function doModel()
{
switch ($this->action) {
case 'login_post':
//post execution for the login
if (!osc_users_enabled()) {
osc_add_flash_error_message(_m('Users are not enabled'));
$this->redirectTo(osc_base_url());
}
osc_csrf_check();
osc_run_hook('before_validating_login');
// e-mail or/and password is/are empty or incorrect
$wrongCredentials = false;
$email = Params::getParam('email');
$password = Params::getParam('password', false, false);
if ($email == '') {
osc_add_flash_error_message(_m('Please provide an email address'));
$wrongCredentials = true;
}
if ($password == '') {
osc_add_flash_error_message(_m('Empty passwords are not allowed. Please provide a password'));
$wrongCredentials = true;
}
if ($wrongCredentials) {
$this->redirectTo(osc_user_login_url());
}
if (osc_validate_email($email)) {
$user = User::newInstance()->findByEmail($email);
}
if (empty($user)) {
$user = User::newInstance()->findByUsername($email);
}
if (empty($user)) {
osc_add_flash_error_message(_m("The user doesn't exist"));
$this->redirectTo(osc_user_login_url());
}
if (!osc_verify_password($password, isset($user['s_password']) ? $user['s_password'] : '')) {
osc_add_flash_error_message(_m('The password is incorrect'));
$this->redirectTo(osc_user_login_url());
// @TODO if valid user, send email parameter back to the login form
} else {
if (@$user['s_password'] != '') {
if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $user['s_password'], $cost)) {
if ($cost[1] != BCRYPT_COST) {
User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id']));
}
} else {
User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id']));
}
}
}
// e-mail or/and IP is/are banned
$banned = osc_is_banned($email);
// int 0: not banned or unknown, 1: email is banned, 2: IP is banned, 3: both email & IP are banned
if ($banned & 1) {
osc_add_flash_error_message(_m('Your current email is not allowed'));
}
if ($banned & 2) {
osc_add_flash_error_message(_m('Your current IP is not allowed'));
}
if ($banned !== 0) {
$this->redirectTo(osc_user_login_url());
}
osc_run_hook('before_login');
$url_redirect = osc_get_http_referer();
$page_redirect = '';
if (osc_rewrite_enabled()) {
if ($url_redirect != '') {
$request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $url_redirect));
$tmp_ar = explode("?", $request_uri);
$request_uri = $tmp_ar[0];
$rules = Rewrite::newInstance()->listRules();
foreach ($rules as $match => $uri) {
if (preg_match('#' . $match . '#', $request_uri, $m)) {
$request_uri = preg_replace('#' . $match . '#', $uri, $request_uri);
if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) {
$page_redirect = $match[2];
if ($page_redirect == '' || $page_redirect == 'login') {
$url_redirect = osc_user_dashboard_url();
}
}
break;
}
}
}
}
require_once LIB_PATH . 'osclass/UserActions.php';
$uActions = new UserActions(false);
$logged = $uActions->bootstrap_login($user['pk_i_id']);
if ($logged == 0) {
osc_add_flash_error_message(_m("The user doesn't exist"));
} else {
if ($logged == 1) {
if (time() - strtotime($user['dt_access_date']) > 1200) {
// EACH 20 MINUTES
osc_add_flash_error_message(sprintf(_m('The user has not been validated yet. Would you like to re-send your <a href="%s">activation?</a>'), osc_user_resend_activation_link($user['pk_i_id'], $user['s_email'])));
} else {
osc_add_flash_error_message(_m('The user has not been validated yet'));
}
} else {
if ($logged == 2) {
osc_add_flash_error_message(_m('The user has been suspended'));
} else {
if ($logged == 3) {
if (Params::getParam('remember') == 1) {
//this include contains de osc_genRandomPassword function
require_once osc_lib_path() . 'osclass/helpers/hSecurity.php';
$secret = osc_genRandomPassword();
User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id']));
Cookie::newInstance()->set_expires(osc_time_cookie());
Cookie::newInstance()->push('oc_userId', $user['pk_i_id']);
Cookie::newInstance()->push('oc_userSecret', $secret);
Cookie::newInstance()->set();
}
if ($url_redirect == '') {
$url_redirect = osc_user_dashboard_url();
}
osc_run_hook("after_login", $user, $url_redirect);
$this->redirectTo(osc_apply_filter('correct_login_url_redirect', $url_redirect));
} else {
osc_add_flash_error_message(_m('This should never happen'));
}
}
}
}
if (!$user['b_enabled']) {
$this->redirectTo(osc_user_login_url());
}
$this->redirectTo(osc_user_login_url());
break;
case 'resend':
$id = Params::getParam('id');
$email = Params::getParam('email');
$user = User::newInstance()->findByPrimaryKey($id);
if ($id == '' || $email == '' || !isset($user) || $user['b_active'] == 1 || $email != $user['s_email']) {
osc_add_flash_error_message(_m('Incorrect link'));
$this->redirectTo(osc_user_login_url());
}
if (time() - strtotime($user['dt_access_date']) > 1200) {
// EACH 20 MINUTES
if (osc_notify_new_user()) {
osc_run_hook('hook_email_admin_new_user', $user);
}
if (osc_user_validation_enabled()) {
osc_run_hook('hook_email_user_validation', $user, $user);
}
User::newInstance()->update(array('dt_access_date' => date('Y-m-d H:i:s')), array('pk_i_id' => $user['pk_i_id']));
osc_add_flash_ok_message(_m('Validation email re-sent'));
} else {
osc_add_flash_warning_message(_m('We have just sent you an email to validate your account, you will have to wait a few minutes to resend it again'));
}
$this->redirectTo(osc_user_login_url());
break;
case 'recover':
//form to recover the password (in this case we have the form in /gui/)
$this->doView('user-recover.php');
break;
case 'recover_post':
//post execution to recover the password
osc_csrf_check();
require_once LIB_PATH . 'osclass/UserActions.php';
// e-mail is incorrect
if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) {
osc_add_flash_error_message(_m('Invalid email address'));
$this->redirectTo(osc_recover_user_password_url());
}
$userActions = new UserActions(false);
$success = $userActions->recover_password();
switch ($success) {
case 0:
// recover ok
osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password'));
$this->redirectTo(osc_base_url());
break;
case 1:
// e-mail does not exist
osc_add_flash_error_message(_m('We were not able to identify you given the information provided'));
$this->redirectTo(osc_recover_user_password_url());
break;
case 2:
// recaptcha wrong
osc_add_flash_error_message(_m('The recaptcha code is wrong'));
$this->redirectTo(osc_recover_user_password_url());
break;
}
break;
case 'forgot':
//form to recover the password (in this case we have the form in /gui/)
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user) {
$this->doView('user-forgot_password.php');
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
$this->redirectTo(osc_base_url());
}
break;
case 'forgot_post':
osc_csrf_check();
if (Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') {
osc_add_flash_warning_message(_m('Password cannot be blank'));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
$user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code'));
if ($user['b_enabled'] == 1) {
if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) {
User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => Params::getServerParam('REMOTE_ADDR'), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $user['pk_i_id']));
osc_add_flash_ok_message(_m('The password has been changed'));
$this->redirectTo(osc_user_login_url());
} else {
osc_add_flash_error_message(_m("Error, the password don't match"));
$this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code')));
}
} else {
osc_add_flash_error_message(_m('Sorry, the link is not valid'));
}
$this->redirectTo(osc_base_url());
break;
default:
//login
Session::newInstance()->_setReferer(osc_get_http_referer());
if (osc_logged_user_id() != '') {
$this->redirectTo(osc_user_dashboard_url());
}
$this->doView('user-login.php');
}
}
function add()
{
if (osc_recaptcha_private_key() != '' && !$this->is_admin) {
if (!$this->recaptcha()) {
return 4;
}
}
$input = $this->prepareData(true);
if (!osc_validate_email($input['s_email'])) {
return 5;
}
$email_taken = $this->manager->findByEmail($input['s_email']);
if ($email_taken == null) {
$this->manager->insert($input);
$userId = $this->manager->getConnection()->get_last_id();
if (is_array(Params::getParam('s_info'))) {
foreach (Params::getParam('s_info') as $key => $value) {
$this->manager->updateDescription($userId, $key, $value);
}
}
Log::newInstance()->insertLog('user', 'add', $userId, $input['s_email'], $this->is_admin ? 'admin' : 'user', $this->is_admin ? osc_logged_admin_id() : $userId);
osc_run_hook('user_register_completed', $userId);
if (osc_user_validation_enabled() && !$this->is_admin) {
$user = $this->manager->findByPrimaryKey($userId);
osc_run_hook('hook_email_user_validation', $user, $input);
return 1;
} else {
User::newInstance()->update(array('b_active' => '1'), array('pk_i_id' => $userId));
return 2;
}
return 0;
} else {
return 3;
}
}
public function contact()
{
$flash_error = '';
