Exemplo n.º 1
0
 function doModel()
 {
     switch ($this->action) {
         case 'contact_post':
             //contact_post
             $yourName = Params::getParam('yourName');
             $yourEmail = Params::getParam('yourEmail');
             $subject = Params::getParam('subject');
             $message = Params::getParam('message');
             if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
                 if (!osc_check_recaptcha()) {
                     osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
                     Session::newInstance()->_setForm("yourName", $yourName);
                     Session::newInstance()->_setForm("yourEmail", $yourEmail);
                     Session::newInstance()->_setForm("subject", $subject);
                     Session::newInstance()->_setForm("message_body", $message);
                     $this->redirectTo(osc_contact_url());
                     return false;
                     // BREAK THE PROCESS, THE RECAPTCHA IS WRONG
                 }
             }
             if (!preg_match('|.*?@.{2,}\\..{2,}|', $yourEmail)) {
                 osc_add_flash_error_message(_m('Please enter a correct email'));
                 Session::newInstance()->_setForm("yourName", $yourName);
                 Session::newInstance()->_setForm("subject", $subject);
                 Session::newInstance()->_setForm("message_body", $message);
                 $this->redirectTo(osc_contact_url());
             }
             $message = sprintf(__("%s (%s) left this message : %s"), $yourName, $yourEmail, $message);
             $params = array('reply_to' => $yourEmail, 'subject' => '[' . osc_page_title() . '] ' . __('Contact form') . ': ' . $subject, 'to' => osc_contact_email(), 'to_name' => __('Administrator'), 'body' => $message, 'alt_body' => $message);
             if (osc_contact_attachment()) {
                 $attachment = Params::getFiles('attachment');
                 $resourceName = $attachment['name'];
                 $tmpName = $attachment['tmp_name'];
                 $resourceType = $attachment['type'];
                 $path = osc_content_path() . 'uploads/' . time() . '_' . $resourceName;
                 if (!is_writable(osc_content_path() . 'uploads/')) {
                     osc_add_flash_error_message(_m('There have been some errors sending the message'));
                     $this->redirectTo(osc_contact_url());
                 }
                 if (!move_uploaded_file($tmpName, $path)) {
                     unset($path);
                 }
             }
             if (isset($path)) {
                 $params['attachment'] = $path;
             }
             osc_sendMail($params);
             osc_add_flash_ok_message(_m('Your email has been sent properly. Thank you for contacting us!'));
             $this->redirectTo(osc_contact_url());
             break;
         default:
             //contact
             $this->doView('contact.php');
     }
 }
Exemplo n.º 2
0
</div>
                    <div class="form-controls">
                        <input type="text" class="input-large" name="recaptchaPubKey" value="<?php 
echo osc_recaptcha_public_key() ? osc_esc_html(osc_recaptcha_public_key()) : '';
?>
" />
                    </div>
                </div>
                <div class="form-row">
                    <div class="form-label"><?php 
_e('reCAPTCHA Private key');
?>
</div>
                    <div class="form-controls">
                        <input type="text" class="input-large" name="recaptchaPrivKey" value="<?php 
echo osc_recaptcha_private_key() ? osc_esc_html(osc_recaptcha_private_key()) : '';
?>
" />
                    </div>
                </div>
                <?php 
if (osc_recaptcha_public_key() != '') {
    ?>
                <div class="form-row">
                    <div class="form-label"><?php 
    _e('If you see the reCAPTCHA form it means that you have correctly entered the public key');
    ?>
</div>
                    <div class="form-controls">
                        <?php 
    require_once osc_lib_path() . 'recaptchalib.php';
Exemplo n.º 3
0
function osc_check_recaptcha()
{
    require_once osc_lib_path() . 'recaptchalib.php';
    if (Params::getParam("recaptcha_challenge_field") != '') {
        $resp = recaptcha_check_answer(osc_recaptcha_private_key(), $_SERVER["REMOTE_ADDR"], Params::getParam("recaptcha_challenge_field"), Params::getParam("recaptcha_response_field"));
        return $resp->is_valid;
    }
    return false;
}
Exemplo n.º 4
0
 function doModel()
 {
     //calling the view...
     $locales = OSCLocale::newInstance()->listAllEnabled();
     $this->_exportVariableToView('locales', $locales);
     switch ($this->action) {
         case 'item_add':
             // post
             if (osc_reg_user_post() && $this->user == null) {
                 osc_add_flash_warning_message(_m('Only registered users are allowed to post listings'));
                 $this->redirectTo(osc_user_login_url());
             }
             $countries = Country::newInstance()->listAll();
             $regions = array();
             if (isset($this->user['fk_c_country_code']) && $this->user['fk_c_country_code'] != '') {
                 $regions = Region::newInstance()->findByCountry($this->user['fk_c_country_code']);
             } else {
                 if (count($countries) > 0) {
                     $regions = Region::newInstance()->findByCountry($countries[0]['pk_c_code']);
                 }
             }
             $cities = array();
             if (isset($this->user['fk_i_region_id']) && $this->user['fk_i_region_id'] != '') {
                 $cities = City::newInstance()->findByRegion($this->user['fk_i_region_id']);
             } else {
                 if (count($regions) > 0) {
                     $cities = City::newInstance()->findByRegion($regions[0]['pk_i_id']);
                 }
             }
             $this->_exportVariableToView('countries', $countries);
             $this->_exportVariableToView('regions', $regions);
             $this->_exportVariableToView('cities', $cities);
             $form = count(Session::newInstance()->_getForm());
             $keepForm = count(Session::newInstance()->_getKeepForm());
             if ($form == 0 || $form == $keepForm) {
                 Session::newInstance()->_dropKeepForm();
             }
             if (Session::newInstance()->_getForm('countryId') != "") {
                 $countryId = Session::newInstance()->_getForm('countryId');
                 $regions = Region::newInstance()->findByCountry($countryId);
                 $this->_exportVariableToView('regions', $regions);
                 if (Session::newInstance()->_getForm('regionId') != "") {
                     $regionId = Session::newInstance()->_getForm('regionId');
                     $cities = City::newInstance()->findByRegion($regionId);
                     $this->_exportVariableToView('cities', $cities);
                 }
             }
             $this->_exportVariableToView('user', $this->user);
             osc_run_hook('post_item');
             $this->doView('item-post.php');
             break;
         case 'item_add_post':
             //post_item
             if (osc_reg_user_post() && $this->user == null) {
                 osc_add_flash_warning_message(_m('Only registered users are allowed to post listings'));
                 $this->redirectTo(osc_base_url(true));
             }
             $mItems = new ItemActions(false);
             // prepare data for ADD ITEM
             $mItems->prepareData(true);
             // set all parameters into session
             foreach ($mItems->data as $key => $value) {
                 Session::newInstance()->_setForm($key, $value);
             }
             $meta = Params::getParam('meta');
             if (is_array($meta)) {
                 foreach ($meta as $key => $value) {
                     Session::newInstance()->_setForm('meta_' . $key, $value);
                     Session::newInstance()->_keepForm('meta_' . $key);
                 }
             }
             if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
                 if (!osc_check_recaptcha()) {
                     osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
                     $this->redirectTo(osc_item_post_url());
                     return false;
                     // BREAK THE PROCESS, THE RECAPTCHA IS WRONG
                 }
             }
             if (!osc_is_web_user_logged_in()) {
                 $user = User::newInstance()->findByEmail($mItems->data['contactEmail']);
                 // The user exists but it's not logged
                 if (isset($user['pk_i_id'])) {
                     foreach ($mItems->data as $key => $value) {
                         Session::newInstance()->_keepForm($key);
                     }
                     osc_add_flash_error_message(_m('A user with that email address already exists, if it is you, please log in'));
                     $this->redirectTo(osc_user_login_url());
                 }
             }
             // POST ITEM ( ADD ITEM )
             $success = $mItems->add();
             if ($success != 1 && $success != 2) {
                 osc_add_flash_error_message($success);
                 $this->redirectTo(osc_item_post_url());
             } else {
                 Session::newInstance()->_dropkeepForm('meta_' . $key);
                 if ($success == 1) {
                     osc_add_flash_ok_message(_m('Check your inbox to validate your listing'));
                 } else {
                     osc_add_flash_ok_message(_m('Your listing has been published'));
                 }
                 $itemId = Params::getParam('itemId');
                 $item = $this->itemManager->findByPrimaryKey($itemId);
                 osc_run_hook('posted_item', $item);
                 $category = Category::newInstance()->findByPrimaryKey(Params::getParam('catId'));
                 View::newInstance()->_exportVariableToView('category', $category);
                 $this->redirectTo(osc_search_category_url());
             }
             break;
         case 'item_edit':
             // edit item
             $secret = Params::getParam('secret');
             $id = Params::getParam('id');
             $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", addslashes($id), addslashes($secret), addslashes($this->userId));
             if (count($item) == 1) {
                 $item = Item::newInstance()->findByPrimaryKey($id);
                 $form = count(Session::newInstance()->_getForm());
                 $keepForm = count(Session::newInstance()->_getKeepForm());
                 if ($form == 0 || $form == $keepForm) {
                     Session::newInstance()->_dropKeepForm();
                 }
                 $this->_exportVariableToView('item', $item);
                 osc_run_hook("before_item_edit", $item);
                 $this->doView('item-edit.php');
             } else {
                 // add a flash message [ITEM NO EXISTE]
                 osc_add_flash_error_message(_m("Sorry, we don't have any listings with that ID"));
                 if ($this->user != null) {
                     $this->redirectTo(osc_user_list_items_url());
                 } else {
                     $this->redirectTo(osc_base_url());
                 }
             }
             break;
         case 'item_edit_post':
             // recoger el secret y el
             $secret = Params::getParam('secret');
             $id = Params::getParam('id');
             $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", addslashes($id), addslashes($secret), addslashes($this->userId));
             if (count($item) == 1) {
                 $this->_exportVariableToView('item', $item[0]);
                 $mItems = new ItemActions(false);
                 // prepare data for ADD ITEM
                 $mItems->prepareData(false);
                 // set all parameters into session
                 foreach ($mItems->data as $key => $value) {
                     Session::newInstance()->_setForm($key, $value);
                 }
                 $meta = Params::getParam('meta');
                 if (is_array($meta)) {
                     foreach ($meta as $key => $value) {
                         Session::newInstance()->_setForm('meta_' . $key, $value);
                         Session::newInstance()->_keepForm('meta_' . $key);
                     }
                 }
                 if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
                     if (!osc_check_recaptcha()) {
                         osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
                         $this->redirectTo(osc_item_edit_url());
                         return false;
                         // BREAK THE PROCESS, THE RECAPTCHA IS WRONG
                     }
                 }
                 $success = $mItems->edit();
                 osc_run_hook('edited_item', Item::newInstance()->findByPrimaryKey($id));
                 if ($success == 1) {
                     osc_add_flash_ok_message(_m("Great! We've just updated your listing"));
                     View::newInstance()->_exportVariableToView("item", Item::newInstance()->findByPrimaryKey($id));
                     $this->redirectTo(osc_item_url());
                 } else {
                     osc_add_flash_error_message($success);
                     $this->redirectTo(osc_item_edit_url($secret));
                 }
             }
             break;
         case 'activate':
             $secret = Params::getParam('secret');
