function doModel() { switch ($this->action) { case 'login_post': //post execution for the login if (!osc_users_enabled()) { osc_add_flash_error_message(_m('Users are not enabled')); $this->redirectTo(osc_base_url()); } osc_csrf_check(); osc_run_hook('before_validating_login'); // e-mail or/and password is/are empty or incorrect $wrongCredentials = false; $email = Params::getParam('email'); $password = Params::getParam('password', false, false); if ($email == '') { osc_add_flash_error_message(_m('Please provide an email address')); $wrongCredentials = true; } if ($password == '') { osc_add_flash_error_message(_m('Empty passwords are not allowed. Please provide a password')); $wrongCredentials = true; } if ($wrongCredentials) { $this->redirectTo(osc_user_login_url()); } if (osc_validate_email($email)) { $user = User::newInstance()->findByEmail($email); } if (empty($user)) { $user = User::newInstance()->findByUsername($email); } if (empty($user)) { osc_add_flash_error_message(_m("The user doesn't exist")); $this->redirectTo(osc_user_login_url()); } if (!osc_verify_password($password, isset($user['s_password']) ? $user['s_password'] : '')) { osc_add_flash_error_message(_m('The password is incorrect')); $this->redirectTo(osc_user_login_url()); // @TODO if valid user, send email parameter back to the login form } else { if (@$user['s_password'] != '') { if (preg_match('|\\$2y\\$([0-9]{2})\\$|', $user['s_password'], $cost)) { if ($cost[1] != BCRYPT_COST) { User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id'])); } } else { User::newInstance()->update(array('s_password' => osc_hash_password($password)), array('pk_i_id' => $user['pk_i_id'])); } } } // e-mail or/and IP is/are banned $banned = osc_is_banned($email); // int 0: not banned or unknown, 1: email is banned, 2: IP is banned, 3: both email & IP are banned if ($banned & 1) { osc_add_flash_error_message(_m('Your current email is not allowed')); } if ($banned & 2) { osc_add_flash_error_message(_m('Your current IP is not allowed')); } if ($banned !== 0) { $this->redirectTo(osc_user_login_url()); } osc_run_hook('before_login'); $url_redirect = osc_get_http_referer(); $page_redirect = ''; if (osc_rewrite_enabled()) { if ($url_redirect != '') { $request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $url_redirect)); $tmp_ar = explode("?", $request_uri); $request_uri = $tmp_ar[0]; $rules = Rewrite::newInstance()->listRules(); foreach ($rules as $match => $uri) { if (preg_match('#' . $match . '#', $request_uri, $m)) { $request_uri = preg_replace('#' . $match . '#', $uri, $request_uri); if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) { $page_redirect = $match[2]; if ($page_redirect == '' || $page_redirect == 'login') { $url_redirect = osc_user_dashboard_url(); } } break; } } } } require_once LIB_PATH . 'osclass/UserActions.php'; $uActions = new UserActions(false); $logged = $uActions->bootstrap_login($user['pk_i_id']); if ($logged == 0) { osc_add_flash_error_message(_m("The user doesn't exist")); } else { if ($logged == 1) { if (time() - strtotime($user['dt_access_date']) > 1200) { // EACH 20 MINUTES osc_add_flash_error_message(sprintf(_m('The user has not been validated yet. Would you like to re-send your <a href="%s">activation?</a>'), osc_user_resend_activation_link($user['pk_i_id'], $user['s_email']))); } else { osc_add_flash_error_message(_m('The user has not been validated yet')); } } else { if ($logged == 2) { osc_add_flash_error_message(_m('The user has been suspended')); } else { if ($logged == 3) { if (Params::getParam('remember') == 1) { //this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_userId', $user['pk_i_id']); Cookie::newInstance()->push('oc_userSecret', $secret); Cookie::newInstance()->set(); } if ($url_redirect == '') { $url_redirect = osc_user_dashboard_url(); } osc_run_hook("after_login", $user, $url_redirect); $this->redirectTo(osc_apply_filter('correct_login_url_redirect', $url_redirect)); } else { osc_add_flash_error_message(_m('This should never happen')); } } } } if (!$user['b_enabled']) { $this->redirectTo(osc_user_login_url()); } $this->redirectTo(osc_user_login_url()); break; case 'resend': $id = Params::getParam('id'); $email = Params::getParam('email'); $user = User::newInstance()->findByPrimaryKey($id); if ($id == '' || $email == '' || !isset($user) || $user['b_active'] == 1 || $email != $user['s_email']) { osc_add_flash_error_message(_m('Incorrect link')); $this->redirectTo(osc_user_login_url()); } if (time() - strtotime($user['dt_access_date']) > 1200) { // EACH 20 MINUTES if (osc_notify_new_user()) { osc_run_hook('hook_email_admin_new_user', $user); } if (osc_user_validation_enabled()) { osc_run_hook('hook_email_user_validation', $user, $user); } User::newInstance()->update(array('dt_access_date' => date('Y-m-d H:i:s')), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('Validation email re-sent')); } else { osc_add_flash_warning_message(_m('We have just sent you an email to validate your account, you will have to wait a few minutes to resend it again')); } $this->redirectTo(osc_user_login_url()); break; case 'recover': //form to recover the password (in this case we have the form in /gui/) $this->doView('user-recover.php'); break; case 'recover_post': //post execution to recover the password osc_csrf_check(); require_once LIB_PATH . 'osclass/UserActions.php'; // e-mail is incorrect if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) { osc_add_flash_error_message(_m('Invalid email address')); $this->redirectTo(osc_recover_user_password_url()); } $userActions = new UserActions(false); $success = $userActions->recover_password(); switch ($success) { case 0: // recover ok osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password')); $this->redirectTo(osc_base_url()); break; case 1: // e-mail does not exist osc_add_flash_error_message(_m('We were not able to identify you given the information provided')); $this->redirectTo(osc_recover_user_password_url()); break; case 2: // recaptcha wrong osc_add_flash_error_message(_m('The recaptcha code is wrong')); $this->redirectTo(osc_recover_user_password_url()); break; } break; case 'forgot': //form to recover the password (in this case we have the form in /gui/) $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user) { $this->doView('user-forgot_password.php'); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'forgot_post': osc_csrf_check(); if (Params::getParam('new_password', false, false) == '' || Params::getParam('new_password2', false, false) == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user['b_enabled'] == 1) { if (Params::getParam('new_password', false, false) == Params::getParam('new_password2', false, false)) { User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => Params::getServerParam('REMOTE_ADDR'), 's_password' => osc_hash_password(Params::getParam('new_password', false, false))), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed')); $this->redirectTo(osc_user_login_url()); } else { osc_add_flash_error_message(_m("Error, the password don't match")); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); } $this->redirectTo(osc_base_url()); break; default: //login Session::newInstance()->_setReferer(osc_get_http_referer()); if (osc_logged_user_id() != '') { $this->redirectTo(osc_user_dashboard_url()); } $this->doView('user-login.php'); } }
function showAuthFailPage() { if (Params::getParam('page') == 'ajax') { echo json_encode(array('error' => 1, 'msg' => __('Session timed out'))); exit; } else { $this->redirectTo(osc_user_login_url()); exit; } }
function doModel() { switch ($this->action) { case 'change_email_confirm': //change email confirm if (Params::getParam('userId') && Params::getParam('code')) { $userManager = new User(); $user = $userManager->findByPrimaryKey(Params::getParam('userId')); if ($user['s_pass_code'] == Params::getParam('code')) { $userEmailTmp = UserEmailTmp::newInstance()->findByPk(Params::getParam('userId')); $code = osc_genRandomPassword(50); $userManager->update(array('s_email' => $userEmailTmp['s_new_email']), array('pk_i_id' => $userEmailTmp['fk_i_user_id'])); Item::newInstance()->update(array('s_contact_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); ItemComment::newInstance()->update(array('s_author_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); Alerts::newInstance()->update(array('s_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); Session::newInstance()->_set('userEmail', $userEmailTmp['s_new_email']); UserEmailTmp::newInstance()->delete(array('s_new_email' => $userEmailTmp['s_new_email'])); osc_add_flash_message(_m('Your email has been changed successfully')); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } } else { osc_add_flash_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'unsub_alert': $email = Params::getParam('email'); $alert = Params::getParam('alert'); if ($email != '' && $alert != '') { Alerts::newInstance()->delete(array('s_email' => $email, 's_search' => $alert)); osc_add_flash_message(__('Unsubscribed correctly.')); } else { osc_add_flash_message(__('Ops! There was a problem trying to unsubscribe you. Please contact the administrator.')); } $this->redirectTo(osc_base_url()); break; default: $this->redirectTo(osc_user_login_url()); break; } }