$aItem = $this->prepareDataForFunction( 'contact' );
// check parameters
if ( !osc_validate_text($aItem['yourName']) ){
$flash_error = __("Your name: this field is required") . PHP_EOL;
}
if( !osc_validate_email($aItem['yourEmail'], true) ){
$flash_error .= __("Invalid email address") . PHP_EOL;
}
if( !osc_validate_text($aItem['message']) ){
$flash_error .= __("Message: this field is required") . PHP_EOL;
}
if($flash_error != ''){
return $flash_error;
} else {
osc_run_hook('hook_email_item_inquiry', $aItem);
}
}
function doModel()
{
parent::doModel();
//specific things for this class
switch ($this->action) {
case 'bulk_actions':
osc_csrf_check();
$id = Params::getParam('id');
if ($id) {
switch (Params::getParam('bulk_actions')) {
case 'delete_all':
$this->itemCommentManager->delete(array(DB_CUSTOM_COND => 'pk_i_id IN (' . implode(', ', $id) . ')'));
foreach ($id as $_id) {
$iUpdated = $this->itemCommentManager->delete(array('pk_i_id' => $_id));
osc_add_hook("delete_comment", $_id);
}
osc_add_flash_ok_message(_m('The comments have been deleted'), 'admin');
break;
case 'activate_all':
foreach ($id as $_id) {
$iUpdated = $this->itemCommentManager->update(array('b_active' => 1), array('pk_i_id' => $_id));
if ($iUpdated) {
$this->sendCommentActivated($_id);
}
osc_add_hook("activate_comment", $_id);
}
osc_add_flash_ok_message(_m('The comments have been approved'), 'admin');
break;
case 'deactivate_all':
foreach ($id as $_id) {
$this->itemCommentManager->update(array('b_active' => 0), array('pk_i_id' => $_id));
osc_add_hook("deactivate_comment", $_id);
}
osc_add_flash_ok_message(_m('The comments have been disapproved'), 'admin');
break;
case 'enable_all':
foreach ($id as $_id) {
$iUpdated = $this->itemCommentManager->update(array('b_enabled' => 1), array('pk_i_id' => $_id));
if ($iUpdated) {
$this->sendCommentActivated($_id);
}
osc_add_hook("enable_comment", $_id);
}
osc_add_flash_ok_message(_m('The comments have been unblocked'), 'admin');
break;
case 'disable_all':
foreach ($id as $_id) {
$this->itemCommentManager->update(array('b_enabled' => 0), array('pk_i_id' => $_id));
osc_add_hook("disable_comment", $_id);
}
osc_add_flash_ok_message(_m('The comments have been blocked'), 'admin');
break;
default:
if (Params::getParam("bulk_actions") != "") {
osc_run_hook("item_bulk_" . Params::getParam("bulk_actions"), Params::getParam('id'));
}
break;
}
}
$this->redirectTo(osc_admin_base_url(true) . "?page=comments");
break;
case 'status':
osc_csrf_check();
$id = Params::getParam('id');
$value = Params::getParam('value');
if (!$id) {
return false;
}
$id = (int) $id;
if (!is_numeric($id)) {
return false;
}
if (!in_array($value, array('ACTIVE', 'INACTIVE', 'ENABLE', 'DISABLE'))) {
return false;
}
if ($value == 'ACTIVE') {
$iUpdated = $this->itemCommentManager->update(array('b_active' => 1), array('pk_i_id' => $id));
if ($iUpdated) {
$this->sendCommentActivated($id);
}
osc_add_hook("activate_comment", $id);
osc_add_flash_ok_message(_m('The comment has been approved'), 'admin');
} else {
if ($value == 'INACTIVE') {
$iUpdated = $this->itemCommentManager->update(array('b_active' => 0), array('pk_i_id' => $id));
osc_add_hook("deactivate_comment", $id);
osc_add_flash_ok_message(_m('The comment has been disapproved'), 'admin');
} else {
if ($value == 'ENABLE') {
$iUpdated = $this->itemCommentManager->update(array('b_enabled' => 1), array('pk_i_id' => $id));
osc_add_hook("enable_comment", $id);
osc_add_flash_ok_message(_m('The comment has been enabled'), 'admin');
} else {
if ($value == 'DISABLE') {
$iUpdated = $this->itemCommentManager->update(array('b_enabled' => 0), array('pk_i_id' => $id));
osc_add_hook("disable_comment", $id);
osc_add_flash_ok_message(_m('The comment has been disabled'), 'admin');
}
}
}
}
$this->redirectTo(osc_admin_base_url(true) . "?page=comments");
break;
case 'comment_edit':
$comment = ItemComment::newInstance()->findByPrimaryKey(Params::getParam('id'));
$this->_exportVariableToView('comment', $comment);
$this->doView('comments/frm.php');
break;
case 'comment_edit_post':
osc_csrf_check();
$msg = '';
if (!osc_validate_email(Params::getParam('authorEmail'), true)) {
$msg .= _m('Email is not correct') . "<br/>";
}
if (!osc_validate_text(Params::getParam('body'), 1, true)) {
$msg .= _m('Comment is required') . "<br/>";
}
if ($msg != '') {
osc_add_flash_error_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=comments&action=comment_edit&id=" . Params::getParam('id'));
}
$this->itemCommentManager->update(array('s_title' => Params::getParam('title'), 's_body' => Params::getParam('body'), 's_author_name' => Params::getParam('authorName'), 's_author_email' => Params::getParam('authorEmail')), array('pk_i_id' => Params::getParam('id')));
osc_run_hook('edit_comment', Params::getParam('id'));
osc_add_flash_ok_message(_m('Great! We just updated your comment'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=comments");
break;
case 'delete':
osc_csrf_check();
$this->itemCommentManager->deleteByPrimaryKey(Params::getParam('id'));
osc_add_flash_ok_message(_m('The comment has been deleted'), 'admin');
osc_run_hook('delete_comment', Params::getParam('id'));
$this->redirectTo(osc_admin_base_url(true) . "?page=comments");
break;
default:
require_once osc_lib_path() . "osclass/classes/datatables/CommentsDataTable.php";
// set default iDisplayLength
if (Params::getParam('iDisplayLength') != '') {
Cookie::newInstance()->push('listing_iDisplayLength', Params::getParam('iDisplayLength'));
Cookie::newInstance()->set();
} else {
// set a default value if it's set in the cookie
if (Cookie::newInstance()->get_value('listing_iDisplayLength') != '') {
Params::setParam('iDisplayLength', Cookie::newInstance()->get_value('listing_iDisplayLength'));
} else {
Params::setParam('iDisplayLength', 10);
}
}
$this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength'));
// Table header order by related
if (Params::getParam('sort') == '') {
Params::setParam('sort', 'date');
}
if (Params::getParam('direction') == '') {
Params::setParam('direction', 'desc');
}
$page = (int) Params::getParam('iPage');
if ($page == 0) {
$page = 1;
}
Params::setParam('iPage', $page);
$params = Params::getParamsAsArray();
$commentsDataTable = new CommentsDataTable();
$commentsDataTable->table($params);
$aData = $commentsDataTable->getData();
if (count($aData['aRows']) == 0 && $page != 1) {
$total = (int) $aData['iTotalDisplayRecords'];
$maxPage = ceil($total / (int) $aData['iDisplayLength']);
$url = osc_admin_base_url(true) . '?' . Params::getServerParam('QUERY_STRING', false, false);
if ($maxPage == 0) {
$url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url);
$this->redirectTo($url);
}
if ($page > 1) {
$url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url);
$this->redirectTo($url);
}
}
$this->_exportVariableToView('aData', $aData);
$this->_exportVariableToView('aRawRows', $commentsDataTable->rawRows());
$bulk_options = array(array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')), array('value' => 'delete_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Delete'))), 'label' => __('Delete')), array('value' => 'activate_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Activate'))), 'label' => __('Activate')), array('value' => 'deactivate_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Deactivate'))), 'label' => __('Deactivate')), array('value' => 'disable_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Block'))), 'label' => __('Block')), array('value' => 'enable_all', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected comments?'), strtolower(__('Unblock'))), 'label' => __('Unblock')));
$bulk_options = osc_apply_filter("comment_bulk_filter", $bulk_options);
$this->_exportVariableToView('bulk_options', $bulk_options);
$this->doView('comments/index.php');
break;
}
}
function doModel()
{
switch ($this->action) {
case 'dashboard':
//dashboard...
$max_items = Params::getParam('max_items') != '' ? Params::getParam('max_items') : 5;
$aItems = Item::newInstance()->findByUserIDEnabled(osc_logged_user_id(), 0, $max_items);
//calling the view...
$this->_exportVariableToView('items', $aItems);
$this->_exportVariableToView('max_items', $max_items);
$this->doView('user-dashboard.php');
break;
case 'profile':
//profile...
$user = User::newInstance()->findByPrimaryKey(osc_logged_user_id());
$aCountries = Country::newInstance()->listAll();
$aRegions = array();
if ($user['fk_c_country_code'] != '') {
$aRegions = Region::newInstance()->findByCountry($user['fk_c_country_code']);
} elseif (count($aCountries) > 0) {
$aRegions = Region::newInstance()->findByCountry($aCountries[0]['pk_c_code']);
}
$aCities = array();
if ($user['fk_i_region_id'] != '') {
$aCities = City::newInstance()->findByRegion($user['fk_i_region_id']);
} else {
if (count($aRegions) > 0) {
$aCities = City::newInstance()->findByRegion($aRegions[0]['pk_i_id']);
}
}
//calling the view...
