function doModel()
{
switch ($this->action) {
case 'login_post':
//post execution for the login
if (!osc_users_enabled()) {
osc_add_flash_error_message(_m('Users are not enabled'));
$this->redirectTo(osc_base_url());
}
osc_csrf_check();
osc_run_hook('before_validating_login');
// e-mail or/and password is/are empty or incorrect
$wrongCredentials = false;
$email = Params::getParam('email');
$password = Params::getParam('password', false, false);
if ($email == '') {
osc_add_flash_error_message(_m('Please provide an email address'));
$wrongCredentials = true;
}
if ($password == '') {
osc_add_flash_error_message(_m('Empty passwords are not allowed. Please provide a password'));
$wrongCredentials = true;
}
if ($wrongCredentials) {
$this->redirectTo(osc_user_login_url());
}
if (osc_validate_email($email)) {
$user = User::newInstance()->findByEmail($email);
}
if (empty($user)) {
$user = User::newInstance()->findByUsername($email);
}
if (empty($user)) {
osc_add_flash_error_message(_m("The user doesn't exist"));
$this->redirectTo(osc_user_login_url());
}
if (!osc_verify_password($password, isset($user['s_password']) ? $user['s_password'] : '')) {
osc_add_flash_error_message(_m('The password is incorrect'));
$this->redirectTo(osc_user_login_url());
// @TODO if valid user, send email parameter back to the login form
} else {
if (@$user['s_password'] != '') {
if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $user['s_password'], $cost)) {
if ($cost[1] != BCRYPT_COST) {
User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id']));
}
} else {
User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id']));
}
}
}
// e-mail or/and IP is/are banned
$banned = osc_is_banned($email);
// int 0: not banned or unknown, 1: email is banned, 2: IP is banned, 3: both email & IP are banned
if ($banned & 1) {
osc_add_flash_error_message(_m('Your current email is not allowed'));
}
if ($banned & 2) {
osc_add_flash_error_message(_m('Your current IP is not allowed'));
}
if ($banned !== 0) {
$this->redirectTo(osc_user_login_url());
}
osc_run_hook('before_login');
$url_redirect = osc_get_http_referer();
$page_redirect = '';
if (osc_rewrite_enabled()) {
if ($url_redirect != '') {
$request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $url_redirect));
$tmp_ar = explode("?", $request_uri);
$request_uri = $tmp_ar[0];
$rules = Rewrite::newInstance()->listRules();
foreach ($rules as $match => $uri) {
if (preg_match('#' . $match . '#', $request_uri, $m)) {
$request_uri = preg_replace('#' . $match . '#', $uri, $request_uri);
if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) {
$page_redirect = $match[2];
if ($page_redirect == '' || $page_redirect == 'login') {
$url_redirect = osc_user_dashboard_url();
}
}
break;
}
}
}
}
require_once LIB_PATH . 'osclass/UserActions.php';
$uActions = new UserActions(false);
$logged = $uActions->bootstrap_login($user['pk_i_id']);
if ($logged == 0) {
osc_add_flash_error_message(_m("The user doesn't exist"));
} else {
if ($logged == 1) {
if (time() - strtotime($user['dt_access_date']) > 1200) {
// EACH 20 MINUTES
osc_add_flash_error_message(sprintf(_m('The user has not been validated yet. Would you like to re-send your <a href="%s">activation?</a>'), osc_user_resend_activation_link($user['pk_i_id'], $user['s_email'])));
} else {
osc_add_flash_error_message(_m('The user has not been validated yet'));
}
} else {
if ($logged == 2) {
osc_add_flash_error_message(_m('The user has been suspended'));
} else {
if ($logged == 3) {
if (Params::getParam('remember') == 1) {
//this include contains de osc_genRandomPassword function
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$secret = osc_genRandomPassword();
User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id']));
Cookie::newInstance()->set_expires(osc_time_cookie());
Cookie::newInstance()->push('oc_userId', $user['pk_i_id']);
Cookie::newInstance()->push('oc_userSecret', $secret);
Cookie::newInstance()->set();
}
if ($url_redirect == '') {
$url_redirect = osc_user_dashboard_url();
}
osc_run_hook("after_login", $user, $url_redirect);
$this->redirectTo(osc_apply_filter('correct_login_url_redirect', $url_redirect));
} else {
osc_add_flash_error_message(_m('This should never happen'));
}
}
}
}
if (!$user['b_enabled']) {
$this->redirectTo(osc_user_login_url());
}
$this->redirectTo(osc_user_login_url());
break;
case 'resend':
$id = Params::getParam('id');
$email = Params::getParam('email');
$user = User::newInstance()->findByPrimaryKey($id);
if ($id == '' || $email == '' || !isset($user) || $user['b_active'] == 1 || $email != $user['s_email']) {
osc_add_flash_error_message(_m('Incorrect link'));
$this->redirectTo(osc_user_login_url());
}
if (time() - strtotime($user['dt_access_date']) > 1200) {
// EACH 20 MINUTES