function doModel() { $user_menu = false; if(Params::existParam('route')) { $routes = Rewrite::newInstance()->getRoutes(); $rid = Params::getParam('route'); $file = '../'; if(isset($routes[$rid]) && isset($routes[$rid]['file'])) { $file = $routes[$rid]['file']; $user_menu = $routes[$rid]['user_menu']; } } else { // DEPRECATED: Disclosed path in URL is deprecated, use routes instead // This will be REMOVED in 3.4 $file = Params::getParam('file'); } // valid file? if( strpos($file, '../') !== false || strpos($file, '..\\') !==false || stripos($file, '/admin/') !== false ) { //If the file is inside an "admin" folder, it should NOT be opened in frontend $this->do404(); return; } // check if the file exists if( !file_exists(osc_plugins_path() . $file) ) { $this->do404(); return; } osc_run_hook('custom_controller'); $this->_exportVariableToView('file', $file); if($user_menu) { if(osc_is_web_user_logged_in()) { Params::setParam('in_user_menu', true); $this->doView('user-custom.php'); } else { $this->redirectTo(osc_user_login_url()); } } else { $this->doView('custom.php'); } }
<?php _e("It's your own listing, you can't contact the publisher.", 'bender'); ?> </p> <?php } else { if (osc_reg_user_can_contact() && !osc_is_web_user_logged_in()) { ?> <p> <?php _e("You must log in or register a new account in order to contact the advertiser", 'bender'); ?> </p> <p class="contact_button"> <strong><a href="<?php echo osc_user_login_url(); ?> "><?php _e('Login', 'bender'); ?> </a></strong> <strong><a href="<?php echo osc_register_account_url(); ?> "><?php _e('Register for a free account', 'bender'); ?> </a></strong> </p> <?php } else {
function doModel() { //calling the view... $locales = OSCLocale::newInstance()->listAllEnabled(); $this->_exportVariableToView('locales', $locales); switch ($this->action) { case 'item_add': // post if (osc_reg_user_post() && $this->user == null) { osc_add_flash_warning_message(_m('Only registered users are allowed to post listings')); $this->redirectTo(osc_user_login_url()); } $countries = Country::newInstance()->listAll(); $regions = array(); if (isset($this->user['fk_c_country_code']) && $this->user['fk_c_country_code'] != '') { $regions = Region::newInstance()->findByCountry($this->user['fk_c_country_code']); } else { if (count($countries) > 0) { $regions = Region::newInstance()->findByCountry($countries[0]['pk_c_code']); } } $cities = array(); if (isset($this->user['fk_i_region_id']) && $this->user['fk_i_region_id'] != '') { $cities = City::newInstance()->findByRegion($this->user['fk_i_region_id']); } else { if (count($regions) > 0) { $cities = City::newInstance()->findByRegion($regions[0]['pk_i_id']); } } $this->_exportVariableToView('countries', $countries); $this->_exportVariableToView('regions', $regions); $this->_exportVariableToView('cities', $cities); $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } if (Session::newInstance()->_getForm('countryId') != "") { $countryId = Session::newInstance()->_getForm('countryId'); $regions = Region::newInstance()->findByCountry($countryId); $this->_exportVariableToView('regions', $regions); if (Session::newInstance()->_getForm('regionId') != "") { $regionId = Session::newInstance()->_getForm('regionId'); $cities = City::newInstance()->findByRegion($regionId); $this->_exportVariableToView('cities', $cities); } } $this->_exportVariableToView('user', $this->user); osc_run_hook('post_item'); $this->doView('item-post.php'); break; case 'item_add_post': //post_item if (osc_reg_user_post() && $this->user == null) { osc_add_flash_warning_message(_m('Only registered users are allowed to post listings')); $this->redirectTo(osc_base_url(true)); } $mItems = new ItemActions(false); // prepare data for ADD ITEM $mItems->prepareData(true); // set all parameters into session foreach ($mItems->data as $key => $value) { Session::newInstance()->_setForm($key, $value); } $meta = Params::getParam('meta'); if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_setForm('meta_' . $key, $value); Session::newInstance()->_keepForm('meta_' . $key); } } if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); $this->redirectTo(osc_item_post_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } if (!osc_is_web_user_logged_in()) { $user = User::newInstance()->findByEmail($mItems->data['contactEmail']); // The user exists but it's not logged if (isset($user['pk_i_id'])) { foreach ($mItems->data as $key => $value) { Session::newInstance()->_keepForm($key); } osc_add_flash_error_message(_m('A user with that email address already exists, if it is you, please log in')); $this->redirectTo(osc_user_login_url()); } } // POST ITEM ( ADD ITEM ) $success = $mItems->add(); if ($success != 1 && $success != 2) { osc_add_flash_error_message($success); $this->redirectTo(osc_item_post_url()); } else { Session::newInstance()->_dropkeepForm('meta_' . $key); if ($success == 1) { osc_add_flash_ok_message(_m('Check your inbox to validate your listing')); } else { osc_add_flash_ok_message(_m('Your listing has been published')); } $itemId = Params::getParam('itemId'); $item = $this->itemManager->findByPrimaryKey($itemId); osc_run_hook('posted_item', $item); $category = Category::newInstance()->findByPrimaryKey(Params::getParam('catId')); View::newInstance()->_exportVariableToView('category', $category); $this->redirectTo(osc_search_category_url()); } break; case 'item_edit': // edit item $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", addslashes($id), addslashes($secret), addslashes($this->userId)); if (count($item) == 1) { $item = Item::newInstance()->findByPrimaryKey($id); $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } $this->_exportVariableToView('item', $item); osc_run_hook("before_item_edit", $item); $this->doView('item-edit.php'); } else { // add a flash message [ITEM NO EXISTE] osc_add_flash_error_message(_m("Sorry, we don't have any listings with that ID")); if ($this->user != null) { $this->redirectTo(osc_user_list_items_url()); } else { $this->redirectTo(osc_base_url()); } } break; case 'item_edit_post': // recoger el secret y el $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", addslashes($id), addslashes($secret), addslashes($this->userId)); if (count($item) == 1) { $this->_exportVariableToView('item', $item[0]); $mItems = new ItemActions(false); // prepare data for ADD ITEM $mItems->prepareData(false); // set all parameters into session foreach ($mItems->data as $key => $value) { Session::newInstance()->_setForm($key, $value); } $meta = Params::getParam('meta'); if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_setForm('meta_' . $key, $value); Session::newInstance()->_keepForm('meta_' . $key); } } if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); $this->redirectTo(osc_item_edit_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } $success = $mItems->edit(); osc_run_hook('edited_item', Item::newInstance()->findByPrimaryKey($id)); if ($success == 1) { osc_add_flash_ok_message(_m("Great! We've just updated your listing")); View::newInstance()->_exportVariableToView("item", Item::newInstance()->findByPrimaryKey($id)); $this->redirectTo(osc_item_url()); } else { osc_add_flash_error_message($success); $this->redirectTo(osc_item_edit_url($secret)); } } break; case 'activate': $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s') OR (i.fk_i_user_id = '%d'))", addslashes($id), addslashes($secret), addslashes($this->userId)); // item doesn't exist if (count($item) == 0) { $this->do404(); return; } View::newInstance()->_exportVariableToView('item', $item[0]); if ($item[0]['b_active'] == 0) { // ACTIVETE ITEM $mItems = new ItemActions(false); $success = $mItems->activate($item[0]['pk_i_id'], $item[0]['s_secret']); if ($success) { osc_add_flash_ok_message(_m('The listing has been validated')); } else { osc_add_flash_error_message(_m("The listing can't be validated")); } } else { osc_add_flash_warning_message(_m('The listing has already been validated')); } $this->redirectTo(osc_item_url()); break; case 'item_delete': $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s') OR (i.fk_i_user_id = '%d'))", addslashes($id), addslashes($secret), addslashes($this->userId)); if (count($item) == 1) { $mItems = new ItemActions(false); $success = $mItems->delete($item[0]['s_secret'], $item[0]['pk_i_id']); if ($success) { osc_add_flash_ok_message(_m('Your listing has been deleted')); } else { osc_add_flash_error_message(_m("The listing you are trying to delete couldn't be deleted")); } if ($this->user != null) { $this->redirectTo(osc_user_list_items_url()); } else { $this->redirectTo(osc_base_url()); } } else { osc_add_flash_error_message(_m("The listing you are trying to delete couldn't be deleted")); $this->redirectTo(osc_base_url()); } break; case 'mark': $id = Params::getParam('id'); $as = Params::getParam('as'); $item = Item::newInstance()->findByPrimaryKey($id); View::newInstance()->_exportVariableToView('item', $item); require_once osc_lib_path() . 