$this->_exportVariableToView('countries', $aCountries);
$this->_exportVariableToView('regions', $aRegions);
$this->_exportVariableToView('cities', $aCities);
$this->_exportVariableToView('user', $user);
$this->_exportVariableToView('locales', OSCLocale::newInstance()->listAllEnabled());
$this->doView('user-profile.php');
break;
case 'profile_post':
//profile post...
osc_csrf_check();
$userId = Session::newInstance()->_get('userId');
require_once LIB_PATH . 'osclass/UserActions.php';
$userActions = new UserActions(false);
$success = $userActions->edit($userId);
if ($success == 1 || $success == 2) {
osc_add_flash_ok_message(_m('Your profile has been updated successfully'));
} else {
osc_add_flash_error_message($success);
}
$this->redirectTo(osc_user_profile_url());
break;
case 'alerts':
//alerts
$aAlerts = Alerts::newInstance()->findByUser(Session::newInstance()->_get('userId'), false);
$user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId'));
foreach ($aAlerts as $k => $a) {
$array_conditions = (array) json_decode($a['s_search']);
// $search = Search::newInstance();
$search = new Search();
$search->setJsonAlert($array_conditions);
$search->limit(0, 3);
$aAlerts[$k]['items'] = $search->doSearch();
}
$this->_exportVariableToView('alerts', $aAlerts);
View::newInstance()->_reset('alerts');
$this->_exportVariableToView('user', $user);
$this->doView('user-alerts.php');
break;
case 'change_email':
//change email
$this->doView('user-change_email.php');
break;
case 'change_email_post':
//change email post
osc_csrf_check();
if (!osc_validate_email(Params::getParam('new_email'))) {
osc_add_flash_error_message(_m('The specified e-mail is not valid'));
$this->redirectTo(osc_change_user_email_url());
} else {
$user = User::newInstance()->findByEmail(Params::getParam('new_email'));
if (!isset($user['pk_i_id'])) {
$userEmailTmp = array();
$userEmailTmp['fk_i_user_id'] = Session::newInstance()->_get('userId');
$userEmailTmp['s_new_email'] = Params::getParam('new_email');
UserEmailTmp::newInstance()->insertOrUpdate($userEmailTmp);
$code = osc_genRandomPassword(30);
$date = date('Y-m-d H:i:s');
$userManager = new User();
$userManager->update(array('s_pass_code' => $code, 's_pass_date' => $date, 's_pass_ip' => $_SERVER['REMOTE_ADDR']), array('pk_i_id' => Session::newInstance()->_get('userId')));
$validation_url = osc_change_user_email_confirm_url(Session::newInstance()->_get('userId'), $code);
osc_run_hook('hook_email_new_email', Params::getParam('new_email'), $validation_url);
$this->redirectTo(osc_user_profile_url());
} else {
osc_add_flash_error_message(_m('The specified e-mail is already in use'));
$this->redirectTo(osc_change_user_email_url());
}
}
break;
case 'change_username':
//change username
$this->doView('user-change_username.php');
break;
case 'change_username_post':
//change username
$username = osc_sanitize_username(Params::getParam('s_username'));
osc_run_hook('before_username_change', Session::newInstance()->_get('userId'), $username);
if ($username != '') {
$user = User::newInstance()->findByUsername($username);
if (isset($user['s_username'])) {
osc_add_flash_error_message(_m('The specified username is already in use'));
} else {
if (!osc_is_username_blacklisted($username)) {
User::newInstance()->update(array('s_username' => $username), array('pk_i_id' => Session::newInstance()->_get('userId')));
osc_add_flash_ok_message(_m('The username was updated'));
osc_run_hook('after_username_change', Session::newInstance()->_get('userId'), Params::getParam('s_username'));
$this->redirectTo(osc_user_profile_url());
} else {
osc_add_flash_error_message(_m('The specified username is not valid, it contains some invalid words'));
}
}
} else {
osc_add_flash_error_message(_m('The specified username could not be empty'));
}
$this->redirectTo(osc_change_user_username_url());
break;
case 'change_password':
//change password
$this->doView('user-change_password.php');
break;
case 'change_password_post':
//change password post
osc_csrf_check();
$user = User::newInstance()->findByPrimaryKey(Session::newInstance()->_get('userId'));
if (Params::getParam('password', false, false) == '' || Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') {
osc_add_flash_warning_message(_m('Password cannot be blank'));
$this->redirectTo(osc_change_user_password_url());
}
if (!osc_verify_password(Params::getParam('password', false, false), $user['s_password'])) {
osc_add_flash_error_message(_m("Current password doesn't match"));
$this->redirectTo(osc_change_user_password_url());
}
if (!Params::getParam('new_password', false, false)) {
osc_add_flash_error_message(_m("Passwords can't be empty"));
$this->redirectTo(osc_change_user_password_url());
}
if (Params::getParam('new_password', false, false) != Params::getParam('new_password2', false, false)) {
osc_add_flash_error_message(_m("Passwords don't match"));
$this->redirectTo(osc_change_user_password_url());
}
User::newInstance()->update(array('s_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => Session::newInstance()->_get('userId')));
osc_add_flash_ok_message(_m('Password has been changed'));
$this->redirectTo(osc_user_profile_url());
break;
case 'items':
// view items user
$itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 10;
$page = Params::getParam('iPage') > 0 ? Params::getParam('iPage') - 1 : 0;
$itemType = Params::getParam('itemType');
$total_items = Item::newInstance()->countItemTypesByUserID(osc_logged_user_id(), $itemType);
$total_pages = ceil($total_items / $itemsPerPage);
$items = Item::newInstance()->findItemTypesByUserID(osc_logged_user_id(), $page * $itemsPerPage, $itemsPerPage, $itemType);
$this->_exportVariableToView('items', $items);
$this->_exportVariableToView('search_total_pages', $total_pages);
$this->_exportVariableToView('search_total_items', $total_items);
$this->_exportVariableToView('items_per_page', $itemsPerPage);
$this->_exportVariableToView('items_type', $itemType);
$this->_exportVariableToView('search_page', $page);
$this->doView('user-items.php');
break;
case 'activate_alert':
$email = Params::getParam('email');
$secret = Params::getParam('secret');
$result = 0;
if ($email != '' && $secret != '') {
$result = Alerts::newInstance()->activate($email, $secret);
}
if ($result == 1) {
osc_add_flash_ok_message(_m('Alert activated'));
} else {
osc_add_flash_error_message(_m('Oops! There was a problem trying to activate your alert. Please contact an administrator'));
}
$this->redirectTo(osc_base_url());
break;
case 'unsub_alert':
$email = Params::getParam('email');
$secret = Params::getParam('secret');
$id = Params::getParam('id');
$alert = Alerts::newInstance()->findByPrimaryKey($id);
$result = 0;
if (!empty($alert)) {
if ($email == $alert['s_email'] && $secret == $alert['s_secret']) {
$result = Alerts::newInstance()->unsub($id);
}
}
if ($result == 1) {
osc_add_flash_ok_message(_m('Unsubscribed correctly'));
} else {
osc_add_flash_error_message(_m('Oops! There was a problem trying to unsubscribe you. Please contact an administrator'));
}
$this->redirectTo(osc_user_alerts_url());
break;
case 'delete':
$id = Params::getParam('id');
$secret = Params::getParam('secret');
if (osc_is_web_user_logged_in()) {
$user = User::newInstance()->findByPrimaryKey(osc_logged_user_id());
View::newInstance()->_exportVariableToView('user', $user);
if (!empty($user) && osc_logged_user_id() == $id && $secret == $user['s_secret']) {
User::newInstance()->deleteUser(osc_logged_user_id());
Session::newInstance()->_drop('userId');
Session::newInstance()->_drop('userName');
Session::newInstance()->_drop('userEmail');
Session::newInstance()->_drop('userPhone');
Cookie::newInstance()->pop('oc_userId');
Cookie::newInstance()->pop('oc_userSecret');
Cookie::newInstance()->set();
osc_add_flash_ok_message(_m("Your account have been deleted"));
$this->redirectTo(osc_base_url());
} else {
osc_add_flash_error_message(_m("Oops! you can not do that"));
$this->redirectTo(osc_user_dashboard_url());
}
} else {
osc_add_flash_error_message(_m("Oops! you can not do that"));
$this->redirectTo(osc_base_url());
}
break;
}
}
function doModel()
{
parent::doModel();
switch($this->action) {
case('add'): // callin add view
$this->_exportVariableToView( 'admin', null );
$this->doView('admins/frm.php');
break;
case('add_post'): if( defined('DEMO') ) {
osc_add_flash_warning_message( _m("This action can't be done because it's a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
osc_csrf_check();
// adding a new admin
$sPassword = Params::getParam('s_password', false, false);
$sName = Params::getParam('s_name');
$sEmail = Params::getParam('s_email');
$sUserName = Params::getParam('s_username');
$bModerator = Params::getParam('b_moderator')==0?0:1;
// cleaning parameters
$sPassword = strip_tags($sPassword);
$sPassword = trim($sPassword);
$sName = strip_tags($sName);
$sName = trim($sName);
$sEmail = strip_tags($sEmail);
$sEmail = trim($sEmail);
$sUserName = strip_tags($sUserName);
$sUserName = trim($sUserName);
// Checks for legit data
if( !osc_validate_email($sEmail, true) ) {
osc_add_flash_warning_message( _m("Email invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
if( !osc_validate_username($sUserName) ) {
osc_add_flash_warning_message( _m("Username invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
if( $sName == '' ) {