if (osc_notify_new_user()) {
osc_run_hook('hook_email_admin_new_user', $user);
}
if (osc_user_validation_enabled()) {
osc_run_hook('hook_email_user_validation', $user, $user);
}
User::newInstance()->update(array('dt_access_date' => date('Y-m-d H:i:s')), array('pk_i_id' => $user['pk_i_id']));
osc_add_flash_ok_message(_m('Validation email re-sent'));
} else {
osc_add_flash_warning_message(_m('We have just sent you an email to validate your account, you will have to wait a few minutes to resend it again'));
}
$this->redirectTo(osc_user_login_url());
break;
case 'recover':
//form to recover the password (in this case we have the form in /gui/)
$this->doView('user-recover.php');
break;
case 'recover_post':
//post execution to recover the password
osc_csrf_check();
require_once LIB_PATH . 'osclass/UserActions.php';
// e-mail is incorrect
if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) {
osc_add_flash_error_message(_m('Invalid email address'));
$this->redirectTo(osc_recover_user_password_url());
}
$userActions = new UserActions(false);
$success = $userActions->recover_password();
switch ($success) {
case 0:
// recover ok
osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password'));
$this->redirectTo(osc_base_url());
break;
case 1:
// e-mail does not exist
osc_add_flash_error_message(_m('We were not able to identify you given the information provided'));
$this->redirectTo(osc_recover_user_password_url());
break;
case 2:
// recaptcha wrong
osc_add_flash_error_message(_m('The recaptcha code is wrong'));
$this->redirectTo(osc_recover_user_password_url());
break;
}
break;
case 'forgot':
//form to recover the password (in this case we have the form in /gui/)
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user) {
$this->doView('user-forgot_password.php');
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
$this->redirectTo(osc_base_url());
}
break;
case 'forgot_post':
osc_csrf_check();
if (Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') {
osc_add_flash_warning_message(_m('Password cannot be blank'));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user['b_enabled'] == 1) {
if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) {
User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => Params::getServerParam('REMOTE_ADDR'), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $user['pk_i_id']));
osc_add_flash_ok_message(_m('The password has been changed'));
$this->redirectTo(osc_user_login_url());
} else {
osc_add_flash_error_message(_m("Error, the password don't match"));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
}
$this->redirectTo(osc_base_url());
break;
default:
//login
Session::newInstance()->_setReferer(osc_get_http_referer());
if (osc_logged_user_id() != '') {
$this->redirectTo(osc_user_dashboard_url());
}
$this->doView('user-login.php');
}
}
function make_userlogin()
{
if (isset($_GET['page'])) {
return;
}
$facebookData = FacebookClassified::newInstance()->selectFacebookData();
$api_id = osc_get_preference('facebook_api_id', 'classified');
$api_secret = osc_get_preference('facebook_api_secret', 'classified');
if (isset($_GET['code']) and !empty($_GET['code'])) {
$code = $_GET['code'];
if (!empty($code)) {
$get_access_data = facebookall_get_fb_contents("https://graph.facebook.com/v2.3/oauth/access_token?" . 'client_id=' . $api_id . '&redirect_uri=' . urlencode(osc_base_url()) . '&client_secret=' . $api_secret . '&code=' . urlencode($code));
$access_data = json_decode($get_access_data, true);
}
if (empty($access_data['access_token'])) {
$get_access_data = facebookall_get_fb_contents("https://graph.facebook.com/v2.3/oauth/access_token?" . 'client_id=' . $api_id . '&redirect_uri=' . urlencode(osc_base_url()) . '&client_secret=' . $api_secret . '&code=' . urlencode($code));
$access_data = json_decode($get_access_data, true);
}
if (!empty($access_data['access_token'])) {
$access_token = $access_data['access_token'];
} else {
echo 'Error : Could not get access token please check your app settings for more about this error<br> Or Follow our doc setion <a href="http://sourceaddons.com/documentation">Documentation Section</a>.';
exit;
}
?>
<script>
window.opener.FbAll.parentRedirect({'action' : 'fball', 'fball_access_token' : '<?php
echo $access_token;
?>
'});
window.close();
</script>
<?php
}
if (!empty($_REQUEST['fball_access_token']) and isset($_REQUEST['fball_redirect'])) {
$user_info = json_decode(facebookall_get_fb_contents("https://graph.facebook.com/v2.3/me?access_token=" . $_REQUEST['fball_access_token']));
Session::newInstance()->_set('fb-token', $_REQUEST['fball_access_token']);
$user_data = get_userprofile_data($user_info);
if (!empty($user_data['email']) and !empty($user_data['id'])) {
// Filter username form data.