'osclass/user-agents.php'; foreach ($user_agents as $ua) { if (preg_match('|' . $ua . '|', @$_SERVER['HTTP_USER_AGENT'])) { // mark item if it's not a bot $mItem = new ItemActions(false); $mItem->mark($id, $as); break; } } osc_add_flash_ok_message(_m("Thanks! That's very helpful")); $this->redirectTo(osc_item_url()); break; case 'send_friend': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); $this->doView('item-send-friend.php'); break; case 'send_friend_post': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail')); Session::newInstance()->_setForm("yourName", Params::getParam('yourName')); Session::newInstance()->_setForm("friendName", Params::getParam('friendName')); Session::newInstance()->_setForm("friendEmail", Params::getParam('friendEmail')); Session::newInstance()->_setForm("message_body", Params::getParam('message')); if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); $this->redirectTo(osc_item_send_friend_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } $mItem = new ItemActions(false); $success = $mItem->send_friend(); if ($success) { Session::newInstance()->_clearVariables(); $this->redirectTo(osc_item_url()); } else { $this->redirectTo(osc_item_send_friend_url()); } break; case 'contact': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); if (empty($item)) { osc_add_flash_error_message(_m("This listing doesn't exist")); $this->redirectTo(osc_base_url(true)); } else { $this->_exportVariableToView('item', $item); if (osc_item_is_expired()) { osc_add_flash_error_message(_m("We're sorry, but the listing has expired. You can't contact the seller")); $this->redirectTo(osc_item_url()); } if (osc_reg_user_can_contact() && osc_is_web_user_logged_in() || !osc_reg_user_can_contact()) { $this->doView('item-contact.php'); } else { osc_add_flash_error_message(_m("You can't contact the seller, only registered users can")); $this->redirectTo(osc_item_url()); } } break; case 'contact_post': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail')); Session::newInstance()->_setForm("yourName", Params::getParam('yourName')); Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber')); Session::newInstance()->_setForm("message_body", Params::getParam('message')); $this->redirectTo(osc_item_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } if (osc_isExpired($item['dt_expiration'])) { osc_add_flash_error_message(_m("We're sorry, but the listing has expired. You can't contact the seller")); $this->redirectTo(osc_item_url()); } $mItem = new ItemActions(false); $result = $mItem->contact(); if (is_string($result)) { osc_add_flash_error_message($result); } else { osc_add_flash_ok_message(_m("We've just sent an e-mail to the seller")); } $this->redirectTo(osc_item_url()); break; case 'add_comment': $mItem = new ItemActions(false); $status = $mItem->add_comment(); switch ($status) { case -1: $msg = _m('Sorry, we could not save your comment. Try again later'); osc_add_flash_error_message($msg); break; case 1: $msg = _m('Your comment is awaiting moderation'); osc_add_flash_info_message($msg); break; case 2: $msg = _m('Your comment has been approved'); osc_add_flash_ok_message($msg); break; case 3: $msg = _m('Please fill the required field (email)'); osc_add_flash_warning_message($msg); break; case 4: $msg = _m('Please type a comment'); osc_add_flash_warning_message($msg); break; case 5: $msg = _m('Your comment has been marked as spam'); osc_add_flash_error_message($msg); break; } $this->redirectTo(osc_item_url()); break; case 'delete_comment': $mItem = new ItemActions(false); $status = $mItem->add_comment(); $itemId = Params::getParam('id'); $commentId = Params::getParam('comment'); $item = Item::newInstance()->findByPrimaryKey($itemId); if (count($item) == 0) { osc_add_flash_error_message(_m("This listing doesn't exist")); $this->redirectTo(osc_base_url(true)); } View::newInstance()->_exportVariableToView('item', $item); if ($this->userId == null) { osc_add_flash_error_message(_m('You must be logged in to delete a comment')); $this->redirectTo(osc_item_url()); } $commentManager = ItemComment::newInstance(); $aComment = $commentManager->findByPrimaryKey($commentId); if (count($aComment) == 0) { osc_add_flash_error_message(_m("The comment doesn't exist")); $this->redirectTo(osc_item_url()); } if ($aComment['b_active'] != 1) { osc_add_flash_error_message(_m('The comment is not active, you cannot delete it')); $this->redirectTo(osc_item_url()); } if ($aComment['fk_i_user_id'] != $this->userId) { osc_add_flash_error_message(_m('The comment was not added by you, you cannot delete it')); $this->redirectTo(osc_item_url()); } $commentManager->deleteByPrimaryKey($commentId); osc_add_flash_ok_message(_m('The comment has been deleted')); $this->redirectTo(osc_item_url()); break; default: // if there isn't ID, show an error 404 if (Params::getParam('id') == '') { $this->do404(); return; } if (Params::getParam('lang') != '') { Session::newInstance()->_set('userLocale', Params::getParam('lang')); } $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); // if item doesn't exist show an error 404 if (count($item) == 0) { $this->do404(); return; } if ($item['b_active'] != 1) { if ($this->userId == $item['fk_i_user_id']) { osc_add_flash_warning_message(_m("The listing hasn't been validated. Please validate it in order to make it public")); } else { osc_add_flash_warning_message(_m("This listing hasn't been validated")); $this->redirectTo(osc_base_url(true)); } } else { if ($item['b_enabled'] == 0) { osc_add_flash_warning_message(_m('The listing has been suspended')); $this->redirectTo(osc_base_url(true)); } } if (!osc_is_admin_user_logged_in()) { require_once osc_lib_path() . 'osclass/user-agents.php'; foreach ($user_agents as $ua) { if (preg_match('|' . $ua . '|', @$_SERVER['HTTP_USER_AGENT'])) { $mStats = new ItemStats(); $mStats->increase('i_num_views', $item['pk_i_id']); break; } } } foreach ($item['locale'] as $k => $v) { $item['locale'][$k]['s_title'] = osc_apply_filter('item_title', $v['s_title']); $item['locale'][$k]['s_description'] = nl2br(osc_apply_filter('item_description', $v['s_description'])); } if ($item['fk_i_user_id'] != '') { $user = User::newInstance()->findByPrimaryKey($item['fk_i_user_id']); $this->_exportVariableToView('user', $user); } $this->_exportVariableToView('item', $item); osc_run_hook('show_item', $item); // redirect to the correct url just in case it has changed $itemURI = str_replace(osc_base_url(), '', osc_item_url()); $URI = preg_replace('|^' . REL_WEB_URL . '|', '', $_SERVER['REQUEST_URI']); // do not clean QUERY_STRING if permalink is not enabled if (osc_rewrite_enabled()) { $URI = str_replace('?' . $_SERVER['QUERY_STRING'], '', $URI); } else { $params_keep = array('page', 'id'); $params = array(); foreach (Params::getParamsAsArray('get') as $k => $v) { if (in_array($k, $params_keep)) { $params[] = "{$k}={$v}"; } } $URI = 'index.php?' . implode('&', $params); } // redirect to the correct url if ($itemURI != $URI) { $this->redirectTo(osc_base_url() . $itemURI); } $this->doView('item.php'); break; } }
function doModel() { switch ($this->action) { case 'login_post': //post execution for the login if (!osc_users_enabled()) { osc_add_flash_error_message(_m('Users are not enabled')); $this->redirectTo(osc_base_url()); } require_once LIB_PATH . 'osclass/UserActions.php'; $user = User::newInstance()->findByEmail(Params::getParam('email')); $url_redirect = osc_user_dashboard_url(); $page_redirect = ''; if (osc_rewrite_enabled()) { if (isset($_SERVER['HTTP_REFERER'])) { $request_uri = urldecode(preg_replace('@^' . osc_base_url() . '@', "", $_SERVER['HTTP_REFERER'])); $tmp_ar = explode("?", $request_uri); $request_uri = $tmp_ar[0]; $rules = Rewrite::newInstance()->listRules(); foreach ($rules as $match => $uri) { if (preg_match('#' . $match . '#', $request_uri, $m)) { $request_uri = preg_replace('#' . $match . '#', $uri, $request_uri); if (preg_match('|([&?]{1})page=([^&]*)|', '&' . $request_uri . '&', $match)) { $page_redirect = $match[2]; } break; } } } } else { if (preg_match('|[\\?&]page=([^&]+)|', $_SERVER['HTTP_REFERER'] . '&', $match)) { $page_redirect = $match[1]; } } if (Params::getParam('http_referer') != '') { Session::newInstance()->_setReferer(Params::getParam('http_referer')); $url_redirect = Params::getParam('http_referer'); } else { if (Session::newInstance()->_getReferer() != '') { Session::newInstance()->_setReferer(Session::newInstance()->_getReferer()); $url_redirect = Session::newInstance()->_getReferer(); } else { if ($page_redirect != '' && $page_redirect != 'login') { Session::newInstance()->_setReferer($_SERVER['HTTP_REFERER']); $url_redirect = $_SERVER['HTTP_REFERER']; } } } if (!