osc_add_flash_warning_message( _m("Name invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true).'?page=admins&action=add');
}
if( $sPassword == '' ) {
osc_add_flash_warning_message( _m("Password invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
$admin = $this->adminManager->findByEmail($sEmail);
if( $admin ) {
osc_add_flash_warning_message( _m("Email already in use"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
$admin = $this->adminManager->findByUsername($sUserName);
if( $admin ) {
osc_add_flash_warning_message( _m("Username already in use"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
$array = array(
's_password' => osc_hash_password($sPassword),
's_name' => $sName,
's_email' => $sEmail,
's_username' => $sUserName,
'b_moderator' => $bModerator
);
$isInserted = $this->adminManager->insert($array);
if( $isInserted ) {
// send email
osc_run_hook('hook_email_new_admin', array(
's_name' => $sName,
's_username' => $sUserName,
's_password' => $sPassword,
's_email' => $sEmail
)
);
osc_add_flash_ok_message( _m('The admin has been added'), 'admin');
} else {
osc_add_flash_error_message( _m('There has been an error adding a new admin'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true).'?page=admins');
break;
case('edit'): // calling edit admin view
$adminEdit = null;
$adminId = Params::getParam('id');
if( $adminId != '' ) {
$adminEdit = $this->adminManager->findByPrimaryKey((int) $adminId);
} elseif( Session::newInstance()->_get('adminId') != '') {
$adminEdit = $this->adminManager->findByPrimaryKey( Session::newInstance()->_get('adminId') );
}
if( count($adminEdit) == 0 ) {
osc_add_flash_error_message( _m('There is no admin with this id'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
$this->_exportVariableToView("admin", $adminEdit);
$this->doView('admins/frm.php');
break;
case('edit_post'): if( defined('DEMO') ) {
osc_add_flash_warning_message( _m("This action can't be done because it's a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
osc_csrf_check();
// updating a new admin
$iUpdated = 0;
$adminId = Params::getParam('id');
$sPassword = Params::getParam('s_password', false, false);
$sPassword2 = Params::getParam('s_password2', false, false);
$sOldPassword = Params::getParam('old_password', false, false);
$sName = Params::getParam('s_name');
$sEmail = Params::getParam('s_email');
$sUserName = Params::getParam('s_username');
$bModerator = Params::getParam('b_moderator')==0?0:1;
// cleaning parameters
$sPassword = strip_tags($sPassword);
$sPassword = trim($sPassword);
$sPassword2 = strip_tags($sPassword2);
$sPassword2 = trim($sPassword2);
$sName = strip_tags($sName);
$sName = trim($sName);
$sEmail = strip_tags($sEmail);
$sEmail = trim($sEmail);
$sUserName = strip_tags($sUserName);
$sUserName = trim($sUserName);
// Checks for legit data
if( !osc_validate_email($sEmail, true) ) {
osc_add_flash_warning_message( _m("Email invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
if( !osc_validate_username($sUserName) ) {
osc_add_flash_warning_message( _m("Username invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
if( $sName == '' ) {
osc_add_flash_warning_message( _m("Name invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
$aAdmin = $this->adminManager->findByPrimaryKey($adminId);
if( count($aAdmin) == 0 ) {
osc_add_flash_error_message( _m("This admin doesn't exist"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
if( $aAdmin['s_email'] != $sEmail ) {
if($this->adminManager->findByEmail( $sEmail ) ) {
osc_add_flash_warning_message( _m('Existing email'), 'admin');
$this->redirectTo(osc_admin_base_url(true).'?page=admins&action=edit&id=' . $adminId);
}
}
if( $aAdmin['s_username'] != $sUserName ) {
if( $this->adminManager->findByUsername( $sUserName ) ) {
osc_add_flash_warning_message( _m('Existing username'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
}
$conditions = array('pk_i_id' => $adminId);
$array = array();
if(osc_logged_admin_id()==$adminId) {
if($sOldPassword != '' ) {
if( $sPassword=='' ) {
osc_add_flash_warning_message( _m("Password invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
} else {
$firstCondition = osc_verify_password($sOldPassword, $aAdmin['s_password']);
$secondCondition = ( $sPassword == $sPassword2 );
if( $firstCondition && $secondCondition ) {
$array['s_password'] = osc_hash_password($sPassword);
} else {
osc_add_flash_warning_message( _m("The password couldn't be updated. Passwords don't match"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
}
}
} else {
if( $sPassword!='') {
if($sPassword == $sPassword2) {
$array['s_password'] = osc_hash_password($sPassword);
} else {
osc_add_flash_warning_message( _m("The password couldn't be updated. Passwords don't match"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
}
}
if($adminId!=osc_logged_admin_id()) {
$array['b_moderator'] = $bModerator;
}
$array['s_name'] = Params::getParam('s_name');
$array['s_username'] = $sUserName;
$array['s_email'] = $sEmail;
$iUpdated = $this->adminManager->update($array, $conditions);
if( $iUpdated > 0 ) {
osc_add_flash_ok_message( _m('The admin has been updated'), 'admin');
}
if( $this->isModerator() ) {
$this->redirectTo(osc_admin_base_url(true));
} else {
$this->redirectTo(osc_admin_base_url(true).'?page=admins');
}
break;
case('delete'): if( defined('DEMO') ) {
osc_add_flash_warning_message( _m("This action can't be done because it's a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
osc_csrf_check();
// deleting and admin
$isDeleted = false;
$adminId = Params::getParam('id');
if( !is_array($adminId) ) {
osc_add_flash_error_message( _m("The admin id isn't in the correct format"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
// Verification to avoid an administrator trying to remove to itself
if( in_array(Session::newInstance()->_get('adminId'), $adminId) ) {
osc_add_flash_error_message( _m("The operation hasn't been completed. You're trying to remove yourself!"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
$isDeleted = $this->adminManager->deleteBatch( $adminId );
if( $isDeleted ) {
osc_add_flash_ok_message( _m('The admin has been deleted correctly'), 'admin');
} else {
osc_add_flash_error_message( _m('The admin couldn\'t be deleted'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
break;
default:
if(Params::getParam("action")!="") {
osc_run_hook("admin_bulk_".Params::getParam("action"), Params::getParam('id'));
}
if( Params::getParam('iDisplayLength') == '' ) {
Params::setParam('iDisplayLength', 10 );
}
$p_iPage = 1;
if( is_numeric(Params::getParam('iPage')) && Params::getParam('iPage') >= 1 ) {
$p_iPage = Params::getParam('iPage');
}
Params::setParam('iPage', $p_iPage);
$admins = $this->adminManager->listAll();
// pagination
$start = ($p_iPage-1) * Params::getParam('iDisplayLength');
$limit = Params::getParam('iDisplayLength');
$count = count( $admins );
$displayRecords = $limit;
if( ($start+$limit ) > $count ) {
$displayRecords = ($start+$limit) - $count;
}
// ----
$aData = array();
$max = ($start+$limit);
if($max > $count) $max = $count;
for($i = $start; $i < $max; $i++) {
$admin = $admins[$i];
$options = array();
$options[] = '<a href="' . osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $admin['pk_i_id'] . '">' . __('Edit') . '</a>';
$options[] = '<a onclick="return delete_dialog(\'' . $admin['pk_i_id'] . '\');" href="' . osc_admin_base_url(true) . '?page=admins&action=delete&id[]=' . $admin['pk_i_id'] . '">' . __('Delete') . '</a>';
$auxOptions = '<ul>'.PHP_EOL;
foreach( $options as $actual ) {
$auxOptions .= '<li>'.$actual.'</li>'.PHP_EOL;
}
$actions = '<div class="actions">'.$auxOptions.'</div>'.PHP_EOL;
$row = array();
$row[] = '<input type="checkbox" name="id[]" value="' . $admin['pk_i_id'] . '" />';
$row[] = $admin['s_username'] . $actions;
$row[] = $admin['s_name'];
$row[] = $admin['s_email'];
$aData[] = $row;
}
$array['iTotalRecords'] = $displayRecords;
$array['iTotalDisplayRecords'] = count($admins);
$array['iDisplayLength'] = $limit;
$array['aaData'] = $aData;
$page = (int)Params::getParam('iPage');
if(count($array['aaData']) == 0 && $page!=1) {
$total = (int)$array['iTotalDisplayRecords'];
$maxPage = ceil( $total / (int)$array['iDisplayLength'] );
$url = osc_admin_base_url(true).'?'.$_SERVER['QUERY_STRING'];
if($maxPage==0) {
$url = preg_replace('/&iPage=(\d)+/', '&iPage=1', $url);
$this->redirectTo($url);
}
if($page > 1) {
$url = preg_replace('/&iPage=(\d)+/', '&iPage='.$maxPage, $url);
$this->redirectTo($url);
}
}
$bulk_options = array(
array('value' => '', 'data-dialog-content' => '', 'label' => __('Bulk actions')),
array('value' => 'delete', 'data-dialog-content' => sprintf(__('Are you sure you want to %s the selected admins?'), strtolower(__('Delete'))), 'label' => __('Delete'))
);
$bulk_options = osc_apply_filter("admin_bulk_filter", $bulk_options);
$this->_exportVariableToView('bulk_options', $bulk_options);
$this->_exportVariableToView('aAdmins', $array);
// calling manage admins view
$this->doView('admins/index.php');
break;
}
}
function add()
{
$error = array();
$flash_error = '';
if( (osc_recaptcha_private_key() != '') && !$this->is_admin ) {
if( !osc_check_recaptcha() ) {
$flash_error .= _m('The reCAPTCHA was not entered correctly') . PHP_EOL;
$error[] = 4;
}
}
if( Params::getParam('s_password', false, false) == '' ) {
