function doModel() { switch ($this->action) { case 'login_post': //post execution for the login if (!osc_users_enabled()) { osc_add_flash_error_message(_m('Users are not enabled')); $this->redirectTo(osc_base_url()); } osc_csrf_check(); osc_run_hook('before_validating_login'); // e-mail or/and password is/are empty or incorrect $wrongCredentials = false; $email = Params::getParam('email'); $password = Params::getParam('password', false, false); if ($email == '') { osc_add_flash_error_message(_m('Please provide an email address')); $wrongCredentials = true; } if ($password == '') { osc_add_flash_error_message(_m('Empty passwords are not allowed. Please provide a password')); $wrongCredentials = true; } if ($wrongCredentials) { $this->redirectTo(osc_user_login_url()); } if (osc_validate_email($email)) { $user = User::newInstance()->findByEmail($email); } if (empty($user)) { $user = User::newInstance()->findByUsername($email); } if (empty($user)) { osc_add_flash_error_message(_m("The user doesn't exist")); $this->redirectTo(osc_user_login_url()); } if (!osc_verify_password($password, isset($user['s_password']) ? $user['s_password'] : '')) { osc_add_flash_error_message(_m('The password is incorrect')); $this->redirectTo(osc_user_login_url()); // @TODO if valid user, send email parameter back to the login form } else { if (@$user['s_password'] != '') { if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $user['s_password'], $cost)) { if ($cost[1] != BCRYPT_COST) { User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id'])); } } else { User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id'])); } } } // e-mail or/and IP is/are banned $banned = osc_is_banned($email); // int 0: not banned or unknown, 1: email is banned, 2: IP is banned, 3: both email & IP are banned if ($banned & 1) { osc_add_flash_error_message(_m('Your current email is not allowed')); } if ($banned & 2) { osc_add_flash_error_message(_m('Your current IP is not allowed')); } if ($banned !== 0) { $this->redirectTo(osc_user_login_url()); } osc_run_hook('before_login'); $url_redirect = osc_get_http_referer(); $page_redirect = ''; if (osc_rewrite_enabled()) { if ($url_redirect != '') { $request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $url_redirect)); $tmp_ar = explode("?", $request_uri); $request_uri = $tmp_ar[0]; $rules = Rewrite::newInstance()->listRules(); foreach ($rules as $match => $uri) { if (preg_match('#' . $match . '#', $request_uri, $m)) { $request_uri = preg_replace('#' . $match . '#', $uri, $request_uri); if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) { $page_redirect = $match[2]; if ($page_redirect == '' || $page_redirect == 'login') { $url_redirect = osc_user_dashboard_url(); } } break; } } } } require_once LIB_PATH . 'osclass/UserActions.php'; $uActions = new UserActions(false); $logged = $uActions->bootstrap_login($user['pk_i_id']); if ($logged == 0) { osc_add_flash_error_message(_m("The user doesn't exist")); } else { if ($logged == 1) { if (time() - strtotime($user['dt_access_date']) > 1200) { // EACH 20 MINUTES osc_add_flash_error_message(sprintf(_m('The user has not been validated yet. Would you like to re-send your <a href="%s">activation?</a>'), osc_user_resend_activation_link($user['pk_i_id'], $user['s_email']))); } else { osc_add_flash_error_message(_m('The user has not been validated yet')); } } else { if ($logged == 2) { osc_add_flash_error_message(_m('The user has been suspended')); } else { if ($logged == 3) { if (Params::getParam('remember') == 1) { //this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_userId', $user['pk_i_id']); Cookie::newInstance()->push('oc_userSecret', $secret); Cookie::newInstance()->set(); } if ($url_redirect == '') { $url_redirect = osc_user_dashboard_url(); } osc_run_hook("after_login", $user, $url_redirect); $this->redirectTo(osc_apply_filter('correct_login_url_redirect', $url_redirect)); } else { osc_add_flash_error_message(_m('This should never happen')); } } } } if (!