             $id = Params::getParam('id');
             $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s') OR (i.fk_i_user_id = '%d'))", addslashes($id), addslashes($secret), addslashes($this->userId));
             // item doesn't exist
             if (count($item) == 0) {
                 $this->do404();
                 return;
             }
             View::newInstance()->_exportVariableToView('item', $item[0]);
             if ($item[0]['b_active'] == 0) {
                 // ACTIVETE ITEM
                 $mItems = new ItemActions(false);
                 $success = $mItems->activate($item[0]['pk_i_id'], $item[0]['s_secret']);
                 if ($success) {
                     osc_add_flash_ok_message(_m('The listing has been validated'));
                 } else {
                     osc_add_flash_error_message(_m("The listing can't be validated"));
                 }
             } else {
                 osc_add_flash_warning_message(_m('The listing has already been validated'));
             }
             $this->redirectTo(osc_item_url());
             break;
         case 'item_delete':
             $secret = Params::getParam('secret');
             $id = Params::getParam('id');
             $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s') OR (i.fk_i_user_id = '%d'))", addslashes($id), addslashes($secret), addslashes($this->userId));
             if (count($item) == 1) {
                 $mItems = new ItemActions(false);
                 $success = $mItems->delete($item[0]['s_secret'], $item[0]['pk_i_id']);
                 if ($success) {
                     osc_add_flash_ok_message(_m('Your listing has been deleted'));
                 } else {
                     osc_add_flash_error_message(_m("The listing you are trying to delete couldn't be deleted"));
                 }
                 if ($this->user != null) {
                     $this->redirectTo(osc_user_list_items_url());
                 } else {
                     $this->redirectTo(osc_base_url());
                 }
             } else {
                 osc_add_flash_error_message(_m("The listing you are trying to delete couldn't be deleted"));
                 $this->redirectTo(osc_base_url());
             }
             break;
         case 'mark':
             $id = Params::getParam('id');
             $as = Params::getParam('as');
             $item = Item::newInstance()->findByPrimaryKey($id);
             View::newInstance()->_exportVariableToView('item', $item);
             require_once osc_lib_path() . 'osclass/user-agents.php';
             foreach ($user_agents as $ua) {
                 if (preg_match('|' . $ua . '|', @$_SERVER['HTTP_USER_AGENT'])) {
                     // mark item if it's not a bot
                     $mItem = new ItemActions(false);
                     $mItem->mark($id, $as);
                     break;
                 }
             }
             osc_add_flash_ok_message(_m("Thanks! That's very helpful"));
             $this->redirectTo(osc_item_url());
             break;
         case 'send_friend':
             $item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
             $this->_exportVariableToView('item', $item);
             $this->doView('item-send-friend.php');
             break;
         case 'send_friend_post':
             $item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
             $this->_exportVariableToView('item', $item);
             Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail'));
             Session::newInstance()->_setForm("yourName", Params::getParam('yourName'));
             Session::newInstance()->_setForm("friendName", Params::getParam('friendName'));
             Session::newInstance()->_setForm("friendEmail", Params::getParam('friendEmail'));
             Session::newInstance()->_setForm("message_body", Params::getParam('message'));
             if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
                 if (!osc_check_recaptcha()) {
                     osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
                     $this->redirectTo(osc_item_send_friend_url());
                     return false;
                     // BREAK THE PROCESS, THE RECAPTCHA IS WRONG
                 }
             }
             $mItem = new ItemActions(false);
             $success = $mItem->send_friend();
             if ($success) {
                 Session::newInstance()->_clearVariables();
                 $this->redirectTo(osc_item_url());
             } else {
                 $this->redirectTo(osc_item_send_friend_url());
             }
             break;
         case 'contact':
             $item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
             if (empty($item)) {
                 osc_add_flash_error_message(_m("This listing doesn't exist"));
                 $this->redirectTo(osc_base_url(true));
             } else {
                 $this->_exportVariableToView('item', $item);
                 if (osc_item_is_expired()) {
                     osc_add_flash_error_message(_m("We're sorry, but the listing has expired. You can't contact the seller"));
                     $this->redirectTo(osc_item_url());
                 }
                 if (osc_reg_user_can_contact() && osc_is_web_user_logged_in() || !osc_reg_user_can_contact()) {
                     $this->doView('item-contact.php');
                 } else {
                     osc_add_flash_error_message(_m("You can't contact the seller, only registered users can"));
                     $this->redirectTo(osc_item_url());
                 }
             }
             break;
         case 'contact_post':
             $item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
             $this->_exportVariableToView('item', $item);
             if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
                 if (!osc_check_recaptcha()) {
                     osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
                     Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail'));
                     Session::newInstance()->_setForm("yourName", Params::getParam('yourName'));
                     Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber'));
                     Session::newInstance()->_setForm("message_body", Params::getParam('message'));
                     $this->redirectTo(osc_item_url());
                     return false;
                     // BREAK THE PROCESS, THE RECAPTCHA IS WRONG
                 }
             }
             if (osc_isExpired($item['dt_expiration'])) {
                 osc_add_flash_error_message(_m("We're sorry, but the listing has expired. You can't contact the seller"));
                 $this->redirectTo(osc_item_url());
             }
             $mItem = new ItemActions(false);
             $result = $mItem->contact();
             if (is_string($result)) {
                 osc_add_flash_error_message($result);
             } else {
                 osc_add_flash_ok_message(_m("We've just sent an e-mail to the seller"));
             }
             $this->redirectTo(osc_item_url());
             break;
         case 'add_comment':
             $mItem = new ItemActions(false);
             $status = $mItem->add_comment();
             switch ($status) {
                 case -1:
                     $msg = _m('Sorry, we could not save your comment. Try again later');
                     osc_add_flash_error_message($msg);
                     break;
                 case 1:
                     $msg = _m('Your comment is awaiting moderation');
                     osc_add_flash_info_message($msg);
                     break;
                 case 2:
                     $msg = _m('Your comment has been approved');
                     osc_add_flash_ok_message($msg);
                     break;
                 case 3:
                     $msg = _m('Please fill the required field (email)');
                     osc_add_flash_warning_message($msg);
                     break;
                 case 4:
                     $msg = _m('Please type a comment');
                     osc_add_flash_warning_message($msg);
                     break;
                 case 5:
                     $msg = _m('Your comment has been marked as spam');
                     osc_add_flash_error_message($msg);
                     break;
             }
             $this->redirectTo(osc_item_url());
             break;
         case 'delete_comment':
             $mItem = new ItemActions(false);
             $status = $mItem->add_comment();
             $itemId = Params::getParam('id');
             $commentId = Params::getParam('comment');
             $item = Item::newInstance()->findByPrimaryKey($itemId);
             if (count($item) == 0) {
                 osc_add_flash_error_message(_m("This listing doesn't exist"));
                 $this->redirectTo(osc_base_url(true));
             }
             View::newInstance()->_exportVariableToView('item', $item);
             if ($this->userId == null) {
                 osc_add_flash_error_message(_m('You must be logged in to delete a comment'));
                 $this->redirectTo(osc_item_url());
             }
             $commentManager = ItemComment::newInstance();
             $aComment = $commentManager->findByPrimaryKey($commentId);
             if (count($aComment) == 0) {
                 osc_add_flash_error_message(_m("The comment doesn't exist"));
                 $this->redirectTo(osc_item_url());
             }
             if ($aComment['b_active'] != 1) {
                 osc_add_flash_error_message(_m('The comment is not active, you cannot delete it'));
                 $this->redirectTo(osc_item_url());
             }
             if ($aComment['fk_i_user_id'] != $this->userId) {
                 osc_add_flash_error_message(_m('The comment was not added by you, you cannot delete it'));
                 $this->redirectTo(osc_item_url());
             }
             $commentManager->deleteByPrimaryKey($commentId);
             osc_add_flash_ok_message(_m('The comment has been deleted'));
             $this->redirectTo(osc_item_url());
             break;
         default:
             // if there isn't ID, show an error 404
             if (Params::getParam('id') == '') {
                 $this->do404();
                 return;
             }
             if (Params::getParam('lang') != '') {
                 Session::newInstance()->_set('userLocale', Params::getParam('lang'));
             }
             $item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
             // if item doesn't exist show an error 404
             if (count($item) == 0) {
                 $this->do404();
                 return;
             }
             if ($item['b_active'] != 1) {
                 if ($this->userId == $item['fk_i_user_id']) {
                     osc_add_flash_warning_message(_m("The listing hasn't been validated. Please validate it in order to make it public"));
                 } else {
                     osc_add_flash_warning_message(_m("This listing hasn't been validated"));
                     $this->redirectTo(osc_base_url(true));
                 }
             } else {
                 if ($item['b_enabled'] == 0) {
                     osc_add_flash_warning_message(_m('The listing has been suspended'));
                     $this->redirectTo(osc_base_url(true));
                 }
             }
             if (!osc_is_admin_user_logged_in()) {
                 require_once osc_lib_path() . 'osclass/user-agents.php';
                 foreach ($user_agents as $ua) {
                     if (preg_match('|' . $ua . '|', @$_SERVER['HTTP_USER_AGENT'])) {
                         $mStats = new ItemStats();
                         $mStats->increase('i_num_views', $item['pk_i_id']);
                         break;
                     }
                 }
             }
             foreach ($item['locale'] as $k => $v) {
                 $item['locale'][$k]['s_title'] = osc_apply_filter('item_title', $v['s_title']);
                 $item['locale'][$k]['s_description'] = nl2br(osc_apply_filter('item_description', $v['s_description']));
             }
             if ($item['fk_i_user_id'] != '') {
                 $user = User::newInstance()->findByPrimaryKey($item['fk_i_user_id']);
                 $this->_exportVariableToView('user', $user);
             }
             $this->_exportVariableToView('item', $item);
             osc_run_hook('show_item', $item);
             // redirect to the correct url just in case it has changed
             $itemURI = str_replace(osc_base_url(), '', osc_item_url());
             $URI = preg_replace('|^' . REL_WEB_URL . '|', '', $_SERVER['REQUEST_URI']);
             // do not clean QUERY_STRING if permalink is not enabled
             if (osc_rewrite_enabled()) {
                 $URI = str_replace('?' . $_SERVER['QUERY_STRING'], '', $URI);
             } else {
                 $params_keep = array('page', 'id');
                 $params = array();
                 foreach (Params::getParamsAsArray('get') as $k => $v) {
                     if (in_array($k, $params_keep)) {
                         $params[] = "{$k}={$v}";
                     }
                 }
                 $URI = 'index.php?' . implode('&', $params);
             }
             // redirect to the correct url
             if ($itemURI != $URI) {
                 $this->redirectTo(osc_base_url() . $itemURI);
             }
             $this->doView('item.php');
             break;
     }
 }
Exemplo n.º 5
0