$flash_error .= _m('The password cannot be empty') . PHP_EOL;
$error[] = 6;
}
if( Params::getParam('s_password', false, false) != Params::getParam('s_password2', false, false) ) {
$flash_error .= _m("Passwords don't match") . PHP_EOL;
$error[] = 7;
}
$input = $this->prepareData(true);
if( $input['s_name']=='' ) {
$flash_error .= _m('The name cannot be empty') . PHP_EOL;
$error[] = 10;
}
if( !osc_validate_email($input['s_email']) ) {
$flash_error .= _m('The email is not valid') . PHP_EOL;
$error[] = 5;
}
$email_taken = $this->manager->findByEmail($input['s_email']);
if( $email_taken != false ) {
osc_run_hook('register_email_taken', $input['s_email']);
$flash_error .= _m('The specified e-mail is already in use') . PHP_EOL;
$error[] = 3;
}
if($input['s_username']!='') {
$username_taken = $this->manager->findByUsername($input['s_username']);
if( !$error && $username_taken != false ) {
$flash_error .= _m("Username is already taken") . PHP_EOL;
$error[] = 8;
}
if(osc_is_username_blacklisted($input['s_username'])) {
$flash_error .= _m("The specified username is not valid, it contains some invalid words") . PHP_EOL;
$error[] = 9;
}
}
if($flash_error!='') {
osc_run_hook('user_register_failed', $error);
return $flash_error;
}
// hook pre add or edit
osc_run_hook('pre_user_post');
$this->manager->insert($input);
$userId = $this->manager->dao->insertedId();
if($input['s_username']=='') {
$this->manager->update(
array('s_username' => $userId)
,array('pk_i_id' => $userId)
);
}
if ( is_array( Params::getParam('s_info') ) ) {
foreach (Params::getParam('s_info') as $key => $value) {
$this->manager->updateDescription($userId, $key, $value);
}
}
Log::newInstance()->insertLog('user', 'add', $userId, $input['s_email'], $this->is_admin ? 'admin' : 'user', $this->is_admin ? osc_logged_admin_id() : $userId);
// update items with s_contact_email the same as new user email
$aItems = Item::newInstance()->findByEmail( $input['s_email'] );
foreach( $aItems as $aux ) {
if( Item::newInstance()->update(array('fk_i_user_id' => $userId, 's_contact_name' => $input['s_name']), array('pk_i_id' => $aux['pk_i_id']) ) ) {
$this->manager->increaseNumItems($userId);
}
}
// update alerts user id with the same email
Alerts::newInstance()->update(array('fk_i_user_id' => $userId), array('s_email' => $input['s_email']));
$user = $this->manager->findByPrimaryKey($userId);
if( osc_notify_new_user() && !$this->is_admin ) {
osc_run_hook('hook_email_admin_new_user', $user);
}
if( osc_user_validation_enabled() && !$this->is_admin ) {
osc_run_hook('hook_email_user_validation', $user, $input);
$success = 1;
} else {
$this->manager->update(
array('b_active' => '1')
,array('pk_i_id' => $userId)
);
$success = 2;
}
osc_run_hook('user_register_completed', $userId);
return $success;
}
function doModel()
{
//specific things for this class
switch ($this->action) {
case 'bulk_actions':
break;
case 'regions':
//Return regions given a countryId
$regions = Region::newInstance()->findByCountry(Params::getParam("countryId"));
echo json_encode($regions);
break;
case 'cities':
//Returns cities given a regionId
$cities = City::newInstance()->findByRegion(Params::getParam("regionId"));
echo json_encode($cities);
break;
case 'location':
// This is the autocomplete AJAX
$cities = City::newInstance()->ajax(Params::getParam("term"));
foreach ($cities as $k => $city) {
$cities[$k]['label'] = $city['label'] . " (" . $city['region'] . ")";
}
echo json_encode($cities);
break;
case 'location_countries':
// This is the autocomplete AJAX
$countries = Country::newInstance()->ajax(Params::getParam("term"));
echo json_encode($countries);
break;
case 'location_regions':
// This is the autocomplete AJAX
$regions = Region::newInstance()->ajax(Params::getParam("term"), Params::getParam("country"));
echo json_encode($regions);
break;
case 'location_cities':
// This is the autocomplete AJAX
$cities = City::newInstance()->ajax(Params::getParam("term"), Params::getParam("region"));
echo json_encode($cities);
break;
case 'delete_image':
// Delete images via AJAX
$ajax_photo = Params::getParam('ajax_photo');
$id = Params::getParam('id');
$item = Params::getParam('item');
$code = Params::getParam('code');
$secret = Params::getParam('secret');
$json = array();
if ($ajax_photo != '') {
$files = Session::newInstance()->_get('ajax_files');
$success = false;
foreach ($files as $uuid => $file) {
if ($file == $ajax_photo) {
$filename = $files[$uuid];
unset($files[$uuid]);
Session::newInstance()->_set('ajax_files', $files);
$success = @unlink(osc_content_path() . 'uploads/temp/' . $filename);
break;
}
}
echo json_encode(array('success' => $success, 'msg' => $success ? _m('The selected photo has been successfully deleted') : _m("The selected photo couldn't be deleted")));
return false;
}
if (Session::newInstance()->_get('userId') != '') {
$userId = Session::newInstance()->_get('userId');
$user = User::newInstance()->findByPrimaryKey($userId);
} else {
$userId = null;
$user = null;
}
// Check for required fields
if (!(is_numeric($id) && is_numeric($item) && preg_match('/^([a-z0-9]+)$/i', $code))) {
$json['success'] = false;
$json['msg'] = _m("The selected photo couldn't be deleted, the url doesn't exist");
echo json_encode($json);
return false;
}
$aItem = Item::newInstance()->findByPrimaryKey($item);
// Check if the item exists
if (count($aItem) == 0) {
$json['success'] = false;
$json['msg'] = _m("The listing doesn't exist");
echo json_encode($json);
return false;
}
if (!osc_is_admin_user_logged_in()) {
// Check if the item belong to the user
if ($userId != null && $userId != $aItem['fk_i_user_id']) {
$json['success'] = false;
$json['msg'] = _m("The listing doesn't belong to you");
echo json_encode($json);
return false;
}
// Check if the secret passphrase match with the item
if ($userId == null && $aItem['fk_i_user_id'] == null && $secret != $aItem['s_secret']) {
$json['success'] = false;
$json['msg'] = _m("The listing doesn't belong to you");
echo json_encode($json);
return false;
}
}
// Does id & code combination exist?
$result = ItemResource::newInstance()->existResource($id, $code);
if ($result > 0) {
$resource = ItemResource::newInstance()->findByPrimaryKey($id);
if ($resource['fk_i_item_id'] == $item) {
// Delete: file, db table entry
if (defined(OC_ADMIN)) {
osc_deleteResource($id, true);
Log::newInstance()->insertLog('ajax', 'deleteimage', $id, $id, 'admin', osc_logged_admin_id());
} else {
osc_deleteResource($id, false);
Log::newInstance()->insertLog('ajax', 'deleteimage', $id, $id, 'user', osc_logged_user_id());
}
ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $item, 's_name' => $code));
$json['msg'] = _m('The selected photo has been successfully deleted');
$json['success'] = 'true';
} else {
$json['msg'] = _m("The selected photo does not belong to you");
$json['success'] = 'false';
}
} else {
$json['msg'] = _m("The selected photo couldn't be deleted");
$json['success'] = 'false';
}
echo json_encode($json);
return true;
break;
case 'alerts':
// Allow to register to an alert given (not sure it's used on admin)
$encoded_alert = Params::getParam("alert");
$alert = osc_decrypt_alert(base64_decode($encoded_alert));
// check alert integrity / signature
$stringToSign = osc_get_alert_public_key() . $encoded_alert;
$signature = hex2b64(hmacsha1(osc_get_alert_private_key(), $stringToSign));
$server_signature = Session::newInstance()->_get('alert_signature');
if ($server_signature != $signature) {
echo '-2';
return false;
}
$email = Params::getParam("email");
$userid = Params::getParam("userid");
if (osc_is_web_user_logged_in()) {
$userid = osc_logged_user_id();
$user = User::newInstance()->findByPrimaryKey($userid);
$email = $user['s_email'];
}
if ($alert != '' && $email != '') {
if (osc_validate_email($email)) {
$secret = osc_genRandomPassword();
if ($alertID = Alerts::newInstance()->createAlert($userid, $email, $alert, $secret)) {
if ((int) $userid > 0) {
$user = User::newInstance()->findByPrimaryKey($userid);
if ($user['b_active'] == 1 && $user['b_enabled'] == 1) {
Alerts::newInstance()->activate($alertID);
echo '1';
return true;
} else {
echo '-1';
return false;
}
} else {
$aAlert = Alerts::newInstance()->findByPrimaryKey($alertID);
osc_run_hook('hook_email_alert_validation', $aAlert, $email, $secret);
}
echo "1";
} else {
echo "0";
}
return true;
} else {
echo '-1';
return false;
}
}
echo '0';
return false;
break;
case 'runhook':
// run hooks
$hook = Params::getParam('hook');
if ($hook == '') {
echo json_encode(array('error' => 'hook parameter not defined'));
break;
}
switch ($hook) {
case 'item_form':
osc_run_hook('item_form', Params::getParam('catId'));
break;
case 'item_edit':
$catId = Params::getParam("catId");
$itemId = Params::getParam("itemId");
osc_run_hook("item_edit", $catId, $itemId);
break;
default:
osc_run_hook('ajax_' . $hook);
break;
}
break;
case 'custom':
// Execute via AJAX custom file
if (Params::existParam('route')) {
$routes = Rewrite::newInstance()->getRoutes();
$rid = Params::getParam('route');
$file = '../';
if (isset($routes[$rid]) && isset($routes[$rid]['file'])) {
$file = $routes[$rid]['file'];
}
} else {
// DEPRECATED: Disclosed path in URL is deprecated, use routes instead
// This will be REMOVED in 3.4
$file = Params::getParam('ajaxfile');
}
if ($file == '') {
echo json_encode(array('error' => 'no action defined'));
break;
}
// valid file?