$user['b_enabled']) { $this->redirectTo(osc_user_login_url()); } $this->redirectTo(osc_user_login_url()); break; case 'resend': $id = Params::getParam('id'); $email = Params::getParam('email'); $user = User::newInstance()->findByPrimaryKey($id); if ($id == '' || $email == '' || !isset($user) || $user['b_active'] == 1 || $email != $user['s_email']) { osc_add_flash_error_message(_m('Incorrect link')); $this->redirectTo(osc_user_login_url()); } if (time() - strtotime($user['dt_access_date']) > 1200) { // EACH 20 MINUTES if (osc_notify_new_user()) { osc_run_hook('hook_email_admin_new_user', $user); } if (osc_user_validation_enabled()) { osc_run_hook('hook_email_user_validation', $user, $user); } User::newInstance()->update(array('dt_access_date' => date('Y-m-d H:i:s')), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('Validation email re-sent')); } else { osc_add_flash_warning_message(_m('We have just sent you an email to validate your account, you will have to wait a few minutes to resend it again')); } $this->redirectTo(osc_user_login_url()); break; case 'recover': //form to recover the password (in this case we have the form in /gui/) $this->doView('user-recover.php'); break; case 'recover_post': //post execution to recover the password osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; // e-mail is incorrect if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) { osc_add_flash_error_message(_m('Invalid email address')); $this->redirectTo(osc_recover_user_password_url()); } $userActions = new UserActions(false); $success = $userActions->recover_password(); switch ($success) { case 0: // recover ok osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password')); $this->redirectTo(osc_base_url()); break; case 1: // e-mail does not exist osc_add_flash_error_message(_m('We were not able to identify you given the information provided')); $this->redirectTo(osc_recover_user_password_url()); break; case 2: // recaptcha wrong osc_add_flash_error_message(_m('The recaptcha code is wrong')); $this->redirectTo(osc_recover_user_password_url()); break; } break; case 'forgot': //form to recover the password (in this case we have the form in /gui/) $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user) { $this->doView('user-forgot_password.php'); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'forgot_post': osc_csrf_check(); if (Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user['b_enabled'] == 1) { if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) { User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => Params::getServerParam('REMOTE_ADDR'), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed')); $this->redirectTo(osc_user_login_url()); } else { osc_add_flash_error_message(_m("Error, the password don't match")); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); } $this->redirectTo(osc_base_url()); break; default: //login Session::newInstance()->_setReferer(osc_get_http_referer()); if (osc_logged_user_id() != '') { $this->redirectTo(osc_user_dashboard_url()); } $this->doView('user-login.php'); } }
function doModel() { switch ($this->action) { case 'login_post': //post execution for the login osc_csrf_check(); osc_run_hook('before_login_admin'); $url_redirect = osc_get_http_referer(); $page_redirect = ''; $password = Params::getParam('password', false, false); if (preg_match('|[\\?&]page=([^&]+)|', $url_redirect . '&', $match)) { $page_redirect = $match[1]; } if ($page_redirect == '' || $page_redirect == 'login' || $url_redirect == '') { $url_redirect = osc_admin_base_url(); } if (Params::getParam('user') == '') { osc_add_flash_error_message(_m('The username field is empty'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } if (Params::getParam('password', false, false) == '') { osc_add_flash_error_message(_m('The password field is empty'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } // fields are not empty $admin = Admin::newInstance()->findByUsername(Params::getParam('user')); if (!$admin) { osc_add_flash_error_message(sprintf(_m('Sorry, incorrect username. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } if (!osc_verify_password($password, $admin['s_password'])) { osc_add_flash_error_message(sprintf(_m('Sorry, incorrect password. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&action=recover'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=login"); } else { if (@$admin['s_password'] != '') { if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $admin['s_password'], $cost)) { if ($cost[1] != BCRYPT_COST) { Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id'])); } } else { Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id'])); } } } if (Params::getParam('remember')) { // this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']); Cookie::newInstance()->push('oc_adminSecret', $secret); Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale')); Cookie::newInstance()->set(); } // we are logged in... let's