if (!empty($user_data['name'])) {
$username = $user_data['name'];
} else {
if (!empty($user_data['first_name']) && !empty($user_data['last_name'])) {
$username = $user_data['first_name'] . $user_data['last_name'];
} else {
$user_emailname = explode('@', $user_data['email']);
$username = $user_emailname[0];
}
}
$user_login = $username;
$new_user = false;
$user_id = get_userid($user_data['id']);
if (empty($user_id)) {
//Not Registered As Facebook User
$u_data = User::newInstance()->findByEmail($user_data['email']);
if (!empty($u_data)) {
//Registered As OSClass but not as Facebook User
$user = User::newInstance()->findByEmail($user_data['email']);
insert_facebook_user_data($user['pk_i_id'], $user_data['id']);
} else {
//New User Not Registered as Facebook User And OSClass User
$new_user = true;
register_user($user_data);
}
}
$manager = User::newInstance();
$oscUser = $manager->findByEmail($user_data['email']);
$email = $oscUser['pk_i_id'];
require_once osc_lib_path() . 'osclass/UserActions.php';
$uActions = new UserActions(false);
$logged = $uActions->bootstrap_login($oscUser['pk_i_id']);
// Redirect user.
osc_redirect_to(osc_user_dashboard_url());
/*
if (!empty ($_GET['redirect_to'])) {
$redirect_to = $_GET['redirect_to'];
wp_safe_redirect ($redirect_to);
}
else {
$redirect_to = facebookall_redirect_loggedin_user();
wp_redirect ($redirect_to);
}
exit();
}
*/
}
}
}
function doModel()
{
switch ($this->action) {
case 'login_post':
//post execution for the login
if (!osc_users_enabled()) {
osc_add_flash_error_message(_m('Users are not enabled'));
$this->redirectTo(osc_base_url());
}
require_once LIB_PATH . 'osclass/UserActions.php';
$user = User::newInstance()->findByEmail(Params::getParam('email'));
$url_redirect = osc_user_dashboard_url();
$page_redirect = '';
if (osc_rewrite_enabled()) {
if (isset($_SERVER['HTTP_REFERER'])) {
$request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $_SERVER['HTTP_REFERER']));
$tmp_ar = explode("?", $request_uri);
$request_uri = $tmp_ar[0];
$rules = Rewrite::newInstance()->listRules();
foreach ($rules as $match => $uri) {
if (preg_match('#' . $match . '#', $request_uri, $m)) {
$request_uri = preg_replace('#' . $match . '#', $uri, $request_uri);
if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) {
$page_redirect = $match[2];
}
break;
}
}
}
} else {
if (preg_match('|[\\?&]page=([^&]+)|', $_SERVER['HTTP_REFERER'] . '&', $match)) {
$page_redirect = $match[1];
}
}
if (Params::getParam('http_referer') != '') {
Session::newInstance()->_setReferer(Params::getParam('http_referer'));
$url_redirect = Params::getParam('http_referer');
} else {
if (Session::newInstance()->_getReferer() != '') {
Session::newInstance()->_setReferer(Session::newInstance()->_getReferer());
$url_redirect = Session::newInstance()->_getReferer();
} else {
if ($page_redirect != '' && $page_redirect != 'login') {
Session::newInstance()->_setReferer($_SERVER['HTTP_REFERER']);
$url_redirect = $_SERVER['HTTP_REFERER'];
}
}
}
if (!$user) {
osc_add_flash_error_message(_m('The username doesn\'t exist'));
$this->redirectTo(osc_user_login_url());
}
if ($user["s_password"] != sha1(Params::getParam('password'))) {
osc_add_flash_error_message(_m('The password is incorrect'));
$this->redirectTo(osc_user_login_url());
}
$uActions = new UserActions(false);
$logged = $uActions->bootstrap_login($user['pk_i_id']);
if ($logged == 0) {
osc_add_flash_error_message(_m('The username doesn\'t exist'));
} else {
if ($logged == 1) {
osc_add_flash_error_message(_m('The user has not been validated yet'));
} else {
if ($logged == 2) {
osc_add_flash_error_message(_m('The user has been suspended'));
} else {
if ($logged == 3) {
if (Params::getParam('remember') == 1) {
//this include contains de osc_genRandomPassword function
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$secret = osc_genRandomPassword();
User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id']));
Cookie::newInstance()->set_expires(osc_time_cookie());
Cookie::newInstance()->push('oc_userId', $user['pk_i_id']);
Cookie::newInstance()->push('oc_userSecret', $secret);
Cookie::newInstance()->set();
}
$this->redirectTo($url_redirect);
} else {
osc_add_flash_error_message(_m('This should never happens'));
}
}
}
}
if (!$user['b_enabled']) {
$this->redirectTo(osc_user_login_url());
}
$this->redirectTo(osc_user_login_url());
break;
case 'recover':
//form to recover the password (in this case we have the form in /gui/)