$user) { osc_add_flash_error_message(_m('The username doesn\'t exist')); $this->redirectTo(osc_user_login_url()); } if ($user["s_password"] != sha1(Params::getParam('password'))) { osc_add_flash_error_message(_m('The password is incorrect')); $this->redirectTo(osc_user_login_url()); } $uActions = new UserActions(false); $logged = $uActions->bootstrap_login($user['pk_i_id']); if ($logged == 0) { osc_add_flash_error_message(_m('The username doesn\'t exist')); } else { if ($logged == 1) { osc_add_flash_error_message(_m('The user has not been validated yet')); } else { if ($logged == 2) { osc_add_flash_error_message(_m('The user has been suspended')); } else { if ($logged == 3) { if (Params::getParam('remember') == 1) { //this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_userId', $user['pk_i_id']); Cookie::newInstance()->push('oc_userSecret', $secret); Cookie::newInstance()->set(); } $this->redirectTo($url_redirect); } else { osc_add_flash_error_message(_m('This should never happens')); } } } } if (!$user['b_enabled']) { $this->redirectTo(osc_user_login_url()); } $this->redirectTo(osc_user_login_url()); break; case 'recover': //form to recover the password (in this case we have the form in /gui/) $this->doView('user-recover.php'); break; case 'recover_post': //post execution to recover the password require_once LIB_PATH . 'osclass/UserActions.php'; // e-mail is incorrect if (!preg_match('|^[a-z0-9\\.\\_\\+\\-]+@[a-z0-9\\.\\-]+\\.[a-z]{2,3}$|i', Params::getParam('s_email'))) { osc_add_flash_error_message(_m('Invalid email address')); $this->redirectTo(osc_recover_user_password_url()); } $userActions = new UserActions(false); $success = $userActions->recover_password(); switch ($success) { case 0: // recover ok osc_add_flash_ok_message(_m('We have sent you an email with the instructions to reset your password')); $this->redirectTo(osc_base_url()); break; case 1: // e-mail does not exist osc_add_flash_error_message(_m('We were not able to identify you given the information provided')); $this->redirectTo(osc_recover_user_password_url()); break; case 2: // recaptcha wrong osc_add_flash_error_message(_m('The recaptcha code is wrong')); $this->redirectTo(osc_recover_user_password_url()); break; } break; case 'forgot': //form to recover the password (in this case we have the form in /gui/) $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user) { $this->doView('user-forgot_password.php'); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'forgot_post': if (Params::getParam('new_password') == '' || Params::getParam('new_password2') == '') { osc_add_flash_warning_message(_m('Password cannot be blank')); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user['b_enabled'] == 1) { if (Params::getParam('new_password') == Params::getParam('new_password2')) { User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => $_SERVER['REMOTE_ADDR'], 's_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_ok_message(_m('The password has been changed')); $this->redirectTo(osc_user_login_url()); } else { osc_add_flash_error_message(_m('Error, the password don\'t match')); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); } $this->redirectTo(osc_base_url()); break; default: //login if (osc_logged_user_id() != '') { $this->redirectTo(osc_user_dashboard_url()); } $this->doView('user-login.php'); } }
function doModel() { //calling the view... $locales = OSCLocale::newInstance()->listAllEnabled(); $this->_exportVariableToView('locales', $locales); switch ($this->action) { case 'item_add': // post if (osc_reg_user_post() && $this->user == null) { // CHANGEME: This text osc_add_flash_error_message(_m('Only registered users are allowed to post items')); $this->redirectTo(osc_user_login_url()); } $countries = Country::newInstance()->listAll(); $regions = array(); if (isset($this->user['fk_c_country_code']) && $this->user['fk_c_country_code'] != '') { $regions = Region::newInstance()->getByCountry($this->user['fk_c_country_code']); } else { if (count($countries) > 0) { $regions = Region::newInstance()->getByCountry($countries[0]['pk_c_code']); } } $cities = array(); if (isset($this->user['fk_i_region_id']) && $this->user['fk_i_region_id'] != '') { $cities = City::newInstance()->listWhere("fk_i_region_id = %d", $this->user['fk_i_region_id']); } else { if (count($regions) > 0) { $cities = City::newInstance()->listWhere("fk_i_region_id = %d", $regions[0]['pk_i_id']); } } $this->_exportVariableToView('countries', $countries); $this->_exportVariableToView('regions', $regions); $this->_exportVariableToView('cities', $cities); $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } if (Session::newInstance()->_getForm('countryId') != "") { $countryId = Session::newInstance()->_getForm('countryId'); $regions = Region::newInstance()->getByCountry($countryId); $this->_exportVariableToView('regions', $regions); if (Session::newInstance()->_getForm('regionId') != "") { $regionId = Session::newInstance()->_getForm('regionId'); $cities = City::newInstance()->listWhere("fk_i_region_id = %d", $regionId); $this->_exportVariableToView('cities', $cities); } } $this->_exportVariableToView('user', $this->user); osc_run_hook('post_item'); $this->doView('item-post.php'); break; case 'item_add_post': //post_item if (osc_reg_user_post() && $this->user == null) { osc_add_flash_error_message(_m('Only registered users are allowed to post items')); $this->redirectTo(osc_base_url(true)); } $mItems = new ItemActions(false); // prepare data for ADD ITEM $mItems->prepareData(true); // set all parameters into session foreach ($mItems->data as $key => $value) { Session::newInstance()->_setForm($key, $value); } $meta = Params::getParam('meta'); if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_setForm('meta_' . $key, $value); Session::newInstance()->_keepForm('meta_' . $key); } } if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); $this->redirectTo(osc_item_post_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } // POST ITEM ( ADD ITEM ) $success = $mItems->add(); if ($success != 1 && $success != 2) { osc_add_flash_error_message($success); $this->redirectTo(osc_item_post_url()); } else { Session::newInstance()->_dropkeepForm('meta_' . $key); if ($success == 1) { osc_add_flash_ok_message(_m('Check your inbox to verify your email address')); } else { osc_add_flash_ok_message(_m('Your item has been published')); } $itemId = Params::getParam('itemId'); $item = $this->itemManager->findByPrimaryKey($itemId); osc_run_hook('posted_item', $item); $category = Category::newInstance()->findByPrimaryKey(Params::getParam('catId')); View::newInstance()->_exportVariableToView('category', $category); $this->redirectTo(osc_search_category_url()); } break; case 'item_edit': // edit item $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId); if (count($item) == 1) { $item = Item::newInstance()->findByPrimaryKey($id); $form = count(Session::newInstance()->_getForm()); $keepForm = count(Session::newInstance()->_getKeepForm()); if ($form == 0 || $form == $keepForm) { Session::newInstance()->_dropKeepForm(); } $this->_exportVariableToView('item', $item); osc_run_hook("before_item_edit", $item); $this->doView('item-edit.php'); } else { // add a flash message [ITEM NO EXISTE] osc_add_flash_error_message(_m('Sorry, we don\'t have any items with that ID')); if ($this->user != null) { $this->redirectTo(osc_user_list_items_url()); } else { $this->redirectTo(osc_base_url()); } } break; case 'item_edit_post': // recoger el secret y el $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId); if (count($item) == 1) { $this->_exportVariableToView('item', $item[0]); $mItems = new ItemActions(false); // prepare data for ADD ITEM $mItems->prepareData(false); // set all parameters into session foreach ($mItems->data as $key => $value) { Session::newInstance()->_setForm($key, $value); } $meta = Params::getParam('meta'); if (is_array($meta)) { foreach ($meta as $key => $value) { Session::newInstance()->_setForm('meta_' . $key, $value); Session::newInstance()->_keepForm('meta_' . $key); } } if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); $this->redirectTo(osc_item_post_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } $success = $mItems->edit(); osc_run_hook('edited_item', Item::newInstance()->findByPrimaryKey($id)); if ($success == 1) { osc_add_flash_ok_message(_m('Great! We\'ve just updated your item')); $this->redirectTo(osc_base_url(true) . "?page=item&id={$id}"); } else { osc_add_flash_error_message($success); $this->redirectTo(osc_item_edit_url($secret)); } } break; case 'activate': $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId); View::newInstance()->_exportVariableToView('item', $item[0]); if ($item[0]['b_active'] == 0) { // ACTIVETE ITEM $mItems = new ItemActions(false); $success = $mItems->activate($item[0]['pk_i_id'], $item[0]['s_secret']); if ($success) { osc_add_flash_ok_message(_m('The item has been validated')); } else { osc_add_flash_error_message(_m('The item can\'t be validated')); } } else { osc_add_flash_error_message(_m('The item has already been validated')); } $this->redirectTo(osc_item_url()); break; case 'item_delete': $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId); if (count($item) == 1) { $mItems = new ItemActions(false); $success = $mItems->delete($item[0]['s_secret'], $item[0]['pk_i_id']); if ($success) { osc_add_flash_ok_message(_m('Your item has been deleted')); } else { osc_add_flash_error_message(_m('The item you are trying to delete couldn\'t be deleted')); } if ($this->user != null) { $this->redirectTo(osc_user_list_items_url()); } else { $this->redirectTo(osc_base_url()); } } else { osc_add_flash_error_message(_m('The item you are trying to delete couldn\'t be deleted')); $this->redirectTo(osc_base_url()); } break; case 'mark': $mItem = new ItemActions(false); $id = Params::getParam('id'); $as = Params::getParam('as'); $item = Item::newInstance()->findByPrimaryKey($id); View::newInstance()->_exportVariableToView('item', $item); $mItem->mark($id, $as); osc_add_flash_ok_message(_m('Thanks! That\'s very helpful')); $this->redirectTo(osc_item_url()); break; case 'send_friend': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); $this->doView('item-send-friend.php'); break; case 'send_friend_post': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail')); Session::newInstance()->_setForm("yourName", Params::getParam('yourName')); Session::newInstance()->_setForm("friendName", Params::getParam('friendName')); Session::newInstance()->_setForm("friendEmail", Params::getParam('friendEmail')); Session::newInstance()->_setForm("message_body", Params::getParam('message')); if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); $this->redirectTo(osc_item_send_friend_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } $mItem = new ItemActions(false); $success = $mItem->send_friend(); if ($success) { Session::newInstance()->_clearVariables(); $this->redirectTo(osc_item_url()); } else { $this->redirectTo(osc_item_send_friend_url()); } break; case 'contact': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); if (empty($item)) { osc_add_flash_error_message(_m('This item doesn\'t exist')); $this->redirectTo(osc_base_url(true)); } else { $this->_exportVariableToView('item', $item); if (osc_item_is_expired()) { osc_add_flash_error_message(_m('We\'re sorry, but the item has expired. You can\'t contact the seller')); $this->redirectTo(osc_item_url()); } if (osc_reg_user_can_contact() && osc_is_web_user_logged_in() || !osc_reg_user_can_contact()) { $this->doView('item-contact.php'); } else { osc_add_flash_error_message(_m('You can\'t contact the seller, only registered users can')); $this->redirectTo(osc_item_url()); } } break; case 'contact_post': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail')); Session::newInstance()->_setForm("yourName", Params::getParam('yourName')); Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber')); Session::newInstance()->_setForm("message_body", Params::getParam('message')); $this->redirectTo(osc_item_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } $category = Category::newInstance()->findByPrimaryKey($item['fk_i_category_id']); if ($category['i_expiration_days'] > 0) { $item_date = strtotime($item['dt_pub_date']) + $category['i_expiration_days'] * (24 * 3600); $date = time(); if ($item_date < $date && $item['b_premium'] != 1) { // The item is expired, we can not contact the seller osc_add_flash_error_message(_m('We\'re sorry, but the item has expired. You can\'t contact the seller')); $this->redirectTo(osc_item_url()); } } $mItem = new ItemActions(false); $result = $mItem->contact(); if (is_string($result)) { osc_add_flash_error_message($result); } else { osc_add_flash_ok_message(_m('We\'ve just sent an e-mail to the seller')); } $this->redirectTo(osc_item_url()); break; case 'add_comment': $mItem = new ItemActions(false); $status = $mItem->add_comment(); switch ($status) { case -1: $msg = _m('Sorry, we could not save your comment. Try again later'); osc_add_flash_error_message($msg); break; case 1: $msg = _m('Your comment is awaiting moderation'); osc_add_flash_error_message($msg); break; case 2: $msg = _m('Your comment has been approved'); osc_add_flash_ok_message($msg); break; case 3: $msg = _m('Please fill the required fields (name, email)'); osc_add_flash_error_message($msg); break; case 4: $msg = _m('Please type a comment'); osc_add_flash_error_message($msg); break; case 5: $msg = _m('Your comment has been marked as spam'); osc_add_flash_error_message($msg); break; } $this->redirectTo(osc_item_url()); break; case 'delete_comment': $mItem = new ItemActions(false); $status = $mItem->add_comment(); $itemId = Params::getParam('id'); $commentId = Params::getParam('comment'); $item = Item::newInstance()->findByPrimaryKey($itemId); if (count($item) == 0) { osc_add_flash_error_message(_m('This item doesn\'t exist')); $this->redirectTo(osc_base_url(true)); } View::newInstance()->_exportVariableToView('item', $item); if ($this->userId == null) { osc_add_flash_error_message(_m('You must be logged in to delete a comment')); $this->redirectTo(osc_item_url()); } $commentManager = ItemComment::newInstance(); $aComment = $commentManager->findByPrimaryKey($commentId); if (count($aComment) == 0) { osc_add_flash_error_message(_m('The comment doesn\'t exist')); $this->redirectTo(osc_item_url()); } if ($aComment['b_active'] != 1) { osc_add_flash_error_message(_m('The comment is not active, you cannot delete it')); $this->redirectTo(osc_item_url()); } if ($aComment['fk_i_user_id'] != $this->userId) { osc_add_flash_error_message(_m('The comment was not added by you, you cannot delete it')); $this->redirectTo(osc_item_url()); } $commentManager->deleteByPrimaryKey($commentId); osc_add_flash_ok_message(_m('The comment has been deleted')); $this->redirectTo(osc_item_url()); break; default: if (Params::getParam('id') == '') { $this->redirectTo(osc_base_url()); } if (Params::getParam('lang') != '') { Session::newInstance()->_set('userLocale', Params::getParam('lang')); } $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); // if item doesn't exist redirect to base url if (count($item) == 0) { osc_add_flash_error_message(_m('This item doesn\'t exist')); $this->redirectTo(osc_base_url(true)); } else { if ($item['b_active'] != 1) { if ($this->userId == $item['fk_i_user_id']) { osc_add_flash_error_message(_m('The item hasn\'t been validated. Please validate it in order to show it to the rest of users')); } else { osc_add_flash_error_message(_m('This item hasn\'t been validated')); $this->redirectTo(osc_base_url(true)); } } else { if ($item['b_enabled'] == 0) { osc_add_flash_error_message(_m('The item has been suspended')); $this->redirectTo(osc_base_url(true)); } } $mStats = new ItemStats(); $mStats->increase('i_num_views', $item['pk_i_id']); foreach ($item['locale'] as $k => $v) { $item['locale'][$k]['s_title'] = osc_apply_filter('item_title', $v['s_title']); $item['locale'][$k]['s_description'] = nl2br(osc_apply_filter('item_description', $v['s_description'])); } $this->_exportVariableToView('items', array($item)); osc_run_hook('show_item', $item); $this->doView('item.php'); } break; case 'dashboard': //dashboard... break; } }
function doModel() { switch ($this->action) { case 'change_email_confirm': //change email confirm if (Params::getParam('userId') && Params::getParam('code')) { $userManager = new User(); $user = $userManager->findByPrimaryKey(Params::getParam('userId')); if ($user['s_pass_code'] == Params::getParam('code') && $user['b_enabled'] == 1) { $userEmailTmp = UserEmailTmp::newInstance()->findByPk(Params::getParam('userId')); $code = osc_genRandomPassword(50); $userManager->update(array('s_email' => $userEmailTmp['s_new_email']), array('pk_i_id' => $userEmailTmp['fk_i_user_id'])); Item::newInstance()->update(array('s_contact_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); ItemComment::newInstance()->update(array('s_author_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); Alerts::newInstance()->update(array('s_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); Session::newInstance()->_set('userEmail', $userEmailTmp['s_new_email']); UserEmailTmp::newInstance()->delete(array('s_new_email' => $userEmailTmp['s_new_email'])); osc_add_flash_ok_message(_m('Your email has been changed successfully')); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'activate_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $result = 0; if ($email != '' && $secret != '') { $result = Alerts::newInstance()->activate($email, $secret); } if ($result == 1) { osc_add_flash_ok_message(_m('Alert activated')); } else { osc_add_flash_error_message(_m('Ops! There was a problem trying to activate alert. Please contact the administrator')); } $this->redirectTo(osc_base_url(true)); break; case 'unsub_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); if ($email != '' && $secret != '') { Alerts::newInstance()->delete(array('s_email' => $email, 'S_secret' => $secret)); osc_add_flash_ok_message(_m('Unsubscribed correctly')); } else { osc_add_flash_error_message(_m('Ops! There was a problem trying to unsubscribe you. Please contact the administrator')); } $this->redirectTo(osc_base_url()); break; case 'pub_profile': $userID = Params::getParam('id'); $user = User::newInstance()->findByPrimaryKey($userID); // user doesn't exist if (!