go! Session::newInstance()->_set('adminId', $admin['pk_i_id']); Session::newInstance()->_set('adminUserName', $admin['s_username']); Session::newInstance()->_set('adminName', $admin['s_name']); Session::newInstance()->_set('adminEmail', $admin['s_email']); Session::newInstance()->_set('adminLocale', Params::getParam('locale')); osc_run_hook('login_admin', $admin); $this->redirectTo($url_redirect); break; case 'recover': // form to recover the password (in this case we have the form in /gui/) $this->doView('gui/recover.php'); break; case 'recover_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url()); } osc_csrf_check(); // post execution to recover the password $admin = Admin::newInstance()->findByEmail(Params::getParam('email')); if ($admin) { if (osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The reCAPTCHA code is wrong'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover'); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $newPassword = osc_genRandomPassword(40); Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id'])); $password_url = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword); osc_run_hook('hook_email_user_forgot_password', $admin, $password_url); } osc_add_flash_ok_message(_m('A new password has been sent to your e-mail'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login'); break; case 'forgot': // form to recover the password (in this case we have the form in /gui/) $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if (!$admin) { osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin'); $this->redirectTo(osc_admin_base_url()); } $this->doView('gui/forgot_password.php'); break; case 'forgot_post': osc_csrf_check(); $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code')); if (!$admin) { osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin'); $this->redirectTo(osc_admin_base_url()); } if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) { Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $admin['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed'), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=login'); } else { osc_add_flash_error_message(_m("Error, the passwords don't match"), 'admin'); $this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code'))); } break; default: //osc_run_hook( 'init_admin' ); Session::newInstance()->_setReferer(osc_get_http_referer()); $this->doView('gui/login.php'); break; } }
function doModel() { switch ($this->action) { case 'login_post': //post execution for the login if (!osc_users_enabled()) { osc_add_flash_error_message(_m('Users are not enabled')); $this->redirectTo(osc_base_url()); } require_once LIB_PATH . 'osclass/UserActions.php'; $user = User::newInstance()->findByEmail(Params::getParam('email')); $url_redirect = osc_get_http_referer(); $page_redirect = ''; if (osc_rewrite_enabled()) { if ($url_redirect != '') { $request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $url_redirect)); $tmp_ar = explode("?", $request_uri); $request_uri = $tmp_ar[0]; $rules = Rewrite::newInstance()->listRules(); foreach ($rules as $match => $uri) { if (preg_match('#' . $match . '#', $request_uri, $m)) { $request_uri = preg_replace('#' . $match . '#', $uri, $request_uri); if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) { $page_redirect = $match[2]; if ($page_redirect == '' || $page_redirect == 'login') { $url_redirect = osc_user_dashboard_url(); } } break; } } } } else { if (preg_match('|[\\?&]page=([^&]+)|', $url_redirect . '&', $match)) { $page_redirect = $match[1]; } } if ($url_redirect == '') { $url_redirect = osc_user_dashboard_url(); } if (!$user) { osc_add_flash_error_message(_m("The user doesn't exist")); $this->redirectTo(osc_user_login_url()); } if ($user["s_password"] != sha1(Params::getParam('password', false, false))) { osc_add_flash_error_message(_m('The password is incorrect')); $this->redirectTo(osc_user_login_url()); } $uActions = new UserActions(false); $logged = $uActions->bootstrap_login($user['pk_i_id']); if ($logged == 0) { osc_add_flash_error_message(_m("The user doesn't exist")); } else { if ($logged == 1) { osc_add_flash_error_message(_m('The user has not been validated yet')); } else { if ($logged == 2) { osc_add_flash_error_message(_m('The user has been suspended')); } else { if ($logged == 3) { if (Params::getParam('remember') == 1) { //this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_userId', $user['pk_i_id']); Cookie::newInstance()->push('oc_userSecret', $secret); Cookie::newInstance()->set(); } $this->redirectTo($url_redirect); } else { osc_add_flash_error_message(_m('This should never happen')); } } } } if (!