$this->doView('user-recover.php');
break;
case 'recover_post':
//post execution to recover the password
require_once LIB_PATH . 'osclass/UserActions.php';
// e-mail is incorrect
if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) {
osc_add_flash_error_message(_m('Invalid email address'));
$this->redirectTo(osc_recover_user_password_url());
}
$userActions = new UserActions(false);
$success = $userActions->recover_password();
switch ($success) {
case 0:
// recover ok
osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password'));
$this->redirectTo(osc_base_url());
break;
case 1:
// e-mail does not exist
osc_add_flash_error_message(_m('We were not able to identify you given the information provided'));
$this->redirectTo(osc_recover_user_password_url());
break;
case 2:
// recaptcha wrong
osc_add_flash_error_message(_m('The recaptcha code is wrong'));
$this->redirectTo(osc_recover_user_password_url());
break;
}
break;
case 'forgot':
//form to recover the password (in this case we have the form in /gui/)
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user) {
$this->doView('user-forgot_password.php');
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
$this->redirectTo(osc_base_url());
}
break;
case 'forgot_post':
if (Params::getParam('new_password') == '' || Params::getParam('new_password2') == '') {
osc_add_flash_warning_message(_m('Password cannot be blank'));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user['b_enabled'] == 1) {
if (Params::getParam('new_password') == Params::getParam('new_password2')) {
User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => $_SERVER['REMOTE_ADDR'], 's_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => $user['pk_i_id']));
osc_add_flash_ok_message(_m('The password has been changed'));
$this->redirectTo(osc_user_login_url());
} else {
osc_add_flash_error_message(_m('Error, the password don\'t match'));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
}
$this->redirectTo(osc_base_url());
break;
default:
//login
if (osc_logged_user_id() != '') {
$this->redirectTo(osc_user_dashboard_url());
}
$this->doView('user-login.php');
}
}
public function init()
{
self::$user = $this->getUser();
if (!osc_is_web_user_logged_in()) {
self::$loginUrl = self::$facebook->getLoginUrl(array('scope' => 'email'));
}
if (!self::$user) {
return self::$facebook;
}
try {
self::$user_profile = self::$facebook->api('/me');
$this->dao->select($this->getFields());
$this->dao->from($this->getTableName());
$this->dao->where('i_facebook_uid', self::$user);
$rs = $this->dao->get();
if ($rs !== false && $rs->numRows() === 1) {
$fbUser = $rs->row();
if (count($fbUser) > 0) {
require_once osc_lib_path() . 'osclass/UserActions.php';
$uActions = new UserActions(false);
$logged = $uActions->bootstrap_login($fbUser['fk_i_user_id']);
switch ($logged) {
case 0:
osc_add_flash_error_message(__('The username doesn\'t exist', 'facebook'));
break;
case 1:
osc_add_flash_error_message(__('The user has not been validated yet', 'facebook'));
break;
case 2:
osc_add_flash_error_message(__('The user has been suspended', 'facebook'));
break;
case 3:
//osc_add_flash_ok_message( __( 'Login successfull', 'facebook' ) );
break;
}
return self::$facebook;
}
}
if (!isset(self::$user_profile['email'])) {
osc_add_flash_error_message(__('Some error occured trying to connect with Facebook.', 'facebook'));
header('Location: ' . self::$logoutUrl);
exit;
}
$manager = User::newInstance();
$oscUser = $manager->findByEmail(self::$user_profile['email']);
// exists on our DB, we merge both accounts
if (count($oscUser) > 0) {
require_once osc_lib_path() . 'osclass/UserActions.php';
$uActions = new UserActions(false);
$manager->dao->from($this->getTableName());
$manager->dao->set('fk_i_user_id', $oscUser['pk_i_id']);
$manager->dao->set('i_facebook_uid', self::$user_profile['id']);
$manager->dao->insert();
osc_add_flash_ok_message(__("You already have an user with this e-mail address. We've merged your accounts", 'facebook'));
// activate user in case is not activated
$manager->update(array('b_active' => '1'), array('pk_i_id' => $oscUser['pk_i_id']));
$logged = $uActions->bootstrap_login($oscUser['pk_i_id']);
} else {
// Auto-register him
$this->register_user(self::$user_profile);
}
// redirect to log in
header('Location: ' . osc_base_url());
exit;
} catch (FacebookApiException $e) {
self::$user = null;
}
return self::$facebook;
}