                                    <label for="recaptchaPubKey"><?php 
_e('reCAPTCHA public key');
?>
</label><br />
                                    <input type="text" name="recaptchaPubKey" id="recaptchaPubKey" value="<?php 
echo osc_recaptcha_public_key() ? osc_recaptcha_public_key() : '';
?>
" />
                                </p>
                                <p>
                                    <label for="recaptchaPrivKey"><?php 
_e('reCAPTCHA private key');
?>
</label><br />
                                    <input type="text" name="recaptchaPrivKey" id="recaptchaPrivKey" value="<?php 
echo osc_recaptcha_private_key() ? osc_recaptcha_private_key() : '';
?>
" />
                                </p>
                            </fieldset>

                            <input id="button_save" type="submit" value="<?php 
_e('Update');
?>
" />
                        </form>
                    </div>
                </div>
            </div><!-- end of right column -->
        </div><!-- end of container -->
        <?php 
Exemplo n.º 6
0
    function doModel()
    {
        switch ($this->action) {
            case 'contact_post':
                //contact_post
                osc_csrf_check();
                $yourName = Params::getParam('yourName');
                $yourEmail = Params::getParam('yourEmail');
                $subject = Params::getParam('subject');
                $message = Params::getParam('message');
                if (osc_recaptcha_private_key() != '') {
                    if (!osc_check_recaptcha()) {
                        osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
                        Session::newInstance()->_setForm('yourName', $yourName);
                        Session::newInstance()->_setForm('yourEmail', $yourEmail);
                        Session::newInstance()->_setForm('subject', $subject);
                        Session::newInstance()->_setForm('message_body', $message);
                        $this->redirectTo(osc_contact_url());
                        return false;
                        // BREAK THE PROCESS, THE RECAPTCHA IS WRONG
                    }
                }
                $banned = osc_is_banned($yourEmail);
                if ($banned == 1) {
                    osc_add_flash_error_message(_m('Your current email is not allowed'));
                    $this->redirectTo(osc_contact_url());
                } else {
                    if ($banned == 2) {
                        osc_add_flash_error_message(_m('Your current IP is not allowed'));
                        $this->redirectTo(osc_contact_url());
                    }
                }
                $user = User::newInstance()->newInstance()->findByEmail($yourEmail);
                if (isset($user['b_active']) && ($user['b_active'] == 0 || $user['b_enabled'] == 0)) {
                    osc_add_flash_error_message(_m('Your current email is not allowed'));
                    $this->redirectTo(osc_contact_url());
                }
                if (!preg_match('|.*?@.{2,}\\..{2,}|', $yourEmail)) {
                    osc_add_flash_error_message(_m('Please enter a correct email'));
                    Session::newInstance()->_setForm('yourName', $yourName);
                    Session::newInstance()->_setForm('subject', $subject);
                    Session::newInstance()->_setForm('message_body', $message);
                    $this->redirectTo(osc_contact_url());
                }
                $message_name = sprintf(__('Name: %s'), $yourName);
                $message_email = sprintf(__('Email: %s'), $yourEmail);
                $message_subject = sprintf(__('Subject: %s'), $subject);
                $message_body = sprintf(__('Message: %s'), $message);
                $message_date = sprintf(__('Date: %s at %s'), date('l F d, Y'), date('g:i a'));
                $message_IP = sprintf(__('IP Address: %s'), get_ip());
                $message = <<<MESSAGE
{$message_name}
{$message_email}
{$message_subject}
{$message_body}

{$message_date}
{$message_IP}
MESSAGE;
                $params = array('from' => osc_contact_email(), 'to' => osc_contact_email(), 'to_name' => osc_page_title(), 'reply_to' => $yourEmail, 'subject' => '[' . osc_page_title() . '] ' . __('Contact'), 'body' => nl2br($message));
                $error = false;
                if (osc_contact_attachment()) {
                    $attachment = Params::getFiles('attachment');
                    if (isset($attachment['error']) && $attachment['error'] == UPLOAD_ERR_OK) {
                        $mime_array = array('text/php', 'text/x-php', 'application/php', 'application/x-php', 'application/x-httpd-php', 'application/x-httpd-php-source', 'application/x-javascript');
                        $resourceName = $attachment['name'];
                        $tmpName = $attachment['tmp_name'];
                        $resourceType = $attachment['type'];
                        if (function_exists('mime_content_type')) {
                            $resourceType = mime_content_type($tmpName);
                        }
                        if (function_exists('finfo_open')) {
                            $finfo = finfo_open(FILEINFO_MIME);
                            $output = finfo_file($finfo, $tmpName);
                            finfo_close($finfo);
                            $output = explode("; ", $output);
                            if (is_array($output)) {
                                $output = $output[0];
                            }
                            $resourceType = $output;
                        }
                        // check mime file
                        if (!in_array($resourceType, $mime_array)) {
                            $emailAttachment = array('path' => $tmpName, 'name' => $resourceName);
                            $error = false;
                        } else {
                            $error = true;
                        }
                        // --- check mime file
                    } else {
                        $error = true;
                    }
                }
                if (!$error) {
                    if (isset($emailAttachment)) {
                        $params['attachment'] = $emailAttachment;
                    }
                    osc_run_hook('pre_contact_post', $params);
                    osc_sendMail(osc_apply_filter('contact_params', $params));
                    if (isset($tmpName)) {
                        @unlink($tmpName);
                    }
                    osc_add_flash_ok_message(_m('Your email has been sent properly. Thank you for contacting us!'));
                } else {
                    osc_add_flash_error_message(_m('The file you tried to upload does not have a valid extension'));
                }
                $this->redirectTo(osc_contact_url());
                break;
            default:
                //contact
                $this->doView('contact.php');
        }
    }
Exemplo n.º 7
0
 function doModel()
 {
     //calling the view...
     $locales = OSCLocale::newInstance()->listAllEnabled();
     $this->_exportVariableToView('locales', $locales);
     switch ($this->action) {
         case 'item_add':
             // post
             if (osc_reg_user_post() && $this->user == null) {
                 // CHANGEME: This text
                 osc_add_flash_error_message(_m('Only registered users are allowed to post items'));
                 $this->redirectTo(osc_user_login_url());
             }
             $countries = Country::newInstance()->listAll();
             $regions = array();
             if (isset($this->user['fk_c_country_code']) && $this->user['fk_c_country_code'] != '') {
                 $regions = Region::newInstance()->getByCountry($this->user['fk_c_country_code']);
             } else {
                 if (count($countries) > 0) {
                     $regions = Region::newInstance()->getByCountry($countries[0]['pk_c_code']);
                 }
             }
             $cities = array();
             if (isset($this->user['fk_i_region_id']) && $this->user['fk_i_region_id'] != '') {
                 $cities = City::newInstance()->listWhere("fk_i_region_id = %d", $this->user['fk_i_region_id']);
             } else {
                 if (count($regions) > 0) {
                     $cities = City::newInstance()->listWhere("fk_i_region_id = %d", $regions[0]['pk_i_id']);
                 }
             }
             $this->_exportVariableToView('countries', $countries);
             $this->_exportVariableToView('regions', $regions);
             $this->_exportVariableToView('cities', $cities);
             $form = count(Session::newInstance()->_getForm());
             $keepForm = count(Session::newInstance()->_getKeepForm());
             if ($form == 0 || $form == $keepForm) {
                 Session::newInstance()->_dropKeepForm();
             }
             if (Session::newInstance()->_getForm('countryId') != "") {
                 $countryId = Session::newInstance()->_getForm('countryId');
                 $regions = Region::newInstance()->getByCountry($countryId);
                 $this->_exportVariableToView('regions', $regions);
                 if (Session::newInstance()->_getForm('regionId') != "") {
                     $regionId = Session::newInstance()->_getForm('regionId');
                     $cities = City::newInstance()->listWhere("fk_i_region_id = %d", $regionId);
                     $this->_exportVariableToView('cities', $cities);
                 }
             }
             $this->_exportVariableToView('user', $this->user);
             osc_run_hook('post_item');
             $this->doView('item-post.php');
             break;
         case 'item_add_post':
             //post_item
             if (osc_reg_user_post() && $this->user == null) {
                 osc_add_flash_error_message(_m('Only registered users are allowed to post items'));
                 $this->redirectTo(osc_base_url(true));
             }
             $mItems = new ItemActions(false);
             // prepare data for ADD ITEM
             $mItems->prepareData(true);
             // set all parameters into session
             foreach ($mItems->data as $key => $value) {
                 Session::newInstance()->_setForm($key, $value);
             }
             $meta = Params::getParam('meta');
             if (is_array($meta)) {
                 foreach ($meta as $key => $value) {
                     Session::newInstance()->_setForm('meta_' . $key, $value);
                     Session::newInstance()->_keepForm('meta_' . $key);
                 }
             }
             if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
                 if (!osc_check_recaptcha()) {
                     osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
                     $this->redirectTo(osc_item_post_url());
                     return false;
                     // BREAK THE PROCESS, THE RECAPTCHA IS WRONG
                 }
             }
             // POST ITEM ( ADD ITEM )
             $success = $mItems->add();
             if ($success != 1 && $success != 2) {
                 osc_add_flash_error_message($success);
                 $this->redirectTo(osc_item_post_url());
             } else {
                 Session::newInstance()->_dropkeepForm('meta_' . $key);
                 if ($success == 1) {
                     osc_add_flash_ok_message(_m('Check your inbox to verify your email address'));
                 } else {
                     osc_add_flash_ok_message(_m('Your item has been published'));
                 }
                 $itemId = Params::getParam('itemId');
                 $item = $this->itemManager->findByPrimaryKey($itemId);
                 osc_run_hook('posted_item', $item);
                 $category = Category::newInstance()->findByPrimaryKey(Params::getParam('catId'));
                 View::newInstance()->_exportVariableToView('category', $category);
                 $this->redirectTo(osc_search_category_url());
             }
             break;
         case 'item_edit':
             // edit item
             $secret = Params::getParam('secret');
             $id = Params::getParam('id');
             $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId);
             if (count($item) == 1) {
                 $item = Item::newInstance()->findByPrimaryKey($id);
                 $form = count(Session::newInstance()->_getForm());
                 $keepForm = count(Session::newInstance()->_getKeepForm());
                 if ($form == 0 || $form == $keepForm) {
                     Session::newInstance()->_dropKeepForm();
                 }
                 $this->_exportVariableToView('item', $item);
                 osc_run_hook("before_item_edit", $item);
                 $this->doView('item-edit.php');
             } else {
                 // add a flash message [ITEM NO EXISTE]
                 osc_add_flash_error_message(_m('Sorry, we don\'t have any items with that ID'));
                 if ($this->user != null) {
                     $this->redirectTo(osc_user_list_items_url());
                 } else {
                     $this->redirectTo(osc_base_url());
                 }
             }
             break;
         case 'item_edit_post':
             // recoger el secret y el
             $secret = Params::getParam('secret');
             $id = Params::getParam('id');
             $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId);
             if (count($item) == 1) {
                 $this->_exportVariableToView('item', $item[0]);
                 $mItems = new ItemActions(false);