$user) { $this->redirectTo(osc_base_url()); } View::newInstance()->_exportVariableToView('user', $user); $items = Item::newInstance()->findByUserIDEnabled($user['pk_i_id'], 0, 3); View::newInstance()->_exportVariableToView('items', $items); $this->doView('user-public-profile.php'); break; case 'contact_post': $user = User::newInstance()->findByPrimaryKey(Params::getParam('id')); View::newInstance()->_exportVariableToView('user', $user); if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail')); Session::newInstance()->_setForm("yourName", Params::getParam('yourName')); Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber')); Session::newInstance()->_setForm("message_body", Params::getParam('message')); $this->redirectTo(osc_user_public_profile_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } osc_run_hook('hook_email_contact_user', Params::getParam('id'), Params::getParam('yourEmail'), Params::getParam('yourName'), Params::getParam('phoneNumber'), Params::getParam('message')); $this->redirectTo(osc_user_public_profile_url()); break; default: $this->redirectTo(osc_user_login_url()); break; } }
<?php $sliced_array = array_slice($p_c, 0, 4); ?> <?php foreach ($sliced_array as $sa) { $top_item = select_top_item($sa['cat_id']); $category_id = $sa['cat_id']; $subcategory = get_parent_subcategories($category_id); if ($top_item == null || empty($top_item)) { $no_item = false; $category_name = get_category_name($sa['cat_id']); if (osc_is_web_user_logged_in()) { $item_url = osc_item_post_url(); $img_title = "Click to add items."; } else { $item_url = osc_user_login_url(); $img_title = "Login to add items"; } $img_source = osc_current_web_theme_url('images/no-items.png'); $total_listing = get_total_listing_by_parent($sa['cat_id']); $total_item_views = get_total_item_views($sa['cat_id']); if ($total_item_views == null || empty($total_item_view)) { $total_item_views = '0'; } else { $total_item_views = $total_item_views[0]['TotalViews']; } } else { $no_item = true; $primary_id = (int) $top_item[0]['fk_i_item_id']; $item = Item::newInstance()->findByPrimaryKey($primary_id); View::newInstance()->_exportVariableToView('item', $item);
function doModel() { switch ($this->action) { case 'login_post': //post execution for the login $user = User::newInstance()->findByEmail(Params::getParam('email')); if (!$user) { osc_add_flash_message(_m('The username doesn\'t exist')); $this->redirectTo(osc_user_login_url()); } if (!$user['b_enabled']) { osc_add_flash_message(_m('The user has not been validated yet')); $this->redirectTo(osc_user_login_url()); } if ($user["s_password"] == sha1(Params::getParam('password'))) { if (Params::getParam('remember') == 1) { //this include contains de osc_genRandomPassword function require_once osc_lib_path() . 'osclass/helpers/hSecurity.php'; $secret = osc_genRandomPassword(); User::newInstance()->update(array('s_secret' => $secret), array('pk_i_id' => $user['pk_i_id'])); Cookie::newInstance()->set_expires(osc_time_cookie()); Cookie::newInstance()->push('oc_userId', $user['pk_i_id']); Cookie::newInstance()->push('oc_userSecret', $secret); Cookie::newInstance()->set(); } //we are logged in... let's go! Session::newInstance()->_set('userId', $user['pk_i_id']); Session::newInstance()->_set('userName', $user['s_name']); Session::newInstance()->_set('userEmail', $user['s_email']); $phone = $user['s_phone_mobile'] ? $user['s_phone_mobile'] : $user['s_phone_land']; Session::newInstance()->_set('userPhone', $phone); } else { osc_add_flash_message(_m('The password is incorrect')); } //returning logged in to the main page... $this->redirectTo(osc_user_dashboard_url()); break; case 'recover': //form to recover the password (in this case we have the form in /gui/) $this->doView('user-recover.php'); break; case 'recover_post': //post execution to recover the password require_once LIB_PATH . 'osclass/UserActions.php'; $userActions = new UserActions(false); $recaptcha_ok = $userActions->recover_password(); if ($recaptcha_ok) { // We ALWAYS show the same message, so we don't give clues about which emails are in our database and which don't! osc_add_flash_message(_m('We have sent you an email with the instructions to reset your password')); $this->redirectTo(osc_base_url()); } else { osc_add_flash_message(_m('The recaptcha code is wrong')); $this->redirectTo(osc_recover_user_password_url()); } break; case 'forgot': //form to recover the password (in this case we have the form in /gui/) $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user) { $this->doView('user-forgot_password.php'); } else { osc_add_flash_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'forgot_post': $user = User::newInstance()->findByIdPasswordSecret(Params::getParam('userId'), Params::getParam('code')); if ($user) { if (Params::getParam('new_password') == Params::getParam('new_password2')) { User::newInstance()->update(array('s_pass_code' => osc_genRandomPassword(50), 's_pass_date' => date('Y-m-d H:i:s', 0), 's_pass_ip' => $_SERVER['REMOTE_ADDR'], 's_password' => sha1(Params::getParam('new_password'))), array('pk_i_id' => $user['pk_i_id'])); osc_add_flash_message(_m('The password has been changed')); $this->redirectTo(osc_user_login_url()); } else { osc_add_flash_message(_m('Error, the password don\'t match')); $this->redirectTo(osc_forgot_user_password_confirm_url(Params::getParam('userId'), Params::getParam('code'))); } } else { osc_add_flash_message(_m('Sorry, the link is not valid')); } $this->redirectTo(osc_base_url()); break; default: //login if (osc_logged_user_id() != '') { $this->redirectTo(osc_user_dashboard_url()); } $this->doView('user-login.php'); } }
function doModel() { switch ($this->action) { case 'change_email_confirm': //change email confirm if (Params::getParam('userId') && Params::getParam('code')) { $userManager = new User(); $user = $userManager->findByPrimaryKey(Params::getParam('userId')); if ($user['s_pass_code'] == Params::getParam('code') && $user['b_enabled'] == 1) { $userEmailTmp = UserEmailTmp::newInstance()->findByPrimaryKey(Params::getParam('userId')); $code = osc_genRandomPassword(50); $userManager->update(array('s_email' => $userEmailTmp['s_new_email']), array('pk_i_id' => $userEmailTmp['fk_i_user_id'])); Item::newInstance()->update(array('s_contact_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); ItemComment::newInstance()->update(array('s_author_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); Alerts::newInstance()->update(array('s_email' => $userEmailTmp['s_new_email']), array('fk_i_user_id' => $userEmailTmp['fk_i_user_id'])); Session::newInstance()->_set('userEmail', $userEmailTmp['s_new_email']); UserEmailTmp::newInstance()->delete(array('s_new_email' => $userEmailTmp['s_new_email'])); osc_add_flash_ok_message(_m('Your email has been changed successfully')); $this->redirectTo(osc_user_profile_url()); } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } } else { osc_add_flash_error_message(_m('Sorry, the link is not valid')); $this->redirectTo(osc_base_url()); } break; case 'activate_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $id = Params::getParam('id'); $alert = Alerts::newInstance()->findByPrimaryKey($id); $result = 0; if (!empty($alert)) { if ($email == $alert['s_email'] && $secret == $alert['s_secret']) { $user = User::newInstance()->findByEmail($alert['s_email']); if (isset($user['pk_i_id'])) { Alerts::newInstance()->update(array('fk_i_user_id' => $user['pk_i_id']), array('pk_i_id' => $id)); } $result = Alerts::newInstance()->activate($id); } } if ($result == 1) { osc_add_flash_ok_message(_m('Alert activated')); } else { osc_add_flash_error_message(_m('Oops! There was a problem trying to activate your alert. Please contact an administrator')); } $this->redirectTo(osc_base_url()); break; case 'unsub_alert': $email = Params::getParam('email'); $secret = Params::getParam('secret'); $id = Params::getParam('id'); $alert = Alerts::newInstance()->findByPrimaryKey($id); $result = 0; if (!empty($alert)) { if ($email == $alert['s_email'] && $secret == $alert['s_secret']) { $result = Alerts::newInstance()->unsub($id); } } if ($result == 1) { osc_add_flash_ok_message(_m('Unsubscribed correctly')); } else { osc_add_flash_error_message(_m('Oops! There was a problem trying to unsubscribe you. Please contact an administrator')); } $this->redirectTo(osc_base_url()); break; case 'pub_profile': if (Params::getParam('username') != '') { $user = User::newInstance()->findByUsername(Params::getParam('username')); } else { $user = User::newInstance()->findByPrimaryKey(Params::getParam('id')); } // user doesn't exist, show 404 error if (!