if (strpos($file, '../') !== false || strpos($file, '..\\') !== false || stripos($file, '/admin/') !== false) {
//If the file is inside an "admin" folder, it should NOT be opened in frontend
echo json_encode(array('error' => 'no valid ajaxFile'));
break;
}
if (!file_exists(osc_plugins_path() . $file)) {
echo json_encode(array('error' => "ajaxFile doesn't exist"));
break;
}
require_once osc_plugins_path() . $file;
break;
case 'check_username_availability':
$username = osc_sanitize_username(Params::getParam('s_username'));
if (!osc_is_username_blacklisted($username)) {
$user = User::newInstance()->findByUsername($username);
if (isset($user['s_username'])) {
echo json_encode(array('exists' => 1, 's_username' => $username));
} else {
echo json_encode(array('exists' => 0, 's_username' => $username));
}
} else {
echo json_encode(array('exists' => 1, 's_username' => $username));
}
break;
case 'ajax_upload':
// Include the uploader class
require_once LIB_PATH . "AjaxUploader.php";
$uploader = new AjaxUploader();
$original = pathinfo($uploader->getOriginalName());
$filename = uniqid("qqfile_") . "." . $original['extension'];
$result = $uploader->handleUpload(osc_content_path() . 'uploads/temp/' . $filename);
$result['uploadName'] = $filename;
echo htmlspecialchars(json_encode($result), ENT_NOQUOTES);
break;
case 'ajax_validate':
$id = Params::getParam('id');
if (!is_numeric($id)) {
echo json_encode(array('success' => false));
die;
}
$secret = Params::getParam('secret');
$item = Item::newInstance()->findByPrimaryKey($id);
if ($item['s_secret'] != $secret) {
echo json_encode(array('success' => false));
die;
}
$nResources = ItemResource::newInstance()->countResources($id);
$result = array('success' => $nResources < osc_max_images_per_item(), 'count' => $nResources);
echo json_encode($result);
break;
case 'delete_ajax_upload':
$files = Session::newInstance()->_get('ajax_files');
$success = false;
$filename = '';
if (isset($files[Params::getParam('qquuid')]) && $files[Params::getParam('qquuid')] != '') {
$filename = $files[Params::getParam('qquuid')];
unset($files[Params::getParam('qquuid')]);
Session::newInstance()->_set('ajax_files', $files);
$success = @unlink(osc_content_path() . 'uploads/temp/' . $filename);
}
echo json_encode(array('success' => $success, 'uploadName' => $filename));
break;
default:
echo json_encode(array('error' => __('no action defined')));
break;
}
// clear all keep variables into session
Session::newInstance()->_dropKeepForm();
Session::newInstance()->_clearVariables();
}
function doModel()
{
parent::doModel();
switch ($this->action) {
case 'add':
// callin add view
$this->_exportVariableToView('admin', null);
$this->doView('admins/frm.php');
break;
case 'add_post':
if (defined('DEMO')) {
osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
// adding a new admin
$sPassword = Params::getParam('s_password', false, false);
$sName = Params::getParam('s_name');
$sEmail = Params::getParam('s_email');
$sUserName = Params::getParam('s_username');
// cleaning parameters
$sPassword = strip_tags($sPassword);
$sPassword = trim($sPassword);
$sName = strip_tags($sName);
$sName = trim($sName);
$sEmail = strip_tags($sEmail);
$sEmail = trim($sEmail);
$sUserName = strip_tags($sUserName);
$sUserName = trim($sUserName);
// Checks for legit data
if (!osc_validate_email($sEmail, true)) {
osc_add_flash_warning_message(_m("Email invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
if (!osc_validate_username($sUserName)) {
osc_add_flash_warning_message(_m("Username invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
if ($sName == '') {
osc_add_flash_warning_message(_m("Name invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
if ($sPassword == '') {
osc_add_flash_warning_message(_m("Password invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
$admin = $this->adminManager->findByEmail($sEmail);
if ($admin) {
osc_add_flash_warning_message(_m("Email already in use"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
$admin = $this->adminManager->findByUsername($sUserName);
if ($admin) {
osc_add_flash_warning_message(_m("Username already in use"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=add');
}
$array = array('s_password' => sha1($sPassword), 's_name' => $sName, 's_email' => $sEmail, 's_username' => $sUserName);
$isInserted = $this->adminManager->insert($array);
if ($isInserted) {
osc_add_flash_ok_message(_m('The admin has been added'), 'admin');
} else {
osc_add_flash_error_message(_m('There have been an error adding a new admin'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
break;
case 'edit':
// calling edit admin view
$adminEdit = null;
$adminId = Params::getParam('id');
if ($adminId != '') {
$adminEdit = $this->adminManager->findByPrimaryKey((int) $adminId);
} elseif (Session::newInstance()->_get('adminId') != '') {
$adminEdit = $this->adminManager->findByPrimaryKey(Session::newInstance()->_get('adminId'));
}
if (count($adminEdit) == 0) {
osc_add_flash_error_message(_m('There is no admin admin with this id'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
$this->_exportVariableToView("admin", $adminEdit);
$this->doView('admins/frm.php');
break;
case 'edit_post':
if (defined('DEMO')) {
osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
// updating a new admin
$iUpdated = 0;
$adminId = Params::getParam('id');
$sPassword = Params::getParam('s_password', false, false);
$sPassword2 = Params::getParam('s_password2', false, false);
$sOldPassword = Params::getParam('old_password', false, false);
$sName = Params::getParam('s_name');
$sEmail = Params::getParam('s_email');
$sUserName = Params::getParam('s_username');
// cleaning parameters
$sPassword = strip_tags($sPassword);
$sPassword = trim($sPassword);
$sPassword2 = strip_tags($sPassword2);
$sPassword2 = trim($sPassword2);
$sName = strip_tags($sName);
$sName = trim($sName);
$sEmail = strip_tags($sEmail);
$sEmail = trim($sEmail);
$sUserName = strip_tags($sUserName);
$sUserName = trim($sUserName);
// Checks for legit data
if (!osc_validate_email($sEmail, true)) {
osc_add_flash_warning_message(_m("Email invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
if (!osc_validate_username($sUserName)) {
osc_add_flash_warning_message(_m("Username invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
if ($sName == '') {
osc_add_flash_warning_message(_m("Name invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
$aAdmin = $this->adminManager->findByPrimaryKey($adminId);
if (count($aAdmin) == 0) {
osc_add_flash_error_message(_m("This admin doesn't exist"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
if ($aAdmin['s_email'] != $sEmail) {
if ($this->adminManager->findByEmail($sEmail)) {
osc_add_flash_warning_message(_m('Existing email'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
}
if ($aAdmin['s_username'] != $sUserName) {
if ($this->adminManager->findByUsername($sUserName)) {
osc_add_flash_warning_message(_m('Existing username'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
}
$conditions = array('pk_i_id' => $adminId);
$array = array();
if (osc_logged_admin_id() == $adminId) {
if ($sOldPassword != '') {
if ($sPassword == '') {
osc_add_flash_warning_message(_m("Password invalid"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
} else {
$firstCondition = sha1($sOldPassword) == $aAdmin['s_password'];
$secondCondition = $sPassword == $sPassword2;
if ($firstCondition && $secondCondition) {
$array['s_password'] = sha1($sPassword);
} else {
osc_add_flash_warning_message(_m("The password couldn't be updated. Passwords don't match"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
}
}
} else {
if ($sPassword != '' && $sPassword == $sPassword2) {
$array['s_password'] = sha1($sPassword);
} else {
osc_add_flash_warning_message(_m("The password couldn't be updated. Passwords don't match"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins&action=edit&id=' . $adminId);
}
}
$array['s_name'] = Params::getParam('s_name');
$array['s_username'] = $sUserName;
$array['s_email'] = $sEmail;
$iUpdated = $this->adminManager->update($array, $conditions);
if ($iUpdated > 0) {
osc_add_flash_ok_message(_m('The admin has been updated'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
break;
case 'delete':
if (defined('DEMO')) {
osc_add_flash_warning_message(_m("This action cannot be done because is a demo site"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
// deleting and admin
$isDeleted = false;
$adminId = Params::getParam('id');
if (!is_array($adminId)) {
osc_add_flash_error_message(_m("The admin id isn't in the correct format"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
// Verification to avoid an administrator trying to remove to itself
if (in_array(Session::newInstance()->_get('adminId'), $adminId)) {
osc_add_flash_error_message(_m("The operation hasn't been completed. You're trying to remove yourself!"), 'admin');
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
}
$isDeleted = $this->adminManager->deleteBatch($adminId);
if ($isDeleted) {
osc_add_flash_ok_message(_m('The admin has been deleted correctly'), 'admin');
} else {
osc_add_flash_error_message(_m('The admin couldn\'t be deleted'), 'admin');
}
$this->redirectTo(osc_admin_base_url(true) . '?page=admins');
break;
default:
// calling manage admins view
$admins = $this->adminManager->listAll();
$this->_exportVariableToView('admins', $admins);
$this->doView('admins/index.php');
break;
}
}
function doModel()
{
//specific things for this class
switch ($this->action) {
case 'bulk_actions':
break;
case 'regions':
//Return regions given a countryId
$regions = Region::newInstance()->findByCountry(Params::getParam("countryId"));
echo json_encode($regions);
break;
case 'cities':
//Returns cities given a regionId
$cities = City::newInstance()->findByRegion(Params::getParam("regionId"));
echo json_encode($cities);
break;
case 'location':
// This is the autocomplete AJAX
$cities = City::newInstance()->ajax(Params::getParam("term"));
foreach ($cities as $k => $city) {
$cities[$k]['label'] = $city['label'] . " (" . $city['region'] . ")";
}
echo json_encode($cities);
break;
case 'location_countries':
// This is the autocomplete AJAX
$countries = Country::newInstance()->ajax(Params::getParam("term"));
echo json_encode($countries);
break;
case 'location_regions':
// This is the autocomplete AJAX
$regions = Region::newInstance()->ajax(Params::getParam("term"), Params::getParam("country"));
echo json_encode($regions);
break;
case 'location_cities':
// This is the autocomplete AJAX
$cities = City::newInstance()->ajax(Params::getParam("term"), Params::getParam("region"));
echo json_encode($cities);
break;
case 'delete_image':
// Delete images via AJAX
$id = Params::getParam('id');
$item = Params::getParam('item');
$code = Params::getParam('code');
$secret = Params::getParam('secret');
$json = array();
if (Session::newInstance()->_get('userId') != '') {
$userId = Session::newInstance()->_get('userId');
$user = User::newInstance()->findByPrimaryKey($userId);
} else {
$userId = null;
$user = null;
}
// Check for required fields
if (!(is_numeric($id) && is_numeric($item) && preg_match('/^([a-z0-9]+)$/i', $code))) {
$json['success'] = false;
$json['msg'] = _m("The selected photo couldn't be deleted, the url doesn't exist");
echo json_encode($json);
return false;
}
$aItem = Item::newInstance()->findByPrimaryKey($item);
// Check if the item exists
if (count($aItem) == 0) {
$json['success'] = false;
$json['msg'] = _m("The listing doesn't exist");
echo json_encode($json);
return false;
}
if (!osc_is_admin_user_logged_in()) {
// Check if the item belong to the user
if ($userId != null && $userId != $aItem['fk_i_user_id']) {
$json['success'] = false;
$json['msg'] = _m("The listing doesn't belong to you");
echo json_encode($json);
return false;
}
// Check if the secret passphrase match with the item
if ($userId == null && $aItem['fk_i_user_id'] == null && $secret != $aItem['s_secret']) {
$json['success'] = false;
$json['msg'] = _m("The listing doesn't belong to you");
echo json_encode($json);
return false;
}
}
// Does id & code combination exist?