                 // prepare data for ADD ITEM
                 $mItems->prepareData(false);
                 // set all parameters into session
                 foreach ($mItems->data as $key => $value) {
                     Session::newInstance()->_setForm($key, $value);
                 }
                 $meta = Params::getParam('meta');
                 if (is_array($meta)) {
                     foreach ($meta as $key => $value) {
                         Session::newInstance()->_setForm('meta_' . $key, $value);
                         Session::newInstance()->_keepForm('meta_' . $key);
                     }
                 }
                 if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
                     if (!osc_check_recaptcha()) {
                         osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
                         $this->redirectTo(osc_item_post_url());
                         return false;
                         // BREAK THE PROCESS, THE RECAPTCHA IS WRONG
                     }
                 }
                 $success = $mItems->edit();
                 osc_run_hook('edited_item', Item::newInstance()->findByPrimaryKey($id));
                 if ($success == 1) {
                     osc_add_flash_ok_message(_m('Great! We\'ve just updated your item'));
                     $this->redirectTo(osc_base_url(true) . "?page=item&id={$id}");
                 } else {
                     osc_add_flash_error_message($success);
                     $this->redirectTo(osc_item_edit_url($secret));
                 }
             }
             break;
         case 'activate':
             $secret = Params::getParam('secret');
             $id = Params::getParam('id');
             $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId);
             View::newInstance()->_exportVariableToView('item', $item[0]);
             if ($item[0]['b_active'] == 0) {
                 // ACTIVETE ITEM
                 $mItems = new ItemActions(false);
                 $success = $mItems->activate($item[0]['pk_i_id'], $item[0]['s_secret']);
                 if ($success) {
                     osc_add_flash_ok_message(_m('The item has been validated'));
                 } else {
                     osc_add_flash_error_message(_m('The item can\'t be validated'));
                 }
             } else {
                 osc_add_flash_error_message(_m('The item has already been validated'));
             }
             $this->redirectTo(osc_item_url());
             break;
         case 'item_delete':
             $secret = Params::getParam('secret');
             $id = Params::getParam('id');
             $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId);
             if (count($item) == 1) {
                 $mItems = new ItemActions(false);
                 $success = $mItems->delete($item[0]['s_secret'], $item[0]['pk_i_id']);
                 if ($success) {
                     osc_add_flash_ok_message(_m('Your item has been deleted'));
                 } else {
                     osc_add_flash_error_message(_m('The item you are trying to delete couldn\'t be deleted'));
                 }
                 if ($this->user != null) {
                     $this->redirectTo(osc_user_list_items_url());
                 } else {
                     $this->redirectTo(osc_base_url());
                 }
             } else {
                 osc_add_flash_error_message(_m('The item you are trying to delete couldn\'t be deleted'));
                 $this->redirectTo(osc_base_url());
             }
             break;
         case 'mark':
             $mItem = new ItemActions(false);
             $id = Params::getParam('id');
             $as = Params::getParam('as');
             $item = Item::newInstance()->findByPrimaryKey($id);
             View::newInstance()->_exportVariableToView('item', $item);
             $mItem->mark($id, $as);
             osc_add_flash_ok_message(_m('Thanks! That\'s very helpful'));
             $this->redirectTo(osc_item_url());
             break;
         case 'send_friend':
             $item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
             $this->_exportVariableToView('item', $item);
             $this->doView('item-send-friend.php');
             break;
         case 'send_friend_post':
             $item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
             $this->_exportVariableToView('item', $item);
             Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail'));
             Session::newInstance()->_setForm("yourName", Params::getParam('yourName'));
             Session::newInstance()->_setForm("friendName", Params::getParam('friendName'));
             Session::newInstance()->_setForm("friendEmail", Params::getParam('friendEmail'));
             Session::newInstance()->_setForm("message_body", Params::getParam('message'));
             if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
                 if (!osc_check_recaptcha()) {
                     osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
                     $this->redirectTo(osc_item_send_friend_url());
                     return false;
                     // BREAK THE PROCESS, THE RECAPTCHA IS WRONG
                 }
             }
             $mItem = new ItemActions(false);
             $success = $mItem->send_friend();
             if ($success) {
                 Session::newInstance()->_clearVariables();
                 $this->redirectTo(osc_item_url());
             } else {
                 $this->redirectTo(osc_item_send_friend_url());
             }
             break;
         case 'contact':
             $item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
             if (empty($item)) {
                 osc_add_flash_error_message(_m('This item doesn\'t exist'));
                 $this->redirectTo(osc_base_url(true));
             } else {
                 $this->_exportVariableToView('item', $item);
                 if (osc_item_is_expired()) {
                     osc_add_flash_error_message(_m('We\'re sorry, but the item has expired. You can\'t contact the seller'));
                     $this->redirectTo(osc_item_url());
                 }
                 if (osc_reg_user_can_contact() && osc_is_web_user_logged_in() || !osc_reg_user_can_contact()) {
                     $this->doView('item-contact.php');
                 } else {
                     osc_add_flash_error_message(_m('You can\'t contact the seller, only registered users can'));
                     $this->redirectTo(osc_item_url());
                 }
             }
             break;
         case 'contact_post':
             $item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
             $this->_exportVariableToView('item', $item);
             if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
                 if (!osc_check_recaptcha()) {
                     osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
                     Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail'));
                     Session::newInstance()->_setForm("yourName", Params::getParam('yourName'));
                     Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber'));
                     Session::newInstance()->_setForm("message_body", Params::getParam('message'));
                     $this->redirectTo(osc_item_url());
                     return false;
                     // BREAK THE PROCESS, THE RECAPTCHA IS WRONG
                 }
             }
             $category = Category::newInstance()->findByPrimaryKey($item['fk_i_category_id']);
             if ($category['i_expiration_days'] > 0) {
                 $item_date = strtotime($item['dt_pub_date']) + $category['i_expiration_days'] * (24 * 3600);
                 $date = time();
                 if ($item_date < $date && $item['b_premium'] != 1) {
                     // The item is expired, we can not contact the seller
                     osc_add_flash_error_message(_m('We\'re sorry, but the item has expired. You can\'t contact the seller'));
                     $this->redirectTo(osc_item_url());
                 }
             }
             $mItem = new ItemActions(false);
             $result = $mItem->contact();
             if (is_string($result)) {
                 osc_add_flash_error_message($result);
             } else {
                 osc_add_flash_ok_message(_m('We\'ve just sent an e-mail to the seller'));
             }
             $this->redirectTo(osc_item_url());
             break;
         case 'add_comment':
             $mItem = new ItemActions(false);
             $status = $mItem->add_comment();
             switch ($status) {
                 case -1:
                     $msg = _m('Sorry, we could not save your comment. Try again later');
                     osc_add_flash_error_message($msg);
                     break;
                 case 1:
                     $msg = _m('Your comment is awaiting moderation');
                     osc_add_flash_error_message($msg);
                     break;
                 case 2:
                     $msg = _m('Your comment has been approved');
                     osc_add_flash_ok_message($msg);
                     break;
                 case 3:
                     $msg = _m('Please fill the required fields (name, email)');
                     osc_add_flash_error_message($msg);
                     break;
                 case 4:
                     $msg = _m('Please type a comment');
                     osc_add_flash_error_message($msg);
                     break;
                 case 5:
                     $msg = _m('Your comment has been marked as spam');
                     osc_add_flash_error_message($msg);
                     break;
             }
             $this->redirectTo(osc_item_url());
             break;
         case 'delete_comment':
             $mItem = new ItemActions(false);
             $status = $mItem->add_comment();
             $itemId = Params::getParam('id');
             $commentId = Params::getParam('comment');
             $item = Item::newInstance()->findByPrimaryKey($itemId);
             if (count($item) == 0) {
                 osc_add_flash_error_message(_m('This item doesn\'t exist'));
                 $this->redirectTo(osc_base_url(true));
             }
             View::newInstance()->_exportVariableToView('item', $item);
             if ($this->userId == null) {
                 osc_add_flash_error_message(_m('You must be logged in to delete a comment'));
                 $this->redirectTo(osc_item_url());
             }
             $commentManager = ItemComment::newInstance();
             $aComment = $commentManager->findByPrimaryKey($commentId);
             if (count($aComment) == 0) {
                 osc_add_flash_error_message(_m('The comment doesn\'t exist'));
                 $this->redirectTo(osc_item_url());
             }
             if ($aComment['b_active'] != 1) {
                 osc_add_flash_error_message(_m('The comment is not active, you cannot delete it'));
                 $this->redirectTo(osc_item_url());
             }
             if ($aComment['fk_i_user_id'] != $this->userId) {
                 osc_add_flash_error_message(_m('The comment was not added by you, you cannot delete it'));
                 $this->redirectTo(osc_item_url());
             }
             $commentManager->deleteByPrimaryKey($commentId);
             osc_add_flash_ok_message(_m('The comment has been deleted'));
             $this->redirectTo(osc_item_url());
             break;
         default:
             if (Params::getParam('id') == '') {
                 $this->redirectTo(osc_base_url());
             }
             if (Params::getParam('lang') != '') {
                 Session::newInstance()->_set('userLocale', Params::getParam('lang'));
             }
             $item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
             // if item doesn't exist redirect to base url
             if (count($item) == 0) {
                 osc_add_flash_error_message(_m('This item doesn\'t exist'));
                 $this->redirectTo(osc_base_url(true));
             } else {
                 if ($item['b_active'] != 1) {
                     if ($this->userId == $item['fk_i_user_id']) {
                         osc_add_flash_error_message(_m('The item hasn\'t been validated. Please validate it in order to show it to the rest of users'));
                     } else {
                         osc_add_flash_error_message(_m('This item hasn\'t been validated'));
                         $this->redirectTo(osc_base_url(true));
                     }
                 } else {
                     if ($item['b_enabled'] == 0) {
                         osc_add_flash_error_message(_m('The item has been suspended'));
                         $this->redirectTo(osc_base_url(true));
                     }
                 }
                 $mStats = new ItemStats();
                 $mStats->increase('i_num_views', $item['pk_i_id']);
                 foreach ($item['locale'] as $k => $v) {
                     $item['locale'][$k]['s_title'] = osc_apply_filter('item_title', $v['s_title']);
                     $item['locale'][$k]['s_description'] = nl2br(osc_apply_filter('item_description', $v['s_description']));
                 }
                 $this->_exportVariableToView('items', array($item));
                 osc_run_hook('show_item', $item);
                 $this->doView('item.php');
             }
             break;
         case 'dashboard':
             //dashboard...
