' => __('Delete'))); $bulk_options = osc_apply_filter("language_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); $this->doView('languages/index.php'); break; } }
/** * Check is an email and IP are banned * * @param string $email * @param string $ip * @since 3.1 * @return int 0: not banned, 1: email is banned, 2: IP is banned */ function osc_is_banned($email = '', $ip = null) { if ($ip == null) { $ip = Params::getServerParam('REMOTE_ADDR'); } $rules = BanRule::newInstance()->listAll(); if (!osc_is_ip_banned($ip, $rules)) { if ($email != '') { return osc_is_email_banned($email, $rules) ? 1 : 0; // 1:Email is banned, 0:not banned } return 0; } return 2; //IP is banned }
function doModel() { parent::doModel(); //specific things for this class switch ($this->action) { case 'create': // calling create view $aRegions = array(); $aCities = array(); $aCountries = Country::newInstance()->listAll(); if (isset($aCountries[0]['pk_c_code'])) { $aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']); } if (isset($aRegions[0]['pk_i_id'])) { $aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']); } $this->_exportVariableToView('user', null); $this->_exportVariableToView('countries', $aCountries); $this->_exportVariableToView('regions', $aRegions); $this->_exportVariableToView('cities', $aCities); $this->_exportVariableToView('locales', OSCLocale::newInstance()->listAllEnabled()); $this->doView("users/frm.php"); break; case 'create_post': // creating the user... osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; $userActions = new UserActions(true); $success = $userActions->add(); switch ($success) { case 1: osc_add_flash_ok_message(_m("The user has been created. We've sent an activation e-mail"), 'admin'); break; case 2: osc_add_flash_ok_message(_m('The user has been created successfully'), 'admin'); break; default: osc_add_flash_error_message($success, 'admin'); break; } $this->redirectTo(osc_admin_base_url(true) . '?page=users'); break; case 'edit': // calling the edit view $aUser = $this->userManager->findByPrimaryKey(Params::getParam("id")); $aCountries = Country::newInstance()->listAll(); $aRegions = array(); if ($aUser['fk_c_country_code'] != '') { $aRegions = Region::newInstance()->findByCountry($aUser['fk_c_country_code']); } else { if (count($aCountries) > 0) { $aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']); } } $aCities = array(); if ($aUser['fk_i_region_id'] != '') { $aCities = City::newInstance()->findByRegion($aUser['fk_i_region_id']); } else { if (count($aRegions) > 0) { $aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']); } } $csrf_token = osc_csrf_token_url(); if ($aUser['b_active']) { $actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=users&action=deactivate&id[]=' . $aUser['pk_i_id'] . '&' . $csrf_token . '&value=INACTIVE">' . __('Deactivate') . '</a>'; } else { $actions[] = '<a class="btn btn-red float-left" href="' . osc_admin_base_url(true) . '?page=users&action=activate&id[]=' . $aUser['pk_i_id'] . '&' . $csrf_token . '&value=ACTIVE">' . __('Activate') . '</a>'; } if ($aUser['b_enabled']) { $actions[] = '<a class="btn float-left" href="' . osc_admin_base_url(true) . '?page=users&action=disable&id[]=' . $aUser['pk_i_id'] . '&' . $csrf_token . '&value=DISABLE">' . __('Block') . '</a>'; } else { $actions[] = '<a class="btn btn-red float-left" href="' . osc_admin_base_url(true) . '?page=users&action=enable&id[]=' . $aUser['pk_i_id'] . '&' . $csrf_token . '&value=ENABLE">' . __('Unblock') . '</a>'; } $this->_exportVariableToView("actions", $actions); $this->_exportVariableToView("user", $aUser); $this->_exportVariableToView("countries", $aCountries); $this->_exportVariableToView("regions", $aRegions); $this->_exportVariableToView("cities", $aCities); $this->_exportVariableToView("locales", OSCLocale::newInstance()->listAllEnabled()); $this->doView("users/frm.php"); break; case 'edit_post': // edit post osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; $userActions = new UserActions(true); $success = $userActions->edit(Params::getParam("id")); if ($success == 1) { osc_add_flash_ok_message(_m('The user has been updated'), 'admin'); } else { if ($success == 2) { osc_add_flash_ok_message(_m('The user has been updated and activated'), 'admin'); } else { osc_add_flash_error_message($success); $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=edit&id=' . Params::getParam('id')); } } $this->redirectTo(osc_admin_base_url(true) . '?page=users'); break; case 'resend_activation': //activate osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; $iUpdated = 0; $userId = Params::getParam('id'); if (!is_array($userId)) { osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users'); } $userActions = new UserActions(true); foreach ($userId as $id) { $iUpdated += $userActions->resend_activation($id); } if ($iUpdated == 0) { osc_add_flash_error_message(_m('No users have been selected'), 'admin'); } else { osc_add_flash_ok_message(sprintf(_mn('Activation email sent to one user', 'Activation email sent to %s users', $iUpdated), $iUpdated), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=users'); break; case 'activate': //activate osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; $iUpdated = 0; $userId = Params::getParam('id'); if (!is_array($userId)) { osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users'); } $userActions = new UserActions(true); foreach ($userId as $id) { $iUpdated += $userActions->activate($id); } if ($iUpdated == 0) { $msg = _m('No users have been activated'); } else { $msg = sprintf(_mn('One user has been activated', '%s users have been activated', $iUpdated), $iUpdated); } osc_add_flash_ok_message($msg, 'admin'); $this->redirectTo(Params::getServerParam('HTTP_REFERER', false, false)); break; case 'deactivate': //deactivate osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; $iUpdated = 0; $userId = Params::getParam('id'); if (!is_array($userId)) { osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users'); } $userActions = new UserActions(true); foreach ($userId as $id) { $iUpdated += $userActions->deactivate($id); } if ($iUpdated == 0) { $msg = _m('No users have been deactivated'); } else { $msg = sprintf(_mn('One user has been deactivated', '%s users have been deactivated', $iUpdated), $iUpdated); } osc_add_flash_ok_message($msg, 'admin'); $this->redirectTo(Params::getServerParam('HTTP_REFERER', false, false)); break; case 'enable': osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; $iUpdated = 0; $userId = Params::getParam('id'); if (!is_array($userId)) { osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users'); } $userActions = new UserActions(true); foreach ($userId as $id) { $iUpdated += $userActions->enable($id); } if ($iUpdated == 0) { $msg = _m('No users have been enabled'); } else { $msg = sprintf(_mn('One user has been unblocked', '%s users have been unblocked', $iUpdated), $iUpdated); } osc_add_flash_ok_message($msg, 'admin'); $this->redirectTo(Params::getServerParam('HTTP_REFERER', false, false)); break; case 'disable': osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; $iUpdated = 0; $userId = Params::getParam('id'); if (!is_array($userId)) { osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users'); } $userActions = new UserActions(true); foreach ($userId as $id) { $iUpdated += $userActions->disable($id); } if ($iUpdated == 0) { $msg = _m('No users have been disabled'); } else { $msg = sprintf(_mn('One user has been blocked', '%s users have been blocked', $iUpdated), $iUpdated); } osc_add_flash_ok_message($msg, 'admin'); $this->redirectTo(Params::getServerParam('HTTP_REFERER', false, false)); break; case 'delete': //delete osc_csrf_check(); $iDeleted = 0; $userId = Params::getParam('id'); if (!is_array($userId)) { osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users'); } foreach ($userId as $id) { $user = $this->userManager->findByPrimaryKey($id); Log::newInstance()->insertLog('user', 'delete', $id, $user['s_email'], 'admin', osc_logged_admin_id()); if ($this->userManager->deleteUser($id)) { $iDeleted++; } } if ($iDeleted == 0) { $msg = _m('No users have been deleted'); } else { $msg = sprintf(_mn('One user has been deleted', '%s users have been deleted', $iDeleted), $iDeleted); } osc_add_flash_ok_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users'); break; case 'delete_alerts': //delete $iDeleted = 0; $alertId = Params::getParam('alert_id'); if (!is_array($alertId)) { osc_add_flash_error_message(_m("Alert id isn't in the correct format"), 'admin'); if (Params::getParam('user_id') == '') { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=alerts'); } else { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=edit&id=' . Params::getParam('user_id')); } } $mAlerts = new Alerts(); foreach ($alertId as $id) { Log::newInstance()->insertLog('user', 'delete_alerts', $id, $id, 'admin', osc_logged_admin_id()); $iDeleted += $mAlerts->delete(array('pk_i_id' => $id)); } if ($iDeleted == 0) { $msg = _m('No alerts have been deleted'); } else { $msg = sprintf(_mn('One alert has been deleted', '%s alerts have been deleted', $iDeleted), $iDeleted); } osc_add_flash_ok_message($msg, 'admin'); if (Params::getParam('user_id') == '') { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=alerts'); } else { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=edit&id=' . Params::getParam('user_id')); } break; case 'status_alerts': //delete $status = Params::getParam("status"); $iUpdated = 0; $alertId = Params::getParam('alert_id'); if (!is_array($alertId)) { osc_add_flash_error_message(_m("Alert id isn't in the correct format"), 'admin'); if (Params::getParam('user_id') == '') { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=alerts'); } else { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=edit&id=' . Params::getParam('user_id')); } } $mAlerts = new Alerts(); foreach ($alertId as $id) { if ($status == 1) { $iUpdated += $mAlerts->activate($id); } else { $iUpdated += $mAlerts->deactivate($id); } } if ($status == 1) { if ($iUpdated == 0) { $msg = _m('No alerts have been activated'); } else { $msg = sprintf(_mn('One alert has been activated', '%s alerts have been activated', $iUpdated), $iUpdated); } } else { if ($iUpdated == 0) { $msg = _m('No alerts have been deactivated'); } else { $msg = sprintf(_mn('One alert has been deactivated', '%s alerts have been deactivated', $iUpdated), $iUpdated); } } osc_add_flash_ok_message($msg, 'admin'); if (Params::getParam('user_id') == '') { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=alerts'); } else { $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=edit&id=' . Params::getParam('user_id')); } break; case 'settings': // calling the users settings view $this->doView('users/settings.php'); break; case 'settings_post': // updating users osc_csrf_check(); $iUpdated = 0; $enabledUserValidation = Params::getParam('enabled_user_validation'); $enabledUserValidation = $enabledUserValidation != '' ? true : false; $enabledUserRegistration = Params::getParam('enabled_user_registration'); $enabledUserRegistration = $enabledUserRegistration != '' ? true : false; $enabledUsers = Params::getParam('enabled_users'); $enabledUsers = $enabledUsers != '' ? true : false; $notifyNewUser = Params::getParam('notify_new_user'); $notifyNewUser = $notifyNewUser != '' ? true : false; $usernameBlacklistTmp = explode(",", Params::getParam('username_blacklist')); foreach ($usernameBlacklistTmp as $k => $v) { $usernameBlacklistTmp[$k] = strtolower(trim($v)); } $usernameBlacklist = implode(",", $usernameBlacklistTmp); $iUpdated += osc_set_preference('enabled_user_validation', $enabledUserValidation); $iUpdated += osc_set_preference('enabled_user_registration', $enabledUserRegistration); $iUpdated += osc_set_preference('enabled_users', $enabledUsers); $iUpdated += osc_set_preference('notify_new_user', $notifyNewUser); $iUpdated += osc_set_preference('username_blacklist', $usernameBlacklist); if ($iUpdated > 0) { osc_add_flash_ok_message(_m("User settings have been updated"), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=settings'); break; case 'alerts': // manage alerts view require_once osc_lib_path() . "osclass/classes/datatables/AlertsDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') { Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength')); } else { Params::setParam('iDisplayLength', 10); } } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray(); $alertsDataTable = new AlertsDataTable(); $alertsDataTable->table($params); $aData = $alertsDataTable->getData(); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . Params::getServerParam('QUERY_STRING', false, false); if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('aRawRows', $alertsDataTable->rawRows()); $this->doView("users/alerts.php"); break; case 'ban': // manage ban rules view if (Params::getParam("action") != "") { osc_run_hook("ban_rules_bulk_" . Params::getParam("action"), Params::getParam('id')); } require_once osc_lib_path() . "osclass/classes/datatables/BanRulesDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') { Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength')); } else { Params::setParam('iDisplayLength', 10); } } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray(); $banRulesDataTable = new BanRulesDataTable(); $banRulesDataTable->table($params); $aData = $banRulesDataTable->getData(); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . Params::getServerParam('QUERY_STRING', false, false); if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('aRawRows', $banRulesDataTable->rawRows()); $bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete_ban_rule', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected ban rules?'), strtolower(__('Delete'))), 'label' => __('Delete'))); $bulk_options = osc_apply_filter("ban_rule_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); //calling the view... $this->doView('users/ban.php'); break; case 'edit_ban_rule': $this->_exportVariableToView('rule', BanRule::newInstance()->findByPrimaryKey(Params::getParam('id'))); $this->doView('users/ban_frm.php'); break; case 'edit_ban_rule_post': osc_csrf_check(); if (Params::getParam('s_ip') == '' && Params::getParam('s_email') == '') { osc_add_flash_warning_message(_m("Both rules can not be empty"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban'); } BanRule::newInstance()->update(array('s_name' => Params::getParam('s_name'), 's_ip' => Params::getParam('s_ip'), 's_email' => strtolower(Params::getParam('s_email'))), array('pk_i_id' => Params::getParam('id'))); osc_add_flash_ok_message(_m('Rule updated correctly'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban'); break; case 'create_ban_rule': $this->_exportVariableToView('rule', null); $this->doView('users/ban_frm.php'); break; case 'create_ban_rule_post': osc_csrf_check(); if (Params::getParam('s_ip') == '' && Params::getParam('s_email') == '') { osc_add_flash_warning_message(_m("Both rules can not be empty"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban'); } BanRule::newInstance()->insert(array('s_name' => Params::getParam('s_name'), 's_ip' => Params::getParam('s_ip'), 's_email' => strtolower(Params::getParam('s_email')))); osc_add_flash_ok_message(_m('Rule saved correctly'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban'); break; case 'delete_ban_rule': //delete ban rules osc_csrf_check(); $iDeleted = 0; $ruleId = Params::getParam('id'); if (!is_array($ruleId)) { osc_add_flash_error_message(_m("User id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban'); } $ruleMgr = BanRule::newInstance(); foreach ($ruleId as $id) { if ($ruleMgr->deleteByPrimaryKey($id)) { $iDeleted++; } } if ($iDeleted == 0) { $msg = _m('No rules have been deleted'); } else { $msg = sprintf(_mn('One ban rule has been deleted', '%s ban rules have been deleted', $iDeleted), $iDeleted); } osc_add_flash_ok_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=users&action=ban'); break; default: // manage users view if (Params::getParam("action") != "") { osc_run_hook("user_bulk_" . Params::getParam("action"), Params::getParam('id')); } require_once osc_lib_path() . "osclass/classes/datatables/UsersDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') { Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength')); } else { Params::setParam('iDisplayLength', 10); } } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray(); $usersDataTable = new UsersDataTable(); $usersDataTable->table($params); $aData = $usersDataTable->getData(); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . Params::getServerParam('QUERY_STRING', false, false); if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('withFilters', $usersDataTable->withFilters()); $this->_exportVariableToView('aRawRows', $usersDataTable->rawRows()); $bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'activate', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Activate'))), 'label' => __('Activate')), array('value' => 'deactivate', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Deactivate'))), 'label' => __('Deactivate')), array('value' => 'enable', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Unblock'))), 'label' => __('Unblock')), array('value' => 'disable', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Block'))), 'label' => __('Block')), array('value' => 'delete', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Delete'))), 'label' => __('Delete'))); if (osc_user_validation_enabled()) { $bulk_options[] = array('value' => 'resend_activation', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected users?'), strtolower(__('Resend the activation to'))), 'label' => __('Resend activation')); } $bulk_options = osc_apply_filter("user_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); //calling the view... $this->doView('users/index.php'); break; } }
function doModel() { parent::doModel(); //specific things for this class switch ($this->action) { case 'edit': if (Params::getParam("id") == '') { $this->redirectTo(osc_admin_base_url(true) . "?page=pages"); } $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } $templates = osc_apply_filter('page_templates', WebThemes::newInstance()->getAvailableTemplates()); $this->_exportVariableToView('templates', $templates); $this->_exportVariableToView("page", $this->pageManager->findByPrimaryKey(Params::getParam("id"))); $this->doView("pages/frm.php"); break; case 'edit_post': osc_csrf_check(); $id = Params::getParam("id"); $b_link = Params::getParam("b_link") != '' ? 1 : 0; $s_internal_name = Params::getParam("s_internal_name"); $s_internal_name = osc_sanitizeString($s_internal_name); $meta = Params::getParam('meta'); $this->pageManager->updateMeta($id, json_encode($meta)); $aFieldsDescription = array(); $postParams = Params::getParamsAsArray('', false); $not_empty = false; foreach ($postParams as $k => $v) { if (preg_match('|(.+?)#(.+)|', $k, $m)) { if ($m[2] == 's_title' && $v != '') { $not_empty = true; } $aFieldsDescription[$m[1]][$m[2]] = $v; } } Session::newInstance()->_setForm('aFieldsDescription', $aFieldsDescription); if ($s_internal_name == '') { osc_add_flash_error_message(_m('You have to set an internal name'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=pages&action=edit&id=" . $id); } if (!WebThemes::newInstance()->isValidPage($s_internal_name)) { osc_add_flash_error_message(_m('You have to set a different internal name'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=pages&action=edit&id=" . $id); } Session::newInstance()->_setForm('s_internal_name', $s_internal_name); if ($not_empty) { foreach ($aFieldsDescription as $k => $_data) { $this->pageManager->updateDescription($id, $k, $_data['s_title'], $_data['s_text']); } if (!$this->pageManager->internalNameExists($id, $s_internal_name)) { if (!$this->pageManager->isIndelible($id)) { $this->pageManager->updateInternalName($id, $s_internal_name); $this->pageManager->updateLink($id, $b_link); } osc_run_hook('edit_page', $id); Session::newInstance()->_clearVariables(); osc_add_flash_ok_message(_m('The page has been updated'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=pages"); } osc_add_flash_error_message(_m("You can't repeat internal name"), 'admin'); } else { osc_add_flash_error_message(_m("The page couldn't be updated, at least one title should not be empty"), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . "?page=pages&action=edit&id=" . $id); break; case 'add': $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } $templates = osc_apply_filter('page_templates', WebThemes::newInstance()->getAvailableTemplates()); $this->_exportVariableToView('templates', $templates); $this->_exportVariableToView("page", array()); $this->doView("pages/frm.php"); break; case 'add_post': osc_csrf_check(); $s_internal_name = Params::getParam("s_internal_name"); $b_link = Params::getParam("b_link") != '' ? 1 : 0; $s_internal_name = osc_sanitizeString($s_internal_name); $meta = Params::getParam('meta'); $aFieldsDescription = array(); $postParams = Params::getParamsAsArray('', false); $not_empty = false; foreach ($postParams as $k => $v) { if (preg_match('|(.+?)#(.