$user['b_enabled']) { $this->redirectTo(osc_user_login_url()); } $this->redirectTo(osc_user_login_url()); break; case 'recover': //form to recover the password (in this case we have the form in /gui/) $this->doView('user-recover.php'); break; case 'recover_post': //post execution to recover the password require_once LIB_PATH . 'osclass/UserActions.php'; // e-mail is incorrect if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) { osc_add_flash_error_message(_m('Invalid email address')); $this->redirectTo(osc_recover_user_password_url()); } $userActions = new UserActions(false); $success = $userActions->recover_password(); switch ($success) { case 0: // recover ok osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password')); $this->redirectTo(osc_base_url()); break; case 1: // e-mail does not exist osc_add_flash_error_message(_m('We were not able to identify you given the information provided')); $this->redirectTo(osc_recover_user_password_url()); break; case 2: // recaptcha wrong osc_add_flash_error_message(_m('The recaptcha code is wrong')); $this->redirectTo(osc_recover_user_password_url()); break; } break; case 'forgot': //form to recover the password (in this case we have the form in /gui/) $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user) { $this->doView('user-forgot_password.php'); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'forgot_post': if (Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user['b_enabled'] == 1) { if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) { User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => $_SERVER['REMOTE_ADDR'], 's_password' => sha1(Params::getParam('new_password', false, false))), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed')); $this->redirectTo(osc_user_login_url()); } else { osc_add_flash_error_message(_m("Error, the password don't match")); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); } $this->redirectTo(osc_base_url()); break; default: //login Session::newInstance()->_setReferer(osc_get_http_referer()); if (osc_logged_user_id() != '') { $this->redirectTo(osc_user_dashboard_url()); } $this->doView('user-login.php'); } }
/** * Check is CSRF token is valid, die in other case * * @since 3.1 */ function osc_csrf_check() { $error = false; $str_error = ''; if(Params::getParam('CSRFName')=='' || Params::getParam('CSRFToken')=='') { $str_error = _m('Probable invalid request.') ; $error = true; } else { $name = Params::getParam('CSRFName'); $token = Params::getParam('CSRFToken'); if (!osc_csrfguard_validate_token($name, $token)) { $str_error = _m('Invalid CSRF token.'); $error = true; } } if( defined('IS_AJAX') ) { if($error && IS_AJAX === true ) { echo json_encode(array( 'error' => 1, 'msg' => $str_error )); exit; } } // ¿ check if is ajax request ? if($error) { if(OC_ADMIN) { osc_add_flash_error_message($str_error, 'admin'); } else { osc_add_flash_error_message($str_error); } $url = osc_get_http_referer(); // be sure that drop session referer Session::newInstance()->_dropReferer(); if($url!='') { osc_redirect_to($url); } if(OC_ADMIN) { osc_redirect_to( osc_admin_base_url(true) ); } else { osc_redirect_to( osc_base_url(true) ); } } }
function doModel() { parent::doModel(); //specific things for this class switch ($this->action) { case 'add': $this->doView("plugins/add.php"); break; case 'add_post': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); } osc_csrf_check(); $package = Params::getFiles("package"); if (isset($package['size']) && $package['size'] != 0) { $path = osc_plugins_path(); (int) ($status = osc_unzip_file($package['tmp_name'], $path)); } else { $status = 3; } switch ($status) { case 0: $msg = _m('The plugin folder is not writable'); osc_add_flash_error_message($msg, 'admin'); break; case 1: $msg = _m('The plugin has been uploaded correctly'); osc_add_flash_ok_message($msg, 'admin'); break; case 2: $msg = _m('The zip file is not valid'); osc_add_flash_error_message($msg, 'admin'); break; case 3: $msg = _m('No file was uploaded'); osc_add_flash_error_message($msg, 'admin'); $this->redirectTo(osc_admin_base_url(true) . "?page=plugins&action=add"); break; case -1: default: $msg = _m('There was a problem adding the plugin'); osc_add_flash_error_message($msg, 'admin'); break; } $this->redirectTo(osc_admin_base_url(true) . "?page=plugins"); break; case 'install': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); } osc_csrf_check(); $pn = Params::getParam('plugin'); // set