             break;
     }
 }
Exemplo n.º 8
0
 function doModel()
 {
     switch ($this->action) {
         case 'change_email_confirm':
             //change email confirm
             if (Params::getParam('userId') && Params::getParam('code')) {
                 $userManager = new User();
                 $user = $userManager->findByPrimaryKey(Params::getParam('userId'));
                 if ($user['s_pass_code'] == Params::getParam('code') && $user['b_enabled'] == 1) {
                     $userEmailTmp = UserEmailTmp::newInstance()->findByPk(Params::getParam('userId'));
                     $code = osc_genRandomPassword(50);
                     $userManager->update(array('s_email' => $userEmailTmp['s_new_email']), array('pk_i_id' => $userEmailTmp['fk_i_user_id']));
                     Item::newInstance()->update(array('s_contact_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id']));
                     ItemComment::newInstance()->update(array('s_author_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id']));
                     Alerts::newInstance()->update(array('s_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id']));
                     Session::newInstance()->_set('userEmail', $userEmailTmp['s_new_email']);
                     UserEmailTmp::newInstance()->delete(array('s_new_email' => $userEmailTmp['s_new_email']));
                     osc_add_flash_ok_message(_m('Your email has been changed successfully'));
                     $this->redirectTo(osc_user_profile_url());
                 } else {
                     osc_add_flash_error_message(_m('Sorry, the link is not valid'));
                     $this->redirectTo(osc_base_url());
                 }
             } else {
                 osc_add_flash_error_message(_m('Sorry, the link is not valid'));
                 $this->redirectTo(osc_base_url());
             }
             break;
         case 'activate_alert':
             $email = Params::getParam('email');
             $secret = Params::getParam('secret');
             $result = 0;
             if ($email != '' && $secret != '') {
                 $result = Alerts::newInstance()->activate($email, $secret);
             }
             if ($result == 1) {
                 osc_add_flash_ok_message(_m('Alert activated'));
             } else {
                 osc_add_flash_error_message(_m('Ops! There was a problem trying to activate alert. Please contact the administrator'));
             }
             $this->redirectTo(osc_base_url(true));
             break;
         case 'unsub_alert':
             $email = Params::getParam('email');
             $secret = Params::getParam('secret');
             if ($email != '' && $secret != '') {
                 Alerts::newInstance()->delete(array('s_email' => $email, 'S_secret' => $secret));
                 osc_add_flash_ok_message(_m('Unsubscribed correctly'));
             } else {
                 osc_add_flash_error_message(_m('Ops! There was a problem trying to unsubscribe you. Please contact the administrator'));
             }
             $this->redirectTo(osc_base_url());
             break;
         case 'pub_profile':
             $userID = Params::getParam('id');
             $user = User::newInstance()->findByPrimaryKey($userID);
             // user doesn't exist
             if (!$user) {
                 $this->redirectTo(osc_base_url());
             }
             View::newInstance()->_exportVariableToView('user', $user);
             $items = Item::newInstance()->findByUserIDEnabled($user['pk_i_id'], 0, 3);
             View::newInstance()->_exportVariableToView('items', $items);
             $this->doView('user-public-profile.php');
             break;
         case 'contact_post':
             $user = User::newInstance()->findByPrimaryKey(Params::getParam('id'));
             View::newInstance()->_exportVariableToView('user', $user);
             if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
                 if (!osc_check_recaptcha()) {
                     osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
                     Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail'));
                     Session::newInstance()->_setForm("yourName", Params::getParam('yourName'));
                     Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber'));
                     Session::newInstance()->_setForm("message_body", Params::getParam('message'));
                     $this->redirectTo(osc_user_public_profile_url());
                     return false;
                     // BREAK THE PROCESS, THE RECAPTCHA IS WRONG
                 }
             }
             osc_run_hook('hook_email_contact_user', Params::getParam('id'), Params::getParam('yourEmail'), Params::getParam('yourName'), Params::getParam('phoneNumber'), Params::getParam('message'));
             $this->redirectTo(osc_user_public_profile_url());
             break;
         default:
             $this->redirectTo(osc_user_login_url());
             break;
     }
 }
Exemplo n.º 9
0
 function doModel()
 {
     switch ($this->action) {
         case 'login_post':
             //post execution for the login
             if (Params::getParam('user') == '' && Params::getParam('password', false, false) == '') {
                 $this->redirectTo(osc_admin_base_url());
             }
             if (Params::getParam('user') == '') {
                 osc_add_flash_error_message(_m('The username field is empty'), 'admin');
                 $this->redirectTo(osc_admin_base_url());
             }
             if (Params::getParam('password') == '') {
                 osc_add_flash_error_message(_m('The password field is empty'), 'admin');
                 $this->redirectTo(osc_admin_base_url());
             }
             // fields are not empty
             $admin = Admin::newInstance()->findByUsername(Params::getParam('user'));
             if (!$admin) {
                 osc_add_flash_error_message(sprintf(_m('Sorry, incorrect username. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&amp;action=recover'), 'admin');
                 $this->redirectTo(osc_admin_base_url());
             }
             if ($admin["s_password"] !== sha1(Params::getParam('password', false, false))) {
                 osc_add_flash_error_message(sprintf(_m('Sorry, incorrect password. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&amp;action=recover'), 'admin');
                 $this->redirectTo(osc_admin_base_url());
             }
             if (Params::getParam('remember')) {
                 // this include contains de osc_genRandomPassword function
                 require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
                 $secret = osc_genRandomPassword();
                 Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id']));
                 Cookie::newInstance()->set_expires(osc_time_cookie());
                 Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']);
                 Cookie::newInstance()->push('oc_adminSecret', $secret);
                 Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale'));
                 Cookie::newInstance()->set();
             }
             // we are logged in... let's go!
             Session::newInstance()->_set('adminId', $admin['pk_i_id']);
             Session::newInstance()->_set('adminUserName', $admin['s_username']);
             Session::newInstance()->_set('adminName', $admin['s_name']);
             Session::newInstance()->_set('adminEmail', $admin['s_email']);
             Session::newInstance()->_set('adminLocale', Params::getParam('locale'));
             $this->redirectTo(osc_admin_base_url());
             break;
         case 'recover':
             // form to recover the password (in this case we have the form in /gui/)
             $this->doView('gui/recover.php');
             break;
         case 'recover_post':
             if (defined('DEMO')) {
                 osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin');
                 $this->redirectTo(osc_admin_base_url());
             }
             // post execution to recover the password
             $admin = Admin::newInstance()->findByEmail(Params::getParam('email'));
             if ($admin) {
                 if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
                     if (!osc_check_recaptcha()) {
                         osc_add_flash_error_message(_m('The Recaptcha code is wrong'), 'admin');
                         $this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover');
                         return false;
                         // BREAK THE PROCESS, THE RECAPTCHA IS WRONG
                     }
                 }
                 require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
                 $newPassword = osc_genRandomPassword(40);
                 Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id']));
                 $password_url = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword);
                 osc_run_hook('hook_email_user_forgot_password', $admin, $password_url);
             }
             osc_add_flash_ok_message(_m('A new password has been sent to your e-mail'), 'admin');
             $this->redirectTo(osc_admin_base_url());
             break;
         case 'forgot':
             // form to recover the password (in this case we have the form in /gui/)
             $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code'));
             if (!$admin) {
                 osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin');
                 $this->redirectTo(osc_admin_base_url());
             }
             $this->doView('gui/forgot_password.php');
             break;
         case 'forgot_post':
             $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code'));
             if (!$admin) {
                 osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin');
                 $this->redirectTo(osc_admin_base_url());
             }
             if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) {
                 Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => sha1(Params::getParam('new_password', false, false))), array('pk_i_id' => $admin['pk_i_id']));
                 osc_add_flash_ok_message(_m('The password has been changed'), 'admin');
                 $this->redirectTo(osc_admin_base_url());
             } else {
                 osc_add_flash_error_message(_m("Error, the password don't match"), 'admin');
                 $this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code')));
             }
             break;
     }
 }
Exemplo n.º 10
0
 function doModel()
 {
     switch ($this->action) {
         case 'change_email_confirm':
             //change email confirm
             if (Params::getParam('userId') && Params::getParam('code')) {
                 $userManager = new User();
                 $user = $userManager->findByPrimaryKey(Params::getParam('userId'));
                 if ($user['s_pass_code'] == Params::getParam('code') && $user['b_enabled'] == 1) {
                     $userEmailTmp = UserEmailTmp::newInstance()->findByPrimaryKey(Params::getParam('userId'));
                     $code = osc_genRandomPassword(50);
                     $userManager->update(array('s_email' => $userEmailTmp['s_new_email']), array('pk_i_id' => $userEmailTmp['fk_i_user_id']));
                     Item::newInstance()->update(array('s_contact_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id']));
                     ItemComment::newInstance()->update(array('s_author_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id']));
                     Alerts::newInstance()->update(array('s_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id']));
                     Session::newInstance()->_set('userEmail', $userEmailTmp['s_new_email']);
                     UserEmailTmp::newInstance()->delete(array('s_new_email' => $userEmailTmp['s_new_email']));
                     osc_add_flash_ok_message(_m('Your email has been changed successfully'));
                     $this->redirectTo(osc_user_profile_url());
                 } else {
                     osc_add_flash_error_message(_m('Sorry, the link is not valid'));
                     $this->redirectTo(osc_base_url());
                 }
             } else {
                 osc_add_flash_error_message(_m('Sorry, the link is not valid'));
                 $this->redirectTo(osc_base_url());
             }
             break;
         case 'activate_alert':
             $email = Params::getParam('email');
             $secret = Params::getParam('secret');
             $id = Params::getParam('id');
             $alert = Alerts::newInstance()->findByPrimaryKey($id);
             $result = 0;
             if (!empty($alert)) {
                 if ($email == $alert['s_email'] && $secret == $alert['s_secret']) {
                     $user = User::newInstance()->findByEmail($alert['s_email']);
                     if (isset($user['pk_i_id'])) {