+)|', $k, $m)) { if ($m[2] == 's_title' && $v != '') { $not_empty = true; } $aFieldsDescription[$m[1]][$m[2]] = $v; } } Session::newInstance()->_setForm('aFieldsDescription', $aFieldsDescription); if ($s_internal_name == '') { osc_add_flash_error_message(_m('You have to set an internal name'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=pages&action=add"); } if (!WebThemes::newInstance()->isValidPage($s_internal_name)) { osc_add_flash_error_message(_m('You have to set a different internal name'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=pages&action=add"); } $aFields = array('s_internal_name' => $s_internal_name, 'b_indelible' => '0', 's_meta' => json_encode($meta), 'b_link' => $b_link); Session::newInstance()->_setForm('s_internal_name', $s_internal_name); $page = $this->pageManager->findByInternalName($s_internal_name); if (!isset($page['pk_i_id'])) { if ($not_empty) { $result = $this->pageManager->insert($aFields, $aFieldsDescription); Session::newInstance()->_clearVariables(); osc_add_flash_ok_message(_m('The page has been added'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=pages"); } else { osc_add_flash_error_message(_m("The page couldn't be added, at least one title should not be empty"), 'admin'); } } else { osc_add_flash_error_message(_m("Oops! That internal name is already in use. We can't make the changes"), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . "?page=pages&action=add"); break; case 'delete': osc_csrf_check(); $id = Params::getParam("id"); $page_deleted_correcty = 0; $page_deleted_error = 0; $page_indelible = 0; if (!is_array($id)) { $id = array($id); } foreach ($id as $_id) { $result = (int) $this->pageManager->deleteByPrimaryKey($_id); switch ($result) { case -1: $page_indelible++; break; case 0: $page_deleted_error++; break; case 1: $page_deleted_correcty++; } } if ($page_indelible > 0) { if ($page_indelible == 1) { osc_add_flash_error_message(_m("One page can't be deleted because it is indelible"), 'admin'); } else { osc_add_flash_error_message(sprintf(_m("%s pages couldn't be deleted because they are indelible"), $page_indelible), 'admin'); } } if ($page_deleted_error > 0) { if ($page_deleted_error == 1) { osc_add_flash_error_message(_m("One page couldn't be deleted"), 'admin'); } else { osc_add_flash_error_message(sprintf(_m("%s pages couldn't be deleted"), $page_deleted_error), 'admin'); } } if ($page_deleted_correcty > 0) { if ($page_deleted_correcty == 1) { osc_add_flash_ok_message(_m('One page has been deleted correctly'), 'admin'); } else { osc_add_flash_ok_message(sprintf(_m('%s pages have been deleted correctly'), $page_deleted_correcty), 'admin'); } } $this->redirectTo(osc_admin_base_url(true) . "?page=pages"); break; default: if (Params::getParam("action") != "") { osc_run_hook("page_bulk_" . Params::getParam("action"), Params::getParam('id')); } require_once osc_lib_path() . "osclass/classes/datatables/PagesDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie $listing_iDisplayLength = (int) Cookie::newInstance()->get_value('listing_iDisplayLength'); if ($listing_iDisplayLength == 0) { $listing_iDisplayLength = 10; } Params::setParam('iDisplayLength', $listing_iDisplayLength); } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray(); $pagesDataTable = new PagesDataTable(); $pagesDataTable->table($params); $aData = $pagesDataTable->getData(); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . Params::getServerParam('QUERY_STRING', false, false); if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('aRawRows', $pagesDataTable->rawRows()); $bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected pages?'), strtolower(__('Delete'))), 'label' => __('Delete'))); $bulk_options = osc_apply_filter("page_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); $this->doView("pages/index.php"); break; } }
public function getSize() { if (Params::existServerParam("CONTENT_LENGTH")) { return (int) Params::getServerParam("CONTENT_LENGTH"); } else { throw new Exception(__('Getting content length is not supported.')); } }
* * This program is free software: you can redistribute it and/or * modify it under the terms of the GNU Affero General Public License * as published by the Free Software Foundation, either version 3 of * the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public * License along with this program. If not, see <http://www.gnu.org/licenses/>. */ // meta tag robots if (osc_count_items() == 0 || stripos(Params::getServerParam('REQUEST_URI', false, false), 'search')) { osc_add_hook('header', 'bender_nofollow_construct'); } else { osc_add_hook('header', 'bender_follow_construct'); } bender_add_body_class('search'); $listClass = ''; $buttonClass = ''; if (osc_search_show_as() == 'gallery') { $listClass = 'listing-grid'; $buttonClass = 'active'; } osc_add_hook('before-main', 'sidebar'); function sidebar() { osc_current_web_theme_path('search-sidebar.php');
/** * */ function osc_get_http_referer() { $ref = Rewrite::newInstance()->get_http_referer(); if ($ref != '') { return $ref; } else { if (Session::newInstance()->_getReferer() != '') { return Session::newInstance()->_getReferer(); } else { if (Params::existServerParam('HTTP_REFERER')) { if (filter_var(Params::getServerParam('HTTP_REFERER', false, false), FILTER_VALIDATE_URL)) { return Params::getServerParam('HTTP_REFERER', false, false); } } } } return ''; }
function display_target() { $country_list = osc_file_get_contents('http://geo.osclass.org/newgeo.services.php?action=countries'); $country_list = json_decode(substr($country_list, 1, strlen($country_list) - 2), true); $region_list = array(); $country_ip = ''; if (preg_match('|([a-z]{2})-([A-Z]{2})|', Params::getServerParam('HTTP_ACCEPT_LANGUAGE'), $match)) { $country_ip = $match[2]; $region_list = osc_file_get_contents('http://geo.osclass.org/newgeo.services.php?action=regions&country=' . $match[2]); $region_list = json_decode(substr($region_list, 1, strlen($region_list) - 2), true); } if (!isset($country_list[0]) || !isset($country_list[0]['s_name'])) { $internet_error = true; } ?> <form id="target_form" name="target_form" action="#" method="post" onsubmit="return false;"> <h2 class="target"><?php _e('Information needed'); ?> </h2> <div class="form-table"> <h2 class="title"><?php _e('Admin user'); ?> </h2> <table class="admin-user"> <tbody> <tr> <th><label for="admin_user"><?php _e('Username'); ?> </label></th> <td> <input size="25" id="admin_user" name="s_name" type="text" value="admin" /> </td> <td> <span id="admin-user-error" class="error" aria-hidden="true" style="display:none;"><?php _e('Admin user is required'); ?> </span> </td> </tr> <tr> <th><label for="s_passwd"><?php _e('Password'); ?> </label></th> <td> <input size="25" class="password_test" name="s_passwd" id="s_passwd" type="password" value="" autocomplete="off" /> </td> <td></td> </tr> </tbody> </table> <div class="admin-user"> <?php _e('A password will be automatically generated for you if you leave this blank.'); ?> <img src="<?php echo get_absolute_url(); ?> oc-includes/images/question.png" class="question-skip vtip" title="<?php echo osc_esc_html(__('You can modify username and password if you like, just change the input value.')); ?> " alt="" /> </div> <h2 class="title"><?php _e('Contact information'); ?> </h2> <table class="contact-info"> <tbody> <tr> <th><label for="webtitle"><?php _e('Web title'); ?> </label></th> <td><input type="text" id="webtitle" name="webtitle" size="25" /></td> <td></td> </tr> <tr> <th><label for="email"><?php _e('Contact e-mail'); ?> </label></th> <td><input type="text" id="email" name="email" size="25" /></td> <td><span id="email-error" class="error" style="display:none;"><?php _e('Put your e-mail here'); ?> </span></td> </tr> </tbody> </table> <h2 class="title"><?php _e('Location'); ?> </h2> <p class="space-left-25 left no-bottom"><?php _e('Choose countries/cities where your target users are located'); ?> </p> <div id="location-question" class="left question"> <img class="vtip" src="<?php echo get_absolute_url(); ?> oc-includes/images/question.png" title="<?php echo osc_esc_html(__("Once you type a country, you'll be able to choose region and city as well. Therefore, the installation will be more specific.")); ?> " alt="" /> </div> <div class="clear"></div> <div id="location"> <?php if (!$internet_error) { ?> <input type="hidden" id="skip-location-input" name="skip-location-input" value="0" /> <input type="hidden" id="country-input" name="country-input" value="" /> <input type="hidden" id="region-input" name="region-input" value="" /> <input type="hidden" id="city-input" name="city-input" value="" /> <div id="country-box"> <select name="country_select" id="country_select" > <option value="skip"><?php _e("Skip location"); ?> </option> <!-- <option value="all"><?php _e("International"); ?> </option> --> <?php foreach ($country_list as $c) { ?> <option value="<?php echo $c['code']; ?> " <?php if ($c['code'] == $country_ip) { echo 'selected="selected"'; } ?> ><?php echo $c['s_name']; ?> </option> <?php } ?> </select> <select name="region_select" id="region_select" style="display: none;"> <option value="all"><?php _e("All regions"); ?> </option> </select> <select name="city_select" id="city_select" style="display: none;"> <option value="all"><?php _e("All cities"); ?> </option> </select> <div id="no_region_text" aria-hidden="true" style="display: none;"><?php _e("There are no regions available for this country"); ?> </div> <div id="no_city_text" aria-hidden="true" style="display: none;"><?php _e("There are no cities available for this region"); ?> </div> </div> <?php } else { ?> <div id="location-error"> <?php _e('No internet connection. You can continue the installation and insert countries later.'); ?> <input type="hidden" id="skip-location-input" name="skip-location-input" value="1" /> </div> <?php } ?> </div> </div> <div class="clear"></div> <p class="margin20"> <a href="#" class="button" onclick="validate_form();">Next</a> </p> <div class="clear"></div> </form> <div id="lightbox" style="display:none;"> <div class="center"> <img src="<?php echo get_absolute_url(); ?> oc-includes/images/loading.gif" alt="<?php echo osc_esc_html(__("Loading...")); ?> " title="" /> </div> </div> <?php }
function doModel() { //calling the view... $locales = OSCLocale::newInstance()->listAllEnabled(); $this->_exportVariableToView('locales', $locales); switch ($this->action) { case 'item_add': // post if (osc_reg_user_post() && $this->user == null) { osc_add_flash_warning_message(_m('Only registered users are allowed to post listings')); Session::newInstance()->_setReferer(osc_item_post_url()); $this->redirectTo(osc_user_login_url()); } $countries = Country::newInstance()->listAll(); $regions = array(); if (isset($this->user['fk_c_country_code']) && $this->user['fk_c_country_code'] != '') { $regions = Region::newInstance()->findByCountry($this->user['fk_c_country_code']); } else { if (count($countries) > 0) { $regions = Region::newInstance()->findByCountry($countries[0]['pk_c_code']); } } $cities = array(); if (isset($this->user['fk_i_region_id']) && $this->user['fk_i_region_id'] != '') { $cities = City::newInstance()->findByRegion($this->user['fk_i_region_id']); } else { if (count($regions) > 0) { $cities = City::newInstance()->findByRegion($regions[0]['pk_i_id']); } } $this->_exportVariableToView('countries', $countries); $this->_exportVariableToView('regions', $regions); $this->_exportVariableToView('cities', $cities); $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } if (Session::newInstance()->_getForm('countryId') != "") { $countryId = Session::newInstance()->_getForm('countryId'); $regions = Region::newInstance()->findByCountry($countryId); $this->_exportVariableToView('regions', $regions); if (Session::newInstance()->_getForm('regionId') != "") { $regionId = Session::newInstance()->_getForm('regionId'); $cities = City::newInstance()->findByRegion($regionId); $this->_exportVariableToView('cities', $cities); } } $this->_exportVariableToView('user', $this->user); osc_run_hook('post_item'); $this->doView('item-post.php'); break; case 'item_add_post': //post_item osc_csrf_check(); if (osc_reg_user_post() && $this->user == null) { osc_add_flash_warning_message(_m('Only registered users are allowed to post listings')); $this->redirectTo(osc_base_url(true)); } $mItems = new ItemActions(false); // prepare data for ADD ITEM $mItems->prepareData(true); // set all parameters into session foreach ($mItems->data as $key => $value) { Session::newInstance()->_setForm($key, $value); } $meta = Params::getParam('meta'); if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_setForm('meta_' . $key, $value); Session::newInstance()->_keepForm('meta_' . $key); } } if (osc_recaptcha_items_enabled() && osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); $this->redirectTo(osc_item_post_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } if (!osc_is_web_user_logged_in()) { $user = User::newInstance()->findByEmail($mItems->data['contactEmail']); // The user exists but it's not logged if (isset($user['pk_i_id'])) { foreach ($mItems->data as $key => $value) { Session::newInstance()->_keepForm($key); } osc_add_flash_error_message(_m('A user with that email address already exists, if it is you, please log in')); $this->redirectTo(osc_user_login_url()); } } $banned = osc_is_banned($mItems->data['contactEmail']); if ($banned == 1) { osc_add_flash_error_message(_m('Your current email is not allowed')); $this->redirectTo(osc_item_post_url()); } else { if ($banned == 2) { osc_add_flash_error_message(_m('Your current IP is not allowed')); $this->redirectTo(osc_item_post_url()); } } // POST ITEM ( ADD ITEM ) $success = $mItems->add(); if ($success != 1 && $success != 2) { osc_add_flash_error_message($success); $this->redirectTo(osc_item_post_url()); } else { if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_dropKeepForm('meta_' . $key); } } Session::newInstance()->_clearVariables(); if ($success == 1) { osc_add_flash_ok_message(_m('Check your inbox to validate your listing')); } else { osc_add_flash_ok_message(_m('Your listing has been published')); } $itemId = Params::getParam('itemId'); $category = Category::newInstance()->findByPrimaryKey(Params::getParam('catId')); View::newInstance()->_exportVariableToView('category', $category); $this->redirectTo(osc_search_category_url()); } break; case 'item_edit': // edit item $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = %d AND ((i.s_secret = %s AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = %d))", (int) $id, $secret, (int) $this->userId); if (count($item) == 1) { $item = Item::newInstance()->findByPrimaryKey($id); $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } $this->_exportVariableToView('item', $item); osc_run_hook("before_item_edit", $item); $this->doView('item-edit.php'); } else { // add a flash message [ITEM NO EXISTE] osc_add_flash_error_message(_m("Sorry, we don't have any listings with that ID")); if ($this->user != null) { $this->redirectTo(osc_user_list_items_url()); } else { $this->redirectTo(osc_base_url()); } } break; case 'item_edit_post': osc_csrf_check(); $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = %d AND ((i.s_secret = %s AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = %d))", (int) $id, $secret, (int) $this->userId); if (count($item) == 1) { $this->_exportVariableToView('item', $item[0]); $mItems = new ItemActions(false); // prepare data for ADD ITEM $mItems->prepareData(false); // set all parameters into session foreach ($mItems->data as $key => $value) { Session::newInstance()->_setForm($key, $value); } $meta = Params::getParam('meta'); if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_setForm('meta_' . $key, $value); Session::newInstance()->_keepForm('meta_' . $key); } } if (osc_recaptcha_items_enabled() && osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); $this->redirectTo(osc_item_edit_url($secret, $id)); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } $success = $mItems->edit(); if ($success == 1) { osc_add_flash_ok_message(_m("Great! We've just updated your listing")); View::newInstance()->_exportVariableToView("item", Item::newInstance()->findByPrimaryKey($id)); $this->redirectTo(osc_item_url()); } else { osc_add_flash_error_message($success); $this->redirectTo(osc_item_edit_url($secret, $id)); } } break; case 'activate': $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = %d AND ((i.s_secret = %s) OR (i.fk_i_user_id = %d))", (int) $id, $secret, (int) $this->userId); // item doesn't exist if (count($item) == 0) { $this->do404(); return; } View::newInstance()->_exportVariableToView('item', $item[0]); if ($item[0]['b_active'] == 0) { // ACTIVETE ITEM $mItems = new ItemActions(false); $success = $mItems->activate($item[0]['pk_i_id'], $item[0]['s_secret']); if ($success) { osc_add_flash_ok_message(_m('The listing has been validated')); } else { osc_add_flash_error_message(_m("The listing can't be validated")); } } else { osc_add_flash_warning_message(_m('The listing has already been validated')); } $this->redirectTo(osc_item_url()); break; case 'item_delete': $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = %d AND ((i.s_secret = %s) OR (i.fk_i_user_id = %d))", (int) $id, $secret, (int) $this->userId); if (count($item) == 1) { $mItems = new ItemActions(false); $success = $mItems->delete($item[0]['s_secret'], $item[0]['pk_i_id']); if ($success) { osc_add_flash_ok_message(_m('Your listing has been deleted')); } else { osc_add_flash_error_message(_m("The listing you are trying to delete couldn't be deleted")); } if ($this->user != null) { $this->redirectTo(osc_user_list_items_url()); } else { $this->redirectTo(osc_base_url()); } } else { osc_add_flash_error_message(_m("The listing you are trying to delete couldn't be deleted")); $this->redirectTo(osc_base_url()); } break; case 'deleteResources': // Delete images via AJAX $id = Params::getParam('id'); $item = Params::getParam('item'); $code = Params::getParam('code'); $secret = Params::getParam('secret'); if (Session::newInstance()->_get('userId') != '') { $userId = Session::newInstance()->_get('userId'); $user = User::newInstance()->findByPrimaryKey($userId); } else { $userId = null; $user = null; } if (!(is_numeric($id) && is_numeric($item) && preg_match('/^([a-z0-9]+)$/i', $code))) { osc_add_flash_error_message(_m("The selected photo couldn't be deleted, the url doesn't exist")); $this->redirectTo(osc_item_edit_url($secret, $item)); } $aItem = Item::newInstance()->findByPrimaryKey($item); if (count($aItem) == 0) { osc_add_flash_error_message(_m("The listing doesn't exist")); $this->redirectTo(osc_item_edit_url($secret, $item)); } if (!osc_is_admin_user_logged_in()) { if ($userId != null && $userId != $aItem['fk_i_user_id']) { osc_add_flash_error_message(_m("The listing doesn't belong to you")); $this->redirectTo(osc_item_edit_url($secret, $item)); } if ($userId == null && $aItem['fk_i_user_id'] == null && $secret != $aItem['s_secret']) { osc_add_flash_error_message(_m("The listing doesn't belong to you")); $this->redirectTo(osc_item_edit_url($secret, $item)); } } $result = ItemResource::newInstance()->existResource($id, $code); if ($result > 0) { $resource = ItemResource::newInstance()->findByPrimaryKey($id); if ($resource['fk_i_item_id'] == $item) { osc_deleteResource($id, false); Log::newInstance()->insertLog('item', 'deleteResource', $id, $id, 'user', osc_logged_user_id()); ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $item, 's_name' => $code)); osc_add_flash_ok_message(_m('The selected photo has been successfully deleted')); } else { osc_add_flash_error_message(_m("The selected photo does not belong to you")); } } else { osc_add_flash_error_message(_m("The selected photo couldn't be deleted")); } $this->redirectTo(osc_item_edit_url($secret, $item)); break; case 'mark': $id = Params::getParam('id'); $as = Params::getParam('as'); $item = Item::newInstance()->findByPrimaryKey($id); View::newInstance()->_exportVariableToView('item', $item); require_once osc_lib_path() . 'osclass/user-agents.php'; foreach ($user_agents as $ua) { if (preg_match('|' . $ua . '|', Params::getServerParam('HTTP_USER_AGENT'))) { // mark item if it's not a bot $mItem = new ItemActions(false); $mItem->mark($id, $as); break; } } osc_add_flash_ok_message(_m("Thanks! That's very helpful")); $this->redirectTo(osc_item_url()); break; case 'send_friend': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); $this->doView('item-send-friend.php'); break; case 'send_friend_post': osc_csrf_check(); $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail')); Session::newInstance()->_setForm("yourName", Params::getParam('yourName')); Session::newInstance()->_setForm("friendName", Params::getParam('friendName')); Session::newInstance()->_setForm("friendEmail", Params::getParam('friendEmail')); Session::newInstance()->_setForm("message_body", Params::getParam('message')); if (osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); $this->redirectTo(osc_item_send_friend_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } osc_run_hook('pre_item_send_friend_post', $item); $mItem = new ItemActions(false); $success = $mItem->send_friend(); osc_run_hook('post_item_send_friend_post', $item); if ($success) { Session::newInstance()->_clearVariables(); $this->redirectTo(osc_item_url()); } else { $this->redirectTo(osc_item_send_friend_url()); } break; case 'contact': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); if (empty($item)) { osc_add_flash_error_message(_m("This listing doesn't exist")); $this->redirectTo(osc_base_url(true)); } else { $this->_exportVariableToView('item', $item); if (osc_item_is_expired()) { osc_add_flash_error_message(_m("We're sorry, but the listing has expired. You can't contact the seller")); $this->redirectTo(osc_item_url()); } if (osc_reg_user_can_contact() && osc_is_web_user_logged_in() || !osc_reg_user_can_contact()) { $this->doView('item-contact.php'); } else { osc_add_flash_error_message(_m("You can't contact the seller, only registered users can")); $this->redirectTo(osc_item_url()); } } break; case 'contact_post': osc_csrf_check(); if (osc_reg_user_can_contact() && !osc_is_web_user_logged_in()) { osc_add_flash_warning_message(_m("You can't contact the seller, only registered users can")); $this->redirectTo(osc_base_url(true)); } $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); if (osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail')); Session::newInstance()->_setForm("yourName", Params::getParam('yourName')); Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber')); Session::newInstance()->_setForm("message_body", Params::getParam('message')); $this->redirectTo(osc_item_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } $banned = osc_is_banned(Params::getParam('yourEmail')); if ($banned == 1) { osc_add_flash_error_message(_m('Your current email is not allowed')); $this->redirectTo(osc_item_url()); } else { if ($banned == 2) { osc_add_flash_error_message(_m('Your current IP is not allowed')); $this->redirectTo(osc_item_url()); } } if (osc_isExpired($item['dt_expiration'])) { osc_add_flash_error_message(_m("We're sorry, but the listing has expired. You can't contact the seller")); $this->redirectTo(osc_item_url()); } osc_run_hook('pre_item_contact_post', $item); $mItem = new ItemActions(false); $result = $mItem->contact(); osc_run_hook('post_item_contact_post', $item); if (is_string($result)) { osc_add_flash_error_message($result); } else { osc_add_flash_ok_message(_m("We've just sent an e-mail to the seller")); } $this->redirectTo(osc_item_url()); break; case 'add_comment': osc_csrf_check(); $mItem = new ItemActions(false); $status = $mItem->add_comment(); switch ($status) { case -1: $msg = _m('Sorry, we could not save your comment. Try again later'); osc_add_flash_error_message($msg); break; case 1: $msg = _m('Your comment is awaiting moderation'); osc_add_flash_info_message($msg); break; case 2: $msg = _m('Your comment has been approved'); osc_add_flash_ok_message($msg); break; case 3: $msg = _m('Please fill the required field (email)'); osc_add_flash_warning_message($msg); break; case 4: $msg = _m('Please type a comment'); osc_add_flash_warning_message($msg); break; case 5: $msg = _m('Your comment has been marked as spam'); osc_add_flash_error_message($msg); break; case 6: $msg = _m('You need to be logged to comment'); osc_add_flash_error_message($msg); break; case 7: $msg = _m('Sorry, comments are disabled'); osc_add_flash_error_message($msg); break; } //View::newInstance()->_exportVariableToView('item', Item::newInstance()->findByPrimaryKey(Params::getParam('id'))); $this->redirectTo(osc_item_url()); break; case 'delete_comment': osc_csrf_check(); $mItem = new ItemActions(false); $status = $mItem->add_comment(); // @TOFIX @FIXME $status never used + ?? need to add_comment() before deleting it?? $itemId = Params::getParam('id'); $commentId = Params::getParam('comment'); $item = Item::newInstance()->findByPrimaryKey($itemId); if (count($item) == 0) { osc_add_flash_error_message(_m("This listing doesn't exist")); $this->redirectTo(osc_base_url(true)); } View::newInstance()->_exportVariableToView('item', $item); if ($this->userId == null) { osc_add_flash_error_message(_m('You must be logged in to delete a comment')); $this->redirectTo(osc_item_url()); } $commentManager = ItemComment::newInstance(); $aComment = $commentManager->findByPrimaryKey($commentId); if (count($aComment) == 0) { osc_add_flash_error_message(_m("The comment doesn't exist")); $this->redirectTo(osc_item_url()); } if ($aComment['b_active'] != 1) { osc_add_flash_error_message(_m('The comment is not active, you cannot delete it')); $this->redirectTo(osc_item_url()); } if ($aComment['fk_i_user_id'] != $this->userId) { osc_add_flash_error_message(_m('The comment was not added by you, you cannot delete it')); $this->redirectTo(osc_item_url()); } $commentManager->deleteByPrimaryKey($commentId); osc_add_flash_ok_message(_m('The comment has been deleted')); $this->redirectTo(osc_item_url()); break; default: // if there isn't ID, show an error 404 if (Params::getParam('id') == '') { $this->do404(); return; } if (Params::getParam('lang') != '') { Session::newInstance()->_set('userLocale', Params::getParam('lang')); } $item = osc_apply_filter('pre_show_item', $this->itemManager->findByPrimaryKey(Params::getParam('id'))); // if item doesn't exist show an error 410 if (count($item) == 0) { $this->do410(); return; } if ($item['b_active'] != 1) { if ($this->userId == $item['fk_i_user_id'] && $this->userId != '' || osc_is_admin_user_logged_in()) { osc_add_flash_warning_message(_m("The listing hasn't been validated. Please validate it in order to make it public")); } else { $this->do400(); return; } } else { if ($item['b_enabled'] == 0) { if (osc_is_admin_user_logged_in()) { osc_add_flash_warning_message(_m("The listing hasn't been enabled. Please enable it in order to make it public")); } else { if (osc_is_web_user_logged_in() && osc_logged_user_id() == $item['fk_i_user_id']) { osc_add_flash_warning_message(_m("The listing has been blocked or is awaiting moderation from the admin")); } else { $this->do400(); return; } } } } if (!osc_is_admin_user_logged_in() && !($item['fk_i_user_id'] != '' && $item['fk_i_user_id'] == osc_logged_user_id())) { require_once osc_lib_path() . 'osclass/user-agents.php'; foreach ($user_agents as $ua) { if (preg_match('|' . $ua . '|', Params::getServerParam('HTTP_USER_AGENT'))) { $mStats = new ItemStats(); $mStats->increase('i_num_views', $item['pk_i_id']); break; } } } foreach ($item['locale'] as $k => $v) { $item['locale'][$k]['s_title'] = osc_apply_filter('item_title', $v['s_title']); $item['locale'][$k]['s_description'] = nl2br(osc_apply_filter('item_description', $v['s_description'])); } if ($item['fk_i_user_id'] != '') { $user = User::newInstance()->findByPrimaryKey($item['fk_i_user_id']); $this->_exportVariableToView('user', $user); } $this->_exportVariableToView('item', $item); osc_run_hook('show_item', $item); // redirect to the correct url just in case it has changed $itemURI = str_replace(osc_base_url(), '', osc_item_url()); $URI = preg_replace('|^' . REL_WEB_URL . '|', '', Params::getServerParam('REQUEST_URI', false, false)); // do not clean QUERY_STRING if permalink is not enabled if (osc_rewrite_enabled()) { $URI = str_replace('?' . Params::getServerParam('QUERY_STRING', false, false), '', $URI); } else { $params_keep = array('page', 'id'); $params = array(); foreach (Params::getParamsAsArray('get') as $k => $v) { if (in_array($k, $params_keep)) { $params[] = "{$k}={$v}"; } } $URI = 'index.php?' . implode('&', $params); } // redirect to the correct url if ($itemURI != $URI) { $this->redirectTo(osc_base_url() . $itemURI, 301); } $this->doView('item.php'); break; } }
function doModel() { parent::doModel(); switch ($this->action) { case 'add': // callin add view $this->_exportVariableToView('admin', null); $this->doView('admins/frm.php'); break; case 'add_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } osc_csrf_check(); // adding a new admin $sPassword = Params::getParam('s_password', false, false); $sName = Params::getParam('s_name'); $sEmail = Params::getParam('s_email'); $sUserName = Params::getParam('s_username'); $bModerator = Params::getParam('b_moderator') == 0 ? 0 : 1; // cleaning parameters $sPassword = strip_tags($sPassword); $sPassword = trim($sPassword); $sName = strip_tags($sName); $sName = trim($sName); $sEmail = strip_tags($sEmail); $sEmail = trim($sEmail); $sUserName = strip_tags($sUserName); $sUserName = trim($sUserName); // Checks for legit data if (!osc_validate_email($sEmail, true)) { osc_add_flash_warning_message(_m("Email invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } if (!osc_validate_username($sUserName)) { osc_add_flash_warning_message(_m("Username invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } if ($sName == '') { osc_add_flash_warning_message(_m("Name invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } if ($sPassword == '') { osc_add_flash_warning_message(_m("Password invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } $admin = $this->adminManager->findByEmail($sEmail); if ($admin) { osc_add_flash_warning_message(_m("Email already in use"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } $admin = $this->adminManager->findByUsername($sUserName); if ($admin) { osc_add_flash_warning_message(_m("Username already in use"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add'); } $array = array('s_password' => osc_hash_password($sPassword), 's_name' => $sName, 's_email' => $sEmail, 's_username' => $sUserName, 'b_moderator' => $bModerator); $isInserted = $this->adminManager->insert($array); if ($isInserted) { // send email osc_run_hook('hook_email_new_admin', array('s_name' => $sName, 's_username' => $sUserName, 's_password' => $sPassword, 's_email' => $sEmail)); osc_add_flash_ok_message(_m('The admin has been added'), 'admin'); } else { osc_add_flash_error_message(_m('There has been an error adding a new admin'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); break; case 'edit': // calling edit admin view $adminEdit = null; $adminId = Params::getParam('id'); if ($adminId != '') { $adminEdit = $this->adminManager->findByPrimaryKey((int) $adminId); } elseif (Session::newInstance()->_get('adminId') != '') { $adminEdit = $this->adminManager->findByPrimaryKey(Session::newInstance()->_get('adminId')); } if (count($adminEdit) == 0) { osc_add_flash_error_message(_m('There is no admin with this id'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } $this->_exportVariableToView("admin", $adminEdit); $this->doView('admins/frm.php'); break; case 'edit_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } osc_csrf_check(); // updating a new admin $iUpdated = 0; $adminId = Params::getParam('id'); $sPassword = Params::getParam('s_password', false, false); $sPassword2 = Params::getParam('s_password2', false, false); $sOldPassword = Params::getParam('old_password', false, false); $sName = Params::getParam('s_name'); $sEmail = Params::getParam('s_email'); $sUserName = Params::getParam('s_username'); $bModerator = Params::getParam('b_moderator') == 0 ? 0 : 1; // cleaning parameters $sPassword = strip_tags($sPassword); $sPassword = trim($sPassword); $sPassword2 = strip_tags($sPassword2); $sPassword2 = trim($sPassword2); $sName = strip_tags($sName); $sName = trim($sName); $sEmail = strip_tags($sEmail); $sEmail = trim($sEmail); $sUserName = strip_tags($sUserName); $sUserName = trim($sUserName); // Checks for legit data if (!osc_validate_email($sEmail, true)) { osc_add_flash_warning_message(_m("Email invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } if (!osc_validate_username($sUserName)) { osc_add_flash_warning_message(_m("Username invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } if ($sName == '') { osc_add_flash_warning_message(_m("Name invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } $aAdmin = $this->adminManager->findByPrimaryKey($adminId); if (count($aAdmin) == 0) { osc_add_flash_error_message(_m("This admin doesn't exist"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } if ($aAdmin['s_email'] != $sEmail) { if ($this->adminManager->findByEmail($sEmail)) { osc_add_flash_warning_message(_m('Existing email'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } } if ($aAdmin['s_username'] != $sUserName) { if ($this->adminManager->findByUsername($sUserName)) { osc_add_flash_warning_message(_m('Existing username'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } } $conditions = array('pk_i_id' => $adminId); $array = array(); if (osc_logged_admin_id() == $adminId) { if ($sOldPassword != '') { if ($sPassword == '') { osc_add_flash_warning_message(_m("Password invalid"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } else { $firstCondition = osc_verify_password($sOldPassword, $aAdmin['s_password']); $secondCondition = $sPassword == $sPassword2; if ($firstCondition && $secondCondition) { $array['s_password'] = osc_hash_password($sPassword); } else { osc_add_flash_warning_message(_m("The password couldn't be updated. Passwords don't match"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } } } } else { if ($sPassword != '') { if ($sPassword == $sPassword2) { $array['s_password'] = osc_hash_password($sPassword); } else { osc_add_flash_warning_message(_m("The password couldn't be updated. Passwords don't match"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId); } } } if ($adminId != osc_logged_admin_id()) { $array['b_moderator'] = $bModerator; } $array['s_name'] = Params::getParam('s_name'); $array['s_username'] = $sUserName; $array['s_email'] = $sEmail; $iUpdated = $this->adminManager->update($array, $conditions); osc_run_hook('admin_edit_completed', $adminId, $iUpdated); if ($iUpdated > 0) { osc_add_flash_ok_message(_m('The admin has been updated'), 'admin'); } if ($this->isModerator()) { $this->redirectTo(osc_admin_base_url(true)); } else { $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } break; case 'delete': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } osc_csrf_check(); // deleting and admin $isDeleted = false; $adminId = Params::getParam('id'); if (!is_array($adminId)) { osc_add_flash_error_message(_m("The admin id isn't in the correct format"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } // Verification to avoid an administrator trying to remove to itself if (in_array(Session::newInstance()->_get('adminId'), $adminId)) { osc_add_flash_error_message(_m("The operation hasn't been completed. You're trying to remove yourself!"