$result = ItemResource::newInstance()->existResource($id, $code);
if ($result > 0) {
$resource = ItemResource::newInstance()->findByPrimaryKey($id);
if ($resource['fk_i_item_id'] == $item) {
// Delete: file, db table entry
if (defined(OC_ADMIN)) {
osc_deleteResource($id, true);
Log::newInstance()->insertLog('ajax', 'deleteimage', $id, $id, 'admin', osc_logged_admin_id());
} else {
osc_deleteResource($id, false);
Log::newInstance()->insertLog('ajax', 'deleteimage', $id, $id, 'user', osc_logged_user_id());
}
ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $item, 's_name' => $code));
$json['msg'] = _m('The selected photo has been successfully deleted');
$json['success'] = 'true';
} else {
$json['msg'] = _m("The selected photo does not belong to you");
$json['success'] = 'false';
}
} else {
$json['msg'] = _m("The selected photo couldn't be deleted");
$json['success'] = 'false';
}
echo json_encode($json);
return true;
break;
case 'alerts':
// Allow to register to an alert given (not sure it's used on admin)
$alert = Params::getParam("alert");
$email = Params::getParam("email");
$userid = Params::getParam("userid");
if ($alert != '' && $email != '') {
if (osc_validate_email($email)) {
$secret = osc_genRandomPassword();
if ($alertID = Alerts::newInstance()->createAlert($userid, $email, $alert, $secret)) {
if ((int) $userid > 0) {
$user = User::newInstance()->findByPrimaryKey($userid);
if ($user['b_active'] == 1 && $user['b_enabled'] == 1) {
Alerts::newInstance()->activate($alertID);
echo '1';
return true;
} else {
echo '-1';
return false;
}
} else {
$aAlert = Alerts::newInstance()->findByPrimaryKey($alertID);
osc_run_hook('hook_email_alert_validation', $aAlert, $email, $secret);
}
echo "1";
} else {
echo "0";
}
return true;
} else {
echo '-1';
return false;
}
}
echo '0';
return false;
break;
case 'runhook':
// run hooks
$hook = Params::getParam('hook');
if ($hook == '') {
echo json_encode(array('error' => 'hook parameter not defined'));
break;
}
switch ($hook) {
case 'item_form':
osc_run_hook('item_form', Params::getParam('catId'));
break;
case 'item_edit':
$catId = Params::getParam("catId");
$itemId = Params::getParam("itemId");
osc_run_hook("item_edit", $catId, $itemId);
break;
default:
osc_run_hook('ajax_' . $hook);
break;
}
break;
case 'custom':
// Execute via AJAX custom file
$ajaxFile = Params::getParam("ajaxfile");
if ($ajaxFile == '') {
echo json_encode(array('error' => 'no action defined'));
break;
}
// valid file?
if (stripos($ajaxFile, '../') !== false) {
echo json_encode(array('error' => 'no valid ajaxFile'));
break;
}
if (!file_exists(osc_plugins_path() . $ajaxFile)) {
echo json_encode(array('error' => "ajaxFile doesn't exist"));
break;
}
require_once osc_plugins_path() . $ajaxFile;
break;
case 'check_username_availability':
$username = osc_sanitize_username(Params::getParam('s_username'));
if (!osc_is_username_blacklisted($username)) {
$user = User::newInstance()->findByUsername($username);
if (isset($user['s_username'])) {
echo json_encode(array('exists' => 1, 's_username' => $username));
} else {
echo json_encode(array('exists' => 0, 's_username' => $username));
}
} else {
echo json_encode(array('exists' => 1, 's_username' => $username));
}
break;
default:
echo json_encode(array('error' => __('no action defined')));
break;
}
// clear all keep variables into session
Session::newInstance()->_dropKeepForm();
Session::newInstance()->_clearVariables();
}
function doModel()
{
parent::doModel();
//specific things for this class
switch ($this->action) {
case 'bulk_actions':
$id = Params::getParam('id');
if ($id) {
switch (Params::getParam('bulk_actions')) {
case 'delete_all':
$this->itemCommentManager->delete(array(DB_CUSTOM_COND => 'pk_i_id IN (' . implode(', ', $id) . ')'));
foreach ($id as $_id) {
$iUpdated = $this->itemCommentManager->delete(array('pk_i_id' => $_id));
osc_add_hook("delete_comment", $_id);
}
osc_add_flash_ok_message(_m('The comments have been deleted'), 'admin');
break;
case 'activate_all':
foreach ($id as $_id) {
$iUpdated = $this->itemCommentManager->update(array('b_active' => 1), array('pk_i_id' => $_id));
if ($iUpdated) {
$this->sendCommentActivated($_id);
}
osc_add_hook("activate_comment", $_id);
}
osc_add_flash_ok_message(_m('The comments have been approved'), 'admin');
break;
case 'deactivate_all':
foreach ($id as $_id) {
$this->itemCommentManager->update(array('b_active' => 0), array('pk_i_id' => $_id));
osc_add_hook("deactivate_comment", $_id);
}
osc_add_flash_ok_message(_m('The comments have been disapproved'), 'admin');
break;
case 'enable_all':
foreach ($id as $_id) {
$iUpdated = $this->itemCommentManager->update(array('b_enabled' => 1), array('pk_i_id' => $_id));
if ($iUpdated) {
$this->sendCommentActivated($_id);
}
osc_add_hook("enable_comment", $_id);
}
osc_add_flash_ok_message(_m('The comments have been unblocked'), 'admin');
break;
case 'disable_all':
foreach ($id as $_id) {
$this->itemCommentManager->update(array('b_enabled' => 0), array('pk_i_id' => $_id));
osc_add_hook("disable_comment", $_id);
}
osc_add_flash_ok_message(_m('The comments have been blocked'), 'admin');
break;
}
}
$this->redirectTo(osc_admin_base_url(true) . "?page=comments");
break;
case 'status':
$id = Params::getParam('id');
$value = Params::getParam('value');
if (!$id) {
return false;
}
$id = (int) $id;
if (!is_numeric($id)) {
return false;
}
if (!in_array($value, array('ACTIVE', 'INACTIVE', 'ENABLE', 'DISABLE'))) {
return false;
}
if ($value == 'ACTIVE') {
$iUpdated = $this->itemCommentManager->update(array('b_active' => 1), array('pk_i_id' => $id));
if ($iUpdated) {
$this->sendCommentActivated($id);
}
osc_add_hook("activate_comment", $id);
osc_add_flash_ok_message(_m('The comment has been approved'), 'admin');
} else {
if ($value == 'INACTIVE') {
$iUpdated = $this->itemCommentManager->update(array('b_active' => 0), array('pk_i_id' => $id));
osc_add_hook("deactivate_comment", $id);
osc_add_flash_ok_message(_m('The comment has been disapproved'), 'admin');
} else {
if ($value == 'ENABLE') {
$iUpdated = $this->itemCommentManager->update(array('b_enabled' => 1), array('pk_i_id' => $id));
osc_add_hook("enable_comment", $id);
osc_add_flash_ok_message(_m('The comment has been enabled'), 'admin');
} else {
if ($value == 'DISABLE') {
$iUpdated = $this->itemCommentManager->update(array('b_enabled' => 0), array('pk_i_id' => $id));
osc_add_hook("disable_comment", $id);
osc_add_flash_ok_message(_m('The comment has been disabled'), 'admin');
}
}
}
}
$this->redirectTo(osc_admin_base_url(true) . "?page=comments");
break;
case 'comment_edit':
$comment = ItemComment::newInstance()->findByPrimaryKey(Params::getParam('id'));
$this->_exportVariableToView('comment', $comment);
$this->doView('comments/frm.php');
break;
case 'comment_edit_post':
$msg = '';
if (!osc_validate_email(Params::getParam('authorEmail'), true)) {
$msg .= _m('Email is not correct') . "<br/>";
}
if (!osc_validate_text(Params::getParam('body'), 1, true)) {
$msg .= _m('Comment is required') . "<br/>";
}
if ($msg != '') {
osc_add_flash_error_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=comments&action=comment_edit&id=" . Params::getParam('id'));
}
$this->itemCommentManager->update(array('s_title' => Params::getParam('title'), 's_body' => Params::getParam('body'), 's_author_name' => Params::getParam('authorName'), 's_author_email' => Params::getParam('authorEmail')), array('pk_i_id' => Params::getParam('id')));
osc_run_hook('edit_comment', Params::getParam('id'));
osc_add_flash_ok_message(_m('Great! We just updated your comment'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=comments");
break;
case 'delete':
$this->itemCommentManager->deleteByPrimaryKey(Params::getParam('id'));
osc_add_flash_ok_message(_m('The comment has been deleted'), 'admin');
osc_run_hook('delete_comment', Params::getParam('id'));
$this->redirectTo(osc_admin_base_url(true) . "?page=comments");
break;
default:
if (Params::getParam('iDisplayLength') == '') {
Params::setParam('iDisplayLength', 10);
}
// showAll == ''
// -> show all comments filtered
// showAll != ''
// -> show comments which are not
// -> diplayed at frontend
if (Params::getParam('showAll') == '' || Params::getParam('showAll') == '1') {
Params::setParam('showAll', true);
} else {
Params::setParam('showAll', false);
}