                         Alerts::newInstance()->update(array('fk_i_user_id' => $user['pk_i_id']), array('pk_i_id' => $id));
                     }
                     $result = Alerts::newInstance()->activate($id);
                 }
             }
             if ($result == 1) {
                 osc_add_flash_ok_message(_m('Alert activated'));
             } else {
                 osc_add_flash_error_message(_m('Oops! There was a problem trying to activate your alert. Please contact an administrator'));
             }
             $this->redirectTo(osc_base_url());
             break;
         case 'unsub_alert':
             $email = Params::getParam('email');
             $secret = Params::getParam('secret');
             $id = Params::getParam('id');
             $alert = Alerts::newInstance()->findByPrimaryKey($id);
             $result = 0;
             if (!empty($alert)) {
                 if ($email == $alert['s_email'] && $secret == $alert['s_secret']) {
                     $result = Alerts::newInstance()->unsub($id);
                 }
             }
             if ($result == 1) {
                 osc_add_flash_ok_message(_m('Unsubscribed correctly'));
             } else {
                 osc_add_flash_error_message(_m('Oops! There was a problem trying to unsubscribe you. Please contact an administrator'));
             }
             $this->redirectTo(osc_base_url());
             break;
         case 'pub_profile':
             if (Params::getParam('username') != '') {
                 $user = User::newInstance()->findByUsername(Params::getParam('username'));
             } else {
                 $user = User::newInstance()->findByPrimaryKey(Params::getParam('id'));
             }
             // user doesn't exist, show 404 error
             if (!$user) {
                 $this->do404();
                 return;
             }
             $itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 10;
             $page = Params::getParam('iPage') > 0 ? Params::getParam('iPage') - 1 : 0;
             $total_items = Item::newInstance()->countItemTypesByUserID($user['pk_i_id'], 'active');
             if ($itemsPerPage == 'all') {
                 $total_pages = 1;
                 $items = Item::newInstance()->findItemTypesByUserID($user['pk_i_id'], 0, null, 'active');
             } else {
                 $total_pages = ceil($total_items / $itemsPerPage);
                 $items = Item::newInstance()->findItemTypesByUserID($user['pk_i_id'], $page * $itemsPerPage, $itemsPerPage, 'active');
             }
             View::newInstance()->_exportVariableToView('user', $user);
             $this->_exportVariableToView('items', $items);
             $this->_exportVariableToView('search_total_pages', $total_pages);
             $this->_exportVariableToView('search_total_items', $total_items);
             $this->_exportVariableToView('items_per_page', $itemsPerPage);
             $this->_exportVariableToView('search_page', $page);
             $this->_exportVariableToView('canonical', osc_user_public_profile_url());
             $this->doView('user-public-profile.php');
             break;
         case 'contact_post':
             $user = User::newInstance()->findByPrimaryKey(Params::getParam('id'));
             View::newInstance()->_exportVariableToView('user', $user);
             if (osc_recaptcha_private_key() != '') {
                 if (!osc_check_recaptcha()) {
                     osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
                     Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail'));
                     Session::newInstance()->_setForm("yourName", Params::getParam('yourName'));
                     Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber'));
                     Session::newInstance()->_setForm("message_body", Params::getParam('message'));
                     $this->redirectTo(osc_user_public_profile_url());
                     return false;
                     // BREAK THE PROCESS, THE RECAPTCHA IS WRONG
                 }
             }
             $banned = osc_is_banned(Params::getParam('yourEmail'));
             if ($banned == 1) {
                 osc_add_flash_error_message(_m('Your current email is not allowed'));
                 $this->redirectTo(osc_user_public_profile_url());
             } else {
                 if ($banned == 2) {
                     osc_add_flash_error_message(_m('Your current IP is not allowed'));
                     $this->redirectTo(osc_user_public_profile_url());
                 }
             }
             osc_run_hook('hook_email_contact_user', Params::getParam('id'), Params::getParam('yourEmail'), Params::getParam('yourName'), Params::getParam('phoneNumber'), Params::getParam('message'));
             osc_add_flash_ok_message(_m('Your email has been sent properly.'));
             $this->redirectTo(osc_user_public_profile_url());
             break;
         default:
             $this->redirectTo(osc_user_login_url());
             break;
     }
 }
Exemplo n.º 11
0
        function recover_password()
        {
            $user = User::newInstance()->findByEmail( Params::getParam('s_email') );
            Session::newInstance()->_set( 'recover_time', time() );

            if ( (osc_recaptcha_private_key() != '') ) {
                if( !osc_check_recaptcha() ) {
                    return 2; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG
                }
            }

            if( !$user || ($user['b_enabled'] == 0) ) {
                return 1;
            }

            $code = osc_genRandomPassword(30);
            $date = date('Y-m-d H:i:s');
            User::newInstance()->update(
                array('s_pass_code' => $code, 's_pass_date' => $date, 's_pass_ip' => $_SERVER['REMOTE_ADDR']),
                array('pk_i_id'     => $user['pk_i_id'])
            );

            $password_url = osc_forgot_user_password_confirm_url($user['pk_i_id'], $code);
            osc_run_hook('hook_email_user_forgot_password', $user, $password_url);

            return 0;
        }
Exemplo n.º 12
0
 function doModel()
 {
     switch ($this->action) {
         case 'login_post':
             //post execution for the login
             osc_csrf_check();
             osc_run_hook('before_login_admin');
             $url_redirect = osc_get_http_referer();
             $page_redirect = '';
             $password = Params::getParam('password', false, false);
             if (preg_match('|[\\?&]page=([^&]+)|', $url_redirect . '&', $match)) {
                 $page_redirect = $match[1];
             }
             if ($page_redirect == '' || $page_redirect == 'login' || $url_redirect == '') {
                 $url_redirect = osc_admin_base_url();
             }
             if (Params::getParam('user') == '') {
                 osc_add_flash_error_message(_m('The username field is empty'), 'admin');
                 $this->redirectTo(osc_admin_base_url(true) . "?page=login");
             }
             if (Params::getParam('password', false, false) == '') {
                 osc_add_flash_error_message(_m('The password field is empty'), 'admin');
                 $this->redirectTo(osc_admin_base_url(true) . "?page=login");
             }
             // fields are not empty
             $admin = Admin::newInstance()->findByUsername(Params::getParam('user'));
             if (!$admin) {
                 osc_add_flash_error_message(sprintf(_m('Sorry, incorrect username. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&amp;action=recover'), 'admin');
                 $this->redirectTo(osc_admin_base_url(true) . "?page=login");
             }
             if (!osc_verify_password($password, $admin['s_password'])) {
                 osc_add_flash_error_message(sprintf(_m('Sorry, incorrect password. <a href="%s">Have you lost your password?</a>'), osc_admin_base_url(true) . '?page=login&amp;action=recover'), 'admin');
                 $this->redirectTo(osc_admin_base_url(true) . "?page=login");
             } else {
                 if (@$admin['s_password'] != '') {
                     if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $admin['s_password'], $cost)) {
                         if ($cost[1] != BCRYPT_COST) {
                             Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id']));
                         }
                     } else {
                         Admin::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $admin['pk_i_id']));
                     }
                 }
             }
             if (Params::getParam('remember')) {
                 // this include contains de osc_genRandomPassword function
                 require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
                 $secret = osc_genRandomPassword();
                 Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id']));
                 Cookie::newInstance()->set_expires(osc_time_cookie());
                 Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']);
                 Cookie::newInstance()->push('oc_adminSecret', $secret);
                 Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale'));
                 Cookie::newInstance()->set();
             }
             // we are logged in... let's go!
             Session::newInstance()->_set('adminId', $admin['pk_i_id']);
             Session::newInstance()->_set('adminUserName', $admin['s_username']);
             Session::newInstance()->_set('adminName', $admin['s_name']);
             Session::newInstance()->_set('adminEmail', $admin['s_email']);
             Session::newInstance()->_set('adminLocale', Params::getParam('locale'));
             osc_run_hook('login_admin', $admin);
             $this->redirectTo($url_redirect);
             break;
         case 'recover':
             // form to recover the password (in this case we have the form in /gui/)
             $this->doView('gui/recover.php');
             break;
         case 'recover_post':
             if (defined('DEMO')) {
                 osc_add_flash_warning_message(_m("This action can't be done because it's a demo site"), 'admin');
                 $this->redirectTo(osc_admin_base_url());
             }
             osc_csrf_check();
             // post execution to recover the password
             $admin = Admin::newInstance()->findByEmail(Params::getParam('email'));
             if ($admin) {
                 if (osc_recaptcha_private_key() != '') {
                     if (!osc_check_recaptcha()) {
                         osc_add_flash_error_message(_m('The reCAPTCHA code is wrong'), 'admin');
                         $this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover');
                         return false;
                         // BREAK THE PROCESS, THE RECAPTCHA IS WRONG
                     }
                 }
                 require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
                 $newPassword = osc_genRandomPassword(40);
                 Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id']));
                 $password_url = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword);
                 osc_run_hook('hook_email_user_forgot_password', $admin, $password_url);
             }
             osc_add_flash_ok_message(_m('A new password has been sent to your e-mail'), 'admin');
             $this->redirectTo(osc_admin_base_url(true) . '?page=login');
             break;
         case 'forgot':
             // form to recover the password (in this case we have the form in /gui/)
             $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code'));
             if (!$admin) {
                 osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin');
                 $this->redirectTo(osc_admin_base_url());
             }
             $this->doView('gui/forgot_password.php');
             break;
         case 'forgot_post':
             osc_csrf_check();
             $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code'));
             if (!$admin) {
                 osc_add_flash_error_message(_m('Sorry, the link is not valid'), 'admin');
                 $this->redirectTo(osc_admin_base_url());
             }
             if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) {
                 Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $admin['pk_i_id']));
                 osc_add_flash_ok_message(_m('The password has been changed'), 'admin');
                 $this->redirectTo(osc_admin_base_url(true) . '?page=login');
             } else {
                 osc_add_flash_error_message(_m("Error, the passwords don't match"), 'admin');
                 $this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code')));
             }
             break;
         default:
             //osc_run_hook( 'init_admin' );
             Session::newInstance()->_setReferer(osc_get_http_referer());
             $this->doView('gui/login.php');
             break;
     }
 }
Exemplo n.º 13
0
 function doModel()
 {
     //calling the view...