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); } $isDeleted = $this->adminManager->deleteBatch($adminId); if ($isDeleted) { osc_add_flash_ok_message(_m('The admin has been deleted correctly'), 'admin'); } else { osc_add_flash_error_message(_m('The admin couldn\'t be deleted'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=admins'); break; default: if (Params::getParam("action") != "") { osc_run_hook("admin_bulk_" . Params::getParam("action"), Params::getParam('id')); } if (Params::getParam('iDisplayLength') == '') { Params::setParam('iDisplayLength', 10); } $p_iPage = 1; if (is_numeric(Params::getParam('iPage')) && Params::getParam('iPage') >= 1) { $p_iPage = Params::getParam('iPage'); } Params::setParam('iPage', $p_iPage); $admins = $this->adminManager->listAll(); // pagination $start = ($p_iPage - 1) * Params::getParam('iDisplayLength'); $limit = Params::getParam('iDisplayLength'); $count = count($admins); $displayRecords = $limit; if ($start + $limit > $count) { $displayRecords = $start + $limit - $count; } // ---- $aData = array(); $max = $start + $limit; if ($max > $count) { $max = $count; } for ($i = $start; $i < $max; $i++) { $admin = $admins[$i]; $options = array(); $options[] = '<a href="' . osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $admin['pk_i_id'] . '">' . __('Edit') . '</a>'; $options[] = '<a onclick="return delete_dialog(\'' . $admin['pk_i_id'] . '\');" href="' . osc_admin_base_url(true) . '?page=admins&action=delete&id[]=' . $admin['pk_i_id'] . '">' . __('Delete') . '</a>'; $auxOptions = '<ul>' . PHP_EOL; foreach ($options as $actual) { $auxOptions .= '<li>' . $actual . '</li>' . PHP_EOL; } $actions = '<div class="actions">' . $auxOptions . '</div>' . PHP_EOL; $row = array(); $row[] = '<input type="checkbox" name="id[]" value="' . $admin['pk_i_id'] . '" />'; $row[] = $admin['s_username'] . $actions; $row[] = $admin['s_name']; $row[] = $admin['s_email']; $aData[] = $row; } $array['iTotalRecords'] = $displayRecords; $array['iTotalDisplayRecords'] = count($admins); $array['iDisplayLength'] = $limit; $array['aaData'] = $aData; $page = (int) Params::getParam('iPage'); if (count($array['aaData']) == 0 && $page != 1) { $total = (int) $array['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $array['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . Params::getServerParam('QUERY_STRING', false, false); if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected admins?'), strtolower(__('Delete'))), 'label' => __('Delete'))); $bulk_options = osc_apply_filter("admin_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); $this->_exportVariableToView('aAdmins', $array); // calling manage admins view $this->doView('admins/index.php'); break; } }
function doModel() { parent::doModel(); //specific things for this class switch ($this->action) { case 'add': $this->doView("plugins/add.php"); break; case 'add_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); } osc_csrf_check(); $package = Params::getFiles("package"); if (isset($package['size']) && $package['size'] != 0) { $path = osc_plugins_path(); (int) ($status = osc_unzip_file($package['tmp_name'], $path)); @unlink($package['tmp_name']); } else { $status = 3; } switch ($status) { case 0: $msg = _m('The plugin folder is not writable'); osc_add_flash_error_message($msg, 'admin'); break; case 1: $msg = _m('The plugin has been uploaded correctly'); osc_add_flash_ok_message($msg, 'admin'); break; case 2: $msg = _m('The zip file is not valid'); osc_add_flash_error_message($msg, 'admin'); break; case 3: $msg = _m('No file was uploaded'); osc_add_flash_error_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=plugins&action=add"); break; case -1: default: $msg = _m('There was a problem adding the plugin'); osc_add_flash_error_message($msg, 'admin'); break; } $this->redirectTo(osc_admin_base_url(true) . "?page=plugins"); break; case 'install': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); } osc_csrf_check(); $pn = Params::getParam('plugin'); // set header just in case it's triggered some fatal error header("Location: " . osc_admin_base_url(true) . "?page=plugins&error=" . $pn, true, '302'); $installed = Plugins::install($pn); if (is_array($installed)) { switch ($installed['error_code']) { case 'error_output': osc_add_flash_error_message(sprintf(_m('The plugin generated %d characters of <strong>unexpected output</strong> during the installation. Output: "%s"'), strlen($installed['output']), $installed['output']), 'admin'); break; case 'error_installed': osc_add_flash_error_message(_m('Plugin is already installed'), 'admin'); break; case 'error_file': osc_add_flash_error_message(_m("Plugin couldn't be installed because their files are missing"), 'admin'); break; case 'custom_error': osc_add_flash_error_message(sprintf(_m("Plugin couldn't be installed because of: %s"), $installed['msg']), 'admin'); break; default: osc_add_flash_error_message(_m("Plugin couldn't be installed"), 'admin'); break; } } else { osc_add_flash_ok_message(_m('Plugin installed'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); break; case 'uninstall': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); } osc_csrf_check(); if (Plugins::uninstall(Params::getParam("plugin"))) { osc_add_flash_ok_message(_m('Plugin uninstalled'), 'admin'); } else { osc_add_flash_error_message(_m("Plugin couldn't be uninstalled"), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); break; case 'enable': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); } osc_csrf_check(); if (Plugins::activate(Params::getParam('plugin'))) { osc_add_flash_ok_message(_m('Plugin enabled'), 'admin'); } else { osc_add_flash_error_message(_m('Plugin is already enabled'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); break; case 'disable': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); } osc_csrf_check(); if (Plugins::deactivate(Params::getParam('plugin'))) { osc_add_flash_ok_message(_m('Plugin disabled'), 'admin'); } else { osc_add_flash_error_message(_m('Plugin is already disabled'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); break; case 'admin': $plugin = Params::getParam("plugin"); if ($plugin != "") { osc_run_hook($plugin . '_configure'); } break; case 'admin_post': osc_run_hook('admin_post'); break; case 'renderplugin': if (Params::existParam('route')) { $routes = Rewrite::newInstance()->getRoutes(); $rid = Params::getParam('route'); $file = '../'; if (isset($routes[$rid]) && isset($routes[$rid]['file'])) { $file = $routes[$rid]['file']; } } else { // DEPRECATED: Disclosed path in URL is deprecated, use routes instead // This will be REMOVED in 3.4 $file = Params::getParam('file'); // We pass the GET variables (in case we have somes) if (preg_match('|(.+?)\\?(.*)|', $file, $match)) { $file = $match[1]; if (preg_match_all('|&([^=]+)=([^&]*)|', urldecode('&' . $match[2] . '&'), $get_vars)) { for ($var_k = 0; $var_k < count($get_vars[1]); $var_k++) { Params::setParam($get_vars[1][$var_k], $get_vars[2][$var_k]); } } } else { $file = Params::getParam('file'); } } osc_run_hook('renderplugin_controller'); if (stripos($file, '../') === false && stripos($file, '..\\') === false && $file != "") { $this->_exportVariableToView("file", osc_plugins_path() . $file); $this->doView("plugins/view.php"); } break; case 'configure': $plugin = Params::getParam("plugin"); if ($plugin != '') { $plugin_data = Plugins::getInfo($plugin); $this->_exportVariableToView("categories", Category::newInstance()->toTreeAll()); $this->_exportVariableToView("selected", PluginCategory::newInstance()->listSelected($plugin_data['short_name'])); $this->_exportVariableToView("plugin_data", $plugin_data); $this->doView("plugins/configuration.php"); } else { $this->redirectTo(osc_admin_base_url(true) . "?page=plugins"); } break; case 'configure_post': osc_csrf_check(); $plugin_short_name = Params::getParam("plugin_short_name"); $categories = Params::getParam("categories"); if ($plugin_short_name != "") { Plugins::cleanCategoryFromPlugin($plugin_short_name); if (isset($categories)) { Plugins::addToCategoryPlugin($categories, $plugin_short_name); } osc_run_hook('plugin_categories_' . Params::getParam('plugin'), $categories); osc_add_flash_ok_message(_m('Configuration was saved'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=plugins"); } osc_add_flash_error_message(_m('No plugin selected'), 'admin'); $this->doView('plugins/index.php'); break; case 'delete': osc_csrf_check(); $plugin = str_replace('/index.php', '', Params::getParam("plugin")); $path = preg_replace('([\\/]+)', '/', CONTENT_PATH . 'plugins/' . $plugin); if ($plugin != "" && strpos($plugin, '../') === false && strpos($plugin, '..\\') === false && $path != CONTENT_PATH . 'plugins/') { if (osc_deleteDir($path)) { osc_add_flash_ok_message(_m('The files were deleted'), 'admin'); } else { osc_add_flash_error_message(sprintf(_m('There were an error deleting the files, please check the permissions of the files in %s'), $path . "/"), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . "?page=plugins"); } osc_add_flash_error_message(_m('No plugin selected'), 'admin'); $this->doView('plugins/index.php'); break; case 'error_plugin': // force php errors and simulate plugin installation to show the errors in the iframe if (!OSC_DEBUG) { error_reporting(E_ALL | E_STRICT); } @ini_set('display_errors', 1); include osc_plugins_path() . Params::getParam('plugin'); Plugins::install(Params::getParam('plugin')); exit; break; default: if (Params::getParam('checkUpdated') != '') { osc_admin_toolbar_update_plugins(true); } if (Params::getParam('iDisplayLength') == '') { Params::setParam('iDisplayLength', 25); } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); $p_iPage = 1; if (is_numeric(Params::getParam('iPage')) && Params::getParam('iPage') >= 1) { $p_iPage = Params::getParam('iPage'); } Params::setParam('iPage', $p_iPage); $aPlugin = Plugins::listAll(); $active_plugins = osc_get_plugins(); // pagination $start = ($p_iPage - 1) * Params::getParam('iDisplayLength'); $limit = Params::getParam('iDisplayLength'); $count = count($aPlugin); $displayRecords = $limit; if ($start + $limit > $count) { $displayRecords = $start + $limit - $count; } // -------------------------------------------------------- $aData = array(); $aInfo = array(); $max = $start + $limit; if ($max > $count) { $max = $count; } $aPluginsToUpdate = json_decode(osc_get_preference('plugins_to_update')); $bPluginsToUpdate = is_array($aPluginsToUpdate) ? true : false; for ($i = $start; $i < $max; $i++) { $plugin = $aPlugin[$i]; $row = array(); $pInfo = osc_plugin_get_info($plugin); // prepare row 1 $installed = 0; if (osc_plugin_is_installed($plugin)) { $installed = 1; } $enabled = 0; if (osc_plugin_is_enabled($plugin)) { $enabled = 1; } // prepare row 2 $sUpdate = ''; // get plugins to update from t_preference if ($bPluginsToUpdate) { if (in_array(@$pInfo['plugin_update_uri'], $aPluginsToUpdate)) { $sUpdate = '<a class="market_update market-popup" href="#' . htmlentities($pInfo['plugin_update_uri']) . '">' . __("There's a new update available") . '</a>'; } } // prepare row 4 $sConfigure = ''; if (isset($active_plugins[$plugin . '_configure'])) { $sConfigure = '<a href="' . osc_admin_base_url(true) . '?page=plugins&action=admin&plugin=' . $pInfo['filename'] . "&" . osc_csrf_token_url() . '">' . __('Configure') . '</a>'; } // prepare row 5 $sEnable = ''; if ($installed) { if ($enabled) { $sEnable = '<a href="' . osc_admin_base_url(true) . '?page=plugins&action=disable&plugin=' . $pInfo['filename'] . "&" . osc_csrf_token_url() . '">' . __('Disable') . '</a>'; } else { $sEnable = '<a href="' . osc_admin_base_url(true) . '?page=plugins&action=enable&plugin=' . $pInfo['filename'] . "&" . osc_csrf_token_url() . '">' . __('Enable') . '</a>'; } } // prepare row 6 if ($installed) { $sInstall = '<a onclick="javascript:return uninstall_dialog(\'' . $pInfo['filename'] . '\', \'' . $pInfo['plugin_name'] . '\');" href="' . osc_admin_base_url(true) . '?page=plugins&action=uninstall&plugin=' . $pInfo['filename'] . "&" . osc_csrf_token_url() . '">' . __('Uninstall') . '</a>'; } else { $sInstall = '<a href="' . osc_admin_base_url(true) . '?page=plugins&action=install&plugin=' . $pInfo['filename'] . "&" . osc_csrf_token_url() . '">' . __('Install') . '</a>'; } $sDelete = ''; if (!