$user) { $this->do404(); return; } $itemsPerPage = Params::getParam('itemsPerPage') != '' ? Params::getParam('itemsPerPage') : 10; $page = Params::getParam('iPage') > 0 ? Params::getParam('iPage') - 1 : 0; $total_items = Item::newInstance()->countItemTypesByUserID($user['pk_i_id'], 'active'); if ($itemsPerPage == 'all') { $total_pages = 1; $items = Item::newInstance()->findItemTypesByUserID($user['pk_i_id'], 0, null, 'active'); } else { $total_pages = ceil($total_items / $itemsPerPage); $items = Item::newInstance()->findItemTypesByUserID($user['pk_i_id'], $page * $itemsPerPage, $itemsPerPage, 'active'); } View::newInstance()->_exportVariableToView('user', $user); $this->_exportVariableToView('items', $items); $this->_exportVariableToView('search_total_pages', $total_pages); $this->_exportVariableToView('search_total_items', $total_items); $this->_exportVariableToView('items_per_page', $itemsPerPage); $this->_exportVariableToView('search_page', $page); $this->_exportVariableToView('canonical', osc_user_public_profile_url()); $this->doView('user-public-profile.php'); break; case 'contact_post': $user = User::newInstance()->findByPrimaryKey(Params::getParam('id')); View::newInstance()->_exportVariableToView('user', $user); if (osc_recaptcha_private_key() != '') { if (!osc_check_recaptcha()) { osc_add_flash_error_message(_m('The Recaptcha code is wrong')); Session::newInstance()->_setForm("yourEmail", Params::getParam('yourEmail')); Session::newInstance()->_setForm("yourName", Params::getParam('yourName')); Session::newInstance()->_setForm("phoneNumber", Params::getParam('phoneNumber')); Session::newInstance()->_setForm("message_body", Params::getParam('message')); $this->redirectTo(osc_user_public_profile_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } $banned = osc_is_banned(Params::getParam('yourEmail')); if ($banned == 1) { osc_add_flash_error_message(_m('Your current email is not allowed')); $this->redirectTo(osc_user_public_profile_url()); } else { if ($banned == 2) { osc_add_flash_error_message(_m('Your current IP is not allowed')); $this->redirectTo(osc_user_public_profile_url()); } } osc_run_hook('hook_email_contact_user', Params::getParam('id'), Params::getParam('yourEmail'), Params::getParam('yourName'), Params::getParam('phoneNumber'), Params::getParam('message')); osc_add_flash_ok_message(_m('Your email has been sent properly.')); $this->redirectTo(osc_user_public_profile_url()); break; default: $this->redirectTo(osc_user_login_url()); break; } }
function showAuthFailPage() { $this->redirectTo(osc_user_login_url()); }
function doModel() { //calling the view... $locales = OSCLocale::newInstance()->listAllEnabled(); $this->_exportVariableToView('locales', $locales); switch ($this->action) { case 'item_add': // post if (!osc_users_enabled()) { osc_add_flash_message(_m('Users not enabled')); $this->redirectTo(osc_base_url(true)); } if (osc_reg_user_post() && $this->user == null) { // CHANGEME: This text osc_add_flash_message(_m('Only registered users are allowed to post items')); $this->redirectTo(osc_user_login_url()); } $countries = Country::newInstance()->listAll(); $regions = array(); if (isset($this->user['fk_c_country_code']) && $this->user['fk_c_country_code'] != '') { $regions = Region::newInstance()->getByCountry($this->user['fk_c_country_code']); } else { if (count($countries) > 0) { $regions = Region::newInstance()->getByCountry($countries[0]['pk_c_code']); } } $cities = array(); if (isset($this->user['fk_i_region_id']) && $this->user['fk_i_region_id'] != '') { $cities = City::newInstance()->listWhere("fk_i_region_id = %d", $this->user['fk_i_region_id']); } else { if (count($regions) > 0) { $cities = City::newInstance()->listWhere("fk_i_region_id = %d", $regions[0]['pk_i_id']); } } $this->_exportVariableToView('countries', $countries); $this->_exportVariableToView('regions', $regions); $this->_exportVariableToView('cities', $cities); $this->_exportVariableToView('user', $this->user); osc_run_hook('post_item'); $this->doView('item-post.php'); break; case 'item_add_post': //post_item if (!osc_users_enabled()) { osc_add_flash_message(_m('Users not allowed')); $this->redirectTo(osc_base_url(true)); } if (osc_reg_user_post() && $this->user == null) { osc_add_flash_message(_m('Only registered users are allowed to post items')); $this->redirectTo(osc_base_url(true)); } // POST ITEM ( ADD ITEM ) $mItems = new ItemActions(false); $success = $mItems->add(); if ($success) { $PcontactName = Params::getParam('contactName'); $PcontactEmail = Params::getParam('contactEmail'); $itemId = Params::getParam('itemId'); $item = array(); if (Session::newInstance()->_get('userId') == '') { $mPages = new Page(); $aPage = $mPages->findByInternalName('email_new_item_non_register_user'); $locale = osc_current_user_locale(); $content = array(); if (isset($aPage['locale'][$locale]['s_title'])) { $content = $aPage['locale'][$locale]; } else { $content = current($aPage['locale']); } $item = $this->itemManager->findByPrimaryKey($itemId); $item_url = osc_item_url(); // before page = user , action = item_edit $edit_url = osc_item_edit_url($item['s_secret'], $itemId); // before page = user , action = item_delete $delete_url = osc_item_delete_url($item['s_secret'], $itemId); $words = array(); $words[] = array('{ITEM_ID}', '{USER_NAME}', '{USER_EMAIL}', '{WEB_URL}', '{ITEM_TITLE}', '{ITEM_URL}', '{WEB_TITLE}', '{EDIT_LINK}', '{EDIT_URL}', '{DELETE_LINK}', '{DELETE_URL}'); $words[] = array($itemId, $PcontactName, $PcontactEmail, osc_base_url(), $item['s_title'], $item_url, osc_page_title(), '<a href="' . $edit_url . '">' . $edit_url . '</a>', $edit_url, '<a href="' . $delete_url . '">' . $delete_url . '</a>', $delete_url); $title = osc_mailBeauty($content['s_title'], $words); $body = osc_mailBeauty($content['s_text'], $words); $emailParams = array('subject' => $title, 'to' => $PcontactEmail, 'to_name' => $PcontactName, 'body' => $body, 'alt_body' => $body); osc_sendMail($emailParams); } osc_run_hook('posted_item', $item); $category = Category::newInstance()->findByPrimaryKey(Params::getParam('catId')); View::newInstance()->_exportVariableToView('category', $category); $this->redirectTo(osc_search_category_url()); } else { $this->redirectTo(osc_item_post_url()); } break; case 'item_edit': $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId); if (count($item) == 1) { $item = Item::newInstance()->findByPrimaryKey($id); $categories = Category::newInstance()->toTree(); $countries = Country::newInstance()->listAll(); $regions = array(); if (isset($this->user['fk_c_country_code']) && $this->user['fk_c_country_code'] != '') { $regions = Region::newInstance()->getByCountry($this->user['fk_c_country_code']); } else { if (count($countries) > 0) { $regions = Region::newInstance()->getByCountry($countries[0]['pk_c_code']); } } $cities = array(); if (isset($this->user['fk_i_region_id']) && $this->user['fk_i_region_id'] != '') { $cities = City::newInstance()->listWhere("fk_i_region_id = %d", $this->user['fk_i_region_id']); } else { if (count($regions) > 0) { $cities = City::newInstance()->listWhere("fk_i_region_id = %d", $regions[0]['pk_i_id']); } } $currencies = Currency::newInstance()->listAll(); $this->_exportVariableToView('item', $item); //$this->_exportVariableToView('user', $this->user) ; $this->doView('item-edit.php'); } else { // add a flash message [ITEM NO EXISTE] //$this->redirectTo(osc_base_url(true)); osc_add_flash_message(_m('Sorry, we don\'t have any items with that ID')); if ($this->user != null) { $this->redirectTo(osc_user_list_items_url()); } else { $this->redirectTo(osc_base_url()); } } break; case 'item_edit_post': // recoger el secret y el $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId); if (count($item) == 1) { $this->_exportVariableToView('item', $item[0]); $mItems = new ItemActions(false); $success = $mItems->edit(); if ($success) { osc_add_flash_message(_m('Great! We\'ve just updated your item')); $this->redirectTo(osc_base_url(true) . "?page=item&id={$id}"); } else { $this->redirectTo(osc_item_edit_url($secret)); } } break; case 'activate': $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId); View::newInstance()->_exportVariableToView('item', $item[0]); if ($item[0]['e_status'] == 'INACTIVE') { // ACTIVETE ITEM $mItems = new ItemActions(false); $success = $mItems->activate($item[0]['pk_i_id'], $item[0]['s_secret']); if ($success) { osc_add_flash_message(_m('The item has been validated')); } else { osc_add_flash_message(_m('The item can\'t be validated')); } } else { osc_add_flash_message(_m('The item has already been validated')); } $this->redirectTo(osc_item_url()); break; case 'item_delete': $secret = Params::getParam('secret'); $id = Params::getParam('id'); $item = $this->itemManager->listWhere("i.pk_i_id = '%s' AND ((i.s_secret = '%s' AND i.fk_i_user_id IS NULL) OR (i.fk_i_user_id = '%d'))", $id, $secret, $this->userId); if (count($item) == 1) { $mItems = new ItemActions(false); $success = $mItems->delete($item[0]['s_secret'], $item[0]['pk_i_id']); if ($success) { osc_add_flash_message(_m('Your item has been deleted')); } else { osc_add_flash_message(_m('The item you are trying to delete couldn\'t be deleted')); } if ($this->user != null) { $this->redirectTo(osc_user_list_items_url()); } else { $this->redirectTo(osc_base_url()); } } else { osc_add_flash_message(_m('The item you are trying to delete couldn\'t be deleted')); $this->redirectTo(osc_base_url()); } break; case 'deleteResource': $id = Params::getParam('id'); $item = Params::getParam('item'); $code = Params::getParam('code'); $secret = Params::getParam('secret'); // Check for required fields if (!