     $locales = OSCLocale::newInstance()->listAllEnabled();
     $this->_exportVariableToView('locales', $locales);
     switch ($this->action) {
         case 'item_add':
             // post
             if (!osc_users_enabled()) {
                 osc_add_flash_message(_m('Users not enabled'));
                 $this->redirectTo(osc_base_url(true));
             }
             if (osc_reg_user_post() && $this->user == null) {
                 // CHANGEME: This text
                 osc_add_flash_message(_m('Only registered users are allowed to post items'));
                 $this->redirectTo(osc_user_login_url());
             }
             $countries = Country::newInstance()->listAll();
             $regions = array();
             if (isset($this->user['fk_c_country_code']) && $this->user['fk_c_country_code'] != '') {
                 $regions = Region::newInstance()->getByCountry($this->user['fk_c_country_code']);
             } else {
                 if (count($countries) > 0) {
                     $regions = Region::newInstance()->getByCountry($countries[0]['pk_c_code']);
                 }
             }
             $cities = array();
             if (isset($this->user['fk_i_region_id']) && $this->user['fk_i_region_id'] != '') {
                 $cities = City::newInstance()->listWhere("fk_i_region_id = %d", $this->user['fk_i_region_id']);
             } else {
                 if (count($regions) > 0) {
                     $cities = City::newInstance()->listWhere("fk_i_region_id = %d", $regions[0]['pk_i_id']);
                 }
             }
             $this->_exportVariableToView('countries', $countries);
             $this->_exportVariableToView('regions', $regions);
             $this->_exportVariableToView('cities', $cities);
             $this->_exportVariableToView('user', $this->user);
             osc_run_hook('post_item');
             $this->doView('item-post.php');
             break;
         case 'item_add_post':
             //post_item
             if (!osc_users_enabled()) {
                 osc_add_flash_message(_m('Users not allowed'));
                 $this->redirectTo(osc_base_url(true));
             }
             if (osc_reg_user_post() && $this->user == null) {
                 osc_add_flash_message(_m('Only registered users are allowed to post items'));
                 $this->redirectTo(osc_base_url(true));
             }
             // POST ITEM ( ADD ITEM )
             $mItems = new ItemActions(false);
             $success = $mItems->add();
             if ($success) {
                 $PcontactName = Params::getParam('contactName');
                 $PcontactEmail = Params::getParam('contactEmail');
                 $itemId = Params::getParam('itemId');
                 $item = array();
                 if (Session::newInstance()->_get('userId') == '') {
                     $mPages = new Page();
                     $aPage = $mPages->findByInternalName('email_new_item_non_register_user');
                     $locale = osc_current_user_locale();
                     $content = array();
                     if (isset($aPage['locale'][$locale]['s_title'])) {
                         $content = $aPage['locale'][$locale];
                     } else {
                         $content = current($aPage['locale']);
                     }
                     $item = $this->itemManager->findByPrimaryKey($itemId);
                     $item_url = osc_item_url();
                     // before page = user , action = item_edit
                     $edit_url = osc_item_edit_url($item['s_secret'], $itemId);
                     // before page = user , action = item_delete
                     $delete_url = osc_item_delete_url($item['s_secret'], $itemId);
                     $words = array();
                     $words[] = array('{ITEM_ID}', '{USER_NAME}', '{USER_EMAIL}', '{WEB_URL}', '{ITEM_TITLE}', '{ITEM_URL}', '{WEB_TITLE}', '{EDIT_LINK}', '{EDIT_URL}', '{DELETE_LINK}', '{DELETE_URL}');
                     $words[] = array($itemId, $PcontactName, $PcontactEmail, osc_base_url(), $item['s_title'], $item_url, osc_page_title(), '<a href="' . $edit_url . '">' . $edit_url . '</a>', $edit_url, '<a href="' . $delete_url . '">' . $delete_url . '</a>', $delete_url);
                     $title = osc_mailBeauty($content['s_title'], $words);
                     $body = osc_mailBeauty($content['s_text'], $words);
                     $emailParams = array('subject' => $title, 'to' => $PcontactEmail, 'to_name' => $PcontactName, 'body' => $body, 'alt_body' => $body);
                     osc_sendMail($emailParams);
                 }
                 osc_run_hook('posted_item', $item);
                 $category = Category::newInstance()->findByPrimaryKey(Params::getParam('catId'));
                 View::newInstance()->_exportVariableToView('category', $category);
                 $this->redirectTo(osc_search_category_url());
             } else {
                 $this->redirectTo(osc_item_post_url());
             }
             break;
         case 'item_edit':
             $secret = Params::getParam('secret');
             $id = Params::getParam('id');
             $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId);
             if (count($item) == 1) {
                 $item = Item::newInstance()->findByPrimaryKey($id);
                 $categories = Category::newInstance()->toTree();
                 $countries = Country::newInstance()->listAll();
                 $regions = array();
                 if (isset($this->user['fk_c_country_code']) && $this->user['fk_c_country_code'] != '') {
                     $regions = Region::newInstance()->getByCountry($this->user['fk_c_country_code']);
                 } else {
                     if (count($countries) > 0) {
                         $regions = Region::newInstance()->getByCountry($countries[0]['pk_c_code']);
                     }
                 }
                 $cities = array();
                 if (isset($this->user['fk_i_region_id']) && $this->user['fk_i_region_id'] != '') {
                     $cities = City::newInstance()->listWhere("fk_i_region_id = %d", $this->user['fk_i_region_id']);
                 } else {
                     if (count($regions) > 0) {
                         $cities = City::newInstance()->listWhere("fk_i_region_id = %d", $regions[0]['pk_i_id']);
                     }
                 }
                 $currencies = Currency::newInstance()->listAll();
                 $this->_exportVariableToView('item', $item);
                 //$this->_exportVariableToView('user', $this->user) ;
                 $this->doView('item-edit.php');
             } else {
                 // add a flash message [ITEM NO EXISTE]
                 //$this->redirectTo(osc_base_url(true));
                 osc_add_flash_message(_m('Sorry, we don\'t have any items with that ID'));
                 if ($this->user != null) {
                     $this->redirectTo(osc_user_list_items_url());
                 } else {
                     $this->redirectTo(osc_base_url());
                 }
             }
             break;
         case 'item_edit_post':
             // recoger el secret y el
             $secret = Params::getParam('secret');
             $id = Params::getParam('id');
             $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId);
             if (count($item) == 1) {
                 $this->_exportVariableToView('item', $item[0]);
                 $mItems = new ItemActions(false);
                 $success = $mItems->edit();
                 if ($success) {
                     osc_add_flash_message(_m('Great! We\'ve just updated your item'));
                     $this->redirectTo(osc_base_url(true) . "?page=item&id={$id}");
                 } else {
                     $this->redirectTo(osc_item_edit_url($secret));
                 }
             }
             break;
         case 'activate':
             $secret = Params::getParam('secret');
             $id = Params::getParam('id');
             $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId);
             View::newInstance()->_exportVariableToView('item', $item[0]);
             if ($item[0]['e_status'] == 'INACTIVE') {
                 // ACTIVETE ITEM
                 $mItems = new ItemActions(false);
                 $success = $mItems->activate($item[0]['pk_i_id'], $item[0]['s_secret']);
                 if ($success) {
                     osc_add_flash_message(_m('The item has been validated'));
                 } else {
                     osc_add_flash_message(_m('The item can\'t be validated'));
                 }
             } else {
                 osc_add_flash_message(_m('The item has already been validated'));
             }
             $this->redirectTo(osc_item_url());
             break;
         case 'item_delete':
             $secret = Params::getParam('secret');
             $id = Params::getParam('id');
             $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId);
             if (count($item) == 1) {
                 $mItems = new ItemActions(false);
                 $success = $mItems->delete($item[0]['s_secret'], $item[0]['pk_i_id']);
                 if ($success) {
                     osc_add_flash_message(_m('Your item has been deleted'));
                 } else {
                     osc_add_flash_message(_m('The item you are trying to delete couldn\'t be deleted'));
                 }
                 if ($this->user != null) {
                     $this->redirectTo(osc_user_list_items_url());
                 } else {
                     $this->redirectTo(osc_base_url());
                 }
             } else {
                 osc_add_flash_message(_m('The item you are trying to delete couldn\'t be deleted'));
                 $this->redirectTo(osc_base_url());
             }
             break;
         case 'deleteResource':
             $id = Params::getParam('id');
             $item = Params::getParam('item');
             $code = Params::getParam('code');
             $secret = Params::getParam('secret');
             // Check for required fields
             if (!(is_numeric($id) && is_numeric($item) && preg_match('/^([a-z0-9]+)$/i', $code))) {
                 osc_add_flash_message(_m("The selected photo couldn't be deleted, the url doesn't exist"));
                 if ($this->userId == null) {
                     $this->redirectTo(osc_base_url());
                 } else {
                     $this->redirectTo(osc_user_dashboard_url());
                 }
             }
             $aItem = $this->itemManager->findByPrimaryKey($item);
             // Check if the item exists
             if (count($aItem) == 0) {
                 osc_add_flash_message(_m('The item doesn\'t exist'));
                 $this->redirectTo(osc_base_url());
             }
             // Check if the item belong to the user
             if ($this->userId != null && $this->userId != $aItem['fk_i_user_id']) {
                 osc_add_flash_message(_m('The item doesn\'t belong to you'));
                 $this->redirectTo(osc_item_url_ns($item));
             }
             // Check if the secret passphrase match with the item
             if ($this->userId == null && $secret != $aItem['s_secret']) {
                 osc_add_flash_message(_m('The item doesn\'t belong to you'));
                 $this->redirectTo(osc_item_url_ns($item));
             }
             // Does id & code combination exist?
             $result = ItemResource::newInstance()->getResourceSecure($id, $code);
             if ($result > 0) {
                 // Delete: file, db table entry
                 osc_deleteResource($id);
                 ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $item, 's_name' => $code));
                 osc_add_flash_message(_m('The selected photo has been successfully deleted'));
             } else {
                 osc_add_flash_message(_m("The selected photo couldn't be deleted"));
             }
             // Redirect to item_edit. If unregistered user, include $secret.
             $this->redirectTo(osc_item_edit_url($secret, $item));
             break;
         case 'mark':
             $mItem = new ItemActions(false);
             $id = Params::getParam('id');
             $as = Params::getParam('as');
             $item = Item::newInstance()->findByPrimaryKey($id);
             View::newInstance()->_exportVariableToView('item', $item);
             $mItem->mark($id, $as);
             osc_add_flash_message(_m('Thanks! That\'s very helpful'));
             $this->redirectTo(osc_item_url());
             break;
         case 'send_friend':
             $item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
             $this->_exportVariableToView('item', $item);
             $this->doView('item-send-friend.php');
             break;
         case 'send_friend_post':
             $mItem = new ItemActions(false);
             $mItem->send_friend();
             $item_url = Params::getParam('item_url');
             $this->redirectTo($item_url);
             break;
         case 'contact':
             $item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
             $category = Category::newInstance()->findByPrimaryKey($item['fk_i_category_id']);
             if ($category['i_expiration_days'] > 0) {
                 $item_date = strtotime($item['dt_pub_date']) + $category['i_expiration_days'] * (24 * 3600);
                 $date = time();
                 if ($item_date < $date) {
                     // The item is expired, we can not contact the seller
                     osc_add_flash_message(_m('We\'re sorry, but the item has expired. You can\'t contact the seller'));
                     $this->redirectTo(osc_create_item_url($item));
                 }
             }
             $this->_exportVariableToView('item', $item);
             $this->doView('item-contact.php');
             break;
         case 'contact_post':
             $item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
             $this->_exportVariableToView('item', $item);
             if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
                 if (!osc_check_recaptcha()) {
                     osc_add_flash_message(_m('The Recaptcha code is wrong'));
                     $this->redirectTo(osc_item_url());
                     return false;
                     // BREAK THE PROCESS, THE RECAPTCHA IS WRONG
                 }
             }
             $category = Category::newInstance()->findByPrimaryKey($item['fk_i_category_id']);
             if ($category['i_expiration_days'] > 0) {
                 $item_date = strtotime($item['dt_pub_date']) + $category['i_expiration_days'] * (24 * 3600);
                 $date = time();
                 if ($item_date < $date) {
                     // The item is expired, we can not contact the seller
                     osc_add_flash_message(_m('We\'re sorry, but the item has expired. You can\'t contact the seller'));
                     $this->redirectTo(osc_item_url());
                 }
             }
             $mItem = new ItemActions(false);
             $mItem->contact();
             osc_add_flash_message(_m('We\'ve just sent an e-mail to the seller'));
             $this->redirectTo(osc_item_url());
             break;
         case 'add_comment':
             $mItem = new ItemActions(false);
             $status = $mItem->add_comment();
             switch ($status) {
                 case -1:
                     $msg = _m('Sorry, we could not save your comment. Try again later');
                     break;
                 case 1:
                     $msg = _m('Your comment is awaiting moderation');
                     break;
                 case 2:
                     $msg = _m('Your comment has been approved');
                     break;
                 case 3:
                     $msg = _m('Please fill the required fields (name, email)');
                     break;
                 case 4:
                     $msg = _m('Please type a comment');
                     break;
                 case 5:
                     $msg = _m('Your comment has been marked as spam');
                     break;
             }
             osc_add_flash_message($msg);
             $this->redirectTo(Params::getParam('itemURL'));
             break;
         case 'delete_comment':
             $mItem = new ItemActions(false);
             $status = $mItem->add_comment();
             $itemId = Params::getParam('id');
             $commentId = Params::getParam('comment');
             $item = Item::newInstance()->findByPrimaryKey($itemId);
             if (count($item) == 0) {
                 osc_add_flash_message(_m('This item doesn\'t exist'));
                 $this->redirectTo(osc_base_url(true));
             }
             View::newInstance()->_exportVariableToView('item', $item);
             if ($this->userId == null) {
                 osc_add_flash_message(_m('You have to be logged to delete a comment'));
                 $this->redirectTo(osc_item_url());
             }
             $commentManager = ItemComment::newInstance();
             $aComment = $commentManager->findByPrimaryKey($commentId);
             if (count($aComment) == 0) {
                 osc_add_flash_message(_m('The comment doesn\'t exist'));
                 $this->redirectTo(osc_item_url());
             }
             if ($aComment['e_status'] != 'ACTIVE') {
                 osc_add_flash_message(_m('The comment is not active, you cannot delete it'));
                 $this->redirectTo(osc_item_url());
             }
             if ($aComment['fk_i_user_id'] != $this->userId) {
                 osc_add_flash_message(_m('You cannot delete the comment'));
                 $this->redirectTo(osc_item_url());
             }
             $commentManager->deleteByPrimaryKey($commentId);
             osc_add_flash_message(_m('The comment has been deleted correctly'));
             $this->redirectTo(osc_item_url());
             break;
         default:
             if (Params::getParam('id') == '') {
                 $this->redirectTo(osc_base_url());
             }
             if (Params::getParam('lang') != '') {
                 Session::newInstance()->_set('userLocale', Params::getParam('lang'));
             }
             $item = $this->itemManager->findByPrimaryKey(Params::getParam('id'));
             // if item doesn't exist redirect to base url
             if (count($item) == 0) {
                 osc_add_flash_message(_m('This item doesn\'t exist'));
                 $this->redirectTo(osc_base_url(true));
             } else {
                 if ($item['e_status'] != 'ACTIVE') {
                     if ($this->userId == $item['fk_i_user_id']) {
                         osc_add_flash_message(_m('The item hasn\'t been validated. Please validate it in order to show it to the rest of users'));
                     } else {
                         osc_add_flash_message(_m('This item hasn\'t been validated'));
                         $this->redirectTo(osc_base_url(true));
                     }
                 }
                 $mStats = new ItemStats();
                 $mStats->increase('i_num_views', $item['pk_i_id']);
                 foreach ($item['locale'] as $k => $v) {
                     $item['locale'][$k]['s_title'] = osc_apply_filter('item_title', $v['s_title']);
                     $item['locale'][$k]['s_description'] = nl2br(osc_apply_filter('item_description', $v['s_description']));
                 }
                 $this->_exportVariableToView('items', array($item));
                 osc_run_hook('show_item', $item);
                 $this->doView('item.php');
             }
             break;
         case 'dashboard':
             //dashboard...