$installed) { $sDelete = '<a href="javascript:delete_plugin(\'' . $pInfo['filename'] . '\');" >' . __('Delete') . '</a>'; } $sHelp = ''; if ($pInfo['support_uri'] != '') { $sHelp = '<span class="plugin-support-icon plugin-tooltip" ><a target="_blank" href="' . osc_sanitize_url($pInfo['support_uri']) . '" ><img src="' . osc_current_admin_theme_url('images/question.png') . '" alt="' . osc_esc_html(__('Problems with this plugin? Ask for support.')) . '" ></a></span>'; } $sSiteUrl = ''; if ($pInfo['plugin_uri'] != '') { $sSiteUrl = ' | <a target="_blank" href="' . $pInfo['plugin_uri'] . '">' . __('Plugins Site') . '</a>'; } if ($pInfo['author_uri'] != '') { $sAuthor = __('By') . ' <a target="_blank" href="' . $pInfo['author_uri'] . '">' . $pInfo['author'] . '</a>'; } else { $sAuthor = __('By') . ' ' . $pInfo['author']; } $row[] = '<input type="hidden" name="installed" value="' . $installed . '" enabled="' . $enabled . '" />' . $pInfo['plugin_name'] . $sHelp . '<div>' . $sUpdate . '</div>'; $row[] = $pInfo['description'] . '<br />' . __('Version:') . $pInfo['version'] . ' | ' . $sAuthor . $sSiteUrl; $row[] = $sUpdate != '' ? $sUpdate : ' '; $row[] = $sConfigure != '' ? $sConfigure : ' '; $row[] = $sEnable != '' ? $sEnable : ' '; $row[] = $sInstall != '' ? $sInstall : ' '; $row[] = $sDelete != '' ? $sDelete : ' '; $aData[] = $row; if (@$pInfo['plugin_update_uri'] != '') { $aInfo[@$pInfo['plugin_update_uri']] = $pInfo; } else { $aInfo[$i] = $pInfo; } } $array['iTotalRecords'] = $displayRecords; $array['iTotalDisplayRecords'] = count($aPlugin); $array['iDisplayLength'] = $limit; $array['aaData'] = $aData; $array['aaInfo'] = $aInfo; // -------------------------------------------------------- $page = (int) Params::getParam('iPage'); if (count($array['aaData']) == 0 && $page != 1) { $total = (int) $array['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $array['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . Params::getServerParam('QUERY_STRING', false, false); if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aPlugins', $array); $this->doView("plugins/index.php"); break; } }
/** * */ public function toArray() { $domain = 'http://' . Params::getServerParam('HTTP_HOST') . '/'; $this->siteInfo = $this->findByPrimaryKey($domain); }
* Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ osc_enqueue_script('jquery-validate'); $current_host = parse_url(Params::getServerParam('HTTP_HOST'), PHP_URL_HOST); if ($current_host === null) { $current_host = Params::getServerParam('HTTP_HOST'); } //customize Head function customHead() { } osc_add_hook('admin_header', 'customHead', 10); function render_offset() { return 'row-offset'; } function addHelp() { echo '<p>' . __("Change advanced configuration of your Osclass. <strong>Be careful</strong> when modifying default values if you're not sure what you're doing!") . '</p>'; } osc_add_hook('help_box', 'addHelp');
function __construct() { parent::__construct(); $this->mSearch = Search::newInstance(); $this->uri = preg_replace('|^' . REL_WEB_URL . '|', '', Params::getServerParam('REQUEST_URI', false, false)); if (preg_match('/^index\\.php/', $this->uri) > 0) { // search url without permalinks params } else { $this->uri = preg_replace('|/$|', '', $this->uri); // redirect if it ends with a slash NOT NEEDED ANYMORE, SINCE WE CHECK WITH osc_search_url if ($this->uri != osc_get_preference('rewrite_search_url') && stripos($this->uri, osc_get_preference('rewrite_search_url') . '/') === false && osc_rewrite_enabled() && !Params::existParam('sFeed')) { // clean GET html params $this->uri = preg_replace('/(\\/?)\\?.*$/', '', $this->uri); $search_uri = preg_replace('|/[0-9]+$|', '', $this->uri); $this->_exportVariableToView('search_uri', $search_uri); // get page if it's set in the url $iPage = preg_replace('|.*/([0-9]+)$|', '$01', $this->uri); if (is_numeric($iPage) && $iPage > 0) { Params::setParam('iPage', $iPage); // redirect without number of pages if ($iPage == 1) { $this->redirectTo(osc_base_url() . $search_uri); } } if (Params::getParam('iPage') > 1) { $this->_exportVariableToView('canonical', osc_base_url() . $search_uri); } // get only the last segment $search_uri = preg_replace('|.*?/|', '', $search_uri); if (preg_match('|-r([0-9]+)$|', $search_uri, $r)) { $region = Region::newInstance()->findByPrimaryKey($r[1]); if (!$region) { $this->do404(); } Params::setParam('sRegion', $region['pk_i_id']); Params::unsetParam('sCategory'); if (preg_match('|(.*?)_.*?-r[0-9]+|', $search_uri, $match)) { Params::setParam('sCategory', $match[1]); } } else { if (preg_match('|-c([0-9]+)$|', $search_uri, $c)) { $city = City::newInstance()->findByPrimaryKey($c[1]); if (!$city) { $this->do404(); } Params::setParam('sCity', $city['pk_i_id']); Params::unsetParam('sCategory'); if (preg_match('|(.*?)_.*?-c[0-9]+|', $search_uri, $match)) { Params::setParam('sCategory', $match[1]); } } else { if (!Params::existParam('sCategory')) { $category = Category::newInstance()->findBySlug($search_uri); if (count($category) === 0) { $this->do404(); } Params::setParam('sCategory', $search_uri); } else { if (stripos(Params::getParam('sCategory'), '/') !== false) { $tmp = explode("/", preg_replace('|/$|', '', Params::getParam('sCategory'))); $category = Category::newInstance()->findBySlug($tmp[count($tmp) - 1]); Params::setParam('sCategory', $tmp[count($tmp) - 1]); } else { $category = Category::newInstance()->findBySlug(Params::getParam('sCategory')); Params::setParam('sCategory', Params::getParam('sCategory')); } if (count($category) === 0) { $this->do404(); } } } } } } }
/** * Insert a log row. * * @access public * @since unknown * @param string $section * @param string $action * @param integer $id * @param string $data * @param string $who * @param integer $who_id * @return boolean */ public function insertLog($section, $action, $id, $data, $who, $whoId) { $array_set = array('dt_date' => date('Y-m-d H:i:s'), 's_section' => $section, 's_action' => $action, 'fk_i_id' => $id, 's_data' => $data, 's_ip' => Params::getServerParam('REMOTE_ADDR'), 's_who' => $who, 'fk_i_who_id' => $whoId); return $this->dao->insert($this->getTableName(), $array_set); }
function doModel() { parent::doModel(); //specific things for this class switch ($this->action) { case 'bulk_actions': osc_csrf_check(); $id = Params::getParam('id'); if ($id) { switch (Params::getParam('bulk_actions')) { case 'delete_all': $this->itemCommentManager->delete(array(DB_CUSTOM_COND => 'pk_i_id IN (' . implode(', ', $id) . ')')); foreach ($id as $_id) { $iUpdated = $this->itemCommentManager->delete(array('pk_i_id' => $_id)); osc_add_hook("delete_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been deleted'), 'admin'); break; case 'activate_all': foreach ($id as $_id) { $iUpdated = $this->itemCommentManager->update(array('b_active' => 1), array('pk_i_id' => $_id)); if ($iUpdated) { $this->sendCommentActivated($_id); } osc_add_hook("activate_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been approved'), 'admin'); break; case 'deactivate_all': foreach ($id as $_id) { $this->itemCommentManager->update(array('b_active' => 0), array('pk_i_id' => $_id)); osc_add_hook("deactivate_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been disapproved'), 'admin'); break; case 'enable_all': foreach ($id as $_id) { $iUpdated = $this->itemCommentManager->update(array('b_enabled' => 1), array('pk_i_id' => $_id)); if ($iUpdated) { $this->sendCommentActivated($_id); } osc_add_hook("enable_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been unblocked'), 'admin'); break; case 'disable_all': foreach ($id as $_id) { $this->itemCommentManager->update(array('b_enabled' => 0), array('pk_i_id' => $_id)); osc_add_hook("disable_comment", $_id); } osc_add_flash_ok_message(_m('The comments have been blocked'), 'admin'); break; default: if (Params::getParam("bulk_actions") != "") { osc_run_hook("item_bulk_" . Params::getParam("bulk_actions"), Params::getParam('id')); } break; } } $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; case 'status': osc_csrf_check(); $id = Params::getParam('id'); $value = Params::getParam('value'); if (!$id) { return false; } $id = (int) $id; if (!is_numeric($id)) { return false; } if (!in_array($value, array('ACTIVE', 'INACTIVE', 'ENABLE', 'DISABLE'))) { return false; } if ($value == 'ACTIVE') { $iUpdated = $this->itemCommentManager->update(array('b_active' => 1), array('pk_i_id' => $id)); if ($iUpdated) { $this->sendCommentActivated($id); } osc_add_hook("activate_comment", $id); osc_add_flash_ok_message(_m('The comment has been approved'), 'admin'); } else { if ($value == 'INACTIVE') { $iUpdated = $this->itemCommentManager->update(array('b_active' => 0), array('pk_i_id' => $id)); osc_add_hook("deactivate_comment", $id); osc_add_flash_ok_message(_m('The comment has been disapproved'), 'admin'); } else { if ($value == 'ENABLE') { $iUpdated = $this->itemCommentManager->update(array('b_enabled' => 1), array('pk_i_id' => $id)); osc_add_hook("enable_comment", $id); osc_add_flash_ok_message(_m('The comment has been enabled'), 'admin'); } else { if ($value == 'DISABLE') { $iUpdated = $this->itemCommentManager->update(array('b_enabled' => 0), array('pk_i_id' => $id)); osc_add_hook("disable_comment", $id); osc_add_flash_ok_message(_m('The comment has been disabled'), 'admin'); } } } } $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; case 'comment_edit': $comment = ItemComment::newInstance()->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('comment', $comment); $this->doView('comments/frm.php'); break; case 'comment_edit_post': osc_csrf_check(); $msg = ''; if (!osc_validate_email(Params::getParam('authorEmail'), true)) { $msg .= _m('Email is not correct') . "<br/>"; } if (!osc_validate_text(Params::getParam('body'), 1, true)) { $msg .