$this->_exportVariableToView('iDisplayLength', Params::getParam('iDisplayLength'));
require_once osc_admin_base_path() . 'ajax/comments_processing.php';
$params = Params::getParamsAsArray("get");
$comments_processing = new CommentsProcessingAjax($params);
$aData = $comments_processing->result($params);
$page = (int) Params::getParam('iPage');
if (count($aData['aaData']) == 0 && $page != 1) {
$total = (int) $aData['iTotalDisplayRecords'];
$maxPage = ceil($total / (int) $aData['iDisplayLength']);
$url = osc_admin_base_url(true) . '?' . $_SERVER['QUERY_STRING'];
if ($maxPage == 0) {
$url = preg_replace('/&iPage=(\\d)+/', '&iPage=1', $url);
$this->redirectTo($url);
}
if ($page > 1) {
$url = preg_replace('/&iPage=(\\d)+/', '&iPage=' . $maxPage, $url);
$this->redirectTo($url);
}
}
$this->_exportVariableToView('aComments', $aData);
$this->doView('comments/index.php');
break;
}
}
function add()
{
$success = 0;
$error = false;
if (!$error && osc_recaptcha_private_key() != '' && !$this->is_admin) {
if (!osc_check_recaptcha()) {
$error = 4;
}
}
if (!$error && Params::getParam('s_password', false, false) == '') {
$error = 6;
}
if (!$error && Params::getParam('s_password', false, false) != Params::getParam('s_password2', false, false)) {
$error = 7;
}
$input = $this->prepareData(true);
if (!$error && !osc_validate_email($input['s_email'])) {
$error = 5;
}
$email_taken = $this->manager->findByEmail($input['s_email']);
if (!$error && $email_taken != null) {
osc_run_hook('register_email_taken', $input['s_email']);
$error = 3;
}
if (!$error && $input['s_username'] != '') {
$username_taken = $this->manager->findByUsername($input['s_username']);
if (!$error && $username_taken != null) {
$error = 8;
}
if (osc_is_username_blacklisted($input['s_username'])) {
$error = 9;
}
}
// hook pre add or edit
osc_run_hook('pre_user_post');
if (is_numeric($error) && $error > 0) {
osc_run_hook('user_register_failed', $error);
return $error;
}
$this->manager->insert($input);
$userId = $this->manager->dao->insertedId();
if ($input['s_username'] == '') {
$this->manager->update(array('s_username' => $userId), array('pk_i_id' => $userId));
}
if (is_array(Params::getParam('s_info'))) {
foreach (Params::getParam('s_info') as $key => $value) {
$this->manager->updateDescription($userId, $key, $value);
}
}
Log::newInstance()->insertLog('user', 'add', $userId, $input['s_email'], $this->is_admin ? 'admin' : 'user', $this->is_admin ? osc_logged_admin_id() : $userId);
// update items with s_contact_email the same as new user email
$aItems = Item::newInstance()->findByEmail($input['s_email']);
foreach ($aItems as $aux) {
if (Item::newInstance()->update(array('fk_i_user_id' => $userId, 's_contact_name' => $input['s_name']), array('pk_i_id' => $aux['pk_i_id']))) {
$this->manager->increaseNumItems($userId);
}
}
// update alerts user id with the same email
$aAlerts = Alerts::newInstance()->findByEmail($input['s_email']);
foreach ($aAlerts as $aux) {
Alerts::newInstance()->update(array('fk_i_user_id' => $userId), array('s_email' => $input['s_email']));
}
$user = $this->manager->findByPrimaryKey($userId);
if (osc_notify_new_user() && !$this->is_admin) {
osc_run_hook('hook_email_admin_new_user', $user);
}
if (osc_user_validation_enabled() && !$this->is_admin) {
osc_run_hook('hook_email_user_validation', $user, $input);
$success = 1;
} else {
$this->manager->update(array('b_active' => '1'), array('pk_i_id' => $userId));
$success = 2;
}
osc_run_hook('user_register_completed', $userId);
return $success;
}
function doModel()
{
parent::doModel();
//specific things for this class
switch ($this->action) {
case 'bulk_actions':
$id = Params::getParam('id');
if ($id) {
switch (Params::getParam('bulk_actions')) {
case 'delete_all':
$this->itemCommentManager->delete(array(DB_CUSTOM_COND => 'pk_i_id IN (' . implode(', ', $id) . ')'));
foreach ($id as $_id) {
$iUpdated = $this->itemCommentManager->delete(array('pk_i_id' => $_id));
osc_add_hook("delete_comment", $_id);
}
osc_add_flash_ok_message(_m('The comments have been deleted'), 'admin');
break;
case 'activate_all':
foreach ($id as $_id) {
$iUpdated = $this->itemCommentManager->update(array('b_active' => 1), array('pk_i_id' => $_id));
if ($iUpdated) {
$this->sendCommentActivated($_id);
}
osc_add_hook("activate_comment", $_id);
}
osc_add_flash_ok_message(_m('The comments have been approved'), 'admin');
break;
case 'deactivate_all':
foreach ($id as $_id) {
$this->itemCommentManager->update(array('b_active' => 0), array('pk_i_id' => $_id));
osc_add_hook("deactivate_comment", $_id);
}
osc_add_flash_ok_message(_m('The comments have been disapproved'), 'admin');
break;
case 'enable_all':
foreach ($id as $_id) {
$iUpdated = $this->itemCommentManager->update(array('b_enabled' => 1), array('pk_i_id' => $_id));
if ($iUpdated) {
$this->sendCommentActivated($_id);
}
osc_add_hook("enable_comment", $_id);
}
osc_add_flash_ok_message(_m('The comments have been approved'), 'admin');
break;
case 'disable_all':
foreach ($id as $_id) {
$this->itemCommentManager->update(array('b_enabled' => 0), array('pk_i_id' => $_id));
osc_add_hook("disable_comment", $_id);
}
osc_add_flash_ok_message(_m('The comments have been disapproved'), 'admin');
break;
}
}
$this->redirectTo(osc_admin_base_url(true) . "?page=comments");
break;
case 'status':
$id = Params::getParam('id');
$value = Params::getParam('value');
if (!$id) {
return false;
}
$id = (int) $id;
if (!is_numeric($id)) {
return false;
}
if (!in_array($value, array('ACTIVE', 'INACTIVE', 'ENABLE', 'DISABLE'))) {
return false;
}
if ($value == 'ACTIVE') {
$iUpdated = $this->itemCommentManager->update(array('b_active' => 1), array('pk_i_id' => $id));
if ($iUpdated) {
$this->sendCommentActivated($id);
}
osc_add_hook("activate_comment", $id);
osc_add_flash_ok_message(_m('The comment has been approved'), 'admin');
} else {
if ($value == 'INACTIVE') {
$iUpdated = $this->itemCommentManager->update(array('b_active' => 0), array('pk_i_id' => $id));
osc_add_hook("deactivate_comment", $id);
osc_add_flash_ok_message(_m('The comment has been disapproved'), 'admin');
} else {
if ($value == 'ENABLE') {
$iUpdated = $this->itemCommentManager->update(array('b_enabled' => 1), array('pk_i_id' => $id));
osc_add_hook("enable_comment", $id);
osc_add_flash_ok_message(_m('The comment has been enabled'), 'admin');
} else {
if ($value == 'DISABLE') {
$iUpdated = $this->itemCommentManager->update(array('b_enabled' => 0), array('pk_i_id' => $id));
osc_add_hook("disable_comment", $id);
osc_add_flash_ok_message(_m('The comment has been disabled'), 'admin');
}
}
}
}
$this->redirectTo(osc_admin_base_url(true) . "?page=comments");
break;
case 'comment_edit':
$comment = ItemComment::newInstance()->findByPrimaryKey(Params::getParam('id'));
$this->_exportVariableToView('comment', $comment);
$this->doView('comments/frm.php');
break;
case 'comment_edit_post':
$msg = '';
if (!osc_validate_email(Params::getParam('authorEmail'), true)) {
$msg .= _m('Email is not correct') . "<br/>";
}
if (!osc_validate_text(Params::getParam('body'), 1, true)) {
$msg .= _m('Comment is required') . "<br/>";
}
if ($msg != '') {
osc_add_flash_error_message($msg, 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=comments&action=comment_edit&id=" . Params::getParam('id'));
}
$this->itemCommentManager->update(array('s_title' => Params::getParam('title'), 's_body' => Params::getParam('body'), 's_author_name' => Params::getParam('authorName'), 's_author_email' => Params::getParam('authorEmail')), array('pk_i_id' => Params::getParam('id')));
osc_run_hook('edit_comment', Params::getParam('id'));
osc_add_flash_ok_message(_m('Great! We just updated your comment'), 'admin');
$this->redirectTo(osc_admin_base_url(true) . "?page=comments");
break;
case 'delete':
$this->itemCommentManager->deleteByPrimaryKey(Params::getParam('id'));
osc_add_flash_ok_message(_m('The comment have been deleted'), 'admin');
osc_run_hook('delete_comment', Params::getParam('id'));
$this->redirectTo(osc_admin_base_url(true) . "?page=comments");
break;
default:
if (Params::getParam('id') != '') {
$comments = $this->itemCommentManager->getAllComments(Params::getParam('id'));
} else {
$comments = $this->itemCommentManager->getAllComments();
}
$this->_exportVariableToView('comments', $comments);
$this->doView('comments/index.php');
break;
}
}