             break;
     }
 }
Exemplo n.º 14
0
    function doModel()
    {
        switch ($this->action) {
            case 'contact_post':
                //contact_post
                osc_csrf_check();
                $yourName = Params::getParam('yourName');
                $yourEmail = Params::getParam('yourEmail');
                $subject = Params::getParam('subject');
                $message = Params::getParam('message');
                if (osc_recaptcha_private_key() != '') {
                    if (!osc_check_recaptcha()) {
                        osc_add_flash_error_message(_m('The Recaptcha code is wrong'));
                        Session::newInstance()->_setForm('yourName', $yourName);
                        Session::newInstance()->_setForm('yourEmail', $yourEmail);
                        Session::newInstance()->_setForm('subject', $subject);
                        Session::newInstance()->_setForm('message_body', $message);
                        $this->redirectTo(osc_contact_url());
                        return false;
                        // BREAK THE PROCESS, THE RECAPTCHA IS WRONG
                    }
                }
                if (!preg_match('|.*?@.{2,}\\..{2,}|', $yourEmail)) {
                    osc_add_flash_error_message(_m('Please enter a correct email'));
                    Session::newInstance()->_setForm('yourName', $yourName);
                    Session::newInstance()->_setForm('subject', $subject);
                    Session::newInstance()->_setForm('message_body', $message);
                    $this->redirectTo(osc_contact_url());
                }
                $message_name = sprintf(__('Name: %s'), $yourName);
                $message_email = sprintf(__('Email: %s'), $yourEmail);
                $message_subject = sprintf(__('Subject: %s'), $subject);
                $message_body = sprintf(__('Message: %s'), $message);
                $message_date = sprintf(__('Date: %s at %s'), date('l F d, Y'), date('g:i a'));
                $message_IP = sprintf(__('IP Address: %s'), get_ip());
                $message = <<<MESSAGE
{$message_name}
{$message_email}
{$message_subject}
{$message_body}

{$message_date}
{$message_IP}
MESSAGE;
                $params = array('from' => osc_contact_email(), 'to' => osc_contact_email(), 'to_name' => osc_page_title(), 'reply_to' => $yourEmail, 'subject' => '[' . osc_page_title() . '] ' . __('Contact'), 'body' => nl2br($message));
                if (osc_contact_attachment()) {
                    $attachment = Params::getFiles('attachment');
                    if (isset($attachment['tmp_name'])) {
                        $resourceName = $attachment['name'];
                        $tmpName = $attachment['tmp_name'];
                        $resourceType = $attachment['type'];
                        $path = osc_content_path() . 'uploads/' . time() . '_' . $resourceName;
                        if (!is_writable(osc_content_path() . 'uploads/')) {
                            osc_add_flash_error_message(_m('There have been some errors sending the message'));
                            $this->redirectTo(osc_contact_url());
                        }
                        if (!move_uploaded_file($tmpName, $path)) {
                            unset($path);
                        }
                    }
                }
                if (isset($path)) {
                    $params['attachment'] = $path;
                }
                osc_run_hook('pre_contact_post', $params);
                osc_sendMail(osc_apply_filter('contact_params', $params));
                osc_add_flash_ok_message(_m('Your email has been sent properly. Thank you for contacting us!'));
                $this->redirectTo(osc_contact_url());
                break;
            default:
                //contact
                $this->doView('contact.php');
        }
    }
Exemplo n.º 15
0
 function doModel()
 {
     switch ($this->action) {
         case 'login_post':
             //post execution for the login
             $admin = Admin::newInstance()->findByUsername(Params::getParam('user'));
             if ($admin) {
                 if ($admin["s_password"] == sha1(Params::getParam('password'))) {
                     if (Params::getParam('remember')) {
                         //this include contains de osc_genRandomPassword function
                         require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
                         $secret = osc_genRandomPassword();
                         Admin::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $admin['pk_i_id']));
                         Cookie::newInstance()->set_expires(osc_time_cookie());
                         Cookie::newInstance()->push('oc_adminId', $admin['pk_i_id']);
                         Cookie::newInstance()->push('oc_adminSecret', $secret);
                         Cookie::newInstance()->push('oc_adminLocale', Params::getParam('locale'));
                         Cookie::newInstance()->set();
                     }
                     //we are logged in... let's go!
                     Session::newInstance()->_set('adminId', $admin['pk_i_id']);
                     Session::newInstance()->_set('adminUserName', $admin['s_username']);
                     Session::newInstance()->_set('adminName', $admin['s_name']);
                     Session::newInstance()->_set('adminEmail', $admin['s_email']);
                     Session::newInstance()->_set('adminLocale', Params::getParam('locale'));
                 } else {
                     osc_add_flash_message(_m('The password is incorrect'), 'admin');
                 }
             } else {
                 osc_add_flash_message(_m('That username does not exist'), 'admin');
             }
             //returning logged in to the main page...
             $this->redirectTo(osc_admin_base_url());
             break;
         case 'recover':
             //form to recover the password (in this case we have the form in /gui/)
             //#dev.conquer: we cannot use the doView here and only here
             $this->doView('gui/recover.php');
             break;
         case 'recover_post':
             //post execution to recover the password
             $admin = Admin::newInstance()->findByEmail(Params::getParam('email'));
             if ($admin) {
                 if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) {
                     if (!osc_check_recaptcha()) {
                         osc_add_flash_message(_m('The Recaptcha code is wrong'), 'admin');
                         $this->redirectTo(osc_admin_base_url(true) . '?page=login&action=recover');
                         return false;
                         // BREAK THE PROCESS, THE RECAPTCHA IS WRONG
                     }
                 }
                 require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
                 $newPassword = osc_genRandomPassword(40);
                 Admin::newInstance()->update(array('s_secret' => $newPassword), array('pk_i_id' => $admin['pk_i_id']));
                 $password_link = osc_forgot_admin_password_confirm_url($admin['pk_i_id'], $newPassword);
                 $aPage = Page::newInstance()->findByInternalName('email_user_forgot_password');
                 $content = array();
                 $locale = osc_current_user_locale();
                 if (isset($aPage['locale'][$locale]['s_title'])) {
                     $content = $aPage['locale'][$locale];
                 } else {
                     $content = current($aPage['locale']);
                 }
                 if (!is_null($content)) {
                     $words = array();
                     $words[] = array('{USER_NAME}', '{USER_EMAIL}', '{WEB_TITLE}', '{IP_ADDRESS}', '{PASSWORD_LINK}', '{DATE_TIME}');
                     $words[] = array($admin['s_name'], $admin['s_email'], osc_page_title(), $_SERVER['REMOTE_ADDR'], $password_link, date(osc_time_format() . '  ' . osc_date_format()));
                     $title = osc_mailBeauty($content['s_title'], $words);
                     $body = osc_mailBeauty($content['s_text'], $words);
                     $emailParams = array('subject' => $title, 'to' => $admin['s_email'], 'to_name' => $admin['s_name'], 'body' => $body, 'alt_body' => $body);
                     osc_sendMail($emailParams);
                 }
             }
             osc_add_flash_message(_m('A new password has been sent to your e-mail'), 'admin');
             $this->redirectTo(osc_admin_base_url());
             break;
         case 'forgot':
             //form to recover the password (in this case we have the form in /gui/)
             $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code'));
             if ($admin) {
                 $this->doView('gui/forgot_password.php');
             } else {
                 osc_add_flash_message(_m('Sorry, the link is not valid'), 'admin');
                 $this->redirectTo(osc_admin_base_url());
             }
             break;
         case 'forgot_post':
             $admin = Admin::newInstance()->findByIdSecret(Params::getParam('adminId'), Params::getParam('code'));
             if ($admin) {
                 if (Params::getParam('new_password') == Params::getParam('new_password2')) {
                     Admin::newInstance()->update(array('s_secret' => osc_genRandomPassword(), 's_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => $admin['pk_i_id']));
                     osc_add_flash_message(_m('The password has been changed'), 'admin');
                     $this->redirectTo(osc_admin_base_url());
                 } else {
                     osc_add_flash_message(_m('Error, the password don\'t match'), 'admin');
                     $this->redirectTo(osc_forgot_admin_password_confirm_url(Params::getParam('adminId'), Params::getParam('code')));
                 }
             } else {
                 osc_add_flash_message(_m('Sorry, the link is not valid'), 'admin');
             }
             $this->redirectTo(osc_admin_base_url());
             break;
     }
 }
Exemplo n.º 16
0
 public function recaptcha()
 {
     require_once osc_lib_path() . 'recaptchalib.php';
     if (Params::getParam("recaptcha_challenge_field") != '') {
         $resp = recaptcha_check_answer(osc_recaptcha_private_key(), $_SERVER["REMOTE_ADDR"], Params::getParam("recaptcha_challenge_field"), Params::getParam("recaptcha_response_field"));
         if (!$resp->is_valid) {
             die(__("The reCAPTCHA wasn't entered correctly. Go back and try it again. (reCAPTCHA said: ") . $resp->error . ")");
         }
     }
 }