header just in case it's triggered some fatal error header("Location: " . osc_admin_base_url(true) . "?page=plugins&error=" . $pn, true, '302'); $installed = Plugins::install($pn); if (is_array($installed)) { switch ($installed['error_code']) { case 'error_output': osc_add_flash_error_message(sprintf(_m('The plugin generated %d characters of <strong>unexpected output</strong> during the installation'), strlen($installed['output'])), 'admin'); break; case 'error_installed': osc_add_flash_error_message(_m('Plugin is already installed'), 'admin'); break; case 'error_file': osc_add_flash_error_message(_m("Plugin couldn't be installed because their files are missing"), 'admin'); break; case 'custom_error': osc_add_flash_error_message(sprintf(_m("Plugin couldn't be installed because of: %s"), $installed['msg']), 'admin'); break; default: osc_add_flash_error_message(_m("Plugin couldn't be installed"), 'admin'); break; } } else { osc_add_flash_ok_message(_m('Plugin installed'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); break; case 'uninstall': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); } osc_csrf_check(); if (Plugins::uninstall(Params::getParam("plugin"))) { osc_add_flash_ok_message(_m('Plugin uninstalled'), 'admin'); } else { osc_add_flash_error_message(_m("Plugin couldn't be uninstalled"), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); break; case 'enable': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); } osc_csrf_check(); if (Plugins::activate(Params::getParam('plugin'))) { osc_add_flash_ok_message(_m('Plugin enabled'), 'admin'); } else { osc_add_flash_error_message(_m('Plugin is already enabled'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); break; case 'disable': if (defined('DEMO')) { osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin'); $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); } osc_csrf_check(); if (Plugins::deactivate(Params::getParam('plugin'))) { osc_add_flash_ok_message(_m('Plugin disabled'), 'admin'); } else { osc_add_flash_error_message(_m('Plugin is already disabled'), 'admin'); } $this->redirectTo(osc_admin_base_url(true) . '?page=plugins'); break; case 'admin': $plugin = Params::getParam("plugin"); if ($plugin != "") { Plugins::runHook($plugin . '_configure'); } break; case 'admin_post': Plugins::runHook('admin_post'); break; case 'renderplugin': $file = Params::getParam("file"); if ($file != "") { // We pass the GET variables (in case we have somes) if (preg_match('|(.+?)\\?(.*)|', $file, $match)) { $file = $match[1]; if (preg_match_all('|&([^=]+)=([^&]*)|', urldecode('&' . $match[2] . '&'), $get_vars)) { for ($var_k = 0; $var_k < count($get_vars[1]); $var_k++) { //$_GET[$get_vars[1][$var_k]] = $get_vars[2][$var_k]; //$_REQUEST[$get_vars[1][$var_k]] = $get_vars[2][$var_k]; Params::setParam($get_vars[1][$var_k], $get_vars[2][$var_k]); } } } else { $file = $_REQUEST['file']; } $this->_exportVariableToView("file", osc_plugins_path() . $file); //osc_renderPluginView($file); $this->doView("plugins/view.php"); } break; case 'configure': $plugin = Params::getParam("plugin"); if ($plugin != '') { $plugin_data = Plugins::getInfo($plugin); $this->_exportVariableToView("categories", Category::newInstance()->toTreeAll()); $this->_exportVariableToView("selected", PluginCategory::newInstance()->listSelected($plugin_data['short_name'])); $this->_exportVariableToView("plugin_data", $plugin_data); $this->doView("plugins/configuration.php"); } else { $this->redirectTo(osc_admin_base_url(true) . "?page=plugins"); } break; case 'configure_post': osc_csrf_check(); $plugin_short_name = Params::getParam("plugin_short_name"); $categories = Params::getParam("categories"); if ($plugin_short_name != "") { Plugins::cleanCategoryFromPlugin($plugin_short_name); if (isset($categories)) { Plugins::addToCategoryPlugin($categories, $plugin_short_name); } osc_add_flash_ok_message(_m('Configuration was saved'), 'admin'); $this->redirectTo(osc_get_http_referer()); } osc_add_flash_error_message(_m('No plugin selected'), 'admin'); $this->doView('plugins/index.php'); break; case 'error_plugin': // force php errors and simulate plugin installation to show the errors in the iframe if (!OSC_DEBUG) { error_reporting(E_ALL | E_STRICT); } @ini_set('display_errors', 1); include osc_plugins_path() . Params::getParam('plugin'); Plugins::install(Params::getParam('plugin')); exit; break; default: // $marketError = Params::getParam('marketError'); // $slug = Params::getParam('slug'); // if($marketError!