(is_numeric($id) && is_numeric($item) && preg_match('/^([a-z0-9]+)$/i', $code))) { osc_add_flash_message(_m("The selected photo couldn't be deleted, the url doesn't exist")); if ($this->userId == null) { $this->redirectTo(osc_base_url()); } else { $this->redirectTo(osc_user_dashboard_url()); } } $aItem = $this->itemManager->findByPrimaryKey($item); // Check if the item exists if (count($aItem) == 0) { osc_add_flash_message(_m('The item doesn\'t exist')); $this->redirectTo(osc_base_url()); } // Check if the item belong to the user if ($this->userId != null && $this->userId != $aItem['fk_i_user_id']) { osc_add_flash_message(_m('The item doesn\'t belong to you')); $this->redirectTo(osc_item_url_ns($item)); } // Check if the secret passphrase match with the item if ($this->userId == null && $secret != $aItem['s_secret']) { osc_add_flash_message(_m('The item doesn\'t belong to you')); $this->redirectTo(osc_item_url_ns($item)); } // Does id & code combination exist? $result = ItemResource::newInstance()->getResourceSecure($id, $code); if ($result > 0) { // Delete: file, db table entry osc_deleteResource($id); ItemResource::newInstance()->delete(array('pk_i_id' => $id, 'fk_i_item_id' => $item, 's_name' => $code)); osc_add_flash_message(_m('The selected photo has been successfully deleted')); } else { osc_add_flash_message(_m("The selected photo couldn't be deleted")); } // Redirect to item_edit. If unregistered user, include $secret. $this->redirectTo(osc_item_edit_url($secret, $item)); break; case 'mark': $mItem = new ItemActions(false); $id = Params::getParam('id'); $as = Params::getParam('as'); $item = Item::newInstance()->findByPrimaryKey($id); View::newInstance()->_exportVariableToView('item', $item); $mItem->mark($id, $as); osc_add_flash_message(_m('Thanks! That\'s very helpful')); $this->redirectTo(osc_item_url()); break; case 'send_friend': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); $this->doView('item-send-friend.php'); break; case 'send_friend_post': $mItem = new ItemActions(false); $mItem->send_friend(); $item_url = Params::getParam('item_url'); $this->redirectTo($item_url); break; case 'contact': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $category = Category::newInstance()->findByPrimaryKey($item['fk_i_category_id']); if ($category['i_expiration_days'] > 0) { $item_date = strtotime($item['dt_pub_date']) + $category['i_expiration_days'] * (24 * 3600); $date = time(); if ($item_date < $date) { // The item is expired, we can not contact the seller osc_add_flash_message(_m('We\'re sorry, but the item has expired. You can\'t contact the seller')); $this->redirectTo(osc_create_item_url($item)); } } $this->_exportVariableToView('item', $item); $this->doView('item-contact.php'); break; case 'contact_post': $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); $this->_exportVariableToView('item', $item); if (osc_recaptcha_private_key() != '' && Params::existParam("recaptcha_challenge_field")) { if (!osc_check_recaptcha()) { osc_add_flash_message(_m('The Recaptcha code is wrong')); $this->redirectTo(osc_item_url()); return false; // BREAK THE PROCESS, THE RECAPTCHA IS WRONG } } $category = Category::newInstance()->findByPrimaryKey($item['fk_i_category_id']); if ($category['i_expiration_days'] > 0) { $item_date = strtotime($item['dt_pub_date']) + $category['i_expiration_days'] * (24 * 3600); $date = time(); if ($item_date < $date) { // The item is expired, we can not contact the seller osc_add_flash_message(_m('We\'re sorry, but the item has expired. You can\'t contact the seller')); $this->redirectTo(osc_item_url()); } } $mItem = new ItemActions(false); $mItem->contact(); osc_add_flash_message(_m('We\'ve just sent an e-mail to the seller')); $this->redirectTo(osc_item_url()); break; case 'add_comment': $mItem = new ItemActions(false); $status = $mItem->add_comment(); switch ($status) { case -1: $msg = _m('Sorry, we could not save your comment. Try again later'); break; case 1: $msg = _m('Your comment is awaiting moderation'); break; case 2: $msg = _m('Your comment has been approved'); break; case 3: $msg = _m('Please fill the required fields (name, email)'); break; case 4: $msg = _m('Please type a comment'); break; case 5: $msg = _m('Your comment has been marked as spam'); break; } osc_add_flash_message($msg); $this->redirectTo(Params::getParam('itemURL')); break; case 'delete_comment': $mItem = new ItemActions(false); $status = $mItem->add_comment(); $itemId = Params::getParam('id'); $commentId = Params::getParam('comment'); $item = Item::newInstance()->findByPrimaryKey($itemId); if (count($item) == 0) { osc_add_flash_message(_m('This item doesn\'t exist')); $this->redirectTo(osc_base_url(true)); } View::newInstance()->_exportVariableToView('item', $item); if ($this->userId == null) { osc_add_flash_message(_m('You have to be logged to delete a comment')); $this->redirectTo(osc_item_url()); } $commentManager = ItemComment::newInstance(); $aComment = $commentManager->findByPrimaryKey($commentId); if (count($aComment) == 0) { osc_add_flash_message(_m('The comment doesn\'t exist')); $this->redirectTo(osc_item_url()); } if ($aComment['e_status'] != 'ACTIVE') { osc_add_flash_message(_m('The comment is not active, you cannot delete it')); $this->redirectTo(osc_item_url()); } if ($aComment['fk_i_user_id'] != $this->userId) { osc_add_flash_message(_m('You cannot delete the comment')); $this->redirectTo(osc_item_url()); } $commentManager->deleteByPrimaryKey($commentId); osc_add_flash_message(_m('The comment has been deleted correctly')); $this->redirectTo(osc_item_url()); break; default: if (Params::getParam('id') == '') { $this->redirectTo(osc_base_url()); } if (Params::getParam('lang') != '') { Session::newInstance()->_set('userLocale', Params::getParam('lang')); } $item = $this->itemManager->findByPrimaryKey(Params::getParam('id')); // if item doesn't exist redirect to base url if (count($item) == 0) { osc_add_flash_message(_m('This item doesn\'t exist')); $this->redirectTo(osc_base_url(true)); } else { if ($item['e_status'] != 'ACTIVE') { if ($this->userId == $item['fk_i_user_id']) { osc_add_flash_message(_m('The item hasn\'t been validated. Please validate it in order to show it to the rest of users')); } else { osc_add_flash_message(_m('This item hasn\'t been validated')); $this->redirectTo(osc_base_url(true)); } } $mStats = new ItemStats(); $mStats->increase('i_num_views', $item['pk_i_id']); foreach ($item['locale'] as $k => $v) { $item['locale'][$k]['s_title'] = osc_apply_filter('item_title', $v['s_title']); $item['locale'][$k]['s_description'] = nl2br(osc_apply_filter('item_description', $v['s_description'])); } $this->_exportVariableToView('items', array($item)); osc_run_hook('show_item', $item); $this->doView('item.php'); } break; case 'dashboard': //dashboard... break; } }
function osclass_pm_link($class = '') { if (osc_is_ad_page() && osc_is_web_user_logged_in() && osc_item_user_id() != '') { $user = User::newInstance()->findByPrimaryKey(osc_item_user_id()); echo '<a class="' . $class . '" href="' . osc_base_url(true) . '?page=custom&file=osclass_pm/user-send.php&userId=' . osc_item_user_id() . '&itemId=' . osc_item_id() . '&mType=new">Postavi pitanje prodavcu </a>'; } elseif (osc_is_ad_page() && !osc_is_web_user_logged_in()) { $user = User::newInstance()->findByPrimaryKey(osc_item_user_id()); echo '<a class="' . $class . '" href="' . osc_user_login_url() . '&http_referer=' . osc_base_url(true) . '?page=custom&file=osclass_pm/user-send.php&userId=' . osc_item_user_id() . '&itemId=' . osc_item_id() . '&mType=new">' . __('Login to contact seller.', 'osclass_pm') . '</a>'; } }
function anr_user_login_check() { if ('1' != anr_get_option('login')) { return; } if (!anr_verify_captcha()) { $error_message = trim(osc_get_preference('error_message', 'plugin-anr_nocaptcha')); osc_add_flash_error_message($error_message); osc_redirect_to(osc_user_login_url()); } }