= _m('Comment is required') . "<br/>"; } if ($msg != '') { osc_add_flash_error_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=comments&action=comment_edit&id=" . Params::getParam('id')); } $this->itemCommentManager->update(array('s_title' => Params::getParam('title'), 's_body' => Params::getParam('body'), 's_author_name' => Params::getParam('authorName'), 's_author_email' => Params::getParam('authorEmail')), array('pk_i_id' => Params::getParam('id'))); osc_run_hook('edit_comment', Params::getParam('id')); osc_add_flash_ok_message(_m('Great! We just updated your comment'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; case 'delete': osc_csrf_check(); $this->itemCommentManager->deleteByPrimaryKey(Params::getParam('id')); osc_add_flash_ok_message(_m('The comment has been deleted'), 'admin'); osc_run_hook('delete_comment', Params::getParam('id')); $this->redirectTo(osc_admin_base_url(true) . "?page=comments"); break; default: require_once osc_lib_path() . "osclass/classes/datatables/CommentsDataTable.php"; // set default iDisplayLength if (Params::getParam('iDisplayLength') != '') { Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength')); Cookie::newInstance()->set(); } else { // set a default value if it's set in the cookie if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') { Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength')); } else { Params::setParam('iDisplayLength', 10); } } $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); // Table header order by related if (Params::getParam('sort') == '') { Params::setParam('sort', 'date'); } if (Params::getParam('direction') == '') { Params::setParam('direction', 'desc'); } $page = (int) Params::getParam('iPage'); if ($page == 0) { $page = 1; } Params::setParam('iPage', $page); $params = Params::getParamsAsArray(); $commentsDataTable = new CommentsDataTable(); $commentsDataTable->table($params); $aData = $commentsDataTable->getData(); if (count($aData['aRows']) == 0 && $page != 1) { $total = (int) $aData['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $aData['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . Params::getServerParam('QUERY_STRING', false, false); if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aData', $aData); $this->_exportVariableToView('aRawRows', $commentsDataTable->rawRows()); $bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Delete'))), 'label' => __('Delete')), array('value' => 'activate_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Activate'))), 'label' => __('Activate')), array('value' => 'deactivate_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Deactivate'))), 'label' => __('Deactivate')), array('value' => 'disable_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Block'))), 'label' => __('Block')), array('value' => 'enable_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Unblock'))), 'label' => __('Unblock'))); $bulk_options = osc_apply_filter("comment_bulk_filter", $bulk_options); $this->_exportVariableToView('bulk_options', $bulk_options); $this->doView('comments/index.php'); break; } }
function doModel() { switch ($this->action) { case 'dashboard': //dashboard... $max_items = Params::getParam('max_items') != '' ? Params::getParam('max_items') : 5; $aItems = Item::newInstance()->findByUserIDEnabled(osc_logged_user_id(), 0, $max_items); //calling the view... $this->_exportVariableToView('items', $aItems); $this->_exportVariableToView('max_items', $max_items); $this->doView('user-dashboard.php'); break; case 'profile': //profile... $user = User::newInstance()->findByPrimaryKey(osc_logged_user_id()); $aCountries = Country::newInstance()->listAll(); $aRegions = array(); if ($user['fk_c_country_code'] != '') { $aRegions = Region::newInstance()->findByCountry($user['fk_c_country_code']); } elseif (count($aCountries) > 0) { $aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']); } $aCities = array(); if ($user['fk_i_region_id'] != '') { $aCities = City::newInstance()->findByRegion($user['fk_i_region_id']); } else { if (count($aRegions) > 0) { $aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']); } } //calling the view... $this->_exportVariableToView('countries', $aCountries); $this->_exportVariableToView('regions', $aRegions); $this->_exportVariableToView('cities', $aCities); $this->_exportVariableToView('user', $user); $this->_exportVariableToView('locales', OSCLocale::newInstance()->listAllEnabled()); $this->doView('user-profile.php'); break; case 'profile_post': //profile post... osc_csrf_check(); $userId = Session::newInstance()->_get('userId'); require_once LIB_PATH . 'osclass/UserActions.php'; $userActions = new UserActions(false); $success = $userActions->edit($userId); if ($success == 1 || $success == 2) { osc_add_flash_ok_message(_m('Your profile has been updated successfully')); } else { osc_add_flash_error_message($success); } $this->redirectTo(osc_user_profile_url()); break; case 'alerts': //alerts $aAlerts = Alerts::newInstance()->findByUser(Session::newInstance()->_get('userId'), false); $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId')); foreach ($aAlerts as $k => $a) { $array_conditions = (array) json_decode($a['s_search']); // $search = Search::newInstance(); $search = new Search(); $search->setJsonAlert($array_conditions); $search->limit(0, 3); $aAlerts[$k]['items'] = $search->doSearch(); } $this->_exportVariableToView('alerts', $aAlerts); View::newInstance()->_reset('alerts'); $this->_exportVariableToView('user', $user); $this->doView('user-alerts.php'); break; case 'change_email': //change email $this->doView('user-change_email.php'); break; case 'change_email_post': //change email post osc_csrf_check(); if (!osc_validate_email(Params::getParam('new_email'))) { osc_add_flash_error_message(_m('The specified e-mail is not valid')); $this->redirectTo(osc_change_user_email_url()); } else { $user = User::newInstance()->findByEmail(Params::getParam('new_email')); if (!isset($user['pk_i_id'])) { $userEmailTmp = array(); $userEmailTmp['fk_i_user_id'] = Session::newInstance()->_get('userId'); $userEmailTmp['s_new_email'] = Params::getParam('new_email'); UserEmailTmp::newInstance()->insertOrUpdate($userEmailTmp); $code = osc_genRandomPassword(30); $date = date('Y-m-d H:i:s'); $userManager = new User(); $userManager->update(array('s_pass_code' => $code, 's_pass_date' => $date, 's_pass_ip' => Params::getServerParam('REMOTE_ADDR')), array('pk_i_id' => Session::newInstance()->_get('userId'))); $validation_url = osc_change_user_email_confirm_url(Session::newInstance()->_get('userId'), $code); osc_run_hook('hook_email_new_email', Params::getParam('new_email'), $validation_url); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('The specified e-mail is already in use')); $this->redirectTo(osc_change_user_email_url()); } } break; case 'change_username': //change username $this->doView('user-change_username.php'); break; case 'change_username_post': //change username $username = osc_sanitize_username(Params::getParam('s_username')); osc_run_hook('before_username_change', Session::newInstance()->_get('userId'), $username); if ($username != '') { $user = User::newInstance()->findByUsername($username); if (isset($user['s_username'])) { osc_add_flash_error_message(_m('The specified username is already in use')); } else { if (!osc_is_username_blacklisted($username)) { User::newInstance()->update(array('s_username' => $username), array('pk_i_id' => Session::newInstance()->_get('userId'))); osc_add_flash_ok_message(_m('The username was updated')); osc_run_hook('after_username_change', Session::newInstance()->_get('userId'), Params::getParam('s_username')); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('The specified username is not valid, it contains some invalid words')); } } } else { osc_add_flash_error_message(_m('The specified username could not be empty')); } $this->redirectTo(osc_change_user_username_url()); break; case 'change_password': //change password $this->doView('user-change_password.php'); break; case 'change_password_post': //change password post osc_csrf_check(); $user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId')); if (Params::getParam('password', false, false) == '' || Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_change_user_password_url()); } if (!osc_verify_password(Params::getParam('password', false, false), $user['s_password'])) { osc_add_flash_error_message(_m("Current password doesn't match")); $this->redirectTo(osc_change_user_password_url()); } if (!Params::getParam('new_password', false, false)) { osc_add_flash_error_message(_m("Passwords can't be empty")); $this->redirectTo(osc_change_user_password_url()); } if (Params::getParam('new_password', false, false) != Params::getParam('new_password2', false, false)) { osc_add_flash_error_message(_m("Passwords don't match")); $this->redirectTo(osc_change_user_password_url()); } User::newInstance()->update(array('s_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => Session::newInstance()->_get('userId'))); osc_add_flash_ok_message(_m('Password has been changed')); $this->redirectTo(osc_user_profile_url()); break; case 'items': // view items user $itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 10; $page = Params::getParam('iPage') > 0 ? Params::getParam('iPage') - 1 : 0; $itemType = Params::getParam('itemType'); $total_items = Item::newInstance()->countItemTypesByUserID(osc_logged_user_id(), $itemType); $total_pages = ceil($total_items / $itemsPerPage); $items = Item::newInstance()->findItemTypesByUserID(osc_logged_user_id(), $page * $itemsPerPage, $itemsPerPage, $itemType); $this->_exportVariableToView('items', $items); $this->_exportVariableToView('search_total_pages', $total_pages); $this->_exportVariableToView('search_total_items', $total_items); $this->_exportVariableToView('items_per_page', $itemsPerPage); $this->_exportVariableToView('items_type', $itemType); $this->_exportVariableToView('search_page', $page); $this->doView('user-items.php'); break; case 'activate_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $result = 0; if ($email != '' && $secret != '') { $result = Alerts::newInstance()->activate($email, $secret); } if ($result == 1) { osc_add_flash_ok_message(_m('Alert activated')); } else { osc_add_flash_error_message(_m('Oops! There was a problem trying to activate your alert. Please contact an administrator')); } $this->redirectTo(osc_base_url()); break; case 'unsub_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $id = Params::getParam('id'); $alert = Alerts::newInstance()->findByPrimaryKey($id); $result = 0; if (!empty($alert)) { if ($email == $alert['s_email'] && $secret == $alert['s_secret']) { $result = Alerts::newInstance()->unsub($id); } } if ($result == 1) { osc_add_flash_ok_message(_m('Unsubscribed correctly')); } else { osc_add_flash_error_message(_m('Oops! There was a problem trying to unsubscribe you. Please contact an administrator')); } $this->redirectTo(osc_user_alerts_url()); break; case 'delete': $id = Params::getParam('id'); $secret = Params::getParam('secret'); if (osc_is_web_user_logged_in()) { $user = User::newInstance()->findByPrimaryKey(osc_logged_user_id()); View::newInstance()->_exportVariableToView('user', $user); if (!empty($user) && osc_logged_user_id() == $id && $secret == $user['s_secret']) { User::newInstance()->deleteUser(osc_logged_user_id()); Session::newInstance()->_drop('userId'); Session::newInstance()->_drop('userName'); Session::newInstance()->_drop('userEmail'); Session::newInstance()->_drop('userPhone'); Cookie::newInstance()->pop('oc_userId'); Cookie::newInstance()->pop('oc_userSecret'); Cookie::newInstance()->set(); osc_add_flash_ok_message(_m("Your account have been deleted")); $this->redirectTo(osc_base_url()); } else { osc_add_flash_error_message(_m("Oops! you can not do that")); $this->redirectTo(osc_user_dashboard_url()); } } else { osc_add_flash_error_message(_m("Oops! you can not do that")); $this->redirectTo(osc_base_url()); } break; } }