='') { // if($marketError == '0') { // no error installed ok // $extra = '<br/><br/><b>' . __('You only need to install and configure the plugin.') . '</b>'; // osc_add_flash_ok_message( __('Everything was OK!') . ' ( ' . $slug . ' ) ' . $extra , 'admin'); // } else { // osc_add_flash_error_message( __('Error occurred') . ' ' . $slug , 'admin'); // } // } if (Params::getParam('checkUpdated') != '') { osc_admin_toolbar_update_plugins(true); } if (Params::getParam('iDisplayLength') == '') { Params::setParam('iDisplayLength', 10); } // ? $this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength')); $p_iPage = 1; if (is_numeric(Params::getParam('iPage')) && Params::getParam('iPage') >= 1) { $p_iPage = Params::getParam('iPage'); } Params::setParam('iPage', $p_iPage); $aPlugin = Plugins::listAll(); $active_plugins = osc_get_plugins(); // pagination $start = ($p_iPage - 1) * Params::getParam('iDisplayLength'); $limit = Params::getParam('iDisplayLength'); $count = count($aPlugin); $displayRecords = $limit; if ($start + $limit > $count) { $displayRecords = $start + $limit - $count; } // -------------------------------------------------------- $aData = array(); $aInfo = array(); $max = $start + $limit; if ($max > $count) { $max = $count; } $aPluginsToUpdate = json_decode(getPreference('plugins_to_update')); $bPluginsToUpdate = is_array($aPluginsToUpdate) ? true : false; for ($i = $start; $i < $max; $i++) { $plugin = $aPlugin[$i]; $row = array(); $pInfo = osc_plugin_get_info($plugin); // prepare row 1 $installed = 0; if (osc_plugin_is_installed($plugin)) { $installed = 1; } $enabled = 0; if (osc_plugin_is_enabled($plugin)) { $enabled = 1; } // prepare row 2 $sUpdate = ''; // get plugins to update from t_preference if ($bPluginsToUpdate) { if (in_array(@$pInfo['plugin_update_uri'], $aPluginsToUpdate)) { $sUpdate = '<a class="market_update market-popup" href="#' . htmlentities($pInfo['plugin_update_uri']) . '">' . __("There's a new update available") . '</a>'; } } // prepare row 4 $sConfigure = ''; if (isset($active_plugins[$plugin . '_configure'])) { $sConfigure = '<a href="' . osc_admin_base_url(true) . '?page=plugins&action=admin&plugin=' . $pInfo['filename'] . "&" . osc_csrf_token_url() . '">' . __('Configure') . '</a>'; } // prepare row 5 $sEnable = ''; if ($installed) { if ($enabled) { $sEnable = '<a href="' . osc_admin_base_url(true) . '?page=plugins&action=disable&plugin=' . $pInfo['filename'] . "&" . osc_csrf_token_url() . '">' . __('Disable') . '</a>'; } else { $sEnable = '<a href="' . osc_admin_base_url(true) . '?page=plugins& action=enable&plugin=' . $pInfo['filename'] . "&" . osc_csrf_token_url() . '">' . __('Enable') . '</a>'; } } // prepare row 6 $sInstall = ''; if ($installed) { $sInstall = '<a onclick="javascript:return uninstall_dialog(\'' . $pInfo['filename'] . '\');" href="' . osc_admin_base_url(true) . '?page=plugins&action=uninstall& plugin=' . $pInfo['filename'] . "&" . osc_csrf_token_url() . '">' . __('Uninstall') . '</a>'; } else { $sInstall = '<a href="' . osc_admin_base_url(true) . '?page=plugins& action=install&plugin=' . $pInfo['filename'] . "&" . osc_csrf_token_url() . '">' . __('Install') . '</a>'; } $row[] = '<input type="hidden" name="installed" value="' . $installed . '" enabled="' . $enabled . '" />' . $pInfo['plugin_name'] . '<div>' . $sUpdate . '</div>'; $row[] = $pInfo['description']; $row[] = $sUpdate != '' ? $sUpdate : ' '; $row[] = $sConfigure != '' ? $sConfigure : ' '; $row[] = $sEnable != '' ? $sEnable : ' '; $row[] = $sInstall != '' ? $sInstall : ' '; $aData[] = $row; if (@$pInfo['plugin_update_uri'] != '') { $aInfo[@$pInfo['plugin_update_uri']] = $pInfo; } else { $aInfo[$i] = $pInfo; } } $array['iTotalRecords'] = $displayRecords; $array['iTotalDisplayRecords'] = count($aPlugin); $array['iDisplayLength'] = $limit; $array['aaData'] = $aData; $array['aaInfo'] = $aInfo; // -------------------------------------------------------- $page = (int) Params::getParam('iPage'); if (count($array['aaData']) == 0 && $page != 1) { $total = (int) $array['iTotalDisplayRecords']; $maxPage = ceil($total / (int) $array['iDisplayLength']); $url = osc_admin_base_url(true) . '?' . $_SERVER['QUERY_STRING']; if ($maxPage == 0) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url); $this->redirectTo($url); } if ($page > 1) { $url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url); $this->redirectTo($url); } } $this->_exportVariableToView('aPlugins', $array); $this->doView("plugins/index.php"); break; } }